From 74664626283603849f4acbd49e8c8288c08cff4d Mon Sep 17 00:00:00 2001 From: Kris Kennaway Date: Mon, 10 Jan 2000 06:22:05 +0000 Subject: [PATCH] Initial import of OpenSSL 0.9.4, sans IDEA and RSA code for patent infringement reasons. --- crypto/openssl/CHANGES | 1624 ++++ crypto/openssl/CHANGES.SSLeay | 968 +++ crypto/openssl/Configure | 869 ++ crypto/openssl/INSTALL | 387 + crypto/openssl/LICENSE | 127 + crypto/openssl/Makefile.org | 351 + crypto/openssl/Makefile.ssl | 351 + crypto/openssl/NEWS | 65 + crypto/openssl/README | 205 + crypto/openssl/apps/CA.pl | 153 + crypto/openssl/apps/CA.sh | 132 + crypto/openssl/apps/Makefile.ssl | 727 ++ crypto/openssl/apps/apps.c | 326 + crypto/openssl/apps/apps.h | 141 + crypto/openssl/apps/asn1pars.c | 309 + crypto/openssl/apps/ca-cert.srl | 1 + crypto/openssl/apps/ca-key.pem | 15 + crypto/openssl/apps/ca-req.pem | 11 + crypto/openssl/apps/ca.c | 2232 ++++++ crypto/openssl/apps/cert.pem | 11 + crypto/openssl/apps/ciphers.c | 194 + crypto/openssl/apps/client.pem | 24 + crypto/openssl/apps/crl.c | 299 + crypto/openssl/apps/crl2p7.c | 333 + crypto/openssl/apps/demoCA/cacert.pem | 14 + crypto/openssl/apps/demoCA/index.txt | 39 + crypto/openssl/apps/demoCA/private/cakey.pem | 24 + crypto/openssl/apps/demoCA/serial | 1 + crypto/openssl/apps/der_chop | 305 + crypto/openssl/apps/der_chop.in | 305 + crypto/openssl/apps/dgst.c | 219 + crypto/openssl/apps/dh.c | 312 + crypto/openssl/apps/dh1024.pem | 5 + crypto/openssl/apps/dsa-ca.pem | 40 + crypto/openssl/apps/dsa-pca.pem | 46 + crypto/openssl/apps/dsa.c | 256 + crypto/openssl/apps/dsa1024.pem | 9 + crypto/openssl/apps/dsa512.pem | 6 + crypto/openssl/apps/dsap.pem | 6 + crypto/openssl/apps/dsaparam.c | 353 + crypto/openssl/apps/eay.c | 131 + crypto/openssl/apps/enc.c | 551 ++ crypto/openssl/apps/errstr.c | 114 + crypto/openssl/apps/gendh.c | 223 + crypto/openssl/apps/gendsa.c | 232 + crypto/openssl/apps/genrsa.c | 266 + crypto/openssl/apps/nseq.c | 174 + crypto/openssl/apps/oid.cnf | 6 + crypto/openssl/apps/openssl.c | 373 + crypto/openssl/apps/openssl.cnf | 214 + crypto/openssl/apps/pca-cert.srl | 1 + crypto/openssl/apps/pca-key.pem | 15 + crypto/openssl/apps/pca-req.pem | 11 + crypto/openssl/apps/pem_mail.c | 170 + crypto/openssl/apps/pkcs12.c | 703 ++ crypto/openssl/apps/pkcs7.c | 313 + crypto/openssl/apps/pkcs8.c | 274 + crypto/openssl/apps/privkey.pem | 18 + crypto/openssl/apps/progs.h | 233 + crypto/openssl/apps/progs.pl | 77 + crypto/openssl/apps/req.c | 1197 +++ crypto/openssl/apps/req.pem | 11 + crypto/openssl/apps/rsa.c | 333 + crypto/openssl/apps/rsa/01.pem | 15 + crypto/openssl/apps/rsa/1.txt | 50 + crypto/openssl/apps/rsa/SecureServer.pem | 47 + crypto/openssl/apps/rsa/s.txt | 49 + crypto/openssl/apps/rsa8192.pem | 101 + crypto/openssl/apps/s1024key.pem | 15 + crypto/openssl/apps/s1024req.pem | 11 + crypto/openssl/apps/s512-key.pem | 9 + crypto/openssl/apps/s512-req.pem | 8 + crypto/openssl/apps/s_apps.h | 120 + crypto/openssl/apps/s_cb.c | 238 + crypto/openssl/apps/s_client.c | 840 ++ crypto/openssl/apps/s_server.c | 1464 ++++ crypto/openssl/apps/s_socket.c | 674 ++ crypto/openssl/apps/s_time.c | 694 ++ crypto/openssl/apps/server.pem | 369 + crypto/openssl/apps/server.srl | 1 + crypto/openssl/apps/server2.pem | 376 + crypto/openssl/apps/sess_id.c | 308 + crypto/openssl/apps/set/set-g-ca.pem | 21 + crypto/openssl/apps/set/set-m-ca.pem | 21 + crypto/openssl/apps/set/set_b_ca.pem | 23 + crypto/openssl/apps/set/set_c_ca.pem | 21 + crypto/openssl/apps/set/set_d_ct.pem | 21 + crypto/openssl/apps/set/set_root.pem | 21 + crypto/openssl/apps/speed.c | 1205 +++ crypto/openssl/apps/testCA.pem | 8 + crypto/openssl/apps/testdsa.h | 148 + crypto/openssl/apps/testrsa.h | 517 ++ crypto/openssl/apps/tkca | 66 + crypto/openssl/apps/verify.c | 229 + crypto/openssl/apps/version.c | 130 + crypto/openssl/apps/x509.c | 1086 +++ crypto/openssl/bugs/MS | 7 + crypto/openssl/bugs/SSLv3 | 41 + crypto/openssl/bugs/VC16.bug | 18 + crypto/openssl/bugs/alpha.c | 91 + crypto/openssl/bugs/dggccbug.c | 45 + crypto/openssl/bugs/sgiccbug.c | 57 + crypto/openssl/bugs/sslref.dif | 26 + crypto/openssl/bugs/stream.c | 131 + crypto/openssl/bugs/ultrixcc.c | 45 + crypto/openssl/certs/ICE-CA.pem | 59 + crypto/openssl/certs/ICE-root.pem | 48 + crypto/openssl/certs/ICE-user.pem | 63 + crypto/openssl/certs/ICE.crl | 9 + crypto/openssl/certs/ca-cert.pem | 31 + crypto/openssl/certs/dsa-ca.pem | 43 + crypto/openssl/certs/dsa-pca.pem | 49 + crypto/openssl/certs/expired/ICE-CA.pem | 59 + crypto/openssl/certs/expired/ICE-root.pem | 48 + crypto/openssl/certs/expired/ICE-user.pem | 63 + crypto/openssl/certs/expired/ICE.crl | 9 + crypto/openssl/certs/factory.pem | 15 + crypto/openssl/certs/nortelCA.pem | 16 + crypto/openssl/certs/pca-cert.pem | 31 + crypto/openssl/certs/rsa-cca.pem | 19 + crypto/openssl/certs/rsa-ssca.pem | 19 + crypto/openssl/certs/thawteCb.pem | 19 + crypto/openssl/certs/thawteCp.pem | 19 + crypto/openssl/certs/timCA.pem | 16 + crypto/openssl/certs/tjhCA.pem | 15 + crypto/openssl/certs/vsign1.pem | 17 + crypto/openssl/certs/vsign2.pem | 18 + crypto/openssl/certs/vsign3.pem | 18 + crypto/openssl/certs/vsignss.pem | 17 + crypto/openssl/certs/vsigntca.pem | 18 + crypto/openssl/config | 506 ++ crypto/openssl/crypto/Makefile.ssl | 179 + crypto/openssl/crypto/asn1/Makefile.ssl | 1090 +++ crypto/openssl/crypto/asn1/a_bitstr.c | 222 + crypto/openssl/crypto/asn1/a_bmp.c | 83 + crypto/openssl/crypto/asn1/a_bool.c | 112 + crypto/openssl/crypto/asn1/a_bytes.c | 322 + crypto/openssl/crypto/asn1/a_d2i_fp.c | 195 + crypto/openssl/crypto/asn1/a_digest.c | 87 + crypto/openssl/crypto/asn1/a_dup.c | 83 + crypto/openssl/crypto/asn1/a_enum.c | 326 + crypto/openssl/crypto/asn1/a_gentm.c | 224 + crypto/openssl/crypto/asn1/a_hdr.c | 119 + crypto/openssl/crypto/asn1/a_i2d_fp.c | 113 + crypto/openssl/crypto/asn1/a_int.c | 416 + crypto/openssl/crypto/asn1/a_meth.c | 84 + crypto/openssl/crypto/asn1/a_object.c | 304 + crypto/openssl/crypto/asn1/a_octet.c | 83 + crypto/openssl/crypto/asn1/a_print.c | 165 + crypto/openssl/crypto/asn1/a_set.c | 217 + crypto/openssl/crypto/asn1/a_sign.c | 145 + crypto/openssl/crypto/asn1/a_time.c | 123 + crypto/openssl/crypto/asn1/a_type.c | 348 + crypto/openssl/crypto/asn1/a_utctm.c | 260 + crypto/openssl/crypto/asn1/a_utf8.c | 83 + crypto/openssl/crypto/asn1/a_verify.c | 116 + crypto/openssl/crypto/asn1/a_vis.c | 83 + crypto/openssl/crypto/asn1/asn1.h | 945 +++ crypto/openssl/crypto/asn1/asn1_err.c | 331 + crypto/openssl/crypto/asn1/asn1_lib.c | 413 + crypto/openssl/crypto/asn1/asn1_mac.h | 546 ++ crypto/openssl/crypto/asn1/asn1_par.c | 411 + crypto/openssl/crypto/asn1/asn_pack.c | 145 + crypto/openssl/crypto/asn1/d2i_dhp.c | 101 + crypto/openssl/crypto/asn1/d2i_dsap.c | 98 + crypto/openssl/crypto/asn1/d2i_pr.c | 114 + crypto/openssl/crypto/asn1/d2i_pu.c | 114 + crypto/openssl/crypto/asn1/d2i_r_pr.c | 121 + crypto/openssl/crypto/asn1/d2i_r_pu.c | 97 + crypto/openssl/crypto/asn1/d2i_s_pr.c | 105 + crypto/openssl/crypto/asn1/d2i_s_pu.c | 121 + crypto/openssl/crypto/asn1/evp_asn1.c | 185 + crypto/openssl/crypto/asn1/f.c | 80 + crypto/openssl/crypto/asn1/f_enum.c | 207 + crypto/openssl/crypto/asn1/f_int.c | 214 + crypto/openssl/crypto/asn1/f_string.c | 212 + crypto/openssl/crypto/asn1/i2d_dhp.c | 128 + crypto/openssl/crypto/asn1/i2d_dsap.c | 117 + crypto/openssl/crypto/asn1/i2d_pr.c | 84 + crypto/openssl/crypto/asn1/i2d_pu.c | 82 + crypto/openssl/crypto/asn1/i2d_r_pr.c | 127 + crypto/openssl/crypto/asn1/i2d_r_pu.c | 112 + crypto/openssl/crypto/asn1/i2d_s_pr.c | 123 + crypto/openssl/crypto/asn1/i2d_s_pu.c | 129 + crypto/openssl/crypto/asn1/n_pkey.c | 341 + crypto/openssl/crypto/asn1/nsseq.c | 118 + crypto/openssl/crypto/asn1/p5_pbe.c | 156 + crypto/openssl/crypto/asn1/p5_pbev2.c | 274 + crypto/openssl/crypto/asn1/p7_dgst.c | 121 + crypto/openssl/crypto/asn1/p7_enc.c | 111 + crypto/openssl/crypto/asn1/p7_enc_c.c | 119 + crypto/openssl/crypto/asn1/p7_evp.c | 119 + crypto/openssl/crypto/asn1/p7_i_s.c | 111 + crypto/openssl/crypto/asn1/p7_lib.c | 295 + crypto/openssl/crypto/asn1/p7_recip.c | 125 + crypto/openssl/crypto/asn1/p7_s_e.c | 145 + crypto/openssl/crypto/asn1/p7_signd.c | 135 + crypto/openssl/crypto/asn1/p7_signi.c | 150 + crypto/openssl/crypto/asn1/p8_pkey.c | 129 + crypto/openssl/crypto/asn1/pkcs8.c | 131 + crypto/openssl/crypto/asn1/t_crl.c | 166 + crypto/openssl/crypto/asn1/t_pkey.c | 361 + crypto/openssl/crypto/asn1/t_req.c | 226 + crypto/openssl/crypto/asn1/t_x509.c | 412 + crypto/openssl/crypto/asn1/x_algor.c | 118 + crypto/openssl/crypto/asn1/x_attrib.c | 165 + crypto/openssl/crypto/asn1/x_cinf.c | 201 + crypto/openssl/crypto/asn1/x_crl.c | 350 + crypto/openssl/crypto/asn1/x_exten.c | 148 + crypto/openssl/crypto/asn1/x_info.c | 113 + crypto/openssl/crypto/asn1/x_name.c | 279 + crypto/openssl/crypto/asn1/x_pkey.c | 151 + crypto/openssl/crypto/asn1/x_pubkey.c | 254 + crypto/openssl/crypto/asn1/x_req.c | 236 + crypto/openssl/crypto/asn1/x_sig.c | 110 + crypto/openssl/crypto/asn1/x_spki.c | 166 + crypto/openssl/crypto/asn1/x_val.c | 109 + crypto/openssl/crypto/asn1/x_x509.c | 151 + crypto/openssl/crypto/bf/COPYRIGHT | 46 + crypto/openssl/crypto/bf/INSTALL | 14 + crypto/openssl/crypto/bf/Makefile.ssl | 116 + crypto/openssl/crypto/bf/Makefile.uni | 157 + crypto/openssl/crypto/bf/README | 8 + crypto/openssl/crypto/bf/VERSION | 6 + crypto/openssl/crypto/bf/asm/bf-586.pl | 136 + crypto/openssl/crypto/bf/asm/bf-686.pl | 127 + crypto/openssl/crypto/bf/asm/readme | 10 + crypto/openssl/crypto/bf/bf_cbc.c | 143 + crypto/openssl/crypto/bf/bf_cfb64.c | 121 + crypto/openssl/crypto/bf/bf_ecb.c | 96 + crypto/openssl/crypto/bf/bf_enc.c | 304 + crypto/openssl/crypto/bf/bf_locl.h | 219 + crypto/openssl/crypto/bf/bf_ofb64.c | 110 + crypto/openssl/crypto/bf/bf_opts.c | 328 + crypto/openssl/crypto/bf/bf_pi.h | 325 + crypto/openssl/crypto/bf/bf_skey.c | 116 + crypto/openssl/crypto/bf/bfs.cpp | 67 + crypto/openssl/crypto/bf/bfspeed.c | 274 + crypto/openssl/crypto/bf/bftest.c | 533 ++ crypto/openssl/crypto/bf/blowfish.h | 123 + crypto/openssl/crypto/bio/Makefile.ssl | 210 + crypto/openssl/crypto/bio/b_dump.c | 128 + crypto/openssl/crypto/bio/b_print.c | 87 + crypto/openssl/crypto/bio/b_sock.c | 703 ++ crypto/openssl/crypto/bio/bf_buff.c | 485 ++ crypto/openssl/crypto/bio/bf_nbio.c | 240 + crypto/openssl/crypto/bio/bf_null.c | 168 + crypto/openssl/crypto/bio/bio.h | 643 ++ crypto/openssl/crypto/bio/bio_cb.c | 133 + crypto/openssl/crypto/bio/bio_err.c | 139 + crypto/openssl/crypto/bio/bio_lib.c | 496 ++ crypto/openssl/crypto/bio/bss_acpt.c | 466 ++ crypto/openssl/crypto/bio/bss_bio.c | 588 ++ crypto/openssl/crypto/bio/bss_conn.c | 618 ++ crypto/openssl/crypto/bio/bss_fd.c | 62 + crypto/openssl/crypto/bio/bss_file.c | 309 + crypto/openssl/crypto/bio/bss_log.c | 232 + crypto/openssl/crypto/bio/bss_mem.c | 276 + crypto/openssl/crypto/bio/bss_null.c | 149 + crypto/openssl/crypto/bio/bss_rtcp.c | 293 + crypto/openssl/crypto/bio/bss_sock.c | 423 + crypto/openssl/crypto/bn/Makefile.ssl | 276 + crypto/openssl/crypto/bn/asm/README | 30 + crypto/openssl/crypto/bn/asm/alpha.s | 1898 +++++ crypto/openssl/crypto/bn/asm/alpha.s.works | 533 ++ .../openssl/crypto/bn/asm/alpha.works/add.pl | 119 + .../openssl/crypto/bn/asm/alpha.works/div.pl | 144 + .../openssl/crypto/bn/asm/alpha.works/mul.pl | 116 + .../crypto/bn/asm/alpha.works/mul_add.pl | 120 + .../crypto/bn/asm/alpha.works/mul_c4.pl | 213 + .../crypto/bn/asm/alpha.works/mul_c4.works.pl | 98 + .../crypto/bn/asm/alpha.works/mul_c8.pl | 177 + .../openssl/crypto/bn/asm/alpha.works/sqr.pl | 113 + .../crypto/bn/asm/alpha.works/sqr_c4.pl | 109 + .../crypto/bn/asm/alpha.works/sqr_c8.pl | 132 + .../openssl/crypto/bn/asm/alpha.works/sub.pl | 108 + crypto/openssl/crypto/bn/asm/alpha/add.pl | 118 + crypto/openssl/crypto/bn/asm/alpha/div.pl | 144 + crypto/openssl/crypto/bn/asm/alpha/mul.pl | 104 + crypto/openssl/crypto/bn/asm/alpha/mul_add.pl | 123 + crypto/openssl/crypto/bn/asm/alpha/mul_c4.pl | 215 + .../crypto/bn/asm/alpha/mul_c4.works.pl | 98 + crypto/openssl/crypto/bn/asm/alpha/mul_c8.pl | 177 + crypto/openssl/crypto/bn/asm/alpha/sqr.pl | 113 + crypto/openssl/crypto/bn/asm/alpha/sqr_c4.pl | 109 + crypto/openssl/crypto/bn/asm/alpha/sqr_c8.pl | 132 + crypto/openssl/crypto/bn/asm/alpha/sub.pl | 108 + crypto/openssl/crypto/bn/asm/bn-586.pl | 384 + crypto/openssl/crypto/bn/asm/bn-alpha.pl | 571 ++ crypto/openssl/crypto/bn/asm/ca.pl | 33 + crypto/openssl/crypto/bn/asm/co-586.pl | 286 + crypto/openssl/crypto/bn/asm/co-alpha.pl | 116 + crypto/openssl/crypto/bn/asm/mips1.s | 539 ++ crypto/openssl/crypto/bn/asm/mips3.s | 2138 +++++ crypto/openssl/crypto/bn/asm/pa-risc.s | 710 ++ crypto/openssl/crypto/bn/asm/pa-risc2.s | 416 + crypto/openssl/crypto/bn/asm/r3000.s | 646 ++ crypto/openssl/crypto/bn/asm/sparcv8.S | 1458 ++++ crypto/openssl/crypto/bn/asm/sparcv8plus.S | 1535 ++++ crypto/openssl/crypto/bn/asm/x86.pl | 28 + crypto/openssl/crypto/bn/asm/x86/add.pl | 76 + crypto/openssl/crypto/bn/asm/x86/comba.pl | 277 + crypto/openssl/crypto/bn/asm/x86/div.pl | 15 + crypto/openssl/crypto/bn/asm/x86/f | 3 + crypto/openssl/crypto/bn/asm/x86/mul.pl | 77 + crypto/openssl/crypto/bn/asm/x86/mul_add.pl | 87 + crypto/openssl/crypto/bn/asm/x86/sqr.pl | 60 + crypto/openssl/crypto/bn/asm/x86/sub.pl | 76 + crypto/openssl/crypto/bn/bn.h | 467 ++ crypto/openssl/crypto/bn/bn.mul | 19 + crypto/openssl/crypto/bn/bn_add.c | 307 + crypto/openssl/crypto/bn/bn_asm.c | 802 ++ crypto/openssl/crypto/bn/bn_blind.c | 144 + crypto/openssl/crypto/bn/bn_comba.c | 345 + crypto/openssl/crypto/bn/bn_div.c | 358 + crypto/openssl/crypto/bn/bn_err.c | 116 + crypto/openssl/crypto/bn/bn_exp.c | 549 ++ crypto/openssl/crypto/bn/bn_exp2.c | 195 + crypto/openssl/crypto/bn/bn_gcd.c | 204 + crypto/openssl/crypto/bn/bn_lcl.h | 268 + crypto/openssl/crypto/bn/bn_lib.c | 787 ++ crypto/openssl/crypto/bn/bn_mont.c | 407 + crypto/openssl/crypto/bn/bn_mpi.c | 129 + crypto/openssl/crypto/bn/bn_mul.c | 756 ++ crypto/openssl/crypto/bn/bn_opts.c | 324 + crypto/openssl/crypto/bn/bn_prime.c | 447 ++ crypto/openssl/crypto/bn/bn_prime.h | 325 + crypto/openssl/crypto/bn/bn_prime.pl | 56 + crypto/openssl/crypto/bn/bn_print.c | 323 + crypto/openssl/crypto/bn/bn_rand.c | 117 + crypto/openssl/crypto/bn/bn_recp.c | 227 + crypto/openssl/crypto/bn/bn_shift.c | 200 + crypto/openssl/crypto/bn/bn_sqr.c | 281 + crypto/openssl/crypto/bn/bn_word.c | 194 + crypto/openssl/crypto/bn/bnspeed.c | 231 + crypto/openssl/crypto/bn/bntest.c | 1016 +++ crypto/openssl/crypto/bn/comba.pl | 285 + crypto/openssl/crypto/bn/d.c | 72 + crypto/openssl/crypto/bn/exp.c | 60 + crypto/openssl/crypto/bn/expspeed.c | 213 + crypto/openssl/crypto/bn/exptest.c | 172 + crypto/openssl/crypto/bn/new | 23 + crypto/openssl/crypto/bn/old/b_sqr.c | 199 + crypto/openssl/crypto/bn/old/bn_com.c | 90 + crypto/openssl/crypto/bn/old/bn_high.c | 135 + crypto/openssl/crypto/bn/old/bn_ka.c | 567 ++ crypto/openssl/crypto/bn/old/bn_low.c | 194 + crypto/openssl/crypto/bn/old/bn_m.c | 139 + crypto/openssl/crypto/bn/old/bn_mul.c.works | 219 + crypto/openssl/crypto/bn/old/bn_wmul.c | 173 + crypto/openssl/crypto/bn/old/build | 3 + crypto/openssl/crypto/bn/old/info | 22 + crypto/openssl/crypto/bn/old/test.works | 205 + crypto/openssl/crypto/bn/test.c | 241 + crypto/openssl/crypto/bn/todo | 3 + crypto/openssl/crypto/buffer/Makefile.ssl | 86 + crypto/openssl/crypto/buffer/buf_err.c | 94 + crypto/openssl/crypto/buffer/buffer.c | 144 + crypto/openssl/crypto/buffer/buffer.h | 98 + crypto/openssl/crypto/cast/Makefile.ssl | 124 + crypto/openssl/crypto/cast/Makefile.uni | 124 + crypto/openssl/crypto/cast/asm/cast-586.pl | 176 + crypto/openssl/crypto/cast/asm/readme | 7 + crypto/openssl/crypto/cast/c_cfb64.c | 122 + crypto/openssl/crypto/cast/c_ecb.c | 80 + crypto/openssl/crypto/cast/c_enc.c | 207 + crypto/openssl/crypto/cast/c_ofb64.c | 111 + crypto/openssl/crypto/cast/c_skey.c | 166 + crypto/openssl/crypto/cast/cast.h | 103 + crypto/openssl/crypto/cast/cast_lcl.h | 226 + crypto/openssl/crypto/cast/cast_s.h | 585 ++ crypto/openssl/crypto/cast/cast_spd.c | 275 + crypto/openssl/crypto/cast/castopts.c | 339 + crypto/openssl/crypto/cast/casts.cpp | 70 + crypto/openssl/crypto/cast/casttest.c | 230 + crypto/openssl/crypto/comp/Makefile.ssl | 99 + crypto/openssl/crypto/comp/c_rle.c | 61 + crypto/openssl/crypto/comp/c_zlib.c | 133 + crypto/openssl/crypto/comp/comp.h | 60 + crypto/openssl/crypto/comp/comp_err.c | 91 + crypto/openssl/crypto/comp/comp_lib.c | 78 + crypto/openssl/crypto/conf/Makefile.ssl | 92 + crypto/openssl/crypto/conf/cnf_save.c | 105 + crypto/openssl/crypto/conf/conf.c | 732 ++ crypto/openssl/crypto/conf/conf.h | 114 + crypto/openssl/crypto/conf/conf_err.c | 100 + crypto/openssl/crypto/conf/conf_lcl.h | 116 + crypto/openssl/crypto/conf/keysets.pl | 61 + crypto/openssl/crypto/conf/ssleay.cnf | 78 + crypto/openssl/crypto/conf/test.c | 92 + crypto/openssl/crypto/cpt_err.c | 94 + crypto/openssl/crypto/cryptlib.c | 300 + crypto/openssl/crypto/cryptlib.h | 96 + crypto/openssl/crypto/crypto.h | 335 + crypto/openssl/crypto/cversion.c | 110 + crypto/openssl/crypto/des/COPYRIGHT | 50 + crypto/openssl/crypto/des/DES.pm | 19 + crypto/openssl/crypto/des/DES.pod | 16 + crypto/openssl/crypto/des/DES.xs | 268 + crypto/openssl/crypto/des/FILES | 96 + crypto/openssl/crypto/des/INSTALL | 69 + crypto/openssl/crypto/des/Imakefile | 35 + crypto/openssl/crypto/des/KERBEROS | 41 + crypto/openssl/crypto/des/MODES.DES | 84 + crypto/openssl/crypto/des/Makefile.PL | 14 + crypto/openssl/crypto/des/Makefile.lit | 250 + crypto/openssl/crypto/des/Makefile.ssl | 208 + crypto/openssl/crypto/des/Makefile.uni | 251 + crypto/openssl/crypto/des/PC1 | 28 + crypto/openssl/crypto/des/PC2 | 57 + crypto/openssl/crypto/des/README | 54 + crypto/openssl/crypto/des/VERSION | 412 + crypto/openssl/crypto/des/asm/crypt586.pl | 204 + crypto/openssl/crypto/des/asm/des-586.pl | 253 + crypto/openssl/crypto/des/asm/des686.pl | 230 + crypto/openssl/crypto/des/asm/desboth.pl | 79 + crypto/openssl/crypto/des/asm/readme | 131 + crypto/openssl/crypto/des/cbc3_enc.c | 93 + crypto/openssl/crypto/des/cbc_cksm.c | 97 + crypto/openssl/crypto/des/cbc_enc.c | 61 + crypto/openssl/crypto/des/cfb64ede.c | 141 + crypto/openssl/crypto/des/cfb64enc.c | 121 + crypto/openssl/crypto/des/cfb_enc.c | 165 + crypto/openssl/crypto/des/des.c | 931 +++ crypto/openssl/crypto/des/des.h | 249 + crypto/openssl/crypto/des/des.man | 186 + crypto/openssl/crypto/des/des.pl | 552 ++ crypto/openssl/crypto/des/des3s.cpp | 67 + crypto/openssl/crypto/des/des_crypt.man | 508 ++ crypto/openssl/crypto/des/des_enc.c | 406 + crypto/openssl/crypto/des/des_locl.h | 408 + crypto/openssl/crypto/des/des_opts.c | 604 ++ crypto/openssl/crypto/des/des_ver.h | 61 + crypto/openssl/crypto/des/dess.cpp | 67 + crypto/openssl/crypto/des/destest.c | 923 +++ crypto/openssl/crypto/des/doIP | 46 + crypto/openssl/crypto/des/doPC1 | 110 + crypto/openssl/crypto/des/doPC2 | 94 + crypto/openssl/crypto/des/ecb3_enc.c | 82 + crypto/openssl/crypto/des/ecb_enc.c | 122 + crypto/openssl/crypto/des/ede_cbcm_enc.c | 197 + crypto/openssl/crypto/des/enc_read.c | 228 + crypto/openssl/crypto/des/enc_writ.c | 168 + crypto/openssl/crypto/des/fcrypt.c | 181 + crypto/openssl/crypto/des/fcrypt_b.c | 145 + crypto/openssl/crypto/des/makefile.bc | 50 + crypto/openssl/crypto/des/ncbc_enc.c | 143 + crypto/openssl/crypto/des/ofb64ede.c | 124 + crypto/openssl/crypto/des/ofb64enc.c | 110 + crypto/openssl/crypto/des/ofb_enc.c | 134 + crypto/openssl/crypto/des/options.txt | 39 + crypto/openssl/crypto/des/pcbc_enc.c | 122 + crypto/openssl/crypto/des/podd.h | 75 + crypto/openssl/crypto/des/qud_cksm.c | 140 + crypto/openssl/crypto/des/rand_key.c | 114 + crypto/openssl/crypto/des/read2pwd.c | 84 + crypto/openssl/crypto/des/read_pwd.c | 484 ++ crypto/openssl/crypto/des/rpc_des.h | 131 + crypto/openssl/crypto/des/rpc_enc.c | 98 + crypto/openssl/crypto/des/rpw.c | 99 + crypto/openssl/crypto/des/set_key.c | 234 + crypto/openssl/crypto/des/shifts.pl | 198 + crypto/openssl/crypto/des/sk.h | 204 + crypto/openssl/crypto/des/speed.c | 310 + crypto/openssl/crypto/des/spr.h | 204 + crypto/openssl/crypto/des/str2key.c | 163 + crypto/openssl/crypto/des/supp.c | 107 + crypto/openssl/crypto/des/t/test | 27 + crypto/openssl/crypto/des/testdes.pl | 167 + crypto/openssl/crypto/des/times/486-50.sol | 16 + crypto/openssl/crypto/des/times/586-100.lnx | 20 + crypto/openssl/crypto/des/times/686-200.fre | 18 + crypto/openssl/crypto/des/times/aix.cc | 26 + crypto/openssl/crypto/des/times/alpha.cc | 18 + crypto/openssl/crypto/des/times/hpux.cc | 17 + crypto/openssl/crypto/des/times/sparc.gcc | 17 + crypto/openssl/crypto/des/times/usparc.cc | 31 + crypto/openssl/crypto/des/typemap | 34 + crypto/openssl/crypto/des/xcbc_enc.c | 194 + crypto/openssl/crypto/dh/Makefile.ssl | 108 + crypto/openssl/crypto/dh/dh.h | 158 + crypto/openssl/crypto/dh/dh1024.pem | 5 + crypto/openssl/crypto/dh/dh192.pem | 3 + crypto/openssl/crypto/dh/dh2048.pem | 16 + crypto/openssl/crypto/dh/dh4096.pem | 14 + crypto/openssl/crypto/dh/dh512.pem | 4 + crypto/openssl/crypto/dh/dh_check.c | 118 + crypto/openssl/crypto/dh/dh_err.c | 98 + crypto/openssl/crypto/dh/dh_gen.c | 148 + crypto/openssl/crypto/dh/dh_key.c | 154 + crypto/openssl/crypto/dh/dh_lib.c | 103 + crypto/openssl/crypto/dh/dhtest.c | 188 + crypto/openssl/crypto/dh/example | 50 + crypto/openssl/crypto/dh/generate | 65 + crypto/openssl/crypto/dh/p1024.c | 92 + crypto/openssl/crypto/dh/p192.c | 80 + crypto/openssl/crypto/dh/p512.c | 85 + crypto/openssl/crypto/dsa/Makefile.ssl | 133 + crypto/openssl/crypto/dsa/README | 4 + crypto/openssl/crypto/dsa/dsa.h | 204 + crypto/openssl/crypto/dsa/dsa_asn1.c | 96 + crypto/openssl/crypto/dsa/dsa_err.c | 106 + crypto/openssl/crypto/dsa/dsa_gen.c | 333 + crypto/openssl/crypto/dsa/dsa_key.c | 112 + crypto/openssl/crypto/dsa/dsa_lib.c | 184 + crypto/openssl/crypto/dsa/dsa_sign.c | 211 + crypto/openssl/crypto/dsa/dsa_vrf.c | 160 + crypto/openssl/crypto/dsa/dsagen.c | 111 + crypto/openssl/crypto/dsa/dsatest.c | 220 + crypto/openssl/crypto/dsa/fips186a.txt | 122 + crypto/openssl/crypto/ebcdic.h | 17 + crypto/openssl/crypto/err/Makefile.ssl | 110 + crypto/openssl/crypto/err/err.c | 643 ++ crypto/openssl/crypto/err/err.h | 263 + crypto/openssl/crypto/err/err_all.c | 120 + crypto/openssl/crypto/err/err_prn.c | 105 + crypto/openssl/crypto/err/openssl.ec | 71 + crypto/openssl/crypto/evp/Makefile.ssl | 1099 +++ crypto/openssl/crypto/evp/bio_b64.c | 524 ++ crypto/openssl/crypto/evp/bio_enc.c | 401 + crypto/openssl/crypto/evp/bio_md.c | 244 + crypto/openssl/crypto/evp/bio_ok.c | 552 ++ crypto/openssl/crypto/evp/c_all.c | 193 + crypto/openssl/crypto/evp/digest.c | 92 + crypto/openssl/crypto/evp/e_cbc_3d.c | 151 + crypto/openssl/crypto/evp/e_cbc_bf.c | 106 + crypto/openssl/crypto/evp/e_cbc_c.c | 107 + crypto/openssl/crypto/evp/e_cbc_d.c | 106 + crypto/openssl/crypto/evp/e_cbc_i.c | 119 + crypto/openssl/crypto/evp/e_cbc_r2.c | 216 + crypto/openssl/crypto/evp/e_cbc_r5.c | 108 + crypto/openssl/crypto/evp/e_cfb_3d.c | 155 + crypto/openssl/crypto/evp/e_cfb_bf.c | 108 + crypto/openssl/crypto/evp/e_cfb_c.c | 109 + crypto/openssl/crypto/evp/e_cfb_d.c | 110 + crypto/openssl/crypto/evp/e_cfb_i.c | 109 + crypto/openssl/crypto/evp/e_cfb_r2.c | 110 + crypto/openssl/crypto/evp/e_cfb_r5.c | 110 + crypto/openssl/crypto/evp/e_dsa.c | 71 + crypto/openssl/crypto/evp/e_ecb_3d.c | 158 + crypto/openssl/crypto/evp/e_ecb_bf.c | 109 + crypto/openssl/crypto/evp/e_ecb_c.c | 110 + crypto/openssl/crypto/evp/e_ecb_d.c | 118 + crypto/openssl/crypto/evp/e_ecb_i.c | 121 + crypto/openssl/crypto/evp/e_ecb_r2.c | 111 + crypto/openssl/crypto/evp/e_ecb_r5.c | 111 + crypto/openssl/crypto/evp/e_null.c | 97 + crypto/openssl/crypto/evp/e_ofb_3d.c | 152 + crypto/openssl/crypto/evp/e_ofb_bf.c | 109 + crypto/openssl/crypto/evp/e_ofb_c.c | 110 + crypto/openssl/crypto/evp/e_ofb_d.c | 107 + crypto/openssl/crypto/evp/e_ofb_i.c | 109 + crypto/openssl/crypto/evp/e_ofb_r2.c | 111 + crypto/openssl/crypto/evp/e_ofb_r5.c | 111 + crypto/openssl/crypto/evp/e_rc4.c | 115 + crypto/openssl/crypto/evp/e_xcbc_d.c | 112 + crypto/openssl/crypto/evp/encode.c | 427 + crypto/openssl/crypto/evp/evp.h | 720 ++ crypto/openssl/crypto/evp/evp_enc.c | 270 + crypto/openssl/crypto/evp/evp_err.c | 136 + crypto/openssl/crypto/evp/evp_key.c | 156 + crypto/openssl/crypto/evp/evp_lib.c | 138 + crypto/openssl/crypto/evp/evp_pbe.c | 134 + crypto/openssl/crypto/evp/evp_pkey.c | 298 + crypto/openssl/crypto/evp/m_dss.c | 83 + crypto/openssl/crypto/evp/m_dss1.c | 83 + crypto/openssl/crypto/evp/m_md2.c | 83 + crypto/openssl/crypto/evp/m_md5.c | 83 + crypto/openssl/crypto/evp/m_mdc2.c | 83 + crypto/openssl/crypto/evp/m_null.c | 88 + crypto/openssl/crypto/evp/m_ripemd.c | 84 + crypto/openssl/crypto/evp/m_sha.c | 83 + crypto/openssl/crypto/evp/m_sha1.c | 83 + crypto/openssl/crypto/evp/names.c | 118 + crypto/openssl/crypto/evp/p5_crpt.c | 146 + crypto/openssl/crypto/evp/p5_crpt2.c | 247 + crypto/openssl/crypto/evp/p_dec.c | 87 + crypto/openssl/crypto/evp/p_enc.c | 86 + crypto/openssl/crypto/evp/p_lib.c | 275 + crypto/openssl/crypto/evp/p_open.c | 113 + crypto/openssl/crypto/evp/p_seal.c | 108 + crypto/openssl/crypto/evp/p_sign.c | 112 + crypto/openssl/crypto/evp/p_verify.c | 99 + crypto/openssl/crypto/ex_data.c | 223 + crypto/openssl/crypto/hmac/Makefile.ssl | 94 + crypto/openssl/crypto/hmac/hmac.c | 150 + crypto/openssl/crypto/hmac/hmac.h | 100 + crypto/openssl/crypto/hmac/hmactest.c | 159 + crypto/openssl/crypto/lhash/Makefile.ssl | 88 + crypto/openssl/crypto/lhash/lh_stats.c | 271 + crypto/openssl/crypto/lhash/lh_test.c | 89 + crypto/openssl/crypto/lhash/lhash.c | 476 ++ crypto/openssl/crypto/lhash/lhash.h | 144 + crypto/openssl/crypto/lhash/num.pl | 17 + crypto/openssl/crypto/md2/Makefile.ssl | 88 + crypto/openssl/crypto/md2/md2.c | 124 + crypto/openssl/crypto/md2/md2.h | 91 + crypto/openssl/crypto/md2/md2_dgst.c | 223 + crypto/openssl/crypto/md2/md2_one.c | 93 + crypto/openssl/crypto/md2/md2test.c | 135 + crypto/openssl/crypto/md32_common.h | 594 ++ crypto/openssl/crypto/md5/Makefile.ssl | 126 + crypto/openssl/crypto/md5/Makefile.uni | 110 + crypto/openssl/crypto/md5/asm/md5-586.pl | 306 + crypto/openssl/crypto/md5/asm/md5-sparcv9.S | 1029 +++ crypto/openssl/crypto/md5/md5.c | 127 + crypto/openssl/crypto/md5/md5.h | 114 + crypto/openssl/crypto/md5/md5_dgst.c | 317 + crypto/openssl/crypto/md5/md5_locl.h | 169 + crypto/openssl/crypto/md5/md5_one.c | 95 + crypto/openssl/crypto/md5/md5s.cpp | 78 + crypto/openssl/crypto/md5/md5test.c | 131 + crypto/openssl/crypto/mdc2/Makefile.ssl | 89 + crypto/openssl/crypto/mdc2/mdc2.h | 94 + crypto/openssl/crypto/mdc2/mdc2_one.c | 75 + crypto/openssl/crypto/mdc2/mdc2dgst.c | 195 + crypto/openssl/crypto/mdc2/mdc2test.c | 140 + crypto/openssl/crypto/mem.c | 429 + crypto/openssl/crypto/objects/Makefile.ssl | 109 + crypto/openssl/crypto/objects/o_names.c | 243 + crypto/openssl/crypto/objects/obj_dat.c | 653 ++ crypto/openssl/crypto/objects/obj_dat.pl | 269 + crypto/openssl/crypto/objects/obj_err.c | 98 + crypto/openssl/crypto/objects/obj_lib.c | 126 + crypto/openssl/crypto/objects/objects.h | 968 +++ crypto/openssl/crypto/objects/objects.txt | 40 + crypto/openssl/crypto/opensslconf.h | 142 + crypto/openssl/crypto/opensslconf.h.in | 142 + crypto/openssl/crypto/opensslv.h | 21 + crypto/openssl/crypto/pem/Makefile.ssl | 188 + crypto/openssl/crypto/pem/message | 16 + crypto/openssl/crypto/pem/pem.h | 625 ++ crypto/openssl/crypto/pem/pem2.h | 60 + crypto/openssl/crypto/pem/pem_all.c | 113 + crypto/openssl/crypto/pem/pem_err.c | 127 + crypto/openssl/crypto/pem/pem_info.c | 353 + crypto/openssl/crypto/pem/pem_lib.c | 803 ++ crypto/openssl/crypto/pem/pem_seal.c | 178 + crypto/openssl/crypto/pem/pem_sign.c | 102 + crypto/openssl/crypto/pem/pkcs7.lis | 22 + crypto/openssl/crypto/perlasm/alpha.pl | 434 + crypto/openssl/crypto/perlasm/cbc.pl | 342 + crypto/openssl/crypto/perlasm/readme | 124 + crypto/openssl/crypto/perlasm/x86asm.pl | 116 + crypto/openssl/crypto/perlasm/x86ms.pl | 358 + crypto/openssl/crypto/perlasm/x86nasm.pl | 342 + crypto/openssl/crypto/perlasm/x86unix.pl | 453 ++ crypto/openssl/crypto/pkcs12/Makefile.ssl | 346 + crypto/openssl/crypto/pkcs12/p12_add.c | 214 + crypto/openssl/crypto/pkcs12/p12_attr.c | 238 + crypto/openssl/crypto/pkcs12/p12_bags.c | 192 + crypto/openssl/crypto/pkcs12/p12_crpt.c | 122 + crypto/openssl/crypto/pkcs12/p12_crt.c | 159 + crypto/openssl/crypto/pkcs12/p12_decr.c | 185 + crypto/openssl/crypto/pkcs12/p12_init.c | 98 + crypto/openssl/crypto/pkcs12/p12_key.c | 182 + crypto/openssl/crypto/pkcs12/p12_kiss.c | 238 + crypto/openssl/crypto/pkcs12/p12_lib.c | 111 + crypto/openssl/crypto/pkcs12/p12_mac.c | 110 + crypto/openssl/crypto/pkcs12/p12_mutl.c | 170 + crypto/openssl/crypto/pkcs12/p12_sbag.c | 227 + crypto/openssl/crypto/pkcs12/p12_utl.c | 118 + crypto/openssl/crypto/pkcs12/pk12err.c | 136 + crypto/openssl/crypto/pkcs12/pkcs12.h | 337 + crypto/openssl/crypto/pkcs7/Makefile.ssl | 145 + crypto/openssl/crypto/pkcs7/README | 5 + crypto/openssl/crypto/pkcs7/bio_ber.c | 450 ++ crypto/openssl/crypto/pkcs7/dec.c | 246 + crypto/openssl/crypto/pkcs7/des.pem | 15 + crypto/openssl/crypto/pkcs7/doc | 24 + crypto/openssl/crypto/pkcs7/enc.c | 165 + crypto/openssl/crypto/pkcs7/es1.pem | 66 + crypto/openssl/crypto/pkcs7/example.c | 327 + crypto/openssl/crypto/pkcs7/example.h | 57 + crypto/openssl/crypto/pkcs7/info.pem | 57 + crypto/openssl/crypto/pkcs7/infokey.pem | 9 + crypto/openssl/crypto/pkcs7/p7/a1 | 2 + crypto/openssl/crypto/pkcs7/p7/a2 | 1 + crypto/openssl/crypto/pkcs7/p7/cert.p7c | Bin 0 -> 1728 bytes crypto/openssl/crypto/pkcs7/p7/smime.p7m | Bin 0 -> 4894 bytes crypto/openssl/crypto/pkcs7/p7/smime.p7s | Bin 0 -> 2625 bytes crypto/openssl/crypto/pkcs7/pk7_dgst.c | 66 + crypto/openssl/crypto/pkcs7/pk7_doit.c | 922 +++ crypto/openssl/crypto/pkcs7/pk7_enc.c | 76 + crypto/openssl/crypto/pkcs7/pk7_lib.c | 449 ++ crypto/openssl/crypto/pkcs7/pkcs7.h | 417 + crypto/openssl/crypto/pkcs7/pkcs7err.c | 121 + crypto/openssl/crypto/pkcs7/server.pem | 24 + crypto/openssl/crypto/pkcs7/sign.c | 145 + crypto/openssl/crypto/pkcs7/t/3des.pem | 16 + crypto/openssl/crypto/pkcs7/t/3dess.pem | 32 + crypto/openssl/crypto/pkcs7/t/c.pem | 48 + crypto/openssl/crypto/pkcs7/t/ff | 32 + crypto/openssl/crypto/pkcs7/t/msie-e | 20 + crypto/openssl/crypto/pkcs7/t/msie-e.pem | 22 + crypto/openssl/crypto/pkcs7/t/msie-enc-01 | 62 + crypto/openssl/crypto/pkcs7/t/msie-enc-01.pem | 66 + crypto/openssl/crypto/pkcs7/t/msie-enc-02 | 90 + crypto/openssl/crypto/pkcs7/t/msie-enc-02.pem | 106 + crypto/openssl/crypto/pkcs7/t/msie-s-a-e | 91 + crypto/openssl/crypto/pkcs7/t/msie-s-a-e.pem | 106 + crypto/openssl/crypto/pkcs7/t/nav-smime | 157 + crypto/openssl/crypto/pkcs7/t/s.pem | 57 + crypto/openssl/crypto/pkcs7/t/server.pem | 57 + crypto/openssl/crypto/pkcs7/verify.c | 253 + crypto/openssl/crypto/rand/Makefile.ssl | 87 + crypto/openssl/crypto/rand/md_rand.c | 429 + crypto/openssl/crypto/rand/rand.h | 89 + crypto/openssl/crypto/rand/rand_lib.c | 98 + crypto/openssl/crypto/rand/randfile.c | 179 + crypto/openssl/crypto/rand/randtest.c | 207 + crypto/openssl/crypto/rc2/Makefile.ssl | 90 + crypto/openssl/crypto/rc2/Makefile.uni | 73 + crypto/openssl/crypto/rc2/rc2.h | 99 + crypto/openssl/crypto/rc2/rc2_cbc.c | 226 + crypto/openssl/crypto/rc2/rc2_ecb.c | 88 + crypto/openssl/crypto/rc2/rc2_locl.h | 156 + crypto/openssl/crypto/rc2/rc2_skey.c | 138 + crypto/openssl/crypto/rc2/rc2cfb64.c | 121 + crypto/openssl/crypto/rc2/rc2ofb64.c | 110 + crypto/openssl/crypto/rc2/rc2speed.c | 274 + crypto/openssl/crypto/rc2/rc2test.c | 269 + crypto/openssl/crypto/rc2/rrc2.doc | 219 + crypto/openssl/crypto/rc2/tab.c | 86 + crypto/openssl/crypto/rc2/version | 22 + crypto/openssl/crypto/rc4/Makefile.ssl | 113 + crypto/openssl/crypto/rc4/Makefile.uni | 103 + crypto/openssl/crypto/rc4/asm/rc4-586.pl | 173 + crypto/openssl/crypto/rc4/rc4.c | 192 + crypto/openssl/crypto/rc4/rc4.h | 88 + crypto/openssl/crypto/rc4/rc4_enc.c | 131 + crypto/openssl/crypto/rc4/rc4_locl.h | 4 + crypto/openssl/crypto/rc4/rc4_skey.c | 117 + crypto/openssl/crypto/rc4/rc4s.cpp | 73 + crypto/openssl/crypto/rc4/rc4speed.c | 250 + crypto/openssl/crypto/rc4/rc4test.c | 201 + crypto/openssl/crypto/rc4/rrc4.doc | 278 + crypto/openssl/crypto/rc5/Makefile.ssl | 112 + crypto/openssl/crypto/rc5/Makefile.uni | 73 + crypto/openssl/crypto/rc5/asm/rc5-586.pl | 109 + crypto/openssl/crypto/rc5/rc5.h | 113 + crypto/openssl/crypto/rc5/rc5_ecb.c | 80 + crypto/openssl/crypto/rc5/rc5_enc.c | 214 + crypto/openssl/crypto/rc5/rc5_locl.h | 187 + crypto/openssl/crypto/rc5/rc5_skey.c | 113 + crypto/openssl/crypto/rc5/rc5cfb64.c | 121 + crypto/openssl/crypto/rc5/rc5ofb64.c | 110 + crypto/openssl/crypto/rc5/rc5s.cpp | 70 + crypto/openssl/crypto/rc5/rc5speed.c | 274 + crypto/openssl/crypto/rc5/rc5test.c | 384 + crypto/openssl/crypto/ripemd/Makefile.ssl | 107 + crypto/openssl/crypto/ripemd/Makefile.uni | 109 + crypto/openssl/crypto/ripemd/README | 15 + crypto/openssl/crypto/ripemd/asm/rips.cpp | 78 + crypto/openssl/crypto/ripemd/asm/rmd-586.pl | 582 ++ crypto/openssl/crypto/ripemd/ripemd.h | 94 + crypto/openssl/crypto/ripemd/rmd160.c | 127 + crypto/openssl/crypto/ripemd/rmd_dgst.c | 515 ++ crypto/openssl/crypto/ripemd/rmd_locl.h | 222 + crypto/openssl/crypto/ripemd/rmd_one.c | 75 + crypto/openssl/crypto/ripemd/rmdconst.h | 399 + crypto/openssl/crypto/ripemd/rmdtest.c | 140 + crypto/openssl/crypto/sha/Makefile.ssl | 111 + crypto/openssl/crypto/sha/Makefile.uni | 122 + crypto/openssl/crypto/sha/asm/README | 1 + crypto/openssl/crypto/sha/asm/sha1-586.pl | 491 ++ crypto/openssl/crypto/sha/sha.c | 124 + crypto/openssl/crypto/sha/sha.h | 119 + crypto/openssl/crypto/sha/sha1.c | 127 + crypto/openssl/crypto/sha/sha1_one.c | 76 + crypto/openssl/crypto/sha/sha1dgst.c | 498 ++ crypto/openssl/crypto/sha/sha1s.cpp | 79 + crypto/openssl/crypto/sha/sha1test.c | 168 + crypto/openssl/crypto/sha/sha_dgst.c | 492 ++ crypto/openssl/crypto/sha/sha_locl.h | 288 + crypto/openssl/crypto/sha/sha_one.c | 76 + crypto/openssl/crypto/sha/shatest.c | 168 + crypto/openssl/crypto/stack/Makefile.ssl | 85 + crypto/openssl/crypto/stack/safestack.h | 129 + crypto/openssl/crypto/stack/stack.c | 311 + crypto/openssl/crypto/stack/stack.h | 107 + crypto/openssl/crypto/threads/mttest.c | 1062 +++ crypto/openssl/crypto/threads/th-lock.c | 368 + crypto/openssl/crypto/tmdiff.c | 229 + crypto/openssl/crypto/tmdiff.h | 81 + crypto/openssl/crypto/txt_db/Makefile.ssl | 86 + crypto/openssl/crypto/txt_db/txt_db.c | 383 + crypto/openssl/crypto/txt_db/txt_db.h | 105 + crypto/openssl/crypto/x509/Makefile.ssl | 416 + crypto/openssl/crypto/x509/by_dir.c | 342 + crypto/openssl/crypto/x509/by_file.c | 267 + crypto/openssl/crypto/x509/x509.h | 989 +++ crypto/openssl/crypto/x509/x509_cmp.c | 293 + crypto/openssl/crypto/x509/x509_d2.c | 107 + crypto/openssl/crypto/x509/x509_def.c | 83 + crypto/openssl/crypto/x509/x509_err.c | 134 + crypto/openssl/crypto/x509/x509_ext.c | 174 + crypto/openssl/crypto/x509/x509_lu.c | 411 + crypto/openssl/crypto/x509/x509_obj.c | 223 + crypto/openssl/crypto/x509/x509_r2x.c | 110 + crypto/openssl/crypto/x509/x509_req.c | 115 + crypto/openssl/crypto/x509/x509_set.c | 150 + crypto/openssl/crypto/x509/x509_txt.c | 132 + crypto/openssl/crypto/x509/x509_v3.c | 266 + crypto/openssl/crypto/x509/x509_vfy.c | 639 ++ crypto/openssl/crypto/x509/x509_vfy.h | 346 + crypto/openssl/crypto/x509/x509name.c | 321 + crypto/openssl/crypto/x509/x509rset.c | 83 + crypto/openssl/crypto/x509/x509type.c | 114 + crypto/openssl/crypto/x509/x_all.c | 437 + crypto/openssl/crypto/x509v3/Makefile.ssl | 432 + crypto/openssl/crypto/x509v3/README | 4 + crypto/openssl/crypto/x509v3/v3_akey.c | 249 + crypto/openssl/crypto/x509v3/v3_alt.c | 402 + crypto/openssl/crypto/x509v3/v3_bcons.c | 164 + crypto/openssl/crypto/x509v3/v3_bitst.c | 147 + crypto/openssl/crypto/x509v3/v3_conf.c | 366 + crypto/openssl/crypto/x509v3/v3_cpols.c | 655 ++ crypto/openssl/crypto/x509v3/v3_crld.c | 283 + crypto/openssl/crypto/x509v3/v3_enum.c | 103 + crypto/openssl/crypto/x509v3/v3_extku.c | 150 + crypto/openssl/crypto/x509v3/v3_genn.c | 237 + crypto/openssl/crypto/x509v3/v3_ia5.c | 116 + crypto/openssl/crypto/x509v3/v3_int.c | 79 + crypto/openssl/crypto/x509v3/v3_lib.c | 177 + crypto/openssl/crypto/x509v3/v3_pku.c | 151 + crypto/openssl/crypto/x509v3/v3_prn.c | 135 + crypto/openssl/crypto/x509v3/v3_skey.c | 156 + crypto/openssl/crypto/x509v3/v3_sxnet.c | 340 + crypto/openssl/crypto/x509v3/v3_utl.c | 418 + crypto/openssl/crypto/x509v3/v3conf.c | 128 + crypto/openssl/crypto/x509v3/v3err.c | 171 + crypto/openssl/crypto/x509v3/v3prin.c | 101 + crypto/openssl/crypto/x509v3/x509v3.h | 532 ++ crypto/openssl/demos/README | 9 + crypto/openssl/demos/b64.c | 270 + crypto/openssl/demos/b64.pl | 20 + crypto/openssl/demos/bio/Makefile | 16 + crypto/openssl/demos/bio/README | 3 + crypto/openssl/demos/bio/saccept.c | 107 + crypto/openssl/demos/bio/sconnect.c | 116 + crypto/openssl/demos/bio/server.pem | 30 + crypto/openssl/demos/eay/Makefile | 24 + crypto/openssl/demos/eay/base64.c | 49 + crypto/openssl/demos/eay/conn.c | 105 + crypto/openssl/demos/eay/loadrsa.c | 53 + crypto/openssl/demos/maurice/Makefile | 59 + crypto/openssl/demos/maurice/README | 34 + crypto/openssl/demos/maurice/cert.pem | 77 + crypto/openssl/demos/maurice/example1.c | 200 + crypto/openssl/demos/maurice/example2.c | 75 + crypto/openssl/demos/maurice/example3.c | 85 + crypto/openssl/demos/maurice/example4.c | 123 + crypto/openssl/demos/maurice/loadkeys.c | 77 + crypto/openssl/demos/maurice/loadkeys.h | 19 + crypto/openssl/demos/maurice/privkey.pem | 27 + crypto/openssl/demos/prime/Makefile | 20 + crypto/openssl/demos/prime/prime.c | 101 + crypto/openssl/demos/privkey.pem | 9 + crypto/openssl/demos/selfsign.c | 168 + crypto/openssl/demos/sign/Makefile | 15 + crypto/openssl/demos/sign/cert.pem | 14 + crypto/openssl/demos/sign/key.pem | 9 + crypto/openssl/demos/sign/sig.txt | 158 + crypto/openssl/demos/sign/sign.c | 153 + crypto/openssl/demos/sign/sign.txt | 170 + crypto/openssl/demos/spkigen.c | 160 + crypto/openssl/demos/ssl/cli.cpp | 111 + crypto/openssl/demos/ssl/inetdsrv.cpp | 98 + crypto/openssl/demos/ssl/serv.cpp | 152 + crypto/openssl/dep/crypto.txt | 1043 +++ crypto/openssl/dep/files | 566 ++ crypto/openssl/dep/gen.pl | 113 + crypto/openssl/dep/ssl.txt | 156 + crypto/openssl/doc/README | 10 + crypto/openssl/doc/c-indentation.el | 36 + crypto/openssl/doc/crypto.pod | 27 + crypto/openssl/doc/openssl.pod | 304 + crypto/openssl/doc/openssl.txt | 1174 +++ crypto/openssl/doc/openssl_button.gif | Bin 0 -> 2063 bytes crypto/openssl/doc/openssl_button.html | 7 + crypto/openssl/doc/ssl.pod | 633 ++ crypto/openssl/doc/ssleay.txt | 7014 +++++++++++++++++ crypto/openssl/e_os.h | 376 + crypto/openssl/e_os2.h | 38 + crypto/openssl/mt/README | 14 + crypto/openssl/mt/mttest.c | 1092 +++ crypto/openssl/mt/profile.sh | 4 + crypto/openssl/mt/pthread.sh | 9 + crypto/openssl/mt/purify.sh | 4 + crypto/openssl/mt/solaris.sh | 4 + crypto/openssl/openssl.doxy | 7 + crypto/openssl/perl/MANIFEST | 17 + crypto/openssl/perl/Makefile.PL | 45 + crypto/openssl/perl/OpenSSL.pm | 90 + crypto/openssl/perl/OpenSSL.xs | 82 + crypto/openssl/perl/README.1ST | 4 + crypto/openssl/perl/openssl.h | 96 + crypto/openssl/perl/openssl_bio.xs | 450 ++ crypto/openssl/perl/openssl_bn.xs | 593 ++ crypto/openssl/perl/openssl_cipher.xs | 154 + crypto/openssl/perl/openssl_digest.xs | 84 + crypto/openssl/perl/openssl_err.xs | 47 + crypto/openssl/perl/openssl_ssl.xs | 483 ++ crypto/openssl/perl/openssl_x509.xs | 75 + crypto/openssl/perl/t/01-use.t | 13 + crypto/openssl/perl/t/02-version.t | 10 + crypto/openssl/perl/t/03-bio.t | 16 + crypto/openssl/perl/typemap | 96 + crypto/openssl/rsaref/Makefile.ssl | 98 + crypto/openssl/rsaref/rsar_err.c | 118 + crypto/openssl/rsaref/rsaref.c | 301 + crypto/openssl/rsaref/rsaref.h | 180 + crypto/openssl/shlib/README | 1 + crypto/openssl/shlib/irix.sh | 7 + crypto/openssl/shlib/solaris-sc4.sh | 42 + crypto/openssl/shlib/solaris.sh | 36 + crypto/openssl/shlib/sun.sh | 8 + crypto/openssl/ssl/Makefile.ssl | 828 ++ crypto/openssl/ssl/bio_ssl.c | 555 ++ crypto/openssl/ssl/s23_clnt.c | 465 ++ crypto/openssl/ssl/s23_lib.c | 213 + crypto/openssl/ssl/s23_meth.c | 92 + crypto/openssl/ssl/s23_pkt.c | 117 + crypto/openssl/ssl/s23_srvr.c | 503 ++ crypto/openssl/ssl/s2_clnt.c | 971 +++ crypto/openssl/ssl/s2_enc.c | 180 + crypto/openssl/ssl/s2_lib.c | 424 + crypto/openssl/ssl/s2_meth.c | 89 + crypto/openssl/ssl/s2_pkt.c | 640 ++ crypto/openssl/ssl/s2_srvr.c | 968 +++ crypto/openssl/ssl/s3_both.c | 468 ++ crypto/openssl/ssl/s3_clnt.c | 1729 ++++ crypto/openssl/ssl/s3_enc.c | 587 ++ crypto/openssl/ssl/s3_lib.c | 1107 +++ crypto/openssl/ssl/s3_meth.c | 88 + crypto/openssl/ssl/s3_pkt.c | 1041 +++ crypto/openssl/ssl/s3_srvr.c | 1683 ++++ crypto/openssl/ssl/ssl.h | 1484 ++++ crypto/openssl/ssl/ssl2.h | 265 + crypto/openssl/ssl/ssl23.h | 83 + crypto/openssl/ssl/ssl3.h | 459 ++ crypto/openssl/ssl/ssl_algs.c | 103 + crypto/openssl/ssl/ssl_asn1.c | 327 + crypto/openssl/ssl/ssl_cert.c | 716 ++ crypto/openssl/ssl/ssl_ciph.c | 835 ++ crypto/openssl/ssl/ssl_err.c | 416 + crypto/openssl/ssl/ssl_err2.c | 70 + crypto/openssl/ssl/ssl_lib.c | 1947 +++++ crypto/openssl/ssl/ssl_locl.h | 499 ++ crypto/openssl/ssl/ssl_rsa.c | 815 ++ crypto/openssl/ssl/ssl_sess.c | 637 ++ crypto/openssl/ssl/ssl_stat.c | 454 ++ crypto/openssl/ssl/ssl_task.c | 369 + crypto/openssl/ssl/ssl_txt.c | 171 + crypto/openssl/ssl/ssltest.c | 1163 +++ crypto/openssl/ssl/t1_clnt.c | 90 + crypto/openssl/ssl/t1_enc.c | 633 ++ crypto/openssl/ssl/t1_lib.c | 145 + crypto/openssl/ssl/t1_meth.c | 88 + crypto/openssl/ssl/t1_srvr.c | 91 + crypto/openssl/ssl/tls1.h | 153 + crypto/openssl/test/CAss.cnf | 25 + crypto/openssl/test/CAssdh.cnf | 24 + crypto/openssl/test/CAssdsa.cnf | 23 + crypto/openssl/test/CAssrsa.cnf | 24 + crypto/openssl/test/Makefile.ssl | 388 + crypto/openssl/test/Sssdsa.cnf | 27 + crypto/openssl/test/Sssrsa.cnf | 26 + crypto/openssl/test/Uss.cnf | 28 + crypto/openssl/test/VMSca-response.1 | 1 + crypto/openssl/test/VMSca-response.2 | 2 + crypto/openssl/test/dsa-ca.pem | 43 + crypto/openssl/test/dsa-pca.pem | 49 + crypto/openssl/test/methtest.c | 105 + crypto/openssl/test/pkcs7-1.pem | 15 + crypto/openssl/test/pkcs7.pem | 54 + crypto/openssl/test/r160test.c | 57 + crypto/openssl/test/tcrl | 81 + crypto/openssl/test/test.cnf | 88 + crypto/openssl/test/testca | 44 + crypto/openssl/test/testcrl.pem | 16 + crypto/openssl/test/testenc | 54 + crypto/openssl/test/testgen | 30 + crypto/openssl/test/testp7.pem | 46 + crypto/openssl/test/testreq2.pem | 7 + crypto/openssl/test/testrsa.pem | 9 + crypto/openssl/test/testsid.pem | 12 + crypto/openssl/test/testss | 90 + crypto/openssl/test/testssl | 75 + crypto/openssl/test/testx509.pem | 10 + crypto/openssl/test/times | 113 + crypto/openssl/test/tpkcs7 | 51 + crypto/openssl/test/tpkcs7d | 44 + crypto/openssl/test/treq | 81 + crypto/openssl/test/trsa | 81 + crypto/openssl/test/tsid | 81 + crypto/openssl/test/tx509 | 81 + crypto/openssl/test/v3-cert1.pem | 16 + crypto/openssl/test/v3-cert2.pem | 16 + crypto/openssl/times/090/586-100.nt | 32 + crypto/openssl/times/091/486-50.nt | 30 + crypto/openssl/times/091/586-100.lnx | 32 + crypto/openssl/times/091/68000.bsd | 32 + crypto/openssl/times/091/686-200.lnx | 32 + crypto/openssl/times/091/alpha064.osf | 32 + crypto/openssl/times/091/alpha164.lnx | 32 + crypto/openssl/times/091/alpha164.osf | 31 + crypto/openssl/times/091/mips-rel.pl | 21 + crypto/openssl/times/091/r10000.irx | 37 + crypto/openssl/times/091/r3000.ult | 32 + crypto/openssl/times/091/r4400.irx | 32 + crypto/openssl/times/100.lnx | 32 + crypto/openssl/times/100.nt | 29 + crypto/openssl/times/200.lnx | 30 + crypto/openssl/times/486-66.dos | 22 + crypto/openssl/times/486-66.nt | 22 + crypto/openssl/times/486-66.w31 | 23 + crypto/openssl/times/5.lnx | 29 + crypto/openssl/times/586-085i.nt | 29 + crypto/openssl/times/586-100.LN3 | 26 + crypto/openssl/times/586-100.NT2 | 26 + crypto/openssl/times/586-100.dos | 24 + crypto/openssl/times/586-100.ln4 | 26 + crypto/openssl/times/586-100.lnx | 23 + crypto/openssl/times/586-100.nt | 23 + crypto/openssl/times/586-100.ntx | 30 + crypto/openssl/times/586-100.w31 | 27 + crypto/openssl/times/586-1002.lnx | 26 + crypto/openssl/times/586p-100.lnx | 26 + crypto/openssl/times/686-200.bsd | 25 + crypto/openssl/times/686-200.lnx | 26 + crypto/openssl/times/686-200.nt | 24 + crypto/openssl/times/L1 | 27 + crypto/openssl/times/R10000.t | 24 + crypto/openssl/times/R4400.t | 26 + crypto/openssl/times/aix.t | 34 + crypto/openssl/times/aixold.t | 23 + crypto/openssl/times/alpha.t | 81 + crypto/openssl/times/alpha400.t | 25 + crypto/openssl/times/cyrix100.lnx | 22 + crypto/openssl/times/dgux-x86.t | 23 + crypto/openssl/times/dgux.t | 17 + crypto/openssl/times/hpux-acc.t | 25 + crypto/openssl/times/hpux-kr.t | 23 + crypto/openssl/times/hpux.t | 86 + crypto/openssl/times/p2.w95 | 22 + crypto/openssl/times/pent2.t | 24 + crypto/openssl/times/readme | 11 + crypto/openssl/times/s586-100.lnx | 25 + crypto/openssl/times/s586-100.nt | 23 + crypto/openssl/times/sgi.t | 29 + crypto/openssl/times/sparc.t | 26 + crypto/openssl/times/sparc2 | 21 + crypto/openssl/times/sparcLX.t | 22 + crypto/openssl/times/usparc.t | 25 + crypto/openssl/times/x86/bfs.cpp | 67 + crypto/openssl/times/x86/casts.cpp | 67 + crypto/openssl/times/x86/des3s.cpp | 67 + crypto/openssl/times/x86/dess.cpp | 67 + crypto/openssl/times/x86/md5s.cpp | 78 + crypto/openssl/times/x86/rc4s.cpp | 73 + crypto/openssl/times/x86/sha1s.cpp | 79 + crypto/openssl/tools/Makefile.ssl | 61 + crypto/openssl/tools/c_hash | 9 + crypto/openssl/tools/c_info | 12 + crypto/openssl/tools/c_issuer | 10 + crypto/openssl/tools/c_name | 10 + crypto/openssl/tools/c_rehash | 61 + crypto/openssl/tools/c_rehash.in | 61 + crypto/openssl/util/FreeBSD.sh | 6 + crypto/openssl/util/add_cr.pl | 123 + crypto/openssl/util/bat.sh | 132 + crypto/openssl/util/ck_errf.pl | 45 + crypto/openssl/util/clean-depend.pl | 38 + crypto/openssl/util/deleof.pl | 7 + crypto/openssl/util/do_ms.sh | 19 + crypto/openssl/util/domd | 11 + crypto/openssl/util/err-ins.pl | 33 + crypto/openssl/util/files.pl | 61 + crypto/openssl/util/fixNT.sh | 14 + crypto/openssl/util/install.sh | 108 + crypto/openssl/util/libeay.num | 1846 +++++ crypto/openssl/util/mk1mf.pl | 873 ++ crypto/openssl/util/mkcerts.sh | 220 + crypto/openssl/util/mkdef.pl | 426 + crypto/openssl/util/mkdir-p.pl | 33 + crypto/openssl/util/mkerr.pl | 503 ++ crypto/openssl/util/mkfiles.pl | 110 + crypto/openssl/util/mklink.pl | 55 + crypto/openssl/util/perlpath.pl | 35 + crypto/openssl/util/pl/BC-16.pl | 146 + crypto/openssl/util/pl/BC-32.pl | 136 + crypto/openssl/util/pl/Mingw32.pl | 79 + crypto/openssl/util/pl/Mingw32f.pl | 73 + crypto/openssl/util/pl/VC-16.pl | 173 + crypto/openssl/util/pl/VC-32.pl | 140 + crypto/openssl/util/pl/linux.pl | 100 + crypto/openssl/util/pl/ultrix.pl | 38 + crypto/openssl/util/pl/unix.pl | 96 + crypto/openssl/util/point.sh | 6 + crypto/openssl/util/sep_lib.sh | 34 + crypto/openssl/util/sp-diff.pl | 80 + crypto/openssl/util/speed.sh | 39 + crypto/openssl/util/src-dep.pl | 147 + crypto/openssl/util/ssleay.num | 217 + crypto/openssl/util/tab_num.pl | 17 + crypto/openssl/util/x86asm.sh | 42 + 1108 files changed, 223134 insertions(+) create mode 100644 crypto/openssl/CHANGES create mode 100644 crypto/openssl/CHANGES.SSLeay create mode 100755 crypto/openssl/Configure create mode 100644 crypto/openssl/INSTALL create mode 100644 crypto/openssl/LICENSE create mode 100644 crypto/openssl/Makefile.org create mode 100644 crypto/openssl/Makefile.ssl create mode 100644 crypto/openssl/NEWS create mode 100644 crypto/openssl/README create mode 100755 crypto/openssl/apps/CA.pl create mode 100644 crypto/openssl/apps/CA.sh create mode 100644 crypto/openssl/apps/Makefile.ssl create mode 100644 crypto/openssl/apps/apps.c create mode 100644 crypto/openssl/apps/apps.h create mode 100644 crypto/openssl/apps/asn1pars.c create mode 100644 crypto/openssl/apps/ca-cert.srl create mode 100644 crypto/openssl/apps/ca-key.pem create mode 100644 crypto/openssl/apps/ca-req.pem create mode 100644 crypto/openssl/apps/ca.c create mode 100644 crypto/openssl/apps/cert.pem create mode 100644 crypto/openssl/apps/ciphers.c create mode 100644 crypto/openssl/apps/client.pem create mode 100644 crypto/openssl/apps/crl.c create mode 100644 crypto/openssl/apps/crl2p7.c create mode 100644 crypto/openssl/apps/demoCA/cacert.pem create mode 100644 crypto/openssl/apps/demoCA/index.txt create mode 100644 crypto/openssl/apps/demoCA/private/cakey.pem create mode 100644 crypto/openssl/apps/demoCA/serial create mode 100644 crypto/openssl/apps/der_chop create mode 100644 crypto/openssl/apps/der_chop.in create mode 100644 crypto/openssl/apps/dgst.c create mode 100644 crypto/openssl/apps/dh.c create mode 100644 crypto/openssl/apps/dh1024.pem create mode 100644 crypto/openssl/apps/dsa-ca.pem create mode 100644 crypto/openssl/apps/dsa-pca.pem create mode 100644 crypto/openssl/apps/dsa.c create mode 100644 crypto/openssl/apps/dsa1024.pem create mode 100644 crypto/openssl/apps/dsa512.pem create mode 100644 crypto/openssl/apps/dsap.pem create mode 100644 crypto/openssl/apps/dsaparam.c create mode 100644 crypto/openssl/apps/eay.c create mode 100644 crypto/openssl/apps/enc.c create mode 100644 crypto/openssl/apps/errstr.c create mode 100644 crypto/openssl/apps/gendh.c create mode 100644 crypto/openssl/apps/gendsa.c create mode 100644 crypto/openssl/apps/genrsa.c create mode 100644 crypto/openssl/apps/nseq.c create mode 100644 crypto/openssl/apps/oid.cnf create mode 100644 crypto/openssl/apps/openssl.c create mode 100644 crypto/openssl/apps/openssl.cnf create mode 100644 crypto/openssl/apps/pca-cert.srl create mode 100644 crypto/openssl/apps/pca-key.pem create mode 100644 crypto/openssl/apps/pca-req.pem create mode 100644 crypto/openssl/apps/pem_mail.c create mode 100644 crypto/openssl/apps/pkcs12.c create mode 100644 crypto/openssl/apps/pkcs7.c create mode 100644 crypto/openssl/apps/pkcs8.c create mode 100644 crypto/openssl/apps/privkey.pem create mode 100644 crypto/openssl/apps/progs.h create mode 100644 crypto/openssl/apps/progs.pl create mode 100644 crypto/openssl/apps/req.c create mode 100644 crypto/openssl/apps/req.pem create mode 100644 crypto/openssl/apps/rsa.c create mode 100644 crypto/openssl/apps/rsa/01.pem create mode 100644 crypto/openssl/apps/rsa/1.txt create mode 100644 crypto/openssl/apps/rsa/SecureServer.pem create mode 100644 crypto/openssl/apps/rsa/s.txt create mode 100644 crypto/openssl/apps/rsa8192.pem create mode 100644 crypto/openssl/apps/s1024key.pem create mode 100644 crypto/openssl/apps/s1024req.pem create mode 100644 crypto/openssl/apps/s512-key.pem create mode 100644 crypto/openssl/apps/s512-req.pem create mode 100644 crypto/openssl/apps/s_apps.h create mode 100644 crypto/openssl/apps/s_cb.c create mode 100644 crypto/openssl/apps/s_client.c create mode 100644 crypto/openssl/apps/s_server.c create mode 100644 crypto/openssl/apps/s_socket.c create mode 100644 crypto/openssl/apps/s_time.c create mode 100644 crypto/openssl/apps/server.pem create mode 100644 crypto/openssl/apps/server.srl create mode 100644 crypto/openssl/apps/server2.pem create mode 100644 crypto/openssl/apps/sess_id.c create mode 100644 crypto/openssl/apps/set/set-g-ca.pem create mode 100644 crypto/openssl/apps/set/set-m-ca.pem create mode 100644 crypto/openssl/apps/set/set_b_ca.pem create mode 100644 crypto/openssl/apps/set/set_c_ca.pem create mode 100644 crypto/openssl/apps/set/set_d_ct.pem create mode 100644 crypto/openssl/apps/set/set_root.pem create mode 100644 crypto/openssl/apps/speed.c create mode 100644 crypto/openssl/apps/testCA.pem create mode 100644 crypto/openssl/apps/testdsa.h create mode 100644 crypto/openssl/apps/testrsa.h create mode 100644 crypto/openssl/apps/tkca create mode 100644 crypto/openssl/apps/verify.c create mode 100644 crypto/openssl/apps/version.c create mode 100644 crypto/openssl/apps/x509.c create mode 100644 crypto/openssl/bugs/MS create mode 100644 crypto/openssl/bugs/SSLv3 create mode 100644 crypto/openssl/bugs/VC16.bug create mode 100644 crypto/openssl/bugs/alpha.c create mode 100644 crypto/openssl/bugs/dggccbug.c create mode 100644 crypto/openssl/bugs/sgiccbug.c create mode 100644 crypto/openssl/bugs/sslref.dif create mode 100644 crypto/openssl/bugs/stream.c create mode 100644 crypto/openssl/bugs/ultrixcc.c create mode 100644 crypto/openssl/certs/ICE-CA.pem create mode 100644 crypto/openssl/certs/ICE-root.pem create mode 100644 crypto/openssl/certs/ICE-user.pem create mode 100644 crypto/openssl/certs/ICE.crl create mode 100644 crypto/openssl/certs/ca-cert.pem create mode 100644 crypto/openssl/certs/dsa-ca.pem create mode 100644 crypto/openssl/certs/dsa-pca.pem create mode 100644 crypto/openssl/certs/expired/ICE-CA.pem create mode 100644 crypto/openssl/certs/expired/ICE-root.pem create mode 100644 crypto/openssl/certs/expired/ICE-user.pem create mode 100644 crypto/openssl/certs/expired/ICE.crl create mode 100644 crypto/openssl/certs/factory.pem create mode 100644 crypto/openssl/certs/nortelCA.pem create mode 100644 crypto/openssl/certs/pca-cert.pem create mode 100644 crypto/openssl/certs/rsa-cca.pem create mode 100644 crypto/openssl/certs/rsa-ssca.pem create mode 100644 crypto/openssl/certs/thawteCb.pem create mode 100644 crypto/openssl/certs/thawteCp.pem create mode 100644 crypto/openssl/certs/timCA.pem create mode 100644 crypto/openssl/certs/tjhCA.pem create mode 100644 crypto/openssl/certs/vsign1.pem create mode 100644 crypto/openssl/certs/vsign2.pem create mode 100644 crypto/openssl/certs/vsign3.pem create mode 100644 crypto/openssl/certs/vsignss.pem create mode 100644 crypto/openssl/certs/vsigntca.pem create mode 100755 crypto/openssl/config create mode 100644 crypto/openssl/crypto/Makefile.ssl create mode 100644 crypto/openssl/crypto/asn1/Makefile.ssl create mode 100644 crypto/openssl/crypto/asn1/a_bitstr.c create mode 100644 crypto/openssl/crypto/asn1/a_bmp.c create mode 100644 crypto/openssl/crypto/asn1/a_bool.c create mode 100644 crypto/openssl/crypto/asn1/a_bytes.c create mode 100644 crypto/openssl/crypto/asn1/a_d2i_fp.c create mode 100644 crypto/openssl/crypto/asn1/a_digest.c create mode 100644 crypto/openssl/crypto/asn1/a_dup.c create mode 100644 crypto/openssl/crypto/asn1/a_enum.c create mode 100644 crypto/openssl/crypto/asn1/a_gentm.c create mode 100644 crypto/openssl/crypto/asn1/a_hdr.c create mode 100644 crypto/openssl/crypto/asn1/a_i2d_fp.c create mode 100644 crypto/openssl/crypto/asn1/a_int.c create mode 100644 crypto/openssl/crypto/asn1/a_meth.c create mode 100644 crypto/openssl/crypto/asn1/a_object.c create mode 100644 crypto/openssl/crypto/asn1/a_octet.c create mode 100644 crypto/openssl/crypto/asn1/a_print.c create mode 100644 crypto/openssl/crypto/asn1/a_set.c create mode 100644 crypto/openssl/crypto/asn1/a_sign.c create mode 100644 crypto/openssl/crypto/asn1/a_time.c create mode 100644 crypto/openssl/crypto/asn1/a_type.c create mode 100644 crypto/openssl/crypto/asn1/a_utctm.c create mode 100644 crypto/openssl/crypto/asn1/a_utf8.c create mode 100644 crypto/openssl/crypto/asn1/a_verify.c create mode 100644 crypto/openssl/crypto/asn1/a_vis.c create mode 100644 crypto/openssl/crypto/asn1/asn1.h create mode 100644 crypto/openssl/crypto/asn1/asn1_err.c create mode 100644 crypto/openssl/crypto/asn1/asn1_lib.c create mode 100644 crypto/openssl/crypto/asn1/asn1_mac.h create mode 100644 crypto/openssl/crypto/asn1/asn1_par.c create mode 100644 crypto/openssl/crypto/asn1/asn_pack.c create mode 100644 crypto/openssl/crypto/asn1/d2i_dhp.c create mode 100644 crypto/openssl/crypto/asn1/d2i_dsap.c create mode 100644 crypto/openssl/crypto/asn1/d2i_pr.c create mode 100644 crypto/openssl/crypto/asn1/d2i_pu.c create mode 100644 crypto/openssl/crypto/asn1/d2i_r_pr.c create mode 100644 crypto/openssl/crypto/asn1/d2i_r_pu.c create mode 100644 crypto/openssl/crypto/asn1/d2i_s_pr.c create mode 100644 crypto/openssl/crypto/asn1/d2i_s_pu.c create mode 100644 crypto/openssl/crypto/asn1/evp_asn1.c create mode 100644 crypto/openssl/crypto/asn1/f.c create mode 100644 crypto/openssl/crypto/asn1/f_enum.c create mode 100644 crypto/openssl/crypto/asn1/f_int.c create mode 100644 crypto/openssl/crypto/asn1/f_string.c create mode 100644 crypto/openssl/crypto/asn1/i2d_dhp.c create mode 100644 crypto/openssl/crypto/asn1/i2d_dsap.c create mode 100644 crypto/openssl/crypto/asn1/i2d_pr.c create mode 100644 crypto/openssl/crypto/asn1/i2d_pu.c create mode 100644 crypto/openssl/crypto/asn1/i2d_r_pr.c create mode 100644 crypto/openssl/crypto/asn1/i2d_r_pu.c create mode 100644 crypto/openssl/crypto/asn1/i2d_s_pr.c create mode 100644 crypto/openssl/crypto/asn1/i2d_s_pu.c create mode 100644 crypto/openssl/crypto/asn1/n_pkey.c create mode 100644 crypto/openssl/crypto/asn1/nsseq.c create mode 100644 crypto/openssl/crypto/asn1/p5_pbe.c create mode 100644 crypto/openssl/crypto/asn1/p5_pbev2.c create mode 100644 crypto/openssl/crypto/asn1/p7_dgst.c create mode 100644 crypto/openssl/crypto/asn1/p7_enc.c create mode 100644 crypto/openssl/crypto/asn1/p7_enc_c.c create mode 100644 crypto/openssl/crypto/asn1/p7_evp.c create mode 100644 crypto/openssl/crypto/asn1/p7_i_s.c create mode 100644 crypto/openssl/crypto/asn1/p7_lib.c create mode 100644 crypto/openssl/crypto/asn1/p7_recip.c create mode 100644 crypto/openssl/crypto/asn1/p7_s_e.c create mode 100644 crypto/openssl/crypto/asn1/p7_signd.c create mode 100644 crypto/openssl/crypto/asn1/p7_signi.c create mode 100644 crypto/openssl/crypto/asn1/p8_pkey.c create mode 100644 crypto/openssl/crypto/asn1/pkcs8.c create mode 100644 crypto/openssl/crypto/asn1/t_crl.c create mode 100644 crypto/openssl/crypto/asn1/t_pkey.c create mode 100644 crypto/openssl/crypto/asn1/t_req.c create mode 100644 crypto/openssl/crypto/asn1/t_x509.c create mode 100644 crypto/openssl/crypto/asn1/x_algor.c create mode 100644 crypto/openssl/crypto/asn1/x_attrib.c create mode 100644 crypto/openssl/crypto/asn1/x_cinf.c create mode 100644 crypto/openssl/crypto/asn1/x_crl.c create mode 100644 crypto/openssl/crypto/asn1/x_exten.c create mode 100644 crypto/openssl/crypto/asn1/x_info.c create mode 100644 crypto/openssl/crypto/asn1/x_name.c create mode 100644 crypto/openssl/crypto/asn1/x_pkey.c create mode 100644 crypto/openssl/crypto/asn1/x_pubkey.c create mode 100644 crypto/openssl/crypto/asn1/x_req.c create mode 100644 crypto/openssl/crypto/asn1/x_sig.c create mode 100644 crypto/openssl/crypto/asn1/x_spki.c create mode 100644 crypto/openssl/crypto/asn1/x_val.c create mode 100644 crypto/openssl/crypto/asn1/x_x509.c create mode 100644 crypto/openssl/crypto/bf/COPYRIGHT create mode 100644 crypto/openssl/crypto/bf/INSTALL create mode 100644 crypto/openssl/crypto/bf/Makefile.ssl create mode 100644 crypto/openssl/crypto/bf/Makefile.uni create mode 100644 crypto/openssl/crypto/bf/README create mode 100644 crypto/openssl/crypto/bf/VERSION create mode 100644 crypto/openssl/crypto/bf/asm/bf-586.pl create mode 100644 crypto/openssl/crypto/bf/asm/bf-686.pl create mode 100644 crypto/openssl/crypto/bf/asm/readme create mode 100644 crypto/openssl/crypto/bf/bf_cbc.c create mode 100644 crypto/openssl/crypto/bf/bf_cfb64.c create mode 100644 crypto/openssl/crypto/bf/bf_ecb.c create mode 100644 crypto/openssl/crypto/bf/bf_enc.c create mode 100644 crypto/openssl/crypto/bf/bf_locl.h create mode 100644 crypto/openssl/crypto/bf/bf_ofb64.c create mode 100644 crypto/openssl/crypto/bf/bf_opts.c create mode 100644 crypto/openssl/crypto/bf/bf_pi.h create mode 100644 crypto/openssl/crypto/bf/bf_skey.c create mode 100644 crypto/openssl/crypto/bf/bfs.cpp create mode 100644 crypto/openssl/crypto/bf/bfspeed.c create mode 100644 crypto/openssl/crypto/bf/bftest.c create mode 100644 crypto/openssl/crypto/bf/blowfish.h create mode 100644 crypto/openssl/crypto/bio/Makefile.ssl create mode 100644 crypto/openssl/crypto/bio/b_dump.c create mode 100644 crypto/openssl/crypto/bio/b_print.c create mode 100644 crypto/openssl/crypto/bio/b_sock.c create mode 100644 crypto/openssl/crypto/bio/bf_buff.c create mode 100644 crypto/openssl/crypto/bio/bf_nbio.c create mode 100644 crypto/openssl/crypto/bio/bf_null.c create mode 100644 crypto/openssl/crypto/bio/bio.h create mode 100644 crypto/openssl/crypto/bio/bio_cb.c create mode 100644 crypto/openssl/crypto/bio/bio_err.c create mode 100644 crypto/openssl/crypto/bio/bio_lib.c create mode 100644 crypto/openssl/crypto/bio/bss_acpt.c create mode 100644 crypto/openssl/crypto/bio/bss_bio.c create mode 100644 crypto/openssl/crypto/bio/bss_conn.c create mode 100644 crypto/openssl/crypto/bio/bss_fd.c create mode 100644 crypto/openssl/crypto/bio/bss_file.c create mode 100644 crypto/openssl/crypto/bio/bss_log.c create mode 100644 crypto/openssl/crypto/bio/bss_mem.c create mode 100644 crypto/openssl/crypto/bio/bss_null.c create mode 100644 crypto/openssl/crypto/bio/bss_rtcp.c create mode 100644 crypto/openssl/crypto/bio/bss_sock.c create mode 100644 crypto/openssl/crypto/bn/Makefile.ssl create mode 100644 crypto/openssl/crypto/bn/asm/README create mode 100644 crypto/openssl/crypto/bn/asm/alpha.s create mode 100644 crypto/openssl/crypto/bn/asm/alpha.s.works create mode 100644 crypto/openssl/crypto/bn/asm/alpha.works/add.pl create mode 100644 crypto/openssl/crypto/bn/asm/alpha.works/div.pl create mode 100644 crypto/openssl/crypto/bn/asm/alpha.works/mul.pl create mode 100644 crypto/openssl/crypto/bn/asm/alpha.works/mul_add.pl create mode 100644 crypto/openssl/crypto/bn/asm/alpha.works/mul_c4.pl create mode 100644 crypto/openssl/crypto/bn/asm/alpha.works/mul_c4.works.pl create mode 100644 crypto/openssl/crypto/bn/asm/alpha.works/mul_c8.pl create mode 100644 crypto/openssl/crypto/bn/asm/alpha.works/sqr.pl create mode 100644 crypto/openssl/crypto/bn/asm/alpha.works/sqr_c4.pl create mode 100644 crypto/openssl/crypto/bn/asm/alpha.works/sqr_c8.pl create mode 100644 crypto/openssl/crypto/bn/asm/alpha.works/sub.pl create mode 100644 crypto/openssl/crypto/bn/asm/alpha/add.pl create mode 100644 crypto/openssl/crypto/bn/asm/alpha/div.pl create mode 100644 crypto/openssl/crypto/bn/asm/alpha/mul.pl create mode 100644 crypto/openssl/crypto/bn/asm/alpha/mul_add.pl create mode 100644 crypto/openssl/crypto/bn/asm/alpha/mul_c4.pl create mode 100644 crypto/openssl/crypto/bn/asm/alpha/mul_c4.works.pl create mode 100644 crypto/openssl/crypto/bn/asm/alpha/mul_c8.pl create mode 100644 crypto/openssl/crypto/bn/asm/alpha/sqr.pl create mode 100644 crypto/openssl/crypto/bn/asm/alpha/sqr_c4.pl create mode 100644 crypto/openssl/crypto/bn/asm/alpha/sqr_c8.pl create mode 100644 crypto/openssl/crypto/bn/asm/alpha/sub.pl create mode 100644 crypto/openssl/crypto/bn/asm/bn-586.pl create mode 100644 crypto/openssl/crypto/bn/asm/bn-alpha.pl create mode 100644 crypto/openssl/crypto/bn/asm/ca.pl create mode 100644 crypto/openssl/crypto/bn/asm/co-586.pl create mode 100644 crypto/openssl/crypto/bn/asm/co-alpha.pl create mode 100644 crypto/openssl/crypto/bn/asm/mips1.s create mode 100644 crypto/openssl/crypto/bn/asm/mips3.s create mode 100644 crypto/openssl/crypto/bn/asm/pa-risc.s create mode 100644 crypto/openssl/crypto/bn/asm/pa-risc2.s create mode 100644 crypto/openssl/crypto/bn/asm/r3000.s create mode 100644 crypto/openssl/crypto/bn/asm/sparcv8.S create mode 100644 crypto/openssl/crypto/bn/asm/sparcv8plus.S create mode 100644 crypto/openssl/crypto/bn/asm/x86.pl create mode 100644 crypto/openssl/crypto/bn/asm/x86/add.pl create mode 100644 crypto/openssl/crypto/bn/asm/x86/comba.pl create mode 100644 crypto/openssl/crypto/bn/asm/x86/div.pl create mode 100644 crypto/openssl/crypto/bn/asm/x86/f create mode 100644 crypto/openssl/crypto/bn/asm/x86/mul.pl create mode 100644 crypto/openssl/crypto/bn/asm/x86/mul_add.pl create mode 100644 crypto/openssl/crypto/bn/asm/x86/sqr.pl create mode 100644 crypto/openssl/crypto/bn/asm/x86/sub.pl create mode 100644 crypto/openssl/crypto/bn/bn.h create mode 100644 crypto/openssl/crypto/bn/bn.mul create mode 100644 crypto/openssl/crypto/bn/bn_add.c create mode 100644 crypto/openssl/crypto/bn/bn_asm.c create mode 100644 crypto/openssl/crypto/bn/bn_blind.c create mode 100644 crypto/openssl/crypto/bn/bn_comba.c create mode 100644 crypto/openssl/crypto/bn/bn_div.c create mode 100644 crypto/openssl/crypto/bn/bn_err.c create mode 100644 crypto/openssl/crypto/bn/bn_exp.c create mode 100644 crypto/openssl/crypto/bn/bn_exp2.c create mode 100644 crypto/openssl/crypto/bn/bn_gcd.c create mode 100644 crypto/openssl/crypto/bn/bn_lcl.h create mode 100644 crypto/openssl/crypto/bn/bn_lib.c create mode 100644 crypto/openssl/crypto/bn/bn_mont.c create mode 100644 crypto/openssl/crypto/bn/bn_mpi.c create mode 100644 crypto/openssl/crypto/bn/bn_mul.c create mode 100644 crypto/openssl/crypto/bn/bn_opts.c create mode 100644 crypto/openssl/crypto/bn/bn_prime.c create mode 100644 crypto/openssl/crypto/bn/bn_prime.h create mode 100644 crypto/openssl/crypto/bn/bn_prime.pl create mode 100644 crypto/openssl/crypto/bn/bn_print.c create mode 100644 crypto/openssl/crypto/bn/bn_rand.c create mode 100644 crypto/openssl/crypto/bn/bn_recp.c create mode 100644 crypto/openssl/crypto/bn/bn_shift.c create mode 100644 crypto/openssl/crypto/bn/bn_sqr.c create mode 100644 crypto/openssl/crypto/bn/bn_word.c create mode 100644 crypto/openssl/crypto/bn/bnspeed.c create mode 100644 crypto/openssl/crypto/bn/bntest.c create mode 100644 crypto/openssl/crypto/bn/comba.pl create mode 100644 crypto/openssl/crypto/bn/d.c create mode 100644 crypto/openssl/crypto/bn/exp.c create mode 100644 crypto/openssl/crypto/bn/expspeed.c create mode 100644 crypto/openssl/crypto/bn/exptest.c create mode 100644 crypto/openssl/crypto/bn/new create mode 100644 crypto/openssl/crypto/bn/old/b_sqr.c create mode 100644 crypto/openssl/crypto/bn/old/bn_com.c create mode 100644 crypto/openssl/crypto/bn/old/bn_high.c create mode 100644 crypto/openssl/crypto/bn/old/bn_ka.c create mode 100644 crypto/openssl/crypto/bn/old/bn_low.c create mode 100644 crypto/openssl/crypto/bn/old/bn_m.c create mode 100644 crypto/openssl/crypto/bn/old/bn_mul.c.works create mode 100644 crypto/openssl/crypto/bn/old/bn_wmul.c create mode 100755 crypto/openssl/crypto/bn/old/build create mode 100644 crypto/openssl/crypto/bn/old/info create mode 100644 crypto/openssl/crypto/bn/old/test.works create mode 100644 crypto/openssl/crypto/bn/test.c create mode 100644 crypto/openssl/crypto/bn/todo create mode 100644 crypto/openssl/crypto/buffer/Makefile.ssl create mode 100644 crypto/openssl/crypto/buffer/buf_err.c create mode 100644 crypto/openssl/crypto/buffer/buffer.c create mode 100644 crypto/openssl/crypto/buffer/buffer.h create mode 100644 crypto/openssl/crypto/cast/Makefile.ssl create mode 100644 crypto/openssl/crypto/cast/Makefile.uni create mode 100644 crypto/openssl/crypto/cast/asm/cast-586.pl create mode 100644 crypto/openssl/crypto/cast/asm/readme create mode 100644 crypto/openssl/crypto/cast/c_cfb64.c create mode 100644 crypto/openssl/crypto/cast/c_ecb.c create mode 100644 crypto/openssl/crypto/cast/c_enc.c create mode 100644 crypto/openssl/crypto/cast/c_ofb64.c create mode 100644 crypto/openssl/crypto/cast/c_skey.c create mode 100644 crypto/openssl/crypto/cast/cast.h create mode 100644 crypto/openssl/crypto/cast/cast_lcl.h create mode 100644 crypto/openssl/crypto/cast/cast_s.h create mode 100644 crypto/openssl/crypto/cast/cast_spd.c create mode 100644 crypto/openssl/crypto/cast/castopts.c create mode 100644 crypto/openssl/crypto/cast/casts.cpp create mode 100644 crypto/openssl/crypto/cast/casttest.c create mode 100644 crypto/openssl/crypto/comp/Makefile.ssl create mode 100644 crypto/openssl/crypto/comp/c_rle.c create mode 100644 crypto/openssl/crypto/comp/c_zlib.c create mode 100644 crypto/openssl/crypto/comp/comp.h create mode 100644 crypto/openssl/crypto/comp/comp_err.c create mode 100644 crypto/openssl/crypto/comp/comp_lib.c create mode 100644 crypto/openssl/crypto/conf/Makefile.ssl create mode 100644 crypto/openssl/crypto/conf/cnf_save.c create mode 100644 crypto/openssl/crypto/conf/conf.c create mode 100644 crypto/openssl/crypto/conf/conf.h create mode 100644 crypto/openssl/crypto/conf/conf_err.c create mode 100644 crypto/openssl/crypto/conf/conf_lcl.h create mode 100644 crypto/openssl/crypto/conf/keysets.pl create mode 100644 crypto/openssl/crypto/conf/ssleay.cnf create mode 100644 crypto/openssl/crypto/conf/test.c create mode 100644 crypto/openssl/crypto/cpt_err.c create mode 100644 crypto/openssl/crypto/cryptlib.c create mode 100644 crypto/openssl/crypto/cryptlib.h create mode 100644 crypto/openssl/crypto/crypto.h create mode 100644 crypto/openssl/crypto/cversion.c create mode 100644 crypto/openssl/crypto/des/COPYRIGHT create mode 100644 crypto/openssl/crypto/des/DES.pm create mode 100644 crypto/openssl/crypto/des/DES.pod create mode 100644 crypto/openssl/crypto/des/DES.xs create mode 100644 crypto/openssl/crypto/des/FILES create mode 100644 crypto/openssl/crypto/des/INSTALL create mode 100644 crypto/openssl/crypto/des/Imakefile create mode 100644 crypto/openssl/crypto/des/KERBEROS create mode 100644 crypto/openssl/crypto/des/MODES.DES create mode 100644 crypto/openssl/crypto/des/Makefile.PL create mode 100644 crypto/openssl/crypto/des/Makefile.lit create mode 100644 crypto/openssl/crypto/des/Makefile.ssl create mode 100644 crypto/openssl/crypto/des/Makefile.uni create mode 100644 crypto/openssl/crypto/des/PC1 create mode 100644 crypto/openssl/crypto/des/PC2 create mode 100644 crypto/openssl/crypto/des/README create mode 100644 crypto/openssl/crypto/des/VERSION create mode 100644 crypto/openssl/crypto/des/asm/crypt586.pl create mode 100644 crypto/openssl/crypto/des/asm/des-586.pl create mode 100644 crypto/openssl/crypto/des/asm/des686.pl create mode 100644 crypto/openssl/crypto/des/asm/desboth.pl create mode 100644 crypto/openssl/crypto/des/asm/readme create mode 100644 crypto/openssl/crypto/des/cbc3_enc.c create mode 100644 crypto/openssl/crypto/des/cbc_cksm.c create mode 100644 crypto/openssl/crypto/des/cbc_enc.c create mode 100644 crypto/openssl/crypto/des/cfb64ede.c create mode 100644 crypto/openssl/crypto/des/cfb64enc.c create mode 100644 crypto/openssl/crypto/des/cfb_enc.c create mode 100644 crypto/openssl/crypto/des/des.c create mode 100644 crypto/openssl/crypto/des/des.h create mode 100644 crypto/openssl/crypto/des/des.man create mode 100644 crypto/openssl/crypto/des/des.pl create mode 100644 crypto/openssl/crypto/des/des3s.cpp create mode 100644 crypto/openssl/crypto/des/des_crypt.man create mode 100644 crypto/openssl/crypto/des/des_enc.c create mode 100644 crypto/openssl/crypto/des/des_locl.h create mode 100644 crypto/openssl/crypto/des/des_opts.c create mode 100644 crypto/openssl/crypto/des/des_ver.h create mode 100644 crypto/openssl/crypto/des/dess.cpp create mode 100644 crypto/openssl/crypto/des/destest.c create mode 100644 crypto/openssl/crypto/des/doIP create mode 100644 crypto/openssl/crypto/des/doPC1 create mode 100644 crypto/openssl/crypto/des/doPC2 create mode 100644 crypto/openssl/crypto/des/ecb3_enc.c create mode 100644 crypto/openssl/crypto/des/ecb_enc.c create mode 100644 crypto/openssl/crypto/des/ede_cbcm_enc.c create mode 100644 crypto/openssl/crypto/des/enc_read.c create mode 100644 crypto/openssl/crypto/des/enc_writ.c create mode 100644 crypto/openssl/crypto/des/fcrypt.c create mode 100644 crypto/openssl/crypto/des/fcrypt_b.c create mode 100644 crypto/openssl/crypto/des/makefile.bc create mode 100644 crypto/openssl/crypto/des/ncbc_enc.c create mode 100644 crypto/openssl/crypto/des/ofb64ede.c create mode 100644 crypto/openssl/crypto/des/ofb64enc.c create mode 100644 crypto/openssl/crypto/des/ofb_enc.c create mode 100644 crypto/openssl/crypto/des/options.txt create mode 100644 crypto/openssl/crypto/des/pcbc_enc.c create mode 100644 crypto/openssl/crypto/des/podd.h create mode 100644 crypto/openssl/crypto/des/qud_cksm.c create mode 100644 crypto/openssl/crypto/des/rand_key.c create mode 100644 crypto/openssl/crypto/des/read2pwd.c create mode 100644 crypto/openssl/crypto/des/read_pwd.c create mode 100644 crypto/openssl/crypto/des/rpc_des.h create mode 100644 crypto/openssl/crypto/des/rpc_enc.c create mode 100644 crypto/openssl/crypto/des/rpw.c create mode 100644 crypto/openssl/crypto/des/set_key.c create mode 100644 crypto/openssl/crypto/des/shifts.pl create mode 100644 crypto/openssl/crypto/des/sk.h create mode 100644 crypto/openssl/crypto/des/speed.c create mode 100644 crypto/openssl/crypto/des/spr.h create mode 100644 crypto/openssl/crypto/des/str2key.c create mode 100644 crypto/openssl/crypto/des/supp.c create mode 100644 crypto/openssl/crypto/des/t/test create mode 100644 crypto/openssl/crypto/des/testdes.pl create mode 100644 crypto/openssl/crypto/des/times/486-50.sol create mode 100644 crypto/openssl/crypto/des/times/586-100.lnx create mode 100644 crypto/openssl/crypto/des/times/686-200.fre create mode 100644 crypto/openssl/crypto/des/times/aix.cc create mode 100644 crypto/openssl/crypto/des/times/alpha.cc create mode 100644 crypto/openssl/crypto/des/times/hpux.cc create mode 100644 crypto/openssl/crypto/des/times/sparc.gcc create mode 100644 crypto/openssl/crypto/des/times/usparc.cc create mode 100644 crypto/openssl/crypto/des/typemap create mode 100644 crypto/openssl/crypto/des/xcbc_enc.c create mode 100644 crypto/openssl/crypto/dh/Makefile.ssl create mode 100644 crypto/openssl/crypto/dh/dh.h create mode 100644 crypto/openssl/crypto/dh/dh1024.pem create mode 100644 crypto/openssl/crypto/dh/dh192.pem create mode 100644 crypto/openssl/crypto/dh/dh2048.pem create mode 100644 crypto/openssl/crypto/dh/dh4096.pem create mode 100644 crypto/openssl/crypto/dh/dh512.pem create mode 100644 crypto/openssl/crypto/dh/dh_check.c create mode 100644 crypto/openssl/crypto/dh/dh_err.c create mode 100644 crypto/openssl/crypto/dh/dh_gen.c create mode 100644 crypto/openssl/crypto/dh/dh_key.c create mode 100644 crypto/openssl/crypto/dh/dh_lib.c create mode 100644 crypto/openssl/crypto/dh/dhtest.c create mode 100644 crypto/openssl/crypto/dh/example create mode 100644 crypto/openssl/crypto/dh/generate create mode 100644 crypto/openssl/crypto/dh/p1024.c create mode 100644 crypto/openssl/crypto/dh/p192.c create mode 100644 crypto/openssl/crypto/dh/p512.c create mode 100644 crypto/openssl/crypto/dsa/Makefile.ssl create mode 100644 crypto/openssl/crypto/dsa/README create mode 100644 crypto/openssl/crypto/dsa/dsa.h create mode 100644 crypto/openssl/crypto/dsa/dsa_asn1.c create mode 100644 crypto/openssl/crypto/dsa/dsa_err.c create mode 100644 crypto/openssl/crypto/dsa/dsa_gen.c create mode 100644 crypto/openssl/crypto/dsa/dsa_key.c create mode 100644 crypto/openssl/crypto/dsa/dsa_lib.c create mode 100644 crypto/openssl/crypto/dsa/dsa_sign.c create mode 100644 crypto/openssl/crypto/dsa/dsa_vrf.c create mode 100644 crypto/openssl/crypto/dsa/dsagen.c create mode 100644 crypto/openssl/crypto/dsa/dsatest.c create mode 100644 crypto/openssl/crypto/dsa/fips186a.txt create mode 100644 crypto/openssl/crypto/ebcdic.h create mode 100644 crypto/openssl/crypto/err/Makefile.ssl create mode 100644 crypto/openssl/crypto/err/err.c create mode 100644 crypto/openssl/crypto/err/err.h create mode 100644 crypto/openssl/crypto/err/err_all.c create mode 100644 crypto/openssl/crypto/err/err_prn.c create mode 100644 crypto/openssl/crypto/err/openssl.ec create mode 100644 crypto/openssl/crypto/evp/Makefile.ssl create mode 100644 crypto/openssl/crypto/evp/bio_b64.c create mode 100644 crypto/openssl/crypto/evp/bio_enc.c create mode 100644 crypto/openssl/crypto/evp/bio_md.c create mode 100644 crypto/openssl/crypto/evp/bio_ok.c create mode 100644 crypto/openssl/crypto/evp/c_all.c create mode 100644 crypto/openssl/crypto/evp/digest.c create mode 100644 crypto/openssl/crypto/evp/e_cbc_3d.c create mode 100644 crypto/openssl/crypto/evp/e_cbc_bf.c create mode 100644 crypto/openssl/crypto/evp/e_cbc_c.c create mode 100644 crypto/openssl/crypto/evp/e_cbc_d.c create mode 100644 crypto/openssl/crypto/evp/e_cbc_i.c create mode 100644 crypto/openssl/crypto/evp/e_cbc_r2.c create mode 100644 crypto/openssl/crypto/evp/e_cbc_r5.c create mode 100644 crypto/openssl/crypto/evp/e_cfb_3d.c create mode 100644 crypto/openssl/crypto/evp/e_cfb_bf.c create mode 100644 crypto/openssl/crypto/evp/e_cfb_c.c create mode 100644 crypto/openssl/crypto/evp/e_cfb_d.c create mode 100644 crypto/openssl/crypto/evp/e_cfb_i.c create mode 100644 crypto/openssl/crypto/evp/e_cfb_r2.c create mode 100644 crypto/openssl/crypto/evp/e_cfb_r5.c create mode 100644 crypto/openssl/crypto/evp/e_dsa.c create mode 100644 crypto/openssl/crypto/evp/e_ecb_3d.c create mode 100644 crypto/openssl/crypto/evp/e_ecb_bf.c create mode 100644 crypto/openssl/crypto/evp/e_ecb_c.c create mode 100644 crypto/openssl/crypto/evp/e_ecb_d.c create mode 100644 crypto/openssl/crypto/evp/e_ecb_i.c create mode 100644 crypto/openssl/crypto/evp/e_ecb_r2.c create mode 100644 crypto/openssl/crypto/evp/e_ecb_r5.c create mode 100644 crypto/openssl/crypto/evp/e_null.c create mode 100644 crypto/openssl/crypto/evp/e_ofb_3d.c create mode 100644 crypto/openssl/crypto/evp/e_ofb_bf.c create mode 100644 crypto/openssl/crypto/evp/e_ofb_c.c create mode 100644 crypto/openssl/crypto/evp/e_ofb_d.c create mode 100644 crypto/openssl/crypto/evp/e_ofb_i.c create mode 100644 crypto/openssl/crypto/evp/e_ofb_r2.c create mode 100644 crypto/openssl/crypto/evp/e_ofb_r5.c create mode 100644 crypto/openssl/crypto/evp/e_rc4.c create mode 100644 crypto/openssl/crypto/evp/e_xcbc_d.c create mode 100644 crypto/openssl/crypto/evp/encode.c create mode 100644 crypto/openssl/crypto/evp/evp.h create mode 100644 crypto/openssl/crypto/evp/evp_enc.c create mode 100644 crypto/openssl/crypto/evp/evp_err.c create mode 100644 crypto/openssl/crypto/evp/evp_key.c create mode 100644 crypto/openssl/crypto/evp/evp_lib.c create mode 100644 crypto/openssl/crypto/evp/evp_pbe.c create mode 100644 crypto/openssl/crypto/evp/evp_pkey.c create mode 100644 crypto/openssl/crypto/evp/m_dss.c create mode 100644 crypto/openssl/crypto/evp/m_dss1.c create mode 100644 crypto/openssl/crypto/evp/m_md2.c create mode 100644 crypto/openssl/crypto/evp/m_md5.c create mode 100644 crypto/openssl/crypto/evp/m_mdc2.c create mode 100644 crypto/openssl/crypto/evp/m_null.c create mode 100644 crypto/openssl/crypto/evp/m_ripemd.c create mode 100644 crypto/openssl/crypto/evp/m_sha.c create mode 100644 crypto/openssl/crypto/evp/m_sha1.c create mode 100644 crypto/openssl/crypto/evp/names.c create mode 100644 crypto/openssl/crypto/evp/p5_crpt.c create mode 100644 crypto/openssl/crypto/evp/p5_crpt2.c create mode 100644 crypto/openssl/crypto/evp/p_dec.c create mode 100644 crypto/openssl/crypto/evp/p_enc.c create mode 100644 crypto/openssl/crypto/evp/p_lib.c create mode 100644 crypto/openssl/crypto/evp/p_open.c create mode 100644 crypto/openssl/crypto/evp/p_seal.c create mode 100644 crypto/openssl/crypto/evp/p_sign.c create mode 100644 crypto/openssl/crypto/evp/p_verify.c create mode 100644 crypto/openssl/crypto/ex_data.c create mode 100644 crypto/openssl/crypto/hmac/Makefile.ssl create mode 100644 crypto/openssl/crypto/hmac/hmac.c create mode 100644 crypto/openssl/crypto/hmac/hmac.h create mode 100644 crypto/openssl/crypto/hmac/hmactest.c create mode 100644 crypto/openssl/crypto/lhash/Makefile.ssl create mode 100644 crypto/openssl/crypto/lhash/lh_stats.c create mode 100644 crypto/openssl/crypto/lhash/lh_test.c create mode 100644 crypto/openssl/crypto/lhash/lhash.c create mode 100644 crypto/openssl/crypto/lhash/lhash.h create mode 100644 crypto/openssl/crypto/lhash/num.pl create mode 100644 crypto/openssl/crypto/md2/Makefile.ssl create mode 100644 crypto/openssl/crypto/md2/md2.c create mode 100644 crypto/openssl/crypto/md2/md2.h create mode 100644 crypto/openssl/crypto/md2/md2_dgst.c create mode 100644 crypto/openssl/crypto/md2/md2_one.c create mode 100644 crypto/openssl/crypto/md2/md2test.c create mode 100644 crypto/openssl/crypto/md32_common.h create mode 100644 crypto/openssl/crypto/md5/Makefile.ssl create mode 100644 crypto/openssl/crypto/md5/Makefile.uni create mode 100644 crypto/openssl/crypto/md5/asm/md5-586.pl create mode 100644 crypto/openssl/crypto/md5/asm/md5-sparcv9.S create mode 100644 crypto/openssl/crypto/md5/md5.c create mode 100644 crypto/openssl/crypto/md5/md5.h create mode 100644 crypto/openssl/crypto/md5/md5_dgst.c create mode 100644 crypto/openssl/crypto/md5/md5_locl.h create mode 100644 crypto/openssl/crypto/md5/md5_one.c create mode 100644 crypto/openssl/crypto/md5/md5s.cpp create mode 100644 crypto/openssl/crypto/md5/md5test.c create mode 100644 crypto/openssl/crypto/mdc2/Makefile.ssl create mode 100644 crypto/openssl/crypto/mdc2/mdc2.h create mode 100644 crypto/openssl/crypto/mdc2/mdc2_one.c create mode 100644 crypto/openssl/crypto/mdc2/mdc2dgst.c create mode 100644 crypto/openssl/crypto/mdc2/mdc2test.c create mode 100644 crypto/openssl/crypto/mem.c create mode 100644 crypto/openssl/crypto/objects/Makefile.ssl create mode 100644 crypto/openssl/crypto/objects/o_names.c create mode 100644 crypto/openssl/crypto/objects/obj_dat.c create mode 100644 crypto/openssl/crypto/objects/obj_dat.pl create mode 100644 crypto/openssl/crypto/objects/obj_err.c create mode 100644 crypto/openssl/crypto/objects/obj_lib.c create mode 100644 crypto/openssl/crypto/objects/objects.h create mode 100644 crypto/openssl/crypto/objects/objects.txt create mode 100644 crypto/openssl/crypto/opensslconf.h create mode 100644 crypto/openssl/crypto/opensslconf.h.in create mode 100644 crypto/openssl/crypto/opensslv.h create mode 100644 crypto/openssl/crypto/pem/Makefile.ssl create mode 100644 crypto/openssl/crypto/pem/message create mode 100644 crypto/openssl/crypto/pem/pem.h create mode 100644 crypto/openssl/crypto/pem/pem2.h create mode 100644 crypto/openssl/crypto/pem/pem_all.c create mode 100644 crypto/openssl/crypto/pem/pem_err.c create mode 100644 crypto/openssl/crypto/pem/pem_info.c create mode 100644 crypto/openssl/crypto/pem/pem_lib.c create mode 100644 crypto/openssl/crypto/pem/pem_seal.c create mode 100644 crypto/openssl/crypto/pem/pem_sign.c create mode 100644 crypto/openssl/crypto/pem/pkcs7.lis create mode 100644 crypto/openssl/crypto/perlasm/alpha.pl create mode 100644 crypto/openssl/crypto/perlasm/cbc.pl create mode 100644 crypto/openssl/crypto/perlasm/readme create mode 100644 crypto/openssl/crypto/perlasm/x86asm.pl create mode 100644 crypto/openssl/crypto/perlasm/x86ms.pl create mode 100644 crypto/openssl/crypto/perlasm/x86nasm.pl create mode 100644 crypto/openssl/crypto/perlasm/x86unix.pl create mode 100644 crypto/openssl/crypto/pkcs12/Makefile.ssl create mode 100644 crypto/openssl/crypto/pkcs12/p12_add.c create mode 100644 crypto/openssl/crypto/pkcs12/p12_attr.c create mode 100644 crypto/openssl/crypto/pkcs12/p12_bags.c create mode 100644 crypto/openssl/crypto/pkcs12/p12_crpt.c create mode 100644 crypto/openssl/crypto/pkcs12/p12_crt.c create mode 100644 crypto/openssl/crypto/pkcs12/p12_decr.c create mode 100644 crypto/openssl/crypto/pkcs12/p12_init.c create mode 100644 crypto/openssl/crypto/pkcs12/p12_key.c create mode 100644 crypto/openssl/crypto/pkcs12/p12_kiss.c create mode 100644 crypto/openssl/crypto/pkcs12/p12_lib.c create mode 100644 crypto/openssl/crypto/pkcs12/p12_mac.c create mode 100644 crypto/openssl/crypto/pkcs12/p12_mutl.c create mode 100644 crypto/openssl/crypto/pkcs12/p12_sbag.c create mode 100644 crypto/openssl/crypto/pkcs12/p12_utl.c create mode 100644 crypto/openssl/crypto/pkcs12/pk12err.c create mode 100644 crypto/openssl/crypto/pkcs12/pkcs12.h create mode 100644 crypto/openssl/crypto/pkcs7/Makefile.ssl create mode 100644 crypto/openssl/crypto/pkcs7/README create mode 100644 crypto/openssl/crypto/pkcs7/bio_ber.c create mode 100644 crypto/openssl/crypto/pkcs7/dec.c create mode 100644 crypto/openssl/crypto/pkcs7/des.pem create mode 100644 crypto/openssl/crypto/pkcs7/doc create mode 100644 crypto/openssl/crypto/pkcs7/enc.c create mode 100644 crypto/openssl/crypto/pkcs7/es1.pem create mode 100644 crypto/openssl/crypto/pkcs7/example.c create mode 100644 crypto/openssl/crypto/pkcs7/example.h create mode 100644 crypto/openssl/crypto/pkcs7/info.pem create mode 100644 crypto/openssl/crypto/pkcs7/infokey.pem create mode 100644 crypto/openssl/crypto/pkcs7/p7/a1 create mode 100644 crypto/openssl/crypto/pkcs7/p7/a2 create mode 100644 crypto/openssl/crypto/pkcs7/p7/cert.p7c create mode 100644 crypto/openssl/crypto/pkcs7/p7/smime.p7m create mode 100644 crypto/openssl/crypto/pkcs7/p7/smime.p7s create mode 100644 crypto/openssl/crypto/pkcs7/pk7_dgst.c create mode 100644 crypto/openssl/crypto/pkcs7/pk7_doit.c create mode 100644 crypto/openssl/crypto/pkcs7/pk7_enc.c create mode 100644 crypto/openssl/crypto/pkcs7/pk7_lib.c create mode 100644 crypto/openssl/crypto/pkcs7/pkcs7.h create mode 100644 crypto/openssl/crypto/pkcs7/pkcs7err.c create mode 100644 crypto/openssl/crypto/pkcs7/server.pem create mode 100644 crypto/openssl/crypto/pkcs7/sign.c create mode 100644 crypto/openssl/crypto/pkcs7/t/3des.pem create mode 100644 crypto/openssl/crypto/pkcs7/t/3dess.pem create mode 100644 crypto/openssl/crypto/pkcs7/t/c.pem create mode 100644 crypto/openssl/crypto/pkcs7/t/ff create mode 100644 crypto/openssl/crypto/pkcs7/t/msie-e create mode 100644 crypto/openssl/crypto/pkcs7/t/msie-e.pem create mode 100644 crypto/openssl/crypto/pkcs7/t/msie-enc-01 create mode 100644 crypto/openssl/crypto/pkcs7/t/msie-enc-01.pem create mode 100644 crypto/openssl/crypto/pkcs7/t/msie-enc-02 create mode 100644 crypto/openssl/crypto/pkcs7/t/msie-enc-02.pem create mode 100644 crypto/openssl/crypto/pkcs7/t/msie-s-a-e create mode 100644 crypto/openssl/crypto/pkcs7/t/msie-s-a-e.pem create mode 100644 crypto/openssl/crypto/pkcs7/t/nav-smime create mode 100644 crypto/openssl/crypto/pkcs7/t/s.pem create mode 100644 crypto/openssl/crypto/pkcs7/t/server.pem create mode 100644 crypto/openssl/crypto/pkcs7/verify.c create mode 100644 crypto/openssl/crypto/rand/Makefile.ssl create mode 100644 crypto/openssl/crypto/rand/md_rand.c create mode 100644 crypto/openssl/crypto/rand/rand.h create mode 100644 crypto/openssl/crypto/rand/rand_lib.c create mode 100644 crypto/openssl/crypto/rand/randfile.c create mode 100644 crypto/openssl/crypto/rand/randtest.c create mode 100644 crypto/openssl/crypto/rc2/Makefile.ssl create mode 100644 crypto/openssl/crypto/rc2/Makefile.uni create mode 100644 crypto/openssl/crypto/rc2/rc2.h create mode 100644 crypto/openssl/crypto/rc2/rc2_cbc.c create mode 100644 crypto/openssl/crypto/rc2/rc2_ecb.c create mode 100644 crypto/openssl/crypto/rc2/rc2_locl.h create mode 100644 crypto/openssl/crypto/rc2/rc2_skey.c create mode 100644 crypto/openssl/crypto/rc2/rc2cfb64.c create mode 100644 crypto/openssl/crypto/rc2/rc2ofb64.c create mode 100644 crypto/openssl/crypto/rc2/rc2speed.c create mode 100644 crypto/openssl/crypto/rc2/rc2test.c create mode 100644 crypto/openssl/crypto/rc2/rrc2.doc create mode 100644 crypto/openssl/crypto/rc2/tab.c create mode 100644 crypto/openssl/crypto/rc2/version create mode 100644 crypto/openssl/crypto/rc4/Makefile.ssl create mode 100644 crypto/openssl/crypto/rc4/Makefile.uni create mode 100644 crypto/openssl/crypto/rc4/asm/rc4-586.pl create mode 100644 crypto/openssl/crypto/rc4/rc4.c create mode 100644 crypto/openssl/crypto/rc4/rc4.h create mode 100644 crypto/openssl/crypto/rc4/rc4_enc.c create mode 100644 crypto/openssl/crypto/rc4/rc4_locl.h create mode 100644 crypto/openssl/crypto/rc4/rc4_skey.c create mode 100644 crypto/openssl/crypto/rc4/rc4s.cpp create mode 100644 crypto/openssl/crypto/rc4/rc4speed.c create mode 100644 crypto/openssl/crypto/rc4/rc4test.c create mode 100644 crypto/openssl/crypto/rc4/rrc4.doc create mode 100644 crypto/openssl/crypto/rc5/Makefile.ssl create mode 100644 crypto/openssl/crypto/rc5/Makefile.uni create mode 100644 crypto/openssl/crypto/rc5/asm/rc5-586.pl create mode 100644 crypto/openssl/crypto/rc5/rc5.h create mode 100644 crypto/openssl/crypto/rc5/rc5_ecb.c create mode 100644 crypto/openssl/crypto/rc5/rc5_enc.c create mode 100644 crypto/openssl/crypto/rc5/rc5_locl.h create mode 100644 crypto/openssl/crypto/rc5/rc5_skey.c create mode 100644 crypto/openssl/crypto/rc5/rc5cfb64.c create mode 100644 crypto/openssl/crypto/rc5/rc5ofb64.c create mode 100644 crypto/openssl/crypto/rc5/rc5s.cpp create mode 100644 crypto/openssl/crypto/rc5/rc5speed.c create mode 100644 crypto/openssl/crypto/rc5/rc5test.c create mode 100644 crypto/openssl/crypto/ripemd/Makefile.ssl create mode 100644 crypto/openssl/crypto/ripemd/Makefile.uni create mode 100644 crypto/openssl/crypto/ripemd/README create mode 100644 crypto/openssl/crypto/ripemd/asm/rips.cpp create mode 100644 crypto/openssl/crypto/ripemd/asm/rmd-586.pl create mode 100644 crypto/openssl/crypto/ripemd/ripemd.h create mode 100644 crypto/openssl/crypto/ripemd/rmd160.c create mode 100644 crypto/openssl/crypto/ripemd/rmd_dgst.c create mode 100644 crypto/openssl/crypto/ripemd/rmd_locl.h create mode 100644 crypto/openssl/crypto/ripemd/rmd_one.c create mode 100644 crypto/openssl/crypto/ripemd/rmdconst.h create mode 100644 crypto/openssl/crypto/ripemd/rmdtest.c create mode 100644 crypto/openssl/crypto/sha/Makefile.ssl create mode 100644 crypto/openssl/crypto/sha/Makefile.uni create mode 100644 crypto/openssl/crypto/sha/asm/README create mode 100644 crypto/openssl/crypto/sha/asm/sha1-586.pl create mode 100644 crypto/openssl/crypto/sha/sha.c create mode 100644 crypto/openssl/crypto/sha/sha.h create mode 100644 crypto/openssl/crypto/sha/sha1.c create mode 100644 crypto/openssl/crypto/sha/sha1_one.c create mode 100644 crypto/openssl/crypto/sha/sha1dgst.c create mode 100644 crypto/openssl/crypto/sha/sha1s.cpp create mode 100644 crypto/openssl/crypto/sha/sha1test.c create mode 100644 crypto/openssl/crypto/sha/sha_dgst.c create mode 100644 crypto/openssl/crypto/sha/sha_locl.h create mode 100644 crypto/openssl/crypto/sha/sha_one.c create mode 100644 crypto/openssl/crypto/sha/shatest.c create mode 100644 crypto/openssl/crypto/stack/Makefile.ssl create mode 100644 crypto/openssl/crypto/stack/safestack.h create mode 100644 crypto/openssl/crypto/stack/stack.c create mode 100644 crypto/openssl/crypto/stack/stack.h create mode 100644 crypto/openssl/crypto/threads/mttest.c create mode 100644 crypto/openssl/crypto/threads/th-lock.c create mode 100644 crypto/openssl/crypto/tmdiff.c create mode 100644 crypto/openssl/crypto/tmdiff.h create mode 100644 crypto/openssl/crypto/txt_db/Makefile.ssl create mode 100644 crypto/openssl/crypto/txt_db/txt_db.c create mode 100644 crypto/openssl/crypto/txt_db/txt_db.h create mode 100644 crypto/openssl/crypto/x509/Makefile.ssl create mode 100644 crypto/openssl/crypto/x509/by_dir.c create mode 100644 crypto/openssl/crypto/x509/by_file.c create mode 100644 crypto/openssl/crypto/x509/x509.h create mode 100644 crypto/openssl/crypto/x509/x509_cmp.c create mode 100644 crypto/openssl/crypto/x509/x509_d2.c create mode 100644 crypto/openssl/crypto/x509/x509_def.c create mode 100644 crypto/openssl/crypto/x509/x509_err.c create mode 100644 crypto/openssl/crypto/x509/x509_ext.c create mode 100644 crypto/openssl/crypto/x509/x509_lu.c create mode 100644 crypto/openssl/crypto/x509/x509_obj.c create mode 100644 crypto/openssl/crypto/x509/x509_r2x.c create mode 100644 crypto/openssl/crypto/x509/x509_req.c create mode 100644 crypto/openssl/crypto/x509/x509_set.c create mode 100644 crypto/openssl/crypto/x509/x509_txt.c create mode 100644 crypto/openssl/crypto/x509/x509_v3.c create mode 100644 crypto/openssl/crypto/x509/x509_vfy.c create mode 100644 crypto/openssl/crypto/x509/x509_vfy.h create mode 100644 crypto/openssl/crypto/x509/x509name.c create mode 100644 crypto/openssl/crypto/x509/x509rset.c create mode 100644 crypto/openssl/crypto/x509/x509type.c create mode 100644 crypto/openssl/crypto/x509/x_all.c create mode 100644 crypto/openssl/crypto/x509v3/Makefile.ssl create mode 100644 crypto/openssl/crypto/x509v3/README create mode 100644 crypto/openssl/crypto/x509v3/v3_akey.c create mode 100644 crypto/openssl/crypto/x509v3/v3_alt.c create mode 100644 crypto/openssl/crypto/x509v3/v3_bcons.c create mode 100644 crypto/openssl/crypto/x509v3/v3_bitst.c create mode 100644 crypto/openssl/crypto/x509v3/v3_conf.c create mode 100644 crypto/openssl/crypto/x509v3/v3_cpols.c create mode 100644 crypto/openssl/crypto/x509v3/v3_crld.c create mode 100644 crypto/openssl/crypto/x509v3/v3_enum.c create mode 100644 crypto/openssl/crypto/x509v3/v3_extku.c create mode 100644 crypto/openssl/crypto/x509v3/v3_genn.c create mode 100644 crypto/openssl/crypto/x509v3/v3_ia5.c create mode 100644 crypto/openssl/crypto/x509v3/v3_int.c create mode 100644 crypto/openssl/crypto/x509v3/v3_lib.c create mode 100644 crypto/openssl/crypto/x509v3/v3_pku.c create mode 100644 crypto/openssl/crypto/x509v3/v3_prn.c create mode 100644 crypto/openssl/crypto/x509v3/v3_skey.c create mode 100644 crypto/openssl/crypto/x509v3/v3_sxnet.c create mode 100644 crypto/openssl/crypto/x509v3/v3_utl.c create mode 100644 crypto/openssl/crypto/x509v3/v3conf.c create mode 100644 crypto/openssl/crypto/x509v3/v3err.c create mode 100644 crypto/openssl/crypto/x509v3/v3prin.c create mode 100644 crypto/openssl/crypto/x509v3/x509v3.h create mode 100644 crypto/openssl/demos/README create mode 100644 crypto/openssl/demos/b64.c create mode 100644 crypto/openssl/demos/b64.pl create mode 100644 crypto/openssl/demos/bio/Makefile create mode 100644 crypto/openssl/demos/bio/README create mode 100644 crypto/openssl/demos/bio/saccept.c create mode 100644 crypto/openssl/demos/bio/sconnect.c create mode 100644 crypto/openssl/demos/bio/server.pem create mode 100644 crypto/openssl/demos/eay/Makefile create mode 100644 crypto/openssl/demos/eay/base64.c create mode 100644 crypto/openssl/demos/eay/conn.c create mode 100644 crypto/openssl/demos/eay/loadrsa.c create mode 100644 crypto/openssl/demos/maurice/Makefile create mode 100644 crypto/openssl/demos/maurice/README create mode 100644 crypto/openssl/demos/maurice/cert.pem create mode 100644 crypto/openssl/demos/maurice/example1.c create mode 100644 crypto/openssl/demos/maurice/example2.c create mode 100644 crypto/openssl/demos/maurice/example3.c create mode 100644 crypto/openssl/demos/maurice/example4.c create mode 100644 crypto/openssl/demos/maurice/loadkeys.c create mode 100644 crypto/openssl/demos/maurice/loadkeys.h create mode 100644 crypto/openssl/demos/maurice/privkey.pem create mode 100644 crypto/openssl/demos/prime/Makefile create mode 100644 crypto/openssl/demos/prime/prime.c create mode 100644 crypto/openssl/demos/privkey.pem create mode 100644 crypto/openssl/demos/selfsign.c create mode 100644 crypto/openssl/demos/sign/Makefile create mode 100644 crypto/openssl/demos/sign/cert.pem create mode 100644 crypto/openssl/demos/sign/key.pem create mode 100644 crypto/openssl/demos/sign/sig.txt create mode 100644 crypto/openssl/demos/sign/sign.c create mode 100644 crypto/openssl/demos/sign/sign.txt create mode 100644 crypto/openssl/demos/spkigen.c create mode 100644 crypto/openssl/demos/ssl/cli.cpp create mode 100644 crypto/openssl/demos/ssl/inetdsrv.cpp create mode 100644 crypto/openssl/demos/ssl/serv.cpp create mode 100644 crypto/openssl/dep/crypto.txt create mode 100644 crypto/openssl/dep/files create mode 100644 crypto/openssl/dep/gen.pl create mode 100644 crypto/openssl/dep/ssl.txt create mode 100644 crypto/openssl/doc/README create mode 100644 crypto/openssl/doc/c-indentation.el create mode 100644 crypto/openssl/doc/crypto.pod create mode 100644 crypto/openssl/doc/openssl.pod create mode 100644 crypto/openssl/doc/openssl.txt create mode 100644 crypto/openssl/doc/openssl_button.gif create mode 100644 crypto/openssl/doc/openssl_button.html create mode 100644 crypto/openssl/doc/ssl.pod create mode 100644 crypto/openssl/doc/ssleay.txt create mode 100644 crypto/openssl/e_os.h create mode 100644 crypto/openssl/e_os2.h create mode 100644 crypto/openssl/mt/README create mode 100644 crypto/openssl/mt/mttest.c create mode 100644 crypto/openssl/mt/profile.sh create mode 100644 crypto/openssl/mt/pthread.sh create mode 100644 crypto/openssl/mt/purify.sh create mode 100644 crypto/openssl/mt/solaris.sh create mode 100644 crypto/openssl/openssl.doxy create mode 100644 crypto/openssl/perl/MANIFEST create mode 100644 crypto/openssl/perl/Makefile.PL create mode 100644 crypto/openssl/perl/OpenSSL.pm create mode 100644 crypto/openssl/perl/OpenSSL.xs create mode 100644 crypto/openssl/perl/README.1ST create mode 100644 crypto/openssl/perl/openssl.h create mode 100644 crypto/openssl/perl/openssl_bio.xs create mode 100644 crypto/openssl/perl/openssl_bn.xs create mode 100644 crypto/openssl/perl/openssl_cipher.xs create mode 100644 crypto/openssl/perl/openssl_digest.xs create mode 100644 crypto/openssl/perl/openssl_err.xs create mode 100644 crypto/openssl/perl/openssl_ssl.xs create mode 100644 crypto/openssl/perl/openssl_x509.xs create mode 100644 crypto/openssl/perl/t/01-use.t create mode 100644 crypto/openssl/perl/t/02-version.t create mode 100644 crypto/openssl/perl/t/03-bio.t create mode 100644 crypto/openssl/perl/typemap create mode 100644 crypto/openssl/rsaref/Makefile.ssl create mode 100644 crypto/openssl/rsaref/rsar_err.c create mode 100644 crypto/openssl/rsaref/rsaref.c create mode 100644 crypto/openssl/rsaref/rsaref.h create mode 100644 crypto/openssl/shlib/README create mode 100644 crypto/openssl/shlib/irix.sh create mode 100755 crypto/openssl/shlib/solaris-sc4.sh create mode 100644 crypto/openssl/shlib/solaris.sh create mode 100644 crypto/openssl/shlib/sun.sh create mode 100644 crypto/openssl/ssl/Makefile.ssl create mode 100644 crypto/openssl/ssl/bio_ssl.c create mode 100644 crypto/openssl/ssl/s23_clnt.c create mode 100644 crypto/openssl/ssl/s23_lib.c create mode 100644 crypto/openssl/ssl/s23_meth.c create mode 100644 crypto/openssl/ssl/s23_pkt.c create mode 100644 crypto/openssl/ssl/s23_srvr.c create mode 100644 crypto/openssl/ssl/s2_clnt.c create mode 100644 crypto/openssl/ssl/s2_enc.c create mode 100644 crypto/openssl/ssl/s2_lib.c create mode 100644 crypto/openssl/ssl/s2_meth.c create mode 100644 crypto/openssl/ssl/s2_pkt.c create mode 100644 crypto/openssl/ssl/s2_srvr.c create mode 100644 crypto/openssl/ssl/s3_both.c create mode 100644 crypto/openssl/ssl/s3_clnt.c create mode 100644 crypto/openssl/ssl/s3_enc.c create mode 100644 crypto/openssl/ssl/s3_lib.c create mode 100644 crypto/openssl/ssl/s3_meth.c create mode 100644 crypto/openssl/ssl/s3_pkt.c create mode 100644 crypto/openssl/ssl/s3_srvr.c create mode 100644 crypto/openssl/ssl/ssl.h create mode 100644 crypto/openssl/ssl/ssl2.h create mode 100644 crypto/openssl/ssl/ssl23.h create mode 100644 crypto/openssl/ssl/ssl3.h create mode 100644 crypto/openssl/ssl/ssl_algs.c create mode 100644 crypto/openssl/ssl/ssl_asn1.c create mode 100644 crypto/openssl/ssl/ssl_cert.c create mode 100644 crypto/openssl/ssl/ssl_ciph.c create mode 100644 crypto/openssl/ssl/ssl_err.c create mode 100644 crypto/openssl/ssl/ssl_err2.c create mode 100644 crypto/openssl/ssl/ssl_lib.c create mode 100644 crypto/openssl/ssl/ssl_locl.h create mode 100644 crypto/openssl/ssl/ssl_rsa.c create mode 100644 crypto/openssl/ssl/ssl_sess.c create mode 100644 crypto/openssl/ssl/ssl_stat.c create mode 100644 crypto/openssl/ssl/ssl_task.c create mode 100644 crypto/openssl/ssl/ssl_txt.c create mode 100644 crypto/openssl/ssl/ssltest.c create mode 100644 crypto/openssl/ssl/t1_clnt.c create mode 100644 crypto/openssl/ssl/t1_enc.c create mode 100644 crypto/openssl/ssl/t1_lib.c create mode 100644 crypto/openssl/ssl/t1_meth.c create mode 100644 crypto/openssl/ssl/t1_srvr.c create mode 100644 crypto/openssl/ssl/tls1.h create mode 100644 crypto/openssl/test/CAss.cnf create mode 100644 crypto/openssl/test/CAssdh.cnf create mode 100644 crypto/openssl/test/CAssdsa.cnf create mode 100644 crypto/openssl/test/CAssrsa.cnf create mode 100644 crypto/openssl/test/Makefile.ssl create mode 100644 crypto/openssl/test/Sssdsa.cnf create mode 100644 crypto/openssl/test/Sssrsa.cnf create mode 100644 crypto/openssl/test/Uss.cnf create mode 100644 crypto/openssl/test/VMSca-response.1 create mode 100644 crypto/openssl/test/VMSca-response.2 create mode 100644 crypto/openssl/test/dsa-ca.pem create mode 100644 crypto/openssl/test/dsa-pca.pem create mode 100644 crypto/openssl/test/methtest.c create mode 100644 crypto/openssl/test/pkcs7-1.pem create mode 100644 crypto/openssl/test/pkcs7.pem create mode 100644 crypto/openssl/test/r160test.c create mode 100644 crypto/openssl/test/tcrl create mode 100644 crypto/openssl/test/test.cnf create mode 100644 crypto/openssl/test/testca create mode 100644 crypto/openssl/test/testcrl.pem create mode 100644 crypto/openssl/test/testenc create mode 100644 crypto/openssl/test/testgen create mode 100644 crypto/openssl/test/testp7.pem create mode 100644 crypto/openssl/test/testreq2.pem create mode 100644 crypto/openssl/test/testrsa.pem create mode 100644 crypto/openssl/test/testsid.pem create mode 100644 crypto/openssl/test/testss create mode 100644 crypto/openssl/test/testssl create mode 100644 crypto/openssl/test/testx509.pem create mode 100644 crypto/openssl/test/times create mode 100644 crypto/openssl/test/tpkcs7 create mode 100644 crypto/openssl/test/tpkcs7d create mode 100644 crypto/openssl/test/treq create mode 100644 crypto/openssl/test/trsa create mode 100644 crypto/openssl/test/tsid create mode 100644 crypto/openssl/test/tx509 create mode 100644 crypto/openssl/test/v3-cert1.pem create mode 100644 crypto/openssl/test/v3-cert2.pem create mode 100644 crypto/openssl/times/090/586-100.nt create mode 100644 crypto/openssl/times/091/486-50.nt create mode 100644 crypto/openssl/times/091/586-100.lnx create mode 100644 crypto/openssl/times/091/68000.bsd create mode 100644 crypto/openssl/times/091/686-200.lnx create mode 100644 crypto/openssl/times/091/alpha064.osf create mode 100644 crypto/openssl/times/091/alpha164.lnx create mode 100644 crypto/openssl/times/091/alpha164.osf create mode 100644 crypto/openssl/times/091/mips-rel.pl create mode 100644 crypto/openssl/times/091/r10000.irx create mode 100644 crypto/openssl/times/091/r3000.ult create mode 100644 crypto/openssl/times/091/r4400.irx create mode 100644 crypto/openssl/times/100.lnx create mode 100644 crypto/openssl/times/100.nt create mode 100644 crypto/openssl/times/200.lnx create mode 100644 crypto/openssl/times/486-66.dos create mode 100644 crypto/openssl/times/486-66.nt create mode 100644 crypto/openssl/times/486-66.w31 create mode 100644 crypto/openssl/times/5.lnx create mode 100644 crypto/openssl/times/586-085i.nt create mode 100644 crypto/openssl/times/586-100.LN3 create mode 100644 crypto/openssl/times/586-100.NT2 create mode 100644 crypto/openssl/times/586-100.dos create mode 100644 crypto/openssl/times/586-100.ln4 create mode 100644 crypto/openssl/times/586-100.lnx create mode 100644 crypto/openssl/times/586-100.nt create mode 100644 crypto/openssl/times/586-100.ntx create mode 100644 crypto/openssl/times/586-100.w31 create mode 100644 crypto/openssl/times/586-1002.lnx create mode 100644 crypto/openssl/times/586p-100.lnx create mode 100644 crypto/openssl/times/686-200.bsd create mode 100644 crypto/openssl/times/686-200.lnx create mode 100644 crypto/openssl/times/686-200.nt create mode 100644 crypto/openssl/times/L1 create mode 100644 crypto/openssl/times/R10000.t create mode 100644 crypto/openssl/times/R4400.t create mode 100644 crypto/openssl/times/aix.t create mode 100644 crypto/openssl/times/aixold.t create mode 100644 crypto/openssl/times/alpha.t create mode 100644 crypto/openssl/times/alpha400.t create mode 100644 crypto/openssl/times/cyrix100.lnx create mode 100644 crypto/openssl/times/dgux-x86.t create mode 100644 crypto/openssl/times/dgux.t create mode 100644 crypto/openssl/times/hpux-acc.t create mode 100644 crypto/openssl/times/hpux-kr.t create mode 100644 crypto/openssl/times/hpux.t create mode 100644 crypto/openssl/times/p2.w95 create mode 100644 crypto/openssl/times/pent2.t create mode 100644 crypto/openssl/times/readme create mode 100644 crypto/openssl/times/s586-100.lnx create mode 100644 crypto/openssl/times/s586-100.nt create mode 100644 crypto/openssl/times/sgi.t create mode 100644 crypto/openssl/times/sparc.t create mode 100644 crypto/openssl/times/sparc2 create mode 100644 crypto/openssl/times/sparcLX.t create mode 100644 crypto/openssl/times/usparc.t create mode 100644 crypto/openssl/times/x86/bfs.cpp create mode 100644 crypto/openssl/times/x86/casts.cpp create mode 100644 crypto/openssl/times/x86/des3s.cpp create mode 100644 crypto/openssl/times/x86/dess.cpp create mode 100644 crypto/openssl/times/x86/md5s.cpp create mode 100644 crypto/openssl/times/x86/rc4s.cpp create mode 100644 crypto/openssl/times/x86/sha1s.cpp create mode 100644 crypto/openssl/tools/Makefile.ssl create mode 100644 crypto/openssl/tools/c_hash create mode 100644 crypto/openssl/tools/c_info create mode 100644 crypto/openssl/tools/c_issuer create mode 100644 crypto/openssl/tools/c_name create mode 100644 crypto/openssl/tools/c_rehash create mode 100644 crypto/openssl/tools/c_rehash.in create mode 100755 crypto/openssl/util/FreeBSD.sh create mode 100755 crypto/openssl/util/add_cr.pl create mode 100755 crypto/openssl/util/bat.sh create mode 100755 crypto/openssl/util/ck_errf.pl create mode 100755 crypto/openssl/util/clean-depend.pl create mode 100755 crypto/openssl/util/deleof.pl create mode 100755 crypto/openssl/util/do_ms.sh create mode 100755 crypto/openssl/util/domd create mode 100755 crypto/openssl/util/err-ins.pl create mode 100755 crypto/openssl/util/files.pl create mode 100755 crypto/openssl/util/fixNT.sh create mode 100755 crypto/openssl/util/install.sh create mode 100755 crypto/openssl/util/libeay.num create mode 100755 crypto/openssl/util/mk1mf.pl create mode 100755 crypto/openssl/util/mkcerts.sh create mode 100755 crypto/openssl/util/mkdef.pl create mode 100755 crypto/openssl/util/mkdir-p.pl create mode 100644 crypto/openssl/util/mkerr.pl create mode 100755 crypto/openssl/util/mkfiles.pl create mode 100755 crypto/openssl/util/mklink.pl create mode 100755 crypto/openssl/util/perlpath.pl create mode 100644 crypto/openssl/util/pl/BC-16.pl create mode 100644 crypto/openssl/util/pl/BC-32.pl create mode 100644 crypto/openssl/util/pl/Mingw32.pl create mode 100644 crypto/openssl/util/pl/Mingw32f.pl create mode 100644 crypto/openssl/util/pl/VC-16.pl create mode 100644 crypto/openssl/util/pl/VC-32.pl create mode 100644 crypto/openssl/util/pl/linux.pl create mode 100644 crypto/openssl/util/pl/ultrix.pl create mode 100644 crypto/openssl/util/pl/unix.pl create mode 100755 crypto/openssl/util/point.sh create mode 100755 crypto/openssl/util/sep_lib.sh create mode 100755 crypto/openssl/util/sp-diff.pl create mode 100755 crypto/openssl/util/speed.sh create mode 100755 crypto/openssl/util/src-dep.pl create mode 100755 crypto/openssl/util/ssleay.num create mode 100755 crypto/openssl/util/tab_num.pl create mode 100755 crypto/openssl/util/x86asm.sh diff --git a/crypto/openssl/CHANGES b/crypto/openssl/CHANGES new file mode 100644 index 000000000000..d0db7eaf61bb --- /dev/null +++ b/crypto/openssl/CHANGES @@ -0,0 +1,1624 @@ + + OpenSSL CHANGES + _______________ + + Changes between 0.9.3a and 0.9.4 [09 Aug 1999] + + *) Install libRSAglue.a when OpenSSL is built with RSAref. + [Ralf S. Engelschall] + + *) A few more ``#ifndef NO_FP_API / #endif'' pairs for consistency. + [Andrija Antonijevic ] + + *) Fix -startdate and -enddate (which was missing) arguments to 'ca' + program. + [Steve Henson] + + *) New function DSA_dup_DH, which duplicates DSA parameters/keys as + DH parameters/keys (q is lost during that conversion, but the resulting + DH parameters contain its length). + + For 1024-bit p, DSA_generate_parameters followed by DSA_dup_DH is + much faster than DH_generate_parameters (which creates parameters + where p = 2*q + 1), and also the smaller q makes DH computations + much more efficient (160-bit exponentiation instead of 1024-bit + exponentiation); so this provides a convenient way to support DHE + ciphersuites in SSL/TLS servers (see ssl/ssltest.c). It is of + utter importance to use + SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE); + or + SSL_set_options(s_ctx, SSL_OP_SINGLE_DH_USE); + when such DH parameters are used, because otherwise small subgroup + attacks may become possible! + [Bodo Moeller] + + *) Avoid memory leak in i2d_DHparams. + [Bodo Moeller] + + *) Allow the -k option to be used more than once in the enc program: + this allows the same encrypted message to be read by multiple recipients. + [Steve Henson] + + *) New function OBJ_obj2txt(buf, buf_len, a, no_name), this converts + an ASN1_OBJECT to a text string. If the "no_name" parameter is set then + it will always use the numerical form of the OID, even if it has a short + or long name. + [Steve Henson] + + *) Added an extra RSA flag: RSA_FLAG_EXT_PKEY. Previously the rsa_mod_exp + method only got called if p,q,dmp1,dmq1,iqmp components were present, + otherwise bn_mod_exp was called. In the case of hardware keys for example + no private key components need be present and it might store extra data + in the RSA structure, which cannot be accessed from bn_mod_exp. By setting + RSA_FLAG_EXT_PKEY rsa_mod_exp will always be called for private key + operations. + [Steve Henson] + + *) Added support for SPARC Linux. + [Andy Polyakov] + + *) pem_password_cb function type incompatibly changed from + typedef int pem_password_cb(char *buf, int size, int rwflag); + to + ....(char *buf, int size, int rwflag, void *userdata); + so that applications can pass data to their callbacks: + The PEM[_ASN1]_{read,write}... functions and macros now take an + additional void * argument, which is just handed through whenever + the password callback is called. + [Damien Miller , with tiny changes by Bodo Moeller] + + New function SSL_CTX_set_default_passwd_cb_userdata. + + Compatibility note: As many C implementations push function arguments + onto the stack in reverse order, the new library version is likely to + interoperate with programs that have been compiled with the old + pem_password_cb definition (PEM_whatever takes some data that + happens to be on the stack as its last argument, and the callback + just ignores this garbage); but there is no guarantee whatsoever that + this will work. + + *) The -DPLATFORM="\"$(PLATFORM)\"" definition and the similar -DCFLAGS=... + (both in crypto/Makefile.ssl for use by crypto/cversion.c) caused + problems not only on Windows, but also on some Unix platforms. + To avoid problematic command lines, these definitions are now in an + auto-generated file crypto/buildinf.h (created by crypto/Makefile.ssl + for standard "make" builds, by util/mk1mf.pl for "mk1mf" builds). + [Bodo Moeller] + + *) MIPS III/IV assembler module is reimplemented. + [Andy Polyakov] + + *) More DES library cleanups: remove references to srand/rand and + delete an unused file. + [Ulf Möller] + + *) Add support for the the free Netwide assembler (NASM) under Win32, + since not many people have MASM (ml) and it can be hard to obtain. + This is currently experimental but it seems to work OK and pass all + the tests. Check out INSTALL.W32 for info. + [Steve Henson] + + *) Fix memory leaks in s3_clnt.c: All non-anonymous SSL3/TLS1 connections + without temporary keys kept an extra copy of the server key, + and connections with temporary keys did not free everything in case + of an error. + [Bodo Moeller] + + *) New function RSA_check_key and new openssl rsa option -check + for verifying the consistency of RSA keys. + [Ulf Moeller, Bodo Moeller] + + *) Various changes to make Win32 compile work: + 1. Casts to avoid "loss of data" warnings in p5_crpt2.c + 2. Change unsigned int to int in b_dump.c to avoid "signed/unsigned + comparison" warnings. + 3. Add sk__sort to DEF file generator and do make update. + [Steve Henson] + + *) Add a debugging option to PKCS#5 v2 key generation function: when + you #define DEBUG_PKCS5V2 passwords, salts, iteration counts and + derived keys are printed to stderr. + [Steve Henson] + + *) Copy the flags in ASN1_STRING_dup(). + [Roman E. Pavlov ] + + *) The x509 application mishandled signing requests containing DSA + keys when the signing key was also DSA and the parameters didn't match. + + It was supposed to omit the parameters when they matched the signing key: + the verifying software was then supposed to automatically use the CA's + parameters if they were absent from the end user certificate. + + Omitting parameters is no longer recommended. The test was also + the wrong way round! This was probably due to unusual behaviour in + EVP_cmp_parameters() which returns 1 if the parameters match. + This meant that parameters were omitted when they *didn't* match and + the certificate was useless. Certificates signed with 'ca' didn't have + this bug. + [Steve Henson, reported by Doug Erickson ] + + *) Memory leak checking (-DCRYPTO_MDEBUG) had some problems. + The interface is as follows: + Applications can use + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON) aka MemCheck_start(), + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_OFF) aka MemCheck_stop(); + "off" is now the default. + The library internally uses + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE) aka MemCheck_off(), + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE) aka MemCheck_on() + to disable memory-checking temporarily. + + Some inconsistent states that previously were possible (and were + even the default) are now avoided. + + -DCRYPTO_MDEBUG_TIME is new and additionally stores the current time + with each memory chunk allocated; this is occasionally more helpful + than just having a counter. + + -DCRYPTO_MDEBUG_THREAD is also new and adds the thread ID. + + -DCRYPTO_MDEBUG_ALL enables all of the above, plus any future + extensions. + [Bodo Moeller] + + *) Introduce "mode" for SSL structures (with defaults in SSL_CTX), + which largely parallels "options", but is for changing API behaviour, + whereas "options" are about protocol behaviour. + Initial "mode" flags are: + + SSL_MODE_ENABLE_PARTIAL_WRITE Allow SSL_write to report success when + a single record has been written. + SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER Don't insist that SSL_write + retries use the same buffer location. + (But all of the contents must be + copied!) + [Bodo Moeller] + + *) Bugfix: SSL_set_mode ignored its parameter, only SSL_CTX_set_mode + worked. + + *) Fix problems with no-hmac etc. + [Ulf Möller, pointed out by Brian Wellington ] + + *) New functions RSA_get_default_method(), RSA_set_method() and + RSA_get_method(). These allows replacement of RSA_METHODs without having + to mess around with the internals of an RSA structure. + [Steve Henson] + + *) Fix memory leaks in DSA_do_sign and DSA_is_prime. + Also really enable memory leak checks in openssl.c and in some + test programs. + [Chad C. Mulligan, Bodo Moeller] + + *) Fix a bug in d2i_ASN1_INTEGER() and i2d_ASN1_INTEGER() which can mess + up the length of negative integers. This has now been simplified to just + store the length when it is first determined and use it later, rather + than trying to keep track of where data is copied and updating it to + point to the end. + [Steve Henson, reported by Brien Wheeler + ] + + *) Add a new function PKCS7_signatureVerify. This allows the verification + of a PKCS#7 signature but with the signing certificate passed to the + function itself. This contrasts with PKCS7_dataVerify which assumes the + certificate is present in the PKCS#7 structure. This isn't always the + case: certificates can be omitted from a PKCS#7 structure and be + distributed by "out of band" means (such as a certificate database). + [Steve Henson] + + *) Complete the PEM_* macros with DECLARE_PEM versions to replace the + function prototypes in pem.h, also change util/mkdef.pl to add the + necessary function names. + [Steve Henson] + + *) mk1mf.pl (used by Windows builds) did not properly read the + options set by Configure in the top level Makefile, and Configure + was not even able to write more than one option correctly. + Fixed, now "no-idea no-rc5 -DCRYPTO_MDEBUG" etc. works as intended. + [Bodo Moeller] + + *) New functions CONF_load_bio() and CONF_load_fp() to allow a config + file to be loaded from a BIO or FILE pointer. The BIO version will + for example allow memory BIOs to contain config info. + [Steve Henson] + + *) New function "CRYPTO_num_locks" that returns CRYPTO_NUM_LOCKS. + Whoever hopes to achieve shared-library compatibility across versions + must use this, not the compile-time macro. + (Exercise 0.9.4: Which is the minimum library version required by + such programs?) + Note: All this applies only to multi-threaded programs, others don't + need locks. + [Bodo Moeller] + + *) Add missing case to s3_clnt.c state machine -- one of the new SSL tests + through a BIO pair triggered the default case, i.e. + SSLerr(...,SSL_R_UNKNOWN_STATE). + [Bodo Moeller] + + *) New "BIO pair" concept (crypto/bio/bss_bio.c) so that applications + can use the SSL library even if none of the specific BIOs is + appropriate. + [Bodo Moeller] + + *) Fix a bug in i2d_DSAPublicKey() which meant it returned the wrong value + for the encoded length. + [Jeon KyoungHo ] + + *) Add initial documentation of the X509V3 functions. + [Steve Henson] + + *) Add a new pair of functions PEM_write_PKCS8PrivateKey() and + PEM_write_bio_PKCS8PrivateKey() that are equivalent to + PEM_write_PrivateKey() and PEM_write_bio_PrivateKey() but use the more + secure PKCS#8 private key format with a high iteration count. + [Steve Henson] + + *) Fix determination of Perl interpreter: A perl or perl5 + _directory_ in $PATH was also accepted as the interpreter. + [Ralf S. Engelschall] + + *) Fix demos/sign/sign.c: well there wasn't anything strictly speaking + wrong with it but it was very old and did things like calling + PEM_ASN1_read() directly and used MD5 for the hash not to mention some + unusual formatting. + [Steve Henson] + + *) Fix demos/selfsign.c: it used obsolete and deleted functions, changed + to use the new extension code. + [Steve Henson] + + *) Implement the PEM_read/PEM_write functions in crypto/pem/pem_all.c + with macros. This should make it easier to change their form, add extra + arguments etc. Fix a few PEM prototypes which didn't have cipher as a + constant. + [Steve Henson] + + *) Add to configuration table a new entry that can specify an alternative + name for unistd.h (for pre-POSIX systems); we need this for NeXTstep, + according to Mark Crispin . + [Bodo Moeller] + +#if 0 + *) DES CBC did not update the IV. Weird. + [Ben Laurie] +#else + des_cbc_encrypt does not update the IV, but des_ncbc_encrypt does. + Changing the behaviour of the former might break existing programs -- + where IV updating is needed, des_ncbc_encrypt can be used. +#endif + + *) When bntest is run from "make test" it drives bc to check its + calculations, as well as internally checking them. If an internal check + fails, it needs to cause bc to give a non-zero result or make test carries + on without noticing the failure. Fixed. + [Ben Laurie] + + *) DES library cleanups. + [Ulf Möller] + + *) Add support for PKCS#5 v2.0 PBE algorithms. This will permit PKCS#8 to be + used with any cipher unlike PKCS#5 v1.5 which can at most handle 64 bit + ciphers. NOTE: although the key derivation function has been verified + against some published test vectors it has not been extensively tested + yet. Added a -v2 "cipher" option to pkcs8 application to allow the use + of v2.0. + [Steve Henson] + + *) Instead of "mkdir -p", which is not fully portable, use new + Perl script "util/mkdir-p.pl". + [Bodo Moeller] + + *) Rewrite the way password based encryption (PBE) is handled. It used to + assume that the ASN1 AlgorithmIdentifier parameter was a PBEParameter + structure. This was true for the PKCS#5 v1.5 and PKCS#12 PBE algorithms + but doesn't apply to PKCS#5 v2.0 where it can be something else. Now + the 'parameter' field of the AlgorithmIdentifier is passed to the + underlying key generation function so it must do its own ASN1 parsing. + This has also changed the EVP_PBE_CipherInit() function which now has a + 'parameter' argument instead of literal salt and iteration count values + and the function EVP_PBE_ALGOR_CipherInit() has been deleted. + [Steve Henson] + + *) Support for PKCS#5 v1.5 compatible password based encryption algorithms + and PKCS#8 functionality. New 'pkcs8' application linked to openssl. + Needed to change the PEM_STRING_EVP_PKEY value which was just "PRIVATE + KEY" because this clashed with PKCS#8 unencrypted string. Since this + value was just used as a "magic string" and not used directly its + value doesn't matter. + [Steve Henson] + + *) Introduce some semblance of const correctness to BN. Shame C doesn't + support mutable. + [Ben Laurie] + + *) "linux-sparc64" configuration (ultrapenguin). + [Ray Miller ] + "linux-sparc" configuration. + [Christian Forster ] + + *) config now generates no-xxx options for missing ciphers. + [Ulf Möller] + + *) Support the EBCDIC character set (work in progress). + File ebcdic.c not yet included because it has a different license. + [Martin Kraemer ] + + *) Support BS2000/OSD-POSIX. + [Martin Kraemer ] + + *) Make callbacks for key generation use void * instead of char *. + [Ben Laurie] + + *) Make S/MIME samples compile (not yet tested). + [Ben Laurie] + + *) Additional typesafe stacks. + [Ben Laurie] + + *) New configuration variants "bsdi-elf-gcc" (BSD/OS 4.x). + [Bodo Moeller] + + + Changes between 0.9.3 and 0.9.3a [29 May 1999] + + *) New configuration variant "sco5-gcc". + + *) Updated some demos. + [Sean O Riordain, Wade Scholine] + + *) Add missing BIO_free at exit of pkcs12 application. + [Wu Zhigang] + + *) Fix memory leak in conf.c. + [Steve Henson] + + *) Updates for Win32 to assembler version of MD5. + [Steve Henson] + + *) Set #! path to perl in apps/der_chop to where we found it + instead of using a fixed path. + [Bodo Moeller] + + *) SHA library changes for irix64-mips4-cc. + [Andy Polyakov] + + *) Improvements for VMS support. + [Richard Levitte] + + + Changes between 0.9.2b and 0.9.3 [24 May 1999] + + *) Bignum library bug fix. IRIX 6 passes "make test" now! + This also avoids the problems with SC4.2 and unpatched SC5. + [Andy Polyakov ] + + *) New functions sk_num, sk_value and sk_set to replace the previous macros. + These are required because of the typesafe stack would otherwise break + existing code. If old code used a structure member which used to be STACK + and is now STACK_OF (for example cert in a PKCS7_SIGNED structure) with + sk_num or sk_value it would produce an error because the num, data members + are not present in STACK_OF. Now it just produces a warning. sk_set + replaces the old method of assigning a value to sk_value + (e.g. sk_value(x, i) = y) which the library used in a few cases. Any code + that does this will no longer work (and should use sk_set instead) but + this could be regarded as a "questionable" behaviour anyway. + [Steve Henson] + + *) Fix most of the other PKCS#7 bugs. The "experimental" code can now + correctly handle encrypted S/MIME data. + [Steve Henson] + + *) Change type of various DES function arguments from des_cblock + (which means, in function argument declarations, pointer to char) + to des_cblock * (meaning pointer to array with 8 char elements), + which allows the compiler to do more typechecking; it was like + that back in SSLeay, but with lots of ugly casts. + + Introduce new type const_des_cblock. + [Bodo Moeller] + + *) Reorganise the PKCS#7 library and get rid of some of the more obvious + problems: find RecipientInfo structure that matches recipient certificate + and initialise the ASN1 structures properly based on passed cipher. + [Steve Henson] + + *) Belatedly make the BN tests actually check the results. + [Ben Laurie] + + *) Fix the encoding and decoding of negative ASN1 INTEGERS and conversion + to and from BNs: it was completely broken. New compilation option + NEG_PUBKEY_BUG to allow for some broken certificates that encode public + key elements as negative integers. + [Steve Henson] + + *) Reorganize and speed up MD5. + [Andy Polyakov ] + + *) VMS support. + [Richard Levitte ] + + *) New option -out to asn1parse to allow the parsed structure to be + output to a file. This is most useful when combined with the -strparse + option to examine the output of things like OCTET STRINGS. + [Steve Henson] + + *) Make SSL library a little more fool-proof by not requiring any longer + that SSL_set_{accept,connect}_state be called before + SSL_{accept,connect} may be used (SSL_set_..._state is omitted + in many applications because usually everything *appeared* to work as + intended anyway -- now it really works as intended). + [Bodo Moeller] + + *) Move openssl.cnf out of lib/. + [Ulf Möller] + + *) Fix various things to let OpenSSL even pass ``egcc -pipe -O2 -Wall + -Wshadow -Wpointer-arith -Wcast-align -Wmissing-prototypes + -Wmissing-declarations -Wnested-externs -Winline'' with EGCS 1.1.2+ + [Ralf S. Engelschall] + + *) Various fixes to the EVP and PKCS#7 code. It may now be able to + handle PKCS#7 enveloped data properly. + [Sebastian Akerman , modified by Steve] + + *) Create a duplicate of the SSL_CTX's CERT in SSL_new instead of + copying pointers. The cert_st handling is changed by this in + various ways (and thus what used to be known as ctx->default_cert + is now called ctx->cert, since we don't resort to s->ctx->[default_]cert + any longer when s->cert does not give us what we need). + ssl_cert_instantiate becomes obsolete by this change. + As soon as we've got the new code right (possibly it already is?), + we have solved a couple of bugs of the earlier code where s->cert + was used as if it could not have been shared with other SSL structures. + + Note that using the SSL API in certain dirty ways now will result + in different behaviour than observed with earlier library versions: + Changing settings for an SSL_CTX *ctx after having done s = SSL_new(ctx) + does not influence s as it used to. + + In order to clean up things more thoroughly, inside SSL_SESSION + we don't use CERT any longer, but a new structure SESS_CERT + that holds per-session data (if available); currently, this is + the peer's certificate chain and, for clients, the server's certificate + and temporary key. CERT holds only those values that can have + meaningful defaults in an SSL_CTX. + [Bodo Moeller] + + *) New function X509V3_EXT_i2d() to create an X509_EXTENSION structure + from the internal representation. Various PKCS#7 fixes: remove some + evil casts and set the enc_dig_alg field properly based on the signing + key type. + [Steve Henson] + + *) Allow PKCS#12 password to be set from the command line or the + environment. Let 'ca' get its config file name from the environment + variables "OPENSSL_CONF" or "SSLEAY_CONF" (for consistency with 'req' + and 'x509'). + [Steve Henson] + + *) Allow certificate policies extension to use an IA5STRING for the + organization field. This is contrary to the PKIX definition but + VeriSign uses it and IE5 only recognises this form. Document 'x509' + extension option. + [Steve Henson] + + *) Add PEDANTIC compiler flag to allow compilation with gcc -pedantic, + without disallowing inline assembler and the like for non-pedantic builds. + [Ben Laurie] + + *) Support Borland C++ builder. + [Janez Jere , modified by Ulf Möller] + + *) Support Mingw32. + [Ulf Möller] + + *) SHA-1 cleanups and performance enhancements. + [Andy Polyakov ] + + *) Sparc v8plus assembler for the bignum library. + [Andy Polyakov ] + + *) Accept any -xxx and +xxx compiler options in Configure. + [Ulf Möller] + + *) Update HPUX configuration. + [Anonymous] + + *) Add missing sk__unshift() function to safestack.h + [Ralf S. Engelschall] + + *) New function SSL_CTX_use_certificate_chain_file that sets the + "extra_cert"s in addition to the certificate. (This makes sense + only for "PEM" format files, as chains as a whole are not + DER-encoded.) + [Bodo Moeller] + + *) Support verify_depth from the SSL API. + x509_vfy.c had what can be considered an off-by-one-error: + Its depth (which was not part of the external interface) + was actually counting the number of certificates in a chain; + now it really counts the depth. + [Bodo Moeller] + + *) Bugfix in crypto/x509/x509_cmp.c: The SSLerr macro was used + instead of X509err, which often resulted in confusing error + messages since the error codes are not globally unique + (e.g. an alleged error in ssl3_accept when a certificate + didn't match the private key). + + *) New function SSL_CTX_set_session_id_context that allows to set a default + value (so that you don't need SSL_set_session_id_context for each + connection using the SSL_CTX). + [Bodo Moeller] + + *) OAEP decoding bug fix. + [Ulf Möller] + + *) Support INSTALL_PREFIX for package builders, as proposed by + David Harris. + [Bodo Moeller] + + *) New Configure options "threads" and "no-threads". For systems + where the proper compiler options are known (currently Solaris + and Linux), "threads" is the default. + [Bodo Moeller] + + *) New script util/mklink.pl as a faster substitute for util/mklink.sh. + [Bodo Moeller] + + *) Install various scripts to $(OPENSSLDIR)/misc, not to + $(INSTALLTOP)/bin -- they shouldn't clutter directories + such as /usr/local/bin. + [Bodo Moeller] + + *) "make linux-shared" to build shared libraries. + [Niels Poppe ] + + *) New Configure option no- (rsa, idea, rc5, ...). + [Ulf Möller] + + *) Add the PKCS#12 API documentation to openssl.txt. Preliminary support for + extension adding in x509 utility. + [Steve Henson] + + *) Remove NOPROTO sections and error code comments. + [Ulf Möller] + + *) Partial rewrite of the DEF file generator to now parse the ANSI + prototypes. + [Steve Henson] + + *) New Configure options --prefix=DIR and --openssldir=DIR. + [Ulf Möller] + + *) Complete rewrite of the error code script(s). It is all now handled + by one script at the top level which handles error code gathering, + header rewriting and C source file generation. It should be much better + than the old method: it now uses a modified version of Ulf's parser to + read the ANSI prototypes in all header files (thus the old K&R definitions + aren't needed for error creation any more) and do a better job of + translating function codes into names. The old 'ASN1 error code imbedded + in a comment' is no longer necessary and it doesn't use .err files which + have now been deleted. Also the error code call doesn't have to appear all + on one line (which resulted in some large lines...). + [Steve Henson] + + *) Change #include filenames from to . + [Bodo Moeller] + + *) Change behaviour of ssl2_read when facing length-0 packets: Don't return + 0 (which usually indicates a closed connection), but continue reading. + [Bodo Moeller] + + *) Fix some race conditions. + [Bodo Moeller] + + *) Add support for CRL distribution points extension. Add Certificate + Policies and CRL distribution points documentation. + [Steve Henson] + + *) Move the autogenerated header file parts to crypto/opensslconf.h. + [Ulf Möller] + + *) Fix new 56-bit DES export ciphersuites: they were using 7 bytes instead of + 8 of keying material. Merlin has also confirmed interop with this fix + between OpenSSL and Baltimore C/SSL 2.0 and J/SSL 2.0. + [Merlin Hughes ] + + *) Fix lots of warnings. + [Richard Levitte ] + + *) In add_cert_dir() in crypto/x509/by_dir.c, break out of the loop if + the directory spec didn't end with a LIST_SEPARATOR_CHAR. + [Richard Levitte ] + + *) Fix problems with sizeof(long) == 8. + [Andy Polyakov ] + + *) Change functions to ANSI C. + [Ulf Möller] + + *) Fix typos in error codes. + [Martin Kraemer , Ulf Möller] + + *) Remove defunct assembler files from Configure. + [Ulf Möller] + + *) SPARC v8 assembler BIGNUM implementation. + [Andy Polyakov ] + + *) Support for Certificate Policies extension: both print and set. + Various additions to support the r2i method this uses. + [Steve Henson] + + *) A lot of constification, and fix a bug in X509_NAME_oneline() that could + return a const string when you are expecting an allocated buffer. + [Ben Laurie] + + *) Add support for ASN1 types UTF8String and VISIBLESTRING, also the CHOICE + types DirectoryString and DisplayText. + [Steve Henson] + + *) Add code to allow r2i extensions to access the configuration database, + add an LHASH database driver and add several ctx helper functions. + [Steve Henson] + + *) Fix an evil bug in bn_expand2() which caused various BN functions to + fail when they extended the size of a BIGNUM. + [Steve Henson] + + *) Various utility functions to handle SXNet extension. Modify mkdef.pl to + support typesafe stack. + [Steve Henson] + + *) Fix typo in SSL_[gs]et_options(). + [Nils Frostberg ] + + *) Delete various functions and files that belonged to the (now obsolete) + old X509V3 handling code. + [Steve Henson] + + *) New Configure option "rsaref". + [Ulf Möller] + + *) Don't auto-generate pem.h. + [Bodo Moeller] + + *) Introduce type-safe ASN.1 SETs. + [Ben Laurie] + + *) Convert various additional casted stacks to type-safe STACK_OF() variants. + [Ben Laurie, Ralf S. Engelschall, Steve Henson] + + *) Introduce type-safe STACKs. This will almost certainly break lots of code + that links with OpenSSL (well at least cause lots of warnings), but fear + not: the conversion is trivial, and it eliminates loads of evil casts. A + few STACKed things have been converted already. Feel free to convert more. + In the fullness of time, I'll do away with the STACK type altogether. + [Ben Laurie] + + *) Add `openssl ca -revoke ' facility which revokes a certificate + specified in by updating the entry in the index.txt file. + This way one no longer has to edit the index.txt file manually for + revoking a certificate. The -revoke option does the gory details now. + [Massimiliano Pala , Ralf S. Engelschall] + + *) Fix `openssl crl -noout -text' combination where `-noout' killed the + `-text' option at all and this way the `-noout -text' combination was + inconsistent in `openssl crl' with the friends in `openssl x509|rsa|dsa'. + [Ralf S. Engelschall] + + *) Make sure a corresponding plain text error message exists for the + X509_V_ERR_CERT_REVOKED/23 error number which can occur when a + verify callback function determined that a certificate was revoked. + [Ralf S. Engelschall] + + *) Bugfix: In test/testenc, don't test "openssl " for + ciphers that were excluded, e.g. by -DNO_IDEA. Also, test + all available cipers including rc5, which was forgotten until now. + In order to let the testing shell script know which algorithms + are available, a new (up to now undocumented) command + "openssl list-cipher-commands" is used. + [Bodo Moeller] + + *) Bugfix: s_client occasionally would sleep in select() when + it should have checked SSL_pending() first. + [Bodo Moeller] + + *) New functions DSA_do_sign and DSA_do_verify to provide access to + the raw DSA values prior to ASN.1 encoding. + [Ulf Möller] + + *) Tweaks to Configure + [Niels Poppe ] + + *) Add support for PKCS#5 v2.0 ASN1 PBES2 structures. No other support, + yet... + [Steve Henson] + + *) New variables $(RANLIB) and $(PERL) in the Makefiles. + [Ulf Möller] + + *) New config option to avoid instructions that are illegal on the 80386. + The default code is faster, but requires at least a 486. + [Ulf Möller] + + *) Got rid of old SSL2_CLIENT_VERSION (inconsistently used) and + SSL2_SERVER_VERSION (not used at all) macros, which are now the + same as SSL2_VERSION anyway. + [Bodo Moeller] + + *) New "-showcerts" option for s_client. + [Bodo Moeller] + + *) Still more PKCS#12 integration. Add pkcs12 application to openssl + application. Various cleanups and fixes. + [Steve Henson] + + *) More PKCS#12 integration. Add new pkcs12 directory with Makefile.ssl and + modify error routines to work internally. Add error codes and PBE init + to library startup routines. + [Steve Henson] + + *) Further PKCS#12 integration. Added password based encryption, PKCS#8 and + packing functions to asn1 and evp. Changed function names and error + codes along the way. + [Steve Henson] + + *) PKCS12 integration: and so it begins... First of several patches to + slowly integrate PKCS#12 functionality into OpenSSL. Add PKCS#12 + objects to objects.h + [Steve Henson] + + *) Add a new 'indent' option to some X509V3 extension code. Initial ASN1 + and display support for Thawte strong extranet extension. + [Steve Henson] + + *) Add LinuxPPC support. + [Jeff Dubrule ] + + *) Get rid of redundant BN file bn_mulw.c, and rename bn_div64 to + bn_div_words in alpha.s. + [Hannes Reinecke and Ben Laurie] + + *) Make sure the RSA OAEP test is skipped under -DRSAref because + OAEP isn't supported when OpenSSL is built with RSAref. + [Ulf Moeller ] + + *) Move definitions of IS_SET/IS_SEQUENCE inside crypto/asn1/asn1.h + so they no longer are missing under -DNOPROTO. + [Soren S. Jorvang ] + + + Changes between 0.9.1c and 0.9.2b [22 Mar 1999] + + *) Make SSL_get_peer_cert_chain() work in servers. Unfortunately, it still + doesn't work when the session is reused. Coming soon! + [Ben Laurie] + + *) Fix a security hole, that allows sessions to be reused in the wrong + context thus bypassing client cert protection! All software that uses + client certs and session caches in multiple contexts NEEDS PATCHING to + allow session reuse! A fuller solution is in the works. + [Ben Laurie, problem pointed out by Holger Reif, Bodo Moeller (and ???)] + + *) Some more source tree cleanups (removed obsolete files + crypto/bf/asm/bf586.pl, test/test.txt and crypto/sha/asm/f.s; changed + permission on "config" script to be executable) and a fix for the INSTALL + document. + [Ulf Moeller ] + + *) Remove some legacy and erroneous uses of malloc, free instead of + Malloc, Free. + [Lennart Bang , with minor changes by Steve] + + *) Make rsa_oaep_test return non-zero on error. + [Ulf Moeller ] + + *) Add support for native Solaris shared libraries. Configure + solaris-sparc-sc4-pic, make, then run shlib/solaris-sc4.sh. It'd be nice + if someone would make that last step automatic. + [Matthias Loepfe ] + + *) ctx_size was not built with the right compiler during "make links". Fixed. + [Ben Laurie] + + *) Change the meaning of 'ALL' in the cipher list. It now means "everything + except NULL ciphers". This means the default cipher list will no longer + enable NULL ciphers. They need to be specifically enabled e.g. with + the string "DEFAULT:eNULL". + [Steve Henson] + + *) Fix to RSA private encryption routines: if p < q then it would + occasionally produce an invalid result. This will only happen with + externally generated keys because OpenSSL (and SSLeay) ensure p > q. + [Steve Henson] + + *) Be less restrictive and allow also `perl util/perlpath.pl + /path/to/bin/perl' in addition to `perl util/perlpath.pl /path/to/bin', + because this way one can also use an interpreter named `perl5' (which is + usually the name of Perl 5.xxx on platforms where an Perl 4.x is still + installed as `perl'). + [Matthias Loepfe ] + + *) Let util/clean-depend.pl work also with older Perl 5.00x versions. + [Matthias Loepfe ] + + *) Fix Makefile.org so CC,CFLAG etc are passed to 'make links' add + advapi32.lib to Win32 build and change the pem test comparision + to fc.exe (thanks to Ulrich Kroener for the + suggestion). Fix misplaced ASNI prototypes and declarations in evp.h + and crypto/des/ede_cbcm_enc.c. + [Steve Henson] + + *) DES quad checksum was broken on big-endian architectures. Fixed. + [Ben Laurie] + + *) Comment out two functions in bio.h that aren't implemented. Fix up the + Win32 test batch file so it (might) work again. The Win32 test batch file + is horrible: I feel ill.... + [Steve Henson] + + *) Move various #ifdefs around so NO_SYSLOG, NO_DIRENT etc are now selected + in e_os.h. Audit of header files to check ANSI and non ANSI + sections: 10 functions were absent from non ANSI section and not exported + from Windows DLLs. Fixed up libeay.num for new functions. + [Steve Henson] + + *) Make `openssl version' output lines consistent. + [Ralf S. Engelschall] + + *) Fix Win32 symbol export lists for BIO functions: Added + BIO_get_ex_new_index, BIO_get_ex_num, BIO_get_ex_data and BIO_set_ex_data + to ms/libeay{16,32}.def. + [Ralf S. Engelschall] + + *) Second round of fixing the OpenSSL perl/ stuff. It now at least compiled + fine under Unix and passes some trivial tests I've now added. But the + whole stuff is horribly incomplete, so a README.1ST with a disclaimer was + added to make sure no one expects that this stuff really works in the + OpenSSL 0.9.2 release. Additionally I've started to clean the XS sources + up and fixed a few little bugs and inconsistencies in OpenSSL.{pm,xs} and + openssl_bio.xs. + [Ralf S. Engelschall] + + *) Fix the generation of two part addresses in perl. + [Kenji Miyake , integrated by Ben Laurie] + + *) Add config entry for Linux on MIPS. + [John Tobey ] + + *) Make links whenever Configure is run, unless we are on Windoze. + [Ben Laurie] + + *) Permit extensions to be added to CRLs using crl_section in openssl.cnf. + Currently only issuerAltName and AuthorityKeyIdentifier make any sense + in CRLs. + [Steve Henson] + + *) Add a useful kludge to allow package maintainers to specify compiler and + other platforms details on the command line without having to patch the + Configure script everytime: One now can use ``perl Configure + :
'', i.e. platform ids are allowed to have details appended + to them (seperated by colons). This is treated as there would be a static + pre-configured entry in Configure's %table under key with value +
and ``perl Configure '' is called. So, when you want to + perform a quick test-compile under FreeBSD 3.1 with pgcc and without + assembler stuff you can use ``perl Configure "FreeBSD-elf:pgcc:-O6:::"'' + now, which overrides the FreeBSD-elf entry on-the-fly. + [Ralf S. Engelschall] + + *) Disable new TLS1 ciphersuites by default: they aren't official yet. + [Ben Laurie] + + *) Allow DSO flags like -fpic, -fPIC, -KPIC etc. to be specified + on the `perl Configure ...' command line. This way one can compile + OpenSSL libraries with Position Independent Code (PIC) which is needed + for linking it into DSOs. + [Ralf S. Engelschall] + + *) Remarkably, export ciphers were totally broken and no-one had noticed! + Fixed. + [Ben Laurie] + + *) Cleaned up the LICENSE document: The official contact for any license + questions now is the OpenSSL core team under openssl-core@openssl.org. + And add a paragraph about the dual-license situation to make sure people + recognize that _BOTH_ the OpenSSL license _AND_ the SSLeay license apply + to the OpenSSL toolkit. + [Ralf S. Engelschall] + + *) General source tree makefile cleanups: Made `making xxx in yyy...' + display consistent in the source tree and replaced `/bin/rm' by `rm'. + Additonally cleaned up the `make links' target: Remove unnecessary + semicolons, subsequent redundant removes, inline point.sh into mklink.sh + to speed processing and no longer clutter the display with confusing + stuff. Instead only the actually done links are displayed. + [Ralf S. Engelschall] + + *) Permit null encryption ciphersuites, used for authentication only. It used + to be necessary to set the preprocessor define SSL_ALLOW_ENULL to do this. + It is now necessary to set SSL_FORBID_ENULL to prevent the use of null + encryption. + [Ben Laurie] + + *) Add a bunch of fixes to the PKCS#7 stuff. It used to sometimes reorder + signed attributes when verifying signatures (this would break them), + the detached data encoding was wrong and public keys obtained using + X509_get_pubkey() weren't freed. + [Steve Henson] + + *) Add text documentation for the BUFFER functions. Also added a work around + to a Win95 console bug. This was triggered by the password read stuff: the + last character typed gets carried over to the next fread(). If you were + generating a new cert request using 'req' for example then the last + character of the passphrase would be CR which would then enter the first + field as blank. + [Steve Henson] + + *) Added the new `Includes OpenSSL Cryptography Software' button as + doc/openssl_button.{gif,html} which is similar in style to the old SSLeay + button and can be used by applications based on OpenSSL to show the + relationship to the OpenSSL project. + [Ralf S. Engelschall] + + *) Remove confusing variables in function signatures in files + ssl/ssl_lib.c and ssl/ssl.h. + [Lennart Bong ] + + *) Don't install bss_file.c under PREFIX/include/ + [Lennart Bong ] + + *) Get the Win32 compile working again. Modify mkdef.pl so it can handle + functions that return function pointers and has support for NT specific + stuff. Fix mk1mf.pl and VC-32.pl to support NT differences also. Various + #ifdef WIN32 and WINNTs sprinkled about the place and some changes from + unsigned to signed types: this was killing the Win32 compile. + [Steve Henson] + + *) Add new certificate file to stack functions, + SSL_add_dir_cert_subjects_to_stack() and + SSL_add_file_cert_subjects_to_stack(). These largely supplant + SSL_load_client_CA_file(), and can be used to add multiple certs easily + to a stack (usually this is then handed to SSL_CTX_set_client_CA_list()). + This means that Apache-SSL and similar packages don't have to mess around + to add as many CAs as they want to the preferred list. + [Ben Laurie] + + *) Experiment with doxygen documentation. Currently only partially applied to + ssl/ssl_lib.c. + See http://www.stack.nl/~dimitri/doxygen/index.html, and run doxygen with + openssl.doxy as the configuration file. + [Ben Laurie] + + *) Get rid of remaining C++-style comments which strict C compilers hate. + [Ralf S. Engelschall, pointed out by Carlos Amengual] + + *) Changed BN_RECURSION in bn_mont.c to BN_RECURSION_MONT so it is not + compiled in by default: it has problems with large keys. + [Steve Henson] + + *) Add a bunch of SSL_xxx() functions for configuring the temporary RSA and + DH private keys and/or callback functions which directly correspond to + their SSL_CTX_xxx() counterparts but work on a per-connection basis. This + is needed for applications which have to configure certificates on a + per-connection basis (e.g. Apache+mod_ssl) instead of a per-context basis + (e.g. s_server). + For the RSA certificate situation is makes no difference, but + for the DSA certificate situation this fixes the "no shared cipher" + problem where the OpenSSL cipher selection procedure failed because the + temporary keys were not overtaken from the context and the API provided + no way to reconfigure them. + The new functions now let applications reconfigure the stuff and they + are in detail: SSL_need_tmp_RSA, SSL_set_tmp_rsa, SSL_set_tmp_dh, + SSL_set_tmp_rsa_callback and SSL_set_tmp_dh_callback. Additionally a new + non-public-API function ssl_cert_instantiate() is used as a helper + function and also to reduce code redundancy inside ssl_rsa.c. + [Ralf S. Engelschall] + + *) Move s_server -dcert and -dkey options out of the undocumented feature + area because they are useful for the DSA situation and should be + recognized by the users. + [Ralf S. Engelschall] + + *) Fix the cipher decision scheme for export ciphers: the export bits are + *not* within SSL_MKEY_MASK or SSL_AUTH_MASK, they are within + SSL_EXP_MASK. So, the original variable has to be used instead of the + already masked variable. + [Richard Levitte ] + + *) Fix 'port' variable from `int' to `unsigned int' in crypto/bio/b_sock.c + [Richard Levitte ] + + *) Change type of another md_len variable in pk7_doit.c:PKCS7_dataFinal() + from `int' to `unsigned int' because it's a length and initialized by + EVP_DigestFinal() which expects an `unsigned int *'. + [Richard Levitte ] + + *) Don't hard-code path to Perl interpreter on shebang line of Configure + script. Instead use the usual Shell->Perl transition trick. + [Ralf S. Engelschall] + + *) Make `openssl x509 -noout -modulus' functional also for DSA certificates + (in addition to RSA certificates) to match the behaviour of `openssl dsa + -noout -modulus' as it's already the case for `openssl rsa -noout + -modulus'. For RSA the -modulus is the real "modulus" while for DSA + currently the public key is printed (a decision which was already done by + `openssl dsa -modulus' in the past) which serves a similar purpose. + Additionally the NO_RSA no longer completely removes the whole -modulus + option; it now only avoids using the RSA stuff. Same applies to NO_DSA + now, too. + [Ralf S. Engelschall] + + *) Add Arne Ansper's reliable BIO - this is an encrypted, block-digested + BIO. See the source (crypto/evp/bio_ok.c) for more info. + [Arne Ansper ] + + *) Dump the old yucky req code that tried (and failed) to allow raw OIDs + to be added. Now both 'req' and 'ca' can use new objects defined in the + config file. + [Steve Henson] + + *) Add cool BIO that does syslog (or event log on NT). + [Arne Ansper , integrated by Ben Laurie] + + *) Add support for new TLS ciphersuites, TLS_RSA_EXPORT56_WITH_RC4_56_MD5, + TLS_RSA_EXPORT56_WITH_RC2_CBC_56_MD5 and + TLS_RSA_EXPORT56_WITH_DES_CBC_SHA, as specified in "56-bit Export Cipher + Suites For TLS", draft-ietf-tls-56-bit-ciphersuites-00.txt. + [Ben Laurie] + + *) Add preliminary config info for new extension code. + [Steve Henson] + + *) Make RSA_NO_PADDING really use no padding. + [Ulf Moeller ] + + *) Generate errors when private/public key check is done. + [Ben Laurie] + + *) Overhaul for 'crl' utility. New function X509_CRL_print. Partial support + for some CRL extensions and new objects added. + [Steve Henson] + + *) Really fix the ASN1 IMPLICIT bug this time... Partial support for private + key usage extension and fuller support for authority key id. + [Steve Henson] + + *) Add OAEP encryption for the OpenSSL crypto library. OAEP is the improved + padding method for RSA, which is recommended for new applications in PKCS + #1 v2.0 (RFC 2437, October 1998). + OAEP (Optimal Asymmetric Encryption Padding) has better theoretical + foundations than the ad-hoc padding used in PKCS #1 v1.5. It is secure + against Bleichbacher's attack on RSA. + [Ulf Moeller , reformatted, corrected and integrated by + Ben Laurie] + + *) Updates to the new SSL compression code + [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)] + + *) Fix so that the version number in the master secret, when passed + via RSA, checks that if TLS was proposed, but we roll back to SSLv3 + (because the server will not accept higher), that the version number + is 0x03,0x01, not 0x03,0x00 + [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)] + + *) Run extensive memory leak checks on SSL apps. Fixed *lots* of memory + leaks in ssl/ relating to new X509_get_pubkey() behaviour. Also fixes + in apps/ and an unrelated leak in crypto/dsa/dsa_vrf.c + [Steve Henson] + + *) Support for RAW extensions where an arbitrary extension can be + created by including its DER encoding. See apps/openssl.cnf for + an example. + [Steve Henson] + + *) Make sure latest Perl versions don't interpret some generated C array + code as Perl array code in the crypto/err/err_genc.pl script. + [Lars Weber <3weber@informatik.uni-hamburg.de>] + + *) Modify ms/do_ms.bat to not generate assembly language makefiles since + not many people have the assembler. Various Win32 compilation fixes and + update to the INSTALL.W32 file with (hopefully) more accurate Win32 + build instructions. + [Steve Henson] + + *) Modify configure script 'Configure' to automatically create crypto/date.h + file under Win32 and also build pem.h from pem.org. New script + util/mkfiles.pl to create the MINFO file on environments that can't do a + 'make files': perl util/mkfiles.pl >MINFO should work. + [Steve Henson] + + *) Major rework of DES function declarations, in the pursuit of correctness + and purity. As a result, many evil casts evaporated, and some weirdness, + too. You may find this causes warnings in your code. Zapping your evil + casts will probably fix them. Mostly. + [Ben Laurie] + + *) Fix for a typo in asn1.h. Bug fix to object creation script + obj_dat.pl. It considered a zero in an object definition to mean + "end of object": none of the objects in objects.h have any zeros + so it wasn't spotted. + [Steve Henson, reported by Erwann ABALEA ] + + *) Add support for Triple DES Cipher Block Chaining with Output Feedback + Masking (CBCM). In the absence of test vectors, the best I have been able + to do is check that the decrypt undoes the encrypt, so far. Send me test + vectors if you have them. + [Ben Laurie] + + *) Correct calculation of key length for export ciphers (too much space was + allocated for null ciphers). This has not been tested! + [Ben Laurie] + + *) Modifications to the mkdef.pl for Win32 DEF file creation. The usage + message is now correct (it understands "crypto" and "ssl" on its + command line). There is also now an "update" option. This will update + the util/ssleay.num and util/libeay.num files with any new functions. + If you do a: + perl util/mkdef.pl crypto ssl update + it will update them. + [Steve Henson] + + *) Overhauled the Perl interface (perl/*): + - ported BN stuff to OpenSSL's different BN library + - made the perl/ source tree CVS-aware + - renamed the package from SSLeay to OpenSSL (the files still contain + their history because I've copied them in the repository) + - removed obsolete files (the test scripts will be replaced + by better Test::Harness variants in the future) + [Ralf S. Engelschall] + + *) First cut for a very conservative source tree cleanup: + 1. merge various obsolete readme texts into doc/ssleay.txt + where we collect the old documents and readme texts. + 2. remove the first part of files where I'm already sure that we no + longer need them because of three reasons: either they are just temporary + files which were left by Eric or they are preserved original files where + I've verified that the diff is also available in the CVS via "cvs diff + -rSSLeay_0_8_1b" or they were renamed (as it was definitely the case for + the crypto/md/ stuff). + [Ralf S. Engelschall] + + *) More extension code. Incomplete support for subject and issuer alt + name, issuer and authority key id. Change the i2v function parameters + and add an extra 'crl' parameter in the X509V3_CTX structure: guess + what that's for :-) Fix to ASN1 macro which messed up + IMPLICIT tag and add f_enum.c which adds a2i, i2a for ENUMERATED. + [Steve Henson] + + *) Preliminary support for ENUMERATED type. This is largely copied from the + INTEGER code. + [Steve Henson] + + *) Add new function, EVP_MD_CTX_copy() to replace frequent use of memcpy. + [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)] + + *) Make sure `make rehash' target really finds the `openssl' program. + [Ralf S. Engelschall, Matthias Loepfe ] + + *) Squeeze another 7% of speed out of MD5 assembler, at least on a P2. I'd + like to hear about it if this slows down other processors. + [Ben Laurie] + + *) Add CygWin32 platform information to Configure script. + [Alan Batie ] + + *) Fixed ms/32all.bat script: `no_asm' -> `no-asm' + [Rainer W. Gerling ] + + *) New program nseq to manipulate netscape certificate sequences + [Steve Henson] + + *) Modify crl2pkcs7 so it supports multiple -certfile arguments. Fix a + few typos. + [Steve Henson] + + *) Fixes to BN code. Previously the default was to define BN_RECURSION + but the BN code had some problems that would cause failures when + doing certificate verification and some other functions. + [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)] + + *) Add ASN1 and PEM code to support netscape certificate sequences. + [Steve Henson] + + *) Add ASN1 and PEM code to support netscape certificate sequences. + [Steve Henson] + + *) Add several PKIX and private extended key usage OIDs. + [Steve Henson] + + *) Modify the 'ca' program to handle the new extension code. Modify + openssl.cnf for new extension format, add comments. + [Steve Henson] + + *) More X509 V3 changes. Fix typo in v3_bitstr.c. Add support to 'req' + and add a sample to openssl.cnf so req -x509 now adds appropriate + CA extensions. + [Steve Henson] + + *) Continued X509 V3 changes. Add to other makefiles, integrate with the + error code, add initial support to X509_print() and x509 application. + [Steve Henson] + + *) Takes a deep breath and start addding X509 V3 extension support code. Add + files in crypto/x509v3. Move original stuff to crypto/x509v3/old. All this + stuff is currently isolated and isn't even compiled yet. + [Steve Henson] + + *) Continuing patches for GeneralizedTime. Fix up certificate and CRL + ASN1 to use ASN1_TIME and modify print routines to use ASN1_TIME_print. + Removed the versions check from X509 routines when loading extensions: + this allows certain broken certificates that don't set the version + properly to be processed. + [Steve Henson] + + *) Deal with irritating shit to do with dependencies, in YAAHW (Yet Another + Ad Hoc Way) - Makefile.ssls now all contain local dependencies, which + can still be regenerated with "make depend". + [Ben Laurie] + + *) Spelling mistake in C version of CAST-128. + [Ben Laurie, reported by Jeremy Hylton ] + + *) Changes to the error generation code. The perl script err-code.pl + now reads in the old error codes and retains the old numbers, only + adding new ones if necessary. It also only changes the .err files if new + codes are added. The makefiles have been modified to only insert errors + when needed (to avoid needlessly modifying header files). This is done + by only inserting errors if the .err file is newer than the auto generated + C file. To rebuild all the error codes from scratch (the old behaviour) + either modify crypto/Makefile.ssl to pass the -regen flag to err_code.pl + or delete all the .err files. + [Steve Henson] + + *) CAST-128 was incorrectly implemented for short keys. The C version has + been fixed, but is untested. The assembler versions are also fixed, but + new assembler HAS NOT BEEN GENERATED FOR WIN32 - the Makefile needs fixing + to regenerate it if needed. + [Ben Laurie, reported (with fix for C version) by Jun-ichiro itojun + Hagino ] + + *) File was opened incorrectly in randfile.c. + [Ulf Möller ] + + *) Beginning of support for GeneralizedTime. d2i, i2d, check and print + functions. Also ASN1_TIME suite which is a CHOICE of UTCTime or + GeneralizedTime. ASN1_TIME is the proper type used in certificates et + al: it's just almost always a UTCTime. Note this patch adds new error + codes so do a "make errors" if there are problems. + [Steve Henson] + + *) Correct Linux 1 recognition in config. + [Ulf Möller ] + + *) Remove pointless MD5 hash when using DSA keys in ca. + [Anonymous ] + + *) Generate an error if given an empty string as a cert directory. Also + generate an error if handed NULL (previously returned 0 to indicate an + error, but didn't set one). + [Ben Laurie, reported by Anonymous ] + + *) Add prototypes to SSL methods. Make SSL_write's buffer const, at last. + [Ben Laurie] + + *) Fix the dummy function BN_ref_mod_exp() in rsaref.c to have the correct + parameters. This was causing a warning which killed off the Win32 compile. + [Steve Henson] + + *) Remove C++ style comments from crypto/bn/bn_local.h. + [Neil Costigan ] + + *) The function OBJ_txt2nid was broken. It was supposed to return a nid + based on a text string, looking up short and long names and finally + "dot" format. The "dot" format stuff didn't work. Added new function + OBJ_txt2obj to do the same but return an ASN1_OBJECT and rewrote + OBJ_txt2nid to use it. OBJ_txt2obj can also return objects even if the + OID is not part of the table. + [Steve Henson] + + *) Add prototypes to X509 lookup/verify methods, fixing a bug in + X509_LOOKUP_by_alias(). + [Ben Laurie] + + *) Sort openssl functions by name. + [Ben Laurie] + + *) Get the gendsa program working (hopefully) and add it to app list. Remove + encryption from sample DSA keys (in case anyone is interested the password + was "1234"). + [Steve Henson] + + *) Make _all_ *_free functions accept a NULL pointer. + [Frans Heymans ] + + *) If a DH key is generated in s3_srvr.c, don't blow it by trying to use + NULL pointers. + [Anonymous ] + + *) s_server should send the CAfile as acceptable CAs, not its own cert. + [Bodo Moeller <3moeller@informatik.uni-hamburg.de>] + + *) Don't blow it for numeric -newkey arguments to apps/req. + [Bodo Moeller <3moeller@informatik.uni-hamburg.de>] + + *) Temp key "for export" tests were wrong in s3_srvr.c. + [Anonymous ] + + *) Add prototype for temp key callback functions + SSL_CTX_set_tmp_{rsa,dh}_callback(). + [Ben Laurie] + + *) Make DH_free() tolerate being passed a NULL pointer (like RSA_free() and + DSA_free()). Make X509_PUBKEY_set() check for errors in d2i_PublicKey(). + [Steve Henson] + + *) X509_name_add_entry() freed the wrong thing after an error. + [Arne Ansper ] + + *) rsa_eay.c would attempt to free a NULL context. + [Arne Ansper ] + + *) BIO_s_socket() had a broken should_retry() on Windoze. + [Arne Ansper ] + + *) BIO_f_buffer() didn't pass on BIO_CTRL_FLUSH. + [Arne Ansper ] + + *) Make sure the already existing X509_STORE->depth variable is initialized + in X509_STORE_new(), but document the fact that this variable is still + unused in the certificate verification process. + [Ralf S. Engelschall] + + *) Fix the various library and apps files to free up pkeys obtained from + X509_PUBKEY_get() et al. Also allow x509.c to handle netscape extensions. + [Steve Henson] + + *) Fix reference counting in X509_PUBKEY_get(). This makes + demos/maurice/example2.c work, amongst others, probably. + [Steve Henson and Ben Laurie] + + *) First cut of a cleanup for apps/. First the `ssleay' program is now named + `openssl' and second, the shortcut symlinks for the `openssl ' + are no longer created. This way we have a single and consistent command + line interface `openssl ', similar to `cvs '. + [Ralf S. Engelschall, Paul Sutton and Ben Laurie] + + *) ca.c: move test for DSA keys inside #ifndef NO_DSA. Make pubkey + BIT STRING wrapper always have zero unused bits. + [Steve Henson] + + *) Add CA.pl, perl version of CA.sh, add extended key usage OID. + [Steve Henson] + + *) Make the top-level INSTALL documentation easier to understand. + [Paul Sutton] + + *) Makefiles updated to exit if an error occurs in a sub-directory + make (including if user presses ^C) [Paul Sutton] + + *) Make Montgomery context stuff explicit in RSA data structure. + [Ben Laurie] + + *) Fix build order of pem and err to allow for generated pem.h. + [Ben Laurie] + + *) Fix renumbering bug in X509_NAME_delete_entry(). + [Ben Laurie] + + *) Enhanced the err-ins.pl script so it makes the error library number + global and can add a library name. This is needed for external ASN1 and + other error libraries. + [Steve Henson] + + *) Fixed sk_insert which never worked properly. + [Steve Henson] + + *) Fix ASN1 macros so they can handle indefinite length construted + EXPLICIT tags. Some non standard certificates use these: they can now + be read in. + [Steve Henson] + + *) Merged the various old/obsolete SSLeay documentation files (doc/xxx.doc) + into a single doc/ssleay.txt bundle. This way the information is still + preserved but no longer messes up this directory. Now it's new room for + the new set of documenation files. + [Ralf S. Engelschall] + + *) SETs were incorrectly DER encoded. This was a major pain, because they + shared code with SEQUENCEs, which aren't coded the same. This means that + almost everything to do with SETs or SEQUENCEs has either changed name or + number of arguments. + [Ben Laurie, based on a partial fix by GP Jayan ] + + *) Fix test data to work with the above. + [Ben Laurie] + + *) Fix the RSA header declarations that hid a bug I fixed in 0.9.0b but + was already fixed by Eric for 0.9.1 it seems. + [Ben Laurie - pointed out by Ulf Möller ] + + *) Autodetect FreeBSD3. + [Ben Laurie] + + *) Fix various bugs in Configure. This affects the following platforms: + nextstep + ncr-scde + unixware-2.0 + unixware-2.0-pentium + sco5-cc. + [Ben Laurie] + + *) Eliminate generated files from CVS. Reorder tests to regenerate files + before they are needed. + [Ben Laurie] + + *) Generate Makefile.ssl from Makefile.org (to keep CVS happy). + [Ben Laurie] + + + Changes between 0.9.1b and 0.9.1c [23-Dec-1998] + + *) Added OPENSSL_VERSION_NUMBER to crypto/crypto.h and + changed SSLeay to OpenSSL in version strings. + [Ralf S. Engelschall] + + *) Some fixups to the top-level documents. + [Paul Sutton] + + *) Fixed the nasty bug where rsaref.h was not found under compile-time + because the symlink to include/ was missing. + [Ralf S. Engelschall] + + *) Incorporated the popular no-RSA/DSA-only patches + which allow to compile a RSA-free SSLeay. + [Andrew Cooke / Interrader Ldt., Ralf S. Engelschall] + + *) Fixed nasty rehash problem under `make -f Makefile.ssl links' + when "ssleay" is still not found. + [Ralf S. Engelschall] + + *) Added more platforms to Configure: Cray T3E, HPUX 11, + [Ralf S. Engelschall, Beckmann ] + + *) Updated the README file. + [Ralf S. Engelschall] + + *) Added various .cvsignore files in the CVS repository subdirs + to make a "cvs update" really silent. + [Ralf S. Engelschall] + + *) Recompiled the error-definition header files and added + missing symbols to the Win32 linker tables. + [Ralf S. Engelschall] + + *) Cleaned up the top-level documents; + o new files: CHANGES and LICENSE + o merged VERSION, HISTORY* and README* files a CHANGES.SSLeay + o merged COPYRIGHT into LICENSE + o removed obsolete TODO file + o renamed MICROSOFT to INSTALL.W32 + [Ralf S. Engelschall] + + *) Removed dummy files from the 0.9.1b source tree: + crypto/asn1/x crypto/bio/cd crypto/bio/fg crypto/bio/grep crypto/bio/vi + crypto/bn/asm/......add.c crypto/bn/asm/a.out crypto/dsa/f crypto/md5/f + crypto/pem/gmon.out crypto/perlasm/f crypto/pkcs7/build crypto/rsa/f + crypto/sha/asm/f crypto/threads/f ms/zzz ssl/f ssl/f.mak test/f + util/f.mak util/pl/f util/pl/f.mak crypto/bf/bf_locl.old apps/f + [Ralf S. Engelschall] + + *) Added various platform portability fixes. + [Mark J. Cox] + + *) The Genesis of the OpenSSL rpject: + We start with the latest (unreleased) SSLeay version 0.9.1b which Eric A. + Young and Tim J. Hudson created while they were working for C2Net until + summer 1998. + [The OpenSSL Project] + + + Changes between 0.9.0b and 0.9.1b [not released] + + *) Updated a few CA certificates under certs/ + [Eric A. Young] + + *) Changed some BIGNUM api stuff. + [Eric A. Young] + + *) Various platform ports: OpenBSD, Ultrix, IRIX 64bit, NetBSD, + DGUX x86, Linux Alpha, etc. + [Eric A. Young] + + *) New COMP library [crypto/comp/] for SSL Record Layer Compression: + RLE (dummy implemented) and ZLIB (really implemented when ZLIB is + available). + [Eric A. Young] + + *) Add -strparse option to asn1pars program which parses nested + binary structures + [Dr Stephen Henson ] + + *) Added "oid_file" to ssleay.cnf for "ca" and "req" programs. + [Eric A. Young] + + *) DSA fix for "ca" program. + [Eric A. Young] + + *) Added "-genkey" option to "dsaparam" program. + [Eric A. Young] + + *) Added RIPE MD160 (rmd160) message digest. + [Eric A. Young] + + *) Added -a (all) option to "ssleay version" command. + [Eric A. Young] + + *) Added PLATFORM define which is the id given to Configure. + [Eric A. Young] + + *) Added MemCheck_XXXX functions to crypto/mem.c for memory checking. + [Eric A. Young] + + *) Extended the ASN.1 parser routines. + [Eric A. Young] + + *) Extended BIO routines to support REUSEADDR, seek, tell, etc. + [Eric A. Young] + + *) Added a BN_CTX to the BN library. + [Eric A. Young] + + *) Fixed the weak key values in DES library + [Eric A. Young] + + *) Changed API in EVP library for cipher aliases. + [Eric A. Young] + + *) Added support for RC2/64bit cipher. + [Eric A. Young] + + *) Converted the lhash library to the crypto/mem.c functions. + [Eric A. Young] + + *) Added more recognized ASN.1 object ids. + [Eric A. Young] + + *) Added more RSA padding checks for SSL/TLS. + [Eric A. Young] + + *) Added BIO proxy/filter functionality. + [Eric A. Young] + + *) Added extra_certs to SSL_CTX which can be used + send extra CA certificates to the client in the CA cert chain sending + process. It can be configured with SSL_CTX_add_extra_chain_cert(). + [Eric A. Young] + + *) Now Fortezza is denied in the authentication phase because + this is key exchange mechanism is not supported by SSLeay at all. + [Eric A. Young] + + *) Additional PKCS1 checks. + [Eric A. Young] + + *) Support the string "TLSv1" for all TLS v1 ciphers. + [Eric A. Young] + + *) Added function SSL_get_ex_data_X509_STORE_CTX_idx() which gives the + ex_data index of the SSL context in the X509_STORE_CTX ex_data. + [Eric A. Young] + + *) Fixed a few memory leaks. + [Eric A. Young] + + *) Fixed various code and comment typos. + [Eric A. Young] + + *) A minor bug in ssl/s3_clnt.c where there would always be 4 0 + bytes sent in the client random. + [Edward Bishop ] + diff --git a/crypto/openssl/CHANGES.SSLeay b/crypto/openssl/CHANGES.SSLeay new file mode 100644 index 000000000000..dbb80b003d81 --- /dev/null +++ b/crypto/openssl/CHANGES.SSLeay @@ -0,0 +1,968 @@ +This file contains the changes for the SSLeay library up to version +0.9.0b. For later changes, see the file "CHANGES". + + SSLeay CHANGES + ______________ + +Changes between 0.8.x and 0.9.0b + +10-Apr-1998 + +I said the next version would go out at easter, and so it shall. +I expect a 0.9.1 will follow with portability fixes in the next few weeks. + +This is a quick, meet the deadline. Look to ssl-users for comments on what +is new etc. + +eric (about to go bushwalking for the 4 day easter break :-) + +16-Mar-98 + - Patch for Cray T90 from Wayne Schroeder + - Lots and lots of changes + +29-Jan-98 + - ASN1_BIT_STRING_set_bit()/ASN1_BIT_STRING_get_bit() from + Goetz Babin-Ebell . + - SSL_version() now returns SSL2_VERSION, SSL3_VERSION or + TLS1_VERSION. + +7-Jan-98 + - Finally reworked the cipher string to ciphers again, so it + works correctly + - All the app_data stuff is now ex_data with funcion calls to access. + The index is supplied by a function and 'methods' can be setup + for the types that are called on XXX_new/XXX_free. This lets + applications get notified on creation and destruction. Some of + the RSA methods could be implemented this way and I may do so. + - Oh yes, SSL under perl5 is working at the basic level. + +15-Dec-97 + - Warning - the gethostbyname cache is not fully thread safe, + but it should work well enough. + - Major internal reworking of the app_data stuff. More functions + but if you were accessing ->app_data directly, things will + stop working. + - The perlv5 stuff is working. Currently on message digests, + ciphers and the bignum library. + +9-Dec-97 + - Modified re-negotiation so that server initated re-neg + will cause a SSL_read() to return -1 should retry. + The danger otherwise was that the server and the + client could end up both trying to read when using non-blocking + sockets. + +4-Dec-97 + - Lots of small changes + - Fix for binaray mode in Windows for the FILE BIO, thanks to + Bob Denny + +17-Nov-97 + - Quite a few internal cleanups, (removal of errno, and using macros + defined in e_os.h). + - A bug in ca.c, pointed out by yasuyuki-ito@d-cruise.co.jp, where + the automactic naming out output files was being stuffed up. + +29-Oct-97 + - The Cast5 cipher has been added. MD5 and SHA-1 are now in assember + for x86. + +21-Oct-97 + - Fixed a bug in the BIO_gethostbyname() cache. + +15-Oct-97 + - cbc mode for blowfish/des/3des is now in assember. Blowfish asm + has also been improved. At this point in time, on the pentium, + md5 is %80 faster, the unoptimesed sha-1 is %79 faster, + des-cbc is %28 faster, des-ede3-cbc is %9 faster and blowfish-cbc + is %62 faster. + +12-Oct-97 + - MEM_BUF_grow() has been fixed so that it always sets the buf->length + to the value we are 'growing' to. Think of MEM_BUF_grow() as the + way to set the length value correctly. + +10-Oct-97 + - I now hash for certificate lookup on the raw DER encoded RDN (md5). + This breaks things again :-(. This is efficent since I cache + the DER encoding of the RDN. + - The text DN now puts in the numeric OID instead of UNKNOWN. + - req can now process arbitary OIDs in the config file. + - I've been implementing md5 in x86 asm, much faster :-). + - Started sha1 in x86 asm, needs more work. + - Quite a few speedups in the BN stuff. RSA public operation + has been made faster by caching the BN_MONT_CTX structure. + The calulating of the Ai where A*Ai === 1 mod m was rather + expensive. Basically a 40-50% speedup on public operations. + The RSA speedup is now 15% on pentiums and %20 on pentium + pro. + +30-Sep-97 + - After doing some profiling, I added x86 adm for bn_add_words(), + which just adds 2 arrays of longs together. A %10 speedup + for 512 and 1024 bit RSA on the pentium pro. + +29-Sep-97 + - Converted the x86 bignum assembler to us the perl scripts + for generation. + +23-Sep-97 + - If SSL_set_session() is passed a NULL session, it now clears the + current session-id. + +22-Sep-97 + - Added a '-ss_cert file' to apps/ca.c. This will sign selfsigned + certificates. + - Bug in crypto/evp/encode.c where by decoding of 65 base64 + encoded lines, one line at a time (via a memory BIO) would report + EOF after the first line was decoded. + - Fix in X509_find_by_issuer_and_serial() from + Dr Stephen Henson + +19-Sep-97 + - NO_FP_API and NO_STDIO added. + - Put in sh config command. It auto runs Configure with the correct + parameters. + +18-Sep-97 + - Fix x509.c so if a DSA cert has different parameters to its parent, + they are left in place. Not tested yet. + +16-Sep-97 + - ssl_create_cipher_list() had some bugs, fixes from + Patrick Eisenacher + - Fixed a bug in the Base64 BIO, where it would return 1 instead + of -1 when end of input was encountered but should retry. + Basically a Base64/Memory BIO interaction problem. + - Added a HMAC set of functions in preporarion for TLS work. + +15-Sep-97 + - Top level makefile tweak - Cameron Simpson + - Prime generation spead up %25 (512 bit prime, pentium pro linux) + by using montgomery multiplication in the prime number test. + +11-Sep-97 + - Ugly bug in ssl3_write_bytes(). Basically if application land + does a SSL_write(ssl,buf,len) where len > 16k, the SSLv3 write code + did not check the size and tried to copy the entire buffer. + This would tend to cause memory overwrites since SSLv3 has + a maximum packet size of 16k. If your program uses + buffers <= 16k, you would probably never see this problem. + - Fixed a new errors that were cause by malloc() not returning + 0 initialised memory.. + - SSL_OP_NETSCAPE_CA_DN_BUG was being switched on when using + SSL_CTX_set_options(ssl_ctx,SSL_OP_ALL); which was a bad thing + since this flags stops SSLeay being able to handle client + cert requests correctly. + +08-Sep-97 + - SSL_SESS_CACHE_NO_INTERNAL_LOOKUP option added. When switched + on, the SSL server routines will not use a SSL_SESSION that is + held in it's cache. This in intended to be used with the session-id + callbacks so that while the session-ids are still stored in the + cache, the decision to use them and how to look them up can be + done by the callbacks. The are the 'new', 'get' and 'remove' + callbacks. This can be used to determine the session-id + to use depending on information like which port/host the connection + is coming from. Since the are also SSL_SESSION_set_app_data() and + SSL_SESSION_get_app_data() functions, the application can hold + information against the session-id as well. + +03-Sep-97 + - Added lookup of CRLs to the by_dir method, + X509_load_crl_file() also added. Basically it means you can + lookup CRLs via the same system used to lookup certificates. + - Changed things so that the X509_NAME structure can contain + ASN.1 BIT_STRINGS which is required for the unique + identifier OID. + - Fixed some problems with the auto flushing of the session-id + cache. It was not occuring on the server side. + +02-Sep-97 + - Added SSL_CTX_sess_cache_size(SSL_CTX *ctx,unsigned long size) + which is the maximum number of entries allowed in the + session-id cache. This is enforced with a simple FIFO list. + The default size is 20*1024 entries which is rather large :-). + The Timeout code is still always operating. + +01-Sep-97 + - Added an argument to all the 'generate private key/prime` + callbacks. It is the last parameter so this should not + break existing code but it is needed for C++. + - Added the BIO_FLAGS_BASE64_NO_NL flag for the BIO_f_base64() + BIO. This lets the BIO read and write base64 encoded data + without inserting or looking for '\n' characters. The '-A' + flag turns this on when using apps/enc.c. + - RSA_NO_PADDING added to help BSAFE functionality. This is a + very dangerous thing to use, since RSA private key + operations without random padding bytes (as PKCS#1 adds) can + be attacked such that the private key can be revealed. + - ASN.1 bug and rc2-40-cbc and rc4-40 added by + Dr Stephen Henson + +31-Aug-97 (stuff added while I was away) + - Linux pthreads by Tim Hudson (tjh@cryptsoft.com). + - RSA_flags() added allowing bypass of pub/priv match check + in ssl/ssl_rsa.c - Tim Hudson. + - A few minor bugs. + +SSLeay 0.8.1 released. + +19-Jul-97 + - Server side initated dynamic renegotiation is broken. I will fix + it when I get back from holidays. + +15-Jul-97 + - Quite a few small changes. + - INVALID_SOCKET usage cleanups from Alex Kiernan + +09-Jul-97 + - Added 2 new values to the SSL info callback. + SSL_CB_START which is passed when the SSL protocol is started + and SSL_CB_DONE when it has finished sucsessfully. + +08-Jul-97 + - Fixed a few bugs problems in apps/req.c and crypto/asn1/x_pkey.c + that related to DSA public/private keys. + - Added all the relevent PEM and normal IO functions to support + reading and writing RSAPublic keys. + - Changed makefiles to use ${AR} instead of 'ar r' + +07-Jul-97 + - Error in ERR_remove_state() that would leave a dangling reference + to a free()ed location - thanks to Alex Kiernan + - s_client now prints the X509_NAMEs passed from the server + when requesting a client cert. + - Added a ssl->type, which is one of SSL_ST_CONNECT or + SSL_ST_ACCEPT. I had to add it so I could tell if I was + a connect or an accept after the handshake had finished. + - SSL_get_client_CA_list(SSL *s) now returns the CA names + passed by the server if called by a client side SSL. + +05-Jul-97 + - Bug in X509_NAME_get_text_by_OBJ(), looking starting at index + 0, not -1 :-( Fix from Tim Hudson (tjh@cryptsoft.com). + +04-Jul-97 + - Fixed some things in X509_NAME_add_entry(), thanks to + Matthew Donald . + - I had a look at the cipher section and though that it was a + bit confused, so I've changed it. + - I was not setting up the RC4-64-MD5 cipher correctly. It is + a MS special that appears in exported MS Money. + - Error in all my DH ciphers. Section 7.6.7.3 of the SSLv3 + spec. I was missing the two byte length header for the + ClientDiffieHellmanPublic value. This is a packet sent from + the client to the server. The SSL_OP_SSLEAY_080_CLIENT_DH_BUG + option will enable SSLeay server side SSLv3 accept either + the correct or my 080 packet format. + - Fixed a few typos in crypto/pem.org. + +02-Jul-97 + - Alias mapping for EVP_get_(digest|cipher)byname is now + performed before a lookup for actual cipher. This means + that an alias can be used to 're-direct' a cipher or a + digest. + - ASN1_read_bio() had a bug that only showed up when using a + memory BIO. When EOF is reached in the memory BIO, it is + reported as a -1 with BIO_should_retry() set to true. + +01-Jul-97 + - Fixed an error in X509_verify_cert() caused by my + miss-understanding how 'do { contine } while(0);' works. + Thanks to Emil Sit for educating me :-) + +30-Jun-97 + - Base64 decoding error. If the last data line did not end with + a '=', sometimes extra data would be returned. + - Another 'cut and paste' bug in x509.c related to setting up the + STDout BIO. + +27-Jun-97 + - apps/ciphers.c was not printing due to an editing error. + - Alex Kiernan send in a nice fix for + a library build error in util/mk1mf.pl + +26-Jun-97 + - Still did not have the auto 'experimental' code removal + script correct. + - A few header tweaks for Watcom 11.0 under Win32 from + Rolf Lindemann + - 0 length OCTET_STRING bug in asn1_parse + - A minor fix with an non-existent function in the MS .def files. + - A few changes to the PKCS7 stuff. + +25-Jun-97 + SSLeay 0.8.0 finally it gets released. + +24-Jun-97 + Added a SSL_OP_EPHEMERAL_RSA option which causes all SSLv3 RSA keys to + use a temporary RSA key. This is experimental and needs some more work. + Fixed a few Win16 build problems. + +23-Jun-97 + SSLv3 bug. I was not doing the 'lookup' of the CERT structure + correctly. I was taking the SSL->ctx->default_cert when I should + have been using SSL->cert. The bug was in ssl/s3_srvr.c + +20-Jun-97 + X509_ATTRIBUTES were being encoded wrongly by apps/reg.c and the + rest of the library. Even though I had the code required to do + it correctly, apps/req.c was doing the wrong thing. I have fixed + and tested everything. + + Missing a few #ifdef FIONBIO sections in crypto/bio/bss_acpt.c. + +19-Jun-97 + Fixed a bug in the SSLv2 server side first packet handling. When + using the non-blocking test BIO, the ssl->s2->first_packet flag + was being reset when a would-block failure occurred when reading + the first 5 bytes of the first packet. This caused the checking + logic to run at the wrong time and cause an error. + + Fixed a problem with specifying cipher. If RC4-MD5 were used, + only the SSLv3 version would be picked up. Now this will pick + up both SSLv2 and SSLv3 versions. This required changing the + SSL_CIPHER->mask values so that they only mask the ciphers, + digests, authentication, export type and key-exchange algorithms. + + I found that when a SSLv23 session is established, a reused + session, of type SSLv3 was attempting to write the SSLv2 + ciphers, which were invalid. The SSL_METHOD->put_cipher_by_char + method has been modified so it will only write out cipher which + that method knows about. + + + Changes between 0.8.0 and 0.8.1 + + *) Mostly bug fixes. + There is an Ephemeral DH cipher problem which is fixed. + + SSLeay 0.8.0 + +This version of SSLeay has quite a lot of things different from the +previous version. + +Basically check all callback parameters, I will be producing documentation +about how to use things in th future. Currently I'm just getting 080 out +the door. Please not that there are several ways to do everything, and +most of the applications in the apps directory are hybrids, some using old +methods and some using new methods. + +Have a look in demos/bio for some very simple programs and +apps/s_client.c and apps/s_server.c for some more advanced versions. +Notes are definitly needed but they are a week or so away. + +Anyway, some quick nots from Tim Hudson (tjh@cryptsoft.com) +--- +Quick porting notes for moving from SSLeay-0.6.x to SSLeay-0.8.x to +get those people that want to move to using the new code base off to +a quick start. + +Note that Eric has tidied up a lot of the areas of the API that were +less than desirable and renamed quite a few things (as he had to break +the API in lots of places anyrate). There are a whole pile of additional +functions for making dealing with (and creating) certificates a lot +cleaner. + +01-Jul-97 +Tim Hudson +tjh@cryptsoft.com + +---8<--- + +To maintain code that uses both SSLeay-0.6.x and SSLeay-0.8.x you could +use something like the following (assuming you #include "crypto.h" which +is something that you really should be doing). + +#if SSLEAY_VERSION_NUMBER >= 0x0800 +#define SSLEAY8 +#endif + +buffer.h -> splits into buffer.h and bio.h so you need to include bio.h + too if you are working with BIO internal stuff (as distinct + from simply using the interface in an opaque manner) + +#include "bio.h" - required along with "buffer.h" if you write + your own BIO routines as the buffer and bio + stuff that was intermixed has been separated + out + +envelope.h -> evp.h (which should have been done ages ago) + +Initialisation ... don't forget these or you end up with code that +is missing the bits required to do useful things (like ciphers): + +SSLeay_add_ssl_algorithms() +(probably also want SSL_load_error_strings() too but you should have + already had that call in place) + +SSL_CTX_new() - requires an extra method parameter + SSL_CTX_new(SSLv23_method()) + SSL_CTX_new(SSLv2_method()) + SSL_CTX_new(SSLv3_method()) + + OR to only have the server or the client code + SSL_CTX_new(SSLv23_server_method()) + SSL_CTX_new(SSLv2_server_method()) + SSL_CTX_new(SSLv3_server_method()) + or + SSL_CTX_new(SSLv23_client_method()) + SSL_CTX_new(SSLv2_client_method()) + SSL_CTX_new(SSLv3_client_method()) + +SSL_set_default_verify_paths() ... renamed to the more appropriate +SSL_CTX_set_default_verify_paths() + +If you want to use client certificates then you have to add in a bit +of extra stuff in that a SSLv3 server sends a list of those CAs that +it will accept certificates from ... so you have to provide a list to +SSLeay otherwise certain browsers will not send client certs. + +SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(s_cert_file)); + + +X509_NAME_oneline(X) -> X509_NAME_oneline(X,NULL,0) + or provide a buffer and size to copy the + result into + +X509_add_cert -> X509_STORE_add_cert (and you might want to read the + notes on X509_NAME structure changes too) + + +VERIFICATION CODE +================= + +The codes have all be renamed from VERIFY_ERR_* to X509_V_ERR_* to +more accurately reflect things. + +The verification callback args are now packaged differently so that +extra fields for verification can be added easily in future without +having to break things by adding extra parameters each release :-) + +X509_cert_verify_error_string -> X509_verify_cert_error_string + + +BIO INTERNALS +============= + +Eric has fixed things so that extra flags can be introduced in +the BIO layer in future without having to play with all the BIO +modules by adding in some macros. + +The ugly stuff using + b->flags ~= (BIO_FLAGS_RW|BIO_FLAGS_SHOULD_RETRY) +becomes + BIO_clear_retry_flags(b) + + b->flags |= (BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY) +becomes + BIO_set_retry_read(b) + +Also ... BIO_get_retry_flags(b), BIO_set_flags(b) + + + +OTHER THINGS +============ + +X509_NAME has been altered so that it isn't just a STACK ... the STACK +is now in the "entries" field ... and there are a pile of nice functions +for getting at the details in a much cleaner manner. + +SSL_CTX has been altered ... "cert" is no longer a direct member of this +structure ... things are now down under "cert_store" (see x509_vfy.h) and +things are no longer in a CERTIFICATE_CTX but instead in a X509_STORE. +If your code "knows" about this level of detail then it will need some +surgery. + +If you depending on the incorrect spelling of a number of the error codes +then you will have to change your code as these have been fixed. + +ENV_CIPHER "type" got renamed to "nid" and as that is what it actually +has been all along so this makes things clearer. +ify_cert_error_string(ctx->error)); + +SSL_R_NO_CIPHER_WE_TRUST -> SSL_R_NO_CIPHER_LIST + and SSL_R_REUSE_CIPHER_LIST_NOT_ZERO + + + + Changes between 0.7.x and 0.8.0 + + *) There have been lots of changes, mostly the addition of SSLv3. + There have been many additions from people and amongst + others, C2Net has assisted greatly. + + Changes between 0.7.x and 0.7.x + + *) Internal development version only + +SSLeay 0.6.6 13-Jan-1997 + +The main additions are + +- assember for x86 DES improvments. + From 191,000 per second on a pentium 100, I now get 281,000. The inner + loop and the IP/FP modifications are from + Svend Olaf Mikkelsen . Many thanks for his + contribution. +- The 'DES macros' introduced in 0.6.5 now have 3 types. + DES_PTR1, DES_PTR2 and 'normal'. As per before, des_opts reports which + is best and there is a summery of mine in crypto/des/options.txt +- A few bug fixes. +- Added blowfish. It is not used by SSL but all the other stuff that + deals with ciphers can use it in either ecb, cbc, cfb64 or ofb64 modes. + There are 3 options for optimising Blowfish. BF_PTR, BF_PTR2 and 'normal'. + BF_PTR2 is pentium/x86 specific. The correct option is setup in + the 'Configure' script. +- There is now a 'get client certificate' callback which can be + 'non-blocking'. If more details are required, let me know. It will + documented more in SSLv3 when I finish it. +- Bug fixes from 0.6.5 including the infamous 'ca' bug. The 'make test' + now tests the ca program. +- Lots of little things modified and tweaked. + + SSLeay 0.6.5 + +After quite some time (3 months), the new release. I have been very busy +for the last few months and so this is mostly bug fixes and improvments. + +The main additions are + +- assember for x86 DES. For all those gcc based systems, this is a big + improvement. From 117,000 DES operation a second on a pentium 100, + I now get 191,000. I have also reworked the C version so it + now gives 148,000 DESs per second. +- As mentioned above, the inner DES macros now have some more variant that + sometimes help, sometimes hinder performance. There are now 3 options + DES_PTR (ptr vs array lookup), DES_UNROLL (full vs partial loop unrolling) + and DES_RISC (a more register intensive version of the inner macro). + The crypto/des/des_opts.c program, when compiled and run, will give + an indication of the correct options to use. +- The BIO stuff has been improved. Read doc/bio.doc. There are now + modules for encryption and base64 encoding and a BIO_printf() function. +- The CA program will accept simple one line X509v3 extensions in the + ssleay.cnf file. Have a look at the example. Currently this just + puts the text into the certificate as an OCTET_STRING so currently + the more advanced X509v3 data types are not handled but this is enough + for the netscape extensions. +- There is the start of a nicer higher level interface to the X509 + strucutre. +- Quite a lot of bug fixes. +- CRYPTO_malloc_init() (or CRYPTO_set_mem_functions()) can be used + to define the malloc(), free() and realloc() routines to use + (look in crypto/crypto.h). This is mostly needed for Windows NT/95 when + using DLLs and mixing CRT libraries. + +In general, read the 'VERSION' file for changes and be aware that some of +the new stuff may not have been tested quite enough yet, so don't just plonk +in SSLeay 0.6.5 when 0.6.4 used to work and expect nothing to break. + +SSLeay 0.6.4 30/08/96 eay + +I've just finished some test builds on Windows NT, Windows 3.1, Solaris 2.3, +Solaris 2.5, Linux, IRIX, HPUX 10 and everthing seems to work :-). + +The main changes in this release + +- Thread safe. have a read of doc/threads.doc and play in the mt directory. + For anyone using 0.6.3 with threads, I found 2 major errors so consider + moving to 0.6.4. I have a test program that builds under NT and + solaris. +- The get session-id callback has changed. Have a read of doc/callback.doc. +- The X509_cert_verify callback (the SSL_verify callback) now + has another argument. Have a read of doc/callback.doc +- 'ca -preserve', sign without re-ordering the DN. Not tested much. +- VMS support. +- Compile time memory leak detection can now be built into SSLeay. + Read doc/memory.doc +- CONF routines now understand '\', '\n', '\r' etc. What this means is that + the SPKAC object mentioned in doc/ns-ca.doc can be on multiple lines. +- 'ssleay ciphers' added, lists the default cipher list for SSLeay. +- RC2 key setup is now compatable with Netscape. +- Modifed server side of SSL implementation, big performance difference when + using session-id reuse. + +0.6.3 + +Bug fixes and the addition of some nice stuff to the 'ca' program. +Have a read of doc/ns-ca.doc for how hit has been modified so +it can be driven from a CGI script. The CGI script is not provided, +but that is just being left as an excersize for the reader :-). + +0.6.2 + +This is most bug fixes and functionality improvements. + +Additions are +- More thread debugging patches, the thread stuff is still being + tested, but for those keep to play with stuff, have a look in + crypto/cryptlib.c. The application needs to define 1 (or optionaly + a second) callback that is used to implement locking. Compiling + with LOCK_DEBUG spits out lots of locking crud :-). + This is what I'm currently working on. +- SSL_CTX_set_default_passwd_cb() can be used to define the callback + function used in the SSL*_file() functions used to load keys. I was + always of the opinion that people should call + PEM_read_RSAPrivateKey() and pass the callback they want to use, but + it appears they just want to use the SSL_*_file() function() :-(. +- 'enc' now has a -kfile so a key can be read from a file. This is + mostly used so that the passwd does not appear when using 'ps', + which appears imposible to stop under solaris. +- X509v3 certificates now work correctly. I even have more examples + in my tests :-). There is now a X509_EXTENSION type that is used in + X509v3 certificates and CRLv2. +- Fixed that signature type error :-( +- Fixed quite a few potential memory leaks and problems when reusing + X509, CRL and REQ structures. +- EVP_set_pw_prompt() now sets the library wide default password + prompt. +- The 'pkcs7' command will now, given the -print_certs flag, output in + pem format, all certificates and CRL contained within. This is more + of a pre-emtive thing for the new verisign distribution method. I + should also note, that this also gives and example in code, of how + to do this :-), or for that matter, what is involved in going the + other way (list of certs and crl -> pkcs7). +- Added RSA's DESX to the DES library. It is also available via the + EVP_desx_cbc() method and via 'enc desx'. + +SSLeay 0.6.1 + +The main functional changes since 0.6.0 are as follows +- Bad news, the Microsoft 060 DLL's are not compatable, but the good news is + that from now on, I'll keep the .def numbers the same so they will be. +- RSA private key operations are about 2 times faster that 0.6.0 +- The SSL_CTX now has more fields so default values can be put against + it. When an SSL structure is created, these default values are used + but can be overwritten. There are defaults for cipher, certificate, + private key, verify mode and callback. This means SSL session + creation can now be + ssl=SSL_new() + SSL_set_fd(ssl,sock); + SSL_accept(ssl) + .... + All the other uglyness with having to keep a global copy of the + private key and certificate/verify mode in the server is now gone. +- ssl/ssltest.c - one process talking SSL to its self for testing. +- Storage of Session-id's can be controled via a session_cache_mode + flag. There is also now an automatic default flushing of + old session-id's. +- The X509_cert_verify() function now has another parameter, this + should not effect most people but it now means that the reason for + the failure to verify is now available via SSL_get_verify_result(ssl). + You don't have to use a global variable. +- SSL_get_app_data() and SSL_set_app_data() can be used to keep some + application data against the SSL structure. It is upto the application + to free the data. I don't use it, but it is available. +- SSL_CTX_set_cert_verify_callback() can be used to specify a + verify callback function that completly replaces my certificate + verification code. Xcert should be able to use this :-). + The callback is of the form int app_verify_callback(arg,ssl,cert). + This needs to be documented more. +- I have started playing with shared library builds, have a look in + the shlib directory. It is very simple. If you need a numbered + list of functions, have a look at misc/crypto.num and misc/ssl.num. +- There is some stuff to do locking to make the library thread safe. + I have only started this stuff and have not finished. If anyone is + keen to do so, please send me the patches when finished. + +So I have finally made most of the additions to the SSL interface that +I thought were needed. + +There will probably be a pause before I make any non-bug/documentation +related changes to SSLeay since I'm feeling like a bit of a break. + +eric - 12 Jul 1996 +I saw recently a comment by some-one that we now seem to be entering +the age of perpetual Beta software. +Pioneered by packages like linux but refined to an art form by +netscape. + +I too wish to join this trend with the anouncement of SSLeay 0.6.0 :-). + +There are quite a large number of sections that are 'works in +progress' in this package. I will also list the major changes and +what files you should read. + +BIO - this is the new IO structure being used everywhere in SSLeay. I +started out developing this because of microsoft, I wanted a mechanism +to callback to the application for all IO, so Windows 3.1 DLL +perversion could be hidden from me and the 15 different ways to write +to a file under NT would also not be dictated by me at library build +time. What the 'package' is is an API for a data structure containing +functions. IO interfaces can be written to conform to the +specification. This in not intended to hide the underlying data type +from the application, but to hide it from SSLeay :-). +I have only really finished testing the FILE * and socket/fd modules. +There are also 'filter' BIO's. Currently I have only implemented +message digests, and it is in use in the dgst application. This +functionality will allow base64/encrypto/buffering modules to be +'push' into a BIO without it affecting the semantics. I'm also +working on an SSL BIO which will hide the SSL_accept()/SLL_connet() +from an event loop which uses the interface. +It is also possible to 'attach' callbacks to a BIO so they get called +before and after each operation, alowing extensive debug output +to be generated (try running dgst with -d). + +Unfortunaly in the conversion from 0.5.x to 0.6.0, quite a few +functions that used to take FILE *, now take BIO *. +The wrappers are easy to write + +function_fp(fp,x) +FILE *fp; + { + BIO *b; + int ret; + + if ((b=BIO_new(BIO_s_file())) == NULL) error..... + BIO_set_fp(b,fp,BIO_NOCLOSE); + ret=function_bio(b,x); + BIO_free(b); + return(ret); + } +Remember, there are no functions that take FILE * in SSLeay when +compiled for Windows 3.1 DLL's. + +-- +I have added a general EVP_PKEY type that can hold a public/private +key. This is now what is used by the EVP_ functions and is passed +around internally. I still have not done the PKCS#8 stuff, but +X509_PKEY is defined and waiting :-) + +-- +For a full function name listings, have a look at ms/crypt32.def and +ms/ssl32.def. These are auto-generated but are complete. +Things like ASN1_INTEGER_get() have been added and are in here if you +look. I have renamed a few things, again, have a look through the +function list and you will probably find what you are after. I intend +to at least put a one line descrition for each one..... + +-- +Microsoft - thats what this release is about, read the MICROSOFT file. + +-- +Multi-threading support. I have started hunting through the code and +flaging where things need to be done. In a state of work but high on +the list. + +-- +For random numbers, edit e_os.h and set DEVRANDOM (it's near the top) +be be you random data device, otherwise 'RFILE' in e_os.h +will be used, in your home directory. It will be updated +periodically. The environment variable RANDFILE will override this +choice and read/write to that file instead. DEVRANDOM is used in +conjunction to the RFILE/RANDFILE. If you wish to 'seed' the random +number generator, pick on one of these files. + +-- + +The list of things to read and do + +dgst -d +s_client -state (this uses a callback placed in the SSL state loop and + will be used else-where to help debug/monitor what + is happening.) + +doc/why.doc +doc/bio.doc <- hmmm, needs lots of work. +doc/bss_file.doc <- one that is working :-) +doc/session.doc <- it has changed +doc/speed.doc + also play with ssleay version -a. I have now added a SSLeay() + function that returns a version number, eg 0600 for this release + which is primarily to be used to check DLL version against the + application. +util/* Quite a few will not interest people, but some may, like + mk1mf.pl, mkdef.pl, +util/do_ms.sh + +try +cc -Iinclude -Icrypto -c crypto/crypto.c +cc -Iinclude -Issl -c ssl/ssl.c +You have just built the SSLeay libraries as 2 object files :-) + +Have a general rummage around in the bin stall directory and look at +what is in there, like CA.sh and c_rehash + +There are lots more things but it is 12:30am on a Friday night and I'm +heading home :-). + +eric 22-Jun-1996 +This version has quite a few major bug fixes and improvements. It DOES NOT +do SSLv3 yet. + +The main things changed +- A Few days ago I added the s_mult application to ssleay which is + a demo of an SSL server running in an event loop type thing. + It supports non-blocking IO, I have finally gotten it right, SSL_accept() + can operate in non-blocking IO mode, look at the code to see how :-). + Have a read of doc/s_mult as well. This program leaks memory and + file descriptors everywhere but I have not cleaned it up yet. + This is a demo of how to do non-blocking IO. +- The SSL session management has been 'worked over' and there is now + quite an expansive set of functions to manipulate them. Have a read of + doc/session.doc for some-things I quickly whipped up about how it now works. + This assume you know the SSLv2 protocol :-) +- I can now read/write the netscape certificate format, use the + -inform/-outform 'net' options to the x509 command. I have not put support + for this type in the other demo programs, but it would be easy to add. +- asn1parse and 'enc' have been modified so that when reading base64 + encoded files (pem format), they do not require '-----BEGIN' header lines. + The 'enc' program had a buffering bug fixed, it can be used as a general + base64 -> binary -> base64 filter by doing 'enc -a -e' and 'enc -a -d' + respecivly. Leaving out the '-a' flag in this case makes the 'enc' command + into a form of 'cat'. +- The 'x509' and 'req' programs have been fixed and modified a little so + that they generate self-signed certificates correctly. The test + script actually generates a 'CA' certificate and then 'signs' a + 'user' certificate. Have a look at this shell script (test/sstest) + to see how things work, it tests most possible combinations of what can + be done. +- The 'SSL_set_pref_cipher()' function has been 'fixed' and the prefered name + of SSL_set_cipher_list() is now the correct API (stops confusion :-). + If this function is used in the client, only the specified ciphers can + be used, with preference given to the order the ciphers were listed. + For the server, if this is used, only the specified ciphers will be used + to accept connections. If this 'option' is not used, a default set of + ciphers will be used. The SSL_CTX_set_cipher_list(SSL_CTX *ctx) sets this + list for all ciphers started against the SSL_CTX. So the order is + SSL cipher_list, if not present, SSL_CTX cipher list, if not + present, then the library default. + What this means is that normally ciphers like + NULL-MD5 will never be used. The only way this cipher can be used + for both ends to specify to use it. + To enable or disable ciphers in the library at build time, modify the + first field for the cipher in the ssl_ciphers array in ssl/ssl_lib.c. + This file also contains the 'pref_cipher' list which is the default + cipher preference order. +- I'm not currently sure if the 'rsa -inform net' and the 'rsa -outform net' + options work. They should, and they enable loading and writing the + netscape rsa private key format. I will be re-working this section of + SSLeay for the next version. What is currently in place is a quick and + dirty hack. +- I've re-written parts of the bignum library. This gives speedups + for all platforms. I now provide assembler for use under Windows NT. + I have not tested the Windows 3.1 assembler but it is quite simple code. + This gives RSAprivate_key operation encryption times of 0.047s (512bit key) + and 0.230s (1024bit key) on a pentium 100 which I consider reasonable. + Basically the times available under linux/solaris x86 can be achieve under + Windows NT. I still don't know how these times compare to RSA's BSAFE + library but I have been emailing with people and with their help, I should + be able to get my library's quite a bit faster still (more algorithm changes). + The object file crypto/bn/asm/x86-32.obj should be used when linking + under NT. +- 'make makefile.one' in the top directory will generate a single makefile + called 'makefile.one' This makefile contains no perl references and + will build the SSLeay library into the 'tmp' and 'out' directories. + util/mk1mf.pl >makefile.one is how this makefile is + generated. The mk1mf.pl command take several option to generate the + makefile for use with cc, gcc, Visual C++ and Borland C++. This is + still under development. I have only build .lib's for NT and MSDOS + I will be working on this more. I still need to play with the + correct compiler setups for these compilers and add some more stuff but + basically if you just want to compile the library + on a 'non-unix' platform, this is a very very good file to start with :-). + Have a look in the 'microsoft' directory for my current makefiles. + I have not yet modified things to link with sockets under Windows NT. + You guys should be able to do this since this is actually outside of the + SSLeay scope :-). I will be doing it for myself soon. + util/mk1mf.pl takes quite a few options including no-rc, rsaref and no-sock + to build without RC2/RC4, to require RSAref for linking, and to + build with no socket code. + +- Oh yes, the cipher that was reported to be compatible with RSA's RC2 cipher + that was posted to sci.crypt has been added to the library and SSL. + I take the view that if RC2 is going to be included in a standard, + I'll include the cipher to make my package complete. + There are NO_RC2, NO_RC4 and NO_IDEA macros to remove these ciphers + at compile time. I have not tested this recently but it should all work + and if you are in the USA and don't want RSA threatening to sue you, + you could probably remove the RC4/RC2 code inside these sections. + I may in the future include a perl script that does this code + removal automatically for those in the USA :-). +- I have removed all references to sed in the makefiles. So basically, + the development environment requires perl and sh. The build environment + does not (use the makefile.one makefile). + The Configure script still requires perl, this will probably stay that way + since I have perl for Windows NT :-). + +eric (03-May-1996) + +PS Have a look in the VERSION file for more details on the changes and + bug fixes. +I have fixed a few bugs, added alpha and x86 assembler and generally cleaned +things up. This version will be quite stable, mostly because I'm on +holidays until 10-March-1996. For any problems in the interum, send email +to Tim Hudson . + +SSLeay 0.5.0 + +12-12-95 +This is going out before it should really be released. + +I leave for 11 weeks holidays on the 22-12-95 and so I either sit on +this for 11 weeks or get things out. It is still going to change a +lot in the next week so if you do grab this version, please test and +give me feed back ASAP, inculuding questions on how to do things with +the library. This will prompt me to write documentation so I don't +have to answer the same question again :-). + +This 'pre' release version is for people who are interested in the +library. The applications will have to be changed to use +the new version of the SSL interface. I intend to finish more +documentation before I leave but until then, look at the programs in +the apps directory. As far as code goes, it is much much nicer than +the old version. + +The current library works, has no memory leaks (as far as I can tell) +and is far more bug free that 0.4.5d. There are no global variable of +consequence (I believe) and I will produce some documentation that +tell where to look for those people that do want to do multi-threaded +stuff. + +There should be more documentation. Have a look in the +doc directory. I'll be adding more before I leave, it is a start +by mostly documents the crypto library. Tim Hudson will update +the web page ASAP. The spelling and grammar are crap but +it is better than nothing :-) + +Reasons to start playing with version 0.5.0 +- All the programs in the apps directory build into one ssleay binary. +- There is a new version of the 'req' program that generates certificate + requests, there is even documentation for this one :-) +- There is a demo certification authorithy program. Currently it will + look at the simple database and update it. It will generate CRL from + the data base. You need to edit the database by hand to revoke a + certificate, it is my aim to use perl5/Tk but I don't have time to do + this right now. It will generate the certificates but the management + scripts still need to be written. This is not a hard task. +- Things have been cleaned up alot. +- Have a look at the enc and dgst programs in the apps directory. +- It supports v3 of x509 certiticates. + + +Major things missing. +- I have been working on (and thinging about) the distributed x509 + hierachy problem. I have not had time to put my solution in place. + It will have to wait until I come back. +- I have not put in CRL checking in the certificate verification but + it would not be hard to do. I was waiting until I could generate my + own CRL (which has only been in the last week) and I don't have time + to put it in correctly. +- Montgomery multiplication need to be implemented. I know the + algorithm, just ran out of time. +- PKCS#7. I can load and write the DER version. I need to re-work + things to support BER (if that means nothing, read the ASN1 spec :-). +- Testing of the higher level digital envelope routines. I have not + played with the *_seal() and *_open() type functions. They are + written but need testing. The *_sign() and *_verify() functions are + rock solid. +- PEM. Doing this and PKCS#7 have been dependant on the distributed + x509 heirachy problem. I started implementing my ideas, got + distracted writing a CA program and then ran out of time. I provide + the functionality of RSAref at least. +- Re work the asm. code for the x86. I've changed by low level bignum + interface again, so I really need to tweak the x86 stuff. gcc is + good enough for the other boxes. + diff --git a/crypto/openssl/Configure b/crypto/openssl/Configure new file mode 100755 index 000000000000..fdad0c238c1a --- /dev/null +++ b/crypto/openssl/Configure @@ -0,0 +1,869 @@ +: +eval 'exec perl -S $0 ${1+"$@"}' + if $running_under_some_shell; +## +## Configure -- OpenSSL source tree configuration script +## + +require 5.000; +use strict; + +# see INSTALL for instructions. + +my $usage="Usage: Configure [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [rsaref] [no-threads] [no-asm] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] os/compiler[:flags]\n"; + +# Options: +# +# --openssldir install OpenSSL in OPENSSLDIR (Default: DIR/ssl if the +# --prefix option is given; /usr/local/ssl otherwise) +# --prefix prefix for the OpenSSL include, lib and bin directories +# (Default: the OPENSSLDIR directory) +# +# --install_prefix Additional prefix for package builders (empty by +# default). This needn't be set in advance, you can +# just as well use "make INSTALL_PREFIX=/whatever install". +# +# rsaref use RSAref +# [no-]threads [don't] try to create a library that is suitable for +# multithreaded applications (default is "threads" if we +# know how to do it) +# no-asm do not use assembler +# 386 generate 80386 code +# no- build without specified algorithm (rsa, idea, rc5, ...) +# - + compiler options are passed through +# +# DES_PTR use pointer lookup vs arrays in the DES in crypto/des/des_locl.h +# DES_RISC1 use different DES_ENCRYPT macro that helps reduce register +# dependancies but needs to more registers, good for RISC CPU's +# DES_RISC2 A different RISC variant. +# DES_UNROLL unroll the inner DES loop, sometimes helps, somtimes hinders. +# DES_INT use 'int' instead of 'long' for DES_LONG in crypto/des/des.h +# This is used on the DEC Alpha where long is 8 bytes +# and int is 4 +# BN_LLONG use the type 'long long' in crypto/bn/bn.h +# MD2_CHAR use 'char' instead of 'int' for MD2_INT in crypto/md2/md2.h +# MD2_LONG use 'long' instead of 'int' for MD2_INT in crypto/md2/md2.h +# IDEA_SHORT use 'short' instead of 'int' for IDEA_INT in crypto/idea/idea.h +# IDEA_LONG use 'long' instead of 'int' for IDEA_INT in crypto/idea/idea.h +# RC2_SHORT use 'short' instead of 'int' for RC2_INT in crypto/rc2/rc2.h +# RC2_LONG use 'long' instead of 'int' for RC2_INT in crypto/rc2/rc2.h +# RC4_CHAR use 'char' instead of 'int' for RC4_INT in crypto/rc4/rc4.h +# RC4_LONG use 'long' instead of 'int' for RC4_INT in crypto/rc4/rc4.h +# RC4_INDEX define RC4_INDEX in crypto/rc4/rc4_locl.h. This turns on +# array lookups instead of pointer use. +# BF_PTR use 'pointer arithmatic' for Blowfish (unsafe on Alpha). +# BF_PTR2 intel specific version (generic version is more efficient). +# MD5_ASM use some extra md5 assember, +# SHA1_ASM use some extra sha1 assember, must define L_ENDIAN for x86 +# RMD160_ASM use some extra ripemd160 assember, + +my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL"; + +# MD2_CHAR slags pentium pros +my $x86_gcc_opts="RC4_INDEX MD2_INT"; + +# MODIFY THESE PARAMETERS IF YOU ARE GOING TO USE THE 'util/speed.sh SCRIPT +# Don't worry about these normally + +my $tcc="cc"; +my $tflags="-fast -Xa"; +my $tbn_mul=""; +my $tlib="-lnsl -lsocket"; +#$bits1="SIXTEEN_BIT "; +#$bits2="THIRTY_TWO_BIT "; +my $bits1="THIRTY_TWO_BIT "; +my $bits2="SIXTY_FOUR_BIT "; + +my $x86_sol_asm="asm/bn86-sol.o asm/co86-sol.o:asm/dx86-sol.o asm/yx86-sol.o:asm/bx86-sol.o:asm/mx86-sol.o:asm/sx86-sol.o:asm/cx86-sol.o:asm/rx86-sol.o:asm/rm86-sol.o:asm/r586-sol.o"; +my $x86_elf_asm="asm/bn86-elf.o asm/co86-elf.o:asm/dx86-elf.o asm/yx86-elf.o:asm/bx86-elf.o:asm/mx86-elf.o:asm/sx86-elf.o:asm/cx86-elf.o:asm/rx86-elf.o:asm/rm86-elf.o:asm/r586-elf.o"; +my $x86_out_asm="asm/bn86-out.o asm/co86-out.o:asm/dx86-out.o asm/yx86-out.o:asm/bx86-out.o:asm/mx86-out.o:asm/sx86-out.o:asm/cx86-out.o:asm/rx86-out.o:asm/rm86-out.o:asm/r586-out.o"; +my $x86_bsdi_asm="asm/bn86bsdi.o asm/co86bsdi.o:asm/dx86bsdi.o asm/yx86bsdi.o:asm/bx86bsdi.o:asm/mx86bsdi.o:asm/sx86bsdi.o:asm/cx86bsdi.o:asm/rx86bsdi.o:asm/rm86bsdi.o:asm/r586bsdi.o"; + +# -DB_ENDIAN slows things down on a sparc for md5, but helps sha1. +# So the md5_locl.h file has an undef B_ENDIAN if sun is defined + +#config-string CC : CFLAGS : LDFLAGS : special header file mods:bn_asm \ +# des_asm:bf_asm +my %table=( +#"b", "$tcc:$tflags::$tlib:$bits1:$tbn_mul::", +#"bl-4c-2c", "$tcc:$tflags::$tlib:${bits1}BN_LLONG RC4_CHAR MD2_CHAR:$tbn_mul::", +#"bl-4c-ri", "$tcc:$tflags::$tlib:${bits1}BN_LLONG RC4_CHAR RC4_INDEX:$tbn_mul::", +#"b2-is-ri-dp", "$tcc:$tflags::$tlib:${bits2}IDEA_SHORT RC4_INDEX DES_PTR:$tbn_mul::", + +# Our development configs +"purify", "purify gcc:-g -DPURIFY -Wall::(unknown):-lsocket -lnsl::::", +"debug", "gcc:-DBN_DEBUG -DREF_CHECK -DCRYPTO_MDEBUG -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror::(unknown):-lefence::::", +"debug-ben", "gcc:-DBN_DEBUG -DREF_CHECK -DCRYPTO_MDEBUG -DPEDANTIC -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown):::::", +"debug-ben-debug", "gcc:-DBN_DEBUG -DREF_CHECK -DCRYPTO_MDEBUG -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown):::::", +"debug-ben-strict", "gcc:-DBN_DEBUG -DREF_CHECK -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown):::::", +"debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm", +"debug-bodo", "gcc:-DBIO_PAIR_DEBUG -DL_ENDIAN -DREF_CHECK -DCRYPTO_MDEBUG_ALL -g -m486 -Wall::-D_REENTRANT::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm", +"dist", "cc:-O::(unknown):::::", + +# Basic configs that should work on any box +"gcc", "gcc:-O3::(unknown)::BN_LLONG:::", +"cc", "cc:-O::(unknown):::::", + +#### Solaris x86 setups +"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN::-D_REENTRANT:-lsocket -lnsl:BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_sol_asm", + +#### SPARC Solaris with GNU C setups +"solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_UNROLL BF_PTR:::", +"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_UNROLL BF_PTR:asm/sparcv8.o::", +"solaris-sparcv9-gcc","gcc:-mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o:", +# gcc pre-2.8 doesn't understand -mcpu=ultrasparc, so fall down to -mv8 +# but keep the assembler modules. +"solaris-sparcv9-gcc27","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_UNROLL BF_PTR:asm/sparcv8plus-gcc27.o:::asm/md5-sparcv8plus-gcc27.o:", +#### +"debug-solaris-sparcv8-gcc","gcc:-DREF_CHECK -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_UNROLL BF_PTR:::", +"debug-solaris-sparcv9-gcc","gcc:-DREF_CHECK -DCRYPTO_MDEBUG_ALL -O -g -mcpu=ultrasparc -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_UNROLL BF_PTR:asm/sparcv8plus.o::", + +#### SPARC Solaris with Sun C setups +# DO NOT use /xO[34] on sparc with SC3.0. It is broken, and will not pass the tests +"solaris-sparc-sc3","cc:-fast -O -Xa -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_PTR DES_UNROLL BF_PTR:::", +# SC4.0 doesn't pass 'make test', upgrade to SC5.0 or SC4.2. +# SC4.2 is ok, better than gcc even on bn as long as you tell it -xarch=v8 +# SC5.0 note: Compiler common patch 107357-01 or later is required! +"solaris-sparcv7-cc","cc:-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_PTR DES_RISC1 DES_UNROLL BF_PTR:::", +"solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o::", +"solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o:", +"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl:SIXTY_FOUR_BIT_LONG RC4_CHAR DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o:", + +#### SPARC Linux setups +"linux-sparcv7","gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG RC4_CHAR DES_UNROLL BF_PTR::", +# Ray Miller has patiently +# assisted with debugging of following two configs. +"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::BN_LLONG RC4_CHAR DES_UNROLL BF_PTR:asm/sparcv8.o::::", +# it's a real mess with -mcpu=ultrasparc option under Linux, but +# -Wa,-Av8plus should do the trick no matter what. +"linux-sparcv9","gcc:-mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::BN_LLONG RC4_CHAR DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o:", +# !!!Folowing can't be even tested yet!!! +# We have to wait till 64-bit glibc for SPARC is operational!!! +#"linux64-sparcv9","sparc64-linux-gcc:-m64 -mcpu=v9 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::BN_LLONG RC4_CHAR DES_UNROLL BF_PTR::::asm/md5-sparcv9.o:", + +# Sunos configs, assuming sparc for the gcc one. +##"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::(unknown)::DES_UNROLL:::", +"sunos-gcc","gcc:-O3 -mv8::(unknown)::BN_LLONG RC4_CHAR DES_UNROLL DES_PTR DES_RISC1:::", + +#### IRIX 5.x configs +# -mips2 flag is added by ./config when appropriate. +"irix-gcc","gcc:-O3 -DTERMIOS -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR:::", +"irix-cc", "cc:-O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::(unknown)::BN_LLONG DES_PTR DES_RISC2 DES_UNROLL BF_PTR:::", +#### IRIX 6.x configs +# Only N32 and N64 ABIs are supported. If you need O32 ABI build, invoke +# './Configure irix-[g]cc' manually. +# -mips4 flag is added by ./config when appropriate. +"irix-mips3-gcc","gcc:-mabi=n32 -mmips-as -O3 -DTERMIOS -DB_ENDIAN::(unknown)::MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:asm/mips3.o::", +"irix-mips3-cc", "cc:-n32 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::(unknown)::DES_PTR DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:asm/mips3.o::", +# N64 ABI builds. +"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -mmips-as -O3 -DTERMIOS -DB_ENDIAN::(unknown)::DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:asm/mips3.o::", +"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::(unknown)::DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:asm/mips3.o::", + +# HPUX 9.X config. +# Don't use the bundled cc. It is broken. Use HP ANSI C if possible, or +# egcs. gcc 2.8.1 is also broken. + +"hpux-cc", "cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O4 -z::(unknown)::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::", +# If hpux-cc fails (e.g. during "make test"), try the next one; otherwise, +# please report your OS and compiler version to the bugs@openssl.org +# mailing list. +"hpux-brokencc", "cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::(unknown)::DES_PTR DES_UNROLL DES_RISC1:::", + +"hpux-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown)::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::", +# If hpux-gcc fails, try this one: +"hpux-brokengcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown)::DES_PTR DES_UNROLL DES_RISC1:::", + +# HPUX 10.X config. Supports threads. +"hpux10-cc", "cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O4 -z::-D_REENTRANT::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::", +# If hpux10-cc fails, try this one (if still fails, try deleting BN_LLONG): +"hpux10-brokencc", "cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::-D_REENTRANT::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::", + +"hpux10-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::", +# If hpux10-gcc fails, try this one: +"hpux10-brokengcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT::DES_PTR DES_UNROLL DES_RISC1:::", + +# HPUX 11.X from www.globus.org. +# Only works on PA-RISC 2.0 cpus, and not optimized. Why? +"hpux11-32bit-cc","cc:+DA2.0 -DB_ENDIAN -D_HPUX_SOURCE -Aa -Ae +ESlit::-D_REENTRANT::DES_PTR DES_UNROLL DES_RISC1:::", +"hpux11-64bit-cc","cc:+DA2.0W -g -D_HPUX_SOURCE -Aa -Ae +ESlit::-D_REENTRANT::SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT :::", + +# Dec Alpha, OSF/1 - the alpha164-cc is the flags for a 21164A with +# the new compiler +# For gcc, the following gave a %50 speedup on a 164 over the 'DES_INT' version +"alpha-gcc","gcc:-O3::(unknown)::SIXTY_FOUR_BIT_LONG DES_UNROLL DES_RISC1:::", +"alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG:::", +"alpha164-cc", "cc:-std1 -tune host -fast -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG:::", +"FreeBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:::", + +# assembler versions -- currently defunct: +##"alpha-gcc","gcc:-O3::(unknown)::SIXTY_FOUR_BIT_LONG DES_UNROLL DES_RISC1:asm/alpha.o::", +##"alpha-cc", "cc:-tune host -O4 -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG:asm/alpha.o::", +##"alpha164-cc", "cc:-tune host -fast -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG:asm/alpha.o::", +##"OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:asm/alpha.o::", + +# The intel boxes :-), It would be worth seeing if bsdi-gcc can use the +# bn86-elf.o file file since it is hand tweaked assembler. +"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm", +"debug-linux-elf","gcc:-DREF_CHECK -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT:-lefence:BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm", +"linux-aout", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm", +"linux-mips", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::BN_LLONG:::", +"linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::::", +"NetBSD-sparc", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::", +"NetBSD-m68", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::", +"NetBSD-x86", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall::(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:", +"FreeBSD-elf", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm", +"FreeBSD", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm", +"bsdi-gcc", "gcc:-O3 -ffast-math -DL_ENDIAN -DPERL5 -m486::(unknown)::RSA_LLONG $x86_gcc_des $x86_gcc_opts:$x86_bsdi_asm", +"bsdi-elf-gcc", "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm", +"nextstep", "cc:-O -Wall::(unknown)::BN_LLONG $x86_gcc_des ${x86_gcc_opts}:::", +"nextstep3.3", "cc:-O3 -Wall::(unknown)::BN_LLONG $x86_gcc_des ${x86_gcc_opts}:::", +# NCR MP-RAS UNIX ver 02.03.01 +"ncr-scde","cc:-O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw::(unknown):-lsocket -lnsl:$x86_gcc_des ${x86_gcc_opts}:::", + +# UnixWare 2.0 +"unixware-2.0","cc:-O -DFILIO_H::(unknown):-lsocket -lnsl:$x86_gcc_des ${x86_gcc_opts}:::", +"unixware-2.0-pentium","cc:-O -DFILIO_H -Kpentium -Kthread::(unknown):-lsocket -lnsl:MD2_CHAR RC4_INDEX ${x86_gcc_des}::", + +# IBM's AIX. +"aix-cc", "cc:-O -DAIX -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR:::", +"aix-gcc", "gcc:-O3 -DAIX -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR:::", + +# +# Cray T90 (SDSC) +# It's Big-endian, but the algorithms work properly when B_ENDIAN is NOT +# defined. The T90 ints and longs are 8 bytes long, and apparently the +# B_ENDIAN code assumes 4 byte ints. Fortunately, the non-B_ENDIAN and +# non L_ENDIAN code aligns the bytes in each word correctly. +# +# The BIT_FIELD_LIMITS define is to avoid two fatal compiler errors: +#'Taking the address of a bit field is not allowed. ' +#'An expression with bit field exists as the operand of "sizeof" ' +# (written by Wayne Schroeder ) +"cray-t90-cc", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::(unknown)::SIXTY_FOUR_BIT_LONG DES_INT:::", + +# +# Cray T3E (Research Center Juelich, beckman@acl.lanl.gov) +# +# The BIT_FIELD_LIMITS define was written for the C90 (it seems). I added +# another use. Basically, the problem is that the T3E uses some bit fields +# for some st_addr stuff, and then sizeof and address-of fails +# I could not use the ams/alpha.o option because the Cray assembler, 'cam' +# did not like it. +"cray-t3e", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::(unknown)::SIXTY_FOUR_BIT_LONG DES_INT:::", + +# DGUX, 88100. +"dgux-R3-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown)::RC4_INDEX DES_UNROLL:::", +"dgux-R4-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown):-lnsl -lsocket:RC4_INDEX:RC4_INDEX DES_UNROLL:::", +"dgux-R4-x86-gcc", "gcc:-O3 -fomit-frame-pointer -DL_ENDIAN::(unknown):-lnsl -lsocket:BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm", + +# SCO 5 - Ben Laurie says the -O breaks the +# SCO cc. +"sco5-cc", "cc:::(unknown):-lsocket:$x86_gcc_des ${x86_gcc_opts}:::", # des options? +"sco5-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown):-lsocket:BN_LLONG $x86_gcc_des ${x86_gcc_opts}:::", # the SCO assembler doesn't seem to like our assembler files ... + +# Sinix/ReliantUNIX RM400 +# NOTE: The CDS++ Compiler up to V2.0Bsomething has the IRIX_CC_BUG optimizer problem. Better use -g */ +"ReliantUNIX","cc:-KPIC -g -DSNI -DTERMIOS -DB_ENDIAN::-Kthread:-lsocket -lnsl -lc -L/usr/ucblib -lucb:BN_LLONG DES_PTR DES_RISC2 DES_UNROLL BF_PTR:::", +"SINIX","cc:-O -DSNI::(unknown):-lsocket -lnsl -lc -L/usr/ucblib -lucb:RC4_INDEX RC4_CHAR:::", +"SINIX-N","/usr/ucb/cc:-O2 -misaligned::(unknown):-lucb:RC4_INDEX RC4_CHAR:::", + +# SIEMENS BS2000/OSD: an EBCDIC-based mainframe +"BS2000-OSD","c89:-XLLML -XLLMK -XL -DB_ENDIAN -DTERMIOS -DCHARSET_EBCDIC::(unknown):-lsocket -lnsl:THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::", + +# Windows NT, Microsoft Visual C++ 4.0 + +"VC-NT","cl:::::BN_LLONG RC4_INDEX ${x86_gcc_opts}:::", +"VC-WIN32","cl:::::BN_LLONG RC4_INDEX ${x86_gcc_opts}:::", +"VC-WIN16","cl:::(unknown)::MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX THIRTY_TWO_BIT:::", +"VC-W31-16","cl:::(unknown)::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX SIXTEEN_BIT:::", +"VC-W31-32","cl:::::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX THIRTY_TWO_BIT:::", +"VC-MSDOS","cl:::(unknown)::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX SIXTEEN_BIT:::", + +# Borland C++ 4.5 +"BC-32","bcc32:::::BN_LLONG DES_PTR RC4_INDEX:::", +"BC-16","bcc:::(unknown)::BN_LLONG DES_PTR RC4_INDEX SIXTEEN_BIT:::", + +# CygWin32 +# (Note: the real CFLAGS for Windows builds are defined by util/mk1mf.pl +# and its library files in util/pl/*) +"CygWin32", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::::BN_LLONG $x86_gcc_des $x86_gcc_opts:", +"Mingw32", "gcc:-DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::::BN_LLONG $x86_gcc_des $x86_gcc_opts:", + +# Ultrix from Bernhard Simon +"ultrix-cc","cc:-std1 -O -Olimit 1000 -DL_ENDIAN::(unknown)::::::", +"ultrix-gcc","gcc:-O3 -DL_ENDIAN::(unknown)::::::", +# K&R C is no longer supported; you need gcc on old Ultrix installations +##"ultrix","cc:-O2 -DNOPROTO -DNOCONST -DL_ENDIAN::(unknown)::::::", + +# Some OpenBSD from Bob Beck +"OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:::", +"OpenBSD-x86", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -m486::(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm", +"OpenBSD", "gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::BN_LLONG RC2_CHAR RC4_INDEX DES_UNROLL:::", +"OpenBSD-mips","gcc:-O2 -DL_ENDIAN::(unknown):BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR::::", + +); + +my @WinTargets=qw(VC-NT VC-WIN32 VC-WIN16 VC-W31-16 VC-W31-32 VC-MSDOS BC-32 + BC-16 CygWin32 Mingw32); + +my $prefix=""; +my $openssldir=""; +my $install_prefix=""; +my $no_threads=0; +my $threads=0; +my $no_asm=0; +my @skip=(); +my $Makefile="Makefile.ssl"; +my $des_locl="crypto/des/des_locl.h"; +my $des ="crypto/des/des.h"; +my $bn ="crypto/bn/bn.h"; +my $md2 ="crypto/md2/md2.h"; +my $rc4 ="crypto/rc4/rc4.h"; +my $rc4_locl="crypto/rc4/rc4_locl.h"; +my $idea ="crypto/idea/idea.h"; +my $rc2 ="crypto/rc2/rc2.h"; +my $bf ="crypto/bf/bf_locl.h"; +my $bn_asm ="bn_asm.o"; +my $des_enc="des_enc.o fcrypt_b.o"; +my $bf_enc ="bf_enc.o"; +my $cast_enc="c_enc.o"; +my $rc4_enc="rc4_enc.o"; +my $rc5_enc="rc5_enc.o"; +my $md5_obj=""; +my $sha1_obj=""; +my $rmd160_obj=""; +my $processor=""; +my $ranlib; +my $perl; + +$ranlib=&which("ranlib") or $ranlib="true"; +$perl=&which("perl5") or $perl=&which("perl") or $perl="perl"; + +&usage if ($#ARGV < 0); + +my $flags=""; +my $depflags=""; +my $libs=""; +my $target=""; +my $options=""; +foreach (@ARGV) + { + if (/^no-asm$/) + { + $no_asm=1; + $flags .= "-DNO_ASM "; + } + elsif (/^no-threads$/) + { $no_threads=1; } + elsif (/^threads$/) + { $threads=1; } + elsif (/^no-(.+)$/) + { + my $algo=$1; + push @skip,$algo; + $algo =~ tr/[a-z]/[A-Z]/; + $flags .= "-DNO_$algo "; + $depflags .= "-DNO_$algo "; + if ($algo eq "DES") + { + $options .= " no-mdc2"; + $flags .= "-DNO_MDC2 "; + $depflags .= "-DNO_MDC2 "; + } + } + elsif (/^386$/) + { $processor=386; } + elsif (/^rsaref$/) + { + $libs.= "-lRSAglue -lrsaref "; + $flags.= "-DRSAref "; + } + elsif (/^[-+]/) + { + if (/^-[lL](.*)$/) + { + $libs.=$_." "; + } + elsif (/^-[^-]/ or /^\+/) + { + $flags.=$_." "; + } + elsif (/^--prefix=(.*)$/) + { + $prefix=$1; + } + elsif (/^--openssldir=(.*)$/) + { + $openssldir=$1; + } + elsif (/^--install.prefix=(.*)$/) + { + $install_prefix=$1; + } + else + { + print STDERR $usage; + exit(1); + } + } + elsif ($_ =~ /^([^:]+):(.+)$/) + { + eval "\$table{\$1} = \"$2\""; # allow $xxx constructs in the string + $target=$1; + } + else + { + die "target already defined - $target\n" if ($target ne ""); + $target=$_; + } + unless ($_ eq $target) { + if ($options eq "") { + $options = $_; + } else { + $options .= " ".$_; + } + } +} + +if ($target eq "TABLE") { + foreach $target (sort keys %table) { + print_table_entry($target); + } + exit 0; +} + +&usage if (!defined($table{$target})); + +my $IsWindows=scalar grep /^$target$/,@WinTargets; + +$openssldir="/usr/local/ssl" if ($openssldir eq "" and $prefix eq ""); +$prefix=$openssldir if $prefix eq ""; + +chop $openssldir if $openssldir =~ /\/$/; +chop $prefix if $prefix =~ /\/$/; + +$openssldir=$prefix . "/ssl" if $openssldir eq ""; +$openssldir=$prefix . "/" . $openssldir if $openssldir !~ /^\//; + + +print "IsWindows=$IsWindows\n"; + +(my $cc,my $cflags,my $unistd,my $thread_cflag,my $lflags,my $bn_ops,my $bn_obj,my $des_obj,my $bf_obj, + $md5_obj,$sha1_obj,my $cast_obj,my $rc4_obj,$rmd160_obj,my $rc5_obj)= + split(/\s*:\s*/,$table{$target} . ":" x 20 , -1); +$cflags="$flags$cflags" if ($flags ne ""); + +my $thread_cflags; +if ($thread_cflag ne "(unknown)" && !$no_threads) + { + # If we know how to do it, support threads by default. + $threads = 1; + } +if ($thread_cflag eq "(unknown)") + { + # If the user asked for "threads", hopefully they also provided + # any system-dependent compiler options that are necessary. + $thread_cflags="-DTHREADS $cflags" + } +else + { + $thread_cflags="-DTHREADS $thread_cflag $cflags" + } + +$lflags="$libs$lflags"if ($libs ne ""); + +if ($no_asm) + { + $bn_obj=$des_obj=$bf_obj=$cast_obj=$rc4_obj=$rc5_obj=""; + $sha1_obj=$md5_obj=$rmd160_obj=""; + } + +if ($threads) + { + $cflags=$thread_cflags; + } + +#my ($bn1)=split(/\s+/,$bn_obj); +#$bn1 = "" unless defined $bn1; +#$bn1=$bn_asm unless ($bn1 =~ /\.o$/); +#$bn_obj="$bn1"; + +$bn_obj = $bn_asm unless $bn_obj ne ""; + +$des_obj=$des_enc unless ($des_obj =~ /\.o$/); +$bf_obj=$bf_enc unless ($bf_obj =~ /\.o$/); +$cast_obj=$cast_enc unless ($cast_obj =~ /\.o$/); +$rc4_obj=$rc4_enc unless ($rc4_obj =~ /\.o$/); +$rc5_obj=$rc5_enc unless ($rc5_obj =~ /\.o$/); +if ($sha1_obj =~ /\.o$/) + { +# $sha1_obj=$sha1_enc; + $cflags.=" -DSHA1_ASM"; + } +if ($md5_obj =~ /\.o$/) + { +# $md5_obj=$md5_enc; + $cflags.=" -DMD5_ASM"; + } +if ($rmd160_obj =~ /\.o$/) + { +# $rmd160_obj=$rmd160_enc; + $cflags.=" -DRMD160_ASM"; + } + +my $version = "unknown"; +my $major = "unknown"; +my $minor = "unknown"; + +open(IN,') + { + $version=$1 if /OPENSSL.VERSION.TEXT.*OpenSSL (\S+) /; + } +close(IN); + +if ($version =~ /(^[0-9]*)\.([0-9\.]*)/) + { + $major=$1; + $minor=$2; + } + +open(IN,'$Makefile") || die "unable to create $Makefile:$!\n"; +my $sdirs=0; +while () + { + chop; + $sdirs = 1 if /^SDIRS=/; + if ($sdirs) { + my $dir; + foreach $dir (@skip) { + s/$dir//; + } + } + $sdirs = 0 unless /\\$/; + s/^VERSION=.*/VERSION=$version/; + s/^MAJOR=.*/MAJOR=$major/; + s/^MINOR=.*/MINOR=$minor/; + s/^INSTALLTOP=.*$/INSTALLTOP=$prefix/; + s/^OPENSSLDIR=.*$/OPENSSLDIR=$openssldir/; + s/^INSTALL_PREFIX=.*$/INSTALL_PREFIX=$install_prefix/; + s/^PLATFORM=.*$/PLATFORM=$target/; + s/^OPTIONS=.*$/OPTIONS=$options/; + s/^CC=.*$/CC= $cc/; + s/^CFLAG=.*$/CFLAG= $cflags/; + s/^DEPFLAG=.*$/DEPFLAG= $depflags/; + s/^EX_LIBS=.*$/EX_LIBS= $lflags/; + s/^BN_ASM=.*$/BN_ASM= $bn_obj/; + s/^DES_ENC=.*$/DES_ENC= $des_obj/; + s/^BF_ENC=.*$/BF_ENC= $bf_obj/; + s/^CAST_ENC=.*$/CAST_ENC= $cast_obj/; + s/^RC4_ENC=.*$/RC4_ENC= $rc4_obj/; + s/^RC5_ENC=.*$/RC5_ENC= $rc5_obj/; + s/^MD5_ASM_OBJ=.*$/MD5_ASM_OBJ= $md5_obj/; + s/^SHA1_ASM_OBJ=.*$/SHA1_ASM_OBJ= $sha1_obj/; + s/^RMD160_ASM_OBJ=.*$/RMD160_ASM_OBJ= $rmd160_obj/; + s/^PROCESSOR=.*/PROCESSOR= $processor/; + s/^RANLIB=.*/RANLIB= $ranlib/; + s/^PERL=.*/PERL= $perl/; + print OUT $_."\n"; + } +close(IN); +close(OUT); + +print "CC =$cc\n"; +print "CFLAG =$cflags\n"; +print "EX_LIBS =$lflags\n"; +print "BN_ASM =$bn_obj\n"; +print "DES_ENC =$des_obj\n"; +print "BF_ENC =$bf_obj\n"; +print "CAST_ENC =$cast_obj\n"; +print "RC4_ENC =$rc4_obj\n"; +print "RC5_ENC =$rc5_obj\n"; +print "MD5_OBJ_ASM =$md5_obj\n"; +print "SHA1_OBJ_ASM =$sha1_obj\n"; +print "RMD160_OBJ_ASM=$rmd160_obj\n"; +print "PROCESSOR =$processor\n"; +print "RANLIB =$ranlib\n"; +print "PERL =$perl\n"; + +my $des_ptr=0; +my $des_risc1=0; +my $des_risc2=0; +my $des_unroll=0; +my $bn_ll=0; +my $def_int=2; +my $rc4_int=$def_int; +my $md2_int=$def_int; +my $idea_int=$def_int; +my $rc2_int=$def_int; +my $rc4_idx=0; +my $bf_ptr=0; +my @type=("char","short","int","long"); +my ($b64l,$b64,$b32,$b16,$b8)=(0,0,1,0,0); + +my $des_int; + +foreach (sort split(/\s+/,$bn_ops)) + { + $des_ptr=1 if /DES_PTR/; + $des_risc1=1 if /DES_RISC1/; + $des_risc2=1 if /DES_RISC2/; + $des_unroll=1 if /DES_UNROLL/; + $des_int=1 if /DES_INT/; + $bn_ll=1 if /BN_LLONG/; + $rc4_int=0 if /RC4_CHAR/; + $rc4_int=3 if /RC4_LONG/; + $rc4_idx=1 if /RC4_INDEX/; + $md2_int=0 if /MD2_CHAR/; + $md2_int=3 if /MD2_LONG/; + $idea_int=1 if /IDEA_SHORT/; + $idea_int=3 if /IDEA_LONG/; + $rc2_int=1 if /RC2_SHORT/; + $rc2_int=3 if /RC2_LONG/; + $bf_ptr=1 if $_ eq "BF_PTR"; + $bf_ptr=2 if $_ eq "BF_PTR2"; + ($b64l,$b64,$b32,$b16,$b8)=(0,1,0,0,0) if /SIXTY_FOUR_BIT/; + ($b64l,$b64,$b32,$b16,$b8)=(1,0,0,0,0) if /SIXTY_FOUR_BIT_LONG/; + ($b64l,$b64,$b32,$b16,$b8)=(0,0,1,0,0) if /THIRTY_TWO_BIT/; + ($b64l,$b64,$b32,$b16,$b8)=(0,0,0,1,0) if /SIXTEEN_BIT/; + ($b64l,$b64,$b32,$b16,$b8)=(0,0,0,0,1) if /EIGHT_BIT/; + } + +open(IN,'crypto/opensslconf.h') || die "unable to create crypto/opensslconf.h:$!\n"; +while () + { + if (/^#define\s+OPENSSLDIR/) + { print OUT "#define OPENSSLDIR \"$openssldir\"\n"; } + elsif (/^#define\s+OPENSSL_UNISTD/) + { + $unistd = "" if $unistd eq ""; + print OUT "#define OPENSSL_UNISTD $unistd\n"; + } + elsif (/^#((define)|(undef))\s+SIXTY_FOUR_BIT_LONG/) + { printf OUT "#%s SIXTY_FOUR_BIT_LONG\n",($b64l)?"define":"undef"; } + elsif (/^#((define)|(undef))\s+SIXTY_FOUR_BIT/) + { printf OUT "#%s SIXTY_FOUR_BIT\n",($b64)?"define":"undef"; } + elsif (/^#((define)|(undef))\s+THIRTY_TWO_BIT/) + { printf OUT "#%s THIRTY_TWO_BIT\n",($b32)?"define":"undef"; } + elsif (/^#((define)|(undef))\s+SIXTEEN_BIT/) + { printf OUT "#%s SIXTEEN_BIT\n",($b16)?"define":"undef"; } + elsif (/^#((define)|(undef))\s+EIGHT_BIT/) + { printf OUT "#%s EIGHT_BIT\n",($b8)?"define":"undef"; } + elsif (/^#((define)|(undef))\s+BN_LLONG\s*$/) + { printf OUT "#%s BN_LLONG\n",($bn_ll)?"define":"undef"; } + elsif (/^\#define\s+DES_LONG\s+.*/) + { printf OUT "#define DES_LONG unsigned %s\n", + ($des_int)?'int':'long'; } + elsif (/^\#(define|undef)\s+DES_PTR/) + { printf OUT "#%s DES_PTR\n",($des_ptr)?'define':'undef'; } + elsif (/^\#(define|undef)\s+DES_RISC1/) + { printf OUT "#%s DES_RISC1\n",($des_risc1)?'define':'undef'; } + elsif (/^\#(define|undef)\s+DES_RISC2/) + { printf OUT "#%s DES_RISC2\n",($des_risc2)?'define':'undef'; } + elsif (/^\#(define|undef)\s+DES_UNROLL/) + { printf OUT "#%s DES_UNROLL\n",($des_unroll)?'define':'undef'; } + elsif (/^#define\s+RC4_INT\s/) + { printf OUT "#define RC4_INT unsigned %s\n",$type[$rc4_int]; } + elsif (/^#((define)|(undef))\s+RC4_INDEX/) + { printf OUT "#%s RC4_INDEX\n",($rc4_idx)?"define":"undef"; } + elsif (/^#(define|undef)\s+I386_ONLY/) + { printf OUT "#%s I386_ONLY\n", ($processor == 386)? + "define":"undef"; } + elsif (/^#define\s+MD2_INT\s/) + { printf OUT "#define MD2_INT unsigned %s\n",$type[$md2_int]; } + elsif (/^#define\s+IDEA_INT\s/) + {printf OUT "#define IDEA_INT unsigned %s\n",$type[$idea_int];} + elsif (/^#define\s+RC2_INT\s/) + {printf OUT "#define RC2_INT unsigned %s\n",$type[$rc2_int];} + elsif (/^#(define|undef)\s+BF_PTR/) + { + printf OUT "#undef BF_PTR\n" if $bf_ptr == 0; + printf OUT "#define BF_PTR\n" if $bf_ptr == 1; + printf OUT "#define BF_PTR2\n" if $bf_ptr == 2; + } + else + { print OUT $_; } + } +close(IN); +close(OUT); + + +# Fix the date + +print "SIXTY_FOUR_BIT_LONG mode\n" if $b64l; +print "SIXTY_FOUR_BIT mode\n" if $b64; +print "THIRTY_TWO_BIT mode\n" if $b32; +print "SIXTEEN_BIT mode\n" if $b16; +print "EIGHT_BIT mode\n" if $b8; +print "DES_PTR used\n" if $des_ptr; +print "DES_RISC1 used\n" if $des_risc1; +print "DES_RISC2 used\n" if $des_risc2; +print "DES_UNROLL used\n" if $des_unroll; +print "DES_INT used\n" if $des_int; +print "BN_LLONG mode\n" if $bn_ll; +print "RC4 uses u$type[$rc4_int]\n" if $rc4_int != $def_int; +print "RC4_INDEX mode\n" if $rc4_idx; +print "MD2 uses u$type[$md2_int]\n" if $md2_int != $def_int; +print "IDEA uses u$type[$idea_int]\n" if $idea_int != $def_int; +print "RC2 uses u$type[$rc2_int]\n" if $rc2_int != $def_int; +print "BF_PTR used\n" if $bf_ptr == 1; +print "BF_PTR2 used\n" if $bf_ptr == 2; + +if($IsWindows) { + open (OUT,">crypto/buildinf.h") || die "Can't open buildinf.h"; + printf OUT <crypto\\objects\\obj_dat.h"; +} else { + (system "make -f Makefile.ssl PERL=\'$perl\' links") == 0 or exit $?; + ### (system 'make depend') == 0 or exit $? if $depflags ne ""; + # Run "make depend" manually if you want to be able to delete + # the source code files of ciphers you left out. + &dofile("tools/c_rehash",$openssldir,'^DIR=', 'DIR=%s',); + if ( $perl =~ m@^/@) { + &dofile("apps/der_chop",$perl,'^#!/', '#!%s'); + } else { + # No path for Perl known ... + &dofile("apps/der_chop",'/usr/local/bin/perl','^#!/', '#!%s'); + } +} + +my $pwd; + +if($IsWindows) { + $pwd="(current directory)"; +} else { + $pwd =`pwd`; + chop($pwd); +} +print < +should be used instead of #include . +These new file locations allow installing the OpenSSL header +files in /usr/local/include/openssl/ and should help avoid +conflicts with other libraries. + +To compile programs that use the old form , +usually an additional compiler option will suffice: E.g., add + -I$prefix/include/openssl +or + -I$pwd/include/openssl +to the CFLAGS in the Makefile of the program that you want to compile +(and leave all the original -I...'s in place!). + +Please make sure that no old OpenSSL header files are around: +The include directory should now be empty except for the openssl +subdirectory. + +EOF + +print <<\EOF if (!$no_threads && !$threads); + +The library could not be configured for supporting multi-threaded +applications as the compiler options required on this system are not known. +See file INSTALL for details if you need multi-threading. + +EOF + +exit(0); + +sub usage + { + print STDERR $usage; + print STDERR "pick os/compiler from:"; + my $j=0; + my $i; + foreach $i (sort keys %table) + { + next if $i =~ /^debug/; + print STDERR "\n" if ($j++ % 4) == 0; + printf(STDERR "%-18s ",$i); + } + foreach $i (sort keys %table) + { + next if $i !~ /^debug/; + print STDERR "\n" if ($j++ % 4) == 0; + printf(STDERR "%-18s ",$i); + } + print STDERR "\n"; + exit(1); + } + +sub which + { + my($name)=@_; + my $path; + foreach $path (split /:/, $ENV{PATH}) + { + if (-f "$path/$name" and -x _) + { + return "$path/$name" unless ($name eq "perl" and + system("$path/$name -e " . '\'exit($]<5.0);\'')); + } + } + } + +sub dofile + { + my $f; my $p; my %m; my @a; my $k; my $ff; + ($f,$p,%m)=@_; + + open(IN,"<$f.in") || open(IN,"<$f") || die "unable to open $f:$!\n"; + @a=; + close(IN); + foreach $k (keys %m) + { + grep(/$k/ && ($_=sprintf($m{$k}."\n",$p)),@a); + } + ($ff=$f) =~ s/\..*$//; + open(OUT,">$ff.new") || die "unable to open $f:$!\n"; + print OUT @a; + close(OUT); + rename($f,"$ff.bak") || die "unable to rename $f\n" if -e $f; + rename("$ff.new",$f) || die "unable to rename $ff.new\n"; + } + +sub print_table_entry + { + my $target = shift; + + (my $cc,my $cflags,my $unistd,my $thread_cflag,my $lflags,my $bn_ops, + my $bn_obj,my $des_obj,my $bf_obj, + $md5_obj,$sha1_obj,my $cast_obj,my $rc4_obj,$rmd160_obj,my $rc5_obj)= + split(/\s*:\s*/,$table{$target} . ":" x 20 , -1); + + print < Build without the specified cipher (bf, cast, des, dh, dsa, + hmac, md2, md5, mdc2, rc2, rc4, rc5, rsa, sha). + The crypto/ directory can be removed after running + "make depend". + + -Dxxx, -lxxx, -Lxxx, -fxxx, -Kxxx These system specific options will + be passed through to the compiler to allow you to + define preprocessor symbols, specify additional libraries, + library directories or other compiler options. + + + Installation in Detail + ---------------------- + + 1a. Configure OpenSSL for your operation system automatically: + + $ ./config [options] + + This guesses at your operating system (and compiler, if necessary) and + configures OpenSSL based on this guess. Run ./config -t to see + if it guessed correctly. If it did not get it correct or you want to + use a different compiler then go to step 1b. Otherwise go to step 2. + + On some systems, you can include debugging information as follows: + + $ ./config -d [options] + + 1b. Configure OpenSSL for your operating system manually + + OpenSSL knows about a range of different operating system, hardware and + compiler combinations. To see the ones it knows about, run + + $ ./Configure + + Pick a suitable name from the list that matches your system. For most + operating systems there is a choice between using "cc" or "gcc". When + you have identified your system (and if necessary compiler) use this name + as the argument to ./Configure. For example, a "linux-elf" user would + run: + + $ ./Configure linux-elf [options] + + If your system is not available, you will have to edit the Configure + program and add the correct configuration for your system. The + generic configurations "cc" or "gcc" should usually work. + + Configure creates the file Makefile.ssl from Makefile.org and + defines various macros in crypto/opensslconf.h (generated from + crypto/opensslconf.h.in). + + 2. Build OpenSSL by running: + + $ make + + This will build the OpenSSL libraries (libcrypto.a and libssl.a) and the + OpenSSL binary ("openssl"). The libraries will be built in the top-level + directory, and the binary will be in the "apps" directory. + + If "make" fails, please report the problem to . + Include the output of "./config -t" and the OpenSSL version + number in your message. + + [If you encounter assembler error messages, try the "no-asm" + configuration option as an immediate fix. Note that on Solaris x86 + (not on Sparcs!) you may have to install the GNU assembler to use + OpenSSL assembler code -- /usr/ccs/bin/as won't do.] + + Compiling parts of OpenSSL with gcc and others with the system + compiler will result in unresolved symbols on some systems. + + 3. After a successful build, the libraries should be tested. Run: + + $ make test + + If a test fails, try removing any compiler optimization flags from + the CFLAGS line in Makefile.ssl and run "make clean; make". Please + send a bug report to , including the + output of "openssl version -a" and of the failed test. + + 4. If everything tests ok, install OpenSSL with + + $ make install + + This will create the installation directory (if it does not exist) and + then the following subdirectories: + + certs Initially empty, this is the default location + for certificate files. + misc Various scripts. + private Initially empty, this is the default location + for private key files. + + If you didn't chose a different installation prefix, the + following additional subdirectories will be created: + + bin Contains the openssl binary and a few other + utility programs. + include/openssl Contains the header files needed if you want to + compile programs with libcrypto or libssl. + lib Contains the OpenSSL library files themselves. + + Package builders who want to configure the library for standard + locations, but have the package installed somewhere else so that + it can easily be packaged, can use + + $ make INSTALL_PREFIX=/tmp/package-root install + + (or specify "--install_prefix=/tmp/package-root" as a configure + option). The specified prefix will be prepended to all + installation target filenames. + + + NOTE: The header files used to reside directly in the include + directory, but have now been moved to include/openssl so that + OpenSSL can co-exist with other libraries which use some of the + same filenames. This means that applications that use OpenSSL + should now use C preprocessor directives of the form + + #include + + instead of "#include ", which was used with library versions + up to OpenSSL 0.9.2b. + + If you install a new version of OpenSSL over an old library version, + you should delete the old header files in the include directory. + + Compatibility issues: + + * COMPILING existing applications + + To compile an application that uses old filenames -- e.g. + "#include " --, it will usually be enough to find + the CFLAGS definition in the application's Makefile and + add a C option such as + + -I/usr/local/ssl/include/openssl + + to it. + + But don't delete the existing -I option that points to + the ..../include directory! Otherwise, OpenSSL header files + could not #include each other. + + * WRITING applications + + To write an application that is able to handle both the new + and the old directory layout, so that it can still be compiled + with library versions up to OpenSSL 0.9.2b without bothering + the user, you can proceed as follows: + + - Always use the new filename of OpenSSL header files, + e.g. #include . + + - Create a directory "incl" that contains only a symbolic + link named "openssl", which points to the "include" directory + of OpenSSL. + For example, your application's Makefile might contain the + following rule, if OPENSSLDIR is a pathname (absolute or + relative) of the directory where OpenSSL resides: + + incl/openssl: + -mkdir incl + cd $(OPENSSLDIR) # Check whether the directory really exists + -ln -s `cd $(OPENSSLDIR); pwd`/include incl/openssl + + You will have to add "incl/openssl" to the dependencies + of those C files that include some OpenSSL header file. + + - Add "-Iincl" to your CFLAGS. + + With these additions, the OpenSSL header files will be available + under both name variants if an old library version is used: + Your application can reach them under names like , + while the header files still are able to #include each other + with names of the form . + + + Note on multi-threading + ----------------------- + + For some systems, the OpenSSL Configure script knows what compiler options + are needed to generate a library that is suitable for multi-threaded + applications. On these systems, support for multi-threading is enabled + by default; use the "no-threads" option to disable (this should never be + necessary). + + On other systems, to enable support for multi-threading, you will have + to specify at least two options: "threads", and a system-dependent option. + (The latter is "-D_REENTRANT" on various systems.) The default in this + case, obviously, is not to include support for multi-threading (but + you can still use "no-threads" to suppress an annoying warning message + from the Configure script.) + + +-------------------------------------------------------------------------------- +The orignal Unix build instructions from SSLeay follow. +Note: some of this may be out of date and no longer applicable +-------------------------------------------------------------------------------- + +# When bringing the SSLeay distribution back from the evil intel world +# of Windows NT, do the following to make it nice again under unix :-) +# You don't normally need to run this. +sh util/fixNT.sh # This only works for NT now - eay - 21-Jun-1996 + +# If you have perl, and it is not in /usr/local/bin, you can run +perl util/perlpath.pl /new/path +# and this will fix the paths in all the scripts. DO NOT put +# /new/path/perl, just /new/path. The build +# environment always run scripts as 'perl perlscript.pl' but some of the +# 'applications' are easier to usr with the path fixed. + +# Edit crypto/cryptlib.h, tools/c_rehash, and Makefile.ssl +# to set the install locations if you don't like +# the default location of /usr/local/ssl +# Do this by running +perl util/ssldir.pl /new/ssl/home +# if you have perl, or by hand if not. + +# If things have been stuffed up with the sym links, run +make -f Makefile.ssl links +# This will re-populate lib/include with symlinks and for each +# directory, link Makefile to Makefile.ssl + +# Setup the machine dependent stuff for the top level makefile +# and some select .h files +# If you don't have perl, this will bomb, in which case just edit the +# top level Makefile.ssl +./Configure 'system type' + +# The 'Configure' command contains default configuration parameters +# for lots of machines. Configure edits 5 lines in the top level Makefile +# It modifies the following values in the following files +Makefile.ssl CC CFLAG EX_LIBS BN_MULW +crypto/des/des.h DES_LONG +crypto/des/des_locl.h DES_PTR +crypto/md2/md2.h MD2_INT +crypto/rc4/rc4.h RC4_INT +crypto/rc4/rc4_enc.c RC4_INDEX +crypto/rc2/rc2.h RC2_INT +crypto/bf/bf_locl.h BF_INT +crypto/idea/idea.h IDEA_INT +crypto/bn/bn.h BN_LLONG (and defines one of SIXTY_FOUR_BIT, + SIXTY_FOUR_BIT_LONG, THIRTY_TWO_BIT, + SIXTEEN_BIT or EIGHT_BIT) +Please remember that all these files are actually copies of the file with +a .org extention. So if you change crypto/des/des.h, the next time +you run Configure, it will be runover by a 'configured' version of +crypto/des/des.org. So to make the changer the default, change the .org +files. The reason these files have to be edited is because most of +these modifications change the size of fundamental data types. +While in theory this stuff is optional, it often makes a big +difference in performance and when using assember, it is importaint +for the 'Bignum bits' match those required by the assember code. +A warning for people using gcc with sparc cpu's. Gcc needs the -mv8 +flag to use the hardware multiply instruction which was not present in +earlier versions of the sparc CPU. I define it by default. If you +have an old sparc, and it crashes, try rebuilding with this flag +removed. I am leaving this flag on by default because it makes +things run 4 times faster :-) + +# clean out all the old stuff +make clean + +# Do a make depend only if you have the makedepend command installed +# This is not needed but it does make things nice when developing. +make depend + +# make should build everything +make + +# fix up the demo certificate hash directory if it has been stuffed up. +make rehash + +# test everything +make test + +# install the lot +make install + +# It is worth noting that all the applications are built into the one +# program, ssleay, which is then has links from the other programs +# names to it. +# The applicatons can be built by themselves, just don't define the +# 'MONOLITH' flag. So to build the 'enc' program stand alone, +gcc -O2 -Iinclude apps/enc.c apps/apps.c libcrypto.a + +# Other useful make options are +make makefile.one +# which generate a 'makefile.one' file which will build the complete +# SSLeay distribution with temp. files in './tmp' and 'installable' files +# in './out' + +# Have a look at running +perl util/mk1mf.pl help +# this can be used to generate a single makefile and is about the only +# way to generate makefiles for windows. + +# There is actually a final way of building SSLeay. +gcc -O2 -c -Icrypto -Iinclude crypto/crypto.c +gcc -O2 -c -Issl -Iinclude ssl/ssl.c +# and you now have the 2 libraries as single object files :-). +# If you want to use the assember code for your particular platform +# (DEC alpha/x86 are the main ones, the other assember is just the +# output from gcc) you will need to link the assember with the above generated +# object file and also do the above compile as +gcc -O2 -DBN_ASM -c -Icrypto -Iinclude crypto/crypto.c + +This last option is probably the best way to go when porting to another +platform or building shared libraries. It is not good for development so +I don't normally use it. + +To build shared libararies under unix, have a look in shlib, basically +you are on your own, but it is quite easy and all you have to do +is compile 2 (or 3) files. + +For mult-threading, have a read of doc/threads.doc. Again it is quite +easy and normally only requires some extra callbacks to be defined +by the application. +The examples for solaris and windows NT/95 are in the mt directory. + +have fun + +eric 25-Jun-1997 + +IRIX 5.x will build as a 32 bit system with mips1 assember. +IRIX 6.x will build as a 64 bit system with mips3 assember. It conforms +to n32 standards. In theory you can compile the 64 bit assember under +IRIX 5.x but you will have to have the correct system software installed. diff --git a/crypto/openssl/LICENSE b/crypto/openssl/LICENSE new file mode 100644 index 000000000000..b9e18d5e7bf3 --- /dev/null +++ b/crypto/openssl/LICENSE @@ -0,0 +1,127 @@ + + LICENSE ISSUES + ============== + + The OpenSSL toolkit stays under a dual license, i.e. both the conditions of + the OpenSSL License and the original SSLeay license apply to the toolkit. + See below for the actual license texts. Actually both licenses are BSD-style + Open Source licenses. In case of any license issues related to OpenSSL + please contact openssl-core@openssl.org. + + OpenSSL License + --------------- + +/* ==================================================================== + * Copyright (c) 1998-1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + + Original SSLeay License + ----------------------- + +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + diff --git a/crypto/openssl/Makefile.org b/crypto/openssl/Makefile.org new file mode 100644 index 000000000000..2def579c264e --- /dev/null +++ b/crypto/openssl/Makefile.org @@ -0,0 +1,351 @@ +## +## Makefile for OpenSSL +## + +VERSION= +MAJOR= +MINOR= +PLATFORM=dist +OPTIONS= +# INSTALL_PREFIX is for package builders so that they can configure +# for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/. +# Normally it is left empty. +INSTALL_PREFIX= +INSTALLTOP=/usr/local/ssl + +# Do not edit this manually. Use Configure --openssldir=DIR do change this! +OPENSSLDIR=/usr/local/ssl + +# RSAref - Define if we are to link with RSAref. +# NO_IDEA - Define to build without the IDEA algorithm +# NO_RC4 - Define to build without the RC4 algorithm +# NO_RC2 - Define to build without the RC2 algorithm +# THREADS - Define when building with threads, you will probably also need any +# system defines as well, i.e. _REENTERANT for Solaris 2.[34] +# TERMIO - Define the termio terminal subsystem, needed if sgtty is missing. +# TERMIOS - Define the termios terminal subsystem, Silicon Graphics. +# LONGCRYPT - Define to use HPUX 10.x's long password modification to crypt(3). +# DEVRANDOM - Give this the value of the 'random device' if your OS supports +# one. 32 bytes will be read from this when the random +# number generator is initalised. +# SSL_ALLOW_ADH - define if you want the server to be able to use the +# SSLv3 anon-DH ciphers. +# SSL_FORBID_ENULL - define if you want the server to be not able to use the +# NULL encryption ciphers. +# +# LOCK_DEBUG - turns on lots of lock debug output :-) +# REF_CHECK - turn on some xyz_free() assertions. +# REF_PRINT - prints some stuff on structure free. +# CRYPTO_MDEBUG - turns on my 'memory leak' detecting stuff +# MFUNC - Make all Malloc/Free/Realloc calls call +# CRYPTO_malloc/CRYPTO_free/CRYPTO_realloc which can be setup to +# call application defined callbacks via CRYPTO_set_mem_functions() +# MD5_ASM needs to be defined to use the x86 assembler for MD5 +# SHA1_ASM needs to be defined to use the x86 assembler for SHA1 +# RMD160_ASM needs to be defined to use the x86 assembler for RIPEMD160 +# Do not define B_ENDIAN or L_ENDIAN if 'unsigned long' == 8. It must +# equal 4. +# PKCS1_CHECK - pkcs1 tests. + +CC= gcc +#CFLAG= -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -DSHA1_ASM -DMD5_ASM -DRMD160_ASM +CFLAG= -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM +DEPFLAG= +PEX_LIBS= -L. -L.. -L../.. -L../../.. +EX_LIBS= +AR=ar r +RANLIB= ranlib +PERL= perl + +# Set BN_ASM to bn_asm.o if you want to use the C version +BN_ASM= bn_asm.o +#BN_ASM= bn_asm.o +#BN_ASM= asm/bn86-elf.o # elf, linux-elf +#BN_ASM= asm/bn86-sol.o # solaris +#BN_ASM= asm/bn86-out.o # a.out, FreeBSD +#BN_ASM= asm/bn86bsdi.o # bsdi +#BN_ASM= asm/alpha.o # DEC Alpha +#BN_ASM= asm/pa-risc2.o # HP-UX PA-RISC +#BN_ASM= asm/r3000.o # SGI MIPS cpu +#BN_ASM= asm/sparc.o # Sun solaris/SunOS +#BN_ASM= asm/bn-win32.o # Windows 95/NT +#BN_ASM= asm/x86w16.o # 16 bit code for Windows 3.1/DOS +#BN_ASM= asm/x86w32.o # 32 bit code for Windows 3.1 + +# For x86 assembler: Set PROCESSOR to 386 if you want to support +# the 80386. +PROCESSOR= + +# Set DES_ENC to des_enc.o if you want to use the C version +#There are 4 x86 assember options. +DES_ENC= asm/dx86-out.o asm/yx86-out.o +#DES_ENC= des_enc.o fcrypt_b.o # C +#DES_ENC= asm/dx86-elf.o asm/yx86-elf.o # elf +#DES_ENC= asm/dx86-sol.o asm/yx86-sol.o # solaris +#DES_ENC= asm/dx86-out.o asm/yx86-out.o # a.out, FreeBSD +#DES_ENC= asm/dx86bsdi.o asm/yx86bsdi.o # bsdi + +# Set BF_ENC to bf_enc.o if you want to use the C version +#There are 4 x86 assember options. +BF_ENC= asm/bx86-out.o +#BF_ENC= bf_enc.o +#BF_ENC= asm/bx86-elf.o # elf +#BF_ENC= asm/bx86-sol.o # solaris +#BF_ENC= asm/bx86-out.o # a.out, FreeBSD +#BF_ENC= asm/bx86bsdi.o # bsdi + +# Set CAST_ENC to c_enc.o if you want to use the C version +#There are 4 x86 assember options. +CAST_ENC= asm/cx86-out.o +#CAST_ENC= c_enc.o +#CAST_ENC= asm/cx86-elf.o # elf +#CAST_ENC= asm/cx86-sol.o # solaris +#CAST_ENC= asm/cx86-out.o # a.out, FreeBSD +#CAST_ENC= asm/cx86bsdi.o # bsdi + +# Set RC4_ENC to rc4_enc.o if you want to use the C version +#There are 4 x86 assember options. +RC4_ENC= asm/rx86-out.o +#RC4_ENC= rc4_enc.o +#RC4_ENC= asm/rx86-elf.o # elf +#RC4_ENC= asm/rx86-sol.o # solaris +#RC4_ENC= asm/rx86-out.o # a.out, FreeBSD +#RC4_ENC= asm/rx86bsdi.o # bsdi + +# Set RC5_ENC to rc5_enc.o if you want to use the C version +#There are 4 x86 assember options. +RC5_ENC= asm/r586-out.o +#RC5_ENC= rc5_enc.o +#RC5_ENC= asm/r586-elf.o # elf +#RC5_ENC= asm/r586-sol.o # solaris +#RC5_ENC= asm/r586-out.o # a.out, FreeBSD +#RC5_ENC= asm/r586bsdi.o # bsdi + +# Also need MD5_ASM defined +MD5_ASM_OBJ= asm/mx86-out.o +#MD5_ASM_OBJ= asm/mx86-elf.o # elf +#MD5_ASM_OBJ= asm/mx86-sol.o # solaris +#MD5_ASM_OBJ= asm/mx86-out.o # a.out, FreeBSD +#MD5_ASM_OBJ= asm/mx86bsdi.o # bsdi + +# Also need SHA1_ASM defined +SHA1_ASM_OBJ= asm/sx86-out.o +#SHA1_ASM_OBJ= asm/sx86-elf.o # elf +#SHA1_ASM_OBJ= asm/sx86-sol.o # solaris +#SHA1_ASM_OBJ= asm/sx86-out.o # a.out, FreeBSD +#SHA1_ASM_OBJ= asm/sx86bsdi.o # bsdi + +# Also need RMD160_ASM defined +RMD160_ASM_OBJ= asm/rm86-out.o +#RMD160_ASM_OBJ= asm/rm86-elf.o # elf +#RMD160_ASM_OBJ= asm/rm86-sol.o # solaris +#RMD160_ASM_OBJ= asm/rm86-out.o # a.out, FreeBSD +#RMD160_ASM_OBJ= asm/rm86bsdi.o # bsdi + +DIRS= crypto ssl rsaref apps test tools +SHLIBDIRS= crypto ssl + +# dirs in crypto to build +SDIRS= \ + md2 md5 sha mdc2 hmac ripemd \ + des rc2 rc4 rc5 idea bf cast \ + bn rsa dsa dh \ + buffer bio stack lhash rand err objects \ + evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp + +MAKEFILE= Makefile.ssl +MAKE= make -f Makefile.ssl + +MAN1=1 +MAN3=3 +SHELL=/bin/sh + +TOP= . +ONEDIRS=out tmp +EDIRS= times doc bugs util include certs ms shlib mt demos perl sf dep VMS +WDIRS= windows +LIBS= libcrypto.a libssl.a + +GENERAL= Makefile +BASENAME= openssl +NAME= $(BASENAME)-$(VERSION) +TARFILE= $(NAME).tar +WTARFILE= $(NAME)-win.tar +EXHEADER= e_os.h e_os2.h +HEADER= e_os.h + +all: Makefile.ssl + @for i in $(DIRS) ;\ + do \ + (cd $$i && echo "making all in $$i..." && \ + $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' SDIRS='${SDIRS}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' all ) || exit 1; \ + done + -@# cd perl; $(PERL) Makefile.PL; make + +sub_all: + @for i in $(DIRS) ;\ + do \ + (cd $$i && echo "making all in $$i..." && \ + $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' all ) || exit 1; \ + done; + +linux-shared: + for i in ${SHLIBDIRS}; do \ + rm -f lib$$i.a lib$$i.so \ + lib$$i.so.${MAJOR} lib$$i.so.${MAJOR}.${MINOR}; \ + ${MAKE} CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='-fPIC ${CFLAG}' SDIRS='${SDIRS}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' DIRS=$$i clean all || exit 1; \ + ( set -x; ${CC} -shared -o lib$$i.so.${MAJOR}.${MINOR} \ + -Wl,-S,-soname=lib$$i.so.${MAJOR} \ + -Wl,--whole-archive lib$$i.a \ + -Wl,--no-whole-archive -lc ) || exit 1; \ + rm -f lib$$i.a; make -C $$i clean || exit 1 ;\ + done; + @set -x; \ + for i in ${SHLIBDIRS}; do \ + ln -s lib$$i.so.${MAJOR}.${MINOR} lib$$i.so.${MAJOR}; \ + ln -s lib$$i.so.${MAJOR} lib$$i.so; \ + done; + +Makefile.ssl: Makefile.org + @echo "Makefile.ssl is older than Makefile.org." + @echo "Reconfigure the source tree (via './config' or 'perl Configure'), please." + @false + +libclean: + rm -f *.a */lib */*/lib + +clean: + rm -f shlib/*.o *.o core a.out fluff *.map + @for i in $(DIRS) ;\ + do \ + (cd $$i && echo "making clean in $$i..." && \ + $(MAKE) SDIRS='${SDIRS}' clean ) || exit 1; \ + rm -f $(LIBS); \ + done; + rm -f *.a *.o speed.* *.map *.so .pure core + rm -f $(TARFILE) + @for i in $(ONEDIRS) ;\ + do \ + rm -fr $$i/*; \ + done + +makefile.one: files + $(PERL) util/mk1mf.pl >makefile.one; \ + sh util/do_ms.sh + +files: + $(PERL) $(TOP)/util/files.pl Makefile.ssl > $(TOP)/MINFO + @for i in $(DIRS) ;\ + do \ + (cd $$i && echo "making 'files' in $$i..." && \ + $(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' files ) || exit 1; \ + done; + +links: + @$(TOP)/util/point.sh Makefile.ssl Makefile + @$(PERL) $(TOP)/util/mkdir-p.pl include/openssl + @$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER) + @for i in $(DIRS); do \ + (cd $$i && echo "making links in $$i..." && \ + $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PERL='${PERL}' links ) || exit 1; \ + done; + +dclean: + rm -f *.bak + @for i in $(DIRS) ;\ + do \ + (cd $$i && echo "making dclean in $$i..." && \ + $(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' dclean ) || exit 1; \ + done; + +rehash: + @(OPENSSL="`pwd`/apps/openssl"; export OPENSSL; sh tools/c_rehash certs) + +test: tests + +tests: rehash + @(cd test && echo "testing..." && \ + $(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SDIRS='${SDIRS}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' tests ); + @apps/openssl version -a + +depend: + @for i in $(DIRS) ;\ + do \ + (cd $$i && echo "making dependencies $$i..." && \ + $(MAKE) SDIRS='${SDIRS}' DEPFLAG='${DEPFLAG}' depend ) || exit 1; \ + done; + +lint: + @for i in $(DIRS) ;\ + do \ + (cd $$i && echo "making lint $$i..." && \ + $(MAKE) SDIRS='${SDIRS}' lint ) || exit 1; \ + done; + +tags: + @for i in $(DIRS) ;\ + do \ + (cd $$i && echo "making tags $$i..." && \ + $(MAKE) SDIRS='${SDIRS}' tags ) || exit 1; \ + done; + +errors: + perl util/mkerr.pl -recurse -write + +util/libeay.num:: + perl util/mkdef.pl crypto update + +util/ssleay.num:: + perl util/mkdef.pl ssl update + +TABLE: Configure + (echo 'Output of `Configure TABLE'"':"; \ + perl Configure TABLE) > TABLE + +update: depend errors util/libeay.num util/ssleay.num TABLE + +tar: + @tar --norecurse -cvf - \ + `find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort` |\ + tardy --user_number=0 --user_name=openssl \ + --group_number=0 --group_name=openssl \ + --prefix=openssl-$(VERSION) - |\ + gzip --best >../$(TARFILE).gz; \ + ls -l ../$(TARFILE).gz + +dist: + $(PERL) Configure dist + @$(MAKE) dist_pem_h + @$(MAKE) SDIRS='${SDIRS}' clean + @$(MAKE) tar + +dist_pem_h: + (cd crypto/pem; $(MAKE) CC='${CC}' SDIRS='${SDIRS}' CFLAG='${CFLAG}' pem.h; $(MAKE) clean) + +install: all + @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \ + $(INSTALL_PREFIX)$(INSTALLTOP)/lib \ + $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \ + $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \ + $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \ + $(INSTALL_PREFIX)$(OPENSSLDIR)/private \ + $(INSTALL_PREFIX)$(OPENSSLDIR)/lib + @for i in $(EXHEADER) ;\ + do \ + (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + @for i in $(DIRS) ;\ + do \ + (cd $$i; echo "installing $$i..."; \ + $(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' EX_LIBS='${EX_LIBS}' SDIRS='${SDIRS}' install ); \ + done + @for i in $(LIBS) ;\ + do \ + ( echo installing $$i; \ + cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \ + $(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \ + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \ + done + +# DO NOT DELETE THIS LINE -- make depend depends on it. diff --git a/crypto/openssl/Makefile.ssl b/crypto/openssl/Makefile.ssl new file mode 100644 index 000000000000..a72cbbb40c83 --- /dev/null +++ b/crypto/openssl/Makefile.ssl @@ -0,0 +1,351 @@ +## +## Makefile for OpenSSL +## + +VERSION=0.9.4 +MAJOR=0 +MINOR=9.4 +PLATFORM=dist +OPTIONS= +# INSTALL_PREFIX is for package builders so that they can configure +# for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/. +# Normally it is left empty. +INSTALL_PREFIX= +INSTALLTOP=/usr/local/ssl + +# Do not edit this manually. Use Configure --openssldir=DIR do change this! +OPENSSLDIR=/usr/local/ssl + +# RSAref - Define if we are to link with RSAref. +# NO_IDEA - Define to build without the IDEA algorithm +# NO_RC4 - Define to build without the RC4 algorithm +# NO_RC2 - Define to build without the RC2 algorithm +# THREADS - Define when building with threads, you will probably also need any +# system defines as well, i.e. _REENTERANT for Solaris 2.[34] +# TERMIO - Define the termio terminal subsystem, needed if sgtty is missing. +# TERMIOS - Define the termios terminal subsystem, Silicon Graphics. +# LONGCRYPT - Define to use HPUX 10.x's long password modification to crypt(3). +# DEVRANDOM - Give this the value of the 'random device' if your OS supports +# one. 32 bytes will be read from this when the random +# number generator is initalised. +# SSL_ALLOW_ADH - define if you want the server to be able to use the +# SSLv3 anon-DH ciphers. +# SSL_FORBID_ENULL - define if you want the server to be not able to use the +# NULL encryption ciphers. +# +# LOCK_DEBUG - turns on lots of lock debug output :-) +# REF_CHECK - turn on some xyz_free() assertions. +# REF_PRINT - prints some stuff on structure free. +# CRYPTO_MDEBUG - turns on my 'memory leak' detecting stuff +# MFUNC - Make all Malloc/Free/Realloc calls call +# CRYPTO_malloc/CRYPTO_free/CRYPTO_realloc which can be setup to +# call application defined callbacks via CRYPTO_set_mem_functions() +# MD5_ASM needs to be defined to use the x86 assembler for MD5 +# SHA1_ASM needs to be defined to use the x86 assembler for SHA1 +# RMD160_ASM needs to be defined to use the x86 assembler for RIPEMD160 +# Do not define B_ENDIAN or L_ENDIAN if 'unsigned long' == 8. It must +# equal 4. +# PKCS1_CHECK - pkcs1 tests. + +CC= cc +#CFLAG= -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -DSHA1_ASM -DMD5_ASM -DRMD160_ASM +CFLAG= -O +DEPFLAG= +PEX_LIBS= -L. -L.. -L../.. -L../../.. +EX_LIBS= +AR=ar r +RANLIB= /usr/bin/ranlib +PERL= /usr/local/bin/perl5 + +# Set BN_ASM to bn_asm.o if you want to use the C version +BN_ASM= bn_asm.o +#BN_ASM= bn_asm.o +#BN_ASM= asm/bn86-elf.o # elf, linux-elf +#BN_ASM= asm/bn86-sol.o # solaris +#BN_ASM= asm/bn86-out.o # a.out, FreeBSD +#BN_ASM= asm/bn86bsdi.o # bsdi +#BN_ASM= asm/alpha.o # DEC Alpha +#BN_ASM= asm/pa-risc2.o # HP-UX PA-RISC +#BN_ASM= asm/r3000.o # SGI MIPS cpu +#BN_ASM= asm/sparc.o # Sun solaris/SunOS +#BN_ASM= asm/bn-win32.o # Windows 95/NT +#BN_ASM= asm/x86w16.o # 16 bit code for Windows 3.1/DOS +#BN_ASM= asm/x86w32.o # 32 bit code for Windows 3.1 + +# For x86 assembler: Set PROCESSOR to 386 if you want to support +# the 80386. +PROCESSOR= + +# Set DES_ENC to des_enc.o if you want to use the C version +#There are 4 x86 assember options. +DES_ENC= des_enc.o fcrypt_b.o +#DES_ENC= des_enc.o fcrypt_b.o # C +#DES_ENC= asm/dx86-elf.o asm/yx86-elf.o # elf +#DES_ENC= asm/dx86-sol.o asm/yx86-sol.o # solaris +#DES_ENC= asm/dx86-out.o asm/yx86-out.o # a.out, FreeBSD +#DES_ENC= asm/dx86bsdi.o asm/yx86bsdi.o # bsdi + +# Set BF_ENC to bf_enc.o if you want to use the C version +#There are 4 x86 assember options. +BF_ENC= bf_enc.o +#BF_ENC= bf_enc.o +#BF_ENC= asm/bx86-elf.o # elf +#BF_ENC= asm/bx86-sol.o # solaris +#BF_ENC= asm/bx86-out.o # a.out, FreeBSD +#BF_ENC= asm/bx86bsdi.o # bsdi + +# Set CAST_ENC to c_enc.o if you want to use the C version +#There are 4 x86 assember options. +CAST_ENC= c_enc.o +#CAST_ENC= c_enc.o +#CAST_ENC= asm/cx86-elf.o # elf +#CAST_ENC= asm/cx86-sol.o # solaris +#CAST_ENC= asm/cx86-out.o # a.out, FreeBSD +#CAST_ENC= asm/cx86bsdi.o # bsdi + +# Set RC4_ENC to rc4_enc.o if you want to use the C version +#There are 4 x86 assember options. +RC4_ENC= rc4_enc.o +#RC4_ENC= rc4_enc.o +#RC4_ENC= asm/rx86-elf.o # elf +#RC4_ENC= asm/rx86-sol.o # solaris +#RC4_ENC= asm/rx86-out.o # a.out, FreeBSD +#RC4_ENC= asm/rx86bsdi.o # bsdi + +# Set RC5_ENC to rc5_enc.o if you want to use the C version +#There are 4 x86 assember options. +RC5_ENC= rc5_enc.o +#RC5_ENC= rc5_enc.o +#RC5_ENC= asm/r586-elf.o # elf +#RC5_ENC= asm/r586-sol.o # solaris +#RC5_ENC= asm/r586-out.o # a.out, FreeBSD +#RC5_ENC= asm/r586bsdi.o # bsdi + +# Also need MD5_ASM defined +MD5_ASM_OBJ= +#MD5_ASM_OBJ= asm/mx86-elf.o # elf +#MD5_ASM_OBJ= asm/mx86-sol.o # solaris +#MD5_ASM_OBJ= asm/mx86-out.o # a.out, FreeBSD +#MD5_ASM_OBJ= asm/mx86bsdi.o # bsdi + +# Also need SHA1_ASM defined +SHA1_ASM_OBJ= +#SHA1_ASM_OBJ= asm/sx86-elf.o # elf +#SHA1_ASM_OBJ= asm/sx86-sol.o # solaris +#SHA1_ASM_OBJ= asm/sx86-out.o # a.out, FreeBSD +#SHA1_ASM_OBJ= asm/sx86bsdi.o # bsdi + +# Also need RMD160_ASM defined +RMD160_ASM_OBJ= +#RMD160_ASM_OBJ= asm/rm86-elf.o # elf +#RMD160_ASM_OBJ= asm/rm86-sol.o # solaris +#RMD160_ASM_OBJ= asm/rm86-out.o # a.out, FreeBSD +#RMD160_ASM_OBJ= asm/rm86bsdi.o # bsdi + +DIRS= crypto ssl rsaref apps test tools +SHLIBDIRS= crypto ssl + +# dirs in crypto to build +SDIRS= \ + md2 md5 sha mdc2 hmac ripemd \ + des rc2 rc4 rc5 idea bf cast \ + bn rsa dsa dh \ + buffer bio stack lhash rand err objects \ + evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp + +MAKEFILE= Makefile.ssl +MAKE= make -f Makefile.ssl + +MAN1=1 +MAN3=3 +SHELL=/bin/sh + +TOP= . +ONEDIRS=out tmp +EDIRS= times doc bugs util include certs ms shlib mt demos perl sf dep VMS +WDIRS= windows +LIBS= libcrypto.a libssl.a + +GENERAL= Makefile +BASENAME= openssl +NAME= $(BASENAME)-$(VERSION) +TARFILE= $(NAME).tar +WTARFILE= $(NAME)-win.tar +EXHEADER= e_os.h e_os2.h +HEADER= e_os.h + +all: Makefile.ssl + @for i in $(DIRS) ;\ + do \ + (cd $$i && echo "making all in $$i..." && \ + $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' SDIRS='${SDIRS}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' all ) || exit 1; \ + done + -@# cd perl; $(PERL) Makefile.PL; make + +sub_all: + @for i in $(DIRS) ;\ + do \ + (cd $$i && echo "making all in $$i..." && \ + $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' all ) || exit 1; \ + done; + +linux-shared: + for i in ${SHLIBDIRS}; do \ + rm -f lib$$i.a lib$$i.so \ + lib$$i.so.${MAJOR} lib$$i.so.${MAJOR}.${MINOR}; \ + ${MAKE} CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='-fPIC ${CFLAG}' SDIRS='${SDIRS}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' DIRS=$$i clean all || exit 1; \ + ( set -x; ${CC} -shared -o lib$$i.so.${MAJOR}.${MINOR} \ + -Wl,-S,-soname=lib$$i.so.${MAJOR} \ + -Wl,--whole-archive lib$$i.a \ + -Wl,--no-whole-archive -lc ) || exit 1; \ + rm -f lib$$i.a; make -C $$i clean || exit 1 ;\ + done; + @set -x; \ + for i in ${SHLIBDIRS}; do \ + ln -s lib$$i.so.${MAJOR}.${MINOR} lib$$i.so.${MAJOR}; \ + ln -s lib$$i.so.${MAJOR} lib$$i.so; \ + done; + +Makefile.ssl: Makefile.org + @echo "Makefile.ssl is older than Makefile.org." + @echo "Reconfigure the source tree (via './config' or 'perl Configure'), please." + @false + +libclean: + rm -f *.a */lib */*/lib + +clean: + rm -f shlib/*.o *.o core a.out fluff *.map + @for i in $(DIRS) ;\ + do \ + (cd $$i && echo "making clean in $$i..." && \ + $(MAKE) SDIRS='${SDIRS}' clean ) || exit 1; \ + rm -f $(LIBS); \ + done; + rm -f *.a *.o speed.* *.map *.so .pure core + rm -f $(TARFILE) + @for i in $(ONEDIRS) ;\ + do \ + rm -fr $$i/*; \ + done + +makefile.one: files + $(PERL) util/mk1mf.pl >makefile.one; \ + sh util/do_ms.sh + +files: + $(PERL) $(TOP)/util/files.pl Makefile.ssl > $(TOP)/MINFO + @for i in $(DIRS) ;\ + do \ + (cd $$i && echo "making 'files' in $$i..." && \ + $(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' files ) || exit 1; \ + done; + +links: + @$(TOP)/util/point.sh Makefile.ssl Makefile + @$(PERL) $(TOP)/util/mkdir-p.pl include/openssl + @$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER) + @for i in $(DIRS); do \ + (cd $$i && echo "making links in $$i..." && \ + $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PERL='${PERL}' links ) || exit 1; \ + done; + +dclean: + rm -f *.bak + @for i in $(DIRS) ;\ + do \ + (cd $$i && echo "making dclean in $$i..." && \ + $(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' dclean ) || exit 1; \ + done; + +rehash: + @(OPENSSL="`pwd`/apps/openssl"; export OPENSSL; sh tools/c_rehash certs) + +test: tests + +tests: rehash + @(cd test && echo "testing..." && \ + $(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SDIRS='${SDIRS}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' tests ); + @apps/openssl version -a + +depend: + @for i in $(DIRS) ;\ + do \ + (cd $$i && echo "making dependencies $$i..." && \ + $(MAKE) SDIRS='${SDIRS}' DEPFLAG='${DEPFLAG}' depend ) || exit 1; \ + done; + +lint: + @for i in $(DIRS) ;\ + do \ + (cd $$i && echo "making lint $$i..." && \ + $(MAKE) SDIRS='${SDIRS}' lint ) || exit 1; \ + done; + +tags: + @for i in $(DIRS) ;\ + do \ + (cd $$i && echo "making tags $$i..." && \ + $(MAKE) SDIRS='${SDIRS}' tags ) || exit 1; \ + done; + +errors: + perl util/mkerr.pl -recurse -write + +util/libeay.num:: + perl util/mkdef.pl crypto update + +util/ssleay.num:: + perl util/mkdef.pl ssl update + +TABLE: Configure + (echo 'Output of `Configure TABLE'"':"; \ + perl Configure TABLE) > TABLE + +update: depend errors util/libeay.num util/ssleay.num TABLE + +tar: + @tar --norecurse -cvf - \ + `find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort` |\ + tardy --user_number=0 --user_name=openssl \ + --group_number=0 --group_name=openssl \ + --prefix=openssl-$(VERSION) - |\ + gzip --best >../$(TARFILE).gz; \ + ls -l ../$(TARFILE).gz + +dist: + $(PERL) Configure dist + @$(MAKE) dist_pem_h + @$(MAKE) SDIRS='${SDIRS}' clean + @$(MAKE) tar + +dist_pem_h: + (cd crypto/pem; $(MAKE) CC='${CC}' SDIRS='${SDIRS}' CFLAG='${CFLAG}' pem.h; $(MAKE) clean) + +install: all + @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \ + $(INSTALL_PREFIX)$(INSTALLTOP)/lib \ + $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \ + $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \ + $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \ + $(INSTALL_PREFIX)$(OPENSSLDIR)/private \ + $(INSTALL_PREFIX)$(OPENSSLDIR)/lib + @for i in $(EXHEADER) ;\ + do \ + (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + @for i in $(DIRS) ;\ + do \ + (cd $$i; echo "installing $$i..."; \ + $(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' EX_LIBS='${EX_LIBS}' SDIRS='${SDIRS}' install ); \ + done + @for i in $(LIBS) ;\ + do \ + ( echo installing $$i; \ + cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \ + $(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \ + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \ + done + +# DO NOT DELETE THIS LINE -- make depend depends on it. diff --git a/crypto/openssl/NEWS b/crypto/openssl/NEWS new file mode 100644 index 000000000000..c152b7155d8f --- /dev/null +++ b/crypto/openssl/NEWS @@ -0,0 +1,65 @@ + + NEWS + ==== + + This file gives a brief overview of the major changes between each OpenSSL + release. For more details please read the CHANGES file. + + Major changes between OpenSSL 0.9.3 and OpenSSL 0.9.4: + + o Transparent support for PKCS#8 format private keys: these are used + by several software packages and are more secure than the standard + form + o PKCS#5 v2.0 implementation + o Password callbacks have a new void * argument for application data + o Avoid various memory leaks + o New pipe-like BIO that allows using the SSL library when actual I/O + must be handled by the application (BIO pair) + + Major changes between OpenSSL 0.9.2b and OpenSSL 0.9.3: + o Lots of enhancements and cleanups to the Configuration mechanism + o RSA OEAP related fixes + o Added `openssl ca -revoke' option for revoking a certificate + o Source cleanups: const correctness, type-safe stacks and ASN.1 SETs + o Source tree cleanups: removed lots of obsolete files + o Thawte SXNet, certificate policies and CRL distribution points + extension support + o Preliminary (experimental) S/MIME support + o Support for ASN.1 UTF8String and VisibleString + o Full integration of PKCS#12 code + o Sparc assembler bignum implementation, optimized hash functions + o Option to disable selected ciphers + + Major changes between OpenSSL 0.9.1c and OpenSSL 0.9.2b: + o Fixed a security hole related to session resumption + o Fixed RSA encryption routines for the p < q case + o "ALL" in cipher lists now means "everything except NULL ciphers" + o Support for Triple-DES CBCM cipher + o Support of Optimal Asymmetric Encryption Padding (OAEP) for RSA + o First support for new TLSv1 ciphers + o Added a few new BIOs (syslog BIO, reliable BIO) + o Extended support for DSA certificate/keys. + o Extended support for Certificate Signing Requests (CSR) + o Initial support for X.509v3 extensions + o Extended support for compression inside the SSL record layer + o Overhauled Win32 builds + o Cleanups and fixes to the Big Number (BN) library + o Support for ASN.1 GeneralizedTime + o Splitted ASN.1 SETs from SEQUENCEs + o ASN1 and PEM support for Netscape Certificate Sequences + o Overhauled Perl interface + o Lots of source tree cleanups. + o Lots of memory leak fixes. + o Lots of bug fixes. + + Major changes between SSLeay 0.9.0b and OpenSSL 0.9.1c: + o Integration of the popular NO_RSA/NO_DSA patches + o Initial support for compression inside the SSL record layer + o Added BIO proxy and filtering functionality + o Extended Big Number (BN) library + o Added RIPE MD160 message digest + o Addeed support for RC2/64bit cipher + o Extended ASN.1 parser routines + o Adjustations of the source tree for CVS + o Support for various new platforms + diff --git a/crypto/openssl/README b/crypto/openssl/README new file mode 100644 index 000000000000..d7682e8a2f64 --- /dev/null +++ b/crypto/openssl/README @@ -0,0 +1,205 @@ + + OpenSSL 0.9.4 09 Aug 1999 + + Copyright (c) 1998-1999 The OpenSSL Project + Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson + All rights reserved. + + DESCRIPTION + ----------- + + The OpenSSL Project is a collaborative effort to develop a robust, + commercial-grade, fully featured, and Open Source toolkit implementing the + Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) + protocols with full-strength cryptography world-wide. The project is managed + by a worldwide community of volunteers that use the Internet to communicate, + plan, and develop the OpenSSL toolkit and its related documentation. + + OpenSSL is based on the excellent SSLeay library developed from Eric A. Young + and Tim J. Hudson. The OpenSSL toolkit is licensed under a dual-license (the + OpenSSL license plus the SSLeay license) situation, which basically means + that you are free to get and use it for commercial and non-commercial + purposes as long as you fulfill the conditions of both licenses. + + OVERVIEW + -------- + + The OpenSSL toolkit includes: + + libssl.a: + Implementation of SSLv2, SSLv3, TLSv1 and the required code to support + both SSLv2, SSLv3 and TLSv1 in the one server and client. + + libcrypto.a: + General encryption and X.509 v1/v3 stuff needed by SSL/TLS but not + actually logically part of it. It includes routines for the following: + + Ciphers + libdes - EAY's libdes DES encryption package which has been floating + around the net for a few years. It includes 15 + 'modes/variations' of DES (1, 2 and 3 key versions of ecb, + cbc, cfb and ofb; pcbc and a more general form of cfb and + ofb) including desx in cbc mode, a fast crypt(3), and + routines to read passwords from the keyboard. + RC4 encryption, + RC2 encryption - 4 different modes, ecb, cbc, cfb and ofb. + Blowfish encryption - 4 different modes, ecb, cbc, cfb and ofb. + IDEA encryption - 4 different modes, ecb, cbc, cfb and ofb. + + Digests + MD5 and MD2 message digest algorithms, fast implementations, + SHA (SHA-0) and SHA-1 message digest algorithms, + MDC2 message digest. A DES based hash that is popular on smart cards. + + Public Key + RSA encryption/decryption/generation. + There is no limit on the number of bits. + DSA encryption/decryption/generation. + There is no limit on the number of bits. + Diffie-Hellman key-exchange/key generation. + There is no limit on the number of bits. + + X.509v3 certificates + X509 encoding/decoding into/from binary ASN1 and a PEM + based ascii-binary encoding which supports encryption with a + private key. Program to generate RSA and DSA certificate + requests and to generate RSA and DSA certificates. + + Systems + The normal digital envelope routines and base64 encoding. Higher + level access to ciphers and digests by name. New ciphers can be + loaded at run time. The BIO io system which is a simple non-blocking + IO abstraction. Current methods supported are file descriptors, + sockets, socket accept, socket connect, memory buffer, buffering, SSL + client/server, file pointer, encryption, digest, non-blocking testing + and null. + + Data structures + A dynamically growing hashing system + A simple stack. + A Configuration loader that uses a format similar to MS .ini files. + + openssl: + A command line tool which provides the following functions: + + enc - a general encryption program that can encrypt/decrypt using + one of 17 different cipher/mode combinations. The + input/output can also be converted to/from base64 + ascii encoding. + dgst - a generate message digesting program that will generate + message digests for any of md2, md5, sha (sha-0 or sha-1) + or mdc2. + asn1parse - parse and display the structure of an asn1 encoded + binary file. + rsa - Manipulate RSA private keys. + dsa - Manipulate DSA private keys. + dh - Manipulate Diffie-Hellman parameter files. + dsaparam- Manipulate and generate DSA parameter files. + crl - Manipulate certificate revocation lists. + crt2pkcs7- Generate a pkcs7 object containing a crl and a certificate. + x509 - Manipulate x509 certificates, self-sign certificates. + req - Manipulate PKCS#10 certificate requests and also + generate certificate requests. + genrsa - Generates an arbitrary sized RSA private key. + gendsa - Generates DSA parameters. + gendh - Generates a set of Diffie-Hellman parameters, the prime + will be a strong prime. + ca - Create certificates from PKCS#10 certificate requests. + This program also maintains a database of certificates + issued. + verify - Check x509 certificate signatures. + speed - Benchmark OpenSSL's ciphers. + s_server- A test SSL server. + s_client- A test SSL client. + s_time - Benchmark SSL performance of SSL server programs. + errstr - Convert from OpenSSL hex error codes to a readable form. + nseq - Netscape certificate sequence utility + + PATENTS + ------- + + Various companies hold various patents for various algorithms in various + locations around the world. _YOU_ are responsible for ensuring that your use + of any algorithms is legal by checking if there are any patents in your + country. The file contains some of the patents that we know about or are + rumoured to exist. This is not a definitive list. + + RSA Data Security holds software patents on the RSA and RC5 algorithms. If + their ciphers are used used inside the USA (and Japan?), you must contact RSA + Data Security for licensing conditions. Their web page is + http://www.rsa.com/. + + RC4 is a trademark of RSA Data Security, so use of this label should perhaps + only be used with RSA Data Security's permission. + + The IDEA algorithm is patented by Ascom in Austria, France, Germany, Italy, + Japan, Netherlands, Spain, Sweden, Switzerland, UK and the USA. They should + be contacted if that algorithm is to be used, their web page is + http://www.ascom.ch/. + + INSTALLATION + ------------ + + To install this package under a Unix derivative, read the INSTALL file. For + a Win32 platform, read the INSTALL.W32 file. For OpenVMS systems, read + INSTALL.VMS. + + For people in the USA, it is possible to compile OpenSSL to use RSA Inc.'s + public key library, RSAREF, by configuring OpenSSL with the option "rsaref". + + Read the documentation in the doc/ directory. It is quite rough, but it + lists the functions, you will probably have to look at the code to work out + how to used them. Look at the example programs. + + SUPPORT + ------- + + If you have any problems with OpenSSL then please take the following steps + first: + + - Remove ASM versions of libraries + - Remove compiler optimisation flags + - Add compiler debug flags (if using gcc then remove -fomit-frame-pointer + before you try to debug things) + + If you wish to report a bug then please include the following information in + any bug report: + + OpenSSL Details + - Version, most of these details can be got from the + 'openssl version -a' command. + Operating System Details + - On Unix systems: Output of './config -t' + - OS Name, Version + - Hardware platform + Compiler Details + - Name + - Version + Application Details + - Name + - Version + Problem Description + - include steps that will reproduce the problem (if known) + Stack Traceback (if the application dumps core) + + Report the bug to the OpenSSL project at: + + openssl-bugs@openssl.org + + HOW TO CONTRIBUTE TO OpenSSL + ---------------------------- + + Development is coordinated on the openssl-dev mailing list (see + http://www.openssl.org for information on subscribing). If you + would like to submit a patch, send it to openssl-dev@openssl.org. + Please be sure to include a textual explanation of what your patch + does. + + The preferred format for changes is "diff -u" output. You might + generate it like this: + + # cd openssl-work + # [your changes] + # ./Configure dist; make clean + # cd .. + # diff -urN openssl-orig openssl-work > mydiffs.patch diff --git a/crypto/openssl/apps/CA.pl b/crypto/openssl/apps/CA.pl new file mode 100755 index 000000000000..7c023ae71f66 --- /dev/null +++ b/crypto/openssl/apps/CA.pl @@ -0,0 +1,153 @@ +#!/usr/local/bin/perl +# +# CA - wrapper around ca to make it easier to use ... basically ca requires +# some setup stuff to be done before you can use it and this makes +# things easier between now and when Eric is convinced to fix it :-) +# +# CA -newca ... will setup the right stuff +# CA -newreq ... will generate a certificate request +# CA -sign ... will sign the generated request and output +# +# At the end of that grab newreq.pem and newcert.pem (one has the key +# and the other the certificate) and cat them together and that is what +# you want/need ... I'll make even this a little cleaner later. +# +# +# 12-Jan-96 tjh Added more things ... including CA -signcert which +# converts a certificate to a request and then signs it. +# 10-Jan-96 eay Fixed a few more bugs and added the SSLEAY_CONFIG +# environment variable so this can be driven from +# a script. +# 25-Jul-96 eay Cleaned up filenames some more. +# 11-Jun-96 eay Fixed a few filename missmatches. +# 03-May-96 eay Modified to use 'ssleay cmd' instead of 'cmd'. +# 18-Apr-96 tjh Original hacking +# +# Tim Hudson +# tjh@cryptsoft.com +# + +# 27-Apr-98 snh Translation into perl, fix existing CA bug. +# +# +# Steve Henson +# shenson@bigfoot.com + +# default openssl.cnf file has setup as per the following +# demoCA ... where everything is stored + +$DAYS="-days 365"; +$REQ="openssl req $SSLEAY_CONFIG"; +$CA="openssl ca $SSLEAY_CONFIG"; +$VERIFY="openssl verify"; +$X509="openssl x509"; + +$CATOP="./demoCA"; +$CAKEY="cakey.pem"; +$CACERT="cacert.pem"; + +$DIRMODE = 0777; + +$RET = 0; + +foreach (@ARGV) { + if ( /^(-\?|-h|-help)$/ ) { + print STDERR "usage: CA -newcert|-newreq|-newca|-sign|-verify\n"; + exit 0; + } elsif (/^-newcert$/) { + # create a certificate + system ("$REQ -new -x509 -keyout newreq.pem -out newreq.pem $DAYS"); + $RET=$?; + print "Certificate (and private key) is in newreq.pem\n" + } elsif (/^-newreq$/) { + # create a certificate request + system ("$REQ -new -keyout newreq.pem -out newreq.pem $DAYS"); + $RET=$?; + print "Request (and private key) is in newreq.pem\n"; + } elsif (/^-newca$/) { + # if explictly asked for or it doesn't exist then setup the + # directory structure that Eric likes to manage things + $NEW="1"; + if ( "$NEW" || ! -f "${CATOP}/serial" ) { + # create the directory hierarchy + mkdir $CATOP, $DIRMODE; + mkdir "${CATOP}/certs", $DIRMODE; + mkdir "${CATOP}/crl", $DIRMODE ; + mkdir "${CATOP}/newcerts", $DIRMODE; + mkdir "${CATOP}/private", $DIRMODE; + open OUT, ">${CATOP}/serial"; + print OUT "01\n"; + close OUT; + open OUT, ">${CATOP}/index.txt"; + close OUT; + } + if ( ! -f "${CATOP}/private/$CAKEY" ) { + print "CA certificate filename (or enter to create)\n"; + $FILE = ; + + chop $FILE; + + # ask user for existing CA certificate + if ($FILE) { + cp_pem($FILE,"${CATOP}/private/$CAKEY", "PRIVATE"); + cp_pem($FILE,"${CATOP}/$CACERT", "CERTIFICATE"); + $RET=$?; + } else { + print "Making CA certificate ...\n"; + system ("$REQ -new -x509 -keyout " . + "${CATOP}/private/$CAKEY -out ${CATOP}/$CACERT $DAYS"); + $RET=$?; + } + } + } elsif (/^-xsign$/) { + system ("$CA -policy policy_anything -infiles newreq.pem"); + $RET=$?; + } elsif (/^(-sign|-signreq)$/) { + system ("$CA -policy policy_anything -out newcert.pem " . + "-infiles newreq.pem"); + $RET=$?; + print "Signed certificate is in newcert.pem\n"; + } elsif (/^-signcert$/) { + system ("$X509 -x509toreq -in newreq.pem -signkey newreq.pem " . + "-out tmp.pem"); + system ("$CA -policy policy_anything -out newcert.pem " . + "-infiles tmp.pem"); + $RET = $?; + print "Signed certificate is in newcert.pem\n"; + } elsif (/^-verify$/) { + if (shift) { + foreach $j (@ARGV) { + system ("$VERIFY -CAfile $CATOP/$CACERT $j"); + $RET=$? if ($? != 0); + } + exit $RET; + } else { + system ("$VERIFY -CAfile $CATOP/$CACERT newcert.pem"); + $RET=$?; + exit 0; + } + } else { + print STDERR "Unknown arg $_\n"; + print STDERR "usage: CA -newcert|-newreq|-newca|-sign|-verify\n"; + exit 1; + } +} + +exit $RET; + +sub cp_pem { +my ($infile, $outfile, $bound) = @_; +open IN, $infile; +open OUT, ">$outfile"; +my $flag = 0; +while () { + $flag = 1 if (/^-----BEGIN.*$bound/) ; + print OUT $_ if ($flag); + if (/^-----END.*$bound/) { + close IN; + close OUT; + return; + } +} +} + diff --git a/crypto/openssl/apps/CA.sh b/crypto/openssl/apps/CA.sh new file mode 100644 index 000000000000..728f5bf4d84e --- /dev/null +++ b/crypto/openssl/apps/CA.sh @@ -0,0 +1,132 @@ +#!/bin/sh +# +# CA - wrapper around ca to make it easier to use ... basically ca requires +# some setup stuff to be done before you can use it and this makes +# things easier between now and when Eric is convinced to fix it :-) +# +# CA -newca ... will setup the right stuff +# CA -newreq ... will generate a certificate request +# CA -sign ... will sign the generated request and output +# +# At the end of that grab newreq.pem and newcert.pem (one has the key +# and the other the certificate) and cat them together and that is what +# you want/need ... I'll make even this a little cleaner later. +# +# +# 12-Jan-96 tjh Added more things ... including CA -signcert which +# converts a certificate to a request and then signs it. +# 10-Jan-96 eay Fixed a few more bugs and added the SSLEAY_CONFIG +# environment variable so this can be driven from +# a script. +# 25-Jul-96 eay Cleaned up filenames some more. +# 11-Jun-96 eay Fixed a few filename missmatches. +# 03-May-96 eay Modified to use 'ssleay cmd' instead of 'cmd'. +# 18-Apr-96 tjh Original hacking +# +# Tim Hudson +# tjh@cryptsoft.com +# + +# default openssl.cnf file has setup as per the following +# demoCA ... where everything is stored + +DAYS="-days 365" +REQ="openssl req $SSLEAY_CONFIG" +CA="openssl ca $SSLEAY_CONFIG" +VERIFY="openssl verify" +X509="openssl x509" + +CATOP=./demoCA +CAKEY=./cakey.pem +CACERT=./cacert.pem + +for i +do +case $i in +-\?|-h|-help) + echo "usage: CA -newcert|-newreq|-newca|-sign|-verify" >&2 + exit 0 + ;; +-newcert) + # create a certificate + $REQ -new -x509 -keyout newreq.pem -out newreq.pem $DAYS + RET=$? + echo "Certificate (and private key) is in newreq.pem" + ;; +-newreq) + # create a certificate request + $REQ -new -keyout newreq.pem -out newreq.pem $DAYS + RET=$? + echo "Request (and private key) is in newreq.pem" + ;; +-newca) + # if explictly asked for or it doesn't exist then setup the directory + # structure that Eric likes to manage things + NEW="1" + if [ "$NEW" -o ! -f ${CATOP}/serial ]; then + # create the directory hierarchy + mkdir ${CATOP} + mkdir ${CATOP}/certs + mkdir ${CATOP}/crl + mkdir ${CATOP}/newcerts + mkdir ${CATOP}/private + echo "01" > ${CATOP}/serial + touch ${CATOP}/index.txt + fi + if [ ! -f ${CATOP}/private/$CAKEY ]; then + echo "CA certificate filename (or enter to create)" + read FILE + + # ask user for existing CA certificate + if [ "$FILE" ]; then + cp $FILE ${CATOP}/private/$CAKEY + RET=$? + else + echo "Making CA certificate ..." + $REQ -new -x509 -keyout ${CATOP}/private/$CAKEY \ + -out ${CATOP}/$CACERT $DAYS + RET=$? + fi + fi + ;; +-xsign) + $CA -policy policy_anything -infiles newreq.pem + RET=$? + ;; +-sign|-signreq) + $CA -policy policy_anything -out newcert.pem -infiles newreq.pem + RET=$? + cat newcert.pem + echo "Signed certificate is in newcert.pem" + ;; +-signcert) + echo "Cert passphrase will be requested twice - bug?" + $X509 -x509toreq -in newreq.pem -signkey newreq.pem -out tmp.pem + $CA -policy policy_anything -out newcert.pem -infiles tmp.pem + cat newcert.pem + echo "Signed certificate is in newcert.pem" + ;; +-verify) + shift + if [ -z "$1" ]; then + $VERIFY -CAfile $CATOP/$CACERT newcert.pem + RET=$? + else + for j + do + $VERIFY -CAfile $CATOP/$CACERT $j + if [ $? != 0 ]; then + RET=$? + fi + done + fi + exit 0 + ;; +*) + echo "Unknown arg $i"; + exit 1 + ;; +esac +done +exit $RET + diff --git a/crypto/openssl/apps/Makefile.ssl b/crypto/openssl/apps/Makefile.ssl new file mode 100644 index 000000000000..8363ec901823 --- /dev/null +++ b/crypto/openssl/apps/Makefile.ssl @@ -0,0 +1,727 @@ +# +# apps/Makefile.ssl +# + +DIR= apps +TOP= .. +CC= cc +INCLUDES= -I../include +CFLAG= -g -static +INSTALL_PREFIX= +INSTALLTOP= /usr/local/ssl +OPENSSLDIR= /usr/local/ssl +MAKE= make -f Makefile.ssl +MAKEDEPEND= $(TOP)/util/domd $(TOP) +MAKEFILE= Makefile.ssl +RM= rm -f + +PEX_LIBS= +EX_LIBS= + +CFLAGS= -DMONOLITH $(INCLUDES) $(CFLAG) + +GENERAL=Makefile makeapps.com install.com + +DLIBCRYPTO=../libcrypto.a +DLIBSSL=../libssl.a +LIBCRYPTO=-L.. -lcrypto +LIBSSL=-L.. -lssl + +PROGRAM= openssl + +SCRIPTS=CA.sh CA.pl der_chop + +EXE= $(PROGRAM) + +E_EXE= verify asn1pars req dgst dh enc gendh errstr ca crl \ + rsa dsa dsaparam \ + x509 genrsa gendsa s_server s_client speed \ + s_time version pkcs7 crl2pkcs7 sess_id ciphers nseq pkcs12 \ + pkcs8 + +PROGS= $(PROGRAM).c + +A_OBJ=apps.o +A_SRC=apps.c +S_OBJ= s_cb.o s_socket.o +S_SRC= s_cb.c s_socket.c + +E_OBJ= verify.o asn1pars.o req.o dgst.o dh.o enc.o gendh.o errstr.o ca.o \ + pkcs7.o crl2p7.o crl.o \ + rsa.o dsa.o dsaparam.o \ + x509.o genrsa.o gendsa.o s_server.o s_client.o speed.o \ + s_time.o $(A_OBJ) $(S_OBJ) version.o sess_id.o \ + ciphers.o nseq.o pkcs12.o pkcs8.o + +# pem_mail.o + +E_SRC= verify.c asn1pars.c req.c dgst.c dh.c enc.c gendh.c errstr.c ca.c \ + pkcs7.c crl2p7.c crl.c \ + rsa.c dsa.c dsaparam.c \ + x509.c genrsa.c gendsa.c s_server.c s_client.c speed.c \ + s_time.c $(A_SRC) $(S_SRC) version.c sess_id.c \ + ciphers.c nseq.c pkcs12.c pkcs8.c + +# pem_mail.c + +SRC=$(E_SRC) + +EXHEADER= +HEADER= apps.h progs.h s_apps.h \ + testdsa.h testrsa.h \ + $(EXHEADER) + +ALL= $(GENERAL) $(SRC) $(HEADER) + +top: + @(cd ..; $(MAKE) DIRS=$(DIR) all) + +all: exe + +exe: $(EXE) + +req: sreq.o $(A_OBJ) $(DLIBCRYPTO) + $(CC) -o req $(CFLAG) sreq.o $(A_OBJ) $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) + +sreq.o: req.c + $(CC) -c $(INCLUDES) $(CFLAG) -o sreq.o req.c + +files: + $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO + +install: + @for i in $(EXE); \ + do \ + (echo installing $$i; \ + cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i; \ + chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \ + done; + @for i in $(SCRIPTS); \ + do \ + (echo installing $$i; \ + cp $$i $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i; \ + chmod 755 $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i ); \ + done + @cp openssl.cnf $(INSTALL_PREFIX)$(OPENSSLDIR); \ + chmod 644 $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf + +tags: + ctags $(SRC) + +tests: + +links: + @$(TOP)/util/point.sh Makefile.ssl Makefile + +lint: + lint -DLINT $(INCLUDES) $(SRC)>fluff + +depend: + $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(SRC) + +dclean: + $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new + mv -f Makefile.new $(MAKEFILE) + +clean: + rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE) + rm -f req + +$(DLIBSSL): + (cd ../ssl; $(MAKE)) + +$(DLIBCRYPTO): + (cd ../crypto; $(MAKE)) + +$(PROGRAM): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL) + $(RM) $(PROGRAM) + $(CC) -o $(PROGRAM) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(LIBSSL) $(LIBCRYPTO) $(EX_LIBS) + @(cd ..; OPENSSL="`pwd`/apps/openssl"; export OPENSSL; sh tools/c_rehash certs) + +progs.h: + $(PERL) ./progs.pl $(E_EXE) >progs.h + $(RM) $(PROGRAM).o + +# DO NOT DELETE THIS LINE -- make depend depends on it. + +apps.o: ../include/openssl/bio.h ../include/openssl/buffer.h +apps.o: ../include/openssl/crypto.h ../include/openssl/e_os.h +apps.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h +apps.o: ../include/openssl/opensslv.h ../include/openssl/stack.h apps.h progs.h +asn1pars.o: ../include/openssl/asn1.h ../include/openssl/bio.h +asn1pars.o: ../include/openssl/blowfish.h ../include/openssl/bn.h +asn1pars.o: ../include/openssl/buffer.h ../include/openssl/cast.h +asn1pars.o: ../include/openssl/crypto.h ../include/openssl/des.h +asn1pars.o: ../include/openssl/dh.h ../include/openssl/dsa.h +asn1pars.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h +asn1pars.o: ../include/openssl/err.h ../include/openssl/evp.h +asn1pars.o: ../include/openssl/idea.h ../include/openssl/md2.h +asn1pars.o: ../include/openssl/md5.h ../include/openssl/mdc2.h +asn1pars.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +asn1pars.o: ../include/openssl/opensslv.h ../include/openssl/pem.h +asn1pars.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +asn1pars.o: ../include/openssl/rc2.h ../include/openssl/rc4.h +asn1pars.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h +asn1pars.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +asn1pars.o: ../include/openssl/sha.h ../include/openssl/stack.h +asn1pars.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h +asn1pars.o: progs.h +ca.o: ../include/openssl/asn1.h ../include/openssl/bio.h +ca.o: ../include/openssl/blowfish.h ../include/openssl/bn.h +ca.o: ../include/openssl/buffer.h ../include/openssl/cast.h +ca.o: ../include/openssl/conf.h ../include/openssl/crypto.h +ca.o: ../include/openssl/des.h ../include/openssl/dh.h ../include/openssl/dsa.h +ca.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h +ca.o: ../include/openssl/err.h ../include/openssl/evp.h +ca.o: ../include/openssl/idea.h ../include/openssl/lhash.h +ca.o: ../include/openssl/md2.h ../include/openssl/md5.h +ca.o: ../include/openssl/mdc2.h ../include/openssl/objects.h +ca.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +ca.o: ../include/openssl/pem.h ../include/openssl/pem2.h +ca.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h +ca.o: ../include/openssl/rc4.h ../include/openssl/rc5.h +ca.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h +ca.o: ../include/openssl/safestack.h ../include/openssl/sha.h +ca.o: ../include/openssl/stack.h ../include/openssl/txt_db.h +ca.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +ca.o: ../include/openssl/x509v3.h apps.h progs.h +ciphers.o: ../include/openssl/asn1.h ../include/openssl/bio.h +ciphers.o: ../include/openssl/blowfish.h ../include/openssl/bn.h +ciphers.o: ../include/openssl/buffer.h ../include/openssl/cast.h +ciphers.o: ../include/openssl/crypto.h ../include/openssl/des.h +ciphers.o: ../include/openssl/dh.h ../include/openssl/dsa.h +ciphers.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h +ciphers.o: ../include/openssl/err.h ../include/openssl/evp.h +ciphers.o: ../include/openssl/idea.h ../include/openssl/lhash.h +ciphers.o: ../include/openssl/md2.h ../include/openssl/md5.h +ciphers.o: ../include/openssl/mdc2.h ../include/openssl/objects.h +ciphers.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +ciphers.o: ../include/openssl/pem.h ../include/openssl/pem2.h +ciphers.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h +ciphers.o: ../include/openssl/rc4.h ../include/openssl/rc5.h +ciphers.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h +ciphers.o: ../include/openssl/safestack.h ../include/openssl/sha.h +ciphers.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +ciphers.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +ciphers.o: ../include/openssl/stack.h ../include/openssl/tls1.h +ciphers.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h +ciphers.o: progs.h +crl.o: ../include/openssl/asn1.h ../include/openssl/bio.h +crl.o: ../include/openssl/blowfish.h ../include/openssl/bn.h +crl.o: ../include/openssl/buffer.h ../include/openssl/cast.h +crl.o: ../include/openssl/conf.h ../include/openssl/crypto.h +crl.o: ../include/openssl/des.h ../include/openssl/dh.h +crl.o: ../include/openssl/dsa.h ../include/openssl/e_os.h +crl.o: ../include/openssl/e_os2.h ../include/openssl/err.h +crl.o: ../include/openssl/evp.h ../include/openssl/idea.h +crl.o: ../include/openssl/lhash.h ../include/openssl/md2.h +crl.o: ../include/openssl/md5.h ../include/openssl/mdc2.h +crl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +crl.o: ../include/openssl/opensslv.h ../include/openssl/pem.h +crl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +crl.o: ../include/openssl/rc2.h ../include/openssl/rc4.h +crl.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h +crl.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +crl.o: ../include/openssl/sha.h ../include/openssl/stack.h +crl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +crl.o: ../include/openssl/x509v3.h apps.h progs.h +crl2p7.o: ../include/openssl/asn1.h ../include/openssl/bio.h +crl2p7.o: ../include/openssl/blowfish.h ../include/openssl/bn.h +crl2p7.o: ../include/openssl/buffer.h ../include/openssl/cast.h +crl2p7.o: ../include/openssl/crypto.h ../include/openssl/des.h +crl2p7.o: ../include/openssl/dh.h ../include/openssl/dsa.h +crl2p7.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h +crl2p7.o: ../include/openssl/err.h ../include/openssl/evp.h +crl2p7.o: ../include/openssl/idea.h ../include/openssl/md2.h +crl2p7.o: ../include/openssl/md5.h ../include/openssl/mdc2.h +crl2p7.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +crl2p7.o: ../include/openssl/opensslv.h ../include/openssl/pem.h +crl2p7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +crl2p7.o: ../include/openssl/rc2.h ../include/openssl/rc4.h +crl2p7.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h +crl2p7.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +crl2p7.o: ../include/openssl/sha.h ../include/openssl/stack.h +crl2p7.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h +crl2p7.o: progs.h +dgst.o: ../include/openssl/asn1.h ../include/openssl/bio.h +dgst.o: ../include/openssl/blowfish.h ../include/openssl/bn.h +dgst.o: ../include/openssl/buffer.h ../include/openssl/cast.h +dgst.o: ../include/openssl/crypto.h ../include/openssl/des.h +dgst.o: ../include/openssl/dh.h ../include/openssl/dsa.h +dgst.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h +dgst.o: ../include/openssl/err.h ../include/openssl/evp.h +dgst.o: ../include/openssl/idea.h ../include/openssl/md2.h +dgst.o: ../include/openssl/md5.h ../include/openssl/mdc2.h +dgst.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +dgst.o: ../include/openssl/opensslv.h ../include/openssl/pem.h +dgst.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +dgst.o: ../include/openssl/rc2.h ../include/openssl/rc4.h +dgst.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h +dgst.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +dgst.o: ../include/openssl/sha.h ../include/openssl/stack.h +dgst.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h progs.h +dh.o: ../include/openssl/asn1.h ../include/openssl/bio.h +dh.o: ../include/openssl/blowfish.h ../include/openssl/bn.h +dh.o: ../include/openssl/buffer.h ../include/openssl/cast.h +dh.o: ../include/openssl/crypto.h ../include/openssl/des.h +dh.o: ../include/openssl/dh.h ../include/openssl/dsa.h +dh.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h +dh.o: ../include/openssl/err.h ../include/openssl/evp.h +dh.o: ../include/openssl/idea.h ../include/openssl/md2.h +dh.o: ../include/openssl/md5.h ../include/openssl/mdc2.h +dh.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +dh.o: ../include/openssl/opensslv.h ../include/openssl/pem.h +dh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +dh.o: ../include/openssl/rc2.h ../include/openssl/rc4.h +dh.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h +dh.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +dh.o: ../include/openssl/sha.h ../include/openssl/stack.h +dh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h progs.h +dsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h +dsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h +dsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h +dsa.o: ../include/openssl/crypto.h ../include/openssl/des.h +dsa.o: ../include/openssl/dh.h ../include/openssl/dsa.h +dsa.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h +dsa.o: ../include/openssl/err.h ../include/openssl/evp.h +dsa.o: ../include/openssl/idea.h ../include/openssl/md2.h +dsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h +dsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +dsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h +dsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +dsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h +dsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h +dsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +dsa.o: ../include/openssl/sha.h ../include/openssl/stack.h +dsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h progs.h +dsaparam.o: ../include/openssl/asn1.h ../include/openssl/bio.h +dsaparam.o: ../include/openssl/blowfish.h ../include/openssl/bn.h +dsaparam.o: ../include/openssl/buffer.h ../include/openssl/cast.h +dsaparam.o: ../include/openssl/crypto.h ../include/openssl/des.h +dsaparam.o: ../include/openssl/dh.h ../include/openssl/dsa.h +dsaparam.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h +dsaparam.o: ../include/openssl/err.h ../include/openssl/evp.h +dsaparam.o: ../include/openssl/idea.h ../include/openssl/md2.h +dsaparam.o: ../include/openssl/md5.h ../include/openssl/mdc2.h +dsaparam.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +dsaparam.o: ../include/openssl/opensslv.h ../include/openssl/pem.h +dsaparam.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +dsaparam.o: ../include/openssl/rand.h ../include/openssl/rc2.h +dsaparam.o: ../include/openssl/rc4.h ../include/openssl/rc5.h +dsaparam.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h +dsaparam.o: ../include/openssl/safestack.h ../include/openssl/sha.h +dsaparam.o: ../include/openssl/stack.h ../include/openssl/x509.h +dsaparam.o: ../include/openssl/x509_vfy.h apps.h progs.h +enc.o: ../include/openssl/asn1.h ../include/openssl/bio.h +enc.o: ../include/openssl/blowfish.h ../include/openssl/bn.h +enc.o: ../include/openssl/buffer.h ../include/openssl/cast.h +enc.o: ../include/openssl/crypto.h ../include/openssl/des.h +enc.o: ../include/openssl/dh.h ../include/openssl/dsa.h +enc.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h +enc.o: ../include/openssl/err.h ../include/openssl/evp.h +enc.o: ../include/openssl/idea.h ../include/openssl/md2.h +enc.o: ../include/openssl/md5.h ../include/openssl/mdc2.h +enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +enc.o: ../include/openssl/opensslv.h ../include/openssl/pem.h +enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +enc.o: ../include/openssl/rc2.h ../include/openssl/rc4.h +enc.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h +enc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +enc.o: ../include/openssl/sha.h ../include/openssl/stack.h +enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h progs.h +errstr.o: ../include/openssl/asn1.h ../include/openssl/bio.h +errstr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h +errstr.o: ../include/openssl/buffer.h ../include/openssl/cast.h +errstr.o: ../include/openssl/crypto.h ../include/openssl/des.h +errstr.o: ../include/openssl/dh.h ../include/openssl/dsa.h +errstr.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h +errstr.o: ../include/openssl/err.h ../include/openssl/evp.h +errstr.o: ../include/openssl/idea.h ../include/openssl/lhash.h +errstr.o: ../include/openssl/md2.h ../include/openssl/md5.h +errstr.o: ../include/openssl/mdc2.h ../include/openssl/objects.h +errstr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +errstr.o: ../include/openssl/pem.h ../include/openssl/pem2.h +errstr.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h +errstr.o: ../include/openssl/rc4.h ../include/openssl/rc5.h +errstr.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h +errstr.o: ../include/openssl/safestack.h ../include/openssl/sha.h +errstr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +errstr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +errstr.o: ../include/openssl/stack.h ../include/openssl/tls1.h +errstr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h +errstr.o: progs.h +gendh.o: ../include/openssl/asn1.h ../include/openssl/bio.h +gendh.o: ../include/openssl/blowfish.h ../include/openssl/bn.h +gendh.o: ../include/openssl/buffer.h ../include/openssl/cast.h +gendh.o: ../include/openssl/crypto.h ../include/openssl/des.h +gendh.o: ../include/openssl/dh.h ../include/openssl/dsa.h +gendh.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h +gendh.o: ../include/openssl/err.h ../include/openssl/evp.h +gendh.o: ../include/openssl/idea.h ../include/openssl/md2.h +gendh.o: ../include/openssl/md5.h ../include/openssl/mdc2.h +gendh.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +gendh.o: ../include/openssl/opensslv.h ../include/openssl/pem.h +gendh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +gendh.o: ../include/openssl/rand.h ../include/openssl/rc2.h +gendh.o: ../include/openssl/rc4.h ../include/openssl/rc5.h +gendh.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h +gendh.o: ../include/openssl/safestack.h ../include/openssl/sha.h +gendh.o: ../include/openssl/stack.h ../include/openssl/x509.h +gendh.o: ../include/openssl/x509_vfy.h apps.h progs.h +gendsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h +gendsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h +gendsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h +gendsa.o: ../include/openssl/crypto.h ../include/openssl/des.h +gendsa.o: ../include/openssl/dh.h ../include/openssl/dsa.h +gendsa.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h +gendsa.o: ../include/openssl/err.h ../include/openssl/evp.h +gendsa.o: ../include/openssl/idea.h ../include/openssl/md2.h +gendsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h +gendsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +gendsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h +gendsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +gendsa.o: ../include/openssl/rand.h ../include/openssl/rc2.h +gendsa.o: ../include/openssl/rc4.h ../include/openssl/rc5.h +gendsa.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h +gendsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h +gendsa.o: ../include/openssl/stack.h ../include/openssl/x509.h +gendsa.o: ../include/openssl/x509_vfy.h apps.h progs.h +genrsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h +genrsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h +genrsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h +genrsa.o: ../include/openssl/crypto.h ../include/openssl/des.h +genrsa.o: ../include/openssl/dh.h ../include/openssl/dsa.h +genrsa.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h +genrsa.o: ../include/openssl/err.h ../include/openssl/evp.h +genrsa.o: ../include/openssl/idea.h ../include/openssl/md2.h +genrsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h +genrsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +genrsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h +genrsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +genrsa.o: ../include/openssl/rand.h ../include/openssl/rc2.h +genrsa.o: ../include/openssl/rc4.h ../include/openssl/rc5.h +genrsa.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h +genrsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h +genrsa.o: ../include/openssl/stack.h ../include/openssl/x509.h +genrsa.o: ../include/openssl/x509_vfy.h apps.h progs.h +nseq.o: ../include/openssl/asn1.h ../include/openssl/bio.h +nseq.o: ../include/openssl/blowfish.h ../include/openssl/bn.h +nseq.o: ../include/openssl/buffer.h ../include/openssl/cast.h +nseq.o: ../include/openssl/crypto.h ../include/openssl/des.h +nseq.o: ../include/openssl/dh.h ../include/openssl/dsa.h +nseq.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h +nseq.o: ../include/openssl/err.h ../include/openssl/evp.h +nseq.o: ../include/openssl/idea.h ../include/openssl/md2.h +nseq.o: ../include/openssl/md5.h ../include/openssl/mdc2.h +nseq.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +nseq.o: ../include/openssl/opensslv.h ../include/openssl/pem.h +nseq.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +nseq.o: ../include/openssl/rc2.h ../include/openssl/rc4.h +nseq.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h +nseq.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +nseq.o: ../include/openssl/sha.h ../include/openssl/stack.h +nseq.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h progs.h +openssl.o: ../include/openssl/asn1.h ../include/openssl/bio.h +openssl.o: ../include/openssl/blowfish.h ../include/openssl/bn.h +openssl.o: ../include/openssl/buffer.h ../include/openssl/cast.h +openssl.o: ../include/openssl/conf.h ../include/openssl/crypto.h +openssl.o: ../include/openssl/des.h ../include/openssl/dh.h +openssl.o: ../include/openssl/dsa.h ../include/openssl/e_os.h +openssl.o: ../include/openssl/e_os2.h ../include/openssl/err.h +openssl.o: ../include/openssl/evp.h ../include/openssl/idea.h +openssl.o: ../include/openssl/lhash.h ../include/openssl/md2.h +openssl.o: ../include/openssl/md5.h ../include/openssl/mdc2.h +openssl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +openssl.o: ../include/openssl/opensslv.h ../include/openssl/pem.h +openssl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +openssl.o: ../include/openssl/rc2.h ../include/openssl/rc4.h +openssl.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h +openssl.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +openssl.o: ../include/openssl/sha.h ../include/openssl/ssl.h +openssl.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +openssl.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +openssl.o: ../include/openssl/tls1.h ../include/openssl/x509.h +openssl.o: ../include/openssl/x509_vfy.h apps.h progs.h s_apps.h +pkcs12.o: ../include/openssl/asn1.h ../include/openssl/bio.h +pkcs12.o: ../include/openssl/blowfish.h ../include/openssl/bn.h +pkcs12.o: ../include/openssl/buffer.h ../include/openssl/cast.h +pkcs12.o: ../include/openssl/crypto.h ../include/openssl/des.h +pkcs12.o: ../include/openssl/dh.h ../include/openssl/dsa.h +pkcs12.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h +pkcs12.o: ../include/openssl/err.h ../include/openssl/evp.h +pkcs12.o: ../include/openssl/idea.h ../include/openssl/md2.h +pkcs12.o: ../include/openssl/md5.h ../include/openssl/mdc2.h +pkcs12.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +pkcs12.o: ../include/openssl/opensslv.h ../include/openssl/pem.h +pkcs12.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h +pkcs12.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h +pkcs12.o: ../include/openssl/rc4.h ../include/openssl/rc5.h +pkcs12.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h +pkcs12.o: ../include/openssl/safestack.h ../include/openssl/sha.h +pkcs12.o: ../include/openssl/stack.h ../include/openssl/x509.h +pkcs12.o: ../include/openssl/x509_vfy.h apps.h progs.h +pkcs7.o: ../include/openssl/asn1.h ../include/openssl/bio.h +pkcs7.o: ../include/openssl/blowfish.h ../include/openssl/bn.h +pkcs7.o: ../include/openssl/buffer.h ../include/openssl/cast.h +pkcs7.o: ../include/openssl/crypto.h ../include/openssl/des.h +pkcs7.o: ../include/openssl/dh.h ../include/openssl/dsa.h +pkcs7.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h +pkcs7.o: ../include/openssl/err.h ../include/openssl/evp.h +pkcs7.o: ../include/openssl/idea.h ../include/openssl/md2.h +pkcs7.o: ../include/openssl/md5.h ../include/openssl/mdc2.h +pkcs7.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +pkcs7.o: ../include/openssl/opensslv.h ../include/openssl/pem.h +pkcs7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +pkcs7.o: ../include/openssl/rc2.h ../include/openssl/rc4.h +pkcs7.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h +pkcs7.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +pkcs7.o: ../include/openssl/sha.h ../include/openssl/stack.h +pkcs7.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h progs.h +pkcs8.o: ../include/openssl/asn1.h ../include/openssl/bio.h +pkcs8.o: ../include/openssl/blowfish.h ../include/openssl/bn.h +pkcs8.o: ../include/openssl/buffer.h ../include/openssl/cast.h +pkcs8.o: ../include/openssl/crypto.h ../include/openssl/des.h +pkcs8.o: ../include/openssl/dh.h ../include/openssl/dsa.h +pkcs8.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h +pkcs8.o: ../include/openssl/err.h ../include/openssl/evp.h +pkcs8.o: ../include/openssl/idea.h ../include/openssl/md2.h +pkcs8.o: ../include/openssl/md5.h ../include/openssl/mdc2.h +pkcs8.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +pkcs8.o: ../include/openssl/opensslv.h ../include/openssl/pem.h +pkcs8.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h +pkcs8.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h +pkcs8.o: ../include/openssl/rc4.h ../include/openssl/rc5.h +pkcs8.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h +pkcs8.o: ../include/openssl/safestack.h ../include/openssl/sha.h +pkcs8.o: ../include/openssl/stack.h ../include/openssl/x509.h +pkcs8.o: ../include/openssl/x509_vfy.h apps.h progs.h +req.o: ../include/openssl/asn1.h ../include/openssl/bio.h +req.o: ../include/openssl/blowfish.h ../include/openssl/bn.h +req.o: ../include/openssl/buffer.h ../include/openssl/cast.h +req.o: ../include/openssl/conf.h ../include/openssl/crypto.h +req.o: ../include/openssl/des.h ../include/openssl/dh.h +req.o: ../include/openssl/dsa.h ../include/openssl/e_os.h +req.o: ../include/openssl/e_os2.h ../include/openssl/err.h +req.o: ../include/openssl/evp.h ../include/openssl/idea.h +req.o: ../include/openssl/lhash.h ../include/openssl/md2.h +req.o: ../include/openssl/md5.h ../include/openssl/mdc2.h +req.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +req.o: ../include/openssl/opensslv.h ../include/openssl/pem.h +req.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +req.o: ../include/openssl/rand.h ../include/openssl/rc2.h +req.o: ../include/openssl/rc4.h ../include/openssl/rc5.h +req.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h +req.o: ../include/openssl/safestack.h ../include/openssl/sha.h +req.o: ../include/openssl/stack.h ../include/openssl/x509.h +req.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h progs.h +rsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h +rsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h +rsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h +rsa.o: ../include/openssl/crypto.h ../include/openssl/des.h +rsa.o: ../include/openssl/dh.h ../include/openssl/dsa.h +rsa.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h +rsa.o: ../include/openssl/err.h ../include/openssl/evp.h +rsa.o: ../include/openssl/idea.h ../include/openssl/md2.h +rsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h +rsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +rsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h +rsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +rsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h +rsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h +rsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +rsa.o: ../include/openssl/sha.h ../include/openssl/stack.h +rsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h progs.h +s_cb.o: ../include/openssl/asn1.h ../include/openssl/bio.h +s_cb.o: ../include/openssl/blowfish.h ../include/openssl/bn.h +s_cb.o: ../include/openssl/buffer.h ../include/openssl/cast.h +s_cb.o: ../include/openssl/crypto.h ../include/openssl/des.h +s_cb.o: ../include/openssl/dh.h ../include/openssl/dsa.h +s_cb.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h +s_cb.o: ../include/openssl/err.h ../include/openssl/evp.h +s_cb.o: ../include/openssl/idea.h ../include/openssl/lhash.h +s_cb.o: ../include/openssl/md2.h ../include/openssl/md5.h +s_cb.o: ../include/openssl/mdc2.h ../include/openssl/objects.h +s_cb.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +s_cb.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s_cb.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h +s_cb.o: ../include/openssl/rc4.h ../include/openssl/rc5.h +s_cb.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h +s_cb.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s_cb.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +s_cb.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +s_cb.o: ../include/openssl/stack.h ../include/openssl/tls1.h +s_cb.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h progs.h +s_cb.o: s_apps.h +s_client.o: ../include/openssl/asn1.h ../include/openssl/bio.h +s_client.o: ../include/openssl/blowfish.h ../include/openssl/bn.h +s_client.o: ../include/openssl/buffer.h ../include/openssl/cast.h +s_client.o: ../include/openssl/crypto.h ../include/openssl/des.h +s_client.o: ../include/openssl/dh.h ../include/openssl/dsa.h +s_client.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h +s_client.o: ../include/openssl/err.h ../include/openssl/evp.h +s_client.o: ../include/openssl/idea.h ../include/openssl/lhash.h +s_client.o: ../include/openssl/md2.h ../include/openssl/md5.h +s_client.o: ../include/openssl/mdc2.h ../include/openssl/objects.h +s_client.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +s_client.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s_client.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h +s_client.o: ../include/openssl/rc4.h ../include/openssl/rc5.h +s_client.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h +s_client.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s_client.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +s_client.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +s_client.o: ../include/openssl/stack.h ../include/openssl/tls1.h +s_client.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h +s_client.o: progs.h s_apps.h +s_server.o: ../include/openssl/asn1.h ../include/openssl/bio.h +s_server.o: ../include/openssl/blowfish.h ../include/openssl/bn.h +s_server.o: ../include/openssl/buffer.h ../include/openssl/cast.h +s_server.o: ../include/openssl/crypto.h ../include/openssl/des.h +s_server.o: ../include/openssl/dh.h ../include/openssl/dsa.h +s_server.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h +s_server.o: ../include/openssl/err.h ../include/openssl/evp.h +s_server.o: ../include/openssl/idea.h ../include/openssl/lhash.h +s_server.o: ../include/openssl/md2.h ../include/openssl/md5.h +s_server.o: ../include/openssl/mdc2.h ../include/openssl/objects.h +s_server.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +s_server.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s_server.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h +s_server.o: ../include/openssl/rc4.h ../include/openssl/rc5.h +s_server.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h +s_server.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s_server.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +s_server.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +s_server.o: ../include/openssl/stack.h ../include/openssl/tls1.h +s_server.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h +s_server.o: progs.h s_apps.h +s_socket.o: ../include/openssl/asn1.h ../include/openssl/bio.h +s_socket.o: ../include/openssl/blowfish.h ../include/openssl/bn.h +s_socket.o: ../include/openssl/buffer.h ../include/openssl/cast.h +s_socket.o: ../include/openssl/crypto.h ../include/openssl/des.h +s_socket.o: ../include/openssl/dh.h ../include/openssl/dsa.h +s_socket.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h +s_socket.o: ../include/openssl/evp.h ../include/openssl/idea.h +s_socket.o: ../include/openssl/lhash.h ../include/openssl/md2.h +s_socket.o: ../include/openssl/md5.h ../include/openssl/mdc2.h +s_socket.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +s_socket.o: ../include/openssl/opensslv.h ../include/openssl/pem.h +s_socket.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +s_socket.o: ../include/openssl/rc2.h ../include/openssl/rc4.h +s_socket.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h +s_socket.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +s_socket.o: ../include/openssl/sha.h ../include/openssl/ssl.h +s_socket.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +s_socket.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +s_socket.o: ../include/openssl/tls1.h ../include/openssl/x509.h +s_socket.o: ../include/openssl/x509_vfy.h apps.h progs.h s_apps.h +s_time.o: ../include/openssl/asn1.h ../include/openssl/bio.h +s_time.o: ../include/openssl/blowfish.h ../include/openssl/bn.h +s_time.o: ../include/openssl/buffer.h ../include/openssl/cast.h +s_time.o: ../include/openssl/crypto.h ../include/openssl/des.h +s_time.o: ../include/openssl/dh.h ../include/openssl/dsa.h +s_time.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h +s_time.o: ../include/openssl/err.h ../include/openssl/evp.h +s_time.o: ../include/openssl/idea.h ../include/openssl/lhash.h +s_time.o: ../include/openssl/md2.h ../include/openssl/md5.h +s_time.o: ../include/openssl/mdc2.h ../include/openssl/objects.h +s_time.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +s_time.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s_time.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h +s_time.o: ../include/openssl/rc4.h ../include/openssl/rc5.h +s_time.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h +s_time.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s_time.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +s_time.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +s_time.o: ../include/openssl/stack.h ../include/openssl/tls1.h +s_time.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h +s_time.o: progs.h s_apps.h +sess_id.o: ../include/openssl/asn1.h ../include/openssl/bio.h +sess_id.o: ../include/openssl/blowfish.h ../include/openssl/bn.h +sess_id.o: ../include/openssl/buffer.h ../include/openssl/cast.h +sess_id.o: ../include/openssl/crypto.h ../include/openssl/des.h +sess_id.o: ../include/openssl/dh.h ../include/openssl/dsa.h +sess_id.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h +sess_id.o: ../include/openssl/err.h ../include/openssl/evp.h +sess_id.o: ../include/openssl/idea.h ../include/openssl/lhash.h +sess_id.o: ../include/openssl/md2.h ../include/openssl/md5.h +sess_id.o: ../include/openssl/mdc2.h ../include/openssl/objects.h +sess_id.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +sess_id.o: ../include/openssl/pem.h ../include/openssl/pem2.h +sess_id.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h +sess_id.o: ../include/openssl/rc4.h ../include/openssl/rc5.h +sess_id.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h +sess_id.o: ../include/openssl/safestack.h ../include/openssl/sha.h +sess_id.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +sess_id.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +sess_id.o: ../include/openssl/stack.h ../include/openssl/tls1.h +sess_id.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h +sess_id.o: progs.h +speed.o: ../include/openssl/asn1.h ../include/openssl/bio.h +speed.o: ../include/openssl/blowfish.h ../include/openssl/bn.h +speed.o: ../include/openssl/buffer.h ../include/openssl/cast.h +speed.o: ../include/openssl/crypto.h ../include/openssl/des.h +speed.o: ../include/openssl/dh.h ../include/openssl/dsa.h +speed.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h +speed.o: ../include/openssl/err.h ../include/openssl/evp.h +speed.o: ../include/openssl/hmac.h ../include/openssl/idea.h +speed.o: ../include/openssl/md2.h ../include/openssl/md5.h +speed.o: ../include/openssl/mdc2.h ../include/openssl/objects.h +speed.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +speed.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h +speed.o: ../include/openssl/rc2.h ../include/openssl/rc4.h +speed.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h +speed.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +speed.o: ../include/openssl/sha.h ../include/openssl/stack.h +speed.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ./testdsa.h +speed.o: ./testrsa.h apps.h progs.h +verify.o: ../include/openssl/asn1.h ../include/openssl/bio.h +verify.o: ../include/openssl/blowfish.h ../include/openssl/bn.h +verify.o: ../include/openssl/buffer.h ../include/openssl/cast.h +verify.o: ../include/openssl/crypto.h ../include/openssl/des.h +verify.o: ../include/openssl/dh.h ../include/openssl/dsa.h +verify.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h +verify.o: ../include/openssl/err.h ../include/openssl/evp.h +verify.o: ../include/openssl/idea.h ../include/openssl/md2.h +verify.o: ../include/openssl/md5.h ../include/openssl/mdc2.h +verify.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +verify.o: ../include/openssl/opensslv.h ../include/openssl/pem.h +verify.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +verify.o: ../include/openssl/rc2.h ../include/openssl/rc4.h +verify.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h +verify.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +verify.o: ../include/openssl/sha.h ../include/openssl/stack.h +verify.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h +verify.o: progs.h +version.o: ../include/openssl/asn1.h ../include/openssl/bio.h +version.o: ../include/openssl/blowfish.h ../include/openssl/bn.h +version.o: ../include/openssl/buffer.h ../include/openssl/cast.h +version.o: ../include/openssl/crypto.h ../include/openssl/des.h +version.o: ../include/openssl/dh.h ../include/openssl/dsa.h +version.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h +version.o: ../include/openssl/evp.h ../include/openssl/idea.h +version.o: ../include/openssl/md2.h ../include/openssl/md5.h +version.o: ../include/openssl/mdc2.h ../include/openssl/objects.h +version.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +version.o: ../include/openssl/rc2.h ../include/openssl/rc4.h +version.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h +version.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +version.o: ../include/openssl/sha.h ../include/openssl/stack.h apps.h progs.h +x509.o: ../include/openssl/asn1.h ../include/openssl/bio.h +x509.o: ../include/openssl/blowfish.h ../include/openssl/bn.h +x509.o: ../include/openssl/buffer.h ../include/openssl/cast.h +x509.o: ../include/openssl/conf.h ../include/openssl/crypto.h +x509.o: ../include/openssl/des.h ../include/openssl/dh.h +x509.o: ../include/openssl/dsa.h ../include/openssl/e_os.h +x509.o: ../include/openssl/e_os2.h ../include/openssl/err.h +x509.o: ../include/openssl/evp.h ../include/openssl/idea.h +x509.o: ../include/openssl/lhash.h ../include/openssl/md2.h +x509.o: ../include/openssl/md5.h ../include/openssl/mdc2.h +x509.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +x509.o: ../include/openssl/opensslv.h ../include/openssl/pem.h +x509.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +x509.o: ../include/openssl/rc2.h ../include/openssl/rc4.h +x509.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h +x509.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +x509.o: ../include/openssl/sha.h ../include/openssl/stack.h +x509.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +x509.o: ../include/openssl/x509v3.h apps.h progs.h diff --git a/crypto/openssl/apps/apps.c b/crypto/openssl/apps/apps.c new file mode 100644 index 000000000000..8fb5e8aaa736 --- /dev/null +++ b/crypto/openssl/apps/apps.c @@ -0,0 +1,326 @@ +/* apps/apps.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include +#include +#include +#include +#define NON_MAIN +#include "apps.h" +#undef NON_MAIN + +#ifdef WINDOWS +# include "bss_file.c" +#endif + +int app_init(long mesgwin); +#ifdef undef /* never finished - probably never will be :-) */ +int args_from_file(char *file, int *argc, char **argv[]) + { + FILE *fp; + int num,i; + unsigned int len; + static char *buf=NULL; + static char **arg=NULL; + char *p; + struct stat stbuf; + + if (stat(file,&stbuf) < 0) return(0); + + fp=fopen(file,"r"); + if (fp == NULL) + return(0); + + *argc=0; + *argv=NULL; + + len=(unsigned int)stbuf.st_size; + if (buf != NULL) Free(buf); + buf=(char *)Malloc(len+1); + if (buf == NULL) return(0); + + len=fread(buf,1,len,fp); + if (len <= 1) return(0); + buf[len]='\0'; + + i=0; + for (p=buf; *p; p++) + if (*p == '\n') i++; + if (arg != NULL) Free(arg); + arg=(char **)Malloc(sizeof(char *)*(i*2)); + + *argv=arg; + num=0; + p=buf; + for (;;) + { + if (!*p) break; + if (*p == '#') /* comment line */ + { + while (*p && (*p != '\n')) p++; + continue; + } + /* else we have a line */ + *(arg++)=p; + num++; + while (*p && ((*p != ' ') && (*p != '\t') && (*p != '\n'))) + p++; + if (!*p) break; + if (*p == '\n') + { + *(p++)='\0'; + continue; + } + /* else it is a tab or space */ + p++; + while (*p && ((*p == ' ') || (*p == '\t') || (*p == '\n'))) + p++; + if (!*p) break; + if (*p == '\n') + { + p++; + continue; + } + *(arg++)=p++; + num++; + while (*p && (*p != '\n')) p++; + if (!*p) break; + /* else *p == '\n' */ + *(p++)='\0'; + } + *argc=num; + return(1); + } +#endif + +int str2fmt(char *s) + { + if ((*s == 'D') || (*s == 'd')) + return(FORMAT_ASN1); + else if ((*s == 'T') || (*s == 't')) + return(FORMAT_TEXT); + else if ((*s == 'P') || (*s == 'p')) + return(FORMAT_PEM); + else if ((*s == 'N') || (*s == 'n')) + return(FORMAT_NETSCAPE); + else + return(FORMAT_UNDEF); + } + +#if defined(MSDOS) || defined(WIN32) || defined(WIN16) +void program_name(char *in, char *out, int size) + { + int i,n; + char *p=NULL; + + n=strlen(in); + /* find the last '/', '\' or ':' */ + for (i=n-1; i>0; i--) + { + if ((in[i] == '/') || (in[i] == '\\') || (in[i] == ':')) + { + p= &(in[i+1]); + break; + } + } + if (p == NULL) + p=in; + n=strlen(p); + /* strip off trailing .exe if present. */ + if ((n > 4) && (p[n-4] == '.') && + ((p[n-3] == 'e') || (p[n-3] == 'E')) && + ((p[n-2] == 'x') || (p[n-2] == 'X')) && + ((p[n-1] == 'e') || (p[n-1] == 'E'))) + n-=4; + if (n > size-1) + n=size-1; + + for (i=0; i= 'A') && (p[i] <= 'Z')) + out[i]=p[i]-'A'+'a'; + else + out[i]=p[i]; + } + out[n]='\0'; + } +#else +#ifdef VMS +void program_name(char *in, char *out, int size) + { + char *p=in, *q; + char *chars=":]>"; + + while(*chars != '\0') + { + q=strrchr(p,*chars); + if (q > p) + p = q + 1; + chars++; + } + + q=strrchr(p,'.'); + if (q == NULL) + q = in+size; + strncpy(out,p,q-p); + out[q-p]='\0'; + } +#else +void program_name(char *in, char *out, int size) + { + char *p; + + p=strrchr(in,'/'); + if (p != NULL) + p++; + else + p=in; + strncpy(out,p,size-1); + out[size-1]='\0'; + } +#endif +#endif + +#ifdef WIN32 +int WIN32_rename(char *from, char *to) + { +#ifdef WINNT + int ret; +/* Note: MoveFileEx() doesn't work under Win95, Win98 */ + + ret=MoveFileEx(from,to,MOVEFILE_REPLACE_EXISTING|MOVEFILE_COPY_ALLOWED); + return(ret?0:-1); +#else + unlink(to); + return MoveFile(from, to); +#endif + } +#endif + +int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[]) + { + int num,len,i; + char *p; + + *argc=0; + *argv=NULL; + + len=strlen(buf); + i=0; + if (arg->count == 0) + { + arg->count=20; + arg->data=(char **)Malloc(sizeof(char *)*arg->count); + } + for (i=0; icount; i++) + arg->data[i]=NULL; + + num=0; + p=buf; + for (;;) + { + /* first scan over white space */ + if (!*p) break; + while (*p && ((*p == ' ') || (*p == '\t') || (*p == '\n'))) + p++; + if (!*p) break; + + /* The start of something good :-) */ + if (num >= arg->count) + { + arg->count+=20; + arg->data=(char **)Realloc(arg->data, + sizeof(char *)*arg->count); + if (argc == 0) return(0); + } + arg->data[num++]=p; + + /* now look for the end of this */ + if ((*p == '\'') || (*p == '\"')) /* scan for closing quote */ + { + i= *(p++); + arg->data[num-1]++; /* jump over quote */ + while (*p && (*p != i)) + p++; + *p='\0'; + } + else + { + while (*p && ((*p != ' ') && + (*p != '\t') && (*p != '\n'))) + p++; + + if (*p == '\0') + p--; + else + *p='\0'; + } + p++; + } + *argc=num; + *argv=arg->data; + return(1); + } + +#ifndef APP_INIT +int app_init(long mesgwin) + { + return(1); + } +#endif diff --git a/crypto/openssl/apps/apps.h b/crypto/openssl/apps/apps.h new file mode 100644 index 000000000000..063f9c65be72 --- /dev/null +++ b/crypto/openssl/apps/apps.h @@ -0,0 +1,141 @@ +/* apps/apps.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_APPS_H +#define HEADER_APPS_H + +#include "openssl/e_os.h" + +#include +#include +#include +#include "progs.h" + +#ifdef NO_STDIO +BIO_METHOD *BIO_s_file(); +#endif + +#ifdef WIN32 +#define rename(from,to) WIN32_rename((from),(to)) +int WIN32_rename(char *oldname,char *newname); +#endif + +#ifndef MONOLITH + +#define MAIN(a,v) main(a,v) + +#ifndef NON_MAIN +BIO *bio_err=NULL; +#else +extern BIO *bio_err; +#endif + +#else + +#define MAIN(a,v) PROG(a,v) +#include +extern LHASH *config; +extern char *default_config_file; +extern BIO *bio_err; + +#endif + +#include + +#ifdef SIGPIPE +#define do_pipe_sig() signal(SIGPIPE,SIG_IGN) +#else +#define do_pipe_sig() +#endif + +#if defined(MONOLITH) && !defined(SSLEAY) +# define apps_startup() do_pipe_sig() +#else +# if defined(MSDOS) || defined(WIN16) || defined(WIN32) +# ifdef _O_BINARY +# define apps_startup() \ + _fmode=_O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \ + SSLeay_add_all_algorithms() +# else +# define apps_startup() \ + _fmode=O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \ + SSLeay_add_all_algorithms() +# endif +# else +# define apps_startup() do_pipe_sig(); SSLeay_add_all_algorithms(); +# endif +#endif + +typedef struct args_st + { + char **data; + int count; + } ARGS; + +int should_retry(int i); +int args_from_file(char *file, int *argc, char **argv[]); +int str2fmt(char *s); +void program_name(char *in,char *out,int size); +int chopup_args(ARGS *arg,char *buf, int *argc, char **argv[]); +#define FORMAT_UNDEF 0 +#define FORMAT_ASN1 1 +#define FORMAT_TEXT 2 +#define FORMAT_PEM 3 +#define FORMAT_NETSCAPE 4 + +#endif diff --git a/crypto/openssl/apps/asn1pars.c b/crypto/openssl/apps/asn1pars.c new file mode 100644 index 000000000000..1b272b29770a --- /dev/null +++ b/crypto/openssl/apps/asn1pars.c @@ -0,0 +1,309 @@ +/* apps/asn1pars.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +/* A nice addition from Dr Stephen Henson to + * add the -strparse option which parses nested binary structures + */ + +#include +#include +#include +#include "apps.h" +#include +#include +#include +#include + +/* -inform arg - input format - default PEM (DER or PEM) + * -in arg - input file - default stdin + * -i - indent the details by depth + * -offset - where in the file to start + * -length - how many bytes to use + * -oid file - extra oid decription file + */ + +#undef PROG +#define PROG asn1parse_main + +int MAIN(int argc, char **argv) + { + int i,badops=0,offset=0,ret=1,j; + unsigned int length=0; + long num,tmplen; + BIO *in=NULL,*out=NULL,*b64=NULL, *derout = NULL; + int informat,indent=0; + char *infile=NULL,*str=NULL,*prog,*oidfile=NULL, *derfile=NULL; + unsigned char *tmpbuf; + BUF_MEM *buf=NULL; + STACK *osk=NULL; + ASN1_TYPE *at=NULL; + + informat=FORMAT_PEM; + + apps_startup(); + + if (bio_err == NULL) + if ((bio_err=BIO_new(BIO_s_file())) != NULL) + BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + + prog=argv[0]; + argc--; + argv++; + if ((osk=sk_new_null()) == NULL) + { + BIO_printf(bio_err,"Malloc failure\n"); + goto end; + } + while (argc >= 1) + { + if (strcmp(*argv,"-inform") == 0) + { + if (--argc < 1) goto bad; + informat=str2fmt(*(++argv)); + } + else if (strcmp(*argv,"-in") == 0) + { + if (--argc < 1) goto bad; + infile= *(++argv); + } + else if (strcmp(*argv,"-out") == 0) + { + if (--argc < 1) goto bad; + derfile= *(++argv); + } + else if (strcmp(*argv,"-i") == 0) + { + indent=1; + } + else if (strcmp(*argv,"-oid") == 0) + { + if (--argc < 1) goto bad; + oidfile= *(++argv); + } + else if (strcmp(*argv,"-offset") == 0) + { + if (--argc < 1) goto bad; + offset= atoi(*(++argv)); + } + else if (strcmp(*argv,"-length") == 0) + { + if (--argc < 1) goto bad; + length= atoi(*(++argv)); + if (length == 0) goto bad; + } + else if (strcmp(*argv,"-strparse") == 0) + { + if (--argc < 1) goto bad; + sk_push(osk,*(++argv)); + } + else + { + BIO_printf(bio_err,"unknown option %s\n",*argv); + badops=1; + break; + } + argc--; + argv++; + } + + if (badops) + { +bad: + BIO_printf(bio_err,"%s [options] data[num]),BUFSIZ); + if (i <= 0) break; + num+=i; + } + str=buf->data; + + /* If any structs to parse go through in sequence */ + + if (sk_num(osk)) + { + tmpbuf=(unsigned char *)str; + tmplen=num; + for (i=0; ivalue.asn1_string->data; + tmplen=at->value.asn1_string->length; + } + str=(char *)tmpbuf; + num=tmplen; + } + + if (length == 0) length=(unsigned int)num; + if(derout) { + if(BIO_write(derout, str + offset, length) != (int)length) { + BIO_printf(bio_err, "Error writing output\n"); + ERR_print_errors(bio_err); + goto end; + } + } + if (!ASN1_parse(out,(unsigned char *)&(str[offset]),length,indent)) + { + ERR_print_errors(bio_err); + goto end; + } + ret=0; +end: + BIO_free(derout); + if (in != NULL) BIO_free(in); + if (out != NULL) BIO_free(out); + if (b64 != NULL) BIO_free(b64); + if (ret != 0) + ERR_print_errors(bio_err); + if (buf != NULL) BUF_MEM_free(buf); + if (at != NULL) ASN1_TYPE_free(at); + if (osk != NULL) sk_free(osk); + OBJ_cleanup(); + EXIT(ret); + } + diff --git a/crypto/openssl/apps/ca-cert.srl b/crypto/openssl/apps/ca-cert.srl new file mode 100644 index 000000000000..eeee65ec419f --- /dev/null +++ b/crypto/openssl/apps/ca-cert.srl @@ -0,0 +1 @@ +05 diff --git a/crypto/openssl/apps/ca-key.pem b/crypto/openssl/apps/ca-key.pem new file mode 100644 index 000000000000..3a520b238f5b --- /dev/null +++ b/crypto/openssl/apps/ca-key.pem @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXQIBAAKBgQCju6PLddelT+nIMm07GQwmYa/eZ2JWbsmt2gotSCqM7asFp425 +gxSK4jqhhT62UPpqDBEwvQ+fYkVv3RV0r9ReuZGv12NoS4fXsQgqO17lHA7Od0Kd +2yNwJjKh44MxPKDt2o8iQMyZE0zlHnEFNpsP4COLTDNC6ljEEu5bk8uPsQIDAQAB +AoGAVZmpFZsDZfr0l2S9tLLwpjRWNOlKATQkno6q2WesT0eGLQufTciY+c8ypfU6 +hyio8r5iUl/VhhdjhAtKx1mRpiotftHo/eYf8rtsrnprOnWG0bWjLjtIoMbcxGn2 +J3bN6LJmbJMjDs0eJ3KnTu646F3nDUw2oGAwmpzKXA1KAP0CQQDRvQhxk2D3Pehs +HvG665u2pB5ipYQngEFlZO7RHJZzJOZEWSLuuMqaF/7pTfA5jiBvWqCgJeCRRInL +21ru4dlPAkEAx9jj7BgKn5TYnMoBSSe0afjsV9oApVpN1Nacb1YDtCwy+scp3++s +nFxlv98wxIlSdpwMUn+AUWfjiWR7Tu/G/wJBAJ/KjwZIrFVxewP0x2ILYsTRYLzz +MS4PDsO7FB+I0i7DbBOifXS2oNSpd3I0CNMwrxFnUHzynpbOStVfN3ZL5w0CQQCa +pwFahxBRhkJKsxhjoFJBX9yl75JoY4Wvm5Tbo9ih6UJaRx3kqfkN14L2BKYcsZgb +KY9vmDOYy6iNfjDeWTfJAkBkfPUb8oTJ/nSP5zN6sqGxSY4krc4xLxpRmxoJ8HL2 +XfhqXkTzbU13RX9JJ/NZ8vQN9Vm2NhxRGJocQkmcdVtJ +-----END RSA PRIVATE KEY----- diff --git a/crypto/openssl/apps/ca-req.pem b/crypto/openssl/apps/ca-req.pem new file mode 100644 index 000000000000..77bf7ec308b5 --- /dev/null +++ b/crypto/openssl/apps/ca-req.pem @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBmTCCAQICAQAwWzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQx +GjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYDVQQDExJUZXN0IENBICgx +MDI0IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKO7o8t116VP6cgy +bTsZDCZhr95nYlZuya3aCi1IKoztqwWnjbmDFIriOqGFPrZQ+moMETC9D59iRW/d +FXSv1F65ka/XY2hLh9exCCo7XuUcDs53Qp3bI3AmMqHjgzE8oO3ajyJAzJkTTOUe +cQU2mw/gI4tMM0LqWMQS7luTy4+xAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAKlk7 +cxu9gCJN3/iQFyJXQ6YphaiQAT5VBXTx9ftRrQIjA3vxlDzPWGDy+V5Tqa7h8PtR +5Bn00JShII2zf0hjyjKils6x/UkWmjEiwSiFp4hR70iE8XwSNEHY2P6j6nQEIpgW +kbfgmmUqk7dl2V+ossTJ80B8SBpEhrn81V/cHxA= +-----END CERTIFICATE REQUEST----- diff --git a/crypto/openssl/apps/ca.c b/crypto/openssl/apps/ca.c new file mode 100644 index 000000000000..9ed100dd3c1c --- /dev/null +++ b/crypto/openssl/apps/ca.c @@ -0,0 +1,2232 @@ +/* apps/ca.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +/* The PPKI stuff has been donated by Jeff Barber */ + +#include +#include +#include +#include +#include +#include "apps.h" +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#ifndef W_OK +# ifdef VMS +# if defined(__DECC) +# include +# else +# include +# endif +# else +# include +# endif +#endif + +#ifndef W_OK +# define F_OK 0 +# define X_OK 1 +# define W_OK 2 +# define R_OK 4 +#endif + +#undef PROG +#define PROG ca_main + +#define BASE_SECTION "ca" +#define CONFIG_FILE "openssl.cnf" + +#define ENV_DEFAULT_CA "default_ca" + +#define ENV_DIR "dir" +#define ENV_CERTS "certs" +#define ENV_CRL_DIR "crl_dir" +#define ENV_CA_DB "CA_DB" +#define ENV_NEW_CERTS_DIR "new_certs_dir" +#define ENV_CERTIFICATE "certificate" +#define ENV_SERIAL "serial" +#define ENV_CRL "crl" +#define ENV_PRIVATE_KEY "private_key" +#define ENV_RANDFILE "RANDFILE" +#define ENV_DEFAULT_DAYS "default_days" +#define ENV_DEFAULT_STARTDATE "default_startdate" +#define ENV_DEFAULT_ENDDATE "default_enddate" +#define ENV_DEFAULT_CRL_DAYS "default_crl_days" +#define ENV_DEFAULT_CRL_HOURS "default_crl_hours" +#define ENV_DEFAULT_MD "default_md" +#define ENV_PRESERVE "preserve" +#define ENV_POLICY "policy" +#define ENV_EXTENSIONS "x509_extensions" +#define ENV_CRLEXT "crl_extensions" +#define ENV_MSIE_HACK "msie_hack" + +#define ENV_DATABASE "database" + +#define DB_type 0 +#define DB_exp_date 1 +#define DB_rev_date 2 +#define DB_serial 3 /* index - unique */ +#define DB_file 4 +#define DB_name 5 /* index - unique for active */ +#define DB_NUMBER 6 + +#define DB_TYPE_REV 'R' +#define DB_TYPE_EXP 'E' +#define DB_TYPE_VAL 'V' + +static char *ca_usage[]={ +"usage: ca args\n", +"\n", +" -verbose - Talk alot while doing things\n", +" -config file - A config file\n", +" -name arg - The particular CA definition to use\n", +" -gencrl - Generate a new CRL\n", +" -crldays days - Days is when the next CRL is due\n", +" -crlhours hours - Hours is when the next CRL is due\n", +" -days arg - number of days to certify the certificate for\n", +" -md arg - md to use, one of md2, md5, sha or sha1\n", +" -policy arg - The CA 'policy' to support\n", +" -keyfile arg - PEM private key file\n", +" -key arg - key to decode the private key if it is encrypted\n", +" -cert file - The CA certificate\n", +" -in file - The input PEM encoded certificate request(s)\n", +" -out file - Where to put the output file(s)\n", +" -outdir dir - Where to put output certificates\n", +" -infiles .... - The last argument, requests to process\n", +" -spkac file - File contains DN and signed public key and challenge\n", +" -ss_cert file - File contains a self signed cert to sign\n", +" -preserveDN - Don't re-order the DN\n", +" -batch - Don't ask questions\n", +" -msie_hack - msie modifications to handle all those universal strings\n", +" -revoke file - Revoke a certificate (given in file)\n", +NULL +}; + +#ifdef EFENCE +extern int EF_PROTECT_FREE; +extern int EF_PROTECT_BELOW; +extern int EF_ALIGNMENT; +#endif + +static int add_oid_section(LHASH *conf); +static void lookup_fail(char *name,char *tag); +static int MS_CALLBACK key_callback(char *buf,int len,int verify,void *u); +static unsigned long index_serial_hash(char **a); +static int index_serial_cmp(char **a, char **b); +static unsigned long index_name_hash(char **a); +static int index_name_qual(char **a); +static int index_name_cmp(char **a,char **b); +static BIGNUM *load_serial(char *serialfile); +static int save_serial(char *serialfile, BIGNUM *serial); +static int certify(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509, + const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,TXT_DB *db, + BIGNUM *serial, char *startdate,char *enddate, int days, + int batch, char *ext_sect, LHASH *conf,int verbose); +static int certify_cert(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509, + const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy, + TXT_DB *db, BIGNUM *serial,char *startdate, + char *enddate, int days, int batch, char *ext_sect, + LHASH *conf,int verbose); +static int certify_spkac(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509, + const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy, + TXT_DB *db, BIGNUM *serial,char *startdate, + char *enddate, int days, char *ext_sect,LHASH *conf, + int verbose); +static int fix_data(int nid, int *type); +static void write_new_certificate(BIO *bp, X509 *x, int output_der); +static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, + STACK_OF(CONF_VALUE) *policy, TXT_DB *db, BIGNUM *serial, + char *startdate, char *enddate, int days, int batch, int verbose, + X509_REQ *req, char *ext_sect, LHASH *conf); +static int do_revoke(X509 *x509, TXT_DB *db); +static int check_time_format(char *str); +static LHASH *conf; +static char *key=NULL; +static char *section=NULL; + +static int preserve=0; +static int msie_hack=0; + +int MAIN(int argc, char **argv) + { + int total=0; + int total_done=0; + int badops=0; + int ret=1; + int req=0; + int verbose=0; + int gencrl=0; + int dorevoke=0; + long crldays=0; + long crlhours=0; + long errorline= -1; + char *configfile=NULL; + char *md=NULL; + char *policy=NULL; + char *keyfile=NULL; + char *certfile=NULL; + char *infile=NULL; + char *spkac_file=NULL; + char *ss_cert_file=NULL; + EVP_PKEY *pkey=NULL; + int output_der = 0; + char *outfile=NULL; + char *outdir=NULL; + char *serialfile=NULL; + char *extensions=NULL; + char *crl_ext=NULL; + BIGNUM *serial=NULL; + char *startdate=NULL; + char *enddate=NULL; + int days=0; + int batch=0; + X509 *x509=NULL; + X509 *x=NULL; + BIO *in=NULL,*out=NULL,*Sout=NULL,*Cout=NULL; + char *dbfile=NULL; + TXT_DB *db=NULL; + X509_CRL *crl=NULL; + X509_CRL_INFO *ci=NULL; + X509_REVOKED *r=NULL; + char **pp,*p,*f; + int i,j; + long l; + const EVP_MD *dgst=NULL; + STACK_OF(CONF_VALUE) *attribs=NULL; + STACK *cert_sk=NULL; + BIO *hex=NULL; +#undef BSIZE +#define BSIZE 256 + MS_STATIC char buf[3][BSIZE]; + +#ifdef EFENCE +EF_PROTECT_FREE=1; +EF_PROTECT_BELOW=1; +EF_ALIGNMENT=0; +#endif + + apps_startup(); + + X509V3_add_standard_extensions(); + + preserve=0; + if (bio_err == NULL) + if ((bio_err=BIO_new(BIO_s_file())) != NULL) + BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + + argc--; + argv++; + while (argc >= 1) + { + if (strcmp(*argv,"-verbose") == 0) + verbose=1; + else if (strcmp(*argv,"-config") == 0) + { + if (--argc < 1) goto bad; + configfile= *(++argv); + } + else if (strcmp(*argv,"-name") == 0) + { + if (--argc < 1) goto bad; + section= *(++argv); + } + else if (strcmp(*argv,"-startdate") == 0) + { + if (--argc < 1) goto bad; + startdate= *(++argv); + } + else if (strcmp(*argv,"-enddate") == 0) + { + if (--argc < 1) goto bad; + enddate= *(++argv); + } + else if (strcmp(*argv,"-days") == 0) + { + if (--argc < 1) goto bad; + days=atoi(*(++argv)); + } + else if (strcmp(*argv,"-md") == 0) + { + if (--argc < 1) goto bad; + md= *(++argv); + } + else if (strcmp(*argv,"-policy") == 0) + { + if (--argc < 1) goto bad; + policy= *(++argv); + } + else if (strcmp(*argv,"-keyfile") == 0) + { + if (--argc < 1) goto bad; + keyfile= *(++argv); + } + else if (strcmp(*argv,"-key") == 0) + { + if (--argc < 1) goto bad; + key= *(++argv); + } + else if (strcmp(*argv,"-cert") == 0) + { + if (--argc < 1) goto bad; + certfile= *(++argv); + } + else if (strcmp(*argv,"-in") == 0) + { + if (--argc < 1) goto bad; + infile= *(++argv); + req=1; + } + else if (strcmp(*argv,"-out") == 0) + { + if (--argc < 1) goto bad; + outfile= *(++argv); + } + else if (strcmp(*argv,"-outdir") == 0) + { + if (--argc < 1) goto bad; + outdir= *(++argv); + } + else if (strcmp(*argv,"-batch") == 0) + batch=1; + else if (strcmp(*argv,"-preserveDN") == 0) + preserve=1; + else if (strcmp(*argv,"-gencrl") == 0) + gencrl=1; + else if (strcmp(*argv,"-msie_hack") == 0) + msie_hack=1; + else if (strcmp(*argv,"-crldays") == 0) + { + if (--argc < 1) goto bad; + crldays= atol(*(++argv)); + } + else if (strcmp(*argv,"-crlhours") == 0) + { + if (--argc < 1) goto bad; + crlhours= atol(*(++argv)); + } + else if (strcmp(*argv,"-infiles") == 0) + { + argc--; + argv++; + req=1; + break; + } + else if (strcmp(*argv, "-ss_cert") == 0) + { + if (--argc < 1) goto bad; + ss_cert_file = *(++argv); + req=1; + } + else if (strcmp(*argv, "-spkac") == 0) + { + if (--argc < 1) goto bad; + spkac_file = *(++argv); + req=1; + } + else if (strcmp(*argv,"-revoke") == 0) + { + if (--argc < 1) goto bad; + infile= *(++argv); + dorevoke=1; + } + else + { +bad: + BIO_printf(bio_err,"unknown option %s\n",*argv); + badops=1; + break; + } + argc--; + argv++; + } + + if (badops) + { + for (pp=ca_usage; (*pp != NULL); pp++) + BIO_printf(bio_err,*pp); + goto err; + } + + ERR_load_crypto_strings(); + + /*****************************************************************/ + if (configfile == NULL) configfile = getenv("OPENSSL_CONF"); + if (configfile == NULL) configfile = getenv("SSLEAY_CONF"); + if (configfile == NULL) + { + /* We will just use 'buf[0]' as a temporary buffer. */ +#ifdef VMS + strncpy(buf[0],X509_get_default_cert_area(), + sizeof(buf[0])-1-sizeof(CONFIG_FILE)); +#else + strncpy(buf[0],X509_get_default_cert_area(), + sizeof(buf[0])-2-sizeof(CONFIG_FILE)); + strcat(buf[0],"/"); +#endif + strcat(buf[0],CONFIG_FILE); + configfile=buf[0]; + } + + BIO_printf(bio_err,"Using configuration from %s\n",configfile); + if ((conf=CONF_load(NULL,configfile,&errorline)) == NULL) + { + if (errorline <= 0) + BIO_printf(bio_err,"error loading the config file '%s'\n", + configfile); + else + BIO_printf(bio_err,"error on line %ld of config file '%s'\n" + ,errorline,configfile); + goto err; + } + + /* Lets get the config section we are using */ + if (section == NULL) + { + section=CONF_get_string(conf,BASE_SECTION,ENV_DEFAULT_CA); + if (section == NULL) + { + lookup_fail(BASE_SECTION,ENV_DEFAULT_CA); + goto err; + } + } + + if (conf != NULL) + { + p=CONF_get_string(conf,NULL,"oid_file"); + if (p != NULL) + { + BIO *oid_bio; + + oid_bio=BIO_new_file(p,"r"); + if (oid_bio == NULL) + { + /* + BIO_printf(bio_err,"problems opening %s for extra oid's\n",p); + ERR_print_errors(bio_err); + */ + ERR_clear_error(); + } + else + { + OBJ_create_objects(oid_bio); + BIO_free(oid_bio); + } + } + } + if(!add_oid_section(conf)) { + ERR_print_errors(bio_err); + goto err; + } + + in=BIO_new(BIO_s_file()); + out=BIO_new(BIO_s_file()); + Sout=BIO_new(BIO_s_file()); + Cout=BIO_new(BIO_s_file()); + if ((in == NULL) || (out == NULL) || (Sout == NULL) || (Cout == NULL)) + { + ERR_print_errors(bio_err); + goto err; + } + + /*****************************************************************/ + /* we definitly need an public key, so lets get it */ + + if ((keyfile == NULL) && ((keyfile=CONF_get_string(conf, + section,ENV_PRIVATE_KEY)) == NULL)) + { + lookup_fail(section,ENV_PRIVATE_KEY); + goto err; + } + if (BIO_read_filename(in,keyfile) <= 0) + { + perror(keyfile); + BIO_printf(bio_err,"trying to load CA private key\n"); + goto err; + } + if (key == NULL) + pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,NULL); + else + { + pkey=PEM_read_bio_PrivateKey(in,NULL,key_callback,NULL); + memset(key,0,strlen(key)); + } + if (pkey == NULL) + { + BIO_printf(bio_err,"unable to load CA private key\n"); + goto err; + } + + /*****************************************************************/ + /* we need a certificate */ + if ((certfile == NULL) && ((certfile=CONF_get_string(conf, + section,ENV_CERTIFICATE)) == NULL)) + { + lookup_fail(section,ENV_CERTIFICATE); + goto err; + } + if (BIO_read_filename(in,certfile) <= 0) + { + perror(certfile); + BIO_printf(bio_err,"trying to load CA certificate\n"); + goto err; + } + x509=PEM_read_bio_X509(in,NULL,NULL,NULL); + if (x509 == NULL) + { + BIO_printf(bio_err,"unable to load CA certificate\n"); + goto err; + } + + if (!X509_check_private_key(x509,pkey)) + { + BIO_printf(bio_err,"CA certificate and CA private key do not match\n"); + goto err; + } + + f=CONF_get_string(conf,BASE_SECTION,ENV_PRESERVE); + if ((f != NULL) && ((*f == 'y') || (*f == 'Y'))) + preserve=1; + f=CONF_get_string(conf,BASE_SECTION,ENV_MSIE_HACK); + if ((f != NULL) && ((*f == 'y') || (*f == 'Y'))) + msie_hack=1; + + /*****************************************************************/ + /* lookup where to write new certificates */ + if ((outdir == NULL) && (req)) + { + struct stat sb; + + if ((outdir=CONF_get_string(conf,section,ENV_NEW_CERTS_DIR)) + == NULL) + { + BIO_printf(bio_err,"there needs to be defined a directory for new certificate to be placed in\n"); + goto err; + } +#ifdef VMS + /* For technical reasons, VMS misbehaves with X_OK */ + if (access(outdir,R_OK|W_OK) != 0) +#else + if (access(outdir,R_OK|W_OK|X_OK) != 0) +#endif + { + BIO_printf(bio_err,"I am unable to acces the %s directory\n",outdir); + perror(outdir); + goto err; + } + + if (stat(outdir,&sb) != 0) + { + BIO_printf(bio_err,"unable to stat(%s)\n",outdir); + perror(outdir); + goto err; + } + if (!(sb.st_mode & S_IFDIR)) + { + BIO_printf(bio_err,"%s need to be a directory\n",outdir); + perror(outdir); + goto err; + } + } + + /*****************************************************************/ + /* we need to load the database file */ + if ((dbfile=CONF_get_string(conf,section,ENV_DATABASE)) == NULL) + { + lookup_fail(section,ENV_DATABASE); + goto err; + } + if (BIO_read_filename(in,dbfile) <= 0) + { + perror(dbfile); + BIO_printf(bio_err,"unable to open '%s'\n",dbfile); + goto err; + } + db=TXT_DB_read(in,DB_NUMBER); + if (db == NULL) goto err; + + /* Lets check some fields */ + for (i=0; idata); i++) + { + pp=(char **)sk_value(db->data,i); + if ((pp[DB_type][0] != DB_TYPE_REV) && + (pp[DB_rev_date][0] != '\0')) + { + BIO_printf(bio_err,"entry %d: not revoked yet, but has a revocation date\n",i+1); + goto err; + } + if ((pp[DB_type][0] == DB_TYPE_REV) && + !check_time_format(pp[DB_rev_date])) + { + BIO_printf(bio_err,"entry %d: invalid revocation date\n", + i+1); + goto err; + } + if (!check_time_format(pp[DB_exp_date])) + { + BIO_printf(bio_err,"entry %d: invalid expiry date\n",i+1); + goto err; + } + p=pp[DB_serial]; + j=strlen(p); + if ((j&1) || (j < 2)) + { + BIO_printf(bio_err,"entry %d: bad serial number length (%d)\n",i+1,j); + goto err; + } + while (*p) + { + if (!( ((*p >= '0') && (*p <= '9')) || + ((*p >= 'A') && (*p <= 'F')) || + ((*p >= 'a') && (*p <= 'f'))) ) + { + BIO_printf(bio_err,"entry %d: bad serial number characters, char pos %ld, char is '%c'\n",i+1,(long)(p-pp[DB_serial]),*p); + goto err; + } + p++; + } + } + if (verbose) + { + BIO_set_fp(out,stdout,BIO_NOCLOSE|BIO_FP_TEXT); /* cannot fail */ + TXT_DB_write(out,db); + BIO_printf(bio_err,"%d entries loaded from the database\n", + db->data->num); + BIO_printf(bio_err,"generating indexs\n"); + } + + if (!TXT_DB_create_index(db,DB_serial,NULL,index_serial_hash, + index_serial_cmp)) + { + BIO_printf(bio_err,"error creating serial number index:(%ld,%ld,%ld)\n",db->error,db->arg1,db->arg2); + goto err; + } + + if (!TXT_DB_create_index(db,DB_name,index_name_qual,index_name_hash, + index_name_cmp)) + { + BIO_printf(bio_err,"error creating name index:(%ld,%ld,%ld)\n", + db->error,db->arg1,db->arg2); + goto err; + } + + /*****************************************************************/ + if (req || gencrl) + { + if (outfile != NULL) + { + + if (BIO_write_filename(Sout,outfile) <= 0) + { + perror(outfile); + goto err; + } + } + else + BIO_set_fp(Sout,stdout,BIO_NOCLOSE|BIO_FP_TEXT); + } + + if (req) + { + if ((md == NULL) && ((md=CONF_get_string(conf, + section,ENV_DEFAULT_MD)) == NULL)) + { + lookup_fail(section,ENV_DEFAULT_MD); + goto err; + } + if ((dgst=EVP_get_digestbyname(md)) == NULL) + { + BIO_printf(bio_err,"%s is an unsupported message digest type\n",md); + goto err; + } + if (verbose) + BIO_printf(bio_err,"message digest is %s\n", + OBJ_nid2ln(dgst->type)); + if ((policy == NULL) && ((policy=CONF_get_string(conf, + section,ENV_POLICY)) == NULL)) + { + lookup_fail(section,ENV_POLICY); + goto err; + } + if (verbose) + BIO_printf(bio_err,"policy is %s\n",policy); + + if ((serialfile=CONF_get_string(conf,section,ENV_SERIAL)) + == NULL) + { + lookup_fail(section,ENV_SERIAL); + goto err; + } + + extensions=CONF_get_string(conf,section,ENV_EXTENSIONS); + if(extensions) { + /* Check syntax of file */ + X509V3_CTX ctx; + X509V3_set_ctx_test(&ctx); + X509V3_set_conf_lhash(&ctx, conf); + if(!X509V3_EXT_add_conf(conf, &ctx, extensions, NULL)) { + BIO_printf(bio_err, + "Error Loading extension section %s\n", + extensions); + ret = 1; + goto err; + } + } + + if (startdate == NULL) + { + startdate=CONF_get_string(conf,section, + ENV_DEFAULT_STARTDATE); + } + if (startdate && !ASN1_UTCTIME_set_string(NULL,startdate)) + { + BIO_printf(bio_err,"start date is invalid, it should be YYMMDDHHMMSSZ\n"); + goto err; + } + if (startdate == NULL) startdate="today"; + + if (enddate == NULL) + { + enddate=CONF_get_string(conf,section, + ENV_DEFAULT_ENDDATE); + } + if (enddate && !ASN1_UTCTIME_set_string(NULL,enddate)) + { + BIO_printf(bio_err,"end date is invalid, it should be YYMMDDHHMMSSZ\n"); + goto err; + } + + if (days == 0) + { + days=(int)CONF_get_number(conf,section, + ENV_DEFAULT_DAYS); + } + if (!enddate && (days == 0)) + { + BIO_printf(bio_err,"cannot lookup how many days to certify for\n"); + goto err; + } + + if ((serial=load_serial(serialfile)) == NULL) + { + BIO_printf(bio_err,"error while loading serial number\n"); + goto err; + } + if (verbose) + { + if ((f=BN_bn2hex(serial)) == NULL) goto err; + BIO_printf(bio_err,"next serial number is %s\n",f); + Free(f); + } + + if ((attribs=CONF_get_section(conf,policy)) == NULL) + { + BIO_printf(bio_err,"unable to find 'section' for %s\n",policy); + goto err; + } + + if ((cert_sk=sk_new_null()) == NULL) + { + BIO_printf(bio_err,"Malloc failure\n"); + goto err; + } + if (spkac_file != NULL) + { + total++; + j=certify_spkac(&x,spkac_file,pkey,x509,dgst,attribs,db, + serial,startdate,enddate, days,extensions,conf, + verbose); + if (j < 0) goto err; + if (j > 0) + { + total_done++; + BIO_printf(bio_err,"\n"); + if (!BN_add_word(serial,1)) goto err; + if (!sk_push(cert_sk,(char *)x)) + { + BIO_printf(bio_err,"Malloc failure\n"); + goto err; + } + if (outfile) + { + output_der = 1; + batch = 1; + } + } + } + if (ss_cert_file != NULL) + { + total++; + j=certify_cert(&x,ss_cert_file,pkey,x509,dgst,attribs, + db,serial,startdate,enddate,days,batch, + extensions,conf,verbose); + if (j < 0) goto err; + if (j > 0) + { + total_done++; + BIO_printf(bio_err,"\n"); + if (!BN_add_word(serial,1)) goto err; + if (!sk_push(cert_sk,(char *)x)) + { + BIO_printf(bio_err,"Malloc failure\n"); + goto err; + } + } + } + if (infile != NULL) + { + total++; + j=certify(&x,infile,pkey,x509,dgst,attribs,db, + serial,startdate,enddate,days,batch, + extensions,conf,verbose); + if (j < 0) goto err; + if (j > 0) + { + total_done++; + BIO_printf(bio_err,"\n"); + if (!BN_add_word(serial,1)) goto err; + if (!sk_push(cert_sk,(char *)x)) + { + BIO_printf(bio_err,"Malloc failure\n"); + goto err; + } + } + } + for (i=0; i 0) + { + total_done++; + BIO_printf(bio_err,"\n"); + if (!BN_add_word(serial,1)) goto err; + if (!sk_push(cert_sk,(char *)x)) + { + BIO_printf(bio_err,"Malloc failure\n"); + goto err; + } + } + } + /* we have a stack of newly certified certificates + * and a data base and serial number that need + * updating */ + + if (sk_num(cert_sk) > 0) + { + if (!batch) + { + BIO_printf(bio_err,"\n%d out of %d certificate requests certified, commit? [y/n]",total_done,total); + (void)BIO_flush(bio_err); + buf[0][0]='\0'; + fgets(buf[0],10,stdin); + if ((buf[0][0] != 'y') && (buf[0][0] != 'Y')) + { + BIO_printf(bio_err,"CERTIFICATION CANCELED\n"); + ret=0; + goto err; + } + } + + BIO_printf(bio_err,"Write out database with %d new entries\n",sk_num(cert_sk)); + + strncpy(buf[0],serialfile,BSIZE-4); + +#ifdef VMS + strcat(buf[0],"-new"); +#else + strcat(buf[0],".new"); +#endif + + if (!save_serial(buf[0],serial)) goto err; + + strncpy(buf[1],dbfile,BSIZE-4); + +#ifdef VMS + strcat(buf[1],"-new"); +#else + strcat(buf[1],".new"); +#endif + + if (BIO_write_filename(out,buf[1]) <= 0) + { + perror(dbfile); + BIO_printf(bio_err,"unable to open '%s'\n",dbfile); + goto err; + } + l=TXT_DB_write(out,db); + if (l <= 0) goto err; + } + + if (verbose) + BIO_printf(bio_err,"writing new certificates\n"); + for (i=0; icert_info->serialNumber->length; + p=(char *)x->cert_info->serialNumber->data; + + strncpy(buf[2],outdir,BSIZE-(j*2)-6); + +#ifndef VMS + strcat(buf[2],"/"); +#endif + + n=(unsigned char *)&(buf[2][strlen(buf[2])]); + if (j > 0) + { + for (k=0; kcrl; + X509_NAME_free(ci->issuer); + ci->issuer=X509_NAME_dup(x509->cert_info->subject); + if (ci->issuer == NULL) goto err; + + X509_gmtime_adj(ci->lastUpdate,0); + if (ci->nextUpdate == NULL) + ci->nextUpdate=ASN1_UTCTIME_new(); + X509_gmtime_adj(ci->nextUpdate,(crldays*24+crlhours)*60*60); + + for (i=0; idata); i++) + { + pp=(char **)sk_value(db->data,i); + if (pp[DB_type][0] == DB_TYPE_REV) + { + if ((r=X509_REVOKED_new()) == NULL) goto err; + ASN1_STRING_set((ASN1_STRING *) + r->revocationDate, + (unsigned char *)pp[DB_rev_date], + strlen(pp[DB_rev_date])); + /* strcpy(r->revocationDate,pp[DB_rev_date]);*/ + + (void)BIO_reset(hex); + if (!BIO_puts(hex,pp[DB_serial])) + goto err; + if (!a2i_ASN1_INTEGER(hex,r->serialNumber, + buf[0],BSIZE)) goto err; + + sk_X509_REVOKED_push(ci->revoked,r); + } + } + /* sort the data so it will be written in serial + * number order */ + sk_X509_REVOKED_sort(ci->revoked); + for (i=0; irevoked); i++) + { + r=sk_X509_REVOKED_value(ci->revoked,i); + r->sequence=i; + } + + /* we now have a CRL */ + if (verbose) BIO_printf(bio_err,"signing CRL\n"); + if (md != NULL) + { + if ((dgst=EVP_get_digestbyname(md)) == NULL) + { + BIO_printf(bio_err,"%s is an unsupported message digest type\n",md); + goto err; + } + } + else + { +#ifndef NO_DSA + if (pkey->type == EVP_PKEY_DSA) + dgst=EVP_dss1(); + else +#endif + dgst=EVP_md5(); + } + + /* Add any extensions asked for */ + + if(crl_ext) { + X509V3_CTX crlctx; + if (ci->version == NULL) + if ((ci->version=ASN1_INTEGER_new()) == NULL) goto err; + ASN1_INTEGER_set(ci->version,1); /* version 2 CRL */ + X509V3_set_ctx(&crlctx, x509, NULL, NULL, crl, 0); + X509V3_set_conf_lhash(&crlctx, conf); + + if(!X509V3_EXT_CRL_add_conf(conf, &crlctx, + crl_ext, crl)) goto err; + } + + if (!X509_CRL_sign(crl,pkey,dgst)) goto err; + + PEM_write_bio_X509_CRL(Sout,crl); + } + /*****************************************************************/ + if (dorevoke) + { + in=BIO_new(BIO_s_file()); + out=BIO_new(BIO_s_file()); + if ((in == NULL) || (out == NULL)) + { + ERR_print_errors(bio_err); + goto err; + } + if (infile == NULL) + { + BIO_printf(bio_err,"no input files\n"); + goto err; + } + else + { + if (BIO_read_filename(in,infile) <= 0) + { + perror(infile); + BIO_printf(bio_err,"error trying to load '%s' certificate\n",infile); + goto err; + } + x509=PEM_read_bio_X509(in,NULL,NULL,NULL); + if (x509 == NULL) + { + BIO_printf(bio_err,"unable to load '%s' certificate\n",infile); + goto err; + } + j=do_revoke(x509,db); + + strncpy(buf[0],dbfile,BSIZE-4); + strcat(buf[0],".new"); + if (BIO_write_filename(out,buf[0]) <= 0) + { + perror(dbfile); + BIO_printf(bio_err,"unable to open '%s'\n",dbfile); + goto err; + } + j=TXT_DB_write(out,db); + if (j <= 0) goto err; + BIO_free(in); + BIO_free(out); + in=NULL; + out=NULL; + strncpy(buf[1],dbfile,BSIZE-4); + strcat(buf[1],".old"); + if (rename(dbfile,buf[1]) < 0) + { + BIO_printf(bio_err,"unable to rename %s to %s\n", dbfile, buf[1]); + perror("reason"); + goto err; + } + if (rename(buf[0],dbfile) < 0) + { + BIO_printf(bio_err,"unable to rename %s to %s\n", buf[0],dbfile); + perror("reason"); + rename(buf[1],dbfile); + goto err; + } + BIO_printf(bio_err,"Data Base Updated\n"); + } + } + /*****************************************************************/ + ret=0; +err: + BIO_free(hex); + BIO_free(Cout); + BIO_free(Sout); + BIO_free(out); + BIO_free(in); + + sk_pop_free(cert_sk,X509_free); + + if (ret) ERR_print_errors(bio_err); + BN_free(serial); + TXT_DB_free(db); + EVP_PKEY_free(pkey); + X509_free(x509); + X509_CRL_free(crl); + CONF_free(conf); + X509V3_EXT_cleanup(); + OBJ_cleanup(); + EXIT(ret); + } + +static void lookup_fail(char *name, char *tag) + { + BIO_printf(bio_err,"variable lookup failed for %s::%s\n",name,tag); + } + +static int MS_CALLBACK key_callback(char *buf, int len, int verify, void *u) + { + int i; + + if (key == NULL) return(0); + i=strlen(key); + i=(i > len)?len:i; + memcpy(buf,key,i); + return(i); + } + +static unsigned long index_serial_hash(char **a) + { + char *n; + + n=a[DB_serial]; + while (*n == '0') n++; + return(lh_strhash(n)); + } + +static int index_serial_cmp(char **a, char **b) + { + char *aa,*bb; + + for (aa=a[DB_serial]; *aa == '0'; aa++); + for (bb=b[DB_serial]; *bb == '0'; bb++); + return(strcmp(aa,bb)); + } + +static unsigned long index_name_hash(char **a) + { return(lh_strhash(a[DB_name])); } + +static int index_name_qual(char **a) + { return(a[0][0] == 'V'); } + +static int index_name_cmp(char **a, char **b) + { return(strcmp(a[DB_name], + b[DB_name])); } + +static BIGNUM *load_serial(char *serialfile) + { + BIO *in=NULL; + BIGNUM *ret=NULL; + MS_STATIC char buf[1024]; + ASN1_INTEGER *ai=NULL; + + if ((in=BIO_new(BIO_s_file())) == NULL) + { + ERR_print_errors(bio_err); + goto err; + } + + if (BIO_read_filename(in,serialfile) <= 0) + { + perror(serialfile); + goto err; + } + ai=ASN1_INTEGER_new(); + if (ai == NULL) goto err; + if (!a2i_ASN1_INTEGER(in,ai,buf,1024)) + { + BIO_printf(bio_err,"unable to load number from %s\n", + serialfile); + goto err; + } + ret=ASN1_INTEGER_to_BN(ai,NULL); + if (ret == NULL) + { + BIO_printf(bio_err,"error converting number from bin to BIGNUM"); + goto err; + } +err: + if (in != NULL) BIO_free(in); + if (ai != NULL) ASN1_INTEGER_free(ai); + return(ret); + } + +static int save_serial(char *serialfile, BIGNUM *serial) + { + BIO *out; + int ret=0; + ASN1_INTEGER *ai=NULL; + + out=BIO_new(BIO_s_file()); + if (out == NULL) + { + ERR_print_errors(bio_err); + goto err; + } + if (BIO_write_filename(out,serialfile) <= 0) + { + perror(serialfile); + goto err; + } + + if ((ai=BN_to_ASN1_INTEGER(serial,NULL)) == NULL) + { + BIO_printf(bio_err,"error converting serial to ASN.1 format\n"); + goto err; + } + i2a_ASN1_INTEGER(out,ai); + BIO_puts(out,"\n"); + ret=1; +err: + if (out != NULL) BIO_free(out); + if (ai != NULL) ASN1_INTEGER_free(ai); + return(ret); + } + +static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, + const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db, + BIGNUM *serial, char *startdate, char *enddate, int days, + int batch, char *ext_sect, LHASH *lconf, int verbose) + { + X509_REQ *req=NULL; + BIO *in=NULL; + EVP_PKEY *pktmp=NULL; + int ok= -1,i; + + in=BIO_new(BIO_s_file()); + + if (BIO_read_filename(in,infile) <= 0) + { + perror(infile); + goto err; + } + if ((req=PEM_read_bio_X509_REQ(in,NULL,NULL,NULL)) == NULL) + { + BIO_printf(bio_err,"Error reading certificate request in %s\n", + infile); + goto err; + } + if (verbose) + X509_REQ_print(bio_err,req); + + BIO_printf(bio_err,"Check that the request matches the signature\n"); + + if ((pktmp=X509_REQ_get_pubkey(req)) == NULL) + { + BIO_printf(bio_err,"error unpacking public key\n"); + goto err; + } + i=X509_REQ_verify(req,pktmp); + EVP_PKEY_free(pktmp); + if (i < 0) + { + ok=0; + BIO_printf(bio_err,"Signature verification problems....\n"); + goto err; + } + if (i == 0) + { + ok=0; + BIO_printf(bio_err,"Signature did not match the certificate request\n"); + goto err; + } + else + BIO_printf(bio_err,"Signature ok\n"); + + ok=do_body(xret,pkey,x509,dgst,policy,db,serial,startdate, enddate, + days,batch,verbose,req,ext_sect,lconf); + +err: + if (req != NULL) X509_REQ_free(req); + if (in != NULL) BIO_free(in); + return(ok); + } + +static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, + const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db, + BIGNUM *serial, char *startdate, char *enddate, int days, + int batch, char *ext_sect, LHASH *lconf, int verbose) + { + X509 *req=NULL; + X509_REQ *rreq=NULL; + BIO *in=NULL; + EVP_PKEY *pktmp=NULL; + int ok= -1,i; + + in=BIO_new(BIO_s_file()); + + if (BIO_read_filename(in,infile) <= 0) + { + perror(infile); + goto err; + } + if ((req=PEM_read_bio_X509(in,NULL,NULL,NULL)) == NULL) + { + BIO_printf(bio_err,"Error reading self signed certificate in %s\n",infile); + goto err; + } + if (verbose) + X509_print(bio_err,req); + + BIO_printf(bio_err,"Check that the request matches the signature\n"); + + if ((pktmp=X509_get_pubkey(req)) == NULL) + { + BIO_printf(bio_err,"error unpacking public key\n"); + goto err; + } + i=X509_verify(req,pktmp); + EVP_PKEY_free(pktmp); + if (i < 0) + { + ok=0; + BIO_printf(bio_err,"Signature verification problems....\n"); + goto err; + } + if (i == 0) + { + ok=0; + BIO_printf(bio_err,"Signature did not match the certificate\n"); + goto err; + } + else + BIO_printf(bio_err,"Signature ok\n"); + + if ((rreq=X509_to_X509_REQ(req,NULL,EVP_md5())) == NULL) + goto err; + + ok=do_body(xret,pkey,x509,dgst,policy,db,serial,startdate,enddate,days, + batch,verbose,rreq,ext_sect,lconf); + +err: + if (rreq != NULL) X509_REQ_free(rreq); + if (req != NULL) X509_free(req); + if (in != NULL) BIO_free(in); + return(ok); + } + +static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, + STACK_OF(CONF_VALUE) *policy, TXT_DB *db, BIGNUM *serial, + char *startdate, char *enddate, int days, int batch, int verbose, + X509_REQ *req, char *ext_sect, LHASH *lconf) + { + X509_NAME *name=NULL,*CAname=NULL,*subject=NULL; + ASN1_UTCTIME *tm,*tmptm; + ASN1_STRING *str,*str2; + ASN1_OBJECT *obj; + X509 *ret=NULL; + X509_CINF *ci; + X509_NAME_ENTRY *ne; + X509_NAME_ENTRY *tne,*push; + EVP_PKEY *pktmp; + int ok= -1,i,j,last,nid; + char *p; + CONF_VALUE *cv; + char *row[DB_NUMBER],**rrow,**irow=NULL; + char buf[25],*pbuf; + + tmptm=ASN1_UTCTIME_new(); + if (tmptm == NULL) + { + BIO_printf(bio_err,"malloc error\n"); + return(0); + } + + for (i=0; i0; j--) + *(pbuf++)=' '; + *(pbuf++)=':'; + *(pbuf++)='\0'; + BIO_puts(bio_err,buf); + + if (msie_hack) + { + /* assume all type should be strings */ + nid=OBJ_obj2nid(ne->object); + + if (str->type == V_ASN1_UNIVERSALSTRING) + ASN1_UNIVERSALSTRING_to_string(str); + + if ((str->type == V_ASN1_IA5STRING) && + (nid != NID_pkcs9_emailAddress)) + str->type=V_ASN1_T61STRING; + + if ((nid == NID_pkcs9_emailAddress) && + (str->type == V_ASN1_PRINTABLESTRING)) + str->type=V_ASN1_IA5STRING; + } + + if (str->type == V_ASN1_PRINTABLESTRING) + BIO_printf(bio_err,"PRINTABLE:'"); + else if (str->type == V_ASN1_T61STRING) + BIO_printf(bio_err,"T61STRING:'"); + else if (str->type == V_ASN1_IA5STRING) + BIO_printf(bio_err,"IA5STRING:'"); + else if (str->type == V_ASN1_UNIVERSALSTRING) + BIO_printf(bio_err,"UNIVERSALSTRING:'"); + else + BIO_printf(bio_err,"ASN.1 %2d:'",str->type); + + /* check some things */ + if ((OBJ_obj2nid(obj) == NID_pkcs9_emailAddress) && + (str->type != V_ASN1_IA5STRING)) + { + BIO_printf(bio_err,"\nemailAddress type needs to be of type IA5STRING\n"); + goto err; + } + j=ASN1_PRINTABLE_type(str->data,str->length); + if ( ((j == V_ASN1_T61STRING) && + (str->type != V_ASN1_T61STRING)) || + ((j == V_ASN1_IA5STRING) && + (str->type == V_ASN1_PRINTABLESTRING))) + { + BIO_printf(bio_err,"\nThe string contains characters that are illegal for the ASN.1 type\n"); + goto err; + } + + p=(char *)str->data; + for (j=str->length; j>0; j--) + { + if ((*p >= ' ') && (*p <= '~')) + BIO_printf(bio_err,"%c",*p); + else if (*p & 0x80) + BIO_printf(bio_err,"\\0x%02X",*p); + else if ((unsigned char)*p == 0xf7) + BIO_printf(bio_err,"^?"); + else BIO_printf(bio_err,"^%c",*p+'@'); + p++; + } + BIO_printf(bio_err,"'\n"); + } + + /* Ok, now we check the 'policy' stuff. */ + if ((subject=X509_NAME_new()) == NULL) + { + BIO_printf(bio_err,"Malloc failure\n"); + goto err; + } + + /* take a copy of the issuer name before we mess with it. */ + CAname=X509_NAME_dup(x509->cert_info->subject); + if (CAname == NULL) goto err; + str=str2=NULL; + + for (i=0; iname)) == NID_undef) + { + BIO_printf(bio_err,"%s:unknown object type in 'policy' configuration\n",cv->name); + goto err; + } + obj=OBJ_nid2obj(j); + + last= -1; + for (;;) + { + /* lookup the object in the supplied name list */ + j=X509_NAME_get_index_by_OBJ(name,obj,last); + if (j < 0) + { + if (last != -1) break; + tne=NULL; + } + else + { + tne=X509_NAME_get_entry(name,j); + } + last=j; + + /* depending on the 'policy', decide what to do. */ + push=NULL; + if (strcmp(cv->value,"optional") == 0) + { + if (tne != NULL) + push=tne; + } + else if (strcmp(cv->value,"supplied") == 0) + { + if (tne == NULL) + { + BIO_printf(bio_err,"The %s field needed to be supplied and was missing\n",cv->name); + goto err; + } + else + push=tne; + } + else if (strcmp(cv->value,"match") == 0) + { + int last2; + + if (tne == NULL) + { + BIO_printf(bio_err,"The mandatory %s field was missing\n",cv->name); + goto err; + } + + last2= -1; + +again2: + j=X509_NAME_get_index_by_OBJ(CAname,obj,last2); + if ((j < 0) && (last2 == -1)) + { + BIO_printf(bio_err,"The %s field does not exist in the CA certificate,\nthe 'policy' is misconfigured\n",cv->name); + goto err; + } + if (j >= 0) + { + push=X509_NAME_get_entry(CAname,j); + str=X509_NAME_ENTRY_get_data(tne); + str2=X509_NAME_ENTRY_get_data(push); + last2=j; + if (ASN1_STRING_cmp(str,str2) != 0) + goto again2; + } + if (j < 0) + { + BIO_printf(bio_err,"The %s field needed to be the same in the\nCA certificate (%s) and the request (%s)\n",cv->name,((str == NULL)?"NULL":(char *)str->data),((str2 == NULL)?"NULL":(char *)str2->data)); + goto err; + } + } + else + { + BIO_printf(bio_err,"%s:invalid type in 'policy' configuration\n",cv->value); + goto err; + } + + if (push != NULL) + { + if (!X509_NAME_add_entry(subject,push, + X509_NAME_entry_count(subject),0)) + { + if (push != NULL) + X509_NAME_ENTRY_free(push); + BIO_printf(bio_err,"Malloc failure\n"); + goto err; + } + } + if (j < 0) break; + } + } + + if (preserve) + { + X509_NAME_free(subject); + subject=X509_NAME_dup(X509_REQ_get_subject_name(req)); + if (subject == NULL) goto err; + } + + if (verbose) + BIO_printf(bio_err,"The subject name apears to be ok, checking data base for clashes\n"); + + row[DB_name]=X509_NAME_oneline(subject,NULL,0); + row[DB_serial]=BN_bn2hex(serial); + if ((row[DB_name] == NULL) || (row[DB_serial] == NULL)) + { + BIO_printf(bio_err,"Malloc failure\n"); + goto err; + } + + rrow=TXT_DB_get_by_index(db,DB_name,row); + if (rrow != NULL) + { + BIO_printf(bio_err,"ERROR:There is already a certificate for %s\n", + row[DB_name]); + } + else + { + rrow=TXT_DB_get_by_index(db,DB_serial,row); + if (rrow != NULL) + { + BIO_printf(bio_err,"ERROR:Serial number %s has already been issued,\n", + row[DB_serial]); + BIO_printf(bio_err," check the database/serial_file for corruption\n"); + } + } + + if (rrow != NULL) + { + BIO_printf(bio_err, + "The matching entry has the following details\n"); + if (rrow[DB_type][0] == 'E') + p="Expired"; + else if (rrow[DB_type][0] == 'R') + p="Revoked"; + else if (rrow[DB_type][0] == 'V') + p="Valid"; + else + p="\ninvalid type, Data base error\n"; + BIO_printf(bio_err,"Type :%s\n",p);; + if (rrow[DB_type][0] == 'R') + { + p=rrow[DB_exp_date]; if (p == NULL) p="undef"; + BIO_printf(bio_err,"Was revoked on:%s\n",p); + } + p=rrow[DB_exp_date]; if (p == NULL) p="undef"; + BIO_printf(bio_err,"Expires on :%s\n",p); + p=rrow[DB_serial]; if (p == NULL) p="undef"; + BIO_printf(bio_err,"Serial Number :%s\n",p); + p=rrow[DB_file]; if (p == NULL) p="undef"; + BIO_printf(bio_err,"File name :%s\n",p); + p=rrow[DB_name]; if (p == NULL) p="undef"; + BIO_printf(bio_err,"Subject Name :%s\n",p); + ok= -1; /* This is now a 'bad' error. */ + goto err; + } + + /* We are now totaly happy, lets make and sign the certificate */ + if (verbose) + BIO_printf(bio_err,"Everything appears to be ok, creating and signing the certificate\n"); + + if ((ret=X509_new()) == NULL) goto err; + ci=ret->cert_info; + +#ifdef X509_V3 + /* Make it an X509 v3 certificate. */ + if (!X509_set_version(x509,2)) goto err; +#endif + + if (BN_to_ASN1_INTEGER(serial,ci->serialNumber) == NULL) + goto err; + if (!X509_set_issuer_name(ret,X509_get_subject_name(x509))) + goto err; + + BIO_printf(bio_err,"Certificate is to be certified until "); + if (strcmp(startdate,"today") == 0) + X509_gmtime_adj(X509_get_notBefore(ret),0); + else ASN1_UTCTIME_set_string(X509_get_notBefore(ret),startdate); + + if (enddate == NULL) + X509_gmtime_adj(X509_get_notAfter(ret),(long)60*60*24*days); + else ASN1_UTCTIME_set_string(X509_get_notAfter(ret),enddate); + + ASN1_UTCTIME_print(bio_err,X509_get_notAfter(ret)); + if(days) BIO_printf(bio_err," (%d days)",days); + BIO_printf(bio_err, "\n"); + + if (!X509_set_subject_name(ret,subject)) goto err; + + pktmp=X509_REQ_get_pubkey(req); + i = X509_set_pubkey(ret,pktmp); + EVP_PKEY_free(pktmp); + if (!i) goto err; + + /* Lets add the extensions, if there are any */ + if (ext_sect) + { + X509V3_CTX ctx; + if (ci->version == NULL) + if ((ci->version=ASN1_INTEGER_new()) == NULL) + goto err; + ASN1_INTEGER_set(ci->version,2); /* version 3 certificate */ + + /* Free the current entries if any, there should not + * be any I belive */ + if (ci->extensions != NULL) + sk_X509_EXTENSION_pop_free(ci->extensions, + X509_EXTENSION_free); + + ci->extensions = NULL; + + X509V3_set_ctx(&ctx, x509, ret, req, NULL, 0); + X509V3_set_conf_lhash(&ctx, lconf); + + if(!X509V3_EXT_add_conf(lconf, &ctx, ext_sect, ret)) goto err; + + } + + + if (!batch) + { + BIO_printf(bio_err,"Sign the certificate? [y/n]:"); + (void)BIO_flush(bio_err); + buf[0]='\0'; + fgets(buf,sizeof(buf)-1,stdin); + if (!((buf[0] == 'y') || (buf[0] == 'Y'))) + { + BIO_printf(bio_err,"CERTIFICATE WILL NOT BE CERTIFIED\n"); + ok=0; + goto err; + } + } + + +#ifndef NO_DSA + if (pkey->type == EVP_PKEY_DSA) dgst=EVP_dss1(); + pktmp=X509_get_pubkey(ret); + if (EVP_PKEY_missing_parameters(pktmp) && + !EVP_PKEY_missing_parameters(pkey)) + EVP_PKEY_copy_parameters(pktmp,pkey); + EVP_PKEY_free(pktmp); +#endif + + if (!X509_sign(ret,pkey,dgst)) + goto err; + + /* We now just add it to the database */ + row[DB_type]=(char *)Malloc(2); + + tm=X509_get_notAfter(ret); + row[DB_exp_date]=(char *)Malloc(tm->length+1); + memcpy(row[DB_exp_date],tm->data,tm->length); + row[DB_exp_date][tm->length]='\0'; + + row[DB_rev_date]=NULL; + + /* row[DB_serial] done already */ + row[DB_file]=(char *)Malloc(8); + /* row[DB_name] done already */ + + if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) || + (row[DB_file] == NULL)) + { + BIO_printf(bio_err,"Malloc failure\n"); + goto err; + } + strcpy(row[DB_file],"unknown"); + row[DB_type][0]='V'; + row[DB_type][1]='\0'; + + if ((irow=(char **)Malloc(sizeof(char *)*(DB_NUMBER+1))) == NULL) + { + BIO_printf(bio_err,"Malloc failure\n"); + goto err; + } + + for (i=0; ierror); + goto err; + } + ok=1; +err: + for (i=0; icert_info->serialNumber); + BIO_puts(bp,"\n\n"); + X509_print(bp,x); + BIO_puts(bp,"\n"); + PEM_write_bio_X509(bp,x); + BIO_puts(bp,"\n"); + } + +static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, + const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db, + BIGNUM *serial, char *startdate, char *enddate, int days, + char *ext_sect, LHASH *lconf, int verbose) + { + STACK_OF(CONF_VALUE) *sk=NULL; + LHASH *parms=NULL; + X509_REQ *req=NULL; + CONF_VALUE *cv=NULL; + NETSCAPE_SPKI *spki = NULL; + unsigned char *spki_der = NULL,*p; + X509_REQ_INFO *ri; + char *type,*buf; + EVP_PKEY *pktmp=NULL; + X509_NAME *n=NULL; + X509_NAME_ENTRY *ne=NULL; + int ok= -1,i,j; + long errline; + int nid; + + /* + * Load input file into a hash table. (This is just an easy + * way to read and parse the file, then put it into a convenient + * STACK format). + */ + parms=CONF_load(NULL,infile,&errline); + if (parms == NULL) + { + BIO_printf(bio_err,"error on line %ld of %s\n",errline,infile); + ERR_print_errors(bio_err); + goto err; + } + + sk=CONF_get_section(parms, "default"); + if (sk_CONF_VALUE_num(sk) == 0) + { + BIO_printf(bio_err, "no name/value pairs found in %s\n", infile); + CONF_free(parms); + goto err; + } + + /* + * Now create a dummy X509 request structure. We don't actually + * have an X509 request, but we have many of the components + * (a public key, various DN components). The idea is that we + * put these components into the right X509 request structure + * and we can use the same code as if you had a real X509 request. + */ + req=X509_REQ_new(); + if (req == NULL) + { + ERR_print_errors(bio_err); + goto err; + } + + /* + * Build up the subject name set. + */ + ri=req->req_info; + n = ri->subject; + + for (i = 0; ; i++) + { + if (sk_CONF_VALUE_num(sk) <= i) break; + + cv=sk_CONF_VALUE_value(sk,i); + type=cv->name; + buf=cv->value; + + if ((nid=OBJ_txt2nid(type)) == NID_undef) + { + if (strcmp(type, "SPKAC") == 0) + { + spki_der=(unsigned char *)Malloc( + strlen(cv->value)+1); + if (spki_der == NULL) + { + BIO_printf(bio_err,"Malloc failure\n"); + goto err; + } + j = EVP_DecodeBlock(spki_der, (unsigned char *)cv->value, + strlen(cv->value)); + if (j <= 0) + { + BIO_printf(bio_err, "Can't b64 decode SPKAC structure\n"); + goto err; + } + + p=spki_der; + spki = d2i_NETSCAPE_SPKI(&spki, &p, j); + Free(spki_der); + spki_der = NULL; + if (spki == NULL) + { + BIO_printf(bio_err,"unable to load Netscape SPKAC structure\n"); + ERR_print_errors(bio_err); + goto err; + } + } + continue; + } + + j=ASN1_PRINTABLE_type((unsigned char *)buf,-1); + if (fix_data(nid, &j) == 0) + { + BIO_printf(bio_err, + "invalid characters in string %s\n",buf); + goto err; + } + + if ((ne=X509_NAME_ENTRY_create_by_NID(&ne,nid,j, + (unsigned char *)buf, + strlen(buf))) == NULL) + goto err; + + if (!X509_NAME_add_entry(n,ne,X509_NAME_entry_count(n),0)) + goto err; + } + if (spki == NULL) + { + BIO_printf(bio_err,"Netscape SPKAC structure not found in %s\n", + infile); + goto err; + } + + /* + * Now extract the key from the SPKI structure. + */ + + BIO_printf(bio_err,"Check that the SPKAC request matches the signature\n"); + + if ((pktmp=X509_PUBKEY_get(spki->spkac->pubkey)) == NULL) + { + BIO_printf(bio_err,"error unpacking SPKAC public key\n"); + goto err; + } + + j = NETSCAPE_SPKI_verify(spki, pktmp); + if (j <= 0) + { + BIO_printf(bio_err,"signature verification failed on SPKAC public key\n"); + goto err; + } + BIO_printf(bio_err,"Signature ok\n"); + + X509_REQ_set_pubkey(req,pktmp); + EVP_PKEY_free(pktmp); + ok=do_body(xret,pkey,x509,dgst,policy,db,serial,startdate,enddate, + days,1,verbose,req,ext_sect,lconf); +err: + if (req != NULL) X509_REQ_free(req); + if (parms != NULL) CONF_free(parms); + if (spki_der != NULL) Free(spki_der); + if (spki != NULL) NETSCAPE_SPKI_free(spki); + if (ne != NULL) X509_NAME_ENTRY_free(ne); + + return(ok); + } + +static int fix_data(int nid, int *type) + { + if (nid == NID_pkcs9_emailAddress) + *type=V_ASN1_IA5STRING; + if ((nid == NID_commonName) && (*type == V_ASN1_IA5STRING)) + *type=V_ASN1_T61STRING; + if ((nid == NID_pkcs9_challengePassword) && (*type == V_ASN1_IA5STRING)) + *type=V_ASN1_T61STRING; + if ((nid == NID_pkcs9_unstructuredName) && (*type == V_ASN1_T61STRING)) + return(0); + if (nid == NID_pkcs9_unstructuredName) + *type=V_ASN1_IA5STRING; + return(1); + } + +static int check_time_format(char *str) + { + ASN1_UTCTIME tm; + + tm.data=(unsigned char *)str; + tm.length=strlen(str); + tm.type=V_ASN1_UTCTIME; + return(ASN1_UTCTIME_check(&tm)); + } + +static int add_oid_section(LHASH *hconf) +{ + char *p; + STACK_OF(CONF_VALUE) *sktmp; + CONF_VALUE *cnf; + int i; + if(!(p=CONF_get_string(hconf,NULL,"oid_section"))) return 1; + if(!(sktmp = CONF_get_section(hconf, p))) { + BIO_printf(bio_err, "problem loading oid section %s\n", p); + return 0; + } + for(i = 0; i < sk_CONF_VALUE_num(sktmp); i++) { + cnf = sk_CONF_VALUE_value(sktmp, i); + if(OBJ_create(cnf->value, cnf->name, cnf->name) == NID_undef) { + BIO_printf(bio_err, "problem creating object %s=%s\n", + cnf->name, cnf->value); + return 0; + } + } + return 1; +} + +static int do_revoke(X509 *x509, TXT_DB *db) +{ + ASN1_UTCTIME *tm=NULL; + char *row[DB_NUMBER],**rrow,**irow; + int ok=-1,i; + + for (i=0; icert_info->subject,NULL,0); + row[DB_serial]=BN_bn2hex(ASN1_INTEGER_to_BN(x509->cert_info->serialNumber,NULL)); + if ((row[DB_name] == NULL) || (row[DB_serial] == NULL)) + { + BIO_printf(bio_err,"Malloc failure\n"); + goto err; + } + rrow=TXT_DB_get_by_index(db,DB_name,row); + if (rrow == NULL) + { + BIO_printf(bio_err,"Adding Entry to DB for %s\n", row[DB_name]); + + /* We now just add it to the database */ + row[DB_type]=(char *)Malloc(2); + + tm=X509_get_notAfter(x509); + row[DB_exp_date]=(char *)Malloc(tm->length+1); + memcpy(row[DB_exp_date],tm->data,tm->length); + row[DB_exp_date][tm->length]='\0'; + + row[DB_rev_date]=NULL; + + /* row[DB_serial] done already */ + row[DB_file]=(char *)Malloc(8); + + /* row[DB_name] done already */ + + if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) || + (row[DB_file] == NULL)) + { + BIO_printf(bio_err,"Malloc failure\n"); + goto err; + } + strcpy(row[DB_file],"unknown"); + row[DB_type][0]='V'; + row[DB_type][1]='\0'; + + if ((irow=(char **)Malloc(sizeof(char *)*(DB_NUMBER+1))) == NULL) + { + BIO_printf(bio_err,"Malloc failure\n"); + goto err; + } + + for (i=0; ierror); + goto err; + } + + /* Revoke Certificate */ + do_revoke(x509,db); + + ok=1; + goto err; + + } + else if (index_serial_cmp(row,rrow)) + { + BIO_printf(bio_err,"ERROR:no same serial number %s\n", + row[DB_serial]); + goto err; + } + else if (rrow[DB_type][0]=='R') + { + BIO_printf(bio_err,"ERROR:Already revoked, serial number %s\n", + row[DB_serial]); + goto err; + } + else + { + BIO_printf(bio_err,"Revoking Certificate %s.\n", rrow[DB_serial]); + tm=X509_gmtime_adj(tm,0); + rrow[DB_type][0]='R'; + rrow[DB_type][1]='\0'; + rrow[DB_rev_date]=(char *)Malloc(tm->length+1); + memcpy(rrow[DB_rev_date],tm->data,tm->length); + rrow[DB_rev_date][tm->length]='\0'; + } + ok=1; +err: + for (i=0; i +#include +#include +#ifdef NO_STDIO +#define APPS_WIN16 +#endif +#include "apps.h" +#include +#include + +#if defined(NO_RSA) && !defined(NO_SSL2) +#define NO_SSL2 +#endif + +#undef PROG +#define PROG ciphers_main + +static char *ciphers_usage[]={ +"usage: ciphers args\n", +" -v - verbose mode, a textual listing of the ciphers in SSLeay\n", +" -ssl2 - SSL2 mode\n", +" -ssl3 - SSL3 mode\n", +NULL +}; + +int MAIN(int argc, char **argv) + { + int ret=1,i; + int verbose=0; + char **pp; + const char *p; + int badops=0; + SSL_CTX *ctx=NULL; + SSL *ssl=NULL; + char *ciphers=NULL; + SSL_METHOD *meth=NULL; + STACK_OF(SSL_CIPHER) *sk; + char buf[512]; + BIO *STDout=NULL; + +#if !defined(NO_SSL2) && !defined(NO_SSL3) + meth=SSLv23_server_method(); +#elif !defined(NO_SSL3) + meth=SSLv3_server_method(); +#elif !defined(NO_SSL2) + meth=SSLv2_server_method(); +#endif + + apps_startup(); + + if (bio_err == NULL) + bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); + STDout=BIO_new_fp(stdout,BIO_NOCLOSE); + + argc--; + argv++; + while (argc >= 1) + { + if (strcmp(*argv,"-v") == 0) + verbose=1; +#ifndef NO_SSL2 + else if (strcmp(*argv,"-ssl2") == 0) + meth=SSLv2_client_method(); +#endif +#ifndef NO_SSL3 + else if (strcmp(*argv,"-ssl3") == 0) + meth=SSLv3_client_method(); +#endif + else if ((strncmp(*argv,"-h",2) == 0) || + (strcmp(*argv,"-?") == 0)) + { + badops=1; + break; + } + else + { + ciphers= *argv; + } + argc--; + argv++; + } + + if (badops) + { + for (pp=ciphers_usage; (*pp != NULL); pp++) + BIO_printf(bio_err,*pp); + goto end; + } + + SSLeay_add_ssl_algorithms(); + + ctx=SSL_CTX_new(meth); + if (ctx == NULL) goto err; + if (ciphers != NULL) + SSL_CTX_set_cipher_list(ctx,ciphers); + ssl=SSL_new(ctx); + if (ssl == NULL) goto err; + + + if (!verbose) + { + for (i=0; ; i++) + { + p=SSL_get_cipher_list(ssl,i); + if (p == NULL) break; + if (i != 0) BIO_printf(STDout,":"); + BIO_printf(STDout,"%s",p); + } + BIO_printf(STDout,"\n"); + } + else + { + sk=SSL_get_ciphers(ssl); + + for (i=0; i +#include +#include +#include "apps.h" +#include +#include +#include +#include +#include + +#undef PROG +#define PROG crl_main + +#undef POSTFIX +#define POSTFIX ".rvk" + +static char *crl_usage[]={ +"usage: crl args\n", +"\n", +" -inform arg - input format - default PEM (one of DER, TXT or PEM)\n", +" -outform arg - output format - default PEM\n", +" -text - print out a text format version\n", +" -in arg - input file - default stdin\n", +" -out arg - output file - default stdout\n", +" -hash - print hash value\n", +" -issuer - print issuer DN\n", +" -lastupdate - lastUpdate field\n", +" -nextupdate - nextUpdate field\n", +" -noout - no CRL output\n", +NULL +}; + +static X509_CRL *load_crl(char *file, int format); +static BIO *bio_out=NULL; + +int MAIN(int argc, char **argv) + { + X509_CRL *x=NULL; + int ret=1,i,num,badops=0; + BIO *out=NULL; + int informat,outformat; + char *infile=NULL,*outfile=NULL; + int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0,text=0; + char **pp,buf[256]; + + apps_startup(); + + if (bio_err == NULL) + if ((bio_err=BIO_new(BIO_s_file())) != NULL) + BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + + if (bio_out == NULL) + if ((bio_out=BIO_new(BIO_s_file())) != NULL) + BIO_set_fp(bio_out,stdout,BIO_NOCLOSE); + + informat=FORMAT_PEM; + outformat=FORMAT_PEM; + + argc--; + argv++; + num=0; + while (argc >= 1) + { +#ifdef undef + if (strcmp(*argv,"-p") == 0) + { + if (--argc < 1) goto bad; + if (!args_from_file(++argv,Nargc,Nargv)) { goto end; }*/ + } +#endif + if (strcmp(*argv,"-inform") == 0) + { + if (--argc < 1) goto bad; + informat=str2fmt(*(++argv)); + } + else if (strcmp(*argv,"-outform") == 0) + { + if (--argc < 1) goto bad; + outformat=str2fmt(*(++argv)); + } + else if (strcmp(*argv,"-in") == 0) + { + if (--argc < 1) goto bad; + infile= *(++argv); + } + else if (strcmp(*argv,"-out") == 0) + { + if (--argc < 1) goto bad; + outfile= *(++argv); + } + else if (strcmp(*argv,"-text") == 0) + text = 1; + else if (strcmp(*argv,"-hash") == 0) + hash= ++num; + else if (strcmp(*argv,"-issuer") == 0) + issuer= ++num; + else if (strcmp(*argv,"-lastupdate") == 0) + lastupdate= ++num; + else if (strcmp(*argv,"-nextupdate") == 0) + nextupdate= ++num; + else if (strcmp(*argv,"-noout") == 0) + noout= ++num; + else + { + BIO_printf(bio_err,"unknown option %s\n",*argv); + badops=1; + break; + } + argc--; + argv++; + } + + if (badops) + { +bad: + for (pp=crl_usage; (*pp != NULL); pp++) + BIO_printf(bio_err,*pp); + goto end; + } + + ERR_load_crypto_strings(); + X509V3_add_standard_extensions(); + x=load_crl(infile,informat); + if (x == NULL) { goto end; } + + if (num) + { + for (i=1; i<=num; i++) + { + if (issuer == i) + { + X509_NAME_oneline(x->crl->issuer,buf,256); + BIO_printf(bio_out,"issuer= %s\n",buf); + } + + if (hash == i) + { + BIO_printf(bio_out,"%08lx\n", + X509_NAME_hash(x->crl->issuer)); + } + if (lastupdate == i) + { + BIO_printf(bio_out,"lastUpdate="); + ASN1_TIME_print(bio_out,x->crl->lastUpdate); + BIO_printf(bio_out,"\n"); + } + if (nextupdate == i) + { + BIO_printf(bio_out,"nextUpdate="); + if (x->crl->nextUpdate != NULL) + ASN1_TIME_print(bio_out,x->crl->nextUpdate); + else + BIO_printf(bio_out,"NONE"); + BIO_printf(bio_out,"\n"); + } + } + } + + out=BIO_new(BIO_s_file()); + if (out == NULL) + { + ERR_print_errors(bio_err); + goto end; + } + + if (outfile == NULL) + BIO_set_fp(out,stdout,BIO_NOCLOSE); + else + { + if (BIO_write_filename(out,outfile) <= 0) + { + perror(outfile); + goto end; + } + } + + if (text) X509_CRL_print(out, x); + + if (noout) goto end; + + if (outformat == FORMAT_ASN1) + i=(int)i2d_X509_CRL_bio(out,x); + else if (outformat == FORMAT_PEM) + i=PEM_write_bio_X509_CRL(out,x); + else + { + BIO_printf(bio_err,"bad output format specified for outfile\n"); + goto end; + } + if (!i) { BIO_printf(bio_err,"unable to write CRL\n"); goto end; } + ret=0; +end: + BIO_free(out); + BIO_free(bio_out); + X509_CRL_free(x); + X509V3_EXT_cleanup(); + EXIT(ret); + } + +static X509_CRL *load_crl(char *infile, int format) + { + X509_CRL *x=NULL; + BIO *in=NULL; + + in=BIO_new(BIO_s_file()); + if (in == NULL) + { + ERR_print_errors(bio_err); + goto end; + } + + if (infile == NULL) + BIO_set_fp(in,stdin,BIO_NOCLOSE); + else + { + if (BIO_read_filename(in,infile) <= 0) + { + perror(infile); + goto end; + } + } + if (format == FORMAT_ASN1) + x=d2i_X509_CRL_bio(in,NULL); + else if (format == FORMAT_PEM) + x=PEM_read_bio_X509_CRL(in,NULL,NULL,NULL); + else { + BIO_printf(bio_err,"bad input format specified for input crl\n"); + goto end; + } + if (x == NULL) + { + BIO_printf(bio_err,"unable to load CRL\n"); + ERR_print_errors(bio_err); + goto end; + } + +end: + BIO_free(in); + return(x); + } + diff --git a/crypto/openssl/apps/crl2p7.c b/crypto/openssl/apps/crl2p7.c new file mode 100644 index 000000000000..8634e3a1ec07 --- /dev/null +++ b/crypto/openssl/apps/crl2p7.c @@ -0,0 +1,333 @@ +/* apps/crl2p7.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +/* This was written by Gordon Chaffee + * and donated 'to the cause' along with lots and lots of other fixes to + * the library. */ + +#include +#include +#include +#include +#include "apps.h" +#include +#include +#include +#include +#include +#include + +static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile); +#undef PROG +#define PROG crl2pkcs7_main + +/* -inform arg - input format - default PEM (one of DER, TXT or PEM) + * -outform arg - output format - default PEM + * -in arg - input file - default stdin + * -out arg - output file - default stdout + */ + +int MAIN(int argc, char **argv) + { + int i,badops=0; + BIO *in=NULL,*out=NULL; + int informat,outformat; + char *infile,*outfile,*prog,*certfile; + PKCS7 *p7 = NULL; + PKCS7_SIGNED *p7s = NULL; + X509_CRL *crl=NULL; + STACK *certflst=NULL; + STACK_OF(X509_CRL) *crl_stack=NULL; + STACK_OF(X509) *cert_stack=NULL; + int ret=1,nocrl=0; + + apps_startup(); + + if (bio_err == NULL) + if ((bio_err=BIO_new(BIO_s_file())) != NULL) + BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + + infile=NULL; + outfile=NULL; + informat=FORMAT_PEM; + outformat=FORMAT_PEM; + + prog=argv[0]; + argc--; + argv++; + while (argc >= 1) + { + if (strcmp(*argv,"-inform") == 0) + { + if (--argc < 1) goto bad; + informat=str2fmt(*(++argv)); + } + else if (strcmp(*argv,"-outform") == 0) + { + if (--argc < 1) goto bad; + outformat=str2fmt(*(++argv)); + } + else if (strcmp(*argv,"-in") == 0) + { + if (--argc < 1) goto bad; + infile= *(++argv); + } + else if (strcmp(*argv,"-nocrl") == 0) + { + nocrl=1; + } + else if (strcmp(*argv,"-out") == 0) + { + if (--argc < 1) goto bad; + outfile= *(++argv); + } + else if (strcmp(*argv,"-certfile") == 0) + { + if (--argc < 1) goto bad; + if(!certflst) certflst = sk_new(NULL); + sk_push(certflst,*(++argv)); + } + else + { + BIO_printf(bio_err,"unknown option %s\n",*argv); + badops=1; + break; + } + argc--; + argv++; + } + + if (badops) + { +bad: + BIO_printf(bio_err,"%s [options] outfile\n",prog); + BIO_printf(bio_err,"where options are\n"); + BIO_printf(bio_err," -inform arg input format - one of DER TXT PEM\n"); + BIO_printf(bio_err," -outform arg output format - one of DER TXT PEM\n"); + BIO_printf(bio_err," -in arg input file\n"); + BIO_printf(bio_err," -out arg output file\n"); + BIO_printf(bio_err," -certfile arg certificates file of chain to a trusted CA\n"); + BIO_printf(bio_err," (can be used more than once)\n"); + BIO_printf(bio_err," -nocrl no crl to load, just certs from '-certfile'\n"); + EXIT(1); + } + + ERR_load_crypto_strings(); + + in=BIO_new(BIO_s_file()); + out=BIO_new(BIO_s_file()); + if ((in == NULL) || (out == NULL)) + { + ERR_print_errors(bio_err); + goto end; + } + + if (!nocrl) + { + if (infile == NULL) + BIO_set_fp(in,stdin,BIO_NOCLOSE); + else + { + if (BIO_read_filename(in,infile) <= 0) + { + perror(infile); + goto end; + } + } + + if (informat == FORMAT_ASN1) + crl=d2i_X509_CRL_bio(in,NULL); + else if (informat == FORMAT_PEM) + crl=PEM_read_bio_X509_CRL(in,NULL,NULL,NULL); + else { + BIO_printf(bio_err,"bad input format specified for input crl\n"); + goto end; + } + if (crl == NULL) + { + BIO_printf(bio_err,"unable to load CRL\n"); + ERR_print_errors(bio_err); + goto end; + } + } + + if ((p7=PKCS7_new()) == NULL) goto end; + if ((p7s=PKCS7_SIGNED_new()) == NULL) goto end; + p7->type=OBJ_nid2obj(NID_pkcs7_signed); + p7->d.sign=p7s; + p7s->contents->type=OBJ_nid2obj(NID_pkcs7_data); + + if (!ASN1_INTEGER_set(p7s->version,1)) goto end; + if ((crl_stack=sk_X509_CRL_new(NULL)) == NULL) goto end; + p7s->crl=crl_stack; + if (crl != NULL) + { + sk_X509_CRL_push(crl_stack,crl); + crl=NULL; /* now part of p7 for Freeing */ + } + + if ((cert_stack=sk_X509_new(NULL)) == NULL) goto end; + p7s->cert=cert_stack; + + if(certflst) for(i = 0; i < sk_num(certflst); i++) { + certfile = sk_value(certflst, i); + if (add_certs_from_file(cert_stack,certfile) < 0) + { + BIO_printf(bio_err, "error loading certificates\n"); + ERR_print_errors(bio_err); + goto end; + } + } + + sk_free(certflst); + + if (outfile == NULL) + BIO_set_fp(out,stdout,BIO_NOCLOSE); + else + { + if (BIO_write_filename(out,outfile) <= 0) + { + perror(outfile); + goto end; + } + } + + if (outformat == FORMAT_ASN1) + i=i2d_PKCS7_bio(out,p7); + else if (outformat == FORMAT_PEM) + i=PEM_write_bio_PKCS7(out,p7); + else { + BIO_printf(bio_err,"bad output format specified for outfile\n"); + goto end; + } + if (!i) + { + BIO_printf(bio_err,"unable to write pkcs7 object\n"); + ERR_print_errors(bio_err); + goto end; + } + ret=0; +end: + if (in != NULL) BIO_free(in); + if (out != NULL) BIO_free(out); + if (p7 != NULL) PKCS7_free(p7); + if (crl != NULL) X509_CRL_free(crl); + + EXIT(ret); + } + +/* + *---------------------------------------------------------------------- + * int add_certs_from_file + * + * Read a list of certificates to be checked from a file. + * + * Results: + * number of certs added if successful, -1 if not. + *---------------------------------------------------------------------- + */ +static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile) + { + struct stat st; + BIO *in=NULL; + int count=0; + int ret= -1; + STACK_OF(X509_INFO) *sk=NULL; + X509_INFO *xi; + + if ((stat(certfile,&st) != 0)) + { + BIO_printf(bio_err,"unable to load the file, %s\n",certfile); + goto end; + } + + in=BIO_new(BIO_s_file()); + if ((in == NULL) || (BIO_read_filename(in,certfile) <= 0)) + { + BIO_printf(bio_err,"error opening the file, %s\n",certfile); + goto end; + } + + /* This loads from a file, a stack of x509/crl/pkey sets */ + sk=PEM_X509_INFO_read_bio(in,NULL,NULL,NULL); + if (sk == NULL) { + BIO_printf(bio_err,"error reading the file, %s\n",certfile); + goto end; + } + + /* scan over it and pull out the CRL's */ + while (sk_X509_INFO_num(sk)) + { + xi=sk_X509_INFO_shift(sk); + if (xi->x509 != NULL) + { + sk_X509_push(stack,xi->x509); + xi->x509=NULL; + count++; + } + X509_INFO_free(xi); + } + + ret=count; +end: + /* never need to Free x */ + if (in != NULL) BIO_free(in); + if (sk != NULL) sk_X509_INFO_free(sk); + return(ret); + } + diff --git a/crypto/openssl/apps/demoCA/cacert.pem b/crypto/openssl/apps/demoCA/cacert.pem new file mode 100644 index 000000000000..affbce3bc948 --- /dev/null +++ b/crypto/openssl/apps/demoCA/cacert.pem @@ -0,0 +1,14 @@ +subject=/C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server +issuer= /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA +-----BEGIN X509 CERTIFICATE----- + +MIIBgjCCASwCAQQwDQYJKoZIhvcNAQEEBQAwODELMAkGA1UEBhMCQVUxDDAKBgNV +BAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3JzYSB0ZXN0IENBMB4XDTk1MTAwOTIz +MzIwNVoXDTk4MDcwNTIzMzIwNVowYDELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FM +RDEZMBcGA1UEChMQTWluY29tIFB0eS4gTHRkLjELMAkGA1UECxMCQ1MxGzAZBgNV +BAMTElNTTGVheSBkZW1vIHNlcnZlcjBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQC3 +LCXcScWua0PFLkHBLm2VejqpA1F4RQ8q0VjRiPafjx/Z/aWH3ipdMVvuJGa/wFXb +/nDFLDlfWp+oCPwhBtVPAgMBAAEwDQYJKoZIhvcNAQEEBQADQQArNFsihWIjBzb0 +DCsU0BvL2bvSwJrPEqFlkDq3F4M6EGutL9axEcANWgbbEdAvNJD1dmEmoWny27Pn +IMs6ZOZB +-----END X509 CERTIFICATE----- diff --git a/crypto/openssl/apps/demoCA/index.txt b/crypto/openssl/apps/demoCA/index.txt new file mode 100644 index 000000000000..2cdd252d67ca --- /dev/null +++ b/crypto/openssl/apps/demoCA/index.txt @@ -0,0 +1,39 @@ +R 980705233205Z 951009233205Z 01 certs/00000001 /CN=Eric Young +E 951009233205Z 02 certs/00000002 /CN=Duncan Young +R 980705233205Z 951201010000Z 03 certs/00000003 /CN=Tim Hudson +V 980705233205Z 04 certs/00000004 /CN=Eric Young4 +V 980705233205Z 05 certs/00000004 /CN=Eric Young5 +V 980705233205Z 06 certs/00000004 /CN=Eric Young6 +V 980705233205Z 07 certs/00000004 /CN=Eric Young7 +V 980705233205Z 08 certs/00000004 /CN=Eric Young8 +V 980705233205Z 09 certs/00000004 /CN=Eric Young9 +V 980705233205Z 0A certs/00000004 /CN=Eric YoungA +V 980705233205Z 0B certs/00000004 /CN=Eric YoungB +V 980705233205Z 0C certs/00000004 /CN=Eric YoungC +V 980705233205Z 0D certs/00000004 /CN=Eric YoungD +V 980705233205Z 0E certs/00000004 /CN=Eric YoungE +V 980705233205Z 0F certs/00000004 /CN=Eric YoungF +V 980705233205Z 10 certs/00000004 /CN=Eric Young10 +V 980705233205Z 11 certs/00000004 /CN=Eric Young11 +V 980705233205Z 12 certs/00000004 /CN=Eric Young12 +V 980705233205Z 13 certs/00000004 /CN=Eric Young13 +V 980705233205Z 14 certs/00000004 /CN=Eric Young14 +V 980705233205Z 15 certs/00000004 /CN=Eric Young15 +V 980705233205Z 16 certs/00000004 /CN=Eric Young16 +V 980705233205Z 17 certs/00000004 /CN=Eric Young17 +V 961206150305Z 010C unknown /C=AU/SP=QLD/O=Mincom Pty. Ltd./OU=MTR/CN=Eric Young/Email=eay@mincom.oz.au +V 961206153245Z 010D unknown /C=AU/SP=Queensland/O=Mincom Pty Ltd/OU=MTR/CN=Eric Young/Email=eay@mincom.oz.au +V 970322074816Z 010E unknown /CN=Eric Young/Email=eay@mincom.oz.au +V 970322075152Z 010F unknown /CN=Eric Young +V 970322075906Z 0110 unknown /CN=Eric Youngg +V 970324092238Z 0111 unknown /C=AU/SP=Queensland/CN=Eric Young +V 970324221931Z 0112 unknown /CN=Fred +V 970324224934Z 0113 unknown /C=AU/CN=eay +V 971001005237Z 0114 unknown /C=AU/SP=QLD/O=Mincom Pty Ltd/OU=MTR/CN=x509v3 test +V 971001010331Z 0115 unknown /C=AU/SP=Queensland/O=Mincom Pty Ltd/OU=MTR/CN=test again - x509v3 +V 971001013945Z 0117 unknown /C=AU/SP=Queensland/O=Mincom Pty Ltd/OU=MTR/CN=x509v3 test +V 971014225415Z 0118 unknown /C=AU/SP=Queensland/CN=test +V 971015004448Z 0119 unknown /C=AU/SP=Queensland/O=Mincom Pty Ltd/OU=MTR/CN=test2 +V 971016035001Z 011A unknown /C=AU/SP=Queensland/O=Mincom Pty Ltd/OU=MTR/CN=test64 +V 971016080129Z 011B unknown /C=FR/O=ALCATEL/OU=Alcatel Mobile Phones/CN=bourque/Email=bourque@art.alcatel.fr +V 971016224000Z 011D unknown /L=Bedford/O=Cranfield University/OU=Computer Centre/CN=Peter R Lister/Email=P.Lister@cranfield.ac.uk diff --git a/crypto/openssl/apps/demoCA/private/cakey.pem b/crypto/openssl/apps/demoCA/private/cakey.pem new file mode 100644 index 000000000000..48fb18c7d807 --- /dev/null +++ b/crypto/openssl/apps/demoCA/private/cakey.pem @@ -0,0 +1,24 @@ +issuer= /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA +subject=/C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server +-----BEGIN X509 CERTIFICATE----- + +MIIBgjCCASwCAQQwDQYJKoZIhvcNAQEEBQAwODELMAkGA1UEBhMCQVUxDDAKBgNV +BAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3JzYSB0ZXN0IENBMB4XDTk1MTAwOTIz +MzIwNVoXDTk4MDcwNTIzMzIwNVowYDELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FM +RDEZMBcGA1UEChMQTWluY29tIFB0eS4gTHRkLjELMAkGA1UECxMCQ1MxGzAZBgNV +BAMTElNTTGVheSBkZW1vIHNlcnZlcjBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQC3 +LCXcScWua0PFLkHBLm2VejqpA1F4RQ8q0VjRiPafjx/Z/aWH3ipdMVvuJGa/wFXb +/nDFLDlfWp+oCPwhBtVPAgMBAAEwDQYJKoZIhvcNAQEEBQADQQArNFsihWIjBzb0 +DCsU0BvL2bvSwJrPEqFlkDq3F4M6EGutL9axEcANWgbbEdAvNJD1dmEmoWny27Pn +IMs6ZOZB +-----END X509 CERTIFICATE----- +-----BEGIN RSA PRIVATE KEY----- + +MIIBPAIBAAJBALcsJdxJxa5rQ8UuQcEubZV6OqkDUXhFDyrRWNGI9p+PH9n9pYfe +Kl0xW+4kZr/AVdv+cMUsOV9an6gI/CEG1U8CAwEAAQJAXJMBZ34ZXHd1vtgL/3hZ +hexKbVTx/djZO4imXO/dxPGRzG2ylYZpHmG32/T1kaHpZlCHoEPgHoSzmxYXfxjG +sQIhAPmZ/bQOjmRUHM/VM2X5zrjjM6z18R1P6l3ObFwt9FGdAiEAu943Yh9SqMRw +tL0xHGxKmM/YJueUw1gB6sLkETN71NsCIQCeT3RhoqXfrpXDoEcEU+gwzjI1bpxq +agiNTOLfqGoA5QIhAIQFYjgzONxex7FLrsKBm16N2SFl5pXsN9SpRqqL2n63AiEA +g9VNIQ3xwpw7og3IbONifeku+J9qGMGQJMKwSTwrFtI= +-----END RSA PRIVATE KEY----- diff --git a/crypto/openssl/apps/demoCA/serial b/crypto/openssl/apps/demoCA/serial new file mode 100644 index 000000000000..69fa0ffe28e7 --- /dev/null +++ b/crypto/openssl/apps/demoCA/serial @@ -0,0 +1 @@ +011E diff --git a/crypto/openssl/apps/der_chop b/crypto/openssl/apps/der_chop new file mode 100644 index 000000000000..fbd2889842e2 --- /dev/null +++ b/crypto/openssl/apps/der_chop @@ -0,0 +1,305 @@ +#!/usr/local/bin/perl5 +# +# der_chop ... this is one total hack that Eric is really not proud of +# so don't look at it and don't ask for support +# +# The "documentation" for this (i.e. all the comments) are my fault --tjh +# +# This program takes the "raw" output of derparse/asn1parse and +# converts it into tokens and then runs regular expression matches +# to try to figure out what to grab to get the things that are needed +# and it is possible that this will do the wrong thing as it is a *hack* +# +# SSLeay 0.5.2+ should have direct read support for x509 (via -inform NET) +# [I know ... promises promises :-)] +# +# To convert a Netscape Certificate: +# der_chop < ServerCert.der > cert.pem +# To convert a Netscape Key (and encrypt it again to protect it) +# rsa -inform NET -in ServerKey.der -des > key.pem +# +# 23-Apr-96 eay Added the extra ASN.1 string types, I still think this +# is an evil hack. If nothing else the parsing should +# be relative, not absolute. +# 19-Apr-96 tjh hacked (with eay) into 0.5.x format +# +# Tim Hudson +# tjh@cryptsoft.com +# + + +require 'getopts.pl'; + +$debug=0; + +# this was the 0.4.x way of doing things ... +$cmd="derparse"; +$x509_cmd="x509"; +$crl_cmd="crl"; +$rc4_cmd="rc4"; +$md2_cmd="md2"; +$md4_cmd="md4"; +$rsa_cmd="rsa -des -inform der "; + +# this was the 0.5.x way of doing things ... +$cmd="openssl asn1parse"; +$x509_cmd="openssl x509"; +$crl_cmd="openssl crl"; +$rc4_cmd="openssl rc4"; +$md2_cmd="openssl md2"; +$md4_cmd="openssl md4"; +$rsa_cmd="openssl rsa -des -inform der "; + +&Getopts('vd:') || die "usage:$0 [-v] [-d num] file"; +$depth=($opt_d =~ /^\d+$/)?$opt_d:0; + +&init_der(); + +if ($#ARGV != -1) + { + foreach $file (@ARGV) + { + print STDERR "doing $file\n"; + &dofile($file); + } + } +else + { + $file="/tmp/a$$.DER"; + open(OUT,">$file") || die "unable to open $file:$!\n"; + for (;;) + { + $i=sysread(STDIN,$b,1024*10); + last if ($i <= 0); + $i=syswrite(OUT,$b,$i); + } + &dofile($file); + unlink($file); + } + +sub dofile + { + local($file)=@_; + local(@p); + + $b=&load_file($file); + @p=&load_file_parse($file); + + foreach $_ (@p) + { + ($off,$d,$hl,$len)=&parse_line($_); + $d-=$depth; + next if ($d != 0); + next if ($len == 0); + + $o=substr($b,$off,$len+$hl); + ($str,@data)=&der_str($o); + print "$str\n" if ($opt_v); + if ($str =~ /^$crl/) + { + open(OUT,"|$crl_cmd -inform d -hash -issuer") || + die "unable to run $crl_cmd:$!\n"; + print OUT $o; + close(OUT); + } + elsif ($str =~ /^$x509/) + { + open(OUT,"|$x509_cmd -inform d -hash -subject -issuer") + || die "unable to run $x509_cmd:$!\n"; + print OUT $o; + close(OUT); + } + elsif ($str =~ /^$rsa/) + { + ($type)=($data[3] =~ /OBJECT_IDENTIFIER :(.*)\s*$/); + next unless ($type eq "rsaEncryption"); + ($off,$d,$hl,$len)=&parse_line($data[5]); + $os=substr($o,$off+$hl,$len); + open(OUT,"|$rsa_cmd") + || die "unable to run $rsa_cmd:$!\n"; + print OUT $os; + close(OUT); + } + elsif ($str =~ /^0G-1D-1G/) + { + ($off,$d,$hl,$len)=&parse_line($data[1]); + $os=substr($o,$off+$hl,$len); + print STDERR "<$os>\n" if $opt_v; + &do_certificate($o,@data) + if (($os eq "certificate") && + ($str =! /^0G-1D-1G-2G-3F-3E-2D/)); + &do_private_key($o,@data) + if (($os eq "private-key") && + ($str =! /^0G-1D-1G-2G-3F-3E-2D/)); + } + } + } + +sub der_str + { + local($str)=@_; + local(*OUT,*IN,@a,$t,$d,$ret); + local($file)="/tmp/b$$.DER"; + local(@ret); + + open(OUT,">$file"); + print OUT $str; + close(OUT); + open(IN,"$cmd -inform 'd' -in $file |") || + die "unable to run $cmd:$!\n"; + $ret=""; + while () + { + chop; + push(@ret,$_); + + print STDERR "$_\n" if ($debug); + + @a=split(/\s*:\s*/); + ($d)=($a[1] =~ /d=\s*(\d+)/); + $a[2] =~ s/\s+$//; + $t=$DER_s2i{$a[2]}; + $ret.="$d$t-"; + } + close(IN); + unlink($file); + chop $ret; + $ret =~ s/(-3H(-4G-5F-5[IJKMQRS])+)+/-NAME/g; + $ret =~ s/(-3G-4B-4L)+/-RCERT/g; + return($ret,@ret); + } + +sub init_der + { + $crl= "0G-1G-2G-3F-3E-2G-NAME-2L-2L-2G-RCERT-1G-2F-2E-1C"; + $x509="0G-1G-2B-2G-3F-3E-2G-NAME-2G-3L-3L-2G-NAME-2G-3G-4F-4E-3C-1G-2F-2E-1C"; + $rsa= "0G-1B-1G-2F-2E-1D"; + + %DER_i2s=( + # SSLeay 0.4.x has this list + "A","EOC", + "B","INTEGER", + "C","BIT STRING", + "D","OCTET STRING", + "E","NULL", + "F","OBJECT", + "G","SEQUENCE", + "H","SET", + "I","PRINTABLESTRING", + "J","T61STRING", + "K","IA5STRING", + "L","UTCTIME", + "M","NUMERICSTRING", + "N","VIDEOTEXSTRING", + "O","GENERALIZEDTIME", + "P","GRAPHICSTRING", + "Q","ISO64STRING", + "R","GENERALSTRING", + "S","UNIVERSALSTRING", + + # SSLeay 0.5.x changed some things ... and I'm + # leaving in the old stuff but adding in these + # to handle the new as well --tjh + # - Well I've just taken them out and added the extra new + # ones :-) - eay + ); + + foreach (keys %DER_i2s) + { $DER_s2i{$DER_i2s{$_}}=$_; } + } + +sub parse_line + { + local($_)=@_; + + return(/\s*(\d+):d=\s*(\d+)\s+hl=\s*(\d+)\s+l=\s*(\d+|inf)\s/); + } + +# 0:d=0 hl=4 l=377 cons: univ: SEQUENCE +# 4:d=1 hl=2 l= 11 prim: univ: OCTET_STRING +# 17:d=1 hl=4 l=360 cons: univ: SEQUENCE +# 21:d=2 hl=2 l= 12 cons: univ: SEQUENCE +# 23:d=3 hl=2 l= 8 prim: univ: OBJECT_IDENTIFIER :rc4 +# 33:d=3 hl=2 l= 0 prim: univ: NULL +# 35:d=2 hl=4 l=342 prim: univ: OCTET_STRING +sub do_private_key + { + local($data,@struct)=@_; + local($file)="/tmp/b$$.DER"; + local($off,$d,$hl,$len,$_,$b,@p,$s); + + ($type)=($struct[4] =~ /OBJECT_IDENTIFIER :(.*)\s*$/); + if ($type eq "rc4") + { + ($off,$d,$hl,$len)=&parse_line($struct[6]); + open(OUT,"|$rc4_cmd >$file") || + die "unable to run $rc4_cmd:$!\n"; + print OUT substr($data,$off+$hl,$len); + close(OUT); + + $b=&load_file($file); + unlink($file); + + ($s,@p)=&der_str($b); + die "unknown rsa key type\n$s\n" + if ($s ne '0G-1B-1G-2F-2E-1D'); + local($off,$d,$hl,$len)=&parse_line($p[5]); + $b=substr($b,$off+$hl,$len); + ($s,@p)=&der_str($b); + open(OUT,"|$rsa_cmd") || die "unable to run $rsa_cmd:$!\n"; + print OUT $b; + close(OUT); + } + else + { + print "'$type' is unknown\n"; + exit(1); + } + } + +sub do_certificate + { + local($data,@struct)=@_; + local($file)="/tmp/b$$.DER"; + local($off,$d,$hl,$len,$_,$b,@p,$s); + + ($off,$d,$hl,$len)=&parse_line($struct[2]); + $b=substr($data,$off,$len+$hl); + + open(OUT,"|$x509_cmd -inform d") || die "unable to run $x509_cmd:$!\n"; + print OUT $b; + close(OUT); + } + +sub load_file + { + local($file)=@_; + local(*IN,$r,$b,$i); + + $r=""; + open(IN,"<$file") || die "unable to open $file:$!\n"; + for (;;) + { + $i=sysread(IN,$b,10240); + last if ($i <= 0); + $r.=$b; + } + close(IN); + return($r); + } + +sub load_file_parse + { + local($file)=@_; + local(*IN,$r,@ret,$_,$i,$n,$b); + + open(IN,"$cmd -inform d -in $file|") + || die "unable to run der_parse\n"; + while () + { + chop; + push(@ret,$_); + } + return($r,@ret); + } + diff --git a/crypto/openssl/apps/der_chop.in b/crypto/openssl/apps/der_chop.in new file mode 100644 index 000000000000..9070b032fc38 --- /dev/null +++ b/crypto/openssl/apps/der_chop.in @@ -0,0 +1,305 @@ +#!/usr/local/bin/perl +# +# der_chop ... this is one total hack that Eric is really not proud of +# so don't look at it and don't ask for support +# +# The "documentation" for this (i.e. all the comments) are my fault --tjh +# +# This program takes the "raw" output of derparse/asn1parse and +# converts it into tokens and then runs regular expression matches +# to try to figure out what to grab to get the things that are needed +# and it is possible that this will do the wrong thing as it is a *hack* +# +# SSLeay 0.5.2+ should have direct read support for x509 (via -inform NET) +# [I know ... promises promises :-)] +# +# To convert a Netscape Certificate: +# der_chop < ServerCert.der > cert.pem +# To convert a Netscape Key (and encrypt it again to protect it) +# rsa -inform NET -in ServerKey.der -des > key.pem +# +# 23-Apr-96 eay Added the extra ASN.1 string types, I still think this +# is an evil hack. If nothing else the parsing should +# be relative, not absolute. +# 19-Apr-96 tjh hacked (with eay) into 0.5.x format +# +# Tim Hudson +# tjh@cryptsoft.com +# + + +require 'getopts.pl'; + +$debug=0; + +# this was the 0.4.x way of doing things ... +$cmd="derparse"; +$x509_cmd="x509"; +$crl_cmd="crl"; +$rc4_cmd="rc4"; +$md2_cmd="md2"; +$md4_cmd="md4"; +$rsa_cmd="rsa -des -inform der "; + +# this was the 0.5.x way of doing things ... +$cmd="openssl asn1parse"; +$x509_cmd="openssl x509"; +$crl_cmd="openssl crl"; +$rc4_cmd="openssl rc4"; +$md2_cmd="openssl md2"; +$md4_cmd="openssl md4"; +$rsa_cmd="openssl rsa -des -inform der "; + +&Getopts('vd:') || die "usage:$0 [-v] [-d num] file"; +$depth=($opt_d =~ /^\d+$/)?$opt_d:0; + +&init_der(); + +if ($#ARGV != -1) + { + foreach $file (@ARGV) + { + print STDERR "doing $file\n"; + &dofile($file); + } + } +else + { + $file="/tmp/a$$.DER"; + open(OUT,">$file") || die "unable to open $file:$!\n"; + for (;;) + { + $i=sysread(STDIN,$b,1024*10); + last if ($i <= 0); + $i=syswrite(OUT,$b,$i); + } + &dofile($file); + unlink($file); + } + +sub dofile + { + local($file)=@_; + local(@p); + + $b=&load_file($file); + @p=&load_file_parse($file); + + foreach $_ (@p) + { + ($off,$d,$hl,$len)=&parse_line($_); + $d-=$depth; + next if ($d != 0); + next if ($len == 0); + + $o=substr($b,$off,$len+$hl); + ($str,@data)=&der_str($o); + print "$str\n" if ($opt_v); + if ($str =~ /^$crl/) + { + open(OUT,"|$crl_cmd -inform d -hash -issuer") || + die "unable to run $crl_cmd:$!\n"; + print OUT $o; + close(OUT); + } + elsif ($str =~ /^$x509/) + { + open(OUT,"|$x509_cmd -inform d -hash -subject -issuer") + || die "unable to run $x509_cmd:$!\n"; + print OUT $o; + close(OUT); + } + elsif ($str =~ /^$rsa/) + { + ($type)=($data[3] =~ /OBJECT_IDENTIFIER :(.*)\s*$/); + next unless ($type eq "rsaEncryption"); + ($off,$d,$hl,$len)=&parse_line($data[5]); + $os=substr($o,$off+$hl,$len); + open(OUT,"|$rsa_cmd") + || die "unable to run $rsa_cmd:$!\n"; + print OUT $os; + close(OUT); + } + elsif ($str =~ /^0G-1D-1G/) + { + ($off,$d,$hl,$len)=&parse_line($data[1]); + $os=substr($o,$off+$hl,$len); + print STDERR "<$os>\n" if $opt_v; + &do_certificate($o,@data) + if (($os eq "certificate") && + ($str =! /^0G-1D-1G-2G-3F-3E-2D/)); + &do_private_key($o,@data) + if (($os eq "private-key") && + ($str =! /^0G-1D-1G-2G-3F-3E-2D/)); + } + } + } + +sub der_str + { + local($str)=@_; + local(*OUT,*IN,@a,$t,$d,$ret); + local($file)="/tmp/b$$.DER"; + local(@ret); + + open(OUT,">$file"); + print OUT $str; + close(OUT); + open(IN,"$cmd -inform 'd' -in $file |") || + die "unable to run $cmd:$!\n"; + $ret=""; + while () + { + chop; + push(@ret,$_); + + print STDERR "$_\n" if ($debug); + + @a=split(/\s*:\s*/); + ($d)=($a[1] =~ /d=\s*(\d+)/); + $a[2] =~ s/\s+$//; + $t=$DER_s2i{$a[2]}; + $ret.="$d$t-"; + } + close(IN); + unlink($file); + chop $ret; + $ret =~ s/(-3H(-4G-5F-5[IJKMQRS])+)+/-NAME/g; + $ret =~ s/(-3G-4B-4L)+/-RCERT/g; + return($ret,@ret); + } + +sub init_der + { + $crl= "0G-1G-2G-3F-3E-2G-NAME-2L-2L-2G-RCERT-1G-2F-2E-1C"; + $x509="0G-1G-2B-2G-3F-3E-2G-NAME-2G-3L-3L-2G-NAME-2G-3G-4F-4E-3C-1G-2F-2E-1C"; + $rsa= "0G-1B-1G-2F-2E-1D"; + + %DER_i2s=( + # SSLeay 0.4.x has this list + "A","EOC", + "B","INTEGER", + "C","BIT STRING", + "D","OCTET STRING", + "E","NULL", + "F","OBJECT", + "G","SEQUENCE", + "H","SET", + "I","PRINTABLESTRING", + "J","T61STRING", + "K","IA5STRING", + "L","UTCTIME", + "M","NUMERICSTRING", + "N","VIDEOTEXSTRING", + "O","GENERALIZEDTIME", + "P","GRAPHICSTRING", + "Q","ISO64STRING", + "R","GENERALSTRING", + "S","UNIVERSALSTRING", + + # SSLeay 0.5.x changed some things ... and I'm + # leaving in the old stuff but adding in these + # to handle the new as well --tjh + # - Well I've just taken them out and added the extra new + # ones :-) - eay + ); + + foreach (keys %DER_i2s) + { $DER_s2i{$DER_i2s{$_}}=$_; } + } + +sub parse_line + { + local($_)=@_; + + return(/\s*(\d+):d=\s*(\d+)\s+hl=\s*(\d+)\s+l=\s*(\d+|inf)\s/); + } + +# 0:d=0 hl=4 l=377 cons: univ: SEQUENCE +# 4:d=1 hl=2 l= 11 prim: univ: OCTET_STRING +# 17:d=1 hl=4 l=360 cons: univ: SEQUENCE +# 21:d=2 hl=2 l= 12 cons: univ: SEQUENCE +# 23:d=3 hl=2 l= 8 prim: univ: OBJECT_IDENTIFIER :rc4 +# 33:d=3 hl=2 l= 0 prim: univ: NULL +# 35:d=2 hl=4 l=342 prim: univ: OCTET_STRING +sub do_private_key + { + local($data,@struct)=@_; + local($file)="/tmp/b$$.DER"; + local($off,$d,$hl,$len,$_,$b,@p,$s); + + ($type)=($struct[4] =~ /OBJECT_IDENTIFIER :(.*)\s*$/); + if ($type eq "rc4") + { + ($off,$d,$hl,$len)=&parse_line($struct[6]); + open(OUT,"|$rc4_cmd >$file") || + die "unable to run $rc4_cmd:$!\n"; + print OUT substr($data,$off+$hl,$len); + close(OUT); + + $b=&load_file($file); + unlink($file); + + ($s,@p)=&der_str($b); + die "unknown rsa key type\n$s\n" + if ($s ne '0G-1B-1G-2F-2E-1D'); + local($off,$d,$hl,$len)=&parse_line($p[5]); + $b=substr($b,$off+$hl,$len); + ($s,@p)=&der_str($b); + open(OUT,"|$rsa_cmd") || die "unable to run $rsa_cmd:$!\n"; + print OUT $b; + close(OUT); + } + else + { + print "'$type' is unknown\n"; + exit(1); + } + } + +sub do_certificate + { + local($data,@struct)=@_; + local($file)="/tmp/b$$.DER"; + local($off,$d,$hl,$len,$_,$b,@p,$s); + + ($off,$d,$hl,$len)=&parse_line($struct[2]); + $b=substr($data,$off,$len+$hl); + + open(OUT,"|$x509_cmd -inform d") || die "unable to run $x509_cmd:$!\n"; + print OUT $b; + close(OUT); + } + +sub load_file + { + local($file)=@_; + local(*IN,$r,$b,$i); + + $r=""; + open(IN,"<$file") || die "unable to open $file:$!\n"; + for (;;) + { + $i=sysread(IN,$b,10240); + last if ($i <= 0); + $r.=$b; + } + close(IN); + return($r); + } + +sub load_file_parse + { + local($file)=@_; + local(*IN,$r,@ret,$_,$i,$n,$b); + + open(IN,"$cmd -inform d -in $file|") + || die "unable to run der_parse\n"; + while () + { + chop; + push(@ret,$_); + } + return($r,@ret); + } + diff --git a/crypto/openssl/apps/dgst.c b/crypto/openssl/apps/dgst.c new file mode 100644 index 000000000000..5f0506ed8cd6 --- /dev/null +++ b/crypto/openssl/apps/dgst.c @@ -0,0 +1,219 @@ +/* apps/dgst.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include +#include +#include "apps.h" +#include +#include +#include +#include +#include +#include + +#undef BUFSIZE +#define BUFSIZE 1024*8 + +#undef PROG +#define PROG dgst_main + +void do_fp(unsigned char *buf,BIO *f,int sep); +int MAIN(int argc, char **argv) + { + unsigned char *buf=NULL; + int i,err=0; + const EVP_MD *md=NULL,*m; + BIO *in=NULL,*inp; + BIO *bmd=NULL; + const char *name; +#define PROG_NAME_SIZE 16 + char pname[PROG_NAME_SIZE]; + int separator=0; + int debug=0; + + apps_startup(); + + if ((buf=(unsigned char *)Malloc(BUFSIZE)) == NULL) + { + BIO_printf(bio_err,"out of memory\n"); + goto end; + } + if (bio_err == NULL) + if ((bio_err=BIO_new(BIO_s_file())) != NULL) + BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + + /* first check the program name */ + program_name(argv[0],pname,PROG_NAME_SIZE); + + md=EVP_get_digestbyname(pname); + + argc--; + argv++; + while (argc > 0) + { + if ((*argv)[0] != '-') break; + if (strcmp(*argv,"-c") == 0) + separator=1; + else if (strcmp(*argv,"-d") == 0) + debug=1; + else if ((m=EVP_get_digestbyname(&((*argv)[1]))) != NULL) + md=m; + else + break; + argc--; + argv++; + } + + if (md == NULL) + md=EVP_md5(); + + if ((argc > 0) && (argv[0][0] == '-')) /* bad option */ + { + BIO_printf(bio_err,"unknown option '%s'\n",*argv); + BIO_printf(bio_err,"options are\n"); + BIO_printf(bio_err,"-c to output the digest with separating colons\n"); + BIO_printf(bio_err,"-d to output debug info\n"); + BIO_printf(bio_err,"-%3s to use the %s message digest algorithm (default)\n", + LN_md5,LN_md5); + BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n", + LN_md2,LN_md2); + BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n", + LN_sha1,LN_sha1); + BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n", + LN_sha,LN_sha); + BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n", + LN_mdc2,LN_mdc2); + BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n", + LN_ripemd160,LN_ripemd160); + err=1; + goto end; + } + + in=BIO_new(BIO_s_file()); + bmd=BIO_new(BIO_f_md()); + if (debug) + { + BIO_set_callback(in,BIO_debug_callback); + /* needed for windows 3.1 */ + BIO_set_callback_arg(in,bio_err); + } + + if ((in == NULL) || (bmd == NULL)) + { + ERR_print_errors(bio_err); + goto end; + } + + /* we use md as a filter, reading from 'in' */ + BIO_set_md(bmd,md); + inp=BIO_push(bmd,in); + + if (argc == 0) + { + BIO_set_fp(in,stdin,BIO_NOCLOSE); + do_fp(buf,inp,separator); + } + else + { + name=OBJ_nid2sn(md->type); + for (i=0; i +#include +#include +#include +#include "apps.h" +#include +#include +#include +#include +#include +#include + +#undef PROG +#define PROG dh_main + +/* -inform arg - input format - default PEM (one of DER, TXT or PEM) + * -outform arg - output format - default PEM + * -in arg - input file - default stdin + * -out arg - output file - default stdout + * -check - check the parameters are ok + * -noout + * -text + * -C + */ + +int MAIN(int argc, char **argv) + { + DH *dh=NULL; + int i,badops=0,text=0; + BIO *in=NULL,*out=NULL; + int informat,outformat,check=0,noout=0,C=0,ret=1; + char *infile,*outfile,*prog; + + apps_startup(); + + if (bio_err == NULL) + if ((bio_err=BIO_new(BIO_s_file())) != NULL) + BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + + infile=NULL; + outfile=NULL; + informat=FORMAT_PEM; + outformat=FORMAT_PEM; + + prog=argv[0]; + argc--; + argv++; + while (argc >= 1) + { + if (strcmp(*argv,"-inform") == 0) + { + if (--argc < 1) goto bad; + informat=str2fmt(*(++argv)); + } + else if (strcmp(*argv,"-outform") == 0) + { + if (--argc < 1) goto bad; + outformat=str2fmt(*(++argv)); + } + else if (strcmp(*argv,"-in") == 0) + { + if (--argc < 1) goto bad; + infile= *(++argv); + } + else if (strcmp(*argv,"-out") == 0) + { + if (--argc < 1) goto bad; + outfile= *(++argv); + } + else if (strcmp(*argv,"-check") == 0) + check=1; + else if (strcmp(*argv,"-text") == 0) + text=1; + else if (strcmp(*argv,"-C") == 0) + C=1; + else if (strcmp(*argv,"-noout") == 0) + noout=1; + else + { + BIO_printf(bio_err,"unknown option %s\n",*argv); + badops=1; + break; + } + argc--; + argv++; + } + + if (badops) + { +bad: + BIO_printf(bio_err,"%s [options] outfile\n",prog); + BIO_printf(bio_err,"where options are\n"); + BIO_printf(bio_err," -inform arg input format - one of DER TXT PEM\n"); + BIO_printf(bio_err," -outform arg output format - one of DER TXT PEM\n"); + BIO_printf(bio_err," -in arg input file\n"); + BIO_printf(bio_err," -out arg output file\n"); + BIO_printf(bio_err," -check check the DH parameters\n"); + BIO_printf(bio_err," -text print a text form of the DH parameters\n"); + BIO_printf(bio_err," -C Output C code\n"); + BIO_printf(bio_err," -noout no output\n"); + goto end; + } + + ERR_load_crypto_strings(); + + in=BIO_new(BIO_s_file()); + out=BIO_new(BIO_s_file()); + if ((in == NULL) || (out == NULL)) + { + ERR_print_errors(bio_err); + goto end; + } + + if (infile == NULL) + BIO_set_fp(in,stdin,BIO_NOCLOSE); + else + { + if (BIO_read_filename(in,infile) <= 0) + { + perror(infile); + goto end; + } + } + if (outfile == NULL) + BIO_set_fp(out,stdout,BIO_NOCLOSE); + else + { + if (BIO_write_filename(out,outfile) <= 0) + { + perror(outfile); + goto end; + } + } + + if (informat == FORMAT_ASN1) + dh=d2i_DHparams_bio(in,NULL); + else if (informat == FORMAT_PEM) + dh=PEM_read_bio_DHparams(in,NULL,NULL,NULL); + else + { + BIO_printf(bio_err,"bad input format specified\n"); + goto end; + } + if (dh == NULL) + { + BIO_printf(bio_err,"unable to load DH parameters\n"); + ERR_print_errors(bio_err); + goto end; + } + + + + if (text) + { + DHparams_print(out,dh); +#ifdef undef + printf("p="); + BN_print(stdout,dh->p); + printf("\ng="); + BN_print(stdout,dh->g); + printf("\n"); + if (dh->length != 0) + printf("recomented private length=%ld\n",dh->length); +#endif + } + + if (check) + { + if (!DH_check(dh,&i)) + { + ERR_print_errors(bio_err); + goto end; + } + if (i & DH_CHECK_P_NOT_PRIME) + printf("p value is not prime\n"); + if (i & DH_CHECK_P_NOT_STRONG_PRIME) + printf("p value is not a strong prime\n"); + if (i & DH_UNABLE_TO_CHECK_GENERATOR) + printf("unable to check the generator value\n"); + if (i & DH_NOT_SUITABLE_GENERATOR) + printf("the g value is not a generator\n"); + if (i == 0) + printf("DH parameters appear to be ok.\n"); + } + if (C) + { + unsigned char *data; + int len,l,bits; + + len=BN_num_bytes(dh->p); + bits=BN_num_bits(dh->p); + data=(unsigned char *)Malloc(len); + if (data == NULL) + { + perror("Malloc"); + goto end; + } + l=BN_bn2bin(dh->p,data); + printf("static unsigned char dh%d_p[]={",bits); + for (i=0; ig,data); + printf("static unsigned char dh%d_g[]={",bits); + for (i=0; ip=BN_bin2bn(dh%d_p,sizeof(dh%d_p),NULL);\n", + bits,bits); + printf("\tdh->g=BN_bin2bn(dh%d_g,sizeof(dh%d_g),NULL);\n", + bits,bits); + printf("\tif ((dh->p == NULL) || (dh->g == NULL))\n"); + printf("\t\treturn(NULL);\n"); + printf("\treturn(dh);\n\t}\n"); + } + + + if (!noout) + { + if (outformat == FORMAT_ASN1) + i=i2d_DHparams_bio(out,dh); + else if (outformat == FORMAT_PEM) + i=PEM_write_bio_DHparams(out,dh); + else { + BIO_printf(bio_err,"bad output format specified for outfile\n"); + goto end; + } + if (!i) + { + BIO_printf(bio_err,"unable to write DH paramaters\n"); + ERR_print_errors(bio_err); + goto end; + } + } + ret=0; +end: + if (in != NULL) BIO_free(in); + if (out != NULL) BIO_free(out); + if (dh != NULL) DH_free(dh); + EXIT(ret); + } +#endif diff --git a/crypto/openssl/apps/dh1024.pem b/crypto/openssl/apps/dh1024.pem new file mode 100644 index 000000000000..81d43f6a3eae --- /dev/null +++ b/crypto/openssl/apps/dh1024.pem @@ -0,0 +1,5 @@ +-----BEGIN DH PARAMETERS----- +MIGHAoGBAJf2QmHKtQXdKCjhPx1ottPb0PMTBH9A6FbaWMsTuKG/K3g6TG1Z1fkq +/Gz/PWk/eLI9TzFgqVAuPvr3q14a1aZeVUMTgo2oO5/y2UHe6VaJ+trqCTat3xlx +/mNbIK9HA2RgPC3gWfVLZQrY+gz3ASHHR5nXWHEyvpuZm7m3h+irAgEC +-----END DH PARAMETERS----- diff --git a/crypto/openssl/apps/dsa-ca.pem b/crypto/openssl/apps/dsa-ca.pem new file mode 100644 index 000000000000..cccc14208fc1 --- /dev/null +++ b/crypto/openssl/apps/dsa-ca.pem @@ -0,0 +1,40 @@ +-----BEGIN DSA PRIVATE KEY----- +MIIBugIBAAKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2GlrMV4FMuj+BZgnOQ +PnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7OZq5riDb77Cjcwtel +u+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR5HCVW1DNSQIVAPcH +Me36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnlaG8w42nh5bNdmLso +hkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6kQmdtvFNnFQPWAbu +SXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15AlsQReVkusBtXOlan7Y +Mu0OArgCgYAapll6iqz9XrZFlk2GCVcB+KihxWnH7IuHvSLw9YUrJahcBHmbpvt4 +94lF4gC5w3WPM+vXJofbusk4GoQEEsQNMDaah4m49uUqAylOVFJJJXuirVJ+o+0T +tOFDITEAl+YZZariXOD7tdOSOl9RLMPC6+daHKS9e68u3enxhqnDGQIUB78dhW77 +J6zsFbSEHaQGUmfSeoM= +-----END DSA PRIVATE KEY----- +-----BEGIN CERTIFICATE REQUEST----- +MIICUjCCAhECAQAwUjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx +ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDELMAkGA1UEAxMCQ0Ew +ggG0MIIBKQYFKw4DAgwwggEeAoGBAKc/boW/QWopffCfRxkwkJoJHdpqMx7FPYaW +sxXgUy6P4FmCc5A+dTGZR3pS+4Xk2aZ7OJtoioSbh8YetX6GS1NbWc9xZRmIbs5m +rmuINvvsKNzC16W75Sw5JkvamnAYlTeVEFYj9hXtugRe3jlP/bdDH7WkZW/NgBHk +cJVbUM1JAhUA9wcx7fpsBgPVhYocrJxl51BmZW8CgYBN30wDppGK9RlvUEYlmeVo +bzDjaeHls12YuyiGSPzemQQ/X4gMnHMkDSBduSqaPxiWJ+Rih8F7dGJT/GEnqHqR +CZ228U2cVA9YBu5JdAfOVX4jzhb2ytxaYQF+yXG1TfbcNCmHaPZeIJOz2/XkCWxB +F5WS6wG1c6Vqftgy7Q4CuAOBhAACgYAapll6iqz9XrZFlk2GCVcB+KihxWnH7IuH +vSLw9YUrJahcBHmbpvt494lF4gC5w3WPM+vXJofbusk4GoQEEsQNMDaah4m49uUq +AylOVFJJJXuirVJ+o+0TtOFDITEAl+YZZariXOD7tdOSOl9RLMPC6+daHKS9e68u +3enxhqnDGaAAMAkGBSsOAwIbBQADMAAwLQIVAJGVuFsG/0DBuSZ0jF7ypdU0/G0v +AhQfeF5BoMMDbX/kidUVpQ6gadPlZA== +-----END CERTIFICATE REQUEST----- +-----BEGIN CERTIFICATE----- +MIIBrjCCAWwCAQswCQYFKw4DAhsFADBTMQswCQYDVQQGEwJBVTETMBEGA1UECBMK +U29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQww +CgYDVQQDEwNQQ0EwHhcNOTcwNjE1MDIxNDI5WhcNOTcwNzE1MDIxNDI5WjBSMQsw +CQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJu +ZXQgV2lkZ2l0cyBQdHkgTHRkMQswCQYDVQQDEwJDQTCBkjAJBgUrDgMCDAUAA4GE +AAKBgBqmWXqKrP1etkWWTYYJVwH4qKHFacfsi4e9IvD1hSslqFwEeZum+3j3iUXi +ALnDdY8z69cmh9u6yTgahAQSxA0wNpqHibj25SoDKU5UUkkle6KtUn6j7RO04UMh +MQCX5hllquJc4Pu105I6X1Esw8Lr51ocpL17ry7d6fGGqcMZMAkGBSsOAwIbBQAD +MQAwLgIVAJ4wtQsANPxHo7Q4IQZYsL12SKdbAhUAjJ9n38zxT+iai2164xS+LIfa +C1Q= +-----END CERTIFICATE----- + diff --git a/crypto/openssl/apps/dsa-pca.pem b/crypto/openssl/apps/dsa-pca.pem new file mode 100644 index 000000000000..d23774edd618 --- /dev/null +++ b/crypto/openssl/apps/dsa-pca.pem @@ -0,0 +1,46 @@ +-----BEGIN DSA PRIVATE KEY----- +MIIBvAIBAAKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2GlrMV4FMuj+BZgnOQ +PnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7OZq5riDb77Cjcwtel +u+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR5HCVW1DNSQIVAPcH +Me36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnlaG8w42nh5bNdmLso +hkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6kQmdtvFNnFQPWAbu +SXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15AlsQReVkusBtXOlan7Y +Mu0OArgCgYEApu25HkB1b4gKMIV7aLGNSIknMzYgrB7o1kQxeDf34dDVRM9OZ8tk +umz6tl+iUcNe5EoxdsYV1IXSddjOi08LOLsZq7AQlNnKvbtlmMDULpqkZJD0bO7A +29nisJfKy1URqABLw5DgfcPh1ZLXtmDfUgJvmjgTmvTPT2j9TPjq7RUCFQDNvrBz +6TicfImU7UFRn9h00j0lJQ== +-----END DSA PRIVATE KEY----- +-----BEGIN CERTIFICATE REQUEST----- +MIICVTCCAhMCAQAwUzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx +ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEMMAoGA1UEAxMDUENB +MIIBtTCCASkGBSsOAwIMMIIBHgKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2G +lrMV4FMuj+BZgnOQPnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7O +Zq5riDb77Cjcwtelu+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR +5HCVW1DNSQIVAPcHMe36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnl +aG8w42nh5bNdmLsohkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6 +kQmdtvFNnFQPWAbuSXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15Als +QReVkusBtXOlan7YMu0OArgDgYUAAoGBAKbtuR5AdW+ICjCFe2ixjUiJJzM2IKwe +6NZEMXg39+HQ1UTPTmfLZLps+rZfolHDXuRKMXbGFdSF0nXYzotPCzi7GauwEJTZ +yr27ZZjA1C6apGSQ9GzuwNvZ4rCXystVEagAS8OQ4H3D4dWS17Zg31ICb5o4E5r0 +z09o/Uz46u0VoAAwCQYFKw4DAhsFAAMxADAuAhUArRubTxsbIXy3AhtjQ943AbNB +nSICFQCu+g1iW3jwF+gOcbroD4S/ZcvB3w== +-----END CERTIFICATE REQUEST----- +-----BEGIN CERTIFICATE----- +MIIC0zCCApECAQAwCQYFKw4DAhsFADBTMQswCQYDVQQGEwJBVTETMBEGA1UECBMK +U29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQww +CgYDVQQDEwNQQ0EwHhcNOTcwNjE0MjI1NDQ1WhcNOTcwNzE0MjI1NDQ1WjBTMQsw +CQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJu +ZXQgV2lkZ2l0cyBQdHkgTHRkMQwwCgYDVQQDEwNQQ0EwggG1MIIBKQYFKw4DAgww +ggEeAoGBAKc/boW/QWopffCfRxkwkJoJHdpqMx7FPYaWsxXgUy6P4FmCc5A+dTGZ +R3pS+4Xk2aZ7OJtoioSbh8YetX6GS1NbWc9xZRmIbs5mrmuINvvsKNzC16W75Sw5 +JkvamnAYlTeVEFYj9hXtugRe3jlP/bdDH7WkZW/NgBHkcJVbUM1JAhUA9wcx7fps +BgPVhYocrJxl51BmZW8CgYBN30wDppGK9RlvUEYlmeVobzDjaeHls12YuyiGSPze +mQQ/X4gMnHMkDSBduSqaPxiWJ+Rih8F7dGJT/GEnqHqRCZ228U2cVA9YBu5JdAfO +VX4jzhb2ytxaYQF+yXG1TfbcNCmHaPZeIJOz2/XkCWxBF5WS6wG1c6Vqftgy7Q4C +uAOBhQACgYEApu25HkB1b4gKMIV7aLGNSIknMzYgrB7o1kQxeDf34dDVRM9OZ8tk +umz6tl+iUcNe5EoxdsYV1IXSddjOi08LOLsZq7AQlNnKvbtlmMDULpqkZJD0bO7A +29nisJfKy1URqABLw5DgfcPh1ZLXtmDfUgJvmjgTmvTPT2j9TPjq7RUwCQYFKw4D +AhsFAAMxADAuAhUAvtv6AkMolix1Jvy3UnVEIUqdCUICFQC+jq8P49mwrY9oJ24n +5rKUjNBhSg== +-----END CERTIFICATE----- + diff --git a/crypto/openssl/apps/dsa.c b/crypto/openssl/apps/dsa.c new file mode 100644 index 000000000000..fedecf27397b --- /dev/null +++ b/crypto/openssl/apps/dsa.c @@ -0,0 +1,256 @@ +/* apps/dsa.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef NO_DSA +#include +#include +#include +#include +#include "apps.h" +#include +#include +#include +#include +#include +#include + +#undef PROG +#define PROG dsa_main + +/* -inform arg - input format - default PEM (one of DER, NET or PEM) + * -outform arg - output format - default PEM + * -in arg - input file - default stdin + * -out arg - output file - default stdout + * -des - encrypt output if PEM format with DES in cbc mode + * -des3 - encrypt output if PEM format + * -idea - encrypt output if PEM format + * -text - print a text version + * -modulus - print the DSA public key + */ + +int MAIN(int argc, char **argv) + { + int ret=1; + DSA *dsa=NULL; + int i,badops=0; + const EVP_CIPHER *enc=NULL; + BIO *in=NULL,*out=NULL; + int informat,outformat,text=0,noout=0; + char *infile,*outfile,*prog; + int modulus=0; + + apps_startup(); + + if (bio_err == NULL) + if ((bio_err=BIO_new(BIO_s_file())) != NULL) + BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + + infile=NULL; + outfile=NULL; + informat=FORMAT_PEM; + outformat=FORMAT_PEM; + + prog=argv[0]; + argc--; + argv++; + while (argc >= 1) + { + if (strcmp(*argv,"-inform") == 0) + { + if (--argc < 1) goto bad; + informat=str2fmt(*(++argv)); + } + else if (strcmp(*argv,"-outform") == 0) + { + if (--argc < 1) goto bad; + outformat=str2fmt(*(++argv)); + } + else if (strcmp(*argv,"-in") == 0) + { + if (--argc < 1) goto bad; + infile= *(++argv); + } + else if (strcmp(*argv,"-out") == 0) + { + if (--argc < 1) goto bad; + outfile= *(++argv); + } + else if (strcmp(*argv,"-noout") == 0) + noout=1; + else if (strcmp(*argv,"-text") == 0) + text=1; + else if (strcmp(*argv,"-modulus") == 0) + modulus=1; + else if ((enc=EVP_get_cipherbyname(&(argv[0][1]))) == NULL) + { + BIO_printf(bio_err,"unknown option %s\n",*argv); + badops=1; + break; + } + argc--; + argv++; + } + + if (badops) + { +bad: + BIO_printf(bio_err,"%s [options] outfile\n",prog); + BIO_printf(bio_err,"where options are\n"); + BIO_printf(bio_err," -inform arg input format - one of DER NET PEM\n"); + BIO_printf(bio_err," -outform arg output format - one of DER NET PEM\n"); + BIO_printf(bio_err," -in arg input file\n"); + BIO_printf(bio_err," -out arg output file\n"); + BIO_printf(bio_err," -des encrypt PEM output with cbc des\n"); + BIO_printf(bio_err," -des3 encrypt PEM output with ede cbc des using 168 bit key\n"); +#ifndef NO_IDEA + BIO_printf(bio_err," -idea encrypt PEM output with cbc idea\n"); +#endif + BIO_printf(bio_err," -text print the key in text\n"); + BIO_printf(bio_err," -noout don't print key out\n"); + BIO_printf(bio_err," -modulus print the DSA public value\n"); + goto end; + } + + ERR_load_crypto_strings(); + + in=BIO_new(BIO_s_file()); + out=BIO_new(BIO_s_file()); + if ((in == NULL) || (out == NULL)) + { + ERR_print_errors(bio_err); + goto end; + } + + if (infile == NULL) + BIO_set_fp(in,stdin,BIO_NOCLOSE); + else + { + if (BIO_read_filename(in,infile) <= 0) + { + perror(infile); + goto end; + } + } + + BIO_printf(bio_err,"read DSA private key\n"); + if (informat == FORMAT_ASN1) + dsa=d2i_DSAPrivateKey_bio(in,NULL); + else if (informat == FORMAT_PEM) + dsa=PEM_read_bio_DSAPrivateKey(in,NULL,NULL,NULL); + else + { + BIO_printf(bio_err,"bad input format specified for key\n"); + goto end; + } + if (dsa == NULL) + { + BIO_printf(bio_err,"unable to load Private Key\n"); + ERR_print_errors(bio_err); + goto end; + } + + if (outfile == NULL) + BIO_set_fp(out,stdout,BIO_NOCLOSE); + else + { + if (BIO_write_filename(out,outfile) <= 0) + { + perror(outfile); + goto end; + } + } + + if (text) + if (!DSA_print(out,dsa,0)) + { + perror(outfile); + ERR_print_errors(bio_err); + goto end; + } + + if (modulus) + { + fprintf(stdout,"Public Key="); + BN_print(out,dsa->pub_key); + fprintf(stdout,"\n"); + } + + if (noout) goto end; + BIO_printf(bio_err,"writing DSA private key\n"); + if (outformat == FORMAT_ASN1) + i=i2d_DSAPrivateKey_bio(out,dsa); + else if (outformat == FORMAT_PEM) + i=PEM_write_bio_DSAPrivateKey(out,dsa,enc,NULL,0,NULL,NULL); + else { + BIO_printf(bio_err,"bad output format specified for outfile\n"); + goto end; + } + if (!i) + { + BIO_printf(bio_err,"unable to write private key\n"); + ERR_print_errors(bio_err); + } + else + ret=0; +end: + if (in != NULL) BIO_free(in); + if (out != NULL) BIO_free(out); + if (dsa != NULL) DSA_free(dsa); + EXIT(ret); + } +#endif diff --git a/crypto/openssl/apps/dsa1024.pem b/crypto/openssl/apps/dsa1024.pem new file mode 100644 index 000000000000..082dec389782 --- /dev/null +++ b/crypto/openssl/apps/dsa1024.pem @@ -0,0 +1,9 @@ +-----BEGIN DSA PARAMETERS----- +MIIBHgKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2GlrMV4FMuj+BZgnOQPnUx +mUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7OZq5riDb77Cjcwtelu+Us +OSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR5HCVW1DNSQIVAPcHMe36 +bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnlaG8w42nh5bNdmLsohkj8 +3pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6kQmdtvFNnFQPWAbuSXQH +zlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15AlsQReVkusBtXOlan7YMu0O +Arg= +-----END DSA PARAMETERS----- diff --git a/crypto/openssl/apps/dsa512.pem b/crypto/openssl/apps/dsa512.pem new file mode 100644 index 000000000000..5f86d1a6e7e8 --- /dev/null +++ b/crypto/openssl/apps/dsa512.pem @@ -0,0 +1,6 @@ +-----BEGIN DSA PARAMETERS----- +MIGdAkEAnRtpjibb8isRcBmG9hnI+BnyGFOURgbQYlAzSwI8UjADizv5X9EkBk97 +TLqqQJv9luQ3M7stWtdaEUBmonZ9MQIVAPtT71C0QJIxVoZTeuiLIppJ+3GPAkEA +gz6I5cWJc847bAFJv7PHnwrqRJHlMKrZvltftxDXibeOdPvPKR7rqCxUUbgQ3qDO +L8wka5B33qJoplISogOdIA== +-----END DSA PARAMETERS----- diff --git a/crypto/openssl/apps/dsap.pem b/crypto/openssl/apps/dsap.pem new file mode 100644 index 000000000000..d4dfdb3054f3 --- /dev/null +++ b/crypto/openssl/apps/dsap.pem @@ -0,0 +1,6 @@ +-----BEGIN DSA PARAMETERS----- +MIGcAkEA+ZiKEvZmc9MtnaFZh4NiZ3oZS4J1PHvPrm9MXj5ntVheDPkdmBDTncya +GAJcMjwsyB/GvLDGd6yGCw/8eF+09wIVAK3VagOxGd/Q4Af5NbxR5FB7CXEjAkA2 +t/q7HgVLi0KeKvcDG8BRl3wuy7bCvpjgtWiJc/tpvcuzeuAayH89UofjAGueKjXD +ADiRffvSdhrNw5dkqdql +-----END DSA PARAMETERS----- diff --git a/crypto/openssl/apps/dsaparam.c b/crypto/openssl/apps/dsaparam.c new file mode 100644 index 000000000000..fb8d47110876 --- /dev/null +++ b/crypto/openssl/apps/dsaparam.c @@ -0,0 +1,353 @@ +/* apps/dsaparam.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef NO_DSA +#include +#include +#include +#include +#include "apps.h" +#include +#include +#include +#include +#include +#include +#include + +#undef PROG +#define PROG dsaparam_main + +/* -inform arg - input format - default PEM (one of DER, TXT or PEM) + * -outform arg - output format - default PEM + * -in arg - input file - default stdin + * -out arg - output file - default stdout + * -noout + * -text + * -C + * -noout + * -genkey + */ + +static void MS_CALLBACK dsa_cb(int p, int n, char *arg); +int MAIN(int argc, char **argv) + { + DSA *dsa=NULL; + int i,badops=0,text=0; + BIO *in=NULL,*out=NULL; + int informat,outformat,noout=0,C=0,ret=1; + char *infile,*outfile,*prog,*inrand=NULL; + int numbits= -1,num,genkey=0; + char buffer[200],*randfile=NULL; + + apps_startup(); + + if (bio_err == NULL) + if ((bio_err=BIO_new(BIO_s_file())) != NULL) + BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + + infile=NULL; + outfile=NULL; + informat=FORMAT_PEM; + outformat=FORMAT_PEM; + + prog=argv[0]; + argc--; + argv++; + while (argc >= 1) + { + if (strcmp(*argv,"-inform") == 0) + { + if (--argc < 1) goto bad; + informat=str2fmt(*(++argv)); + } + else if (strcmp(*argv,"-outform") == 0) + { + if (--argc < 1) goto bad; + outformat=str2fmt(*(++argv)); + } + else if (strcmp(*argv,"-in") == 0) + { + if (--argc < 1) goto bad; + infile= *(++argv); + } + else if (strcmp(*argv,"-out") == 0) + { + if (--argc < 1) goto bad; + outfile= *(++argv); + } + else if (strcmp(*argv,"-text") == 0) + text=1; + else if (strcmp(*argv,"-C") == 0) + C=1; + else if (strcmp(*argv,"-genkey") == 0) + genkey=1; + else if (strcmp(*argv,"-rand") == 0) + { + if (--argc < 1) goto bad; + inrand= *(++argv); + } + else if (strcmp(*argv,"-noout") == 0) + noout=1; + else if (sscanf(*argv,"%d",&num) == 1) + { + /* generate a key */ + numbits=num; + } + else + { + BIO_printf(bio_err,"unknown option %s\n",*argv); + badops=1; + break; + } + argc--; + argv++; + } + + if (badops) + { +bad: + BIO_printf(bio_err,"%s [options] [bits] outfile\n",prog); + BIO_printf(bio_err,"where options are\n"); + BIO_printf(bio_err," -inform arg input format - one of DER TXT PEM\n"); + BIO_printf(bio_err," -outform arg output format - one of DER TXT PEM\n"); + BIO_printf(bio_err," -in arg input file\n"); + BIO_printf(bio_err," -out arg output file\n"); + BIO_printf(bio_err," -text check the DSA parameters\n"); + BIO_printf(bio_err," -C Output C code\n"); + BIO_printf(bio_err," -noout no output\n"); + BIO_printf(bio_err," -rand files to use for random number input\n"); + BIO_printf(bio_err," number number of bits to use for generating private key\n"); + goto end; + } + + ERR_load_crypto_strings(); + + in=BIO_new(BIO_s_file()); + out=BIO_new(BIO_s_file()); + if ((in == NULL) || (out == NULL)) + { + ERR_print_errors(bio_err); + goto end; + } + + if (infile == NULL) + BIO_set_fp(in,stdin,BIO_NOCLOSE); + else + { + if (BIO_read_filename(in,infile) <= 0) + { + perror(infile); + goto end; + } + } + if (outfile == NULL) + BIO_set_fp(out,stdout,BIO_NOCLOSE); + else + { + if (BIO_write_filename(out,outfile) <= 0) + { + perror(outfile); + goto end; + } + } + + if (numbits > 0) + { + randfile=RAND_file_name(buffer,200); + RAND_load_file(randfile,1024L*1024L); + + BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num); + BIO_printf(bio_err,"This could take some time\n"); + dsa=DSA_generate_parameters(num,NULL,0,NULL,NULL, + dsa_cb,(char *)bio_err); + } + else if (informat == FORMAT_ASN1) + dsa=d2i_DSAparams_bio(in,NULL); + else if (informat == FORMAT_PEM) + dsa=PEM_read_bio_DSAparams(in,NULL,NULL,NULL); + else + { + BIO_printf(bio_err,"bad input format specified\n"); + goto end; + } + if (dsa == NULL) + { + BIO_printf(bio_err,"unable to load DSA parameters\n"); + ERR_print_errors(bio_err); + goto end; + } + + if (text) + { + DSAparams_print(out,dsa); + } + + if (C) + { + unsigned char *data; + int l,len,bits_p,bits_q,bits_g; + + len=BN_num_bytes(dsa->p); + bits_p=BN_num_bits(dsa->p); + bits_q=BN_num_bits(dsa->q); + bits_g=BN_num_bits(dsa->g); + data=(unsigned char *)Malloc(len+20); + if (data == NULL) + { + perror("Malloc"); + goto end; + } + l=BN_bn2bin(dsa->p,data); + printf("static unsigned char dsa%d_p[]={",bits_p); + for (i=0; iq,data); + printf("static unsigned char dsa%d_q[]={",bits_p); + for (i=0; ig,data); + printf("static unsigned char dsa%d_g[]={",bits_p); + for (i=0; ip=BN_bin2bn(dsa%d_p,sizeof(dsa%d_p),NULL);\n", + bits_p,bits_p); + printf("\tdsa->q=BN_bin2bn(dsa%d_q,sizeof(dsa%d_q),NULL);\n", + bits_p,bits_p); + printf("\tdsa->g=BN_bin2bn(dsa%d_g,sizeof(dsa%d_g),NULL);\n", + bits_p,bits_p); + printf("\tif ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))\n"); + printf("\t\treturn(NULL);\n"); + printf("\treturn(dsa);\n\t}\n"); + } + + + if (!noout) + { + if (outformat == FORMAT_ASN1) + i=i2d_DSAparams_bio(out,dsa); + else if (outformat == FORMAT_PEM) + i=PEM_write_bio_DSAparams(out,dsa); + else { + BIO_printf(bio_err,"bad output format specified for outfile\n"); + goto end; + } + if (!i) + { + BIO_printf(bio_err,"unable to write DSA paramaters\n"); + ERR_print_errors(bio_err); + goto end; + } + } + if (genkey) + { + DSA *dsakey; + + if ((dsakey=DSAparams_dup(dsa)) == NULL) goto end; + if (!DSA_generate_key(dsakey)) goto end; + if (outformat == FORMAT_ASN1) + i=i2d_DSAPrivateKey_bio(out,dsakey); + else if (outformat == FORMAT_PEM) + i=PEM_write_bio_DSAPrivateKey(out,dsakey,NULL,NULL,0,NULL,NULL); + else { + BIO_printf(bio_err,"bad output format specified for outfile\n"); + goto end; + } + DSA_free(dsakey); + } + ret=0; +end: + if (in != NULL) BIO_free(in); + if (out != NULL) BIO_free(out); + if (dsa != NULL) DSA_free(dsa); + EXIT(ret); + } + +static void MS_CALLBACK dsa_cb(int p, int n, char *arg) + { + char c='*'; + + if (p == 0) c='.'; + if (p == 1) c='+'; + if (p == 2) c='*'; + if (p == 3) c='\n'; + BIO_write((BIO *)arg,&c,1); + (void)BIO_flush((BIO *)arg); +#ifdef LINT + p=n; +#endif + } +#endif diff --git a/crypto/openssl/apps/eay.c b/crypto/openssl/apps/eay.c new file mode 100644 index 000000000000..a84aa382bde4 --- /dev/null +++ b/crypto/openssl/apps/eay.c @@ -0,0 +1,131 @@ +/* apps/eay.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include +#include + +#define MONOLITH +#define USE_SOCKETS + +#include "openssl/e_os.h" + +#include +#include +#include + +#include + +#include + +#include + +#include +#include +#include + +#include + +#include +#include +#include +#include +#include + +#define MONOLITH + +#include "openssl.c" +#include "apps.c" +#include "asn1pars.c" +#ifndef NO_RSA +#include "ca.c" +#include "genrsa.c" +#include "req.c" +#include "rsa.c" +#endif +#ifndef NO_DH +#include "gendh.c" +#include "dh.c" +#endif +#include "crl.c" +#include "crl2p7.c" +#include "dgst.c" +#include "enc.c" +#include "errstr.c" +#if !defined(NO_SSL2) || !defined(NO_SSL3) +#ifndef NO_SOCK +#include "s_cb.c" +#include "s_client.c" +#include "s_server.c" +#include "s_socket.c" +#include "s_time.c" +#endif +#endif +#include "speed.c" +#include "verify.c" +#include "version.c" +#include "x509.c" +#include "ciphers.c" +#include "sess_id.c" +#include "pkcs7.c" +#ifndef NO_DSA +#include "dsaparam.c" +#include "dsa.c" +#include "gendsa.c" +#endif + diff --git a/crypto/openssl/apps/enc.c b/crypto/openssl/apps/enc.c new file mode 100644 index 000000000000..bce936a2fc62 --- /dev/null +++ b/crypto/openssl/apps/enc.c @@ -0,0 +1,551 @@ +/* apps/enc.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include +#include +#include "apps.h" +#include +#include +#include +#include +#include +#ifndef NO_MD5 +#include +#endif +#include + +int set_hex(char *in,unsigned char *out,int size); +#undef SIZE +#undef BSIZE +#undef PROG + +#define SIZE (512) +#define BSIZE (8*1024) +#define PROG enc_main + +int MAIN(int argc, char **argv) + { + char *strbuf=NULL; + unsigned char *buff=NULL,*bufsize=NULL; + int bsize=BSIZE,verbose=0; + int ret=1,inl; + unsigned char key[24],iv[MD5_DIGEST_LENGTH]; + char *str=NULL; + char *hkey=NULL,*hiv=NULL; + int enc=1,printkey=0,i,base64=0; + int debug=0,olb64=0; + const EVP_CIPHER *cipher=NULL,*c; + char *inf=NULL,*outf=NULL; + BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL; +#define PROG_NAME_SIZE 16 + char pname[PROG_NAME_SIZE]; + + apps_startup(); + + if (bio_err == NULL) + if ((bio_err=BIO_new(BIO_s_file())) != NULL) + BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + + /* first check the program name */ + program_name(argv[0],pname,PROG_NAME_SIZE); + if (strcmp(pname,"base64") == 0) + base64=1; + + cipher=EVP_get_cipherbyname(pname); + if (!base64 && (cipher == NULL) && (strcmp(pname,"enc") != 0)) + { + BIO_printf(bio_err,"%s is an unknown cipher\n",pname); + goto bad; + } + + argc--; + argv++; + while (argc >= 1) + { + if (strcmp(*argv,"-e") == 0) + enc=1; + else if (strcmp(*argv,"-in") == 0) + { + if (--argc < 1) goto bad; + inf= *(++argv); + } + else if (strcmp(*argv,"-out") == 0) + { + if (--argc < 1) goto bad; + outf= *(++argv); + } + else if (strcmp(*argv,"-d") == 0) + enc=0; + else if (strcmp(*argv,"-p") == 0) + printkey=1; + else if (strcmp(*argv,"-v") == 0) + verbose=1; + else if ((strcmp(*argv,"-debug") == 0) || + (strcmp(*argv,"-d") == 0)) + debug=1; + else if (strcmp(*argv,"-P") == 0) + printkey=2; + else if (strcmp(*argv,"-A") == 0) + olb64=1; + else if (strcmp(*argv,"-a") == 0) + base64=1; + else if (strcmp(*argv,"-base64") == 0) + base64=1; + else if (strcmp(*argv,"-bufsize") == 0) + { + if (--argc < 1) goto bad; + bufsize=(unsigned char *)*(++argv); + } + else if (strcmp(*argv,"-k") == 0) + { + if (--argc < 1) goto bad; + str= *(++argv); + } + else if (strcmp(*argv,"-kfile") == 0) + { + static char buf[128]; + FILE *infile; + char *file; + + if (--argc < 1) goto bad; + file= *(++argv); + infile=fopen(file,"r"); + if (infile == NULL) + { + BIO_printf(bio_err,"unable to read key from '%s'\n", + file); + goto bad; + } + buf[0]='\0'; + fgets(buf,128,infile); + fclose(infile); + i=strlen(buf); + if ((i > 0) && + ((buf[i-1] == '\n') || (buf[i-1] == '\r'))) + buf[--i]='\0'; + if ((i > 0) && + ((buf[i-1] == '\n') || (buf[i-1] == '\r'))) + buf[--i]='\0'; + if (i < 1) + { + BIO_printf(bio_err,"zero length password\n"); + goto bad; + } + str=buf; + } + else if (strcmp(*argv,"-K") == 0) + { + if (--argc < 1) goto bad; + hkey= *(++argv); + } + else if (strcmp(*argv,"-iv") == 0) + { + if (--argc < 1) goto bad; + hiv= *(++argv); + } + else if ((argv[0][0] == '-') && + ((c=EVP_get_cipherbyname(&(argv[0][1]))) != NULL)) + { + cipher=c; + } + else if (strcmp(*argv,"-none") == 0) + cipher=NULL; + else + { + BIO_printf(bio_err,"unknown option '%s'\n",*argv); +bad: + BIO_printf(bio_err,"options are\n"); + BIO_printf(bio_err,"%-14s input file\n","-in "); + BIO_printf(bio_err,"%-14s output fileencrypt\n","-out "); + BIO_printf(bio_err,"%-14s encrypt\n","-e"); + BIO_printf(bio_err,"%-14s decrypt\n","-d"); + BIO_printf(bio_err,"%-14s base64 encode/decode, depending on encryption flag\n","-a/-base64"); + BIO_printf(bio_err,"%-14s key is the next argument\n","-k"); + BIO_printf(bio_err,"%-14s key is the first line of the file argument\n","-kfile"); + BIO_printf(bio_err,"%-14s key/iv in hex is the next argument\n","-K/-iv"); + BIO_printf(bio_err,"%-14s print the iv/key (then exit if -P)\n","-[pP]"); + BIO_printf(bio_err,"%-14s buffer size\n","-bufsize "); + + BIO_printf(bio_err,"Cipher Types\n"); + BIO_printf(bio_err,"des : 56 bit key DES encryption\n"); + BIO_printf(bio_err,"des_ede :112 bit key ede DES encryption\n"); + BIO_printf(bio_err,"des_ede3:168 bit key ede DES encryption\n"); +#ifndef NO_IDEA + BIO_printf(bio_err,"idea :128 bit key IDEA encryption\n"); +#endif +#ifndef NO_RC4 + BIO_printf(bio_err,"rc2 :128 bit key RC2 encryption\n"); +#endif +#ifndef NO_BF + BIO_printf(bio_err,"bf :128 bit key BlowFish encryption\n"); +#endif +#ifndef NO_RC4 + BIO_printf(bio_err," -%-5s :128 bit key RC4 encryption\n", + LN_rc4); +#endif + + BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s", + LN_des_ecb,LN_des_cbc, + LN_des_cfb64,LN_des_ofb64); + BIO_printf(bio_err," -%-4s (%s)\n", + "des", LN_des_cbc); + + BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s", + LN_des_ede,LN_des_ede_cbc, + LN_des_ede_cfb64,LN_des_ede_ofb64); + BIO_printf(bio_err," -desx -none\n"); + + + BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s", + LN_des_ede3,LN_des_ede3_cbc, + LN_des_ede3_cfb64,LN_des_ede3_ofb64); + BIO_printf(bio_err," -%-4s (%s)\n", + "des3", LN_des_ede3_cbc); + +#ifndef NO_IDEA + BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s", + LN_idea_ecb, LN_idea_cbc, + LN_idea_cfb64, LN_idea_ofb64); + BIO_printf(bio_err," -%-4s (%s)\n","idea",LN_idea_cbc); +#endif +#ifndef NO_RC2 + BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s", + LN_rc2_ecb, LN_rc2_cbc, + LN_rc2_cfb64, LN_rc2_ofb64); + BIO_printf(bio_err," -%-4s (%s)\n","rc2", LN_rc2_cbc); +#endif +#ifndef NO_BF + BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s", + LN_bf_ecb, LN_bf_cbc, + LN_bf_cfb64, LN_bf_ofb64); + BIO_printf(bio_err," -%-4s (%s)\n","bf", LN_bf_cbc); +#endif +#ifndef NO_CAST + BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s", + LN_cast5_ecb, LN_cast5_cbc, + LN_cast5_cfb64, LN_cast5_ofb64); + BIO_printf(bio_err," -%-4s (%s)\n","cast", LN_cast5_cbc); +#endif +#ifndef NO_RC5 + BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s", + LN_rc5_ecb, LN_rc5_cbc, + LN_rc5_cfb64, LN_rc5_ofb64); + BIO_printf(bio_err," -%-4s (%s)\n","rc5", LN_rc5_cbc); +#endif + goto end; + } + argc--; + argv++; + } + + if (bufsize != NULL) + { + unsigned long n; + + for (n=0; *bufsize; bufsize++) + { + i= *bufsize; + if ((i <= '9') && (i >= '0')) + n=n*10+i-'0'; + else if (i == 'k') + { + n*=1024; + bufsize++; + break; + } + } + if (*bufsize != '\0') + { + BIO_printf(bio_err,"invalid 'bufsize' specified.\n"); + goto end; + } + + /* It must be large enough for a base64 encoded line */ + if (n < 80) n=80; + + bsize=(int)n; + if (verbose) BIO_printf(bio_err,"bufsize=%d\n",bsize); + } + + strbuf=Malloc(SIZE); + buff=(unsigned char *)Malloc(EVP_ENCODE_LENGTH(bsize)); + if ((buff == NULL) || (strbuf == NULL)) + { + BIO_printf(bio_err,"Malloc failure %ld\n",(long)EVP_ENCODE_LENGTH(bsize)); + goto end; + } + + in=BIO_new(BIO_s_file()); + out=BIO_new(BIO_s_file()); + if ((in == NULL) || (out == NULL)) + { + ERR_print_errors(bio_err); + goto end; + } + if (debug) + { + BIO_set_callback(in,BIO_debug_callback); + BIO_set_callback(out,BIO_debug_callback); + BIO_set_callback_arg(in,bio_err); + BIO_set_callback_arg(out,bio_err); + } + + if (inf == NULL) + BIO_set_fp(in,stdin,BIO_NOCLOSE); + else + { + if (BIO_read_filename(in,inf) <= 0) + { + perror(inf); + goto end; + } + } + + if ((str == NULL) && (cipher != NULL) && (hkey == NULL)) + { + for (;;) + { + char buf[200]; + + sprintf(buf,"enter %s %s password:", + OBJ_nid2ln(EVP_CIPHER_nid(cipher)), + (enc)?"encryption":"decryption"); + strbuf[0]='\0'; + i=EVP_read_pw_string((char *)strbuf,SIZE,buf,enc); + if (i == 0) + { + if (strbuf[0] == '\0') + { + ret=1; + goto end; + } + str=strbuf; + break; + } + if (i < 0) + { + BIO_printf(bio_err,"bad password read\n"); + goto end; + } + } + } + + if (cipher != NULL) + { + if (str != NULL) + { + EVP_BytesToKey(cipher,EVP_md5(),NULL, + (unsigned char *)str, + strlen(str),1,key,iv); + /* zero the complete buffer or the string + * passed from the command line + * bug picked up by + * Larry J. Hughes Jr. */ + if (str == strbuf) + memset(str,0,SIZE); + else + memset(str,0,strlen(str)); + } + if ((hiv != NULL) && !set_hex(hiv,iv,8)) + { + BIO_printf(bio_err,"invalid hex iv value\n"); + goto end; + } + if ((hkey != NULL) && !set_hex(hkey,key,24)) + { + BIO_printf(bio_err,"invalid hex key value\n"); + goto end; + } + + if ((benc=BIO_new(BIO_f_cipher())) == NULL) + goto end; + BIO_set_cipher(benc,cipher,key,iv,enc); + if (debug) + { + BIO_set_callback(benc,BIO_debug_callback); + BIO_set_callback_arg(benc,bio_err); + } + + if (printkey) + { + if (cipher->key_len > 0) + { + printf("key="); + for (i=0; ikey_len; i++) + printf("%02X",key[i]); + printf("\n"); + } + if (cipher->iv_len > 0) + { + printf("iv ="); + for (i=0; iiv_len; i++) + printf("%02X",iv[i]); + printf("\n"); + } + if (printkey == 2) + { + ret=0; + goto end; + } + } + } + + + if (outf == NULL) + BIO_set_fp(out,stdout,BIO_NOCLOSE); + else + { + if (BIO_write_filename(out,outf) <= 0) + { + perror(outf); + goto end; + } + } + + rbio=in; + wbio=out; + + if (base64) + { + if ((b64=BIO_new(BIO_f_base64())) == NULL) + goto end; + if (debug) + { + BIO_set_callback(b64,BIO_debug_callback); + BIO_set_callback_arg(b64,bio_err); + } + if (olb64) + BIO_set_flags(b64,BIO_FLAGS_BASE64_NO_NL); + if (enc) + wbio=BIO_push(b64,wbio); + else + rbio=BIO_push(b64,rbio); + } + + /* Only encrypt/decrypt as we write the file */ + if (benc != NULL) + wbio=BIO_push(benc,wbio); + + for (;;) + { + inl=BIO_read(rbio,(char *)buff,bsize); + if (inl <= 0) break; + if (BIO_write(wbio,(char *)buff,inl) != inl) + { + BIO_printf(bio_err,"error writing output file\n"); + goto end; + } + } + if (!BIO_flush(wbio)) + { + BIO_printf(bio_err,"bad decrypt\n"); + goto end; + } + + ret=0; + if (verbose) + { + BIO_printf(bio_err,"bytes read :%8ld\n",BIO_number_read(in)); + BIO_printf(bio_err,"bytes written:%8ld\n",BIO_number_written(out)); + } +end: + if (strbuf != NULL) Free(strbuf); + if (buff != NULL) Free(buff); + if (in != NULL) BIO_free(in); + if (out != NULL) BIO_free(out); + if (benc != NULL) BIO_free(benc); + if (b64 != NULL) BIO_free(b64); + EXIT(ret); + } + +int set_hex(char *in, unsigned char *out, int size) + { + int i,n; + unsigned char j; + + n=strlen(in); + if (n > (size*2)) + { + BIO_printf(bio_err,"hex string is too long\n"); + return(0); + } + memset(out,0,size); + for (i=0; i= '0') && (j <= '9')) + j-='0'; + else if ((j >= 'A') && (j <= 'F')) + j=j-'A'+10; + else if ((j >= 'a') && (j <= 'f')) + j=j-'a'+10; + else + { + BIO_printf(bio_err,"non-hex digit\n"); + return(0); + } + if (i&1) + out[i/2]|=j; + else + out[i/2]=(j<<4); + } + return(1); + } diff --git a/crypto/openssl/apps/errstr.c b/crypto/openssl/apps/errstr.c new file mode 100644 index 000000000000..c86b5d940bca --- /dev/null +++ b/crypto/openssl/apps/errstr.c @@ -0,0 +1,114 @@ +/* apps/errstr.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include +#include +#include "apps.h" +#include +#include +#include +#include + +#undef PROG +#define PROG errstr_main + +int MAIN(int argc, char **argv) + { + int i,ret=0; + char buf[256]; + unsigned long l; + + apps_startup(); + + if (bio_err == NULL) + if ((bio_err=BIO_new(BIO_s_file())) != NULL) + BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + + SSL_load_error_strings(); + + if ((argc > 1) && (strcmp(argv[1],"-stats") == 0)) + { + BIO *out=NULL; + + out=BIO_new(BIO_s_file()); + if ((out != NULL) && BIO_set_fp(out,stdout,BIO_NOCLOSE)) + { + lh_node_stats_bio((LHASH *)ERR_get_string_table(),out); + lh_stats_bio((LHASH *)ERR_get_string_table(),out); + lh_node_usage_stats_bio((LHASH *) + ERR_get_string_table(),out); + } + if (out != NULL) BIO_free(out); + argc--; + argv++; + } + + for (i=1; i ...\n"); + ret++; + } + } + EXIT(ret); + } diff --git a/crypto/openssl/apps/gendh.c b/crypto/openssl/apps/gendh.c new file mode 100644 index 000000000000..3d509485800d --- /dev/null +++ b/crypto/openssl/apps/gendh.c @@ -0,0 +1,223 @@ +/* apps/gendh.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef NO_DH +#include +#include +#include +#include +#include "apps.h" +#include +#include +#include +#include +#include +#include +#include + +#define DEFBITS 512 +#undef PROG +#define PROG gendh_main + +static void MS_CALLBACK dh_cb(int p, int n, void *arg); +static long dh_load_rand(char *names); +int MAIN(int argc, char **argv) + { + char buffer[200]; + DH *dh=NULL; + int ret=1,num=DEFBITS; + int g=2; + char *outfile=NULL; + char *inrand=NULL,*randfile; + BIO *out=NULL; + + apps_startup(); + + if (bio_err == NULL) + if ((bio_err=BIO_new(BIO_s_file())) != NULL) + BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + + argv++; + argc--; + for (;;) + { + if (argc <= 0) break; + if (strcmp(*argv,"-out") == 0) + { + if (--argc < 1) goto bad; + outfile= *(++argv); + } + else if (strcmp(*argv,"-2") == 0) + g=2; + /* else if (strcmp(*argv,"-3") == 0) + g=3; */ + else if (strcmp(*argv,"-5") == 0) + g=5; + else if (strcmp(*argv,"-rand") == 0) + { + if (--argc < 1) goto bad; + inrand= *(++argv); + } + else + break; + argv++; + argc--; + } + if ((argc >= 1) && ((sscanf(*argv,"%d",&num) == 0) || (num < 0))) + { +bad: + BIO_printf(bio_err,"usage: gendh [args] [numbits]\n"); + BIO_printf(bio_err," -out file - output the key to 'file\n"); + BIO_printf(bio_err," -2 use 2 as the generator value\n"); + /* BIO_printf(bio_err," -3 use 3 as the generator value\n"); */ + BIO_printf(bio_err," -5 use 5 as the generator value\n"); + BIO_printf(bio_err," -rand file:file:...\n"); + BIO_printf(bio_err," - load the file (or the files in the directory) into\n"); + BIO_printf(bio_err," the random number generator\n"); + goto end; + } + + out=BIO_new(BIO_s_file()); + if (out == NULL) + { + ERR_print_errors(bio_err); + goto end; + } + + if (outfile == NULL) + BIO_set_fp(out,stdout,BIO_NOCLOSE); + else + { + if (BIO_write_filename(out,outfile) <= 0) + { + perror(outfile); + goto end; + } + } + + randfile=RAND_file_name(buffer,200); + if ((randfile == NULL)|| !RAND_load_file(randfile,1024L*1024L)) + BIO_printf(bio_err,"unable to load 'random state'\n"); + + if (inrand == NULL) + BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n"); + else + { + BIO_printf(bio_err,"%ld semi-random bytes loaded\n", + dh_load_rand(inrand)); + } + + BIO_printf(bio_err,"Generating DH parameters, %d bit long strong prime, generator of %d\n",num,g); + BIO_printf(bio_err,"This is going to take a long time\n"); + dh=DH_generate_parameters(num,g,dh_cb,bio_err); + + if (dh == NULL) goto end; + + if (randfile == NULL) + BIO_printf(bio_err,"unable to write 'random state'\n"); + else + RAND_write_file(randfile); + + if (!PEM_write_bio_DHparams(out,dh)) + goto end; + ret=0; +end: + if (ret != 0) + ERR_print_errors(bio_err); + if (out != NULL) BIO_free(out); + if (dh != NULL) DH_free(dh); + EXIT(ret); + } + +static void MS_CALLBACK dh_cb(int p, int n, void *arg) + { + char c='*'; + + if (p == 0) c='.'; + if (p == 1) c='+'; + if (p == 2) c='*'; + if (p == 3) c='\n'; + BIO_write((BIO *)arg,&c,1); + (void)BIO_flush((BIO *)arg); +#ifdef LINT + p=n; +#endif + } + +static long dh_load_rand(char *name) + { + char *p,*n; + int last; + long tot=0; + + for (;;) + { + last=0; + for (p=name; ((*p != '\0') && (*p != LIST_SEPARATOR_CHAR)); p++); + if (*p == '\0') last=1; + *p='\0'; + n=name; + name=p+1; + if (*n == '\0') break; + + tot+=RAND_load_file(n,1); + if (last) break; + } + return(tot); + } +#endif diff --git a/crypto/openssl/apps/gendsa.c b/crypto/openssl/apps/gendsa.c new file mode 100644 index 000000000000..5f00b89bb0ed --- /dev/null +++ b/crypto/openssl/apps/gendsa.c @@ -0,0 +1,232 @@ +/* apps/gendsa.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef NO_DSA +#include +#include +#include +#include +#include "apps.h" +#include +#include +#include +#include +#include +#include +#include + +#define DEFBITS 512 +#undef PROG +#define PROG gendsa_main + +static long dsa_load_rand(char *names); +int MAIN(int argc, char **argv) + { + char buffer[200]; + DSA *dsa=NULL; + int ret=1; + char *outfile=NULL; + char *inrand=NULL,*randfile,*dsaparams=NULL; + BIO *out=NULL,*in=NULL; + EVP_CIPHER *enc=NULL; + + apps_startup(); + + if (bio_err == NULL) + if ((bio_err=BIO_new(BIO_s_file())) != NULL) + BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + + argv++; + argc--; + for (;;) + { + if (argc <= 0) break; + if (strcmp(*argv,"-out") == 0) + { + if (--argc < 1) goto bad; + outfile= *(++argv); + } + else if (strcmp(*argv,"-rand") == 0) + { + if (--argc < 1) goto bad; + inrand= *(++argv); + } + else if (strcmp(*argv,"-") == 0) + goto bad; +#ifndef NO_DES + else if (strcmp(*argv,"-des") == 0) + enc=EVP_des_cbc(); + else if (strcmp(*argv,"-des3") == 0) + enc=EVP_des_ede3_cbc(); +#endif +#ifndef NO_IDEA + else if (strcmp(*argv,"-idea") == 0) + enc=EVP_idea_cbc(); +#endif + else if (**argv != '-' && dsaparams == NULL) + { + dsaparams = *argv; + } + else + goto bad; + argv++; + argc--; + } + + if (dsaparams == NULL) + { +bad: + BIO_printf(bio_err,"usage: gendsa [args] dsaparam-file\n"); + BIO_printf(bio_err," -out file - output the key to 'file'\n"); +#ifndef NO_DES + BIO_printf(bio_err," -des - encrypt the generated key with DES in cbc mode\n"); + BIO_printf(bio_err," -des3 - encrypt the generated key with DES in ede cbc mode (168 bit key)\n"); +#endif +#ifndef NO_IDEA + BIO_printf(bio_err," -idea - encrypt the generated key with IDEA in cbc mode\n"); +#endif + BIO_printf(bio_err," -rand file:file:...\n"); + BIO_printf(bio_err," - load the file (or the files in the directory) into\n"); + BIO_printf(bio_err," the random number generator\n"); + BIO_printf(bio_err," dsaparam-file\n"); + BIO_printf(bio_err," - a DSA parameter file as generated by the dsaparam command\n"); + goto end; + } + + in=BIO_new(BIO_s_file()); + if (!(BIO_read_filename(in,dsaparams))) + { + perror(dsaparams); + goto end; + } + + if ((dsa=PEM_read_bio_DSAparams(in,NULL,NULL,NULL)) == NULL) + { + BIO_printf(bio_err,"unable to load DSA parameter file\n"); + goto end; + } + BIO_free(in); + + out=BIO_new(BIO_s_file()); + if (out == NULL) goto end; + + if (outfile == NULL) + BIO_set_fp(out,stdout,BIO_NOCLOSE); + else + { + if (BIO_write_filename(out,outfile) <= 0) + { + perror(outfile); + goto end; + } + } + + randfile=RAND_file_name(buffer,200); + if ((randfile == NULL)|| !RAND_load_file(randfile,1024L*1024L)) + BIO_printf(bio_err,"unable to load 'random state'\n"); + + if (inrand == NULL) + BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n"); + else + { + BIO_printf(bio_err,"%ld semi-random bytes loaded\n", + dsa_load_rand(inrand)); + } + + BIO_printf(bio_err,"Generating DSA key, %d bits\n", + BN_num_bits(dsa->p)); + if (!DSA_generate_key(dsa)) goto end; + + if (randfile == NULL) + BIO_printf(bio_err,"unable to write 'random state'\n"); + else + RAND_write_file(randfile); + + if (!PEM_write_bio_DSAPrivateKey(out,dsa,enc,NULL,0,NULL,NULL)) + goto end; + ret=0; +end: + if (ret != 0) + ERR_print_errors(bio_err); + if (out != NULL) BIO_free(out); + if (dsa != NULL) DSA_free(dsa); + EXIT(ret); + } + +static long dsa_load_rand(char *name) + { + char *p,*n; + int last; + long tot=0; + + for (;;) + { + last=0; + for (p=name; ((*p != '\0') && (*p != LIST_SEPARATOR_CHAR)); p++); + if (*p == '\0') last=1; + *p='\0'; + n=name; + name=p+1; + if (*n == '\0') break; + + tot+=RAND_load_file(n,1); + if (last) break; + } + return(tot); + } +#endif diff --git a/crypto/openssl/apps/genrsa.c b/crypto/openssl/apps/genrsa.c new file mode 100644 index 000000000000..67382065fb99 --- /dev/null +++ b/crypto/openssl/apps/genrsa.c @@ -0,0 +1,266 @@ +/* apps/genrsa.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef NO_RSA +#include +#include +#include +#include +#include "apps.h" +#include +#include +#include +#include +#include +#include +#include +#include + +#define DEFBITS 512 +#undef PROG +#define PROG genrsa_main + +static void MS_CALLBACK genrsa_cb(int p, int n, void *arg); +static long gr_load_rand(char *names); +int MAIN(int argc, char **argv) + { + int ret=1; + char buffer[200]; + RSA *rsa=NULL; + int i,num=DEFBITS; + long rnum=0,l; + EVP_CIPHER *enc=NULL; + unsigned long f4=RSA_F4; + char *outfile=NULL; + char *inrand=NULL,*randfile; + BIO *out=NULL; + + apps_startup(); + + if (bio_err == NULL) + if ((bio_err=BIO_new(BIO_s_file())) != NULL) + BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + if ((out=BIO_new(BIO_s_file())) == NULL) + { + BIO_printf(bio_err,"unable to creat BIO for output\n"); + goto err; + } + + argv++; + argc--; + for (;;) + { + if (argc <= 0) break; + if (strcmp(*argv,"-out") == 0) + { + if (--argc < 1) goto bad; + outfile= *(++argv); + } + else if (strcmp(*argv,"-3") == 0) + f4=3; + else if (strcmp(*argv,"-F4") == 0) + f4=RSA_F4; + else if (strcmp(*argv,"-rand") == 0) + { + if (--argc < 1) goto bad; + inrand= *(++argv); + } +#ifndef NO_DES + else if (strcmp(*argv,"-des") == 0) + enc=EVP_des_cbc(); + else if (strcmp(*argv,"-des3") == 0) + enc=EVP_des_ede3_cbc(); +#endif +#ifndef NO_IDEA + else if (strcmp(*argv,"-idea") == 0) + enc=EVP_idea_cbc(); +#endif + else + break; + argv++; + argc--; + } + if ((argc >= 1) && ((sscanf(*argv,"%d",&num) == 0) || (num < 0))) + { +bad: + BIO_printf(bio_err,"usage: genrsa [args] [numbits]\n"); + BIO_printf(bio_err," -des - encrypt the generated key with DES in cbc mode\n"); + BIO_printf(bio_err," -des3 - encrypt the generated key with DES in ede cbc mode (168 bit key)\n"); +#ifndef NO_IDEA + BIO_printf(bio_err," -idea - encrypt the generated key with IDEA in cbc mode\n"); +#endif + BIO_printf(bio_err," -out file - output the key to 'file\n"); + BIO_printf(bio_err," -f4 - use F4 (0x10001) for the E value\n"); + BIO_printf(bio_err," -3 - use 3 for the E value\n"); + BIO_printf(bio_err," -rand file:file:...\n"); + BIO_printf(bio_err," - load the file (or the files in the directory) into\n"); + BIO_printf(bio_err," the random number generator\n"); + goto err; + } + + ERR_load_crypto_strings(); + if (outfile == NULL) + BIO_set_fp(out,stdout,BIO_NOCLOSE); + else + { + if (BIO_write_filename(out,outfile) <= 0) + { + perror(outfile); + goto err; + } + } + +#ifdef WINDOWS + BIO_printf(bio_err,"Loading 'screen' into random state -"); + BIO_flush(bio_err); + RAND_screen(); + BIO_printf(bio_err," done\n"); +#endif + randfile=RAND_file_name(buffer,200); + if ((randfile == NULL) || + !(rnum=(long)RAND_load_file(randfile,1024L*1024L))) + { + BIO_printf(bio_err,"unable to load 'random state'\n"); + } + + if (inrand == NULL) + { + if (rnum == 0) + { + BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n"); + } + } + else + { + rnum+=gr_load_rand(inrand); + } + if (rnum != 0) + BIO_printf(bio_err,"%ld semi-random bytes loaded\n",rnum); + + BIO_printf(bio_err,"Generating RSA private key, %d bit long modulus\n", + num); + rsa=RSA_generate_key(num,f4,genrsa_cb,bio_err); + + if (randfile == NULL) + BIO_printf(bio_err,"unable to write 'random state'\n"); + else + RAND_write_file(randfile); + + if (rsa == NULL) goto err; + + /* We need to do the folloing for when the base number size is < + * long, esp windows 3.1 :-(. */ + l=0L; + for (i=0; ie->top; i++) + { +#ifndef SIXTY_FOUR_BIT + l<<=BN_BITS4; + l<<=BN_BITS4; +#endif + l+=rsa->e->d[i]; + } + BIO_printf(bio_err,"e is %ld (0x%lX)\n",l,l); + if (!PEM_write_bio_RSAPrivateKey(out,rsa,enc,NULL,0,NULL,NULL)) + goto err; + + ret=0; +err: + if (rsa != NULL) RSA_free(rsa); + if (out != NULL) BIO_free(out); + if (ret != 0) + ERR_print_errors(bio_err); + EXIT(ret); + } + +static void MS_CALLBACK genrsa_cb(int p, int n, void *arg) + { + char c='*'; + + if (p == 0) c='.'; + if (p == 1) c='+'; + if (p == 2) c='*'; + if (p == 3) c='\n'; + BIO_write((BIO *)arg,&c,1); + (void)BIO_flush((BIO *)arg); +#ifdef LINT + p=n; +#endif + } + +static long gr_load_rand(char *name) + { + char *p,*n; + int last; + long tot=0; + + for (;;) + { + last=0; + for (p=name; ((*p != '\0') && (*p != LIST_SEPARATOR_CHAR)); p++); + if (*p == '\0') last=1; + *p='\0'; + n=name; + name=p+1; + if (*n == '\0') break; + + tot+=RAND_load_file(n,1024L*1024L); + if (last) break; + } + return(tot); + } +#endif diff --git a/crypto/openssl/apps/nseq.c b/crypto/openssl/apps/nseq.c new file mode 100644 index 000000000000..d9d01659e78d --- /dev/null +++ b/crypto/openssl/apps/nseq.c @@ -0,0 +1,174 @@ +/* nseq.c */ +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include +#include +#include +#include "apps.h" + +#undef PROG +#define PROG nseq_main + +static int dump_cert_text(BIO *out, X509 *x); + +int MAIN(int argc, char **argv) +{ + char **args, *infile = NULL, *outfile = NULL; + BIO *in = NULL, *out = NULL; + int toseq = 0; + X509 *x509 = NULL; + NETSCAPE_CERT_SEQUENCE *seq = NULL; + int i, ret = 1; + int badarg = 0; + if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE); + ERR_load_crypto_strings(); + args = argv + 1; + while (!badarg && *args && *args[0] == '-') { + if (!strcmp (*args, "-toseq")) toseq = 1; + else if (!strcmp (*args, "-in")) { + if (args[1]) { + args++; + infile = *args; + } else badarg = 1; + } else if (!strcmp (*args, "-out")) { + if (args[1]) { + args++; + outfile = *args; + } else badarg = 1; + } else badarg = 1; + args++; + } + + if (badarg) { + BIO_printf (bio_err, "Netscape certificate sequence utility\n"); + BIO_printf (bio_err, "Usage nseq [options]\n"); + BIO_printf (bio_err, "where options are\n"); + BIO_printf (bio_err, "-in file input file\n"); + BIO_printf (bio_err, "-out file output file\n"); + BIO_printf (bio_err, "-toseq output NS Sequence file\n"); + EXIT(1); + } + + if (infile) { + if (!(in = BIO_new_file (infile, "r"))) { + BIO_printf (bio_err, + "Can't open input file %s\n", infile); + goto end; + } + } else in = BIO_new_fp(stdin, BIO_NOCLOSE); + + if (outfile) { + if (!(out = BIO_new_file (outfile, "w"))) { + BIO_printf (bio_err, + "Can't open output file %s\n", outfile); + goto end; + } + } else out = BIO_new_fp(stdout, BIO_NOCLOSE); + + if (toseq) { + seq = NETSCAPE_CERT_SEQUENCE_new(); + seq->certs = sk_X509_new(NULL); + while((x509 = PEM_read_bio_X509(in, NULL, NULL, NULL))) + sk_X509_push(seq->certs,x509); + + if(!sk_X509_num(seq->certs)) + { + BIO_printf (bio_err, "Error reading certs file %s\n", infile); + ERR_print_errors(bio_err); + goto end; + } + PEM_write_bio_NETSCAPE_CERT_SEQUENCE(out, seq); + ret = 0; + goto end; + } + + if (!(seq = PEM_read_bio_NETSCAPE_CERT_SEQUENCE(in, NULL, NULL, NULL))) { + BIO_printf (bio_err, "Error reading sequence file %s\n", infile); + ERR_print_errors(bio_err); + goto end; + } + + for(i = 0; i < sk_X509_num(seq->certs); i++) { + x509 = sk_X509_value(seq->certs, i); + dump_cert_text(out, x509); + PEM_write_bio_X509(out, x509); + } + ret = 0; +end: + BIO_free(in); + BIO_free(out); + NETSCAPE_CERT_SEQUENCE_free(seq); + + EXIT(ret); +} + +static int dump_cert_text(BIO *out, X509 *x) +{ + char buf[256]; + X509_NAME_oneline(X509_get_subject_name(x),buf,256); + BIO_puts(out,"subject="); + BIO_puts(out,buf); + + X509_NAME_oneline(X509_get_issuer_name(x),buf,256); + BIO_puts(out,"\nissuer= "); + BIO_puts(out,buf); + BIO_puts(out,"\n"); + return 0; +} + diff --git a/crypto/openssl/apps/oid.cnf b/crypto/openssl/apps/oid.cnf new file mode 100644 index 000000000000..faf425a156bd --- /dev/null +++ b/crypto/openssl/apps/oid.cnf @@ -0,0 +1,6 @@ +2.99999.1 SET.ex1 SET x509v3 extension 1 +2.99999.2 SET.ex2 SET x509v3 extension 2 +2.99999.3 SET.ex3 SET x509v3 extension 3 +2.99999.4 SET.ex4 SET x509v3 extension 4 +2.99999.5 SET.ex5 SET x509v3 extension 5 +2.99999.6 SET.ex6 SET x509v3 extension 6 diff --git a/crypto/openssl/apps/openssl.c b/crypto/openssl/apps/openssl.c new file mode 100644 index 000000000000..9a337fb316e7 --- /dev/null +++ b/crypto/openssl/apps/openssl.c @@ -0,0 +1,373 @@ +/* apps/openssl.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef DEBUG +#undef DEBUG +#endif + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#define SSLEAY /* turn off a few special case MONOLITH macros */ +#define USE_SOCKETS /* needed for the _O_BINARY defs in the MS world */ +#define SSLEAY_SRC +#include "apps.h" +#include "s_apps.h" +#include + +/* +#ifdef WINDOWS +#include "bss_file.c" +#endif +*/ + +static unsigned long MS_CALLBACK hash(FUNCTION *a); +static int MS_CALLBACK cmp(FUNCTION *a,FUNCTION *b); +static LHASH *prog_init(void ); +static int do_cmd(LHASH *prog,int argc,char *argv[]); +LHASH *config=NULL; +char *default_config_file=NULL; + +#ifdef DEBUG +static void sig_stop(int i) + { + char *a=NULL; + + *a='\0'; + } +#endif + +/* Make sure there is only one when MONOLITH is defined */ +#ifdef MONOLITH +BIO *bio_err=NULL; +#endif + +int main(int Argc, char *Argv[]) + { + ARGS arg; +#define PROG_NAME_SIZE 16 + char pname[PROG_NAME_SIZE]; + FUNCTION f,*fp; + MS_STATIC char *prompt,buf[1024],config_name[256]; + int n,i,ret=0; + int argc; + char **argv,*p; + LHASH *prog=NULL; + long errline; + + arg.data=NULL; + arg.count=0; + + /* SSLeay_add_ssl_algorithms(); is called in apps_startup() */ + apps_startup(); + +#if defined(DEBUG) && !defined(WINDOWS) && !defined(MSDOS) +#ifdef SIGBUS + signal(SIGBUS,sig_stop); +#endif +#ifdef SIGSEGV + signal(SIGSEGV,sig_stop); +#endif +#endif + + if (bio_err == NULL) + if ((bio_err=BIO_new(BIO_s_file())) != NULL) + BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + + ERR_load_crypto_strings(); + + /* Lets load up our environment a little */ + p=getenv("OPENSSL_CONF"); + if (p == NULL) + p=getenv("SSLEAY_CONF"); + if (p == NULL) + { + strcpy(config_name,X509_get_default_cert_area()); +#ifndef VMS + strcat(config_name,"/"); +#endif + strcat(config_name,OPENSSL_CONF); + p=config_name; + } + + default_config_file=p; + + config=CONF_load(config,p,&errline); + if (config == NULL) ERR_clear_error(); + + prog=prog_init(); + + /* first check the program name */ + program_name(Argv[0],pname,PROG_NAME_SIZE); + + f.name=pname; + fp=(FUNCTION *)lh_retrieve(prog,(char *)&f); + if (fp != NULL) + { + Argv[0]=pname; + ret=fp->func(Argc,Argv); + goto end; + } + + /* ok, now check that there are not arguments, if there are, + * run with them, shifting the ssleay off the front */ + if (Argc != 1) + { + Argc--; + Argv++; + ret=do_cmd(prog,Argc,Argv); + if (ret < 0) ret=0; + goto end; + } + + /* ok, lets enter the old 'OpenSSL>' mode */ + + for (;;) + { + ret=0; + p=buf; + n=1024; + i=0; + for (;;) + { + p[0]='\0'; + if (i++) + prompt=">"; + else prompt="OpenSSL> "; + fputs(prompt,stdout); + fflush(stdout); + fgets(p,n,stdin); + if (p[0] == '\0') goto end; + i=strlen(p); + if (i <= 1) break; + if (p[i-2] != '\\') break; + i-=2; + p+=i; + n-=i; + } + if (!chopup_args(&arg,buf,&argc,&argv)) break; + + ret=do_cmd(prog,argc,argv); + if (ret < 0) + { + ret=0; + goto end; + } + if (ret != 0) + BIO_printf(bio_err,"error in %s\n",argv[0]); + (void)BIO_flush(bio_err); + } + BIO_printf(bio_err,"bad exit\n"); + ret=1; +end: + if (config != NULL) + { + CONF_free(config); + config=NULL; + } + if (prog != NULL) lh_free(prog); + if (arg.data != NULL) Free(arg.data); + ERR_remove_state(0); + + EVP_cleanup(); + ERR_free_strings(); + + CRYPTO_mem_leaks(bio_err); + if (bio_err != NULL) + { + BIO_free(bio_err); + bio_err=NULL; + } + EXIT(ret); + } + +#define LIST_STANDARD_COMMANDS "list-standard-commands" +#define LIST_MESSAGE_DIGEST_COMMANDS "list-message-digest-commands" +#define LIST_CIPHER_COMMANDS "list-cipher-commands" + +static int do_cmd(LHASH *prog, int argc, char *argv[]) + { + FUNCTION f,*fp; + int i,ret=1,tp,nl; + + if ((argc <= 0) || (argv[0] == NULL)) + { ret=0; goto end; } + f.name=argv[0]; + fp=(FUNCTION *)lh_retrieve(prog,(char *)&f); + if (fp != NULL) + { + ret=fp->func(argc,argv); + } + else if ((strcmp(argv[0],"quit") == 0) || + (strcmp(argv[0],"q") == 0) || + (strcmp(argv[0],"exit") == 0) || + (strcmp(argv[0],"bye") == 0)) + { + ret= -1; + goto end; + } + else if ((strcmp(argv[0],LIST_STANDARD_COMMANDS) == 0) || + (strcmp(argv[0],LIST_MESSAGE_DIGEST_COMMANDS) == 0) || + (strcmp(argv[0],LIST_CIPHER_COMMANDS) == 0)) + { + int list_type; + BIO *bio_stdout; + + if (strcmp(argv[0],LIST_STANDARD_COMMANDS) == 0) + list_type = FUNC_TYPE_GENERAL; + else if (strcmp(argv[0],LIST_MESSAGE_DIGEST_COMMANDS) == 0) + list_type = FUNC_TYPE_MD; + else /* strcmp(argv[0],LIST_CIPHER_COMMANDS) == 0 */ + list_type = FUNC_TYPE_CIPHER; + bio_stdout = BIO_new_fp(stdout,BIO_NOCLOSE); + + for (fp=functions; fp->name != NULL; fp++) + if (fp->type == list_type) + BIO_printf(bio_stdout, "%s\n", fp->name); + BIO_free(bio_stdout); + ret=0; + goto end; + } + else + { + BIO_printf(bio_err,"openssl:Error: '%s' is an invalid command.\n", + argv[0]); + BIO_printf(bio_err, "\nStandard commands"); + i=0; + tp=0; + for (fp=functions; fp->name != NULL; fp++) + { + nl=0; + if (((i++) % 5) == 0) + { + BIO_printf(bio_err,"\n"); + nl=1; + } + if (fp->type != tp) + { + tp=fp->type; + if (!nl) BIO_printf(bio_err,"\n"); + if (tp == FUNC_TYPE_MD) + { + i=1; + BIO_printf(bio_err, + "\nMessage Digest commands (see the `dgst' command for more details)\n"); + } + else if (tp == FUNC_TYPE_CIPHER) + { + i=1; + BIO_printf(bio_err,"\nCipher commands (see the `enc' command for more details)\n"); + } + } + BIO_printf(bio_err,"%-15s",fp->name); + } + BIO_printf(bio_err,"\n\n"); + ret=0; + } +end: + return(ret); + } + +static int SortFnByName(const void *_f1,const void *_f2) + { + const FUNCTION *f1=_f1; + const FUNCTION *f2=_f2; + + if(f1->type != f2->type) + return f1->type-f2->type; + return strcmp(f1->name,f2->name); + } + +static LHASH *prog_init(void) + { + LHASH *ret; + FUNCTION *f; + int i; + + /* Purely so it looks nice when the user hits ? */ + for(i=0,f=functions ; f->name != NULL ; ++f,++i) + ; + qsort(functions,i,sizeof *functions,SortFnByName); + + if ((ret=lh_new(hash,cmp)) == NULL) return(NULL); + + for (f=functions; f->name != NULL; f++) + lh_insert(ret,(char *)f); + return(ret); + } + +static int MS_CALLBACK cmp(FUNCTION *a, FUNCTION *b) + { + return(strncmp(a->name,b->name,8)); + } + +static unsigned long MS_CALLBACK hash(FUNCTION *a) + { + return(lh_strhash(a->name)); + } + +#undef SSLEAY diff --git a/crypto/openssl/apps/openssl.cnf b/crypto/openssl/apps/openssl.cnf new file mode 100644 index 000000000000..d70dd25622bb --- /dev/null +++ b/crypto/openssl/apps/openssl.cnf @@ -0,0 +1,214 @@ +# +# OpenSSL example configuration file. +# This is mostly being used for generation of certificate requests. +# + +RANDFILE = $ENV::HOME/.rnd +oid_file = $ENV::HOME/.oid +oid_section = new_oids + +# To use this configuration file with the "-extfile" option of the +# "openssl x509" utility, name here the section containing the +# X.509v3 extensions to use: +# extensions = +# (Alternatively, use a configuration file that has only +# X.509v3 extensions in its main [= default] section.) + +[ new_oids ] + +# We can add new OIDs in here for use by 'ca' and 'req'. +# Add a simple OID like this: +# testoid1=1.2.3.4 +# Or use config file substitution like this: +# testoid2=${testoid1}.5.6 + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +#################################################################### +[ CA_default ] + +dir = ./demoCA # Where everything is kept +certs = $dir/certs # Where the issued certs are kept +crl_dir = $dir/crl # Where the issued crl are kept +database = $dir/index.txt # database index file. +new_certs_dir = $dir/newcerts # default place for new certs. + +certificate = $dir/cacert.pem # The CA certificate +serial = $dir/serial # The current serial number +crl = $dir/crl.pem # The current CRL +private_key = $dir/private/cakey.pem# The private key +RANDFILE = $dir/private/.rand # private random number file + +x509_extensions = usr_cert # The extentions to add to the cert + +# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs +# so this is commented out by default to leave a V1 CRL. +# crl_extensions = crl_ext + +default_days = 365 # how long to certify for +default_crl_days= 30 # how long before next CRL +default_md = md5 # which md to use. +preserve = no # keep passed DN ordering + +# A few difference way of specifying how similar the request should look +# For type CA, the listed attributes must be the same, and the optional +# and supplied fields are just that :-) +policy = policy_match + +# For the CA policy +[ policy_match ] +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +# For the 'anything' policy +# At this point in time, you must list all acceptable 'object' +# types. +[ policy_anything ] +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +#################################################################### +[ req ] +default_bits = 1024 +default_keyfile = privkey.pem +distinguished_name = req_distinguished_name +attributes = req_attributes +x509_extensions = v3_ca # The extentions to add to the self signed cert + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = AU +countryName_min = 2 +countryName_max = 2 + +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = Some-State + +localityName = Locality Name (eg, city) + +0.organizationName = Organization Name (eg, company) +0.organizationName_default = Internet Widgits Pty Ltd + +# we can do this but it is not needed normally :-) +#1.organizationName = Second Organization Name (eg, company) +#1.organizationName_default = World Wide Web Pty Ltd + +organizationalUnitName = Organizational Unit Name (eg, section) +#organizationalUnitName_default = + +commonName = Common Name (eg, YOUR name) +commonName_max = 64 + +emailAddress = Email Address +emailAddress_max = 40 + +# SET-ex3 = SET extension number 3 + +[ req_attributes ] +challengePassword = A challenge password +challengePassword_min = 4 +challengePassword_max = 20 + +unstructuredName = An optional company name + +[ usr_cert ] + +# These extensions are added when 'ca' signs a request. + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +# nsCertType = server + +# For an object signing certificate this would be used. +# nsCertType = objsign + +# For normal client use this is typical +# nsCertType = client, email + +# and for everything including object signing: +# nsCertType = client, email, objsign + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer:always + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy + +# Copy subject details +# issuerAltName=issuer:copy + +#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +[ v3_ca ] + +# Extensions for a typical CA + + +# PKIX recommendation. + +subjectKeyIdentifier=hash + +authorityKeyIdentifier=keyid:always,issuer:always + +# This is what PKIX recommends but some broken software chokes on critical +# extensions. +#basicConstraints = critical,CA:true +# So we do this instead. +basicConstraints = CA:true + +# Key usage: this is typical for a CA certificate. However since it will +# prevent it being used as an test self-signed certificate it is best +# left out by default. +# keyUsage = cRLSign, keyCertSign + +# Some might want this also +# nsCertType = sslCA, emailCA + +# Include email address in subject alt name: another PKIX recommendation +# subjectAltName=email:copy +# Copy issuer details +# issuerAltName=issuer:copy + +# RAW DER hex encoding of an extension: beware experts only! +# 1.2.3.5=RAW:02:03 +# You can even override a supported extension: +# basicConstraints= critical, RAW:30:03:01:01:FF + +[ crl_ext ] + +# CRL extensions. +# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. + +# issuerAltName=issuer:copy +authorityKeyIdentifier=keyid:always,issuer:always diff --git a/crypto/openssl/apps/pca-cert.srl b/crypto/openssl/apps/pca-cert.srl new file mode 100644 index 000000000000..8a0f05e166aa --- /dev/null +++ b/crypto/openssl/apps/pca-cert.srl @@ -0,0 +1 @@ +01 diff --git a/crypto/openssl/apps/pca-key.pem b/crypto/openssl/apps/pca-key.pem new file mode 100644 index 000000000000..20029ab779f2 --- /dev/null +++ b/crypto/openssl/apps/pca-key.pem @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQCdoWk/3+WcMlfjIrkg40ketmnQaEogQe1LLcuOJV6rKfUSAsPg +wgsabJ/wn8TxA1yy3eKJbFl3OiUXMRsp22Jp85PmemiDzyUIStwk72qhp1imbANZ +vlmlCFKiQrjUyuDfu4TABmn+kkt3vR1YBEOGt+IFye1UBVSATVdRJ2UVhwIDAQAB +AoGAba4fTtuap5l7/8ZsbE7Z1O32KJY4ZcOZukLOLUUhXxXduT+FTgGWujc0/rgc +z9qYCLlNZHOouMYTgtSfYvuMuLZ11VIt0GYH+nRioLShE59Yy+zCRyC+gPigS1kz +xvo14AsOIPYV14Tk/SsHyq6E0eTk7VzaIE197giiINUERPECQQDSKmtPTh/lRKw7 +HSZSM0I1mFWn/1zqrAbontRQY5w98QWIOe5qmzYyFbPXYT3d9BzlsMyhgiRNoBbD +yvohSHXJAkEAwAHx6ezAZeWWzD5yXD36nyjpkVCw7Tk7TSmOceLJMWt1QcrCfqlS +xA5jjpQ6Z8suU5DdtWAryM2sAir1WisYzwJAd6Zcx56jvAQ3xcPXsE6scBTVFzrj +7FqZ6E+cclPzfLQ+QQsyOBE7bpI6e/FJppY26XGZXo3YGzV8IGXrt40oOQJALETG +h86EFXo3qGOFbmsDy4pdP5nBERCu8X1xUCSfintiD4c2DInxgS5oGclnJeMcjTvL +QjQoJCX3UJCi/OUO1QJBAKgcDHWjMvt+l1pjJBsSEZ0HX9AAIIVx0RQmbFGS+F2Q +hhu5l77WnnZOQ9vvhV5u7NPCUF9nhU3jh60qWWO8mkc= +-----END RSA PRIVATE KEY----- diff --git a/crypto/openssl/apps/pca-req.pem b/crypto/openssl/apps/pca-req.pem new file mode 100644 index 000000000000..33f155337b34 --- /dev/null +++ b/crypto/openssl/apps/pca-req.pem @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBmjCCAQMCAQAwXDELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQx +GjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYDVQQDExNUZXN0IFBDQSAo +MTAyNCBiaXQpMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCdoWk/3+WcMlfj +Irkg40ketmnQaEogQe1LLcuOJV6rKfUSAsPgwgsabJ/wn8TxA1yy3eKJbFl3OiUX +MRsp22Jp85PmemiDzyUIStwk72qhp1imbANZvlmlCFKiQrjUyuDfu4TABmn+kkt3 +vR1YBEOGt+IFye1UBVSATVdRJ2UVhwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAEzz +IG8NnfpnPTQSCN5zJhOfy6p9AcDyQzuJirYv1HR/qoYWalPh/U2uiK0lAim7qMcv +wOlK3I7A8B7/4dLqvIqgtUj9b1WT8zIrnwdvJI4osLI2BY+c1pVlp174DHLMol1L +Cl1e3N5BTm7lCitTYjuUhsw6hiA8IcdNKDo6sktV +-----END CERTIFICATE REQUEST----- diff --git a/crypto/openssl/apps/pem_mail.c b/crypto/openssl/apps/pem_mail.c new file mode 100644 index 000000000000..f85c7b1c831a --- /dev/null +++ b/crypto/openssl/apps/pem_mail.c @@ -0,0 +1,170 @@ +/* apps/pem_mail.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef NO_RSA +#include +#include +#include +#include +#include +#include +#include +#include "apps.h" + +#undef PROG +#define PROG pem_mail_main + +static char *usage[]={ +"usage: pem_mail args\n", +"\n", +" -in arg - input file - default stdin\n", +" -out arg - output file - default stdout\n", +" -cert arg - the certificate to use\n", +" -key arg - the private key to use\n", +" -MIC - sign the message\n", +" -enc arg - encrypt with one of cbc-des\n", +NULL +}; + + +typedef struct lines_St + { + char *line; + struct lines_st *next; + } LINES; + +int main(int argc, char **argv) + { + FILE *in; + RSA *rsa=NULL; + EVP_MD_CTX ctx; + unsigned int mic=0,i,n; + unsigned char buf[1024*15]; + char *prog,*infile=NULL,*outfile=NULL,*key=NULL; + int badops=0; + + apps_startup(); + + prog=argv[0]; + argc--; + argv++; + while (argc >= 1) + { + if (strcmp(*argv,"-key") == 0) + { + if (--argc < 1) goto bad; + key= *(++argv); + } + else if (strcmp(*argv,"-in") == 0) + { + if (--argc < 1) goto bad; + infile= *(++argv); + } + else if (strcmp(*argv,"-out") == 0) + { + if (--argc < 1) goto bad; + outfile= *(++argv); + } + else if (strcmp(*argv,"-mic") == 0) + mic=1; + else + { + BIO_printf(bio_err,"unknown option %s\n",*argv); + badops=1; + break; + } + argc--; + argv++; + } + + if (badops) + { +bad: + BIO_printf(bio_err,"%s [options] outfile\n",prog); + BIO_printf(bio_err,"where options are\n"); + EXIT(1); + } + + if (key == NULL) + { BIO_printf(bio_err,"you need to specify a key\n"); EXIT(1); } + in=fopen(key,"r"); + if (in == NULL) { perror(key); EXIT(1); } + rsa=PEM_read_RSAPrivateKey(in,NULL,NULL); + if (rsa == NULL) + { + BIO_printf(bio_err,"unable to load Private Key\n"); + ERR_print_errors(bio_err); + EXIT(1); + } + fclose(in); + + PEM_SignInit(&ctx,EVP_md5()); + for (;;) + { + i=fread(buf,1,1024*10,stdin); + if (i <= 0) break; + PEM_SignUpdate(&ctx,buf,i); + } + if (!PEM_SignFinal(&ctx,buf,&n,rsa)) goto err; + BIO_printf(bio_err,"%s\n",buf); + EXIT(0); +err: + ERR_print_errors(bio_err); + EXIT(1); + } +#endif diff --git a/crypto/openssl/apps/pkcs12.c b/crypto/openssl/apps/pkcs12.c new file mode 100644 index 000000000000..5defddeb320f --- /dev/null +++ b/crypto/openssl/apps/pkcs12.c @@ -0,0 +1,703 @@ +/* pkcs12.c */ +#if !defined(NO_DES) && !defined(NO_SHA1) + +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include +#include +#include +#include +#include +#include + +#include "apps.h" +#define PROG pkcs12_main + +EVP_CIPHER *enc; + + +#define NOKEYS 0x1 +#define NOCERTS 0x2 +#define INFO 0x4 +#define CLCERTS 0x8 +#define CACERTS 0x10 + +int get_cert_chain(X509 *cert, STACK_OF(X509) **chain); +int dump_cert_text (BIO *out, X509 *x); +int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen, int options); +int dump_certs_pkeys_bags(BIO *out, STACK *bags, char *pass, int passlen, int options); +int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bags, char *pass, int passlen, int options); +int print_attribs(BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst, char *name); +void hex_prin(BIO *out, unsigned char *buf, int len); +int alg_print(BIO *x, X509_ALGOR *alg); +int cert_load(BIO *in, STACK_OF(X509) *sk); +int MAIN(int argc, char **argv) +{ + char *infile=NULL, *outfile=NULL, *keyname = NULL; + char *certfile=NULL; + BIO *in=NULL, *out = NULL, *inkey = NULL, *certsin = NULL; + char **args; + char *name = NULL; + PKCS12 *p12 = NULL; + char pass[50], macpass[50]; + int export_cert = 0; + int options = 0; + int chain = 0; + int badarg = 0; + int iter = PKCS12_DEFAULT_ITER; + int maciter = 1; + int twopass = 0; + int keytype = 0; + int cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC; + int ret = 1; + int macver = 1; + int noprompt = 0; + STACK *canames = NULL; + char *cpass = NULL, *mpass = NULL; + + apps_startup(); + + enc = EVP_des_ede3_cbc(); + if (bio_err == NULL ) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE); + + args = argv + 1; + + + while (*args) { + if (*args[0] == '-') { + if (!strcmp (*args, "-nokeys")) options |= NOKEYS; + else if (!strcmp (*args, "-keyex")) keytype = KEY_EX; + else if (!strcmp (*args, "-keysig")) keytype = KEY_SIG; + else if (!strcmp (*args, "-nocerts")) options |= NOCERTS; + else if (!strcmp (*args, "-clcerts")) options |= CLCERTS; + else if (!strcmp (*args, "-cacerts")) options |= CACERTS; + else if (!strcmp (*args, "-noout")) options |= (NOKEYS|NOCERTS); + else if (!strcmp (*args, "-info")) options |= INFO; + else if (!strcmp (*args, "-chain")) chain = 1; + else if (!strcmp (*args, "-twopass")) twopass = 1; + else if (!strcmp (*args, "-nomacver")) macver = 0; + else if (!strcmp (*args, "-descert")) + cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; + else if (!strcmp (*args, "-export")) export_cert = 1; + else if (!strcmp (*args, "-des")) enc=EVP_des_cbc(); +#ifndef NO_IDEA + else if (!strcmp (*args, "-idea")) enc=EVP_idea_cbc(); +#endif + else if (!strcmp (*args, "-des3")) enc = EVP_des_ede3_cbc(); + else if (!strcmp (*args, "-noiter")) iter = 1; + else if (!strcmp (*args, "-maciter")) + maciter = PKCS12_DEFAULT_ITER; + else if (!strcmp (*args, "-nodes")) enc=NULL; + else if (!strcmp (*args, "-inkey")) { + if (args[1]) { + args++; + keyname = *args; + } else badarg = 1; + } else if (!strcmp (*args, "-certfile")) { + if (args[1]) { + args++; + certfile = *args; + } else badarg = 1; + } else if (!strcmp (*args, "-name")) { + if (args[1]) { + args++; + name = *args; + } else badarg = 1; + } else if (!strcmp (*args, "-caname")) { + if (args[1]) { + args++; + if (!canames) canames = sk_new(NULL); + sk_push(canames, *args); + } else badarg = 1; + } else if (!strcmp (*args, "-in")) { + if (args[1]) { + args++; + infile = *args; + } else badarg = 1; + } else if (!strcmp (*args, "-out")) { + if (args[1]) { + args++; + outfile = *args; + } else badarg = 1; + } else if (!strcmp (*args, "-envpass")) { + if (args[1]) { + args++; + if(!(cpass = getenv(*args))) { + BIO_printf(bio_err, + "Can't read environment variable %s\n", *args); + goto end; + } + noprompt = 1; + } else badarg = 1; + } else if (!strcmp (*args, "-password")) { + if (args[1]) { + args++; + cpass = *args; + noprompt = 1; + } else badarg = 1; + } else badarg = 1; + + } else badarg = 1; + args++; + } + + if (badarg) { + BIO_printf (bio_err, "Usage: pkcs12 [options]\n"); + BIO_printf (bio_err, "where options are\n"); + BIO_printf (bio_err, "-export output PKCS12 file\n"); + BIO_printf (bio_err, "-chain add certificate chain\n"); + BIO_printf (bio_err, "-inkey file private key if not infile\n"); + BIO_printf (bio_err, "-certfile f add all certs in f\n"); + BIO_printf (bio_err, "-name \"name\" use name as friendly name\n"); + BIO_printf (bio_err, "-caname \"nm\" use nm as CA friendly name (can be used more than once).\n"); + BIO_printf (bio_err, "-in infile input filename\n"); + BIO_printf (bio_err, "-out outfile output filename\n"); + BIO_printf (bio_err, "-noout don't output anything, just verify.\n"); + BIO_printf (bio_err, "-nomacver don't verify MAC.\n"); + BIO_printf (bio_err, "-nocerts don't output certificates.\n"); + BIO_printf (bio_err, "-clcerts only output client certificates.\n"); + BIO_printf (bio_err, "-cacerts only output CA certificates.\n"); + BIO_printf (bio_err, "-nokeys don't output private keys.\n"); + BIO_printf (bio_err, "-info give info about PKCS#12 structure.\n"); + BIO_printf (bio_err, "-des encrypt private keys with DES\n"); + BIO_printf (bio_err, "-des3 encrypt private keys with triple DES (default)\n"); +#ifndef NO_IDEA + BIO_printf (bio_err, "-idea encrypt private keys with idea\n"); +#endif + BIO_printf (bio_err, "-nodes don't encrypt private keys\n"); + BIO_printf (bio_err, "-noiter don't use encryption iteration\n"); + BIO_printf (bio_err, "-maciter use MAC iteration\n"); + BIO_printf (bio_err, "-twopass separate MAC, encryption passwords\n"); + BIO_printf (bio_err, "-descert encrypt PKCS#12 certificates with triple DES (default RC2-40)\n"); + BIO_printf (bio_err, "-keyex set MS key exchange type\n"); + BIO_printf (bio_err, "-keysig set MS key signature type\n"); + BIO_printf (bio_err, "-password p set import/export password (NOT RECOMMENDED)\n"); + BIO_printf (bio_err, "-envpass p set import/export password from environment\n"); + goto end; + } + + if(cpass) mpass = cpass; + else { + cpass = pass; + mpass = macpass; + } + + ERR_load_crypto_strings(); + + if (!infile) in = BIO_new_fp(stdin, BIO_NOCLOSE); + else in = BIO_new_file(infile, "rb"); + if (!in) { + BIO_printf(bio_err, "Error opening input file %s\n", + infile ? infile : ""); + perror (infile); + goto end; + } + + if (certfile) { + if(!(certsin = BIO_new_file(certfile, "r"))) { + BIO_printf(bio_err, "Can't open certificate file %s\n", certfile); + perror (certfile); + goto end; + } + } + + if (keyname) { + if(!(inkey = BIO_new_file(keyname, "r"))) { + BIO_printf(bio_err, "Can't key certificate file %s\n", keyname); + perror (keyname); + goto end; + } + } + + if (!outfile) out = BIO_new_fp(stdout, BIO_NOCLOSE); + else out = BIO_new_file(outfile, "wb"); + if (!out) { + BIO_printf(bio_err, "Error opening output file %s\n", + outfile ? outfile : ""); + perror (outfile); + goto end; + } + if (twopass) { + if(EVP_read_pw_string (macpass, 50, "Enter MAC Password:", export_cert)) + { + BIO_printf (bio_err, "Can't read Password\n"); + goto end; + } + } + +if (export_cert) { + EVP_PKEY *key; + STACK *bags, *safes; + PKCS12_SAFEBAG *bag; + PKCS8_PRIV_KEY_INFO *p8; + PKCS7 *authsafe; + X509 *cert = NULL, *ucert = NULL; + STACK_OF(X509) *certs; + char *catmp; + int i; + unsigned char keyid[EVP_MAX_MD_SIZE]; + unsigned int keyidlen = 0; + key = PEM_read_bio_PrivateKey(inkey ? inkey : in, NULL, NULL, NULL); + if (!inkey) (void) BIO_reset(in); + if (!key) { + BIO_printf (bio_err, "Error loading private key\n"); + ERR_print_errors(bio_err); + goto end; + } + + certs = sk_X509_new(NULL); + + /* Load in all certs in input file */ + if(!cert_load(in, certs)) { + BIO_printf(bio_err, "Error loading certificates from input\n"); + ERR_print_errors(bio_err); + goto end; + } + + for(i = 0; i < sk_X509_num(certs); i++) { + ucert = sk_X509_value(certs, i); + if(X509_check_private_key(ucert, key)) { + X509_digest(cert, EVP_sha1(), keyid, &keyidlen); + break; + } + } + + if(!keyidlen) { + BIO_printf(bio_err, "No certificate matches private key\n"); + goto end; + } + + bags = sk_new (NULL); + + /* Add any more certificates asked for */ + if (certsin) { + if(!cert_load(certsin, certs)) { + BIO_printf(bio_err, "Error loading certificates from certfile\n"); + ERR_print_errors(bio_err); + goto end; + } + BIO_free(certsin); + } + + /* If chaining get chain from user cert */ + if (chain) { + int vret; + STACK_OF(X509) *chain2; + vret = get_cert_chain (ucert, &chain2); + if (vret) { + BIO_printf (bio_err, "Error %s getting chain.\n", + X509_verify_cert_error_string(vret)); + goto end; + } + /* Exclude verified certificate */ + for (i = 1; i < sk_X509_num (chain2) ; i++) + sk_X509_push(certs, sk_X509_value (chain2, i)); + sk_X509_free(chain2); + + } + + /* We now have loads of certificates: include them all */ + for(i = 0; i < sk_X509_num(certs); i++) { + cert = sk_X509_value(certs, i); + bag = M_PKCS12_x5092certbag(cert); + /* If it matches private key set id */ + if(cert == ucert) { + if(name) PKCS12_add_friendlyname(bag, name, -1); + PKCS12_add_localkeyid(bag, keyid, keyidlen); + } else if((catmp = sk_shift(canames))) + PKCS12_add_friendlyname(bag, catmp, -1); + sk_push(bags, (char *)bag); + } + + if (canames) sk_free(canames); + + if(!noprompt && + EVP_read_pw_string(pass, 50, "Enter Export Password:", 1)) { + BIO_printf (bio_err, "Can't read Password\n"); + goto end; + } + if (!twopass) strcpy(macpass, pass); + /* Turn certbags into encrypted authsafe */ + authsafe = PKCS12_pack_p7encdata(cert_pbe, cpass, -1, NULL, 0, + iter, bags); + sk_pop_free(bags, PKCS12_SAFEBAG_free); + + if (!authsafe) { + ERR_print_errors (bio_err); + goto end; + } + + safes = sk_new (NULL); + sk_push (safes, (char *)authsafe); + + /* Make a shrouded key bag */ + p8 = EVP_PKEY2PKCS8 (key); + EVP_PKEY_free(key); + if(keytype) PKCS8_add_keyusage(p8, keytype); + bag = PKCS12_MAKE_SHKEYBAG(NID_pbe_WithSHA1And3_Key_TripleDES_CBC, + cpass, -1, NULL, 0, iter, p8); + PKCS8_PRIV_KEY_INFO_free(p8); + if (name) PKCS12_add_friendlyname (bag, name, -1); + PKCS12_add_localkeyid (bag, keyid, keyidlen); + bags = sk_new(NULL); + sk_push (bags, (char *)bag); + /* Turn it into unencrypted safe bag */ + authsafe = PKCS12_pack_p7data (bags); + sk_pop_free(bags, PKCS12_SAFEBAG_free); + sk_push (safes, (char *)authsafe); + + p12 = PKCS12_init (NID_pkcs7_data); + + M_PKCS12_pack_authsafes (p12, safes); + + sk_pop_free(safes, PKCS7_free); + + PKCS12_set_mac (p12, mpass, -1, NULL, 0, maciter, NULL); + + i2d_PKCS12_bio (out, p12); + + PKCS12_free(p12); + + ret = 0; + goto end; + + } + + if (!(p12 = d2i_PKCS12_bio (in, NULL))) { + ERR_print_errors(bio_err); + goto end; + } + + if(!noprompt && EVP_read_pw_string(pass, 50, "Enter Import Password:", 0)) { + BIO_printf (bio_err, "Can't read Password\n"); + goto end; + } + + if (!twopass) strcpy(macpass, pass); + + if (options & INFO) BIO_printf (bio_err, "MAC Iteration %ld\n", p12->mac->iter ? ASN1_INTEGER_get (p12->mac->iter) : 1); + if(macver) { + if (!PKCS12_verify_mac (p12, mpass, -1)) { + BIO_printf (bio_err, "Mac verify errror: invalid password?\n"); + ERR_print_errors (bio_err); + goto end; + } else BIO_printf (bio_err, "MAC verified OK\n"); + } + + if (!dump_certs_keys_p12 (out, p12, cpass, -1, options)) { + BIO_printf(bio_err, "Error outputting keys and certificates\n"); + ERR_print_errors (bio_err); + goto end; + } + PKCS12_free(p12); + ret = 0; + end: + BIO_free(out); + EXIT(ret); +} + +int dump_cert_text (BIO *out, X509 *x) +{ + char buf[256]; + X509_NAME_oneline(X509_get_subject_name(x),buf,256); + BIO_puts(out,"subject="); + BIO_puts(out,buf); + + X509_NAME_oneline(X509_get_issuer_name(x),buf,256); + BIO_puts(out,"\nissuer= "); + BIO_puts(out,buf); + BIO_puts(out,"\n"); + return 0; +} + +int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass, + int passlen, int options) +{ + STACK *asafes, *bags; + int i, bagnid; + PKCS7 *p7; + if (!( asafes = M_PKCS12_unpack_authsafes (p12))) return 0; + for (i = 0; i < sk_num (asafes); i++) { + p7 = (PKCS7 *) sk_value (asafes, i); + bagnid = OBJ_obj2nid (p7->type); + if (bagnid == NID_pkcs7_data) { + bags = M_PKCS12_unpack_p7data (p7); + if (options & INFO) BIO_printf (bio_err, "PKCS7 Data\n"); + } else if (bagnid == NID_pkcs7_encrypted) { + if (options & INFO) { + BIO_printf (bio_err, "PKCS7 Encrypted data: "); + alg_print (bio_err, + p7->d.encrypted->enc_data->algorithm); + } + bags = M_PKCS12_unpack_p7encdata (p7, pass, passlen); + } else continue; + if (!bags) return 0; + if (!dump_certs_pkeys_bags (out, bags, pass, passlen, + options)) { + sk_pop_free (bags, PKCS12_SAFEBAG_free); + return 0; + } + sk_pop_free (bags, PKCS12_SAFEBAG_free); + } + sk_pop_free (asafes, PKCS7_free); + return 1; +} + +int dump_certs_pkeys_bags (BIO *out, STACK *bags, char *pass, + int passlen, int options) +{ + int i; + for (i = 0; i < sk_num (bags); i++) { + if (!dump_certs_pkeys_bag (out, + (PKCS12_SAFEBAG *)sk_value (bags, i), pass, passlen, + options)) return 0; + } + return 1; +} + +int dump_certs_pkeys_bag (BIO *out, PKCS12_SAFEBAG *bag, char *pass, + int passlen, int options) +{ + EVP_PKEY *pkey; + PKCS8_PRIV_KEY_INFO *p8; + X509 *x509; + + switch (M_PKCS12_bag_type(bag)) + { + case NID_keyBag: + if (options & INFO) BIO_printf (bio_err, "Key bag\n"); + if (options & NOKEYS) return 1; + print_attribs (out, bag->attrib, "Bag Attributes"); + p8 = bag->value.keybag; + if (!(pkey = EVP_PKCS82PKEY (p8))) return 0; + print_attribs (out, p8->attributes, "Key Attributes"); + PEM_write_bio_PrivateKey (out, pkey, enc, NULL, 0, NULL, NULL); + EVP_PKEY_free(pkey); + break; + + case NID_pkcs8ShroudedKeyBag: + if (options & INFO) { + BIO_printf (bio_err, "Shrouded Keybag: "); + alg_print (bio_err, bag->value.shkeybag->algor); + } + if (options & NOKEYS) return 1; + print_attribs (out, bag->attrib, "Bag Attributes"); + if (!(p8 = M_PKCS12_decrypt_skey (bag, pass, passlen))) + return 0; + if (!(pkey = EVP_PKCS82PKEY (p8))) return 0; + print_attribs (out, p8->attributes, "Key Attributes"); + PKCS8_PRIV_KEY_INFO_free(p8); + PEM_write_bio_PrivateKey (out, pkey, enc, NULL, 0, NULL, NULL); + EVP_PKEY_free(pkey); + break; + + case NID_certBag: + if (options & INFO) BIO_printf (bio_err, "Certificate bag\n"); + if (options & NOCERTS) return 1; + if (PKCS12_get_attr(bag, NID_localKeyID)) { + if (options & CACERTS) return 1; + } else if (options & CLCERTS) return 1; + print_attribs (out, bag->attrib, "Bag Attributes"); + if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate ) + return 1; + if (!(x509 = M_PKCS12_certbag2x509(bag))) return 0; + dump_cert_text (out, x509); + PEM_write_bio_X509 (out, x509); + X509_free(x509); + break; + + case NID_safeContentsBag: + if (options & INFO) BIO_printf (bio_err, "Safe Contents bag\n"); + print_attribs (out, bag->attrib, "Bag Attributes"); + return dump_certs_pkeys_bags (out, bag->value.safes, pass, + passlen, options); + + default: + BIO_printf (bio_err, "Warning unsupported bag type: "); + i2a_ASN1_OBJECT (bio_err, bag->type); + BIO_printf (bio_err, "\n"); + return 1; + break; + } + return 1; +} + +/* Given a single certificate return a verified chain or NULL if error */ + +/* Hope this is OK .... */ + +int get_cert_chain (X509 *cert, STACK_OF(X509) **chain) +{ + X509_STORE *store; + X509_STORE_CTX store_ctx; + STACK_OF(X509) *chn; + int i; + X509 *x; + store = X509_STORE_new (); + X509_STORE_set_default_paths (store); + X509_STORE_CTX_init(&store_ctx, store, cert, NULL); + if (X509_verify_cert(&store_ctx) <= 0) { + i = X509_STORE_CTX_get_error (&store_ctx); + goto err; + } + chn = sk_X509_dup(X509_STORE_CTX_get_chain (&store_ctx)); + for (i = 0; i < sk_X509_num(chn); i++) { + x = sk_X509_value(chn, i); + CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509); + } + i = 0; + *chain = chn; +err: + X509_STORE_CTX_cleanup(&store_ctx); + X509_STORE_free(store); + + return i; +} + +int alg_print (BIO *x, X509_ALGOR *alg) +{ + PBEPARAM *pbe; + unsigned char *p; + p = alg->parameter->value.sequence->data; + pbe = d2i_PBEPARAM (NULL, &p, alg->parameter->value.sequence->length); + BIO_printf (bio_err, "%s, Iteration %d\n", + OBJ_nid2ln(OBJ_obj2nid(alg->algorithm)), ASN1_INTEGER_get(pbe->iter)); + PBEPARAM_free (pbe); + return 0; +} + +/* Load all certificates from a given file */ + +int cert_load(BIO *in, STACK_OF(X509) *sk) +{ + int ret; + X509 *cert; + ret = 0; + while((cert = PEM_read_bio_X509(in, NULL, NULL, NULL))) { + ret = 1; + sk_X509_push(sk, cert); + } + if(ret) ERR_clear_error(); + return ret; +} + +/* Generalised attribute print: handle PKCS#8 and bag attributes */ + +int print_attribs (BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst, char *name) +{ + X509_ATTRIBUTE *attr; + ASN1_TYPE *av; + char *value; + int i, attr_nid; + if(!attrlst) { + BIO_printf(out, "%s: \n", name); + return 1; + } + if(!sk_X509_ATTRIBUTE_num(attrlst)) { + BIO_printf(out, "%s: \n", name); + return 1; + } + BIO_printf(out, "%s\n", name); + for(i = 0; i < sk_X509_ATTRIBUTE_num(attrlst); i++) { + attr = sk_X509_ATTRIBUTE_value(attrlst, i); + attr_nid = OBJ_obj2nid(attr->object); + BIO_printf(out, " "); + if(attr_nid == NID_undef) { + i2a_ASN1_OBJECT (out, attr->object); + BIO_printf(out, ": "); + } else BIO_printf(out, "%s: ", OBJ_nid2ln(attr_nid)); + + if(sk_ASN1_TYPE_num(attr->value.set)) { + av = sk_ASN1_TYPE_value(attr->value.set, 0); + switch(av->type) { + case V_ASN1_BMPSTRING: + value = uni2asc(av->value.bmpstring->data, + av->value.bmpstring->length); + BIO_printf(out, "%s\n", value); + Free(value); + break; + + case V_ASN1_OCTET_STRING: + hex_prin(out, av->value.bit_string->data, + av->value.bit_string->length); + BIO_printf(out, "\n"); + break; + + case V_ASN1_BIT_STRING: + hex_prin(out, av->value.octet_string->data, + av->value.octet_string->length); + BIO_printf(out, "\n"); + break; + + default: + BIO_printf(out, "\n", av->type); + break; + } + } else BIO_printf(out, "\n"); + } + return 1; +} + +void hex_prin(BIO *out, unsigned char *buf, int len) +{ + int i; + for (i = 0; i < len; i++) BIO_printf (out, "%02X ", buf[i]); +} + +#endif diff --git a/crypto/openssl/apps/pkcs7.c b/crypto/openssl/apps/pkcs7.c new file mode 100644 index 000000000000..0e1427cc3155 --- /dev/null +++ b/crypto/openssl/apps/pkcs7.c @@ -0,0 +1,313 @@ +/* apps/pkcs7.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include +#include +#include +#include "apps.h" +#include +#include +#include +#include +#include +#include + +#undef PROG +#define PROG pkcs7_main + +/* -inform arg - input format - default PEM (one of DER, TXT or PEM) + * -outform arg - output format - default PEM + * -in arg - input file - default stdin + * -out arg - output file - default stdout + * -des - encrypt output if PEM format with DES in cbc mode + * -des3 - encrypt output if PEM format + * -idea - encrypt output if PEM format + * -print_certs + */ + +int MAIN(int argc, char **argv) + { + PKCS7 *p7=NULL; + int i,badops=0; +#if !defined(NO_DES) || !defined(NO_IDEA) + EVP_CIPHER *enc=NULL; +#endif + BIO *in=NULL,*out=NULL; + int informat,outformat; + char *infile,*outfile,*prog,buf[256]; + int print_certs=0; + int ret=0; + + apps_startup(); + + if (bio_err == NULL) + if ((bio_err=BIO_new(BIO_s_file())) != NULL) + BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + + infile=NULL; + outfile=NULL; + informat=FORMAT_PEM; + outformat=FORMAT_PEM; + + prog=argv[0]; + argc--; + argv++; + while (argc >= 1) + { + if (strcmp(*argv,"-inform") == 0) + { + if (--argc < 1) goto bad; + informat=str2fmt(*(++argv)); + } + else if (strcmp(*argv,"-outform") == 0) + { + if (--argc < 1) goto bad; + outformat=str2fmt(*(++argv)); + } + else if (strcmp(*argv,"-in") == 0) + { + if (--argc < 1) goto bad; + infile= *(++argv); + } + else if (strcmp(*argv,"-out") == 0) + { + if (--argc < 1) goto bad; + outfile= *(++argv); + } + else if (strcmp(*argv,"-print_certs") == 0) + print_certs=1; +#ifndef NO_DES + else if (strcmp(*argv,"-des") == 0) + enc=EVP_des_cbc(); + else if (strcmp(*argv,"-des3") == 0) + enc=EVP_des_ede3_cbc(); +#endif +#ifndef NO_IDEA + else if (strcmp(*argv,"-idea") == 0) + enc=EVP_idea_cbc(); +#endif + else + { + BIO_printf(bio_err,"unknown option %s\n",*argv); + badops=1; + break; + } + argc--; + argv++; + } + + if (badops) + { +bad: + BIO_printf(bio_err,"%s [options] outfile\n",prog); + BIO_printf(bio_err,"where options are\n"); + BIO_printf(bio_err," -inform arg input format - one of DER TXT PEM\n"); + BIO_printf(bio_err," -outform arg output format - one of DER TXT PEM\n"); + BIO_printf(bio_err," -in arg input file\n"); + BIO_printf(bio_err," -out arg output file\n"); + BIO_printf(bio_err," -print_certs print any certs or crl in the input\n"); + BIO_printf(bio_err," -des encrypt PEM output with cbc des\n"); + BIO_printf(bio_err," -des3 encrypt PEM output with ede cbc des using 168 bit key\n"); +#ifndef NO_IDEA + BIO_printf(bio_err," -idea encrypt PEM output with cbc idea\n"); +#endif + EXIT(1); + } + + ERR_load_crypto_strings(); + + in=BIO_new(BIO_s_file()); + out=BIO_new(BIO_s_file()); + if ((in == NULL) || (out == NULL)) + { + ERR_print_errors(bio_err); + goto end; + } + + if (infile == NULL) + BIO_set_fp(in,stdin,BIO_NOCLOSE); + else + { + if (BIO_read_filename(in,infile) <= 0) + if (in == NULL) + { + perror(infile); + goto end; + } + } + + if (informat == FORMAT_ASN1) + p7=d2i_PKCS7_bio(in,NULL); + else if (informat == FORMAT_PEM) + p7=PEM_read_bio_PKCS7(in,NULL,NULL,NULL); + else + { + BIO_printf(bio_err,"bad input format specified for pkcs7 object\n"); + goto end; + } + if (p7 == NULL) + { + BIO_printf(bio_err,"unable to load PKCS7 object\n"); + ERR_print_errors(bio_err); + goto end; + } + + if (outfile == NULL) + BIO_set_fp(out,stdout,BIO_NOCLOSE); + else + { + if (BIO_write_filename(out,outfile) <= 0) + { + perror(outfile); + goto end; + } + } + + if (print_certs) + { + STACK_OF(X509) *certs=NULL; + STACK_OF(X509_CRL) *crls=NULL; + + i=OBJ_obj2nid(p7->type); + switch (i) + { + case NID_pkcs7_signed: + certs=p7->d.sign->cert; + crls=p7->d.sign->crl; + break; + case NID_pkcs7_signedAndEnveloped: + certs=p7->d.signed_and_enveloped->cert; + crls=p7->d.signed_and_enveloped->crl; + break; + default: + break; + } + + if (certs != NULL) + { + X509 *x; + + for (i=0; icrl->issuer,buf,256); + BIO_puts(out,"issuer= "); + BIO_puts(out,buf); + + BIO_puts(out,"\nlast update="); + ASN1_TIME_print(out,crl->crl->lastUpdate); + BIO_puts(out,"\nnext update="); + ASN1_TIME_print(out,crl->crl->nextUpdate); + BIO_puts(out,"\n"); + + PEM_write_bio_X509_CRL(out,crl); + BIO_puts(out,"\n"); + } + } + + ret=0; + goto end; + } + + if (outformat == FORMAT_ASN1) + i=i2d_PKCS7_bio(out,p7); + else if (outformat == FORMAT_PEM) + i=PEM_write_bio_PKCS7(out,p7); + else { + BIO_printf(bio_err,"bad output format specified for outfile\n"); + goto end; + } + + if (!i) + { + BIO_printf(bio_err,"unable to write pkcs7 object\n"); + ERR_print_errors(bio_err); + goto end; + } + ret=0; +end: + if (p7 != NULL) PKCS7_free(p7); + if (in != NULL) BIO_free(in); + if (out != NULL) BIO_free(out); + EXIT(ret); + } diff --git a/crypto/openssl/apps/pkcs8.c b/crypto/openssl/apps/pkcs8.c new file mode 100644 index 000000000000..a05388300ad6 --- /dev/null +++ b/crypto/openssl/apps/pkcs8.c @@ -0,0 +1,274 @@ +/* pkcs8.c */ +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +#include +#include +#include +#include +#include +#include + +#include "apps.h" +#define PROG pkcs8_main + + +int MAIN(int argc, char **argv) +{ + char **args, *infile = NULL, *outfile = NULL; + BIO *in = NULL, *out = NULL; + int topk8 = 0; + int pbe_nid = -1; + const EVP_CIPHER *cipher = NULL; + int iter = PKCS12_DEFAULT_ITER; + int informat, outformat; + int p8_broken = PKCS8_OK; + int nocrypt = 0; + X509_SIG *p8; + PKCS8_PRIV_KEY_INFO *p8inf; + EVP_PKEY *pkey; + char pass[50]; + int badarg = 0; + if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE); + informat=FORMAT_PEM; + outformat=FORMAT_PEM; + ERR_load_crypto_strings(); + SSLeay_add_all_algorithms(); + args = argv + 1; + while (!badarg && *args && *args[0] == '-') { + if (!strcmp(*args,"-v2")) { + if (args[1]) { + args++; + cipher=EVP_get_cipherbyname(*args); + if(!cipher) { + BIO_printf(bio_err, + "Unknown cipher %s\n", *args); + badarg = 1; + } + } else badarg = 1; + } else if (!strcmp(*args,"-inform")) { + if (args[1]) { + args++; + informat=str2fmt(*args); + } else badarg = 1; + } else if (!strcmp(*args,"-outform")) { + if (args[1]) { + args++; + outformat=str2fmt(*args); + } else badarg = 1; + } else if (!strcmp (*args, "-topk8")) topk8 = 1; + else if (!strcmp (*args, "-noiter")) iter = 1; + else if (!strcmp (*args, "-nocrypt")) nocrypt = 1; + else if (!strcmp (*args, "-nooct")) p8_broken = PKCS8_NO_OCTET; + else if (!strcmp (*args, "-in")) { + if (args[1]) { + args++; + infile = *args; + } else badarg = 1; + } else if (!strcmp (*args, "-out")) { + if (args[1]) { + args++; + outfile = *args; + } else badarg = 1; + } else badarg = 1; + args++; + } + + if (badarg) { + BIO_printf (bio_err, "Usage pkcs8 [options]\n"); + BIO_printf (bio_err, "where options are\n"); + BIO_printf (bio_err, "-in file input file\n"); + BIO_printf (bio_err, "-inform X input format (DER or PEM)\n"); + BIO_printf (bio_err, "-outform X output format (DER or PEM)\n"); + BIO_printf (bio_err, "-out file output file\n"); + BIO_printf (bio_err, "-topk8 output PKCS8 file\n"); + BIO_printf (bio_err, "-nooct use (broken) no octet form\n"); + BIO_printf (bio_err, "-noiter use 1 as iteration count\n"); + BIO_printf (bio_err, "-nocrypt use or expect unencrypted private key\n"); + BIO_printf (bio_err, "-v2 alg use PKCS#5 v2.0 and cipher \"alg\"\n"); + return (1); + } + + if ((pbe_nid == -1) && !cipher) pbe_nid = NID_pbeWithMD5AndDES_CBC; + + if (infile) { + if (!(in = BIO_new_file (infile, "rb"))) { + BIO_printf (bio_err, + "Can't open input file %s\n", infile); + return (1); + } + } else in = BIO_new_fp (stdin, BIO_NOCLOSE); + + if (outfile) { + if (!(out = BIO_new_file (outfile, "wb"))) { + BIO_printf (bio_err, + "Can't open output file %s\n", outfile); + return (1); + } + } else out = BIO_new_fp (stdout, BIO_NOCLOSE); + + if (topk8) { + if (!(pkey = PEM_read_bio_PrivateKey(in, NULL, NULL, NULL))) { + BIO_printf (bio_err, "Error reading key\n", outfile); + ERR_print_errors(bio_err); + return (1); + } + BIO_free(in); + if (!(p8inf = EVP_PKEY2PKCS8(pkey))) { + BIO_printf (bio_err, "Error converting key\n", outfile); + ERR_print_errors(bio_err); + return (1); + } + PKCS8_set_broken(p8inf, p8_broken); + if(nocrypt) { + if(outformat == FORMAT_PEM) + PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8inf); + else if(outformat == FORMAT_ASN1) + i2d_PKCS8_PRIV_KEY_INFO_bio(out, p8inf); + else { + BIO_printf(bio_err, "Bad format specified for key\n"); + return (1); + } + } else { + EVP_read_pw_string(pass, 50, "Enter Encryption Password:", 1); + if (!(p8 = PKCS8_encrypt(pbe_nid, cipher, + pass, strlen(pass), + NULL, 0, iter, p8inf))) { + BIO_printf (bio_err, "Error encrypting key\n", + outfile); + ERR_print_errors(bio_err); + return (1); + } + if(outformat == FORMAT_PEM) + PEM_write_bio_PKCS8 (out, p8); + else if(outformat == FORMAT_ASN1) + i2d_PKCS8_bio(out, p8); + else { + BIO_printf(bio_err, "Bad format specified for key\n"); + return (1); + } + X509_SIG_free(p8); + } + PKCS8_PRIV_KEY_INFO_free (p8inf); + EVP_PKEY_free(pkey); + BIO_free(out); + return (0); + } + + if(nocrypt) { + if(informat == FORMAT_PEM) + p8inf = PEM_read_bio_PKCS8_PRIV_KEY_INFO(in,NULL,NULL, NULL); + else if(informat == FORMAT_ASN1) + p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(in, NULL); + else { + BIO_printf(bio_err, "Bad format specified for key\n"); + return (1); + } + } else { + if(informat == FORMAT_PEM) + p8 = PEM_read_bio_PKCS8(in, NULL, NULL, NULL); + else if(informat == FORMAT_ASN1) + p8 = d2i_PKCS8_bio(in, NULL); + else { + BIO_printf(bio_err, "Bad format specified for key\n"); + return (1); + } + + if (!p8) { + BIO_printf (bio_err, "Error reading key\n", outfile); + ERR_print_errors(bio_err); + return (1); + } + EVP_read_pw_string(pass, 50, "Enter Password:", 0); + p8inf = M_PKCS8_decrypt(p8, pass, strlen(pass)); + X509_SIG_free(p8); + } + + if (!p8inf) { + BIO_printf(bio_err, "Error decrypting key\n", outfile); + ERR_print_errors(bio_err); + return (1); + } + + if (!(pkey = EVP_PKCS82PKEY(p8inf))) { + BIO_printf(bio_err, "Error converting key\n", outfile); + ERR_print_errors(bio_err); + return (1); + } + + if (p8inf->broken) { + BIO_printf(bio_err, "Warning: broken key encoding: "); + switch (p8inf->broken) { + case PKCS8_NO_OCTET: + BIO_printf(bio_err, "No Octet String\n"); + break; + + default: + BIO_printf(bio_err, "Unknown broken type\n"); + break; + } + } + + PKCS8_PRIV_KEY_INFO_free(p8inf); + + PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, NULL, NULL); + + EVP_PKEY_free(pkey); + BIO_free(out); + BIO_free(in); + + return (0); +} diff --git a/crypto/openssl/apps/privkey.pem b/crypto/openssl/apps/privkey.pem new file mode 100644 index 000000000000..0af46474a7ee --- /dev/null +++ b/crypto/openssl/apps/privkey.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CBC,BA26229A1653B7FF + +6nhWG8PKhTPO/s3ZvjUa6226NlKdvPDZFsNXOOoSUs9ejxpb/aj5huhs6qRYzsz9 +Year47uaAZYhGD0vAagnNiBnYmjWEpN9G/wQxG7pgZThK1ZxDi63qn8aQ8UjuGHo +F6RpnnBQIAnWTWqr/Qsybtc5EoNkrj/Cpx0OfbSr6gZsFBCxwX1R1hT3/mhJ45f3 +XMofY32Vdfx9/vtw1O7HmlHXQnXaqnbd9/nn1EpvFJG9+UjPoW7gV4jCOLuR4deE +jS8hm+cpkwXmFtk3VGjT9tQXPpMv3JpYfBqgGQoMAJ5Toq0DWcHi6Wg08PsD8lgy +vmTioPsRg+JGkJkJ8GnusgLpQdlQJbjzd7wGE6ElUFLfOxLo8bLlRHoriHNdWYhh +JjY0LyeTkovcmWxVjImc6ZyBz5Ly4t0BYf1gq3OkjsV91Q1taBxnhiavfizqMCAf +PPB3sLQnlXG77TOXkNxpqbZfEYrVZW2Nsqqdn8s07Uj4IMONZyq2odYKWFPMJBiM +POYwXjMAOcmFMTHYsVlhcUJuV6LOuipw/FEbTtPH/MYMxLe4zx65dYo1rb4iLKLS +gMtB0o/Wl4Xno3ZXh1ucicYnV2J7NpVcjVq+3SFiCRu2SrSkZHZ23EPS13Ec6fcz +8X/YGA2vTJ8MAOozAzQUwHQYvLk7bIoQVekqDq4p0AZQbhdspHpArCk0Ifqqzg/v +Uyky/zZiQYanzDenTSRVI/8wac3olxpU8QvbySxYqmbkgq6bTpXJfYFQfnAttEsC +dA4S5UFgyOPZluxCAM4yaJF3Ft6neutNwftuJQMbgCUi9vYg2tGdSw== +-----END RSA PRIVATE KEY----- diff --git a/crypto/openssl/apps/progs.h b/crypto/openssl/apps/progs.h new file mode 100644 index 000000000000..df067182bc46 --- /dev/null +++ b/crypto/openssl/apps/progs.h @@ -0,0 +1,233 @@ +/* This file was generated by progs.pl. */ + +extern int verify_main(int argc,char *argv[]); +extern int asn1parse_main(int argc,char *argv[]); +extern int req_main(int argc,char *argv[]); +extern int dgst_main(int argc,char *argv[]); +extern int dh_main(int argc,char *argv[]); +extern int enc_main(int argc,char *argv[]); +extern int gendh_main(int argc,char *argv[]); +extern int errstr_main(int argc,char *argv[]); +extern int ca_main(int argc,char *argv[]); +extern int crl_main(int argc,char *argv[]); +extern int rsa_main(int argc,char *argv[]); +extern int dsa_main(int argc,char *argv[]); +extern int dsaparam_main(int argc,char *argv[]); +extern int x509_main(int argc,char *argv[]); +extern int genrsa_main(int argc,char *argv[]); +extern int gendsa_main(int argc,char *argv[]); +extern int s_server_main(int argc,char *argv[]); +extern int s_client_main(int argc,char *argv[]); +extern int speed_main(int argc,char *argv[]); +extern int s_time_main(int argc,char *argv[]); +extern int version_main(int argc,char *argv[]); +extern int pkcs7_main(int argc,char *argv[]); +extern int crl2pkcs7_main(int argc,char *argv[]); +extern int sess_id_main(int argc,char *argv[]); +extern int ciphers_main(int argc,char *argv[]); +extern int nseq_main(int argc,char *argv[]); +extern int pkcs12_main(int argc,char *argv[]); +extern int pkcs8_main(int argc,char *argv[]); + +#ifdef SSLEAY_SRC /* Defined only in openssl.c. */ + +#define FUNC_TYPE_GENERAL 1 +#define FUNC_TYPE_MD 2 +#define FUNC_TYPE_CIPHER 3 + +typedef struct { + int type; + char *name; + int (*func)(); + } FUNCTION; + +FUNCTION functions[] = { + {FUNC_TYPE_GENERAL,"verify",verify_main}, + {FUNC_TYPE_GENERAL,"asn1parse",asn1parse_main}, + {FUNC_TYPE_GENERAL,"req",req_main}, + {FUNC_TYPE_GENERAL,"dgst",dgst_main}, +#ifndef NO_DH + {FUNC_TYPE_GENERAL,"dh",dh_main}, +#endif + {FUNC_TYPE_GENERAL,"enc",enc_main}, +#ifndef NO_DH + {FUNC_TYPE_GENERAL,"gendh",gendh_main}, +#endif + {FUNC_TYPE_GENERAL,"errstr",errstr_main}, + {FUNC_TYPE_GENERAL,"ca",ca_main}, + {FUNC_TYPE_GENERAL,"crl",crl_main}, +#ifndef NO_RSA + {FUNC_TYPE_GENERAL,"rsa",rsa_main}, +#endif +#ifndef NO_DSA + {FUNC_TYPE_GENERAL,"dsa",dsa_main}, +#endif +#ifndef NO_DSA + {FUNC_TYPE_GENERAL,"dsaparam",dsaparam_main}, +#endif + {FUNC_TYPE_GENERAL,"x509",x509_main}, +#ifndef NO_RSA + {FUNC_TYPE_GENERAL,"genrsa",genrsa_main}, +#endif +#ifndef NO_DSA + {FUNC_TYPE_GENERAL,"gendsa",gendsa_main}, +#endif +#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(O_SSL3)) + {FUNC_TYPE_GENERAL,"s_server",s_server_main}, +#endif +#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(O_SSL3)) + {FUNC_TYPE_GENERAL,"s_client",s_client_main}, +#endif + {FUNC_TYPE_GENERAL,"speed",speed_main}, +#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(O_SSL3)) + {FUNC_TYPE_GENERAL,"s_time",s_time_main}, +#endif + {FUNC_TYPE_GENERAL,"version",version_main}, + {FUNC_TYPE_GENERAL,"pkcs7",pkcs7_main}, + {FUNC_TYPE_GENERAL,"crl2pkcs7",crl2pkcs7_main}, + {FUNC_TYPE_GENERAL,"sess_id",sess_id_main}, +#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(NO_SSL3)) + {FUNC_TYPE_GENERAL,"ciphers",ciphers_main}, +#endif + {FUNC_TYPE_GENERAL,"nseq",nseq_main}, +#if !defined(NO_DES) && !defined(NO_SHA1) + {FUNC_TYPE_GENERAL,"pkcs12",pkcs12_main}, +#endif + {FUNC_TYPE_GENERAL,"pkcs8",pkcs8_main}, + {FUNC_TYPE_MD,"md2",dgst_main}, + {FUNC_TYPE_MD,"md5",dgst_main}, + {FUNC_TYPE_MD,"sha",dgst_main}, + {FUNC_TYPE_MD,"sha1",dgst_main}, + {FUNC_TYPE_MD,"mdc2",dgst_main}, + {FUNC_TYPE_MD,"rmd160",dgst_main}, + {FUNC_TYPE_CIPHER,"base64",enc_main}, +#ifndef NO_DES + {FUNC_TYPE_CIPHER,"des",enc_main}, +#endif +#ifndef NO_DES + {FUNC_TYPE_CIPHER,"des3",enc_main}, +#endif +#ifndef NO_DES + {FUNC_TYPE_CIPHER,"desx",enc_main}, +#endif +#ifndef NO_IDEA + {FUNC_TYPE_CIPHER,"idea",enc_main}, +#endif +#ifndef NO_RC4 + {FUNC_TYPE_CIPHER,"rc4",enc_main}, +#endif +#ifndef NO_RC2 + {FUNC_TYPE_CIPHER,"rc2",enc_main}, +#endif +#ifndef NO_BF + {FUNC_TYPE_CIPHER,"bf",enc_main}, +#endif +#ifndef NO_CAST + {FUNC_TYPE_CIPHER,"cast",enc_main}, +#endif +#ifndef NO_RC5 + {FUNC_TYPE_CIPHER,"rc5",enc_main}, +#endif +#ifndef NO_DES + {FUNC_TYPE_CIPHER,"des-ecb",enc_main}, +#endif +#ifndef NO_DES + {FUNC_TYPE_CIPHER,"des-ede",enc_main}, +#endif +#ifndef NO_DES + {FUNC_TYPE_CIPHER,"des-ede3",enc_main}, +#endif +#ifndef NO_DES + {FUNC_TYPE_CIPHER,"des-cbc",enc_main}, +#endif +#ifndef NO_DES + {FUNC_TYPE_CIPHER,"des-ede-cbc",enc_main}, +#endif +#ifndef NO_DES + {FUNC_TYPE_CIPHER,"des-ede3-cbc",enc_main}, +#endif +#ifndef NO_DES + {FUNC_TYPE_CIPHER,"des-cfb",enc_main}, +#endif +#ifndef NO_DES + {FUNC_TYPE_CIPHER,"des-ede-cfb",enc_main}, +#endif +#ifndef NO_DES + {FUNC_TYPE_CIPHER,"des-ede3-cfb",enc_main}, +#endif +#ifndef NO_DES + {FUNC_TYPE_CIPHER,"des-ofb",enc_main}, +#endif +#ifndef NO_DES + {FUNC_TYPE_CIPHER,"des-ede-ofb",enc_main}, +#endif +#ifndef NO_DES + {FUNC_TYPE_CIPHER,"des-ede3-ofb",enc_main}, +#endif +#ifndef NO_IDEA + {FUNC_TYPE_CIPHER,"idea-cbc",enc_main}, +#endif +#ifndef NO_IDEA + {FUNC_TYPE_CIPHER,"idea-ecb",enc_main}, +#endif +#ifndef NO_IDEA + {FUNC_TYPE_CIPHER,"idea-cfb",enc_main}, +#endif +#ifndef NO_IDEA + {FUNC_TYPE_CIPHER,"idea-ofb",enc_main}, +#endif +#ifndef NO_RC2 + {FUNC_TYPE_CIPHER,"rc2-cbc",enc_main}, +#endif +#ifndef NO_RC2 + {FUNC_TYPE_CIPHER,"rc2-ecb",enc_main}, +#endif +#ifndef NO_RC2 + {FUNC_TYPE_CIPHER,"rc2-cfb",enc_main}, +#endif +#ifndef NO_RC2 + {FUNC_TYPE_CIPHER,"rc2-ofb",enc_main}, +#endif +#ifndef NO_BF + {FUNC_TYPE_CIPHER,"bf-cbc",enc_main}, +#endif +#ifndef NO_BF + {FUNC_TYPE_CIPHER,"bf-ecb",enc_main}, +#endif +#ifndef NO_BF + {FUNC_TYPE_CIPHER,"bf-cfb",enc_main}, +#endif +#ifndef NO_BF + {FUNC_TYPE_CIPHER,"bf-ofb",enc_main}, +#endif +#ifndef NO_CAST + {FUNC_TYPE_CIPHER,"cast5-cbc",enc_main}, +#endif +#ifndef NO_CAST + {FUNC_TYPE_CIPHER,"cast5-ecb",enc_main}, +#endif +#ifndef NO_CAST + {FUNC_TYPE_CIPHER,"cast5-cfb",enc_main}, +#endif +#ifndef NO_CAST + {FUNC_TYPE_CIPHER,"cast5-ofb",enc_main}, +#endif +#ifndef NO_CAST + {FUNC_TYPE_CIPHER,"cast-cbc",enc_main}, +#endif +#ifndef NO_RC5 + {FUNC_TYPE_CIPHER,"rc5-cbc",enc_main}, +#endif +#ifndef NO_RC5 + {FUNC_TYPE_CIPHER,"rc5-ecb",enc_main}, +#endif +#ifndef NO_RC5 + {FUNC_TYPE_CIPHER,"rc5-cfb",enc_main}, +#endif +#ifndef NO_RC5 + {FUNC_TYPE_CIPHER,"rc5-ofb",enc_main}, +#endif + {0,NULL,NULL} + }; +#endif + diff --git a/crypto/openssl/apps/progs.pl b/crypto/openssl/apps/progs.pl new file mode 100644 index 000000000000..7a69fc7b18dc --- /dev/null +++ b/crypto/openssl/apps/progs.pl @@ -0,0 +1,77 @@ +#!/usr/local/bin/perl + +print "/* This file was generated by progs.pl. */\n\n"; + +grep(s/^asn1pars$/asn1parse/,@ARGV); + +foreach (@ARGV) + { printf "extern int %s_main(int argc,char *argv[]);\n",$_; } + +print <<'EOF'; + +#ifdef SSLEAY_SRC /* Defined only in openssl.c. */ + +#define FUNC_TYPE_GENERAL 1 +#define FUNC_TYPE_MD 2 +#define FUNC_TYPE_CIPHER 3 + +typedef struct { + int type; + char *name; + int (*func)(); + } FUNCTION; + +FUNCTION functions[] = { +EOF + +foreach (@ARGV) + { + push(@files,$_); + $str="\t{FUNC_TYPE_GENERAL,\"$_\",${_}_main},\n"; + if (($_ =~ /^s_/) || ($_ =~ /^ciphers$/)) + { print "#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(O_SSL3))\n${str}#endif\n"; } + elsif ( ($_ =~ /^rsa$/) || ($_ =~ /^genrsa$/) ) + { print "#ifndef NO_RSA\n${str}#endif\n"; } + elsif ( ($_ =~ /^dsa$/) || ($_ =~ /^gendsa$/) || ($_ =~ /^dsaparam$/)) + { print "#ifndef NO_DSA\n${str}#endif\n"; } + elsif ( ($_ =~ /^dh$/) || ($_ =~ /^gendh$/)) + { print "#ifndef NO_DH\n${str}#endif\n"; } + else + { print $str; } + } + +foreach ("md2","md5","sha","sha1","mdc2","rmd160") + { + push(@files,$_); + printf "\t{FUNC_TYPE_MD,\"%s\",dgst_main},\n",$_; + } + +foreach ( + "base64", + "des", "des3", "desx", "idea", "rc4", "rc2","bf","cast","rc5", + "des-ecb", "des-ede", "des-ede3", + "des-cbc", "des-ede-cbc","des-ede3-cbc", + "des-cfb", "des-ede-cfb","des-ede3-cfb", + "des-ofb", "des-ede-ofb","des-ede3-ofb", + "idea-cbc","idea-ecb", "idea-cfb", "idea-ofb", + "rc2-cbc", "rc2-ecb", "rc2-cfb", "rc2-ofb", + "bf-cbc", "bf-ecb", "bf-cfb", "bf-ofb", + "cast5-cbc","cast5-ecb", "cast5-cfb","cast5-ofb", + "cast-cbc", "rc5-cbc", "rc5-ecb", "rc5-cfb", "rc5-ofb") + { + push(@files,$_); + + $t=sprintf("\t{FUNC_TYPE_CIPHER,\"%s\",enc_main},\n",$_); + if ($_ =~ /des/) { $t="#ifndef NO_DES\n${t}#endif\n"; } + elsif ($_ =~ /idea/) { $t="#ifndef NO_IDEA\n${t}#endif\n"; } + elsif ($_ =~ /rc4/) { $t="#ifndef NO_RC4\n${t}#endif\n"; } + elsif ($_ =~ /rc2/) { $t="#ifndef NO_RC2\n${t}#endif\n"; } + elsif ($_ =~ /bf/) { $t="#ifndef NO_BF\n${t}#endif\n"; } + elsif ($_ =~ /cast/) { $t="#ifndef NO_CAST\n${t}#endif\n"; } + elsif ($_ =~ /rc5/) { $t="#ifndef NO_RC5\n${t}#endif\n"; } + print $t; + } + +print "\t{0,NULL,NULL}\n\t};\n"; +print "#endif\n\n"; + diff --git a/crypto/openssl/apps/req.c b/crypto/openssl/apps/req.c new file mode 100644 index 000000000000..463ac156ea45 --- /dev/null +++ b/crypto/openssl/apps/req.c @@ -0,0 +1,1197 @@ +/* apps/req.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include +#include +#include +#ifdef NO_STDIO +#define APPS_WIN16 +#endif +#include "apps.h" +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#define SECTION "req" + +#define BITS "default_bits" +#define KEYFILE "default_keyfile" +#define DISTINGUISHED_NAME "distinguished_name" +#define ATTRIBUTES "attributes" +#define V3_EXTENSIONS "x509_extensions" + +#define DEFAULT_KEY_LENGTH 512 +#define MIN_KEY_LENGTH 384 + +#undef PROG +#define PROG req_main + +/* -inform arg - input format - default PEM (one of DER, TXT or PEM) + * -outform arg - output format - default PEM + * -in arg - input file - default stdin + * -out arg - output file - default stdout + * -verify - check request signature + * -noout - don't print stuff out. + * -text - print out human readable text. + * -nodes - no des encryption + * -config file - Load configuration file. + * -key file - make a request using key in file (or use it for verification). + * -keyform - key file format. + * -newkey - make a key and a request. + * -modulus - print RSA modulus. + * -x509 - output a self signed X509 structure instead. + * -asn1-kludge - output new certificate request in a format that some CA's + * require. This format is wrong + */ + +static int make_REQ(X509_REQ *req,EVP_PKEY *pkey,int attribs); +static int add_attribute_object(STACK_OF(X509_ATTRIBUTE) *n, char *text, + char *def, char *value, int nid, int min, + int max); +static int add_DN_object(X509_NAME *n, char *text, char *def, char *value, + int nid,int min,int max); +static void MS_CALLBACK req_cb(int p,int n,void *arg); +static int req_fix_data(int nid,int *type,int len,int min,int max); +static int check_end(char *str, char *end); +static int add_oid_section(LHASH *conf); +#ifndef MONOLITH +static char *default_config_file=NULL; +static LHASH *config=NULL; +#endif +static LHASH *req_conf=NULL; + +#define TYPE_RSA 1 +#define TYPE_DSA 2 +#define TYPE_DH 3 + +int MAIN(int argc, char **argv) + { +#ifndef NO_DSA + DSA *dsa_params=NULL; +#endif + int ex=1,x509=0,days=30; + X509 *x509ss=NULL; + X509_REQ *req=NULL; + EVP_PKEY *pkey=NULL; + int i,badops=0,newreq=0,newkey= -1,pkey_type=0; + BIO *in=NULL,*out=NULL; + int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM; + int nodes=0,kludge=0; + char *infile,*outfile,*prog,*keyfile=NULL,*template=NULL,*keyout=NULL; + char *extensions = NULL; + EVP_CIPHER *cipher=NULL; + int modulus=0; + char *p; + const EVP_MD *md_alg=NULL,*digest=EVP_md5(); +#ifndef MONOLITH + MS_STATIC char config_name[256]; +#endif + +#ifndef NO_DES + cipher=EVP_des_ede3_cbc(); +#endif + apps_startup(); + + if (bio_err == NULL) + if ((bio_err=BIO_new(BIO_s_file())) != NULL) + BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + + infile=NULL; + outfile=NULL; + informat=FORMAT_PEM; + outformat=FORMAT_PEM; + + prog=argv[0]; + argc--; + argv++; + while (argc >= 1) + { + if (strcmp(*argv,"-inform") == 0) + { + if (--argc < 1) goto bad; + informat=str2fmt(*(++argv)); + } + else if (strcmp(*argv,"-outform") == 0) + { + if (--argc < 1) goto bad; + outformat=str2fmt(*(++argv)); + } + else if (strcmp(*argv,"-key") == 0) + { + if (--argc < 1) goto bad; + keyfile= *(++argv); + } + else if (strcmp(*argv,"-new") == 0) + { + pkey_type=TYPE_RSA; + newreq=1; + } + else if (strcmp(*argv,"-config") == 0) + { + if (--argc < 1) goto bad; + template= *(++argv); + } + else if (strcmp(*argv,"-keyform") == 0) + { + if (--argc < 1) goto bad; + keyform=str2fmt(*(++argv)); + } + else if (strcmp(*argv,"-in") == 0) + { + if (--argc < 1) goto bad; + infile= *(++argv); + } + else if (strcmp(*argv,"-out") == 0) + { + if (--argc < 1) goto bad; + outfile= *(++argv); + } + else if (strcmp(*argv,"-keyout") == 0) + { + if (--argc < 1) goto bad; + keyout= *(++argv); + } + else if (strcmp(*argv,"-newkey") == 0) + { + int is_numeric; + + if (--argc < 1) goto bad; + p= *(++argv); + is_numeric = p[0] >= '0' && p[0] <= '9'; + if (strncmp("rsa:",p,4) == 0 || is_numeric) + { + pkey_type=TYPE_RSA; + if(!is_numeric) + p+=4; + newkey= atoi(p); + } + else +#ifndef NO_DSA + if (strncmp("dsa:",p,4) == 0) + { + X509 *xtmp=NULL; + EVP_PKEY *dtmp; + + pkey_type=TYPE_DSA; + p+=4; + if ((in=BIO_new_file(p,"r")) == NULL) + { + perror(p); + goto end; + } + if ((dsa_params=PEM_read_bio_DSAparams(in,NULL,NULL,NULL)) == NULL) + { + ERR_clear_error(); + (void)BIO_reset(in); + if ((xtmp=PEM_read_bio_X509(in,NULL,NULL,NULL)) == NULL) + { + BIO_printf(bio_err,"unable to load DSA parameters from file\n"); + goto end; + } + + dtmp=X509_get_pubkey(xtmp); + if (dtmp->type == EVP_PKEY_DSA) + dsa_params=DSAparams_dup(dtmp->pkey.dsa); + EVP_PKEY_free(dtmp); + X509_free(xtmp); + if (dsa_params == NULL) + { + BIO_printf(bio_err,"Certificate does not contain DSA parameters\n"); + goto end; + } + } + BIO_free(in); + newkey=BN_num_bits(dsa_params->p); + in=NULL; + } + else +#endif +#ifndef NO_DH + if (strncmp("dh:",p,4) == 0) + { + pkey_type=TYPE_DH; + p+=3; + } + else +#endif + pkey_type=TYPE_RSA; + + newreq=1; + } + else if (strcmp(*argv,"-modulus") == 0) + modulus=1; + else if (strcmp(*argv,"-verify") == 0) + verify=1; + else if (strcmp(*argv,"-nodes") == 0) + nodes=1; + else if (strcmp(*argv,"-noout") == 0) + noout=1; + else if (strcmp(*argv,"-text") == 0) + text=1; + else if (strcmp(*argv,"-x509") == 0) + x509=1; + else if (strcmp(*argv,"-asn1-kludge") == 0) + kludge=1; + else if (strcmp(*argv,"-no-asn1-kludge") == 0) + kludge=0; + else if (strcmp(*argv,"-days") == 0) + { + if (--argc < 1) goto bad; + days= atoi(*(++argv)); + if (days == 0) days=30; + } + else if ((md_alg=EVP_get_digestbyname(&((*argv)[1]))) != NULL) + { + /* ok */ + digest=md_alg; + } + else + + { + BIO_printf(bio_err,"unknown option %s\n",*argv); + badops=1; + break; + } + argc--; + argv++; + } + + if (badops) + { +bad: + BIO_printf(bio_err,"%s [options] outfile\n",prog); + BIO_printf(bio_err,"where options are\n"); + BIO_printf(bio_err," -inform arg input format - one of DER TXT PEM\n"); + BIO_printf(bio_err," -outform arg output format - one of DER TXT PEM\n"); + BIO_printf(bio_err," -in arg input file\n"); + BIO_printf(bio_err," -out arg output file\n"); + BIO_printf(bio_err," -text text form of request\n"); + BIO_printf(bio_err," -noout do not output REQ\n"); + BIO_printf(bio_err," -verify verify signature on REQ\n"); + BIO_printf(bio_err," -modulus RSA modulus\n"); + BIO_printf(bio_err," -nodes don't encrypt the output key\n"); + BIO_printf(bio_err," -key file use the private key contained in file\n"); + BIO_printf(bio_err," -keyform arg key file format\n"); + BIO_printf(bio_err," -keyout arg file to send the key to\n"); + BIO_printf(bio_err," -newkey rsa:bits generate a new RSA key of 'bits' in size\n"); + BIO_printf(bio_err," -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'\n"); + + BIO_printf(bio_err," -[digest] Digest to sign with (md5, sha1, md2, mdc2)\n"); + BIO_printf(bio_err," -config file request template file.\n"); + BIO_printf(bio_err," -new new request.\n"); + BIO_printf(bio_err," -x509 output a x509 structure instead of a cert. req.\n"); + BIO_printf(bio_err," -days number of days a x509 generated by -x509 is valid for.\n"); + BIO_printf(bio_err," -asn1-kludge Output the 'request' in a format that is wrong but some CA's\n"); + BIO_printf(bio_err," have been reported as requiring\n"); + BIO_printf(bio_err," [ It is now always turned on but can be turned off with -no-asn1-kludge ]\n"); + goto end; + } + + ERR_load_crypto_strings(); + X509V3_add_standard_extensions(); + +#ifndef MONOLITH + /* Lets load up our environment a little */ + p=getenv("OPENSSL_CONF"); + if (p == NULL) + p=getenv("SSLEAY_CONF"); + if (p == NULL) + { + strcpy(config_name,X509_get_default_cert_area()); +#ifndef VMS + strcat(config_name,"/"); +#endif + strcat(config_name,OPENSSL_CONF); + p=config_name; + } + default_config_file=p; + config=CONF_load(config,p,NULL); +#endif + + if (template != NULL) + { + long errline; + + BIO_printf(bio_err,"Using configuration from %s\n",template); + req_conf=CONF_load(NULL,template,&errline); + if (req_conf == NULL) + { + BIO_printf(bio_err,"error on line %ld of %s\n",errline,template); + goto end; + } + } + else + { + req_conf=config; + BIO_printf(bio_err,"Using configuration from %s\n", + default_config_file); + if (req_conf == NULL) + { + BIO_printf(bio_err,"Unable to load config info\n"); + } + } + + if (req_conf != NULL) + { + p=CONF_get_string(req_conf,NULL,"oid_file"); + if (p != NULL) + { + BIO *oid_bio; + + oid_bio=BIO_new_file(p,"r"); + if (oid_bio == NULL) + { + /* + BIO_printf(bio_err,"problems opening %s for extra oid's\n",p); + ERR_print_errors(bio_err); + */ + } + else + { + OBJ_create_objects(oid_bio); + BIO_free(oid_bio); + } + } + } + if(!add_oid_section(req_conf)) goto end; + + if ((md_alg == NULL) && + ((p=CONF_get_string(req_conf,SECTION,"default_md")) != NULL)) + { + if ((md_alg=EVP_get_digestbyname(p)) != NULL) + digest=md_alg; + } + + extensions = CONF_get_string(req_conf, SECTION, V3_EXTENSIONS); + if(extensions) { + /* Check syntax of file */ + X509V3_CTX ctx; + X509V3_set_ctx_test(&ctx); + X509V3_set_conf_lhash(&ctx, req_conf); + if(!X509V3_EXT_add_conf(req_conf, &ctx, extensions, NULL)) { + BIO_printf(bio_err, + "Error Loading extension section %s\n", extensions); + goto end; + } + } + + in=BIO_new(BIO_s_file()); + out=BIO_new(BIO_s_file()); + if ((in == NULL) || (out == NULL)) + goto end; + + if (keyfile != NULL) + { + if (BIO_read_filename(in,keyfile) <= 0) + { + perror(keyfile); + goto end; + } + +/* if (keyform == FORMAT_ASN1) + rsa=d2i_RSAPrivateKey_bio(in,NULL); + else */ + if (keyform == FORMAT_PEM) + pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,NULL); + else + { + BIO_printf(bio_err,"bad input format specified for X509 request\n"); + goto end; + } + + if (pkey == NULL) + { + BIO_printf(bio_err,"unable to load Private key\n"); + goto end; + } + } + + if (newreq && (pkey == NULL)) + { + char *randfile; + char buffer[200]; + + if ((randfile=CONF_get_string(req_conf,SECTION,"RANDFILE")) == NULL) + randfile=RAND_file_name(buffer,200); +#ifdef WINDOWS + BIO_printf(bio_err,"Loading 'screen' into random state -"); + BIO_flush(bio_err); + RAND_screen(); + BIO_printf(bio_err," done\n"); +#endif + if ((randfile == NULL) || !RAND_load_file(randfile,1024L*1024L)) + { + BIO_printf(bio_err,"unable to load 'random state'\n"); + BIO_printf(bio_err,"What this means is that the random number generator has not been seeded\n"); + BIO_printf(bio_err,"with much random data.\n"); + BIO_printf(bio_err,"Consider setting the RANDFILE environment variable to point at a file that\n"); + BIO_printf(bio_err,"'random' data can be kept in.\n"); + } + if (newkey <= 0) + { + newkey=(int)CONF_get_number(req_conf,SECTION,BITS); + if (newkey <= 0) + newkey=DEFAULT_KEY_LENGTH; + } + + if (newkey < MIN_KEY_LENGTH) + { + BIO_printf(bio_err,"private key length is too short,\n"); + BIO_printf(bio_err,"it needs to be at least %d bits, not %d\n",MIN_KEY_LENGTH,newkey); + goto end; + } + BIO_printf(bio_err,"Generating a %d bit %s private key\n", + newkey,(pkey_type == TYPE_RSA)?"RSA":"DSA"); + + if ((pkey=EVP_PKEY_new()) == NULL) goto end; + +#ifndef NO_RSA + if (pkey_type == TYPE_RSA) + { + if (!EVP_PKEY_assign_RSA(pkey, + RSA_generate_key(newkey,0x10001, + req_cb,bio_err))) + goto end; + } + else +#endif +#ifndef NO_DSA + if (pkey_type == TYPE_DSA) + { + if (!DSA_generate_key(dsa_params)) goto end; + if (!EVP_PKEY_assign_DSA(pkey,dsa_params)) goto end; + dsa_params=NULL; + } +#endif + + if ((randfile == NULL) || (RAND_write_file(randfile) == 0)) + BIO_printf(bio_err,"unable to write 'random state'\n"); + + if (pkey == NULL) goto end; + + if (keyout == NULL) + keyout=CONF_get_string(req_conf,SECTION,KEYFILE); + + if (keyout == NULL) + { + BIO_printf(bio_err,"writing new private key to stdout\n"); + BIO_set_fp(out,stdout,BIO_NOCLOSE); + } + else + { + BIO_printf(bio_err,"writing new private key to '%s'\n",keyout); + if (BIO_write_filename(out,keyout) <= 0) + { + perror(keyout); + goto end; + } + } + + p=CONF_get_string(req_conf,SECTION,"encrypt_rsa_key"); + if (p == NULL) + p=CONF_get_string(req_conf,SECTION,"encrypt_key"); + if ((p != NULL) && (strcmp(p,"no") == 0)) + cipher=NULL; + if (nodes) cipher=NULL; + + i=0; +loop: + if (!PEM_write_bio_PrivateKey(out,pkey,cipher, + NULL,0,NULL,NULL)) + { + if ((ERR_GET_REASON(ERR_peek_error()) == + PEM_R_PROBLEMS_GETTING_PASSWORD) && (i < 3)) + { + ERR_clear_error(); + i++; + goto loop; + } + goto end; + } + BIO_printf(bio_err,"-----\n"); + } + + if (!newreq) + { + /* Since we are using a pre-existing certificate + * request, the kludge 'format' info should not be + * changed. */ + kludge= -1; + if (infile == NULL) + BIO_set_fp(in,stdin,BIO_NOCLOSE); + else + { + if (BIO_read_filename(in,infile) <= 0) + { + perror(infile); + goto end; + } + } + + if (informat == FORMAT_ASN1) + req=d2i_X509_REQ_bio(in,NULL); + else if (informat == FORMAT_PEM) + req=PEM_read_bio_X509_REQ(in,NULL,NULL,NULL); + else + { + BIO_printf(bio_err,"bad input format specified for X509 request\n"); + goto end; + } + if (req == NULL) + { + BIO_printf(bio_err,"unable to load X509 request\n"); + goto end; + } + } + + if (newreq || x509) + { +#ifndef NO_DSA + if (pkey->type == EVP_PKEY_DSA) + digest=EVP_dss1(); +#endif + + if (pkey == NULL) + { + BIO_printf(bio_err,"you need to specify a private key\n"); + goto end; + } + if (req == NULL) + { + req=X509_REQ_new(); + if (req == NULL) + { + goto end; + } + + i=make_REQ(req,pkey,!x509); + if (kludge >= 0) + req->req_info->req_kludge=kludge; + if (!i) + { + BIO_printf(bio_err,"problems making Certificate Request\n"); + goto end; + } + } + if (x509) + { + EVP_PKEY *tmppkey; + X509V3_CTX ext_ctx; + if ((x509ss=X509_new()) == NULL) goto end; + + /* Set version to V3 */ + if(!X509_set_version(x509ss, 2)) goto end; + ASN1_INTEGER_set(X509_get_serialNumber(x509ss),0L); + + X509_set_issuer_name(x509ss, + X509_REQ_get_subject_name(req)); + X509_gmtime_adj(X509_get_notBefore(x509ss),0); + X509_gmtime_adj(X509_get_notAfter(x509ss), + (long)60*60*24*days); + X509_set_subject_name(x509ss, + X509_REQ_get_subject_name(req)); + tmppkey = X509_REQ_get_pubkey(req); + X509_set_pubkey(x509ss,tmppkey); + EVP_PKEY_free(tmppkey); + + /* Set up V3 context struct */ + + X509V3_set_ctx(&ext_ctx, x509ss, x509ss, NULL, NULL, 0); + X509V3_set_conf_lhash(&ext_ctx, req_conf); + + /* Add extensions */ + if(extensions && !X509V3_EXT_add_conf(req_conf, + &ext_ctx, extensions, x509ss)) + { + BIO_printf(bio_err, + "Error Loading extension section %s\n", + extensions); + goto end; + } + + if (!(i=X509_sign(x509ss,pkey,digest))) + goto end; + } + else + { + if (!(i=X509_REQ_sign(req,pkey,digest))) + goto end; + } + } + + if (verify && !x509) + { + int tmp=0; + + if (pkey == NULL) + { + pkey=X509_REQ_get_pubkey(req); + tmp=1; + if (pkey == NULL) goto end; + } + + i=X509_REQ_verify(req,pkey); + if (tmp) { + EVP_PKEY_free(pkey); + pkey=NULL; + } + + if (i < 0) + { + goto end; + } + else if (i == 0) + { + BIO_printf(bio_err,"verify failure\n"); + } + else /* if (i > 0) */ + BIO_printf(bio_err,"verify OK\n"); + } + + if (noout && !text && !modulus) + { + ex=0; + goto end; + } + + if (outfile == NULL) + BIO_set_fp(out,stdout,BIO_NOCLOSE); + else + { + if ((keyout != NULL) && (strcmp(outfile,keyout) == 0)) + i=(int)BIO_append_filename(out,outfile); + else + i=(int)BIO_write_filename(out,outfile); + if (!i) + { + perror(outfile); + goto end; + } + } + + if (text) + { + if (x509) + X509_print(out,x509ss); + else + X509_REQ_print(out,req); + } + + if (modulus) + { + EVP_PKEY *pubkey; + + if (x509) + pubkey=X509_get_pubkey(x509ss); + else + pubkey=X509_REQ_get_pubkey(req); + if (pubkey == NULL) + { + fprintf(stdout,"Modulus=unavailable\n"); + goto end; + } + fprintf(stdout,"Modulus="); +#ifndef NO_RSA + if (pubkey->type == EVP_PKEY_RSA) + BN_print(out,pubkey->pkey.rsa->n); + else +#endif + fprintf(stdout,"Wrong Algorithm type"); + fprintf(stdout,"\n"); + } + + if (!noout && !x509) + { + if (outformat == FORMAT_ASN1) + i=i2d_X509_REQ_bio(out,req); + else if (outformat == FORMAT_PEM) + i=PEM_write_bio_X509_REQ(out,req); + else { + BIO_printf(bio_err,"bad output format specified for outfile\n"); + goto end; + } + if (!i) + { + BIO_printf(bio_err,"unable to write X509 request\n"); + goto end; + } + } + if (!noout && x509 && (x509ss != NULL)) + { + if (outformat == FORMAT_ASN1) + i=i2d_X509_bio(out,x509ss); + else if (outformat == FORMAT_PEM) + i=PEM_write_bio_X509(out,x509ss); + else { + BIO_printf(bio_err,"bad output format specified for outfile\n"); + goto end; + } + if (!i) + { + BIO_printf(bio_err,"unable to write X509 certificate\n"); + goto end; + } + } + ex=0; +end: + if (ex) + { + ERR_print_errors(bio_err); + } + if ((req_conf != NULL) && (req_conf != config)) CONF_free(req_conf); + BIO_free(in); + BIO_free(out); + EVP_PKEY_free(pkey); + X509_REQ_free(req); + X509_free(x509ss); + X509V3_EXT_cleanup(); + OBJ_cleanup(); +#ifndef NO_DSA + if (dsa_params != NULL) DSA_free(dsa_params); +#endif + EXIT(ex); + } + +static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, int attribs) + { + int ret=0,i; + char *p,*q; + X509_REQ_INFO *ri; + char buf[100]; + int nid,min,max; + char *type,*def,*tmp,*value,*tmp_attr; + STACK_OF(CONF_VALUE) *sk, *attr=NULL; + CONF_VALUE *v; + + tmp=CONF_get_string(req_conf,SECTION,DISTINGUISHED_NAME); + if (tmp == NULL) + { + BIO_printf(bio_err,"unable to find '%s' in config\n", + DISTINGUISHED_NAME); + goto err; + } + sk=CONF_get_section(req_conf,tmp); + if (sk == NULL) + { + BIO_printf(bio_err,"unable to get '%s' section\n",tmp); + goto err; + } + + tmp_attr=CONF_get_string(req_conf,SECTION,ATTRIBUTES); + if (tmp_attr == NULL) + attr=NULL; + else + { + attr=CONF_get_section(req_conf,tmp_attr); + if (attr == NULL) + { + BIO_printf(bio_err,"unable to get '%s' section\n",tmp_attr); + goto err; + } + } + + ri=req->req_info; + + BIO_printf(bio_err,"You are about to be asked to enter information that will be incorporated\n"); + BIO_printf(bio_err,"into your certificate request.\n"); + BIO_printf(bio_err,"What you are about to enter is what is called a Distinguished Name or a DN.\n"); + BIO_printf(bio_err,"There are quite a few fields but you can leave some blank\n"); + BIO_printf(bio_err,"For some fields there will be a default value,\n"); + BIO_printf(bio_err,"If you enter '.', the field will be left blank.\n"); + BIO_printf(bio_err,"-----\n"); + + /* setup version number */ + if (!ASN1_INTEGER_set(ri->version,0L)) goto err; /* version 1 */ + + if (sk_CONF_VALUE_num(sk)) + { + i= -1; +start: for (;;) + { + i++; + if (sk_CONF_VALUE_num(sk) <= i) break; + + v=sk_CONF_VALUE_value(sk,i); + p=q=NULL; + type=v->name; + if(!check_end(type,"_min") || !check_end(type,"_max") || + !check_end(type,"_default") || + !check_end(type,"_value")) continue; + /* Skip past any leading X. X: X, etc to allow for + * multiple instances + */ + for(p = v->name; *p ; p++) + if ((*p == ':') || (*p == ',') || + (*p == '.')) { + p++; + if(*p) type = p; + break; + } + /* If OBJ not recognised ignore it */ + if ((nid=OBJ_txt2nid(type)) == NID_undef) goto start; + sprintf(buf,"%s_default",v->name); + if ((def=CONF_get_string(req_conf,tmp,buf)) == NULL) + def=""; + + sprintf(buf,"%s_value",v->name); + if ((value=CONF_get_string(req_conf,tmp,buf)) == NULL) + value=NULL; + + sprintf(buf,"%s_min",v->name); + min=(int)CONF_get_number(req_conf,tmp,buf); + + sprintf(buf,"%s_max",v->name); + max=(int)CONF_get_number(req_conf,tmp,buf); + + if (!add_DN_object(ri->subject,v->value,def,value,nid, + min,max)) + goto err; + } + if (sk_X509_NAME_ENTRY_num(ri->subject->entries) == 0) + { + BIO_printf(bio_err,"error, no objects specified in config file\n"); + goto err; + } + + if (attribs) + { + if ((attr != NULL) && (sk_CONF_VALUE_num(attr) > 0)) + { + BIO_printf(bio_err,"\nPlease enter the following 'extra' attributes\n"); + BIO_printf(bio_err,"to be sent with your certificate request\n"); + } + + i= -1; +start2: for (;;) + { + i++; + if ((attr == NULL) || + (sk_CONF_VALUE_num(attr) <= i)) + break; + + v=sk_CONF_VALUE_value(attr,i); + type=v->name; + if ((nid=OBJ_txt2nid(type)) == NID_undef) + goto start2; + + sprintf(buf,"%s_default",type); + if ((def=CONF_get_string(req_conf,tmp_attr,buf)) + == NULL) + def=""; + + sprintf(buf,"%s_value",type); + if ((value=CONF_get_string(req_conf,tmp_attr,buf)) + == NULL) + value=NULL; + + sprintf(buf,"%s_min",type); + min=(int)CONF_get_number(req_conf,tmp_attr,buf); + + sprintf(buf,"%s_max",type); + max=(int)CONF_get_number(req_conf,tmp_attr,buf); + + if (!add_attribute_object(ri->attributes, + v->value,def,value,nid,min,max)) + goto err; + } + } + } + else + { + BIO_printf(bio_err,"No template, please set one up.\n"); + goto err; + } + + X509_REQ_set_pubkey(req,pkey); + + ret=1; +err: + return(ret); + } + +static int add_DN_object(X509_NAME *n, char *text, char *def, char *value, + int nid, int min, int max) + { + int i,j,ret=0; + X509_NAME_ENTRY *ne=NULL; + MS_STATIC char buf[1024]; + + BIO_printf(bio_err,"%s [%s]:",text,def); + (void)BIO_flush(bio_err); + if (value != NULL) + { + strcpy(buf,value); + strcat(buf,"\n"); + BIO_printf(bio_err,"%s\n",value); + } + else + { + buf[0]='\0'; + fgets(buf,1024,stdin); + } + + if (buf[0] == '\0') return(0); + else if (buf[0] == '\n') + { + if ((def == NULL) || (def[0] == '\0')) + return(1); + strcpy(buf,def); + strcat(buf,"\n"); + } + else if ((buf[0] == '.') && (buf[1] == '\n')) return(1); + + i=strlen(buf); + if (buf[i-1] != '\n') + { + BIO_printf(bio_err,"weird input :-(\n"); + return(0); + } + buf[--i]='\0'; + + j=ASN1_PRINTABLE_type((unsigned char *)buf,-1); + if (req_fix_data(nid,&j,i,min,max) == 0) + goto err; +#ifdef CHARSET_EBCDIC + ebcdic2ascii(buf, buf, i); +#endif + if ((ne=X509_NAME_ENTRY_create_by_NID(NULL,nid,j,(unsigned char *)buf, + strlen(buf))) + == NULL) goto err; + if (!X509_NAME_add_entry(n,ne,X509_NAME_entry_count(n),0)) + goto err; + + ret=1; +err: + if (ne != NULL) X509_NAME_ENTRY_free(ne); + return(ret); + } + +static int add_attribute_object(STACK_OF(X509_ATTRIBUTE) *n, char *text, + char *def, char *value, int nid, int min, + int max) + { + int i,z; + X509_ATTRIBUTE *xa=NULL; + static char buf[1024]; + ASN1_BIT_STRING *bs=NULL; + ASN1_TYPE *at=NULL; + +start: + BIO_printf(bio_err,"%s [%s]:",text,def); + (void)BIO_flush(bio_err); + if (value != NULL) + { + strcpy(buf,value); + strcat(buf,"\n"); + BIO_printf(bio_err,"%s\n",value); + } + else + { + buf[0]='\0'; + fgets(buf,1024,stdin); + } + + if (buf[0] == '\0') return(0); + else if (buf[0] == '\n') + { + if ((def == NULL) || (def[0] == '\0')) + return(1); + strcpy(buf,def); + strcat(buf,"\n"); + } + else if ((buf[0] == '.') && (buf[1] == '\n')) return(1); + + i=strlen(buf); + if (buf[i-1] != '\n') + { + BIO_printf(bio_err,"weird input :-(\n"); + return(0); + } + buf[--i]='\0'; + + /* add object plus value */ + if ((xa=X509_ATTRIBUTE_new()) == NULL) + goto err; + if ((xa->value.set=sk_ASN1_TYPE_new_null()) == NULL) + goto err; + xa->set=1; + + if (xa->object != NULL) ASN1_OBJECT_free(xa->object); + xa->object=OBJ_nid2obj(nid); + + if ((bs=ASN1_BIT_STRING_new()) == NULL) goto err; + + bs->type=ASN1_PRINTABLE_type((unsigned char *)buf,-1); + + z=req_fix_data(nid,&bs->type,i,min,max); + if (z == 0) + { + if (value == NULL) + goto start; + else goto err; + } + + if (!ASN1_STRING_set(bs,(unsigned char *)buf,i+1)) + { BIO_printf(bio_err,"Malloc failure\n"); goto err; } + + if ((at=ASN1_TYPE_new()) == NULL) + { BIO_printf(bio_err,"Malloc failure\n"); goto err; } + + ASN1_TYPE_set(at,bs->type,(char *)bs); + sk_ASN1_TYPE_push(xa->value.set,at); + bs=NULL; + at=NULL; + /* only one item per attribute */ + + if (!sk_X509_ATTRIBUTE_push(n,xa)) goto err; + return(1); +err: + if (xa != NULL) X509_ATTRIBUTE_free(xa); + if (at != NULL) ASN1_TYPE_free(at); + if (bs != NULL) ASN1_BIT_STRING_free(bs); + return(0); + } + +static void MS_CALLBACK req_cb(int p, int n, void *arg) + { + char c='*'; + + if (p == 0) c='.'; + if (p == 1) c='+'; + if (p == 2) c='*'; + if (p == 3) c='\n'; + BIO_write((BIO *)arg,&c,1); + (void)BIO_flush((BIO *)arg); +#ifdef LINT + p=n; +#endif + } + +static int req_fix_data(int nid, int *type, int len, int min, int max) + { + if (nid == NID_pkcs9_emailAddress) + *type=V_ASN1_IA5STRING; + if ((nid == NID_commonName) && (*type == V_ASN1_IA5STRING)) + *type=V_ASN1_T61STRING; + if ((nid == NID_pkcs9_challengePassword) && + (*type == V_ASN1_IA5STRING)) + *type=V_ASN1_T61STRING; + + if ((nid == NID_pkcs9_unstructuredName) && + (*type == V_ASN1_T61STRING)) + { + BIO_printf(bio_err,"invalid characters in string, please re-enter the string\n"); + return(0); + } + if (nid == NID_pkcs9_unstructuredName) + *type=V_ASN1_IA5STRING; + + if (len < min) + { + BIO_printf(bio_err,"string is too short, it needs to be at least %d bytes long\n",min); + return(0); + } + if ((max != 0) && (len > max)) + { + BIO_printf(bio_err,"string is too long, it needs to be less than %d bytes long\n",max); + return(0); + } + return(1); + } + +/* Check if the end of a string matches 'end' */ +static int check_end(char *str, char *end) +{ + int elen, slen; + char *tmp; + elen = strlen(end); + slen = strlen(str); + if(elen > slen) return 1; + tmp = str + slen - elen; + return strcmp(tmp, end); +} + +static int add_oid_section(LHASH *conf) +{ + char *p; + STACK_OF(CONF_VALUE) *sktmp; + CONF_VALUE *cnf; + int i; + if(!(p=CONF_get_string(conf,NULL,"oid_section"))) return 1; + if(!(sktmp = CONF_get_section(conf, p))) { + BIO_printf(bio_err, "problem loading oid section %s\n", p); + return 0; + } + for(i = 0; i < sk_CONF_VALUE_num(sktmp); i++) { + cnf = sk_CONF_VALUE_value(sktmp, i); + if(OBJ_create(cnf->value, cnf->name, cnf->name) == NID_undef) { + BIO_printf(bio_err, "problem creating object %s=%s\n", + cnf->name, cnf->value); + return 0; + } + } + return 1; +} diff --git a/crypto/openssl/apps/req.pem b/crypto/openssl/apps/req.pem new file mode 100644 index 000000000000..5537df601df9 --- /dev/null +++ b/crypto/openssl/apps/req.pem @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBlzCCAVcCAQAwXjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx +ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEXMBUGA1UEAxMORXJp +YyB0aGUgWW91bmcwge8wgaYGBSsOAwIMMIGcAkEA+ZiKEvZmc9MtnaFZh4NiZ3oZ +S4J1PHvPrm9MXj5ntVheDPkdmBDTncyaGAJcMjwsyB/GvLDGd6yGCw/8eF+09wIV +AK3VagOxGd/Q4Af5NbxR5FB7CXEjAkA2t/q7HgVLi0KeKvcDG8BRl3wuy7bCvpjg +tWiJc/tpvcuzeuAayH89UofjAGueKjXDADiRffvSdhrNw5dkqdqlA0QAAkEAtUSo +84OekjitKGVjxLu0HvXck29pu+foad53vPKXAsuJdACj88BPqZ91Y9PIJf1GUh38 +CuiHWi7z3cEDfZCyCKAAMAkGBSsOAwIbBQADLwAwLAIUTg8amKVBE9oqC5B75dDQ +Chy3LdQCFHKodGEj3LjuTzdm/RTe2KZL9Uzf +-----END CERTIFICATE REQUEST----- diff --git a/crypto/openssl/apps/rsa.c b/crypto/openssl/apps/rsa.c new file mode 100644 index 000000000000..9b723ee406cc --- /dev/null +++ b/crypto/openssl/apps/rsa.c @@ -0,0 +1,333 @@ +/* apps/rsa.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef NO_RSA +#include +#include +#include +#include +#include "apps.h" +#include +#include +#include +#include +#include +#include + +#undef PROG +#define PROG rsa_main + +/* -inform arg - input format - default PEM (one of DER, NET or PEM) + * -outform arg - output format - default PEM + * -in arg - input file - default stdin + * -out arg - output file - default stdout + * -des - encrypt output if PEM format with DES in cbc mode + * -des3 - encrypt output if PEM format + * -idea - encrypt output if PEM format + * -text - print a text version + * -modulus - print the RSA key modulus + * -check - verify key consistency + */ + +int MAIN(int argc, char **argv) + { + int ret=1; + RSA *rsa=NULL; + int i,badops=0; + const EVP_CIPHER *enc=NULL; + BIO *in=NULL,*out=NULL; + int informat,outformat,text=0,check=0,noout=0; + char *infile,*outfile,*prog; + int modulus=0; + + apps_startup(); + + if (bio_err == NULL) + if ((bio_err=BIO_new(BIO_s_file())) != NULL) + BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + + infile=NULL; + outfile=NULL; + informat=FORMAT_PEM; + outformat=FORMAT_PEM; + + prog=argv[0]; + argc--; + argv++; + while (argc >= 1) + { + if (strcmp(*argv,"-inform") == 0) + { + if (--argc < 1) goto bad; + informat=str2fmt(*(++argv)); + } + else if (strcmp(*argv,"-outform") == 0) + { + if (--argc < 1) goto bad; + outformat=str2fmt(*(++argv)); + } + else if (strcmp(*argv,"-in") == 0) + { + if (--argc < 1) goto bad; + infile= *(++argv); + } + else if (strcmp(*argv,"-out") == 0) + { + if (--argc < 1) goto bad; + outfile= *(++argv); + } + else if (strcmp(*argv,"-noout") == 0) + noout=1; + else if (strcmp(*argv,"-text") == 0) + text=1; + else if (strcmp(*argv,"-modulus") == 0) + modulus=1; + else if (strcmp(*argv,"-check") == 0) + check=1; + else if ((enc=EVP_get_cipherbyname(&(argv[0][1]))) == NULL) + { + BIO_printf(bio_err,"unknown option %s\n",*argv); + badops=1; + break; + } + argc--; + argv++; + } + + if (badops) + { +bad: + BIO_printf(bio_err,"%s [options] outfile\n",prog); + BIO_printf(bio_err,"where options are\n"); + BIO_printf(bio_err," -inform arg input format - one of DER NET PEM\n"); + BIO_printf(bio_err," -outform arg output format - one of DER NET PEM\n"); + BIO_printf(bio_err," -in arg input file\n"); + BIO_printf(bio_err," -out arg output file\n"); + BIO_printf(bio_err," -des encrypt PEM output with cbc des\n"); + BIO_printf(bio_err," -des3 encrypt PEM output with ede cbc des using 168 bit key\n"); +#ifndef NO_IDEA + BIO_printf(bio_err," -idea encrypt PEM output with cbc idea\n"); +#endif + BIO_printf(bio_err," -text print the key in text\n"); + BIO_printf(bio_err," -noout don't print key out\n"); + BIO_printf(bio_err," -modulus print the RSA key modulus\n"); + BIO_printf(bio_err," -check verify key consistency\n"); + goto end; + } + + ERR_load_crypto_strings(); + + in=BIO_new(BIO_s_file()); + out=BIO_new(BIO_s_file()); + if ((in == NULL) || (out == NULL)) + { + ERR_print_errors(bio_err); + goto end; + } + + if (infile == NULL) + BIO_set_fp(in,stdin,BIO_NOCLOSE); + else + { + if (BIO_read_filename(in,infile) <= 0) + { + perror(infile); + goto end; + } + } + + BIO_printf(bio_err,"read RSA private key\n"); + if (informat == FORMAT_ASN1) + rsa=d2i_RSAPrivateKey_bio(in,NULL); +#ifndef NO_RC4 + else if (informat == FORMAT_NETSCAPE) + { + BUF_MEM *buf=NULL; + unsigned char *p; + int size=0; + + buf=BUF_MEM_new(); + for (;;) + { + if ((buf == NULL) || (!BUF_MEM_grow(buf,size+1024*10))) + goto end; + i=BIO_read(in,&(buf->data[size]),1024*10); + size+=i; + if (i == 0) break; + if (i < 0) + { + perror("reading private key"); + BUF_MEM_free(buf); + goto end; + } + } + p=(unsigned char *)buf->data; + rsa=(RSA *)d2i_Netscape_RSA(NULL,&p,(long)size,NULL); + BUF_MEM_free(buf); + } +#endif + else if (informat == FORMAT_PEM) + rsa=PEM_read_bio_RSAPrivateKey(in,NULL,NULL,NULL); + else + { + BIO_printf(bio_err,"bad input format specified for key\n"); + goto end; + } + if (rsa == NULL) + { + BIO_printf(bio_err,"unable to load Private Key\n"); + ERR_print_errors(bio_err); + goto end; + } + + if (outfile == NULL) + BIO_set_fp(out,stdout,BIO_NOCLOSE); + else + { + if (BIO_write_filename(out,outfile) <= 0) + { + perror(outfile); + goto end; + } + } + + if (text) + if (!RSA_print(out,rsa,0)) + { + perror(outfile); + ERR_print_errors(bio_err); + goto end; + } + + if (modulus) + { + fprintf(stdout,"Modulus="); + BN_print(out,rsa->n); + fprintf(stdout,"\n"); + } + + if (check) + { + int r = RSA_check_key(rsa); + + if (r == 1) + BIO_printf(out,"RSA key ok\n"); + else if (r == 0) + { + long e; + + while ((e = ERR_peek_error()) != 0 && + ERR_GET_LIB(e) == ERR_LIB_RSA && + ERR_GET_FUNC(e) == RSA_F_RSA_CHECK_KEY && + ERR_GET_REASON(e) != ERR_R_MALLOC_FAILURE) + { + BIO_printf(out, "RSA key error: %s\n", ERR_reason_error_string(e)); + ERR_get_error(); /* remove e from error stack */ + } + } + + if (r == -1 || ERR_peek_error() != 0) /* should happen only if r == -1 */ + { + ERR_print_errors(bio_err); + goto end; + } + } + + if (noout) goto end; + BIO_printf(bio_err,"writing RSA private key\n"); + if (outformat == FORMAT_ASN1) + i=i2d_RSAPrivateKey_bio(out,rsa); +#ifndef NO_RC4 + else if (outformat == FORMAT_NETSCAPE) + { + unsigned char *p,*pp; + int size; + + i=1; + size=i2d_Netscape_RSA(rsa,NULL,NULL); + if ((p=(unsigned char *)Malloc(size)) == NULL) + { + BIO_printf(bio_err,"Malloc failure\n"); + goto end; + } + pp=p; + i2d_Netscape_RSA(rsa,&p,NULL); + BIO_write(out,(char *)pp,size); + Free(pp); + } +#endif + else if (outformat == FORMAT_PEM) + i=PEM_write_bio_RSAPrivateKey(out,rsa,enc,NULL,0,NULL,NULL); + else { + BIO_printf(bio_err,"bad output format specified for outfile\n"); + goto end; + } + if (!i) + { + BIO_printf(bio_err,"unable to write private key\n"); + ERR_print_errors(bio_err); + } + else + ret=0; +end: + if (in != NULL) BIO_free(in); + if (out != NULL) BIO_free(out); + if (rsa != NULL) RSA_free(rsa); + EXIT(ret); + } +#endif diff --git a/crypto/openssl/apps/rsa/01.pem b/crypto/openssl/apps/rsa/01.pem new file mode 100644 index 000000000000..36ec57598efe --- /dev/null +++ b/crypto/openssl/apps/rsa/01.pem @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE----- +MIICTjCCAbsCEGiuFKTJn6nzmiPPLxUZs1owDQYJKoZIhvcNAQEEBQAwXzELMAkG +A1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYD +VQQLEyVTZWN1cmUgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk4 +MDUxODAwMDAwMFoXDTk5MDUxODIzNTk1OVowdTELMAkGA1UEBhMCVVMxETAPBgNV +BAgTCE5ldyBZb3JrMREwDwYDVQQHFAhOZXcgWW9yazEeMBwGA1UEChQVSW5kdXN0 +cmlhbCBQcmVzcyBJbmMuMSAwHgYDVQQDFBd3d3cuaW5kdXN0cmlhbHByZXNzLmNv +bTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqiH9xUJNHvqCmaDon27ValJb +qTLymF3yKKWBxbODLWjX7yKjewoqWhotaEARI6jXPqomU87gFU1tH4r/bgwh3FmU +MK3qo92XOsvwNAHzXzWRXQNJmm54g2F1RUt00pgYiOximDse1t9RL5POCDEbfX8D +gugrE/WwkS2FrSoc5/cCAwEAATANBgkqhkiG9w0BAQQFAAN+AIw7fvF0EtEvrNS/ +LYuqAgUw/tH0FLgCkqKLmYYm/yR+Z0hD2eP/UhF+jAwmV8rHtBnaTM7oN23RVW2k +Cf8soiGfr2PYtfufpXtd7azUFa+WJCWnp0N29EG0BR1JOFC0Q/4dh/X9qulM8luq +Pjrmw2eSgbdmmdumWAcNPVbV +-----END CERTIFICATE----- diff --git a/crypto/openssl/apps/rsa/1.txt b/crypto/openssl/apps/rsa/1.txt new file mode 100644 index 000000000000..95a862e150ef --- /dev/null +++ b/crypto/openssl/apps/rsa/1.txt @@ -0,0 +1,50 @@ +issuer= /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority +subject=/C=US/ST=New York/L=New York/O=Industrial Press Inc./CN=www.industrialpress.com +Certificate: + Data: + Version: 1 (0x0) + Serial Number: + 68:ae:14:a4:c9:9f:a9:f3:9a:23:cf:2f:15:19:b3:5a + Signature Algorithm: md5WithRSAEncryption + Issuer: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority + Validity + Not Before: May 18 00:00:00 1998 GMT + Not After : May 18 23:59:59 1999 GMT + Subject: C=US, ST=New York, L=New York, O=Industrial Press Inc., CN=www.industrialpress.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:aa:21:fd:c5:42:4d:1e:fa:82:99:a0:e8:9f:6e: + d5:6a:52:5b:a9:32:f2:98:5d:f2:28:a5:81:c5:b3: + 83:2d:68:d7:ef:22:a3:7b:0a:2a:5a:1a:2d:68:40: + 11:23:a8:d7:3e:aa:26:53:ce:e0:15:4d:6d:1f:8a: + ff:6e:0c:21:dc:59:94:30:ad:ea:a3:dd:97:3a:cb: + f0:34:01:f3:5f:35:91:5d:03:49:9a:6e:78:83:61: + 75:45:4b:74:d2:98:18:88:ec:62:98:3b:1e:d6:df: + 51:2f:93:ce:08:31:1b:7d:7f:03:82:e8:2b:13:f5: + b0:91:2d:85:ad:2a:1c:e7:f7 + Exponent: 65537 (0x10001) + Signature Algorithm: md5WithRSAEncryption + 8c:3b:7e:f1:74:12:d1:2f:ac:d4:bf:2d:8b:aa:02:05:30:fe: + d1:f4:14:b8:02:92:a2:8b:99:86:26:ff:24:7e:67:48:43:d9: + e3:ff:52:11:7e:8c:0c:26:57:ca:c7:b4:19:da:4c:ce:e8:37: + 6d:d1:55:6d:a4:09:ff:2c:a2:21:9f:af:63:d8:b5:fb:9f:a5: + 7b:5d:ed:ac:d4:15:af:96:24:25:a7:a7:43:76:f4:41:b4:05: + 1d:49:38:50:b4:43:fe:1d:87:f5:fd:aa:e9:4c:f2:5b:aa:3e: + 3a:e6:c3:67:92:81:b7:66:99:db:a6:58:07:0d:3d:56:d5 +-----BEGIN CERTIFICATE----- +MIICTjCCAbsCEGiuFKTJn6nzmiPPLxUZs1owDQYJKoZIhvcNAQEEBQAwXzELMAkG +A1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYD +VQQLEyVTZWN1cmUgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk4 +MDUxODAwMDAwMFoXDTk5MDUxODIzNTk1OVowdTELMAkGA1UEBhMCVVMxETAPBgNV +BAgTCE5ldyBZb3JrMREwDwYDVQQHFAhOZXcgWW9yazEeMBwGA1UEChQVSW5kdXN0 +cmlhbCBQcmVzcyBJbmMuMSAwHgYDVQQDFBd3d3cuaW5kdXN0cmlhbHByZXNzLmNv +bTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqiH9xUJNHvqCmaDon27ValJb +qTLymF3yKKWBxbODLWjX7yKjewoqWhotaEARI6jXPqomU87gFU1tH4r/bgwh3FmU +MK3qo92XOsvwNAHzXzWRXQNJmm54g2F1RUt00pgYiOximDse1t9RL5POCDEbfX8D +gugrE/WwkS2FrSoc5/cCAwEAATANBgkqhkiG9w0BAQQFAAN+AIw7fvF0EtEvrNS/ +LYuqAgUw/tH0FLgCkqKLmYYm/yR+Z0hD2eP/UhF+jAwmV8rHtBnaTM7oN23RVW2k +Cf8soiGfr2PYtfufpXtd7azUFa+WJCWnp0N29EG0BR1JOFC0Q/4dh/X9qulM8luq +Pjrmw2eSgbdmmdumWAcNPVbV +-----END CERTIFICATE----- diff --git a/crypto/openssl/apps/rsa/SecureServer.pem b/crypto/openssl/apps/rsa/SecureServer.pem new file mode 100644 index 000000000000..7c8ffb2cd85c --- /dev/null +++ b/crypto/openssl/apps/rsa/SecureServer.pem @@ -0,0 +1,47 @@ +Certificate: + Data: + Version: 1 (0x0) + Serial Number: + 02:ad:66:7e:4e:45:fe:5e:57:6f:3c:98:19:5e:dd:c0 + Signature Algorithm: md2WithRSAEncryption + Issuer: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority + Validity + Not Before: Nov 9 00:00:00 1994 GMT + Not After : Jan 7 23:59:59 2010 GMT + Subject: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1000 bit) + Modulus (1000 bit): + 00:92:ce:7a:c1:ae:83:3e:5a:aa:89:83:57:ac:25: + 01:76:0c:ad:ae:8e:2c:37:ce:eb:35:78:64:54:03: + e5:84:40:51:c9:bf:8f:08:e2:8a:82:08:d2:16:86: + 37:55:e9:b1:21:02:ad:76:68:81:9a:05:a2:4b:c9: + 4b:25:66:22:56:6c:88:07:8f:f7:81:59:6d:84:07: + 65:70:13:71:76:3e:9b:77:4c:e3:50:89:56:98:48: + b9:1d:a7:29:1a:13:2e:4a:11:59:9c:1e:15:d5:49: + 54:2c:73:3a:69:82:b1:97:39:9c:6d:70:67:48:e5: + dd:2d:d6:c8:1e:7b + Exponent: 65537 (0x10001) + Signature Algorithm: md2WithRSAEncryption + 65:dd:7e:e1:b2:ec:b0:e2:3a:e0:ec:71:46:9a:19:11:b8:d3: + c7:a0:b4:03:40:26:02:3e:09:9c:e1:12:b3:d1:5a:f6:37:a5: + b7:61:03:b6:5b:16:69:3b:c6:44:08:0c:88:53:0c:6b:97:49: + c7:3e:35:dc:6c:b9:bb:aa:df:5c:bb:3a:2f:93:60:b6:a9:4b: + 4d:f2:20:f7:cd:5f:7f:64:7b:8e:dc:00:5c:d7:fa:77:ca:39: + 16:59:6f:0e:ea:d3:b5:83:7f:4d:4d:42:56:76:b4:c9:5f:04: + f8:38:f8:eb:d2:5f:75:5f:cd:7b:fc:e5:8e:80:7c:fc:50 +-----BEGIN CERTIFICATE----- +MIICNDCCAaECEAKtZn5ORf5eV288mBle3cAwDQYJKoZIhvcNAQECBQAwXzELMAkG +A1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYD +VQQLEyVTZWN1cmUgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk0 +MTEwOTAwMDAwMFoXDTEwMDEwNzIzNTk1OVowXzELMAkGA1UEBhMCVVMxIDAeBgNV +BAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVTZWN1cmUgU2Vy +dmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGbMA0GCSqGSIb3DQEBAQUAA4GJ +ADCBhQJ+AJLOesGugz5aqomDV6wlAXYMra6OLDfO6zV4ZFQD5YRAUcm/jwjiioII +0haGN1XpsSECrXZogZoFokvJSyVmIlZsiAeP94FZbYQHZXATcXY+m3dM41CJVphI +uR2nKRoTLkoRWZweFdVJVCxzOmmCsZc5nG1wZ0jl3S3WyB57AgMBAAEwDQYJKoZI +hvcNAQECBQADfgBl3X7hsuyw4jrg7HFGmhkRuNPHoLQDQCYCPgmc4RKz0Vr2N6W3 +YQO2WxZpO8ZECAyIUwxrl0nHPjXcbLm7qt9cuzovk2C2qUtN8iD3zV9/ZHuO3ABc +1/p3yjkWWW8O6tO1g39NTUJWdrTJXwT4OPjr0l91X817/OWOgHz8UA== +-----END CERTIFICATE----- diff --git a/crypto/openssl/apps/rsa/s.txt b/crypto/openssl/apps/rsa/s.txt new file mode 100644 index 000000000000..7de7e0764fa9 --- /dev/null +++ b/crypto/openssl/apps/rsa/s.txt @@ -0,0 +1,49 @@ +issuer= /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority +subject=/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority +Certificate: + Data: + Version: 1 (0x0) + Serial Number: + 02:ad:66:7e:4e:45:fe:5e:57:6f:3c:98:19:5e:dd:c0 + Signature Algorithm: md2WithRSAEncryption + Issuer: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority + Validity + Not Before: Nov 9 00:00:00 1994 GMT + Not After : Jan 7 23:59:59 2010 GMT + Subject: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1000 bit) + Modulus (1000 bit): + 00:92:ce:7a:c1:ae:83:3e:5a:aa:89:83:57:ac:25: + 01:76:0c:ad:ae:8e:2c:37:ce:eb:35:78:64:54:03: + e5:84:40:51:c9:bf:8f:08:e2:8a:82:08:d2:16:86: + 37:55:e9:b1:21:02:ad:76:68:81:9a:05:a2:4b:c9: + 4b:25:66:22:56:6c:88:07:8f:f7:81:59:6d:84:07: + 65:70:13:71:76:3e:9b:77:4c:e3:50:89:56:98:48: + b9:1d:a7:29:1a:13:2e:4a:11:59:9c:1e:15:d5:49: + 54:2c:73:3a:69:82:b1:97:39:9c:6d:70:67:48:e5: + dd:2d:d6:c8:1e:7b + Exponent: 65537 (0x10001) + Signature Algorithm: md2WithRSAEncryption + 65:dd:7e:e1:b2:ec:b0:e2:3a:e0:ec:71:46:9a:19:11:b8:d3: + c7:a0:b4:03:40:26:02:3e:09:9c:e1:12:b3:d1:5a:f6:37:a5: + b7:61:03:b6:5b:16:69:3b:c6:44:08:0c:88:53:0c:6b:97:49: + c7:3e:35:dc:6c:b9:bb:aa:df:5c:bb:3a:2f:93:60:b6:a9:4b: + 4d:f2:20:f7:cd:5f:7f:64:7b:8e:dc:00:5c:d7:fa:77:ca:39: + 16:59:6f:0e:ea:d3:b5:83:7f:4d:4d:42:56:76:b4:c9:5f:04: + f8:38:f8:eb:d2:5f:75:5f:cd:7b:fc:e5:8e:80:7c:fc:50 +-----BEGIN CERTIFICATE----- +MIICNDCCAaECEAKtZn5ORf5eV288mBle3cAwDQYJKoZIhvcNAQECBQAwXzELMAkG +A1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYD +VQQLEyVTZWN1cmUgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk0 +MTEwOTAwMDAwMFoXDTEwMDEwNzIzNTk1OVowXzELMAkGA1UEBhMCVVMxIDAeBgNV +BAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVTZWN1cmUgU2Vy +dmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGbMA0GCSqGSIb3DQEBAQUAA4GJ +ADCBhQJ+AJLOesGugz5aqomDV6wlAXYMra6OLDfO6zV4ZFQD5YRAUcm/jwjiioII +0haGN1XpsSECrXZogZoFokvJSyVmIlZsiAeP94FZbYQHZXATcXY+m3dM41CJVphI +uR2nKRoTLkoRWZweFdVJVCxzOmmCsZc5nG1wZ0jl3S3WyB57AgMBAAEwDQYJKoZI +hvcNAQECBQADfgBl3X7hsuyw4jrg7HFGmhkRuNPHoLQDQCYCPgmc4RKz0Vr2N6W3 +YQO2WxZpO8ZECAyIUwxrl0nHPjXcbLm7qt9cuzovk2C2qUtN8iD3zV9/ZHuO3ABc +1/p3yjkWWW8O6tO1g39NTUJWdrTJXwT4OPjr0l91X817/OWOgHz8UA== +-----END CERTIFICATE----- diff --git a/crypto/openssl/apps/rsa8192.pem b/crypto/openssl/apps/rsa8192.pem new file mode 100644 index 000000000000..946a6e5433ce --- /dev/null +++ b/crypto/openssl/apps/rsa8192.pem @@ -0,0 +1,101 @@ +-----BEGIN RSA PRIVATE KEY----- + +MIISKAIBAAKCBAEAiQ2f1X6Bte1DKD0OoCBKEikzPW+5w3oXk3WwnE97Wxzy6wJZ +ebbZC3CZKKBnJeBMrysPf+lK+9+fP6Vm8bp1wvbcSIA59BDrX6irFSuM/bdnkbuF +MFlDjt+uVrxwoyqfPi2IPot1HQg3l5mdyBqcTWvbOnU2L9HZxJfPUCjfzdTMPrMY +55/A20XL7tlV2opEfwhy3uVlveQBM0DnZ3MUQfrk+lRRNWv7yE4ScbOfER9fjvOm +yJc3ZbOa3e+AMGGU9OqJ/fyOl0SGYyP2k23omy/idBV4uOs8QWdnAvq8UOzDdua3 +tuf5Tn17XBurPJ8juwyPBNispkwwn8BjxAZVPhwUIcxFBg339IxJ9cW0WdVy4nNA +LWo/8Ahlf+kZNnFNGCPFytU9gGMLMhab9w/rLrwa9qNe4L8Fmu1JxONn1WfhMOKE +aFmycf2olJsYLgUIGYZrjnYu0p/7P3yhTOv8JIhmK+SzmA/I0xiQoF84rpaQzH2d +PvxICOA9oQSowou0gLuBSZWm6LiXirg1DZCziU46v33ErQlWM1dSyNaUSzihcV59 +mVD0nmzboXH75lGiyiZlp8cLbozzoCwvk9rYqpUGSBzbAy0ECCpabGpzO2Ug+oDi +71e5z4WMpeoR4IS8MaOG/GsJnwaXhiB/gNYfK+8pRADVk5StEAZDE2alSuCbDs0z +d9zYr4/em5T9VZsLetxRE7pm/Es9yELuViz8/Tm0/8MVdmNYc/xZU1t6qYYFdyQ2 +wlGDTiNPsjR8yXCkmBjKwqnuleu1X6LaZu3VPhEkXGcyFAquQUkSiMv0Yu74qAe0 +bQ2v+jjZzP6AM9LUo89cW4Kd8SGD96BdNlAVPNMXoBcIOsZBwsOtETBd4KAyvkXE +Ob17u+PLl4UPnSxm9ypKZunUNFRPxtKUyjySYnvlGL+kTjAXrIrZwKJqIn0uhnfa +Ck3o7bU6yVMK22ODxy2/Vi3E0P6k5JLwnrF0VIOBqGhts66qo6mWDP8l6MZHARFd +pU+nofssVmr8tLKmMmjYGMM5GmKIXRNBs0ksTwFnKRs9AmpE5owC8tTSVdTAkGuS +os7QwLvyvNzq7BGJiVr0Iy3Dhsl1vzR35acNOrCsDl3DcCQONKJ2sVXV4pD3dBah +mG3sR/jHgjasffJJ35uiGoAua9dbT7HG/+D0z1SHYaVqH8zO4VZSOnGJh/P9rtxx +cckFDbiag/JMWig2lbnCjebTtp/BcUsK3TNaDOb7vb0LvbAeRJadd1EFu6PSlH3K +LykSUPm4UedvUU3cWjqkSY5lITFJkVaIYOv/EljYtK7p7kFZFTaEwMAWxgsXU3pQ +tTzVmq1gZ4vXPwcUq0zK50Frq0F7SQc21ZsunwIDAQABAoIEADuQAkDEpBausJsS +PgL1RXuzECPJJJCBxTE+2qx0FoY4hJICCWTORHGmU8nGPE3Ht0wBiNDsULw6KXl9 +psmzYW6D3qRbpdQebky6fu/KZ5H0XTyGpJGomaXELH5hkwo2gdKB805LSXB+m7p0 +9o96kSdMkpBLVGtf5iZ8W4rY2LsZmlI9f7taQHSLVt/M8HTz1mTnBRU92QO3zZW6 +xVa+OrWaFl18u3ZeIaSh2X40tBK68cqstXVD0r2OWuXNKobcQeJW8/XABzBShZ0c +ihL0lzyqiN4uXrLu+Nbr22b+FU2OODy6dGk3U6/69NvI4piMCPlHsfhHOnFjd1ZW +RIVywyUlCtLNdcn11CchuRro+0J3c2Ba+i9Cl9r3qzT11xFEGF8/XLyUBBCB+uGf +1dR/xJQhCA7cXWWLXyI/semxcvTaGpImP6kiIl1MAjHjXZTSdvyw4JmfXyYGhSjI +P0mw3Xn7FXxJ/os9gOfNKz2nZHjr0q4sgWRYO+4vllkeL0GteZrg4oVaVpmZb7LH +77afhodLylhijlEtV5skfkPujbBLQk6E5Ez3U/huEt2NLg6guADmwxMxfBRliZO4 +4Ex/td4cuggpEj3FGJV74qRvdvj/MF/uF7IxC/3WapPIsFBFH4zrJsUYt6u3L68I +/KC/bfioDeUR/8ANw1DNh+UsnPV3GJIwDkIJKdppi2uXPahJyJQQ8Inps53nn8Gg +GifS+HnOXNgMoKOJnZ9IDGjXpfjIs8dJNrGfDHF0mH30N2WARq2v/a3cNUC+f8Bq +HSKQ9YrZopktMunsut8u7ZYbTmjIqJpXCaM0CCrSlzSMTDHFSj2tzLk6+qnxeGxB +ZwIdShbdeK+0ETG91lE1e9RPQs/uXQP9+uCHJV0YpqQcA6pkCLYJfYpoSMu/Bafy +AgfVZz6l5tyEnV0wCcbopsQShc1k9xtTbYNF1h9AQHknj6zeDW4iZMvmVeh3RovT +52OA2R8oLyauF+QaG6x2wUjEx13SJlaBarJZ4seZIOJ+a8+oNzKsbgokXc2cyC9p +5FAZz1OsOb68o93qD1Xvl7bY97fq2q55L7G1XHPPLtZE5lGiLGDtnAuwY8UPrdpr +7Mv2yIxB7xVGurXyHb5PvusR88XED6HMPfLBG/55ENHTal7G5mRix+IWSBAIkxA5 +KZ0j8r5Ng4+wELZhqFQai39799bIAyiV6CEz4kyDXlo0kSSexp8o4iz5sPq5vp6h +cCb7rdRw7uRnbXrHmXahxoB+ibXaurgV/6B2yurrU/UFoxEp2sHp8LXZGfF6ztY1 +dMhSQAACK2vGy5yNagbkTHLgVaHicG5zavJBqzCE+lbPlCqhOUQPdOIwvjHNjdS/ +DL3WV/ECggIBAMbW65wPk/i43nSyeZeYwcHtR1SUJqDXavYfBPC0VRhKz+7DVMFw +Nwnocn6gITABc445W1yl7U3uww+LGuDlSlFnd8WuiXpVYud9/jeNu6Mu4wvNsnWr +f4f4ua8CcS03GmqmcbROD2Z6by1AblCZ2UL1kv9cUX1FLVjPP1ESAGKoePt3BmZQ +J1uJfK8HilNT8dcUlj/5CBi2uHxttDhoG0sxXE/SVsG9OD/Pjme0mj7gdzc6Ztd+ +TALuvpNQR4pRzfo5XWDZBcEYntcEE3PxYJB1+vnZ8509ew5/yLHTbLjFxIcx71zY +fhH0gM36Sz7mz37r0+E/QkRkc5bVIDC4LDnWmjpAde6QUx0d218ShNx6sJo4kt5c +Dd7tEVx8nuX8AIZYgwsOb382anLyFRkkmEdK3gRvwQ6SWR36Ez5L7/mHWODpLAX5 +mVBKSG4/ccFbc633/g0xHw0Nwajir/klckdakuYPlwF0yAxJSKDLhmNctDhRmxjC +YP+fISkl5oTvFRzJH6HEyNu8M3ybRvmpPIjM5J5JpnB2IYbohYBR+T6/97C1DKrd +mzL5PjlrWm0c1/d7LlDoP65fOShDMmj2zCiBAHHOM0Alokx+v5LmMd8NJumZIwGJ +Rt5OpeMOhowz6j1AjYxYgV7PmJL6Ovpfb775od/aLaUbbwHz2uWIvfF7AoICAQCw +c7NaO7oJVLJClhYw6OCvjT6oqtgNVWaennnDiJgzY9lv5HEgV0MAG0eYuB3hvj+w +Y1P9DJxP1D+R+cshYrAFg8yU/3kaYVNI0Bl3ygX0eW1b/0HZTdocs+8kM/9PZQDR +WrKQoU5lHvqRt99dXlD4NWGI2YQtzdZ8iet9QLqnjwRZabgE96mF01qKisMnFcsh +KjT7ieheU4J15TZj/mdZRNK126d7e3q/rNj73e5EJ9tkYLcolSr4gpknUMJULSEi +JH1/Qx7C/mTAMRsN5SkOthnGq0djCNWfPv/3JV0H67Uf5krFlnwLebrgfTYoPPdo +yO7iBUNJzv6Qh22malLp4P8gzACkD7DGlSTnoB5cLwcjmDGg+i9WrUBbOiVTeQfZ +kOj1o+Tz35ndpq/DDUVlqliB9krcxva+QHeJPH53EGI+YVg1nD+s/vUDZ3mQMGX9 +DQou2L8uU6RnWNv/BihGcL8QvS4Ty6QyPOUPpD3zc70JQAEcQk9BxQNaELgJX0IN +22cYn22tYvElew9G41OpDqzBRcfbdJmKXQ2HcroShutYJQRGUpAXHk24fy6JVkIU +ojF5U6cwextMja1ZIIZgh9eugIRUeIE7319nQNDzuXWjRCcoBLA25P7wnpHWDRpz +D9ovXCIvdja74lL5psqobV6L5+fbLPkSgXoImKR0LQKCAgAIC9Jk8kxumCyIVGCP +PeM5Uby9M3GMuKrfYsn0Y5e97+kSJF1dpojTodBgR2KQar6eVrvXt+8uZCcIjfx8 +dUrYmHNEUJfHl4T1ESgkX1vkcpVFeQFruZDjk7EP3+1sgvpSroGTZkVBRFsTXbQZ +FuCv0Pgt1TKG+zGmklxhj3TsiRy8MEjWAxBUp++ftZJnZNI4feDGnfEx7tLwVhAg +6DWSiWDO6hgQpvOLwX5lu+0x9itc1MQsnDO/OqIDnBAJDN5k7cVVkfKlqbVjxgpz +eqUJs3yAd81f44kDQTCB4ahYocgeIGsrOqd/WoGL1EEPPo/O9wQP7VtlIRt8UwuG +bS18+a4sBUfAa56xYu/pnPo7YcubsgZfcSIujzFQqMpVTClJRnOnEuJ4J1+PXzRz +XAO9fs4VJ+CMEmgAyonUz4Xadxulnknlw//sO9VKgM69oFHCDHL/XamAAbqAdwvf +7R/+uy+Ol7romC0wMhb6SsIZazrvvH2mNtduAKZ638nAP1x/WbQp+6iVG7yJok7w +82Q7tO7baOePTXh12Rrt4mNPor0HLYxhra4GFgfqkumJ2Mz0esuZAozxJXFOq8ly +beo9CVtXP5zbT6qNpeNismX6PLICaev8t+1iOZSE56WSLtefuuj/cOVrTMNDz1Rr +pUkEVV2zjUSjlcScM538A9iL2QKCAgBLbBk0r6T0ihRsK9UucMxhnYEz/Vq+UEu9 +70Vi1AciqEJv9nh4d3Q3HnH7EHANZxG4Jqzm1DYYVUQa9GfkTFeq88xFv/GW2hUM +YY8RSfRDrIeXNEOETCe37x2AHw25dRXlZtw+wARPau91y9+Y/FCl18NqCHfcUEin +ERjsf/eI2bPlODAlR2tZvZ7M60VBdqpN8cmV3zvI3e88z43xLfQlDyr1+v7a5Evy +lEJnXlSTI2o+vKxtl103vjMSwA1gh63K90gBVsJWXQDZueOzi8mB9UqNRfcMmOEe +4YHttTXPxeu0x+4cCRfam9zKShsVFgI28vRQ/ijl6qmbQ5gV8wqf18GV1j1L4z0P +lP6iVynDA4MMrug/w9DqPsHsfK0pwekeETfSj4y0xVXyjWZBfHG2ZBrS6mDTf+RG +LC4sJgR0hjdILLnUqIX7PzuhieBHRrjBcopwvcryVWRHnI7kslAS0+yHjiWc5oW3 +x5mtlum4HzelNYuD9cAE/95P6CeSMfp9CyIE/KSX4VvsRm6gQVkoQRKMxnQIFQ3w +O5gl1l88vhjoo2HxYScgCp70BsDwiUNTqIR3NM+ZBHYFweVf3Gwz5LzHZT2rEZtD +6VXRP75Q/2wOLnqCO4bK4BUs6sqxcQZmOldruPkPynrY0oPfHHExjxZDvQu4/r80 +Ls3n0L8yvQKCAgEAnYWS6EikwaQNpJEfiUnOlglgFz4EE1eVkrDbBY4J3oPU+doz +DrqmsvgpSZIAfd2MUbkN4pOMsMTjbeIYWDnZDa1RoctKs3FhwFPHwAjQpznab4mn +Bp81FMHM40qyb0NaNuFRwghdXvoQvBBX1p8oEnFzDRvTiuS/vTPTA8KDY8IeRp8R +oGzKHpfziNwq/URpqj7pwi9odNjGZvR2IwYw9jCLPIqaEbMoSOdI0mg4MoYyqP4q +nm7d4wqSDwrYxiXZ6f3nYpkhEY1lb0Wbksp1ig8sKSF4nDZRGK1RSfE+6gjBp94H +X/Wog6Zb6NC9ZpusTiDLvuIUXcyUJvmHiWjSNqiTv8jurlwEsgSwhziEQfqLrtdV +QI3PRMolBkD1iCk+HFE53r05LMf1bp3r4MS+naaQrLbIrl1kgDNGwVdgS+SCM7Bg +TwEgE67iOb2iIoUpon/NyP4LesMzvdpsu2JFlfz13PmmQ34mFI7tWvOb3NA5DP3c +46C6SaWI0TD9B11nJbHGTYN3Si9n0EBgoDJEXUKeh3km9O47dgvkSug4WzhYsvrE +rMlMLtKfp2w8HlMZpsUlToNCx6CI+tJrohzcs3BAVAbjFAXRKWGijB1rxwyDdHPv +I+/wJTNaRNPQ1M0SwtEL/zJd21y3KSPn4eL+GP3efhlDSjtlDvZqkdAUsU8= +-----END RSA PRIVATE KEY----- + diff --git a/crypto/openssl/apps/s1024key.pem b/crypto/openssl/apps/s1024key.pem new file mode 100644 index 000000000000..19e04035724f --- /dev/null +++ b/crypto/openssl/apps/s1024key.pem @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXgIBAAKBgQCzEfU8E+ZGTGtHXV5XhvM2Lg32fXUIjydXb34BGVPX6oN7+aNV +S9eWayvW/+9/vUb0aCqilJrpFesgItV2T8VhhjOE++XUz46uNpcMU7wHMEAXUufP +pztpFm8ZEk2tFKvadkSSoN8lb11juvZVkSkPlB65pFhSe4QKSp6J4HrkYwIDAQAB +AoGBAKy8jvb0Lzby8q11yNLf7+78wCVdYi7ugMHcYA1JVFK8+zb1WfSm44FLQo/0 +dSChAjgz36TTexeLODPYxleJndjVcOMVzsLJjSM8dLpXsTS4FCeMbhw2s2u+xqKY +bbPWfk+HOTyJjfnkcC5Nbg44eOmruq0gSmBeUXVM5UntlTnxAkEA7TGCA3h7kx5E +Bl4zl2pc3gPAGt+dyfk5Po9mGJUUXhF5p2zueGmYWW74TmOWB1kzt4QRdYMzFePq +zfDNXEa1CwJBAMFErdY0xp0UJ13WwBbUTk8rujqQdHtjw0klhpbuKkjxu2hN0wwM +6p0D9qxF7JHaghqVRI0fAW/EE0OzdHMR9QkCQQDNR26dMFXKsoPu+vItljj/UEGf +QG7gERiQ4yxaFBPHgdpGo0kT31eh9x9hQGDkxTe0GNG/YSgCRvm8+C3TMcKXAkBD +dhGn36wkUFCddMSAM4NSJ1VN8/Z0y5HzCmI8dM3VwGtGMUQlxKxwOl30LEQzdS5M +0SWojNYXiT2gOBfBwtbhAkEAhafl5QEOIgUz+XazS/IlZ8goNKdDVfYgK3mHHjvv +nY5G+AuGebdNkXJr4KSWxDcN+C2i47zuj4QXA16MAOandA== +-----END RSA PRIVATE KEY----- diff --git a/crypto/openssl/apps/s1024req.pem b/crypto/openssl/apps/s1024req.pem new file mode 100644 index 000000000000..bb75e7eeb7e9 --- /dev/null +++ b/crypto/openssl/apps/s1024req.pem @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBojCCAQsCAQAwZDELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQx +GjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMSQwIgYDVQQDExtTZXJ2ZXIgdGVz +dCBjZXJ0ICgxMDI0IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALMR +9TwT5kZMa0ddXleG8zYuDfZ9dQiPJ1dvfgEZU9fqg3v5o1VL15ZrK9b/73+9RvRo +KqKUmukV6yAi1XZPxWGGM4T75dTPjq42lwxTvAcwQBdS58+nO2kWbxkSTa0Uq9p2 +RJKg3yVvXWO69lWRKQ+UHrmkWFJ7hApKnongeuRjAgMBAAEwDQYJKoZIhvcNAQEE +BQADgYEAStHlk4pBbwiNeQ2/PKTPPXzITYC8Gn0XMbrU94e/6JIKiO7aArq9Espq +nrBSvC14dHcNl6NNvnkEKdQ7hAkcACfBbnOXA/oQvMBd4GD78cH3k0jVDoVUEjil +frLfWlckW6WzpTktt0ZPDdAjJCmKVh0ABHimi7Bo9FC3wIGIe5M= +-----END CERTIFICATE REQUEST----- diff --git a/crypto/openssl/apps/s512-key.pem b/crypto/openssl/apps/s512-key.pem new file mode 100644 index 000000000000..0e3ff2d373a3 --- /dev/null +++ b/crypto/openssl/apps/s512-key.pem @@ -0,0 +1,9 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIBPAIBAAJBAJ+zw4Qnlf8SMVIPFe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVD +TGiXav6ooKXfX3j/7tdkuD8Ey2//Kv7+ue0CAwEAAQJAN6W31vDEP2DjdqhzCDDu +OA4NACqoiFqyblo7yc2tM4h4xMbC3Yx5UKMN9ZkCtX0gzrz6DyF47bdKcWBzNWCj +gQIhANEoojVt7hq+SQ6MCN6FTAysGgQf56Q3TYoJMoWvdiXVAiEAw3e3rc+VJpOz +rHuDo6bgpjUAAXM+v3fcpsfZSNO6V7kCIQCtbVjanpUwvZkMI9by02oUk9taki3b +PzPfAfNPYAbCJQIhAJXNQDWyqwn/lGmR11cqY2y9nZ1+5w3yHGatLrcDnQHxAiEA +vnlEGo8K85u+KwIOimM48ZG8oTk7iFdkqLJR1utT3aU= +-----END RSA PRIVATE KEY----- diff --git a/crypto/openssl/apps/s512-req.pem b/crypto/openssl/apps/s512-req.pem new file mode 100644 index 000000000000..ea314be5550e --- /dev/null +++ b/crypto/openssl/apps/s512-req.pem @@ -0,0 +1,8 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBGzCBxgIBADBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEa +MBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxIzAhBgNVBAMTGlNlcnZlciB0ZXN0 +IGNlcnQgKDUxMiBiaXQpMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ+zw4Qnlf8S +MVIPFe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVDTGiXav6ooKXfX3j/7tdkuD8E +y2//Kv7+ue0CAwEAATANBgkqhkiG9w0BAQQFAANBAAB+uQi+qwn6qRSHB8EUTvsm +5TNTHzYDeN39nyIbZNX2s0se3Srn2Bxft5YCwD3moFZ9QoyDHxE0h6qLX5yjD+8= +-----END CERTIFICATE REQUEST----- diff --git a/crypto/openssl/apps/s_apps.h b/crypto/openssl/apps/s_apps.h new file mode 100644 index 000000000000..1a0e9f9f92ff --- /dev/null +++ b/crypto/openssl/apps/s_apps.h @@ -0,0 +1,120 @@ +/* apps/s_apps.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#if (defined(VMS) || defined(__VMS)) && !defined(FD_SET) +/* VAX C does not defined fd_set and friends, but it's actually quite simple */ +/* These definitions are borrowed from SOCKETSHR. /Richard Levitte */ +#define MAX_NOFILE 32 +#define NBBY 8 /* number of bits in a byte */ + +#ifndef FD_SETSIZE +#define FD_SETSIZE MAX_NOFILE +#endif /* FD_SETSIZE */ + +/* How many things we'll allow select to use. 0 if unlimited */ +#define MAXSELFD MAX_NOFILE +typedef int fd_mask; /* int here! VMS prototypes int, not long */ +#define NFDBITS (sizeof(fd_mask) * NBBY) /* bits per mask (power of 2!)*/ +#define NFDSHIFT 5 /* Shift based on above */ + +typedef fd_mask fd_set; +#define FD_SET(n, p) (*(p) |= (1 << ((n) % NFDBITS))) +#define FD_CLR(n, p) (*(p) &= ~(1 << ((n) % NFDBITS))) +#define FD_ISSET(n, p) (*(p) & (1 << ((n) % NFDBITS))) +#define FD_ZERO(p) memset((char *)(p), 0, sizeof(*(p))) +#endif + +#define PORT 4433 +#define PORT_STR "4433" +#define PROTOCOL "tcp" + +int do_accept(int acc_sock, int *sock, char **host); +int do_server(int port, int *ret, int (*cb) (), char *context); +#ifdef HEADER_X509_H +int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx); +#else +int MS_CALLBACK verify_callback(int ok, char *ctx); +#endif +#ifdef HEADER_SSL_H +int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file); +#else +int set_cert_stuff(char *ctx, char *cert_file, char *key_file); +#endif +int init_client(int *sock, char *server, int port); +int init_client_ip(int *sock,unsigned char ip[4], int port); +int nbio_init_client_ip(int *sock,unsigned char ip[4], int port); +int nbio_sock_error(int sock); +int spawn(int argc, char **argv, int *in, int *out); +int init_server(int *sock, int port); +int init_server_long(int *sock, int port,char *ip); +int should_retry(int i); +void sock_cleanup(void ); +int extract_port(char *str, short *port_ptr); +int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p); +int host_ip(char *str, unsigned char ip[4]); + +long MS_CALLBACK bio_dump_cb(BIO *bio, int cmd, const char *argp, + int argi, long argl, long ret); + +#ifdef HEADER_SSL_H +void MS_CALLBACK apps_ssl_info_callback(SSL *s, int where, int ret); +#else +void MS_CALLBACK apps_ssl_info_callback(char *s, int where, int ret); +#endif + diff --git a/crypto/openssl/apps/s_cb.c b/crypto/openssl/apps/s_cb.c new file mode 100644 index 000000000000..fdb11a1d11d7 --- /dev/null +++ b/crypto/openssl/apps/s_cb.c @@ -0,0 +1,238 @@ +/* apps/s_cb.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include +#define USE_SOCKETS +#define NON_MAIN +#include "apps.h" +#undef NON_MAIN +#undef USE_SOCKETS +#include +#include +#include +#include "s_apps.h" + +int verify_depth=0; +int verify_error=X509_V_OK; + +int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx) + { + char buf[256]; + X509 *err_cert; + int err,depth; + + err_cert=X509_STORE_CTX_get_current_cert(ctx); + err= X509_STORE_CTX_get_error(ctx); + depth= X509_STORE_CTX_get_error_depth(ctx); + + X509_NAME_oneline(X509_get_subject_name(err_cert),buf,256); + BIO_printf(bio_err,"depth=%d %s\n",depth,buf); + if (!ok) + { + BIO_printf(bio_err,"verify error:num=%d:%s\n",err, + X509_verify_cert_error_string(err)); + if (verify_depth >= depth) + { + ok=1; + verify_error=X509_V_OK; + } + else + { + ok=0; + verify_error=X509_V_ERR_CERT_CHAIN_TOO_LONG; + } + } + switch (ctx->error) + { + case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: + X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),buf,256); + BIO_printf(bio_err,"issuer= %s\n",buf); + break; + case X509_V_ERR_CERT_NOT_YET_VALID: + case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: + BIO_printf(bio_err,"notBefore="); + ASN1_TIME_print(bio_err,X509_get_notBefore(ctx->current_cert)); + BIO_printf(bio_err,"\n"); + break; + case X509_V_ERR_CERT_HAS_EXPIRED: + case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: + BIO_printf(bio_err,"notAfter="); + ASN1_TIME_print(bio_err,X509_get_notAfter(ctx->current_cert)); + BIO_printf(bio_err,"\n"); + break; + } + BIO_printf(bio_err,"verify return:%d\n",ok); + return(ok); + } + +int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file) + { + if (cert_file != NULL) + { + /* + SSL *ssl; + X509 *x509; + */ + + if (SSL_CTX_use_certificate_file(ctx,cert_file, + SSL_FILETYPE_PEM) <= 0) + { + BIO_printf(bio_err,"unable to get certificate from '%s'\n",cert_file); + ERR_print_errors(bio_err); + return(0); + } + if (key_file == NULL) key_file=cert_file; + if (SSL_CTX_use_PrivateKey_file(ctx,key_file, + SSL_FILETYPE_PEM) <= 0) + { + BIO_printf(bio_err,"unable to get private key from '%s'\n",key_file); + ERR_print_errors(bio_err); + return(0); + } + + /* + In theory this is no longer needed + ssl=SSL_new(ctx); + x509=SSL_get_certificate(ssl); + + if (x509 != NULL) { + EVP_PKEY *pktmp; + pktmp = X509_get_pubkey(x509); + EVP_PKEY_copy_parameters(pktmp, + SSL_get_privatekey(ssl)); + EVP_PKEY_free(pktmp); + } + SSL_free(ssl); + */ + + /* If we are using DSA, we can copy the parameters from + * the private key */ + + + /* Now we know that a key and cert have been set against + * the SSL context */ + if (!SSL_CTX_check_private_key(ctx)) + { + BIO_printf(bio_err,"Private key does not match the certificate public key\n"); + return(0); + } + } + return(1); + } + +long MS_CALLBACK bio_dump_cb(BIO *bio, int cmd, const char *argp, int argi, + long argl, long ret) + { + BIO *out; + + out=(BIO *)BIO_get_callback_arg(bio); + if (out == NULL) return(ret); + + if (cmd == (BIO_CB_READ|BIO_CB_RETURN)) + { + BIO_printf(out,"read from %08X [%08lX] (%d bytes => %ld (0x%X))\n", + bio,argp,argi,ret,ret); + BIO_dump(out,argp,(int)ret); + return(ret); + } + else if (cmd == (BIO_CB_WRITE|BIO_CB_RETURN)) + { + BIO_printf(out,"write to %08X [%08lX] (%d bytes => %ld (0x%X))\n", + bio,argp,argi,ret,ret); + BIO_dump(out,argp,(int)ret); + } + return(ret); + } + +void MS_CALLBACK apps_ssl_info_callback(SSL *s, int where, int ret) + { + char *str; + int w; + + w=where& ~SSL_ST_MASK; + + if (w & SSL_ST_CONNECT) str="SSL_connect"; + else if (w & SSL_ST_ACCEPT) str="SSL_accept"; + else str="undefined"; + + if (where & SSL_CB_LOOP) + { + BIO_printf(bio_err,"%s:%s\n",str,SSL_state_string_long(s)); + } + else if (where & SSL_CB_ALERT) + { + str=(where & SSL_CB_READ)?"read":"write"; + BIO_printf(bio_err,"SSL3 alert %s:%s:%s\n", + str, + SSL_alert_type_string_long(ret), + SSL_alert_desc_string_long(ret)); + } + else if (where & SSL_CB_EXIT) + { + if (ret == 0) + BIO_printf(bio_err,"%s:failed in %s\n", + str,SSL_state_string_long(s)); + else if (ret < 0) + { + BIO_printf(bio_err,"%s:error in %s\n", + str,SSL_state_string_long(s)); + } + } + } + diff --git a/crypto/openssl/apps/s_client.c b/crypto/openssl/apps/s_client.c new file mode 100644 index 000000000000..b06104130e53 --- /dev/null +++ b/crypto/openssl/apps/s_client.c @@ -0,0 +1,840 @@ +/* apps/s_client.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifdef APPS_CRLF +# include +#endif +#include +#include +#include +#ifdef NO_STDIO +#define APPS_WIN16 +#endif + +/* With IPv6, it looks like Digital has mixed up the proper order of + recursive header file inclusion, resulting in the compiler complaining + that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which + is needed to have fileno() declared correctly... So let's define u_int */ +#if defined(VMS) && defined(__DECC) && !defined(__U_INT) +#define __U_INT +typedef unsigned int u_int; +#endif + +#define USE_SOCKETS +#include "apps.h" +#include +#include +#include +#include +#include "s_apps.h" + +#if (defined(VMS) && __VMS_VER < 70000000) +/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */ +#undef FIONBIO +#endif + +#if defined(NO_RSA) && !defined(NO_SSL2) +#define NO_SSL2 +#endif + +#undef PROG +#define PROG s_client_main + +/*#define SSL_HOST_NAME "www.netscape.com" */ +/*#define SSL_HOST_NAME "193.118.187.102" */ +#define SSL_HOST_NAME "localhost" + +/*#define TEST_CERT "client.pem" */ /* no default cert. */ + +#undef BUFSIZZ +#define BUFSIZZ 1024*8 + +extern int verify_depth; +extern int verify_error; + +#ifdef FIONBIO +static int c_nbio=0; +#endif +static int c_Pause=0; +static int c_debug=0; +static int c_showcerts=0; + +static void sc_usage(void); +static void print_stuff(BIO *berr,SSL *con,int full); +static BIO *bio_c_out=NULL; +static int c_quiet=0; + +static void sc_usage(void) + { + BIO_printf(bio_err,"usage: s_client args\n"); + BIO_printf(bio_err,"\n"); + BIO_printf(bio_err," -host host - use -connect instead\n"); + BIO_printf(bio_err," -port port - use -connect instead\n"); + BIO_printf(bio_err," -connect host:port - who to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR); + + BIO_printf(bio_err," -verify arg - turn on peer certificate verification\n"); + BIO_printf(bio_err," -cert arg - certificate file to use, PEM format assumed\n"); + BIO_printf(bio_err," -key arg - Private key file to use, PEM format assumed, in cert file if\n"); + BIO_printf(bio_err," not specified but cert file is.\n"); + BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n"); + BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n"); + BIO_printf(bio_err," -reconnect - Drop and re-make the connection with the same Session-ID\n"); + BIO_printf(bio_err," -pause - sleep(1) after each read(2) and write(2) system call\n"); + BIO_printf(bio_err," -showcerts - show all certificates in the chain\n"); + BIO_printf(bio_err," -debug - extra output\n"); + BIO_printf(bio_err," -nbio_test - more ssl protocol testing\n"); + BIO_printf(bio_err," -state - print the 'ssl' states\n"); +#ifdef FIONBIO + BIO_printf(bio_err," -nbio - Run with non-blocking IO\n"); +#endif +#ifdef APPS_CRLF /* won't be #ifdef'd in next release */ + BIO_printf(bio_err," -crlf - convert LF from terminal into CRLF\n"); +#endif + BIO_printf(bio_err," -quiet - no s_client output\n"); + BIO_printf(bio_err," -ssl2 - just use SSLv2\n"); + BIO_printf(bio_err," -ssl3 - just use SSLv3\n"); + BIO_printf(bio_err," -tls1 - just use TLSv1\n"); + BIO_printf(bio_err," -no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n"); + BIO_printf(bio_err," -bugs - Switch on all SSL implementation bug workarounds\n"); + BIO_printf(bio_err," -cipher - prefered cipher to use, use the 'openssl ciphers'\n"); + BIO_printf(bio_err," command to see what is available\n"); + + } + +int MAIN(int argc, char **argv) + { + int off=0; + SSL *con=NULL,*con2=NULL; + int s,k,width,state=0; + char *cbuf=NULL,*sbuf=NULL; + int cbuf_len,cbuf_off; + int sbuf_len,sbuf_off; + fd_set readfds,writefds; + short port=PORT; + int full_log=1; + char *host=SSL_HOST_NAME; + char *cert_file=NULL,*key_file=NULL; + char *CApath=NULL,*CAfile=NULL,*cipher=NULL; + int reconnect=0,badop=0,verify=SSL_VERIFY_NONE,bugs=0; +#ifdef APPS_CRLF + int crlf=0; +#endif + int write_tty,read_tty,write_ssl,read_ssl,tty_on,ssl_pending; + SSL_CTX *ctx=NULL; + int ret=1,in_init=1,i,nbio_test=0; + SSL_METHOD *meth=NULL; + BIO *sbio; + /*static struct timeval timeout={10,0};*/ + +#if !defined(NO_SSL2) && !defined(NO_SSL3) + meth=SSLv23_client_method(); +#elif !defined(NO_SSL3) + meth=SSLv3_client_method(); +#elif !defined(NO_SSL2) + meth=SSLv2_client_method(); +#endif + + apps_startup(); + c_Pause=0; + c_quiet=0; + c_debug=0; + c_showcerts=0; + + if (bio_err == NULL) + bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); + + if ( ((cbuf=Malloc(BUFSIZZ)) == NULL) || + ((sbuf=Malloc(BUFSIZZ)) == NULL)) + { + BIO_printf(bio_err,"out of memory\n"); + goto end; + } + + verify_depth=0; + verify_error=X509_V_OK; +#ifdef FIONBIO + c_nbio=0; +#endif + + argc--; + argv++; + while (argc >= 1) + { + if (strcmp(*argv,"-host") == 0) + { + if (--argc < 1) goto bad; + host= *(++argv); + } + else if (strcmp(*argv,"-port") == 0) + { + if (--argc < 1) goto bad; + port=atoi(*(++argv)); + if (port == 0) goto bad; + } + else if (strcmp(*argv,"-connect") == 0) + { + if (--argc < 1) goto bad; + if (!extract_host_port(*(++argv),&host,NULL,&port)) + goto bad; + } + else if (strcmp(*argv,"-verify") == 0) + { + verify=SSL_VERIFY_PEER; + if (--argc < 1) goto bad; + verify_depth=atoi(*(++argv)); + BIO_printf(bio_err,"verify depth is %d\n",verify_depth); + } + else if (strcmp(*argv,"-cert") == 0) + { + if (--argc < 1) goto bad; + cert_file= *(++argv); + } +#ifdef APPS_CRLF + else if (strcmp(*argv,"-crlf") == 0) + crlf=1; +#endif + else if (strcmp(*argv,"-quiet") == 0) + c_quiet=1; + else if (strcmp(*argv,"-pause") == 0) + c_Pause=1; + else if (strcmp(*argv,"-debug") == 0) + c_debug=1; + else if (strcmp(*argv,"-showcerts") == 0) + c_showcerts=1; + else if (strcmp(*argv,"-nbio_test") == 0) + nbio_test=1; + else if (strcmp(*argv,"-state") == 0) + state=1; +#ifndef NO_SSL2 + else if (strcmp(*argv,"-ssl2") == 0) + meth=SSLv2_client_method(); +#endif +#ifndef NO_SSL3 + else if (strcmp(*argv,"-ssl3") == 0) + meth=SSLv3_client_method(); +#endif +#ifndef NO_TLS1 + else if (strcmp(*argv,"-tls1") == 0) + meth=TLSv1_client_method(); +#endif + else if (strcmp(*argv,"-bugs") == 0) + bugs=1; + else if (strcmp(*argv,"-key") == 0) + { + if (--argc < 1) goto bad; + key_file= *(++argv); + } + else if (strcmp(*argv,"-reconnect") == 0) + { + reconnect=5; + } + else if (strcmp(*argv,"-CApath") == 0) + { + if (--argc < 1) goto bad; + CApath= *(++argv); + } + else if (strcmp(*argv,"-CAfile") == 0) + { + if (--argc < 1) goto bad; + CAfile= *(++argv); + } + else if (strcmp(*argv,"-no_tls1") == 0) + off|=SSL_OP_NO_TLSv1; + else if (strcmp(*argv,"-no_ssl3") == 0) + off|=SSL_OP_NO_SSLv3; + else if (strcmp(*argv,"-no_ssl2") == 0) + off|=SSL_OP_NO_SSLv2; + else if (strcmp(*argv,"-cipher") == 0) + { + if (--argc < 1) goto bad; + cipher= *(++argv); + } +#ifdef FIONBIO + else if (strcmp(*argv,"-nbio") == 0) + { c_nbio=1; } +#endif + else + { + BIO_printf(bio_err,"unknown option %s\n",*argv); + badop=1; + break; + } + argc--; + argv++; + } + if (badop) + { +bad: + sc_usage(); + goto end; + } + + if (bio_c_out == NULL) + { + if (c_quiet) + { + bio_c_out=BIO_new(BIO_s_null()); + } + else + { + if (bio_c_out == NULL) + bio_c_out=BIO_new_fp(stdout,BIO_NOCLOSE); + } + } + + SSLeay_add_ssl_algorithms(); + ctx=SSL_CTX_new(meth); + if (ctx == NULL) + { + ERR_print_errors(bio_err); + goto end; + } + + if (bugs) + SSL_CTX_set_options(ctx,SSL_OP_ALL|off); + else + SSL_CTX_set_options(ctx,off); + + if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback); + if (cipher != NULL) + SSL_CTX_set_cipher_list(ctx,cipher); +#if 0 + else + SSL_CTX_set_cipher_list(ctx,getenv("SSL_CIPHER")); +#endif + + SSL_CTX_set_verify(ctx,verify,verify_callback); + if (!set_cert_stuff(ctx,cert_file,key_file)) + goto end; + + if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) || + (!SSL_CTX_set_default_verify_paths(ctx))) + { + /* BIO_printf(bio_err,"error seting default verify locations\n"); */ + ERR_print_errors(bio_err); + /* goto end; */ + } + + SSL_load_error_strings(); + + con=(SSL *)SSL_new(ctx); +/* SSL_set_cipher_list(con,"RC4-MD5"); */ + +re_start: + + if (init_client(&s,host,port) == 0) + { + BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error()); + SHUTDOWN(s); + goto end; + } + BIO_printf(bio_c_out,"CONNECTED(%08X)\n",s); + +#ifdef FIONBIO + if (c_nbio) + { + unsigned long l=1; + BIO_printf(bio_c_out,"turning on non blocking io\n"); + if (BIO_socket_ioctl(s,FIONBIO,&l) < 0) + { + ERR_print_errors(bio_err); + goto end; + } + } +#endif + if (c_Pause & 0x01) con->debug=1; + sbio=BIO_new_socket(s,BIO_NOCLOSE); + + if (nbio_test) + { + BIO *test; + + test=BIO_new(BIO_f_nbio_test()); + sbio=BIO_push(test,sbio); + } + + if (c_debug) + { + con->debug=1; + BIO_set_callback(sbio,bio_dump_cb); + BIO_set_callback_arg(sbio,bio_c_out); + } + + SSL_set_bio(con,sbio,sbio); + SSL_set_connect_state(con); + + /* ok, lets connect */ + width=SSL_get_fd(con)+1; + + read_tty=1; + write_tty=0; + tty_on=0; + read_ssl=1; + write_ssl=1; + + cbuf_len=0; + cbuf_off=0; + sbuf_len=0; + sbuf_off=0; + + for (;;) + { + FD_ZERO(&readfds); + FD_ZERO(&writefds); + + if (SSL_in_init(con) && !SSL_total_renegotiations(con)) + { + in_init=1; + tty_on=0; + } + else + { + tty_on=1; + if (in_init) + { + in_init=0; + print_stuff(bio_c_out,con,full_log); + if (full_log > 0) full_log--; + + if (reconnect) + { + reconnect--; + BIO_printf(bio_c_out,"drop connection and then reconnect\n"); + SSL_shutdown(con); + SSL_set_connect_state(con); + SHUTDOWN(SSL_get_fd(con)); + goto re_start; + } + } + } + + ssl_pending = read_ssl && SSL_pending(con); + + if (!ssl_pending) + { +#ifndef WINDOWS + if (tty_on) + { + if (read_tty) FD_SET(fileno(stdin),&readfds); + if (write_tty) FD_SET(fileno(stdout),&writefds); + } +#endif + if (read_ssl) + FD_SET(SSL_get_fd(con),&readfds); + if (write_ssl) + FD_SET(SSL_get_fd(con),&writefds); + +/* printf("mode tty(%d %d%d) ssl(%d%d)\n", + tty_on,read_tty,write_tty,read_ssl,write_ssl);*/ + + /* Note: under VMS with SOCKETSHR the second parameter + * is currently of type (int *) whereas under other + * systems it is (void *) if you don't have a cast it + * will choke the compiler: if you do have a cast then + * you can either go for (int *) or (void *). + */ + i=select(width,(void *)&readfds,(void *)&writefds, + NULL,NULL); + if ( i < 0) + { + BIO_printf(bio_err,"bad select %d\n", + get_last_socket_error()); + goto shut; + /* goto end; */ + } + } + + if (!ssl_pending && FD_ISSET(SSL_get_fd(con),&writefds)) + { + k=SSL_write(con,&(cbuf[cbuf_off]), + (unsigned int)cbuf_len); + switch (SSL_get_error(con,k)) + { + case SSL_ERROR_NONE: + cbuf_off+=k; + cbuf_len-=k; + if (k <= 0) goto end; + /* we have done a write(con,NULL,0); */ + if (cbuf_len <= 0) + { + read_tty=1; + write_ssl=0; + } + else /* if (cbuf_len > 0) */ + { + read_tty=0; + write_ssl=1; + } + break; + case SSL_ERROR_WANT_WRITE: + BIO_printf(bio_c_out,"write W BLOCK\n"); + write_ssl=1; + read_tty=0; + break; + case SSL_ERROR_WANT_READ: + BIO_printf(bio_c_out,"write R BLOCK\n"); + write_tty=0; + read_ssl=1; + write_ssl=0; + break; + case SSL_ERROR_WANT_X509_LOOKUP: + BIO_printf(bio_c_out,"write X BLOCK\n"); + break; + case SSL_ERROR_ZERO_RETURN: + if (cbuf_len != 0) + { + BIO_printf(bio_c_out,"shutdown\n"); + goto shut; + } + else + { + read_tty=1; + write_ssl=0; + break; + } + + case SSL_ERROR_SYSCALL: + if ((k != 0) || (cbuf_len != 0)) + { + BIO_printf(bio_err,"write:errno=%d\n", + get_last_socket_error()); + goto shut; + } + else + { + read_tty=1; + write_ssl=0; + } + break; + case SSL_ERROR_SSL: + ERR_print_errors(bio_err); + goto shut; + } + } +#ifndef WINDOWS + else if (!ssl_pending && FD_ISSET(fileno(stdout),&writefds)) + { +#ifdef CHARSET_EBCDIC + ascii2ebcdic(&(sbuf[sbuf_off]),&(sbuf[sbuf_off]),sbuf_len); +#endif + i=write(fileno(stdout),&(sbuf[sbuf_off]),sbuf_len); + + if (i <= 0) + { + BIO_printf(bio_c_out,"DONE\n"); + goto shut; + /* goto end; */ + } + + sbuf_len-=i;; + sbuf_off+=i; + if (sbuf_len <= 0) + { + read_ssl=1; + write_tty=0; + } + } +#endif + else if (ssl_pending || FD_ISSET(SSL_get_fd(con),&readfds)) + { +#ifdef RENEG +{ static int iiii; if (++iiii == 52) { SSL_renegotiate(con); iiii=0; } } +#endif +#if 1 + k=SSL_read(con,sbuf,1024 /* BUFSIZZ */ ); +#else +/* Demo for pending and peek :-) */ + k=SSL_read(con,sbuf,16); +{ char zbuf[10240]; +printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240)); +} +#endif + + switch (SSL_get_error(con,k)) + { + case SSL_ERROR_NONE: + if (k <= 0) + goto end; + sbuf_off=0; + sbuf_len=k; + + read_ssl=0; + write_tty=1; + break; + case SSL_ERROR_WANT_WRITE: + BIO_printf(bio_c_out,"read W BLOCK\n"); + write_ssl=1; + read_tty=0; + break; + case SSL_ERROR_WANT_READ: + BIO_printf(bio_c_out,"read R BLOCK\n"); + write_tty=0; + read_ssl=1; + if ((read_tty == 0) && (write_ssl == 0)) + write_ssl=1; + break; + case SSL_ERROR_WANT_X509_LOOKUP: + BIO_printf(bio_c_out,"read X BLOCK\n"); + break; + case SSL_ERROR_SYSCALL: + BIO_printf(bio_err,"read:errno=%d\n",get_last_socket_error()); + goto shut; + case SSL_ERROR_ZERO_RETURN: + BIO_printf(bio_c_out,"closed\n"); + goto shut; + case SSL_ERROR_SSL: + ERR_print_errors(bio_err); + goto shut; + /* break; */ + } + } + +#ifndef WINDOWS + else if (FD_ISSET(fileno(stdin),&readfds)) + { +#ifdef APPS_CRLF + if (crlf) + { + int j, lf_num; + + i=read(fileno(stdin),cbuf,BUFSIZZ/2); + lf_num = 0; + /* both loops are skipped when i <= 0 */ + for (j = 0; j < i; j++) + if (cbuf[j] == '\n') + lf_num++; + for (j = i-1; j >= 0; j--) + { + cbuf[j+lf_num] = cbuf[j]; + if (cbuf[j] == '\n') + { + lf_num--; + i++; + cbuf[j+lf_num] = '\r'; + } + } + assert(lf_num == 0); + } + else +#endif + i=read(fileno(stdin),cbuf,BUFSIZZ); + + if ((!c_quiet) && ((i <= 0) || (cbuf[0] == 'Q'))) + { + BIO_printf(bio_err,"DONE\n"); + goto shut; + } + + if ((!c_quiet) && (cbuf[0] == 'R')) + { + BIO_printf(bio_err,"RENEGOTIATING\n"); + SSL_renegotiate(con); + cbuf_len=0; + } + else + { + cbuf_len=i; + cbuf_off=0; +#ifdef CHARSET_EBCDIC + ebcdic2ascii(cbuf, cbuf, i); +#endif + } + + write_ssl=1; + read_tty=0; + } +#endif + } +shut: + SSL_shutdown(con); + SHUTDOWN(SSL_get_fd(con)); + ret=0; +end: + if (con != NULL) SSL_free(con); + if (con2 != NULL) SSL_free(con2); + if (ctx != NULL) SSL_CTX_free(ctx); + if (cbuf != NULL) { memset(cbuf,0,BUFSIZZ); Free(cbuf); } + if (sbuf != NULL) { memset(sbuf,0,BUFSIZZ); Free(sbuf); } + if (bio_c_out != NULL) + { + BIO_free(bio_c_out); + bio_c_out=NULL; + } + EXIT(ret); + } + + +static void print_stuff(BIO *bio, SSL *s, int full) + { + X509 *peer=NULL; + char *p; + static char *space=" "; + char buf[BUFSIZ]; + STACK_OF(X509) *sk; + STACK_OF(X509_NAME) *sk2; + SSL_CIPHER *c; + X509_NAME *xn; + int j,i; + + if (full) + { + int got_a_chain = 0; + + sk=SSL_get_peer_cert_chain(s); + if (sk != NULL) + { + got_a_chain = 1; /* we don't have it for SSL2 (yet) */ + + BIO_printf(bio,"---\nCertificate chain\n"); + for (i=0; i 0)) + { + BIO_printf(bio,"---\nAcceptable client certificate CA names\n"); + for (i=0; ihit)?"---\nReused, ":"---\nNew, ")); + c=SSL_get_current_cipher(s); + BIO_printf(bio,"%s, Cipher is %s\n", + SSL_CIPHER_get_version(c), + SSL_CIPHER_get_name(c)); + if (peer != NULL) { + EVP_PKEY *pktmp; + pktmp = X509_get_pubkey(peer); + BIO_printf(bio,"Server public key is %d bit\n", + EVP_PKEY_bits(pktmp)); + EVP_PKEY_free(pktmp); + } + SSL_SESSION_print(bio,SSL_get_session(s)); + BIO_printf(bio,"---\n"); + if (peer != NULL) + X509_free(peer); + } + diff --git a/crypto/openssl/apps/s_server.c b/crypto/openssl/apps/s_server.c new file mode 100644 index 000000000000..9a81418cda84 --- /dev/null +++ b/crypto/openssl/apps/s_server.c @@ -0,0 +1,1464 @@ +/* apps/s_server.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifdef APPS_CRLF +# include +#endif +#include +#include +#include +#include +#include +#ifdef NO_STDIO +#define APPS_WIN16 +#endif + +/* With IPv6, it looks like Digital has mixed up the proper order of + recursive header file inclusion, resulting in the compiler complaining + that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which + is needed to have fileno() declared correctly... So let's define u_int */ +#if defined(VMS) && defined(__DECC) && !defined(__U_INT) +#define __U_INT +typedef unsigned int u_int; +#endif + +#include +#include +#define USE_SOCKETS +#include "apps.h" +#include +#include +#include +#include +#include "s_apps.h" + +#if (defined(VMS) && __VMS_VER < 70000000) +/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */ +#undef FIONBIO +#endif + +#if defined(NO_RSA) && !defined(NO_SSL2) +#define NO_SSL2 +#endif + +#ifndef NO_RSA +static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength); +#endif +static int sv_body(char *hostname, int s, unsigned char *context); +static int www_body(char *hostname, int s, unsigned char *context); +static void close_accept_socket(void ); +static void sv_usage(void); +static int init_ssl_connection(SSL *s); +static void print_stats(BIO *bp,SSL_CTX *ctx); +#ifndef NO_DH +static DH *load_dh_param(void ); +static DH *get_dh512(void); +#endif +/* static void s_server_init(void);*/ + +#ifndef S_ISDIR +# if defined(_S_IFMT) && defined(_S_IFDIR) +# define S_ISDIR(a) (((a) & _S_IFMT) == _S_IFDIR) +# else +# define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR) +# endif +#endif + +#ifndef NO_DH +static unsigned char dh512_p[]={ + 0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75, + 0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F, + 0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED,0x57,0x46,0x50,0xD3, + 0x69,0x99,0xDB,0x29,0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12, + 0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6,0xD8,0x00,0x3E,0x7C, + 0x47,0x74,0xE8,0x33, + }; +static unsigned char dh512_g[]={ + 0x02, + }; + +static DH *get_dh512(void) + { + DH *dh=NULL; + + if ((dh=DH_new()) == NULL) return(NULL); + dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL); + dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL); + if ((dh->p == NULL) || (dh->g == NULL)) + return(NULL); + return(dh); + } +#endif + +/* static int load_CA(SSL_CTX *ctx, char *file);*/ + +#undef BUFSIZZ +#define BUFSIZZ 16*1024 +static int bufsize=32; +static int accept_socket= -1; + +#define TEST_CERT "server.pem" +#undef PROG +#define PROG s_server_main + +#define DH_PARAM "server.pem" + +extern int verify_depth; + +static char *cipher=NULL; +static int s_server_verify=SSL_VERIFY_NONE; +static int s_server_session_id_context = 1; /* anything will do */ +static char *s_cert_file=TEST_CERT,*s_key_file=NULL; +static char *s_dcert_file=NULL,*s_dkey_file=NULL; +#ifdef FIONBIO +static int s_nbio=0; +#endif +static int s_nbio_test=0; +#ifdef APPS_CRLF /* won't be #ifdef'd in next release */ +int s_crlf=0; +#endif +static SSL_CTX *ctx=NULL; +static int www=0; + +static BIO *bio_s_out=NULL; +static int s_debug=0; +static int s_quiet=0; + +#if 0 +static void s_server_init(void) + { + cipher=NULL; + s_server_verify=SSL_VERIFY_NONE; + s_dcert_file=NULL; + s_dkey_file=NULL; + s_cert_file=TEST_CERT; + s_key_file=NULL; +#ifdef FIONBIO + s_nbio=0; +#endif + s_nbio_test=0; + ctx=NULL; + www=0; + + bio_s_out=NULL; + s_debug=0; + s_quiet=0; + } +#endif + +static void sv_usage(void) + { + BIO_printf(bio_err,"usage: s_server [args ...]\n"); + BIO_printf(bio_err,"\n"); + BIO_printf(bio_err," -accept arg - port to accept on (default is %d)\n",PORT); + BIO_printf(bio_err," -context arg - set session ID context\n"); + BIO_printf(bio_err," -verify arg - turn on peer certificate verification\n"); + BIO_printf(bio_err," -Verify arg - turn on peer certificate verification, must have a cert.\n"); + BIO_printf(bio_err," -cert arg - certificate file to use, PEM format assumed\n"); + BIO_printf(bio_err," (default is %s)\n",TEST_CERT); + BIO_printf(bio_err," -key arg - RSA file to use, PEM format assumed, in cert file if\n"); + BIO_printf(bio_err," not specified (default is %s)\n",TEST_CERT); + BIO_printf(bio_err," -dcert arg - second certificate file to use (usually for DSA)\n"); + BIO_printf(bio_err," -dkey arg - second private key file to use (usually for DSA)\n"); +#ifdef FIONBIO + BIO_printf(bio_err," -nbio - Run with non-blocking IO\n"); +#endif + BIO_printf(bio_err," -nbio_test - test with the non-blocking test bio\n"); +#ifdef APPS_CRLF + BIO_printf(bio_err," -crlf - convert LF from terminal into CRLF\n"); +#endif + BIO_printf(bio_err," -debug - Print more output\n"); + BIO_printf(bio_err," -state - Print the SSL states\n"); + BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n"); + BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n"); + BIO_printf(bio_err," -nocert - Don't use any certificates (Anon-DH)\n"); + BIO_printf(bio_err," -cipher arg - play with 'openssl ciphers' to see what goes here\n"); + BIO_printf(bio_err," -quiet - No server output\n"); + BIO_printf(bio_err," -no_tmp_rsa - Do not generate a tmp RSA key\n"); + BIO_printf(bio_err," -ssl2 - Just talk SSLv2\n"); + BIO_printf(bio_err," -ssl3 - Just talk SSLv3\n"); + BIO_printf(bio_err," -tls1 - Just talk TLSv1\n"); + BIO_printf(bio_err," -no_ssl2 - Just disable SSLv2\n"); + BIO_printf(bio_err," -no_ssl3 - Just disable SSLv3\n"); + BIO_printf(bio_err," -no_tls1 - Just disable TLSv1\n"); +#ifndef NO_DH + BIO_printf(bio_err," -no_dhe - Disable ephemeral DH\n"); +#endif + BIO_printf(bio_err," -bugs - Turn on SSL bug compatability\n"); + BIO_printf(bio_err," -www - Respond to a 'GET /' with a status page\n"); + BIO_printf(bio_err," -WWW - Respond to a 'GET / HTTP/1.0' with file ./\n"); + } + +static int local_argc=0; +static char **local_argv; +static int hack=0; + +#ifdef CHARSET_EBCDIC +static int ebcdic_new(BIO *bi); +static int ebcdic_free(BIO *a); +static int ebcdic_read(BIO *b, char *out, int outl); +static int ebcdic_write(BIO *b, char *in, int inl); +static long ebcdic_ctrl(BIO *b, int cmd, long num, char *ptr); +static int ebcdic_gets(BIO *bp, char *buf, int size); +static int ebcdic_puts(BIO *bp, char *str); + +#define BIO_TYPE_EBCDIC_FILTER (18|0x0200) +static BIO_METHOD methods_ebcdic= + { + BIO_TYPE_EBCDIC_FILTER, + "EBCDIC/ASCII filter", + ebcdic_write, + ebcdic_read, + ebcdic_puts, + ebcdic_gets, + ebcdic_ctrl, + ebcdic_new, + ebcdic_free, + }; + +typedef struct +{ + size_t alloced; + char buff[1]; +} EBCDIC_OUTBUFF; + +BIO_METHOD *BIO_f_ebcdic_filter() +{ + return(&methods_ebcdic); +} + +static int ebcdic_new(BIO *bi) +{ + EBCDIC_OUTBUFF *wbuf; + + wbuf = (EBCDIC_OUTBUFF *)Malloc(sizeof(EBCDIC_OUTBUFF) + 1024); + wbuf->alloced = 1024; + wbuf->buff[0] = '\0'; + + bi->ptr=(char *)wbuf; + bi->init=1; + bi->flags=0; + return(1); +} + +static int ebcdic_free(BIO *a) +{ + if (a == NULL) return(0); + if (a->ptr != NULL) + Free(a->ptr); + a->ptr=NULL; + a->init=0; + a->flags=0; + return(1); +} + +static int ebcdic_read(BIO *b, char *out, int outl) +{ + int ret=0; + + if (out == NULL || outl == 0) return(0); + if (b->next_bio == NULL) return(0); + + ret=BIO_read(b->next_bio,out,outl); + if (ret > 0) + ascii2ebcdic(out,out,ret); + return(ret); +} + +static int ebcdic_write(BIO *b, char *in, int inl) +{ + EBCDIC_OUTBUFF *wbuf; + int ret=0; + int num; + unsigned char n; + + if ((in == NULL) || (inl <= 0)) return(0); + if (b->next_bio == NULL) return(0); + + wbuf=(EBCDIC_OUTBUFF *)b->ptr; + + if (inl > (num = wbuf->alloced)) + { + num = num + num; /* double the size */ + if (num < inl) + num = inl; + Free((char*)wbuf); + wbuf=(EBCDIC_OUTBUFF *)Malloc(sizeof(EBCDIC_OUTBUFF) + num); + + wbuf->alloced = num; + wbuf->buff[0] = '\0'; + + b->ptr=(char *)wbuf; + } + + ebcdic2ascii(wbuf->buff, in, inl); + + ret=BIO_write(b->next_bio, wbuf->buff, inl); + + return(ret); +} + +static long ebcdic_ctrl(BIO *b, int cmd, long num, char *ptr) +{ + long ret; + + if (b->next_bio == NULL) return(0); + switch (cmd) + { + case BIO_CTRL_DUP: + ret=0L; + break; + default: + ret=BIO_ctrl(b->next_bio,cmd,num,ptr); + break; + } + return(ret); +} + +static int ebcdic_gets(BIO *bp, char *buf, int size) +{ + int i, ret; + if (bp->next_bio == NULL) return(0); +/* return(BIO_gets(bp->next_bio,buf,size));*/ + for (i=0; inext_bio == NULL) return(0); + return ebcdic_write(bp, str, strlen(str)); +} +#endif + +int MAIN(int argc, char *argv[]) + { + short port=PORT; + char *CApath=NULL,*CAfile=NULL; + char *context = NULL; + int badop=0,bugs=0; + int ret=1; + int off=0; + int no_tmp_rsa=0,no_dhe=0,nocert=0; + int state=0; + SSL_METHOD *meth=NULL; +#ifndef NO_DH + DH *dh=NULL; +#endif + +#if !defined(NO_SSL2) && !defined(NO_SSL3) + meth=SSLv23_server_method(); +#elif !defined(NO_SSL3) + meth=SSLv3_server_method(); +#elif !defined(NO_SSL2) + meth=SSLv2_server_method(); +#endif + + local_argc=argc; + local_argv=argv; + + apps_startup(); + s_quiet=0; + s_debug=0; + + if (bio_err == NULL) + bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); + + verify_depth=0; +#ifdef FIONBIO + s_nbio=0; +#endif + s_nbio_test=0; + + argc--; + argv++; + + while (argc >= 1) + { + if ((strcmp(*argv,"-port") == 0) || + (strcmp(*argv,"-accept") == 0)) + { + if (--argc < 1) goto bad; + if (!extract_port(*(++argv),&port)) + goto bad; + } + else if (strcmp(*argv,"-verify") == 0) + { + s_server_verify=SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE; + if (--argc < 1) goto bad; + verify_depth=atoi(*(++argv)); + BIO_printf(bio_err,"verify depth is %d\n",verify_depth); + } + else if (strcmp(*argv,"-Verify") == 0) + { + s_server_verify=SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT| + SSL_VERIFY_CLIENT_ONCE; + if (--argc < 1) goto bad; + verify_depth=atoi(*(++argv)); + BIO_printf(bio_err,"verify depth is %d, must return a certificate\n",verify_depth); + } + else if (strcmp(*argv,"-context") == 0) + { + if (--argc < 1) goto bad; + context= *(++argv); + } + else if (strcmp(*argv,"-cert") == 0) + { + if (--argc < 1) goto bad; + s_cert_file= *(++argv); + } + else if (strcmp(*argv,"-key") == 0) + { + if (--argc < 1) goto bad; + s_key_file= *(++argv); + } + else if (strcmp(*argv,"-dcert") == 0) + { + if (--argc < 1) goto bad; + s_dcert_file= *(++argv); + } + else if (strcmp(*argv,"-dkey") == 0) + { + if (--argc < 1) goto bad; + s_dkey_file= *(++argv); + } + else if (strcmp(*argv,"-nocert") == 0) + { + nocert=1; + } + else if (strcmp(*argv,"-CApath") == 0) + { + if (--argc < 1) goto bad; + CApath= *(++argv); + } + else if (strcmp(*argv,"-cipher") == 0) + { + if (--argc < 1) goto bad; + cipher= *(++argv); + } + else if (strcmp(*argv,"-CAfile") == 0) + { + if (--argc < 1) goto bad; + CAfile= *(++argv); + } +#ifdef FIONBIO + else if (strcmp(*argv,"-nbio") == 0) + { s_nbio=1; } +#endif + else if (strcmp(*argv,"-nbio_test") == 0) + { +#ifdef FIONBIO + s_nbio=1; +#endif + s_nbio_test=1; + } + else if (strcmp(*argv,"-debug") == 0) + { s_debug=1; } + else if (strcmp(*argv,"-hack") == 0) + { hack=1; } + else if (strcmp(*argv,"-state") == 0) + { state=1; } +#ifdef APPS_CRLF + else if (strcmp(*argv,"-crlf") == 0) + { s_crlf=1; } +#endif + else if (strcmp(*argv,"-quiet") == 0) + { s_quiet=1; } + else if (strcmp(*argv,"-bugs") == 0) + { bugs=1; } + else if (strcmp(*argv,"-no_tmp_rsa") == 0) + { no_tmp_rsa=1; } + else if (strcmp(*argv,"-no_dhe") == 0) + { no_dhe=1; } + else if (strcmp(*argv,"-www") == 0) + { www=1; } + else if (strcmp(*argv,"-WWW") == 0) + { www=2; } + else if (strcmp(*argv,"-no_ssl2") == 0) + { off|=SSL_OP_NO_SSLv2; } + else if (strcmp(*argv,"-no_ssl3") == 0) + { off|=SSL_OP_NO_SSLv3; } + else if (strcmp(*argv,"-no_tls1") == 0) + { off|=SSL_OP_NO_TLSv1; } +#ifndef NO_SSL2 + else if (strcmp(*argv,"-ssl2") == 0) + { meth=SSLv2_server_method(); } +#endif +#ifndef NO_SSL3 + else if (strcmp(*argv,"-ssl3") == 0) + { meth=SSLv3_server_method(); } +#endif +#ifndef NO_TLS1 + else if (strcmp(*argv,"-tls1") == 0) + { meth=TLSv1_server_method(); } +#endif + else + { + BIO_printf(bio_err,"unknown option %s\n",*argv); + badop=1; + break; + } + argc--; + argv++; + } + if (badop) + { +bad: + sv_usage(); + goto end; + } + + if (bio_s_out == NULL) + { + if (s_quiet && !s_debug) + { + bio_s_out=BIO_new(BIO_s_null()); + } + else + { + if (bio_s_out == NULL) + bio_s_out=BIO_new_fp(stdout,BIO_NOCLOSE); + } + } + +#if !defined(NO_RSA) || !defined(NO_DSA) + if (nocert) +#endif + { + s_cert_file=NULL; + s_key_file=NULL; + s_dcert_file=NULL; + s_dkey_file=NULL; + } + + SSL_load_error_strings(); + SSLeay_add_ssl_algorithms(); + + ctx=SSL_CTX_new(meth); + if (ctx == NULL) + { + ERR_print_errors(bio_err); + goto end; + } + + SSL_CTX_set_quiet_shutdown(ctx,1); + if (bugs) SSL_CTX_set_options(ctx,SSL_OP_ALL); + if (hack) SSL_CTX_set_options(ctx,SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG); + SSL_CTX_set_options(ctx,off); + if (hack) SSL_CTX_set_options(ctx,SSL_OP_NON_EXPORT_FIRST); + + if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback); + + SSL_CTX_sess_set_cache_size(ctx,128); + +#if 0 + if (cipher == NULL) cipher=getenv("SSL_CIPHER"); +#endif + +#if 0 + if (s_cert_file == NULL) + { + BIO_printf(bio_err,"You must specify a certificate file for the server to use\n"); + goto end; + } +#endif + + if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) || + (!SSL_CTX_set_default_verify_paths(ctx))) + { + /* BIO_printf(bio_err,"X509_load_verify_locations\n"); */ + ERR_print_errors(bio_err); + /* goto end; */ + } + +#ifndef NO_DH + if (!no_dhe) + { + /* EAY EAY EAY evil hack */ + dh=load_dh_param(); + if (dh != NULL) + { + BIO_printf(bio_s_out,"Setting temp DH parameters\n"); + } + else + { + BIO_printf(bio_s_out,"Using default temp DH parameters\n"); + dh=get_dh512(); + } + (void)BIO_flush(bio_s_out); + + SSL_CTX_set_tmp_dh(ctx,dh); + DH_free(dh); + } +#endif + + if (!set_cert_stuff(ctx,s_cert_file,s_key_file)) + goto end; + if (s_dcert_file != NULL) + { + if (!set_cert_stuff(ctx,s_dcert_file,s_dkey_file)) + goto end; + } + +#ifndef NO_RSA +#if 1 + SSL_CTX_set_tmp_rsa_callback(ctx,tmp_rsa_cb); +#else + if (!no_tmp_rsa && SSL_CTX_need_tmp_RSA(ctx)) + { + RSA *rsa; + + BIO_printf(bio_s_out,"Generating temp (512 bit) RSA key..."); + BIO_flush(bio_s_out); + + rsa=RSA_generate_key(512,RSA_F4,NULL); + + if (!SSL_CTX_set_tmp_rsa(ctx,rsa)) + { + ERR_print_errors(bio_err); + goto end; + } + RSA_free(rsa); + BIO_printf(bio_s_out,"\n"); + } +#endif +#endif + + if (cipher != NULL) + SSL_CTX_set_cipher_list(ctx,cipher); + SSL_CTX_set_verify(ctx,s_server_verify,verify_callback); + SSL_CTX_set_session_id_context(ctx,(void*)&s_server_session_id_context, + sizeof s_server_session_id_context); + + SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(CAfile)); + + BIO_printf(bio_s_out,"ACCEPT\n"); + if (www) + do_server(port,&accept_socket,www_body, context); + else + do_server(port,&accept_socket,sv_body, context); + print_stats(bio_s_out,ctx); + ret=0; +end: + if (ctx != NULL) SSL_CTX_free(ctx); + if (bio_s_out != NULL) + { + BIO_free(bio_s_out); + bio_s_out=NULL; + } + EXIT(ret); + } + +static void print_stats(BIO *bio, SSL_CTX *ssl_ctx) + { + BIO_printf(bio,"%4ld items in the session cache\n", + SSL_CTX_sess_number(ssl_ctx)); + BIO_printf(bio,"%4d client connects (SSL_connect())\n", + SSL_CTX_sess_connect(ssl_ctx)); + BIO_printf(bio,"%4d client renegotiates (SSL_connect())\n", + SSL_CTX_sess_connect_renegotiate(ssl_ctx)); + BIO_printf(bio,"%4d client connects that finished\n", + SSL_CTX_sess_connect_good(ssl_ctx)); + BIO_printf(bio,"%4d server accepts (SSL_accept())\n", + SSL_CTX_sess_accept(ssl_ctx)); + BIO_printf(bio,"%4d server renegotiates (SSL_accept())\n", + SSL_CTX_sess_accept_renegotiate(ssl_ctx)); + BIO_printf(bio,"%4d server accepts that finished\n", + SSL_CTX_sess_accept_good(ssl_ctx)); + BIO_printf(bio,"%4d session cache hits\n",SSL_CTX_sess_hits(ssl_ctx)); + BIO_printf(bio,"%4d session cache misses\n",SSL_CTX_sess_misses(ssl_ctx)); + BIO_printf(bio,"%4d session cache timeouts\n",SSL_CTX_sess_timeouts(ssl_ctx)); + BIO_printf(bio,"%4d callback cache hits\n",SSL_CTX_sess_cb_hits(ssl_ctx)); + BIO_printf(bio,"%4d cache full overflows (%d allowed)\n", + SSL_CTX_sess_cache_full(ssl_ctx), + SSL_CTX_sess_get_cache_size(ssl_ctx)); + } + +static int sv_body(char *hostname, int s, unsigned char *context) + { + char *buf=NULL; + fd_set readfds; + int ret=1,width; + int k,i; + unsigned long l; + SSL *con=NULL; + BIO *sbio; + + if ((buf=Malloc(bufsize)) == NULL) + { + BIO_printf(bio_err,"out of memory\n"); + goto err; + } +#ifdef FIONBIO + if (s_nbio) + { + unsigned long sl=1; + + if (!s_quiet) + BIO_printf(bio_err,"turning on non blocking io\n"); + if (BIO_socket_ioctl(s,FIONBIO,&sl) < 0) + ERR_print_errors(bio_err); + } +#endif + + if (con == NULL) { + con=(SSL *)SSL_new(ctx); + if(context) + SSL_set_session_id_context(con, context, + strlen((char *)context)); + } + SSL_clear(con); + + sbio=BIO_new_socket(s,BIO_NOCLOSE); + if (s_nbio_test) + { + BIO *test; + + test=BIO_new(BIO_f_nbio_test()); + sbio=BIO_push(test,sbio); + } + SSL_set_bio(con,sbio,sbio); + SSL_set_accept_state(con); + /* SSL_set_fd(con,s); */ + + if (s_debug) + { + con->debug=1; + BIO_set_callback(SSL_get_rbio(con),bio_dump_cb); + BIO_set_callback_arg(SSL_get_rbio(con),bio_s_out); + } + + width=s+1; + for (;;) + { + FD_ZERO(&readfds); +#ifndef WINDOWS + FD_SET(fileno(stdin),&readfds); +#endif + FD_SET(s,&readfds); + /* Note: under VMS with SOCKETSHR the second parameter is + * currently of type (int *) whereas under other systems + * it is (void *) if you don't have a cast it will choke + * the compiler: if you do have a cast then you can either + * go for (int *) or (void *). + */ + i=select(width,(void *)&readfds,NULL,NULL,NULL); + if (i <= 0) continue; + if (FD_ISSET(fileno(stdin),&readfds)) + { +#ifdef APPS_CRLF + if (s_crlf) + { + int j, lf_num; + + i=read(fileno(stdin), buf, bufsize/2); + lf_num = 0; + /* both loops are skipped when i <= 0 */ + for (j = 0; j < i; j++) + if (buf[j] == '\n') + lf_num++; + for (j = i-1; j >= 0; j--) + { + buf[j+lf_num] = buf[j]; + if (buf[j] == '\n') + { + lf_num--; + i++; + buf[j+lf_num] = '\r'; + } + } + assert(lf_num == 0); + } + else +#endif + i=read(fileno(stdin),buf,bufsize); + if (!s_quiet) + { + if ((i <= 0) || (buf[0] == 'Q')) + { + BIO_printf(bio_s_out,"DONE\n"); + SHUTDOWN(s); + close_accept_socket(); + ret= -11; + goto err; + } + if ((i <= 0) || (buf[0] == 'q')) + { + BIO_printf(bio_s_out,"DONE\n"); + SHUTDOWN(s); + /* close_accept_socket(); + ret= -11;*/ + goto err; + } + if ((buf[0] == 'r') && + ((buf[1] == '\n') || (buf[1] == '\r'))) + { + SSL_renegotiate(con); + i=SSL_do_handshake(con); + printf("SSL_do_handshake -> %d\n",i); + i=0; /*13; */ + continue; + /* strcpy(buf,"server side RE-NEGOTIATE\n"); */ + } + if ((buf[0] == 'R') && + ((buf[1] == '\n') || (buf[1] == '\r'))) + { + SSL_set_verify(con, + SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE,NULL); + SSL_renegotiate(con); + i=SSL_do_handshake(con); + printf("SSL_do_handshake -> %d\n",i); + i=0; /* 13; */ + continue; + /* strcpy(buf,"server side RE-NEGOTIATE asking for client cert\n"); */ + } + if (buf[0] == 'P') + { + static char *str="Lets print some clear text\n"; + BIO_write(SSL_get_wbio(con),str,strlen(str)); + } + if (buf[0] == 'S') + { + print_stats(bio_s_out,SSL_get_SSL_CTX(con)); + } + } +#ifdef CHARSET_EBCDIC + ebcdic2ascii(buf,buf,i); +#endif + l=k=0; + for (;;) + { + /* should do a select for the write */ +#ifdef RENEG +{ static count=0; if (++count == 100) { count=0; SSL_renegotiate(con); } } +#endif + k=SSL_write(con,&(buf[l]),(unsigned int)i); + switch (SSL_get_error(con,k)) + { + case SSL_ERROR_NONE: + break; + case SSL_ERROR_WANT_WRITE: + case SSL_ERROR_WANT_READ: + case SSL_ERROR_WANT_X509_LOOKUP: + BIO_printf(bio_s_out,"Write BLOCK\n"); + break; + case SSL_ERROR_SYSCALL: + case SSL_ERROR_SSL: + BIO_printf(bio_s_out,"ERROR\n"); + ERR_print_errors(bio_err); + ret=1; + goto err; + /* break; */ + case SSL_ERROR_ZERO_RETURN: + BIO_printf(bio_s_out,"DONE\n"); + ret=1; + goto err; + } + l+=k; + i-=k; + if (i <= 0) break; + } + } + if (FD_ISSET(s,&readfds)) + { + if (!SSL_is_init_finished(con)) + { + i=init_ssl_connection(con); + + if (i < 0) + { + ret=0; + goto err; + } + else if (i == 0) + { + ret=1; + goto err; + } + } + else + { +again: + i=SSL_read(con,(char *)buf,bufsize); + switch (SSL_get_error(con,i)) + { + case SSL_ERROR_NONE: +#ifdef CHARSET_EBCDIC + ascii2ebcdic(buf,buf,i); +#endif + write(fileno(stdout),buf, + (unsigned int)i); + if (SSL_pending(con)) goto again; + break; + case SSL_ERROR_WANT_WRITE: + case SSL_ERROR_WANT_READ: + case SSL_ERROR_WANT_X509_LOOKUP: + BIO_printf(bio_s_out,"Read BLOCK\n"); + break; + case SSL_ERROR_SYSCALL: + case SSL_ERROR_SSL: + BIO_printf(bio_s_out,"ERROR\n"); + ERR_print_errors(bio_err); + ret=1; + goto err; + case SSL_ERROR_ZERO_RETURN: + BIO_printf(bio_s_out,"DONE\n"); + ret=1; + goto err; + } + } + } + } +err: + BIO_printf(bio_s_out,"shutting down SSL\n"); +#if 1 + SSL_set_shutdown(con,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); +#else + SSL_shutdown(con); +#endif + if (con != NULL) SSL_free(con); + BIO_printf(bio_s_out,"CONNECTION CLOSED\n"); + if (buf != NULL) + { + memset(buf,0,bufsize); + Free(buf); + } + if (ret >= 0) + BIO_printf(bio_s_out,"ACCEPT\n"); + return(ret); + } + +static void close_accept_socket(void) + { + BIO_printf(bio_err,"shutdown accept socket\n"); + if (accept_socket >= 0) + { + SHUTDOWN2(accept_socket); + } + } + +static int init_ssl_connection(SSL *con) + { + int i; + const char *str; + X509 *peer; + long verify_error; + MS_STATIC char buf[BUFSIZ]; + + if ((i=SSL_accept(con)) <= 0) + { + if (BIO_sock_should_retry(i)) + { + BIO_printf(bio_s_out,"DELAY\n"); + return(1); + } + + BIO_printf(bio_err,"ERROR\n"); + verify_error=SSL_get_verify_result(con); + if (verify_error != X509_V_OK) + { + BIO_printf(bio_err,"verify error:%s\n", + X509_verify_cert_error_string(verify_error)); + } + else + ERR_print_errors(bio_err); + return(0); + } + + PEM_write_bio_SSL_SESSION(bio_s_out,SSL_get_session(con)); + + peer=SSL_get_peer_certificate(con); + if (peer != NULL) + { + BIO_printf(bio_s_out,"Client certificate\n"); + PEM_write_bio_X509(bio_s_out,peer); + X509_NAME_oneline(X509_get_subject_name(peer),buf,BUFSIZ); + BIO_printf(bio_s_out,"subject=%s\n",buf); + X509_NAME_oneline(X509_get_issuer_name(peer),buf,BUFSIZ); + BIO_printf(bio_s_out,"issuer=%s\n",buf); + X509_free(peer); + } + + if (SSL_get_shared_ciphers(con,buf,BUFSIZ) != NULL) + BIO_printf(bio_s_out,"Shared ciphers:%s\n",buf); + str=SSL_CIPHER_get_name(SSL_get_current_cipher(con)); + BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)"); + if (con->hit) BIO_printf(bio_s_out,"Reused session-id\n"); + if (SSL_ctrl(con,SSL_CTRL_GET_FLAGS,0,NULL) & + TLS1_FLAGS_TLS_PADDING_BUG) + BIO_printf(bio_s_out,"Peer has incorrect TLSv1 block padding\n"); + + return(1); + } + +#ifndef NO_DH +static DH *load_dh_param(void) + { + DH *ret=NULL; + BIO *bio; + + if ((bio=BIO_new_file(DH_PARAM,"r")) == NULL) + goto err; + ret=PEM_read_bio_DHparams(bio,NULL,NULL,NULL); +err: + if (bio != NULL) BIO_free(bio); + return(ret); + } +#endif + +#if 0 +static int load_CA(SSL_CTX *ctx, char *file) + { + FILE *in; + X509 *x=NULL; + + if ((in=fopen(file,"r")) == NULL) + return(0); + + for (;;) + { + if (PEM_read_X509(in,&x,NULL) == NULL) + break; + SSL_CTX_add_client_CA(ctx,x); + } + if (x != NULL) X509_free(x); + fclose(in); + return(1); + } +#endif + +static int www_body(char *hostname, int s, unsigned char *context) + { + char *buf=NULL; + int ret=1; + int i,j,k,blank,dot; + struct stat st_buf; + SSL *con; + SSL_CIPHER *c; + BIO *io,*ssl_bio,*sbio; + long total_bytes; + + buf=Malloc(bufsize); + if (buf == NULL) return(0); + io=BIO_new(BIO_f_buffer()); + ssl_bio=BIO_new(BIO_f_ssl()); + if ((io == NULL) || (ssl_bio == NULL)) goto err; + +#ifdef FIONBIO + if (s_nbio) + { + unsigned long sl=1; + + if (!s_quiet) + BIO_printf(bio_err,"turning on non blocking io\n"); + if (BIO_socket_ioctl(s,FIONBIO,&sl) < 0) + ERR_print_errors(bio_err); + } +#endif + + /* lets make the output buffer a reasonable size */ + if (!BIO_set_write_buffer_size(io,bufsize)) goto err; + + if ((con=(SSL *)SSL_new(ctx)) == NULL) goto err; + if(context) SSL_set_session_id_context(con, context, + strlen((char *)context)); + + sbio=BIO_new_socket(s,BIO_NOCLOSE); + if (s_nbio_test) + { + BIO *test; + + test=BIO_new(BIO_f_nbio_test()); + sbio=BIO_push(test,sbio); + } + SSL_set_bio(con,sbio,sbio); + SSL_set_accept_state(con); + + /* SSL_set_fd(con,s); */ + BIO_set_ssl(ssl_bio,con,BIO_CLOSE); + BIO_push(io,ssl_bio); +#ifdef CHARSET_EBCDIC + io = BIO_push(BIO_new(BIO_f_ebcdic_filter()),io); +#endif + + if (s_debug) + { + con->debug=1; + BIO_set_callback(SSL_get_rbio(con),bio_dump_cb); + BIO_set_callback_arg(SSL_get_rbio(con),bio_s_out); + } + + blank=0; + for (;;) + { + if (hack) + { + i=SSL_accept(con); + + switch (SSL_get_error(con,i)) + { + case SSL_ERROR_NONE: + break; + case SSL_ERROR_WANT_WRITE: + case SSL_ERROR_WANT_READ: + case SSL_ERROR_WANT_X509_LOOKUP: + continue; + case SSL_ERROR_SYSCALL: + case SSL_ERROR_SSL: + case SSL_ERROR_ZERO_RETURN: + ret=1; + goto err; + /* break; */ + } + + SSL_renegotiate(con); + SSL_write(con,NULL,0); + } + + i=BIO_gets(io,buf,bufsize-1); + if (i < 0) /* error */ + { + if (!BIO_should_retry(io)) + { + if (!s_quiet) + ERR_print_errors(bio_err); + goto err; + } + else + { + BIO_printf(bio_s_out,"read R BLOCK\n"); +#ifndef MSDOS + sleep(1); +#endif + continue; + } + } + else if (i == 0) /* end of input */ + { + ret=1; + goto end; + } + + /* else we have data */ + if ( ((www == 1) && (strncmp("GET ",buf,4) == 0)) || + ((www == 2) && (strncmp("GET /stats ",buf,10) == 0))) + { + char *p; + X509 *peer; + STACK_OF(SSL_CIPHER) *sk; + static char *space=" "; + + BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n"); + BIO_puts(io,"\n"); + BIO_puts(io,"
\n");
+/*			BIO_puts(io,SSLeay_version(SSLEAY_VERSION));*/
+			BIO_puts(io,"\n");
+			for (i=0; ihit)
+				?"---\nReused, "
+				:"---\nNew, "));
+			c=SSL_get_current_cipher(con);
+			BIO_printf(io,"%s, Cipher is %s\n",
+				SSL_CIPHER_get_version(c),
+				SSL_CIPHER_get_name(c));
+			SSL_SESSION_print(io,SSL_get_session(con));
+			BIO_printf(io,"---\n");
+			print_stats(io,SSL_get_SSL_CTX(con));
+			BIO_printf(io,"---\n");
+			peer=SSL_get_peer_certificate(con);
+			if (peer != NULL)
+				{
+				BIO_printf(io,"Client certificate\n");
+				X509_print(io,peer);
+				PEM_write_bio_X509(io,peer);
+				}
+			else
+				BIO_puts(io,"no client certificate available\n");
+			BIO_puts(io,"\r\n\r\n");
+			break;
+			}
+		else if ((www == 2) && (strncmp("GET /",buf,5) == 0))
+			{
+			BIO *file;
+			char *p,*e;
+			static char *text="HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n";
+
+			/* skip the '/' */
+			p= &(buf[5]);
+			dot=0;
+			for (e=p; *e != '\0'; e++)
+				{
+				if (e[0] == ' ') break;
+				if (	(e[0] == '.') &&
+					(strncmp(&(e[-1]),"/../",4) == 0))
+					dot=1;
+				}
+			
+
+			if (*e == '\0')
+				{
+				BIO_puts(io,text);
+				BIO_printf(io,"'%s' is an invalid file name\r\n",p);
+				break;
+				}
+			*e='\0';
+
+			if (dot)
+				{
+				BIO_puts(io,text);
+				BIO_printf(io,"'%s' contains '..' reference\r\n",p);
+				break;
+				}
+
+			if (*p == '/')
+				{
+				BIO_puts(io,text);
+				BIO_printf(io,"'%s' is an invalid path\r\n",p);
+				break;
+				}
+
+			/* append if a directory lookup */
+			if (e[-1] == '/')
+				strcat(p,"index.html");
+
+			/* if a directory, do the index thang */
+			if (stat(p,&st_buf) < 0)
+				{
+				BIO_puts(io,text);
+				BIO_printf(io,"Error accessing '%s'\r\n",p);
+				ERR_print_errors(io);
+				break;
+				}
+			if (S_ISDIR(st_buf.st_mode))
+				{
+				strcat(p,"/index.html");
+				}
+
+			if ((file=BIO_new_file(p,"r")) == NULL)
+				{
+				BIO_puts(io,text);
+				BIO_printf(io,"Error opening '%s'\r\n",p);
+				ERR_print_errors(io);
+				break;
+				}
+
+			if (!s_quiet)
+				BIO_printf(bio_err,"FILE:%s\n",p);
+
+			i=strlen(p);
+			if (	((i > 5) && (strcmp(&(p[i-5]),".html") == 0)) ||
+				((i > 4) && (strcmp(&(p[i-4]),".php") == 0)) ||
+				((i > 4) && (strcmp(&(p[i-4]),".htm") == 0)))
+				BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n");
+			else
+				BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n");
+			/* send the file */
+			total_bytes=0;
+			for (;;)
+				{
+				i=BIO_read(file,buf,bufsize);
+				if (i <= 0) break;
+
+#ifdef RENEG
+				total_bytes+=i;
+				fprintf(stderr,"%d\n",i);
+				if (total_bytes > 3*1024)
+					{
+					total_bytes=0;
+					fprintf(stderr,"RENEGOTIATE\n");
+					SSL_renegotiate(con);
+					}
+#endif
+
+				for (j=0; j= 0)
+		BIO_printf(bio_s_out,"ACCEPT\n");
+
+	if (buf != NULL) Free(buf);
+	if (io != NULL) BIO_free_all(io);
+/*	if (ssl_bio != NULL) BIO_free(ssl_bio);*/
+	return(ret);
+	}
+
+#ifndef NO_RSA
+static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength)
+	{
+	static RSA *rsa_tmp=NULL;
+
+	if (rsa_tmp == NULL)
+		{
+		if (!s_quiet)
+			{
+			BIO_printf(bio_err,"Generating temp (%d bit) RSA key...",keylength);
+			(void)BIO_flush(bio_err);
+			}
+		rsa_tmp=RSA_generate_key(keylength,RSA_F4,NULL,NULL);
+		if (!s_quiet)
+			{
+			BIO_printf(bio_err,"\n");
+			(void)BIO_flush(bio_err);
+			}
+		}
+	return(rsa_tmp);
+	}
+#endif
diff --git a/crypto/openssl/apps/s_socket.c b/crypto/openssl/apps/s_socket.c
new file mode 100644
index 000000000000..888b66df18ea
--- /dev/null
+++ b/crypto/openssl/apps/s_socket.c
@@ -0,0 +1,674 @@
+/* apps/s_socket.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+#include 
+#include 
+
+/* With IPv6, it looks like Digital has mixed up the proper order of
+   recursive header file inclusion, resulting in the compiler complaining
+   that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which
+   is needed to have fileno() declared correctly...  So let's define u_int */
+#if defined(VMS) && defined(__DECC) && !defined(__U_INT)
+#define __U_INT
+typedef unsigned int u_int;
+#endif
+
+#define USE_SOCKETS
+#define NON_MAIN
+#include "apps.h"
+#undef USE_SOCKETS
+#undef NON_MAIN
+#include "s_apps.h"
+#include 
+
+#ifdef VMS
+#if (__VMS_VER < 70000000) /* FIONBIO used as a switch to enable ioctl,
+			      and that isn't in VMS < 7.0 */
+#undef FIONBIO
+#endif
+#include  /* for vfork() */
+#endif
+
+static struct hostent *GetHostByName(char *name);
+int sock_init(void );
+#ifdef WIN16
+#define SOCKET_PROTOCOL	0 /* more microsoft stupidity */
+#else
+#define SOCKET_PROTOCOL	IPPROTO_TCP
+#endif
+
+#ifdef WINDOWS
+static struct WSAData wsa_state;
+static int wsa_init_done=0;
+
+#ifdef WIN16
+static HWND topWnd=0;
+static FARPROC lpTopWndProc=NULL;
+static FARPROC lpTopHookProc=NULL;
+extern HINSTANCE _hInstance;  /* nice global CRT provides */
+
+static LONG FAR PASCAL topHookProc(HWND hwnd, UINT message, WPARAM wParam,
+	     LPARAM lParam)
+	{
+	if (hwnd == topWnd)
+		{
+		switch(message)
+			{
+		case WM_DESTROY:
+		case WM_CLOSE:
+			SetWindowLong(topWnd,GWL_WNDPROC,(LONG)lpTopWndProc);
+			sock_cleanup();
+			break;
+			}
+		}
+	return CallWindowProc(lpTopWndProc,hwnd,message,wParam,lParam);
+	}
+
+static BOOL CALLBACK enumproc(HWND hwnd,LPARAM lParam)
+	{
+	topWnd=hwnd;
+	return(FALSE);
+	}
+
+#endif /* WIN32 */
+#endif /* WINDOWS */
+
+void sock_cleanup(void)
+	{
+#ifdef WINDOWS
+	if (wsa_init_done)
+		{
+		wsa_init_done=0;
+		WSACancelBlockingCall();
+		WSACleanup();
+		}
+#endif
+	}
+
+int sock_init(void)
+	{
+#ifdef WINDOWS
+	if (!wsa_init_done)
+		{
+		int err;
+	  
+#ifdef SIGINT
+		signal(SIGINT,(void (*)(int))sock_cleanup);
+#endif
+		wsa_init_done=1;
+		memset(&wsa_state,0,sizeof(wsa_state));
+		if (WSAStartup(0x0101,&wsa_state)!=0)
+			{
+			err=WSAGetLastError();
+			BIO_printf(bio_err,"unable to start WINSOCK, error code=%d\n",err);
+			return(0);
+			}
+
+#ifdef WIN16
+		EnumTaskWindows(GetCurrentTask(),enumproc,0L);
+		lpTopWndProc=(FARPROC)GetWindowLong(topWnd,GWL_WNDPROC);
+		lpTopHookProc=MakeProcInstance((FARPROC)topHookProc,_hInstance);
+
+		SetWindowLong(topWnd,GWL_WNDPROC,(LONG)lpTopHookProc);
+#endif /* WIN16 */
+		}
+#endif /* WINDOWS */
+	return(1);
+	}
+
+int init_client(int *sock, char *host, int port)
+	{
+	unsigned char ip[4];
+	short p=0;
+
+	if (!host_ip(host,&(ip[0])))
+		{
+		return(0);
+		}
+	if (p != 0) port=p;
+	return(init_client_ip(sock,ip,port));
+	}
+
+int init_client_ip(int *sock, unsigned char ip[4], int port)
+	{
+	unsigned long addr;
+	struct sockaddr_in them;
+	int s,i;
+
+	if (!sock_init()) return(0);
+
+	memset((char *)&them,0,sizeof(them));
+	them.sin_family=AF_INET;
+	them.sin_port=htons((unsigned short)port);
+	addr=(unsigned long)
+		((unsigned long)ip[0]<<24L)|
+		((unsigned long)ip[1]<<16L)|
+		((unsigned long)ip[2]<< 8L)|
+		((unsigned long)ip[3]);
+	them.sin_addr.s_addr=htonl(addr);
+
+	s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
+	if (s == INVALID_SOCKET) { perror("socket"); return(0); }
+
+	i=0;
+	i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
+	if (i < 0) { perror("keepalive"); return(0); }
+
+	if (connect(s,(struct sockaddr *)&them,sizeof(them)) == -1)
+		{ close(s); perror("connect"); return(0); }
+	*sock=s;
+	return(1);
+	}
+
+int nbio_sock_error(int sock)
+	{
+	int j,i;
+	int size;
+
+	size=sizeof(int);
+	/* Note: under VMS with SOCKETSHR the third parameter is currently
+	 * of type (int *) whereas under other systems it is (void *) if
+	 * you don't have a cast it will choke the compiler: if you do
+	 * have a cast then you can either go for (int *) or (void *).
+	 */
+	i=getsockopt(sock,SOL_SOCKET,SO_ERROR,(char *)&j,(void *)&size);
+	if (i < 0)
+		return(1);
+	else
+		return(j);
+	}
+
+int nbio_init_client_ip(int *sock, unsigned char ip[4], int port)
+	{
+	unsigned long addr;
+	struct sockaddr_in them;
+	int s,i;
+
+	if (!sock_init()) return(0);
+
+	memset((char *)&them,0,sizeof(them));
+	them.sin_family=AF_INET;
+	them.sin_port=htons((unsigned short)port);
+	addr=	(unsigned long)
+		((unsigned long)ip[0]<<24L)|
+		((unsigned long)ip[1]<<16L)|
+		((unsigned long)ip[2]<< 8L)|
+		((unsigned long)ip[3]);
+	them.sin_addr.s_addr=htonl(addr);
+
+	if (*sock <= 0)
+		{
+#ifdef FIONBIO
+		unsigned long l=1;
+#endif
+
+		s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
+		if (s == INVALID_SOCKET) { perror("socket"); return(0); }
+
+		i=0;
+		i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
+		if (i < 0) { perror("keepalive"); return(0); }
+		*sock=s;
+
+#ifdef FIONBIO
+		BIO_socket_ioctl(s,FIONBIO,&l);
+#endif
+		}
+	else
+		s= *sock;
+
+	i=connect(s,(struct sockaddr *)&them,sizeof(them));
+	if (i == INVALID_SOCKET)
+		{
+		if (BIO_sock_should_retry(i))
+			return(-1);
+		else
+			return(0);
+		}
+	else
+		return(1);
+	}
+
+int do_server(int port, int *ret, int (*cb)(), char *context)
+	{
+	int sock;
+	char *name;
+	int accept_socket;
+	int i;
+
+	if (!init_server(&accept_socket,port)) return(0);
+
+	if (ret != NULL)
+		{
+		*ret=accept_socket;
+		/* return(1);*/
+		}
+	for (;;)
+		{
+		if (do_accept(accept_socket,&sock,&name) == 0)
+			{
+			SHUTDOWN(accept_socket);
+			return(0);
+			}
+		i=(*cb)(name,sock, context);
+		if (name != NULL) Free(name);
+		SHUTDOWN2(sock);
+		if (i < 0)
+			{
+			SHUTDOWN2(accept_socket);
+			return(i);
+			}
+		}
+	}
+
+int init_server_long(int *sock, int port, char *ip)
+	{
+	int ret=0;
+	struct sockaddr_in server;
+	int s= -1,i;
+
+	if (!sock_init()) return(0);
+
+	memset((char *)&server,0,sizeof(server));
+	server.sin_family=AF_INET;
+	server.sin_port=htons((unsigned short)port);
+	if (ip == NULL)
+		server.sin_addr.s_addr=INADDR_ANY;
+	else
+/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */
+#ifndef BIT_FIELD_LIMITS
+		memcpy(&server.sin_addr.s_addr,ip,4);
+#else
+		memcpy(&server.sin_addr,ip,4);
+#endif
+	s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
+
+	if (s == INVALID_SOCKET) goto err;
+#if defined SOL_SOCKET && defined SO_REUSEADDR
+		{
+		int j = 1;
+		setsockopt(s, SOL_SOCKET, SO_REUSEADDR,
+			   (void *) &j, sizeof j);
+		}
+#endif
+	if (bind(s,(struct sockaddr *)&server,sizeof(server)) == -1)
+		{
+#ifndef WINDOWS
+		perror("bind");
+#endif
+		goto err;
+		}
+	/* Make it 128 for linux */
+	if (listen(s,128) == -1) goto err;
+	i=0;
+	*sock=s;
+	ret=1;
+err:
+	if ((ret == 0) && (s != -1))
+		{
+		SHUTDOWN(s);
+		}
+	return(ret);
+	}
+
+int init_server(int *sock, int port)
+	{
+	return(init_server_long(sock, port, NULL));
+	}
+
+int do_accept(int acc_sock, int *sock, char **host)
+	{
+	int ret,i;
+	struct hostent *h1,*h2;
+	static struct sockaddr_in from;
+	int len;
+/*	struct linger ling; */
+
+	if (!sock_init()) return(0);
+
+#ifndef WINDOWS
+redoit:
+#endif
+
+	memset((char *)&from,0,sizeof(from));
+	len=sizeof(from);
+	/* Note: under VMS with SOCKETSHR the fourth parameter is currently
+	 * of type (int *) whereas under other systems it is (void *) if
+	 * you don't have a cast it will choke the compiler: if you do
+	 * have a cast then you can either go for (int *) or (void *).
+	 */
+	ret=accept(acc_sock,(struct sockaddr *)&from,(void *)&len);
+	if (ret == INVALID_SOCKET)
+		{
+#ifdef WINDOWS
+		i=WSAGetLastError();
+		BIO_printf(bio_err,"accept error %d\n",i);
+#else
+		if (errno == EINTR)
+			{
+			/*check_timeout(); */
+			goto redoit;
+			}
+		fprintf(stderr,"errno=%d ",errno);
+		perror("accept");
+#endif
+		return(0);
+		}
+
+/*
+	ling.l_onoff=1;
+	ling.l_linger=0;
+	i=setsockopt(ret,SOL_SOCKET,SO_LINGER,(char *)&ling,sizeof(ling));
+	if (i < 0) { perror("linger"); return(0); }
+	i=0;
+	i=setsockopt(ret,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
+	if (i < 0) { perror("keepalive"); return(0); }
+*/
+
+	if (host == NULL) goto end;
+#ifndef BIT_FIELD_LIMITS
+	/* I should use WSAAsyncGetHostByName() under windows */
+	h1=gethostbyaddr((char *)&from.sin_addr.s_addr,
+		sizeof(from.sin_addr.s_addr),AF_INET);
+#else
+	h1=gethostbyaddr((char *)&from.sin_addr,
+		sizeof(struct in_addr),AF_INET);
+#endif
+	if (h1 == NULL)
+		{
+		BIO_printf(bio_err,"bad gethostbyaddr\n");
+		*host=NULL;
+		/* return(0); */
+		}
+	else
+		{
+		if ((*host=(char *)Malloc(strlen(h1->h_name)+1)) == NULL)
+			{
+			perror("Malloc");
+			return(0);
+			}
+		strcpy(*host,h1->h_name);
+
+		h2=GetHostByName(*host);
+		if (h2 == NULL)
+			{
+			BIO_printf(bio_err,"gethostbyname failure\n");
+			return(0);
+			}
+		i=0;
+		if (h2->h_addrtype != AF_INET)
+			{
+			BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
+			return(0);
+			}
+		}
+end:
+	*sock=ret;
+	return(1);
+	}
+
+int extract_host_port(char *str, char **host_ptr, unsigned char *ip,
+	     short *port_ptr)
+	{
+	char *h,*p;
+
+	h=str;
+	p=strchr(str,':');
+	if (p == NULL)
+		{
+		BIO_printf(bio_err,"no port defined\n");
+		return(0);
+		}
+	*(p++)='\0';
+
+	if ((ip != NULL) && !host_ip(str,ip))
+		goto err;
+	if (host_ptr != NULL) *host_ptr=h;
+
+	if (!extract_port(p,port_ptr))
+		goto err;
+	return(1);
+err:
+	return(0);
+	}
+
+int host_ip(char *str, unsigned char ip[4])
+	{
+	unsigned int in[4]; 
+	int i;
+
+	if (sscanf(str,"%u.%u.%u.%u",&(in[0]),&(in[1]),&(in[2]),&(in[3])) == 4)
+		{
+		for (i=0; i<4; i++)
+			if (in[i] > 255)
+				{
+				BIO_printf(bio_err,"invalid IP address\n");
+				goto err;
+				}
+		ip[0]=in[0];
+		ip[1]=in[1];
+		ip[2]=in[2];
+		ip[3]=in[3];
+		}
+	else
+		{ /* do a gethostbyname */
+		struct hostent *he;
+
+		if (!sock_init()) return(0);
+
+		he=GetHostByName(str);
+		if (he == NULL)
+			{
+			BIO_printf(bio_err,"gethostbyname failure\n");
+			goto err;
+			}
+		/* cast to short because of win16 winsock definition */
+		if ((short)he->h_addrtype != AF_INET)
+			{
+			BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
+			return(0);
+			}
+		ip[0]=he->h_addr_list[0][0];
+		ip[1]=he->h_addr_list[0][1];
+		ip[2]=he->h_addr_list[0][2];
+		ip[3]=he->h_addr_list[0][3];
+		}
+	return(1);
+err:
+	return(0);
+	}
+
+int extract_port(char *str, short *port_ptr)
+	{
+	int i;
+	struct servent *s;
+
+	i=atoi(str);
+	if (i != 0)
+		*port_ptr=(unsigned short)i;
+	else
+		{
+		s=getservbyname(str,"tcp");
+		if (s == NULL)
+			{
+			BIO_printf(bio_err,"getservbyname failure for %s\n",str);
+			return(0);
+			}
+		*port_ptr=ntohs((unsigned short)s->s_port);
+		}
+	return(1);
+	}
+
+#define GHBN_NUM	4
+static struct ghbn_cache_st
+	{
+	char name[128];
+	struct hostent ent;
+	unsigned long order;
+	} ghbn_cache[GHBN_NUM];
+
+static unsigned long ghbn_hits=0L;
+static unsigned long ghbn_miss=0L;
+
+static struct hostent *GetHostByName(char *name)
+	{
+	struct hostent *ret;
+	int i,lowi=0;
+	unsigned long low= (unsigned long)-1;
+
+	for (i=0; i ghbn_cache[i].order)
+			{
+			low=ghbn_cache[i].order;
+			lowi=i;
+			}
+		if (ghbn_cache[i].order > 0)
+			{
+			if (strncmp(name,ghbn_cache[i].name,128) == 0)
+				break;
+			}
+		}
+	if (i == GHBN_NUM) /* no hit*/
+		{
+		ghbn_miss++;
+		ret=gethostbyname(name);
+		if (ret == NULL) return(NULL);
+		/* else add to cache */
+		strncpy(ghbn_cache[lowi].name,name,128);
+		memcpy((char *)&(ghbn_cache[lowi].ent),ret,sizeof(struct hostent));
+		ghbn_cache[lowi].order=ghbn_miss+ghbn_hits;
+		return(ret);
+		}
+	else
+		{
+		ghbn_hits++;
+		ret= &(ghbn_cache[i].ent);
+		ghbn_cache[i].order=ghbn_miss+ghbn_hits;
+		return(ret);
+		}
+	}
+
+#ifndef MSDOS
+int spawn(int argc, char **argv, int *in, int *out)
+	{
+	int pid;
+#define CHILD_READ	p1[0]
+#define CHILD_WRITE	p2[1]
+#define PARENT_READ	p2[0]
+#define PARENT_WRITE	p1[1]
+	int p1[2],p2[2];
+
+	if ((pipe(p1) < 0) || (pipe(p2) < 0)) return(-1);
+
+#ifdef VMS
+	if ((pid=vfork()) == 0)
+#else
+	if ((pid=fork()) == 0)
+#endif
+		{ /* child */
+		if (dup2(CHILD_WRITE,fileno(stdout)) < 0)
+			perror("dup2");
+		if (dup2(CHILD_WRITE,fileno(stderr)) < 0)
+			perror("dup2");
+		if (dup2(CHILD_READ,fileno(stdin)) < 0)
+			perror("dup2");
+		close(CHILD_READ); 
+		close(CHILD_WRITE);
+
+		close(PARENT_READ);
+		close(PARENT_WRITE);
+		execvp(argv[0],argv);
+		perror("child");
+		exit(1);
+		}
+
+	/* parent */
+	*in= PARENT_READ;
+	*out=PARENT_WRITE;
+	close(CHILD_READ);
+	close(CHILD_WRITE);
+	return(pid);
+	}
+#endif /* MSDOS */
+
+
+#ifdef undef
+	/* Turn on synchronous sockets so that we can do a WaitForMultipleObjects
+	 * on sockets */
+	{
+	SOCKET s;
+	int optionValue = SO_SYNCHRONOUS_NONALERT;
+	int err;
+
+	err = setsockopt( 
+	    INVALID_SOCKET, 
+	    SOL_SOCKET, 
+	    SO_OPENTYPE, 
+	    (char *)&optionValue, 
+	    sizeof(optionValue));
+	if (err != NO_ERROR) {
+	/* failed for some reason... */
+		BIO_printf(bio_err, "failed to setsockopt(SO_OPENTYPE, SO_SYNCHRONOUS_ALERT) - %d\n",
+			WSAGetLastError());
+		}
+	}
+#endif
diff --git a/crypto/openssl/apps/s_time.c b/crypto/openssl/apps/s_time.c
new file mode 100644
index 000000000000..a529e2a1190d
--- /dev/null
+++ b/crypto/openssl/apps/s_time.c
@@ -0,0 +1,694 @@
+/* apps/s_time.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#define NO_SHUTDOWN
+
+/*-----------------------------------------
+   s_time - SSL client connection timer program
+   Written and donated by Larry Streepy 
+  -----------------------------------------*/
+
+#include 
+#include 
+#include 
+
+#if defined(NO_RSA) && !defined(NO_SSL2)
+#define NO_SSL2
+#endif
+
+#ifdef NO_STDIO
+#define APPS_WIN16
+#endif
+#define USE_SOCKETS
+#include 
+#include 
+#include 
+#include "apps.h"
+#include "s_apps.h"
+#include 
+#ifdef WIN32_STUFF
+#include "winmain.h"
+#include "wintext.h"
+#endif
+
+#if !defined(MSDOS) && (!defined(VMS) || defined(__DECC))
+#define TIMES
+#endif
+
+#ifndef _IRIX
+#include 
+#endif
+#ifdef TIMES
+#include 
+#include 
+#endif
+
+/* Depending on the VMS version, the tms structure is perhaps defined.
+   The __TMS macro will show if it was.  If it wasn't defined, we should
+   undefine TIMES, since that tells the rest of the program how things
+   should be handled.				-- Richard Levitte */
+#if defined(VMS) && defined(__DECC) && !defined(__TMS)
+#undef TIMES
+#endif
+
+#ifndef TIMES
+#include 
+#endif
+
+#ifdef _AIX
+#include 
+#endif
+
+#if defined(sun) || defined(__ultrix)
+#define _POSIX_SOURCE
+#include 
+#include 
+#endif
+
+/* The following if from times(3) man page.  It may need to be changed
+*/
+#ifndef HZ
+#ifndef CLK_TCK
+#define HZ      100.0
+#else /* CLK_TCK */
+#define HZ ((double)CLK_TCK)
+#endif
+#endif
+
+#undef PROG
+#define PROG s_time_main
+
+#undef ioctl
+#define ioctl ioctlsocket
+
+#define SSL_CONNECT_NAME	"localhost:4433"
+
+/*#define TEST_CERT "client.pem" */ /* no default cert. */
+
+#undef BUFSIZZ
+#define BUFSIZZ 1024*10
+
+#define min(a,b) (((a) < (b)) ? (a) : (b))
+#define max(a,b) (((a) > (b)) ? (a) : (b))
+
+#undef SECONDS
+#define SECONDS	30
+extern int verify_depth;
+extern int verify_error;
+
+static void s_time_usage(void);
+static int parseArgs( int argc, char **argv );
+static SSL *doConnection( SSL *scon );
+static void s_time_init(void);
+
+/***********************************************************************
+ * Static data declarations
+ */
+
+/* static char *port=PORT_STR;*/
+static char *host=SSL_CONNECT_NAME;
+static char *t_cert_file=NULL;
+static char *t_key_file=NULL;
+static char *CApath=NULL;
+static char *CAfile=NULL;
+static char *tm_cipher=NULL;
+static int tm_verify = SSL_VERIFY_NONE;
+static int maxTime = SECONDS;
+static SSL_CTX *tm_ctx=NULL;
+static SSL_METHOD *s_time_meth=NULL;
+static char *s_www_path=NULL;
+static long bytes_read=0; 
+static int st_bugs=0;
+static int perform=0;
+#ifdef FIONBIO
+static int t_nbio=0;
+#endif
+#ifdef WIN32
+static int exitNow = 0;		/* Set when it's time to exit main */
+#endif
+
+static void s_time_init(void)
+	{
+	host=SSL_CONNECT_NAME;
+	t_cert_file=NULL;
+	t_key_file=NULL;
+	CApath=NULL;
+	CAfile=NULL;
+	tm_cipher=NULL;
+	tm_verify = SSL_VERIFY_NONE;
+	maxTime = SECONDS;
+	tm_ctx=NULL;
+	s_time_meth=NULL;
+	s_www_path=NULL;
+	bytes_read=0; 
+	st_bugs=0;
+	perform=0;
+
+#ifdef FIONBIO
+	t_nbio=0;
+#endif
+#ifdef WIN32
+	exitNow = 0;		/* Set when it's time to exit main */
+#endif
+	}
+
+/***********************************************************************
+ * usage - display usage message
+ */
+static void s_time_usage(void)
+{
+	static char umsg[] = "\
+-time arg     - max number of seconds to collect data, default %d\n\
+-verify arg   - turn on peer certificate verification, arg == depth\n\
+-cert arg     - certificate file to use, PEM format assumed\n\
+-key arg      - RSA file to use, PEM format assumed, key is in cert file\n\
+                file if not specified by this option\n\
+-CApath arg   - PEM format directory of CA's\n\
+-CAfile arg   - PEM format file of CA's\n\
+-cipher       - prefered cipher to use, play with 'openssl ciphers'\n\n";
+
+	printf( "usage: s_time \n\n" );
+
+	printf("-connect host:port - host:port to connect to (default is %s)\n",SSL_CONNECT_NAME);
+#ifdef FIONBIO
+	printf("-nbio         - Run with non-blocking IO\n");
+	printf("-ssl2         - Just use SSLv2\n");
+	printf("-ssl3         - Just use SSLv3\n");
+	printf("-bugs         - Turn on SSL bug compatability\n");
+	printf("-new          - Just time new connections\n");
+	printf("-reuse        - Just time connection reuse\n");
+	printf("-www page     - Retrieve 'page' from the site\n");
+#endif
+	printf( umsg,SECONDS );
+}
+
+/***********************************************************************
+ * parseArgs - Parse command line arguments and initialize data
+ *
+ * Returns 0 if ok, -1 on bad args
+ */
+static int parseArgs(int argc, char **argv)
+{
+    int badop = 0;
+
+    verify_depth=0;
+    verify_error=X509_V_OK;
+#ifdef FIONBIO
+    t_nbio=0;
+#endif
+
+	apps_startup();
+	s_time_init();
+
+	if (bio_err == NULL)
+		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+
+    argc--;
+    argv++;
+
+    while (argc >= 1) {
+	if (strcmp(*argv,"-connect") == 0)
+		{
+		if (--argc < 1) goto bad;
+		host= *(++argv);
+		}
+#if 0
+	else if( strcmp(*argv,"-host") == 0)
+		{
+		if (--argc < 1) goto bad;
+		host= *(++argv);
+		}
+	else if( strcmp(*argv,"-port") == 0)
+		{
+		if (--argc < 1) goto bad;
+		port= *(++argv);
+		}
+#endif
+	else if (strcmp(*argv,"-reuse") == 0)
+		perform=2;
+	else if (strcmp(*argv,"-new") == 0)
+		perform=1;
+	else if( strcmp(*argv,"-verify") == 0) {
+
+	    tm_verify=SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE;
+	    if (--argc < 1) goto bad;
+	    verify_depth=atoi(*(++argv));
+	    BIO_printf(bio_err,"verify depth is %d\n",verify_depth);
+
+	} else if( strcmp(*argv,"-cert") == 0) {
+
+	    if (--argc < 1) goto bad;
+	    t_cert_file= *(++argv);
+
+	} else if( strcmp(*argv,"-key") == 0) {
+
+	    if (--argc < 1) goto bad;
+	    t_key_file= *(++argv);
+
+	} else if( strcmp(*argv,"-CApath") == 0) {
+
+	    if (--argc < 1) goto bad;
+	    CApath= *(++argv);
+
+	} else if( strcmp(*argv,"-CAfile") == 0) {
+
+	    if (--argc < 1) goto bad;
+	    CAfile= *(++argv);
+
+	} else if( strcmp(*argv,"-cipher") == 0) {
+
+	    if (--argc < 1) goto bad;
+	    tm_cipher= *(++argv);
+	}
+#ifdef FIONBIO
+	else if(strcmp(*argv,"-nbio") == 0) {
+	    t_nbio=1;
+	}
+#endif
+	else if(strcmp(*argv,"-www") == 0)
+		{
+		if (--argc < 1) goto bad;
+		s_www_path= *(++argv);
+		}
+	else if(strcmp(*argv,"-bugs") == 0)
+	    st_bugs=1;
+#ifndef NO_SSL2
+	else if(strcmp(*argv,"-ssl2") == 0)
+	    s_time_meth=SSLv2_client_method();
+#endif
+#ifndef NO_SSL3
+	else if(strcmp(*argv,"-ssl3") == 0)
+	    s_time_meth=SSLv3_client_method();
+#endif
+	else if( strcmp(*argv,"-time") == 0) {
+
+	    if (--argc < 1) goto bad;
+	    maxTime= atoi(*(++argv));
+	}
+	else {
+	    BIO_printf(bio_err,"unknown option %s\n",*argv);
+	    badop=1;
+	    break;
+	}
+
+	argc--;
+	argv++;
+    }
+
+    if (perform == 0) perform=3;
+
+    if(badop) {
+bad:
+		s_time_usage();
+		return -1;
+    }
+
+	return 0;			/* Valid args */
+}
+
+/***********************************************************************
+ * TIME - time functions
+ */
+#define START	0
+#define STOP	1
+
+static double tm_Time_F(int s)
+	{
+	static double ret;
+#ifdef TIMES
+	static struct tms tstart,tend;
+
+	if(s == START) {
+		times(&tstart);
+		return(0);
+	} else {
+		times(&tend);
+		ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
+		return((ret == 0.0)?1e-6:ret);
+	}
+#else /* !times() */
+	static struct timeb tstart,tend;
+	long i;
+
+	if(s == START) {
+		ftime(&tstart);
+		return(0);
+	} else {
+		ftime(&tend);
+		i=(long)tend.millitm-(long)tstart.millitm;
+		ret=((double)(tend.time-tstart.time))+((double)i)/1000.0;
+		return((ret == 0.0)?1e-6:ret);
+	}
+#endif
+}
+
+/***********************************************************************
+ * MAIN - main processing area for client
+ *			real name depends on MONOLITH
+ */
+int MAIN(int argc, char **argv)
+	{
+	double totalTime = 0.0;
+	int nConn = 0;
+	SSL *scon=NULL;
+	long finishtime=0;
+	int ret=1,i;
+	MS_STATIC char buf[1024*8];
+	int ver;
+
+#if !defined(NO_SSL2) && !defined(NO_SSL3)
+	s_time_meth=SSLv23_client_method();
+#elif !defined(NO_SSL3)
+	s_time_meth=SSLv3_client_method();
+#elif !defined(NO_SSL2)
+	s_time_meth=SSLv2_client_method();
+#endif
+
+	/* parse the command line arguments */
+	if( parseArgs( argc, argv ) < 0 )
+		goto end;
+
+	SSLeay_add_ssl_algorithms();
+	if ((tm_ctx=SSL_CTX_new(s_time_meth)) == NULL) return(1);
+
+	SSL_CTX_set_quiet_shutdown(tm_ctx,1);
+
+	if (st_bugs) SSL_CTX_set_options(tm_ctx,SSL_OP_ALL);
+	SSL_CTX_set_cipher_list(tm_ctx,tm_cipher);
+	if(!set_cert_stuff(tm_ctx,t_cert_file,t_key_file)) 
+		goto end;
+
+	SSL_load_error_strings();
+
+	if ((!SSL_CTX_load_verify_locations(tm_ctx,CAfile,CApath)) ||
+		(!SSL_CTX_set_default_verify_paths(tm_ctx)))
+		{
+		/* BIO_printf(bio_err,"error seting default verify locations\n"); */
+		ERR_print_errors(bio_err);
+		/* goto end; */
+		}
+
+	if (tm_cipher == NULL)
+		tm_cipher = getenv("SSL_CIPHER");
+
+	if (tm_cipher == NULL ) {
+		fprintf( stderr, "No CIPHER specified\n" );
+/*		EXIT(1); */
+	}
+
+	if (!(perform & 1)) goto next;
+	printf( "Collecting connection statistics for %d seconds\n", maxTime );
+
+	/* Loop and time how long it takes to make connections */
+
+	bytes_read=0;
+	finishtime=(long)time(NULL)+maxTime;
+	tm_Time_F(START);
+	for (;;)
+		{
+		if (finishtime < time(NULL)) break;
+#ifdef WIN32_STUFF
+
+		if( flushWinMsgs(0) == -1 )
+			goto end;
+
+		if( waitingToDie || exitNow )		/* we're dead */
+			goto end;
+#endif
+
+		if( (scon = doConnection( NULL )) == NULL )
+			goto end;
+
+		if (s_www_path != NULL)
+			{
+			sprintf(buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
+			SSL_write(scon,buf,strlen(buf));
+			while ((i=SSL_read(scon,buf,sizeof(buf))) > 0)
+				bytes_read+=i;
+			}
+
+#ifdef NO_SHUTDOWN
+		SSL_set_shutdown(scon,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
+#else
+		SSL_shutdown(scon);
+#endif
+		SHUTDOWN2(SSL_get_fd(scon));
+
+		nConn += 1;
+		if (SSL_session_reused(scon))
+			ver='r';
+		else
+			{
+			ver=SSL_version(scon);
+			if (ver == TLS1_VERSION)
+				ver='t';
+			else if (ver == SSL3_VERSION)
+				ver='3';
+			else if (ver == SSL2_VERSION)
+				ver='2';
+			else
+				ver='*';
+			}
+		fputc(ver,stdout);
+		fflush(stdout);
+
+		SSL_free( scon );
+		scon=NULL;
+		}
+	totalTime += tm_Time_F(STOP); /* Add the time for this iteration */
+
+	i=(int)(time(NULL)-finishtime+maxTime);
+	printf( "\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", nConn, totalTime, ((double)nConn/totalTime),bytes_read);
+	printf( "%d connections in %ld real seconds, %ld bytes read per connection\n",nConn,time(NULL)-finishtime+maxTime,bytes_read/nConn);
+
+	/* Now loop and time connections using the same session id over and over */
+
+next:
+	if (!(perform & 2)) goto end;
+	printf( "\n\nNow timing with session id reuse.\n" );
+
+	/* Get an SSL object so we can reuse the session id */
+	if( (scon = doConnection( NULL )) == NULL )
+		{
+		fprintf( stderr, "Unable to get connection\n" );
+		goto end;
+		}
+
+	if (s_www_path != NULL)
+		{
+		sprintf(buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
+		SSL_write(scon,buf,strlen(buf));
+		while (SSL_read(scon,buf,sizeof(buf)) > 0)
+			;
+		}
+#ifdef NO_SHUTDOWN
+	SSL_set_shutdown(scon,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
+#else
+	SSL_shutdown(scon);
+#endif
+	SHUTDOWN2(SSL_get_fd(scon));
+
+	nConn = 0;
+	totalTime = 0.0;
+
+	finishtime=time(NULL)+maxTime;
+
+	printf( "starting\n" );
+	bytes_read=0;
+	tm_Time_F(START);
+		
+	for (;;)
+		{
+		if (finishtime < time(NULL)) break;
+
+#ifdef WIN32_STUFF
+		if( flushWinMsgs(0) == -1 )
+			goto end;
+
+		if( waitingToDie || exitNow )	/* we're dead */
+			goto end;
+#endif
+
+	 	if( (doConnection( scon )) == NULL )
+			goto end;
+
+		if (s_www_path)
+			{
+			sprintf(buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
+			SSL_write(scon,buf,strlen(buf));
+			while ((i=SSL_read(scon,buf,sizeof(buf))) > 0)
+				bytes_read+=i;
+			}
+
+#ifdef NO_SHUTDOWN
+		SSL_set_shutdown(scon,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
+#else
+		SSL_shutdown(scon);
+#endif
+		SHUTDOWN2(SSL_get_fd(scon));
+	
+		nConn += 1;
+		if (SSL_session_reused(scon))
+			ver='r';
+		else
+			{
+			ver=SSL_version(scon);
+			if (ver == TLS1_VERSION)
+				ver='t';
+			else if (ver == SSL3_VERSION)
+				ver='3';
+			else if (ver == SSL2_VERSION)
+				ver='2';
+			else
+				ver='*';
+			}
+		fputc(ver,stdout);
+		fflush(stdout);
+		}
+	totalTime += tm_Time_F(STOP); /* Add the time for this iteration*/
+
+
+	printf( "\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", nConn, totalTime, ((double)nConn/totalTime),bytes_read);
+	printf( "%d connections in %ld real seconds, %ld bytes read per connection\n",nConn,time(NULL)-finishtime+maxTime,bytes_read/nConn);
+
+	ret=0;
+end:
+	if (scon != NULL) SSL_free(scon);
+
+	if (tm_ctx != NULL)
+		{
+		SSL_CTX_free(tm_ctx);
+		tm_ctx=NULL;
+		}
+	EXIT(ret);
+	}
+
+/***********************************************************************
+ * doConnection - make a connection
+ * Args:
+ *		scon	= earlier ssl connection for session id, or NULL
+ * Returns:
+ *		SSL *	= the connection pointer.
+ */
+static SSL *doConnection(SSL *scon)
+	{
+	BIO *conn;
+	SSL *serverCon;
+	int width, i;
+	fd_set readfds;
+
+	if ((conn=BIO_new(BIO_s_connect())) == NULL)
+		return(NULL);
+
+/*	BIO_set_conn_port(conn,port);*/
+	BIO_set_conn_hostname(conn,host);
+
+	if (scon == NULL)
+		serverCon=(SSL *)SSL_new(tm_ctx);
+	else
+		{
+		serverCon=scon;
+		SSL_set_connect_state(serverCon);
+		}
+
+	SSL_set_bio(serverCon,conn,conn);
+
+#if 0
+	if( scon != NULL )
+		SSL_set_session(serverCon,SSL_get_session(scon));
+#endif
+
+	/* ok, lets connect */
+	for(;;) {
+		i=SSL_connect(serverCon);
+		if (BIO_sock_should_retry(i))
+			{
+			BIO_printf(bio_err,"DELAY\n");
+
+			i=SSL_get_fd(serverCon);
+			width=i+1;
+			FD_ZERO(&readfds);
+			FD_SET(i,&readfds);
+			/* Note: under VMS with SOCKETSHR the 2nd parameter
+			 * is currently of type (int *) whereas under other
+			 * systems it is (void *) if you don't have a cast it
+			 * will choke the compiler: if you do have a cast then
+			 * you can either go for (int *) or (void *).
+			 */
+			select(width,(void *)&readfds,NULL,NULL,NULL);
+			continue;
+			}
+		break;
+		}
+	if(i <= 0)
+		{
+		BIO_printf(bio_err,"ERROR\n");
+		if (verify_error != X509_V_OK)
+			BIO_printf(bio_err,"verify error:%s\n",
+				X509_verify_cert_error_string(verify_error));
+		else
+			ERR_print_errors(bio_err);
+		if (scon == NULL)
+			SSL_free(serverCon);
+		return NULL;
+		}
+
+	return serverCon;
+	}
+
+
diff --git a/crypto/openssl/apps/server.pem b/crypto/openssl/apps/server.pem
new file mode 100644
index 000000000000..c57b32507d0a
--- /dev/null
+++ b/crypto/openssl/apps/server.pem
@@ -0,0 +1,369 @@
+issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
+subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Server test cert (512 bit)
+-----BEGIN CERTIFICATE-----
+MIIB6TCCAVICAQQwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV
+BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD
+VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNOTgwNjI5MjM1MjQwWhcNMDAwNjI4
+MjM1MjQwWjBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG
+A1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxIzAhBgNVBAMTGlNlcnZlciB0ZXN0IGNl
+cnQgKDUxMiBiaXQpMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ+zw4Qnlf8SMVIP
+Fe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVDTGiXav6ooKXfX3j/7tdkuD8Ey2//
+Kv7+ue0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQCVvvfkGSe2GHgDFfmOua4Isjb9
+JVhImWMASiOClkZlMESDJjsszg/6+d/W+8TrbObhazpl95FivXBVucbj9dudh7AO
+IZu1h1MAPlyknc9Ud816vz3FejB4qqUoaXjnlkrIgEbr/un7jSS86WOe0hRhwHkJ
+FUGcPZf9ND22Etc+AQ==
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIIBPAIBAAJBAJ+zw4Qnlf8SMVIPFe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVD
+TGiXav6ooKXfX3j/7tdkuD8Ey2//Kv7+ue0CAwEAAQJAN6W31vDEP2DjdqhzCDDu
+OA4NACqoiFqyblo7yc2tM4h4xMbC3Yx5UKMN9ZkCtX0gzrz6DyF47bdKcWBzNWCj
+gQIhANEoojVt7hq+SQ6MCN6FTAysGgQf56Q3TYoJMoWvdiXVAiEAw3e3rc+VJpOz
+rHuDo6bgpjUAAXM+v3fcpsfZSNO6V7kCIQCtbVjanpUwvZkMI9by02oUk9taki3b
+PzPfAfNPYAbCJQIhAJXNQDWyqwn/lGmR11cqY2y9nZ1+5w3yHGatLrcDnQHxAiEA
+vnlEGo8K85u+KwIOimM48ZG8oTk7iFdkqLJR1utT3aU=
+-----END RSA PRIVATE KEY-----
+subject=/C=US/O=AT&T Bell Laboratories/OU=Prototype Research CA
+issuer= /C=US/O=AT&T Bell Laboratories/OU=Prototype Research CA
+notBefore=950413210656Z
+notAfter =970412210656Z
+-----BEGIN X509 CERTIFICATE-----
+
+MIICCDCCAXECAQAwDQYJKoZIhvcNAQEEBQAwTjELMAkGA1UEBhMCVVMxHzAdBgNV
+BAoUFkFUJlQgQmVsbCBMYWJvcmF0b3JpZXMxHjAcBgNVBAsUFVByb3RvdHlwZSBS
+ZXNlYXJjaCBDQTAeFw05NTA0MTMyMTA2NTZaFw05NzA0MTIyMTA2NTZaME4xCzAJ
+BgNVBAYTAlVTMR8wHQYDVQQKFBZBVCZUIEJlbGwgTGFib3JhdG9yaWVzMR4wHAYD
+VQQLFBVQcm90b3R5cGUgUmVzZWFyY2ggQ0EwgZwwDQYJKoZIhvcNAQEBBQADgYoA
+MIGGAoGAebOmgtSCl+wCYZc86UGYeTLY8cjmW2P0FN8ToT/u2pECCoFdrlycX0OR
+3wt0ZhpFXLVNeDnHwEE9veNUih7pCL2ZBFqoIoQkB1lZmXRiVtjGonz8BLm/qrFM
+YHb0lme/Ol+s118mwKVxnn6bSAeI/OXKhLaVdYZWk+aEaxEDkVkCAQ8wDQYJKoZI
+hvcNAQEEBQADgYEAAZMG14lZmZ8bahkaHaTV9dQf4p2FZiQTFwHP9ZyGsXPC+LT5
+dG5iTaRmyjNIJdPWohZDl97kAci79aBndvuEvRKOjLHs3WRGBIwERnAcnY9Mz8u/
+zIHK23PjYVxGGaZd669OJwD0CYyqH22HH9nFUGaoJdsv39ChW0NRdLE9+y8=
+-----END X509 CERTIFICATE-----
+issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
+subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
+-----BEGIN CERTIFICATE-----
+MIICJjCCAY8CAQAwDQYJKoZIhvcNAQEEBQAwXDELMAkGA1UEBhMCQVUxEzARBgNV
+BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYD
+VQQDExNUZXN0IFBDQSAoMTAyNCBiaXQpMB4XDTk3MDYwOTEzNTc0M1oXDTAxMDYw
+OTEzNTc0M1owWzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxGjAY
+BgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYDVQQDExJUZXN0IENBICgxMDI0
+IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKO7o8t116VP6cgybTsZ
+DCZhr95nYlZuya3aCi1IKoztqwWnjbmDFIriOqGFPrZQ+moMETC9D59iRW/dFXSv
+1F65ka/XY2hLh9exCCo7XuUcDs53Qp3bI3AmMqHjgzE8oO3ajyJAzJkTTOUecQU2
+mw/gI4tMM0LqWMQS7luTy4+xAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAM7achv3v
+hLQJcv/65eGEpBXM40ZDVoFQFFJWaY5p883HTqLB1x4FdzsXHH0QKBTcKpWwqyu4
+YDm3fb8oDugw72bCzfyZK/zVZPR/hVlqI/fvU109Qoc+7oPvIXWky71HfcK6ZBCA
+q30KIqGM/uoM60INq97qjDmCJapagcNBGQs=
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQCju6PLddelT+nIMm07GQwmYa/eZ2JWbsmt2gotSCqM7asFp425
+gxSK4jqhhT62UPpqDBEwvQ+fYkVv3RV0r9ReuZGv12NoS4fXsQgqO17lHA7Od0Kd
+2yNwJjKh44MxPKDt2o8iQMyZE0zlHnEFNpsP4COLTDNC6ljEEu5bk8uPsQIDAQAB
+AoGAVZmpFZsDZfr0l2S9tLLwpjRWNOlKATQkno6q2WesT0eGLQufTciY+c8ypfU6
+hyio8r5iUl/VhhdjhAtKx1mRpiotftHo/eYf8rtsrnprOnWG0bWjLjtIoMbcxGn2
+J3bN6LJmbJMjDs0eJ3KnTu646F3nDUw2oGAwmpzKXA1KAP0CQQDRvQhxk2D3Pehs
+HvG665u2pB5ipYQngEFlZO7RHJZzJOZEWSLuuMqaF/7pTfA5jiBvWqCgJeCRRInL
+21ru4dlPAkEAx9jj7BgKn5TYnMoBSSe0afjsV9oApVpN1Nacb1YDtCwy+scp3++s
+nFxlv98wxIlSdpwMUn+AUWfjiWR7Tu/G/wJBAJ/KjwZIrFVxewP0x2ILYsTRYLzz
+MS4PDsO7FB+I0i7DbBOifXS2oNSpd3I0CNMwrxFnUHzynpbOStVfN3ZL5w0CQQCa
+pwFahxBRhkJKsxhjoFJBX9yl75JoY4Wvm5Tbo9ih6UJaRx3kqfkN14L2BKYcsZgb
+KY9vmDOYy6iNfjDeWTfJAkBkfPUb8oTJ/nSP5zN6sqGxSY4krc4xLxpRmxoJ8HL2
+XfhqXkTzbU13RX9JJ/NZ8vQN9Vm2NhxRGJocQkmcdVtJ
+-----END RSA PRIVATE KEY-----
+-----BEGIN X509 CERTIFICATE-----
+MIICYDCCAiACAgEoMAkGBSsOAwINBQAwfDELMAkGA1UEBhMCVVMxNjA0BgNVBAoT
+LU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFuZCBTcGFjZSBBZG1pbmlzdHJhdGlvbjEZ
+MBcGA1UECxMQVGVzdCBFbnZpcm9ubWVudDEaMBgGA1UECxMRRFNTLU5BU0EtUGls
+b3QtQ0EwHhcNOTYwMjI2MTYzMjQ1WhcNOTcwMjI1MTYzMjQ1WjB8MQswCQYDVQQG
+EwJVUzE2MDQGA1UEChMtTmF0aW9uYWwgQWVyb25hdXRpY3MgYW5kIFNwYWNlIEFk
+bWluaXN0cmF0aW9uMRkwFwYDVQQLExBUZXN0IEVudmlyb25tZW50MRowGAYDVQQL
+ExFEU1MtTkFTQS1QaWxvdC1DQTCB8jAJBgUrDgMCDAUAA4HkADCB4AJBAMA/ssKb
+hPNUG7ZlASfVwEJU21O5OyF/iyBzgHI1O8eOhJGUYO8cc8wDMjR508Mr9cp6Uhl/
+ZB7FV5GkLNEnRHYCQQDUEaSg45P2qrDwixTRhFhmWz5Nvc4lRFQ/42XPcchiJBLb
+bn3QK74T2IxY1yY+kCNq8XrIqf5fJJzIH0J/xUP3AhUAsg2wsQHfDGYk/BOSulX3
+fVd0geUCQQCzCFUQAh+ZkEmp5804cs6ZWBhrUAfnra8lJItYo9xPcXgdIfLfibcX
+R71UsyO77MRD7B0+Ag2tq794IleCVcEEMAkGBSsOAwINBQADLwAwLAIUUayDfreR
+Yh2WeU86/pHNdkUC1IgCFEfxe1f0oMpxJyrJ5XIxTi7vGdoK
+-----END X509 CERTIFICATE-----
+-----BEGIN X509 CERTIFICATE-----
+
+MIICGTCCAdgCAwCqTDAJBgUrDgMCDQUAMHwxCzAJBgNVBAYTAlVTMTYwNAYDVQQK
+Ey1OYXRpb25hbCBBZXJvbmF1dGljcyBhbmQgU3BhY2UgQWRtaW5pc3RyYXRpb24x
+GTAXBgNVBAsTEFRlc3QgRW52aXJvbm1lbnQxGjAYBgNVBAsTEURTUy1OQVNBLVBp
+bG90LUNBMB4XDTk2MDUxNDE3MDE0MVoXDTk3MDUxNDE3MDE0MVowMzELMAkGA1UE
+BhMCQVUxDzANBgNVBAoTBk1pbmNvbTETMBEGA1UEAxMKRXJpYyBZb3VuZzCB8jAJ
+BgUrDgMCDAUAA4HkADCB4AJBAKbfHz6vE6pXXMTpswtGUec2tvnfLJUsoxE9qs4+
+ObZX7LmLvragNPUeiTJx7UOWZ5DfBj6bXLc8eYne0lP1g3ACQQDUEaSg45P2qrDw
+ixTRhFhmWz5Nvc4lRFQ/42XPcchiJBLbbn3QK74T2IxY1yY+kCNq8XrIqf5fJJzI
+H0J/xUP3AhUAsg2wsQHfDGYk/BOSulX3fVd0geUCQQCzCFUQAh+ZkEmp5804cs6Z
+WBhrUAfnra8lJItYo9xPcXgdIfLfibcXR71UsyO77MRD7B0+Ag2tq794IleCVcEE
+MAkGBSsOAwINBQADMAAwLQIUWsuuJRE3VT4ueWkWMAJMJaZjj1ECFQCYY0zX4bzM
+LC7obsrHD8XAHG+ZRG==
+-----END X509 CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICTTCCAbagAwIBAgIBADANBgkqhkiG9w0BAQQFADBMMQswCQYDVQQGEwJHQjEM
+MAoGA1UEChMDVUNMMRgwFgYDVQQLEw9JQ0UtVEVMIFByb2plY3QxFTATBgNVBAMT
+DFRydXN0RmFjdG9yeTAeFw05NzA0MjIxNDM5MTRaFw05ODA0MjIxNDM5MTRaMEwx
+CzAJBgNVBAYTAkdCMQwwCgYDVQQKEwNVQ0wxGDAWBgNVBAsTD0lDRS1URUwgUHJv
+amVjdDEVMBMGA1UEAxMMVHJ1c3RGYWN0b3J5MIGcMAoGBFUIAQECAgQAA4GNADCB
+iQKBgQCEieR8NcXkUW1f0G6aC6u0i8q/98JqS6RxK5YmHIGKCkuTWAUjzLfUa4dt
+U9igGCjTuxaDqlzEim+t/02pmiBZT9HaX++35MjQPUWmsChcYU5WyzGErXi+rQaw
+zlwS73zM8qiPj/97lXYycWhgL0VaiDSPxRXEUdWoaGruom4mNQIDAQABo0IwQDAd
+BgNVHQ4EFgQUHal1LZr7oVg5z6lYzrhTgZRCmcUwDgYDVR0PAQH/BAQDAgH2MA8G
+A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAfaggfl6FZoioecjv0dq8
+/DXo/u11iMZvXn08gjX/zl2b4wtPbShOSY5FhkSm8GeySasz+/Nwb/uzfnIhokWi
+lfPZHtlCWtXbIy/TN51eJyq04ceDCQDWvLC2enVg9KB+GJ34b5c5VaPRzq8MBxsA
+S7ELuYGtmYgYm9NZOIr7yU0=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIB6jCCAZQCAgEtMA0GCSqGSIb3DQEBBAUAMIGAMQswCQYDVQQGEwJVUzE2MDQG
+A1UEChMtTmF0aW9uYWwgQWVyb25hdXRpY3MgYW5kIFNwYWNlIEFkbWluaXN0cmF0
+aW9uMRkwFwYDVQQLExBUZXN0IEVudmlyb25tZW50MR4wHAYDVQQLExVNRDUtUlNB
+LU5BU0EtUGlsb3QtQ0EwHhcNOTYwNDMwMjIwNTAwWhcNOTcwNDMwMjIwNTAwWjCB
+gDELMAkGA1UEBhMCVVMxNjA0BgNVBAoTLU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFu
+ZCBTcGFjZSBBZG1pbmlzdHJhdGlvbjEZMBcGA1UECxMQVGVzdCBFbnZpcm9ubWVu
+dDEeMBwGA1UECxMVTUQ1LVJTQS1OQVNBLVBpbG90LUNBMFkwCgYEVQgBAQICAgAD
+SwAwSAJBALmmX5+GqAvcrWK13rfDrNX9UfeA7f+ijyBgeFQjYUoDpFqapw4nzQBL
+bAXug8pKkRwa2Zh8YODhXsRWu2F/UckCAwEAATANBgkqhkiG9w0BAQQFAANBAH9a
+OBA+QCsjxXgnSqHx04gcU8S49DVUb1f2XVoLnHlIb8RnX0k5O6mpHT5eti9bLkiW
+GJNMJ4L0AJ/ac+SmHZc=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICajCCAdMCBDGA0QUwDQYJKoZIhvcNAQEEBQAwfTELMAkGA1UEBhMCQ2ExDzAN
+BgNVBAcTBk5lcGVhbjEeMBwGA1UECxMVTm8gTGlhYmlsaXR5IEFjY2VwdGVkMR8w
+HQYDVQQKExZGb3IgRGVtbyBQdXJwb3NlcyBPbmx5MRwwGgYDVQQDExNFbnRydXN0
+IERlbW8gV2ViIENBMB4XDTk2MDQyNjEzMzUwMVoXDTA2MDQyNjEzMzUwMVowfTEL
+MAkGA1UEBhMCQ2ExDzANBgNVBAcTBk5lcGVhbjEeMBwGA1UECxMVTm8gTGlhYmls
+aXR5IEFjY2VwdGVkMR8wHQYDVQQKExZGb3IgRGVtbyBQdXJwb3NlcyBPbmx5MRww
+GgYDVQQDExNFbnRydXN0IERlbW8gV2ViIENBMIGdMA0GCSqGSIb3DQEBAQUAA4GL
+ADCBhwKBgQCaroS7O1DA0hm4IefNYU1cx/nqOmzEnk291d1XqznDeF4wEgakbkCc
+zTKxK791yNpXG5RmngqH7cygDRTHZJ6mfCRn0wGC+AI00F2vYTGqPGRQL1N3lZT0
+YDKFC0SQeMMjFIZ1aeQigroFQnHo0VB3zWIMpNkka8PY9lxHZAmWwQIBAzANBgkq
+hkiG9w0BAQQFAAOBgQBAx0UMVA1s54lMQyXjMX5kj99FJN5itb8bK1Rk+cegPQPF
+cWO9SEWyEjjBjIkjjzAwBkaEszFsNGxemxtXvwjIm1xEUMTVlPEWTs2qnDvAUA9W
+YqhWbhH0toGT36236QAsqCZ76rbTRVSSX2BHyJwJMG2tCRv7kRJ//NIgxj3H4w==
+-----END CERTIFICATE-----
+
+issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
+subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
+-----BEGIN CERTIFICATE-----
+MIICJzCCAZACAQAwDQYJKoZIhvcNAQEEBQAwXDELMAkGA1UEBhMCQVUxEzARBgNV
+BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYD
+VQQDExNUZXN0IFBDQSAoMTAyNCBiaXQpMB4XDTk3MDYwOTEzNTczN1oXDTAxMDYw
+OTEzNTczN1owXDELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxGjAY
+BgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYDVQQDExNUZXN0IFBDQSAoMTAy
+NCBiaXQpMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCdoWk/3+WcMlfjIrkg
+40ketmnQaEogQe1LLcuOJV6rKfUSAsPgwgsabJ/wn8TxA1yy3eKJbFl3OiUXMRsp
+22Jp85PmemiDzyUIStwk72qhp1imbANZvlmlCFKiQrjUyuDfu4TABmn+kkt3vR1Y
+BEOGt+IFye1UBVSATVdRJ2UVhwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBABNA1u/S
+Cg/LJZWb7GliiKJsvuhxlE4E5JxQF2zMub/CSNbF97//tYSyj96sxeFQxZXbcjm9
+xt6mr/xNLA4szNQMJ4P+L7b5e/jC5DSqlwS+CUYJgaFs/SP+qJoCSu1bR3IM9XWO
+cRBpDmcBbYLkSyB92WURvsZ1LtjEcn+cdQVI
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQCdoWk/3+WcMlfjIrkg40ketmnQaEogQe1LLcuOJV6rKfUSAsPg
+wgsabJ/wn8TxA1yy3eKJbFl3OiUXMRsp22Jp85PmemiDzyUIStwk72qhp1imbANZ
+vlmlCFKiQrjUyuDfu4TABmn+kkt3vR1YBEOGt+IFye1UBVSATVdRJ2UVhwIDAQAB
+AoGAba4fTtuap5l7/8ZsbE7Z1O32KJY4ZcOZukLOLUUhXxXduT+FTgGWujc0/rgc
+z9qYCLlNZHOouMYTgtSfYvuMuLZ11VIt0GYH+nRioLShE59Yy+zCRyC+gPigS1kz
+xvo14AsOIPYV14Tk/SsHyq6E0eTk7VzaIE197giiINUERPECQQDSKmtPTh/lRKw7
+HSZSM0I1mFWn/1zqrAbontRQY5w98QWIOe5qmzYyFbPXYT3d9BzlsMyhgiRNoBbD
+yvohSHXJAkEAwAHx6ezAZeWWzD5yXD36nyjpkVCw7Tk7TSmOceLJMWt1QcrCfqlS
+xA5jjpQ6Z8suU5DdtWAryM2sAir1WisYzwJAd6Zcx56jvAQ3xcPXsE6scBTVFzrj
+7FqZ6E+cclPzfLQ+QQsyOBE7bpI6e/FJppY26XGZXo3YGzV8IGXrt40oOQJALETG
+h86EFXo3qGOFbmsDy4pdP5nBERCu8X1xUCSfintiD4c2DInxgS5oGclnJeMcjTvL
+QjQoJCX3UJCi/OUO1QJBAKgcDHWjMvt+l1pjJBsSEZ0HX9AAIIVx0RQmbFGS+F2Q
+hhu5l77WnnZOQ9vvhV5u7NPCUF9nhU3jh60qWWO8mkc=
+-----END RSA PRIVATE KEY-----
+subject=/C=US/O=RSA Data Security, Inc./OU=Commercial Certification Authority
+issuer= /C=US/O=RSA Data Security, Inc./OU=Commercial Certification Authority
+notBefore=941104185834Z
+notAfter =991103185834Z
+-----BEGIN X509 CERTIFICATE-----
+
+MIICIzCCAZACBQJBAAAWMA0GCSqGSIb3DQEBAgUAMFwxCzAJBgNVBAYTAlVTMSAw
+HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjErMCkGA1UECxMiQ29tbWVy
+Y2lhbCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NDExMDQxODU4MzRaFw05
+OTExMDMxODU4MzRaMFwxCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0YSBT
+ZWN1cml0eSwgSW5jLjErMCkGA1UECxMiQ29tbWVyY2lhbCBDZXJ0aWZpY2F0aW9u
+IEF1dGhvcml0eTCBmzANBgkqhkiG9w0BAQEFAAOBiQAwgYUCfgCk+4Fie84QJ93o
+975sbsZwmdu41QUDaSiCnHJ/lj+O7Kwpkj+KFPhCdr69XQO5kNTQvAayUTNfxMK/
+touPmbZiImDd298ggrTKoi8tUO2UMt7gVY3UaOLgTNLNBRYulWZcYVI4HlGogqHE
+7yXpCuaLK44xZtn42f29O2nZ6wIDAQABMA0GCSqGSIb3DQEBAgUAA34AdrW2EP4j
+9/dZYkuwX5zBaLxJu7NJbyFHXSudVMQAKD+YufKKg5tgf+tQx6sFEC097TgCwaVI
+0v5loMC86qYjFmZsGySp8+x5NRhPJsjjr1BKx6cxa9B8GJ1Qv6km+iYrRpwUqbtb
+MJhCKLVLU7tDCZJAuqiqWqTGtotXTcU=
+-----END X509 CERTIFICATE-----
+subject=/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
+issuer= /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
+notBefore=941109235417Z
+notAfter =991231235417Z
+-----BEGIN X509 CERTIFICATE-----
+
+MIICKTCCAZYCBQJBAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMSAw
+HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UECxMlU2VjdXJl
+IFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NDExMDkyMzU0MTda
+Fw05OTEyMzEyMzU0MTdaMF8xCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0
+YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UECxMlU2VjdXJlIFNlcnZlciBDZXJ0aWZp
+Y2F0aW9uIEF1dGhvcml0eTCBmzANBgkqhkiG9w0BAQEFAAOBiQAwgYUCfgCSznrB
+roM+WqqJg1esJQF2DK2ujiw3zus1eGRUA+WEQFHJv48I4oqCCNIWhjdV6bEhAq12
+aIGaBaJLyUslZiJWbIgHj/eBWW2EB2VwE3F2Ppt3TONQiVaYSLkdpykaEy5KEVmc
+HhXVSVQsczppgrGXOZxtcGdI5d0t1sgeewIDAQABMA0GCSqGSIb3DQEBAgUAA34A
+iNHReSHO4ovo+MF9NFM/YYPZtgs4F7boviGNjwC4i1N+RGceIr2XJ+CchcxK9oU7
+suK+ktPlDemvXA4MRpX/oRxePug2WHpzpgr4IhFrwwk4fia7c+8AvQKk8xQNMD9h
+cHsg/jKjn7P0Z1LctO6EjJY2IN6BCINxIYoPnqk=
+-----END X509 CERTIFICATE-----
+subject=/C=ZA/SP=Western Cape/L=Cape Town/O=Thawte Consulting cc
+	/OU=Certification Services Division/CN=Thawte Server CA
+	/Email=server-certs@thawte.com
+issuer= /C=ZA/SP=Western Cape/L=Cape Town/O=Thawte Consulting cc
+	/OU=Certification Services Division/CN=Thawte Server CA
+	/Email=server-certs@thawte.com
+-----BEGIN CERTIFICATE-----
+MIIC+TCCAmICAQAwDQYJKoZIhvcNAQEEBQAwgcQxCzAJBgNVBAYTAlpBMRUwEwYD
+VQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsGA1UEChMU
+VGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2Vy
+dmljZXMgRGl2aXNpb24xGTAXBgNVBAMTEFRoYXd0ZSBTZXJ2ZXIgQ0ExJjAkBgkq
+hkiG9w0BCQEWF3NlcnZlci1jZXJ0c0B0aGF3dGUuY29tMB4XDTk2MDcyNzE4MDc1
+N1oXDTk4MDcyNzE4MDc1N1owgcQxCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0
+ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsGA1UEChMUVGhhd3RlIENv
+bnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2
+aXNpb24xGTAXBgNVBAMTEFRoYXd0ZSBTZXJ2ZXIgQ0ExJjAkBgkqhkiG9w0BCQEW
+F3NlcnZlci1jZXJ0c0B0aGF3dGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQDTpFBuyP9Wa+bPXbbqDGh1R6KqwtqEJfyo9EdR2oW1IHSUhh4PdcnpCGH1
+Bm0wbhUZAulSwGLbTZme4moMRDjN/r7jZAlwxf6xaym2L0nIO9QnBCUQly/nkG3A
+KEKZ10xD3sP1IW1Un13DWOHA5NlbsLjctHvfNjrCtWYiEtaHDQIDAQABMA0GCSqG
+SIb3DQEBBAUAA4GBAIsvn7ifX3RUIrvYXtpI4DOfARkTogwm6o7OwVdl93yFhDcX
+7h5t0XZ11MUAMziKdde3rmTvzUYIUCYoY5b032IwGMTvdiclK+STN6NP2m5nvFAM
+qJT5gC5O+j/jBuZRQ4i0AMYQr5F4lT8oBJnhgafw6PL8aDY2vMHGSPl9+7uf
+-----END CERTIFICATE-----
+
+-----BEGIN CERTIFICATE-----
+MIIDDTCCAnYCAQAwDQYJKoZIhvcNAQEEBQAwgc4xCzAJBgNVBAYTAlpBMRUwEwYD
+VQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsGA1UEChMU
+VGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2Vy
+dmljZXMgRGl2aXNpb24xITAfBgNVBAMTGFRoYXd0ZSBQcmVtaXVtIFNlcnZlciBD
+QTEoMCYGCSqGSIb3DQEJARYZcHJlbWl1bS1zZXJ2ZXJAdGhhd3RlLmNvbTAeFw05
+NjA3MjcxODA3MTRaFw05ODA3MjcxODA3MTRaMIHOMQswCQYDVQQGEwJaQTEVMBMG
+A1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xHTAbBgNVBAoT
+FFRoYXd0ZSBDb25zdWx0aW5nIGNjMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNl
+cnZpY2VzIERpdmlzaW9uMSEwHwYDVQQDExhUaGF3dGUgUHJlbWl1bSBTZXJ2ZXIg
+Q0ExKDAmBgkqhkiG9w0BCQEWGXByZW1pdW0tc2VydmVyQHRoYXd0ZS5jb20wgZ8w
+DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANI2NmqL18JbntqBQWKPOO5JBFXW0O8c
+G5UWR+8YSDU6UvQragaPOy/qVuOvho2eF/eetGV1Ak3vywmiIVHYm9Bn0LoNkgYU
+c9STy5cqAJxcTgy8+hVS/PJEbtoRSm4Iny8t4/mqOoZztkZTWMiJBb2DEbhzP6oH
+jfRCTedAnRw3AgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAutFIgTRZVYerIZfL9lvR
+w9Eifvvo5KTZ3h+Bj+VzNnyw4Qc/IyXkPOu6SIiH9LQ3sCmWBdxpe+qr4l77rLj2
+GYuMtESFfn1XVALzkYgC7JcPuTOjMfIiMByt+uFf8AV8x0IW/Qkuv+hEQcyM9vxK
+3VZdLbCVIhNoEsysrxCpxcI=
+-----END CERTIFICATE-----
+Tims test GCI CA
+
+-----BEGIN CERTIFICATE-----
+MIIB8DCCAZoCAQAwDQYJKoZIhvcNAQEEBQAwgYIxCzAJBgNVBAYTAkFVMRMwEQYD
+VQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5
+cHRTb2Z0IFB0eSBMdGQxFDASBgNVBAsTC2RldmVsb3BtZW50MRkwFwYDVQQDExBD
+cnlwdFNvZnQgRGV2IENBMB4XDTk3MDMyMjEzMzQwNFoXDTk4MDMyMjEzMzQwNFow
+gYIxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhC
+cmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxFDASBgNVBAsTC2Rl
+dmVsb3BtZW50MRkwFwYDVQQDExBDcnlwdFNvZnQgRGV2IENBMFwwDQYJKoZIhvcN
+AQEBBQADSwAwSAJBAOAOAqogG5QwAmLhzyO4CoRnx/wVy4NZP4dxJy83O1EnL0rw
+OdsamJKvPOLHgSXo3gDu9uVyvCf/QJmZAmC5ml8CAwEAATANBgkqhkiG9w0BAQQF
+AANBADRRS/GVdd7rAqRW6SdmgLJduOU2yq3avBu99kRqbp9A/dLu6r6jU+eP4oOA
+TfdbFZtAAD2Hx9jUtY3tfdrJOb8= 
+-----END CERTIFICATE-----
+
+-----BEGIN CERTIFICATE-----
+MIICVjCCAgACAQAwDQYJKoZIhvcNAQEEBQAwgbUxCzAJBgNVBAYTAkFVMRMwEQYD
+VQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5
+cHRTb2Z0IFB0eSBMdGQxLDAqBgNVBAsTI1dPUlRITEVTUyBDRVJUSUZJQ0FUSU9O
+IEFVVEhPUklUSUVTMTQwMgYDVQQDEytaRVJPIFZBTFVFIENBIC0gREVNT05TVFJB
+VElPTiBQVVJQT1NFUyBPTkxZMB4XDTk3MDQwMzEzMjI1NFoXDTk4MDQwMzEzMjI1
+NFowgbUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQH
+EwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxLDAqBgNVBAsT
+I1dPUlRITEVTUyBDRVJUSUZJQ0FUSU9OIEFVVEhPUklUSUVTMTQwMgYDVQQDEyta
+RVJPIFZBTFVFIENBIC0gREVNT05TVFJBVElPTiBQVVJQT1NFUyBPTkxZMFwwDQYJ
+KoZIhvcNAQEBBQADSwAwSAJBAOZ7T7yqP/tyspcko3yPY1y0Cm2EmwNvzW4QgVXR
+Fjs3HmJ4xtSpXdo6mwcGezL3Abt/aQXaxv9PU8xt+Jr0OFUCAwEAATANBgkqhkiG
+9w0BAQQFAANBAOQpYmGgyCqCy1OljgJhCqQOu627oVlHzK1L+t9vBaMfn40AVUR4
+WzQVWO31KTgi5vTK1U+3h46fgUWqQ0h+6rU=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIAwgKADAgECAgEAMA0GCSqGSIb3DQEBBAUAMGIxETAPBgNVBAcTCEludGVybmV0
+MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xh
+c3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjAeFw05NjA0MDgxMDIwMjda
+Fw05NzA0MDgxMDIwMjdaMGIxETAPBgNVBAcTCEludGVybmV0MRcwFQYDVQQKEw5W
+ZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xhc3MgMSBDQSAtIElu
+ZGl2aWR1YWwgU3Vic2NyaWJlcjCAMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2
+FKbPTdAFDdjKI9BvqrQpkmOOLPhvltcunXZLEbE2jVfJw/0cxrr+Hgi6M8qV6r7j
+W80GqLd5HUQq7XPysVKDaBBwZJHXPmv5912dFEObbpdFmIFH0S3L3bty10w/cari
+QPJUObwW7s987LrbP2wqsxaxhhKdrpM01bjV0Pc+qQIDAQABAAAAADANBgkqhkiG
+9w0BAQQFAAOBgQA+1nJryNt8VBRjRr07ArDAV/3jAH7GjDc9jsrxZS68ost9v06C
+TvTNKGL+LISNmFLXl+JXhgGB0JZ9fvyYzNgHQ46HBUng1H6voalfJgS2KdEo50wW
+8EFZYMDkT1k4uynwJqkVN2QJK/2q4/A/VCov5h6SlM8Affg2W+1TLqvqkwAA
+-----END CERTIFICATE-----
+
+ subject=/L=Internet/O=VeriSign, Inc./OU=VeriSign Class 2 CA - Individual Subscriber
+ issuer= /L=Internet/O=VeriSign, Inc./OU=VeriSign Class 2 CA - Individual Subscriber
+
+-----BEGIN CERTIFICATE-----
+MIIEkzCCA/ygAwIBAgIRANDTUpSRL3nTFeMrMayFSPAwDQYJKoZIhvcNAQECBQAw
+YjERMA8GA1UEBxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQw
+MgYDVQQLEytWZXJpU2lnbiBDbGFzcyAyIENBIC0gSW5kaXZpZHVhbCBTdWJzY3Jp
+YmVyMB4XDTk2MDYwNDAwMDAwMFoXDTk4MDYwNDIzNTk1OVowYjERMA8GA1UEBxMI
+SW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJp
+U2lnbiBDbGFzcyAyIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyMIGfMA0GCSqG
+SIb3DQEBAQUAA4GNADCBiQKBgQC6A+2czKGRcYMfm8gdnk+0de99TDDzsqo0v5nb
+RsbUmMcdRQ7nsMbRWe0SAb/9QoLTZ/cJ0iOBqdrkz7UpqqKarVoTSdlSMVM92tWp
+3bJncZHQD1t4xd6lQVdI1/T6R+5J0T1ukOdsI9Jmf+F28S6g3R3L1SFwiHKeZKZv
+z+793wIDAQABo4ICRzCCAkMwggIpBgNVHQMBAf8EggIdMIICGTCCAhUwggIRBgtg
+hkgBhvhFAQcBATCCAgAWggGrVGhpcyBjZXJ0aWZpY2F0ZSBpbmNvcnBvcmF0ZXMg
+YnkgcmVmZXJlbmNlLCBhbmQgaXRzIHVzZSBpcyBzdHJpY3RseSBzdWJqZWN0IHRv
+LCB0aGUgVmVyaVNpZ24gQ2VydGlmaWNhdGlvbiBQcmFjdGljZSBTdGF0ZW1lbnQg
+KENQUyksIGF2YWlsYWJsZSBhdDogaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL0NQ
+Uy0xLjA7IGJ5IEUtbWFpbCBhdCBDUFMtcmVxdWVzdHNAdmVyaXNpZ24uY29tOyBv
+ciBieSBtYWlsIGF0IFZlcmlTaWduLCBJbmMuLCAyNTkzIENvYXN0IEF2ZS4sIE1v
+dW50YWluIFZpZXcsIENBIDk0MDQzIFVTQSBUZWwuICsxICg0MTUpIDk2MS04ODMw
+IENvcHlyaWdodCAoYykgMTk5NiBWZXJpU2lnbiwgSW5jLiAgQWxsIFJpZ2h0cyBS
+ZXNlcnZlZC4gQ0VSVEFJTiBXQVJSQU5USUVTIERJU0NMQUlNRUQgYW5kIExJQUJJ
+TElUWSBMSU1JVEVELqAOBgxghkgBhvhFAQcBAQGhDgYMYIZIAYb4RQEHAQECMC8w
+LRYraHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTLTEuMDAU
+BglghkgBhvhCAQEBAf8EBAMCAgQwDQYJKoZIhvcNAQECBQADgYEApRJRkNBqLLgs
+53IR/d18ODdLOWMTZ+QOOxBrq460iBEdUwgF8vmPRX1ku7UiDeNzaLlurE6eFqHq
+2zPyK5j60zfTLVJMWKcQWwTJLjHtXrW8pxhNtFc6Fdvy5ZkHnC/9NIl7/t4U6WqB
+p4y+p7SdMIkEwIZfds0VbnQyX5MRUJY=
+-----END CERTIFICATE-----
+
+ subject=/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
+ issuer= /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
+-----BEGIN CERTIFICATE-----
+MIICMTCCAZoCBQKhAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcw
+FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMg
+UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NjAxMjkwMDAwMDBa
+Fw05OTEyMzEyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2ln
+biwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZp
+Y2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyVxZ
+nvIbigEUtBDfBEDb41evakVAj4QMC9Ez2dkRz+4CWB8l9yqoRAWq7AMfeH+ek7ma
+AKojfdashaJjRcdyJ8z0TMZ1cdI5709C8HXfCpDGjiBvmA/4rCNfcCk2pMmG57Ga
+IMtTpYXnPb59mv4kRTPcdhXtD6JxZExlLoFoRacCAwEAATANBgkqhkiG9w0BAQIF
+AAOBgQB1Zmw+0c2B27X4LzZRtvdCvM1Cr9wO+hVs+GeTVzrrtpLotgHKjLeOQ7RJ
+Zfk+7r11Ri7J/CVdqMcvi5uPaM+0nJcYwE3vH9mvgrPmZLiEXIqaB1JDYft0nls6
+NvxMsvwaPxUupVs8G5DsiCnkWRb5zget7Ond2tIxik/W2O8XjQ==
+-----END CERTIFICATE-----
+ subject=/C=US/O=VeriSign, Inc./OU=Class 4 Public Primary Certification Authority
+ issuer= /C=US/O=VeriSign, Inc./OU=Class 4 Public Primary Certification Authority
+-----BEGIN CERTIFICATE-----
+MIICMTCCAZoCBQKmAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcw
+FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgNCBQdWJsaWMg
+UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NjAxMjkwMDAwMDBa
+Fw05OTEyMzEyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2ln
+biwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgNCBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZp
+Y2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0LJ1
+9njQrlpQ9OlQqZ+M1++RlHDo0iSQdomF1t+s5gEXMoDwnZNHvJplnR+Xrr/phnVj
+IIm9gFidBAydqMEk6QvlMXi9/C0MN2qeeIDpRnX57aP7E3vIwUzSo+/1PLBij0pd
+O92VZ48TucE81qcmm+zDO3rZTbxtm+gVAePwR6kCAwEAATANBgkqhkiG9w0BAQIF
+AAOBgQBT3dPwnCR+QKri/AAa19oM/DJhuBUNlvP6Vxt/M3yv6ZiaYch6s7f/sdyZ
+g9ysEvxwyR84Qu1E9oAuW2szaayc01znX1oYx7EteQSWQZGZQbE8DbqEOcY7l/Am
+yY7uvcxClf8exwI/VAx49byqYHwCaejcrOICdmHEPgPq0ook0Q==
+-----END CERTIFICATE-----
diff --git a/crypto/openssl/apps/server.srl b/crypto/openssl/apps/server.srl
new file mode 100644
index 000000000000..8a0f05e166aa
--- /dev/null
+++ b/crypto/openssl/apps/server.srl
@@ -0,0 +1 @@
+01
diff --git a/crypto/openssl/apps/server2.pem b/crypto/openssl/apps/server2.pem
new file mode 100644
index 000000000000..8bb664194edc
--- /dev/null
+++ b/crypto/openssl/apps/server2.pem
@@ -0,0 +1,376 @@
+issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
+subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Server test cert (1024 bit)
+-----BEGIN CERTIFICATE-----
+MIICLjCCAZcCAQEwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV
+BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD
+VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNOTcwNjA5MTM1NzU0WhcNOTgwNjA5
+MTM1NzU0WjBkMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG
+A1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxJDAiBgNVBAMTG1NlcnZlciB0ZXN0IGNl
+cnQgKDEwMjQgYml0KTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAsxH1PBPm
+RkxrR11eV4bzNi4N9n11CI8nV29+ARlT1+qDe/mjVUvXlmsr1v/vf71G9GgqopSa
+6RXrICLVdk/FYYYzhPvl1M+OrjaXDFO8BzBAF1Lnz6c7aRZvGRJNrRSr2nZEkqDf
+JW9dY7r2VZEpD5QeuaRYUnuECkqeieB65GMCAwEAATANBgkqhkiG9w0BAQQFAAOB
+gQCWsOta6C0wiVzXz8wPmJKyTrurMlgUss2iSuW9366iwofZddsNg7FXniMzkIf6
+dp7jnmWZwKZ9cXsNUS2o4OL07qOk2HOywC0YsNZQsOBu1CBTYYkIefDiKFL1zQHh
+8lwwNd4NP+OE3NzUNkCfh4DnFfg9WHkXUlD5UpxNRJ4gJA==
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIICXgIBAAKBgQCzEfU8E+ZGTGtHXV5XhvM2Lg32fXUIjydXb34BGVPX6oN7+aNV
+S9eWayvW/+9/vUb0aCqilJrpFesgItV2T8VhhjOE++XUz46uNpcMU7wHMEAXUufP
+pztpFm8ZEk2tFKvadkSSoN8lb11juvZVkSkPlB65pFhSe4QKSp6J4HrkYwIDAQAB
+AoGBAKy8jvb0Lzby8q11yNLf7+78wCVdYi7ugMHcYA1JVFK8+zb1WfSm44FLQo/0
+dSChAjgz36TTexeLODPYxleJndjVcOMVzsLJjSM8dLpXsTS4FCeMbhw2s2u+xqKY
+bbPWfk+HOTyJjfnkcC5Nbg44eOmruq0gSmBeUXVM5UntlTnxAkEA7TGCA3h7kx5E
+Bl4zl2pc3gPAGt+dyfk5Po9mGJUUXhF5p2zueGmYWW74TmOWB1kzt4QRdYMzFePq
+zfDNXEa1CwJBAMFErdY0xp0UJ13WwBbUTk8rujqQdHtjw0klhpbuKkjxu2hN0wwM
+6p0D9qxF7JHaghqVRI0fAW/EE0OzdHMR9QkCQQDNR26dMFXKsoPu+vItljj/UEGf
+QG7gERiQ4yxaFBPHgdpGo0kT31eh9x9hQGDkxTe0GNG/YSgCRvm8+C3TMcKXAkBD
+dhGn36wkUFCddMSAM4NSJ1VN8/Z0y5HzCmI8dM3VwGtGMUQlxKxwOl30LEQzdS5M
+0SWojNYXiT2gOBfBwtbhAkEAhafl5QEOIgUz+XazS/IlZ8goNKdDVfYgK3mHHjvv
+nY5G+AuGebdNkXJr4KSWxDcN+C2i47zuj4QXA16MAOandA==
+-----END RSA PRIVATE KEY-----
+subject=/C=US/O=AT&T Bell Laboratories/OU=Prototype Research CA
+issuer= /C=US/O=AT&T Bell Laboratories/OU=Prototype Research CA
+notBefore=950413210656Z
+notAfter =970412210656Z
+-----BEGIN X509 CERTIFICATE-----
+
+MIICCDCCAXECAQAwDQYJKoZIhvcNAQEEBQAwTjELMAkGA1UEBhMCVVMxHzAdBgNV
+BAoUFkFUJlQgQmVsbCBMYWJvcmF0b3JpZXMxHjAcBgNVBAsUFVByb3RvdHlwZSBS
+ZXNlYXJjaCBDQTAeFw05NTA0MTMyMTA2NTZaFw05NzA0MTIyMTA2NTZaME4xCzAJ
+BgNVBAYTAlVTMR8wHQYDVQQKFBZBVCZUIEJlbGwgTGFib3JhdG9yaWVzMR4wHAYD
+VQQLFBVQcm90b3R5cGUgUmVzZWFyY2ggQ0EwgZwwDQYJKoZIhvcNAQEBBQADgYoA
+MIGGAoGAebOmgtSCl+wCYZc86UGYeTLY8cjmW2P0FN8ToT/u2pECCoFdrlycX0OR
+3wt0ZhpFXLVNeDnHwEE9veNUih7pCL2ZBFqoIoQkB1lZmXRiVtjGonz8BLm/qrFM
+YHb0lme/Ol+s118mwKVxnn6bSAeI/OXKhLaVdYZWk+aEaxEDkVkCAQ8wDQYJKoZI
+hvcNAQEEBQADgYEAAZMG14lZmZ8bahkaHaTV9dQf4p2FZiQTFwHP9ZyGsXPC+LT5
+dG5iTaRmyjNIJdPWohZDl97kAci79aBndvuEvRKOjLHs3WRGBIwERnAcnY9Mz8u/
+zIHK23PjYVxGGaZd669OJwD0CYyqH22HH9nFUGaoJdsv39ChW0NRdLE9+y8=
+-----END X509 CERTIFICATE-----
+issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
+subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
+-----BEGIN CERTIFICATE-----
+MIICJjCCAY8CAQAwDQYJKoZIhvcNAQEEBQAwXDELMAkGA1UEBhMCQVUxEzARBgNV
+BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYD
+VQQDExNUZXN0IFBDQSAoMTAyNCBiaXQpMB4XDTk3MDYwOTEzNTc0M1oXDTAxMDYw
+OTEzNTc0M1owWzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxGjAY
+BgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYDVQQDExJUZXN0IENBICgxMDI0
+IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKO7o8t116VP6cgybTsZ
+DCZhr95nYlZuya3aCi1IKoztqwWnjbmDFIriOqGFPrZQ+moMETC9D59iRW/dFXSv
+1F65ka/XY2hLh9exCCo7XuUcDs53Qp3bI3AmMqHjgzE8oO3ajyJAzJkTTOUecQU2
+mw/gI4tMM0LqWMQS7luTy4+xAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAM7achv3v
+hLQJcv/65eGEpBXM40ZDVoFQFFJWaY5p883HTqLB1x4FdzsXHH0QKBTcKpWwqyu4
+YDm3fb8oDugw72bCzfyZK/zVZPR/hVlqI/fvU109Qoc+7oPvIXWky71HfcK6ZBCA
+q30KIqGM/uoM60INq97qjDmCJapagcNBGQs=
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQCju6PLddelT+nIMm07GQwmYa/eZ2JWbsmt2gotSCqM7asFp425
+gxSK4jqhhT62UPpqDBEwvQ+fYkVv3RV0r9ReuZGv12NoS4fXsQgqO17lHA7Od0Kd
+2yNwJjKh44MxPKDt2o8iQMyZE0zlHnEFNpsP4COLTDNC6ljEEu5bk8uPsQIDAQAB
+AoGAVZmpFZsDZfr0l2S9tLLwpjRWNOlKATQkno6q2WesT0eGLQufTciY+c8ypfU6
+hyio8r5iUl/VhhdjhAtKx1mRpiotftHo/eYf8rtsrnprOnWG0bWjLjtIoMbcxGn2
+J3bN6LJmbJMjDs0eJ3KnTu646F3nDUw2oGAwmpzKXA1KAP0CQQDRvQhxk2D3Pehs
+HvG665u2pB5ipYQngEFlZO7RHJZzJOZEWSLuuMqaF/7pTfA5jiBvWqCgJeCRRInL
+21ru4dlPAkEAx9jj7BgKn5TYnMoBSSe0afjsV9oApVpN1Nacb1YDtCwy+scp3++s
+nFxlv98wxIlSdpwMUn+AUWfjiWR7Tu/G/wJBAJ/KjwZIrFVxewP0x2ILYsTRYLzz
+MS4PDsO7FB+I0i7DbBOifXS2oNSpd3I0CNMwrxFnUHzynpbOStVfN3ZL5w0CQQCa
+pwFahxBRhkJKsxhjoFJBX9yl75JoY4Wvm5Tbo9ih6UJaRx3kqfkN14L2BKYcsZgb
+KY9vmDOYy6iNfjDeWTfJAkBkfPUb8oTJ/nSP5zN6sqGxSY4krc4xLxpRmxoJ8HL2
+XfhqXkTzbU13RX9JJ/NZ8vQN9Vm2NhxRGJocQkmcdVtJ
+-----END RSA PRIVATE KEY-----
+-----BEGIN X509 CERTIFICATE-----
+MIICYDCCAiACAgEoMAkGBSsOAwINBQAwfDELMAkGA1UEBhMCVVMxNjA0BgNVBAoT
+LU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFuZCBTcGFjZSBBZG1pbmlzdHJhdGlvbjEZ
+MBcGA1UECxMQVGVzdCBFbnZpcm9ubWVudDEaMBgGA1UECxMRRFNTLU5BU0EtUGls
+b3QtQ0EwHhcNOTYwMjI2MTYzMjQ1WhcNOTcwMjI1MTYzMjQ1WjB8MQswCQYDVQQG
+EwJVUzE2MDQGA1UEChMtTmF0aW9uYWwgQWVyb25hdXRpY3MgYW5kIFNwYWNlIEFk
+bWluaXN0cmF0aW9uMRkwFwYDVQQLExBUZXN0IEVudmlyb25tZW50MRowGAYDVQQL
+ExFEU1MtTkFTQS1QaWxvdC1DQTCB8jAJBgUrDgMCDAUAA4HkADCB4AJBAMA/ssKb
+hPNUG7ZlASfVwEJU21O5OyF/iyBzgHI1O8eOhJGUYO8cc8wDMjR508Mr9cp6Uhl/
+ZB7FV5GkLNEnRHYCQQDUEaSg45P2qrDwixTRhFhmWz5Nvc4lRFQ/42XPcchiJBLb
+bn3QK74T2IxY1yY+kCNq8XrIqf5fJJzIH0J/xUP3AhUAsg2wsQHfDGYk/BOSulX3
+fVd0geUCQQCzCFUQAh+ZkEmp5804cs6ZWBhrUAfnra8lJItYo9xPcXgdIfLfibcX
+R71UsyO77MRD7B0+Ag2tq794IleCVcEEMAkGBSsOAwINBQADLwAwLAIUUayDfreR
+Yh2WeU86/pHNdkUC1IgCFEfxe1f0oMpxJyrJ5XIxTi7vGdoK
+-----END X509 CERTIFICATE-----
+-----BEGIN X509 CERTIFICATE-----
+
+MIICGTCCAdgCAwCqTDAJBgUrDgMCDQUAMHwxCzAJBgNVBAYTAlVTMTYwNAYDVQQK
+Ey1OYXRpb25hbCBBZXJvbmF1dGljcyBhbmQgU3BhY2UgQWRtaW5pc3RyYXRpb24x
+GTAXBgNVBAsTEFRlc3QgRW52aXJvbm1lbnQxGjAYBgNVBAsTEURTUy1OQVNBLVBp
+bG90LUNBMB4XDTk2MDUxNDE3MDE0MVoXDTk3MDUxNDE3MDE0MVowMzELMAkGA1UE
+BhMCQVUxDzANBgNVBAoTBk1pbmNvbTETMBEGA1UEAxMKRXJpYyBZb3VuZzCB8jAJ
+BgUrDgMCDAUAA4HkADCB4AJBAKbfHz6vE6pXXMTpswtGUec2tvnfLJUsoxE9qs4+
+ObZX7LmLvragNPUeiTJx7UOWZ5DfBj6bXLc8eYne0lP1g3ACQQDUEaSg45P2qrDw
+ixTRhFhmWz5Nvc4lRFQ/42XPcchiJBLbbn3QK74T2IxY1yY+kCNq8XrIqf5fJJzI
+H0J/xUP3AhUAsg2wsQHfDGYk/BOSulX3fVd0geUCQQCzCFUQAh+ZkEmp5804cs6Z
+WBhrUAfnra8lJItYo9xPcXgdIfLfibcXR71UsyO77MRD7B0+Ag2tq794IleCVcEE
+MAkGBSsOAwINBQADMAAwLQIUWsuuJRE3VT4ueWkWMAJMJaZjj1ECFQCYY0zX4bzM
+LC7obsrHD8XAHG+ZRG==
+-----END X509 CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICTTCCAbagAwIBAgIBADANBgkqhkiG9w0BAQQFADBMMQswCQYDVQQGEwJHQjEM
+MAoGA1UEChMDVUNMMRgwFgYDVQQLEw9JQ0UtVEVMIFByb2plY3QxFTATBgNVBAMT
+DFRydXN0RmFjdG9yeTAeFw05NzA0MjIxNDM5MTRaFw05ODA0MjIxNDM5MTRaMEwx
+CzAJBgNVBAYTAkdCMQwwCgYDVQQKEwNVQ0wxGDAWBgNVBAsTD0lDRS1URUwgUHJv
+amVjdDEVMBMGA1UEAxMMVHJ1c3RGYWN0b3J5MIGcMAoGBFUIAQECAgQAA4GNADCB
+iQKBgQCEieR8NcXkUW1f0G6aC6u0i8q/98JqS6RxK5YmHIGKCkuTWAUjzLfUa4dt
+U9igGCjTuxaDqlzEim+t/02pmiBZT9HaX++35MjQPUWmsChcYU5WyzGErXi+rQaw
+zlwS73zM8qiPj/97lXYycWhgL0VaiDSPxRXEUdWoaGruom4mNQIDAQABo0IwQDAd
+BgNVHQ4EFgQUHal1LZr7oVg5z6lYzrhTgZRCmcUwDgYDVR0PAQH/BAQDAgH2MA8G
+A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAfaggfl6FZoioecjv0dq8
+/DXo/u11iMZvXn08gjX/zl2b4wtPbShOSY5FhkSm8GeySasz+/Nwb/uzfnIhokWi
+lfPZHtlCWtXbIy/TN51eJyq04ceDCQDWvLC2enVg9KB+GJ34b5c5VaPRzq8MBxsA
+S7ELuYGtmYgYm9NZOIr7yU0=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIB6jCCAZQCAgEtMA0GCSqGSIb3DQEBBAUAMIGAMQswCQYDVQQGEwJVUzE2MDQG
+A1UEChMtTmF0aW9uYWwgQWVyb25hdXRpY3MgYW5kIFNwYWNlIEFkbWluaXN0cmF0
+aW9uMRkwFwYDVQQLExBUZXN0IEVudmlyb25tZW50MR4wHAYDVQQLExVNRDUtUlNB
+LU5BU0EtUGlsb3QtQ0EwHhcNOTYwNDMwMjIwNTAwWhcNOTcwNDMwMjIwNTAwWjCB
+gDELMAkGA1UEBhMCVVMxNjA0BgNVBAoTLU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFu
+ZCBTcGFjZSBBZG1pbmlzdHJhdGlvbjEZMBcGA1UECxMQVGVzdCBFbnZpcm9ubWVu
+dDEeMBwGA1UECxMVTUQ1LVJTQS1OQVNBLVBpbG90LUNBMFkwCgYEVQgBAQICAgAD
+SwAwSAJBALmmX5+GqAvcrWK13rfDrNX9UfeA7f+ijyBgeFQjYUoDpFqapw4nzQBL
+bAXug8pKkRwa2Zh8YODhXsRWu2F/UckCAwEAATANBgkqhkiG9w0BAQQFAANBAH9a
+OBA+QCsjxXgnSqHx04gcU8S49DVUb1f2XVoLnHlIb8RnX0k5O6mpHT5eti9bLkiW
+GJNMJ4L0AJ/ac+SmHZc=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICajCCAdMCBDGA0QUwDQYJKoZIhvcNAQEEBQAwfTELMAkGA1UEBhMCQ2ExDzAN
+BgNVBAcTBk5lcGVhbjEeMBwGA1UECxMVTm8gTGlhYmlsaXR5IEFjY2VwdGVkMR8w
+HQYDVQQKExZGb3IgRGVtbyBQdXJwb3NlcyBPbmx5MRwwGgYDVQQDExNFbnRydXN0
+IERlbW8gV2ViIENBMB4XDTk2MDQyNjEzMzUwMVoXDTA2MDQyNjEzMzUwMVowfTEL
+MAkGA1UEBhMCQ2ExDzANBgNVBAcTBk5lcGVhbjEeMBwGA1UECxMVTm8gTGlhYmls
+aXR5IEFjY2VwdGVkMR8wHQYDVQQKExZGb3IgRGVtbyBQdXJwb3NlcyBPbmx5MRww
+GgYDVQQDExNFbnRydXN0IERlbW8gV2ViIENBMIGdMA0GCSqGSIb3DQEBAQUAA4GL
+ADCBhwKBgQCaroS7O1DA0hm4IefNYU1cx/nqOmzEnk291d1XqznDeF4wEgakbkCc
+zTKxK791yNpXG5RmngqH7cygDRTHZJ6mfCRn0wGC+AI00F2vYTGqPGRQL1N3lZT0
+YDKFC0SQeMMjFIZ1aeQigroFQnHo0VB3zWIMpNkka8PY9lxHZAmWwQIBAzANBgkq
+hkiG9w0BAQQFAAOBgQBAx0UMVA1s54lMQyXjMX5kj99FJN5itb8bK1Rk+cegPQPF
+cWO9SEWyEjjBjIkjjzAwBkaEszFsNGxemxtXvwjIm1xEUMTVlPEWTs2qnDvAUA9W
+YqhWbhH0toGT36236QAsqCZ76rbTRVSSX2BHyJwJMG2tCRv7kRJ//NIgxj3H4w==
+-----END CERTIFICATE-----
+
+issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
+subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
+-----BEGIN CERTIFICATE-----
+MIICJzCCAZACAQAwDQYJKoZIhvcNAQEEBQAwXDELMAkGA1UEBhMCQVUxEzARBgNV
+BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYD
+VQQDExNUZXN0IFBDQSAoMTAyNCBiaXQpMB4XDTk3MDYwOTEzNTczN1oXDTAxMDYw
+OTEzNTczN1owXDELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxGjAY
+BgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYDVQQDExNUZXN0IFBDQSAoMTAy
+NCBiaXQpMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCdoWk/3+WcMlfjIrkg
+40ketmnQaEogQe1LLcuOJV6rKfUSAsPgwgsabJ/wn8TxA1yy3eKJbFl3OiUXMRsp
+22Jp85PmemiDzyUIStwk72qhp1imbANZvlmlCFKiQrjUyuDfu4TABmn+kkt3vR1Y
+BEOGt+IFye1UBVSATVdRJ2UVhwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBABNA1u/S
+Cg/LJZWb7GliiKJsvuhxlE4E5JxQF2zMub/CSNbF97//tYSyj96sxeFQxZXbcjm9
+xt6mr/xNLA4szNQMJ4P+L7b5e/jC5DSqlwS+CUYJgaFs/SP+qJoCSu1bR3IM9XWO
+cRBpDmcBbYLkSyB92WURvsZ1LtjEcn+cdQVI
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQCdoWk/3+WcMlfjIrkg40ketmnQaEogQe1LLcuOJV6rKfUSAsPg
+wgsabJ/wn8TxA1yy3eKJbFl3OiUXMRsp22Jp85PmemiDzyUIStwk72qhp1imbANZ
+vlmlCFKiQrjUyuDfu4TABmn+kkt3vR1YBEOGt+IFye1UBVSATVdRJ2UVhwIDAQAB
+AoGAba4fTtuap5l7/8ZsbE7Z1O32KJY4ZcOZukLOLUUhXxXduT+FTgGWujc0/rgc
+z9qYCLlNZHOouMYTgtSfYvuMuLZ11VIt0GYH+nRioLShE59Yy+zCRyC+gPigS1kz
+xvo14AsOIPYV14Tk/SsHyq6E0eTk7VzaIE197giiINUERPECQQDSKmtPTh/lRKw7
+HSZSM0I1mFWn/1zqrAbontRQY5w98QWIOe5qmzYyFbPXYT3d9BzlsMyhgiRNoBbD
+yvohSHXJAkEAwAHx6ezAZeWWzD5yXD36nyjpkVCw7Tk7TSmOceLJMWt1QcrCfqlS
+xA5jjpQ6Z8suU5DdtWAryM2sAir1WisYzwJAd6Zcx56jvAQ3xcPXsE6scBTVFzrj
+7FqZ6E+cclPzfLQ+QQsyOBE7bpI6e/FJppY26XGZXo3YGzV8IGXrt40oOQJALETG
+h86EFXo3qGOFbmsDy4pdP5nBERCu8X1xUCSfintiD4c2DInxgS5oGclnJeMcjTvL
+QjQoJCX3UJCi/OUO1QJBAKgcDHWjMvt+l1pjJBsSEZ0HX9AAIIVx0RQmbFGS+F2Q
+hhu5l77WnnZOQ9vvhV5u7NPCUF9nhU3jh60qWWO8mkc=
+-----END RSA PRIVATE KEY-----
+subject=/C=US/O=RSA Data Security, Inc./OU=Commercial Certification Authority
+issuer= /C=US/O=RSA Data Security, Inc./OU=Commercial Certification Authority
+notBefore=941104185834Z
+notAfter =991103185834Z
+-----BEGIN X509 CERTIFICATE-----
+
+MIICIzCCAZACBQJBAAAWMA0GCSqGSIb3DQEBAgUAMFwxCzAJBgNVBAYTAlVTMSAw
+HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjErMCkGA1UECxMiQ29tbWVy
+Y2lhbCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NDExMDQxODU4MzRaFw05
+OTExMDMxODU4MzRaMFwxCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0YSBT
+ZWN1cml0eSwgSW5jLjErMCkGA1UECxMiQ29tbWVyY2lhbCBDZXJ0aWZpY2F0aW9u
+IEF1dGhvcml0eTCBmzANBgkqhkiG9w0BAQEFAAOBiQAwgYUCfgCk+4Fie84QJ93o
+975sbsZwmdu41QUDaSiCnHJ/lj+O7Kwpkj+KFPhCdr69XQO5kNTQvAayUTNfxMK/
+touPmbZiImDd298ggrTKoi8tUO2UMt7gVY3UaOLgTNLNBRYulWZcYVI4HlGogqHE
+7yXpCuaLK44xZtn42f29O2nZ6wIDAQABMA0GCSqGSIb3DQEBAgUAA34AdrW2EP4j
+9/dZYkuwX5zBaLxJu7NJbyFHXSudVMQAKD+YufKKg5tgf+tQx6sFEC097TgCwaVI
+0v5loMC86qYjFmZsGySp8+x5NRhPJsjjr1BKx6cxa9B8GJ1Qv6km+iYrRpwUqbtb
+MJhCKLVLU7tDCZJAuqiqWqTGtotXTcU=
+-----END X509 CERTIFICATE-----
+subject=/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
+issuer= /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
+notBefore=941109235417Z
+notAfter =991231235417Z
+-----BEGIN X509 CERTIFICATE-----
+
+MIICKTCCAZYCBQJBAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMSAw
+HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UECxMlU2VjdXJl
+IFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NDExMDkyMzU0MTda
+Fw05OTEyMzEyMzU0MTdaMF8xCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0
+YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UECxMlU2VjdXJlIFNlcnZlciBDZXJ0aWZp
+Y2F0aW9uIEF1dGhvcml0eTCBmzANBgkqhkiG9w0BAQEFAAOBiQAwgYUCfgCSznrB
+roM+WqqJg1esJQF2DK2ujiw3zus1eGRUA+WEQFHJv48I4oqCCNIWhjdV6bEhAq12
+aIGaBaJLyUslZiJWbIgHj/eBWW2EB2VwE3F2Ppt3TONQiVaYSLkdpykaEy5KEVmc
+HhXVSVQsczppgrGXOZxtcGdI5d0t1sgeewIDAQABMA0GCSqGSIb3DQEBAgUAA34A
+iNHReSHO4ovo+MF9NFM/YYPZtgs4F7boviGNjwC4i1N+RGceIr2XJ+CchcxK9oU7
+suK+ktPlDemvXA4MRpX/oRxePug2WHpzpgr4IhFrwwk4fia7c+8AvQKk8xQNMD9h
+cHsg/jKjn7P0Z1LctO6EjJY2IN6BCINxIYoPnqk=
+-----END X509 CERTIFICATE-----
+subject=/C=ZA/SP=Western Cape/L=Cape Town/O=Thawte Consulting cc
+	/OU=Certification Services Division/CN=Thawte Server CA
+	/Email=server-certs@thawte.com
+issuer= /C=ZA/SP=Western Cape/L=Cape Town/O=Thawte Consulting cc
+	/OU=Certification Services Division/CN=Thawte Server CA
+	/Email=server-certs@thawte.com
+-----BEGIN CERTIFICATE-----
+MIIC+TCCAmICAQAwDQYJKoZIhvcNAQEEBQAwgcQxCzAJBgNVBAYTAlpBMRUwEwYD
+VQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsGA1UEChMU
+VGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2Vy
+dmljZXMgRGl2aXNpb24xGTAXBgNVBAMTEFRoYXd0ZSBTZXJ2ZXIgQ0ExJjAkBgkq
+hkiG9w0BCQEWF3NlcnZlci1jZXJ0c0B0aGF3dGUuY29tMB4XDTk2MDcyNzE4MDc1
+N1oXDTk4MDcyNzE4MDc1N1owgcQxCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0
+ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsGA1UEChMUVGhhd3RlIENv
+bnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2
+aXNpb24xGTAXBgNVBAMTEFRoYXd0ZSBTZXJ2ZXIgQ0ExJjAkBgkqhkiG9w0BCQEW
+F3NlcnZlci1jZXJ0c0B0aGF3dGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQDTpFBuyP9Wa+bPXbbqDGh1R6KqwtqEJfyo9EdR2oW1IHSUhh4PdcnpCGH1
+Bm0wbhUZAulSwGLbTZme4moMRDjN/r7jZAlwxf6xaym2L0nIO9QnBCUQly/nkG3A
+KEKZ10xD3sP1IW1Un13DWOHA5NlbsLjctHvfNjrCtWYiEtaHDQIDAQABMA0GCSqG
+SIb3DQEBBAUAA4GBAIsvn7ifX3RUIrvYXtpI4DOfARkTogwm6o7OwVdl93yFhDcX
+7h5t0XZ11MUAMziKdde3rmTvzUYIUCYoY5b032IwGMTvdiclK+STN6NP2m5nvFAM
+qJT5gC5O+j/jBuZRQ4i0AMYQr5F4lT8oBJnhgafw6PL8aDY2vMHGSPl9+7uf
+-----END CERTIFICATE-----
+
+-----BEGIN CERTIFICATE-----
+MIIDDTCCAnYCAQAwDQYJKoZIhvcNAQEEBQAwgc4xCzAJBgNVBAYTAlpBMRUwEwYD
+VQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsGA1UEChMU
+VGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2Vy
+dmljZXMgRGl2aXNpb24xITAfBgNVBAMTGFRoYXd0ZSBQcmVtaXVtIFNlcnZlciBD
+QTEoMCYGCSqGSIb3DQEJARYZcHJlbWl1bS1zZXJ2ZXJAdGhhd3RlLmNvbTAeFw05
+NjA3MjcxODA3MTRaFw05ODA3MjcxODA3MTRaMIHOMQswCQYDVQQGEwJaQTEVMBMG
+A1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xHTAbBgNVBAoT
+FFRoYXd0ZSBDb25zdWx0aW5nIGNjMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNl
+cnZpY2VzIERpdmlzaW9uMSEwHwYDVQQDExhUaGF3dGUgUHJlbWl1bSBTZXJ2ZXIg
+Q0ExKDAmBgkqhkiG9w0BCQEWGXByZW1pdW0tc2VydmVyQHRoYXd0ZS5jb20wgZ8w
+DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANI2NmqL18JbntqBQWKPOO5JBFXW0O8c
+G5UWR+8YSDU6UvQragaPOy/qVuOvho2eF/eetGV1Ak3vywmiIVHYm9Bn0LoNkgYU
+c9STy5cqAJxcTgy8+hVS/PJEbtoRSm4Iny8t4/mqOoZztkZTWMiJBb2DEbhzP6oH
+jfRCTedAnRw3AgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAutFIgTRZVYerIZfL9lvR
+w9Eifvvo5KTZ3h+Bj+VzNnyw4Qc/IyXkPOu6SIiH9LQ3sCmWBdxpe+qr4l77rLj2
+GYuMtESFfn1XVALzkYgC7JcPuTOjMfIiMByt+uFf8AV8x0IW/Qkuv+hEQcyM9vxK
+3VZdLbCVIhNoEsysrxCpxcI=
+-----END CERTIFICATE-----
+Tims test GCI CA
+
+-----BEGIN CERTIFICATE-----
+MIIB8DCCAZoCAQAwDQYJKoZIhvcNAQEEBQAwgYIxCzAJBgNVBAYTAkFVMRMwEQYD
+VQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5
+cHRTb2Z0IFB0eSBMdGQxFDASBgNVBAsTC2RldmVsb3BtZW50MRkwFwYDVQQDExBD
+cnlwdFNvZnQgRGV2IENBMB4XDTk3MDMyMjEzMzQwNFoXDTk4MDMyMjEzMzQwNFow
+gYIxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhC
+cmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxFDASBgNVBAsTC2Rl
+dmVsb3BtZW50MRkwFwYDVQQDExBDcnlwdFNvZnQgRGV2IENBMFwwDQYJKoZIhvcN
+AQEBBQADSwAwSAJBAOAOAqogG5QwAmLhzyO4CoRnx/wVy4NZP4dxJy83O1EnL0rw
+OdsamJKvPOLHgSXo3gDu9uVyvCf/QJmZAmC5ml8CAwEAATANBgkqhkiG9w0BAQQF
+AANBADRRS/GVdd7rAqRW6SdmgLJduOU2yq3avBu99kRqbp9A/dLu6r6jU+eP4oOA
+TfdbFZtAAD2Hx9jUtY3tfdrJOb8= 
+-----END CERTIFICATE-----
+
+-----BEGIN CERTIFICATE-----
+MIICVjCCAgACAQAwDQYJKoZIhvcNAQEEBQAwgbUxCzAJBgNVBAYTAkFVMRMwEQYD
+VQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5
+cHRTb2Z0IFB0eSBMdGQxLDAqBgNVBAsTI1dPUlRITEVTUyBDRVJUSUZJQ0FUSU9O
+IEFVVEhPUklUSUVTMTQwMgYDVQQDEytaRVJPIFZBTFVFIENBIC0gREVNT05TVFJB
+VElPTiBQVVJQT1NFUyBPTkxZMB4XDTk3MDQwMzEzMjI1NFoXDTk4MDQwMzEzMjI1
+NFowgbUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQH
+EwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxLDAqBgNVBAsT
+I1dPUlRITEVTUyBDRVJUSUZJQ0FUSU9OIEFVVEhPUklUSUVTMTQwMgYDVQQDEyta
+RVJPIFZBTFVFIENBIC0gREVNT05TVFJBVElPTiBQVVJQT1NFUyBPTkxZMFwwDQYJ
+KoZIhvcNAQEBBQADSwAwSAJBAOZ7T7yqP/tyspcko3yPY1y0Cm2EmwNvzW4QgVXR
+Fjs3HmJ4xtSpXdo6mwcGezL3Abt/aQXaxv9PU8xt+Jr0OFUCAwEAATANBgkqhkiG
+9w0BAQQFAANBAOQpYmGgyCqCy1OljgJhCqQOu627oVlHzK1L+t9vBaMfn40AVUR4
+WzQVWO31KTgi5vTK1U+3h46fgUWqQ0h+6rU=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIAwgKADAgECAgEAMA0GCSqGSIb3DQEBBAUAMGIxETAPBgNVBAcTCEludGVybmV0
+MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xh
+c3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjAeFw05NjA0MDgxMDIwMjda
+Fw05NzA0MDgxMDIwMjdaMGIxETAPBgNVBAcTCEludGVybmV0MRcwFQYDVQQKEw5W
+ZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xhc3MgMSBDQSAtIElu
+ZGl2aWR1YWwgU3Vic2NyaWJlcjCAMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2
+FKbPTdAFDdjKI9BvqrQpkmOOLPhvltcunXZLEbE2jVfJw/0cxrr+Hgi6M8qV6r7j
+W80GqLd5HUQq7XPysVKDaBBwZJHXPmv5912dFEObbpdFmIFH0S3L3bty10w/cari
+QPJUObwW7s987LrbP2wqsxaxhhKdrpM01bjV0Pc+qQIDAQABAAAAADANBgkqhkiG
+9w0BAQQFAAOBgQA+1nJryNt8VBRjRr07ArDAV/3jAH7GjDc9jsrxZS68ost9v06C
+TvTNKGL+LISNmFLXl+JXhgGB0JZ9fvyYzNgHQ46HBUng1H6voalfJgS2KdEo50wW
+8EFZYMDkT1k4uynwJqkVN2QJK/2q4/A/VCov5h6SlM8Affg2W+1TLqvqkwAA
+-----END CERTIFICATE-----
+
+ subject=/L=Internet/O=VeriSign, Inc./OU=VeriSign Class 2 CA - Individual Subscriber
+ issuer= /L=Internet/O=VeriSign, Inc./OU=VeriSign Class 2 CA - Individual Subscriber
+
+-----BEGIN CERTIFICATE-----
+MIIEkzCCA/ygAwIBAgIRANDTUpSRL3nTFeMrMayFSPAwDQYJKoZIhvcNAQECBQAw
+YjERMA8GA1UEBxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQw
+MgYDVQQLEytWZXJpU2lnbiBDbGFzcyAyIENBIC0gSW5kaXZpZHVhbCBTdWJzY3Jp
+YmVyMB4XDTk2MDYwNDAwMDAwMFoXDTk4MDYwNDIzNTk1OVowYjERMA8GA1UEBxMI
+SW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJp
+U2lnbiBDbGFzcyAyIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyMIGfMA0GCSqG
+SIb3DQEBAQUAA4GNADCBiQKBgQC6A+2czKGRcYMfm8gdnk+0de99TDDzsqo0v5nb
+RsbUmMcdRQ7nsMbRWe0SAb/9QoLTZ/cJ0iOBqdrkz7UpqqKarVoTSdlSMVM92tWp
+3bJncZHQD1t4xd6lQVdI1/T6R+5J0T1ukOdsI9Jmf+F28S6g3R3L1SFwiHKeZKZv
+z+793wIDAQABo4ICRzCCAkMwggIpBgNVHQMBAf8EggIdMIICGTCCAhUwggIRBgtg
+hkgBhvhFAQcBATCCAgAWggGrVGhpcyBjZXJ0aWZpY2F0ZSBpbmNvcnBvcmF0ZXMg
+YnkgcmVmZXJlbmNlLCBhbmQgaXRzIHVzZSBpcyBzdHJpY3RseSBzdWJqZWN0IHRv
+LCB0aGUgVmVyaVNpZ24gQ2VydGlmaWNhdGlvbiBQcmFjdGljZSBTdGF0ZW1lbnQg
+KENQUyksIGF2YWlsYWJsZSBhdDogaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL0NQ
+Uy0xLjA7IGJ5IEUtbWFpbCBhdCBDUFMtcmVxdWVzdHNAdmVyaXNpZ24uY29tOyBv
+ciBieSBtYWlsIGF0IFZlcmlTaWduLCBJbmMuLCAyNTkzIENvYXN0IEF2ZS4sIE1v
+dW50YWluIFZpZXcsIENBIDk0MDQzIFVTQSBUZWwuICsxICg0MTUpIDk2MS04ODMw
+IENvcHlyaWdodCAoYykgMTk5NiBWZXJpU2lnbiwgSW5jLiAgQWxsIFJpZ2h0cyBS
+ZXNlcnZlZC4gQ0VSVEFJTiBXQVJSQU5USUVTIERJU0NMQUlNRUQgYW5kIExJQUJJ
+TElUWSBMSU1JVEVELqAOBgxghkgBhvhFAQcBAQGhDgYMYIZIAYb4RQEHAQECMC8w
+LRYraHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTLTEuMDAU
+BglghkgBhvhCAQEBAf8EBAMCAgQwDQYJKoZIhvcNAQECBQADgYEApRJRkNBqLLgs
+53IR/d18ODdLOWMTZ+QOOxBrq460iBEdUwgF8vmPRX1ku7UiDeNzaLlurE6eFqHq
+2zPyK5j60zfTLVJMWKcQWwTJLjHtXrW8pxhNtFc6Fdvy5ZkHnC/9NIl7/t4U6WqB
+p4y+p7SdMIkEwIZfds0VbnQyX5MRUJY=
+-----END CERTIFICATE-----
+
+ subject=/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
+ issuer= /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
+-----BEGIN CERTIFICATE-----
+MIICMTCCAZoCBQKhAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcw
+FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMg
+UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NjAxMjkwMDAwMDBa
+Fw05OTEyMzEyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2ln
+biwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZp
+Y2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyVxZ
+nvIbigEUtBDfBEDb41evakVAj4QMC9Ez2dkRz+4CWB8l9yqoRAWq7AMfeH+ek7ma
+AKojfdashaJjRcdyJ8z0TMZ1cdI5709C8HXfCpDGjiBvmA/4rCNfcCk2pMmG57Ga
+IMtTpYXnPb59mv4kRTPcdhXtD6JxZExlLoFoRacCAwEAATANBgkqhkiG9w0BAQIF
+AAOBgQB1Zmw+0c2B27X4LzZRtvdCvM1Cr9wO+hVs+GeTVzrrtpLotgHKjLeOQ7RJ
+Zfk+7r11Ri7J/CVdqMcvi5uPaM+0nJcYwE3vH9mvgrPmZLiEXIqaB1JDYft0nls6
+NvxMsvwaPxUupVs8G5DsiCnkWRb5zget7Ond2tIxik/W2O8XjQ==
+-----END CERTIFICATE-----
+ subject=/C=US/O=VeriSign, Inc./OU=Class 4 Public Primary Certification Authority
+ issuer= /C=US/O=VeriSign, Inc./OU=Class 4 Public Primary Certification Authority
+-----BEGIN CERTIFICATE-----
+MIICMTCCAZoCBQKmAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcw
+FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgNCBQdWJsaWMg
+UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NjAxMjkwMDAwMDBa
+Fw05OTEyMzEyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2ln
+biwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgNCBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZp
+Y2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0LJ1
+9njQrlpQ9OlQqZ+M1++RlHDo0iSQdomF1t+s5gEXMoDwnZNHvJplnR+Xrr/phnVj
+IIm9gFidBAydqMEk6QvlMXi9/C0MN2qeeIDpRnX57aP7E3vIwUzSo+/1PLBij0pd
+O92VZ48TucE81qcmm+zDO3rZTbxtm+gVAePwR6kCAwEAATANBgkqhkiG9w0BAQIF
+AAOBgQBT3dPwnCR+QKri/AAa19oM/DJhuBUNlvP6Vxt/M3yv6ZiaYch6s7f/sdyZ
+g9ysEvxwyR84Qu1E9oAuW2szaayc01znX1oYx7EteQSWQZGZQbE8DbqEOcY7l/Am
+yY7uvcxClf8exwI/VAx49byqYHwCaejcrOICdmHEPgPq0ook0Q==
+-----END CERTIFICATE-----
diff --git a/crypto/openssl/apps/sess_id.c b/crypto/openssl/apps/sess_id.c
new file mode 100644
index 000000000000..8ac118d4a1e6
--- /dev/null
+++ b/crypto/openssl/apps/sess_id.c
@@ -0,0 +1,308 @@
+/* apps/sess_id.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+#include "apps.h"
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#undef PROG
+#define PROG	sess_id_main
+
+static char *sess_id_usage[]={
+"usage: sess_id args\n",
+"\n",
+" -inform arg     - input format - default PEM (one of DER, TXT or PEM)\n",
+" -outform arg    - output format - default PEM\n",
+" -in arg         - input file - default stdin\n",
+" -out arg        - output file - default stdout\n",
+" -text           - print ssl session id details\n",
+" -cert           - output certificate \n",
+" -noout          - no CRL output\n",
+" -context arg    - set the session ID context\n",
+NULL
+};
+
+static SSL_SESSION *load_sess_id(char *file, int format);
+int MAIN(int argc, char **argv)
+	{
+	SSL_SESSION *x=NULL;
+	int ret=1,i,num,badops=0;
+	BIO *out=NULL;
+	int informat,outformat;
+	char *infile=NULL,*outfile=NULL,*context=NULL;
+	int cert=0,noout=0,text=0;
+	char **pp;
+
+	apps_startup();
+
+	if (bio_err == NULL)
+		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+
+	informat=FORMAT_PEM;
+	outformat=FORMAT_PEM;
+
+	argc--;
+	argv++;
+	num=0;
+	while (argc >= 1)
+		{
+		if 	(strcmp(*argv,"-inform") == 0)
+			{
+			if (--argc < 1) goto bad;
+			informat=str2fmt(*(++argv));
+			}
+		else if (strcmp(*argv,"-outform") == 0)
+			{
+			if (--argc < 1) goto bad;
+			outformat=str2fmt(*(++argv));
+			}
+		else if (strcmp(*argv,"-in") == 0)
+			{
+			if (--argc < 1) goto bad;
+			infile= *(++argv);
+			}
+		else if (strcmp(*argv,"-out") == 0)
+			{
+			if (--argc < 1) goto bad;
+			outfile= *(++argv);
+			}
+		else if (strcmp(*argv,"-text") == 0)
+			text= ++num;
+		else if (strcmp(*argv,"-cert") == 0)
+			cert= ++num;
+		else if (strcmp(*argv,"-noout") == 0)
+			noout= ++num;
+		else if (strcmp(*argv,"-context") == 0)
+		    {
+		    if(--argc < 1) goto bad;
+		    context=*++argv;
+		    }
+		else
+			{
+			BIO_printf(bio_err,"unknown option %s\n",*argv);
+			badops=1;
+			break;
+			}
+		argc--;
+		argv++;
+		}
+
+	if (badops)
+		{
+bad:
+		for (pp=sess_id_usage; (*pp != NULL); pp++)
+			BIO_printf(bio_err,*pp);
+		goto end;
+		}
+
+	ERR_load_crypto_strings();
+	x=load_sess_id(infile,informat);
+	if (x == NULL) { goto end; }
+
+	if(context)
+	    {
+	    x->sid_ctx_length=strlen(context);
+	    if(x->sid_ctx_length > SSL_MAX_SID_CTX_LENGTH)
+		{
+		BIO_printf(bio_err,"Context too long\n");
+		goto end;
+		}
+	    memcpy(x->sid_ctx,context,x->sid_ctx_length);
+	    }
+
+#ifdef undef
+	/* just testing for memory leaks :-) */
+	{
+	SSL_SESSION *s;
+	char buf[1024*10],*p;
+	int i;
+
+	s=SSL_SESSION_new();
+
+	p= &buf;
+	i=i2d_SSL_SESSION(x,&p);
+	p= &buf;
+	d2i_SSL_SESSION(&s,&p,(long)i);
+	p= &buf;
+	d2i_SSL_SESSION(&s,&p,(long)i);
+	p= &buf;
+	d2i_SSL_SESSION(&s,&p,(long)i);
+	SSL_SESSION_free(s);
+	}
+#endif
+
+	if (!noout || text)
+		{
+		out=BIO_new(BIO_s_file());
+		if (out == NULL)
+			{
+			ERR_print_errors(bio_err);
+			goto end;
+			}
+
+		if (outfile == NULL)
+			BIO_set_fp(out,stdout,BIO_NOCLOSE);
+		else
+			{
+			if (BIO_write_filename(out,outfile) <= 0)
+				{
+				perror(outfile);
+				goto end;
+				}
+			}
+		}
+
+	if (text)
+		{
+		SSL_SESSION_print(out,x);
+
+		if (cert)
+			{
+			if (x->peer == NULL)
+				BIO_puts(out,"No certificate present\n");
+			else
+				X509_print(out,x->peer);
+			}
+		}
+
+	if (!noout && !cert)
+		{
+		if 	(outformat == FORMAT_ASN1)
+			i=(int)i2d_SSL_SESSION_bio(out,x);
+		else if (outformat == FORMAT_PEM)
+			i=PEM_write_bio_SSL_SESSION(out,x);
+		else	{
+			BIO_printf(bio_err,"bad output format specified for outfile\n");
+			goto end;
+			}
+		if (!i) {
+			BIO_printf(bio_err,"unable to write SSL_SESSION\n");
+			goto end;
+			}
+		}
+	else if (!noout && (x->peer != NULL)) /* just print the certificate */
+		{
+		if 	(outformat == FORMAT_ASN1)
+			i=(int)i2d_X509_bio(out,x->peer);
+		else if (outformat == FORMAT_PEM)
+			i=PEM_write_bio_X509(out,x->peer);
+		else	{
+			BIO_printf(bio_err,"bad output format specified for outfile\n");
+			goto end;
+			}
+		if (!i) {
+			BIO_printf(bio_err,"unable to write X509\n");
+			goto end;
+			}
+		}
+	ret=0;
+end:
+	if (out != NULL) BIO_free(out);
+	if (x != NULL) SSL_SESSION_free(x);
+	EXIT(ret);
+	}
+
+static SSL_SESSION *load_sess_id(char *infile, int format)
+	{
+	SSL_SESSION *x=NULL;
+	BIO *in=NULL;
+
+	in=BIO_new(BIO_s_file());
+	if (in == NULL)
+		{
+		ERR_print_errors(bio_err);
+		goto end;
+		}
+
+	if (infile == NULL)
+		BIO_set_fp(in,stdin,BIO_NOCLOSE);
+	else
+		{
+		if (BIO_read_filename(in,infile) <= 0)
+			{
+			perror(infile);
+			goto end;
+			}
+		}
+	if 	(format == FORMAT_ASN1)
+		x=d2i_SSL_SESSION_bio(in,NULL);
+	else if (format == FORMAT_PEM)
+		x=PEM_read_bio_SSL_SESSION(in,NULL,NULL,NULL);
+	else	{
+		BIO_printf(bio_err,"bad input format specified for input crl\n");
+		goto end;
+		}
+	if (x == NULL)
+		{
+		BIO_printf(bio_err,"unable to load SSL_SESSION\n");
+		ERR_print_errors(bio_err);
+		goto end;
+		}
+	
+end:
+	if (in != NULL) BIO_free(in);
+	return(x);
+	}
+
diff --git a/crypto/openssl/apps/set/set-g-ca.pem b/crypto/openssl/apps/set/set-g-ca.pem
new file mode 100644
index 000000000000..78499f05706c
--- /dev/null
+++ b/crypto/openssl/apps/set/set-g-ca.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDeDCCAuGgAwIBAgIgYCYUeg8NJ9kO1q3z6vGCkAmPRfu5+Nur0FyGF79MADMw
+DQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCVVMxFDASBgNVBAoTC0JDQTEwMTcx
+MTA0MSAwHgYDVQQDExdCcmFuZCBOYW1lOlByb2R1Y3QgVHlwZTAeFw05NjEwMjIw
+MDAwMDBaFw05NjExMjEyMzU5NTlaMEUxCzAJBgNVBAYTAlVTMRQwEgYDVQQKEwtQ
+Q0ExMDIxMTgyODEgMB4GA1UEAxMXQnJhbmQgTmFtZTpQcm9kdWN0IFR5cGUwgZ8w
+DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJyi5V7l1HohY6hN/2N9x6mvWeMy8rD1
+6lfXjgmiuGmhpaszWYaalesMcS2OGuG8Lq3PkaSzpVzqASKfIOjxLMsdpYyYJRub
+vRPDWi3xd8wlp9xUwWHKqn+ki8mPo0yN4eONwZZ4rcZr6K+tWd+5EJZSjuENJoQ/
+SRRmGRzdcS7XAgMBAAGjggFXMIIBUzBUBgNVHSMETTBLoSekJTAjMQswCQYDVQQG
+EwJVUzEUMBIGA1UEChMLUkNBMTAxMTE4MjmCIGApUs14Ad7t9VTGq2PpV8DylPQ7
+aATM2mor7lc1fWvZMA4GA1UdDwEB/wQEAwIBBjAuBgNVHRABAf8EJDAigA8xOTk2
+MTAyMjAxMjIwMFqBDzE5OTYxMTIxMjM1OTU5WjAbBgNVHSABAf8EETAPMA0GC2CG
+SAGG+EUBBwEBMBIGA1UdEwEB/wQIMAYBAf8CAQAwDwYEho1vAwEB/wQEAwICBDB5
+BgSGjW8HAQH/BG4wbDAkAgEAMAkGBSsOAwIaBQAEFDJmNzRiMWFmNGZjYzA2MGY3
+Njc2Ew90ZXJzZSBzdGF0ZW1lbnSAF2h0dHA6Ly93d3cudmVyaXNpZ24uY29tgRpn
+ZXRzZXQtY2VudGVyQHZlcmlzaWduLmNvbTANBgkqhkiG9w0BAQUFAAOBgQBn19R2
+AgGvpJDmfXrHTDdCoYyMkaP2MPzw0hFRwh+wqnw0/pqUXa7MrLXMqtD3rUyOWaNR
+9fYpJZd0Bh/1OeIc2+U+VNfUovLLuZ8nNemdxyq2KMYnHtnh7UdO7atZ+PFLVu8x
+a+J2Mtj8MGy12CJNTJcjLSrJ/1f3AuVrwELjlQ==
+-----END CERTIFICATE-----
diff --git a/crypto/openssl/apps/set/set-m-ca.pem b/crypto/openssl/apps/set/set-m-ca.pem
new file mode 100644
index 000000000000..0e74caff67b8
--- /dev/null
+++ b/crypto/openssl/apps/set/set-m-ca.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDeDCCAuGgAwIBAgIgEGvcf5aUnufALdVMa/dmPdflq1CoORGeK5DUwbqhVYcw
+DQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCVVMxFDASBgNVBAoTC0JDQTEwMTcx
+MTA0MSAwHgYDVQQDExdCcmFuZCBOYW1lOlByb2R1Y3QgVHlwZTAeFw05NjEwMjIw
+MDAwMDBaFw05NjExMjEyMzU5NTlaMEUxCzAJBgNVBAYTAlVTMRQwEgYDVQQKEwtN
+Q0ExMDIxMTgyNzEgMB4GA1UEAxMXQnJhbmQgTmFtZTpQcm9kdWN0IFR5cGUwgZ8w
+DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALuWwr63YrT1GIZpYKfIeiVFHESG/FZO
+7RAJKml/p12ZyZ7D5YPP4BBXVsa1H8e8arR1LKC4rdCArrtKKlBeBiMo9+NB+u35
+FnLnTmfzM4iZ2Syw35DXY8+Xn/LM7RJ1RG+vMNcTqpoUg7QPye7flq2Pt7vVROPn
+SZxPyVxmILe3AgMBAAGjggFXMIIBUzBUBgNVHSMETTBLoSekJTAjMQswCQYDVQQG
+EwJVUzEUMBIGA1UEChMLUkNBMTAxMTE4MjmCIGApUs14Ad7t9VTGq2PpV8DylPQ7
+aATM2mor7lc1fWvZMA4GA1UdDwEB/wQEAwIBBjAuBgNVHRABAf8EJDAigA8xOTk2
+MTAyMjAxMjEwMFqBDzE5OTYxMTIxMjM1OTU5WjAbBgNVHSABAf8EETAPMA0GC2CG
+SAGG+EUBBwEBMBIGA1UdEwEB/wQIMAYBAf8CAQAwDwYEho1vAwEB/wQEAwIDCDB5
+BgSGjW8HAQH/BG4wbDAkAgEAMAkGBSsOAwIaBQAEFDJmNzRiMWFmNGZjYzA2MGY3
+Njc2Ew90ZXJzZSBzdGF0ZW1lbnSAF2h0dHA6Ly93d3cudmVyaXNpZ24uY29tgRpn
+ZXRzZXQtY2VudGVyQHZlcmlzaWduLmNvbTANBgkqhkiG9w0BAQUFAAOBgQApaj0W
+GgyR47URZEZ7z83yivvnVErqtodub/nR1fMgJ4bDC0ofjA0SzXBP1/3eDq9VkPuS
+EKUw9BpM2XrSUKhJ6F1CbBjWpM0M7GC1nTSxMxmV+XL+Ab/Gn2SwozUApWtht29/
+x9VLB8qsi6wN2aOsVdQMl5iVCjGQYfEkyuoIgA==
+-----END CERTIFICATE-----
diff --git a/crypto/openssl/apps/set/set_b_ca.pem b/crypto/openssl/apps/set/set_b_ca.pem
new file mode 100644
index 000000000000..eba7d5cf54bd
--- /dev/null
+++ b/crypto/openssl/apps/set/set_b_ca.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID1zCCAr+gAwIBAgIgYClSzXgB3u31VMarY+lXwPKU9DtoBMzaaivuVzV9a9kw
+DQYJKoZIhvcNAQEFBQAwIzELMAkGA1UEBhMCVVMxFDASBgNVBAoTC1JDQTEwMTEx
+ODI5MB4XDTk2MTAxNzAwMDAwMFoXDTk2MTExNjIzNTk1OVowRTELMAkGA1UEBhMC
+VVMxFDASBgNVBAoTC0JDQTEwMTcxMTA0MSAwHgYDVQQDExdCcmFuZCBOYW1lOlBy
+b2R1Y3QgVHlwZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApPewvR0BwV02
+9E12ic48pMY/aMB6SkMEWPDx2hURr0DKYGJ6qMvzZn2pSfaVH1BqDtK6oK4Ye5Mj
+ItywwQIdXXO9Ut8+TLnvtzq9ByCJ0YThjZJBc7ZcpJxSV7QAoBON/lzxZuAVq3+L
+3uc39MgRwmBpRllZEpWrkojxs6166X0CAwEAAaOCAVcwggFTMFQGA1UdIwRNMEuh
+J6QlMCMxCzAJBgNVBAYTAlVTMRQwEgYDVQQKEwtSQ0ExMDExMTgyOYIgVqenwCYv
+mmxUIvi9gUMCa+uJGJ60mZecw9HrISXnLaYwDgYDVR0PAQH/BAQDAgEGMC4GA1Ud
+EAEB/wQkMCKADzE5OTYxMDE3MTc1NzAwWoEPMTk5NjExMTYyMzU5NTlaMBsGA1Ud
+IAEB/wQRMA8wDQYLYIZIAYb4RQEHAQEwEgYDVR0TAQH/BAgwBgEB/wIBATAPBgSG
+jW8DAQH/BAQDAgABMHkGBIaNbwcBAf8EbjBsMCQCAQAwCQYFKw4DAhoFAAQUMmY3
+NGIxYWY0ZmNjMDYwZjc2NzYTD3RlcnNlIHN0YXRlbWVudIAXaHR0cDovL3d3dy52
+ZXJpc2lnbi5jb22BGmdldHNldC1jZW50ZXJAdmVyaXNpZ24uY29tMA0GCSqGSIb3
+DQEBBQUAA4IBAQAWoMS8Aj2sO0LDxRoMcnWTKY8nd8Jw2vl2Mgsm+0qCvcndICM5
+43N0y9uHlP8WeCZULbFz95gTL8mfP/QTu4EctMUkQgRHJnx80f0XSF3HE/X6zBbI
+9rit/bF6yP1mhkdss/vGanReDpki7q8pLx+VIIcxWst/366HP3dW1Fb7ECW/WmVV
+VMN93f/xqk9I4sXchVZcVKQT3W4tzv+qQvugrEi1dSEkbAy1CITEAEGiaFhGUyCe
+WPox3guRXaEHoINNeajGrISe6d//alsz5EEroBoLnM2ryqWfLAtRsf4rjNzTgklw
+lbiz0fw7bNkXKp5ZVr0wlnOjQnoSM6dTI0AV
+-----END CERTIFICATE-----
diff --git a/crypto/openssl/apps/set/set_c_ca.pem b/crypto/openssl/apps/set/set_c_ca.pem
new file mode 100644
index 000000000000..48b2cbdc7cd5
--- /dev/null
+++ b/crypto/openssl/apps/set/set_c_ca.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDeDCCAuGgAwIBAgIgOnl8J6lAYNDdTWtIojWCGnloNf4ufHjOZ4Fkxwg5xOsw
+DQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCVVMxFDASBgNVBAoTC0JDQTEwMTcx
+MTA0MSAwHgYDVQQDExdCcmFuZCBOYW1lOlByb2R1Y3QgVHlwZTAeFw05NjEwMjIw
+MDAwMDBaFw05NjExMjEyMzU5NTlaMEUxCzAJBgNVBAYTAlVTMRQwEgYDVQQKEwtD
+Q0ExMDIxMTYxNjEgMB4GA1UEAxMXQnJhbmQgTmFtZTpQcm9kdWN0IFR5cGUwgZ8w
+DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANA3a9+U8oXU3Dv1wJf8g0A7HjCRZAXc
+Y8E4OLOdye5aUssxifCE05qTPVqHMXo6cnCYcfroMdURhjQlswyTGtjQybgUnXjp
+pchw+V4D1DkN0ThErrMCh9ZFSykC0lUhQTRLESvbIb4Gal/HMAFAF5sj0GoOFi2H
+RRj7gpzBIU3xAgMBAAGjggFXMIIBUzBUBgNVHSMETTBLoSekJTAjMQswCQYDVQQG
+EwJVUzEUMBIGA1UEChMLUkNBMTAxMTE4MjmCIGApUs14Ad7t9VTGq2PpV8DylPQ7
+aATM2mor7lc1fWvZMA4GA1UdDwEB/wQEAwIBBjAuBgNVHRABAf8EJDAigA8xOTk2
+MTAyMjAxMTAwMFqBDzE5OTYxMTIxMjM1OTU5WjAbBgNVHSABAf8EETAPMA0GC2CG
+SAGG+EUBBwEBMBIGA1UdEwEB/wQIMAYBAf8CAQAwDwYEho1vAwEB/wQEAwIEEDB5
+BgSGjW8HAQH/BG4wbDAkAgEAMAkGBSsOAwIaBQAEFDJmNzRiMWFmNGZjYzA2MGY3
+Njc2Ew90ZXJzZSBzdGF0ZW1lbnSAF2h0dHA6Ly93d3cudmVyaXNpZ24uY29tgRpn
+ZXRzZXQtY2VudGVyQHZlcmlzaWduLmNvbTANBgkqhkiG9w0BAQUFAAOBgQBteLaZ
+u/TASC64UWPfhxYAUdys9DQ1pG/J1qPWNTkjOmpXFvW+7l/3nkxyRPgUoFNwx1e7
+XVVPr6zhy8LaaXppwfIZvVryzAUdbtijiUf/MO0hvV3w7e9NlCVProdU5H9EvCXr
++IV8rH8fdEkirIVyw0JGHkuWhkmtS1HEwai9vg==
+-----END CERTIFICATE-----
diff --git a/crypto/openssl/apps/set/set_d_ct.pem b/crypto/openssl/apps/set/set_d_ct.pem
new file mode 100644
index 000000000000..9f8c7d8b086a
--- /dev/null
+++ b/crypto/openssl/apps/set/set_d_ct.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDdjCCAt+gAwIBAgIgRU5t24v72xVDpZ4iHpyoOAQaQmfio1yhTZAOkBfT2uUw
+DQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCVVMxFDASBgNVBAoTC0NDQTEwMjEx
+NjE2MSAwHgYDVQQDExdCcmFuZCBOYW1lOlByb2R1Y3QgVHlwZTAeFw05NjEwMjQw
+MDAwMDBaFw05NjExMjMyMzU5NTlaMG4xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdC
+cmFuZElEMSYwJAYDVQQLEx1Jc3N1aW5nIEZpbmFuY2lhbCBJbnN0aXR1dGlvbjEl
+MCMGA1UEAxMcR2lYb0t0VjViN1V0MHZKa2hkSG5RYmNzc2JrPTBcMA0GCSqGSIb3
+DQEBAQUAA0sAMEgCQQDIUxgpNB1aoSW585WErtN8WInCRWCqDj3RGT2mJye0F4SM
+/iT5ywdWMasmw18vpEpDlMypfZnRkUAdfyHcRABVAgMBAAGjggFwMIIBbDB2BgNV
+HSMEbzBtoUmkRzBFMQswCQYDVQQGEwJVUzEUMBIGA1UEChMLQkNBMTAxNzExMDQx
+IDAeBgNVBAMTF0JyYW5kIE5hbWU6UHJvZHVjdCBUeXBlgiA6eXwnqUBg0N1Na0ii
+NYIaeWg1/i58eM5ngWTHCDnE6zAOBgNVHQ8BAf8EBAMCB4AwLgYDVR0QAQH/BCQw
+IoAPMTk5NjEwMjQwMTA0MDBagQ8xOTk2MTEyMzIzNTk1OVowGAYDVR0gBBEwDzAN
+BgtghkgBhvhFAQcBATAMBgNVHRMBAf8EAjAAMA8GBIaNbwMBAf8EBAMCB4AweQYE
+ho1vBwEB/wRuMGwwJAIBADAJBgUrDgMCGgUABBQzOTgyMzk4NzIzNzg5MTM0OTc4
+MhMPdGVyc2Ugc3RhdGVtZW50gBdodHRwOi8vd3d3LnZlcmlzaWduLmNvbYEaZ2V0
+c2V0LWNlbnRlckB2ZXJpc2lnbi5jb20wDQYJKoZIhvcNAQEFBQADgYEAVHCjhxeD
+mIFSkm3DpQAq7pGfcAFPWvSM9I9bK8qeFT1M5YQ+5fbPqaWlNcQlGKIe3cHd4+0P
+ndL5lb6UBhhA0kTzEYA38+HtBxPe/lokCv0bYfyWY9asUmvfbUrTYta0yjN7ixnV
+UqvxxHQHOAwhf6bcc7xNHapOxloWzGUU0RQ=
+-----END CERTIFICATE-----
diff --git a/crypto/openssl/apps/set/set_root.pem b/crypto/openssl/apps/set/set_root.pem
new file mode 100644
index 000000000000..8dd104f058d3
--- /dev/null
+++ b/crypto/openssl/apps/set/set_root.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDZzCCAk+gAwIBAgIgVqenwCYvmmxUIvi9gUMCa+uJGJ60mZecw9HrISXnLaYw
+DQYJKoZIhvcNAQEFBQAwIzELMAkGA1UEBhMCVVMxFDASBgNVBAoTC1JDQTEwMTEx
+ODI5MB4XDTk2MTAxMjAwMDAwMFoXDTk2MTExMTIzNTk1OVowIzELMAkGA1UEBhMC
+VVMxFDASBgNVBAoTC1JDQTEwMTExODI5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAukca0PVUGFIYX7EyrShi+dVi9GTNzG0V2Wtdw6DqFzKfedba/KpE
+zqnRDV/wRZlBn3oXPS6kNCFiBPRV9mEFXI7y2W+q8/vPurjRDIXMsqQ+dAhKwf4q
+rofJBTiET4NUN0YTtpx6aYuoVubjiOgKdbqnUArxAWWP2Dkco17ipEYyUtd4sTAe
+/xKR02AHpbYGYPSHjMDS/nzUJ7uX4d51phs0rt7If48ExJSnDV/KoHMfm42mdmH2
+g23005qdHKY3UXeh10tZmb3QtGTSvF6OqpRZ+e9/ALklu7ZcIjqbb944ci4QWemb
+ZNWiDFrWWUoO1k942BI/iZ8Fh8pETYSDBQIDAQABo4GGMIGDMA4GA1UdDwEB/wQE
+AwIBBjAuBgNVHRABAf8EJDAigA8xOTk2MTAxMjAxMzQwMFqBDzE5OTYxMTExMjM1
+OTU5WjAbBgNVHSABAf8EETAPMA0GC2CGSAGG+EUBBwEBMBIGA1UdEwEB/wQIMAYB
+Af8CAQIwEAYEho1vAwEB/wQFAwMHAIAwDQYJKoZIhvcNAQEFBQADggEBAK4tntea
+y+ws7PdULwfqAS5osaoNvw73uBn5lROTpx91uhQbJyf0oZ3XG9GUuHZBpqG9qmr9
+vIL40RsvRpNMYgaNHKTxF716yx6rZmruAYZsrE3SpV63tQJCckKLPSge2E5uDhSQ
+O8UjusG+IRT9fKMXUHLv4OmZPOQVOSl1qTCN2XoJFqEPtC3Y9P4YR4xHL0P2jb1l
+DLdIbruuh+6omH+0XUZd5fKnQZTTi6gjl0iunj3wGnkcqGZtwr3j87ONiB/8tDwY
+vz8ceII4YYdX12PrNzn+fu3R5rChvPW4/ah/SaYQ2VQ0AupaIF4xrNJ/gLYYw0YO
+bxCrVJLd8tu9WgA=
+-----END CERTIFICATE-----
diff --git a/crypto/openssl/apps/speed.c b/crypto/openssl/apps/speed.c
new file mode 100644
index 000000000000..3cfb4dbea2e6
--- /dev/null
+++ b/crypto/openssl/apps/speed.c
@@ -0,0 +1,1205 @@
+/* apps/speed.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* most of this code has been pilfered from my libdes speed.c program */
+
+#undef SECONDS
+#define SECONDS		3	
+#define RSA_SECONDS	10
+#define DSA_SECONDS	10
+
+/* 11-Sep-92 Andrew Daviel   Support for Silicon Graphics IRIX added */
+/* 06-Apr-92 Luke Brennan    Support for VMS and add extra signal calls */
+
+#undef PROG
+#define PROG speed_main
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include "apps.h"
+#ifdef NO_STDIO
+#define APPS_WIN16
+#endif
+#include 
+#include 
+#include 
+
+#if !defined(MSDOS) && (!defined(VMS) || defined(__DECC))
+#define TIMES
+#endif
+
+#ifndef _IRIX
+#include 
+#endif
+#ifdef TIMES
+#include 
+#include 
+#endif
+
+/* Depending on the VMS version, the tms structure is perhaps defined.
+   The __TMS macro will show if it was.  If it wasn't defined, we should
+   undefine TIMES, since that tells the rest of the program how things
+   should be handled.				-- Richard Levitte */
+#if defined(VMS) && defined(__DECC) && !defined(__TMS)
+#undef TIMES
+#endif
+
+#ifndef TIMES
+#include 
+#endif
+
+#if defined(sun) || defined(__ultrix)
+#define _POSIX_SOURCE
+#include 
+#include 
+#endif
+
+#ifndef NO_DES
+#include 
+#endif
+#ifndef NO_MD2
+#include 
+#endif
+#ifndef NO_MDC2
+#include 
+#endif
+#ifndef NO_MD5
+#include 
+#endif
+#ifndef NO_HMAC
+#include 
+#endif
+#include 
+#ifndef NO_SHA
+#include 
+#endif
+#ifndef NO_RIPEMD
+#include 
+#endif
+#ifndef NO_RC4
+#include 
+#endif
+#ifndef NO_RC5
+#include 
+#endif
+#ifndef NO_RC2
+#include 
+#endif
+#ifndef NO_IDEA
+#include 
+#endif
+#ifndef NO_BF
+#include 
+#endif
+#ifndef NO_CAST
+#include 
+#endif
+#ifndef NO_RSA
+#include 
+#include "./testrsa.h"
+#endif
+#include 
+#ifndef NO_DSA
+#include "./testdsa.h"
+#endif
+
+/* The following if from times(3) man page.  It may need to be changed */
+#ifndef HZ
+# ifndef CLK_TCK
+#  ifndef _BSD_CLK_TCK_ /* FreeBSD hack */
+#   define HZ	100.0
+#  else /* _BSD_CLK_TCK_ */
+#   define HZ ((double)_BSD_CLK_TCK_)
+#  endif
+# else /* CLK_TCK */
+#  define HZ ((double)CLK_TCK)
+# endif
+#endif
+
+#undef BUFSIZE
+#define BUFSIZE	((long)1024*8+1)
+int run=0;
+
+static double Time_F(int s);
+static void print_message(char *s,long num,int length);
+static void pkey_print_message(char *str,char *str2,long num,int bits,int sec);
+#ifdef SIGALRM
+#if defined(__STDC__) || defined(sgi) || defined(_AIX)
+#define SIGRETTYPE void
+#else
+#define SIGRETTYPE int
+#endif 
+
+static SIGRETTYPE sig_done(int sig);
+static SIGRETTYPE sig_done(int sig)
+	{
+	signal(SIGALRM,sig_done);
+	run=0;
+#ifdef LINT
+	sig=sig;
+#endif
+	}
+#endif
+
+#define START	0
+#define STOP	1
+
+static double Time_F(int s)
+	{
+	double ret;
+#ifdef TIMES
+	static struct tms tstart,tend;
+
+	if (s == START)
+		{
+		times(&tstart);
+		return(0);
+		}
+	else
+		{
+		times(&tend);
+		ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
+		return((ret < 1e-3)?1e-3:ret);
+		}
+#else /* !times() */
+	static struct timeb tstart,tend;
+	long i;
+
+	if (s == START)
+		{
+		ftime(&tstart);
+		return(0);
+		}
+	else
+		{
+		ftime(&tend);
+		i=(long)tend.millitm-(long)tstart.millitm;
+		ret=((double)(tend.time-tstart.time))+((double)i)/1000.0;
+		return((ret < 0.001)?0.001:ret);
+		}
+#endif
+	}
+
+int MAIN(int argc, char **argv)
+	{
+	unsigned char *buf=NULL,*buf2=NULL;
+	int ret=1;
+#define ALGOR_NUM	14
+#define SIZE_NUM	5
+#define RSA_NUM		4
+#define DSA_NUM		3
+	long count,rsa_count;
+	int i,j,k,rsa_num,rsa_num2;
+#ifndef NO_MD2
+	unsigned char md2[MD2_DIGEST_LENGTH];
+#endif
+#ifndef NO_MDC2
+	unsigned char mdc2[MDC2_DIGEST_LENGTH];
+#endif
+#ifndef NO_MD5
+	unsigned char md5[MD5_DIGEST_LENGTH];
+	unsigned char hmac[MD5_DIGEST_LENGTH];
+#endif
+#ifndef NO_SHA
+	unsigned char sha[SHA_DIGEST_LENGTH];
+#endif
+#ifndef NO_RIPEMD
+	unsigned char rmd160[RIPEMD160_DIGEST_LENGTH];
+#endif
+#ifndef NO_RC4
+	RC4_KEY rc4_ks;
+#endif
+#ifndef NO_RC5
+	RC5_32_KEY rc5_ks;
+#endif
+#ifndef NO_RC2
+	RC2_KEY rc2_ks;
+#endif
+#ifndef NO_IDEA
+	IDEA_KEY_SCHEDULE idea_ks;
+#endif
+#ifndef NO_BF
+	BF_KEY bf_ks;
+#endif
+#ifndef NO_CAST
+	CAST_KEY cast_ks;
+#endif
+	static unsigned char key16[16]=
+		{0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
+		 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12};
+	unsigned char iv[8];
+#ifndef NO_DES
+	des_cblock *buf_as_des_cblock = NULL;
+	static des_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0};
+	static des_cblock key2={0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12};
+	static des_cblock key3={0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34};
+	des_key_schedule sch,sch2,sch3;
+#endif
+#define	D_MD2		0
+#define	D_MDC2		1
+#define	D_MD5		2
+#define	D_HMAC		3
+#define	D_SHA1		4
+#define D_RMD160	5
+#define	D_RC4		6
+#define	D_CBC_DES	7
+#define	D_EDE3_DES	8
+#define	D_CBC_IDEA	9
+#define	D_CBC_RC2	10
+#define	D_CBC_RC5	11
+#define	D_CBC_BF	12
+#define	D_CBC_CAST	13
+	double d,results[ALGOR_NUM][SIZE_NUM];
+	static int lengths[SIZE_NUM]={8,64,256,1024,8*1024};
+	long c[ALGOR_NUM][SIZE_NUM];
+	static char *names[ALGOR_NUM]={
+		"md2","mdc2","md5","hmac(md5)","sha1","rmd160","rc4",
+		"des cbc","des ede3","idea cbc",
+		"rc2 cbc","rc5-32/12 cbc","blowfish cbc","cast cbc"};
+#define	R_DSA_512	0
+#define	R_DSA_1024	1
+#define	R_DSA_2048	2
+#define	R_RSA_512	0
+#define	R_RSA_1024	1
+#define	R_RSA_2048	2
+#define	R_RSA_4096	3
+#ifndef NO_RSA
+	RSA *rsa_key[RSA_NUM];
+	long rsa_c[RSA_NUM][2];
+	double rsa_results[RSA_NUM][2];
+	static unsigned int rsa_bits[RSA_NUM]={512,1024,2048,4096};
+	static unsigned char *rsa_data[RSA_NUM]=
+		{test512,test1024,test2048,test4096};
+	static int rsa_data_length[RSA_NUM]={
+		sizeof(test512),sizeof(test1024),
+		sizeof(test2048),sizeof(test4096)};
+#endif
+#ifndef NO_DSA
+	DSA *dsa_key[DSA_NUM];
+	long dsa_c[DSA_NUM][2];
+	double dsa_results[DSA_NUM][2];
+	static unsigned int dsa_bits[DSA_NUM]={512,1024,2048};
+#endif
+	int rsa_doit[RSA_NUM];
+	int dsa_doit[DSA_NUM];
+	int doit[ALGOR_NUM];
+	int pr_header=0;
+
+	apps_startup();
+#ifndef NO_DSA
+	memset(dsa_key,0,sizeof(dsa_key));
+#endif
+
+	if (bio_err == NULL)
+		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+
+#ifndef NO_RSA
+	memset(rsa_key,0,sizeof(rsa_key));
+	for (i=0; in));
+			BN_print(bio_err,rsa_key[i]->e);
+			BIO_printf(bio_err,"\n");
+			}
+#endif
+		}
+#endif
+
+#ifndef NO_DSA
+	dsa_key[0]=get_dsa512();
+	dsa_key[1]=get_dsa1024();
+	dsa_key[2]=get_dsa2048();
+#endif
+
+#ifndef NO_DES
+	des_set_key(&key,sch);
+	des_set_key(&key2,sch2);
+	des_set_key(&key3,sch3);
+#endif
+#ifndef NO_IDEA
+	idea_set_encrypt_key(key16,&idea_ks);
+#endif
+#ifndef NO_RC4
+	RC4_set_key(&rc4_ks,16,key16);
+#endif
+#ifndef NO_RC2
+	RC2_set_key(&rc2_ks,16,key16,128);
+#endif
+#ifndef NO_RC5
+	RC5_32_set_key(&rc5_ks,16,key16,12);
+#endif
+#ifndef NO_BF
+	BF_set_key(&bf_ks,16,key16);
+#endif
+#ifndef NO_CAST
+	CAST_set_key(&cast_ks,16,key16);
+#endif
+#ifndef NO_RSA
+	memset(rsa_c,0,sizeof(rsa_c));
+#endif
+#ifndef SIGALRM
+	BIO_printf(bio_err,"First we calculate the approximate speed ...\n");
+	count=10;
+	do	{
+		long i;
+		count*=2;
+		Time_F(START);
+		for (i=count; i; i--)
+			des_ecb_encrypt(buf_as_des_cblock,buf_as_des_cblock,
+				&(sch[0]),DES_ENCRYPT);
+		d=Time_F(STOP);
+		} while (d <3);
+	c[D_MD2][0]=count/10;
+	c[D_MDC2][0]=count/10;
+	c[D_MD5][0]=count;
+	c[D_HMAC][0]=count;
+	c[D_SHA1][0]=count;
+	c[D_RMD160][0]=count;
+	c[D_RC4][0]=count*5;
+	c[D_CBC_DES][0]=count;
+	c[D_EDE3_DES][0]=count/3;
+	c[D_CBC_IDEA][0]=count;
+	c[D_CBC_RC2][0]=count;
+	c[D_CBC_RC5][0]=count;
+	c[D_CBC_BF][0]=count;
+	c[D_CBC_CAST][0]=count;
+
+	for (i=1; i 10000)
+				fprintf(stdout," %11.2fk",results[k][j]/1e3);
+			else
+				fprintf(stdout," %11.2f ",results[k][j]);
+			}
+		fprintf(stdout,"\n");
+		}
+#ifndef NO_RSA
+	j=1;
+	for (k=0; kp=BN_bin2bn(dsa512_p,sizeof(dsa512_p),NULL);
+	dsa->q=BN_bin2bn(dsa512_q,sizeof(dsa512_q),NULL);
+	dsa->g=BN_bin2bn(dsa512_g,sizeof(dsa512_g),NULL);
+	if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))
+		return(NULL);
+	return(dsa);
+	}
+
+static unsigned char dsa1024_p[]={
+	0xA7,0x3F,0x6E,0x85,0xBF,0x41,0x6A,0x29,0x7D,0xF0,0x9F,0x47,
+	0x19,0x30,0x90,0x9A,0x09,0x1D,0xDA,0x6A,0x33,0x1E,0xC5,0x3D,
+	0x86,0x96,0xB3,0x15,0xE0,0x53,0x2E,0x8F,0xE0,0x59,0x82,0x73,
+	0x90,0x3E,0x75,0x31,0x99,0x47,0x7A,0x52,0xFB,0x85,0xE4,0xD9,
+	0xA6,0x7B,0x38,0x9B,0x68,0x8A,0x84,0x9B,0x87,0xC6,0x1E,0xB5,
+	0x7E,0x86,0x4B,0x53,0x5B,0x59,0xCF,0x71,0x65,0x19,0x88,0x6E,
+	0xCE,0x66,0xAE,0x6B,0x88,0x36,0xFB,0xEC,0x28,0xDC,0xC2,0xD7,
+	0xA5,0xBB,0xE5,0x2C,0x39,0x26,0x4B,0xDA,0x9A,0x70,0x18,0x95,
+	0x37,0x95,0x10,0x56,0x23,0xF6,0x15,0xED,0xBA,0x04,0x5E,0xDE,
+	0x39,0x4F,0xFD,0xB7,0x43,0x1F,0xB5,0xA4,0x65,0x6F,0xCD,0x80,
+	0x11,0xE4,0x70,0x95,0x5B,0x50,0xCD,0x49,
+	};
+static unsigned char dsa1024_q[]={
+	0xF7,0x07,0x31,0xED,0xFA,0x6C,0x06,0x03,0xD5,0x85,0x8A,0x1C,
+	0xAC,0x9C,0x65,0xE7,0x50,0x66,0x65,0x6F,
+	};
+static unsigned char dsa1024_g[]={
+	0x4D,0xDF,0x4C,0x03,0xA6,0x91,0x8A,0xF5,0x19,0x6F,0x50,0x46,
+	0x25,0x99,0xE5,0x68,0x6F,0x30,0xE3,0x69,0xE1,0xE5,0xB3,0x5D,
+	0x98,0xBB,0x28,0x86,0x48,0xFC,0xDE,0x99,0x04,0x3F,0x5F,0x88,
+	0x0C,0x9C,0x73,0x24,0x0D,0x20,0x5D,0xB9,0x2A,0x9A,0x3F,0x18,
+	0x96,0x27,0xE4,0x62,0x87,0xC1,0x7B,0x74,0x62,0x53,0xFC,0x61,
+	0x27,0xA8,0x7A,0x91,0x09,0x9D,0xB6,0xF1,0x4D,0x9C,0x54,0x0F,
+	0x58,0x06,0xEE,0x49,0x74,0x07,0xCE,0x55,0x7E,0x23,0xCE,0x16,
+	0xF6,0xCA,0xDC,0x5A,0x61,0x01,0x7E,0xC9,0x71,0xB5,0x4D,0xF6,
+	0xDC,0x34,0x29,0x87,0x68,0xF6,0x5E,0x20,0x93,0xB3,0xDB,0xF5,
+	0xE4,0x09,0x6C,0x41,0x17,0x95,0x92,0xEB,0x01,0xB5,0x73,0xA5,
+	0x6A,0x7E,0xD8,0x32,0xED,0x0E,0x02,0xB8,
+	};
+
+DSA *get_dsa1024()
+	{
+	DSA *dsa;
+
+	if ((dsa=DSA_new()) == NULL) return(NULL);
+	dsa->p=BN_bin2bn(dsa1024_p,sizeof(dsa1024_p),NULL);
+	dsa->q=BN_bin2bn(dsa1024_q,sizeof(dsa1024_q),NULL);
+	dsa->g=BN_bin2bn(dsa1024_g,sizeof(dsa1024_g),NULL);
+	if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))
+		return(NULL);
+	return(dsa);
+	}
+
+static unsigned char dsa2048_p[]={
+	0xA0,0x25,0xFA,0xAD,0xF4,0x8E,0xB9,0xE5,0x99,0xF3,0x5D,0x6F,
+	0x4F,0x83,0x34,0xE2,0x7E,0xCF,0x6F,0xBF,0x30,0xAF,0x6F,0x81,
+	0xEB,0xF8,0xC4,0x13,0xD9,0xA0,0x5D,0x8B,0x5C,0x8E,0xDC,0xC2,
+	0x1D,0x0B,0x41,0x32,0xB0,0x1F,0xFE,0xEF,0x0C,0xC2,0xA2,0x7E,
+	0x68,0x5C,0x28,0x21,0xE9,0xF5,0xB1,0x58,0x12,0x63,0x4C,0x19,
+	0x4E,0xFF,0x02,0x4B,0x92,0xED,0xD2,0x07,0x11,0x4D,0x8C,0x58,
+	0x16,0x5C,0x55,0x8E,0xAD,0xA3,0x67,0x7D,0xB9,0x86,0x6E,0x0B,
+	0xE6,0x54,0x6F,0x40,0xAE,0x0E,0x67,0x4C,0xF9,0x12,0x5B,0x3C,
+	0x08,0x7A,0xF7,0xFC,0x67,0x86,0x69,0xE7,0x0A,0x94,0x40,0xBF,
+	0x8B,0x76,0xFE,0x26,0xD1,0xF2,0xA1,0x1A,0x84,0xA1,0x43,0x56,
+	0x28,0xBC,0x9A,0x5F,0xD7,0x3B,0x69,0x89,0x8A,0x36,0x2C,0x51,
+	0xDF,0x12,0x77,0x2F,0x57,0x7B,0xA0,0xAA,0xDD,0x7F,0xA1,0x62,
+	0x3B,0x40,0x7B,0x68,0x1A,0x8F,0x0D,0x38,0xBB,0x21,0x5D,0x18,
+	0xFC,0x0F,0x46,0xF7,0xA3,0xB0,0x1D,0x23,0xC3,0xD2,0xC7,0x72,
+	0x51,0x18,0xDF,0x46,0x95,0x79,0xD9,0xBD,0xB5,0x19,0x02,0x2C,
+	0x87,0xDC,0xE7,0x57,0x82,0x7E,0xF1,0x8B,0x06,0x3D,0x00,0xA5,
+	0x7B,0x6B,0x26,0x27,0x91,0x0F,0x6A,0x77,0xE4,0xD5,0x04,0xE4,
+	0x12,0x2C,0x42,0xFF,0xD2,0x88,0xBB,0xD3,0x92,0xA0,0xF9,0xC8,
+	0x51,0x64,0x14,0x5C,0xD8,0xF9,0x6C,0x47,0x82,0xB4,0x1C,0x7F,
+	0x09,0xB8,0xF0,0x25,0x83,0x1D,0x3F,0x3F,0x05,0xB3,0x21,0x0A,
+	0x5D,0xA7,0xD8,0x54,0xC3,0x65,0x7D,0xC3,0xB0,0x1D,0xBF,0xAE,
+	0xF8,0x68,0xCF,0x9B,
+	};
+static unsigned char dsa2048_q[]={
+	0x97,0xE7,0x33,0x4D,0xD3,0x94,0x3E,0x0B,0xDB,0x62,0x74,0xC6,
+	0xA1,0x08,0xDD,0x19,0xA3,0x75,0x17,0x1B,
+	};
+static unsigned char dsa2048_g[]={
+	0x2C,0x78,0x16,0x59,0x34,0x63,0xF4,0xF3,0x92,0xFC,0xB5,0xA5,
+	0x4F,0x13,0xDE,0x2F,0x1C,0xA4,0x3C,0xAE,0xAD,0x38,0x3F,0x7E,
+	0x90,0xBF,0x96,0xA6,0xAE,0x25,0x90,0x72,0xF5,0x8E,0x80,0x0C,
+	0x39,0x1C,0xD9,0xEC,0xBA,0x90,0x5B,0x3A,0xE8,0x58,0x6C,0x9E,
+	0x30,0x42,0x37,0x02,0x31,0x82,0xBC,0x6A,0xDF,0x6A,0x09,0x29,
+	0xE3,0xC0,0x46,0xD1,0xCB,0x85,0xEC,0x0C,0x30,0x5E,0xEA,0xC8,
+	0x39,0x8E,0x22,0x9F,0x22,0x10,0xD2,0x34,0x61,0x68,0x37,0x3D,
+	0x2E,0x4A,0x5B,0x9A,0xF5,0xC1,0x48,0xC6,0xF6,0xDC,0x63,0x1A,
+	0xD3,0x96,0x64,0xBA,0x34,0xC9,0xD1,0xA0,0xD1,0xAE,0x6C,0x2F,
+	0x48,0x17,0x93,0x14,0x43,0xED,0xF0,0x21,0x30,0x19,0xC3,0x1B,
+	0x5F,0xDE,0xA3,0xF0,0x70,0x78,0x18,0xE1,0xA8,0xE4,0xEE,0x2E,
+	0x00,0xA5,0xE4,0xB3,0x17,0xC8,0x0C,0x7D,0x6E,0x42,0xDC,0xB7,
+	0x46,0x00,0x36,0x4D,0xD4,0x46,0xAA,0x3D,0x3C,0x46,0x89,0x40,
+	0xBF,0x1D,0x84,0x77,0x0A,0x75,0xF3,0x87,0x1D,0x08,0x4C,0xA6,
+	0xD1,0xA9,0x1C,0x1E,0x12,0x1E,0xE1,0xC7,0x30,0x28,0x76,0xA5,
+	0x7F,0x6C,0x85,0x96,0x2B,0x6F,0xDB,0x80,0x66,0x26,0xAE,0xF5,
+	0x93,0xC7,0x8E,0xAE,0x9A,0xED,0xE4,0xCA,0x04,0xEA,0x3B,0x72,
+	0xEF,0xDC,0x87,0xED,0x0D,0xA5,0x4C,0x4A,0xDD,0x71,0x22,0x64,
+	0x59,0x69,0x4E,0x8E,0xBF,0x43,0xDC,0xAB,0x8E,0x66,0xBB,0x01,
+	0xB6,0xF4,0xE7,0xFD,0xD2,0xAD,0x9F,0x36,0xC1,0xA0,0x29,0x99,
+	0xD1,0x96,0x70,0x59,0x06,0x78,0x35,0xBD,0x65,0x55,0x52,0x9E,
+	0xF8,0xB2,0xE5,0x38,
+	};
+ 
+DSA *get_dsa2048()
+	{
+	DSA *dsa;
+ 
+	if ((dsa=DSA_new()) == NULL) return(NULL);
+	dsa->p=BN_bin2bn(dsa2048_p,sizeof(dsa2048_p),NULL);
+	dsa->q=BN_bin2bn(dsa2048_q,sizeof(dsa2048_q),NULL);
+	dsa->g=BN_bin2bn(dsa2048_g,sizeof(dsa2048_g),NULL);
+	if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))
+		return(NULL);
+	return(dsa);
+	}
+
diff --git a/crypto/openssl/apps/testrsa.h b/crypto/openssl/apps/testrsa.h
new file mode 100644
index 000000000000..9a0e811c73f6
--- /dev/null
+++ b/crypto/openssl/apps/testrsa.h
@@ -0,0 +1,517 @@
+/* apps/testrsa.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+static unsigned char test512[]={
+	0x30,0x82,0x01,0x3a,0x02,0x01,0x00,0x02,0x41,0x00,
+	0xd6,0x33,0xb9,0xc8,0xfb,0x4f,0x3c,0x7d,0xc0,0x01,
+	0x86,0xd0,0xe7,0xa0,0x55,0xf2,0x95,0x93,0xcc,0x4f,
+	0xb7,0x5b,0x67,0x5b,0x94,0x68,0xc9,0x34,0x15,0xde,
+	0xa5,0x2e,0x1c,0x33,0xc2,0x6e,0xfc,0x34,0x5e,0x71,
+	0x13,0xb7,0xd6,0xee,0xd8,0xa5,0x65,0x05,0x72,0x87,
+	0xa8,0xb0,0x77,0xfe,0x57,0xf5,0xfc,0x5f,0x55,0x83,
+	0x87,0xdd,0x57,0x49,0x02,0x03,0x01,0x00,0x01,0x02,
+	0x41,0x00,0xa7,0xf7,0x91,0xc5,0x0f,0x84,0x57,0xdc,
+	0x07,0xf7,0x6a,0x7f,0x60,0x52,0xb3,0x72,0xf1,0x66,
+	0x1f,0x7d,0x97,0x3b,0x9e,0xb6,0x0a,0x8f,0x8c,0xcf,
+	0x42,0x23,0x00,0x04,0xd4,0x28,0x0e,0x1c,0x90,0xc4,
+	0x11,0x25,0x25,0xa5,0x93,0xa5,0x2f,0x70,0x02,0xdf,
+	0x81,0x9c,0x49,0x03,0xa0,0xf8,0x6d,0x54,0x2e,0x26,
+	0xde,0xaa,0x85,0x59,0xa8,0x31,0x02,0x21,0x00,0xeb,
+	0x47,0xd7,0x3b,0xf6,0xc3,0xdd,0x5a,0x46,0xc5,0xb9,
+	0x2b,0x9a,0xa0,0x09,0x8f,0xa6,0xfb,0xf3,0x78,0x7a,
+	0x33,0x70,0x9d,0x0f,0x42,0x6b,0x13,0x68,0x24,0xd3,
+	0x15,0x02,0x21,0x00,0xe9,0x10,0xb0,0xb3,0x0d,0xe2,
+	0x82,0x68,0x77,0x8a,0x6e,0x7c,0xda,0xbc,0x3e,0x53,
+	0x83,0xfb,0xd6,0x22,0xe7,0xb5,0xae,0x6e,0x80,0xda,
+	0x00,0x55,0x97,0xc1,0xd0,0x65,0x02,0x20,0x4c,0xf8,
+	0x73,0xb1,0x6a,0x49,0x29,0x61,0x1f,0x46,0x10,0x0d,
+	0xf3,0xc7,0xe7,0x58,0xd7,0x88,0x15,0x5e,0x94,0x9b,
+	0xbf,0x7b,0xa2,0x42,0x58,0x45,0x41,0x0c,0xcb,0x01,
+	0x02,0x20,0x12,0x11,0xba,0x31,0x57,0x9d,0x3d,0x11,
+	0x0e,0x5b,0x8c,0x2f,0x5f,0xe2,0x02,0x4f,0x05,0x47,
+	0x8c,0x15,0x8e,0xb3,0x56,0x3f,0xb8,0xfb,0xad,0xd4,
+	0xf4,0xfc,0x10,0xc5,0x02,0x20,0x18,0xa1,0x29,0x99,
+	0x5b,0xd9,0xc8,0xd4,0xfc,0x49,0x7a,0x2a,0x21,0x2c,
+	0x49,0xe4,0x4f,0xeb,0xef,0x51,0xf1,0xab,0x6d,0xfb,
+	0x4b,0x14,0xe9,0x4b,0x52,0xb5,0x82,0x2c,
+	};
+
+static unsigned char test1024[]={
+	0x30,0x82,0x02,0x5c,0x02,0x01,0x00,0x02,0x81,0x81,
+	0x00,0xdc,0x98,0x43,0xe8,0x3d,0x43,0x5b,0xe4,0x05,
+	0xcd,0xd0,0xa9,0x3e,0xcb,0x83,0x75,0xf6,0xb5,0xa5,
+	0x9f,0x6b,0xe9,0x34,0x41,0x29,0x18,0xfa,0x6a,0x55,
+	0x4d,0x70,0xfc,0xec,0xae,0x87,0x38,0x0a,0x20,0xa9,
+	0xc0,0x45,0x77,0x6e,0x57,0x60,0x57,0xf4,0xed,0x96,
+	0x22,0xcb,0x8f,0xe1,0x33,0x3a,0x17,0x1f,0xed,0x37,
+	0xa5,0x6f,0xeb,0xa6,0xbc,0x12,0x80,0x1d,0x53,0xbd,
+	0x70,0xeb,0x21,0x76,0x3e,0xc9,0x2f,0x1a,0x45,0x24,
+	0x82,0xff,0xcd,0x59,0x32,0x06,0x2e,0x12,0x3b,0x23,
+	0x78,0xed,0x12,0x3d,0xe0,0x8d,0xf9,0x67,0x4f,0x37,
+	0x4e,0x47,0x02,0x4c,0x2d,0xc0,0x4f,0x1f,0xb3,0x94,
+	0xe1,0x41,0x2e,0x2d,0x90,0x10,0xfc,0x82,0x91,0x8b,
+	0x0f,0x22,0xd4,0xf2,0xfc,0x2c,0xab,0x53,0x55,0x02,
+	0x03,0x01,0x00,0x01,0x02,0x81,0x80,0x2b,0xcc,0x3f,
+	0x8f,0x58,0xba,0x8b,0x00,0x16,0xf6,0xea,0x3a,0xf0,
+	0x30,0xd0,0x05,0x17,0xda,0xb0,0xeb,0x9a,0x2d,0x4f,
+	0x26,0xb0,0xd6,0x38,0xc1,0xeb,0xf5,0xd8,0x3d,0x1f,
+	0x70,0xf7,0x7f,0xf4,0xe2,0xcf,0x51,0x51,0x79,0x88,
+	0xfa,0xe8,0x32,0x0e,0x7b,0x2d,0x97,0xf2,0xfa,0xba,
+	0x27,0xc5,0x9c,0xd9,0xc5,0xeb,0x8a,0x79,0x52,0x3c,
+	0x64,0x34,0x7d,0xc2,0xcf,0x28,0xc7,0x4e,0xd5,0x43,
+	0x0b,0xd1,0xa6,0xca,0x6d,0x03,0x2d,0x72,0x23,0xbc,
+	0x6d,0x05,0xfa,0x16,0x09,0x2f,0x2e,0x5c,0xb6,0xee,
+	0x74,0xdd,0xd2,0x48,0x8e,0x36,0x0c,0x06,0x3d,0x4d,
+	0xe5,0x10,0x82,0xeb,0x6a,0xf3,0x4b,0x9f,0xd6,0xed,
+	0x11,0xb1,0x6e,0xec,0xf4,0xfe,0x8e,0x75,0x94,0x20,
+	0x2f,0xcb,0xac,0x46,0xf1,0x02,0x41,0x00,0xf9,0x8c,
+	0xa3,0x85,0xb1,0xdd,0x29,0xaf,0x65,0xc1,0x33,0xf3,
+	0x95,0xc5,0x52,0x68,0x0b,0xd4,0xf1,0xe5,0x0e,0x02,
+	0x9f,0x4f,0xfa,0x77,0xdc,0x46,0x9e,0xc7,0xa6,0xe4,
+	0x16,0x29,0xda,0xb0,0x07,0xcf,0x5b,0xa9,0x12,0x8a,
+	0xdd,0x63,0x0a,0xde,0x2e,0x8c,0x66,0x8b,0x8c,0xdc,
+	0x19,0xa3,0x7e,0xf4,0x3b,0xd0,0x1a,0x8c,0xa4,0xc2,
+	0xe1,0xd3,0x02,0x41,0x00,0xe2,0x4c,0x05,0xf2,0x04,
+	0x86,0x4e,0x61,0x43,0xdb,0xb0,0xb9,0x96,0x86,0x52,
+	0x2c,0xca,0x8d,0x7b,0xab,0x0b,0x13,0x0d,0x7e,0x38,
+	0x5b,0xe2,0x2e,0x7b,0x0e,0xe7,0x19,0x99,0x38,0xe7,
+	0xf2,0x21,0xbd,0x85,0x85,0xe3,0xfd,0x28,0x77,0x20,
+	0x31,0x71,0x2c,0xd0,0xff,0xfb,0x2e,0xaf,0x85,0xb4,
+	0x86,0xca,0xf3,0xbb,0xca,0xaa,0x0f,0x95,0x37,0x02,
+	0x40,0x0e,0x41,0x9a,0x95,0xe8,0xb3,0x59,0xce,0x4b,
+	0x61,0xde,0x35,0xec,0x38,0x79,0x9c,0xb8,0x10,0x52,
+	0x41,0x63,0xab,0x82,0xae,0x6f,0x00,0xa9,0xf4,0xde,
+	0xdd,0x49,0x0b,0x7e,0xb8,0xa5,0x65,0xa9,0x0c,0x8f,
+	0x8f,0xf9,0x1f,0x35,0xc6,0x92,0xb8,0x5e,0xb0,0x66,
+	0xab,0x52,0x40,0xc0,0xb6,0x36,0x6a,0x7d,0x80,0x46,
+	0x04,0x02,0xe5,0x9f,0x41,0x02,0x41,0x00,0xc0,0xad,
+	0xcc,0x4e,0x21,0xee,0x1d,0x24,0x91,0xfb,0xa7,0x80,
+	0x8d,0x9a,0xb6,0xb3,0x2e,0x8f,0xc2,0xe1,0x82,0xdf,
+	0x69,0x18,0xb4,0x71,0xff,0xa6,0x65,0xde,0xed,0x84,
+	0x8d,0x42,0xb7,0xb3,0x21,0x69,0x56,0x1c,0x07,0x60,
+	0x51,0x29,0x04,0xff,0x34,0x06,0xdd,0xb9,0x67,0x2c,
+	0x7c,0x04,0x93,0x0e,0x46,0x15,0xbb,0x2a,0xb7,0x1b,
+	0xe7,0x87,0x02,0x40,0x78,0xda,0x5d,0x07,0x51,0x0c,
+	0x16,0x7a,0x9f,0x29,0x20,0x84,0x0d,0x42,0xfa,0xd7,
+	0x00,0xd8,0x77,0x7e,0xb0,0xb0,0x6b,0xd6,0x5b,0x53,
+	0xb8,0x9b,0x7a,0xcd,0xc7,0x2b,0xb8,0x6a,0x63,0xa9,
+	0xfb,0x6f,0xa4,0x72,0xbf,0x4c,0x5d,0x00,0x14,0xba,
+	0xfa,0x59,0x88,0xed,0xe4,0xe0,0x8c,0xa2,0xec,0x14,
+	0x7e,0x2d,0xe2,0xf0,0x46,0x49,0x95,0x45,
+	};
+
+static unsigned char test2048[]={
+	0x30,0x82,0x04,0xa3,0x02,0x01,0x00,0x02,0x82,0x01,
+	0x01,0x00,0xc0,0xc0,0xce,0x3e,0x3c,0x53,0x67,0x3f,
+	0x4f,0xc5,0x2f,0xa4,0xc2,0x5a,0x2f,0x58,0xfd,0x27,
+	0x52,0x6a,0xe8,0xcf,0x4a,0x73,0x47,0x8d,0x25,0x0f,
+	0x5f,0x03,0x26,0x78,0xef,0xf0,0x22,0x12,0xd3,0xde,
+	0x47,0xb2,0x1c,0x0b,0x38,0x63,0x1a,0x6c,0x85,0x7a,
+	0x80,0xc6,0x8f,0xa0,0x41,0xaf,0x62,0xc4,0x67,0x32,
+	0x88,0xf8,0xa6,0x9c,0xf5,0x23,0x1d,0xe4,0xac,0x3f,
+	0x29,0xf9,0xec,0xe1,0x8b,0x26,0x03,0x2c,0xb2,0xab,
+	0xf3,0x7d,0xb5,0xca,0x49,0xc0,0x8f,0x1c,0xdf,0x33,
+	0x3a,0x60,0xda,0x3c,0xb0,0x16,0xf8,0xa9,0x12,0x8f,
+	0x64,0xac,0x23,0x0c,0x69,0x64,0x97,0x5d,0x99,0xd4,
+	0x09,0x83,0x9b,0x61,0xd3,0xac,0xf0,0xde,0xdd,0x5e,
+	0x9f,0x44,0x94,0xdb,0x3a,0x4d,0x97,0xe8,0x52,0x29,
+	0xf7,0xdb,0x94,0x07,0x45,0x90,0x78,0x1e,0x31,0x0b,
+	0x80,0xf7,0x57,0xad,0x1c,0x79,0xc5,0xcb,0x32,0xb0,
+	0xce,0xcd,0x74,0xb3,0xe2,0x94,0xc5,0x78,0x2f,0x34,
+	0x1a,0x45,0xf7,0x8c,0x52,0xa5,0xbc,0x8d,0xec,0xd1,
+	0x2f,0x31,0x3b,0xf0,0x49,0x59,0x5e,0x88,0x9d,0x15,
+	0x92,0x35,0x32,0xc1,0xe7,0x61,0xec,0x50,0x48,0x7c,
+	0xba,0x05,0xf9,0xf8,0xf8,0xa7,0x8c,0x83,0xe8,0x66,
+	0x5b,0xeb,0xfe,0xd8,0x4f,0xdd,0x6d,0x36,0xc0,0xb2,
+	0x90,0x0f,0xb8,0x52,0xf9,0x04,0x9b,0x40,0x2c,0x27,
+	0xd6,0x36,0x8e,0xc2,0x1b,0x44,0xf3,0x92,0xd5,0x15,
+	0x9e,0x9a,0xbc,0xf3,0x7d,0x03,0xd7,0x02,0x14,0x20,
+	0xe9,0x10,0x92,0xfd,0xf9,0xfc,0x8f,0xe5,0x18,0xe1,
+	0x95,0xcc,0x9e,0x60,0xa6,0xfa,0x38,0x4d,0x02,0x03,
+	0x01,0x00,0x01,0x02,0x82,0x01,0x00,0x00,0xc3,0xc3,
+	0x0d,0xb4,0x27,0x90,0x8d,0x4b,0xbf,0xb8,0x84,0xaa,
+	0xd0,0xb8,0xc7,0x5d,0x99,0xbe,0x55,0xf6,0x3e,0x7c,
+	0x49,0x20,0xcb,0x8a,0x8e,0x19,0x0e,0x66,0x24,0xac,
+	0xaf,0x03,0x33,0x97,0xeb,0x95,0xd5,0x3b,0x0f,0x40,
+	0x56,0x04,0x50,0xd1,0xe6,0xbe,0x84,0x0b,0x25,0xd3,
+	0x9c,0xe2,0x83,0x6c,0xf5,0x62,0x5d,0xba,0x2b,0x7d,
+	0x3d,0x7a,0x6c,0xe1,0xd2,0x0e,0x54,0x93,0x80,0x01,
+	0x91,0x51,0x09,0xe8,0x5b,0x8e,0x47,0xbd,0x64,0xe4,
+	0x0e,0x03,0x83,0x55,0xcf,0x5a,0x37,0xf0,0x25,0xb5,
+	0x7d,0x21,0xd7,0x69,0xdf,0x6f,0xc2,0xcf,0x10,0xc9,
+	0x8a,0x40,0x9f,0x7a,0x70,0xc0,0xe8,0xe8,0xc0,0xe6,
+	0x9a,0x15,0x0a,0x8d,0x4e,0x46,0xcb,0x7a,0xdb,0xb3,
+	0xcb,0x83,0x02,0xc4,0xf0,0xab,0xeb,0x02,0x01,0x0e,
+	0x23,0xfc,0x1d,0xc4,0xbd,0xd4,0xaa,0x5d,0x31,0x46,
+	0x99,0xce,0x9e,0xf8,0x04,0x75,0x10,0x67,0xc4,0x53,
+	0x47,0x44,0xfa,0xc2,0x25,0x73,0x7e,0xd0,0x8e,0x59,
+	0xd1,0xb2,0x5a,0xf4,0xc7,0x18,0x92,0x2f,0x39,0xab,
+	0xcd,0xa3,0xb5,0xc2,0xb9,0xc7,0xb9,0x1b,0x9f,0x48,
+	0xfa,0x13,0xc6,0x98,0x4d,0xca,0x84,0x9c,0x06,0xca,
+	0xe7,0x89,0x01,0x04,0xc4,0x6c,0xfd,0x29,0x59,0x35,
+	0xe7,0xf3,0xdd,0xce,0x64,0x59,0xbf,0x21,0x13,0xa9,
+	0x9f,0x0e,0xc5,0xff,0xbd,0x33,0x00,0xec,0xac,0x6b,
+	0x11,0xef,0x51,0x5e,0xad,0x07,0x15,0xde,0xb8,0x5f,
+	0xc6,0xb9,0xa3,0x22,0x65,0x46,0x83,0x14,0xdf,0xd0,
+	0xf1,0x44,0x8a,0xe1,0x9c,0x23,0x33,0xb4,0x97,0x33,
+	0xe6,0x6b,0x81,0x02,0x81,0x81,0x00,0xec,0x12,0xa7,
+	0x59,0x74,0x6a,0xde,0x3e,0xad,0xd8,0x36,0x80,0x50,
+	0xa2,0xd5,0x21,0x81,0x07,0xf1,0xd0,0x91,0xf2,0x6c,
+	0x12,0x2f,0x9d,0x1a,0x26,0xf8,0x30,0x65,0xdf,0xe8,
+	0xc0,0x9b,0x6a,0x30,0x98,0x82,0x87,0xec,0xa2,0x56,
+	0x87,0x62,0x6f,0xe7,0x9f,0xf6,0x56,0xe6,0x71,0x8f,
+	0x49,0x86,0x93,0x5a,0x4d,0x34,0x58,0xfe,0xd9,0x04,
+	0x13,0xaf,0x79,0xb7,0xad,0x11,0xd1,0x30,0x9a,0x14,
+	0x06,0xa0,0xfa,0xb7,0x55,0xdc,0x6c,0x5a,0x4c,0x2c,
+	0x59,0x56,0xf6,0xe8,0x9d,0xaf,0x0a,0x78,0x99,0x06,
+	0x06,0x9e,0xe7,0x9c,0x51,0x55,0x43,0xfc,0x3b,0x6c,
+	0x0b,0xbf,0x2d,0x41,0xa7,0xaf,0xb7,0xe0,0xe8,0x28,
+	0x18,0xb4,0x13,0xd1,0xe6,0x97,0xd0,0x9f,0x6a,0x80,
+	0xca,0xdd,0x1a,0x7e,0x15,0x02,0x81,0x81,0x00,0xd1,
+	0x06,0x0c,0x1f,0xe3,0xd0,0xab,0xd6,0xca,0x7c,0xbc,
+	0x7d,0x13,0x35,0xce,0x27,0xcd,0xd8,0x49,0x51,0x63,
+	0x64,0x0f,0xca,0x06,0x12,0xfc,0x07,0x3e,0xaf,0x61,
+	0x6d,0xe2,0x53,0x39,0x27,0xae,0xc3,0x11,0x9e,0x94,
+	0x01,0x4f,0xe3,0xf3,0x67,0xf9,0x77,0xf9,0xe7,0x95,
+	0x3a,0x6f,0xe2,0x20,0x73,0x3e,0xa4,0x7a,0x28,0xd4,
+	0x61,0x97,0xf6,0x17,0xa0,0x23,0x10,0x2b,0xce,0x84,
+	0x57,0x7e,0x25,0x1f,0xf4,0xa8,0x54,0xd2,0x65,0x94,
+	0xcc,0x95,0x0a,0xab,0x30,0xc1,0x59,0x1f,0x61,0x8e,
+	0xb9,0x6b,0xd7,0x4e,0xb9,0x83,0x43,0x79,0x85,0x11,
+	0xbc,0x0f,0xae,0x25,0x20,0x05,0xbc,0xd2,0x48,0xa1,
+	0x68,0x09,0x84,0xf6,0x12,0x9a,0x66,0xb9,0x2b,0xbb,
+	0x76,0x03,0x17,0x46,0x4e,0x97,0x59,0x02,0x81,0x80,
+	0x09,0x4c,0xfa,0xd6,0xe5,0x65,0x48,0x78,0x43,0xb5,
+	0x1f,0x00,0x93,0x2c,0xb7,0x24,0xe8,0xc6,0x7d,0x5a,
+	0x70,0x45,0x92,0xc8,0x6c,0xa3,0xcd,0xe1,0xf7,0x29,
+	0x40,0xfa,0x3f,0x5b,0x47,0x44,0x39,0xc1,0xe8,0x72,
+	0x9e,0x7a,0x0e,0xda,0xaa,0xa0,0x2a,0x09,0xfd,0x54,
+	0x93,0x23,0xaa,0x37,0x85,0x5b,0xcc,0xd4,0xf9,0xd8,
+	0xff,0xc1,0x61,0x0d,0xbd,0x7e,0x18,0x24,0x73,0x6d,
+	0x40,0x72,0xf1,0x93,0x09,0x48,0x97,0x6c,0x84,0x90,
+	0xa8,0x46,0x14,0x01,0x39,0x11,0xe5,0x3c,0x41,0x27,
+	0x32,0x75,0x24,0xed,0xa1,0xd9,0x12,0x29,0x8a,0x28,
+	0x71,0x89,0x8d,0xca,0x30,0xb0,0x01,0xc4,0x2f,0x82,
+	0x19,0x14,0x4c,0x70,0x1c,0xb8,0x23,0x2e,0xe8,0x90,
+	0x49,0x97,0x92,0x97,0x6b,0x7a,0x9d,0xb9,0x02,0x81,
+	0x80,0x0f,0x0e,0xa1,0x76,0xf6,0xa1,0x44,0x8f,0xaf,
+	0x7c,0x76,0xd3,0x87,0xbb,0xbb,0x83,0x10,0x88,0x01,
+	0x18,0x14,0xd1,0xd3,0x75,0x59,0x24,0xaa,0xf5,0x16,
+	0xa5,0xe9,0x9d,0xd1,0xcc,0xee,0xf4,0x15,0xd9,0xc5,
+	0x7e,0x27,0xe9,0x44,0x49,0x06,0x72,0xb9,0xfc,0xd3,
+	0x8a,0xc4,0x2c,0x36,0x7d,0x12,0x9b,0x5a,0xaa,0xdc,
+	0x85,0xee,0x6e,0xad,0x54,0xb3,0xf4,0xfc,0x31,0xa1,
+	0x06,0x3a,0x70,0x57,0x0c,0xf3,0x95,0x5b,0x3e,0xe8,
+	0xfd,0x1a,0x4f,0xf6,0x78,0x93,0x46,0x6a,0xd7,0x31,
+	0xb4,0x84,0x64,0x85,0x09,0x38,0x89,0x92,0x94,0x1c,
+	0xbf,0xe2,0x3c,0x2a,0xe0,0xff,0x99,0xa3,0xf0,0x2b,
+	0x31,0xc2,0x36,0xcd,0x60,0xbf,0x9d,0x2d,0x74,0x32,
+	0xe8,0x9c,0x93,0x6e,0xbb,0x91,0x7b,0xfd,0xd9,0x02,
+	0x81,0x81,0x00,0xa2,0x71,0x25,0x38,0xeb,0x2a,0xe9,
+	0x37,0xcd,0xfe,0x44,0xce,0x90,0x3f,0x52,0x87,0x84,
+	0x52,0x1b,0xae,0x8d,0x22,0x94,0xce,0x38,0xe6,0x04,
+	0x88,0x76,0x85,0x9a,0xd3,0x14,0x09,0xe5,0x69,0x9a,
+	0xff,0x58,0x92,0x02,0x6a,0x7d,0x7c,0x1e,0x2c,0xfd,
+	0xa8,0xca,0x32,0x14,0x4f,0x0d,0x84,0x0d,0x37,0x43,
+	0xbf,0xe4,0x5d,0x12,0xc8,0x24,0x91,0x27,0x8d,0x46,
+	0xd9,0x54,0x53,0xe7,0x62,0x71,0xa8,0x2b,0x71,0x41,
+	0x8d,0x75,0xf8,0x3a,0xa0,0x61,0x29,0x46,0xa6,0xe5,
+	0x82,0xfa,0x3a,0xd9,0x08,0xfa,0xfc,0x63,0xfd,0x6b,
+	0x30,0xbc,0xf4,0x4e,0x9e,0x8c,0x25,0x0c,0xb6,0x55,
+	0xe7,0x3c,0xd4,0x4e,0x0b,0xfd,0x8b,0xc3,0x0e,0x1d,
+	0x9c,0x44,0x57,0x8f,0x1f,0x86,0xf7,0xd5,0x1b,0xe4,
+	0x95,
+	};
+
+static unsigned char test4096[]={
+	0x30,0x82,0x09,0x29,0x02,0x01,0x00,0x02,0x82,0x02,
+	0x01,0x00,0xc0,0x71,0xac,0x1a,0x13,0x88,0x82,0x43,
+	0x3b,0x51,0x57,0x71,0x8d,0xb6,0x2b,0x82,0x65,0x21,
+	0x53,0x5f,0x28,0x29,0x4f,0x8d,0x7c,0x8a,0xb9,0x44,
+	0xb3,0x28,0x41,0x4f,0xd3,0xfa,0x6a,0xf8,0xb9,0x28,
+	0x50,0x39,0x67,0x53,0x2c,0x3c,0xd7,0xcb,0x96,0x41,
+	0x40,0x32,0xbb,0xeb,0x70,0xae,0x1f,0xb0,0x65,0xf7,
+	0x3a,0xd9,0x22,0xfd,0x10,0xae,0xbd,0x02,0xe2,0xdd,
+	0xf3,0xc2,0x79,0x3c,0xc6,0xfc,0x75,0xbb,0xaf,0x4e,
+	0x3a,0x36,0xc2,0x4f,0xea,0x25,0xdf,0x13,0x16,0x4b,
+	0x20,0xfe,0x4b,0x69,0x16,0xc4,0x7f,0x1a,0x43,0xa6,
+	0x17,0x1b,0xb9,0x0a,0xf3,0x09,0x86,0x28,0x89,0xcf,
+	0x2c,0xd0,0xd4,0x81,0xaf,0xc6,0x6d,0xe6,0x21,0x8d,
+	0xee,0xef,0xea,0xdc,0xb7,0xc6,0x3b,0x63,0x9f,0x0e,
+	0xad,0x89,0x78,0x23,0x18,0xbf,0x70,0x7e,0x84,0xe0,
+	0x37,0xec,0xdb,0x8e,0x9c,0x3e,0x6a,0x19,0xcc,0x99,
+	0x72,0xe6,0xb5,0x7d,0x6d,0xfa,0xe5,0xd3,0xe4,0x90,
+	0xb5,0xb2,0xb2,0x12,0x70,0x4e,0xca,0xf8,0x10,0xf8,
+	0xa3,0x14,0xc2,0x48,0x19,0xeb,0x60,0x99,0xbb,0x2a,
+	0x1f,0xb1,0x7a,0xb1,0x3d,0x24,0xfb,0xa0,0x29,0xda,
+	0xbd,0x1b,0xd7,0xa4,0xbf,0xef,0x60,0x2d,0x22,0xca,
+	0x65,0x98,0xf1,0xc4,0xe1,0xc9,0x02,0x6b,0x16,0x28,
+	0x2f,0xa1,0xaa,0x79,0x00,0xda,0xdc,0x7c,0x43,0xf7,
+	0x42,0x3c,0xa0,0xef,0x68,0xf7,0xdf,0xb9,0x69,0xfb,
+	0x8e,0x01,0xed,0x01,0x42,0xb5,0x4e,0x57,0xa6,0x26,
+	0xb8,0xd0,0x7b,0x56,0x6d,0x03,0xc6,0x40,0x8c,0x8c,
+	0x2a,0x55,0xd7,0x9c,0x35,0x00,0x94,0x93,0xec,0x03,
+	0xeb,0x22,0xef,0x77,0xbb,0x79,0x13,0x3f,0x15,0xa1,
+	0x8f,0xca,0xdf,0xfd,0xd3,0xb8,0xe1,0xd4,0xcc,0x09,
+	0x3f,0x3c,0x2c,0xdb,0xd1,0x49,0x7f,0x38,0x07,0x83,
+	0x6d,0xeb,0x08,0x66,0xe9,0x06,0x44,0x12,0xac,0x95,
+	0x22,0x90,0x23,0x67,0xd4,0x08,0xcc,0xf4,0xb7,0xdc,
+	0xcc,0x87,0xd4,0xac,0x69,0x35,0x4c,0xb5,0x39,0x36,
+	0xcd,0xa4,0xd2,0x95,0xca,0x0d,0xc5,0xda,0xc2,0xc5,
+	0x22,0x32,0x28,0x08,0xe3,0xd2,0x8b,0x38,0x30,0xdc,
+	0x8c,0x75,0x4f,0x6a,0xec,0x7a,0xac,0x16,0x3e,0xa8,
+	0xd4,0x6a,0x45,0xe1,0xa8,0x4f,0x2e,0x80,0x34,0xaa,
+	0x54,0x1b,0x02,0x95,0x7d,0x8a,0x6d,0xcc,0x79,0xca,
+	0xf2,0xa4,0x2e,0x8d,0xfb,0xfe,0x15,0x51,0x10,0x0e,
+	0x4d,0x88,0xb1,0xc7,0xf4,0x79,0xdb,0xf0,0xb4,0x56,
+	0x44,0x37,0xca,0x5a,0xc1,0x8c,0x48,0xac,0xae,0x48,
+	0x80,0x83,0x01,0x3f,0xde,0xd9,0xd3,0x2c,0x51,0x46,
+	0xb1,0x41,0xb6,0xc6,0x91,0x72,0xf9,0x83,0x55,0x1b,
+	0x8c,0xba,0xf3,0x73,0xe5,0x2c,0x74,0x50,0x3a,0xbe,
+	0xc5,0x2f,0xa7,0xb2,0x6d,0x8c,0x9e,0x13,0x77,0xa3,
+	0x13,0xcd,0x6d,0x8c,0x45,0xe1,0xfc,0x0b,0xb7,0x69,
+	0xe9,0x27,0xbc,0x65,0xc3,0xfa,0x9b,0xd0,0xef,0xfe,
+	0xe8,0x1f,0xb3,0x5e,0x34,0xf4,0x8c,0xea,0xfc,0xd3,
+	0x81,0xbf,0x3d,0x30,0xb2,0xb4,0x01,0xe8,0x43,0x0f,
+	0xba,0x02,0x23,0x42,0x76,0x82,0x31,0x73,0x91,0xed,
+	0x07,0x46,0x61,0x0d,0x39,0x83,0x40,0xce,0x7a,0xd4,
+	0xdb,0x80,0x2c,0x1f,0x0d,0xd1,0x34,0xd4,0x92,0xe3,
+	0xd4,0xf1,0xc2,0x01,0x02,0x03,0x01,0x00,0x01,0x02,
+	0x82,0x02,0x01,0x00,0x97,0x6c,0xda,0x6e,0xea,0x4f,
+	0xcf,0xaf,0xf7,0x4c,0xd9,0xf1,0x90,0x00,0x77,0xdb,
+	0xf2,0x97,0x76,0x72,0xb9,0xb7,0x47,0xd1,0x9c,0xdd,
+	0xcb,0x4a,0x33,0x6e,0xc9,0x75,0x76,0xe6,0xe4,0xa5,
+	0x31,0x8c,0x77,0x13,0xb4,0x29,0xcd,0xf5,0x52,0x17,
+	0xef,0xf3,0x08,0x00,0xe3,0xbd,0x2e,0xbc,0xd4,0x52,
+	0x88,0xe9,0x30,0x75,0x0b,0x02,0xf5,0xcd,0x89,0x0c,
+	0x6c,0x57,0x19,0x27,0x3d,0x1e,0x85,0xb4,0xc1,0x2f,
+	0x1d,0x92,0x00,0x5c,0x76,0x29,0x4b,0xa4,0xe1,0x12,
+	0xb3,0xc8,0x09,0xfe,0x0e,0x78,0x72,0x61,0xcb,0x61,
+	0x6f,0x39,0x91,0x95,0x4e,0xd5,0x3e,0xc7,0x8f,0xb8,
+	0xf6,0x36,0xfe,0x9c,0x93,0x9a,0x38,0x25,0x7a,0xf4,
+	0x4a,0x12,0xd4,0xa0,0x13,0xbd,0xf9,0x1d,0x12,0x3e,
+	0x21,0x39,0xfb,0x72,0xe0,0x05,0x3d,0xc3,0xe5,0x50,
+	0xa8,0x5d,0x85,0xa3,0xea,0x5f,0x1c,0xb2,0x3f,0xea,
+	0x6d,0x03,0x91,0x55,0xd8,0x19,0x0a,0x21,0x12,0x16,
+	0xd9,0x12,0xc4,0xe6,0x07,0x18,0x5b,0x26,0xa4,0xae,
+	0xed,0x2b,0xb7,0xa6,0xed,0xf8,0xad,0xec,0x77,0xe6,
+	0x7f,0x4f,0x76,0x00,0xc0,0xfa,0x15,0x92,0xb4,0x2c,
+	0x22,0xc2,0xeb,0x6a,0xad,0x14,0x05,0xb2,0xe5,0x8a,
+	0x9e,0x85,0x83,0xcc,0x04,0xf1,0x56,0x78,0x44,0x5e,
+	0xde,0xe0,0x60,0x1a,0x65,0x79,0x31,0x23,0x05,0xbb,
+	0x01,0xff,0xdd,0x2e,0xb7,0xb3,0xaa,0x74,0xe0,0xa5,
+	0x94,0xaf,0x4b,0xde,0x58,0x0f,0x55,0xde,0x33,0xf6,
+	0xe3,0xd6,0x34,0x36,0x57,0xd6,0x79,0x91,0x2e,0xbe,
+	0x3b,0xd9,0x4e,0xb6,0x9d,0x21,0x5c,0xd3,0x48,0x14,
+	0x7f,0x4a,0xc4,0x60,0xa9,0x29,0xf8,0x53,0x7f,0x88,
+	0x11,0x2d,0xb5,0xc5,0x2d,0x6f,0xee,0x85,0x0b,0xf7,
+	0x8d,0x9a,0xbe,0xb0,0x42,0xf2,0x2e,0x71,0xaf,0x19,
+	0x31,0x6d,0xec,0xcd,0x6f,0x2b,0x23,0xdf,0xb4,0x40,
+	0xaf,0x2c,0x0a,0xc3,0x1b,0x7d,0x7d,0x03,0x1d,0x4b,
+	0xf3,0xb5,0xe0,0x85,0xd8,0xdf,0x91,0x6b,0x0a,0x69,
+	0xf7,0xf2,0x69,0x66,0x5b,0xf1,0xcf,0x46,0x7d,0xe9,
+	0x70,0xfa,0x6d,0x7e,0x75,0x4e,0xa9,0x77,0xe6,0x8c,
+	0x02,0xf7,0x14,0x4d,0xa5,0x41,0x8f,0x3f,0xc1,0x62,
+	0x1e,0x71,0x5e,0x38,0xb4,0xd6,0xe6,0xe1,0x4b,0xc2,
+	0x2c,0x30,0x83,0x81,0x6f,0x49,0x2e,0x96,0xe6,0xc9,
+	0x9a,0xf7,0x5d,0x09,0xa0,0x55,0x02,0xa5,0x3a,0x25,
+	0x23,0xd0,0x92,0xc3,0xa3,0xe3,0x0e,0x12,0x2f,0x4d,
+	0xef,0xf3,0x55,0x5a,0xbe,0xe6,0x19,0x86,0x31,0xab,
+	0x75,0x9a,0xd3,0xf0,0x2c,0xc5,0x41,0x92,0xd9,0x1f,
+	0x5f,0x11,0x8c,0x75,0x1c,0x63,0xd0,0x02,0x80,0x2c,
+	0x68,0xcb,0x93,0xfb,0x51,0x73,0x49,0xb4,0x60,0xda,
+	0xe2,0x26,0xaf,0xa9,0x46,0x12,0xb8,0xec,0x50,0xdd,
+	0x12,0x06,0x5f,0xce,0x59,0xe6,0xf6,0x1c,0xe0,0x54,
+	0x10,0xad,0xf6,0xcd,0x98,0xcc,0x0f,0xfb,0xcb,0x41,
+	0x14,0x9d,0xed,0xe4,0xb4,0x74,0x5f,0x09,0x60,0xc7,
+	0x12,0xf6,0x7b,0x3c,0x8f,0xa7,0x20,0xbc,0xe4,0xb1,
+	0xef,0xeb,0xa4,0x93,0xc5,0x06,0xca,0x9a,0x27,0x9d,
+	0x87,0xf3,0xde,0xca,0xe5,0xe7,0xf6,0x1c,0x01,0x65,
+	0x5b,0xfb,0x19,0x79,0x6e,0x08,0x26,0xc5,0xc8,0x28,
+	0x0e,0xb6,0x3b,0x07,0x08,0xc1,0x02,0x82,0x01,0x01,
+	0x00,0xe8,0x1c,0x73,0xa6,0xb8,0xe0,0x0e,0x6d,0x8d,
+	0x1b,0xb9,0x53,0xed,0x58,0x94,0xe6,0x1d,0x60,0x14,
+	0x5c,0x76,0x43,0xc4,0x58,0x19,0xc4,0x24,0xe8,0xbc,
+	0x1b,0x3b,0x0b,0x13,0x24,0x45,0x54,0x0e,0xcc,0x37,
+	0xf0,0xe0,0x63,0x7d,0xc3,0xf7,0xfb,0x81,0x74,0x81,
+	0xc4,0x0f,0x1a,0x21,0x48,0xaf,0xce,0xc1,0xc4,0x94,
+	0x18,0x06,0x44,0x8d,0xd3,0xd2,0x22,0x2d,0x2d,0x3e,
+	0x5a,0x31,0xdc,0x95,0x8e,0xf4,0x41,0xfc,0x58,0xc9,
+	0x40,0x92,0x17,0x5f,0xe3,0xda,0xac,0x9e,0x3f,0x1c,
+	0x2a,0x6b,0x58,0x5f,0x48,0x78,0x20,0xb1,0xaf,0x24,
+	0x9b,0x3c,0x20,0x8b,0x93,0x25,0x9e,0xe6,0x6b,0xbc,
+	0x13,0x42,0x14,0x6c,0x36,0x31,0xff,0x7a,0xd1,0xc1,
+	0x1a,0x26,0x14,0x7f,0xa9,0x76,0xa7,0x0c,0xf8,0xcc,
+	0xed,0x07,0x6a,0xd2,0xdf,0x62,0xee,0x0a,0x7c,0x84,
+	0xcb,0x49,0x90,0xb2,0x03,0x0d,0xa2,0x82,0x06,0x77,
+	0xf1,0xcd,0x67,0xf2,0x47,0x21,0x02,0x3f,0x43,0x21,
+	0xf0,0x46,0x30,0x62,0x51,0x72,0xb1,0xe7,0x48,0xc6,
+	0x67,0x12,0xcd,0x9e,0xd6,0x15,0xe5,0x21,0xed,0xfa,
+	0x8f,0x30,0xa6,0x41,0xfe,0xb6,0xfa,0x8f,0x34,0x14,
+	0x19,0xe8,0x11,0xf7,0xa5,0x77,0x3e,0xb7,0xf9,0x39,
+	0x07,0x8c,0x67,0x2a,0xab,0x7b,0x08,0xf8,0xb0,0x06,
+	0xa8,0xea,0x2f,0x8f,0xfa,0xcc,0xcc,0x40,0xce,0xf3,
+	0x70,0x4f,0x3f,0x7f,0xe2,0x0c,0xea,0x76,0x4a,0x35,
+	0x4e,0x47,0xad,0x2b,0xa7,0x97,0x5d,0x74,0x43,0x97,
+	0x90,0xd2,0xfb,0xd9,0xf9,0x96,0x01,0x33,0x05,0xed,
+	0x7b,0x03,0x05,0xad,0xf8,0x49,0x03,0x02,0x82,0x01,
+	0x01,0x00,0xd4,0x40,0x17,0x66,0x10,0x92,0x95,0xc8,
+	0xec,0x62,0xa9,0x7a,0xcb,0x93,0x8e,0xe6,0x53,0xd4,
+	0x80,0x48,0x27,0x4b,0x41,0xce,0x61,0xdf,0xbf,0x94,
+	0xa4,0x3d,0x71,0x03,0x0b,0xed,0x25,0x71,0x98,0xa4,
+	0xd6,0xd5,0x4a,0x57,0xf5,0x6c,0x1b,0xda,0x21,0x7d,
+	0x35,0x45,0xb3,0xf3,0x6a,0xd9,0xd3,0x43,0xe8,0x5c,
+	0x54,0x1c,0x83,0x1b,0xb4,0x5f,0xf2,0x97,0x24,0x2e,
+	0xdc,0x40,0xde,0x92,0x23,0x59,0x8e,0xbc,0xd2,0xa1,
+	0xf2,0xe0,0x4c,0xdd,0x0b,0xd1,0xe7,0xae,0x65,0xbc,
+	0xb5,0xf5,0x5b,0x98,0xe9,0xd7,0xc2,0xb7,0x0e,0x55,
+	0x71,0x0e,0x3c,0x0a,0x24,0x6b,0xa6,0xe6,0x14,0x61,
+	0x11,0xfd,0x33,0x42,0x99,0x2b,0x84,0x77,0x74,0x92,
+	0x91,0xf5,0x79,0x79,0xcf,0xad,0x8e,0x04,0xef,0x80,
+	0x1e,0x57,0xf4,0x14,0xf5,0x35,0x09,0x74,0xb2,0x13,
+	0x71,0x58,0x6b,0xea,0x32,0x5d,0xf3,0xd3,0x76,0x48,
+	0x39,0x10,0x23,0x84,0x9d,0xbe,0x92,0x77,0x4a,0xed,
+	0x70,0x3e,0x1a,0xa2,0x6c,0xb3,0x81,0x00,0xc3,0xc9,
+	0xe4,0x52,0xc8,0x24,0x88,0x0c,0x41,0xad,0x87,0x5a,
+	0xea,0xa3,0x7a,0x85,0x1c,0x5e,0x31,0x7f,0xc3,0x35,
+	0xc6,0xfa,0x10,0xc8,0x75,0x10,0xc4,0x96,0x99,0xe7,
+	0xfe,0x01,0xb4,0x74,0xdb,0xb4,0x11,0xc3,0xc8,0x8c,
+	0xf6,0xf7,0x3b,0x66,0x50,0xfc,0xdb,0xeb,0xca,0x47,
+	0x85,0x89,0xe1,0x65,0xd9,0x62,0x34,0x3c,0x70,0xd8,
+	0x2e,0xb4,0x2f,0x65,0x3c,0x4a,0xa6,0x2a,0xe7,0xc7,
+	0xd8,0x41,0x8f,0x8a,0x43,0xbf,0x42,0xf2,0x4d,0xbc,
+	0xfc,0x9e,0x27,0x95,0xfb,0x75,0xff,0xab,0x02,0x82,
+	0x01,0x00,0x41,0x2f,0x44,0x57,0x6d,0x12,0x17,0x5b,
+	0x32,0xc6,0xb7,0x6c,0x57,0x7a,0x8a,0x0e,0x79,0xef,
+	0x72,0xa8,0x68,0xda,0x2d,0x38,0xe4,0xbb,0x8d,0xf6,
+	0x02,0x65,0xcf,0x56,0x13,0xe1,0x1a,0xcb,0x39,0x80,
+	0xa6,0xb1,0x32,0x03,0x1e,0xdd,0xbb,0x35,0xd9,0xac,
+	0x43,0x89,0x31,0x08,0x90,0x92,0x5e,0x35,0x3d,0x7b,
+	0x9c,0x6f,0x86,0xcb,0x17,0xdd,0x85,0xe4,0xed,0x35,
+	0x08,0x8e,0xc1,0xf4,0x05,0xd8,0x68,0xc6,0x63,0x3c,
+	0xf7,0xff,0xf7,0x47,0x33,0x39,0xc5,0x3e,0xb7,0x0e,
+	0x58,0x35,0x9d,0x81,0xea,0xf8,0x6a,0x2c,0x1c,0x5a,
+	0x68,0x78,0x64,0x11,0x6b,0xc1,0x3e,0x4e,0x7a,0xbd,
+	0x84,0xcb,0x0f,0xc2,0xb6,0x85,0x1d,0xd3,0x76,0xc5,
+	0x93,0x6a,0x69,0x89,0x56,0x34,0xdc,0x4a,0x9b,0xbc,
+	0xff,0xa8,0x0d,0x6e,0x35,0x9c,0x60,0xa7,0x23,0x30,
+	0xc7,0x06,0x64,0x39,0x8b,0x94,0x89,0xee,0xba,0x7f,
+	0x60,0x8d,0xfa,0xb6,0x97,0x76,0xdc,0x51,0x4a,0x3c,
+	0xeb,0x3a,0x14,0x2c,0x20,0x60,0x69,0x4a,0x86,0xfe,
+	0x8c,0x21,0x84,0x49,0x54,0xb3,0x20,0xe1,0x01,0x7f,
+	0x58,0xdf,0x7f,0xb5,0x21,0x51,0x8c,0x47,0x9f,0x91,
+	0xeb,0x97,0x3e,0xf2,0x54,0xcf,0x16,0x46,0xf9,0xd9,
+	0xb6,0xe7,0x64,0xc9,0xd0,0x54,0xea,0x2f,0xa1,0xcf,
+	0xa5,0x7f,0x28,0x8d,0x84,0xec,0xd5,0x39,0x03,0x76,
+	0x5b,0x2d,0x8e,0x43,0xf2,0x01,0x24,0xc9,0x6f,0xc0,
+	0xf5,0x69,0x6f,0x7d,0xb5,0x85,0xd2,0x5f,0x7f,0x78,
+	0x40,0x07,0x7f,0x09,0x15,0xb5,0x1f,0x28,0x65,0x10,
+	0xe4,0x19,0xa8,0xc6,0x9e,0x8d,0xdc,0xcb,0x02,0x82,
+	0x01,0x00,0x13,0x01,0xee,0x56,0x80,0x93,0x70,0x00,
+	0x7f,0x52,0xd2,0x94,0xa1,0x98,0x84,0x4a,0x92,0x25,
+	0x4c,0x9b,0xa9,0x91,0x2e,0xc2,0x79,0xb7,0x5c,0xe3,
+	0xc5,0xd5,0x8e,0xc2,0x54,0x16,0x17,0xad,0x55,0x9b,
+	0x25,0x76,0x12,0x63,0x50,0x22,0x2f,0x58,0x58,0x79,
+	0x6b,0x04,0xe3,0xf9,0x9f,0x8f,0x04,0x41,0x67,0x94,
+	0xa5,0x1f,0xac,0x8a,0x15,0x9c,0x26,0x10,0x6c,0xf8,
+	0x19,0x57,0x61,0xd7,0x3a,0x7d,0x31,0xb0,0x2d,0x38,
+	0xbd,0x94,0x62,0xad,0xc4,0xfa,0x36,0x42,0x42,0xf0,
+	0x24,0x67,0x65,0x9d,0x8b,0x0b,0x7c,0x6f,0x82,0x44,
+	0x1a,0x8c,0xc8,0xc9,0xab,0xbb,0x4c,0x45,0xfc,0x7b,
+	0x38,0xee,0x30,0xe1,0xfc,0xef,0x8d,0xbc,0x58,0xdf,
+	0x2b,0x5d,0x0d,0x54,0xe0,0x49,0x4d,0x97,0x99,0x8f,
+	0x22,0xa8,0x83,0xbe,0x40,0xbb,0x50,0x2e,0x78,0x28,
+	0x0f,0x95,0x78,0x8c,0x8f,0x98,0x24,0x56,0xc2,0x97,
+	0xf3,0x2c,0x43,0xd2,0x03,0x82,0x66,0x81,0x72,0x5f,
+	0x53,0x16,0xec,0xb1,0xb1,0x04,0x5e,0x40,0x20,0x48,
+	0x7b,0x3f,0x02,0x97,0x6a,0xeb,0x96,0x12,0x21,0x35,
+	0xfe,0x1f,0x47,0xc0,0x95,0xea,0xc5,0x8a,0x08,0x84,
+	0x4f,0x5e,0x63,0x94,0x60,0x0f,0x71,0x5b,0x7f,0x4a,
+	0xec,0x4f,0x60,0xc6,0xba,0x4a,0x24,0xf1,0x20,0x8b,
+	0xa7,0x2e,0x3a,0xce,0x8d,0xe0,0x27,0x1d,0xb5,0x8e,
+	0xb4,0x21,0xc5,0xe2,0xa6,0x16,0x0a,0x51,0x83,0x55,
+	0x88,0xd1,0x30,0x11,0x63,0xd5,0xd7,0x8d,0xae,0x16,
+	0x12,0x82,0xc4,0x85,0x00,0x4e,0x27,0x83,0xa5,0x7c,
+	0x90,0x2e,0xe5,0xa2,0xa3,0xd3,0x4c,0x63,0x02,0x82,
+	0x01,0x01,0x00,0x86,0x08,0x98,0x98,0xa5,0x00,0x05,
+	0x39,0x77,0xd9,0x66,0xb3,0xcf,0xca,0xa0,0x71,0xb3,
+	0x50,0xce,0x3d,0xb1,0x93,0x95,0x35,0xc4,0xd4,0x2e,
+	0x90,0xdf,0x0f,0xfc,0x60,0xc1,0x94,0x68,0x61,0x43,
+	0xca,0x9a,0x23,0x4a,0x1e,0x45,0x72,0x99,0xb5,0x1e,
+	0x61,0x8d,0x77,0x0f,0xa0,0xbb,0xd7,0x77,0xb4,0x2a,
+	0x15,0x11,0x88,0x2d,0xb3,0x56,0x61,0x5e,0x6a,0xed,
+	0xa4,0x46,0x4a,0x3f,0x50,0x11,0xd6,0xba,0xb6,0xd7,
+	0x95,0x65,0x53,0xc3,0xa1,0x8f,0xe0,0xa3,0xf5,0x1c,
+	0xfd,0xaf,0x6e,0x43,0xd7,0x17,0xa7,0xd3,0x81,0x1b,
+	0xa4,0xdf,0xe0,0x97,0x8a,0x46,0x03,0xd3,0x46,0x0e,
+	0x83,0x48,0x4e,0xd2,0x02,0xcb,0xc0,0xad,0x79,0x95,
+	0x8c,0x96,0xba,0x40,0x34,0x11,0x71,0x5e,0xe9,0x11,
+	0xf9,0xc5,0x4a,0x5e,0x91,0x9d,0xf5,0x92,0x4f,0xeb,
+	0xc6,0x70,0x02,0x2d,0x3d,0x04,0xaa,0xe9,0x3a,0x8e,
+	0xd5,0xa8,0xad,0xf7,0xce,0x0d,0x16,0xb2,0xec,0x0a,
+	0x9c,0xf5,0x94,0x39,0xb9,0x8a,0xfc,0x1e,0xf9,0xcc,
+	0xf2,0x5f,0x21,0x31,0x74,0x72,0x6b,0x64,0xae,0x35,
+	0x61,0x8d,0x0d,0xcb,0xe7,0xda,0x39,0xca,0xf3,0x21,
+	0x66,0x0b,0x95,0xd7,0x0a,0x7c,0xca,0xa1,0xa9,0x5a,
+	0xe8,0xac,0xe0,0x71,0x54,0xaf,0x28,0xcf,0xd5,0x70,
+	0x89,0xe0,0xf3,0x9e,0x43,0x6c,0x8d,0x7b,0x99,0x01,
+	0x68,0x4d,0xa1,0x45,0x46,0x0c,0x43,0xbc,0xcc,0x2c,
+	0xdd,0xc5,0x46,0xc8,0x4e,0x0e,0xbe,0xed,0xb9,0x26,
+	0xab,0x2e,0xdb,0xeb,0x8f,0xff,0xdb,0xb0,0xc6,0x55,
+	0xaf,0xf8,0x2a,0x91,0x9d,0x50,0x44,0x21,0x17,
+	};
diff --git a/crypto/openssl/apps/tkca b/crypto/openssl/apps/tkca
new file mode 100644
index 000000000000..bdaf21606afe
--- /dev/null
+++ b/crypto/openssl/apps/tkca
@@ -0,0 +1,66 @@
+#!/usr/local/bin/perl5
+#
+# This is only something I'm playing with, it does not work :-)
+#
+
+use Tk;
+
+my $main=MainWindow->new();
+my $f=$main->Frame(-relief => "ridge", -borderwidth => 2);
+$f->pack(-fill => 'x');
+
+my $ff=$f->Frame;
+$ff->pack(-fill => 'x');
+my $l=$ff->Label(-text => "TkCA - SSLeay",
+	-relief => "ridge", -borderwidth => 2);
+$l->pack(-fill => 'x', -ipady => 5);
+
+my $l=$ff->Button(-text => "Certify");
+$l->pack(-fill => 'x', -ipady => 5);
+
+my $l=$ff->Button(-text => "Review");
+$l->pack(-fill => 'x', -ipady => 5);
+
+my $l=$ff->Button(-text => "Revoke");
+$l->pack(-fill => 'x', -ipady => 5);
+
+my $l=$ff->Button(-text => "Generate CRL");
+$l->pack(-fill => 'x', -ipady => 5);
+
+my($db)=&load_db("demoCA/index.txt");
+
+MainLoop;
+
+sub load_db
+	{
+	my(%ret);
+	my($file)=@_;
+	my(*IN);
+	my(%db_serial,%db_name,@f,@db_s);
+
+	$ret{'serial'}=\%db_serial;
+	$ret{'name'}=\%db_name;
+
+	open(IN,"<$file") || die "unable to open $file:$!\n";
+	while ()
+		{
+		chop;
+		s/([^\\])\t/\1\t\t/g;
+		my(@f)=split(/\t\t/);
+		die "wrong number of fields in $file, line $.\n"
+			if ($#f != 5);
+
+		my(%f);
+		$f{'type'}=$f[0];
+		$f{'exp'}=$f[1];
+		$f{'rev'}=$f[2];
+		$f{'serial'}=$f[3];
+		$f{'file'}=$f[4];
+		$f{'name'}=$f[5];
+		die "serial number $f{'serial'} appears twice (line $.)\n"
+			if (defined($db{$f{'serial'}}))
+		$db_serial{$f{'serial'}}=\%f;
+		$db_name{$f{'name'}}.=$f{'serial'}." ";
+		}
+	return \%ret;
+	}
diff --git a/crypto/openssl/apps/verify.c b/crypto/openssl/apps/verify.c
new file mode 100644
index 000000000000..093fe09f2c26
--- /dev/null
+++ b/crypto/openssl/apps/verify.c
@@ -0,0 +1,229 @@
+/* apps/verify.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+#include "apps.h"
+#include 
+#include 
+#include 
+#include 
+
+#undef PROG
+#define PROG	verify_main
+
+static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx);
+static int check(X509_STORE *ctx,char *file);
+static int v_verbose=0;
+
+int MAIN(int argc, char **argv)
+	{
+	int i,ret=1;
+	char *CApath=NULL,*CAfile=NULL;
+	X509_STORE *cert_ctx=NULL;
+	X509_LOOKUP *lookup=NULL;
+
+	cert_ctx=X509_STORE_new();
+	if (cert_ctx == NULL) goto end;
+	X509_STORE_set_verify_cb_func(cert_ctx,cb);
+
+	ERR_load_crypto_strings();
+
+	apps_startup();
+
+	if (bio_err == NULL)
+		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+
+	argc--;
+	argv++;
+	for (;;)
+		{
+		if (argc >= 1)
+			{
+			if (strcmp(*argv,"-CApath") == 0)
+				{
+				if (argc-- < 1) goto end;
+				CApath= *(++argv);
+				}
+			else if (strcmp(*argv,"-CAfile") == 0)
+				{
+				if (argc-- < 1) goto end;
+				CAfile= *(++argv);
+				}
+			else if (strcmp(*argv,"-help") == 0)
+				goto end;
+			else if (strcmp(*argv,"-verbose") == 0)
+				v_verbose=1;
+			else if (argv[0][0] == '-')
+				goto end;
+			else
+				break;
+			argc--;
+			argv++;
+			}
+		else
+			break;
+		}
+
+	lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_file());
+	if (lookup == NULL) abort();
+	if (!X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_PEM))
+		X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT);
+		
+	lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_hash_dir());
+	if (lookup == NULL) abort();
+	if (!X509_LOOKUP_add_dir(lookup,CApath,X509_FILETYPE_PEM))
+		X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
+
+
+	ERR_clear_error();
+	if (argc < 1) check(cert_ctx,NULL);
+	else
+		for (i=0; ierror == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT)
+			ok=1;
+		else
+			{
+			X509_NAME_oneline(
+				X509_get_subject_name(ctx->current_cert),buf,256);
+			printf("%s\n",buf);
+			printf("error %d at %d depth lookup:%s\n",ctx->error,
+				ctx->error_depth,
+				X509_verify_cert_error_string(ctx->error));
+			if (ctx->error == X509_V_ERR_CERT_HAS_EXPIRED)
+				ok=1;
+			}
+		}
+	if (!v_verbose)
+		ERR_clear_error();
+	return(ok);
+	}
+
diff --git a/crypto/openssl/apps/version.c b/crypto/openssl/apps/version.c
new file mode 100644
index 000000000000..a567f34094c5
--- /dev/null
+++ b/crypto/openssl/apps/version.c
@@ -0,0 +1,130 @@
+/* apps/version.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+#include "apps.h"
+#include 
+#include 
+
+#undef PROG
+#define PROG	version_main
+
+int MAIN(int argc, char **argv)
+	{
+	int i,ret=0;
+	int cflags=0,version=0,date=0,options=0,platform=0;
+
+	apps_startup();
+
+	if (bio_err == NULL)
+		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+
+	if (argc == 1) version=1;
+	for (i=1; i
+#include 
+#include 
+#ifdef NO_STDIO
+#define APPS_WIN16
+#endif
+#include "apps.h"
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#undef PROG
+#define PROG x509_main
+
+#undef POSTFIX
+#define	POSTFIX	".srl"
+#define DEF_DAYS	30
+
+#define CERT_HDR	"certificate"
+
+static char *x509_usage[]={
+"usage: x509 args\n",
+" -inform arg     - input format - default PEM (one of DER, NET or PEM)\n",
+" -outform arg    - output format - default PEM (one of DER, NET or PEM)\n",
+" -keyform arg    - private key format - default PEM\n",
+" -CAform arg     - CA format - default PEM\n",
+" -CAkeyform arg  - CA key format - default PEM\n",
+" -in arg         - input file - default stdin\n",
+" -out arg        - output file - default stdout\n",
+" -serial         - print serial number value\n",
+" -hash           - print hash value\n",
+" -subject        - print subject DN\n",
+" -issuer         - print issuer DN\n",
+" -startdate      - notBefore field\n",
+" -enddate        - notAfter field\n",
+" -dates          - both Before and After dates\n",
+" -modulus        - print the RSA key modulus\n",
+" -fingerprint    - print the certificate fingerprint\n",
+" -noout          - no certificate output\n",
+
+" -days arg       - How long till expiry of a signed certificate - def 30 days\n",
+" -signkey arg    - self sign cert with arg\n",
+" -x509toreq      - output a certification request object\n",
+" -req            - input is a certificate request, sign and output.\n",
+" -CA arg         - set the CA certificate, must be PEM format.\n",
+" -CAkey arg      - set the CA key, must be PEM format\n",
+"                   missing, it is asssumed to be in the CA file.\n",
+" -CAcreateserial - create serial number file if it does not exist\n",
+" -CAserial       - serial file\n",
+" -text           - print the certificate in text form\n",
+" -C              - print out C code forms\n",
+" -md2/-md5/-sha1/-mdc2 - digest to do an RSA sign with\n",
+" -extfile        - configuration file with X509V3 extensions to add\n",
+NULL
+};
+
+static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx);
+static EVP_PKEY *load_key(char *file, int format);
+static X509 *load_cert(char *file, int format);
+static int sign (X509 *x, EVP_PKEY *pkey,int days,const EVP_MD *digest,
+						LHASH *conf, char *section);
+static int x509_certify (X509_STORE *ctx,char *CAfile,const EVP_MD *digest,
+			 X509 *x,X509 *xca,EVP_PKEY *pkey,char *serial,
+			 int create,int days, LHASH *conf, char *section);
+static int reqfile=0;
+
+int MAIN(int argc, char **argv)
+	{
+	int ret=1;
+	X509_REQ *req=NULL;
+	X509 *x=NULL,*xca=NULL;
+	EVP_PKEY *Upkey=NULL,*CApkey=NULL;
+	int i,num,badops=0;
+	BIO *out=NULL;
+	BIO *STDout=NULL;
+	int informat,outformat,keyformat,CAformat,CAkeyformat;
+	char *infile=NULL,*outfile=NULL,*keyfile=NULL,*CAfile=NULL;
+	char *CAkeyfile=NULL,*CAserial=NULL;
+	int text=0,serial=0,hash=0,subject=0,issuer=0,startdate=0,enddate=0;
+	int noout=0,sign_flag=0,CA_flag=0,CA_createserial=0;
+	int C=0;
+	int x509req=0,days=DEF_DAYS,modulus=0;
+	char **pp;
+	X509_STORE *ctx=NULL;
+	X509_REQ *rq=NULL;
+	int fingerprint=0;
+	char buf[256];
+	const EVP_MD *md_alg,*digest=EVP_md5();
+	LHASH *extconf = NULL;
+	char *extsect = NULL, *extfile = NULL;
+
+	reqfile=0;
+
+	apps_startup();
+
+	if (bio_err == NULL)
+		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+	STDout=BIO_new_fp(stdout,BIO_NOCLOSE);
+
+	informat=FORMAT_PEM;
+	outformat=FORMAT_PEM;
+	keyformat=FORMAT_PEM;
+	CAformat=FORMAT_PEM;
+	CAkeyformat=FORMAT_PEM;
+
+	ctx=X509_STORE_new();
+	if (ctx == NULL) goto end;
+	X509_STORE_set_verify_cb_func(ctx,callb);
+
+	argc--;
+	argv++;
+	num=0;
+	while (argc >= 1)
+		{
+		if 	(strcmp(*argv,"-inform") == 0)
+			{
+			if (--argc < 1) goto bad;
+			informat=str2fmt(*(++argv));
+			}
+		else if (strcmp(*argv,"-outform") == 0)
+			{
+			if (--argc < 1) goto bad;
+			outformat=str2fmt(*(++argv));
+			}
+		else if (strcmp(*argv,"-keyform") == 0)
+			{
+			if (--argc < 1) goto bad;
+			keyformat=str2fmt(*(++argv));
+			}
+		else if (strcmp(*argv,"-req") == 0)
+			reqfile=1;
+		else if (strcmp(*argv,"-CAform") == 0)
+			{
+			if (--argc < 1) goto bad;
+			CAformat=str2fmt(*(++argv));
+			}
+		else if (strcmp(*argv,"-CAkeyform") == 0)
+			{
+			if (--argc < 1) goto bad;
+			CAformat=str2fmt(*(++argv));
+			}
+		else if (strcmp(*argv,"-days") == 0)
+			{
+			if (--argc < 1) goto bad;
+			days=atoi(*(++argv));
+			if (days == 0)
+				{
+				BIO_printf(STDout,"bad number of days\n");
+				goto bad;
+				}
+			}
+		else if (strcmp(*argv,"-extfile") == 0)
+			{
+			if (--argc < 1) goto bad;
+			extfile= *(++argv);
+			}
+		else if (strcmp(*argv,"-in") == 0)
+			{
+			if (--argc < 1) goto bad;
+			infile= *(++argv);
+			}
+		else if (strcmp(*argv,"-out") == 0)
+			{
+			if (--argc < 1) goto bad;
+			outfile= *(++argv);
+			}
+		else if (strcmp(*argv,"-signkey") == 0)
+			{
+			if (--argc < 1) goto bad;
+			keyfile= *(++argv);
+			sign_flag= ++num;
+			}
+		else if (strcmp(*argv,"-CA") == 0)
+			{
+			if (--argc < 1) goto bad;
+			CAfile= *(++argv);
+			CA_flag= ++num;
+			}
+		else if (strcmp(*argv,"-CAkey") == 0)
+			{
+			if (--argc < 1) goto bad;
+			CAkeyfile= *(++argv);
+			}
+		else if (strcmp(*argv,"-CAserial") == 0)
+			{
+			if (--argc < 1) goto bad;
+			CAserial= *(++argv);
+			}
+		else if (strcmp(*argv,"-C") == 0)
+			C= ++num;
+		else if (strcmp(*argv,"-serial") == 0)
+			serial= ++num;
+		else if (strcmp(*argv,"-modulus") == 0)
+			modulus= ++num;
+		else if (strcmp(*argv,"-x509toreq") == 0)
+			x509req= ++num;
+		else if (strcmp(*argv,"-text") == 0)
+			text= ++num;
+		else if (strcmp(*argv,"-hash") == 0)
+			hash= ++num;
+		else if (strcmp(*argv,"-subject") == 0)
+			subject= ++num;
+		else if (strcmp(*argv,"-issuer") == 0)
+			issuer= ++num;
+		else if (strcmp(*argv,"-fingerprint") == 0)
+			fingerprint= ++num;
+		else if (strcmp(*argv,"-dates") == 0)
+			{
+			startdate= ++num;
+			enddate= ++num;
+			}
+		else if (strcmp(*argv,"-startdate") == 0)
+			startdate= ++num;
+		else if (strcmp(*argv,"-enddate") == 0)
+			enddate= ++num;
+		else if (strcmp(*argv,"-noout") == 0)
+			noout= ++num;
+		else if (strcmp(*argv,"-CAcreateserial") == 0)
+			CA_createserial= ++num;
+		else if ((md_alg=EVP_get_digestbyname(&((*argv)[1]))) != NULL)
+			{
+			/* ok */
+			digest=md_alg;
+			}
+		else
+			{
+			BIO_printf(bio_err,"unknown option %s\n",*argv);
+			badops=1;
+			break;
+			}
+		argc--;
+		argv++;
+		}
+
+	if (badops)
+		{
+bad:
+		for (pp=x509_usage; (*pp != NULL); pp++)
+			BIO_printf(bio_err,*pp);
+		goto end;
+		}
+
+	ERR_load_crypto_strings();
+	X509V3_add_standard_extensions();
+
+	if (!X509_STORE_set_default_paths(ctx))
+		{
+		ERR_print_errors(bio_err);
+		goto end;
+		}
+
+	if ((CAkeyfile == NULL) && (CA_flag) && (CAformat == FORMAT_PEM))
+		{ CAkeyfile=CAfile; }
+	else if ((CA_flag) && (CAkeyfile == NULL))
+		{
+		BIO_printf(bio_err,"need to specify a CAkey if using the CA command\n");
+		goto end;
+		}
+
+	if (extfile) {
+		long errorline;
+		X509V3_CTX ctx2;
+		if (!(extconf=CONF_load(NULL,extfile,&errorline))) {
+			if (errorline <= 0)
+				BIO_printf(bio_err,
+					"error loading the config file '%s'\n",
+								extfile);
+                	else
+                        	BIO_printf(bio_err,
+				       "error on line %ld of config file '%s'\n"
+							,errorline,extfile);
+			goto end;
+		}
+		if(!(extsect = CONF_get_string(extconf, "default",
+					 "extensions"))) extsect = "default";
+		X509V3_set_ctx_test(&ctx2);
+		X509V3_set_conf_lhash(&ctx2, extconf);
+		if(!X509V3_EXT_add_conf(extconf, &ctx2, extsect, NULL)) {
+			BIO_printf(bio_err,
+				"Error Loading extension section %s\n",
+								 extsect);
+			ERR_print_errors(bio_err);
+			goto end;
+                }
+	} 
+
+
+	if (reqfile)
+		{
+		EVP_PKEY *pkey;
+		X509_CINF *ci;
+		BIO *in;
+
+		if (!sign_flag && !CA_flag)
+			{
+			BIO_printf(bio_err,"We need a private key to sign with\n");
+			goto end;
+			}
+		in=BIO_new(BIO_s_file());
+		if (in == NULL)
+			{
+			ERR_print_errors(bio_err);
+			goto end;
+			}
+
+		if (infile == NULL)
+			BIO_set_fp(in,stdin,BIO_NOCLOSE|BIO_FP_TEXT);
+		else
+			{
+			if (BIO_read_filename(in,infile) <= 0)
+				{
+				perror(infile);
+				goto end;
+				}
+			}
+		req=PEM_read_bio_X509_REQ(in,NULL,NULL,NULL);
+		BIO_free(in);
+
+		if (req == NULL) { perror(infile); goto end; }
+
+		if (	(req->req_info == NULL) ||
+			(req->req_info->pubkey == NULL) ||
+			(req->req_info->pubkey->public_key == NULL) ||
+			(req->req_info->pubkey->public_key->data == NULL))
+			{
+			BIO_printf(bio_err,"The certificate request appears to corrupted\n");
+			BIO_printf(bio_err,"It does not contain a public key\n");
+			goto end;
+			}
+		if ((pkey=X509_REQ_get_pubkey(req)) == NULL)
+	                {
+	                BIO_printf(bio_err,"error unpacking public key\n");
+	                goto end;
+	                }
+		i=X509_REQ_verify(req,pkey);
+		EVP_PKEY_free(pkey);
+		if (i < 0)
+			{
+			BIO_printf(bio_err,"Signature verification error\n");
+			ERR_print_errors(bio_err);
+			goto end;
+			}
+	        if (i == 0)
+			{
+			BIO_printf(bio_err,"Signature did not match the certificate request\n");
+			goto end;
+			}
+		else
+			BIO_printf(bio_err,"Signature ok\n");
+		
+		X509_NAME_oneline(req->req_info->subject,buf,256);
+		BIO_printf(bio_err,"subject=%s\n",buf);
+
+		if ((x=X509_new()) == NULL) goto end;
+		ci=x->cert_info;
+
+		if (!ASN1_INTEGER_set(X509_get_serialNumber(x),0)) goto end;
+		if (!X509_set_issuer_name(x,req->req_info->subject)) goto end;
+		if (!X509_set_subject_name(x,req->req_info->subject)) goto end;
+
+		X509_gmtime_adj(X509_get_notBefore(x),0);
+	        X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days);
+
+#if 0
+		X509_PUBKEY_free(ci->key);
+		ci->key=req->req_info->pubkey;
+	        req->req_info->pubkey=NULL;
+#else
+		pkey = X509_REQ_get_pubkey(req);
+		X509_set_pubkey(x,pkey);
+		EVP_PKEY_free(pkey);
+#endif
+		}
+	else
+		x=load_cert(infile,informat);
+
+	if (x == NULL) goto end;
+	if (CA_flag)
+		{
+		xca=load_cert(CAfile,CAformat);
+		if (xca == NULL) goto end;
+		}
+
+	if (!noout || text)
+		{
+		OBJ_create("2.99999.3",
+			"SET.ex3","SET x509v3 extension 3");
+
+		out=BIO_new(BIO_s_file());
+		if (out == NULL)
+			{
+			ERR_print_errors(bio_err);
+			goto end;
+			}
+		if (outfile == NULL)
+			BIO_set_fp(out,stdout,BIO_NOCLOSE);
+		else
+			{
+			if (BIO_write_filename(out,outfile) <= 0)
+				{
+				perror(outfile);
+				goto end;
+				}
+			}
+		}
+
+	if (num)
+		{
+		for (i=1; i<=num; i++)
+			{
+			if (issuer == i)
+				{
+				X509_NAME_oneline(X509_get_issuer_name(x),
+					buf,256);
+				BIO_printf(STDout,"issuer= %s\n",buf);
+				}
+			else if (subject == i) 
+				{
+				X509_NAME_oneline(X509_get_subject_name(x),
+					buf,256);
+				BIO_printf(STDout,"subject=%s\n",buf);
+				}
+			else if (serial == i)
+				{
+				BIO_printf(STDout,"serial=");
+				i2a_ASN1_INTEGER(STDout,x->cert_info->serialNumber);
+				BIO_printf(STDout,"\n");
+				}
+			else if (hash == i)
+				{
+				BIO_printf(STDout,"%08lx\n",X509_subject_name_hash(x));
+				}
+			else
+				if (modulus == i)
+				{
+				EVP_PKEY *pkey;
+
+				pkey=X509_get_pubkey(x);
+				if (pkey == NULL)
+					{
+					BIO_printf(bio_err,"Modulus=unavailable\n");
+					ERR_print_errors(bio_err);
+					goto end;
+					}
+				BIO_printf(STDout,"Modulus=");
+#ifndef NO_RSA
+				if (pkey->type == EVP_PKEY_RSA)
+					BN_print(STDout,pkey->pkey.rsa->n);
+				else
+#endif
+#ifndef NO_DSA
+				if (pkey->type == EVP_PKEY_DSA)
+					BN_print(STDout,pkey->pkey.dsa->pub_key);
+				else
+#endif
+					BIO_printf(STDout,"Wrong Algorithm type");
+				BIO_printf(STDout,"\n");
+				EVP_PKEY_free(pkey);
+				}
+			else
+				if (C == i)
+				{
+				unsigned char *d;
+				char *m;
+				int y,z;
+
+				X509_NAME_oneline(X509_get_subject_name(x),
+					buf,256);
+				BIO_printf(STDout,"/* subject:%s */\n",buf);
+				m=X509_NAME_oneline(
+					X509_get_issuer_name(x),buf,256);
+				BIO_printf(STDout,"/* issuer :%s */\n",buf);
+
+				z=i2d_X509(x,NULL);
+				m=Malloc(z);
+
+				d=(unsigned char *)m;
+				z=i2d_X509_NAME(X509_get_subject_name(x),&d);
+				BIO_printf(STDout,"unsigned char XXX_subject_name[%d]={\n",z);
+				d=(unsigned char *)m;
+				for (y=0; ytype == EVP_PKEY_DSA)
+		                        digest=EVP_dss1();
+#endif
+
+				if (!sign(x,Upkey,days,digest,
+						 extconf, extsect)) goto end;
+				}
+			else if (CA_flag == i)
+				{
+				BIO_printf(bio_err,"Getting CA Private Key\n");
+				if (CAkeyfile != NULL)
+					{
+					CApkey=load_key(CAkeyfile,CAkeyformat);
+					if (CApkey == NULL) goto end;
+					}
+#ifndef NO_DSA
+		                if (CApkey->type == EVP_PKEY_DSA)
+		                        digest=EVP_dss1();
+#endif
+				
+				if (!x509_certify(ctx,CAfile,digest,x,xca,
+					CApkey, CAserial,CA_createserial,days,
+					extconf, extsect))
+					goto end;
+				}
+			else if (x509req == i)
+				{
+				EVP_PKEY *pk;
+
+				BIO_printf(bio_err,"Getting request Private Key\n");
+				if (keyfile == NULL)
+					{
+					BIO_printf(bio_err,"no request key file specified\n");
+					goto end;
+					}
+				else
+					{
+					pk=load_key(keyfile,FORMAT_PEM);
+					if (pk == NULL) goto end;
+					}
+
+				BIO_printf(bio_err,"Generating certificate request\n");
+
+				rq=X509_to_X509_REQ(x,pk,EVP_md5());
+				EVP_PKEY_free(pk);
+				if (rq == NULL)
+					{
+					ERR_print_errors(bio_err);
+					goto end;
+					}
+				if (!noout)
+					{
+					X509_REQ_print(out,rq);
+					PEM_write_bio_X509_REQ(out,rq);
+					}
+				noout=1;
+				}
+			}
+		}
+
+	if (noout)
+		{
+		ret=0;
+		goto end;
+		}
+
+	if 	(outformat == FORMAT_ASN1)
+		i=i2d_X509_bio(out,x);
+	else if (outformat == FORMAT_PEM)
+		i=PEM_write_bio_X509(out,x);
+	else if (outformat == FORMAT_NETSCAPE)
+		{
+		ASN1_HEADER ah;
+		ASN1_OCTET_STRING os;
+
+		os.data=(unsigned char *)CERT_HDR;
+		os.length=strlen(CERT_HDR);
+		ah.header= &os;
+		ah.data=(char *)x;
+		ah.meth=X509_asn1_meth();
+
+		/* no macro for this one yet */
+		i=ASN1_i2d_bio(i2d_ASN1_HEADER,out,(unsigned char *)&ah);
+		}
+	else	{
+		BIO_printf(bio_err,"bad output format specified for outfile\n");
+		goto end;
+		}
+	if (!i) {
+		BIO_printf(bio_err,"unable to write certificate\n");
+		ERR_print_errors(bio_err);
+		goto end;
+		}
+	ret=0;
+end:
+	OBJ_cleanup();
+	CONF_free(extconf);
+	BIO_free(out);
+	BIO_free(STDout);
+	X509_STORE_free(ctx);
+	X509_REQ_free(req);
+	X509_free(x);
+	X509_free(xca);
+	EVP_PKEY_free(Upkey);
+	EVP_PKEY_free(CApkey);
+	X509_REQ_free(rq);
+	X509V3_EXT_cleanup();
+	EXIT(ret);
+	}
+
+static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
+	     X509 *x, X509 *xca, EVP_PKEY *pkey, char *serialfile, int create,
+	     int days, LHASH *conf, char *section)
+	{
+	int ret=0;
+	BIO *io=NULL;
+	MS_STATIC char buf2[1024];
+	char *buf=NULL,*p;
+	BIGNUM *serial=NULL;
+	ASN1_INTEGER *bs=NULL,bs2;
+	X509_STORE_CTX xsc;
+	EVP_PKEY *upkey;
+
+	upkey = X509_get_pubkey(xca);
+	EVP_PKEY_copy_parameters(upkey,pkey);
+	EVP_PKEY_free(upkey);
+
+	X509_STORE_CTX_init(&xsc,ctx,x,NULL);
+	buf=(char *)Malloc(EVP_PKEY_size(pkey)*2+
+		((serialfile == NULL)
+			?(strlen(CAfile)+strlen(POSTFIX)+1)
+			:(strlen(serialfile)))+1);
+	if (buf == NULL) { BIO_printf(bio_err,"out of mem\n"); goto end; }
+	if (serialfile == NULL)
+		{
+		strcpy(buf,CAfile);
+		for (p=buf; *p; p++)
+			if (*p == '.')
+				{
+				*p='\0';
+				break;
+				}
+		strcat(buf,POSTFIX);
+		}
+	else
+		strcpy(buf,serialfile);
+	serial=BN_new();
+	bs=ASN1_INTEGER_new();
+	if ((serial == NULL) || (bs == NULL))
+		{
+		ERR_print_errors(bio_err);
+		goto end;
+		}
+
+	io=BIO_new(BIO_s_file());
+	if (io == NULL)
+		{
+		ERR_print_errors(bio_err);
+		goto end;
+		}
+	
+	if (BIO_read_filename(io,buf) <= 0)
+		{
+		if (!create)
+			{
+			perror(buf);
+			goto end;
+			}
+		else
+			{
+			ASN1_INTEGER_set(bs,0);
+			BN_zero(serial);
+			}
+		}
+	else 
+		{
+		if (!a2i_ASN1_INTEGER(io,bs,buf2,1024))
+			{
+			BIO_printf(bio_err,"unable to load serial number from %s\n",buf);
+			ERR_print_errors(bio_err);
+			goto end;
+			}
+		else
+			{
+			serial=BN_bin2bn(bs->data,bs->length,serial);
+			if (serial == NULL)
+				{
+				BIO_printf(bio_err,"error converting bin 2 bn");
+				goto end;
+				}
+			}
+		}
+
+	if (!BN_add_word(serial,1))
+		{ BIO_printf(bio_err,"add_word failure\n"); goto end; }
+	bs2.data=(unsigned char *)buf2;
+	bs2.length=BN_bn2bin(serial,bs2.data);
+
+	if (BIO_write_filename(io,buf) <= 0)
+		{
+		BIO_printf(bio_err,"error attempting to write serial number file\n");
+		perror(buf);
+		goto end;
+		}
+	i2a_ASN1_INTEGER(io,&bs2);
+	BIO_puts(io,"\n");
+	BIO_free(io);
+	io=NULL;
+	
+	if (!X509_STORE_add_cert(ctx,x)) goto end;
+
+	/* NOTE: this certificate can/should be self signed, unless it was
+	 * a certificate request in which case it is not. */
+	X509_STORE_CTX_set_cert(&xsc,x);
+	if (!reqfile && !X509_verify_cert(&xsc))
+		goto end;
+
+	if (!X509_check_private_key(xca,pkey))
+		{
+		BIO_printf(bio_err,"CA certificate and CA private key do not match\n");
+		goto end;
+		}
+
+	if (!X509_set_issuer_name(x,X509_get_subject_name(xca))) goto end;
+	if (!X509_set_serialNumber(x,bs)) goto end;
+
+	if (X509_gmtime_adj(X509_get_notBefore(x),0L) == NULL)
+		goto end;
+
+	/* hardwired expired */
+	if (X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days) == NULL)
+		goto end;
+
+	if(conf) {
+		X509V3_CTX ctx2;
+		X509_set_version(x,2); /* version 3 certificate */
+                X509V3_set_ctx(&ctx2, xca, x, NULL, NULL, 0);
+                X509V3_set_conf_lhash(&ctx2, conf);
+                if(!X509V3_EXT_add_conf(conf, &ctx2, section, x)) goto end;
+	}
+
+	if (!X509_sign(x,pkey,digest)) goto end;
+	ret=1;
+end:
+	X509_STORE_CTX_cleanup(&xsc);
+	if (!ret)
+		ERR_print_errors(bio_err);
+	if (buf != NULL) Free(buf);
+	if (bs != NULL) ASN1_INTEGER_free(bs);
+	if (io != NULL)	BIO_free(io);
+	if (serial != NULL) BN_free(serial);
+	return(ret);
+	}
+
+static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx)
+	{
+	char buf[256];
+	int err;
+	X509 *err_cert;
+
+	/* it is ok to use a self signed certificate
+	 * This case will catch both the initial ok == 0 and the
+	 * final ok == 1 calls to this function */
+	err=X509_STORE_CTX_get_error(ctx);
+	if (err == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT)
+		return(1);
+
+	/* BAD we should have gotten an error.  Normally if everything
+	 * worked X509_STORE_CTX_get_error(ctx) will still be set to
+	 * DEPTH_ZERO_SELF_.... */
+	if (ok)
+		{
+		BIO_printf(bio_err,"error with certificate to be certified - should be self signed\n");
+		return(0);
+		}
+	else
+		{
+		err_cert=X509_STORE_CTX_get_current_cert(ctx);
+		X509_NAME_oneline(X509_get_subject_name(err_cert),buf,256);
+		BIO_printf(bio_err,"%s\n",buf);
+		BIO_printf(bio_err,"error with certificate - error %d at depth %d\n%s\n",
+			err,X509_STORE_CTX_get_error_depth(ctx),
+			X509_verify_cert_error_string(err));
+		return(1);
+		}
+	}
+
+static EVP_PKEY *load_key(char *file, int format)
+	{
+	BIO *key=NULL;
+	EVP_PKEY *pkey=NULL;
+
+	if (file == NULL)
+		{
+		BIO_printf(bio_err,"no keyfile specified\n");
+		goto end;
+		}
+	key=BIO_new(BIO_s_file());
+	if (key == NULL)
+		{
+		ERR_print_errors(bio_err);
+		goto end;
+		}
+	if (BIO_read_filename(key,file) <= 0)
+		{
+		perror(file);
+		goto end;
+		}
+#ifndef NO_RSA
+	if	(format == FORMAT_ASN1)
+		{
+		RSA *rsa;
+
+		rsa=d2i_RSAPrivateKey_bio(key,NULL);
+		if (rsa != NULL)
+			{
+			if ((pkey=EVP_PKEY_new()) != NULL)
+				EVP_PKEY_assign_RSA(pkey,rsa);
+			else
+				RSA_free(rsa);
+			}
+		}
+	else
+#endif
+		if (format == FORMAT_PEM)
+		{
+		pkey=PEM_read_bio_PrivateKey(key,NULL,NULL,NULL);
+		}
+	else
+		{
+		BIO_printf(bio_err,"bad input format specified for key\n");
+		goto end;
+		}
+end:
+	if (key != NULL) BIO_free(key);
+	if (pkey == NULL)
+		BIO_printf(bio_err,"unable to load Private Key\n");
+	return(pkey);
+	}
+
+static X509 *load_cert(char *file, int format)
+	{
+	ASN1_HEADER *ah=NULL;
+	BUF_MEM *buf=NULL;
+	X509 *x=NULL;
+	BIO *cert;
+
+	if ((cert=BIO_new(BIO_s_file())) == NULL)
+		{
+		ERR_print_errors(bio_err);
+		goto end;
+		}
+
+	if (file == NULL)
+		BIO_set_fp(cert,stdin,BIO_NOCLOSE);
+	else
+		{
+		if (BIO_read_filename(cert,file) <= 0)
+			{
+			perror(file);
+			goto end;
+			}
+		}
+	if 	(format == FORMAT_ASN1)
+		x=d2i_X509_bio(cert,NULL);
+	else if (format == FORMAT_NETSCAPE)
+		{
+		unsigned char *p,*op;
+		int size=0,i;
+
+		/* We sort of have to do it this way because it is sort of nice
+		 * to read the header first and check it, then
+		 * try to read the certificate */
+		buf=BUF_MEM_new();
+		for (;;)
+			{
+			if ((buf == NULL) || (!BUF_MEM_grow(buf,size+1024*10)))
+				goto end;
+			i=BIO_read(cert,&(buf->data[size]),1024*10);
+			size+=i;
+			if (i == 0) break;
+			if (i < 0)
+				{
+				perror("reading certificate");
+				goto end;
+				}
+			}
+		p=(unsigned char *)buf->data;
+		op=p;
+
+		/* First load the header */
+		if ((ah=d2i_ASN1_HEADER(NULL,&p,(long)size)) == NULL)
+			goto end;
+		if ((ah->header == NULL) || (ah->header->data == NULL) ||
+			(strncmp(CERT_HDR,(char *)ah->header->data,
+			ah->header->length) != 0))
+			{
+			BIO_printf(bio_err,"Error reading header on certificate\n");
+			goto end;
+			}
+		/* header is ok, so now read the object */
+		p=op;
+		ah->meth=X509_asn1_meth();
+		if ((ah=d2i_ASN1_HEADER(&ah,&p,(long)size)) == NULL)
+			goto end;
+		x=(X509 *)ah->data;
+		ah->data=NULL;
+		}
+	else if (format == FORMAT_PEM)
+		x=PEM_read_bio_X509(cert,NULL,NULL,NULL);
+	else	{
+		BIO_printf(bio_err,"bad input format specified for input cert\n");
+		goto end;
+		}
+end:
+	if (x == NULL)
+		{
+		BIO_printf(bio_err,"unable to load certificate\n");
+		ERR_print_errors(bio_err);
+		}
+	if (ah != NULL) ASN1_HEADER_free(ah);
+	if (cert != NULL) BIO_free(cert);
+	if (buf != NULL) BUF_MEM_free(buf);
+	return(x);
+	}
+
+/* self sign */
+static int sign(X509 *x, EVP_PKEY *pkey, int days, const EVP_MD *digest, 
+						LHASH *conf, char *section)
+	{
+
+	EVP_PKEY *pktmp;
+
+	pktmp = X509_get_pubkey(x);
+	EVP_PKEY_copy_parameters(pktmp,pkey);
+	EVP_PKEY_save_parameters(pktmp,1);
+	EVP_PKEY_free(pktmp);
+
+	if (!X509_set_issuer_name(x,X509_get_subject_name(x))) goto err;
+	if (X509_gmtime_adj(X509_get_notBefore(x),0) == NULL) goto err;
+
+	/* Lets just make it 12:00am GMT, Jan 1 1970 */
+	/* memcpy(x->cert_info->validity->notBefore,"700101120000Z",13); */
+	/* 28 days to be certified */
+
+	if (X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days) == NULL)
+		goto err;
+
+	if (!X509_set_pubkey(x,pkey)) goto err;
+	if(conf) {
+		X509V3_CTX ctx;
+		X509_set_version(x,2); /* version 3 certificate */
+                X509V3_set_ctx(&ctx, x, x, NULL, NULL, 0);
+                X509V3_set_conf_lhash(&ctx, conf);
+                if(!X509V3_EXT_add_conf(conf, &ctx, section, x)) goto err;
+	}
+	if (!X509_sign(x,pkey,digest)) goto err;
+	return(1);
+err:
+	ERR_print_errors(bio_err);
+	return(0);
+	}
diff --git a/crypto/openssl/bugs/MS b/crypto/openssl/bugs/MS
new file mode 100644
index 000000000000..a1dcfb90de20
--- /dev/null
+++ b/crypto/openssl/bugs/MS
@@ -0,0 +1,7 @@
+If you use the function that does an fopen inside the DLL, it's malloc
+will be used and when the function is then written inside, more
+hassles
+....
+
+
+think about it.
diff --git a/crypto/openssl/bugs/SSLv3 b/crypto/openssl/bugs/SSLv3
new file mode 100644
index 000000000000..2e22a65cddc7
--- /dev/null
+++ b/crypto/openssl/bugs/SSLv3
@@ -0,0 +1,41 @@
+So far...
+
+ssl3.netscape.com:443 does not support client side dynamic
+session-renegotiation.
+
+ssl3.netscape.com:444 (asks for client cert) sends out all the CA RDN
+in an invalid format (the outer sequence is removed).
+
+Netscape-Commerce/1.12, when talking SSLv2, accepts a 32 byte
+challenge but then appears to only use 16 bytes when generating the
+encryption keys.  Using 16 bytes is ok but it should be ok to use 32.
+According to the SSLv3 spec, one should use 32 bytes for the challenge
+when opperating in SSLv2/v3 compatablity mode, but as mentioned above,
+this breaks this server so 16 bytes is the way to go.
+
+www.microsoft.com - when talking SSLv2, if session-id reuse is
+performed, the session-id passed back in the server-finished message
+is different from the one decided upon.
+
+ssl3.netscape.com:443, first a connection is established with RC4-MD5.
+If it is then resumed, we end up using DES-CBC3-SHA.  It should be
+RC4-MD5 according to 7.6.1.3, 'cipher_suite'.
+Netscape-Enterprise/2.01 (https://merchant.netscape.com) has this bug.
+It only really shows up when connecting via SSLv2/v3 then reconnecting
+via SSLv3. The cipher list changes....
+NEW INFORMATION.  Try connecting with a cipher list of just
+DES-CBC-SHA:RC4-MD5.  For some weird reason, each new connection uses
+RC4-MD5, but a re-connect tries to use DES-CBC-SHA.  So netscape, when
+doing a re-connect, always takes the first cipher in the cipher list.
+
+If we accept a netscape connection, demand a client cert, have a
+non-self-sighed CA which does not have it's CA in netscape, and the
+browser has a cert, it will crash/hang.  Works for 3.x and 4.xbeta
+
+Netscape browsers do not really notice the server sending a
+close notify message.  I was sending one, and then some invalid data.
+netscape complained of an invalid mac. (a fork()ed child doing a
+SSL_shutdown() and still sharing the socket with its parent).
+
+Netscape, when using export ciphers, will accept a 1024 bit temporary
+RSA key.  It is supposed to only accept 512.
diff --git a/crypto/openssl/bugs/VC16.bug b/crypto/openssl/bugs/VC16.bug
new file mode 100644
index 000000000000..7815bb5c77ea
--- /dev/null
+++ b/crypto/openssl/bugs/VC16.bug
@@ -0,0 +1,18 @@
+Microsoft (R) C/C++ Optimizing Compiler Version 8.00c
+
+Compile with /O2 chokes the compiler on these files
+
+crypto\md\md5_dgst.c		warning '@(#)reg86.c:1.26', line 1110
+crypto\des\ofb64ede.c		warning '@(#)grammar.c:1.147', line 168
+crypto\des\ofb64enc.c		warning '@(#)grammar.c:1.147', line 168
+crypto\des\qud_cksm.c		warning '@(#)grammar.c:1.147', line 168
+crypto\rc2\rc2ofb64.c		warning '@(#)grammar.c:1.147', line 168
+crypto\objects\obj_dat.c	warning	'@(#)grammar.c:1.147', line 168
+				fatal	'@(#)grammar.c:1.147', line 168
+crypto\objects\obj_lib.c	warning	'@(#)grammar.c:1.147', line 168
+				fatal	'@(#)grammar.c:1.147', line 168
+ssl\ssl_auth.c			warning	'@(#)grammar.c:1.147', line 168
+				fatal	'@(#)grammar.c:1.147', line 168
+
+Turning on /G3 with build flags that worked fine for /G2 came up with
+divide by zero errors in 'normal' code in speed.c :-(
diff --git a/crypto/openssl/bugs/alpha.c b/crypto/openssl/bugs/alpha.c
new file mode 100644
index 000000000000..701d6a7c7422
--- /dev/null
+++ b/crypto/openssl/bugs/alpha.c
@@ -0,0 +1,91 @@
+/* bugs/alpha.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* while not exactly a bug (ASN1 C leaves this undefined) it is
+ * something to watch out for.  This was fine on linux/NT/Solaris but not
+ * Alpha */
+
+/* it is basically an example of
+ * func(*(a++),*(a++))
+ * which parameter is evaluated first?  It is not defined in ASN1 C.
+ */
+
+#include 
+
+#define TYPE    unsigned int
+
+void func(a,b)
+TYPE *a;
+TYPE b;
+        {
+        printf("%ld -1 == %ld\n",a[0],b);
+        }
+
+main()
+        {
+        TYPE data[5]={1L,2L,3L,4L,5L};
+        TYPE *p;
+        int i;
+
+        p=data;
+
+        for (i=0; i<4; i++)
+                {
+                func(p,*(p++));
+                }
+        }
diff --git a/crypto/openssl/bugs/dggccbug.c b/crypto/openssl/bugs/dggccbug.c
new file mode 100644
index 000000000000..30e07a60ea4a
--- /dev/null
+++ b/crypto/openssl/bugs/dggccbug.c
@@ -0,0 +1,45 @@
+/* NOCW */
+/* dggccbug.c */
+/* bug found by Eric Young (eay@cryptsoft.com) - May 1995 */
+
+#include 
+
+/* There is a bug in
+ * gcc version 2.5.8 (88open OCS/BCS, DG-2.5.8.3, Oct 14 1994)
+ * as shipped with DGUX 5.4R3.10 that can be bypassed by defining
+ * DG_GCC_BUG in my code.
+ * The bug manifests itself by the vaule of a pointer that is
+ * used only by reference, not having it's value change when it is used
+ * to check for exiting the loop.  Probably caused by there being 2
+ * copies of the valiable, one in a register and one being an address
+ * that is passed. */
+
+/* compare the out put from
+ * gcc dggccbug.c; ./a.out
+ * and
+ * gcc -O dggccbug.c; ./a.out
+ * compile with -DFIXBUG to remove the bug when optimising.
+ */
+
+void inc(a)
+int *a;
+	{
+	(*a)++;
+	}
+
+main()
+	{
+	int p=0;
+#ifdef FIXBUG
+	int dummy;
+#endif
+
+	while (p<3)
+		{
+		fprintf(stderr,"%08X\n",p);
+		inc(&p);
+#ifdef FIXBUG
+		dummy+=p;
+#endif
+		}
+	}
diff --git a/crypto/openssl/bugs/sgiccbug.c b/crypto/openssl/bugs/sgiccbug.c
new file mode 100644
index 000000000000..178239d492a2
--- /dev/null
+++ b/crypto/openssl/bugs/sgiccbug.c
@@ -0,0 +1,57 @@
+/* NOCW */
+/* sgibug.c */
+/* bug found by Eric Young (eay@mincom.oz.au) May 95 */
+
+#include 
+
+/* This compiler bug it present on IRIX 5.3, 5.1 and 4.0.5 (these are
+ * the only versions of IRIX I have access to.
+ * defining FIXBUG removes the bug.
+ * (bug is still present in IRIX 6.3 according to
+ * Gage 
+ */
+ 
+/* Compare the output from
+ * cc sgiccbug.c; ./a.out
+ * and
+ * cc -O sgiccbug.c; ./a.out
+ */
+
+static unsigned long a[4]={0x01234567,0x89ABCDEF,0xFEDCBA98,0x76543210};
+static unsigned long b[4]={0x89ABCDEF,0xFEDCBA98,0x76543210,0x01234567};
+static unsigned long c[4]={0x77777778,0x8ACF1357,0x88888888,0x7530ECA9};
+
+main()
+	{
+	unsigned long r[4];
+	sub(r,a,b);
+	fprintf(stderr,"input a= %08X %08X %08X %08X\n",a[3],a[2],a[1],a[0]);
+	fprintf(stderr,"input b= %08X %08X %08X %08X\n",b[3],b[2],b[1],b[0]);
+	fprintf(stderr,"output = %08X %08X %08X %08X\n",r[3],r[2],r[1],r[0]);
+	fprintf(stderr,"correct= %08X %08X %08X %08X\n",c[3],c[2],c[1],c[0]);
+	}
+
+int sub(r,a,b)
+unsigned long *r,*a,*b;
+	{
+	register unsigned long t1,t2,*ap,*bp,*rp;
+	int i,carry;
+#ifdef FIXBUG
+	unsigned long dummy;
+#endif
+
+	ap=a;
+	bp=b;
+	rp=r;
+	carry=0;
+	for (i=0; i<4; i++)
+		{
+		t1= *(ap++);
+		t2= *(bp++);
+		t1=(t1-t2);
+#ifdef FIXBUG
+		dummy=t1;
+#endif
+		*(rp++)=t1&0xffffffff;
+		}
+	}
diff --git a/crypto/openssl/bugs/sslref.dif b/crypto/openssl/bugs/sslref.dif
new file mode 100644
index 000000000000..0aa92bfe6de8
--- /dev/null
+++ b/crypto/openssl/bugs/sslref.dif
@@ -0,0 +1,26 @@
+The February 9th, 1995 version of the SSL document differs from
+https://www.netscape.com in the following ways.
+=====
+The key material for generating a SSL_CK_DES_64_CBC_WITH_MD5 key is
+KEY-MATERIAL-0 = MD5[MASTER-KEY,"0",CHALLENGE,CONNECTION-ID]
+not
+KEY-MATERIAL-0 = MD5[MASTER-KEY,CHALLENGE,CONNECTION-ID]
+as specified in the documentation.
+=====
+From the section 2.6 Server Only Protocol Messages
+
+If the SESSION-ID-HIT flag is non-zero then the CERTIFICATE-TYPE,
+CERTIFICATE-LENGTH and CIPHER-SPECS-LENGTH fields will be zero. 
+
+This is not true for https://www.netscape.com.  The CERTIFICATE-TYPE
+is returned as 1.
+=====
+I have not tested the following but it is reported by holtzman@mit.edu.
+
+SSLref clients wait to recieve a server-verify before they send a
+client-finished.  Besides this not being evident from the examples in
+2.2.1, it makes more sense to always send all packets you can before
+reading.  SSLeay was waiting in the server to recieve a client-finish
+before sending the server-verify :-).  I have changed SSLeay to send a
+server-verify before trying to read the client-finished.
+
diff --git a/crypto/openssl/bugs/stream.c b/crypto/openssl/bugs/stream.c
new file mode 100644
index 000000000000..d2967c837d8e
--- /dev/null
+++ b/crypto/openssl/bugs/stream.c
@@ -0,0 +1,131 @@
+/* bugs/stream.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#ifdef NO_DES
+#include 
+#else
+#include 
+#endif
+
+/* show how stream ciphers are not very good.  The mac has no affect
+ * on RC4 while it does for cfb DES
+ */
+
+main()
+	{
+	fprintf(stderr,"rc4\n");
+	rc4();
+	fprintf(stderr,"cfb des\n");
+	des();
+	}
+
+int des()
+	{
+	des_key_schedule ks;
+	des_cblock iv,key;
+	int num;
+	static char *keystr="01234567";
+	static char *in1="0123456789ABCEDFdata 12345";
+	static char *in2="9876543210abcdefdata 12345";
+	unsigned char out[100];
+	int i;
+
+	des_set_key((des_cblock *)keystr,ks);
+
+	num=0;
+	memset(iv,0,8);
+	des_cfb64_encrypt(in1,out,26,ks,(des_cblock *)iv,&num,1);
+	for (i=0; i<26; i++)
+		fprintf(stderr,"%02X ",out[i]);
+	fprintf(stderr,"\n");
+
+	num=0;
+	memset(iv,0,8);
+	des_cfb64_encrypt(in2,out,26,ks,(des_cblock *)iv,&num,1);
+	for (i=0; i<26; i++)
+		fprintf(stderr,"%02X ",out[i]);
+	fprintf(stderr,"\n");
+	}
+
+int rc4()
+	{
+	static char *keystr="0123456789abcdef";
+	RC4_KEY key;
+	unsigned char in[100],out[100];
+	int i;
+
+	RC4_set_key(&key,16,keystr);
+	in[0]='\0';
+	strcpy(in,"0123456789ABCEDFdata 12345");
+	RC4(key,26,in,out);
+
+	for (i=0; i<26; i++)
+		fprintf(stderr,"%02X ",out[i]);
+	fprintf(stderr,"\n");
+
+	RC4_set_key(&key,16,keystr);
+	in[0]='\0';
+	strcpy(in,"9876543210abcdefdata 12345");
+	RC4(key,26,in,out);
+
+	for (i=0; i<26; i++)
+		fprintf(stderr,"%02X ",out[i]);
+	fprintf(stderr,"\n");
+	}
diff --git a/crypto/openssl/bugs/ultrixcc.c b/crypto/openssl/bugs/ultrixcc.c
new file mode 100644
index 000000000000..7ba75b140f1f
--- /dev/null
+++ b/crypto/openssl/bugs/ultrixcc.c
@@ -0,0 +1,45 @@
+#include 
+
+/* This is a cc optimiser bug for ultrix 4.3, mips CPU.
+ * What happens is that the compiler, due to the (a)&7,
+ * does
+ * i=a&7;
+ * i--;
+ * i*=4;
+ * Then uses i as the offset into a jump table.
+ * The problem is that a value of 0 generates an offset of
+ * 0xfffffffc.
+ */
+
+main()
+	{
+	f(5);
+	f(0);
+	}
+
+int f(a)
+int a;
+	{
+	switch(a&7)
+		{
+	case 7:
+		printf("7\n");
+	case 6:
+		printf("6\n");
+	case 5:
+		printf("5\n");
+	case 4:
+		printf("4\n");
+	case 3:
+		printf("3\n");
+	case 2:
+		printf("2\n");
+	case 1:
+		printf("1\n");
+#ifdef FIX_BUG
+	case 0:
+		;
+#endif
+		}
+	}	
+
diff --git a/crypto/openssl/certs/ICE-CA.pem b/crypto/openssl/certs/ICE-CA.pem
new file mode 100644
index 000000000000..75652366c2a4
--- /dev/null
+++ b/crypto/openssl/certs/ICE-CA.pem
@@ -0,0 +1,59 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: O=European ICE-TEL project, OU=V3-Certification Authority
+        Validity
+            Not Before: Apr  2 17:35:53 1997 GMT
+            Not After : Apr  2 17:35:53 1998 GMT
+        Subject: O=European ICE-TEL project, OU=V3-Certification Authority, L=Darmstadt
+        Subject Public Key Info:
+            Public Key Algorithm: rsa
+            RSA Public Key: (512 bit)
+                Modulus (512 bit):
+                    00:82:75:ba:f6:d1:60:b5:f9:15:b3:6a:dd:29:8f:
+                    8b:a4:6f:1a:88:e0:50:43:40:0b:79:41:d5:d3:16:
+                    44:7d:74:65:17:42:06:52:0b:e9:50:c8:10:cd:24:
+                    e2:ae:8d:22:30:73:e6:b4:b7:93:1f:e5:6e:a2:ae:
+                    49:11:a5:c9:45
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Authority Key Identifier: 
+                0.........z.."p......e..
+            X509v3 Subject Key Identifier: 
+                ..~r..:..B.44fu......3
+            X509v3 Key Usage: critical
+                ....
+            X509v3 Certificate Policies: critical
+                0.0...*...
+            X509v3 Subject Alternative Name: 
+                0!..secude-support@darmstadt.gmd.de
+            X509v3 Issuer Alternative Name: 
+                0I..ice-tel-ca@darmstadt.gmd.de.*http://www.darmstadt.gmd.de/ice-tel/euroca
+            X509v3 Basic Constraints: critical
+                0....
+            X509v3 CRL Distribution Points: 
+                0200...,.*http://www.darmstadt.gmd.de/ice-tel/euroca
+    Signature Algorithm: md5WithRSAEncryption
+        17:a2:88:b7:99:5a:05:41:e4:13:34:67:e6:1f:3e:26:ec:4b:
+        69:f9:3e:28:22:be:9d:1c:ab:41:6f:0c:00:85:fe:45:74:f6:
+        98:f0:ce:9b:65:53:4a:50:42:c7:d4:92:bd:d7:a2:a8:3d:98:
+        88:73:cd:60:28:79:a3:fc:48:7a
+-----BEGIN CERTIFICATE-----
+MIICzDCCAnagAwIBAgIBATANBgkqhkiG9w0BAQQFADBIMSEwHwYDVQQKExhFdXJv
+cGVhbiBJQ0UtVEVMIHByb2plY3QxIzAhBgNVBAsTGlYzLUNlcnRpZmljYXRpb24g
+QXV0aG9yaXR5MB4XDTk3MDQwMjE3MzU1M1oXDTk4MDQwMjE3MzU1M1owXDEhMB8G
+A1UEChMYRXVyb3BlYW4gSUNFLVRFTCBwcm9qZWN0MSMwIQYDVQQLExpWMy1DZXJ0
+aWZpY2F0aW9uIEF1dGhvcml0eTESMBAGA1UEBxMJRGFybXN0YWR0MFkwCgYEVQgB
+AQICAgADSwAwSAJBAIJ1uvbRYLX5FbNq3SmPi6RvGojgUENAC3lB1dMWRH10ZRdC
+BlIL6VDIEM0k4q6NIjBz5rS3kx/lbqKuSRGlyUUCAwEAAaOCATgwggE0MB8GA1Ud
+IwQYMBaAFIr3yNUOx3ro1yJw4AuJ1bbsZbzPMB0GA1UdDgQWBBR+cvL4OoacQog0
+NGZ1w9T80aIRMzAOBgNVHQ8BAf8EBAMCAfYwFAYDVR0gAQH/BAowCDAGBgQqAwQF
+MCoGA1UdEQQjMCGBH3NlY3VkZS1zdXBwb3J0QGRhcm1zdGFkdC5nbWQuZGUwUgYD
+VR0SBEswSYEbaWNlLXRlbC1jYUBkYXJtc3RhZHQuZ21kLmRlhipodHRwOi8vd3d3
+LmRhcm1zdGFkdC5nbWQuZGUvaWNlLXRlbC9ldXJvY2EwDwYDVR0TAQH/BAUwAwEB
+/zA7BgNVHR8ENDAyMDCgLqAshipodHRwOi8vd3d3LmRhcm1zdGFkdC5nbWQuZGUv
+aWNlLXRlbC9ldXJvY2EwDQYJKoZIhvcNAQEEBQADQQAXooi3mVoFQeQTNGfmHz4m
+7Etp+T4oIr6dHKtBbwwAhf5FdPaY8M6bZVNKUELH1JK916KoPZiIc81gKHmj/Eh6
+-----END CERTIFICATE-----
diff --git a/crypto/openssl/certs/ICE-root.pem b/crypto/openssl/certs/ICE-root.pem
new file mode 100644
index 000000000000..fa991599c9fe
--- /dev/null
+++ b/crypto/openssl/certs/ICE-root.pem
@@ -0,0 +1,48 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 0 (0x0)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: O=European ICE-TEL project, OU=V3-Certification Authority
+        Validity
+            Not Before: Apr  2 17:33:36 1997 GMT
+            Not After : Apr  2 17:33:36 1998 GMT
+        Subject: O=European ICE-TEL project, OU=V3-Certification Authority
+        Subject Public Key Info:
+            Public Key Algorithm: rsa
+            RSA Public Key: (512 bit)
+                Modulus (512 bit):
+                    00:80:3e:eb:ae:47:a9:fe:10:54:0b:81:8b:9c:2b:
+                    82:ab:3a:61:36:65:8b:f3:73:9f:ac:ac:7a:15:a7:
+                    13:8f:b4:c4:ba:a3:0f:bc:a5:58:8d:cc:b1:93:31:
+                    9e:81:9e:8c:19:61:86:fa:52:73:54:d1:97:76:22:
+                    e7:c7:9f:41:cd
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                ........z.."p......e..
+            X509v3 Key Usage: critical
+                ....
+            X509v3 Subject Alternative Name: 
+                0I.*http://www.darmstadt.gmd.de/ice-tel/euroca..ice-tel-ca@darmstadt.gmd.de
+            X509v3 Basic Constraints: critical
+                0....
+    Signature Algorithm: md5WithRSAEncryption
+        76:69:61:db:b7:cf:8b:06:9e:d8:8c:96:53:d2:4d:a8:23:a6:
+        03:44:e8:8f:24:a5:c0:84:a8:4b:77:d4:2d:2b:7d:37:91:67:
+        f2:2c:ce:02:31:4c:6b:cc:ce:f2:68:a6:11:11:ab:7d:88:b8:
+        7e:22:9f:25:06:60:bd:79:30:3d
+-----BEGIN CERTIFICATE-----
+MIICFjCCAcCgAwIBAgIBADANBgkqhkiG9w0BAQQFADBIMSEwHwYDVQQKExhFdXJv
+cGVhbiBJQ0UtVEVMIHByb2plY3QxIzAhBgNVBAsTGlYzLUNlcnRpZmljYXRpb24g
+QXV0aG9yaXR5MB4XDTk3MDQwMjE3MzMzNloXDTk4MDQwMjE3MzMzNlowSDEhMB8G
+A1UEChMYRXVyb3BlYW4gSUNFLVRFTCBwcm9qZWN0MSMwIQYDVQQLExpWMy1DZXJ0
+aWZpY2F0aW9uIEF1dGhvcml0eTBZMAoGBFUIAQECAgIAA0sAMEgCQQCAPuuuR6n+
+EFQLgYucK4KrOmE2ZYvzc5+srHoVpxOPtMS6ow+8pViNzLGTMZ6BnowZYYb6UnNU
+0Zd2IufHn0HNAgMBAAGjgZcwgZQwHQYDVR0OBBYEFIr3yNUOx3ro1yJw4AuJ1bbs
+ZbzPMA4GA1UdDwEB/wQEAwIB9jBSBgNVHREESzBJhipodHRwOi8vd3d3LmRhcm1z
+dGFkdC5nbWQuZGUvaWNlLXRlbC9ldXJvY2GBG2ljZS10ZWwtY2FAZGFybXN0YWR0
+LmdtZC5kZTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBAUAA0EAdmlh27fP
+iwae2IyWU9JNqCOmA0TojySlwISoS3fULSt9N5Fn8izOAjFMa8zO8mimERGrfYi4
+fiKfJQZgvXkwPQ==
+-----END CERTIFICATE-----
diff --git a/crypto/openssl/certs/ICE-user.pem b/crypto/openssl/certs/ICE-user.pem
new file mode 100644
index 000000000000..28065fd37d62
--- /dev/null
+++ b/crypto/openssl/certs/ICE-user.pem
@@ -0,0 +1,63 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: O=European ICE-TEL project, OU=V3-Certification Authority, L=Darmstadt
+        Validity
+            Not Before: Apr  2 17:35:59 1997 GMT
+            Not After : Apr  2 17:35:59 1998 GMT
+        Subject: O=European ICE-TEL project, OU=V3-Certification Authority, L=Darmstadt, CN=USER
+        Subject Public Key Info:
+            Public Key Algorithm: rsa
+            RSA Public Key: (512 bit)
+                Modulus (512 bit):
+                    00:a8:a8:53:63:49:1b:93:c3:c3:0b:6c:88:11:55:
+                    de:7e:6a:e2:f9:52:a0:dc:69:25:c4:c8:bf:55:e1:
+                    31:a8:ce:e4:a9:29:85:99:8a:15:9a:de:f6:2f:e1:
+                    b4:50:5f:5e:04:75:a6:f4:76:dc:3c:0e:39:dc:3a:
+                    be:3e:a4:61:8b
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Authority Key Identifier: 
+                0...~r..:..B.44fu......3
+            X509v3 Subject Key Identifier: 
+                ...... .*...1.*.......
+            X509v3 Key Usage: critical
+                ....
+            X509v3 Certificate Policies: critical
+                0.0...*...0.......
+            X509v3 Subject Alternative Name: 
+                0:..user@darmstadt.gmd.de.!http://www.darmstadt.gmd.de/~user
+            X509v3 Issuer Alternative Name: 
+                0....gmdca@gmd.de..http://www.gmd.de..saturn.darmstadt.gmd.de.\1!0...U.
+..European ICE-TEL project1#0!..U....V3-Certification Authority1.0...U....Darmstadt..141.12.62.26
+            X509v3 Basic Constraints: critical
+                0.
+            X509v3 CRL Distribution Points: 
+                0.0.......gmdca@gmd.de
+    Signature Algorithm: md5WithRSAEncryption
+        69:0c:e1:b7:a7:f2:d8:fb:e8:69:c0:13:cd:37:ad:21:06:22:
+        4d:e8:c6:db:f1:04:0b:b7:e0:b3:d6:0c:81:03:ce:c3:6a:3e:
+        c7:e7:24:24:a4:92:64:c2:83:83:06:42:53:0e:6f:09:1e:84:
+        9a:f7:6f:63:9b:94:99:83:d6:a4
+-----BEGIN CERTIFICATE-----
+MIIDTzCCAvmgAwIBAgIBATANBgkqhkiG9w0BAQQFADBcMSEwHwYDVQQKExhFdXJv
+cGVhbiBJQ0UtVEVMIHByb2plY3QxIzAhBgNVBAsTGlYzLUNlcnRpZmljYXRpb24g
+QXV0aG9yaXR5MRIwEAYDVQQHEwlEYXJtc3RhZHQwHhcNOTcwNDAyMTczNTU5WhcN
+OTgwNDAyMTczNTU5WjBrMSEwHwYDVQQKExhFdXJvcGVhbiBJQ0UtVEVMIHByb2pl
+Y3QxIzAhBgNVBAsTGlYzLUNlcnRpZmljYXRpb24gQXV0aG9yaXR5MRIwEAYDVQQH
+EwlEYXJtc3RhZHQxDTALBgNVBAMTBFVTRVIwWTAKBgRVCAEBAgICAANLADBIAkEA
+qKhTY0kbk8PDC2yIEVXefmri+VKg3GklxMi/VeExqM7kqSmFmYoVmt72L+G0UF9e
+BHWm9HbcPA453Dq+PqRhiwIDAQABo4IBmDCCAZQwHwYDVR0jBBgwFoAUfnLy+DqG
+nEKINDRmdcPU/NGiETMwHQYDVR0OBBYEFJfc4B8gjSoRmLUx4Sq/ucIYiMrPMA4G
+A1UdDwEB/wQEAwIB8DAcBgNVHSABAf8EEjAQMAYGBCoDBAUwBgYECQgHBjBDBgNV
+HREEPDA6gRV1c2VyQGRhcm1zdGFkdC5nbWQuZGWGIWh0dHA6Ly93d3cuZGFybXN0
+YWR0LmdtZC5kZS9+dXNlcjCBsQYDVR0SBIGpMIGmgQxnbWRjYUBnbWQuZGWGEWh0
+dHA6Ly93d3cuZ21kLmRlghdzYXR1cm4uZGFybXN0YWR0LmdtZC5kZaRcMSEwHwYD
+VQQKExhFdXJvcGVhbiBJQ0UtVEVMIHByb2plY3QxIzAhBgNVBAsTGlYzLUNlcnRp
+ZmljYXRpb24gQXV0aG9yaXR5MRIwEAYDVQQHEwlEYXJtc3RhZHSHDDE0MS4xMi42
+Mi4yNjAMBgNVHRMBAf8EAjAAMB0GA1UdHwQWMBQwEqAQoA6BDGdtZGNhQGdtZC5k
+ZTANBgkqhkiG9w0BAQQFAANBAGkM4ben8tj76GnAE803rSEGIk3oxtvxBAu34LPW
+DIEDzsNqPsfnJCSkkmTCg4MGQlMObwkehJr3b2OblJmD1qQ=
+-----END CERTIFICATE-----
diff --git a/crypto/openssl/certs/ICE.crl b/crypto/openssl/certs/ICE.crl
new file mode 100644
index 000000000000..21939e8cc4a4
--- /dev/null
+++ b/crypto/openssl/certs/ICE.crl
@@ -0,0 +1,9 @@
+-----BEGIN X509 CRL-----
+MIIBNDCBnjANBgkqhkiG9w0BAQIFADBFMSEwHwYDVQQKExhFdXJvcGVhbiBJQ0Ut
+VEVMIFByb2plY3QxIDAeBgNVBAsTF0NlcnRpZmljYXRpb24gQXV0aG9yaXR5Fw05
+NzA2MDkxNDQyNDNaFw05NzA3MDkxNDQyNDNaMCgwEgIBChcNOTcwMzAzMTQ0MjU0
+WjASAgEJFw05NjEwMDIxMjI5MjdaMA0GCSqGSIb3DQEBAgUAA4GBAH4vgWo2Tej/
+i7kbiw4Imd30If91iosjClNpBFwvwUDBclPEeMuYimHbLOk4H8Nofc0fw11+U/IO
+KSNouUDcqG7B64oY7c4SXKn+i1MWOb5OJiWeodX3TehHjBlyWzoNMWCnYA8XqFP1
+mOKp8Jla1BibEZf14+/HqCi2hnZUiEXh
+-----END X509 CRL-----
diff --git a/crypto/openssl/certs/ca-cert.pem b/crypto/openssl/certs/ca-cert.pem
new file mode 100644
index 000000000000..6dd974d70da9
--- /dev/null
+++ b/crypto/openssl/certs/ca-cert.pem
@@ -0,0 +1,31 @@
+issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
+subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
+-----BEGIN CERTIFICATE-----
+MIICJjCCAY8CAQAwDQYJKoZIhvcNAQEEBQAwXDELMAkGA1UEBhMCQVUxEzARBgNV
+BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYD
+VQQDExNUZXN0IFBDQSAoMTAyNCBiaXQpMB4XDTk3MDYwOTEzNTc0M1oXDTAxMDYw
+OTEzNTc0M1owWzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxGjAY
+BgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYDVQQDExJUZXN0IENBICgxMDI0
+IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKO7o8t116VP6cgybTsZ
+DCZhr95nYlZuya3aCi1IKoztqwWnjbmDFIriOqGFPrZQ+moMETC9D59iRW/dFXSv
+1F65ka/XY2hLh9exCCo7XuUcDs53Qp3bI3AmMqHjgzE8oO3ajyJAzJkTTOUecQU2
+mw/gI4tMM0LqWMQS7luTy4+xAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAM7achv3v
+hLQJcv/65eGEpBXM40ZDVoFQFFJWaY5p883HTqLB1x4FdzsXHH0QKBTcKpWwqyu4
+YDm3fb8oDugw72bCzfyZK/zVZPR/hVlqI/fvU109Qoc+7oPvIXWky71HfcK6ZBCA
+q30KIqGM/uoM60INq97qjDmCJapagcNBGQs=
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQCju6PLddelT+nIMm07GQwmYa/eZ2JWbsmt2gotSCqM7asFp425
+gxSK4jqhhT62UPpqDBEwvQ+fYkVv3RV0r9ReuZGv12NoS4fXsQgqO17lHA7Od0Kd
+2yNwJjKh44MxPKDt2o8iQMyZE0zlHnEFNpsP4COLTDNC6ljEEu5bk8uPsQIDAQAB
+AoGAVZmpFZsDZfr0l2S9tLLwpjRWNOlKATQkno6q2WesT0eGLQufTciY+c8ypfU6
+hyio8r5iUl/VhhdjhAtKx1mRpiotftHo/eYf8rtsrnprOnWG0bWjLjtIoMbcxGn2
+J3bN6LJmbJMjDs0eJ3KnTu646F3nDUw2oGAwmpzKXA1KAP0CQQDRvQhxk2D3Pehs
+HvG665u2pB5ipYQngEFlZO7RHJZzJOZEWSLuuMqaF/7pTfA5jiBvWqCgJeCRRInL
+21ru4dlPAkEAx9jj7BgKn5TYnMoBSSe0afjsV9oApVpN1Nacb1YDtCwy+scp3++s
+nFxlv98wxIlSdpwMUn+AUWfjiWR7Tu/G/wJBAJ/KjwZIrFVxewP0x2ILYsTRYLzz
+MS4PDsO7FB+I0i7DbBOifXS2oNSpd3I0CNMwrxFnUHzynpbOStVfN3ZL5w0CQQCa
+pwFahxBRhkJKsxhjoFJBX9yl75JoY4Wvm5Tbo9ih6UJaRx3kqfkN14L2BKYcsZgb
+KY9vmDOYy6iNfjDeWTfJAkBkfPUb8oTJ/nSP5zN6sqGxSY4krc4xLxpRmxoJ8HL2
+XfhqXkTzbU13RX9JJ/NZ8vQN9Vm2NhxRGJocQkmcdVtJ
+-----END RSA PRIVATE KEY-----
diff --git a/crypto/openssl/certs/dsa-ca.pem b/crypto/openssl/certs/dsa-ca.pem
new file mode 100644
index 000000000000..9eb08f3ddd45
--- /dev/null
+++ b/crypto/openssl/certs/dsa-ca.pem
@@ -0,0 +1,43 @@
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,C5B6C7CC9E1FE2C0
+
+svCXBcBRhMuU22UXOfiKZA+thmz6KYXpt1Yg5Rd+TYQcQ1MdvNy0B0tkP1SxzDq0
+Xh1eMeTML9/9/0rKakgNXXXbpi5RB8t6BmwRSyej89F7nn1mtR3qzoyPRpp15SDl
+Tn67C+2v+HDF3MFk88hiNCYkNbcmi7TWvChsl8N1r7wdZwtIox56yXdgxw6ZIpa/
+par0oUCzN7fiavPgCWz1kfPNSaBQSdxwH7TZi5tMHAr0J3C7a7QRnZfE09R59Uqr
+zslrq+ndIw1BZAxoY0SlBu+iFOVaBVlwToC4AsHkv7j7l8ITtr7f42YbBa44D9TO
+uOhONmkk/v3Fso4RaOEzdKZC+hnmmzvHs6TiTWm6yzJgSFwyOUK0eGmKEeVxpcH5
+rUOlHOwzen+FFtocZDZAfdFnb7QY7L/boQvyA5A+ZbRG4DUpmBQeQsSaICHM5Rxx
+1QaLF413VNPXTLPbW0ilSc2H8x2iZTIVKfd33oSO6NhXPtSYQgfecEF4BvNHY5c4
+HovjT4mckbK95bcBzoCHu43vuSQkmZzdYo/ydSZt6zoPavbBLueTpgSbdXiDi827
+MVqOsYxGCb+kez0FoDSTgw==
+-----END DSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE REQUEST-----
+MIICUjCCAhECAQAwUjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx
+ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDELMAkGA1UEAxMCQ0Ew
+ggG0MIIBKQYFKw4DAgwwggEeAoGBAKc/boW/QWopffCfRxkwkJoJHdpqMx7FPYaW
+sxXgUy6P4FmCc5A+dTGZR3pS+4Xk2aZ7OJtoioSbh8YetX6GS1NbWc9xZRmIbs5m
+rmuINvvsKNzC16W75Sw5JkvamnAYlTeVEFYj9hXtugRe3jlP/bdDH7WkZW/NgBHk
+cJVbUM1JAhUA9wcx7fpsBgPVhYocrJxl51BmZW8CgYBN30wDppGK9RlvUEYlmeVo
+bzDjaeHls12YuyiGSPzemQQ/X4gMnHMkDSBduSqaPxiWJ+Rih8F7dGJT/GEnqHqR
+CZ228U2cVA9YBu5JdAfOVX4jzhb2ytxaYQF+yXG1TfbcNCmHaPZeIJOz2/XkCWxB
+F5WS6wG1c6Vqftgy7Q4CuAOBhAACgYAapll6iqz9XrZFlk2GCVcB+KihxWnH7IuH
+vSLw9YUrJahcBHmbpvt494lF4gC5w3WPM+vXJofbusk4GoQEEsQNMDaah4m49uUq
+AylOVFJJJXuirVJ+o+0TtOFDITEAl+YZZariXOD7tdOSOl9RLMPC6+daHKS9e68u
+3enxhqnDGaAAMAkGBSsOAwIbBQADMAAwLQIVAJGVuFsG/0DBuSZ0jF7ypdU0/G0v
+AhQfeF5BoMMDbX/kidUVpQ6gadPlZA==
+-----END CERTIFICATE REQUEST-----
+-----BEGIN CERTIFICATE-----
+MIIBrjCCAWwCAQswCQYFKw4DAhsFADBTMQswCQYDVQQGEwJBVTETMBEGA1UECBMK
+U29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQww
+CgYDVQQDEwNQQ0EwHhcNOTcwNjE1MDIxNDI5WhcNOTcwNzE1MDIxNDI5WjBSMQsw
+CQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJu
+ZXQgV2lkZ2l0cyBQdHkgTHRkMQswCQYDVQQDEwJDQTCBkjAJBgUrDgMCDAUAA4GE
+AAKBgBqmWXqKrP1etkWWTYYJVwH4qKHFacfsi4e9IvD1hSslqFwEeZum+3j3iUXi
+ALnDdY8z69cmh9u6yTgahAQSxA0wNpqHibj25SoDKU5UUkkle6KtUn6j7RO04UMh
+MQCX5hllquJc4Pu105I6X1Esw8Lr51ocpL17ry7d6fGGqcMZMAkGBSsOAwIbBQAD
+MQAwLgIVAJ4wtQsANPxHo7Q4IQZYsL12SKdbAhUAjJ9n38zxT+iai2164xS+LIfa
+C1Q=
+-----END CERTIFICATE-----
+
diff --git a/crypto/openssl/certs/dsa-pca.pem b/crypto/openssl/certs/dsa-pca.pem
new file mode 100644
index 000000000000..e3641ad47e6b
--- /dev/null
+++ b/crypto/openssl/certs/dsa-pca.pem
@@ -0,0 +1,49 @@
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,F80EEEBEEA7386C4
+
+GZ9zgFcHOlnhPoiSbVi/yXc9mGoj44A6IveD4UlpSEUt6Xbse3Fr0KHIUyQ3oGnS
+mClKoAp/eOTb5Frhto85SzdsxYtac+X1v5XwdzAMy2KowHVk1N8A5jmE2OlkNPNt
+of132MNlo2cyIRYaa35PPYBGNCmUm7YcYS8O90YtkrQZZTf4+2C4kllhMcdkQwkr
+FWSWC8YOQ7w0LHb4cX1FejHHom9Nd/0PN3vn3UyySvfOqoR7nbXkrpHXmPIr0hxX
+RcF0aXcV/CzZ1/nfXWQf4o3+oD0T22SDoVcZY60IzI0oIc3pNCbDV3uKNmgekrFd
+qOUJ+QW8oWp7oefRx62iBfIeC8DZunohMXaWAQCU0sLQOR4yEdeUCnzCSywe0bG1
+diD0KYaEe+Yub1BQH4aLsBgDjardgpJRTQLq0DUvw0/QGO1irKTJzegEDNVBKrVn
+V4AHOKT1CUKqvGNRP1UnccUDTF6miOAtaj/qpzra7sSk7dkGBvIEeFoAg84kfh9h
+hVvF1YyzC9bwZepruoqoUwke/WdNIR5ymOVZ/4Liw0JdIOcq+atbdRX08niqIRkf
+dsZrUj4leo3zdefYUQ7w4N2Ns37yDFq7
+-----END DSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE REQUEST-----
+MIICVTCCAhMCAQAwUzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx
+ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEMMAoGA1UEAxMDUENB
+MIIBtTCCASkGBSsOAwIMMIIBHgKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2G
+lrMV4FMuj+BZgnOQPnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7O
+Zq5riDb77Cjcwtelu+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR
+5HCVW1DNSQIVAPcHMe36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnl
+aG8w42nh5bNdmLsohkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6
+kQmdtvFNnFQPWAbuSXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15Als
+QReVkusBtXOlan7YMu0OArgDgYUAAoGBAKbtuR5AdW+ICjCFe2ixjUiJJzM2IKwe
+6NZEMXg39+HQ1UTPTmfLZLps+rZfolHDXuRKMXbGFdSF0nXYzotPCzi7GauwEJTZ
+yr27ZZjA1C6apGSQ9GzuwNvZ4rCXystVEagAS8OQ4H3D4dWS17Zg31ICb5o4E5r0
+z09o/Uz46u0VoAAwCQYFKw4DAhsFAAMxADAuAhUArRubTxsbIXy3AhtjQ943AbNB
+nSICFQCu+g1iW3jwF+gOcbroD4S/ZcvB3w==
+-----END CERTIFICATE REQUEST-----
+-----BEGIN CERTIFICATE-----
+MIIC0zCCApECAQAwCQYFKw4DAhsFADBTMQswCQYDVQQGEwJBVTETMBEGA1UECBMK
+U29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQww
+CgYDVQQDEwNQQ0EwHhcNOTcwNjE0MjI1NDQ1WhcNOTcwNzE0MjI1NDQ1WjBTMQsw
+CQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJu
+ZXQgV2lkZ2l0cyBQdHkgTHRkMQwwCgYDVQQDEwNQQ0EwggG1MIIBKQYFKw4DAgww
+ggEeAoGBAKc/boW/QWopffCfRxkwkJoJHdpqMx7FPYaWsxXgUy6P4FmCc5A+dTGZ
+R3pS+4Xk2aZ7OJtoioSbh8YetX6GS1NbWc9xZRmIbs5mrmuINvvsKNzC16W75Sw5
+JkvamnAYlTeVEFYj9hXtugRe3jlP/bdDH7WkZW/NgBHkcJVbUM1JAhUA9wcx7fps
+BgPVhYocrJxl51BmZW8CgYBN30wDppGK9RlvUEYlmeVobzDjaeHls12YuyiGSPze
+mQQ/X4gMnHMkDSBduSqaPxiWJ+Rih8F7dGJT/GEnqHqRCZ228U2cVA9YBu5JdAfO
+VX4jzhb2ytxaYQF+yXG1TfbcNCmHaPZeIJOz2/XkCWxBF5WS6wG1c6Vqftgy7Q4C
+uAOBhQACgYEApu25HkB1b4gKMIV7aLGNSIknMzYgrB7o1kQxeDf34dDVRM9OZ8tk
+umz6tl+iUcNe5EoxdsYV1IXSddjOi08LOLsZq7AQlNnKvbtlmMDULpqkZJD0bO7A
+29nisJfKy1URqABLw5DgfcPh1ZLXtmDfUgJvmjgTmvTPT2j9TPjq7RUwCQYFKw4D
+AhsFAAMxADAuAhUAvtv6AkMolix1Jvy3UnVEIUqdCUICFQC+jq8P49mwrY9oJ24n
+5rKUjNBhSg==
+-----END CERTIFICATE-----
+
diff --git a/crypto/openssl/certs/expired/ICE-CA.pem b/crypto/openssl/certs/expired/ICE-CA.pem
new file mode 100644
index 000000000000..75652366c2a4
--- /dev/null
+++ b/crypto/openssl/certs/expired/ICE-CA.pem
@@ -0,0 +1,59 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: O=European ICE-TEL project, OU=V3-Certification Authority
+        Validity
+            Not Before: Apr  2 17:35:53 1997 GMT
+            Not After : Apr  2 17:35:53 1998 GMT
+        Subject: O=European ICE-TEL project, OU=V3-Certification Authority, L=Darmstadt
+        Subject Public Key Info:
+            Public Key Algorithm: rsa
+            RSA Public Key: (512 bit)
+                Modulus (512 bit):
+                    00:82:75:ba:f6:d1:60:b5:f9:15:b3:6a:dd:29:8f:
+                    8b:a4:6f:1a:88:e0:50:43:40:0b:79:41:d5:d3:16:
+                    44:7d:74:65:17:42:06:52:0b:e9:50:c8:10:cd:24:
+                    e2:ae:8d:22:30:73:e6:b4:b7:93:1f:e5:6e:a2:ae:
+                    49:11:a5:c9:45
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Authority Key Identifier: 
+                0.........z.."p......e..
+            X509v3 Subject Key Identifier: 
+                ..~r..:..B.44fu......3
+            X509v3 Key Usage: critical
+                ....
+            X509v3 Certificate Policies: critical
+                0.0...*...
+            X509v3 Subject Alternative Name: 
+                0!..secude-support@darmstadt.gmd.de
+            X509v3 Issuer Alternative Name: 
+                0I..ice-tel-ca@darmstadt.gmd.de.*http://www.darmstadt.gmd.de/ice-tel/euroca
+            X509v3 Basic Constraints: critical
+                0....
+            X509v3 CRL Distribution Points: 
+                0200...,.*http://www.darmstadt.gmd.de/ice-tel/euroca
+    Signature Algorithm: md5WithRSAEncryption
+        17:a2:88:b7:99:5a:05:41:e4:13:34:67:e6:1f:3e:26:ec:4b:
+        69:f9:3e:28:22:be:9d:1c:ab:41:6f:0c:00:85:fe:45:74:f6:
+        98:f0:ce:9b:65:53:4a:50:42:c7:d4:92:bd:d7:a2:a8:3d:98:
+        88:73:cd:60:28:79:a3:fc:48:7a
+-----BEGIN CERTIFICATE-----
+MIICzDCCAnagAwIBAgIBATANBgkqhkiG9w0BAQQFADBIMSEwHwYDVQQKExhFdXJv
+cGVhbiBJQ0UtVEVMIHByb2plY3QxIzAhBgNVBAsTGlYzLUNlcnRpZmljYXRpb24g
+QXV0aG9yaXR5MB4XDTk3MDQwMjE3MzU1M1oXDTk4MDQwMjE3MzU1M1owXDEhMB8G
+A1UEChMYRXVyb3BlYW4gSUNFLVRFTCBwcm9qZWN0MSMwIQYDVQQLExpWMy1DZXJ0
+aWZpY2F0aW9uIEF1dGhvcml0eTESMBAGA1UEBxMJRGFybXN0YWR0MFkwCgYEVQgB
+AQICAgADSwAwSAJBAIJ1uvbRYLX5FbNq3SmPi6RvGojgUENAC3lB1dMWRH10ZRdC
+BlIL6VDIEM0k4q6NIjBz5rS3kx/lbqKuSRGlyUUCAwEAAaOCATgwggE0MB8GA1Ud
+IwQYMBaAFIr3yNUOx3ro1yJw4AuJ1bbsZbzPMB0GA1UdDgQWBBR+cvL4OoacQog0
+NGZ1w9T80aIRMzAOBgNVHQ8BAf8EBAMCAfYwFAYDVR0gAQH/BAowCDAGBgQqAwQF
+MCoGA1UdEQQjMCGBH3NlY3VkZS1zdXBwb3J0QGRhcm1zdGFkdC5nbWQuZGUwUgYD
+VR0SBEswSYEbaWNlLXRlbC1jYUBkYXJtc3RhZHQuZ21kLmRlhipodHRwOi8vd3d3
+LmRhcm1zdGFkdC5nbWQuZGUvaWNlLXRlbC9ldXJvY2EwDwYDVR0TAQH/BAUwAwEB
+/zA7BgNVHR8ENDAyMDCgLqAshipodHRwOi8vd3d3LmRhcm1zdGFkdC5nbWQuZGUv
+aWNlLXRlbC9ldXJvY2EwDQYJKoZIhvcNAQEEBQADQQAXooi3mVoFQeQTNGfmHz4m
+7Etp+T4oIr6dHKtBbwwAhf5FdPaY8M6bZVNKUELH1JK916KoPZiIc81gKHmj/Eh6
+-----END CERTIFICATE-----
diff --git a/crypto/openssl/certs/expired/ICE-root.pem b/crypto/openssl/certs/expired/ICE-root.pem
new file mode 100644
index 000000000000..fa991599c9fe
--- /dev/null
+++ b/crypto/openssl/certs/expired/ICE-root.pem
@@ -0,0 +1,48 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 0 (0x0)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: O=European ICE-TEL project, OU=V3-Certification Authority
+        Validity
+            Not Before: Apr  2 17:33:36 1997 GMT
+            Not After : Apr  2 17:33:36 1998 GMT
+        Subject: O=European ICE-TEL project, OU=V3-Certification Authority
+        Subject Public Key Info:
+            Public Key Algorithm: rsa
+            RSA Public Key: (512 bit)
+                Modulus (512 bit):
+                    00:80:3e:eb:ae:47:a9:fe:10:54:0b:81:8b:9c:2b:
+                    82:ab:3a:61:36:65:8b:f3:73:9f:ac:ac:7a:15:a7:
+                    13:8f:b4:c4:ba:a3:0f:bc:a5:58:8d:cc:b1:93:31:
+                    9e:81:9e:8c:19:61:86:fa:52:73:54:d1:97:76:22:
+                    e7:c7:9f:41:cd
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                ........z.."p......e..
+            X509v3 Key Usage: critical
+                ....
+            X509v3 Subject Alternative Name: 
+                0I.*http://www.darmstadt.gmd.de/ice-tel/euroca..ice-tel-ca@darmstadt.gmd.de
+            X509v3 Basic Constraints: critical
+                0....
+    Signature Algorithm: md5WithRSAEncryption
+        76:69:61:db:b7:cf:8b:06:9e:d8:8c:96:53:d2:4d:a8:23:a6:
+        03:44:e8:8f:24:a5:c0:84:a8:4b:77:d4:2d:2b:7d:37:91:67:
+        f2:2c:ce:02:31:4c:6b:cc:ce:f2:68:a6:11:11:ab:7d:88:b8:
+        7e:22:9f:25:06:60:bd:79:30:3d
+-----BEGIN CERTIFICATE-----
+MIICFjCCAcCgAwIBAgIBADANBgkqhkiG9w0BAQQFADBIMSEwHwYDVQQKExhFdXJv
+cGVhbiBJQ0UtVEVMIHByb2plY3QxIzAhBgNVBAsTGlYzLUNlcnRpZmljYXRpb24g
+QXV0aG9yaXR5MB4XDTk3MDQwMjE3MzMzNloXDTk4MDQwMjE3MzMzNlowSDEhMB8G
+A1UEChMYRXVyb3BlYW4gSUNFLVRFTCBwcm9qZWN0MSMwIQYDVQQLExpWMy1DZXJ0
+aWZpY2F0aW9uIEF1dGhvcml0eTBZMAoGBFUIAQECAgIAA0sAMEgCQQCAPuuuR6n+
+EFQLgYucK4KrOmE2ZYvzc5+srHoVpxOPtMS6ow+8pViNzLGTMZ6BnowZYYb6UnNU
+0Zd2IufHn0HNAgMBAAGjgZcwgZQwHQYDVR0OBBYEFIr3yNUOx3ro1yJw4AuJ1bbs
+ZbzPMA4GA1UdDwEB/wQEAwIB9jBSBgNVHREESzBJhipodHRwOi8vd3d3LmRhcm1z
+dGFkdC5nbWQuZGUvaWNlLXRlbC9ldXJvY2GBG2ljZS10ZWwtY2FAZGFybXN0YWR0
+LmdtZC5kZTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBAUAA0EAdmlh27fP
+iwae2IyWU9JNqCOmA0TojySlwISoS3fULSt9N5Fn8izOAjFMa8zO8mimERGrfYi4
+fiKfJQZgvXkwPQ==
+-----END CERTIFICATE-----
diff --git a/crypto/openssl/certs/expired/ICE-user.pem b/crypto/openssl/certs/expired/ICE-user.pem
new file mode 100644
index 000000000000..28065fd37d62
--- /dev/null
+++ b/crypto/openssl/certs/expired/ICE-user.pem
@@ -0,0 +1,63 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: O=European ICE-TEL project, OU=V3-Certification Authority, L=Darmstadt
+        Validity
+            Not Before: Apr  2 17:35:59 1997 GMT
+            Not After : Apr  2 17:35:59 1998 GMT
+        Subject: O=European ICE-TEL project, OU=V3-Certification Authority, L=Darmstadt, CN=USER
+        Subject Public Key Info:
+            Public Key Algorithm: rsa
+            RSA Public Key: (512 bit)
+                Modulus (512 bit):
+                    00:a8:a8:53:63:49:1b:93:c3:c3:0b:6c:88:11:55:
+                    de:7e:6a:e2:f9:52:a0:dc:69:25:c4:c8:bf:55:e1:
+                    31:a8:ce:e4:a9:29:85:99:8a:15:9a:de:f6:2f:e1:
+                    b4:50:5f:5e:04:75:a6:f4:76:dc:3c:0e:39:dc:3a:
+                    be:3e:a4:61:8b
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Authority Key Identifier: 
+                0...~r..:..B.44fu......3
+            X509v3 Subject Key Identifier: 
+                ...... .*...1.*.......
+            X509v3 Key Usage: critical
+                ....
+            X509v3 Certificate Policies: critical
+                0.0...*...0.......
+            X509v3 Subject Alternative Name: 
+                0:..user@darmstadt.gmd.de.!http://www.darmstadt.gmd.de/~user
+            X509v3 Issuer Alternative Name: 
+                0....gmdca@gmd.de..http://www.gmd.de..saturn.darmstadt.gmd.de.\1!0...U.
+..European ICE-TEL project1#0!..U....V3-Certification Authority1.0...U....Darmstadt..141.12.62.26
+            X509v3 Basic Constraints: critical
+                0.
+            X509v3 CRL Distribution Points: 
+                0.0.......gmdca@gmd.de
+    Signature Algorithm: md5WithRSAEncryption
+        69:0c:e1:b7:a7:f2:d8:fb:e8:69:c0:13:cd:37:ad:21:06:22:
+        4d:e8:c6:db:f1:04:0b:b7:e0:b3:d6:0c:81:03:ce:c3:6a:3e:
+        c7:e7:24:24:a4:92:64:c2:83:83:06:42:53:0e:6f:09:1e:84:
+        9a:f7:6f:63:9b:94:99:83:d6:a4
+-----BEGIN CERTIFICATE-----
+MIIDTzCCAvmgAwIBAgIBATANBgkqhkiG9w0BAQQFADBcMSEwHwYDVQQKExhFdXJv
+cGVhbiBJQ0UtVEVMIHByb2plY3QxIzAhBgNVBAsTGlYzLUNlcnRpZmljYXRpb24g
+QXV0aG9yaXR5MRIwEAYDVQQHEwlEYXJtc3RhZHQwHhcNOTcwNDAyMTczNTU5WhcN
+OTgwNDAyMTczNTU5WjBrMSEwHwYDVQQKExhFdXJvcGVhbiBJQ0UtVEVMIHByb2pl
+Y3QxIzAhBgNVBAsTGlYzLUNlcnRpZmljYXRpb24gQXV0aG9yaXR5MRIwEAYDVQQH
+EwlEYXJtc3RhZHQxDTALBgNVBAMTBFVTRVIwWTAKBgRVCAEBAgICAANLADBIAkEA
+qKhTY0kbk8PDC2yIEVXefmri+VKg3GklxMi/VeExqM7kqSmFmYoVmt72L+G0UF9e
+BHWm9HbcPA453Dq+PqRhiwIDAQABo4IBmDCCAZQwHwYDVR0jBBgwFoAUfnLy+DqG
+nEKINDRmdcPU/NGiETMwHQYDVR0OBBYEFJfc4B8gjSoRmLUx4Sq/ucIYiMrPMA4G
+A1UdDwEB/wQEAwIB8DAcBgNVHSABAf8EEjAQMAYGBCoDBAUwBgYECQgHBjBDBgNV
+HREEPDA6gRV1c2VyQGRhcm1zdGFkdC5nbWQuZGWGIWh0dHA6Ly93d3cuZGFybXN0
+YWR0LmdtZC5kZS9+dXNlcjCBsQYDVR0SBIGpMIGmgQxnbWRjYUBnbWQuZGWGEWh0
+dHA6Ly93d3cuZ21kLmRlghdzYXR1cm4uZGFybXN0YWR0LmdtZC5kZaRcMSEwHwYD
+VQQKExhFdXJvcGVhbiBJQ0UtVEVMIHByb2plY3QxIzAhBgNVBAsTGlYzLUNlcnRp
+ZmljYXRpb24gQXV0aG9yaXR5MRIwEAYDVQQHEwlEYXJtc3RhZHSHDDE0MS4xMi42
+Mi4yNjAMBgNVHRMBAf8EAjAAMB0GA1UdHwQWMBQwEqAQoA6BDGdtZGNhQGdtZC5k
+ZTANBgkqhkiG9w0BAQQFAANBAGkM4ben8tj76GnAE803rSEGIk3oxtvxBAu34LPW
+DIEDzsNqPsfnJCSkkmTCg4MGQlMObwkehJr3b2OblJmD1qQ=
+-----END CERTIFICATE-----
diff --git a/crypto/openssl/certs/expired/ICE.crl b/crypto/openssl/certs/expired/ICE.crl
new file mode 100644
index 000000000000..21939e8cc4a4
--- /dev/null
+++ b/crypto/openssl/certs/expired/ICE.crl
@@ -0,0 +1,9 @@
+-----BEGIN X509 CRL-----
+MIIBNDCBnjANBgkqhkiG9w0BAQIFADBFMSEwHwYDVQQKExhFdXJvcGVhbiBJQ0Ut
+VEVMIFByb2plY3QxIDAeBgNVBAsTF0NlcnRpZmljYXRpb24gQXV0aG9yaXR5Fw05
+NzA2MDkxNDQyNDNaFw05NzA3MDkxNDQyNDNaMCgwEgIBChcNOTcwMzAzMTQ0MjU0
+WjASAgEJFw05NjEwMDIxMjI5MjdaMA0GCSqGSIb3DQEBAgUAA4GBAH4vgWo2Tej/
+i7kbiw4Imd30If91iosjClNpBFwvwUDBclPEeMuYimHbLOk4H8Nofc0fw11+U/IO
+KSNouUDcqG7B64oY7c4SXKn+i1MWOb5OJiWeodX3TehHjBlyWzoNMWCnYA8XqFP1
+mOKp8Jla1BibEZf14+/HqCi2hnZUiEXh
+-----END X509 CRL-----
diff --git a/crypto/openssl/certs/factory.pem b/crypto/openssl/certs/factory.pem
new file mode 100644
index 000000000000..8e28b391b2f3
--- /dev/null
+++ b/crypto/openssl/certs/factory.pem
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICTTCCAbagAwIBAgIBADANBgkqhkiG9w0BAQQFADBMMQswCQYDVQQGEwJHQjEM
+MAoGA1UEChMDVUNMMRgwFgYDVQQLEw9JQ0UtVEVMIFByb2plY3QxFTATBgNVBAMT
+DFRydXN0RmFjdG9yeTAeFw05NzA0MjIxNDM5MTRaFw05ODA0MjIxNDM5MTRaMEwx
+CzAJBgNVBAYTAkdCMQwwCgYDVQQKEwNVQ0wxGDAWBgNVBAsTD0lDRS1URUwgUHJv
+amVjdDEVMBMGA1UEAxMMVHJ1c3RGYWN0b3J5MIGcMAoGBFUIAQECAgQAA4GNADCB
+iQKBgQCEieR8NcXkUW1f0G6aC6u0i8q/98JqS6RxK5YmHIGKCkuTWAUjzLfUa4dt
+U9igGCjTuxaDqlzEim+t/02pmiBZT9HaX++35MjQPUWmsChcYU5WyzGErXi+rQaw
+zlwS73zM8qiPj/97lXYycWhgL0VaiDSPxRXEUdWoaGruom4mNQIDAQABo0IwQDAd
+BgNVHQ4EFgQUHal1LZr7oVg5z6lYzrhTgZRCmcUwDgYDVR0PAQH/BAQDAgH2MA8G
+A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAfaggfl6FZoioecjv0dq8
+/DXo/u11iMZvXn08gjX/zl2b4wtPbShOSY5FhkSm8GeySasz+/Nwb/uzfnIhokWi
+lfPZHtlCWtXbIy/TN51eJyq04ceDCQDWvLC2enVg9KB+GJ34b5c5VaPRzq8MBxsA
+S7ELuYGtmYgYm9NZOIr7yU0=
+-----END CERTIFICATE-----
diff --git a/crypto/openssl/certs/nortelCA.pem b/crypto/openssl/certs/nortelCA.pem
new file mode 100644
index 000000000000..207f34ab3a7d
--- /dev/null
+++ b/crypto/openssl/certs/nortelCA.pem
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICajCCAdMCBDGA0QUwDQYJKoZIhvcNAQEEBQAwfTELMAkGA1UEBhMCQ2ExDzAN
+BgNVBAcTBk5lcGVhbjEeMBwGA1UECxMVTm8gTGlhYmlsaXR5IEFjY2VwdGVkMR8w
+HQYDVQQKExZGb3IgRGVtbyBQdXJwb3NlcyBPbmx5MRwwGgYDVQQDExNFbnRydXN0
+IERlbW8gV2ViIENBMB4XDTk2MDQyNjEzMzUwMVoXDTA2MDQyNjEzMzUwMVowfTEL
+MAkGA1UEBhMCQ2ExDzANBgNVBAcTBk5lcGVhbjEeMBwGA1UECxMVTm8gTGlhYmls
+aXR5IEFjY2VwdGVkMR8wHQYDVQQKExZGb3IgRGVtbyBQdXJwb3NlcyBPbmx5MRww
+GgYDVQQDExNFbnRydXN0IERlbW8gV2ViIENBMIGdMA0GCSqGSIb3DQEBAQUAA4GL
+ADCBhwKBgQCaroS7O1DA0hm4IefNYU1cx/nqOmzEnk291d1XqznDeF4wEgakbkCc
+zTKxK791yNpXG5RmngqH7cygDRTHZJ6mfCRn0wGC+AI00F2vYTGqPGRQL1N3lZT0
+YDKFC0SQeMMjFIZ1aeQigroFQnHo0VB3zWIMpNkka8PY9lxHZAmWwQIBAzANBgkq
+hkiG9w0BAQQFAAOBgQBAx0UMVA1s54lMQyXjMX5kj99FJN5itb8bK1Rk+cegPQPF
+cWO9SEWyEjjBjIkjjzAwBkaEszFsNGxemxtXvwjIm1xEUMTVlPEWTs2qnDvAUA9W
+YqhWbhH0toGT36236QAsqCZ76rbTRVSSX2BHyJwJMG2tCRv7kRJ//NIgxj3H4w==
+-----END CERTIFICATE-----
+
diff --git a/crypto/openssl/certs/pca-cert.pem b/crypto/openssl/certs/pca-cert.pem
new file mode 100644
index 000000000000..140e9a6b4329
--- /dev/null
+++ b/crypto/openssl/certs/pca-cert.pem
@@ -0,0 +1,31 @@
+issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
+subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
+-----BEGIN CERTIFICATE-----
+MIICJzCCAZACAQAwDQYJKoZIhvcNAQEEBQAwXDELMAkGA1UEBhMCQVUxEzARBgNV
+BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYD
+VQQDExNUZXN0IFBDQSAoMTAyNCBiaXQpMB4XDTk3MDYwOTEzNTczN1oXDTAxMDYw
+OTEzNTczN1owXDELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxGjAY
+BgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYDVQQDExNUZXN0IFBDQSAoMTAy
+NCBiaXQpMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCdoWk/3+WcMlfjIrkg
+40ketmnQaEogQe1LLcuOJV6rKfUSAsPgwgsabJ/wn8TxA1yy3eKJbFl3OiUXMRsp
+22Jp85PmemiDzyUIStwk72qhp1imbANZvlmlCFKiQrjUyuDfu4TABmn+kkt3vR1Y
+BEOGt+IFye1UBVSATVdRJ2UVhwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBABNA1u/S
+Cg/LJZWb7GliiKJsvuhxlE4E5JxQF2zMub/CSNbF97//tYSyj96sxeFQxZXbcjm9
+xt6mr/xNLA4szNQMJ4P+L7b5e/jC5DSqlwS+CUYJgaFs/SP+qJoCSu1bR3IM9XWO
+cRBpDmcBbYLkSyB92WURvsZ1LtjEcn+cdQVI
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQCdoWk/3+WcMlfjIrkg40ketmnQaEogQe1LLcuOJV6rKfUSAsPg
+wgsabJ/wn8TxA1yy3eKJbFl3OiUXMRsp22Jp85PmemiDzyUIStwk72qhp1imbANZ
+vlmlCFKiQrjUyuDfu4TABmn+kkt3vR1YBEOGt+IFye1UBVSATVdRJ2UVhwIDAQAB
+AoGAba4fTtuap5l7/8ZsbE7Z1O32KJY4ZcOZukLOLUUhXxXduT+FTgGWujc0/rgc
+z9qYCLlNZHOouMYTgtSfYvuMuLZ11VIt0GYH+nRioLShE59Yy+zCRyC+gPigS1kz
+xvo14AsOIPYV14Tk/SsHyq6E0eTk7VzaIE197giiINUERPECQQDSKmtPTh/lRKw7
+HSZSM0I1mFWn/1zqrAbontRQY5w98QWIOe5qmzYyFbPXYT3d9BzlsMyhgiRNoBbD
+yvohSHXJAkEAwAHx6ezAZeWWzD5yXD36nyjpkVCw7Tk7TSmOceLJMWt1QcrCfqlS
+xA5jjpQ6Z8suU5DdtWAryM2sAir1WisYzwJAd6Zcx56jvAQ3xcPXsE6scBTVFzrj
+7FqZ6E+cclPzfLQ+QQsyOBE7bpI6e/FJppY26XGZXo3YGzV8IGXrt40oOQJALETG
+h86EFXo3qGOFbmsDy4pdP5nBERCu8X1xUCSfintiD4c2DInxgS5oGclnJeMcjTvL
+QjQoJCX3UJCi/OUO1QJBAKgcDHWjMvt+l1pjJBsSEZ0HX9AAIIVx0RQmbFGS+F2Q
+hhu5l77WnnZOQ9vvhV5u7NPCUF9nhU3jh60qWWO8mkc=
+-----END RSA PRIVATE KEY-----
diff --git a/crypto/openssl/certs/rsa-cca.pem b/crypto/openssl/certs/rsa-cca.pem
new file mode 100644
index 000000000000..69f5c1c84cd7
--- /dev/null
+++ b/crypto/openssl/certs/rsa-cca.pem
@@ -0,0 +1,19 @@
+subject=/C=US/O=RSA Data Security, Inc./OU=Commercial Certification Authority
+issuer= /C=US/O=RSA Data Security, Inc./OU=Commercial Certification Authority
+notBefore=941104185834Z
+notAfter =991103185834Z
+-----BEGIN X509 CERTIFICATE-----
+
+MIICIzCCAZACBQJBAAAWMA0GCSqGSIb3DQEBAgUAMFwxCzAJBgNVBAYTAlVTMSAw
+HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjErMCkGA1UECxMiQ29tbWVy
+Y2lhbCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NDExMDQxODU4MzRaFw05
+OTExMDMxODU4MzRaMFwxCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0YSBT
+ZWN1cml0eSwgSW5jLjErMCkGA1UECxMiQ29tbWVyY2lhbCBDZXJ0aWZpY2F0aW9u
+IEF1dGhvcml0eTCBmzANBgkqhkiG9w0BAQEFAAOBiQAwgYUCfgCk+4Fie84QJ93o
+975sbsZwmdu41QUDaSiCnHJ/lj+O7Kwpkj+KFPhCdr69XQO5kNTQvAayUTNfxMK/
+touPmbZiImDd298ggrTKoi8tUO2UMt7gVY3UaOLgTNLNBRYulWZcYVI4HlGogqHE
+7yXpCuaLK44xZtn42f29O2nZ6wIDAQABMA0GCSqGSIb3DQEBAgUAA34AdrW2EP4j
+9/dZYkuwX5zBaLxJu7NJbyFHXSudVMQAKD+YufKKg5tgf+tQx6sFEC097TgCwaVI
+0v5loMC86qYjFmZsGySp8+x5NRhPJsjjr1BKx6cxa9B8GJ1Qv6km+iYrRpwUqbtb
+MJhCKLVLU7tDCZJAuqiqWqTGtotXTcU=
+-----END X509 CERTIFICATE-----
diff --git a/crypto/openssl/certs/rsa-ssca.pem b/crypto/openssl/certs/rsa-ssca.pem
new file mode 100644
index 000000000000..c9403212d183
--- /dev/null
+++ b/crypto/openssl/certs/rsa-ssca.pem
@@ -0,0 +1,19 @@
+subject=/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
+issuer= /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
+notBefore=941109235417Z
+notAfter =991231235417Z
+-----BEGIN X509 CERTIFICATE-----
+
+MIICKTCCAZYCBQJBAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMSAw
+HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UECxMlU2VjdXJl
+IFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NDExMDkyMzU0MTda
+Fw05OTEyMzEyMzU0MTdaMF8xCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0
+YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UECxMlU2VjdXJlIFNlcnZlciBDZXJ0aWZp
+Y2F0aW9uIEF1dGhvcml0eTCBmzANBgkqhkiG9w0BAQEFAAOBiQAwgYUCfgCSznrB
+roM+WqqJg1esJQF2DK2ujiw3zus1eGRUA+WEQFHJv48I4oqCCNIWhjdV6bEhAq12
+aIGaBaJLyUslZiJWbIgHj/eBWW2EB2VwE3F2Ppt3TONQiVaYSLkdpykaEy5KEVmc
+HhXVSVQsczppgrGXOZxtcGdI5d0t1sgeewIDAQABMA0GCSqGSIb3DQEBAgUAA34A
+iNHReSHO4ovo+MF9NFM/YYPZtgs4F7boviGNjwC4i1N+RGceIr2XJ+CchcxK9oU7
+suK+ktPlDemvXA4MRpX/oRxePug2WHpzpgr4IhFrwwk4fia7c+8AvQKk8xQNMD9h
+cHsg/jKjn7P0Z1LctO6EjJY2IN6BCINxIYoPnqk=
+-----END X509 CERTIFICATE-----
diff --git a/crypto/openssl/certs/thawteCb.pem b/crypto/openssl/certs/thawteCb.pem
new file mode 100644
index 000000000000..27df192f0d08
--- /dev/null
+++ b/crypto/openssl/certs/thawteCb.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDEzCCAnygAwIBAgIBATANBgkqhkiG9w0BAQQFADCBxDELMAkGA1UEBhMCWkEx
+FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYD
+VQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlv
+biBTZXJ2aWNlcyBEaXZpc2lvbjEZMBcGA1UEAxMQVGhhd3RlIFNlcnZlciBDQTEm
+MCQGCSqGSIb3DQEJARYXc2VydmVyLWNlcnRzQHRoYXd0ZS5jb20wHhcNOTYwODAx
+MDAwMDAwWhcNMjAxMjMxMjM1OTU5WjCBxDELMAkGA1UEBhMCWkExFTATBgNVBAgT
+DFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYDVQQKExRUaGF3
+dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNl
+cyBEaXZpc2lvbjEZMBcGA1UEAxMQVGhhd3RlIFNlcnZlciBDQTEmMCQGCSqGSIb3
+DQEJARYXc2VydmVyLWNlcnRzQHRoYXd0ZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQAD
+gY0AMIGJAoGBANOkUG7I/1Zr5s9dtuoMaHVHoqrC2oQl/Kj0R1HahbUgdJSGHg91
+yekIYfUGbTBuFRkC6VLAYttNmZ7iagxEOM3+vuNkCXDF/rFrKbYvScg71CcEJRCX
+L+eQbcAoQpnXTEPew/UhbVSfXcNY4cDk2VuwuNy0e982OsK1ZiIS1ocNAgMBAAGj
+EzARMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAB/pMaVz7lcxG
+7oWDTSEwjsrZqG9JGubaUeNgcGyEYRGhGshIPllDfU+VPaGLtwtimHp1it2ITk6e
+QNuozDJ0uW8NxuOzRAvZim+aKZuZGCg70eNAKJpaPNW15yAbi8qkq43pUdniTCxZ
+qdq5snUb9kLy78fyGPmJvKP/iiMucEc=
+-----END CERTIFICATE-----
diff --git a/crypto/openssl/certs/thawteCp.pem b/crypto/openssl/certs/thawteCp.pem
new file mode 100644
index 000000000000..51285e33c2fc
--- /dev/null
+++ b/crypto/openssl/certs/thawteCp.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDJzCCApCgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBzjELMAkGA1UEBhMCWkEx
+FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYD
+VQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlv
+biBTZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UEAxMYVGhhd3RlIFByZW1pdW0gU2Vy
+dmVyIENBMSgwJgYJKoZIhvcNAQkBFhlwcmVtaXVtLXNlcnZlckB0aGF3dGUuY29t
+MB4XDTk2MDgwMTAwMDAwMFoXDTIwMTIzMTIzNTk1OVowgc4xCzAJBgNVBAYTAlpB
+MRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsG
+A1UEChMUVGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRp
+b24gU2VydmljZXMgRGl2aXNpb24xITAfBgNVBAMTGFRoYXd0ZSBQcmVtaXVtIFNl
+cnZlciBDQTEoMCYGCSqGSIb3DQEJARYZcHJlbWl1bS1zZXJ2ZXJAdGhhd3RlLmNv
+bTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0jY2aovXwlue2oFBYo847kkE
+VdbQ7xwblRZH7xhINTpS9CtqBo87L+pW46+GjZ4X9560ZXUCTe/LCaIhUdib0GfQ
+ug2SBhRz1JPLlyoAnFxODLz6FVL88kRu2hFKbgifLy3j+ao6hnO2RlNYyIkFvYMR
+uHM/qgeN9EJN50CdHDcCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG
+9w0BAQQFAAOBgQAmSCwWwlj66BZ0DKqqX1Q/8tfJeGBeXm43YyJ3Nn6yF8Q0ufUI
+hfzJATj/Tb7yFkJD57taRvvBxhEf8UqwKEbJw8RCfbz6q1lu1bdRiBHjpIUZa4JM
+pAwSremkrj/xw0llmozFyD4lt5SZu5IycQfwhl7tUCemDaYj+bvLpgcUQg==
+-----END CERTIFICATE-----
diff --git a/crypto/openssl/certs/timCA.pem b/crypto/openssl/certs/timCA.pem
new file mode 100644
index 000000000000..9c8d5bf9c690
--- /dev/null
+++ b/crypto/openssl/certs/timCA.pem
@@ -0,0 +1,16 @@
+Tims test GCI CA
+
+-----BEGIN CERTIFICATE-----
+MIIB8DCCAZoCAQAwDQYJKoZIhvcNAQEEBQAwgYIxCzAJBgNVBAYTAkFVMRMwEQYD
+VQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5
+cHRTb2Z0IFB0eSBMdGQxFDASBgNVBAsTC2RldmVsb3BtZW50MRkwFwYDVQQDExBD
+cnlwdFNvZnQgRGV2IENBMB4XDTk3MDMyMjEzMzQwNFoXDTk4MDMyMjEzMzQwNFow
+gYIxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhC
+cmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxFDASBgNVBAsTC2Rl
+dmVsb3BtZW50MRkwFwYDVQQDExBDcnlwdFNvZnQgRGV2IENBMFwwDQYJKoZIhvcN
+AQEBBQADSwAwSAJBAOAOAqogG5QwAmLhzyO4CoRnx/wVy4NZP4dxJy83O1EnL0rw
+OdsamJKvPOLHgSXo3gDu9uVyvCf/QJmZAmC5ml8CAwEAATANBgkqhkiG9w0BAQQF
+AANBADRRS/GVdd7rAqRW6SdmgLJduOU2yq3avBu99kRqbp9A/dLu6r6jU+eP4oOA
+TfdbFZtAAD2Hx9jUtY3tfdrJOb8= 
+-----END CERTIFICATE-----
+
diff --git a/crypto/openssl/certs/tjhCA.pem b/crypto/openssl/certs/tjhCA.pem
new file mode 100644
index 000000000000..67bee1b20018
--- /dev/null
+++ b/crypto/openssl/certs/tjhCA.pem
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICVjCCAgACAQAwDQYJKoZIhvcNAQEEBQAwgbUxCzAJBgNVBAYTAkFVMRMwEQYD
+VQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5
+cHRTb2Z0IFB0eSBMdGQxLDAqBgNVBAsTI1dPUlRITEVTUyBDRVJUSUZJQ0FUSU9O
+IEFVVEhPUklUSUVTMTQwMgYDVQQDEytaRVJPIFZBTFVFIENBIC0gREVNT05TVFJB
+VElPTiBQVVJQT1NFUyBPTkxZMB4XDTk3MDQwMzEzMjI1NFoXDTk4MDQwMzEzMjI1
+NFowgbUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQH
+EwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxLDAqBgNVBAsT
+I1dPUlRITEVTUyBDRVJUSUZJQ0FUSU9OIEFVVEhPUklUSUVTMTQwMgYDVQQDEyta
+RVJPIFZBTFVFIENBIC0gREVNT05TVFJBVElPTiBQVVJQT1NFUyBPTkxZMFwwDQYJ
+KoZIhvcNAQEBBQADSwAwSAJBAOZ7T7yqP/tyspcko3yPY1y0Cm2EmwNvzW4QgVXR
+Fjs3HmJ4xtSpXdo6mwcGezL3Abt/aQXaxv9PU8xt+Jr0OFUCAwEAATANBgkqhkiG
+9w0BAQQFAANBAOQpYmGgyCqCy1OljgJhCqQOu627oVlHzK1L+t9vBaMfn40AVUR4
+WzQVWO31KTgi5vTK1U+3h46fgUWqQ0h+6rU=
+-----END CERTIFICATE-----
diff --git a/crypto/openssl/certs/vsign1.pem b/crypto/openssl/certs/vsign1.pem
new file mode 100644
index 000000000000..277894d1ff19
--- /dev/null
+++ b/crypto/openssl/certs/vsign1.pem
@@ -0,0 +1,17 @@
+subject=/C=US/O=VeriSign, Inc./OU=Class 1 Public Primary Certification Authority
+notBefore=Jan 29 00:00:00 1996 GMT
+notAfter=Jan  7 23:59:59 2020 GMT
+-----BEGIN CERTIFICATE-----
+MIICPDCCAaUCEDJQM89Q0VbzXIGtZVxPyCUwDQYJKoZIhvcNAQECBQAwXzELMAkG
+A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz
+cyAxIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2
+MDEyOTAwMDAwMFoXDTIwMDEwNzIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV
+BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmlt
+YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN
+ADCBiQKBgQDlGb9to1ZhLZlIcfZn3rmN67eehoAKkQ76OCWvRoiC5XOooJskXQ0f
+zGVuDLDQVoQYh5oGmxChc9+0WDlrbsH2FdWoqD+qEgaNMax/sDTXjzRniAnNFBHi
+TkVWaR94AoDa3EeRKbs2yWNcxeDXLYd7obcysHswuiovMaruo2fa2wIDAQABMA0G
+CSqGSIb3DQEBAgUAA4GBAEtEZmBoZOSYG/OwcuaViXzde7OVwB0u2NgZ0C00PcZQ
+mhCGjKo/O6gE/DdSlcPZydvN8oYGxLEb8IKIMEKOF1AcZHq4PplJdJf8rAJD+5YM
+VgQlDHx8h50kp9jwMim1pN9dokzFFjKoQvZFprY2ueC/ZTaTwtLXa9zeWdaiNfhF
+-----END CERTIFICATE-----
diff --git a/crypto/openssl/certs/vsign2.pem b/crypto/openssl/certs/vsign2.pem
new file mode 100644
index 000000000000..d8bdd8c812f1
--- /dev/null
+++ b/crypto/openssl/certs/vsign2.pem
@@ -0,0 +1,18 @@
+subject=/C=US/O=VeriSign, Inc./OU=Class 2 Public Primary Certification Authority
+notBefore=Jan 29 00:00:00 1996 GMT
+notAfter=Jan  7 23:59:59 2004 GMT
+-----BEGIN CERTIFICATE-----
+MIICPTCCAaYCEQC6WslMBTuS1qe2307QU5INMA0GCSqGSIb3DQEBAgUAMF8xCzAJ
+BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xh
+c3MgMiBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05
+NjAxMjkwMDAwMDBaFw0wNDAxMDcyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYD
+VQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMiBQdWJsaWMgUHJp
+bWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOB
+jQAwgYkCgYEAtlqLow1qI4OAa885h/QhEzMGTCWi7VUSl8WngLn6g8EgoPovFQ18
+oWBrfnks+gYPOq72G2+x0v8vKFJfg31LxHq3+GYfgFT8t8KOWUoUV0bRmpO+QZED
+uxWAk1zr58wIbD8+s0r8/0tsI9VQgiZEGY4jw3HqGSRHBJ51v8imAB8CAwEAATAN
+BgkqhkiG9w0BAQIFAAOBgQC2AB+TV6QHp0DOZUA/VV7t7/pUSaUw1iF8YYfug5ML
+v7Qz8pisnwa/TqjOFIFMywROWMPPX+5815pvy0GKt3+BuP+EYcYnQ2UdDOyxAArd
+G6S7x3ggKLKi3TaVLuFUT79guXdoEZkj6OpS6KoATmdOu5C1RZtG644W78QzWzM9
+1Q==
+-----END CERTIFICATE-----
diff --git a/crypto/openssl/certs/vsign3.pem b/crypto/openssl/certs/vsign3.pem
new file mode 100644
index 000000000000..aa5bb4c1f32b
--- /dev/null
+++ b/crypto/openssl/certs/vsign3.pem
@@ -0,0 +1,18 @@
+subject=/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
+notBefore=Jan 29 00:00:00 1996 GMT
+notAfter=Jan  7 23:59:59 2004 GMT
+-----BEGIN CERTIFICATE-----
+MIICPTCCAaYCEQDknv3zOugOz6URPhmkJAIyMA0GCSqGSIb3DQEBAgUAMF8xCzAJ
+BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xh
+c3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05
+NjAxMjkwMDAwMDBaFw0wNDAxMDcyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYD
+VQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMgUHJp
+bWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOB
+jQAwgYkCgYEAyVxZnvIbigEUtBDfBEDb41evakVAj4QMC9Ez2dkRz+4CWB8l9yqo
+RAWq7AMfeH+ek7maAKojfdashaJjRcdyJ8z0TMZ1cdI5709C8HXfCpDGjiBvmA/4
+rCNfcCk2pMmG57GaIMtTpYXnPb59mv4kRTPcdhXtD6JxZExlLoFoRacCAwEAATAN
+BgkqhkiG9w0BAQIFAAOBgQBhcOwvP579K+ZoVCGwZ3kIDCCWMYoNer62Jt95LCJp
+STbjl3diYaIy13pUITa6Ask05yXaRDWw0lyAXbOU+Pms7qRgdSoflUkjsUp89LNH
+ciFbfperVKxi513srpvSybIk+4Kt6WcVS7qqpvCXoPawl1cAyAw8CaCCBLpB2veZ
+pA==
+-----END CERTIFICATE-----
diff --git a/crypto/openssl/certs/vsignss.pem b/crypto/openssl/certs/vsignss.pem
new file mode 100644
index 000000000000..5de48bfcf974
--- /dev/null
+++ b/crypto/openssl/certs/vsignss.pem
@@ -0,0 +1,17 @@
+subject=/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
+notBefore=Nov  9 00:00:00 1994 GMT
+notAfter=Jan  7 23:59:59 2010 GMT
+-----BEGIN CERTIFICATE-----
+MIICNDCCAaECEAKtZn5ORf5eV288mBle3cAwDQYJKoZIhvcNAQECBQAwXzELMAkG
+A1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYD
+VQQLEyVTZWN1cmUgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk0
+MTEwOTAwMDAwMFoXDTEwMDEwNzIzNTk1OVowXzELMAkGA1UEBhMCVVMxIDAeBgNV
+BAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVTZWN1cmUgU2Vy
+dmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGbMA0GCSqGSIb3DQEBAQUAA4GJ
+ADCBhQJ+AJLOesGugz5aqomDV6wlAXYMra6OLDfO6zV4ZFQD5YRAUcm/jwjiioII
+0haGN1XpsSECrXZogZoFokvJSyVmIlZsiAeP94FZbYQHZXATcXY+m3dM41CJVphI
+uR2nKRoTLkoRWZweFdVJVCxzOmmCsZc5nG1wZ0jl3S3WyB57AgMBAAEwDQYJKoZI
+hvcNAQECBQADfgBl3X7hsuyw4jrg7HFGmhkRuNPHoLQDQCYCPgmc4RKz0Vr2N6W3
+YQO2WxZpO8ZECAyIUwxrl0nHPjXcbLm7qt9cuzovk2C2qUtN8iD3zV9/ZHuO3ABc
+1/p3yjkWWW8O6tO1g39NTUJWdrTJXwT4OPjr0l91X817/OWOgHz8UA==
+-----END CERTIFICATE-----
diff --git a/crypto/openssl/certs/vsigntca.pem b/crypto/openssl/certs/vsigntca.pem
new file mode 100644
index 000000000000..05acf76e66c6
--- /dev/null
+++ b/crypto/openssl/certs/vsigntca.pem
@@ -0,0 +1,18 @@
+subject=/O=VeriSign, Inc/OU=www.verisign.com/repository/TestCPS Incorp. By Ref. Liab. LTD./OU=For VeriSign authorized testing only. No assurances (C)VS1997
+notBefore=Mar  4 00:00:00 1997 GMT
+notAfter=Mar  4 23:59:59 2025 GMT
+-----BEGIN CERTIFICATE-----
+MIICTTCCAfcCEEdoCqpuXxnoK27q7d58Qc4wDQYJKoZIhvcNAQEEBQAwgakxFjAU
+BgNVBAoTDVZlcmlTaWduLCBJbmMxRzBFBgNVBAsTPnd3dy52ZXJpc2lnbi5jb20v
+cmVwb3NpdG9yeS9UZXN0Q1BTIEluY29ycC4gQnkgUmVmLiBMaWFiLiBMVEQuMUYw
+RAYDVQQLEz1Gb3IgVmVyaVNpZ24gYXV0aG9yaXplZCB0ZXN0aW5nIG9ubHkuIE5v
+IGFzc3VyYW5jZXMgKEMpVlMxOTk3MB4XDTk3MDMwNDAwMDAwMFoXDTI1MDMwNDIz
+NTk1OVowgakxFjAUBgNVBAoTDVZlcmlTaWduLCBJbmMxRzBFBgNVBAsTPnd3dy52
+ZXJpc2lnbi5jb20vcmVwb3NpdG9yeS9UZXN0Q1BTIEluY29ycC4gQnkgUmVmLiBM
+aWFiLiBMVEQuMUYwRAYDVQQLEz1Gb3IgVmVyaVNpZ24gYXV0aG9yaXplZCB0ZXN0
+aW5nIG9ubHkuIE5vIGFzc3VyYW5jZXMgKEMpVlMxOTk3MFwwDQYJKoZIhvcNAQEB
+BQADSwAwSAJBAMak6xImJx44jMKcbkACy5/CyMA2fqXK4PlzTtCxRq5tFkDzne7s
+cI8oFK/J+gFZNE3bjidDxf07O3JOYG9RGx8CAwEAATANBgkqhkiG9w0BAQQFAANB
+ADT523tENOKrEheZFpsJx1UUjPrG7TwYc/C4NBHrZI4gZJcKVFIfNulftVS6UMYW
+ToLEMaUojc3DuNXHG21PDG8=
+-----END CERTIFICATE-----
diff --git a/crypto/openssl/config b/crypto/openssl/config
new file mode 100755
index 000000000000..93e2317c3f61
--- /dev/null
+++ b/crypto/openssl/config
@@ -0,0 +1,506 @@
+#!/bin/sh
+#
+# OpenSSL config: determine the operating system and run ./Configure
+#
+# "config -h" for usage information.
+#
+#          this is a merge of minarch and GuessOS from the Apache Group.
+#          Originally written by Tim Hudson .
+
+# Original Apache Group comments on GuessOS
+
+# Simple OS/Platform guesser. Similar to config.guess but
+# much, much smaller. Since it was developed for use with
+# Apache, it follows under Apache's regular licensing
+# with one specific addition: Any changes or additions
+# to this script should be Emailed to the Apache
+# group (apache@apache.org) in general and to
+# Jim Jagielski (jim@jaguNET.com) in specific.
+#
+# Be as similar to the output of config.guess/config.sub
+# as possible.
+
+# First get uname entries that we use below
+
+MACHINE=`(uname -m) 2>/dev/null` || MACHINE="unknown"
+RELEASE=`(uname -r) 2>/dev/null` || RELEASE="unknown"
+SYSTEM=`(uname -s) 2>/dev/null`  || SYSTEM="unknown"
+VERSION=`(uname -v) 2>/dev/null` || VERSION="unknown"
+
+# Now test for ISC and SCO, since it is has a braindamaged uname.
+#
+# We need to work around FreeBSD 1.1.5.1 
+(
+XREL=`uname -X 2>/dev/null | grep "^Release" | awk '{print $3}'`
+if [ "x$XREL" != "x" ]; then
+    if [ -f /etc/kconfig ]; then
+	case "$XREL" in
+	    4.0|4.1)
+		    echo "${MACHINE}-whatever-isc4"; exit 0
+		;;
+	esac
+    else
+	case "$XREL" in
+	    3.2v4.2)
+		echo "whatever-whatever-sco3"; exit 0
+		;;
+	    3.2v5.0*)
+		echo "whatever-whatever-sco5"; exit 0
+		;;
+	    4.2MP)
+		if [ "x$VERSION" = "x2.1.1" ]; then
+		    echo "${MACHINE}-whatever-unixware211"; exit 0
+		else
+		    echo "${MACHINE}-whatever-unixware2"; exit 0
+		fi
+		;;
+	    4.2)
+		echo "whatever-whatever-unixware1"; exit 0
+		;;
+	esac
+    fi
+fi
+# Now we simply scan though... In most cases, the SYSTEM info is enough
+#
+case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
+    A/UX:*)
+	echo "m68k-apple-aux3"; exit 0
+	;;
+
+    AIX:*)
+	echo "${MACHINE}-ibm-aix"; exit 0
+	;;
+
+    dgux:*)
+	echo "${MACHINE}-dg-dgux"; exit 0
+	;;
+
+    HI-UX:*)
+	echo "${MACHINE}-hi-hiux"; exit 0
+	;;
+
+    HP-UX:*)
+	HPUXVER=`echo ${RELEASE}|sed -e 's/[^.]*.[0B]*//'`
+	case "$HPUXVER" in
+	    11.*)
+		echo "${MACHINE}-hp-hpux11"; exit 0
+		;;
+	    10.*)
+		echo "${MACHINE}-hp-hpux10"; exit 0
+		;;
+	    *)
+		echo "${MACHINE}-hp-hpux"; exit 0
+		;;
+	esac
+	;;
+
+    IRIX:5.*)
+	echo "mips2-sgi-irix"; exit 0
+	;;
+
+    IRIX:6.*)
+	echo "mips3-sgi-irix"; exit 0
+	;;
+
+    IRIX64:*)
+	echo "mips4-sgi-irix64"; exit 0
+	;;
+
+    Linux:[2-9].*)
+	echo "${MACHINE}-whatever-linux2"; exit 0
+	;;
+
+    Linux:1.*)
+	echo "${MACHINE}-whatever-linux1"; exit 0
+	;;
+
+    LynxOS:*)
+	echo "${MACHINE}-lynx-lynxos"; exit 0
+	;;
+
+    BSD/OS:4.*)  # BSD/OS always says 386
+	echo "i486-whatever-bsdi4"; exit 0
+	;;
+
+    BSD/386:*:*:*486*|BSD/OS:*:*:*:*486*)
+        case `/sbin/sysctl -n hw.model` in
+	    Pentium*)
+                echo "i586-whatever-bsdi"; exit 0
+                ;;
+            *)
+                echo "i386-whatever-bsdi"; exit 0
+                ;;
+            esac;
+	;;
+
+    BSD/386:*|BSD/OS:*)
+	echo "${MACHINE}-whatever-bsdi"; exit 0
+	;;
+
+    FreeBSD:*)
+        VERS=`echo ${RELEASE} | sed -e 's/[-(].*//'`
+        MACH=`sysctl -n hw.model`
+        ARCH='whatever'
+        case ${MACH} in
+           *386*       ) MACH="i386"     ;;
+           *486*       ) MACH="i486"     ;;
+           Pentium\ II*) MACH="i686"     ;;
+           Pentium*    ) MACH="i586"     ;;
+           Alpha*      ) MACH="alpha"    ;;
+           *           ) MACH="$MACHINE" ;;
+        esac
+        case ${MACH} in
+           i[0-9]86 ) ARCH="pc" ;;
+        esac
+        echo "${MACH}-${ARCH}-freebsd${VERS}"; exit 0
+        ;;
+
+    NetBSD:*:*:*386*)
+        echo "`sysctl -n hw.model | sed 's,.*\(.\)86-class.*,i\186,'`-whateve\r-netbsd"; exit 0
+	;;
+
+    NetBSD:*)
+	echo "${MACHINE}-whatever-netbsd"; exit 0
+	;;
+
+    OpenBSD:*)
+	echo "${MACHINE}-whatever-openbsd"; exit 0
+	;;
+
+    OSF1:*:*:*alpha*)
+	echo "${MACHINE}-dec-osf"; exit 0
+	;;
+
+    QNX:*)
+	case "$VERSION" in
+	    423)
+		echo "${MACHINE}-qssl-qnx32"
+		;;
+	    *)
+		echo "${MACHINE}-qssl-qnx"
+		;;
+	esac
+	exit 0
+	;;
+
+    Paragon*:*:*:*)
+	echo "i860-intel-osf1"; exit 0
+	;;
+
+    SunOS:5.*)
+	echo "${MACHINE}-sun-solaris2"; exit 0
+	;;
+
+    SunOS:*)
+	echo "${MACHINE}-sun-sunos4"; exit 0
+	;;
+
+    UNIX_System_V:4.*:*)
+	echo "${MACHINE}-whatever-sysv4"; exit 0
+	;;
+
+    *:4*:R4*:m88k)
+	echo "${MACHINE}-whatever-sysv4"; exit 0
+	;;
+
+    DYNIX/ptx:4*:*)
+	echo "${MACHINE}-whatever-sysv4"; exit 0
+	;;
+
+    *:4.0:3.0:3[34]?? | *:4.0:3.0:3[34]??,*)
+	echo "i486-ncr-sysv4"; exit 0
+	;;
+
+    ULTRIX:*)
+	echo "${MACHINE}-unknown-ultrix"; exit 0
+	;;
+
+    SINIX*|ReliantUNIX*)
+	echo "${MACHINE}-siemens-sysv4"; exit 0
+	;;
+
+    POSIX-BC*)
+	echo "${MACHINE}-siemens-sysv4"; exit 0   # Here, $MACHINE == "BS2000"
+	;;
+
+    machten:*)
+       echo "${MACHINE}-tenon-${SYSTEM}"; exit 0;
+       ;;
+
+    library:*)
+	echo "${MACHINE}-ncr-sysv4"; exit 0
+	;;
+
+    ConvexOS:*:11.0:*)
+	echo "${MACHINE}-v11-${SYSTEM}"; exit 0;
+	;;
+
+esac
+
+#
+# Ugg. These are all we can determine by what we know about
+# the output of uname. Be more creative:
+#
+
+# Do the Apollo stuff first. Here, we just simply assume
+# that the existance of the /usr/apollo directory is proof
+# enough
+if [ -d /usr/apollo ]; then
+    echo "whatever-apollo-whatever"
+    exit 0
+fi
+
+# Now NeXT
+ISNEXT=`hostinfo 2>/dev/null`
+case "$ISNEXT" in
+    *'NeXT Mach 3.3'*)
+	echo "whatever-next-nextstep3.3"; exit 0
+	;;
+    *NeXT*)
+	echo "whatever-next-nextstep"; exit 0
+	;;
+esac
+
+# At this point we gone through all the one's
+# we know of: Punt
+
+echo "${MACHINE}-whatever-${SYSTEM}" 
+exit 0
+) 2>/dev/null | (
+
+# ---------------------------------------------------------------------------
+# this is where the translation occurs into SSLeay terms
+# ---------------------------------------------------------------------------
+
+PREFIX=""
+SUFFIX=""
+TEST="false"
+
+# pick up any command line args to config
+for i
+do
+case "$i" in 
+-d*) PREFIX="debug-";;
+-t*) TEST="true";;
+-h*) TEST="true"; cat </dev/null`
+if [ "$GCCVER" != "" ]; then
+  CC=gcc
+  # then strip off whatever prefix Cygnus prepends the number with...
+  GCCVER=`echo $GCCVER | sed 's/^[a-z]*\-//'`
+  # peak single digit before and after first dot, e.g. 2.95.1 gives 29
+  GCCVER=`echo $GCCVER | sed 's/\([0-9]\)\.\([0-9]\).*/\1\2/'`
+else
+  CC=cc
+fi
+
+if [ "$SYSTEM" = "SunOS" ]; then
+  # assume output is "blah-blah C x.x"
+  CCVER=`(cc -V 2>&1) 2>/dev/null | \
+  	egrep -e '^cc: .* C [0-9]\.[0-9]' | \
+	sed 's/.* C \([0-9]\)\.\([0-9]\).*/\1\2/'`
+  CCVER=${CCVER:-0}
+  if [ $CCVER -gt 40 ]; then
+    CC=cc	# overrides gcc!!!
+    if [ $CCVER -eq 50 ]; then
+      echo "WARNING! Detected WorkShop C 5.0. Do make sure you have"
+      echo "         patch #107357-01 or later applied."
+      sleep 5
+    fi
+  elif [ "$CC" = "cc" -a $CCVER -gt 0 ]; then
+    CC=sc3
+  fi
+fi
+
+GCCVER=${GCCVER:-0}
+CCVER=${CCVER:-0}
+
+# read the output of the embedded GuessOS 
+read GUESSOS
+
+echo Operating system: $GUESSOS
+
+# now map the output into SSLeay terms ... really should hack into the
+# script above so we end up with values in vars but that would take
+# more time that I want to waste at the moment
+case "$GUESSOS" in
+  alpha-*-linux2) OUT="alpha-gcc" ;;
+  ppc-*-linux2) OUT="linux-ppc" ;;
+  mips-*-linux?) OUT="linux-mips" ;;
+  mips2-sgi-irix)
+	CPU=`(hinv -t cpu) 2>/dev/null | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
+	CPU=${CPU:-0}
+	if [ $CPU -ge 4000 ]; then
+		options="$options -mips2"
+	fi
+	OUT="irix-$CC"
+	;;
+  mips3-sgi-irix)
+	CPU=`(hinv -t cpu) 2>/dev/null | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
+	CPU=${CPU:-0}
+	if [ $CPU -ge 5000 ]; then
+		options="$options -mips4"
+	else
+		options="$options -mips3"
+	fi
+	OUT="irix-mips3-$CC"
+	;;
+  mips4-sgi-irix64)
+	echo "WARNING! If you wish to build 64-bit library, then you have to"
+	echo "         invoke './Configre irix64-mips4-$CC' *manually*."
+	echo "         Type Ctrl-C if you don't want to continue."
+	read waste < /dev/tty
+	options="$options -mips4"
+	OUT="irix-mips3-$CC"
+	;;
+  sparc64-*-linux2)
+	#Before we can uncomment following lines we have to wait at least
+	#till 64-bit glibc for SPARC is operational:-(
+	#echo "WARNING! If you wish to build 64-bit library, then you have to"
+	#echo "         invoke './Configure linux64-sparcv9' *manually*."
+	#echo "         Type Ctrl-C if you don't want to continue."
+	#read waste < /dev/tty
+	OUT="linux-sparcv9" ;;
+  sparc-*-linux2)
+	KARCH=`awk '/type/{print$3}' /proc/cpuinfo`
+	case ${KARCH:-sun4} in
+	sun4u*)	OUT="linux-sparcv9" ;;
+	sun4m)	OUT="linux-sparcv8" ;;
+	sun4d)	OUT="linux-sparcv8" ;;
+	*)	OUT="linux-sparcv7" ;;
+	esac ;;
+  *-*-linux2) OUT="linux-elf" ;;
+  *-*-linux1) OUT="linux-aout" ;;
+  sun4u*-sun-solaris2)
+	ISA64=`(isalist) 2>/dev/null | grep sparcv9`
+	if [ "$ISA64" != "" -a "$CC" = "cc" -a $CCVER -ge 50 ]; then
+		echo "WARNING! If you wish to build 64-bit library, then you have to"
+		echo "         invoke './Configure solaris64-sparcv9-cc' *manually*."
+		echo "         Type Ctrl-C if you don't want to continue."
+		read waste < /dev/tty
+	fi
+	OUT="solaris-sparcv9-$CC" ;;
+  sun4m-sun-solaris2)	OUT="solaris-sparcv8-$CC" ;;
+  sun4d-sun-solaris2)	OUT="solaris-sparcv8-$CC" ;;
+  sun4*-sun-solaris2)	OUT="solaris-sparcv7-$CC" ;;
+  *86*-sun-solaris2) OUT="solaris-x86-$CC" ;;
+  *-*-sunos4) OUT="sunos-$CC" ;;
+  alpha*-*-freebsd*) OUT="FreeBSD-alpha" ;;
+  *-freebsd[3-9]*) OUT="FreeBSD-elf" ;;
+  *-freebsd[1-2]*) OUT="FreeBSD" ;;
+  *86*-*-netbsd) OUT="NetBSD-x86" ;;
+  sun3*-*-netbsd) OUT="NetBSD-m68" ;;
+  *-*-netbsd) OUT="NetBSD-sparc" ;;
+  *86*-*-openbsd) OUT="OpenBSD-x86" ;;
+  alpha*-*-openbsd) OUT="OpenBSD-alpha" ;;
+  pmax*-*-openbsd) OUT="OpenBSD-mips" ;;
+  *-*-openbsd) OUT="OpenBSD" ;;
+  *86*-*-bsdi4) OUT="bsdi-elf-gcc" ;;
+  *-*-osf) OUT="alpha-cc" ;;
+  *-*-unixware*) OUT="unixware-2.0" ;;
+  BS2000-siemens-sysv4) OUT="BS2000-OSD" ;;
+  RM*-siemens-sysv4) OUT="ReliantUNIX" ;;
+  *-siemens-sysv4) OUT="SINIX" ;;
+  # these are all covered by the catchall below
+  # *-hpux*) OUT="hpux-$CC" ;;
+  # *-aix) OUT="aix-$CC" ;;
+  # *-dgux) OUT="dgux" ;;
+  *) OUT=`echo $GUESSOS | awk -F- '{print $3}'`;;
+esac
+
+# gcc < 2.8 does not support -mcpu=ultrasparc
+if [ "$OUT" = solaris-sparcv9-gcc -a $GCCVER -lt 28 ]
+then
+  echo "WARNING! Do consider upgrading to gcc-2.8 or later."
+  sleep 5
+  OUT=solaris-sparcv9-gcc27
+fi
+if [ "$OUT" = "linux-sparcv9" -a $GCCVER -lt 28 ]
+then
+  echo "WARNING! Falling down to 'linux-sparcv8'."
+  echo "         Upgrade to gcc-2.8 or later."
+  sleep 5
+  OUT=linux-sparcv8
+fi
+
+case "$GUESSOS" in
+  i386-*) options="$options 386" ;;
+esac
+
+for i in bf cast des dh dsa hmac md2 md5 mdc2 rc2 rc4 rc5 ripemd rsa sha
+do
+  if [ ! -d crypto/$i ]
+  then
+    options="$options no-$i"
+  fi
+done
+
+if [ -z "$OUT" ]; then
+  OUT="$CC"
+fi
+
+if [ ".$PERL" = . ] ; then
+	for i in . `echo $PATH | sed 's/:/ /g'`; do
+		if [ -f "$i/perl5" ] ; then
+			PERL="$i/perl5"
+			break;
+		fi;
+	done
+fi
+
+if [ ".$PERL" = . ] ; then
+	for i in . `echo $PATH | sed 's/:/ /g'`; do
+		if [ -f "$i/perl" ] ; then
+			if "$i/perl" -e 'exit($]<5.0)'; then
+				PERL="$i/perl"
+				break;
+			fi;
+		fi;
+	done
+fi
+
+if [ ".$PERL" = . ] ; then
+	echo "You need Perl 5."
+	exit 1
+fi
+
+# run Configure to check to see if we need to specify the 
+# compiler for the platform ... in which case we add it on
+# the end ... otherwise we leave it off
+
+$PERL ./Configure 2>&1 | grep "$OUT-$CC" > /dev/null
+if [ $? = "0" ]; then
+  OUT="$OUT-$CC"
+fi
+
+OUT="$PREFIX$OUT"
+
+$PERL ./Configure 2>&1 | grep "$OUT" > /dev/null
+if [ $? = "0" ]; then
+  echo Configuring for $OUT
+
+  if [ "$TEST" = "true" ]; then
+    echo $PERL ./Configure $OUT $options
+  else
+    $PERL ./Configure $OUT $options
+  fi
+else
+  echo "This system ($OUT) is not supported. See file INSTALL for details."
+fi
+)
diff --git a/crypto/openssl/crypto/Makefile.ssl b/crypto/openssl/crypto/Makefile.ssl
new file mode 100644
index 000000000000..37aaac152803
--- /dev/null
+++ b/crypto/openssl/crypto/Makefile.ssl
@@ -0,0 +1,179 @@
+#
+# SSLeay/crypto/Makefile
+#
+
+DIR=		crypto
+TOP=		..
+CC=		cc
+INCLUDE=	-I. -I../include
+INCLUDES=	-I.. -I../../include
+CFLAG=		-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=	/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+MAKEFILE=       Makefile.ssl
+RM=             rm -f
+AR=		ar r
+
+PEX_LIBS=
+EX_LIBS=
+ 
+CFLAGS= $(INCLUDE) $(CFLAG)
+
+
+LIBS=
+
+SDIRS=	md2 md5 sha mdc2 hmac ripemd \
+	des rc2 rc4 rc5 idea bf cast \
+	bn rsa dsa dh \
+	buffer bio stack lhash rand err objects \
+	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp
+
+GENERAL=Makefile README crypto-lib.com install.com
+
+LIB= $(TOP)/libcrypto.a
+LIBSRC=	cryptlib.c mem.c cversion.c ex_data.c tmdiff.c cpt_err.c
+LIBOBJ= cryptlib.o mem.o cversion.o ex_data.o tmdiff.o cpt_err.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= crypto.h tmdiff.h opensslv.h opensslconf.h ebcdic.h
+HEADER=	cryptlib.h buildinf.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+	@(cd ..; $(MAKE) DIRS=$(DIR) all)
+
+all: buildinf.h lib subdirs
+
+buildinf.h: ../Makefile.ssl
+	( echo "#ifndef MK1MF_BUILD"; \
+	echo "  /* auto-generated by crypto/Makefile.ssl for crypto/cversion.c */"; \
+	echo "  #define CFLAGS \"$(CC) $(CFLAG)\""; \
+	echo "  #define PLATFORM \"$(PLATFORM)\""; \
+	echo "  #define DATE \"`date`\""; \
+	echo "#endif" ) >buildinf.h
+
+subdirs:
+	@for i in $(SDIRS) ;\
+	do \
+	(cd $$i && echo "making all in crypto/$$i..." && \
+	$(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' all ) || exit 1; \
+	done;
+
+files:
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+	@for i in $(SDIRS) ;\
+	do \
+	(cd $$i; echo "making 'files' in crypto/$$i..."; \
+	$(MAKE) PERL='${PERL}' files ); \
+	done;
+
+links:
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../apps $(APPS)
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@for i in $(SDIRS); do \
+	(cd $$i; echo "making links in crypto/$$i..."; \
+	$(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PERL='${PERL}' links ); \
+	done;
+
+lib:	$(LIBOBJ)
+	$(AR) $(LIB) $(LIBOBJ)
+	$(RANLIB) $(LIB)
+	@touch lib
+
+libs:
+	@for i in $(SDIRS) ;\
+	do \
+	(cd $$i; echo "making libs in crypto/$$i..."; \
+	$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' AR='${AR}' lib ); \
+	done;
+
+tests:
+	@for i in $(SDIRS) ;\
+	do \
+	(cd $$i; echo "making tests in crypto/$$i..."; \
+	$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' AR='${AR}' tests ); \
+	done;
+
+install:
+	@for i in $(EXHEADER) ;\
+	do \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+	done;
+	@for i in $(SDIRS) ;\
+	do \
+	(cd $$i; echo "making install in crypto/$$i..."; \
+	$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}'  INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' install ); \
+	done;
+
+lint:
+	@for i in $(SDIRS) ;\
+	do \
+	(cd $$i; echo "making lint in crypto/$$i..."; \
+	$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' lint ); \
+	done;
+
+depend:
+	if [ ! -e buildinf.h ]; then touch buildinf.h; fi # fake buildinf.h if it does not exist
+	$(MAKEDEPEND) $(INCLUDE) $(DEPFLAG) $(PROGS) $(LIBSRC)
+	if [ ! -s buildinf.h ]; then rm buildinf.h; fi
+	@for i in $(SDIRS) ;\
+	do \
+	(cd $$i; echo "making depend in crypto/$$i..."; \
+	$(MAKE) MAKEFILE='${MAKEFILE}' INCLUDES='${INCLUDES}' DEPFLAG='${DEPFLAG}' depend ); \
+	done;
+
+clean:
+	rm -f buildinf.h *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+	@for i in $(SDIRS) ;\
+	do \
+	(cd $$i; echo "making clean in crypto/$$i..."; \
+	$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' clean ); \
+	done;
+
+dclean:
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+	@for i in $(SDIRS) ;\
+	do \
+	(cd $$i; echo "making dclean in crypto/$$i..."; \
+	$(MAKE) PERL='${PERL}' CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' dclean ); \
+	done;
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+cpt_err.o: ../include/openssl/crypto.h ../include/openssl/err.h
+cpt_err.o: ../include/openssl/opensslv.h ../include/openssl/stack.h
+cryptlib.o: ../include/openssl/bio.h ../include/openssl/buffer.h
+cryptlib.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
+cryptlib.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+cryptlib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+cryptlib.o: ../include/openssl/stack.h cryptlib.h
+cversion.o: ../include/openssl/bio.h ../include/openssl/buffer.h
+cversion.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
+cversion.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+cversion.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+cversion.o: ../include/openssl/stack.h buildinf.h cryptlib.h
+ex_data.o: ../include/openssl/bio.h ../include/openssl/buffer.h
+ex_data.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
+ex_data.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+ex_data.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
+ex_data.o: ../include/openssl/opensslv.h ../include/openssl/stack.h cryptlib.h
+mem.o: ../include/openssl/bio.h ../include/openssl/buffer.h
+mem.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
+mem.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+mem.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
+mem.o: ../include/openssl/opensslv.h ../include/openssl/stack.h cryptlib.h
+tmdiff.o: ../include/openssl/bio.h ../include/openssl/buffer.h
+tmdiff.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
+tmdiff.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+tmdiff.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+tmdiff.o: ../include/openssl/stack.h ../include/openssl/tmdiff.h cryptlib.h
diff --git a/crypto/openssl/crypto/asn1/Makefile.ssl b/crypto/openssl/crypto/asn1/Makefile.ssl
new file mode 100644
index 000000000000..541d1dac4a45
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/Makefile.ssl
@@ -0,0 +1,1090 @@
+#
+# SSLeay/crypto/asn1/Makefile
+#
+
+DIR=	asn1
+TOP=	../..
+CC=	cc
+INCLUDES= -I.. -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=		make -f Makefile.ssl
+MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+MAKEFILE=	Makefile.ssl
+AR=		ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile README
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=	a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c a_octet.c \
+	a_print.c a_type.c a_set.c a_dup.c a_d2i_fp.c a_i2d_fp.c a_bmp.c \
+	a_enum.c a_vis.c a_utf8.c a_sign.c a_digest.c a_verify.c \
+	x_algor.c x_val.c x_pubkey.c x_sig.c x_req.c x_attrib.c \
+	x_name.c x_cinf.c x_x509.c x_crl.c x_info.c x_spki.c nsseq.c \
+	d2i_r_pr.c i2d_r_pr.c d2i_r_pu.c i2d_r_pu.c \
+	d2i_s_pr.c i2d_s_pr.c d2i_s_pu.c i2d_s_pu.c \
+	d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c\
+	t_req.c t_x509.c t_crl.c t_pkey.c \
+	p7_i_s.c p7_signi.c p7_signd.c p7_recip.c p7_enc_c.c p7_evp.c \
+	p7_dgst.c p7_s_e.c p7_enc.c p7_lib.c \
+	f_int.c f_string.c i2d_dhp.c i2d_dsap.c d2i_dhp.c d2i_dsap.c n_pkey.c \
+	f_enum.c a_hdr.c x_pkey.c a_bool.c x_exten.c \
+	asn1_par.c asn1_lib.c asn1_err.c a_meth.c a_bytes.c \
+	evp_asn1.c asn_pack.c p5_pbe.c p5_pbev2.c p8_pkey.c
+LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \
+	a_print.o a_type.o a_set.o a_dup.o a_d2i_fp.o a_i2d_fp.o a_bmp.o \
+	a_enum.o a_vis.o a_utf8.o a_sign.o a_digest.o a_verify.o \
+	x_algor.o x_val.o x_pubkey.o x_sig.o x_req.o x_attrib.o \
+	x_name.o x_cinf.o x_x509.o x_crl.o x_info.o x_spki.o nsseq.o \
+	d2i_r_pr.o i2d_r_pr.o d2i_r_pu.o i2d_r_pu.o \
+	d2i_s_pr.o i2d_s_pr.o d2i_s_pu.o i2d_s_pu.o \
+	d2i_pu.o d2i_pr.o i2d_pu.o i2d_pr.o \
+	t_req.o t_x509.o t_crl.o t_pkey.o \
+	p7_i_s.o p7_signi.o p7_signd.o p7_recip.o p7_enc_c.o p7_evp.o \
+	p7_dgst.o p7_s_e.o p7_enc.o p7_lib.o \
+	f_int.o f_string.o i2d_dhp.o i2d_dsap.o d2i_dhp.o d2i_dsap.o n_pkey.o \
+	f_enum.o a_hdr.o x_pkey.o a_bool.o x_exten.o \
+	asn1_par.o asn1_lib.o asn1_err.o a_meth.o a_bytes.o \
+	evp_asn1.o asn_pack.o p5_pbe.o p5_pbev2.o p8_pkey.o
+
+SRC= $(LIBSRC)
+
+EXHEADER=  asn1.h asn1_mac.h
+HEADER=	$(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+test:	test.c
+	cc -g -I../../include -c test.c
+	cc -g -I../../include -o test test.o -L../.. -lcrypto
+
+pk:	pk.c
+	cc -g -I../../include -c pk.c
+	cc -g -I../../include -o pk pk.o -L../.. -lcrypto
+
+all:	lib
+
+lib:	$(LIBOBJ)
+	$(AR) $(LIB) $(LIBOBJ)
+	$(RANLIB) $(LIB)
+	@touch lib
+
+files:
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+	@for i in $(EXHEADER) ; \
+	do  \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+	done;
+
+tags:
+	ctags $(SRC)
+
+tests:
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+
+dclean:
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+a_bitstr.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_bitstr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_bitstr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+a_bitstr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_bitstr.o: ../../include/openssl/opensslconf.h
+a_bitstr.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+a_bitstr.o: ../../include/openssl/stack.h ../cryptlib.h
+a_bmp.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_bmp.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_bmp.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+a_bmp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_bmp.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_bmp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_bmp.o: ../cryptlib.h
+a_bool.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_bool.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_bool.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+a_bool.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_bool.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_bool.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_bool.o: ../cryptlib.h
+a_bytes.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+a_bytes.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_bytes.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_bytes.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+a_bytes.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+a_bytes.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+a_bytes.o: ../../include/openssl/stack.h ../cryptlib.h
+a_d2i_fp.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+a_d2i_fp.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_d2i_fp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_d2i_fp.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+a_d2i_fp.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+a_d2i_fp.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+a_d2i_fp.o: ../../include/openssl/stack.h ../cryptlib.h
+a_digest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_digest.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+a_digest.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+a_digest.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+a_digest.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+a_digest.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+a_digest.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+a_digest.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+a_digest.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+a_digest.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+a_digest.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+a_digest.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+a_digest.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+a_digest.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+a_digest.o: ../../include/openssl/stack.h ../cryptlib.h
+a_dup.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+a_dup.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_dup.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_dup.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+a_dup.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+a_dup.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+a_dup.o: ../../include/openssl/stack.h ../cryptlib.h
+a_enum.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_enum.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_enum.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+a_enum.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_enum.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_enum.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_enum.o: ../cryptlib.h
+a_gentm.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_gentm.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_gentm.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+a_gentm.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_gentm.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_gentm.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_gentm.o: ../cryptlib.h
+a_hdr.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+a_hdr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_hdr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_hdr.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+a_hdr.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+a_hdr.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+a_hdr.o: ../../include/openssl/stack.h ../cryptlib.h
+a_i2d_fp.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+a_i2d_fp.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_i2d_fp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_i2d_fp.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+a_i2d_fp.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+a_i2d_fp.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+a_i2d_fp.o: ../../include/openssl/stack.h ../cryptlib.h
+a_int.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_int.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_int.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+a_int.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_int.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_int.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_int.o: ../cryptlib.h
+a_meth.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_meth.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_meth.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+a_meth.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_meth.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_meth.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_meth.o: ../cryptlib.h
+a_object.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_object.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_object.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+a_object.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_object.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+a_object.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+a_object.o: ../../include/openssl/stack.h ../cryptlib.h
+a_octet.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_octet.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_octet.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+a_octet.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_octet.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_octet.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_octet.o: ../cryptlib.h
+a_print.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_print.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_print.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+a_print.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_print.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_print.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_print.o: ../cryptlib.h
+a_set.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+a_set.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_set.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_set.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+a_set.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+a_set.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+a_set.o: ../../include/openssl/stack.h ../cryptlib.h
+a_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_sign.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+a_sign.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+a_sign.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+a_sign.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+a_sign.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+a_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+a_sign.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+a_sign.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+a_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+a_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+a_sign.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+a_sign.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+a_sign.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+a_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+a_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+a_sign.o: ../cryptlib.h
+a_time.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_time.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_time.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+a_time.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_time.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_time.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_time.o: ../cryptlib.h
+a_type.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+a_type.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_type.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_type.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+a_type.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+a_type.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+a_type.o: ../../include/openssl/stack.h ../cryptlib.h
+a_utctm.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_utctm.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_utctm.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+a_utctm.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_utctm.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_utctm.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_utctm.o: ../cryptlib.h
+a_utf8.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_utf8.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_utf8.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+a_utf8.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_utf8.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_utf8.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_utf8.o: ../cryptlib.h
+a_verify.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_verify.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+a_verify.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+a_verify.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+a_verify.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+a_verify.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+a_verify.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+a_verify.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+a_verify.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+a_verify.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+a_verify.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+a_verify.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+a_verify.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+a_verify.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+a_verify.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+a_verify.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+a_verify.o: ../cryptlib.h
+a_vis.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_vis.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_vis.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+a_vis.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_vis.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_vis.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_vis.o: ../cryptlib.h
+asn1_err.o: ../../include/openssl/asn1.h ../../include/openssl/bn.h
+asn1_err.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+asn1_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+asn1_lib.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+asn1_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+asn1_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+asn1_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+asn1_lib.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+asn1_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+asn1_lib.o: ../../include/openssl/stack.h ../cryptlib.h
+asn1_par.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+asn1_par.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+asn1_par.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+asn1_par.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+asn1_par.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+asn1_par.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+asn1_par.o: ../../include/openssl/stack.h ../cryptlib.h
+asn_pack.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+asn_pack.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+asn_pack.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+asn_pack.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+asn_pack.o: ../../include/openssl/opensslconf.h
+asn_pack.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+asn_pack.o: ../../include/openssl/stack.h ../cryptlib.h
+d2i_dhp.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+d2i_dhp.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+d2i_dhp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+d2i_dhp.o: ../../include/openssl/dh.h ../../include/openssl/e_os.h
+d2i_dhp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+d2i_dhp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+d2i_dhp.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+d2i_dhp.o: ../../include/openssl/stack.h ../cryptlib.h
+d2i_dsap.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+d2i_dsap.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+d2i_dsap.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+d2i_dsap.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+d2i_dsap.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+d2i_dsap.o: ../../include/openssl/err.h ../../include/openssl/objects.h
+d2i_dsap.o: ../../include/openssl/opensslconf.h
+d2i_dsap.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+d2i_dsap.o: ../../include/openssl/stack.h ../cryptlib.h
+d2i_pr.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+d2i_pr.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+d2i_pr.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+d2i_pr.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+d2i_pr.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+d2i_pr.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+d2i_pr.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+d2i_pr.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+d2i_pr.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+d2i_pr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+d2i_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+d2i_pr.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+d2i_pr.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+d2i_pr.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+d2i_pr.o: ../../include/openssl/stack.h ../cryptlib.h
+d2i_pu.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+d2i_pu.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+d2i_pu.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+d2i_pu.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+d2i_pu.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+d2i_pu.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+d2i_pu.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+d2i_pu.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+d2i_pu.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+d2i_pu.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+d2i_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+d2i_pu.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+d2i_pu.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+d2i_pu.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+d2i_pu.o: ../../include/openssl/stack.h ../cryptlib.h
+d2i_r_pr.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+d2i_r_pr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+d2i_r_pr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+d2i_r_pr.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+d2i_r_pr.o: ../../include/openssl/err.h ../../include/openssl/objects.h
+d2i_r_pr.o: ../../include/openssl/opensslconf.h
+d2i_r_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/rsa.h
+d2i_r_pr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+d2i_r_pr.o: ../cryptlib.h
+d2i_r_pu.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+d2i_r_pu.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+d2i_r_pu.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+d2i_r_pu.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+d2i_r_pu.o: ../../include/openssl/err.h ../../include/openssl/objects.h
+d2i_r_pu.o: ../../include/openssl/opensslconf.h
+d2i_r_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/rsa.h
+d2i_r_pu.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+d2i_r_pu.o: ../cryptlib.h
+d2i_s_pr.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+d2i_s_pr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+d2i_s_pr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+d2i_s_pr.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+d2i_s_pr.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+d2i_s_pr.o: ../../include/openssl/err.h ../../include/openssl/objects.h
+d2i_s_pr.o: ../../include/openssl/opensslconf.h
+d2i_s_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+d2i_s_pr.o: ../../include/openssl/stack.h ../cryptlib.h
+d2i_s_pu.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+d2i_s_pu.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+d2i_s_pu.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+d2i_s_pu.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+d2i_s_pu.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+d2i_s_pu.o: ../../include/openssl/err.h ../../include/openssl/objects.h
+d2i_s_pu.o: ../../include/openssl/opensslconf.h
+d2i_s_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+d2i_s_pu.o: ../../include/openssl/stack.h ../cryptlib.h
+evp_asn1.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+evp_asn1.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+evp_asn1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+evp_asn1.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+evp_asn1.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+evp_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+evp_asn1.o: ../../include/openssl/stack.h ../cryptlib.h
+f_enum.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+f_enum.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+f_enum.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+f_enum.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+f_enum.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+f_enum.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+f_enum.o: ../cryptlib.h
+f_int.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+f_int.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+f_int.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+f_int.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+f_int.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+f_int.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+f_int.o: ../cryptlib.h
+f_string.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+f_string.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+f_string.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+f_string.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+f_string.o: ../../include/openssl/opensslconf.h
+f_string.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+f_string.o: ../../include/openssl/stack.h ../cryptlib.h
+i2d_dhp.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+i2d_dhp.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+i2d_dhp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+i2d_dhp.o: ../../include/openssl/dh.h ../../include/openssl/e_os.h
+i2d_dhp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+i2d_dhp.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+i2d_dhp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+i2d_dhp.o: ../cryptlib.h
+i2d_dsap.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+i2d_dsap.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+i2d_dsap.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+i2d_dsap.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+i2d_dsap.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+i2d_dsap.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+i2d_dsap.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+i2d_dsap.o: ../../include/openssl/stack.h ../cryptlib.h
+i2d_pr.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+i2d_pr.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+i2d_pr.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+i2d_pr.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+i2d_pr.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+i2d_pr.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+i2d_pr.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+i2d_pr.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+i2d_pr.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+i2d_pr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+i2d_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+i2d_pr.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+i2d_pr.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+i2d_pr.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+i2d_pr.o: ../../include/openssl/stack.h ../cryptlib.h
+i2d_pu.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+i2d_pu.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+i2d_pu.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+i2d_pu.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+i2d_pu.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+i2d_pu.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+i2d_pu.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+i2d_pu.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+i2d_pu.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+i2d_pu.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+i2d_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+i2d_pu.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+i2d_pu.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+i2d_pu.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+i2d_pu.o: ../../include/openssl/stack.h ../cryptlib.h
+i2d_r_pr.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+i2d_r_pr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+i2d_r_pr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+i2d_r_pr.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+i2d_r_pr.o: ../../include/openssl/err.h ../../include/openssl/objects.h
+i2d_r_pr.o: ../../include/openssl/opensslconf.h
+i2d_r_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/rsa.h
+i2d_r_pr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+i2d_r_pr.o: ../cryptlib.h
+i2d_r_pu.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+i2d_r_pu.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+i2d_r_pu.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+i2d_r_pu.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+i2d_r_pu.o: ../../include/openssl/err.h ../../include/openssl/objects.h
+i2d_r_pu.o: ../../include/openssl/opensslconf.h
+i2d_r_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/rsa.h
+i2d_r_pu.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+i2d_r_pu.o: ../cryptlib.h
+i2d_s_pr.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+i2d_s_pr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+i2d_s_pr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+i2d_s_pr.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+i2d_s_pr.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+i2d_s_pr.o: ../../include/openssl/err.h ../../include/openssl/objects.h
+i2d_s_pr.o: ../../include/openssl/opensslconf.h
+i2d_s_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+i2d_s_pr.o: ../../include/openssl/stack.h ../cryptlib.h
+i2d_s_pu.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+i2d_s_pu.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+i2d_s_pu.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+i2d_s_pu.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+i2d_s_pu.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+i2d_s_pu.o: ../../include/openssl/err.h ../../include/openssl/objects.h
+i2d_s_pu.o: ../../include/openssl/opensslconf.h
+i2d_s_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+i2d_s_pu.o: ../../include/openssl/stack.h ../cryptlib.h
+n_pkey.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+n_pkey.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+n_pkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+n_pkey.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+n_pkey.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+n_pkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+n_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+n_pkey.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+n_pkey.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+n_pkey.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+n_pkey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+n_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+n_pkey.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+n_pkey.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+n_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+n_pkey.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+n_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+nsseq.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+nsseq.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+nsseq.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
+nsseq.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+nsseq.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+nsseq.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+nsseq.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+nsseq.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+nsseq.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+nsseq.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+nsseq.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+nsseq.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+nsseq.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+nsseq.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+nsseq.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+nsseq.o: ../../include/openssl/x509_vfy.h
+p5_pbe.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+p5_pbe.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+p5_pbe.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+p5_pbe.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+p5_pbe.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+p5_pbe.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+p5_pbe.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+p5_pbe.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+p5_pbe.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+p5_pbe.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+p5_pbe.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p5_pbe.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+p5_pbe.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p5_pbe.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p5_pbe.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p5_pbe.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p5_pbe.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p5_pbe.o: ../cryptlib.h
+p5_pbev2.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+p5_pbev2.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+p5_pbev2.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+p5_pbev2.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+p5_pbev2.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+p5_pbev2.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+p5_pbev2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+p5_pbev2.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+p5_pbev2.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+p5_pbev2.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+p5_pbev2.o: ../../include/openssl/opensslconf.h
+p5_pbev2.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+p5_pbev2.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+p5_pbev2.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p5_pbev2.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p5_pbev2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p5_pbev2.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+p5_pbev2.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+p7_dgst.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+p7_dgst.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+p7_dgst.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+p7_dgst.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+p7_dgst.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+p7_dgst.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+p7_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+p7_dgst.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+p7_dgst.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+p7_dgst.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+p7_dgst.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p7_dgst.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+p7_dgst.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p7_dgst.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p7_dgst.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p7_dgst.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+p7_dgst.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+p7_enc.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+p7_enc.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+p7_enc.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+p7_enc.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+p7_enc.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+p7_enc.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+p7_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+p7_enc.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+p7_enc.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+p7_enc.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+p7_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p7_enc.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+p7_enc.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p7_enc.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p7_enc.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p7_enc.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+p7_enc.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+p7_enc_c.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+p7_enc_c.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+p7_enc_c.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+p7_enc_c.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+p7_enc_c.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+p7_enc_c.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+p7_enc_c.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+p7_enc_c.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+p7_enc_c.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+p7_enc_c.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+p7_enc_c.o: ../../include/openssl/opensslconf.h
+p7_enc_c.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+p7_enc_c.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p7_enc_c.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p7_enc_c.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p7_enc_c.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p7_enc_c.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p7_enc_c.o: ../cryptlib.h
+p7_evp.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+p7_evp.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+p7_evp.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+p7_evp.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+p7_evp.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+p7_evp.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+p7_evp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+p7_evp.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+p7_evp.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+p7_evp.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+p7_evp.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p7_evp.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+p7_evp.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p7_evp.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p7_evp.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p7_evp.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+p7_evp.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+p7_i_s.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+p7_i_s.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+p7_i_s.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+p7_i_s.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+p7_i_s.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+p7_i_s.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+p7_i_s.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+p7_i_s.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+p7_i_s.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+p7_i_s.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+p7_i_s.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p7_i_s.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+p7_i_s.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p7_i_s.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p7_i_s.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p7_i_s.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+p7_i_s.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+p7_lib.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+p7_lib.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+p7_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+p7_lib.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+p7_lib.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+p7_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+p7_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+p7_lib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+p7_lib.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+p7_lib.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+p7_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p7_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+p7_lib.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p7_lib.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p7_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p7_lib.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+p7_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+p7_recip.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+p7_recip.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+p7_recip.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+p7_recip.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+p7_recip.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+p7_recip.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+p7_recip.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+p7_recip.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+p7_recip.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+p7_recip.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+p7_recip.o: ../../include/openssl/opensslconf.h
+p7_recip.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+p7_recip.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p7_recip.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p7_recip.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p7_recip.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p7_recip.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p7_recip.o: ../cryptlib.h
+p7_s_e.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+p7_s_e.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+p7_s_e.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+p7_s_e.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+p7_s_e.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+p7_s_e.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+p7_s_e.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+p7_s_e.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+p7_s_e.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+p7_s_e.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+p7_s_e.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p7_s_e.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+p7_s_e.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p7_s_e.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p7_s_e.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p7_s_e.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+p7_s_e.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+p7_signd.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+p7_signd.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+p7_signd.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+p7_signd.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+p7_signd.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+p7_signd.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+p7_signd.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+p7_signd.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+p7_signd.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+p7_signd.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+p7_signd.o: ../../include/openssl/opensslconf.h
+p7_signd.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+p7_signd.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p7_signd.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p7_signd.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p7_signd.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p7_signd.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p7_signd.o: ../cryptlib.h
+p7_signi.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+p7_signi.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+p7_signi.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+p7_signi.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+p7_signi.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+p7_signi.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+p7_signi.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+p7_signi.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+p7_signi.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+p7_signi.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+p7_signi.o: ../../include/openssl/opensslconf.h
+p7_signi.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+p7_signi.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p7_signi.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p7_signi.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p7_signi.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p7_signi.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p7_signi.o: ../cryptlib.h
+p8_pkey.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+p8_pkey.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+p8_pkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+p8_pkey.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+p8_pkey.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+p8_pkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+p8_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+p8_pkey.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+p8_pkey.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+p8_pkey.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+p8_pkey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p8_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+p8_pkey.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p8_pkey.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p8_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p8_pkey.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+p8_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+t_crl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+t_crl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+t_crl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+t_crl.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+t_crl.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+t_crl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+t_crl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+t_crl.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+t_crl.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+t_crl.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+t_crl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+t_crl.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+t_crl.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+t_crl.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+t_crl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+t_crl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+t_crl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+t_crl.o: ../../include/openssl/x509v3.h ../cryptlib.h
+t_pkey.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+t_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+t_pkey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+t_pkey.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+t_pkey.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+t_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/rsa.h
+t_pkey.o: ../../include/openssl/stack.h ../cryptlib.h
+t_req.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+t_req.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+t_req.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+t_req.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+t_req.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+t_req.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+t_req.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+t_req.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+t_req.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+t_req.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+t_req.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+t_req.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+t_req.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+t_req.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+t_req.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+t_req.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+t_req.o: ../cryptlib.h
+t_x509.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+t_x509.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+t_x509.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+t_x509.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+t_x509.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+t_x509.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+t_x509.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+t_x509.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+t_x509.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+t_x509.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+t_x509.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+t_x509.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+t_x509.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+t_x509.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+t_x509.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+t_x509.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+t_x509.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+t_x509.o: ../../include/openssl/x509v3.h ../cryptlib.h
+x_algor.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+x_algor.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+x_algor.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+x_algor.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+x_algor.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+x_algor.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+x_algor.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+x_algor.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x_algor.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+x_algor.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+x_algor.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_algor.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x_algor.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x_algor.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x_algor.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_algor.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+x_algor.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+x_attrib.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+x_attrib.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+x_attrib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+x_attrib.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+x_attrib.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+x_attrib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+x_attrib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+x_attrib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x_attrib.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+x_attrib.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+x_attrib.o: ../../include/openssl/opensslconf.h
+x_attrib.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+x_attrib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x_attrib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x_attrib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x_attrib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_attrib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_attrib.o: ../cryptlib.h
+x_cinf.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+x_cinf.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+x_cinf.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+x_cinf.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+x_cinf.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+x_cinf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+x_cinf.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+x_cinf.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x_cinf.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+x_cinf.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+x_cinf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_cinf.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x_cinf.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x_cinf.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x_cinf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_cinf.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+x_cinf.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+x_crl.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+x_crl.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+x_crl.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+x_crl.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+x_crl.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+x_crl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+x_crl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+x_crl.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x_crl.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+x_crl.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+x_crl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_crl.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x_crl.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x_crl.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x_crl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_crl.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+x_crl.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+x_exten.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+x_exten.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+x_exten.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+x_exten.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+x_exten.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+x_exten.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+x_exten.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+x_exten.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x_exten.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+x_exten.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+x_exten.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_exten.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x_exten.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x_exten.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x_exten.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_exten.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+x_exten.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+x_info.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+x_info.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+x_info.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+x_info.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+x_info.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+x_info.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+x_info.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+x_info.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x_info.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+x_info.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+x_info.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_info.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x_info.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x_info.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x_info.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_info.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+x_info.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+x_name.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+x_name.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+x_name.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+x_name.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+x_name.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+x_name.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+x_name.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+x_name.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x_name.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+x_name.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+x_name.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_name.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x_name.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x_name.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x_name.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_name.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+x_name.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+x_pkey.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+x_pkey.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+x_pkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+x_pkey.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+x_pkey.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+x_pkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+x_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+x_pkey.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x_pkey.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+x_pkey.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+x_pkey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x_pkey.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x_pkey.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_pkey.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+x_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+x_pubkey.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+x_pubkey.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+x_pubkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+x_pubkey.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+x_pubkey.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+x_pubkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+x_pubkey.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+x_pubkey.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x_pubkey.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+x_pubkey.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+x_pubkey.o: ../../include/openssl/opensslconf.h
+x_pubkey.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+x_pubkey.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x_pubkey.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x_pubkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x_pubkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_pubkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_pubkey.o: ../cryptlib.h
+x_req.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+x_req.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+x_req.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+x_req.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+x_req.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+x_req.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+x_req.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+x_req.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x_req.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+x_req.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+x_req.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_req.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x_req.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x_req.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x_req.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_req.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+x_req.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+x_sig.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+x_sig.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+x_sig.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+x_sig.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+x_sig.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+x_sig.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+x_sig.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+x_sig.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x_sig.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+x_sig.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+x_sig.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_sig.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x_sig.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x_sig.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x_sig.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_sig.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+x_sig.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+x_spki.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+x_spki.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+x_spki.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+x_spki.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+x_spki.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+x_spki.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+x_spki.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+x_spki.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x_spki.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+x_spki.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+x_spki.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_spki.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x_spki.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x_spki.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x_spki.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_spki.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+x_spki.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+x_val.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+x_val.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+x_val.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+x_val.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+x_val.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+x_val.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+x_val.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+x_val.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x_val.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+x_val.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+x_val.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_val.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x_val.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x_val.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x_val.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_val.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+x_val.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+x_x509.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+x_x509.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+x_x509.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+x_x509.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+x_x509.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+x_x509.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+x_x509.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+x_x509.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x_x509.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+x_x509.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+x_x509.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_x509.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x_x509.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x_x509.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x_x509.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_x509.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+x_x509.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
diff --git a/crypto/openssl/crypto/asn1/a_bitstr.c b/crypto/openssl/crypto/asn1/a_bitstr.c
new file mode 100644
index 000000000000..38ea802be817
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/a_bitstr.c
@@ -0,0 +1,222 @@
+/* crypto/asn1/a_bitstr.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+
+int i2d_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
+	{
+	int ret,j,r,bits,len;
+	unsigned char *p,*d;
+
+	if (a == NULL) return(0);
+
+	len=a->length;
+
+	if (len > 0)
+		{
+		if (a->flags & ASN1_STRING_FLAG_BITS_LEFT)
+			{
+			bits=(int)a->flags&0x07;
+			}
+		else
+			{
+			for ( ; len > 0; len--)
+				{
+				if (a->data[len-1]) break;
+				}
+			j=a->data[len-1];
+			if      (j & 0x01) bits=0;
+			else if (j & 0x02) bits=1;
+			else if (j & 0x04) bits=2;
+			else if (j & 0x08) bits=3;
+			else if (j & 0x10) bits=4;
+			else if (j & 0x20) bits=5;
+			else if (j & 0x40) bits=6;
+			else if (j & 0x80) bits=7;
+			else bits=0; /* should not happen */
+			}
+		}
+	else
+		bits=0;
+	ret=1+len;
+	r=ASN1_object_size(0,ret,V_ASN1_BIT_STRING);
+	if (pp == NULL) return(r);
+	p= *pp;
+
+	ASN1_put_object(&p,0,ret,V_ASN1_BIT_STRING,V_ASN1_UNIVERSAL);
+	*(p++)=(unsigned char)bits;
+	d=a->data;
+	memcpy(p,d,len);
+	p+=len;
+	if (len > 0) p[-1]&=(0xff<flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); /* clear */
+	ret->flags|=(ASN1_STRING_FLAG_BITS_LEFT|(i&0x07)); /* set */
+
+	if (len-- > 1) /* using one because of the bits left byte */
+		{
+		s=(unsigned char *)Malloc((int)len);
+		if (s == NULL)
+			{
+			i=ERR_R_MALLOC_FAILURE;
+			goto err;
+			}
+		memcpy(s,p,(int)len);
+		s[len-1]&=(0xff<length=(int)len;
+	if (ret->data != NULL) Free((char *)ret->data);
+	ret->data=s;
+	ret->type=V_ASN1_BIT_STRING;
+	if (a != NULL) (*a)=ret;
+	*pp=p;
+	return(ret);
+err:
+	ASN1err(ASN1_F_D2I_ASN1_BIT_STRING,i);
+	if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+		ASN1_BIT_STRING_free(ret);
+	return(NULL);
+	}
+
+/* These next 2 functions from Goetz Babin-Ebell 
+ */
+int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value)
+	{
+	int w,v,iv;
+	unsigned char *c;
+
+	w=n/8;
+	v=1<<(7-(n&0x07));
+	iv= ~v;
+
+	a->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); /* clear, set on write */
+
+	if (a == NULL) return(0);
+	if ((a->length < (w+1)) || (a->data == NULL))
+		{
+		if (!value) return(1); /* Don't need to set */
+		if (a->data == NULL)
+			c=(unsigned char *)Malloc(w+1);
+		else
+			c=(unsigned char *)Realloc(a->data,w+1);
+		if (c == NULL) return(0);
+		a->data=c;
+		a->length=w+1;
+		c[w]=0;
+		}
+	a->data[w]=((a->data[w])&iv)|v;
+	while ((a->length > 0) && (a->data[a->length-1] == 0))
+		a->length--;
+	return(1);
+	}
+
+int ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n)
+	{
+	int w,v;
+
+	w=n/8;
+	v=1<<(7-(n&0x07));
+	if ((a == NULL) || (a->length < (w+1)) || (a->data == NULL))
+		return(0);
+	return((a->data[w]&v) != 0);
+	}
+
diff --git a/crypto/openssl/crypto/asn1/a_bmp.c b/crypto/openssl/crypto/asn1/a_bmp.c
new file mode 100644
index 000000000000..6075871984f5
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/a_bmp.c
@@ -0,0 +1,83 @@
+/* crypto/asn1/a_bmp.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+
+int i2d_ASN1_BMPSTRING(ASN1_BMPSTRING *a, unsigned char **pp)
+	{
+	return(i2d_ASN1_bytes((ASN1_STRING *)a,pp,
+		V_ASN1_BMPSTRING,V_ASN1_UNIVERSAL));
+	}
+
+ASN1_BMPSTRING *d2i_ASN1_BMPSTRING(ASN1_BMPSTRING **a, unsigned char **pp,
+	     long length)
+	{
+	ASN1_BMPSTRING *ret=NULL;
+
+	ret=(ASN1_BMPSTRING *)d2i_ASN1_bytes((ASN1_STRING **)a,
+		pp,length,V_ASN1_BMPSTRING,V_ASN1_UNIVERSAL);
+	if (ret == NULL)
+		{
+		ASN1err(ASN1_F_D2I_ASN1_BMPSTRING,ERR_R_NESTED_ASN1_ERROR);
+		return(NULL);
+		}
+	return(ret);
+	}
+
diff --git a/crypto/openssl/crypto/asn1/a_bool.c b/crypto/openssl/crypto/asn1/a_bool.c
new file mode 100644
index 000000000000..18fa61840b4b
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/a_bool.c
@@ -0,0 +1,112 @@
+/* crypto/asn1/a_bool.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+
+int i2d_ASN1_BOOLEAN(int a, unsigned char **pp)
+	{
+	int r;
+	unsigned char *p;
+
+	r=ASN1_object_size(0,1,V_ASN1_BOOLEAN);
+	if (pp == NULL) return(r);
+	p= *pp;
+
+	ASN1_put_object(&p,0,1,V_ASN1_BOOLEAN,V_ASN1_UNIVERSAL);
+	*(p++)= (unsigned char)a;
+	*pp=p;
+	return(r);
+	}
+
+int d2i_ASN1_BOOLEAN(int *a, unsigned char **pp, long length)
+	{
+	int ret= -1;
+	unsigned char *p;
+	long len;
+	int inf,tag,xclass;
+	int i=0;
+
+	p= *pp;
+	inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
+	if (inf & 0x80)
+		{
+		i=ASN1_R_BAD_OBJECT_HEADER;
+		goto err;
+		}
+
+	if (tag != V_ASN1_BOOLEAN)
+		{
+		i=ASN1_R_EXPECTING_A_BOOLEAN;
+		goto err;
+		}
+
+	if (len != 1)
+		{
+		i=ASN1_R_BOOLEAN_IS_WRONG_LENGTH;
+		goto err;
+		}
+	ret= (int)*(p++);
+	if (a != NULL) (*a)=ret;
+	*pp=p;
+	return(ret);
+err:
+	ASN1err(ASN1_F_D2I_ASN1_BOOLEAN,i);
+	return(ret);
+	}
diff --git a/crypto/openssl/crypto/asn1/a_bytes.c b/crypto/openssl/crypto/asn1/a_bytes.c
new file mode 100644
index 000000000000..e452e03b88f8
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/a_bytes.c
@@ -0,0 +1,322 @@
+/* crypto/asn1/a_bytes.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+
+static unsigned long tag2bit[32]={
+0,	0,	0,	B_ASN1_BIT_STRING,	/* tags  0 -  3 */
+B_ASN1_OCTET_STRING,	0,	0,		B_ASN1_UNKNOWN,/* tags  4- 7 */
+B_ASN1_UNKNOWN,	B_ASN1_UNKNOWN,	B_ASN1_UNKNOWN,	B_ASN1_UNKNOWN,/* tags  8-11 */
+B_ASN1_UTF8STRING,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,/* tags 12-15 */
+0,	0,	B_ASN1_NUMERICSTRING,B_ASN1_PRINTABLESTRING,
+B_ASN1_T61STRING,B_ASN1_VIDEOTEXSTRING,B_ASN1_IA5STRING,0,
+0,B_ASN1_GRAPHICSTRING,B_ASN1_ISO64STRING,B_ASN1_GENERALSTRING,
+B_ASN1_UNIVERSALSTRING,B_ASN1_UNKNOWN,B_ASN1_BMPSTRING,B_ASN1_UNKNOWN,
+	};
+
+static int asn1_collate_primative(ASN1_STRING *a, ASN1_CTX *c);
+/* type is a 'bitmap' of acceptable string types.
+ */
+ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a, unsigned char **pp,
+	     long length, int type)
+	{
+	ASN1_STRING *ret=NULL;
+	unsigned char *p,*s;
+	long len;
+	int inf,tag,xclass;
+	int i=0;
+
+	p= *pp;
+	inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
+	if (inf & 0x80) goto err;
+
+	if (tag >= 32)
+		{
+		i=ASN1_R_TAG_VALUE_TOO_HIGH;;
+		goto err;
+		}
+	if (!(tag2bit[tag] & type))
+		{
+		i=ASN1_R_WRONG_TYPE;
+		goto err;
+		}
+
+	/* If a bit-string, exit early */
+	if (tag == V_ASN1_BIT_STRING)
+		return(d2i_ASN1_BIT_STRING(a,pp,length));
+
+	if ((a == NULL) || ((*a) == NULL))
+		{
+		if ((ret=ASN1_STRING_new()) == NULL) return(NULL);
+		}
+	else
+		ret=(*a);
+
+	if (len != 0)
+		{
+		s=(unsigned char *)Malloc((int)len+1);
+		if (s == NULL)
+			{
+			i=ERR_R_MALLOC_FAILURE;
+			goto err;
+			}
+		memcpy(s,p,(int)len);
+		s[len]='\0';
+		p+=len;
+		}
+	else
+		s=NULL;
+
+	if (ret->data != NULL) Free((char *)ret->data);
+	ret->length=(int)len;
+	ret->data=s;
+	ret->type=tag;
+	if (a != NULL) (*a)=ret;
+	*pp=p;
+	return(ret);
+err:
+	ASN1err(ASN1_F_D2I_ASN1_TYPE_BYTES,i);
+	if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+		ASN1_STRING_free(ret);
+	return(NULL);
+	}
+
+int i2d_ASN1_bytes(ASN1_STRING *a, unsigned char **pp, int tag, int xclass)
+	{
+	int ret,r,constructed;
+	unsigned char *p;
+
+	if (a == NULL)  return(0);
+
+	if (tag == V_ASN1_BIT_STRING)
+		return(i2d_ASN1_BIT_STRING(a,pp));
+		
+	ret=a->length;
+	r=ASN1_object_size(0,ret,tag);
+	if (pp == NULL) return(r);
+	p= *pp;
+
+	if ((tag == V_ASN1_SEQUENCE) || (tag == V_ASN1_SET))
+		constructed=1;
+	else
+		constructed=0;
+	ASN1_put_object(&p,constructed,ret,tag,xclass);
+	memcpy(p,a->data,a->length);
+	p+=a->length;
+	*pp= p;
+	return(r);
+	}
+
+ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, unsigned char **pp, long length,
+	     int Ptag, int Pclass)
+	{
+	ASN1_STRING *ret=NULL;
+	unsigned char *p,*s;
+	long len;
+	int inf,tag,xclass;
+	int i=0;
+
+	if ((a == NULL) || ((*a) == NULL))
+		{
+		if ((ret=ASN1_STRING_new()) == NULL) return(NULL);
+		}
+	else
+		ret=(*a);
+
+	p= *pp;
+	inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
+	if (inf & 0x80)
+		{
+		i=ASN1_R_BAD_OBJECT_HEADER;
+		goto err;
+		}
+
+	if (tag != Ptag)
+		{
+		i=ASN1_R_WRONG_TAG;
+		goto err;
+		}
+
+	if (inf & V_ASN1_CONSTRUCTED)
+		{
+		ASN1_CTX c;
+
+		c.pp=pp;
+		c.p=p;
+		c.inf=inf;
+		c.slen=len;
+		c.tag=Ptag;
+		c.xclass=Pclass;
+		c.max=(length == 0)?0:(p+length);
+		if (!asn1_collate_primative(ret,&c)) 
+			goto err; 
+		else
+			{
+			p=c.p;
+			}
+		}
+	else
+		{
+		if (len != 0)
+			{
+			if ((ret->length < len) || (ret->data == NULL))
+				{
+				if (ret->data != NULL) Free((char *)ret->data);
+				s=(unsigned char *)Malloc((int)len);
+				if (s == NULL)
+					{
+					i=ERR_R_MALLOC_FAILURE;
+					goto err;
+					}
+				}
+			else
+				s=ret->data;
+			memcpy(s,p,(int)len);
+			p+=len;
+			}
+		else
+			{
+			s=NULL;
+			if (ret->data != NULL) Free((char *)ret->data);
+			}
+
+		ret->length=(int)len;
+		ret->data=s;
+		ret->type=Ptag;
+		}
+
+	if (a != NULL) (*a)=ret;
+	*pp=p;
+	return(ret);
+err:
+	if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+		ASN1_STRING_free(ret);
+	ASN1err(ASN1_F_D2I_ASN1_BYTES,i);
+	return(NULL);
+	}
+
+
+/* We are about to parse 0..n d2i_ASN1_bytes objects, we are to collapes
+ * them into the one struture that is then returned */
+/* There have been a few bug fixes for this function from
+ * Paul Keogh , many thanks to him */
+static int asn1_collate_primative(ASN1_STRING *a, ASN1_CTX *c)
+	{
+	ASN1_STRING *os=NULL;
+	BUF_MEM b;
+	int num;
+
+	b.length=0;
+	b.max=0;
+	b.data=NULL;
+
+	if (a == NULL)
+		{
+		c->error=ERR_R_PASSED_NULL_PARAMETER;
+		goto err;
+		}
+
+	num=0;
+	for (;;)
+		{
+		if (c->inf & 1)
+			{
+			c->eos=ASN1_check_infinite_end(&c->p,
+				(long)(c->max-c->p));
+			if (c->eos) break;
+			}
+		else
+			{
+			if (c->slen <= 0) break;
+			}
+
+		c->q=c->p;
+		if (d2i_ASN1_bytes(&os,&c->p,c->max-c->p,c->tag,c->xclass)
+			== NULL)
+			{
+			c->error=ERR_R_ASN1_LIB;
+			goto err;
+			}
+
+		if (!BUF_MEM_grow(&b,num+os->length))
+			{
+			c->error=ERR_R_BUF_LIB;
+			goto err;
+			}
+		memcpy(&(b.data[num]),os->data,os->length);
+		if (!(c->inf & 1))
+			c->slen-=(c->p-c->q);
+		num+=os->length;
+		}
+
+	if (!asn1_Finish(c)) goto err;
+
+	a->length=num;
+	if (a->data != NULL) Free(a->data);
+	a->data=(unsigned char *)b.data;
+	if (os != NULL) ASN1_STRING_free(os);
+	return(1);
+err:
+	ASN1err(ASN1_F_ASN1_COLLATE_PRIMITIVE,c->error);
+	if (os != NULL) ASN1_STRING_free(os);
+	if (b.data != NULL) Free(b.data);
+	return(0);
+	}
+
diff --git a/crypto/openssl/crypto/asn1/a_d2i_fp.c b/crypto/openssl/crypto/asn1/a_d2i_fp.c
new file mode 100644
index 000000000000..a49d1cb28977
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/a_d2i_fp.c
@@ -0,0 +1,195 @@
+/* crypto/asn1/a_d2i_fp.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+
+#define HEADER_SIZE   8
+
+#ifndef NO_FP_API
+char *ASN1_d2i_fp(char *(*xnew)(), char *(*d2i)(), FILE *in,
+	     unsigned char **x)
+        {
+        BIO *b;
+        char *ret;
+
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+		{
+		ASN1err(ASN1_F_ASN1_D2I_FP,ERR_R_BUF_LIB);
+                return(NULL);
+		}
+        BIO_set_fp(b,in,BIO_NOCLOSE);
+        ret=ASN1_d2i_bio(xnew,d2i,b,x);
+        BIO_free(b);
+        return(ret);
+        }
+#endif
+
+char *ASN1_d2i_bio(char *(*xnew)(), char *(*d2i)(), BIO *in,
+	     unsigned char **x)
+	{
+	BUF_MEM *b;
+	unsigned char *p;
+	int i;
+	char *ret=NULL;
+	ASN1_CTX c;
+	int want=HEADER_SIZE;
+	int eos=0;
+	int off=0;
+	int len=0;
+
+	b=BUF_MEM_new();
+	if (b == NULL)
+		{
+		ASN1err(ASN1_F_ASN1_D2I_BIO,ERR_R_MALLOC_FAILURE);
+		return(NULL);
+		}
+
+	ERR_clear_error();
+	for (;;)
+		{
+		if (want >= (len-off))
+			{
+			want-=(len-off);
+
+			if (!BUF_MEM_grow(b,len+want))
+				{
+				ASN1err(ASN1_F_ASN1_D2I_BIO,ERR_R_MALLOC_FAILURE);
+				goto err;
+				}
+			i=BIO_read(in,&(b->data[len]),want);
+			if ((i < 0) && ((len-off) == 0))
+				{
+				ASN1err(ASN1_F_ASN1_D2I_BIO,ASN1_R_NOT_ENOUGH_DATA);
+				goto err;
+				}
+			if (i > 0)
+				len+=i;
+			}
+		/* else data already loaded */
+
+		p=(unsigned char *)&(b->data[off]);
+		c.p=p;
+		c.inf=ASN1_get_object(&(c.p),&(c.slen),&(c.tag),&(c.xclass),
+			len-off);
+		if (c.inf & 0x80)
+			{
+			unsigned long e;
+
+			e=ERR_GET_REASON(ERR_peek_error());
+			if (e != ASN1_R_TOO_LONG)
+				goto err;
+			else
+				ERR_get_error(); /* clear error */
+			}
+		i=c.p-p;/* header length */
+		off+=i;	/* end of data */
+
+		if (c.inf & 1)
+			{
+			/* no data body so go round again */
+			eos++;
+			want=HEADER_SIZE;
+			}
+		else if (eos && (c.slen == 0) && (c.tag == V_ASN1_EOC))
+			{
+			/* eos value, so go back and read another header */
+			eos--;
+			if (eos <= 0)
+				break;
+			else
+				want=HEADER_SIZE;
+			}
+		else 
+			{
+			/* suck in c.slen bytes of data */
+			want=(int)c.slen;
+			if (want > (len-off))
+				{
+				want-=(len-off);
+				if (!BUF_MEM_grow(b,len+want))
+					{
+					ASN1err(ASN1_F_ASN1_D2I_BIO,ERR_R_MALLOC_FAILURE);
+					goto err;
+					}
+				i=BIO_read(in,&(b->data[len]),want);
+				if (i <= 0)
+					{
+					ASN1err(ASN1_F_ASN1_D2I_BIO,ASN1_R_NOT_ENOUGH_DATA);
+					goto err;
+					}
+				len+=i;
+				}
+			off+=(int)c.slen;
+			if (eos <= 0)
+				{
+				break;
+				}
+			else
+				want=HEADER_SIZE;
+			}
+		}
+
+	p=(unsigned char *)b->data;
+	ret=d2i(x,&p,off);
+err:
+	if (b != NULL) BUF_MEM_free(b);
+	return(ret);
+	}
diff --git a/crypto/openssl/crypto/asn1/a_digest.c b/crypto/openssl/crypto/asn1/a_digest.c
new file mode 100644
index 000000000000..8c45add55760
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/a_digest.c
@@ -0,0 +1,87 @@
+/* crypto/asn1/a_digest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+#include 
+
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+
+int ASN1_digest(int (*i2d)(), EVP_MD *type, char *data, unsigned char *md,
+	     unsigned int *len)
+	{
+	EVP_MD_CTX ctx;
+	int i;
+	unsigned char *str,*p;
+
+	i=i2d(data,NULL);
+	if ((str=(unsigned char *)Malloc(i)) == NULL) return(0);
+	p=str;
+	i2d(data,&p);
+
+	EVP_DigestInit(&ctx,type);
+	EVP_DigestUpdate(&ctx,str,i);
+	EVP_DigestFinal(&ctx,md,len);
+	Free(str);
+	return(1);
+	}
+
diff --git a/crypto/openssl/crypto/asn1/a_dup.c b/crypto/openssl/crypto/asn1/a_dup.c
new file mode 100644
index 000000000000..c0a8709f3b45
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/a_dup.c
@@ -0,0 +1,83 @@
+/* crypto/asn1/a_dup.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+
+#define READ_CHUNK   2048
+
+char *ASN1_dup(int (*i2d)(), char *(*d2i)(), char *x)
+	{
+	unsigned char *b,*p;
+	long i;
+	char *ret;
+
+	if (x == NULL) return(NULL);
+
+	i=(long)i2d(x,NULL);
+	b=(unsigned char *)Malloc((unsigned int)i+10);
+	if (b == NULL)
+		{ ASN1err(ASN1_F_ASN1_DUP,ERR_R_MALLOC_FAILURE); return(NULL); }
+	p= b;
+	i=i2d(x,&p);
+	p= b;
+	ret=d2i(NULL,&p,i);
+	Free((char *)b);
+	return(ret);
+	}
diff --git a/crypto/openssl/crypto/asn1/a_enum.c b/crypto/openssl/crypto/asn1/a_enum.c
new file mode 100644
index 000000000000..9239ecc439a0
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/a_enum.c
@@ -0,0 +1,326 @@
+/* crypto/asn1/a_enum.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+
+/* 
+ * Code for ENUMERATED type: identical to INTEGER apart from a different tag.
+ * for comments on encoding see a_int.c
+ */
+
+int i2d_ASN1_ENUMERATED(ASN1_ENUMERATED *a, unsigned char **pp)
+	{
+	int pad=0,ret,r,i,t;
+	unsigned char *p,*n,pb=0;
+
+	if ((a == NULL) || (a->data == NULL)) return(0);
+	t=a->type;
+	if (a->length == 0)
+		ret=1;
+	else
+		{
+		ret=a->length;
+		i=a->data[0];
+		if ((t == V_ASN1_ENUMERATED) && (i > 127)) {
+			pad=1;
+			pb=0;
+		} else if(t == V_ASN1_NEG_ENUMERATED) {
+			if(i>128) {
+				pad=1;
+				pb=0xFF;
+			} else if(i == 128) {
+				for(i = 1; i < a->length; i++) if(a->data[i]) {
+						pad=1;
+						pb=0xFF;
+						break;
+				}
+			}
+		}
+		ret+=pad;
+		}
+	r=ASN1_object_size(0,ret,V_ASN1_ENUMERATED);
+	if (pp == NULL) return(r);
+	p= *pp;
+
+	ASN1_put_object(&p,0,ret,V_ASN1_ENUMERATED,V_ASN1_UNIVERSAL);
+	if (pad) *(p++)=pb;
+	if (a->length == 0)
+		*(p++)=0;
+	else if (t == V_ASN1_ENUMERATED)
+		{
+		memcpy(p,a->data,(unsigned int)a->length);
+		p+=a->length;
+		}
+	else {
+		/* Begin at the end of the encoding */
+		n=a->data + a->length - 1;
+		p += a->length - 1;
+		i = a->length;
+		/* Copy zeros to destination as long as source is zero */
+		while(!*n) {
+			*(p--) = 0;
+			n--;
+			i--;
+		}
+		/* Complement and increment next octet */
+		*(p--) = ((*(n--)) ^ 0xff) + 1;
+		i--;
+		/* Complement any octets left */
+		for(;i > 0; i--) *(p--) = *(n--) ^ 0xff;
+		p += a->length;
+	}
+
+	*pp=p;
+	return(r);
+	}
+
+ASN1_ENUMERATED *d2i_ASN1_ENUMERATED(ASN1_ENUMERATED **a, unsigned char **pp,
+	     long length)
+	{
+	ASN1_ENUMERATED *ret=NULL;
+	unsigned char *p,*to,*s;
+	long len;
+	int inf,tag,xclass;
+	int i;
+
+	if ((a == NULL) || ((*a) == NULL))
+		{
+		if ((ret=ASN1_ENUMERATED_new()) == NULL) return(NULL);
+		ret->type=V_ASN1_ENUMERATED;
+		}
+	else
+		ret=(*a);
+
+	p= *pp;
+	inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
+	if (inf & 0x80)
+		{
+		i=ASN1_R_BAD_OBJECT_HEADER;
+		goto err;
+		}
+
+	if (tag != V_ASN1_ENUMERATED)
+		{
+		i=ASN1_R_EXPECTING_AN_ENUMERATED;
+		goto err;
+		}
+
+	/* We must Malloc stuff, even for 0 bytes otherwise it
+	 * signifies a missing NULL parameter. */
+	s=(unsigned char *)Malloc((int)len+1);
+	if (s == NULL)
+		{
+		i=ERR_R_MALLOC_FAILURE;
+		goto err;
+		}
+	to=s;
+	if (*p & 0x80) /* a negative number */
+		{
+		ret->type=V_ASN1_NEG_ENUMERATED;
+		if ((*p == 0xff) && (len != 1)) {
+			p++;
+			len--;
+		}
+		i = len;
+		p += i - 1;
+		to += i - 1;
+		while((!*p) && i) {
+			*(to--) = 0;
+			i--;
+			p--;
+		}
+		if(!i) {
+			*s = 1;
+			s[len] = 0;
+			p += len;
+			len++;
+		} else {
+			*(to--) = (*(p--) ^ 0xff) + 1;
+			i--;
+			for(;i > 0; i--) *(to--) = *(p--) ^ 0xff;
+			p += len;
+		}
+	} else {
+		ret->type=V_ASN1_ENUMERATED;
+		if ((*p == 0) && (len != 1))
+			{
+			p++;
+			len--;
+			}
+		memcpy(s,p,(int)len);
+		p+=len;
+	}
+
+	if (ret->data != NULL) Free((char *)ret->data);
+	ret->data=s;
+	ret->length=(int)len;
+	if (a != NULL) (*a)=ret;
+	*pp=p;
+	return(ret);
+err:
+	ASN1err(ASN1_F_D2I_ASN1_ENUMERATED,i);
+	if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+		ASN1_ENUMERATED_free(ret);
+	return(NULL);
+	}
+
+int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v)
+	{
+	int i,j,k;
+	unsigned char buf[sizeof(long)+1];
+	long d;
+
+	a->type=V_ASN1_ENUMERATED;
+	if (a->length < (sizeof(long)+1))
+		{
+		if (a->data != NULL)
+			Free((char *)a->data);
+		if ((a->data=(unsigned char *)Malloc(sizeof(long)+1)) != NULL)
+			memset((char *)a->data,0,sizeof(long)+1);
+		}
+	if (a->data == NULL)
+		{
+		ASN1err(ASN1_F_ASN1_ENUMERATED_SET,ERR_R_MALLOC_FAILURE);
+		return(0);
+		}
+	d=v;
+	if (d < 0)
+		{
+		d= -d;
+		a->type=V_ASN1_NEG_ENUMERATED;
+		}
+
+	for (i=0; i>=8;
+		}
+	j=0;
+	for (k=i-1; k >=0; k--)
+		a->data[j++]=buf[k];
+	a->length=j;
+	return(1);
+	}
+
+long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a)
+	{
+	int neg=0,i;
+	long r=0;
+
+	if (a == NULL) return(0L);
+	i=a->type;
+	if (i == V_ASN1_NEG_ENUMERATED)
+		neg=1;
+	else if (i != V_ASN1_ENUMERATED)
+		return(0);
+	
+	if (a->length > sizeof(long))
+		{
+		/* hmm... a bit ugly */
+		return(0xffffffffL);
+		}
+	if (a->data == NULL)
+		return(0);
+
+	for (i=0; ilength; i++)
+		{
+		r<<=8;
+		r|=(unsigned char)a->data[i];
+		}
+	if (neg) r= -r;
+	return(r);
+	}
+
+ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai)
+	{
+	ASN1_ENUMERATED *ret;
+	int len,j;
+
+	if (ai == NULL)
+		ret=ASN1_ENUMERATED_new();
+	else
+		ret=ai;
+	if (ret == NULL)
+		{
+		ASN1err(ASN1_F_BN_TO_ASN1_ENUMERATED,ERR_R_NESTED_ASN1_ERROR);
+		goto err;
+		}
+	if(bn->neg) ret->type = V_ASN1_NEG_ENUMERATED;
+	else ret->type=V_ASN1_ENUMERATED;
+	j=BN_num_bits(bn);
+	len=((j == 0)?0:((j/8)+1));
+	ret->data=(unsigned char *)Malloc(len+4);
+	ret->length=BN_bn2bin(bn,ret->data);
+	return(ret);
+err:
+	if (ret != ai) ASN1_ENUMERATED_free(ret);
+	return(NULL);
+	}
+
+BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai, BIGNUM *bn)
+	{
+	BIGNUM *ret;
+
+	if ((ret=BN_bin2bn(ai->data,ai->length,bn)) == NULL)
+		ASN1err(ASN1_F_ASN1_ENUMERATED_TO_BN,ASN1_R_BN_LIB);
+	if(ai->type == V_ASN1_NEG_ENUMERATED) bn->neg = 1;
+	return(ret);
+	}
diff --git a/crypto/openssl/crypto/asn1/a_gentm.c b/crypto/openssl/crypto/asn1/a_gentm.c
new file mode 100644
index 000000000000..226474f057ba
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/a_gentm.c
@@ -0,0 +1,224 @@
+/* crypto/asn1/a_gentm.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* GENERALIZEDTIME implementation, written by Steve Henson. Based on UTCTIME */
+
+#include 
+#include 
+#include "cryptlib.h"
+#include 
+
+int i2d_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME *a, unsigned char **pp)
+	{
+#ifdef CHARSET_EBCDIC
+	/* KLUDGE! We convert to ascii before writing DER */
+	int len;
+	char tmp[24];
+	ASN1_STRING tmpstr = *(ASN1_STRING *)a;
+
+	len = tmpstr.length;
+	ebcdic2ascii(tmp, tmpstr.data, (len >= sizeof tmp) ? sizeof tmp : len);
+	tmpstr.data = tmp;
+
+	a = (ASN1_GENERALIZEDTIME *) &tmpstr;
+#endif
+	return(i2d_ASN1_bytes((ASN1_STRING *)a,pp,
+		V_ASN1_GENERALIZEDTIME,V_ASN1_UNIVERSAL));
+	}
+
+
+ASN1_GENERALIZEDTIME *d2i_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME **a,
+	     unsigned char **pp, long length)
+	{
+	ASN1_GENERALIZEDTIME *ret=NULL;
+
+	ret=(ASN1_GENERALIZEDTIME *)d2i_ASN1_bytes((ASN1_STRING **)a,pp,length,
+		V_ASN1_GENERALIZEDTIME,V_ASN1_UNIVERSAL);
+	if (ret == NULL)
+		{
+		ASN1err(ASN1_F_D2I_ASN1_GENERALIZEDTIME,ERR_R_NESTED_ASN1_ERROR);
+		return(NULL);
+		}
+#ifdef CHARSET_EBCDIC
+	ascii2ebcdic(ret->data, ret->data, ret->length);
+#endif
+	if (!ASN1_GENERALIZEDTIME_check(ret))
+		{
+		ASN1err(ASN1_F_D2I_ASN1_GENERALIZEDTIME,ASN1_R_INVALID_TIME_FORMAT);
+		goto err;
+		}
+
+	return(ret);
+err:
+	if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+		ASN1_GENERALIZEDTIME_free(ret);
+	return(NULL);
+	}
+
+int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *d)
+	{
+	static int min[9]={ 0, 0, 1, 1, 0, 0, 0, 0, 0};
+	static int max[9]={99, 99,12,31,23,59,59,12,59};
+	char *a;
+	int n,i,l,o;
+
+	if (d->type != V_ASN1_GENERALIZEDTIME) return(0);
+	l=d->length;
+	a=(char *)d->data;
+	o=0;
+	/* GENERALIZEDTIME is similar to UTCTIME except the year is
+         * represented as YYYY. This stuff treats everything as a two digit
+         * field so make first two fields 00 to 99
+         */
+	if (l < 13) goto err;
+	for (i=0; i<7; i++)
+		{
+		if ((i == 6) && ((a[o] == 'Z') ||
+			(a[o] == '+') || (a[o] == '-')))
+			{ i++; break; }
+		if ((a[o] < '0') || (a[o] > '9')) goto err;
+		n= a[o]-'0';
+		if (++o > l) goto err;
+
+		if ((a[o] < '0') || (a[o] > '9')) goto err;
+		n=(n*10)+ a[o]-'0';
+		if (++o > l) goto err;
+
+		if ((n < min[i]) || (n > max[i])) goto err;
+		}
+	if (a[o] == 'Z')
+		o++;
+	else if ((a[o] == '+') || (a[o] == '-'))
+		{
+		o++;
+		if (o+4 > l) goto err;
+		for (i=7; i<9; i++)
+			{
+			if ((a[o] < '0') || (a[o] > '9')) goto err;
+			n= a[o]-'0';
+			o++;
+			if ((a[o] < '0') || (a[o] > '9')) goto err;
+			n=(n*10)+ a[o]-'0';
+			if ((n < min[i]) || (n > max[i])) goto err;
+			o++;
+			}
+		}
+	return(o == l);
+err:
+	return(0);
+	}
+
+int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, char *str)
+	{
+	ASN1_GENERALIZEDTIME t;
+
+	t.type=V_ASN1_GENERALIZEDTIME;
+	t.length=strlen(str);
+	t.data=(unsigned char *)str;
+	if (ASN1_GENERALIZEDTIME_check(&t))
+		{
+		if (s != NULL)
+			{
+			ASN1_STRING_set((ASN1_STRING *)s,
+				(unsigned char *)str,t.length);
+			}
+		return(1);
+		}
+	else
+		return(0);
+	}
+
+ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
+	     time_t t)
+	{
+	char *p;
+	struct tm *ts;
+#if defined(THREADS) && !defined(WIN32)
+	struct tm data;
+#endif
+
+	if (s == NULL)
+		s=ASN1_GENERALIZEDTIME_new();
+	if (s == NULL)
+		return(NULL);
+
+#if defined(THREADS) && !defined(WIN32)
+	gmtime_r(&t,&data); /* should return &data, but doesn't on some systems, so we don't even look at the return value */
+	ts=&data;
+#else
+	ts=gmtime(&t);
+#endif
+	p=(char *)s->data;
+	if ((p == NULL) || (s->length < 16))
+		{
+		p=Malloc(20);
+		if (p == NULL) return(NULL);
+		if (s->data != NULL)
+			Free(s->data);
+		s->data=(unsigned char *)p;
+		}
+
+	sprintf(p,"%04d%02d%02d%02d%02d%02dZ",ts->tm_year + 1900,
+		ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec);
+	s->length=strlen(p);
+	s->type=V_ASN1_GENERALIZEDTIME;
+#ifdef CHARSET_EBCDIC_not
+	ebcdic2ascii(s->data, s->data, s->length);
+#endif
+	return(s);
+	}
diff --git a/crypto/openssl/crypto/asn1/a_hdr.c b/crypto/openssl/crypto/asn1/a_hdr.c
new file mode 100644
index 000000000000..1171d3644397
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/a_hdr.c
@@ -0,0 +1,119 @@
+/* crypto/asn1/a_hdr.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+
+int i2d_ASN1_HEADER(ASN1_HEADER *a, unsigned char **pp)
+	{
+	M_ASN1_I2D_vars(a);
+
+	M_ASN1_I2D_len(a->header,	i2d_ASN1_OCTET_STRING);
+	M_ASN1_I2D_len(a->data,		a->meth->i2d);
+
+	M_ASN1_I2D_seq_total();
+
+	M_ASN1_I2D_put(a->header,	i2d_ASN1_OCTET_STRING);
+	M_ASN1_I2D_put(a->data,		a->meth->i2d);
+
+	M_ASN1_I2D_finish();
+	}
+
+ASN1_HEADER *d2i_ASN1_HEADER(ASN1_HEADER **a, unsigned char **pp,
+	     long length)
+	{
+	M_ASN1_D2I_vars(a,ASN1_HEADER *,ASN1_HEADER_new);
+
+	M_ASN1_D2I_Init();
+        M_ASN1_D2I_start_sequence();
+        M_ASN1_D2I_get(ret->header,d2i_ASN1_OCTET_STRING);
+	if (ret->meth != NULL)
+		{
+		M_ASN1_D2I_get(ret->data,ret->meth->d2i);
+		}
+	else
+		{
+		if (a != NULL) (*a)=ret;
+		return(ret);
+		}
+        M_ASN1_D2I_Finish(a,ASN1_HEADER_free,ASN1_F_D2I_ASN1_HEADER);
+	}
+
+ASN1_HEADER *ASN1_HEADER_new(void)
+	{
+	ASN1_HEADER *ret=NULL;
+	ASN1_CTX c;
+
+	M_ASN1_New_Malloc(ret,ASN1_HEADER);
+	M_ASN1_New(ret->header,ASN1_OCTET_STRING_new);
+	ret->meth=NULL;
+	ret->data=NULL;
+	return(ret);
+        M_ASN1_New_Error(ASN1_F_ASN1_HEADER_NEW);
+	}
+
+void ASN1_HEADER_free(ASN1_HEADER *a)
+	{
+	if (a == NULL) return;
+	ASN1_OCTET_STRING_free(a->header);
+	if (a->meth != NULL)
+		a->meth->destroy(a->data);
+	Free((char *)a);
+	}
diff --git a/crypto/openssl/crypto/asn1/a_i2d_fp.c b/crypto/openssl/crypto/asn1/a_i2d_fp.c
new file mode 100644
index 000000000000..6bd845443cc0
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/a_i2d_fp.c
@@ -0,0 +1,113 @@
+/* crypto/asn1/a_i2d_fp.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+
+#ifndef NO_FP_API
+int ASN1_i2d_fp(int (*i2d)(), FILE *out, unsigned char *x)
+        {
+        BIO *b;
+        int ret;
+
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+		{
+		ASN1err(ASN1_F_ASN1_I2D_FP,ERR_R_BUF_LIB);
+                return(0);
+		}
+        BIO_set_fp(b,out,BIO_NOCLOSE);
+        ret=ASN1_i2d_bio(i2d,b,x);
+        BIO_free(b);
+        return(ret);
+        }
+#endif
+
+int ASN1_i2d_bio(int (*i2d)(), BIO *out, unsigned char *x)
+	{
+	char *b;
+	unsigned char *p;
+	int i,j=0,n,ret=1;
+
+	n=i2d(x,NULL);
+	b=(char *)Malloc(n);
+	if (b == NULL)
+		{
+		ASN1err(ASN1_F_ASN1_I2D_BIO,ERR_R_MALLOC_FAILURE);
+		return(0);
+		}
+
+	p=(unsigned char *)b;
+	i2d(x,&p);
+	
+	for (;;)
+		{
+		i=BIO_write(out,&(b[j]),n);
+		if (i == n) break;
+		if (i <= 0)
+			{
+			ret=0;
+			break;
+			}
+		j+=i;
+		n-=i;
+		}
+	Free((char *)b);
+	return(ret);
+	}
diff --git a/crypto/openssl/crypto/asn1/a_int.c b/crypto/openssl/crypto/asn1/a_int.c
new file mode 100644
index 000000000000..d05436378b94
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/a_int.c
@@ -0,0 +1,416 @@
+/* crypto/asn1/a_int.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+
+/* 
+ * This converts an ASN1 INTEGER into its DER encoding.
+ * The internal representation is an ASN1_STRING whose data is a big endian
+ * representation of the value, ignoring the sign. The sign is determined by
+ * the type: V_ASN1_INTEGER for positive and V_ASN1_NEG_INTEGER for negative. 
+ *
+ * Positive integers are no problem: they are almost the same as the DER
+ * encoding, except if the first byte is >= 0x80 we need to add a zero pad.
+ *
+ * Negative integers are a bit trickier...
+ * The DER representation of negative integers is in 2s complement form.
+ * The internal form is converted by complementing each octet and finally 
+ * adding one to the result. This can be done less messily with a little trick.
+ * If the internal form has trailing zeroes then they will become FF by the
+ * complement and 0 by the add one (due to carry) so just copy as many trailing 
+ * zeros to the destination as there are in the source. The carry will add one
+ * to the last none zero octet: so complement this octet and add one and finally
+ * complement any left over until you get to the start of the string.
+ *
+ * Padding is a little trickier too. If the first bytes is > 0x80 then we pad
+ * with 0xff. However if the first byte is 0x80 and one of the following bytes
+ * is non-zero we pad with 0xff. The reason for this distinction is that 0x80
+ * followed by optional zeros isn't padded.
+ */
+
+int i2d_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
+	{
+	int pad=0,ret,r,i,t;
+	unsigned char *p,*n,pb=0;
+
+	if ((a == NULL) || (a->data == NULL)) return(0);
+	t=a->type;
+	if (a->length == 0)
+		ret=1;
+	else
+		{
+		ret=a->length;
+		i=a->data[0];
+		if ((t == V_ASN1_INTEGER) && (i > 127)) {
+			pad=1;
+			pb=0;
+		} else if(t == V_ASN1_NEG_INTEGER) {
+			if(i>128) {
+				pad=1;
+				pb=0xFF;
+			} else if(i == 128) {
+			/*
+			 * Special case: if any other bytes non zero we pad:
+			 * otherwise we don't.
+			 */
+				for(i = 1; i < a->length; i++) if(a->data[i]) {
+						pad=1;
+						pb=0xFF;
+						break;
+				}
+			}
+		}
+		ret+=pad;
+		}
+	r=ASN1_object_size(0,ret,V_ASN1_INTEGER);
+	if (pp == NULL) return(r);
+	p= *pp;
+
+	ASN1_put_object(&p,0,ret,V_ASN1_INTEGER,V_ASN1_UNIVERSAL);
+	if (pad) *(p++)=pb;
+	if (a->length == 0) *(p++)=0;
+	else if (t == V_ASN1_INTEGER) memcpy(p,a->data,(unsigned int)a->length);
+	else {
+		/* Begin at the end of the encoding */
+		n=a->data + a->length - 1;
+		p += a->length - 1;
+		i = a->length;
+		/* Copy zeros to destination as long as source is zero */
+		while(!*n) {
+			*(p--) = 0;
+			n--;
+			i--;
+		}
+		/* Complement and increment next octet */
+		*(p--) = ((*(n--)) ^ 0xff) + 1;
+		i--;
+		/* Complement any octets left */
+		for(;i > 0; i--) *(p--) = *(n--) ^ 0xff;
+	}
+
+	*pp+=r;
+	return(r);
+	}
+
+ASN1_INTEGER *d2i_ASN1_INTEGER(ASN1_INTEGER **a, unsigned char **pp,
+	     long length)
+	{
+	ASN1_INTEGER *ret=NULL;
+	unsigned char *p,*to,*s, *pend;
+	long len;
+	int inf,tag,xclass;
+	int i;
+
+	if ((a == NULL) || ((*a) == NULL))
+		{
+		if ((ret=ASN1_INTEGER_new()) == NULL) return(NULL);
+		ret->type=V_ASN1_INTEGER;
+		}
+	else
+		ret=(*a);
+
+	p= *pp;
+	inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
+	pend = p + len;
+	if (inf & 0x80)
+		{
+		i=ASN1_R_BAD_OBJECT_HEADER;
+		goto err;
+		}
+
+	if (tag != V_ASN1_INTEGER)
+		{
+		i=ASN1_R_EXPECTING_AN_INTEGER;
+		goto err;
+		}
+
+	/* We must Malloc stuff, even for 0 bytes otherwise it
+	 * signifies a missing NULL parameter. */
+	s=(unsigned char *)Malloc((int)len+1);
+	if (s == NULL)
+		{
+		i=ERR_R_MALLOC_FAILURE;
+		goto err;
+		}
+	to=s;
+	if (*p & 0x80) /* a negative number */
+		{
+		ret->type=V_ASN1_NEG_INTEGER;
+		if ((*p == 0xff) && (len != 1)) {
+			p++;
+			len--;
+		}
+		i = len;
+		p += i - 1;
+		to += i - 1;
+		while((!*p) && i) {
+			*(to--) = 0;
+			i--;
+			p--;
+		}
+		/* Special case: if all zeros then the number will be of
+		 * the form FF followed by n zero bytes: this corresponds to
+		 * 1 followed by n zero bytes. We've already written n zeros
+		 * so we just append an extra one and set the first byte to
+		 * a 1. This is treated separately because it is the only case
+		 * where the number of bytes is larger than len.
+		 */
+		if(!i) {
+			*s = 1;
+			s[len] = 0;
+			len++;
+		} else {
+			*(to--) = (*(p--) ^ 0xff) + 1;
+			i--;
+			for(;i > 0; i--) *(to--) = *(p--) ^ 0xff;
+		}
+	} else {
+		ret->type=V_ASN1_INTEGER;
+		if ((*p == 0) && (len != 1))
+			{
+			p++;
+			len--;
+			}
+		memcpy(s,p,(int)len);
+	}
+
+	if (ret->data != NULL) Free((char *)ret->data);
+	ret->data=s;
+	ret->length=(int)len;
+	if (a != NULL) (*a)=ret;
+	*pp=pend;
+	return(ret);
+err:
+	ASN1err(ASN1_F_D2I_ASN1_INTEGER,i);
+	if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+		ASN1_INTEGER_free(ret);
+	return(NULL);
+	}
+
+/* This is a version of d2i_ASN1_INTEGER that ignores the sign bit of
+ * ASN1 integers: some broken software can encode a positive INTEGER
+ * with its MSB set as negative (it doesn't add a padding zero).
+ */
+
+ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, unsigned char **pp,
+	     long length)
+	{
+	ASN1_INTEGER *ret=NULL;
+	unsigned char *p,*to,*s;
+	long len;
+	int inf,tag,xclass;
+	int i;
+
+	if ((a == NULL) || ((*a) == NULL))
+		{
+		if ((ret=ASN1_INTEGER_new()) == NULL) return(NULL);
+		ret->type=V_ASN1_INTEGER;
+		}
+	else
+		ret=(*a);
+
+	p= *pp;
+	inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
+	if (inf & 0x80)
+		{
+		i=ASN1_R_BAD_OBJECT_HEADER;
+		goto err;
+		}
+
+	if (tag != V_ASN1_INTEGER)
+		{
+		i=ASN1_R_EXPECTING_AN_INTEGER;
+		goto err;
+		}
+
+	/* We must Malloc stuff, even for 0 bytes otherwise it
+	 * signifies a missing NULL parameter. */
+	s=(unsigned char *)Malloc((int)len+1);
+	if (s == NULL)
+		{
+		i=ERR_R_MALLOC_FAILURE;
+		goto err;
+		}
+	to=s;
+		ret->type=V_ASN1_INTEGER;
+		if ((*p == 0) && (len != 1))
+			{
+			p++;
+			len--;
+			}
+		memcpy(s,p,(int)len);
+		p+=len;
+
+	if (ret->data != NULL) Free((char *)ret->data);
+	ret->data=s;
+	ret->length=(int)len;
+	if (a != NULL) (*a)=ret;
+	*pp=p;
+	return(ret);
+err:
+	ASN1err(ASN1_F_D2I_ASN1_UINTEGER,i);
+	if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+		ASN1_INTEGER_free(ret);
+	return(NULL);
+	}
+
+int ASN1_INTEGER_set(ASN1_INTEGER *a, long v)
+	{
+	int i,j,k;
+	unsigned char buf[sizeof(long)+1];
+	long d;
+
+	a->type=V_ASN1_INTEGER;
+	if (a->length < (sizeof(long)+1))
+		{
+		if (a->data != NULL)
+			Free((char *)a->data);
+		if ((a->data=(unsigned char *)Malloc(sizeof(long)+1)) != NULL)
+			memset((char *)a->data,0,sizeof(long)+1);
+		}
+	if (a->data == NULL)
+		{
+		ASN1err(ASN1_F_ASN1_INTEGER_SET,ERR_R_MALLOC_FAILURE);
+		return(0);
+		}
+	d=v;
+	if (d < 0)
+		{
+		d= -d;
+		a->type=V_ASN1_NEG_INTEGER;
+		}
+
+	for (i=0; i>=8;
+		}
+	j=0;
+	for (k=i-1; k >=0; k--)
+		a->data[j++]=buf[k];
+	a->length=j;
+	return(1);
+	}
+
+long ASN1_INTEGER_get(ASN1_INTEGER *a)
+	{
+	int neg=0,i;
+	long r=0;
+
+	if (a == NULL) return(0L);
+	i=a->type;
+	if (i == V_ASN1_NEG_INTEGER)
+		neg=1;
+	else if (i != V_ASN1_INTEGER)
+		return(0);
+	
+	if (a->length > sizeof(long))
+		{
+		/* hmm... a bit ugly */
+		return(0xffffffffL);
+		}
+	if (a->data == NULL)
+		return(0);
+
+	for (i=0; ilength; i++)
+		{
+		r<<=8;
+		r|=(unsigned char)a->data[i];
+		}
+	if (neg) r= -r;
+	return(r);
+	}
+
+ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai)
+	{
+	ASN1_INTEGER *ret;
+	int len,j;
+
+	if (ai == NULL)
+		ret=ASN1_INTEGER_new();
+	else
+		ret=ai;
+	if (ret == NULL)
+		{
+		ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_NESTED_ASN1_ERROR);
+		goto err;
+		}
+	if(bn->neg) ret->type = V_ASN1_NEG_INTEGER;
+	else ret->type=V_ASN1_INTEGER;
+	j=BN_num_bits(bn);
+	len=((j == 0)?0:((j/8)+1));
+	ret->data=(unsigned char *)Malloc(len+4);
+	ret->length=BN_bn2bin(bn,ret->data);
+	return(ret);
+err:
+	if (ret != ai) ASN1_INTEGER_free(ret);
+	return(NULL);
+	}
+
+BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *ai, BIGNUM *bn)
+	{
+	BIGNUM *ret;
+
+	if ((ret=BN_bin2bn(ai->data,ai->length,bn)) == NULL)
+		ASN1err(ASN1_F_ASN1_INTEGER_TO_BN,ASN1_R_BN_LIB);
+	if(ai->type == V_ASN1_NEG_INTEGER) bn->neg = 1;
+	return(ret);
+	}
diff --git a/crypto/openssl/crypto/asn1/a_meth.c b/crypto/openssl/crypto/asn1/a_meth.c
new file mode 100644
index 000000000000..63158e9cab2d
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/a_meth.c
@@ -0,0 +1,84 @@
+/* crypto/asn1/a_meth.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+
+static  ASN1_METHOD ia5string_meth={
+	(int (*)())	i2d_ASN1_IA5STRING,
+	(char *(*)())	d2i_ASN1_IA5STRING,
+	(char *(*)())	ASN1_STRING_new,
+	(void (*)())	ASN1_STRING_free};
+
+static  ASN1_METHOD bit_string_meth={
+	(int (*)())	i2d_ASN1_BIT_STRING,
+	(char *(*)())	d2i_ASN1_BIT_STRING,
+	(char *(*)())	ASN1_STRING_new,
+	(void (*)())	ASN1_STRING_free};
+
+ASN1_METHOD *ASN1_IA5STRING_asn1_meth(void)
+	{
+	return(&ia5string_meth);
+	}
+
+ASN1_METHOD *ASN1_BIT_STRING_asn1_meth(void)
+	{
+	return(&bit_string_meth);
+	}
diff --git a/crypto/openssl/crypto/asn1/a_object.c b/crypto/openssl/crypto/asn1/a_object.c
new file mode 100644
index 000000000000..b94b418ee89a
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/a_object.c
@@ -0,0 +1,304 @@
+/* crypto/asn1/a_object.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+
+int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp)
+	{
+	unsigned char *p;
+
+	if ((a == NULL) || (a->data == NULL)) return(0);
+
+	if (pp == NULL)
+		return(ASN1_object_size(0,a->length,V_ASN1_OBJECT));
+
+	p= *pp;
+	ASN1_put_object(&p,0,a->length,V_ASN1_OBJECT,V_ASN1_UNIVERSAL);
+	memcpy(p,a->data,a->length);
+	p+=a->length;
+
+	*pp=p;
+	return(a->length);
+	}
+
+int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num)
+	{
+	int i,first,len=0,c;
+	char tmp[24];
+	const char *p;
+	unsigned long l;
+
+	if (num == 0)
+		return(0);
+	else if (num == -1)
+		num=strlen(buf);
+
+	p=buf;
+	c= *(p++);
+	num--;
+	if ((c >= '0') && (c <= '2'))
+		{
+		first=(c-'0')*40;
+		}
+	else
+		{
+		ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_FIRST_NUM_TOO_LARGE);
+		goto err;
+		}
+
+	if (num <= 0)
+		{
+		ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_MISSING_SECOND_NUMBER);
+		goto err;
+		}
+	c= *(p++);
+	num--;
+	for (;;)
+		{
+		if (num <= 0) break;
+		if ((c != '.') && (c != ' '))
+			{
+			ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_INVALID_SEPARATOR);
+			goto err;
+			}
+		l=0;
+		for (;;)
+			{
+			if (num <= 0) break;
+			num--;
+			c= *(p++);
+			if ((c == ' ') || (c == '.'))
+				break;
+			if ((c < '0') || (c > '9'))
+				{
+				ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_INVALID_DIGIT);
+				goto err;
+				}
+			l=l*10L+(long)(c-'0');
+			}
+		if (len == 0)
+			{
+			if ((first < 2) && (l >= 40))
+				{
+				ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_SECOND_NUMBER_TOO_LARGE);
+				goto err;
+				}
+			l+=(long)first;
+			}
+		i=0;
+		for (;;)
+			{
+			tmp[i++]=(unsigned char)l&0x7f;
+			l>>=7L;
+			if (l == 0L) break;
+			}
+		if (out != NULL)
+			{
+			if (len+i > olen)
+				{
+				ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_BUFFER_TOO_SMALL);
+				goto err;
+				}
+			while (--i > 0)
+				out[len++]=tmp[i]|0x80;
+			out[len++]=tmp[0];
+			}
+		else
+			len+=i;
+		}
+	return(len);
+err:
+	return(0);
+	}
+
+int i2t_ASN1_OBJECT(char *buf, int buf_len, ASN1_OBJECT *a)
+{
+	return OBJ_obj2txt(buf, buf_len, a, 0);
+}
+
+int i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a)
+	{
+	char buf[80];
+	int i;
+
+	if ((a == NULL) || (a->data == NULL))
+		return(BIO_write(bp,"NULL",4));
+	i=i2t_ASN1_OBJECT(buf,80,a);
+	if (i > 80) i=80;
+	BIO_write(bp,buf,i);
+	return(i);
+	}
+
+ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, unsigned char **pp,
+	     long length)
+	{
+	ASN1_OBJECT *ret=NULL;
+	unsigned char *p;
+	long len;
+	int tag,xclass;
+	int inf,i;
+
+	/* only the ASN1_OBJECTs from the 'table' will have values
+	 * for ->sn or ->ln */
+	if ((a == NULL) || ((*a) == NULL) ||
+		!((*a)->flags & ASN1_OBJECT_FLAG_DYNAMIC))
+		{
+		if ((ret=ASN1_OBJECT_new()) == NULL) return(NULL);
+		}
+	else	ret=(*a);
+
+	p= *pp;
+
+	inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
+	if (inf & 0x80)
+		{
+		i=ASN1_R_BAD_OBJECT_HEADER;
+		goto err;
+		}
+
+	if (tag != V_ASN1_OBJECT)
+		{
+		i=ASN1_R_EXPECTING_AN_OBJECT;
+		goto err;
+		}
+	if ((ret->data == NULL) || (ret->length < len))
+		{
+		if (ret->data != NULL) Free((char *)ret->data);
+		ret->data=(unsigned char *)Malloc((int)len);
+		ret->flags|=ASN1_OBJECT_FLAG_DYNAMIC_DATA;
+		if (ret->data == NULL)
+			{ i=ERR_R_MALLOC_FAILURE; goto err; }
+		}
+	memcpy(ret->data,p,(int)len);
+	ret->length=(int)len;
+	ret->sn=NULL;
+	ret->ln=NULL;
+	/* ret->flags=ASN1_OBJECT_FLAG_DYNAMIC; we know it is dynamic */
+	p+=len;
+
+	if (a != NULL) (*a)=ret;
+	*pp=p;
+	return(ret);
+err:
+	ASN1err(ASN1_F_D2I_ASN1_OBJECT,i);
+	if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+		ASN1_OBJECT_free(ret);
+	return(NULL);
+	}
+
+ASN1_OBJECT *ASN1_OBJECT_new(void)
+	{
+	ASN1_OBJECT *ret;
+
+	ret=(ASN1_OBJECT *)Malloc(sizeof(ASN1_OBJECT));
+	if (ret == NULL)
+		{
+		ASN1err(ASN1_F_ASN1_OBJECT_NEW,ERR_R_MALLOC_FAILURE);
+		return(NULL);
+		}
+	ret->length=0;
+	ret->data=NULL;
+	ret->nid=0;
+	ret->sn=NULL;
+	ret->ln=NULL;
+	ret->flags=ASN1_OBJECT_FLAG_DYNAMIC;
+	return(ret);
+	}
+
+void ASN1_OBJECT_free(ASN1_OBJECT *a)
+	{
+	if (a == NULL) return;
+	if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_STRINGS)
+		{
+#ifndef CONST_STRICT /* disable purely for compile-time strict const checking. Doing this on a "real" compile will cause mempory leaks */
+		if (a->sn != NULL) Free((void *)a->sn);
+		if (a->ln != NULL) Free((void *)a->ln);
+#endif
+		a->sn=a->ln=NULL;
+		}
+	if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_DATA)
+		{
+		if (a->data != NULL) Free(a->data);
+		a->data=NULL;
+		a->length=0;
+		}
+	if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC)
+		Free(a);
+	}
+
+ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len,
+	     char *sn, char *ln)
+	{
+	ASN1_OBJECT o;
+
+	o.sn=sn;
+	o.ln=ln;
+	o.data=data;
+	o.nid=nid;
+	o.length=len;
+	o.flags=ASN1_OBJECT_FLAG_DYNAMIC|ASN1_OBJECT_FLAG_DYNAMIC_STRINGS|
+		ASN1_OBJECT_FLAG_DYNAMIC_DATA;
+	return(OBJ_dup(&o));
+	}
+
+IMPLEMENT_STACK_OF(ASN1_OBJECT)
+IMPLEMENT_ASN1_SET_OF(ASN1_OBJECT)
diff --git a/crypto/openssl/crypto/asn1/a_octet.c b/crypto/openssl/crypto/asn1/a_octet.c
new file mode 100644
index 000000000000..7659a13bd38e
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/a_octet.c
@@ -0,0 +1,83 @@
+/* crypto/asn1/a_octet.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+
+int i2d_ASN1_OCTET_STRING(ASN1_OCTET_STRING *a, unsigned char **pp)
+	{
+	return(i2d_ASN1_bytes((ASN1_STRING *)a,pp,
+		V_ASN1_OCTET_STRING,V_ASN1_UNIVERSAL));
+	}
+
+ASN1_OCTET_STRING *d2i_ASN1_OCTET_STRING(ASN1_OCTET_STRING **a,
+	     unsigned char **pp, long length)
+	{
+	ASN1_OCTET_STRING *ret=NULL;
+
+	ret=(ASN1_OCTET_STRING *)d2i_ASN1_bytes((ASN1_STRING **)a,
+		pp,length,V_ASN1_OCTET_STRING,V_ASN1_UNIVERSAL);
+	if (ret == NULL)
+		{
+		ASN1err(ASN1_F_D2I_ASN1_OCTET_STRING,ERR_R_NESTED_ASN1_ERROR);
+		return(NULL);
+		}
+	return(ret);
+	}
+
diff --git a/crypto/openssl/crypto/asn1/a_print.c b/crypto/openssl/crypto/asn1/a_print.c
new file mode 100644
index 000000000000..cdec7a1561d8
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/a_print.c
@@ -0,0 +1,165 @@
+/* crypto/asn1/a_print.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+
+int i2d_ASN1_IA5STRING(ASN1_IA5STRING *a, unsigned char **pp)
+	{ return(M_i2d_ASN1_IA5STRING(a,pp)); }
+
+ASN1_IA5STRING *d2i_ASN1_IA5STRING(ASN1_IA5STRING **a, unsigned char **pp,
+	     long l)
+	{ return(M_d2i_ASN1_IA5STRING(a,pp,l)); }
+
+ASN1_T61STRING *d2i_ASN1_T61STRING(ASN1_T61STRING **a, unsigned char **pp,
+	     long l)
+	{ return(M_d2i_ASN1_T61STRING(a,pp,l)); }
+
+ASN1_PRINTABLESTRING *d2i_ASN1_PRINTABLESTRING(ASN1_PRINTABLESTRING **a,
+	     unsigned char **pp, long l)
+	{ return(M_d2i_ASN1_PRINTABLESTRING(a,pp,
+	     l)); }
+
+int i2d_ASN1_PRINTABLE(ASN1_STRING *a, unsigned char **pp)
+	{ return(M_i2d_ASN1_PRINTABLE(a,pp)); }
+
+ASN1_STRING *d2i_ASN1_PRINTABLE(ASN1_STRING **a, unsigned char **pp,
+	     long l)
+	{ return(M_d2i_ASN1_PRINTABLE(a,pp,l)); }
+
+int ASN1_PRINTABLE_type(unsigned char *s, int len)
+	{
+	int c;
+	int ia5=0;
+	int t61=0;
+
+	if (len <= 0) len= -1;
+	if (s == NULL) return(V_ASN1_PRINTABLESTRING);
+
+	while ((*s) && (len-- != 0))
+		{
+		c= *(s++);
+#ifndef CHARSET_EBCDIC
+		if (!(	((c >= 'a') && (c <= 'z')) ||
+			((c >= 'A') && (c <= 'Z')) ||
+			(c == ' ') ||
+			((c >= '0') && (c <= '9')) ||
+			(c == ' ') || (c == '\'') ||
+			(c == '(') || (c == ')') ||
+			(c == '+') || (c == ',') ||
+			(c == '-') || (c == '.') ||
+			(c == '/') || (c == ':') ||
+			(c == '=') || (c == '?')))
+			ia5=1;
+		if (c&0x80)
+			t61=1;
+#else
+		if (!isalnum(c) && (c != ' ') &&
+		    strchr("'()+,-./:=?", c) == NULL)
+			ia5=1;
+		if (os_toascii[c] & 0x80)
+			t61=1;
+#endif
+		}
+	if (t61) return(V_ASN1_T61STRING);
+	if (ia5) return(V_ASN1_IA5STRING);
+	return(V_ASN1_PRINTABLESTRING);
+	}
+
+int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s)
+	{
+	int i;
+	unsigned char *p;
+
+	if (s->type != V_ASN1_UNIVERSALSTRING) return(0);
+	if ((s->length%4) != 0) return(0);
+	p=s->data;
+	for (i=0; ilength; i+=4)
+		{
+		if ((p[0] != '\0') || (p[1] != '\0') || (p[2] != '\0'))
+			break;
+		else
+			p+=4;
+		}
+	if (i < s->length) return(0);
+	p=s->data;
+	for (i=3; ilength; i+=4)
+		{
+		*(p++)=s->data[i];
+		}
+	*(p)='\0';
+	s->length/=4;
+	s->type=ASN1_PRINTABLE_type(s->data,s->length);
+	return(1);
+	}
+
+
+int i2d_DIRECTORYSTRING(ASN1_STRING *a, unsigned char **pp)
+	{ return(M_i2d_DIRECTORYSTRING(a,pp)); }
+
+ASN1_STRING *d2i_DIRECTORYSTRING(ASN1_STRING **a, unsigned char **pp,
+	     long l)
+	{ return(M_d2i_DIRECTORYSTRING(a,pp,l)); }
+
+int i2d_DISPLAYTEXT(ASN1_STRING *a, unsigned char **pp)
+	{ return(M_i2d_DISPLAYTEXT(a,pp)); }
+
+ASN1_STRING *d2i_DISPLAYTEXT(ASN1_STRING **a, unsigned char **pp,
+	     long l)
+	{ return(M_d2i_DISPLAYTEXT(a,pp,l)); }
diff --git a/crypto/openssl/crypto/asn1/a_set.c b/crypto/openssl/crypto/asn1/a_set.c
new file mode 100644
index 000000000000..c2481e759740
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/a_set.c
@@ -0,0 +1,217 @@
+/* crypto/asn1/a_set.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+
+typedef struct
+    {
+    unsigned char *pbData;
+    int cbData;
+    } MYBLOB;
+
+/* SetBlobCmp
+ * This function compares two elements of SET_OF block
+ */
+static int SetBlobCmp(const void *elem1, const void *elem2 )
+    {
+    const MYBLOB *b1 = (const MYBLOB *)elem1;
+    const MYBLOB *b2 = (const MYBLOB *)elem2;
+    int r;
+
+    r = memcmp(b1->pbData, b2->pbData,
+	       b1->cbData < b2->cbData ? b1->cbData : b2->cbData);
+    if(r != 0)
+	return r;
+    return b1->cbData-b2->cbData;
+    }
+
+/* int is_set:  if TRUE, then sort the contents (i.e. it isn't a SEQUENCE)    */
+int i2d_ASN1_SET(STACK *a, unsigned char **pp, int (*func)(), int ex_tag,
+	     int ex_class, int is_set)
+	{
+	int ret=0,r;
+	int i;
+	unsigned char *p;
+        unsigned char *pStart, *pTempMem;
+        MYBLOB *rgSetBlob;
+        int totSize;
+
+	if (a == NULL) return(0);
+	for (i=sk_num(a)-1; i>=0; i--)
+		ret+=func(sk_value(a,i),NULL);
+	r=ASN1_object_size(1,ret,ex_tag);
+	if (pp == NULL) return(r);
+
+	p= *pp;
+	ASN1_put_object(&p,1,ret,ex_tag,ex_class);
+
+/* Modified by gp@nsj.co.jp */
+	/* And then again by Ben */
+	/* And again by Steve */
+
+	if(!is_set || (sk_num(a) < 2))
+		{
+		for (i=0; i c.max)
+		{
+		ASN1err(ASN1_F_D2I_ASN1_SET,ASN1_R_LENGTH_ERROR);
+		goto err;
+		}
+	/* check for infinite constructed - it can be as long
+	 * as the amount of data passed to us */
+	if (c.inf == (V_ASN1_CONSTRUCTED+1))
+		c.slen=length+ *pp-c.p;
+	c.max=c.p+c.slen;
+
+	while (c.p < c.max)
+		{
+		char *s;
+
+		if (M_ASN1_D2I_end_sequence()) break;
+		if ((s=func(NULL,&c.p,c.slen,c.max-c.p)) == NULL)
+			{
+			ASN1err(ASN1_F_D2I_ASN1_SET,ASN1_R_ERROR_PARSING_SET_ELEMENT);
+			asn1_add_error(*pp,(int)(c.q- *pp));
+			goto err;
+			}
+		if (!sk_push(ret,s)) goto err;
+		}
+	if (a != NULL) (*a)=ret;
+	*pp=c.p;
+	return(ret);
+err:
+	if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+		{
+		if (free_func != NULL)
+			sk_pop_free(ret,free_func);
+		else
+			sk_free(ret);
+		}
+	return(NULL);
+	}
+
diff --git a/crypto/openssl/crypto/asn1/a_sign.c b/crypto/openssl/crypto/asn1/a_sign.c
new file mode 100644
index 000000000000..57595692e5b9
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/a_sign.c
@@ -0,0 +1,145 @@
+/* crypto/asn1/a_sign.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+#include 
+
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+#include 
+#include 
+
+int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
+	     ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey,
+	     const EVP_MD *type)
+	{
+	EVP_MD_CTX ctx;
+	unsigned char *p,*buf_in=NULL,*buf_out=NULL;
+	int i,inl=0,outl=0,outll=0;
+	X509_ALGOR *a;
+
+	for (i=0; i<2; i++)
+		{
+		if (i == 0)
+			a=algor1;
+		else
+			a=algor2;
+		if (a == NULL) continue;
+		if (	(a->parameter == NULL) || 
+			(a->parameter->type != V_ASN1_NULL))
+			{
+			ASN1_TYPE_free(a->parameter);
+			if ((a->parameter=ASN1_TYPE_new()) == NULL) goto err;
+			a->parameter->type=V_ASN1_NULL;
+			}
+		ASN1_OBJECT_free(a->algorithm);
+		a->algorithm=OBJ_nid2obj(type->pkey_type);
+		if (a->algorithm == NULL)
+			{
+			ASN1err(ASN1_F_ASN1_SIGN,ASN1_R_UNKNOWN_OBJECT_TYPE);
+			goto err;
+			}
+		if (a->algorithm->length == 0)
+			{
+			ASN1err(ASN1_F_ASN1_SIGN,ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
+			goto err;
+			}
+		}
+	inl=i2d(data,NULL);
+	buf_in=(unsigned char *)Malloc((unsigned int)inl);
+	outll=outl=EVP_PKEY_size(pkey);
+	buf_out=(unsigned char *)Malloc((unsigned int)outl);
+	if ((buf_in == NULL) || (buf_out == NULL))
+		{
+		outl=0;
+		ASN1err(ASN1_F_ASN1_SIGN,ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+	p=buf_in;
+
+	i2d(data,&p);
+	EVP_SignInit(&ctx,type);
+	EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl);
+	if (!EVP_SignFinal(&ctx,(unsigned char *)buf_out,
+			(unsigned int *)&outl,pkey))
+		{
+		outl=0;
+		ASN1err(ASN1_F_ASN1_SIGN,ERR_R_EVP_LIB);
+		goto err;
+		}
+	if (signature->data != NULL) Free((char *)signature->data);
+	signature->data=buf_out;
+	buf_out=NULL;
+	signature->length=outl;
+	/* In the interests of compatability, I'll make sure that
+	 * the bit string has a 'not-used bits' value of 0
+	 */
+	signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
+	signature->flags|=ASN1_STRING_FLAG_BITS_LEFT;
+err:
+	memset(&ctx,0,sizeof(ctx));
+	if (buf_in != NULL)
+		{ memset((char *)buf_in,0,(unsigned int)inl); Free((char *)buf_in); }
+	if (buf_out != NULL)
+		{ memset((char *)buf_out,0,outll); Free((char *)buf_out); }
+	return(outl);
+	}
diff --git a/crypto/openssl/crypto/asn1/a_time.c b/crypto/openssl/crypto/asn1/a_time.c
new file mode 100644
index 000000000000..c1690a56949d
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/a_time.c
@@ -0,0 +1,123 @@
+/* crypto/asn1/a_time.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+/* This is an implementation of the ASN1 Time structure which is:
+ *    Time ::= CHOICE {
+ *      utcTime        UTCTime,
+ *      generalTime    GeneralizedTime }
+ * written by Steve Henson.
+ */
+
+#include 
+#include 
+#include "cryptlib.h"
+#include 
+
+int i2d_ASN1_TIME(ASN1_TIME *a, unsigned char **pp)
+	{
+#ifdef CHARSET_EBCDIC
+	/* KLUDGE! We convert to ascii before writing DER */
+	char tmp[24];
+	ASN1_STRING tmpstr;
+
+	if(a->type == V_ASN1_UTCTIME || a->type == V_ASN1_GENERALIZEDTIME) {
+	    int len;
+
+	    tmpstr = *(ASN1_STRING *)a;
+	    len = tmpstr.length;
+	    ebcdic2ascii(tmp, tmpstr.data, (len >= sizeof tmp) ? sizeof tmp : len);
+	    tmpstr.data = tmp;
+	    a = (ASN1_GENERALIZEDTIME *) &tmpstr;
+	}
+#endif
+	if(a->type == V_ASN1_UTCTIME || a->type == V_ASN1_GENERALIZEDTIME)
+				return(i2d_ASN1_bytes((ASN1_STRING *)a,pp,
+				     a->type ,V_ASN1_UNIVERSAL));
+	ASN1err(ASN1_F_I2D_ASN1_TIME,ASN1_R_EXPECTING_A_TIME);
+	return -1;
+	}
+
+
+ASN1_TIME *d2i_ASN1_TIME(ASN1_TIME **a, unsigned char **pp, long length)
+	{
+	unsigned char tag;
+	tag = **pp & ~V_ASN1_CONSTRUCTED;
+	if(tag == (V_ASN1_UTCTIME|V_ASN1_UNIVERSAL))
+					 return d2i_ASN1_UTCTIME(a, pp, length);
+	if(tag == (V_ASN1_GENERALIZEDTIME|V_ASN1_UNIVERSAL))
+				return d2i_ASN1_GENERALIZEDTIME(a, pp, length);
+	ASN1err(ASN1_F_D2I_ASN1_TIME,ASN1_R_EXPECTING_A_TIME);
+	return(NULL);
+	}
+
+
+ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t)
+	{
+	struct tm *ts;
+#if defined(THREADS) && !defined(WIN32)
+	struct tm data;
+#endif
+
+#if defined(THREADS) && !defined(WIN32)
+	gmtime_r(&t,&data);
+	ts=&data; /* should return &data, but doesn't on some systems, so we don't even look at the return value */
+#else
+	ts=gmtime(&t);
+#endif
+	if((ts->tm_year >= 50) && (ts->tm_year < 150))
+					return ASN1_UTCTIME_set(s, t);
+	return ASN1_GENERALIZEDTIME_set(s,t);
+	}
diff --git a/crypto/openssl/crypto/asn1/a_type.c b/crypto/openssl/crypto/asn1/a_type.c
new file mode 100644
index 000000000000..3f2ecee5c2f5
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/a_type.c
@@ -0,0 +1,348 @@
+/* crypto/asn1/a_type.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+
+static void ASN1_TYPE_component_free(ASN1_TYPE *a);
+int i2d_ASN1_TYPE(ASN1_TYPE *a, unsigned char **pp)
+	{
+	int r=0;
+
+	if (a == NULL) return(0);
+
+	switch (a->type)
+		{
+	case V_ASN1_NULL:
+		if (pp != NULL)
+			ASN1_put_object(pp,0,0,V_ASN1_NULL,V_ASN1_UNIVERSAL);
+		r=2;
+		break;
+	case V_ASN1_INTEGER:
+	case V_ASN1_NEG_INTEGER:
+		r=i2d_ASN1_INTEGER(a->value.integer,pp);
+		break;
+	case V_ASN1_ENUMERATED:
+	case V_ASN1_NEG_ENUMERATED:
+		r=i2d_ASN1_ENUMERATED(a->value.enumerated,pp);
+		break;
+	case V_ASN1_BIT_STRING:
+		r=i2d_ASN1_BIT_STRING(a->value.bit_string,pp);
+		break;
+	case V_ASN1_OCTET_STRING:
+		r=i2d_ASN1_OCTET_STRING(a->value.octet_string,pp);
+		break;
+	case V_ASN1_OBJECT:
+		r=i2d_ASN1_OBJECT(a->value.object,pp);
+		break;
+	case V_ASN1_PRINTABLESTRING:
+		r=M_i2d_ASN1_PRINTABLESTRING(a->value.printablestring,pp);
+		break;
+	case V_ASN1_T61STRING:
+		r=M_i2d_ASN1_T61STRING(a->value.t61string,pp);
+		break;
+	case V_ASN1_IA5STRING:
+		r=M_i2d_ASN1_IA5STRING(a->value.ia5string,pp);
+		break;
+	case V_ASN1_GENERALSTRING:
+		r=M_i2d_ASN1_GENERALSTRING(a->value.generalstring,pp);
+		break;
+	case V_ASN1_UNIVERSALSTRING:
+		r=M_i2d_ASN1_UNIVERSALSTRING(a->value.universalstring,pp);
+		break;
+	case V_ASN1_UTF8STRING:
+		r=M_i2d_ASN1_UTF8STRING(a->value.utf8string,pp);
+		break;
+	case V_ASN1_VISIBLESTRING:
+		r=M_i2d_ASN1_VISIBLESTRING(a->value.visiblestring,pp);
+		break;
+	case V_ASN1_BMPSTRING:
+		r=M_i2d_ASN1_BMPSTRING(a->value.bmpstring,pp);
+		break;
+	case V_ASN1_UTCTIME:
+		r=i2d_ASN1_UTCTIME(a->value.utctime,pp);
+		break;
+	case V_ASN1_GENERALIZEDTIME:
+		r=i2d_ASN1_GENERALIZEDTIME(a->value.generalizedtime,pp);
+		break;
+	case V_ASN1_SET:
+	case V_ASN1_SEQUENCE:
+		if (a->value.set == NULL)
+			r=0;
+		else
+			{
+			r=a->value.set->length;
+			if (pp != NULL)
+				{
+				memcpy(*pp,a->value.set->data,r);
+				*pp+=r;
+				}
+			}
+		break;
+		}
+	return(r);
+	}
+
+ASN1_TYPE *d2i_ASN1_TYPE(ASN1_TYPE **a, unsigned char **pp, long length)
+	{
+	ASN1_TYPE *ret=NULL;
+	unsigned char *q,*p,*max;
+	int inf,tag,xclass;
+	long len;
+
+	if ((a == NULL) || ((*a) == NULL))
+		{
+		if ((ret=ASN1_TYPE_new()) == NULL) goto err;
+		}
+	else
+		ret=(*a);
+
+	p= *pp;
+	q=p;
+	max=(p+length);
+
+	inf=ASN1_get_object(&q,&len,&tag,&xclass,length);
+	if (inf & 0x80) goto err;
+	
+	ASN1_TYPE_component_free(ret);
+
+	switch (tag)
+		{
+	case V_ASN1_NULL:
+		p=q;
+		ret->value.ptr=NULL;
+		break;
+	case V_ASN1_INTEGER:
+		if ((ret->value.integer=
+			d2i_ASN1_INTEGER(NULL,&p,max-p)) == NULL)
+			goto err;
+		break;
+	case V_ASN1_ENUMERATED:
+		if ((ret->value.enumerated=
+			d2i_ASN1_ENUMERATED(NULL,&p,max-p)) == NULL)
+			goto err;
+		break;
+	case V_ASN1_BIT_STRING:
+		if ((ret->value.bit_string=
+			d2i_ASN1_BIT_STRING(NULL,&p,max-p)) == NULL)
+			goto err;
+		break;
+	case V_ASN1_OCTET_STRING:
+		if ((ret->value.octet_string=
+			d2i_ASN1_OCTET_STRING(NULL,&p,max-p)) == NULL)
+			goto err;
+		break;
+	case V_ASN1_VISIBLESTRING:
+		if ((ret->value.visiblestring=
+			d2i_ASN1_VISIBLESTRING(NULL,&p,max-p)) == NULL)
+			goto err;
+		break;
+	case V_ASN1_UTF8STRING:
+		if ((ret->value.utf8string=
+			d2i_ASN1_UTF8STRING(NULL,&p,max-p)) == NULL)
+			goto err;
+		break;
+	case V_ASN1_OBJECT:
+		if ((ret->value.object=
+			d2i_ASN1_OBJECT(NULL,&p,max-p)) == NULL)
+			goto err;
+		break;
+	case V_ASN1_PRINTABLESTRING:
+		if ((ret->value.printablestring=
+			d2i_ASN1_PRINTABLESTRING(NULL,&p,max-p)) == NULL)
+			goto err;
+		break;
+	case V_ASN1_T61STRING:
+		if ((ret->value.t61string=
+			M_d2i_ASN1_T61STRING(NULL,&p,max-p)) == NULL)
+			goto err;
+		break;
+	case V_ASN1_IA5STRING:
+		if ((ret->value.ia5string=
+			M_d2i_ASN1_IA5STRING(NULL,&p,max-p)) == NULL)
+			goto err;
+		break;
+	case V_ASN1_GENERALSTRING:
+		if ((ret->value.generalstring=
+			M_d2i_ASN1_GENERALSTRING(NULL,&p,max-p)) == NULL)
+			goto err;
+		break;
+	case V_ASN1_UNIVERSALSTRING:
+		if ((ret->value.universalstring=
+			M_d2i_ASN1_UNIVERSALSTRING(NULL,&p,max-p)) == NULL)
+			goto err;
+		break;
+	case V_ASN1_BMPSTRING:
+		if ((ret->value.bmpstring=
+			M_d2i_ASN1_BMPSTRING(NULL,&p,max-p)) == NULL)
+			goto err;
+		break;
+	case V_ASN1_UTCTIME:
+		if ((ret->value.utctime=
+			d2i_ASN1_UTCTIME(NULL,&p,max-p)) == NULL)
+			goto err;
+		break;
+	case V_ASN1_GENERALIZEDTIME:
+		if ((ret->value.generalizedtime=
+			d2i_ASN1_GENERALIZEDTIME(NULL,&p,max-p)) == NULL)
+			goto err;
+		break;
+	case V_ASN1_SET:
+	case V_ASN1_SEQUENCE:
+		/* Sets and sequences are left complete */
+		if ((ret->value.set=ASN1_STRING_new()) == NULL) goto err;
+		ret->value.set->type=tag;
+		len+=(q-p);
+		if (!ASN1_STRING_set(ret->value.set,p,(int)len)) goto err;
+		p+=len;
+		break;
+	default:
+		ASN1err(ASN1_F_D2I_ASN1_TYPE,ASN1_R_BAD_TYPE);
+		goto err;
+		}
+
+	ret->type=tag;
+	if (a != NULL) (*a)=ret;
+	*pp=p;
+	return(ret);
+err:
+	if ((ret != NULL) && ((a == NULL) || (*a != ret))) ASN1_TYPE_free(ret);
+	return(NULL);
+	}
+
+ASN1_TYPE *ASN1_TYPE_new(void)
+	{
+	ASN1_TYPE *ret=NULL;
+	ASN1_CTX c;
+
+	M_ASN1_New_Malloc(ret,ASN1_TYPE);
+	ret->type= -1;
+	ret->value.ptr=NULL;
+	return(ret);
+	M_ASN1_New_Error(ASN1_F_ASN1_TYPE_NEW);
+	}
+
+void ASN1_TYPE_free(ASN1_TYPE *a)
+	{
+	if (a == NULL) return;
+	ASN1_TYPE_component_free(a);
+	Free((char *)(char *)a);
+	}
+
+int ASN1_TYPE_get(ASN1_TYPE *a)
+	{
+	if (a->value.ptr != NULL)
+		return(a->type);
+	else
+		return(0);
+	}
+
+void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value)
+	{
+	if (a->value.ptr != NULL)
+		ASN1_TYPE_component_free(a);
+	a->type=type;
+	a->value.ptr=value;
+	}
+
+static void ASN1_TYPE_component_free(ASN1_TYPE *a)
+	{
+	if (a == NULL) return;
+
+	if (a->value.ptr != NULL)
+		{
+		switch (a->type)
+			{
+		case V_ASN1_OBJECT:
+			ASN1_OBJECT_free(a->value.object);
+			break;
+		case V_ASN1_INTEGER:
+		case V_ASN1_NEG_INTEGER:
+		case V_ASN1_ENUMERATED:
+		case V_ASN1_NEG_ENUMERATED:
+		case V_ASN1_BIT_STRING:
+		case V_ASN1_OCTET_STRING:
+		case V_ASN1_SEQUENCE:
+		case V_ASN1_SET:
+		case V_ASN1_NUMERICSTRING:
+		case V_ASN1_PRINTABLESTRING:
+		case V_ASN1_T61STRING:
+		case V_ASN1_VIDEOTEXSTRING:
+		case V_ASN1_IA5STRING:
+		case V_ASN1_UTCTIME:
+		case V_ASN1_GENERALIZEDTIME:
+		case V_ASN1_GRAPHICSTRING:
+		case V_ASN1_VISIBLESTRING:
+		case V_ASN1_GENERALSTRING:
+		case V_ASN1_UNIVERSALSTRING:
+		case V_ASN1_BMPSTRING:
+		case V_ASN1_UTF8STRING:
+			ASN1_STRING_free((ASN1_STRING *)a->value.ptr);
+			break;
+		default:
+			/* MEMORY LEAK */
+			break;
+			}
+		a->type=0;
+		a->value.ptr=NULL;
+		}
+	}
+
+IMPLEMENT_STACK_OF(ASN1_TYPE)
+IMPLEMENT_ASN1_SET_OF(ASN1_TYPE)
diff --git a/crypto/openssl/crypto/asn1/a_utctm.c b/crypto/openssl/crypto/asn1/a_utctm.c
new file mode 100644
index 000000000000..688199fdd229
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/a_utctm.c
@@ -0,0 +1,260 @@
+/* crypto/asn1/a_utctm.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#ifdef VMS
+#include 
+#include 
+#include 
+#endif
+#include "cryptlib.h"
+#include 
+
+int i2d_ASN1_UTCTIME(ASN1_UTCTIME *a, unsigned char **pp)
+	{
+#ifndef CHARSET_EBCDIC
+	return(i2d_ASN1_bytes((ASN1_STRING *)a,pp,
+		V_ASN1_UTCTIME,V_ASN1_UNIVERSAL));
+#else
+	/* KLUDGE! We convert to ascii before writing DER */
+	int len;
+	char tmp[24];
+	ASN1_STRING x = *(ASN1_STRING *)a;
+
+	len = x.length;
+	ebcdic2ascii(tmp, x.data, (len >= sizeof tmp) ? sizeof tmp : len);
+	x.data = tmp;
+	return i2d_ASN1_bytes(&x, pp, V_ASN1_UTCTIME,V_ASN1_UNIVERSAL);
+#endif
+	}
+
+
+ASN1_UTCTIME *d2i_ASN1_UTCTIME(ASN1_UTCTIME **a, unsigned char **pp,
+	     long length)
+	{
+	ASN1_UTCTIME *ret=NULL;
+
+	ret=(ASN1_UTCTIME *)d2i_ASN1_bytes((ASN1_STRING **)a,pp,length,
+		V_ASN1_UTCTIME,V_ASN1_UNIVERSAL);
+	if (ret == NULL)
+		{
+		ASN1err(ASN1_F_D2I_ASN1_UTCTIME,ERR_R_NESTED_ASN1_ERROR);
+		return(NULL);
+		}
+#ifdef CHARSET_EBCDIC
+	ascii2ebcdic(ret->data, ret->data, ret->length);
+#endif
+	if (!ASN1_UTCTIME_check(ret))
+		{
+		ASN1err(ASN1_F_D2I_ASN1_UTCTIME,ASN1_R_INVALID_TIME_FORMAT);
+		goto err;
+		}
+
+	return(ret);
+err:
+	if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+		ASN1_UTCTIME_free(ret);
+	return(NULL);
+	}
+
+int ASN1_UTCTIME_check(ASN1_UTCTIME *d)
+	{
+	static int min[8]={ 0, 1, 1, 0, 0, 0, 0, 0};
+	static int max[8]={99,12,31,23,59,59,12,59};
+	char *a;
+	int n,i,l,o;
+
+	if (d->type != V_ASN1_UTCTIME) return(0);
+	l=d->length;
+	a=(char *)d->data;
+	o=0;
+
+	if (l < 11) goto err;
+	for (i=0; i<6; i++)
+		{
+		if ((i == 5) && ((a[o] == 'Z') ||
+			(a[o] == '+') || (a[o] == '-')))
+			{ i++; break; }
+		if ((a[o] < '0') || (a[o] > '9')) goto err;
+		n= a[o]-'0';
+		if (++o > l) goto err;
+
+		if ((a[o] < '0') || (a[o] > '9')) goto err;
+		n=(n*10)+ a[o]-'0';
+		if (++o > l) goto err;
+
+		if ((n < min[i]) || (n > max[i])) goto err;
+		}
+	if (a[o] == 'Z')
+		o++;
+	else if ((a[o] == '+') || (a[o] == '-'))
+		{
+		o++;
+		if (o+4 > l) goto err;
+		for (i=6; i<8; i++)
+			{
+			if ((a[o] < '0') || (a[o] > '9')) goto err;
+			n= a[o]-'0';
+			o++;
+			if ((a[o] < '0') || (a[o] > '9')) goto err;
+			n=(n*10)+ a[o]-'0';
+			if ((n < min[i]) || (n > max[i])) goto err;
+			o++;
+			}
+		}
+	return(o == l);
+err:
+	return(0);
+	}
+
+int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, char *str)
+	{
+	ASN1_UTCTIME t;
+
+	t.type=V_ASN1_UTCTIME;
+	t.length=strlen(str);
+	t.data=(unsigned char *)str;
+	if (ASN1_UTCTIME_check(&t))
+		{
+		if (s != NULL)
+			{
+			ASN1_STRING_set((ASN1_STRING *)s,
+				(unsigned char *)str,t.length);
+			}
+		return(1);
+		}
+	else
+		return(0);
+	}
+
+ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
+	{
+	char *p;
+	struct tm *ts;
+#if defined(THREADS) && !defined(WIN32)
+	struct tm data;
+#endif
+
+	if (s == NULL)
+		s=ASN1_UTCTIME_new();
+	if (s == NULL)
+		return(NULL);
+
+#if defined(THREADS) && !defined(WIN32)
+	gmtime_r(&t,&data); /* should return &data, but doesn't on some systems, so we don't even look at the return value */
+	ts=&data;
+#else
+	ts=gmtime(&t);
+#endif
+#ifdef VMS
+	if (ts == NULL)
+		{
+		static $DESCRIPTOR(tabnam,"LNM$DCL_LOGICAL");
+		static $DESCRIPTOR(lognam,"SYS$TIMEZONE_DIFFERENTIAL");
+		char result[256];
+		unsigned int reslen = 0;
+		struct {
+			short buflen;
+			short code;
+			void *bufaddr;
+			unsigned int *reslen;
+		} itemlist[] = {
+			{ 0, LNM$_STRING, 0, 0 },
+			{ 0, 0, 0, 0 },
+		};
+		int status;
+
+		/* Get the value for SYS$TIMEZONE_DIFFERENTIAL */
+		itemlist[0].buflen = sizeof(result);
+		itemlist[0].bufaddr = result;
+		itemlist[0].reslen = &reslen;
+		status = sys$trnlnm(0, &tabnam, &lognam, 0, itemlist);
+		if (!(status & 1))
+			return NULL;
+		result[reslen] = '\0';
+
+		/* Get the numerical value of the equivalence string */
+		status = atoi(result);
+
+		/* and use it to move time to GMT */
+		t -= status;
+
+		/* then convert the result to the time structure */
+		ts=(struct tm *)localtime(&t);
+		}
+#endif
+	p=(char *)s->data;
+	if ((p == NULL) || (s->length < 14))
+		{
+		p=Malloc(20);
+		if (p == NULL) return(NULL);
+		if (s->data != NULL)
+			Free(s->data);
+		s->data=(unsigned char *)p;
+		}
+
+	sprintf(p,"%02d%02d%02d%02d%02d%02dZ",ts->tm_year%100,
+		ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec);
+	s->length=strlen(p);
+	s->type=V_ASN1_UTCTIME;
+#ifdef CHARSET_EBCDIC_not
+	ebcdic2ascii(s->data, s->data, s->length);
+#endif
+	return(s);
+	}
diff --git a/crypto/openssl/crypto/asn1/a_utf8.c b/crypto/openssl/crypto/asn1/a_utf8.c
new file mode 100644
index 000000000000..4a8a92e9e466
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/a_utf8.c
@@ -0,0 +1,83 @@
+/* crypto/asn1/a_utf8.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+
+int i2d_ASN1_UTF8STRING(ASN1_UTF8STRING *a, unsigned char **pp)
+	{
+	return(i2d_ASN1_bytes((ASN1_STRING *)a,pp,
+		V_ASN1_UTF8STRING,V_ASN1_UNIVERSAL));
+	}
+
+ASN1_UTF8STRING *d2i_ASN1_UTF8STRING(ASN1_UTF8STRING **a, unsigned char **pp,
+	     long length)
+	{
+	ASN1_UTF8STRING *ret=NULL;
+
+	ret=(ASN1_UTF8STRING *)d2i_ASN1_bytes((ASN1_STRING **)a,
+		pp,length,V_ASN1_UTF8STRING,V_ASN1_UNIVERSAL);
+	if (ret == NULL)
+		{
+		ASN1err(ASN1_F_D2I_ASN1_UTF8STRING,ERR_R_NESTED_ASN1_ERROR);
+		return(NULL);
+		}
+	return(ret);
+	}
+
diff --git a/crypto/openssl/crypto/asn1/a_verify.c b/crypto/openssl/crypto/asn1/a_verify.c
new file mode 100644
index 000000000000..6383d2c698d3
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/a_verify.c
@@ -0,0 +1,116 @@
+/* crypto/asn1/a_verify.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+#include 
+
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+#include 
+#include 
+
+int ASN1_verify(int (*i2d)(), X509_ALGOR *a, ASN1_BIT_STRING *signature,
+	     char *data, EVP_PKEY *pkey)
+	{
+	EVP_MD_CTX ctx;
+	const EVP_MD *type;
+	unsigned char *p,*buf_in=NULL;
+	int ret= -1,i,inl;
+
+	i=OBJ_obj2nid(a->algorithm);
+	type=EVP_get_digestbyname(OBJ_nid2sn(i));
+	if (type == NULL)
+		{
+		ASN1err(ASN1_F_ASN1_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
+		goto err;
+		}
+	
+	inl=i2d(data,NULL);
+	buf_in=Malloc((unsigned int)inl);
+	if (buf_in == NULL)
+		{
+		ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+	p=buf_in;
+
+	i2d(data,&p);
+	EVP_VerifyInit(&ctx,type);
+	EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
+
+	memset(buf_in,0,(unsigned int)inl);
+	Free((char *)buf_in);
+
+	if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,
+			(unsigned int)signature->length,pkey) <= 0)
+		{
+		ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB);
+		ret=0;
+		goto err;
+		}
+	/* we don't need to zero the 'ctx' because we just checked
+	 * public information */
+	/* memset(&ctx,0,sizeof(ctx)); */
+	ret=1;
+err:
+	return(ret);
+	}
diff --git a/crypto/openssl/crypto/asn1/a_vis.c b/crypto/openssl/crypto/asn1/a_vis.c
new file mode 100644
index 000000000000..2072be780d43
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/a_vis.c
@@ -0,0 +1,83 @@
+/* crypto/asn1/a_vis.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+
+int i2d_ASN1_VISIBLESTRING(ASN1_VISIBLESTRING *a, unsigned char **pp)
+	{
+	return(i2d_ASN1_bytes((ASN1_STRING *)a,pp,
+		V_ASN1_VISIBLESTRING,V_ASN1_UNIVERSAL));
+	}
+
+ASN1_VISIBLESTRING *d2i_ASN1_VISIBLESTRING(ASN1_VISIBLESTRING **a,
+	     unsigned char **pp, long length)
+	{
+	ASN1_VISIBLESTRING *ret=NULL;
+
+	ret=(ASN1_VISIBLESTRING *)d2i_ASN1_bytes((ASN1_STRING **)a,
+		pp,length,V_ASN1_VISIBLESTRING,V_ASN1_UNIVERSAL);
+	if (ret == NULL)
+		{
+		ASN1err(ASN1_F_D2I_ASN1_VISIBLESTRING,ERR_R_NESTED_ASN1_ERROR);
+		return(NULL);
+		}
+	return(ret);
+	}
+
diff --git a/crypto/openssl/crypto/asn1/asn1.h b/crypto/openssl/crypto/asn1/asn1.h
new file mode 100644
index 000000000000..5c2d8999bc15
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/asn1.h
@@ -0,0 +1,945 @@
+/* crypto/asn1/asn1.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_ASN1_H
+#define HEADER_ASN1_H
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#include 
+#include 
+#include 
+#include 
+
+#define V_ASN1_UNIVERSAL		0x00
+#define	V_ASN1_APPLICATION		0x40
+#define V_ASN1_CONTEXT_SPECIFIC		0x80
+#define V_ASN1_PRIVATE			0xc0
+
+#define V_ASN1_CONSTRUCTED		0x20
+#define V_ASN1_PRIMITIVE_TAG		0x1f
+#define V_ASN1_PRIMATIVE_TAG		0x1f
+
+#define V_ASN1_APP_CHOOSE		-2	/* let the recipent choose */
+
+#define V_ASN1_UNDEF			-1
+#define V_ASN1_EOC			0
+#define V_ASN1_BOOLEAN			1	/**/
+#define V_ASN1_INTEGER			2
+#define V_ASN1_NEG_INTEGER		(2+0x100)
+#define V_ASN1_BIT_STRING		3
+#define V_ASN1_OCTET_STRING		4
+#define V_ASN1_NULL			5
+#define V_ASN1_OBJECT			6
+#define V_ASN1_OBJECT_DESCRIPTOR	7
+#define V_ASN1_EXTERNAL			8
+#define V_ASN1_REAL			9
+#define V_ASN1_ENUMERATED		10
+#define V_ASN1_NEG_ENUMERATED		(10+0x100)
+#define V_ASN1_UTF8STRING		12
+#define V_ASN1_SEQUENCE			16
+#define V_ASN1_SET			17
+#define V_ASN1_NUMERICSTRING		18	/**/
+#define V_ASN1_PRINTABLESTRING		19
+#define V_ASN1_T61STRING		20
+#define V_ASN1_TELETEXSTRING		20	/* alias */
+#define V_ASN1_VIDEOTEXSTRING		21	/**/
+#define V_ASN1_IA5STRING		22
+#define V_ASN1_UTCTIME			23
+#define V_ASN1_GENERALIZEDTIME		24	/**/
+#define V_ASN1_GRAPHICSTRING		25	/**/
+#define V_ASN1_ISO64STRING		26	/**/
+#define V_ASN1_VISIBLESTRING		26	/* alias */
+#define V_ASN1_GENERALSTRING		27	/**/
+#define V_ASN1_UNIVERSALSTRING		28	/**/
+#define V_ASN1_BMPSTRING		30
+
+/* For use with d2i_ASN1_type_bytes() */
+#define B_ASN1_NUMERICSTRING	0x0001
+#define B_ASN1_PRINTABLESTRING	0x0002
+#define B_ASN1_T61STRING	0x0004
+#define B_ASN1_TELETEXSTRING	0x0008
+#define B_ASN1_VIDEOTEXSTRING	0x0008
+#define B_ASN1_IA5STRING	0x0010
+#define B_ASN1_GRAPHICSTRING	0x0020
+#define B_ASN1_ISO64STRING	0x0040
+#define B_ASN1_VISIBLESTRING	0x0040
+#define B_ASN1_GENERALSTRING	0x0080
+#define B_ASN1_UNIVERSALSTRING	0x0100
+#define B_ASN1_OCTET_STRING	0x0200
+#define B_ASN1_BIT_STRING	0x0400
+#define B_ASN1_BMPSTRING	0x0800
+#define B_ASN1_UNKNOWN		0x1000
+#define B_ASN1_UTF8STRING	0x2000
+
+#define DECLARE_ASN1_SET_OF(type) \
+int i2d_ASN1_SET_OF_##type(STACK_OF(type) *a,unsigned char **pp, \
+			   int (*func)(type *,unsigned char **), int ex_tag, \
+			   int ex_class, int is_set); \
+STACK_OF(type) *d2i_ASN1_SET_OF_##type(STACK_OF(type) **a,unsigned char **pp, \
+				       long length, \
+				       type *(*func)(type **, \
+						     unsigned char **,long), \
+				       void (*free_func)(type *), \
+				       int ex_tag,int ex_class);
+
+#define IMPLEMENT_ASN1_SET_OF(type) \
+int i2d_ASN1_SET_OF_##type(STACK_OF(type) *a,unsigned char **pp, \
+			   int (*func)(type *,unsigned char **), int ex_tag, \
+			   int ex_class, int is_set) \
+    { return i2d_ASN1_SET((STACK *)a,pp,func,ex_tag,ex_class,is_set); } \
+STACK_OF(type) *d2i_ASN1_SET_OF_##type(STACK_OF(type) **a,unsigned char **pp, \
+				       long length, \
+				       type *(*func)(type **, \
+						     unsigned char **,long), \
+				       void (*free_func)(type *), \
+				       int ex_tag,int ex_class) \
+    { return (STACK_OF(type) *)d2i_ASN1_SET((STACK **)a,pp,length, \
+					    (char *(*)())func, \
+					    (void (*)())free_func, \
+					    ex_tag,ex_class); }
+
+typedef struct asn1_ctx_st
+	{
+	unsigned char *p;/* work char pointer */
+	int eos;	/* end of sequence read for indefinite encoding */
+	int error;	/* error code to use when returning an error */
+	int inf;	/* constructed if 0x20, indefinite is 0x21 */
+	int tag;	/* tag from last 'get object' */
+	int xclass;	/* class from last 'get object' */
+	long slen;	/* length of last 'get object' */
+	unsigned char *max; /* largest value of p alowed */
+	unsigned char *q;/* temporary variable */
+	unsigned char **pp;/* variable */
+	int line;	/* used in error processing */
+	} ASN1_CTX;
+
+/* These are used internally in the ASN1_OBJECT to keep track of
+ * whether the names and data need to be free()ed */
+#define ASN1_OBJECT_FLAG_DYNAMIC	 0x01	/* internal use */
+#define ASN1_OBJECT_FLAG_CRITICAL	 0x02	/* critical x509v3 object id */
+#define ASN1_OBJECT_FLAG_DYNAMIC_STRINGS 0x04	/* internal use */
+#define ASN1_OBJECT_FLAG_DYNAMIC_DATA 	 0x08	/* internal use */
+typedef struct asn1_object_st
+	{
+	const char *sn,*ln;
+	int nid;
+	int length;
+	unsigned char *data;
+	int flags;	/* Should we free this one */
+	} ASN1_OBJECT;
+
+#define ASN1_STRING_FLAG_BITS_LEFT 0x08 /* Set if 0x07 has bits left value */
+/* This is the base type that holds just about everything :-) */
+typedef struct asn1_string_st
+	{
+	int length;
+	int type;
+	unsigned char *data;
+	/* The value of the following field depends on the type being
+	 * held.  It is mostly being used for BIT_STRING so if the
+	 * input data has a non-zero 'unused bits' value, it will be
+	 * handled correctly */
+	long flags;
+	} ASN1_STRING;
+
+#ifndef DEBUG
+#define ASN1_INTEGER		ASN1_STRING
+#define ASN1_ENUMERATED		ASN1_STRING
+#define ASN1_BIT_STRING		ASN1_STRING
+#define ASN1_OCTET_STRING	ASN1_STRING
+#define ASN1_PRINTABLESTRING	ASN1_STRING
+#define ASN1_T61STRING		ASN1_STRING
+#define ASN1_IA5STRING		ASN1_STRING
+#define ASN1_UTCTIME		ASN1_STRING
+#define ASN1_GENERALIZEDTIME	ASN1_STRING
+#define ASN1_TIME		ASN1_STRING
+#define ASN1_GENERALSTRING	ASN1_STRING
+#define ASN1_UNIVERSALSTRING	ASN1_STRING
+#define ASN1_BMPSTRING		ASN1_STRING
+#define ASN1_VISIBLESTRING	ASN1_STRING
+#define ASN1_UTF8STRING		ASN1_STRING
+#else
+typedef struct asn1_string_st ASN1_INTEGER;
+typedef struct asn1_string_st ASN1_ENUMERATED;
+typedef struct asn1_string_st ASN1_BIT_STRING;
+typedef struct asn1_string_st ASN1_OCTET_STRING;
+typedef struct asn1_string_st ASN1_PRINTABLESTRING;
+typedef struct asn1_string_st ASN1_T61STRING;
+typedef struct asn1_string_st ASN1_IA5STRING;
+typedef struct asn1_string_st ASN1_GENERALSTRING;
+typedef struct asn1_string_st ASN1_UNIVERSALSTRING;
+typedef struct asn1_string_st ASN1_BMPSTRING;
+typedef struct asn1_string_st ASN1_UTCTIME;
+typedef struct asn1_string_st ASN1_TIME;
+typedef struct asn1_string_st ASN1_GENERALIZEDTIME;
+typedef struct asn1_string_st ASN1_VISIBLESTRING;
+typedef struct asn1_string_st ASN1_UTF8STRING;
+#endif
+
+typedef struct asn1_type_st
+	{
+	int type;
+	union	{
+		char *ptr;
+		ASN1_STRING *		asn1_string;
+		ASN1_OBJECT *		object;
+		ASN1_INTEGER *		integer;
+		ASN1_ENUMERATED *	enumerated;
+		ASN1_BIT_STRING *	bit_string;
+		ASN1_OCTET_STRING *	octet_string;
+		ASN1_PRINTABLESTRING *	printablestring;
+		ASN1_T61STRING *	t61string;
+		ASN1_IA5STRING *	ia5string;
+		ASN1_GENERALSTRING *	generalstring;
+		ASN1_BMPSTRING *	bmpstring;
+		ASN1_UNIVERSALSTRING *	universalstring;
+		ASN1_UTCTIME *		utctime;
+		ASN1_GENERALIZEDTIME *	generalizedtime;
+		ASN1_VISIBLESTRING *	visiblestring;
+		ASN1_UTF8STRING *	utf8string;
+		/* set and sequence are left complete and still
+		 * contain the set or sequence bytes */
+		ASN1_STRING *		set;
+		ASN1_STRING *		sequence;
+		} value;
+	} ASN1_TYPE;
+
+DECLARE_STACK_OF(ASN1_TYPE)
+DECLARE_ASN1_SET_OF(ASN1_TYPE)
+
+typedef struct asn1_method_st
+	{
+	int (*i2d)();
+	char *(*d2i)();
+	char *(*create)();
+	void (*destroy)();
+	} ASN1_METHOD;
+
+/* This is used when parsing some Netscape objects */
+typedef struct asn1_header_st
+	{
+	ASN1_OCTET_STRING *header;
+	char *data;
+	ASN1_METHOD *meth;
+	} ASN1_HEADER;
+
+#define ASN1_STRING_length(x)	((x)->length)
+#define ASN1_STRING_type(x)	((x)->type)
+#define ASN1_STRING_data(x)	((x)->data)
+
+/* Macros for string operations */
+#define ASN1_BIT_STRING_new()	(ASN1_BIT_STRING *)\
+		ASN1_STRING_type_new(V_ASN1_BIT_STRING)
+#define ASN1_BIT_STRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
+#define ASN1_BIT_STRING_dup(a) (ASN1_BIT_STRING *)\
+		ASN1_STRING_dup((ASN1_STRING *)a)
+#define ASN1_BIT_STRING_cmp(a,b) ASN1_STRING_cmp(\
+		(ASN1_STRING *)a,(ASN1_STRING *)b)
+#define ASN1_BIT_STRING_set(a,b,c) ASN1_STRING_set((ASN1_STRING *)a,b,c)
+/* i2d_ASN1_BIT_STRING() is a function */
+/* d2i_ASN1_BIT_STRING() is a function */
+
+#define ASN1_INTEGER_new()	(ASN1_INTEGER *)\
+		ASN1_STRING_type_new(V_ASN1_INTEGER)
+#define ASN1_INTEGER_free(a)		ASN1_STRING_free((ASN1_STRING *)a)
+#define ASN1_INTEGER_dup(a) (ASN1_INTEGER *)ASN1_STRING_dup((ASN1_STRING *)a)
+#define ASN1_INTEGER_cmp(a,b)	ASN1_STRING_cmp(\
+		(ASN1_STRING *)a,(ASN1_STRING *)b)
+/* ASN1_INTEGER_set() is a function, also see BN_to_ASN1_INTEGER() */
+/* ASN1_INTEGER_get() is a function, also see ASN1_INTEGER_to_BN() */
+/* i2d_ASN1_INTEGER() is a function */
+/* d2i_ASN1_INTEGER() is a function */
+
+#define ASN1_ENUMERATED_new()	(ASN1_ENUMERATED *)\
+		ASN1_STRING_type_new(V_ASN1_ENUMERATED)
+#define ASN1_ENUMERATED_free(a)		ASN1_STRING_free((ASN1_STRING *)a)
+#define ASN1_ENUMERATED_dup(a) (ASN1_ENUMERATED *)ASN1_STRING_dup((ASN1_STRING *)a)
+#define ASN1_ENUMERATED_cmp(a,b)	ASN1_STRING_cmp(\
+		(ASN1_STRING *)a,(ASN1_STRING *)b)
+/* ASN1_ENUMERATED_set() is a function, also see BN_to_ASN1_ENUMERATED() */
+/* ASN1_ENUMERATED_get() is a function, also see ASN1_ENUMERATED_to_BN() */
+/* i2d_ASN1_ENUMERATED() is a function */
+/* d2i_ASN1_ENUMERATED() is a function */
+
+#define ASN1_OCTET_STRING_new()	(ASN1_OCTET_STRING *)\
+		ASN1_STRING_type_new(V_ASN1_OCTET_STRING)
+#define ASN1_OCTET_STRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
+#define ASN1_OCTET_STRING_dup(a) (ASN1_OCTET_STRING *)\
+		ASN1_STRING_dup((ASN1_STRING *)a)
+#define ASN1_OCTET_STRING_cmp(a,b) ASN1_STRING_cmp(\
+		(ASN1_STRING *)a,(ASN1_STRING *)b)
+#define ASN1_OCTET_STRING_set(a,b,c)	ASN1_STRING_set((ASN1_STRING *)a,b,c)
+#define ASN1_OCTET_STRING_print(a,b)	ASN1_STRING_print(a,(ASN1_STRING *)b)
+#define M_i2d_ASN1_OCTET_STRING(a,pp) \
+		i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_OCTET_STRING,\
+		V_ASN1_OCTET_STRING)
+/* d2i_ASN1_OCTET_STRING() is a function */
+
+#define ASN1_PRINTABLE_new()	ASN1_STRING_type_new(V_ASN1_T61STRING)
+#define ASN1_PRINTABLE_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
+#define M_i2d_ASN1_PRINTABLE(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\
+		pp,a->type,V_ASN1_UNIVERSAL)
+#define M_d2i_ASN1_PRINTABLE(a,pp,l) \
+		d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \
+			B_ASN1_PRINTABLESTRING| \
+			B_ASN1_T61STRING| \
+			B_ASN1_IA5STRING| \
+			B_ASN1_BIT_STRING| \
+			B_ASN1_UNIVERSALSTRING|\
+			B_ASN1_BMPSTRING|\
+			B_ASN1_UNKNOWN)
+
+#define DIRECTORYSTRING_new() ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING)
+#define DIRECTORYSTRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
+#define M_i2d_DIRECTORYSTRING(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\
+						pp,a->type,V_ASN1_UNIVERSAL)
+#define M_d2i_DIRECTORYSTRING(a,pp,l) \
+		d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \
+			B_ASN1_PRINTABLESTRING| \
+			B_ASN1_TELETEXSTRING|\
+			B_ASN1_BMPSTRING|\
+			B_ASN1_UNIVERSALSTRING|\
+			B_ASN1_UTF8STRING)
+
+#define DISPLAYTEXT_new() ASN1_STRING_type_new(V_ASN1_VISIBLESTRING)
+#define DISPLAYTEXT_free(a) ASN1_STRING_free((ASN1_STRING *)a)
+#define M_i2d_DISPLAYTEXT(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\
+						pp,a->type,V_ASN1_UNIVERSAL)
+#define M_d2i_DISPLAYTEXT(a,pp,l) \
+		d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \
+			B_ASN1_VISIBLESTRING| \
+			B_ASN1_BMPSTRING|\
+			B_ASN1_UTF8STRING)
+
+#define ASN1_PRINTABLESTRING_new() (ASN1_PRINTABLESTRING *)\
+		ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING)
+#define ASN1_PRINTABLESTRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
+#define M_i2d_ASN1_PRINTABLESTRING(a,pp) \
+		i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_PRINTABLESTRING,\
+		V_ASN1_UNIVERSAL)
+#define M_d2i_ASN1_PRINTABLESTRING(a,pp,l) \
+		(ASN1_PRINTABLESTRING *)d2i_ASN1_type_bytes\
+		((ASN1_STRING **)a,pp,l,B_ASN1_PRINTABLESTRING)
+
+#define ASN1_T61STRING_new()	(ASN1_T61STRING_STRING *)\
+		ASN1_STRING_type_new(V_ASN1_T61STRING)
+#define ASN1_T61STRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
+#define M_i2d_ASN1_T61STRING(a,pp) \
+		i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_T61STRING,\
+		V_ASN1_UNIVERSAL)
+#define M_d2i_ASN1_T61STRING(a,pp,l) \
+		(ASN1_T61STRING *)d2i_ASN1_type_bytes\
+		((ASN1_STRING **)a,pp,l,B_ASN1_T61STRING)
+
+#define ASN1_IA5STRING_new()	(ASN1_IA5STRING *)\
+		ASN1_STRING_type_new(V_ASN1_IA5STRING)
+#define ASN1_IA5STRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
+#define ASN1_IA5STRING_dup(a)	\
+			(ASN1_IA5STRING *)ASN1_STRING_dup((ASN1_STRING *)a)
+#define M_i2d_ASN1_IA5STRING(a,pp) \
+		i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_IA5STRING,\
+			V_ASN1_UNIVERSAL)
+#define M_d2i_ASN1_IA5STRING(a,pp,l) \
+		(ASN1_IA5STRING *)d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l,\
+			B_ASN1_IA5STRING)
+
+#define ASN1_UTCTIME_new()	(ASN1_UTCTIME *)\
+		ASN1_STRING_type_new(V_ASN1_UTCTIME)
+#define ASN1_UTCTIME_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
+#define ASN1_UTCTIME_dup(a) (ASN1_UTCTIME *)ASN1_STRING_dup((ASN1_STRING *)a)
+/* i2d_ASN1_UTCTIME() is a function */
+/* d2i_ASN1_UTCTIME() is a function */
+/* ASN1_UTCTIME_set() is a function */
+/* ASN1_UTCTIME_check() is a function */
+
+#define ASN1_GENERALIZEDTIME_new()	(ASN1_GENERALIZEDTIME *)\
+		ASN1_STRING_type_new(V_ASN1_GENERALIZEDTIME)
+#define ASN1_GENERALIZEDTIME_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
+#define ASN1_GENERALIZEDTIME_dup(a) (ASN1_GENERALIZEDTIME *)ASN1_STRING_dup(\
+	(ASN1_STRING *)a)
+/* i2d_ASN1_GENERALIZEDTIME() is a function */
+/* d2i_ASN1_GENERALIZEDTIME() is a function */
+/* ASN1_GENERALIZEDTIME_set() is a function */
+/* ASN1_GENERALIZEDTIME_check() is a function */
+
+#define ASN1_TIME_new()	(ASN1_TIME *)\
+		ASN1_STRING_type_new(V_ASN1_UTCTIME)
+#define ASN1_TIME_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
+#define ASN1_TIME_dup(a) (ASN1_TIME *)ASN1_STRING_dup((ASN1_STRING *)a)
+
+/* i2d_ASN1_TIME() is a function */
+/* d2i_ASN1_TIME() is a function */
+/* ASN1_TIME_set() is a function */
+/* ASN1_TIME_check() is a function */
+
+#define ASN1_GENERALSTRING_new()	(ASN1_GENERALSTRING *)\
+		ASN1_STRING_type_new(V_ASN1_GENERALSTRING)
+#define ASN1_GENERALSTRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
+#define M_i2d_ASN1_GENERALSTRING(a,pp) \
+		i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_GENERALSTRING,\
+			V_ASN1_UNIVERSAL)
+#define M_d2i_ASN1_GENERALSTRING(a,pp,l) \
+		(ASN1_GENERALSTRING *)d2i_ASN1_type_bytes\
+		((ASN1_STRING **)a,pp,l,B_ASN1_GENERALSTRING)
+
+#define ASN1_UNIVERSALSTRING_new()	(ASN1_UNIVERSALSTRING *)\
+		ASN1_STRING_type_new(V_ASN1_UNIVERSALSTRING)
+#define ASN1_UNIVERSALSTRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
+#define M_i2d_ASN1_UNIVERSALSTRING(a,pp) \
+		i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_UNIVERSALSTRING,\
+			V_ASN1_UNIVERSAL)
+#define M_d2i_ASN1_UNIVERSALSTRING(a,pp,l) \
+		(ASN1_UNIVERSALSTRING *)d2i_ASN1_type_bytes\
+		((ASN1_STRING **)a,pp,l,B_ASN1_UNIVERSALSTRING)
+
+#define ASN1_BMPSTRING_new()	(ASN1_BMPSTRING *)\
+		ASN1_STRING_type_new(V_ASN1_BMPSTRING)
+#define ASN1_BMPSTRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
+#define M_i2d_ASN1_BMPSTRING(a,pp) \
+		i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_BMPSTRING,\
+			V_ASN1_UNIVERSAL)
+#define M_d2i_ASN1_BMPSTRING(a,pp,l) \
+		(ASN1_BMPSTRING *)d2i_ASN1_type_bytes\
+		((ASN1_STRING **)a,pp,l,B_ASN1_BMPSTRING)
+
+#define ASN1_VISIBLESTRING_new()	(ASN1_VISIBLESTRING *)\
+		ASN1_STRING_type_new(V_ASN1_VISIBLESTRING)
+#define ASN1_VISIBLESTRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
+#define M_i2d_ASN1_VISIBLESTRING(a,pp) \
+		i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_VISIBLESTRING,\
+			V_ASN1_UNIVERSAL)
+#define M_d2i_ASN1_VISIBLESTRING(a,pp,l) \
+		(ASN1_VISIBLESTRING *)d2i_ASN1_type_bytes\
+		((ASN1_STRING **)a,pp,l,B_ASN1_VISIBLESTRING)
+
+#define ASN1_UTF8STRING_new()	(ASN1_UTF8STRING *)\
+		ASN1_STRING_type_new(V_ASN1_UTF8STRING)
+#define ASN1_UTF8STRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
+#define M_i2d_ASN1_UTF8STRING(a,pp) \
+		i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_UTF8STRING,\
+			V_ASN1_UNIVERSAL)
+#define M_d2i_ASN1_UTF8STRING(a,pp,l) \
+		(ASN1_UTF8STRING *)d2i_ASN1_type_bytes\
+		((ASN1_STRING **)a,pp,l,B_ASN1_UTF8STRING)
+
+  /* for the is_set parameter to i2d_ASN1_SET */
+#define IS_SEQUENCE	0
+#define IS_SET		1
+
+ASN1_TYPE *	ASN1_TYPE_new(void );
+void		ASN1_TYPE_free(ASN1_TYPE *a);
+int		i2d_ASN1_TYPE(ASN1_TYPE *a,unsigned char **pp);
+ASN1_TYPE *	d2i_ASN1_TYPE(ASN1_TYPE **a,unsigned char **pp,long length);
+int ASN1_TYPE_get(ASN1_TYPE *a);
+void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value);
+
+ASN1_OBJECT *	ASN1_OBJECT_new(void );
+void		ASN1_OBJECT_free(ASN1_OBJECT *a);
+int		i2d_ASN1_OBJECT(ASN1_OBJECT *a,unsigned char **pp);
+ASN1_OBJECT *	d2i_ASN1_OBJECT(ASN1_OBJECT **a,unsigned char **pp,
+			long length);
+
+DECLARE_STACK_OF(ASN1_OBJECT)
+DECLARE_ASN1_SET_OF(ASN1_OBJECT)
+
+ASN1_STRING *	ASN1_STRING_new(void );
+void		ASN1_STRING_free(ASN1_STRING *a);
+ASN1_STRING *	ASN1_STRING_dup(ASN1_STRING *a);
+ASN1_STRING *	ASN1_STRING_type_new(int type );
+int 		ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b);
+  /* Since this is used to store all sorts of things, via macros, for now, make
+     its data void * */
+int 		ASN1_STRING_set(ASN1_STRING *str, const void *data, int len);
+
+int		i2d_ASN1_BIT_STRING(ASN1_BIT_STRING *a,unsigned char **pp);
+ASN1_BIT_STRING *d2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,unsigned char **pp,
+			long length);
+int		ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value);
+int		ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n);
+
+
+int		i2d_ASN1_BOOLEAN(int a,unsigned char **pp);
+int 		d2i_ASN1_BOOLEAN(int *a,unsigned char **pp,long length);
+
+int		i2d_ASN1_INTEGER(ASN1_INTEGER *a,unsigned char **pp);
+ASN1_INTEGER *d2i_ASN1_INTEGER(ASN1_INTEGER **a,unsigned char **pp,
+			long length);
+ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a,unsigned char **pp,
+			long length);
+
+int		i2d_ASN1_ENUMERATED(ASN1_ENUMERATED *a,unsigned char **pp);
+ASN1_ENUMERATED *d2i_ASN1_ENUMERATED(ASN1_ENUMERATED **a,unsigned char **pp,
+			long length);
+
+int ASN1_UTCTIME_check(ASN1_UTCTIME *a);
+ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s,time_t t);
+int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, char *str); 
+
+int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *a);
+ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,time_t t);
+int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, char *str); 
+
+int		i2d_ASN1_OCTET_STRING(ASN1_OCTET_STRING *a,unsigned char **pp);
+ASN1_OCTET_STRING *d2i_ASN1_OCTET_STRING(ASN1_OCTET_STRING **a,
+			unsigned char **pp,long length);
+
+int	i2d_ASN1_VISIBLESTRING(ASN1_VISIBLESTRING *a,unsigned char **pp);
+ASN1_VISIBLESTRING *d2i_ASN1_VISIBLESTRING(ASN1_VISIBLESTRING **a,
+			unsigned char **pp,long length);
+
+int		i2d_ASN1_UTF8STRING(ASN1_UTF8STRING *a,unsigned char **pp);
+ASN1_UTF8STRING *d2i_ASN1_UTF8STRING(ASN1_UTF8STRING **a,
+			unsigned char **pp,long length);
+
+int i2d_ASN1_BMPSTRING(ASN1_BMPSTRING *a, unsigned char **pp);
+ASN1_BMPSTRING *d2i_ASN1_BMPSTRING(ASN1_BMPSTRING **a, unsigned char **pp,
+	long length);
+
+int i2d_ASN1_PRINTABLE(ASN1_STRING *a,unsigned char **pp);
+ASN1_STRING *d2i_ASN1_PRINTABLE(ASN1_STRING **a,
+	unsigned char **pp, long l);
+ASN1_PRINTABLESTRING *d2i_ASN1_PRINTABLESTRING(ASN1_PRINTABLESTRING **a,
+	unsigned char **pp, long l);
+
+int	i2d_DIRECTORYSTRING(ASN1_STRING *a,unsigned char **pp);
+ASN1_STRING *d2i_DIRECTORYSTRING(ASN1_STRING **a, unsigned char **pp,
+								 long length);
+
+int	i2d_DISPLAYTEXT(ASN1_STRING *a,unsigned char **pp);
+ASN1_STRING *d2i_DISPLAYTEXT(ASN1_STRING **a, unsigned char **pp, long length);
+
+ASN1_T61STRING *d2i_ASN1_T61STRING(ASN1_T61STRING **a,
+	unsigned char **pp, long l);
+int i2d_ASN1_IA5STRING(ASN1_IA5STRING *a,unsigned char **pp);
+ASN1_IA5STRING *d2i_ASN1_IA5STRING(ASN1_IA5STRING **a,
+	unsigned char **pp, long l);
+
+int		i2d_ASN1_UTCTIME(ASN1_UTCTIME *a,unsigned char **pp);
+ASN1_UTCTIME *	d2i_ASN1_UTCTIME(ASN1_UTCTIME **a,unsigned char **pp,
+			long length);
+
+int		i2d_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME *a,unsigned char **pp);
+ASN1_GENERALIZEDTIME *	d2i_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME **a,unsigned char **pp,
+			long length);
+
+int		i2d_ASN1_TIME(ASN1_TIME *a,unsigned char **pp);
+ASN1_TIME *	d2i_ASN1_TIME(ASN1_TIME **a,unsigned char **pp, long length);
+ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s,time_t t);
+
+int		i2d_ASN1_SET(STACK *a, unsigned char **pp,
+			int (*func)(), int ex_tag, int ex_class, int is_set);
+STACK *		d2i_ASN1_SET(STACK **a, unsigned char **pp, long length,
+			char *(*func)(), void (*free_func)(),
+			int ex_tag, int ex_class);
+
+#ifdef HEADER_BIO_H
+int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a);
+int a2i_ASN1_INTEGER(BIO *bp,ASN1_INTEGER *bs,char *buf,int size);
+int i2a_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *a);
+int a2i_ASN1_ENUMERATED(BIO *bp,ASN1_ENUMERATED *bs,char *buf,int size);
+int i2a_ASN1_OBJECT(BIO *bp,ASN1_OBJECT *a);
+int a2i_ASN1_STRING(BIO *bp,ASN1_STRING *bs,char *buf,int size);
+int i2a_ASN1_STRING(BIO *bp, ASN1_STRING *a, int type);
+#endif
+int i2t_ASN1_OBJECT(char *buf,int buf_len,ASN1_OBJECT *a);
+
+int a2d_ASN1_OBJECT(unsigned char *out,int olen, const char *buf, int num);
+ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data,int len,
+	char *sn, char *ln);
+
+int ASN1_INTEGER_set(ASN1_INTEGER *a, long v);
+long ASN1_INTEGER_get(ASN1_INTEGER *a);
+ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai);
+BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *ai,BIGNUM *bn);
+
+int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v);
+long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a);
+ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai);
+BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai,BIGNUM *bn);
+
+/* General */
+/* given a string, return the correct type, max is the maximum length */
+int ASN1_PRINTABLE_type(unsigned char *s, int max);
+
+int i2d_ASN1_bytes(ASN1_STRING *a, unsigned char **pp, int tag, int xclass);
+ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, unsigned char **pp,
+	long length, int Ptag, int Pclass);
+/* type is one or more of the B_ASN1_ values. */
+ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a,unsigned char **pp,
+		long length,int type);
+
+/* PARSING */
+int asn1_Finish(ASN1_CTX *c);
+
+/* SPECIALS */
+int ASN1_get_object(unsigned char **pp, long *plength, int *ptag,
+	int *pclass, long omax);
+int ASN1_check_infinite_end(unsigned char **p,long len);
+void ASN1_put_object(unsigned char **pp, int constructed, int length,
+	int tag, int xclass);
+int ASN1_object_size(int constructed, int length, int tag);
+
+/* Used to implement other functions */
+char *ASN1_dup(int (*i2d)(),char *(*d2i)(),char *x);
+
+#ifndef NO_FP_API
+char *ASN1_d2i_fp(char *(*xnew)(),char *(*d2i)(),FILE *fp,unsigned char **x);
+int ASN1_i2d_fp(int (*i2d)(),FILE *out,unsigned char *x);
+#endif
+
+#ifdef HEADER_BIO_H
+char *ASN1_d2i_bio(char *(*xnew)(),char *(*d2i)(),BIO *bp,unsigned char **x);
+int ASN1_i2d_bio(int (*i2d)(),BIO *out,unsigned char *x);
+int ASN1_UTCTIME_print(BIO *fp,ASN1_UTCTIME *a);
+int ASN1_GENERALIZEDTIME_print(BIO *fp,ASN1_GENERALIZEDTIME *a);
+int ASN1_TIME_print(BIO *fp,ASN1_TIME *a);
+int ASN1_STRING_print(BIO *bp,ASN1_STRING *v);
+int ASN1_parse(BIO *bp,unsigned char *pp,long len,int indent);
+#endif
+
+/* Used to load and write netscape format cert/key */
+int i2d_ASN1_HEADER(ASN1_HEADER *a,unsigned char **pp);
+ASN1_HEADER *d2i_ASN1_HEADER(ASN1_HEADER **a,unsigned char **pp, long length);
+ASN1_HEADER *ASN1_HEADER_new(void );
+void ASN1_HEADER_free(ASN1_HEADER *a);
+
+int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s);
+
+void ERR_load_ASN1_strings(void);
+
+/* Not used that much at this point, except for the first two */
+ASN1_METHOD *X509_asn1_meth(void);
+ASN1_METHOD *RSAPrivateKey_asn1_meth(void);
+ASN1_METHOD *ASN1_IA5STRING_asn1_meth(void);
+ASN1_METHOD *ASN1_BIT_STRING_asn1_meth(void);
+
+int ASN1_TYPE_set_octetstring(ASN1_TYPE *a,
+	unsigned char *data, int len);
+int ASN1_TYPE_get_octetstring(ASN1_TYPE *a,
+	unsigned char *data, int max_len);
+int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num,
+	unsigned char *data, int len);
+int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a,long *num,
+	unsigned char *data, int max_len);
+
+STACK *ASN1_seq_unpack(unsigned char *buf, int len, char *(*d2i)(),
+						 void (*free_func)() ); 
+unsigned char *ASN1_seq_pack(STACK *safes, int (*i2d)(), unsigned char **buf,
+								 int *len );
+void *ASN1_unpack_string(ASN1_STRING *oct, char *(*d2i)());
+ASN1_STRING *ASN1_pack_string(void *obj, int (*i2d)(), ASN1_OCTET_STRING **oct);
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+
+/* Error codes for the ASN1 functions. */
+
+/* Function codes. */
+#define ASN1_F_A2D_ASN1_OBJECT				 100
+#define ASN1_F_A2I_ASN1_ENUMERATED			 236
+#define ASN1_F_A2I_ASN1_INTEGER				 101
+#define ASN1_F_A2I_ASN1_STRING				 102
+#define ASN1_F_ASN1_COLLATE_PRIMITIVE			 103
+#define ASN1_F_ASN1_D2I_BIO				 104
+#define ASN1_F_ASN1_D2I_FP				 105
+#define ASN1_F_ASN1_DUP					 106
+#define ASN1_F_ASN1_ENUMERATED_SET			 232
+#define ASN1_F_ASN1_ENUMERATED_TO_BN			 233
+#define ASN1_F_ASN1_GENERALIZEDTIME_NEW			 222
+#define ASN1_F_ASN1_GET_OBJECT				 107
+#define ASN1_F_ASN1_HEADER_NEW				 108
+#define ASN1_F_ASN1_I2D_BIO				 109
+#define ASN1_F_ASN1_I2D_FP				 110
+#define ASN1_F_ASN1_INTEGER_SET				 111
+#define ASN1_F_ASN1_INTEGER_TO_BN			 112
+#define ASN1_F_ASN1_OBJECT_NEW				 113
+#define ASN1_F_ASN1_PACK_STRING				 245
+#define ASN1_F_ASN1_PBE_SET				 253
+#define ASN1_F_ASN1_SEQ_PACK				 246
+#define ASN1_F_ASN1_SEQ_UNPACK				 247
+#define ASN1_F_ASN1_SIGN				 114
+#define ASN1_F_ASN1_STRING_NEW				 115
+#define ASN1_F_ASN1_STRING_TYPE_NEW			 116
+#define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING		 117
+#define ASN1_F_ASN1_TYPE_GET_OCTETSTRING		 118
+#define ASN1_F_ASN1_TYPE_NEW				 119
+#define ASN1_F_ASN1_UNPACK_STRING			 248
+#define ASN1_F_ASN1_UTCTIME_NEW				 120
+#define ASN1_F_ASN1_VERIFY				 121
+#define ASN1_F_AUTHORITY_KEYID_NEW			 237
+#define ASN1_F_BASIC_CONSTRAINTS_NEW			 226
+#define ASN1_F_BN_TO_ASN1_ENUMERATED			 234
+#define ASN1_F_BN_TO_ASN1_INTEGER			 122
+#define ASN1_F_D2I_ASN1_BIT_STRING			 123
+#define ASN1_F_D2I_ASN1_BMPSTRING			 124
+#define ASN1_F_D2I_ASN1_BOOLEAN				 125
+#define ASN1_F_D2I_ASN1_BYTES				 126
+#define ASN1_F_D2I_ASN1_ENUMERATED			 235
+#define ASN1_F_D2I_ASN1_GENERALIZEDTIME			 223
+#define ASN1_F_D2I_ASN1_HEADER				 127
+#define ASN1_F_D2I_ASN1_INTEGER				 128
+#define ASN1_F_D2I_ASN1_OBJECT				 129
+#define ASN1_F_D2I_ASN1_OCTET_STRING			 130
+#define ASN1_F_D2I_ASN1_PRINT_TYPE			 131
+#define ASN1_F_D2I_ASN1_SET				 132
+#define ASN1_F_D2I_ASN1_TIME				 224
+#define ASN1_F_D2I_ASN1_TYPE				 133
+#define ASN1_F_D2I_ASN1_TYPE_BYTES			 134
+#define ASN1_F_D2I_ASN1_UINTEGER			 280
+#define ASN1_F_D2I_ASN1_UTCTIME				 135
+#define ASN1_F_D2I_ASN1_UTF8STRING			 266
+#define ASN1_F_D2I_ASN1_VISIBLESTRING			 267
+#define ASN1_F_D2I_AUTHORITY_KEYID			 238
+#define ASN1_F_D2I_BASIC_CONSTRAINTS			 227
+#define ASN1_F_D2I_DHPARAMS				 136
+#define ASN1_F_D2I_DIST_POINT				 276
+#define ASN1_F_D2I_DIST_POINT_NAME			 277
+#define ASN1_F_D2I_DSAPARAMS				 137
+#define ASN1_F_D2I_DSAPRIVATEKEY			 138
+#define ASN1_F_D2I_DSAPUBLICKEY				 139
+#define ASN1_F_D2I_GENERAL_NAME				 230
+#define ASN1_F_D2I_NETSCAPE_CERT_SEQUENCE		 228
+#define ASN1_F_D2I_NETSCAPE_PKEY			 140
+#define ASN1_F_D2I_NETSCAPE_RSA				 141
+#define ASN1_F_D2I_NETSCAPE_RSA_2			 142
+#define ASN1_F_D2I_NETSCAPE_SPKAC			 143
+#define ASN1_F_D2I_NETSCAPE_SPKI			 144
+#define ASN1_F_D2I_NOTICEREF				 268
+#define ASN1_F_D2I_PBE2PARAM				 262
+#define ASN1_F_D2I_PBEPARAM				 249
+#define ASN1_F_D2I_PBKDF2PARAM				 263
+#define ASN1_F_D2I_PKCS12				 254
+#define ASN1_F_D2I_PKCS12_BAGS				 255
+#define ASN1_F_D2I_PKCS12_MAC_DATA			 256
+#define ASN1_F_D2I_PKCS12_SAFEBAG			 257
+#define ASN1_F_D2I_PKCS7				 145
+#define ASN1_F_D2I_PKCS7_DIGEST				 146
+#define ASN1_F_D2I_PKCS7_ENCRYPT			 147
+#define ASN1_F_D2I_PKCS7_ENC_CONTENT			 148
+#define ASN1_F_D2I_PKCS7_ENVELOPE			 149
+#define ASN1_F_D2I_PKCS7_ISSUER_AND_SERIAL		 150
+#define ASN1_F_D2I_PKCS7_RECIP_INFO			 151
+#define ASN1_F_D2I_PKCS7_SIGNED				 152
+#define ASN1_F_D2I_PKCS7_SIGNER_INFO			 153
+#define ASN1_F_D2I_PKCS7_SIGN_ENVELOPE			 154
+#define ASN1_F_D2I_PKCS8_PRIV_KEY_INFO			 250
+#define ASN1_F_D2I_PKEY_USAGE_PERIOD			 239
+#define ASN1_F_D2I_POLICYINFO				 269
+#define ASN1_F_D2I_POLICYQUALINFO			 270
+#define ASN1_F_D2I_PRIVATEKEY				 155
+#define ASN1_F_D2I_PUBLICKEY				 156
+#define ASN1_F_D2I_RSAPRIVATEKEY			 157
+#define ASN1_F_D2I_RSAPUBLICKEY				 158
+#define ASN1_F_D2I_SXNET				 241
+#define ASN1_F_D2I_SXNETID				 243
+#define ASN1_F_D2I_USERNOTICE				 271
+#define ASN1_F_D2I_X509					 159
+#define ASN1_F_D2I_X509_ALGOR				 160
+#define ASN1_F_D2I_X509_ATTRIBUTE			 161
+#define ASN1_F_D2I_X509_CINF				 162
+#define ASN1_F_D2I_X509_CRL				 163
+#define ASN1_F_D2I_X509_CRL_INFO			 164
+#define ASN1_F_D2I_X509_EXTENSION			 165
+#define ASN1_F_D2I_X509_KEY				 166
+#define ASN1_F_D2I_X509_NAME				 167
+#define ASN1_F_D2I_X509_NAME_ENTRY			 168
+#define ASN1_F_D2I_X509_PKEY				 169
+#define ASN1_F_D2I_X509_PUBKEY				 170
+#define ASN1_F_D2I_X509_REQ				 171
+#define ASN1_F_D2I_X509_REQ_INFO			 172
+#define ASN1_F_D2I_X509_REVOKED				 173
+#define ASN1_F_D2I_X509_SIG				 174
+#define ASN1_F_D2I_X509_VAL				 175
+#define ASN1_F_DIST_POINT_NAME_NEW			 278
+#define ASN1_F_DIST_POINT_NEW				 279
+#define ASN1_F_GENERAL_NAME_NEW				 231
+#define ASN1_F_I2D_ASN1_HEADER				 176
+#define ASN1_F_I2D_ASN1_TIME				 225
+#define ASN1_F_I2D_DHPARAMS				 177
+#define ASN1_F_I2D_DSAPARAMS				 178
+#define ASN1_F_I2D_DSAPRIVATEKEY			 179
+#define ASN1_F_I2D_DSAPUBLICKEY				 180
+#define ASN1_F_I2D_NETSCAPE_RSA				 181
+#define ASN1_F_I2D_PKCS7				 182
+#define ASN1_F_I2D_PRIVATEKEY				 183
+#define ASN1_F_I2D_PUBLICKEY				 184
+#define ASN1_F_I2D_RSAPRIVATEKEY			 185
+#define ASN1_F_I2D_RSAPUBLICKEY				 186
+#define ASN1_F_I2D_X509_ATTRIBUTE			 187
+#define ASN1_F_I2T_ASN1_OBJECT				 188
+#define ASN1_F_NETSCAPE_CERT_SEQUENCE_NEW		 229
+#define ASN1_F_NETSCAPE_PKEY_NEW			 189
+#define ASN1_F_NETSCAPE_SPKAC_NEW			 190
+#define ASN1_F_NETSCAPE_SPKI_NEW			 191
+#define ASN1_F_NOTICEREF_NEW				 272
+#define ASN1_F_PBE2PARAM_NEW				 264
+#define ASN1_F_PBEPARAM_NEW				 251
+#define ASN1_F_PBKDF2PARAM_NEW				 265
+#define ASN1_F_PKCS12_BAGS_NEW				 258
+#define ASN1_F_PKCS12_MAC_DATA_NEW			 259
+#define ASN1_F_PKCS12_NEW				 260
+#define ASN1_F_PKCS12_SAFEBAG_NEW			 261
+#define ASN1_F_PKCS5_PBE2_SET				 281
+#define ASN1_F_PKCS7_DIGEST_NEW				 192
+#define ASN1_F_PKCS7_ENCRYPT_NEW			 193
+#define ASN1_F_PKCS7_ENC_CONTENT_NEW			 194
+#define ASN1_F_PKCS7_ENVELOPE_NEW			 195
+#define ASN1_F_PKCS7_ISSUER_AND_SERIAL_NEW		 196
+#define ASN1_F_PKCS7_NEW				 197
+#define ASN1_F_PKCS7_RECIP_INFO_NEW			 198
+#define ASN1_F_PKCS7_SIGNED_NEW				 199
+#define ASN1_F_PKCS7_SIGNER_INFO_NEW			 200
+#define ASN1_F_PKCS7_SIGN_ENVELOPE_NEW			 201
+#define ASN1_F_PKCS8_PRIV_KEY_INFO_NEW			 252
+#define ASN1_F_PKEY_USAGE_PERIOD_NEW			 240
+#define ASN1_F_POLICYINFO_NEW				 273
+#define ASN1_F_POLICYQUALINFO_NEW			 274
+#define ASN1_F_SXNETID_NEW				 244
+#define ASN1_F_SXNET_NEW				 242
+#define ASN1_F_USERNOTICE_NEW				 275
+#define ASN1_F_X509_ALGOR_NEW				 202
+#define ASN1_F_X509_ATTRIBUTE_NEW			 203
+#define ASN1_F_X509_CINF_NEW				 204
+#define ASN1_F_X509_CRL_INFO_NEW			 205
+#define ASN1_F_X509_CRL_NEW				 206
+#define ASN1_F_X509_DHPARAMS_NEW			 207
+#define ASN1_F_X509_EXTENSION_NEW			 208
+#define ASN1_F_X509_INFO_NEW				 209
+#define ASN1_F_X509_KEY_NEW				 210
+#define ASN1_F_X509_NAME_ENTRY_NEW			 211
+#define ASN1_F_X509_NAME_NEW				 212
+#define ASN1_F_X509_NEW					 213
+#define ASN1_F_X509_PKEY_NEW				 214
+#define ASN1_F_X509_PUBKEY_NEW				 215
+#define ASN1_F_X509_REQ_INFO_NEW			 216
+#define ASN1_F_X509_REQ_NEW				 217
+#define ASN1_F_X509_REVOKED_NEW				 218
+#define ASN1_F_X509_SIG_NEW				 219
+#define ASN1_F_X509_VAL_FREE				 220
+#define ASN1_F_X509_VAL_NEW				 221
+
+/* Reason codes. */
+#define ASN1_R_BAD_CLASS				 100
+#define ASN1_R_BAD_OBJECT_HEADER			 101
+#define ASN1_R_BAD_PASSWORD_READ			 102
+#define ASN1_R_BAD_PKCS7_CONTENT			 103
+#define ASN1_R_BAD_PKCS7_TYPE				 104
+#define ASN1_R_BAD_TAG					 105
+#define ASN1_R_BAD_TYPE					 106
+#define ASN1_R_BN_LIB					 107
+#define ASN1_R_BOOLEAN_IS_WRONG_LENGTH			 108
+#define ASN1_R_BUFFER_TOO_SMALL				 109
+#define ASN1_R_DATA_IS_WRONG				 110
+#define ASN1_R_DECODE_ERROR				 155
+#define ASN1_R_DECODING_ERROR				 111
+#define ASN1_R_ENCODE_ERROR				 156
+#define ASN1_R_ERROR_PARSING_SET_ELEMENT		 112
+#define ASN1_R_ERROR_SETTING_CIPHER_PARAMS		 157
+#define ASN1_R_EXPECTING_AN_ENUMERATED			 154
+#define ASN1_R_EXPECTING_AN_INTEGER			 113
+#define ASN1_R_EXPECTING_AN_OBJECT			 114
+#define ASN1_R_EXPECTING_AN_OCTET_STRING		 115
+#define ASN1_R_EXPECTING_A_BIT_STRING			 116
+#define ASN1_R_EXPECTING_A_BOOLEAN			 117
+#define ASN1_R_EXPECTING_A_GENERALIZEDTIME		 151
+#define ASN1_R_EXPECTING_A_TIME				 152
+#define ASN1_R_EXPECTING_A_UTCTIME			 118
+#define ASN1_R_FIRST_NUM_TOO_LARGE			 119
+#define ASN1_R_GENERALIZEDTIME_TOO_LONG			 153
+#define ASN1_R_HEADER_TOO_LONG				 120
+#define ASN1_R_INVALID_DIGIT				 121
+#define ASN1_R_INVALID_SEPARATOR			 122
+#define ASN1_R_INVALID_TIME_FORMAT			 123
+#define ASN1_R_IV_TOO_LARGE				 124
+#define ASN1_R_LENGTH_ERROR				 125
+#define ASN1_R_MISSING_SECOND_NUMBER			 126
+#define ASN1_R_NON_HEX_CHARACTERS			 127
+#define ASN1_R_NOT_ENOUGH_DATA				 128
+#define ASN1_R_ODD_NUMBER_OF_CHARS			 129
+#define ASN1_R_PARSING					 130
+#define ASN1_R_PRIVATE_KEY_HEADER_MISSING		 131
+#define ASN1_R_SECOND_NUMBER_TOO_LARGE			 132
+#define ASN1_R_SHORT_LINE				 133
+#define ASN1_R_STRING_TOO_SHORT				 134
+#define ASN1_R_TAG_VALUE_TOO_HIGH			 135
+#define ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 136
+#define ASN1_R_TOO_LONG					 137
+#define ASN1_R_UNABLE_TO_DECODE_RSA_KEY			 138
+#define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY		 139
+#define ASN1_R_UNKNOWN_ATTRIBUTE_TYPE			 140
+#define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM		 141
+#define ASN1_R_UNKNOWN_OBJECT_TYPE			 142
+#define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE			 143
+#define ASN1_R_UNSUPPORTED_CIPHER			 144
+#define ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM		 145
+#define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE		 146
+#define ASN1_R_UTCTIME_TOO_LONG				 147
+#define ASN1_R_WRONG_PRINTABLE_TYPE			 148
+#define ASN1_R_WRONG_TAG				 149
+#define ASN1_R_WRONG_TYPE				 150
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
+
diff --git a/crypto/openssl/crypto/asn1/asn1_err.c b/crypto/openssl/crypto/asn1/asn1_err.c
new file mode 100644
index 000000000000..16755a0b059b
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/asn1_err.c
@@ -0,0 +1,331 @@
+/* crypto/asn1/asn1_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file.
+ */
+
+#include 
+#include 
+#include 
+
+/* BEGIN ERROR CODES */
+#ifndef NO_ERR
+static ERR_STRING_DATA ASN1_str_functs[]=
+	{
+{ERR_PACK(0,ASN1_F_A2D_ASN1_OBJECT,0),	"a2d_ASN1_OBJECT"},
+{ERR_PACK(0,ASN1_F_A2I_ASN1_ENUMERATED,0),	"a2i_ASN1_ENUMERATED"},
+{ERR_PACK(0,ASN1_F_A2I_ASN1_INTEGER,0),	"a2i_ASN1_INTEGER"},
+{ERR_PACK(0,ASN1_F_A2I_ASN1_STRING,0),	"a2i_ASN1_STRING"},
+{ERR_PACK(0,ASN1_F_ASN1_COLLATE_PRIMITIVE,0),	"ASN1_COLLATE_PRIMITIVE"},
+{ERR_PACK(0,ASN1_F_ASN1_D2I_BIO,0),	"ASN1_d2i_bio"},
+{ERR_PACK(0,ASN1_F_ASN1_D2I_FP,0),	"ASN1_d2i_fp"},
+{ERR_PACK(0,ASN1_F_ASN1_DUP,0),	"ASN1_dup"},
+{ERR_PACK(0,ASN1_F_ASN1_ENUMERATED_SET,0),	"ASN1_ENUMERATED_set"},
+{ERR_PACK(0,ASN1_F_ASN1_ENUMERATED_TO_BN,0),	"ASN1_ENUMERATED_to_BN"},
+{ERR_PACK(0,ASN1_F_ASN1_GENERALIZEDTIME_NEW,0),	"ASN1_GENERALIZEDTIME_NEW"},
+{ERR_PACK(0,ASN1_F_ASN1_GET_OBJECT,0),	"ASN1_get_object"},
+{ERR_PACK(0,ASN1_F_ASN1_HEADER_NEW,0),	"ASN1_HEADER_new"},
+{ERR_PACK(0,ASN1_F_ASN1_I2D_BIO,0),	"ASN1_i2d_bio"},
+{ERR_PACK(0,ASN1_F_ASN1_I2D_FP,0),	"ASN1_i2d_fp"},
+{ERR_PACK(0,ASN1_F_ASN1_INTEGER_SET,0),	"ASN1_INTEGER_set"},
+{ERR_PACK(0,ASN1_F_ASN1_INTEGER_TO_BN,0),	"ASN1_INTEGER_to_BN"},
+{ERR_PACK(0,ASN1_F_ASN1_OBJECT_NEW,0),	"ASN1_OBJECT_new"},
+{ERR_PACK(0,ASN1_F_ASN1_PACK_STRING,0),	"ASN1_pack_string"},
+{ERR_PACK(0,ASN1_F_ASN1_PBE_SET,0),	"ASN1_PBE_SET"},
+{ERR_PACK(0,ASN1_F_ASN1_SEQ_PACK,0),	"ASN1_seq_pack"},
+{ERR_PACK(0,ASN1_F_ASN1_SEQ_UNPACK,0),	"ASN1_seq_unpack"},
+{ERR_PACK(0,ASN1_F_ASN1_SIGN,0),	"ASN1_sign"},
+{ERR_PACK(0,ASN1_F_ASN1_STRING_NEW,0),	"ASN1_STRING_new"},
+{ERR_PACK(0,ASN1_F_ASN1_STRING_TYPE_NEW,0),	"ASN1_STRING_type_new"},
+{ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING,0),	"ASN1_TYPE_get_int_octetstring"},
+{ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_OCTETSTRING,0),	"ASN1_TYPE_get_octetstring"},
+{ERR_PACK(0,ASN1_F_ASN1_TYPE_NEW,0),	"ASN1_TYPE_new"},
+{ERR_PACK(0,ASN1_F_ASN1_UNPACK_STRING,0),	"ASN1_unpack_string"},
+{ERR_PACK(0,ASN1_F_ASN1_UTCTIME_NEW,0),	"ASN1_UTCTIME_NEW"},
+{ERR_PACK(0,ASN1_F_ASN1_VERIFY,0),	"ASN1_verify"},
+{ERR_PACK(0,ASN1_F_AUTHORITY_KEYID_NEW,0),	"AUTHORITY_KEYID_new"},
+{ERR_PACK(0,ASN1_F_BASIC_CONSTRAINTS_NEW,0),	"BASIC_CONSTRAINTS_new"},
+{ERR_PACK(0,ASN1_F_BN_TO_ASN1_ENUMERATED,0),	"BN_to_ASN1_ENUMERATED"},
+{ERR_PACK(0,ASN1_F_BN_TO_ASN1_INTEGER,0),	"BN_to_ASN1_INTEGER"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_BIT_STRING,0),	"d2i_ASN1_BIT_STRING"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_BMPSTRING,0),	"d2i_ASN1_BMPSTRING"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_BOOLEAN,0),	"d2i_ASN1_BOOLEAN"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_BYTES,0),	"d2i_ASN1_bytes"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_ENUMERATED,0),	"d2i_ASN1_ENUMERATED"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_GENERALIZEDTIME,0),	"d2i_ASN1_GENERALIZEDTIME"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_HEADER,0),	"d2i_ASN1_HEADER"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_INTEGER,0),	"d2i_ASN1_INTEGER"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_OBJECT,0),	"d2i_ASN1_OBJECT"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_OCTET_STRING,0),	"d2i_ASN1_OCTET_STRING"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_PRINT_TYPE,0),	"D2I_ASN1_PRINT_TYPE"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_SET,0),	"d2i_ASN1_SET"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_TIME,0),	"d2i_ASN1_TIME"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_TYPE,0),	"d2i_ASN1_TYPE"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_TYPE_BYTES,0),	"d2i_ASN1_type_bytes"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_UINTEGER,0),	"d2i_ASN1_UINTEGER"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_UTCTIME,0),	"d2i_ASN1_UTCTIME"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_UTF8STRING,0),	"d2i_ASN1_UTF8STRING"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_VISIBLESTRING,0),	"d2i_ASN1_VISIBLESTRING"},
+{ERR_PACK(0,ASN1_F_D2I_AUTHORITY_KEYID,0),	"d2i_AUTHORITY_KEYID"},
+{ERR_PACK(0,ASN1_F_D2I_BASIC_CONSTRAINTS,0),	"d2i_BASIC_CONSTRAINTS"},
+{ERR_PACK(0,ASN1_F_D2I_DHPARAMS,0),	"d2i_DHparams"},
+{ERR_PACK(0,ASN1_F_D2I_DIST_POINT,0),	"d2i_DIST_POINT"},
+{ERR_PACK(0,ASN1_F_D2I_DIST_POINT_NAME,0),	"d2i_DIST_POINT_NAME"},
+{ERR_PACK(0,ASN1_F_D2I_DSAPARAMS,0),	"d2i_DSAparams"},
+{ERR_PACK(0,ASN1_F_D2I_DSAPRIVATEKEY,0),	"d2i_DSAPrivateKey"},
+{ERR_PACK(0,ASN1_F_D2I_DSAPUBLICKEY,0),	"d2i_DSAPublicKey"},
+{ERR_PACK(0,ASN1_F_D2I_GENERAL_NAME,0),	"d2i_GENERAL_NAME"},
+{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_CERT_SEQUENCE,0),	"d2i_NETSCAPE_CERT_SEQUENCE"},
+{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_PKEY,0),	"D2I_NETSCAPE_PKEY"},
+{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_RSA,0),	"d2i_Netscape_RSA"},
+{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_RSA_2,0),	"d2i_Netscape_RSA_2"},
+{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_SPKAC,0),	"d2i_NETSCAPE_SPKAC"},
+{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_SPKI,0),	"d2i_NETSCAPE_SPKI"},
+{ERR_PACK(0,ASN1_F_D2I_NOTICEREF,0),	"d2i_NOTICEREF"},
+{ERR_PACK(0,ASN1_F_D2I_PBE2PARAM,0),	"d2i_PBE2PARAM"},
+{ERR_PACK(0,ASN1_F_D2I_PBEPARAM,0),	"d2i_PBEPARAM"},
+{ERR_PACK(0,ASN1_F_D2I_PBKDF2PARAM,0),	"d2i_PBKDF2PARAM"},
+{ERR_PACK(0,ASN1_F_D2I_PKCS12,0),	"d2i_PKCS12"},
+{ERR_PACK(0,ASN1_F_D2I_PKCS12_BAGS,0),	"d2i_PKCS12_BAGS"},
+{ERR_PACK(0,ASN1_F_D2I_PKCS12_MAC_DATA,0),	"d2i_PKCS12_MAC_DATA"},
+{ERR_PACK(0,ASN1_F_D2I_PKCS12_SAFEBAG,0),	"d2i_PKCS12_SAFEBAG"},
+{ERR_PACK(0,ASN1_F_D2I_PKCS7,0),	"d2i_PKCS7"},
+{ERR_PACK(0,ASN1_F_D2I_PKCS7_DIGEST,0),	"d2i_PKCS7_DIGEST"},
+{ERR_PACK(0,ASN1_F_D2I_PKCS7_ENCRYPT,0),	"d2i_PKCS7_ENCRYPT"},
+{ERR_PACK(0,ASN1_F_D2I_PKCS7_ENC_CONTENT,0),	"d2i_PKCS7_ENC_CONTENT"},
+{ERR_PACK(0,ASN1_F_D2I_PKCS7_ENVELOPE,0),	"d2i_PKCS7_ENVELOPE"},
+{ERR_PACK(0,ASN1_F_D2I_PKCS7_ISSUER_AND_SERIAL,0),	"d2i_PKCS7_ISSUER_AND_SERIAL"},
+{ERR_PACK(0,ASN1_F_D2I_PKCS7_RECIP_INFO,0),	"d2i_PKCS7_RECIP_INFO"},
+{ERR_PACK(0,ASN1_F_D2I_PKCS7_SIGNED,0),	"d2i_PKCS7_SIGNED"},
+{ERR_PACK(0,ASN1_F_D2I_PKCS7_SIGNER_INFO,0),	"d2i_PKCS7_SIGNER_INFO"},
+{ERR_PACK(0,ASN1_F_D2I_PKCS7_SIGN_ENVELOPE,0),	"d2i_PKCS7_SIGN_ENVELOPE"},
+{ERR_PACK(0,ASN1_F_D2I_PKCS8_PRIV_KEY_INFO,0),	"d2i_PKCS8_PRIV_KEY_INFO"},
+{ERR_PACK(0,ASN1_F_D2I_PKEY_USAGE_PERIOD,0),	"d2i_PKEY_USAGE_PERIOD"},
+{ERR_PACK(0,ASN1_F_D2I_POLICYINFO,0),	"d2i_POLICYINFO"},
+{ERR_PACK(0,ASN1_F_D2I_POLICYQUALINFO,0),	"d2i_POLICYQUALINFO"},
+{ERR_PACK(0,ASN1_F_D2I_PRIVATEKEY,0),	"d2i_PrivateKey"},
+{ERR_PACK(0,ASN1_F_D2I_PUBLICKEY,0),	"d2i_PublicKey"},
+{ERR_PACK(0,ASN1_F_D2I_RSAPRIVATEKEY,0),	"d2i_RSAPrivateKey"},
+{ERR_PACK(0,ASN1_F_D2I_RSAPUBLICKEY,0),	"d2i_RSAPublicKey"},
+{ERR_PACK(0,ASN1_F_D2I_SXNET,0),	"d2i_SXNET"},
+{ERR_PACK(0,ASN1_F_D2I_SXNETID,0),	"d2i_SXNETID"},
+{ERR_PACK(0,ASN1_F_D2I_USERNOTICE,0),	"d2i_USERNOTICE"},
+{ERR_PACK(0,ASN1_F_D2I_X509,0),	"d2i_X509"},
+{ERR_PACK(0,ASN1_F_D2I_X509_ALGOR,0),	"d2i_X509_ALGOR"},
+{ERR_PACK(0,ASN1_F_D2I_X509_ATTRIBUTE,0),	"d2i_X509_ATTRIBUTE"},
+{ERR_PACK(0,ASN1_F_D2I_X509_CINF,0),	"d2i_X509_CINF"},
+{ERR_PACK(0,ASN1_F_D2I_X509_CRL,0),	"d2i_X509_CRL"},
+{ERR_PACK(0,ASN1_F_D2I_X509_CRL_INFO,0),	"d2i_X509_CRL_INFO"},
+{ERR_PACK(0,ASN1_F_D2I_X509_EXTENSION,0),	"d2i_X509_EXTENSION"},
+{ERR_PACK(0,ASN1_F_D2I_X509_KEY,0),	"D2I_X509_KEY"},
+{ERR_PACK(0,ASN1_F_D2I_X509_NAME,0),	"d2i_X509_NAME"},
+{ERR_PACK(0,ASN1_F_D2I_X509_NAME_ENTRY,0),	"d2i_X509_NAME_ENTRY"},
+{ERR_PACK(0,ASN1_F_D2I_X509_PKEY,0),	"d2i_X509_PKEY"},
+{ERR_PACK(0,ASN1_F_D2I_X509_PUBKEY,0),	"d2i_X509_PUBKEY"},
+{ERR_PACK(0,ASN1_F_D2I_X509_REQ,0),	"d2i_X509_REQ"},
+{ERR_PACK(0,ASN1_F_D2I_X509_REQ_INFO,0),	"d2i_X509_REQ_INFO"},
+{ERR_PACK(0,ASN1_F_D2I_X509_REVOKED,0),	"d2i_X509_REVOKED"},
+{ERR_PACK(0,ASN1_F_D2I_X509_SIG,0),	"d2i_X509_SIG"},
+{ERR_PACK(0,ASN1_F_D2I_X509_VAL,0),	"d2i_X509_VAL"},
+{ERR_PACK(0,ASN1_F_DIST_POINT_NAME_NEW,0),	"DIST_POINT_NAME_new"},
+{ERR_PACK(0,ASN1_F_DIST_POINT_NEW,0),	"DIST_POINT_new"},
+{ERR_PACK(0,ASN1_F_GENERAL_NAME_NEW,0),	"GENERAL_NAME_new"},
+{ERR_PACK(0,ASN1_F_I2D_ASN1_HEADER,0),	"i2d_ASN1_HEADER"},
+{ERR_PACK(0,ASN1_F_I2D_ASN1_TIME,0),	"i2d_ASN1_TIME"},
+{ERR_PACK(0,ASN1_F_I2D_DHPARAMS,0),	"i2d_DHparams"},
+{ERR_PACK(0,ASN1_F_I2D_DSAPARAMS,0),	"i2d_DSAparams"},
+{ERR_PACK(0,ASN1_F_I2D_DSAPRIVATEKEY,0),	"i2d_DSAPrivateKey"},
+{ERR_PACK(0,ASN1_F_I2D_DSAPUBLICKEY,0),	"i2d_DSAPublicKey"},
+{ERR_PACK(0,ASN1_F_I2D_NETSCAPE_RSA,0),	"i2d_Netscape_RSA"},
+{ERR_PACK(0,ASN1_F_I2D_PKCS7,0),	"i2d_PKCS7"},
+{ERR_PACK(0,ASN1_F_I2D_PRIVATEKEY,0),	"i2d_PrivateKey"},
+{ERR_PACK(0,ASN1_F_I2D_PUBLICKEY,0),	"i2d_PublicKey"},
+{ERR_PACK(0,ASN1_F_I2D_RSAPRIVATEKEY,0),	"i2d_RSAPrivateKey"},
+{ERR_PACK(0,ASN1_F_I2D_RSAPUBLICKEY,0),	"i2d_RSAPublicKey"},
+{ERR_PACK(0,ASN1_F_I2D_X509_ATTRIBUTE,0),	"i2d_X509_ATTRIBUTE"},
+{ERR_PACK(0,ASN1_F_I2T_ASN1_OBJECT,0),	"i2t_ASN1_OBJECT"},
+{ERR_PACK(0,ASN1_F_NETSCAPE_CERT_SEQUENCE_NEW,0),	"NETSCAPE_CERT_SEQUENCE_new"},
+{ERR_PACK(0,ASN1_F_NETSCAPE_PKEY_NEW,0),	"NETSCAPE_PKEY_NEW"},
+{ERR_PACK(0,ASN1_F_NETSCAPE_SPKAC_NEW,0),	"NETSCAPE_SPKAC_new"},
+{ERR_PACK(0,ASN1_F_NETSCAPE_SPKI_NEW,0),	"NETSCAPE_SPKI_new"},
+{ERR_PACK(0,ASN1_F_NOTICEREF_NEW,0),	"NOTICEREF_new"},
+{ERR_PACK(0,ASN1_F_PBE2PARAM_NEW,0),	"PBE2PARAM_new"},
+{ERR_PACK(0,ASN1_F_PBEPARAM_NEW,0),	"PBEPARAM_new"},
+{ERR_PACK(0,ASN1_F_PBKDF2PARAM_NEW,0),	"PBKDF2PARAM_new"},
+{ERR_PACK(0,ASN1_F_PKCS12_BAGS_NEW,0),	"PKCS12_BAGS_new"},
+{ERR_PACK(0,ASN1_F_PKCS12_MAC_DATA_NEW,0),	"PKCS12_MAC_DATA_new"},
+{ERR_PACK(0,ASN1_F_PKCS12_NEW,0),	"PKCS12_new"},
+{ERR_PACK(0,ASN1_F_PKCS12_SAFEBAG_NEW,0),	"PKCS12_SAFEBAG_new"},
+{ERR_PACK(0,ASN1_F_PKCS5_PBE2_SET,0),	"PKCS5_pbe2_set"},
+{ERR_PACK(0,ASN1_F_PKCS7_DIGEST_NEW,0),	"PKCS7_DIGEST_new"},
+{ERR_PACK(0,ASN1_F_PKCS7_ENCRYPT_NEW,0),	"PKCS7_ENCRYPT_new"},
+{ERR_PACK(0,ASN1_F_PKCS7_ENC_CONTENT_NEW,0),	"PKCS7_ENC_CONTENT_new"},
+{ERR_PACK(0,ASN1_F_PKCS7_ENVELOPE_NEW,0),	"PKCS7_ENVELOPE_new"},
+{ERR_PACK(0,ASN1_F_PKCS7_ISSUER_AND_SERIAL_NEW,0),	"PKCS7_ISSUER_AND_SERIAL_new"},
+{ERR_PACK(0,ASN1_F_PKCS7_NEW,0),	"PKCS7_new"},
+{ERR_PACK(0,ASN1_F_PKCS7_RECIP_INFO_NEW,0),	"PKCS7_RECIP_INFO_new"},
+{ERR_PACK(0,ASN1_F_PKCS7_SIGNED_NEW,0),	"PKCS7_SIGNED_new"},
+{ERR_PACK(0,ASN1_F_PKCS7_SIGNER_INFO_NEW,0),	"PKCS7_SIGNER_INFO_new"},
+{ERR_PACK(0,ASN1_F_PKCS7_SIGN_ENVELOPE_NEW,0),	"PKCS7_SIGN_ENVELOPE_new"},
+{ERR_PACK(0,ASN1_F_PKCS8_PRIV_KEY_INFO_NEW,0),	"PKCS8_PRIV_KEY_INFO_new"},
+{ERR_PACK(0,ASN1_F_PKEY_USAGE_PERIOD_NEW,0),	"PKEY_USAGE_PERIOD_new"},
+{ERR_PACK(0,ASN1_F_POLICYINFO_NEW,0),	"POLICYINFO_new"},
+{ERR_PACK(0,ASN1_F_POLICYQUALINFO_NEW,0),	"POLICYQUALINFO_new"},
+{ERR_PACK(0,ASN1_F_SXNETID_NEW,0),	"SXNETID_new"},
+{ERR_PACK(0,ASN1_F_SXNET_NEW,0),	"SXNET_new"},
+{ERR_PACK(0,ASN1_F_USERNOTICE_NEW,0),	"USERNOTICE_new"},
+{ERR_PACK(0,ASN1_F_X509_ALGOR_NEW,0),	"X509_ALGOR_new"},
+{ERR_PACK(0,ASN1_F_X509_ATTRIBUTE_NEW,0),	"X509_ATTRIBUTE_new"},
+{ERR_PACK(0,ASN1_F_X509_CINF_NEW,0),	"X509_CINF_new"},
+{ERR_PACK(0,ASN1_F_X509_CRL_INFO_NEW,0),	"X509_CRL_INFO_new"},
+{ERR_PACK(0,ASN1_F_X509_CRL_NEW,0),	"X509_CRL_new"},
+{ERR_PACK(0,ASN1_F_X509_DHPARAMS_NEW,0),	"X509_DHPARAMS_NEW"},
+{ERR_PACK(0,ASN1_F_X509_EXTENSION_NEW,0),	"X509_EXTENSION_new"},
+{ERR_PACK(0,ASN1_F_X509_INFO_NEW,0),	"X509_INFO_new"},
+{ERR_PACK(0,ASN1_F_X509_KEY_NEW,0),	"X509_KEY_NEW"},
+{ERR_PACK(0,ASN1_F_X509_NAME_ENTRY_NEW,0),	"X509_NAME_ENTRY_new"},
+{ERR_PACK(0,ASN1_F_X509_NAME_NEW,0),	"X509_NAME_new"},
+{ERR_PACK(0,ASN1_F_X509_NEW,0),	"X509_new"},
+{ERR_PACK(0,ASN1_F_X509_PKEY_NEW,0),	"X509_PKEY_new"},
+{ERR_PACK(0,ASN1_F_X509_PUBKEY_NEW,0),	"X509_PUBKEY_new"},
+{ERR_PACK(0,ASN1_F_X509_REQ_INFO_NEW,0),	"X509_REQ_INFO_new"},
+{ERR_PACK(0,ASN1_F_X509_REQ_NEW,0),	"X509_REQ_new"},
+{ERR_PACK(0,ASN1_F_X509_REVOKED_NEW,0),	"X509_REVOKED_new"},
+{ERR_PACK(0,ASN1_F_X509_SIG_NEW,0),	"X509_SIG_new"},
+{ERR_PACK(0,ASN1_F_X509_VAL_FREE,0),	"X509_VAL_free"},
+{ERR_PACK(0,ASN1_F_X509_VAL_NEW,0),	"X509_VAL_new"},
+{0,NULL}
+	};
+
+static ERR_STRING_DATA ASN1_str_reasons[]=
+	{
+{ASN1_R_BAD_CLASS                        ,"bad class"},
+{ASN1_R_BAD_OBJECT_HEADER                ,"bad object header"},
+{ASN1_R_BAD_PASSWORD_READ                ,"bad password read"},
+{ASN1_R_BAD_PKCS7_CONTENT                ,"bad pkcs7 content"},
+{ASN1_R_BAD_PKCS7_TYPE                   ,"bad pkcs7 type"},
+{ASN1_R_BAD_TAG                          ,"bad tag"},
+{ASN1_R_BAD_TYPE                         ,"bad type"},
+{ASN1_R_BN_LIB                           ,"bn lib"},
+{ASN1_R_BOOLEAN_IS_WRONG_LENGTH          ,"boolean is wrong length"},
+{ASN1_R_BUFFER_TOO_SMALL                 ,"buffer too small"},
+{ASN1_R_DATA_IS_WRONG                    ,"data is wrong"},
+{ASN1_R_DECODE_ERROR                     ,"decode error"},
+{ASN1_R_DECODING_ERROR                   ,"decoding error"},
+{ASN1_R_ENCODE_ERROR                     ,"encode error"},
+{ASN1_R_ERROR_PARSING_SET_ELEMENT        ,"error parsing set element"},
+{ASN1_R_ERROR_SETTING_CIPHER_PARAMS      ,"error setting cipher params"},
+{ASN1_R_EXPECTING_AN_ENUMERATED          ,"expecting an enumerated"},
+{ASN1_R_EXPECTING_AN_INTEGER             ,"expecting an integer"},
+{ASN1_R_EXPECTING_AN_OBJECT              ,"expecting an object"},
+{ASN1_R_EXPECTING_AN_OCTET_STRING        ,"expecting an octet string"},
+{ASN1_R_EXPECTING_A_BIT_STRING           ,"expecting a bit string"},
+{ASN1_R_EXPECTING_A_BOOLEAN              ,"expecting a boolean"},
+{ASN1_R_EXPECTING_A_GENERALIZEDTIME      ,"expecting a generalizedtime"},
+{ASN1_R_EXPECTING_A_TIME                 ,"expecting a time"},
+{ASN1_R_EXPECTING_A_UTCTIME              ,"expecting a utctime"},
+{ASN1_R_FIRST_NUM_TOO_LARGE              ,"first num too large"},
+{ASN1_R_GENERALIZEDTIME_TOO_LONG         ,"generalizedtime too long"},
+{ASN1_R_HEADER_TOO_LONG                  ,"header too long"},
+{ASN1_R_INVALID_DIGIT                    ,"invalid digit"},
+{ASN1_R_INVALID_SEPARATOR                ,"invalid separator"},
+{ASN1_R_INVALID_TIME_FORMAT              ,"invalid time format"},
+{ASN1_R_IV_TOO_LARGE                     ,"iv too large"},
+{ASN1_R_LENGTH_ERROR                     ,"length error"},
+{ASN1_R_MISSING_SECOND_NUMBER            ,"missing second number"},
+{ASN1_R_NON_HEX_CHARACTERS               ,"non hex characters"},
+{ASN1_R_NOT_ENOUGH_DATA                  ,"not enough data"},
+{ASN1_R_ODD_NUMBER_OF_CHARS              ,"odd number of chars"},
+{ASN1_R_PARSING                          ,"parsing"},
+{ASN1_R_PRIVATE_KEY_HEADER_MISSING       ,"private key header missing"},
+{ASN1_R_SECOND_NUMBER_TOO_LARGE          ,"second number too large"},
+{ASN1_R_SHORT_LINE                       ,"short line"},
+{ASN1_R_STRING_TOO_SHORT                 ,"string too short"},
+{ASN1_R_TAG_VALUE_TOO_HIGH               ,"tag value too high"},
+{ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD,"the asn1 object identifier is not known for this md"},
+{ASN1_R_TOO_LONG                         ,"too long"},
+{ASN1_R_UNABLE_TO_DECODE_RSA_KEY         ,"unable to decode rsa key"},
+{ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY ,"unable to decode rsa private key"},
+{ASN1_R_UNKNOWN_ATTRIBUTE_TYPE           ,"unknown attribute type"},
+{ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM ,"unknown message digest algorithm"},
+{ASN1_R_UNKNOWN_OBJECT_TYPE              ,"unknown object type"},
+{ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE          ,"unknown public key type"},
+{ASN1_R_UNSUPPORTED_CIPHER               ,"unsupported cipher"},
+{ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM ,"unsupported encryption algorithm"},
+{ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE      ,"unsupported public key type"},
+{ASN1_R_UTCTIME_TOO_LONG                 ,"utctime too long"},
+{ASN1_R_WRONG_PRINTABLE_TYPE             ,"wrong printable type"},
+{ASN1_R_WRONG_TAG                        ,"wrong tag"},
+{ASN1_R_WRONG_TYPE                       ,"wrong type"},
+{0,NULL}
+	};
+
+#endif
+
+void ERR_load_ASN1_strings(void)
+	{
+	static int init=1;
+
+	if (init)
+		{
+		init=0;
+#ifndef NO_ERR
+		ERR_load_strings(ERR_LIB_ASN1,ASN1_str_functs);
+		ERR_load_strings(ERR_LIB_ASN1,ASN1_str_reasons);
+#endif
+
+		}
+	}
diff --git a/crypto/openssl/crypto/asn1/asn1_lib.c b/crypto/openssl/crypto/asn1/asn1_lib.c
new file mode 100644
index 000000000000..95e54ed6267d
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/asn1_lib.c
@@ -0,0 +1,413 @@
+/* crypto/asn1/asn1_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+
+static int asn1_get_length(unsigned char **pp,int *inf,long *rl,int max);
+static void asn1_put_length(unsigned char **pp, int length);
+const char *ASN1_version="ASN.1" OPENSSL_VERSION_PTEXT;
+
+int ASN1_check_infinite_end(unsigned char **p, long len)
+	{
+	/* If there is 0 or 1 byte left, the length check should pick
+	 * things up */
+	if (len <= 0)
+		return(1);
+	else if ((len >= 2) && ((*p)[0] == 0) && ((*p)[1] == 0))
+		{
+		(*p)+=2;
+		return(1);
+		}
+	return(0);
+	}
+
+
+int ASN1_get_object(unsigned char **pp, long *plength, int *ptag, int *pclass,
+	     long omax)
+	{
+	int i,ret;
+	long l;
+	unsigned char *p= *pp;
+	int tag,xclass,inf;
+	long max=omax;
+
+	if (!max) goto err;
+	ret=(*p&V_ASN1_CONSTRUCTED);
+	xclass=(*p&V_ASN1_PRIVATE);
+	i= *p&V_ASN1_PRIMITIVE_TAG;
+	if (i == V_ASN1_PRIMITIVE_TAG)
+		{		/* high-tag */
+		p++;
+		if (--max == 0) goto err;
+		l=0;
+		while (*p&0x80)
+			{
+			l<<=7L;
+			l|= *(p++)&0x7f;
+			if (--max == 0) goto err;
+			}
+		l<<=7L;
+		l|= *(p++)&0x7f;
+		tag=(int)l;
+		}
+	else
+		{ 
+		tag=i;
+		p++;
+		if (--max == 0) goto err;
+		}
+	*ptag=tag;
+	*pclass=xclass;
+	if (!asn1_get_length(&p,&inf,plength,(int)max)) goto err;
+
+#if 0
+	fprintf(stderr,"p=%d + *plength=%ld > omax=%ld + *pp=%d  (%d > %d)\n", 
+		(int)p,*plength,omax,(int)*pp,(int)(p+ *plength),
+		(int)(omax+ *pp));
+
+#endif
+#if 0
+	if ((p+ *plength) > (omax+ *pp))
+		{
+		ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_TOO_LONG);
+		/* Set this so that even if things are not long enough
+		 * the values are set correctly */
+		ret|=0x80;
+		}
+#endif
+	*pp=p;
+	return(ret|inf);
+err:
+	ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_HEADER_TOO_LONG);
+	return(0x80);
+	}
+
+static int asn1_get_length(unsigned char **pp, int *inf, long *rl, int max)
+	{
+	unsigned char *p= *pp;
+	long ret=0;
+	int i;
+
+	if (max-- < 1) return(0);
+	if (*p == 0x80)
+		{
+		*inf=1;
+		ret=0;
+		p++;
+		}
+	else
+		{
+		*inf=0;
+		i= *p&0x7f;
+		if (*(p++) & 0x80)
+			{
+			if (max-- == 0) return(0);
+			while (i-- > 0)
+				{
+				ret<<=8L;
+				ret|= *(p++);
+				if (max-- == 0) return(0);
+				}
+			}
+		else
+			ret=i;
+		}
+	*pp=p;
+	*rl=ret;
+	return(1);
+	}
+
+/* class 0 is constructed
+ * constructed == 2 for indefinitle length constructed */
+void ASN1_put_object(unsigned char **pp, int constructed, int length, int tag,
+	     int xclass)
+	{
+	unsigned char *p= *pp;
+	int i;
+
+	i=(constructed)?V_ASN1_CONSTRUCTED:0;
+	i|=(xclass&V_ASN1_PRIVATE);
+	if (tag < 31)
+		*(p++)=i|(tag&V_ASN1_PRIMITIVE_TAG);
+	else
+		{
+		*(p++)=i|V_ASN1_PRIMITIVE_TAG;
+		while (tag > 0x7f)
+			{
+			*(p++)=(tag&0x7f)|0x80;
+			tag>>=7;
+			}
+		*(p++)=(tag&0x7f);
+		}
+	if ((constructed == 2) && (length == 0))
+		*(p++)=0x80; /* der_put_length would output 0 instead */
+	else
+		asn1_put_length(&p,length);
+	*pp=p;
+	}
+
+static void asn1_put_length(unsigned char **pp, int length)
+	{
+	unsigned char *p= *pp;
+	int i,l;
+	if (length <= 127)
+		*(p++)=(unsigned char)length;
+	else
+		{
+		l=length;
+		for (i=0; l > 0; i++)
+			l>>=8;
+		*(p++)=i|0x80;
+		l=i;
+		while (i-- > 0)
+			{
+			p[i]=length&0xff;
+			length>>=8;
+			}
+		p+=l;
+		}
+	*pp=p;
+	}
+
+int ASN1_object_size(int constructed, int length, int tag)
+	{
+	int ret;
+
+	ret=length;
+	ret++;
+	if (tag >= 31)
+		{
+		while (tag > 0)
+			{
+			tag>>=7;
+			ret++;
+			}
+		}
+	if ((length == 0) && (constructed == 2))
+		ret+=2;
+	ret++;
+	if (length > 127)
+		{
+		while (length > 0)
+			{
+			length>>=8;
+			ret++;
+			}
+		}
+	return(ret);
+	}
+
+int asn1_Finish(ASN1_CTX *c)
+	{
+	if ((c->inf == (1|V_ASN1_CONSTRUCTED)) && (!c->eos))
+		{
+		if (!ASN1_check_infinite_end(&c->p,c->slen))
+			{
+			c->error=ERR_R_MISSING_ASN1_EOS;
+			return(0);
+			}
+		}
+	if (	((c->slen != 0) && !(c->inf & 1)) ||
+		((c->slen < 0) && (c->inf & 1)))
+		{
+		c->error=ERR_R_ASN1_LENGTH_MISMATCH;
+		return(0);
+		}
+	return(1);
+	}
+
+int asn1_GetSequence(ASN1_CTX *c, long *length)
+	{
+	unsigned char *q;
+
+	q=c->p;
+	c->inf=ASN1_get_object(&(c->p),&(c->slen),&(c->tag),&(c->xclass),
+		*length);
+	if (c->inf & 0x80)
+		{
+		c->error=ERR_R_BAD_GET_ASN1_OBJECT_CALL;
+		return(0);
+		}
+	if (c->tag != V_ASN1_SEQUENCE)
+		{
+		c->error=ERR_R_EXPECTING_AN_ASN1_SEQUENCE;
+		return(0);
+		}
+	(*length)-=(c->p-q);
+	if (c->max && (*length < 0))
+		{
+		c->error=ERR_R_ASN1_LENGTH_MISMATCH;
+		return(0);
+		}
+	if (c->inf == (1|V_ASN1_CONSTRUCTED))
+		c->slen= *length+ *(c->pp)-c->p;
+	c->eos=0;
+	return(1);
+	}
+
+ASN1_STRING *ASN1_STRING_dup(ASN1_STRING *str)
+	{
+	ASN1_STRING *ret;
+
+	if (str == NULL) return(NULL);
+	if ((ret=ASN1_STRING_type_new(str->type)) == NULL)
+		return(NULL);
+	if (!ASN1_STRING_set(ret,str->data,str->length))
+		{
+		ASN1_STRING_free(ret);
+		return(NULL);
+		}
+	ret->flags = str->flags;
+	return(ret);
+	}
+
+int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len)
+	{
+	unsigned char *c;
+	const char *data=_data;
+
+	if (len < 0)
+		{
+		if (data == NULL)
+			return(0);
+		else
+			len=strlen(data);
+		}
+	if ((str->length < len) || (str->data == NULL))
+		{
+		c=str->data;
+		if (c == NULL)
+			str->data=Malloc(len+1);
+		else
+			str->data=Realloc(c,len+1);
+
+		if (str->data == NULL)
+			{
+			str->data=c;
+			return(0);
+			}
+		}
+	str->length=len;
+	if (data != NULL)
+		{
+		memcpy(str->data,data,len);
+		/* an alowance for strings :-) */
+		str->data[len]='\0';
+		}
+	return(1);
+	}
+
+ASN1_STRING *ASN1_STRING_new(void)
+	{
+	return(ASN1_STRING_type_new(V_ASN1_OCTET_STRING));
+	}
+
+
+ASN1_STRING *ASN1_STRING_type_new(int type)
+	{
+	ASN1_STRING *ret;
+
+	ret=(ASN1_STRING *)Malloc(sizeof(ASN1_STRING));
+	if (ret == NULL)
+		{
+		ASN1err(ASN1_F_ASN1_STRING_TYPE_NEW,ERR_R_MALLOC_FAILURE);
+		return(NULL);
+		}
+	ret->length=0;
+	ret->type=type;
+	ret->data=NULL;
+	ret->flags=0;
+	return(ret);
+	}
+
+void ASN1_STRING_free(ASN1_STRING *a)
+	{
+	if (a == NULL) return;
+	if (a->data != NULL) Free((char *)a->data);
+	Free((char *)a);
+	}
+
+int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b)
+	{
+	int i;
+
+	i=(a->length-b->length);
+	if (i == 0)
+		{
+		i=memcmp(a->data,b->data,a->length);
+		if (i == 0)
+			return(a->type-b->type);
+		else
+			return(i);
+		}
+	else
+		return(i);
+	}
+
+void asn1_add_error(unsigned char *address, int offset)
+	{
+	char buf1[16],buf2[16];
+
+	sprintf(buf1,"%lu",(unsigned long)address);
+	sprintf(buf2,"%d",offset);
+	ERR_add_error_data(4,"address=",buf1," offset=",buf2);
+	}
+
diff --git a/crypto/openssl/crypto/asn1/asn1_mac.h b/crypto/openssl/crypto/asn1/asn1_mac.h
new file mode 100644
index 000000000000..93f9c5193c50
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/asn1_mac.h
@@ -0,0 +1,546 @@
+/* crypto/asn1/asn1_mac.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_ASN1_MAC_H
+#define HEADER_ASN1_MAC_H
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#include 
+
+#ifndef ASN1_MAC_ERR_LIB
+#define ASN1_MAC_ERR_LIB	ERR_LIB_ASN1
+#endif 
+
+#define ASN1_MAC_H_err(f,r,line) \
+	ERR_PUT_error(ASN1_MAC_ERR_LIB,(f),(r),ERR_file_name,(line))
+
+#define M_ASN1_D2I_vars(a,type,func) \
+	ASN1_CTX c; \
+	type ret=NULL; \
+	\
+	c.pp=pp; \
+	c.q= *pp; \
+	c.error=ERR_R_NESTED_ASN1_ERROR; \
+	if ((a == NULL) || ((*a) == NULL)) \
+		{ if ((ret=(type)func()) == NULL) \
+			{ c.line=__LINE__; goto err; } } \
+	else	ret=(*a);
+
+#define M_ASN1_D2I_Init() \
+	c.p= *pp; \
+	c.max=(length == 0)?0:(c.p+length);
+
+#define M_ASN1_D2I_Finish_2(a) \
+	if (!asn1_Finish(&c)) \
+		{ c.line=__LINE__; goto err; } \
+	*pp=c.p; \
+	if (a != NULL) (*a)=ret; \
+	return(ret);
+
+#define M_ASN1_D2I_Finish(a,func,e) \
+	M_ASN1_D2I_Finish_2(a); \
+err:\
+	ASN1_MAC_H_err((e),c.error,c.line); \
+	asn1_add_error(*pp,(int)(c.q- *pp)); \
+	if ((ret != NULL) && ((a == NULL) || (*a != ret))) func(ret); \
+	return(NULL)
+
+#define M_ASN1_D2I_start_sequence() \
+	if (!asn1_GetSequence(&c,&length)) \
+		{ c.line=__LINE__; goto err; }
+
+#define M_ASN1_D2I_end_sequence() \
+	(((c.inf&1) == 0)?(c.slen <= 0): \
+		(c.eos=ASN1_check_infinite_end(&c.p,c.slen)))
+
+/* Don't use this with d2i_ASN1_BOOLEAN() */
+#define M_ASN1_D2I_get(b,func) \
+	c.q=c.p; \
+	if (func(&(b),&c.p,c.slen) == NULL) \
+		{c.line=__LINE__; goto err; } \
+	c.slen-=(c.p-c.q);
+
+/* use this instead () */
+#define M_ASN1_D2I_get_int(b,func) \
+	c.q=c.p; \
+	if (func(&(b),&c.p,c.slen) < 0) \
+		{c.line=__LINE__; goto err; } \
+	c.slen-=(c.p-c.q);
+
+#define M_ASN1_D2I_get_opt(b,func,type) \
+	if ((c.slen != 0) && ((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) \
+		== (V_ASN1_UNIVERSAL|(type)))) \
+		{ \
+		M_ASN1_D2I_get(b,func); \
+		}
+
+#define M_ASN1_D2I_get_imp(b,func, type) \
+	M_ASN1_next=(_tmp& V_ASN1_CONSTRUCTED)|type; \
+	c.q=c.p; \
+	if (func(&(b),&c.p,c.slen) == NULL) \
+		{c.line=__LINE__; M_ASN1_next_prev = _tmp; goto err; } \
+	c.slen-=(c.p-c.q);\
+	M_ASN1_next_prev=_tmp;
+
+#define M_ASN1_D2I_get_IMP_opt(b,func,tag,type) \
+	if ((c.slen != 0) && ((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) == \
+		(V_ASN1_CONTEXT_SPECIFIC|(tag)))) \
+		{ \
+		unsigned char _tmp = M_ASN1_next; \
+		M_ASN1_D2I_get_imp(b,func, type);\
+		}
+
+#define M_ASN1_D2I_get_set(r,func,free_func) \
+		M_ASN1_D2I_get_imp_set(r,func,free_func, \
+			V_ASN1_SET,V_ASN1_UNIVERSAL);
+
+#define M_ASN1_D2I_get_set_type(type,r,func,free_func) \
+		M_ASN1_D2I_get_imp_set_type(type,r,func,free_func, \
+			V_ASN1_SET,V_ASN1_UNIVERSAL);
+
+#define M_ASN1_D2I_get_set_opt(r,func,free_func) \
+	if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \
+		V_ASN1_CONSTRUCTED|V_ASN1_SET)))\
+		{ M_ASN1_D2I_get_set(r,func,free_func); }
+
+#define M_ASN1_D2I_get_set_opt_type(type,r,func,free_func) \
+	if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \
+		V_ASN1_CONSTRUCTED|V_ASN1_SET)))\
+		{ M_ASN1_D2I_get_set_type(type,r,func,free_func); }
+
+#define M_ASN1_I2D_len_SET_opt(a,f) \
+	if ((a != NULL) && (sk_num(a) != 0)) \
+		M_ASN1_I2D_len_SET(a,f);
+
+#define M_ASN1_I2D_put_SET_opt(a,f) \
+	if ((a != NULL) && (sk_num(a) != 0)) \
+		M_ASN1_I2D_put_SET(a,f);
+
+#define M_ASN1_I2D_put_SEQUENCE_opt(a,f) \
+	if ((a != NULL) && (sk_num(a) != 0)) \
+		M_ASN1_I2D_put_SEQUENCE(a,f);
+
+#define M_ASN1_I2D_put_SEQUENCE_opt_type(type,a,f) \
+	if ((a != NULL) && (sk_##type##_num(a) != 0)) \
+		M_ASN1_I2D_put_SEQUENCE_type(type,a,f);
+
+#define M_ASN1_D2I_get_IMP_set_opt(b,func,free_func,tag) \
+	if ((c.slen != 0) && \
+		(M_ASN1_next == \
+		(V_ASN1_CONTEXT_SPECIFIC|V_ASN1_CONSTRUCTED|(tag))))\
+		{ \
+		M_ASN1_D2I_get_imp_set(b,func,free_func,\
+			tag,V_ASN1_CONTEXT_SPECIFIC); \
+		}
+
+#define M_ASN1_D2I_get_IMP_set_opt_type(type,b,func,free_func,tag) \
+	if ((c.slen != 0) && \
+		(M_ASN1_next == \
+		(V_ASN1_CONTEXT_SPECIFIC|V_ASN1_CONSTRUCTED|(tag))))\
+		{ \
+		M_ASN1_D2I_get_imp_set_type(type,b,func,free_func,\
+			tag,V_ASN1_CONTEXT_SPECIFIC); \
+		}
+
+#define M_ASN1_D2I_get_seq(r,func,free_func) \
+		M_ASN1_D2I_get_imp_set(r,func,free_func,\
+			V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
+
+#define M_ASN1_D2I_get_seq_type(type,r,func,free_func) \
+		M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,\
+					    V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL)
+
+#define M_ASN1_D2I_get_seq_opt(r,func,free_func) \
+	if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \
+		V_ASN1_CONSTRUCTED|V_ASN1_SEQUENCE)))\
+		{ M_ASN1_D2I_get_seq(r,func,free_func); }
+
+#define M_ASN1_D2I_get_seq_opt_type(type,r,func,free_func) \
+	if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \
+		V_ASN1_CONSTRUCTED|V_ASN1_SEQUENCE)))\
+		{ M_ASN1_D2I_get_seq_type(type,r,func,free_func); }
+
+#define M_ASN1_D2I_get_IMP_set(r,func,free_func,x) \
+		M_ASN1_D2I_get_imp_set(r,func,free_func,\
+			x,V_ASN1_CONTEXT_SPECIFIC);
+
+#define M_ASN1_D2I_get_IMP_set_type(type,r,func,free_func,x) \
+		M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,\
+			x,V_ASN1_CONTEXT_SPECIFIC);
+
+#define M_ASN1_D2I_get_imp_set(r,func,free_func,a,b) \
+	c.q=c.p; \
+	if (d2i_ASN1_SET(&(r),&c.p,c.slen,(char *(*)())func,\
+		(void (*)())free_func,a,b) == NULL) \
+		{ c.line=__LINE__; goto err; } \
+	c.slen-=(c.p-c.q);
+
+#define M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,a,b) \
+	c.q=c.p; \
+	if (d2i_ASN1_SET_OF_##type(&(r),&c.p,c.slen,func,\
+				   free_func,a,b) == NULL) \
+		{ c.line=__LINE__; goto err; } \
+	c.slen-=(c.p-c.q);
+
+#define M_ASN1_D2I_get_set_strings(r,func,a,b) \
+	c.q=c.p; \
+	if (d2i_ASN1_STRING_SET(&(r),&c.p,c.slen,a,b) == NULL) \
+		{ c.line=__LINE__; goto err; } \
+	c.slen-=(c.p-c.q);
+
+#define M_ASN1_D2I_get_EXP_opt(r,func,tag) \
+	if ((c.slen != 0L) && (M_ASN1_next == \
+		(V_ASN1_CONSTRUCTED|V_ASN1_CONTEXT_SPECIFIC|tag))) \
+		{ \
+		int Tinf,Ttag,Tclass; \
+		long Tlen; \
+		\
+		c.q=c.p; \
+		Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \
+		if (Tinf & 0x80) \
+			{ c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \
+			c.line=__LINE__; goto err; } \
+		if (Tinf == (V_ASN1_CONSTRUCTED+1)) \
+					Tlen = c.slen - (c.p - c.q) - 2; \
+		if (func(&(r),&c.p,Tlen) == NULL) \
+			{ c.line=__LINE__; goto err; } \
+		if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \
+			Tlen = c.slen - (c.p - c.q); \
+			if(!ASN1_check_infinite_end(&c.p, Tlen)) \
+				{ c.error=ERR_R_MISSING_ASN1_EOS; \
+				c.line=__LINE__; goto err; } \
+		}\
+		c.slen-=(c.p-c.q); \
+		}
+
+#define M_ASN1_D2I_get_EXP_set_opt(r,func,free_func,tag,b) \
+	if ((c.slen != 0) && (M_ASN1_next == \
+		(V_ASN1_CONSTRUCTED|V_ASN1_CONTEXT_SPECIFIC|tag))) \
+		{ \
+		int Tinf,Ttag,Tclass; \
+		long Tlen; \
+		\
+		c.q=c.p; \
+		Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \
+		if (Tinf & 0x80) \
+			{ c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \
+			c.line=__LINE__; goto err; } \
+		if (Tinf == (V_ASN1_CONSTRUCTED+1)) \
+					Tlen = c.slen - (c.p - c.q) - 2; \
+		if (d2i_ASN1_SET(&(r),&c.p,Tlen,(char *(*)())func, \
+			(void (*)())free_func, \
+			b,V_ASN1_UNIVERSAL) == NULL) \
+			{ c.line=__LINE__; goto err; } \
+		if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \
+			Tlen = c.slen - (c.p - c.q); \
+			if(!ASN1_check_infinite_end(&c.p, Tlen)) \
+				{ c.error=ERR_R_MISSING_ASN1_EOS; \
+				c.line=__LINE__; goto err; } \
+		}\
+		c.slen-=(c.p-c.q); \
+		}
+
+#define M_ASN1_D2I_get_EXP_set_opt_type(type,r,func,free_func,tag,b) \
+	if ((c.slen != 0) && (M_ASN1_next == \
+		(V_ASN1_CONSTRUCTED|V_ASN1_CONTEXT_SPECIFIC|tag))) \
+		{ \
+		int Tinf,Ttag,Tclass; \
+		long Tlen; \
+		\
+		c.q=c.p; \
+		Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \
+		if (Tinf & 0x80) \
+			{ c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \
+			c.line=__LINE__; goto err; } \
+		if (Tinf == (V_ASN1_CONSTRUCTED+1)) \
+					Tlen = c.slen - (c.p - c.q) - 2; \
+		if (d2i_ASN1_SET_OF_##type(&(r),&c.p,Tlen,func, \
+			free_func,b,V_ASN1_UNIVERSAL) == NULL) \
+			{ c.line=__LINE__; goto err; } \
+		if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \
+			Tlen = c.slen - (c.p - c.q); \
+			if(!ASN1_check_infinite_end(&c.p, Tlen)) \
+				{ c.error=ERR_R_MISSING_ASN1_EOS; \
+				c.line=__LINE__; goto err; } \
+		}\
+		c.slen-=(c.p-c.q); \
+		}
+
+/* New macros */
+#define M_ASN1_New_Malloc(ret,type) \
+	if ((ret=(type *)Malloc(sizeof(type))) == NULL) \
+		{ c.line=__LINE__; goto err2; }
+
+#define M_ASN1_New(arg,func) \
+	if (((arg)=func()) == NULL) return(NULL)
+
+#define M_ASN1_New_Error(a) \
+/*	err:	ASN1_MAC_H_err((a),ERR_R_NESTED_ASN1_ERROR,c.line); \
+		return(NULL);*/ \
+	err2:	ASN1_MAC_H_err((a),ERR_R_MALLOC_FAILURE,c.line); \
+		return(NULL)
+
+
+#define M_ASN1_next		(*c.p)
+#define M_ASN1_next_prev	(*c.q)
+
+/*************************************************/
+
+#define M_ASN1_I2D_vars(a)	int r=0,ret=0; \
+				unsigned char *p; \
+				if (a == NULL) return(0)
+
+/* Length Macros */
+#define M_ASN1_I2D_len(a,f)	ret+=f(a,NULL)
+#define M_ASN1_I2D_len_IMP_opt(a,f)	if (a != NULL) M_ASN1_I2D_len(a,f)
+
+#define M_ASN1_I2D_len_SET(a,f) \
+		ret+=i2d_ASN1_SET(a,NULL,f,V_ASN1_SET,V_ASN1_UNIVERSAL,IS_SET);
+
+#define M_ASN1_I2D_len_SET_type(type,a,f) \
+		ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,V_ASN1_SET, \
+					    V_ASN1_UNIVERSAL,IS_SET);
+
+#define M_ASN1_I2D_len_SEQUENCE(a,f) \
+		ret+=i2d_ASN1_SET(a,NULL,f,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL, \
+				  IS_SEQUENCE);
+
+#define M_ASN1_I2D_len_SEQUENCE_type(type,a,f) \
+		ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,V_ASN1_SEQUENCE, \
+					    V_ASN1_UNIVERSAL,IS_SEQUENCE)
+
+#define M_ASN1_I2D_len_SEQUENCE_opt(a,f) \
+		if ((a != NULL) && (sk_num(a) != 0)) \
+			M_ASN1_I2D_len_SEQUENCE(a,f);
+
+#define M_ASN1_I2D_len_SEQUENCE_opt_type(type,a,f) \
+		if ((a != NULL) && (sk_##type##_num(a) != 0)) \
+			M_ASN1_I2D_len_SEQUENCE_type(type,a,f);
+
+#define M_ASN1_I2D_len_IMP_SET(a,f,x) \
+		ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC,IS_SET);
+
+#define M_ASN1_I2D_len_IMP_SET_type(type,a,f,x) \
+		ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,x, \
+					    V_ASN1_CONTEXT_SPECIFIC,IS_SET);
+
+#define M_ASN1_I2D_len_IMP_SET_opt(a,f,x) \
+		if ((a != NULL) && (sk_num(a) != 0)) \
+			ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC, \
+					  IS_SET);
+
+#define M_ASN1_I2D_len_IMP_SET_opt_type(type,a,f,x) \
+		if ((a != NULL) && (sk_##type##_num(a) != 0)) \
+			ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,x, \
+					       V_ASN1_CONTEXT_SPECIFIC,IS_SET);
+
+#define M_ASN1_I2D_len_IMP_SEQUENCE(a,f,x) \
+		ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC, \
+				  IS_SEQUENCE);
+
+#define M_ASN1_I2D_len_IMP_SEQUENCE_opt(a,f,x) \
+		if ((a != NULL) && (sk_num(a) != 0)) \
+			ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC, \
+					  IS_SEQUENCE);
+
+#define M_ASN1_I2D_len_IMP_SEQUENCE_opt_type(type,a,f,x) \
+		if ((a != NULL) && (sk_##type##_num(a) != 0)) \
+			ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,x, \
+						    V_ASN1_CONTEXT_SPECIFIC, \
+						    IS_SEQUENCE);
+
+#define M_ASN1_I2D_len_EXP_opt(a,f,mtag,v) \
+		if (a != NULL)\
+			{ \
+			v=f(a,NULL); \
+			ret+=ASN1_object_size(1,v,mtag); \
+			}
+
+#define M_ASN1_I2D_len_EXP_SET_opt(a,f,mtag,tag,v) \
+		if ((a != NULL) && (sk_num(a) != 0))\
+			{ \
+			v=i2d_ASN1_SET(a,NULL,f,tag,V_ASN1_UNIVERSAL,IS_SET); \
+			ret+=ASN1_object_size(1,v,mtag); \
+			}
+
+#define M_ASN1_I2D_len_EXP_SEQUENCE_opt(a,f,mtag,tag,v) \
+		if ((a != NULL) && (sk_num(a) != 0))\
+			{ \
+			v=i2d_ASN1_SET(a,NULL,f,tag,V_ASN1_UNIVERSAL, \
+				       IS_SEQUENCE); \
+			ret+=ASN1_object_size(1,v,mtag); \
+			}
+
+#define M_ASN1_I2D_len_EXP_SEQUENCE_opt_type(type,a,f,mtag,tag,v) \
+		if ((a != NULL) && (sk_##type##_num(a) != 0))\
+			{ \
+			v=i2d_ASN1_SET_OF_##type(a,NULL,f,tag, \
+						 V_ASN1_UNIVERSAL, \
+						 IS_SEQUENCE); \
+			ret+=ASN1_object_size(1,v,mtag); \
+			}
+
+/* Put Macros */
+#define M_ASN1_I2D_put(a,f)	f(a,&p)
+
+#define M_ASN1_I2D_put_IMP_opt(a,f,t)	\
+		if (a != NULL) \
+			{ \
+			unsigned char *q=p; \
+			f(a,&p); \
+			*q=(V_ASN1_CONTEXT_SPECIFIC|t|(*q&V_ASN1_CONSTRUCTED));\
+			}
+
+#define M_ASN1_I2D_put_SET(a,f) i2d_ASN1_SET(a,&p,f,V_ASN1_SET,\
+			V_ASN1_UNIVERSAL,IS_SET)
+#define M_ASN1_I2D_put_SET_type(type,a,f) \
+     i2d_ASN1_SET_OF_##type(a,&p,f,V_ASN1_SET,V_ASN1_UNIVERSAL,IS_SET)
+#define M_ASN1_I2D_put_IMP_SET(a,f,x) i2d_ASN1_SET(a,&p,f,x,\
+			V_ASN1_CONTEXT_SPECIFIC,IS_SET)
+#define M_ASN1_I2D_put_IMP_SET_type(type,a,f,x) \
+     i2d_ASN1_SET_OF_##type(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC,IS_SET)
+#define M_ASN1_I2D_put_IMP_SEQUENCE(a,f,x) i2d_ASN1_SET(a,&p,f,x,\
+			V_ASN1_CONTEXT_SPECIFIC,IS_SEQUENCE)
+
+#define M_ASN1_I2D_put_SEQUENCE(a,f) i2d_ASN1_SET(a,&p,f,V_ASN1_SEQUENCE,\
+					     V_ASN1_UNIVERSAL,IS_SEQUENCE)
+
+#define M_ASN1_I2D_put_SEQUENCE_type(type,a,f) \
+     i2d_ASN1_SET_OF_##type(a,&p,f,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL, \
+			    IS_SEQUENCE)
+
+#define M_ASN1_I2D_put_SEQUENCE_opt(a,f) \
+		if ((a != NULL) && (sk_num(a) != 0)) \
+			M_ASN1_I2D_put_SEQUENCE(a,f);
+
+#define M_ASN1_I2D_put_IMP_SET_opt(a,f,x) \
+		if ((a != NULL) && (sk_num(a) != 0)) \
+			{ i2d_ASN1_SET(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC, \
+				       IS_SET); }
+
+#define M_ASN1_I2D_put_IMP_SET_opt_type(type,a,f,x) \
+		if ((a != NULL) && (sk_##type##_num(a) != 0)) \
+			{ i2d_ASN1_SET_OF_##type(a,&p,f,x, \
+						 V_ASN1_CONTEXT_SPECIFIC, \
+						 IS_SET); }
+
+#define M_ASN1_I2D_put_IMP_SEQUENCE_opt(a,f,x) \
+		if ((a != NULL) && (sk_num(a) != 0)) \
+			{ i2d_ASN1_SET(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC, \
+				       IS_SEQUENCE); }
+
+#define M_ASN1_I2D_put_IMP_SEQUENCE_opt_type(type,a,f,x) \
+		if ((a != NULL) && (sk_##type##_num(a) != 0)) \
+			{ i2d_ASN1_SET_OF_##type(a,&p,f,x, \
+						 V_ASN1_CONTEXT_SPECIFIC, \
+						 IS_SEQUENCE); }
+
+#define M_ASN1_I2D_put_EXP_opt(a,f,tag,v) \
+		if (a != NULL) \
+			{ \
+			ASN1_put_object(&p,1,v,tag,V_ASN1_CONTEXT_SPECIFIC); \
+			f(a,&p); \
+			}
+
+#define M_ASN1_I2D_put_EXP_SET_opt(a,f,mtag,tag,v) \
+		if ((a != NULL) && (sk_num(a) != 0)) \
+			{ \
+			ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \
+			i2d_ASN1_SET(a,&p,f,tag,V_ASN1_UNIVERSAL,IS_SET); \
+			}
+
+#define M_ASN1_I2D_put_EXP_SEQUENCE_opt(a,f,mtag,tag,v) \
+		if ((a != NULL) && (sk_num(a) != 0)) \
+			{ \
+			ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \
+			i2d_ASN1_SET(a,&p,f,tag,V_ASN1_UNIVERSAL,IS_SEQUENCE); \
+			}
+
+#define M_ASN1_I2D_put_EXP_SEQUENCE_opt_type(type,a,f,mtag,tag,v) \
+		if ((a != NULL) && (sk_##type##_num(a) != 0)) \
+			{ \
+			ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \
+			i2d_ASN1_SET_OF_##type(a,&p,f,tag,V_ASN1_UNIVERSAL, \
+					       IS_SEQUENCE); \
+			}
+
+#define M_ASN1_I2D_seq_total() \
+		r=ASN1_object_size(1,ret,V_ASN1_SEQUENCE); \
+		if (pp == NULL) return(r); \
+		p= *pp; \
+		ASN1_put_object(&p,1,ret,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL)
+
+#define M_ASN1_I2D_INF_seq_start(tag,ctx) \
+		*(p++)=(V_ASN1_CONSTRUCTED|(tag)|(ctx)); \
+		*(p++)=0x80
+
+#define M_ASN1_I2D_INF_seq_end() *(p++)=0x00; *(p++)=0x00
+
+#define M_ASN1_I2D_finish()	*pp=p; \
+				return(r);
+
+int asn1_GetSequence(ASN1_CTX *c, long *length);
+void asn1_add_error(unsigned char *address,int offset);
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
diff --git a/crypto/openssl/crypto/asn1/asn1_par.c b/crypto/openssl/crypto/asn1/asn1_par.c
new file mode 100644
index 000000000000..86886606ef6f
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/asn1_par.c
@@ -0,0 +1,411 @@
+/* crypto/asn1/asn1_par.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+
+static int asn1_print_info(BIO *bp, int tag, int xclass,int constructed,
+	int indent);
+static int asn1_parse2(BIO *bp, unsigned char **pp, long length,
+	int offset, int depth, int indent);
+static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed,
+	     int indent)
+	{
+	static const char fmt[]="%-18s";
+	static const char fmt2[]="%2d %-15s";
+	char str[128];
+	const char *p,*p2=NULL;
+
+	if (constructed & V_ASN1_CONSTRUCTED)
+		p="cons: ";
+	else
+		p="prim: ";
+	if (BIO_write(bp,p,6) < 6) goto err;
+	if (indent)
+		{
+		if (indent > 128) indent=128;
+		memset(str,' ',indent);
+		if (BIO_write(bp,str,indent) < indent) goto err;
+		}
+
+	p=str;
+	if ((xclass & V_ASN1_PRIVATE) == V_ASN1_PRIVATE)
+		sprintf(str,"priv [ %d ] ",tag);
+	else if ((xclass & V_ASN1_CONTEXT_SPECIFIC) == V_ASN1_CONTEXT_SPECIFIC)
+		sprintf(str,"cont [ %d ]",tag);
+	else if ((xclass & V_ASN1_APPLICATION) == V_ASN1_APPLICATION)
+		sprintf(str,"appl [ %d ]",tag);
+	else if ((tag == V_ASN1_EOC) /* && (xclass == V_ASN1_UNIVERSAL) */)
+		p="EOC";
+	else if (tag == V_ASN1_BOOLEAN)
+		p="BOOLEAN";
+	else if (tag == V_ASN1_INTEGER)
+		p="INTEGER";
+	else if (tag == V_ASN1_ENUMERATED)
+		p="ENUMERATED";
+	else if (tag == V_ASN1_BIT_STRING)
+		p="BIT STRING";
+	else if (tag == V_ASN1_OCTET_STRING)
+		p="OCTET STRING";
+	else if (tag == V_ASN1_NULL)
+		p="NULL";
+	else if (tag == V_ASN1_OBJECT)
+		p="OBJECT";
+	else if (tag == V_ASN1_SEQUENCE)
+		p="SEQUENCE";
+	else if (tag == V_ASN1_SET)
+		p="SET";
+	else if (tag == V_ASN1_PRINTABLESTRING)
+		p="PRINTABLESTRING";
+	else if (tag == V_ASN1_T61STRING)
+		p="T61STRING";
+	else if (tag == V_ASN1_IA5STRING)
+		p="IA5STRING";
+	else if (tag == V_ASN1_UTCTIME)
+		p="UTCTIME";
+
+	/* extras */
+	else if (tag == V_ASN1_NUMERICSTRING)
+		p="NUMERICSTRING";
+	else if (tag == V_ASN1_VIDEOTEXSTRING)
+		p="VIDEOTEXSTRING";
+	else if (tag == V_ASN1_GENERALIZEDTIME)
+		p="GENERALIZEDTIME";
+	else if (tag == V_ASN1_GRAPHICSTRING)
+		p="GRAPHICSTRING";
+	else if (tag == V_ASN1_VISIBLESTRING)
+		p="VISIBLESTRING";
+	else if (tag == V_ASN1_GENERALSTRING)
+		p="GENERALSTRING";
+	else if (tag == V_ASN1_UNIVERSALSTRING)
+		p="UNIVERSALSTRING";
+	else if (tag == V_ASN1_BMPSTRING)
+		p="BMPSTRING";
+	else
+		p2="(unknown)";
+		
+	if (p2 != NULL)
+		{
+		if (BIO_printf(bp,fmt2,tag,p2) <= 0) goto err;
+		}
+	else
+		{
+		if (BIO_printf(bp,fmt,p) <= 0) goto err;
+		}
+	return(1);
+err:
+	return(0);
+	}
+
+int ASN1_parse(BIO *bp, unsigned char *pp, long len, int indent)
+	{
+	return(asn1_parse2(bp,&pp,len,0,0,indent));
+	}
+
+static int asn1_parse2(BIO *bp, unsigned char **pp, long length, int offset,
+	     int depth, int indent)
+	{
+	unsigned char *p,*ep,*tot,*op,*opp;
+	long len;
+	int tag,xclass,ret=0;
+	int nl,hl,j,r;
+	ASN1_OBJECT *o=NULL;
+	ASN1_OCTET_STRING *os=NULL;
+	/* ASN1_BMPSTRING *bmp=NULL;*/
+
+	p= *pp;
+	tot=p+length;
+	op=p-1;
+	while ((p < tot) && (op < p))
+		{
+		op=p;
+		j=ASN1_get_object(&p,&len,&tag,&xclass,length);
+#ifdef LINT
+		j=j;
+#endif
+		if (j & 0x80)
+			{
+			if (BIO_write(bp,"Error in encoding\n",18) <= 0)
+				goto end;
+			ret=0;
+			goto end;
+			}
+		hl=(p-op);
+		length-=hl;
+		/* if j == 0x21 it is a constructed indefinite length object */
+		if (BIO_printf(bp,"%5ld:",(long)offset+(long)(op- *pp))
+			<= 0) goto end;
+
+		if (j != (V_ASN1_CONSTRUCTED | 1))
+			{
+			if (BIO_printf(bp,"d=%-2d hl=%ld l=%4ld ",
+				depth,(long)hl,len) <= 0)
+				goto end;
+			}
+		else
+			{
+			if (BIO_printf(bp,"d=%-2d hl=%ld l=inf  ",
+				depth,(long)hl) <= 0)
+				goto end;
+			}
+		if (!asn1_print_info(bp,tag,xclass,j,(indent)?depth:0))
+			goto end;
+		if (j & V_ASN1_CONSTRUCTED)
+			{
+			ep=p+len;
+			if (BIO_write(bp,"\n",1) <= 0) goto end;
+			if (len > length)
+				{
+				BIO_printf(bp,
+					"length is greater than %ld\n",length);
+				ret=0;
+				goto end;
+				}
+			if ((j == 0x21) && (len == 0))
+				{
+				for (;;)
+					{
+					r=asn1_parse2(bp,&p,(long)(tot-p),
+						offset+(p - *pp),depth+1,
+						indent);
+					if (r == 0) { ret=0; goto end; }
+					if ((r == 2) || (p >= tot)) break;
+					}
+				}
+			else
+				while (p < ep)
+					{
+					r=asn1_parse2(bp,&p,(long)len,
+						offset+(p - *pp),depth+1,
+						indent);
+					if (r == 0) { ret=0; goto end; }
+					}
+			}
+		else if (xclass != 0)
+			{
+			p+=len;
+			if (BIO_write(bp,"\n",1) <= 0) goto end;
+			}
+		else
+			{
+			nl=0;
+			if (	(tag == V_ASN1_PRINTABLESTRING) ||
+				(tag == V_ASN1_T61STRING) ||
+				(tag == V_ASN1_IA5STRING) ||
+				(tag == V_ASN1_VISIBLESTRING) ||
+				(tag == V_ASN1_UTCTIME) ||
+				(tag == V_ASN1_GENERALIZEDTIME))
+				{
+				if (BIO_write(bp,":",1) <= 0) goto end;
+				if ((len > 0) &&
+					BIO_write(bp,(char *)p,(int)len)
+					!= (int)len)
+					goto end;
+				}
+			else if (tag == V_ASN1_OBJECT)
+				{
+				opp=op;
+				if (d2i_ASN1_OBJECT(&o,&opp,len+hl) != NULL)
+					{
+					if (BIO_write(bp,":",1) <= 0) goto end;
+					i2a_ASN1_OBJECT(bp,o);
+					}
+				else
+					{
+					if (BIO_write(bp,":BAD OBJECT",11) <= 0)
+						goto end;
+					}
+				}
+			else if (tag == V_ASN1_BOOLEAN)
+				{
+				int ii;
+
+				opp=op;
+				ii=d2i_ASN1_BOOLEAN(NULL,&opp,len+hl);
+				if (ii < 0)
+					{
+					if (BIO_write(bp,"Bad boolean\n",12))
+						goto end;
+					}
+				BIO_printf(bp,":%d",ii);
+				}
+			else if (tag == V_ASN1_BMPSTRING)
+				{
+				/* do the BMP thang */
+				}
+			else if (tag == V_ASN1_OCTET_STRING)
+				{
+				int i,printable=1;
+
+				opp=op;
+				os=d2i_ASN1_OCTET_STRING(NULL,&opp,len+hl);
+				if (os != NULL)
+					{
+					opp=os->data;
+					for (i=0; ilength; i++)
+						{
+						if ((	(opp[i] < ' ') &&
+							(opp[i] != '\n') &&
+							(opp[i] != '\r') &&
+							(opp[i] != '\t')) ||
+							(opp[i] > '~'))
+							{
+							printable=0;
+							break;
+							}
+						}
+					if (printable && (os->length > 0))
+						{
+						if (BIO_write(bp,":",1) <= 0)
+							goto end;
+						if (BIO_write(bp,(char *)opp,
+							os->length) <= 0)
+							goto end;
+						}
+					ASN1_OCTET_STRING_free(os);
+					os=NULL;
+					}
+				}
+			else if (tag == V_ASN1_INTEGER)
+				{
+				ASN1_INTEGER *bs;
+				int i;
+
+				opp=op;
+				bs=d2i_ASN1_INTEGER(NULL,&opp,len+hl);
+				if (bs != NULL)
+					{
+					if (BIO_write(bp,":",1) <= 0) goto end;
+					if (bs->type == V_ASN1_NEG_INTEGER)
+						if (BIO_write(bp,"-",1) <= 0)
+							goto end;
+					for (i=0; ilength; i++)
+						{
+						if (BIO_printf(bp,"%02X",
+							bs->data[i]) <= 0)
+							goto end;
+						}
+					if (bs->length == 0)
+						{
+						if (BIO_write(bp,"00",2) <= 0)
+							goto end;
+						}
+					}
+				else
+					{
+					if (BIO_write(bp,"BAD INTEGER",11) <= 0)
+						goto end;
+					}
+				ASN1_INTEGER_free(bs);
+				}
+			else if (tag == V_ASN1_ENUMERATED)
+				{
+				ASN1_ENUMERATED *bs;
+				int i;
+
+				opp=op;
+				bs=d2i_ASN1_ENUMERATED(NULL,&opp,len+hl);
+				if (bs != NULL)
+					{
+					if (BIO_write(bp,":",1) <= 0) goto end;
+					if (bs->type == V_ASN1_NEG_ENUMERATED)
+						if (BIO_write(bp,"-",1) <= 0)
+							goto end;
+					for (i=0; ilength; i++)
+						{
+						if (BIO_printf(bp,"%02X",
+							bs->data[i]) <= 0)
+							goto end;
+						}
+					if (bs->length == 0)
+						{
+						if (BIO_write(bp,"00",2) <= 0)
+							goto end;
+						}
+					}
+				else
+					{
+					if (BIO_write(bp,"BAD ENUMERATED",11) <= 0)
+						goto end;
+					}
+				ASN1_ENUMERATED_free(bs);
+				}
+
+			if (!nl) 
+				{
+				if (BIO_write(bp,"\n",1) <= 0) goto end;
+				}
+			p+=len;
+			if ((tag == V_ASN1_EOC) && (xclass == 0))
+				{
+				ret=2; /* End of sequence */
+				goto end;
+				}
+			}
+		length-=len;
+		}
+	ret=1;
+end:
+	if (o != NULL) ASN1_OBJECT_free(o);
+	if (os != NULL) ASN1_OCTET_STRING_free(os);
+	*pp=p;
+	return(ret);
+	}
diff --git a/crypto/openssl/crypto/asn1/asn_pack.c b/crypto/openssl/crypto/asn1/asn_pack.c
new file mode 100644
index 000000000000..662a2626a196
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/asn_pack.c
@@ -0,0 +1,145 @@
+/* asn_pack.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+
+/* ASN1 packing and unpacking functions */
+
+/* Turn an ASN1 encoded SEQUENCE OF into a STACK of structures */
+
+STACK *ASN1_seq_unpack(unsigned char *buf, int len, char *(*d2i)(),
+	     void (*free_func)())
+{
+    STACK *sk;
+    unsigned char *pbuf;
+    pbuf =  buf;
+    if (!(sk = d2i_ASN1_SET(NULL, &pbuf, len, d2i, free_func,
+					V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL)))
+		 ASN1err(ASN1_F_ASN1_SEQ_UNPACK,ASN1_R_DECODE_ERROR);
+    return sk;
+}
+
+/* Turn a STACK structures into an ASN1 encoded SEQUENCE OF structure in a
+ * Malloc'ed buffer
+ */
+
+unsigned char *ASN1_seq_pack(STACK *safes, int (*i2d)(), unsigned char **buf,
+	     int *len)
+{
+	int safelen;
+	unsigned char *safe, *p;
+	if (!(safelen = i2d_ASN1_SET(safes, NULL, i2d, V_ASN1_SEQUENCE,
+					      V_ASN1_UNIVERSAL, IS_SEQUENCE))) {
+		ASN1err(ASN1_F_ASN1_SEQ_PACK,ASN1_R_ENCODE_ERROR);
+		return NULL;
+	}
+	if (!(safe = Malloc (safelen))) {
+		ASN1err(ASN1_F_ASN1_SEQ_PACK,ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+	p = safe;
+	i2d_ASN1_SET(safes, &p, i2d, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL,
+								 IS_SEQUENCE);
+	if (len) *len = safelen;
+	if (buf) *buf = safe;
+	return safe;
+}
+
+/* Extract an ASN1 object from an ASN1_STRING */
+
+void *ASN1_unpack_string (ASN1_STRING *oct, char *(*d2i)())
+{
+	unsigned char *p;
+	char *ret;
+
+	p = oct->data;
+	if(!(ret = d2i(NULL, &p, oct->length)))
+		ASN1err(ASN1_F_ASN1_UNPACK_STRING,ASN1_R_DECODE_ERROR);
+	return ret;
+}
+
+/* Pack an ASN1 object into an ASN1_STRING */
+
+ASN1_STRING *ASN1_pack_string (void *obj, int (*i2d)(), ASN1_STRING **oct)
+{
+	unsigned char *p;
+	ASN1_STRING *octmp;
+
+	if (!oct || !*oct) {
+		if (!(octmp = ASN1_STRING_new ())) {
+			ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE);
+			return NULL;
+		}
+		if (oct) *oct = octmp;
+	} else octmp = *oct;
+		
+	if (!(octmp->length = i2d(obj, NULL))) {
+		ASN1err(ASN1_F_ASN1_PACK_STRING,ASN1_R_ENCODE_ERROR);
+		return NULL;
+	}
+	if (!(p = Malloc (octmp->length))) {
+		ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+	octmp->data = p;
+	i2d (obj, &p);
+	return octmp;
+}
+
diff --git a/crypto/openssl/crypto/asn1/d2i_dhp.c b/crypto/openssl/crypto/asn1/d2i_dhp.c
new file mode 100644
index 000000000000..a077211a4c19
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/d2i_dhp.c
@@ -0,0 +1,101 @@
+/* crypto/asn1/d2i_dhp.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef NO_DH
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+#include 
+
+DH *d2i_DHparams(DH **a, unsigned char **pp, long length)
+	{
+	int i=ERR_R_NESTED_ASN1_ERROR;
+	ASN1_INTEGER *bs=NULL;
+	long v=0;
+	M_ASN1_D2I_vars(a,DH *,DH_new);
+
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
+	if ((ret->p=BN_bin2bn(bs->data,bs->length,ret->p)) == NULL) goto err_bn;
+	M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
+	if ((ret->g=BN_bin2bn(bs->data,bs->length,ret->g)) == NULL) goto err_bn;
+
+	if (!M_ASN1_D2I_end_sequence())
+		{
+		M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
+		for (i=0; ilength; i++)
+			v=(v<<8)|(bs->data[i]);
+		ret->length=(int)v;
+		}
+
+	ASN1_BIT_STRING_free(bs);
+
+	M_ASN1_D2I_Finish_2(a);
+
+err_bn:
+	i=ERR_R_BN_LIB;
+err:
+	ASN1err(ASN1_F_D2I_DHPARAMS,i);
+	if ((ret != NULL) && ((a == NULL) || (*a != ret))) DH_free(ret);
+	if (bs != NULL) ASN1_BIT_STRING_free(bs);
+	return(NULL);
+	}
+#endif
diff --git a/crypto/openssl/crypto/asn1/d2i_dsap.c b/crypto/openssl/crypto/asn1/d2i_dsap.c
new file mode 100644
index 000000000000..cdd7136f512a
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/d2i_dsap.c
@@ -0,0 +1,98 @@
+/* crypto/asn1/d2i_dsap.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef NO_DSA
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+#include 
+
+#ifdef NEG_PUBKEY_BUG
+#define d2i_ASN1_INTEGER d2i_ASN1_UINTEGER
+#endif
+
+DSA *d2i_DSAparams(DSA **a, unsigned char **pp, long length)
+	{
+	int i=ERR_R_NESTED_ASN1_ERROR;
+	ASN1_INTEGER *bs=NULL;
+	M_ASN1_D2I_vars(a,DSA *,DSA_new);
+
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
+	if ((ret->p=BN_bin2bn(bs->data,bs->length,ret->p)) == NULL) goto err_bn;
+	M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
+	if ((ret->q=BN_bin2bn(bs->data,bs->length,ret->q)) == NULL) goto err_bn;
+	M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
+	if ((ret->g=BN_bin2bn(bs->data,bs->length,ret->g)) == NULL) goto err_bn;
+
+	ASN1_BIT_STRING_free(bs);
+
+	M_ASN1_D2I_Finish_2(a);
+
+err_bn:
+	i=ERR_R_BN_LIB;
+err:
+	ASN1err(ASN1_F_D2I_DSAPARAMS,i);
+	if ((ret != NULL) && ((a == NULL) || (*a != ret))) DSA_free(ret);
+	if (bs != NULL) ASN1_BIT_STRING_free(bs);
+	return(NULL);
+	}
+#endif
diff --git a/crypto/openssl/crypto/asn1/d2i_pr.c b/crypto/openssl/crypto/asn1/d2i_pr.c
new file mode 100644
index 000000000000..f3d1aa6240ec
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/d2i_pr.c
@@ -0,0 +1,114 @@
+/* crypto/asn1/d2i_pr.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+#include 
+
+EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, unsigned char **pp,
+	     long length)
+	{
+	EVP_PKEY *ret;
+
+	if ((a == NULL) || (*a == NULL))
+		{
+		if ((ret=EVP_PKEY_new()) == NULL)
+			{
+			ASN1err(ASN1_F_D2I_PRIVATEKEY,ERR_R_EVP_LIB);
+			return(NULL);
+			}
+		}
+	else	ret= *a;
+
+	ret->save_type=type;
+	ret->type=EVP_PKEY_type(type);
+	switch (ret->type)
+		{
+#ifndef NO_RSA
+	case EVP_PKEY_RSA:
+		if ((ret->pkey.rsa=d2i_RSAPrivateKey(NULL,pp,length)) == NULL)
+			{
+			ASN1err(ASN1_F_D2I_PRIVATEKEY,ERR_R_ASN1_LIB);
+			goto err;
+			}
+		break;
+#endif
+#ifndef NO_DSA
+	case EVP_PKEY_DSA:
+		if ((ret->pkey.dsa=d2i_DSAPrivateKey(NULL,pp,length)) == NULL)
+			{
+			ASN1err(ASN1_F_D2I_PRIVATEKEY,ERR_R_ASN1_LIB);
+			goto err;
+			}
+		break;
+#endif
+	default:
+		ASN1err(ASN1_F_D2I_PRIVATEKEY,ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE);
+		goto err;
+		/* break; */
+		}
+	if (a != NULL) (*a)=ret;
+	return(ret);
+err:
+	if ((ret != NULL) && ((a == NULL) || (*a != ret))) EVP_PKEY_free(ret);
+	return(NULL);
+	}
+
diff --git a/crypto/openssl/crypto/asn1/d2i_pu.c b/crypto/openssl/crypto/asn1/d2i_pu.c
new file mode 100644
index 000000000000..e0d203cef735
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/d2i_pu.c
@@ -0,0 +1,114 @@
+/* crypto/asn1/d2i_pu.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+#include 
+
+EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, unsigned char **pp,
+	     long length)
+	{
+	EVP_PKEY *ret;
+
+	if ((a == NULL) || (*a == NULL))
+		{
+		if ((ret=EVP_PKEY_new()) == NULL)
+			{
+			ASN1err(ASN1_F_D2I_PUBLICKEY,ERR_R_EVP_LIB);
+			return(NULL);
+			}
+		}
+	else	ret= *a;
+
+	ret->save_type=type;
+	ret->type=EVP_PKEY_type(type);
+	switch (ret->type)
+		{
+#ifndef NO_RSA
+	case EVP_PKEY_RSA:
+		if ((ret->pkey.rsa=d2i_RSAPublicKey(NULL,pp,length)) == NULL)
+			{
+			ASN1err(ASN1_F_D2I_PUBLICKEY,ERR_R_ASN1_LIB);
+			goto err;
+			}
+		break;
+#endif
+#ifndef NO_DSA
+	case EVP_PKEY_DSA:
+		if ((ret->pkey.dsa=d2i_DSAPublicKey(NULL,pp,length)) == NULL)
+			{
+			ASN1err(ASN1_F_D2I_PUBLICKEY,ERR_R_ASN1_LIB);
+			goto err;
+			}
+		break;
+#endif
+	default:
+		ASN1err(ASN1_F_D2I_PUBLICKEY,ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE);
+		goto err;
+		/* break; */
+		}
+	if (a != NULL) (*a)=ret;
+	return(ret);
+err:
+	if ((ret != NULL) && ((a == NULL) || (*a != ret))) EVP_PKEY_free(ret);
+	return(NULL);
+	}
+
diff --git a/crypto/openssl/crypto/asn1/d2i_r_pr.c b/crypto/openssl/crypto/asn1/d2i_r_pr.c
new file mode 100644
index 000000000000..18f11b6f5efe
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/d2i_r_pr.c
@@ -0,0 +1,121 @@
+/* crypto/asn1/d2i_r_pr.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef NO_RSA
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+#include 
+
+static ASN1_METHOD method={
+        (int (*)())  i2d_RSAPrivateKey,
+        (char *(*)())d2i_RSAPrivateKey,
+        (char *(*)())RSA_new,
+        (void (*)()) RSA_free};
+
+ASN1_METHOD *RSAPrivateKey_asn1_meth(void)
+	{
+	return(&method);
+	}
+
+RSA *d2i_RSAPrivateKey(RSA **a, unsigned char **pp, long length)
+	{
+	int i=ASN1_R_PARSING;
+	ASN1_INTEGER *bs=NULL;
+	M_ASN1_D2I_vars(a,RSA *,RSA_new);
+
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
+	if (bs->length == 0)
+		ret->version=0;
+	else	ret->version=bs->data[0];
+	M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
+	if ((ret->n=BN_bin2bn(bs->data,bs->length,ret->n)) == NULL) goto err_bn;
+	M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
+	if ((ret->e=BN_bin2bn(bs->data,bs->length,ret->e)) == NULL) goto err_bn;
+	M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
+	if ((ret->d=BN_bin2bn(bs->data,bs->length,ret->d)) == NULL) goto err_bn;
+	M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
+	if ((ret->p=BN_bin2bn(bs->data,bs->length,ret->p)) == NULL) goto err_bn;
+	M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
+	if ((ret->q=BN_bin2bn(bs->data,bs->length,ret->q)) == NULL) goto err_bn;
+	M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
+	if ((ret->dmp1=BN_bin2bn(bs->data,bs->length,ret->dmp1)) == NULL)
+		goto err_bn;
+	M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
+	if ((ret->dmq1=BN_bin2bn(bs->data,bs->length,ret->dmq1)) == NULL)
+		goto err_bn;
+	M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
+	if ((ret->iqmp=BN_bin2bn(bs->data,bs->length,ret->iqmp)) == NULL)
+		goto err_bn;
+
+	ASN1_INTEGER_free(bs);
+
+	M_ASN1_D2I_Finish_2(a);
+err_bn:
+	i=ERR_R_BN_LIB;
+err:
+	ASN1err(ASN1_F_D2I_RSAPRIVATEKEY,i);
+	if ((ret != NULL) && ((a == NULL) || (*a != ret))) RSA_free(ret);
+	if (bs != NULL) ASN1_INTEGER_free(bs);
+	return(NULL);
+	}
+#endif
diff --git a/crypto/openssl/crypto/asn1/d2i_r_pu.c b/crypto/openssl/crypto/asn1/d2i_r_pu.c
new file mode 100644
index 000000000000..c4ae58b59439
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/d2i_r_pu.c
@@ -0,0 +1,97 @@
+/* crypto/asn1/d2i_r_pu.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef NO_RSA
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+#include 
+
+#ifdef NEG_PUBKEY_BUG
+#define d2i_ASN1_INTEGER d2i_ASN1_UINTEGER
+#endif
+
+RSA *d2i_RSAPublicKey(RSA **a, unsigned char **pp, long length)
+	{
+	int i=ASN1_R_PARSING;
+	ASN1_INTEGER *bs=NULL;
+	M_ASN1_D2I_vars(a,RSA *,RSA_new);
+
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
+	if ((ret->n=BN_bin2bn(bs->data,bs->length,ret->n)) == NULL) goto err_bn;
+	M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
+	if ((ret->e=BN_bin2bn(bs->data,bs->length,ret->e)) == NULL) goto err_bn;
+
+	ASN1_INTEGER_free(bs);
+	bs=NULL;
+
+	M_ASN1_D2I_Finish_2(a);
+
+err_bn:
+	i=ERR_R_BN_LIB;
+err:
+	ASN1err(ASN1_F_D2I_RSAPUBLICKEY,i);
+	if ((ret != NULL) && ((a == NULL) || (*a != ret))) RSA_free(ret);
+	if (bs != NULL) ASN1_INTEGER_free(bs);
+	return(NULL);
+	}
+#endif
diff --git a/crypto/openssl/crypto/asn1/d2i_s_pr.c b/crypto/openssl/crypto/asn1/d2i_s_pr.c
new file mode 100644
index 000000000000..050e1cc5fb21
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/d2i_s_pr.c
@@ -0,0 +1,105 @@
+/* crypto/asn1/d2i_s_pr.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* Original version from Steven Schoch  */
+
+#ifndef NO_DSA
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+#include 
+
+DSA *d2i_DSAPrivateKey(DSA **a, unsigned char **pp, long length)
+	{
+	int i=ASN1_R_PARSING;
+	ASN1_INTEGER *bs=NULL;
+	M_ASN1_D2I_vars(a,DSA *,DSA_new);
+
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
+	if (bs->length == 0)
+		ret->version=0;
+	else	ret->version=bs->data[0];
+	M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
+	if ((ret->p=BN_bin2bn(bs->data,bs->length,ret->p)) == NULL) goto err_bn;
+	M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
+	if ((ret->q=BN_bin2bn(bs->data,bs->length,ret->q)) == NULL) goto err_bn;
+	M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
+	if ((ret->g=BN_bin2bn(bs->data,bs->length,ret->g)) == NULL) goto err_bn;
+	M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
+	if ((ret->pub_key=BN_bin2bn(bs->data,bs->length,ret->pub_key))
+		== NULL) goto err_bn;
+	M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
+	if ((ret->priv_key=BN_bin2bn(bs->data,bs->length,ret->priv_key))
+		== NULL) goto err_bn;
+
+	ASN1_INTEGER_free(bs);
+
+	M_ASN1_D2I_Finish_2(a);
+err_bn:
+	i=ERR_R_BN_LIB;
+err:
+	ASN1err(ASN1_F_D2I_DSAPRIVATEKEY,i);
+	if ((ret != NULL) && ((a == NULL) || (*a != ret))) DSA_free(ret);
+	if (bs != NULL) ASN1_INTEGER_free(bs);
+	return(NULL);
+	}
+#endif
diff --git a/crypto/openssl/crypto/asn1/d2i_s_pu.c b/crypto/openssl/crypto/asn1/d2i_s_pu.c
new file mode 100644
index 000000000000..94ea1c313b68
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/d2i_s_pu.c
@@ -0,0 +1,121 @@
+/* crypto/asn1/d2i_s_pu.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* Original version from Steven Schoch  */
+
+#ifndef NO_DSA
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+#include 
+
+#ifdef NEG_PUBKEY_BUG
+#define d2i_ASN1_INTEGER d2i_ASN1_UINTEGER
+#endif
+
+DSA *d2i_DSAPublicKey(DSA **a, unsigned char **pp, long length)
+	{
+	int i=ASN1_R_PARSING;
+	ASN1_INTEGER *bs=NULL;
+	M_ASN1_D2I_vars(a,DSA *,DSA_new);
+
+	M_ASN1_D2I_Init();
+	if ((length != 0) && ((M_ASN1_next & (~V_ASN1_CONSTRUCTED))
+		== (V_ASN1_UNIVERSAL|(V_ASN1_INTEGER))))
+		{
+		c.slen=length;
+		M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
+		if ((ret->pub_key=BN_bin2bn(bs->data,bs->length,ret->pub_key))
+                        == NULL)
+                        goto err_bn;
+		ret->write_params=0;
+		}
+	else
+		{
+		M_ASN1_D2I_start_sequence();
+		M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
+		if ((ret->pub_key=BN_bin2bn(bs->data,bs->length,ret->pub_key))
+			== NULL)
+			goto err_bn;
+		M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
+		if ((ret->p=BN_bin2bn(bs->data,bs->length,ret->p)) == NULL)
+			goto err_bn;
+		M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
+		if ((ret->q=BN_bin2bn(bs->data,bs->length,ret->q)) == NULL)
+			goto err_bn;
+		M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
+		if ((ret->g=BN_bin2bn(bs->data,bs->length,ret->g)) == NULL)
+			goto err_bn;
+
+		ret->write_params=1;
+		}
+
+	ASN1_INTEGER_free(bs);
+	bs=NULL;
+	M_ASN1_D2I_Finish_2(a);
+err_bn:
+	i=ERR_R_BN_LIB;
+err:
+	ASN1err(ASN1_F_D2I_DSAPUBLICKEY,i);
+	if ((ret != NULL) && ((a == NULL) || (*a != ret))) DSA_free(ret);
+	if (bs != NULL) ASN1_INTEGER_free(bs);
+	return(NULL);
+	}
+#endif
diff --git a/crypto/openssl/crypto/asn1/evp_asn1.c b/crypto/openssl/crypto/asn1/evp_asn1.c
new file mode 100644
index 000000000000..41ced49c1906
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/evp_asn1.c
@@ -0,0 +1,185 @@
+/* crypto/asn1/evp_asn1.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+
+int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len)
+	{
+	ASN1_STRING *os;
+
+	if ((os=ASN1_OCTET_STRING_new()) == NULL) return(0);
+	if (!ASN1_OCTET_STRING_set(os,data,len)) return(0);
+	ASN1_TYPE_set(a,V_ASN1_OCTET_STRING,os);
+	return(1);
+	}
+
+/* int max_len:  for returned value    */
+int ASN1_TYPE_get_octetstring(ASN1_TYPE *a, unsigned char *data,
+	     int max_len)
+	{
+	int ret,num;
+	unsigned char *p;
+
+	if ((a->type != V_ASN1_OCTET_STRING) || (a->value.octet_string == NULL))
+		{
+		ASN1err(ASN1_F_ASN1_TYPE_GET_OCTETSTRING,ASN1_R_DATA_IS_WRONG);
+		return(-1);
+		}
+	p=ASN1_STRING_data(a->value.octet_string);
+	ret=ASN1_STRING_length(a->value.octet_string);
+	if (ret < max_len)
+		num=ret;
+	else
+		num=max_len;
+	memcpy(data,p,num);
+	return(ret);
+	}
+
+int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num, unsigned char *data,
+	     int len)
+	{
+	int n,size;
+	ASN1_OCTET_STRING os,*osp;
+	ASN1_INTEGER in;
+	unsigned char *p;
+	unsigned char buf[32]; /* when they have 256bit longs, 
+				* I'll be in trouble */
+	in.data=buf;
+	in.length=32;
+	os.data=data;
+	os.type=V_ASN1_OCTET_STRING;
+	os.length=len;
+	ASN1_INTEGER_set(&in,num);
+	n =  i2d_ASN1_INTEGER(&in,NULL);
+	n+=M_i2d_ASN1_OCTET_STRING(&os,NULL);
+
+	size=ASN1_object_size(1,n,V_ASN1_SEQUENCE);
+
+	if ((osp=ASN1_STRING_new()) == NULL) return(0);
+	/* Grow the 'string' */
+	ASN1_STRING_set(osp,NULL,size);
+
+	ASN1_STRING_length(osp)=size;
+	p=ASN1_STRING_data(osp);
+
+	ASN1_put_object(&p,1,n,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
+	  i2d_ASN1_INTEGER(&in,&p);
+	M_i2d_ASN1_OCTET_STRING(&os,&p);
+
+	ASN1_TYPE_set(a,V_ASN1_SEQUENCE,osp);
+	return(1);
+	}
+
+/* we return the actual length..., num may be missing, in which
+ * case, set it to zero */
+/* int max_len:  for returned value    */
+int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a, long *num, unsigned char *data,
+	     int max_len)
+	{
+	int ret= -1,n;
+	ASN1_INTEGER *ai=NULL;
+	ASN1_OCTET_STRING *os=NULL;
+	unsigned char *p;
+	long length;
+	ASN1_CTX c;
+
+	if ((a->type != V_ASN1_SEQUENCE) || (a->value.sequence == NULL))
+		{
+		goto err;
+		}
+	p=ASN1_STRING_data(a->value.sequence);
+	length=ASN1_STRING_length(a->value.sequence);
+
+	c.pp= &p;
+	c.p=p;
+	c.max=p+length;
+	c.error=ASN1_R_DATA_IS_WRONG;
+
+	M_ASN1_D2I_start_sequence();
+	c.q=c.p;
+	if ((ai=d2i_ASN1_INTEGER(NULL,&c.p,c.slen)) == NULL) goto err;
+        c.slen-=(c.p-c.q);
+	c.q=c.p;
+	if ((os=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL) goto err;
+        c.slen-=(c.p-c.q);
+	if (!M_ASN1_D2I_end_sequence()) goto err;
+
+	if (num != NULL)
+		*num=ASN1_INTEGER_get(ai);
+
+	ret=ASN1_STRING_length(os);
+	if (max_len > ret)
+		n=ret;
+	else
+		n=max_len;
+
+	if (data != NULL)
+		memcpy(data,ASN1_STRING_data(os),n);
+	if (0)
+		{
+err:
+		ASN1err(ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING,ASN1_R_DATA_IS_WRONG);
+		}
+	if (os != NULL) ASN1_OCTET_STRING_free(os);
+	if (ai != NULL) ASN1_INTEGER_free(ai);
+	return(ret);
+	}
+
diff --git a/crypto/openssl/crypto/asn1/f.c b/crypto/openssl/crypto/asn1/f.c
new file mode 100644
index 000000000000..82bccdfd5109
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/f.c
@@ -0,0 +1,80 @@
+/* crypto/asn1/f.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include 
+#include 
+#include 
+
+main()
+	{
+	ASN1_TYPE *at;
+	char buf[512];
+	int n;
+	long l;
+
+	at=ASN1_TYPE_new();
+
+	n=ASN1_TYPE_set_int_octetstring(at,98736,"01234567",8);
+	printf("%d\n",n);
+	n=ASN1_TYPE_get_int_octetstring(at,&l,buf,8);
+	buf[8]='\0';
+	printf("%ld %d %d\n",l,n,buf[8]);
+	buf[8]='\0';
+	printf("%s\n",buf);
+	ERR_load_crypto_strings();
+	ERR_print_errors_fp(stderr);
+	}
diff --git a/crypto/openssl/crypto/asn1/f_enum.c b/crypto/openssl/crypto/asn1/f_enum.c
new file mode 100644
index 000000000000..3bcceecdb850
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/f_enum.c
@@ -0,0 +1,207 @@
+/* crypto/asn1/f_enum.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+
+/* Based on a_int.c: equivalent ENUMERATED functions */
+
+int i2a_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *a)
+	{
+	int i,n=0;
+	static const char *h="0123456789ABCDEF";
+	char buf[2];
+
+	if (a == NULL) return(0);
+
+	if (a->length == 0)
+		{
+		if (BIO_write(bp,"00",2) != 2) goto err;
+		n=2;
+		}
+	else
+		{
+		for (i=0; ilength; i++)
+			{
+			if ((i != 0) && (i%35 == 0))
+				{
+				if (BIO_write(bp,"\\\n",2) != 2) goto err;
+				n+=2;
+				}
+			buf[0]=h[((unsigned char)a->data[i]>>4)&0x0f];
+			buf[1]=h[((unsigned char)a->data[i]   )&0x0f];
+			if (BIO_write(bp,buf,2) != 2) goto err;
+			n+=2;
+			}
+		}
+	return(n);
+err:
+	return(-1);
+	}
+
+int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size)
+	{
+	int ret=0;
+	int i,j,k,m,n,again,bufsize;
+	unsigned char *s=NULL,*sp;
+	unsigned char *bufp;
+	int num=0,slen=0,first=1;
+
+	bs->type=V_ASN1_ENUMERATED;
+
+	bufsize=BIO_gets(bp,buf,size);
+	for (;;)
+		{
+		if (bufsize < 1) goto err_sl;
+		i=bufsize;
+		if (buf[i-1] == '\n') buf[--i]='\0';
+		if (i == 0) goto err_sl;
+		if (buf[i-1] == '\r') buf[--i]='\0';
+		if (i == 0) goto err_sl;
+		again=(buf[i-1] == '\\');
+
+		for (j=0; j= '0') && (buf[j] <= '9')) ||
+				((buf[j] >= 'a') && (buf[j] <= 'f')) ||
+				((buf[j] >= 'A') && (buf[j] <= 'F'))))
+				{
+				i=j;
+				break;
+				}
+			}
+		buf[i]='\0';
+		/* We have now cleared all the crap off the end of the
+		 * line */
+		if (i < 2) goto err_sl;
+
+		bufp=(unsigned char *)buf;
+		if (first)
+			{
+			first=0;
+			if ((bufp[0] == '0') && (buf[1] == '0'))
+				{
+				bufp+=2;
+				i-=2;
+				}
+			}
+		k=0;
+		i-=again;
+		if (i%2 != 0)
+			{
+			ASN1err(ASN1_F_A2I_ASN1_ENUMERATED,ASN1_R_ODD_NUMBER_OF_CHARS);
+			goto err;
+			}
+		i/=2;
+		if (num+i > slen)
+			{
+			if (s == NULL)
+				sp=(unsigned char *)Malloc(
+					(unsigned int)num+i*2);
+			else
+				sp=(unsigned char *)Realloc(s,
+					(unsigned int)num+i*2);
+			if (sp == NULL)
+				{
+				ASN1err(ASN1_F_A2I_ASN1_ENUMERATED,ERR_R_MALLOC_FAILURE);
+				if (s != NULL) Free((char *)s);
+				goto err;
+				}
+			s=sp;
+			slen=num+i*2;
+			}
+		for (j=0; j= '0') && (m <= '9'))
+					m-='0';
+				else if ((m >= 'a') && (m <= 'f'))
+					m=m-'a'+10;
+				else if ((m >= 'A') && (m <= 'F'))
+					m=m-'A'+10;
+				else
+					{
+					ASN1err(ASN1_F_A2I_ASN1_ENUMERATED,ASN1_R_NON_HEX_CHARACTERS);
+					goto err;
+					}
+				s[num+j]<<=4;
+				s[num+j]|=m;
+				}
+			}
+		num+=i;
+		if (again)
+			bufsize=BIO_gets(bp,buf,size);
+		else
+			break;
+		}
+	bs->length=num;
+	bs->data=s;
+	ret=1;
+err:
+	if (0)
+		{
+err_sl:
+		ASN1err(ASN1_F_A2I_ASN1_ENUMERATED,ASN1_R_SHORT_LINE);
+		}
+	return(ret);
+	}
+
diff --git a/crypto/openssl/crypto/asn1/f_int.c b/crypto/openssl/crypto/asn1/f_int.c
new file mode 100644
index 000000000000..55560dd814ad
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/f_int.c
@@ -0,0 +1,214 @@
+/* crypto/asn1/f_int.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+
+int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a)
+	{
+	int i,n=0;
+	static const char *h="0123456789ABCDEF";
+	char buf[2];
+
+	if (a == NULL) return(0);
+
+	if (a->length == 0)
+		{
+		if (BIO_write(bp,"00",2) != 2) goto err;
+		n=2;
+		}
+	else
+		{
+		for (i=0; ilength; i++)
+			{
+			if ((i != 0) && (i%35 == 0))
+				{
+				if (BIO_write(bp,"\\\n",2) != 2) goto err;
+				n+=2;
+				}
+			buf[0]=h[((unsigned char)a->data[i]>>4)&0x0f];
+			buf[1]=h[((unsigned char)a->data[i]   )&0x0f];
+			if (BIO_write(bp,buf,2) != 2) goto err;
+			n+=2;
+			}
+		}
+	return(n);
+err:
+	return(-1);
+	}
+
+int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size)
+	{
+	int ret=0;
+	int i,j,k,m,n,again,bufsize;
+	unsigned char *s=NULL,*sp;
+	unsigned char *bufp;
+	int num=0,slen=0,first=1;
+
+	bs->type=V_ASN1_INTEGER;
+
+	bufsize=BIO_gets(bp,buf,size);
+	for (;;)
+		{
+		if (bufsize < 1) goto err_sl;
+		i=bufsize;
+		if (buf[i-1] == '\n') buf[--i]='\0';
+		if (i == 0) goto err_sl;
+		if (buf[i-1] == '\r') buf[--i]='\0';
+		if (i == 0) goto err_sl;
+		again=(buf[i-1] == '\\');
+
+		for (j=0; j= '0') && (buf[j] <= '9')) ||
+				((buf[j] >= 'a') && (buf[j] <= 'f')) ||
+				((buf[j] >= 'A') && (buf[j] <= 'F'))))
+#else
+			/* This #ifdef is not strictly necessary, since
+			 * the characters A...F a...f 0...9 are contiguous
+			 * (yes, even in EBCDIC - but not the whole alphabet).
+			 * Nevertheless, isxdigit() is faster.
+			 */
+			if (!isxdigit(buf[j]))
+#endif
+				{
+				i=j;
+				break;
+				}
+			}
+		buf[i]='\0';
+		/* We have now cleared all the crap off the end of the
+		 * line */
+		if (i < 2) goto err_sl;
+
+		bufp=(unsigned char *)buf;
+		if (first)
+			{
+			first=0;
+			if ((bufp[0] == '0') && (buf[1] == '0'))
+				{
+				bufp+=2;
+				i-=2;
+				}
+			}
+		k=0;
+		i-=again;
+		if (i%2 != 0)
+			{
+			ASN1err(ASN1_F_A2I_ASN1_INTEGER,ASN1_R_ODD_NUMBER_OF_CHARS);
+			goto err;
+			}
+		i/=2;
+		if (num+i > slen)
+			{
+			if (s == NULL)
+				sp=(unsigned char *)Malloc(
+					(unsigned int)num+i*2);
+			else
+				sp=(unsigned char *)Realloc(s,
+					(unsigned int)num+i*2);
+			if (sp == NULL)
+				{
+				ASN1err(ASN1_F_A2I_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
+				if (s != NULL) Free((char *)s);
+				goto err;
+				}
+			s=sp;
+			slen=num+i*2;
+			}
+		for (j=0; j= '0') && (m <= '9'))
+					m-='0';
+				else if ((m >= 'a') && (m <= 'f'))
+					m=m-'a'+10;
+				else if ((m >= 'A') && (m <= 'F'))
+					m=m-'A'+10;
+				else
+					{
+					ASN1err(ASN1_F_A2I_ASN1_INTEGER,ASN1_R_NON_HEX_CHARACTERS);
+					goto err;
+					}
+				s[num+j]<<=4;
+				s[num+j]|=m;
+				}
+			}
+		num+=i;
+		if (again)
+			bufsize=BIO_gets(bp,buf,size);
+		else
+			break;
+		}
+	bs->length=num;
+	bs->data=s;
+	ret=1;
+err:
+	if (0)
+		{
+err_sl:
+		ASN1err(ASN1_F_A2I_ASN1_INTEGER,ASN1_R_SHORT_LINE);
+		}
+	return(ret);
+	}
+
diff --git a/crypto/openssl/crypto/asn1/f_string.c b/crypto/openssl/crypto/asn1/f_string.c
new file mode 100644
index 000000000000..5d0cf5a46d4d
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/f_string.c
@@ -0,0 +1,212 @@
+/* crypto/asn1/f_string.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+
+int i2a_ASN1_STRING(BIO *bp, ASN1_STRING *a, int type)
+	{
+	int i,n=0;
+	static const char *h="0123456789ABCDEF";
+	char buf[2];
+
+	if (a == NULL) return(0);
+
+	if (a->length == 0)
+		{
+		if (BIO_write(bp,"0",1) != 1) goto err;
+		n=1;
+		}
+	else
+		{
+		for (i=0; ilength; i++)
+			{
+			if ((i != 0) && (i%35 == 0))
+				{
+				if (BIO_write(bp,"\\\n",2) != 2) goto err;
+				n+=2;
+				}
+			buf[0]=h[((unsigned char)a->data[i]>>4)&0x0f];
+			buf[1]=h[((unsigned char)a->data[i]   )&0x0f];
+			if (BIO_write(bp,buf,2) != 2) goto err;
+			n+=2;
+			}
+		}
+	return(n);
+err:
+	return(-1);
+	}
+
+int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size)
+	{
+	int ret=0;
+	int i,j,k,m,n,again,bufsize;
+	unsigned char *s=NULL,*sp;
+	unsigned char *bufp;
+	int num=0,slen=0,first=1;
+
+	bufsize=BIO_gets(bp,buf,size);
+	for (;;)
+		{
+		if (bufsize < 1)
+			{
+			if (first)
+				break;
+			else
+				goto err_sl;
+			}
+		first=0;
+
+		i=bufsize;
+		if (buf[i-1] == '\n') buf[--i]='\0';
+		if (i == 0) goto err_sl;
+		if (buf[i-1] == '\r') buf[--i]='\0';
+		if (i == 0) goto err_sl;
+		again=(buf[i-1] == '\\');
+
+		for (j=i-1; j>0; j--)
+			{
+#ifndef CHARSET_EBCDIC
+			if (!(	((buf[j] >= '0') && (buf[j] <= '9')) ||
+				((buf[j] >= 'a') && (buf[j] <= 'f')) ||
+				((buf[j] >= 'A') && (buf[j] <= 'F'))))
+#else
+			/* This #ifdef is not strictly necessary, since
+			 * the characters A...F a...f 0...9 are contiguous
+			 * (yes, even in EBCDIC - but not the whole alphabet).
+			 * Nevertheless, isxdigit() is faster.
+			 */
+			if (!isxdigit(buf[j]))
+#endif
+				{
+				i=j;
+				break;
+				}
+			}
+		buf[i]='\0';
+		/* We have now cleared all the crap off the end of the
+		 * line */
+		if (i < 2) goto err_sl;
+
+		bufp=(unsigned char *)buf;
+
+		k=0;
+		i-=again;
+		if (i%2 != 0)
+			{
+			ASN1err(ASN1_F_A2I_ASN1_STRING,ASN1_R_ODD_NUMBER_OF_CHARS);
+			goto err;
+			}
+		i/=2;
+		if (num+i > slen)
+			{
+			if (s == NULL)
+				sp=(unsigned char *)Malloc(
+					(unsigned int)num+i*2);
+			else
+				sp=(unsigned char *)Realloc(s,
+					(unsigned int)num+i*2);
+			if (sp == NULL)
+				{
+				ASN1err(ASN1_F_A2I_ASN1_STRING,ERR_R_MALLOC_FAILURE);
+				if (s != NULL) Free((char *)s);
+				goto err;
+				}
+			s=sp;
+			slen=num+i*2;
+			}
+		for (j=0; j= '0') && (m <= '9'))
+					m-='0';
+				else if ((m >= 'a') && (m <= 'f'))
+					m=m-'a'+10;
+				else if ((m >= 'A') && (m <= 'F'))
+					m=m-'A'+10;
+				else
+					{
+					ASN1err(ASN1_F_A2I_ASN1_STRING,ASN1_R_NON_HEX_CHARACTERS);
+					goto err;
+					}
+				s[num+j]<<=4;
+				s[num+j]|=m;
+				}
+			}
+		num+=i;
+		if (again)
+			bufsize=BIO_gets(bp,buf,size);
+		else
+			break;
+		}
+	bs->length=num;
+	bs->data=s;
+	ret=1;
+err:
+	if (0)
+		{
+err_sl:
+		ASN1err(ASN1_F_A2I_ASN1_STRING,ASN1_R_SHORT_LINE);
+		}
+	return(ret);
+	}
+
diff --git a/crypto/openssl/crypto/asn1/i2d_dhp.c b/crypto/openssl/crypto/asn1/i2d_dhp.c
new file mode 100644
index 000000000000..fdda4ec41bcc
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/i2d_dhp.c
@@ -0,0 +1,128 @@
+/* crypto/asn1/i2d_dhp.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef NO_DH
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+
+int i2d_DHparams(DH *a, unsigned char **pp)
+	{
+	BIGNUM *num[3];
+	ASN1_INTEGER bs;
+	unsigned int j,i,tot=0,len,max=0;
+	int t,ret= -1;
+	unsigned char *p;
+
+	if (a == NULL) return(0);
+	num[0]=a->p;
+	num[1]=a->g;
+	if (a->length != 0)
+		{
+		if ((num[2]=BN_new()) == NULL) goto err;
+		if (!BN_set_word(num[2],a->length)) goto err;
+		}
+	else	
+		num[2]=NULL;
+
+	for (i=0; i<3; i++)
+		{
+		if (num[i] == NULL) continue;
+		j=BN_num_bits(num[i]);
+		len=((j == 0)?0:((j/8)+1));
+		if (len > max) max=len;
+		len=ASN1_object_size(0,len,
+			(num[i]->neg)?V_ASN1_NEG_INTEGER:V_ASN1_INTEGER);
+		tot+=len;
+		}
+
+	t=ASN1_object_size(1,tot,V_ASN1_SEQUENCE);
+	if (pp == NULL)
+		{
+		if (num[2] != NULL)
+			BN_free(num[2]);
+		return(t);
+		}
+
+	p= *pp;
+	ASN1_put_object(&p,1,tot,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
+
+	bs.type=V_ASN1_INTEGER;
+	bs.data=(unsigned char *)Malloc(max+4);
+	if (bs.data == NULL)
+		{
+		ASN1err(ASN1_F_I2D_DHPARAMS,ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+
+	for (i=0; i<3; i++)
+		{
+		if (num[i] == NULL) continue;
+		bs.length=BN_bn2bin(num[i],bs.data);
+		i2d_ASN1_INTEGER(&bs,&p);
+		}
+	Free((char *)bs.data);
+	ret=t;
+err:
+	if (num[2] != NULL) BN_free(num[2]);
+	*pp=p;
+	return(ret);
+	}
+#endif
diff --git a/crypto/openssl/crypto/asn1/i2d_dsap.c b/crypto/openssl/crypto/asn1/i2d_dsap.c
new file mode 100644
index 000000000000..f36f0da4e2e7
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/i2d_dsap.c
@@ -0,0 +1,117 @@
+/* crypto/asn1/i2d_dsap.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef NO_DSA
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+
+int i2d_DSAparams(DSA *a, unsigned char **pp)
+	{
+	BIGNUM *num[3];
+	ASN1_INTEGER bs;
+	unsigned int j,i,tot=0,len,max=0;
+	int t,ret= -1;
+	unsigned char *p;
+
+	if (a == NULL) return(0);
+	num[0]=a->p;
+	num[1]=a->q;
+	num[2]=a->g;
+
+	for (i=0; i<3; i++)
+		{
+		if (num[i] == NULL) continue;
+		j=BN_num_bits(num[i]);
+		len=((j == 0)?0:((j/8)+1));
+		if (len > max) max=len;
+		len=ASN1_object_size(0,len,
+			(num[i]->neg)?V_ASN1_NEG_INTEGER:V_ASN1_INTEGER);
+		tot+=len;
+		}
+
+	t=ASN1_object_size(1,tot,V_ASN1_SEQUENCE);
+	if (pp == NULL) return(t);
+
+	p= *pp;
+	ASN1_put_object(&p,1,tot,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
+
+	bs.type=V_ASN1_INTEGER;
+	bs.data=(unsigned char *)Malloc(max+4);
+	if (bs.data == NULL)
+		{
+		ASN1err(ASN1_F_I2D_DSAPARAMS,ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+
+	for (i=0; i<3; i++)
+		{
+		if (num[i] == NULL) continue;
+		bs.length=BN_bn2bin(num[i],bs.data);
+		i2d_ASN1_INTEGER(&bs,&p);
+		}
+	Free((char *)bs.data);
+	ret=t;
+err:
+	*pp=p;
+	return(ret);
+	}
+#endif
+
diff --git a/crypto/openssl/crypto/asn1/i2d_pr.c b/crypto/openssl/crypto/asn1/i2d_pr.c
new file mode 100644
index 000000000000..71d6910204a1
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/i2d_pr.c
@@ -0,0 +1,84 @@
+/* crypto/asn1/i2d_pr.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+
+int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp)
+	{
+#ifndef NO_RSA
+	if (a->type == EVP_PKEY_RSA)
+		{
+		return(i2d_RSAPrivateKey(a->pkey.rsa,pp));
+		}
+	else
+#endif
+#ifndef NO_DSA
+	if (a->type == EVP_PKEY_DSA)
+		{
+		return(i2d_DSAPrivateKey(a->pkey.dsa,pp));
+		}
+#endif
+
+	ASN1err(ASN1_F_I2D_PRIVATEKEY,ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
+	return(-1);
+	}
+
diff --git a/crypto/openssl/crypto/asn1/i2d_pu.c b/crypto/openssl/crypto/asn1/i2d_pu.c
new file mode 100644
index 000000000000..8f73d37d033b
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/i2d_pu.c
@@ -0,0 +1,82 @@
+/* crypto/asn1/i2d_pu.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+
+int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp)
+	{
+	switch (a->type)
+		{
+#ifndef NO_RSA
+	case EVP_PKEY_RSA:
+		return(i2d_RSAPublicKey(a->pkey.rsa,pp));
+#endif
+#ifndef NO_DSA
+	case EVP_PKEY_DSA:
+		return(i2d_DSAPublicKey(a->pkey.dsa,pp));
+#endif
+	default:
+		ASN1err(ASN1_F_I2D_PUBLICKEY,ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
+		return(-1);
+		}
+	}
+
diff --git a/crypto/openssl/crypto/asn1/i2d_r_pr.c b/crypto/openssl/crypto/asn1/i2d_r_pr.c
new file mode 100644
index 000000000000..27e6844a7f60
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/i2d_r_pr.c
@@ -0,0 +1,127 @@
+/* crypto/asn1/i2d_r_pr.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef NO_RSA
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+#include 
+
+int i2d_RSAPrivateKey(RSA *a, unsigned char **pp)
+	{
+	BIGNUM *num[9];
+	unsigned char data[1];
+	ASN1_INTEGER bs;
+	unsigned int j,i,tot,t,len,max=0;
+	unsigned char *p;
+
+	if (a == NULL) return(0);
+
+	num[1]=a->n;
+	num[2]=a->e;
+	num[3]=a->d;
+	num[4]=a->p;
+	num[5]=a->q;
+	num[6]=a->dmp1;
+	num[7]=a->dmq1;
+	num[8]=a->iqmp;
+
+	bs.length=1;
+	bs.data=data;
+	bs.type=V_ASN1_INTEGER;
+	data[0]=a->version&0x7f;
+
+	tot=i2d_ASN1_INTEGER(&(bs),NULL);
+	for (i=1; i<9; i++)
+		{
+		j=BN_num_bits(num[i]);
+		len=((j == 0)?0:((j/8)+1));
+		if (len > max) max=len;
+		len=ASN1_object_size(0,len,
+			(num[i]->neg)?V_ASN1_NEG_INTEGER:V_ASN1_INTEGER);
+		tot+=len;
+		}
+
+	t=ASN1_object_size(1,tot,V_ASN1_SEQUENCE);
+	if (pp == NULL) return(t);
+
+	p= *pp;
+	ASN1_put_object(&p,1,tot,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
+
+	i2d_ASN1_INTEGER(&bs,&p);
+
+	bs.data=(unsigned char *)Malloc(max+4);
+	if (bs.data == NULL)
+		{
+		ASN1err(ASN1_F_I2D_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE);
+		return(-1);
+		}
+
+	for (i=1; i<9; i++)
+		{
+		bs.length=BN_bn2bin(num[i],bs.data);
+		i2d_ASN1_INTEGER(&bs,&p);
+		}
+	Free((char *)bs.data);
+	*pp=p;
+	return(t);
+	}
+#endif
+
diff --git a/crypto/openssl/crypto/asn1/i2d_r_pu.c b/crypto/openssl/crypto/asn1/i2d_r_pu.c
new file mode 100644
index 000000000000..6d01bfa8b5ec
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/i2d_r_pu.c
@@ -0,0 +1,112 @@
+/* crypto/asn1/i2d_r_pu.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef NO_RSA
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+#include 
+
+int i2d_RSAPublicKey(RSA *a, unsigned char **pp)
+	{
+	BIGNUM *num[2];
+	ASN1_INTEGER bs;
+	unsigned int j,i,tot=0,len,max=0,t;
+	unsigned char *p;
+
+	if (a == NULL) return(0);
+
+	num[0]=a->n;
+	num[1]=a->e;
+
+	for (i=0; i<2; i++)
+		{
+		j=BN_num_bits(num[i]);
+		len=((j == 0)?0:((j/8)+1));
+		if (len > max) max=len;
+		len=ASN1_object_size(0,len,
+			(num[i]->neg)?V_ASN1_NEG_INTEGER:V_ASN1_INTEGER);
+		tot+=len;
+		}
+
+	t=ASN1_object_size(1,tot,V_ASN1_SEQUENCE);
+	if (pp == NULL) return(t);
+
+	p= *pp;
+	ASN1_put_object(&p,1,tot,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
+
+	bs.type=V_ASN1_INTEGER;
+	bs.data=(unsigned char *)Malloc(max+4);
+	if (bs.data == NULL)
+		{
+		ASN1err(ASN1_F_I2D_RSAPUBLICKEY,ERR_R_MALLOC_FAILURE);
+		return(-1);
+		}
+
+	for (i=0; i<2; i++)
+		{
+		bs.length=BN_bn2bin(num[i],bs.data);
+		i2d_ASN1_INTEGER(&bs,&p);
+		}
+	Free((char *)bs.data);
+	*pp=p;
+	return(t);
+	}
+#endif
diff --git a/crypto/openssl/crypto/asn1/i2d_s_pr.c b/crypto/openssl/crypto/asn1/i2d_s_pr.c
new file mode 100644
index 000000000000..5d3dcdf1979a
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/i2d_s_pr.c
@@ -0,0 +1,123 @@
+/* crypto/asn1/i2d_s_pr.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef NO_DSA
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+#include 
+
+int i2d_DSAPrivateKey(DSA *a, unsigned char **pp)
+	{
+	BIGNUM *num[6];
+	unsigned char data[1];
+	ASN1_INTEGER bs;
+	unsigned int j,i,tot,t,len,max=0;
+	unsigned char *p;
+
+	if (a == NULL) return(0);
+
+	num[1]=a->p;
+	num[2]=a->q;
+	num[3]=a->g;
+	num[4]=a->pub_key;
+	num[5]=a->priv_key;
+
+	bs.length=1;
+	bs.data=data;
+	bs.type=V_ASN1_INTEGER;
+	data[0]=a->version&0x7f;
+
+	tot=i2d_ASN1_INTEGER(&(bs),NULL);
+	for (i=1; i<6; i++)
+		{
+		j=BN_num_bits(num[i]);
+		len=((j == 0)?0:((j/8)+1));
+		if (len > max) max=len;
+		len=ASN1_object_size(0,len,
+			(num[i]->neg)?V_ASN1_NEG_INTEGER:V_ASN1_INTEGER);
+		tot+=len;
+		}
+
+	t=ASN1_object_size(1,tot,V_ASN1_SEQUENCE);
+	if (pp == NULL) return(t);
+
+	p= *pp;
+	ASN1_put_object(&p,1,tot,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
+
+	i2d_ASN1_INTEGER(&bs,&p);
+
+	bs.data=(unsigned char *)Malloc(max+4);
+	if (bs.data == NULL)
+		{
+		ASN1err(ASN1_F_I2D_DSAPRIVATEKEY,ERR_R_MALLOC_FAILURE);
+		return(-1);
+		}
+
+	for (i=1; i<6; i++)
+		{
+		bs.length=BN_bn2bin(num[i],bs.data);
+		i2d_ASN1_INTEGER(&bs,&p);
+		}
+	Free((char *)bs.data);
+	*pp=p;
+	return(t);
+	}
+#endif
diff --git a/crypto/openssl/crypto/asn1/i2d_s_pu.c b/crypto/openssl/crypto/asn1/i2d_s_pu.c
new file mode 100644
index 000000000000..18f790f74651
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/i2d_s_pu.c
@@ -0,0 +1,129 @@
+/* crypto/asn1/i2d_s_pu.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef NO_DSA
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+#include 
+
+int i2d_DSAPublicKey(DSA *a, unsigned char **pp)
+	{
+	BIGNUM *num[4];
+	ASN1_INTEGER bs;
+	unsigned int j,i,tot=0,len,max=0,t=0,all,n=1;
+	unsigned char *p;
+
+	if (a == NULL) return(0);
+
+	all=a->write_params;
+
+	num[0]=a->pub_key;
+	if (all)
+		{
+		num[1]=a->p;
+		num[2]=a->q;
+		num[3]=a->g;
+		n=4;
+		}
+
+	for (i=0; i max) max=len;
+		len=ASN1_object_size(0,len,
+			(num[i]->neg)?V_ASN1_NEG_INTEGER:V_ASN1_INTEGER);
+		tot+=len;
+		}
+
+	if (all)
+		{
+		t=ASN1_object_size(1,tot,V_ASN1_SEQUENCE);
+		if (pp == NULL) return(t);
+		}
+	else
+		{
+		if (pp == NULL) return(tot);
+		}
+
+	p= *pp;
+	if (all)
+		ASN1_put_object(&p,1,tot,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
+
+	bs.type=V_ASN1_INTEGER;
+	bs.data=(unsigned char *)Malloc(max+4);
+	if (bs.data == NULL)
+		{
+		ASN1err(ASN1_F_I2D_DSAPUBLICKEY,ERR_R_MALLOC_FAILURE);
+		return(-1);
+		}
+
+	for (i=0; i
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+#include 
+#include 
+
+
+#ifndef NO_RC4
+
+typedef struct netscape_pkey_st
+	{
+	ASN1_INTEGER *version;
+	X509_ALGOR *algor;
+	ASN1_OCTET_STRING *private_key;
+	} NETSCAPE_PKEY;
+
+static int i2d_NETSCAPE_PKEY(NETSCAPE_PKEY *a, unsigned char **pp);
+static NETSCAPE_PKEY *d2i_NETSCAPE_PKEY(NETSCAPE_PKEY **a,unsigned char **pp, long length);
+static NETSCAPE_PKEY *NETSCAPE_PKEY_new(void);
+static void NETSCAPE_PKEY_free(NETSCAPE_PKEY *);
+
+int i2d_Netscape_RSA(RSA *a, unsigned char **pp, int (*cb)())
+	{
+	int i,j,l[6];
+	NETSCAPE_PKEY *pkey;
+	unsigned char buf[256],*zz;
+	unsigned char key[EVP_MAX_KEY_LENGTH];
+	EVP_CIPHER_CTX ctx;
+	X509_ALGOR *alg=NULL;
+	ASN1_OCTET_STRING os,os2;
+	M_ASN1_I2D_vars(a);
+
+	if (a == NULL) return(0);
+
+#ifdef WIN32
+	r=r; /* shut the damn compiler up :-) */
+#endif
+
+	os.data=os2.data=NULL;
+	if ((pkey=NETSCAPE_PKEY_new()) == NULL) goto err;
+	if (!ASN1_INTEGER_set(pkey->version,0)) goto err;
+
+	if (pkey->algor->algorithm != NULL)
+		ASN1_OBJECT_free(pkey->algor->algorithm);
+	pkey->algor->algorithm=OBJ_nid2obj(NID_rsaEncryption);
+	if ((pkey->algor->parameter=ASN1_TYPE_new()) == NULL) goto err;
+	pkey->algor->parameter->type=V_ASN1_NULL;
+
+	l[0]=i2d_RSAPrivateKey(a,NULL);
+	pkey->private_key->length=l[0];
+
+	os2.length=i2d_NETSCAPE_PKEY(pkey,NULL);
+	l[1]=i2d_ASN1_OCTET_STRING(&os2,NULL);
+
+	if ((alg=X509_ALGOR_new()) == NULL) goto err;
+	if (alg->algorithm != NULL)
+		ASN1_OBJECT_free(alg->algorithm);
+	alg->algorithm=OBJ_nid2obj(NID_rc4);
+	if ((alg->parameter=ASN1_TYPE_new()) == NULL) goto err;
+	alg->parameter->type=V_ASN1_NULL;
+
+	l[2]=i2d_X509_ALGOR(alg,NULL);
+	l[3]=ASN1_object_size(1,l[2]+l[1],V_ASN1_SEQUENCE);
+
+#ifndef CONST_STRICT
+	os.data=(unsigned char *)"private-key";
+#endif
+	os.length=11;
+	l[4]=i2d_ASN1_OCTET_STRING(&os,NULL);
+
+	l[5]=ASN1_object_size(1,l[4]+l[3],V_ASN1_SEQUENCE);
+
+	if (pp == NULL)
+		{
+		if (pkey != NULL) NETSCAPE_PKEY_free(pkey);
+		if (alg != NULL) X509_ALGOR_free(alg);
+		return(l[5]);
+		}
+
+	if (pkey->private_key->data != NULL)
+		Free((char *)pkey->private_key->data);
+	if ((pkey->private_key->data=(unsigned char *)Malloc(l[0])) == NULL)
+		{
+		ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+	zz=pkey->private_key->data;
+	i2d_RSAPrivateKey(a,&zz);
+
+	if ((os2.data=(unsigned char *)Malloc(os2.length)) == NULL)
+		{
+		ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+	zz=os2.data;
+	i2d_NETSCAPE_PKEY(pkey,&zz);
+		
+	if (cb == NULL)
+		cb=EVP_read_pw_string;
+	i=cb(buf,256,"Enter Private Key password:",1);
+	if (i != 0)
+		{
+		ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ASN1_R_BAD_PASSWORD_READ);
+		goto err;
+		}
+	EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,
+		strlen((char *)buf),1,key,NULL);
+	memset(buf,0,256);
+
+	EVP_CIPHER_CTX_init(&ctx);
+	EVP_EncryptInit(&ctx,EVP_rc4(),key,NULL);
+	EVP_EncryptUpdate(&ctx,os2.data,&i,os2.data,os2.length);
+	EVP_EncryptFinal(&ctx,&(os2.data[i]),&j);
+	EVP_CIPHER_CTX_cleanup(&ctx);
+
+	p= *pp;
+	ASN1_put_object(&p,1,l[4]+l[3],V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
+	i2d_ASN1_OCTET_STRING(&os,&p);
+	ASN1_put_object(&p,1,l[2]+l[1],V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
+	i2d_X509_ALGOR(alg,&p);
+	i2d_ASN1_OCTET_STRING(&os2,&p);
+	ret=l[5];
+err:
+	if (os2.data != NULL) Free(os2.data);
+	if (alg != NULL) X509_ALGOR_free(alg);
+	if (pkey != NULL) NETSCAPE_PKEY_free(pkey);
+	r=r;
+	return(ret);
+	}
+
+RSA *d2i_Netscape_RSA(RSA **a, unsigned char **pp, long length, int (*cb)())
+	{
+	RSA *ret=NULL;
+	ASN1_OCTET_STRING *os=NULL;
+	ASN1_CTX c;
+
+	c.pp=pp;
+	c.error=ASN1_R_DECODING_ERROR;
+
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get(os,d2i_ASN1_OCTET_STRING);
+	if ((os->length != 11) || (strncmp("private-key",
+		(char *)os->data,os->length) != 0))
+		{
+		ASN1err(ASN1_F_D2I_NETSCAPE_RSA,ASN1_R_PRIVATE_KEY_HEADER_MISSING);
+		ASN1_BIT_STRING_free(os);
+		goto err;
+		}
+	ASN1_BIT_STRING_free(os);
+	c.q=c.p;
+	if ((ret=d2i_Netscape_RSA_2(a,&c.p,c.slen,cb)) == NULL) goto err;
+	c.slen-=(c.p-c.q);
+
+	M_ASN1_D2I_Finish(a,RSA_free,ASN1_F_D2I_NETSCAPE_RSA);
+	}
+
+RSA *d2i_Netscape_RSA_2(RSA **a, unsigned char **pp, long length,
+	     int (*cb)())
+	{
+	NETSCAPE_PKEY *pkey=NULL;
+	RSA *ret=NULL;
+	int i,j;
+	unsigned char buf[256],*zz;
+	unsigned char key[EVP_MAX_KEY_LENGTH];
+	EVP_CIPHER_CTX ctx;
+	X509_ALGOR *alg=NULL;
+	ASN1_OCTET_STRING *os=NULL;
+	ASN1_CTX c;
+
+	c.error=ERR_R_NESTED_ASN1_ERROR;
+	c.pp=pp;
+
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get(alg,d2i_X509_ALGOR);
+	if (OBJ_obj2nid(alg->algorithm) != NID_rc4)
+		{
+		ASN1err(ASN1_F_D2I_NETSCAPE_RSA_2,ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM);
+		goto err;
+		}
+	M_ASN1_D2I_get(os,d2i_ASN1_OCTET_STRING);
+	if (cb == NULL)
+		cb=EVP_read_pw_string;
+	i=cb(buf,256,"Enter Private Key password:",0);
+	if (i != 0)
+		{
+		ASN1err(ASN1_F_D2I_NETSCAPE_RSA_2,ASN1_R_BAD_PASSWORD_READ);
+		goto err;
+		}
+
+	EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,
+		strlen((char *)buf),1,key,NULL);
+	memset(buf,0,256);
+
+	EVP_CIPHER_CTX_init(&ctx);
+	EVP_DecryptInit(&ctx,EVP_rc4(),key,NULL);
+	EVP_DecryptUpdate(&ctx,os->data,&i,os->data,os->length);
+	EVP_DecryptFinal(&ctx,&(os->data[i]),&j);
+	EVP_CIPHER_CTX_cleanup(&ctx);
+	os->length=i+j;
+
+	zz=os->data;
+
+	if ((pkey=d2i_NETSCAPE_PKEY(NULL,&zz,os->length)) == NULL)
+		{
+		ASN1err(ASN1_F_D2I_NETSCAPE_RSA_2,ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY);
+		goto err;
+		}
+		
+	zz=pkey->private_key->data;
+	if ((ret=d2i_RSAPrivateKey(a,&zz,pkey->private_key->length)) == NULL)
+		{
+		ASN1err(ASN1_F_D2I_NETSCAPE_RSA_2,ASN1_R_UNABLE_TO_DECODE_RSA_KEY);
+		goto err;
+		}
+	if (!asn1_Finish(&c)) goto err;
+	*pp=c.p;
+err:
+	if (pkey != NULL) NETSCAPE_PKEY_free(pkey);
+	if (os != NULL) ASN1_BIT_STRING_free(os);
+	if (alg != NULL) X509_ALGOR_free(alg);
+	return(ret);
+	}
+
+static int i2d_NETSCAPE_PKEY(NETSCAPE_PKEY *a, unsigned char **pp)
+	{
+	M_ASN1_I2D_vars(a);
+
+
+	M_ASN1_I2D_len(a->version,	i2d_ASN1_INTEGER);
+	M_ASN1_I2D_len(a->algor,	i2d_X509_ALGOR);
+	M_ASN1_I2D_len(a->private_key,	i2d_ASN1_OCTET_STRING);
+
+	M_ASN1_I2D_seq_total();
+
+	M_ASN1_I2D_put(a->version,	i2d_ASN1_INTEGER);
+	M_ASN1_I2D_put(a->algor,	i2d_X509_ALGOR);
+	M_ASN1_I2D_put(a->private_key,	i2d_ASN1_OCTET_STRING);
+
+	M_ASN1_I2D_finish();
+	}
+
+static NETSCAPE_PKEY *d2i_NETSCAPE_PKEY(NETSCAPE_PKEY **a, unsigned char **pp,
+	     long length)
+	{
+	M_ASN1_D2I_vars(a,NETSCAPE_PKEY *,NETSCAPE_PKEY_new);
+
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get(ret->version,d2i_ASN1_INTEGER);
+	M_ASN1_D2I_get(ret->algor,d2i_X509_ALGOR);
+	M_ASN1_D2I_get(ret->private_key,d2i_ASN1_OCTET_STRING);
+	M_ASN1_D2I_Finish(a,NETSCAPE_PKEY_free,ASN1_F_D2I_NETSCAPE_PKEY);
+	}
+
+static NETSCAPE_PKEY *NETSCAPE_PKEY_new(void)
+	{
+	NETSCAPE_PKEY *ret=NULL;
+	ASN1_CTX c;
+
+	M_ASN1_New_Malloc(ret,NETSCAPE_PKEY);
+	M_ASN1_New(ret->version,ASN1_INTEGER_new);
+	M_ASN1_New(ret->algor,X509_ALGOR_new);
+	M_ASN1_New(ret->private_key,ASN1_OCTET_STRING_new);
+	return(ret);
+	M_ASN1_New_Error(ASN1_F_NETSCAPE_PKEY_NEW);
+	}
+
+static void NETSCAPE_PKEY_free(NETSCAPE_PKEY *a)
+	{
+	if (a == NULL) return;
+	ASN1_INTEGER_free(a->version);
+	X509_ALGOR_free(a->algor);
+	ASN1_OCTET_STRING_free(a->private_key);
+	Free((char *)a);
+	}
+
+#endif /* NO_RC4 */
+#endif
diff --git a/crypto/openssl/crypto/asn1/nsseq.c b/crypto/openssl/crypto/asn1/nsseq.c
new file mode 100644
index 000000000000..417d024b8117
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/nsseq.c
@@ -0,0 +1,118 @@
+/* nsseq.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+/* Netscape certificate sequence structure */
+
+int i2d_NETSCAPE_CERT_SEQUENCE(NETSCAPE_CERT_SEQUENCE *a, unsigned char **pp)
+{
+	int v = 0;
+	M_ASN1_I2D_vars(a);
+	M_ASN1_I2D_len (a->type, i2d_ASN1_OBJECT);
+	M_ASN1_I2D_len_EXP_SEQUENCE_opt_type(X509,a->certs,i2d_X509,0,
+					     V_ASN1_SEQUENCE,v);
+
+	M_ASN1_I2D_seq_total();
+
+	M_ASN1_I2D_put (a->type, i2d_ASN1_OBJECT);
+	M_ASN1_I2D_put_EXP_SEQUENCE_opt_type(X509,a->certs,i2d_X509,0,
+					     V_ASN1_SEQUENCE,v);
+
+	M_ASN1_I2D_finish();
+}
+
+NETSCAPE_CERT_SEQUENCE *NETSCAPE_CERT_SEQUENCE_new(void)
+{
+	NETSCAPE_CERT_SEQUENCE *ret=NULL;
+	ASN1_CTX c;
+	M_ASN1_New_Malloc(ret, NETSCAPE_CERT_SEQUENCE);
+	/* Note hardcoded object type */
+	ret->type = OBJ_nid2obj(NID_netscape_cert_sequence);
+	ret->certs = NULL;
+	return (ret);
+	M_ASN1_New_Error(ASN1_F_NETSCAPE_CERT_SEQUENCE_NEW);
+}
+
+NETSCAPE_CERT_SEQUENCE *d2i_NETSCAPE_CERT_SEQUENCE(NETSCAPE_CERT_SEQUENCE **a,
+	     unsigned char **pp, long length)
+{
+	M_ASN1_D2I_vars(a,NETSCAPE_CERT_SEQUENCE *,
+					NETSCAPE_CERT_SEQUENCE_new);
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get (ret->type, d2i_ASN1_OBJECT);
+	M_ASN1_D2I_get_EXP_set_opt_type(X509,ret->certs,d2i_X509,X509_free,0,
+					V_ASN1_SEQUENCE);
+	M_ASN1_D2I_Finish(a, NETSCAPE_CERT_SEQUENCE_free,
+			  ASN1_F_D2I_NETSCAPE_CERT_SEQUENCE);
+}
+
+void NETSCAPE_CERT_SEQUENCE_free (NETSCAPE_CERT_SEQUENCE *a)
+{
+	if (a == NULL) return;
+	ASN1_OBJECT_free(a->type);
+	if(a->certs)
+	    sk_X509_pop_free(a->certs, X509_free);
+	Free (a);
+}
diff --git a/crypto/openssl/crypto/asn1/p5_pbe.c b/crypto/openssl/crypto/asn1/p5_pbe.c
new file mode 100644
index 000000000000..b831836e7b08
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/p5_pbe.c
@@ -0,0 +1,156 @@
+/* p5_pbe.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+
+/* PKCS#5 password based encryption structure */
+
+int i2d_PBEPARAM(PBEPARAM *a, unsigned char **pp)
+{
+	M_ASN1_I2D_vars(a);
+	M_ASN1_I2D_len (a->salt, i2d_ASN1_OCTET_STRING);
+	M_ASN1_I2D_len (a->iter, i2d_ASN1_INTEGER);
+
+	M_ASN1_I2D_seq_total ();
+
+	M_ASN1_I2D_put (a->salt, i2d_ASN1_OCTET_STRING);
+	M_ASN1_I2D_put (a->iter, i2d_ASN1_INTEGER);
+	M_ASN1_I2D_finish();
+}
+
+PBEPARAM *PBEPARAM_new(void)
+{
+	PBEPARAM *ret=NULL;
+	ASN1_CTX c;
+	M_ASN1_New_Malloc(ret, PBEPARAM);
+	M_ASN1_New(ret->iter,ASN1_INTEGER_new);
+	M_ASN1_New(ret->salt,ASN1_OCTET_STRING_new);
+	return (ret);
+	M_ASN1_New_Error(ASN1_F_PBEPARAM_NEW);
+}
+
+PBEPARAM *d2i_PBEPARAM(PBEPARAM **a, unsigned char **pp, long length)
+{
+	M_ASN1_D2I_vars(a,PBEPARAM *,PBEPARAM_new);
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get (ret->salt, d2i_ASN1_OCTET_STRING);
+	M_ASN1_D2I_get (ret->iter, d2i_ASN1_INTEGER);
+	M_ASN1_D2I_Finish(a, PBEPARAM_free, ASN1_F_D2I_PBEPARAM);
+}
+
+void PBEPARAM_free (PBEPARAM *a)
+{
+	if(a==NULL) return;
+	ASN1_OCTET_STRING_free(a->salt);
+	ASN1_INTEGER_free (a->iter);
+	Free ((char *)a);
+}
+
+/* Return an algorithm identifier for a PKCS#5 PBE algorithm */
+
+X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt,
+	     int saltlen)
+{
+	PBEPARAM *pbe;
+	ASN1_OBJECT *al;
+	X509_ALGOR *algor;
+	ASN1_TYPE *astype;
+
+	if (!(pbe = PBEPARAM_new ())) {
+		ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+	if(iter <= 0) iter = PKCS5_DEFAULT_ITER;
+	ASN1_INTEGER_set (pbe->iter, iter);
+	if (!saltlen) saltlen = PKCS5_SALT_LEN;
+	if (!(pbe->salt->data = Malloc (saltlen))) {
+		ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+	pbe->salt->length = saltlen;
+	if (salt) memcpy (pbe->salt->data, salt, saltlen);
+	else RAND_bytes (pbe->salt->data, saltlen);
+
+	if (!(astype = ASN1_TYPE_new())) {
+		ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+
+	astype->type = V_ASN1_SEQUENCE;
+	if(!ASN1_pack_string(pbe, i2d_PBEPARAM, &astype->value.sequence)) {
+		ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+	PBEPARAM_free (pbe);
+	
+	al = OBJ_nid2obj(alg); /* never need to free al */
+	if (!(algor = X509_ALGOR_new())) {
+		ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+	ASN1_OBJECT_free(algor->algorithm);
+	algor->algorithm = al;
+	algor->parameter = astype;
+
+	return (algor);
+}
diff --git a/crypto/openssl/crypto/asn1/p5_pbev2.c b/crypto/openssl/crypto/asn1/p5_pbev2.c
new file mode 100644
index 000000000000..09f4bf61121b
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/p5_pbev2.c
@@ -0,0 +1,274 @@
+/* p5_pbev2.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+
+/* PKCS#5 v2.0 password based encryption structures */
+
+int i2d_PBE2PARAM(PBE2PARAM *a, unsigned char **pp)
+{
+	M_ASN1_I2D_vars(a);
+	M_ASN1_I2D_len (a->keyfunc, i2d_X509_ALGOR);
+	M_ASN1_I2D_len (a->encryption, i2d_X509_ALGOR);
+
+	M_ASN1_I2D_seq_total ();
+
+	M_ASN1_I2D_put (a->keyfunc, i2d_X509_ALGOR);
+	M_ASN1_I2D_put (a->encryption, i2d_X509_ALGOR);
+
+	M_ASN1_I2D_finish();
+}
+
+PBE2PARAM *PBE2PARAM_new(void)
+{
+	PBE2PARAM *ret=NULL;
+	ASN1_CTX c;
+	M_ASN1_New_Malloc(ret, PBE2PARAM);
+	M_ASN1_New(ret->keyfunc,X509_ALGOR_new);
+	M_ASN1_New(ret->encryption,X509_ALGOR_new);
+	return (ret);
+	M_ASN1_New_Error(ASN1_F_PBE2PARAM_NEW);
+}
+
+PBE2PARAM *d2i_PBE2PARAM(PBE2PARAM **a, unsigned char **pp, long length)
+{
+	M_ASN1_D2I_vars(a,PBE2PARAM *,PBE2PARAM_new);
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get (ret->keyfunc, d2i_X509_ALGOR);
+	M_ASN1_D2I_get (ret->encryption, d2i_X509_ALGOR);
+	M_ASN1_D2I_Finish(a, PBE2PARAM_free, ASN1_F_D2I_PBE2PARAM);
+}
+
+void PBE2PARAM_free (PBE2PARAM *a)
+{
+	if(a==NULL) return;
+	X509_ALGOR_free(a->keyfunc);
+	X509_ALGOR_free(a->encryption);
+	Free ((char *)a);
+}
+
+int i2d_PBKDF2PARAM(PBKDF2PARAM *a, unsigned char **pp)
+{
+	M_ASN1_I2D_vars(a);
+	M_ASN1_I2D_len (a->salt, i2d_ASN1_TYPE);
+	M_ASN1_I2D_len (a->iter, i2d_ASN1_INTEGER);
+	M_ASN1_I2D_len (a->keylength, i2d_ASN1_INTEGER);
+	M_ASN1_I2D_len (a->prf, i2d_X509_ALGOR);
+
+	M_ASN1_I2D_seq_total ();
+
+	M_ASN1_I2D_put (a->salt, i2d_ASN1_TYPE);
+	M_ASN1_I2D_put (a->iter, i2d_ASN1_INTEGER);
+	M_ASN1_I2D_put (a->keylength, i2d_ASN1_INTEGER);
+	M_ASN1_I2D_put (a->prf, i2d_X509_ALGOR);
+
+	M_ASN1_I2D_finish();
+}
+
+PBKDF2PARAM *PBKDF2PARAM_new(void)
+{
+	PBKDF2PARAM *ret=NULL;
+	ASN1_CTX c;
+	M_ASN1_New_Malloc(ret, PBKDF2PARAM);
+	M_ASN1_New(ret->salt, ASN1_TYPE_new);
+	M_ASN1_New(ret->iter, ASN1_INTEGER_new);
+	ret->keylength = NULL;
+	ret->prf = NULL;
+	return (ret);
+	M_ASN1_New_Error(ASN1_F_PBKDF2PARAM_NEW);
+}
+
+PBKDF2PARAM *d2i_PBKDF2PARAM(PBKDF2PARAM **a, unsigned char **pp,
+	     long length)
+{
+	M_ASN1_D2I_vars(a,PBKDF2PARAM *,PBKDF2PARAM_new);
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get (ret->salt, d2i_ASN1_TYPE);
+	M_ASN1_D2I_get (ret->iter, d2i_ASN1_INTEGER);
+	M_ASN1_D2I_get_opt (ret->keylength, d2i_ASN1_INTEGER, V_ASN1_INTEGER);
+	M_ASN1_D2I_get_opt (ret->prf, d2i_X509_ALGOR, V_ASN1_SEQUENCE);
+	M_ASN1_D2I_Finish(a, PBKDF2PARAM_free, ASN1_F_D2I_PBKDF2PARAM);
+}
+
+void PBKDF2PARAM_free (PBKDF2PARAM *a)
+{
+	if(a==NULL) return;
+	ASN1_TYPE_free(a->salt);
+	ASN1_INTEGER_free(a->iter);
+	ASN1_INTEGER_free(a->keylength);
+	X509_ALGOR_free(a->prf);
+	Free ((char *)a);
+}
+
+/* Return an algorithm identifier for a PKCS#5 v2.0 PBE algorithm:
+ * yes I know this is horrible!
+ */
+
+X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
+				 unsigned char *salt, int saltlen)
+{
+	X509_ALGOR *scheme = NULL, *kalg = NULL, *ret = NULL;
+	int alg_nid;
+	EVP_CIPHER_CTX ctx;
+	unsigned char iv[EVP_MAX_IV_LENGTH];
+	PBKDF2PARAM *kdf = NULL;
+	PBE2PARAM *pbe2 = NULL;
+	ASN1_OCTET_STRING *osalt = NULL;
+
+	if(!(pbe2 = PBE2PARAM_new())) goto merr;
+
+	/* Setup the AlgorithmIdentifier for the encryption scheme */
+	scheme = pbe2->encryption;
+
+	alg_nid = EVP_CIPHER_type(cipher);
+
+	scheme->algorithm = OBJ_nid2obj(alg_nid);
+	if(!(scheme->parameter = ASN1_TYPE_new())) goto merr;
+
+	/* Create random IV */
+	RAND_bytes(iv, EVP_CIPHER_iv_length(cipher));
+
+	/* Dummy cipherinit to just setup the IV */
+	EVP_CipherInit(&ctx, cipher, NULL, iv, 0);
+	if(EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) {
+		ASN1err(ASN1_F_PKCS5_PBE2_SET,
+					ASN1_R_ERROR_SETTING_CIPHER_PARAMS);
+		goto err;
+	}
+	EVP_CIPHER_CTX_cleanup(&ctx);
+
+	if(!(kdf = PBKDF2PARAM_new())) goto merr;
+	if(!(osalt = ASN1_OCTET_STRING_new())) goto merr;
+
+	if (!saltlen) saltlen = PKCS5_SALT_LEN;
+	if (!(osalt->data = Malloc (saltlen))) goto merr;
+	osalt->length = saltlen;
+	if (salt) memcpy (osalt->data, salt, saltlen);
+	else RAND_bytes (osalt->data, saltlen);
+
+	if(iter <= 0) iter = PKCS5_DEFAULT_ITER;
+	if(!ASN1_INTEGER_set(kdf->iter, iter)) goto merr;
+
+	/* Now include salt in kdf structure */
+	kdf->salt->value.octet_string = osalt;
+	kdf->salt->type = V_ASN1_OCTET_STRING;
+	osalt = NULL;
+
+	/* If its RC2 then we'd better setup the key length */
+
+	if(alg_nid == NID_rc2_cbc) {
+		if(!(kdf->keylength = ASN1_INTEGER_new())) goto merr;
+		if(!ASN1_INTEGER_set (kdf->keylength,
+				 EVP_CIPHER_key_length(cipher))) goto merr;
+	}
+
+	/* prf can stay NULL because we are using hmacWithSHA1 */
+
+	/* Now setup the PBE2PARAM keyfunc structure */
+
+	pbe2->keyfunc->algorithm = OBJ_nid2obj(NID_id_pbkdf2);
+
+	/* Encode PBKDF2PARAM into parameter of pbe2 */
+
+	if(!(pbe2->keyfunc->parameter = ASN1_TYPE_new())) goto merr;
+
+	if(!ASN1_pack_string(kdf, i2d_PBKDF2PARAM,
+			 &pbe2->keyfunc->parameter->value.sequence)) goto merr;
+	pbe2->keyfunc->parameter->type = V_ASN1_SEQUENCE;
+
+	PBKDF2PARAM_free(kdf);
+	kdf = NULL;
+
+	/* Now set up top level AlgorithmIdentifier */
+
+	if(!(ret = X509_ALGOR_new())) goto merr;
+	if(!(ret->parameter = ASN1_TYPE_new())) goto merr;
+
+	ret->algorithm = OBJ_nid2obj(NID_pbes2);
+
+	/* Encode PBE2PARAM into parameter */
+
+	if(!ASN1_pack_string(pbe2, i2d_PBE2PARAM,
+				 &ret->parameter->value.sequence)) goto merr;
+	ret->parameter->type = V_ASN1_SEQUENCE;
+
+	PBE2PARAM_free(pbe2);
+	pbe2 = NULL;
+
+	return ret;
+
+	merr:
+	ASN1err(ASN1_F_PKCS5_PBE2_SET,ERR_R_MALLOC_FAILURE);
+
+	err:
+	PBE2PARAM_free(pbe2);
+	/* Note 'scheme' is freed as part of pbe2 */
+	ASN1_OCTET_STRING_free(osalt);
+	PBKDF2PARAM_free(kdf);
+	X509_ALGOR_free(kalg);
+	X509_ALGOR_free(ret);
+
+	return NULL;
+
+}
diff --git a/crypto/openssl/crypto/asn1/p7_dgst.c b/crypto/openssl/crypto/asn1/p7_dgst.c
new file mode 100644
index 000000000000..62783a2b8de9
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/p7_dgst.c
@@ -0,0 +1,121 @@
+/* crypto/asn1/p7_dgst.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+
+int i2d_PKCS7_DIGEST(PKCS7_DIGEST *a, unsigned char **pp)
+	{
+	M_ASN1_I2D_vars(a);
+
+	M_ASN1_I2D_len(a->version,i2d_ASN1_INTEGER);
+	M_ASN1_I2D_len(a->md,i2d_X509_ALGOR);
+	M_ASN1_I2D_len(a->contents,i2d_PKCS7);
+	M_ASN1_I2D_len(a->digest,i2d_ASN1_OCTET_STRING);
+
+	M_ASN1_I2D_seq_total();
+
+	M_ASN1_I2D_put(a->version,i2d_ASN1_INTEGER);
+	M_ASN1_I2D_put(a->md,i2d_X509_ALGOR);
+	M_ASN1_I2D_put(a->contents,i2d_PKCS7);
+	M_ASN1_I2D_put(a->digest,i2d_ASN1_OCTET_STRING);
+
+	M_ASN1_I2D_finish();
+	}
+
+PKCS7_DIGEST *d2i_PKCS7_DIGEST(PKCS7_DIGEST **a, unsigned char **pp,
+	     long length)
+	{
+	M_ASN1_D2I_vars(a,PKCS7_DIGEST *,PKCS7_DIGEST_new);
+
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get(ret->version,d2i_ASN1_INTEGER);
+	M_ASN1_D2I_get(ret->md,d2i_X509_ALGOR);
+	M_ASN1_D2I_get(ret->contents,d2i_PKCS7);
+	M_ASN1_D2I_get(ret->digest,d2i_ASN1_OCTET_STRING);
+
+	M_ASN1_D2I_Finish(a,PKCS7_DIGEST_free,ASN1_F_D2I_PKCS7_DIGEST);
+	}
+
+PKCS7_DIGEST *PKCS7_DIGEST_new(void)
+	{
+	PKCS7_DIGEST *ret=NULL;
+	ASN1_CTX c;
+
+	M_ASN1_New_Malloc(ret,PKCS7_DIGEST);
+	M_ASN1_New(ret->version,ASN1_INTEGER_new);
+	M_ASN1_New(ret->md,X509_ALGOR_new);
+	M_ASN1_New(ret->contents,PKCS7_new);
+	M_ASN1_New(ret->digest,ASN1_OCTET_STRING_new);
+	return(ret);
+	M_ASN1_New_Error(ASN1_F_PKCS7_DIGEST_NEW);
+	}
+
+void PKCS7_DIGEST_free(PKCS7_DIGEST *a)
+	{
+	if (a == NULL) return;
+	ASN1_INTEGER_free(a->version);
+	X509_ALGOR_free(a->md);
+	PKCS7_free(a->contents);
+	ASN1_OCTET_STRING_free(a->digest);
+	Free((char *)a);
+	}
+
diff --git a/crypto/openssl/crypto/asn1/p7_enc.c b/crypto/openssl/crypto/asn1/p7_enc.c
new file mode 100644
index 000000000000..474112658704
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/p7_enc.c
@@ -0,0 +1,111 @@
+/* crypto/asn1/p7_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+
+int i2d_PKCS7_ENCRYPT(PKCS7_ENCRYPT *a, unsigned char **pp)
+	{
+	M_ASN1_I2D_vars(a);
+
+	M_ASN1_I2D_len(a->version,i2d_ASN1_INTEGER);
+	M_ASN1_I2D_len(a->enc_data,i2d_PKCS7_ENC_CONTENT);
+
+	M_ASN1_I2D_seq_total();
+
+	M_ASN1_I2D_put(a->version,i2d_ASN1_INTEGER);
+	M_ASN1_I2D_put(a->enc_data,i2d_PKCS7_ENC_CONTENT);
+
+	M_ASN1_I2D_finish();
+	}
+
+PKCS7_ENCRYPT *d2i_PKCS7_ENCRYPT(PKCS7_ENCRYPT **a, unsigned char **pp,
+	     long length)
+	{
+	M_ASN1_D2I_vars(a,PKCS7_ENCRYPT *,PKCS7_ENCRYPT_new);
+
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get(ret->version,d2i_ASN1_INTEGER);
+	M_ASN1_D2I_get(ret->enc_data,d2i_PKCS7_ENC_CONTENT);
+
+	M_ASN1_D2I_Finish(a,PKCS7_ENCRYPT_free,ASN1_F_D2I_PKCS7_ENCRYPT);
+	}
+
+PKCS7_ENCRYPT *PKCS7_ENCRYPT_new(void)
+	{
+	PKCS7_ENCRYPT *ret=NULL;
+	ASN1_CTX c;
+
+	M_ASN1_New_Malloc(ret,PKCS7_ENCRYPT);
+	M_ASN1_New(ret->version,ASN1_INTEGER_new);
+	M_ASN1_New(ret->enc_data,PKCS7_ENC_CONTENT_new);
+	return(ret);
+	M_ASN1_New_Error(ASN1_F_PKCS7_ENCRYPT_NEW);
+	}
+
+void PKCS7_ENCRYPT_free(PKCS7_ENCRYPT *a)
+	{
+	if (a == NULL) return;
+	ASN1_INTEGER_free(a->version);
+	PKCS7_ENC_CONTENT_free(a->enc_data);
+	Free((char *)a);
+	}
+
diff --git a/crypto/openssl/crypto/asn1/p7_enc_c.c b/crypto/openssl/crypto/asn1/p7_enc_c.c
new file mode 100644
index 000000000000..a832737a3829
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/p7_enc_c.c
@@ -0,0 +1,119 @@
+/* crypto/asn1/p7_enc_c.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+
+int i2d_PKCS7_ENC_CONTENT(PKCS7_ENC_CONTENT *a, unsigned char **pp)
+	{
+	M_ASN1_I2D_vars(a);
+
+	M_ASN1_I2D_len(a->content_type,i2d_ASN1_OBJECT);
+	M_ASN1_I2D_len(a->algorithm,i2d_X509_ALGOR);
+	M_ASN1_I2D_len_IMP_opt(a->enc_data,i2d_ASN1_OCTET_STRING);
+
+	M_ASN1_I2D_seq_total();
+
+	M_ASN1_I2D_put(a->content_type,i2d_ASN1_OBJECT);
+	M_ASN1_I2D_put(a->algorithm,i2d_X509_ALGOR);
+	M_ASN1_I2D_put_IMP_opt(a->enc_data,i2d_ASN1_OCTET_STRING,0);
+
+	M_ASN1_I2D_finish();
+	}
+
+PKCS7_ENC_CONTENT *d2i_PKCS7_ENC_CONTENT(PKCS7_ENC_CONTENT **a,
+	     unsigned char **pp, long length)
+	{
+	M_ASN1_D2I_vars(a,PKCS7_ENC_CONTENT *,PKCS7_ENC_CONTENT_new);
+
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get(ret->content_type,d2i_ASN1_OBJECT);
+	M_ASN1_D2I_get(ret->algorithm,d2i_X509_ALGOR);
+	M_ASN1_D2I_get_IMP_opt(ret->enc_data,d2i_ASN1_OCTET_STRING,0,
+		V_ASN1_OCTET_STRING);
+
+	M_ASN1_D2I_Finish(a,PKCS7_ENC_CONTENT_free,
+		ASN1_F_D2I_PKCS7_ENC_CONTENT);
+	}
+
+PKCS7_ENC_CONTENT *PKCS7_ENC_CONTENT_new(void)
+	{
+	PKCS7_ENC_CONTENT *ret=NULL;
+	ASN1_CTX c;
+
+	M_ASN1_New_Malloc(ret,PKCS7_ENC_CONTENT);
+	/* M_ASN1_New(ret->content_type,ASN1_OBJECT_new); */
+	ret->content_type=OBJ_nid2obj(NID_pkcs7_encrypted);
+	M_ASN1_New(ret->algorithm,X509_ALGOR_new);
+	ret->enc_data=NULL;
+	return(ret);
+	M_ASN1_New_Error(ASN1_F_PKCS7_ENC_CONTENT_NEW);
+	}
+
+void PKCS7_ENC_CONTENT_free(PKCS7_ENC_CONTENT *a)
+	{
+	if (a == NULL) return;
+	ASN1_OBJECT_free(a->content_type);
+	X509_ALGOR_free(a->algorithm);
+	ASN1_OCTET_STRING_free(a->enc_data);
+	Free((char *)a);
+	}
+
diff --git a/crypto/openssl/crypto/asn1/p7_evp.c b/crypto/openssl/crypto/asn1/p7_evp.c
new file mode 100644
index 000000000000..b2b3d50dcd80
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/p7_evp.c
@@ -0,0 +1,119 @@
+/* crypto/asn1/p7_evp.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+
+int i2d_PKCS7_ENVELOPE(PKCS7_ENVELOPE *a, unsigned char **pp)
+	{
+	M_ASN1_I2D_vars(a);
+
+	M_ASN1_I2D_len(a->version,i2d_ASN1_INTEGER);
+	M_ASN1_I2D_len_SET_type(PKCS7_RECIP_INFO,a->recipientinfo,
+				i2d_PKCS7_RECIP_INFO);
+	M_ASN1_I2D_len(a->enc_data,i2d_PKCS7_ENC_CONTENT);
+
+	M_ASN1_I2D_seq_total();
+
+	M_ASN1_I2D_put(a->version,i2d_ASN1_INTEGER);
+	M_ASN1_I2D_put_SET_type(PKCS7_RECIP_INFO,a->recipientinfo,
+				i2d_PKCS7_RECIP_INFO);
+	M_ASN1_I2D_put(a->enc_data,i2d_PKCS7_ENC_CONTENT);
+
+	M_ASN1_I2D_finish();
+	}
+
+PKCS7_ENVELOPE *d2i_PKCS7_ENVELOPE(PKCS7_ENVELOPE **a, unsigned char **pp,
+	     long length)
+	{
+	M_ASN1_D2I_vars(a,PKCS7_ENVELOPE *,PKCS7_ENVELOPE_new);
+
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get(ret->version,d2i_ASN1_INTEGER);
+	M_ASN1_D2I_get_set_type(PKCS7_RECIP_INFO,ret->recipientinfo,
+				d2i_PKCS7_RECIP_INFO,PKCS7_RECIP_INFO_free);
+	M_ASN1_D2I_get(ret->enc_data,d2i_PKCS7_ENC_CONTENT);
+
+	M_ASN1_D2I_Finish(a,PKCS7_ENVELOPE_free,ASN1_F_D2I_PKCS7_ENVELOPE);
+	}
+
+PKCS7_ENVELOPE *PKCS7_ENVELOPE_new(void)
+	{
+	PKCS7_ENVELOPE *ret=NULL;
+	ASN1_CTX c;
+
+	M_ASN1_New_Malloc(ret,PKCS7_ENVELOPE);
+	M_ASN1_New(ret->version,ASN1_INTEGER_new);
+	M_ASN1_New(ret->recipientinfo,sk_PKCS7_RECIP_INFO_new_null);
+	M_ASN1_New(ret->enc_data,PKCS7_ENC_CONTENT_new);
+	return(ret);
+	M_ASN1_New_Error(ASN1_F_PKCS7_ENVELOPE_NEW);
+	}
+
+void PKCS7_ENVELOPE_free(PKCS7_ENVELOPE *a)
+	{
+	if (a == NULL) return;
+	ASN1_INTEGER_free(a->version);
+	sk_PKCS7_RECIP_INFO_pop_free(a->recipientinfo,PKCS7_RECIP_INFO_free);
+	PKCS7_ENC_CONTENT_free(a->enc_data);
+	Free((char *)a);
+	}
+
diff --git a/crypto/openssl/crypto/asn1/p7_i_s.c b/crypto/openssl/crypto/asn1/p7_i_s.c
new file mode 100644
index 000000000000..7d4b457e0171
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/p7_i_s.c
@@ -0,0 +1,111 @@
+/* crypto/asn1/p7_i_s.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+
+int i2d_PKCS7_ISSUER_AND_SERIAL(PKCS7_ISSUER_AND_SERIAL *a,
+	     unsigned char **pp)
+	{
+	M_ASN1_I2D_vars(a);
+
+	M_ASN1_I2D_len(a->issuer,i2d_X509_NAME);
+	M_ASN1_I2D_len(a->serial,i2d_ASN1_INTEGER);
+
+	M_ASN1_I2D_seq_total();
+
+	M_ASN1_I2D_put(a->issuer,i2d_X509_NAME);
+	M_ASN1_I2D_put(a->serial,i2d_ASN1_INTEGER);
+
+	M_ASN1_I2D_finish();
+	}
+
+PKCS7_ISSUER_AND_SERIAL *d2i_PKCS7_ISSUER_AND_SERIAL(PKCS7_ISSUER_AND_SERIAL **a, unsigned char **pp, long length)
+	{
+	M_ASN1_D2I_vars(a,PKCS7_ISSUER_AND_SERIAL *,PKCS7_ISSUER_AND_SERIAL_new);
+
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get(ret->issuer,d2i_X509_NAME);
+	M_ASN1_D2I_get(ret->serial,d2i_ASN1_INTEGER);
+	M_ASN1_D2I_Finish(a,PKCS7_ISSUER_AND_SERIAL_free,
+		ASN1_F_D2I_PKCS7_ISSUER_AND_SERIAL);
+	}
+
+PKCS7_ISSUER_AND_SERIAL *PKCS7_ISSUER_AND_SERIAL_new(void)
+	{
+	PKCS7_ISSUER_AND_SERIAL *ret=NULL;
+	ASN1_CTX c;
+
+	M_ASN1_New_Malloc(ret,PKCS7_ISSUER_AND_SERIAL);
+	M_ASN1_New(ret->issuer,X509_NAME_new);
+	M_ASN1_New(ret->serial,ASN1_INTEGER_new);
+	return(ret);
+	M_ASN1_New_Error(ASN1_F_PKCS7_ISSUER_AND_SERIAL_NEW);
+	}
+
+void PKCS7_ISSUER_AND_SERIAL_free(PKCS7_ISSUER_AND_SERIAL *a)
+	{
+	if (a == NULL) return;
+	X509_NAME_free(a->issuer);
+	ASN1_INTEGER_free(a->serial);
+	Free((char *)a);
+	}
+
diff --git a/crypto/openssl/crypto/asn1/p7_lib.c b/crypto/openssl/crypto/asn1/p7_lib.c
new file mode 100644
index 000000000000..846be171588a
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/p7_lib.c
@@ -0,0 +1,295 @@
+/* crypto/asn1/p7_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+
+int i2d_PKCS7(PKCS7 *a, unsigned char **pp)
+	{
+	M_ASN1_I2D_vars(a);
+
+	if (a->asn1 != NULL)
+		{
+		if (pp == NULL)
+			return((int)a->length);
+		memcpy(*pp,a->asn1,(int)a->length);
+		*pp+=a->length;
+		return((int)a->length);
+		}
+
+	ret+=4; /* sequence, BER header plus '0 0' end padding */
+	M_ASN1_I2D_len(a->type,i2d_ASN1_OBJECT);
+	if (a->d.ptr != NULL)
+		{
+		ret+=4; /* explicit tag [ 0 ] BER plus '0 0' */
+		switch (OBJ_obj2nid(a->type))
+			{
+		case NID_pkcs7_data:
+			M_ASN1_I2D_len(a->d.data,i2d_ASN1_OCTET_STRING);
+			break;
+		case NID_pkcs7_signed:
+			M_ASN1_I2D_len(a->d.sign,i2d_PKCS7_SIGNED);
+			break;
+		case NID_pkcs7_enveloped:
+			M_ASN1_I2D_len(a->d.enveloped,i2d_PKCS7_ENVELOPE);
+			break;
+		case NID_pkcs7_signedAndEnveloped:
+			M_ASN1_I2D_len(a->d.signed_and_enveloped,
+				i2d_PKCS7_SIGN_ENVELOPE);
+			break;
+		case NID_pkcs7_digest:
+			M_ASN1_I2D_len(a->d.digest,i2d_PKCS7_DIGEST);
+			break;
+		case NID_pkcs7_encrypted:
+			M_ASN1_I2D_len(a->d.encrypted,i2d_PKCS7_ENCRYPT);
+			break;
+		default:
+			break;
+			}
+		}
+	r=ret;
+	if (pp == NULL) return(r);
+	p= *pp;
+	M_ASN1_I2D_INF_seq_start(V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
+	M_ASN1_I2D_put(a->type,i2d_ASN1_OBJECT);
+
+	if (a->d.ptr != NULL)
+		{
+		M_ASN1_I2D_INF_seq_start(0,V_ASN1_CONTEXT_SPECIFIC);
+		switch (OBJ_obj2nid(a->type))
+			{
+		case NID_pkcs7_data:
+			M_ASN1_I2D_put(a->d.data,i2d_ASN1_OCTET_STRING);
+			break;
+		case NID_pkcs7_signed:
+			M_ASN1_I2D_put(a->d.sign,i2d_PKCS7_SIGNED);
+			break;
+		case NID_pkcs7_enveloped:
+			M_ASN1_I2D_put(a->d.enveloped,i2d_PKCS7_ENVELOPE);
+			break;
+		case NID_pkcs7_signedAndEnveloped:
+			M_ASN1_I2D_put(a->d.signed_and_enveloped,
+				i2d_PKCS7_SIGN_ENVELOPE);
+			break;
+		case NID_pkcs7_digest:
+			M_ASN1_I2D_put(a->d.digest,i2d_PKCS7_DIGEST);
+			break;
+		case NID_pkcs7_encrypted:
+			M_ASN1_I2D_put(a->d.encrypted,i2d_PKCS7_ENCRYPT);
+			break;
+		default:
+			break;
+			}
+		M_ASN1_I2D_INF_seq_end();
+		}
+	M_ASN1_I2D_INF_seq_end();
+	M_ASN1_I2D_finish();
+	}
+
+PKCS7 *d2i_PKCS7(PKCS7 **a, unsigned char **pp, long length)
+	{
+	M_ASN1_D2I_vars(a,PKCS7 *,PKCS7_new);
+
+	if ((a != NULL) && ((*a) != NULL))
+		{
+		if ((*a)->asn1 != NULL)
+			{
+			Free((char *)(*a)->asn1);
+			(*a)->asn1=NULL;
+			}
+		(*a)->length=0;
+		}
+
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get(ret->type,d2i_ASN1_OBJECT);
+	if (!M_ASN1_D2I_end_sequence())
+		{
+		int Tinf,Ttag,Tclass;
+		long Tlen;
+
+		if (M_ASN1_next != (V_ASN1_CONSTRUCTED|
+			V_ASN1_CONTEXT_SPECIFIC|0))
+			{
+			c.error=ASN1_R_BAD_PKCS7_CONTENT;
+			c.line=__LINE__;
+			goto err;
+			}
+
+		ret->detached=0;
+
+		c.q=c.p;
+		Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,
+			(c.inf & 1)?(length+ *pp-c.q):c.slen);
+		if (Tinf & 0x80) { c.line=__LINE__; goto err; }
+		c.slen-=(c.p-c.q);
+
+		switch (OBJ_obj2nid(ret->type))
+			{
+		case NID_pkcs7_data:
+			M_ASN1_D2I_get(ret->d.data,d2i_ASN1_OCTET_STRING);
+			break;
+		case NID_pkcs7_signed:
+			M_ASN1_D2I_get(ret->d.sign,d2i_PKCS7_SIGNED);
+			if (ret->d.sign->contents->d.ptr == NULL)
+				ret->detached=1;
+			break;
+		case NID_pkcs7_enveloped:
+			M_ASN1_D2I_get(ret->d.enveloped,d2i_PKCS7_ENVELOPE);
+			break;
+		case NID_pkcs7_signedAndEnveloped:
+			M_ASN1_D2I_get(ret->d.signed_and_enveloped,
+				d2i_PKCS7_SIGN_ENVELOPE);
+			break;
+		case NID_pkcs7_digest:
+			M_ASN1_D2I_get(ret->d.digest,d2i_PKCS7_DIGEST);
+			break;
+		case NID_pkcs7_encrypted:
+			M_ASN1_D2I_get(ret->d.encrypted,d2i_PKCS7_ENCRYPT);
+			break;
+		default:
+			c.error=ASN1_R_BAD_PKCS7_TYPE;
+			c.line=__LINE__;
+			goto err;
+			/* break; */
+			}
+		if (Tinf == (1|V_ASN1_CONSTRUCTED))
+			{
+			if (!ASN1_check_infinite_end(&c.p,c.slen))
+				{
+				c.error=ERR_R_MISSING_ASN1_EOS;
+				c.line=__LINE__;
+				goto err;
+				}
+			}
+		}
+	else
+		ret->detached=1;
+		
+	M_ASN1_D2I_Finish(a,PKCS7_free,ASN1_F_D2I_PKCS7);
+	}
+
+PKCS7 *PKCS7_new(void)
+	{
+	PKCS7 *ret=NULL;
+	ASN1_CTX c;
+
+	M_ASN1_New_Malloc(ret,PKCS7);
+	ret->type=OBJ_nid2obj(NID_undef);
+	ret->asn1=NULL;
+	ret->length=0;
+	ret->detached=0;
+	ret->d.ptr=NULL;
+	return(ret);
+	M_ASN1_New_Error(ASN1_F_PKCS7_NEW);
+	}
+
+void PKCS7_free(PKCS7 *a)
+	{
+	if (a == NULL) return;
+
+	PKCS7_content_free(a);
+	if (a->type != NULL)
+		{
+		ASN1_OBJECT_free(a->type);
+		}
+	Free((char *)(char *)a);
+	}
+
+void PKCS7_content_free(PKCS7 *a)
+	{
+	if(a == NULL)
+	    return;
+
+	if (a->asn1 != NULL) Free((char *)a->asn1);
+
+	if (a->d.ptr != NULL)
+		{
+		if (a->type == NULL) return;
+
+		switch (OBJ_obj2nid(a->type))
+			{
+		case NID_pkcs7_data:
+			ASN1_OCTET_STRING_free(a->d.data);
+			break;
+		case NID_pkcs7_signed:
+			PKCS7_SIGNED_free(a->d.sign);
+			break;
+		case NID_pkcs7_enveloped:
+			PKCS7_ENVELOPE_free(a->d.enveloped);
+			break;
+		case NID_pkcs7_signedAndEnveloped:
+			PKCS7_SIGN_ENVELOPE_free(a->d.signed_and_enveloped);
+			break;
+		case NID_pkcs7_digest:
+			PKCS7_DIGEST_free(a->d.digest);
+			break;
+		case NID_pkcs7_encrypted:
+			PKCS7_ENCRYPT_free(a->d.encrypted);
+			break;
+		default:
+			/* MEMORY LEAK */
+			break;
+			}
+		}
+	a->d.ptr=NULL;
+	}
+
diff --git a/crypto/openssl/crypto/asn1/p7_recip.c b/crypto/openssl/crypto/asn1/p7_recip.c
new file mode 100644
index 000000000000..9fda4f20d497
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/p7_recip.c
@@ -0,0 +1,125 @@
+/* crypto/asn1/p7_recip.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+
+int i2d_PKCS7_RECIP_INFO(PKCS7_RECIP_INFO *a, unsigned char **pp)
+	{
+	M_ASN1_I2D_vars(a);
+
+	M_ASN1_I2D_len(a->version,i2d_ASN1_INTEGER);
+	M_ASN1_I2D_len(a->issuer_and_serial,i2d_PKCS7_ISSUER_AND_SERIAL);
+	M_ASN1_I2D_len(a->key_enc_algor,i2d_X509_ALGOR);
+	M_ASN1_I2D_len(a->enc_key,i2d_ASN1_OCTET_STRING);
+
+	M_ASN1_I2D_seq_total();
+
+	M_ASN1_I2D_put(a->version,i2d_ASN1_INTEGER);
+	M_ASN1_I2D_put(a->issuer_and_serial,i2d_PKCS7_ISSUER_AND_SERIAL);
+	M_ASN1_I2D_put(a->key_enc_algor,i2d_X509_ALGOR);
+	M_ASN1_I2D_put(a->enc_key,i2d_ASN1_OCTET_STRING);
+
+	M_ASN1_I2D_finish();
+	}
+
+PKCS7_RECIP_INFO *d2i_PKCS7_RECIP_INFO(PKCS7_RECIP_INFO **a,
+	     unsigned char **pp, long length)
+	{
+	M_ASN1_D2I_vars(a,PKCS7_RECIP_INFO *,PKCS7_RECIP_INFO_new);
+
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get(ret->version,d2i_ASN1_INTEGER);
+	M_ASN1_D2I_get(ret->issuer_and_serial,d2i_PKCS7_ISSUER_AND_SERIAL);
+	M_ASN1_D2I_get(ret->key_enc_algor,d2i_X509_ALGOR);
+	M_ASN1_D2I_get(ret->enc_key,d2i_ASN1_OCTET_STRING);
+
+	M_ASN1_D2I_Finish(a,PKCS7_RECIP_INFO_free,ASN1_F_D2I_PKCS7_RECIP_INFO);
+	}
+
+PKCS7_RECIP_INFO *PKCS7_RECIP_INFO_new(void)
+	{
+	PKCS7_RECIP_INFO *ret=NULL;
+	ASN1_CTX c;
+
+	M_ASN1_New_Malloc(ret,PKCS7_RECIP_INFO);
+	M_ASN1_New(ret->version,ASN1_INTEGER_new);
+	M_ASN1_New(ret->issuer_and_serial,PKCS7_ISSUER_AND_SERIAL_new);
+	M_ASN1_New(ret->key_enc_algor,X509_ALGOR_new);
+	M_ASN1_New(ret->enc_key,ASN1_OCTET_STRING_new);
+	ret->cert=NULL;
+	return(ret);
+	M_ASN1_New_Error(ASN1_F_PKCS7_RECIP_INFO_NEW);
+	}
+
+void PKCS7_RECIP_INFO_free(PKCS7_RECIP_INFO *a)
+	{
+	if (a == NULL) return;
+	ASN1_INTEGER_free(a->version);
+	PKCS7_ISSUER_AND_SERIAL_free(a->issuer_and_serial);
+	X509_ALGOR_free(a->key_enc_algor);
+	ASN1_OCTET_STRING_free(a->enc_key);
+	if (a->cert != NULL) X509_free(a->cert);
+	Free(a);
+	}
+
+IMPLEMENT_STACK_OF(PKCS7_RECIP_INFO)
+IMPLEMENT_ASN1_SET_OF(PKCS7_RECIP_INFO)
diff --git a/crypto/openssl/crypto/asn1/p7_s_e.c b/crypto/openssl/crypto/asn1/p7_s_e.c
new file mode 100644
index 000000000000..90946695c950
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/p7_s_e.c
@@ -0,0 +1,145 @@
+/* crypto/asn1/p7_s_e.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+
+int i2d_PKCS7_SIGN_ENVELOPE(PKCS7_SIGN_ENVELOPE *a, unsigned char **pp)
+	{
+	M_ASN1_I2D_vars(a);
+
+	M_ASN1_I2D_len(a->version,i2d_ASN1_INTEGER);
+	M_ASN1_I2D_len_SET_type(PKCS7_RECIP_INFO,a->recipientinfo,
+				i2d_PKCS7_RECIP_INFO);
+	M_ASN1_I2D_len_SET_type(X509_ALGOR,a->md_algs,i2d_X509_ALGOR);
+	M_ASN1_I2D_len(a->enc_data,i2d_PKCS7_ENC_CONTENT);
+	M_ASN1_I2D_len_IMP_SEQUENCE_opt_type(X509,a->cert,i2d_X509,0);
+	M_ASN1_I2D_len_IMP_SET_opt_type(X509_CRL,a->crl,i2d_X509_CRL,1);
+	M_ASN1_I2D_len_SET_type(PKCS7_SIGNER_INFO,a->signer_info,
+				i2d_PKCS7_SIGNER_INFO);
+
+	M_ASN1_I2D_seq_total();
+
+	M_ASN1_I2D_put(a->version,i2d_ASN1_INTEGER);
+	M_ASN1_I2D_put_SET_type(PKCS7_RECIP_INFO,a->recipientinfo,
+				i2d_PKCS7_RECIP_INFO);
+	M_ASN1_I2D_put_SET_type(X509_ALGOR,a->md_algs,i2d_X509_ALGOR);
+	M_ASN1_I2D_put(a->enc_data,i2d_PKCS7_ENC_CONTENT);
+	M_ASN1_I2D_put_IMP_SEQUENCE_opt_type(X509,a->cert,i2d_X509,0);
+	M_ASN1_I2D_put_IMP_SET_opt_type(X509_CRL,a->crl,i2d_X509_CRL,1);
+	M_ASN1_I2D_put_SET_type(PKCS7_SIGNER_INFO,a->signer_info,
+				i2d_PKCS7_SIGNER_INFO);
+
+	M_ASN1_I2D_finish();
+	}
+
+PKCS7_SIGN_ENVELOPE *d2i_PKCS7_SIGN_ENVELOPE(PKCS7_SIGN_ENVELOPE **a,
+	     unsigned char **pp, long length)
+	{
+	M_ASN1_D2I_vars(a,PKCS7_SIGN_ENVELOPE *,PKCS7_SIGN_ENVELOPE_new);
+
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get(ret->version,d2i_ASN1_INTEGER);
+	M_ASN1_D2I_get_set_type(PKCS7_RECIP_INFO,ret->recipientinfo,
+				d2i_PKCS7_RECIP_INFO,PKCS7_RECIP_INFO_free);
+	M_ASN1_D2I_get_set_type(X509_ALGOR,ret->md_algs,d2i_X509_ALGOR,
+				X509_ALGOR_free);
+	M_ASN1_D2I_get(ret->enc_data,d2i_PKCS7_ENC_CONTENT);
+	M_ASN1_D2I_get_IMP_set_opt_type(X509,ret->cert,d2i_X509,X509_free,0);
+	M_ASN1_D2I_get_IMP_set_opt_type(X509_CRL,ret->crl,d2i_X509_CRL,
+					X509_CRL_free,1);
+	M_ASN1_D2I_get_set_type(PKCS7_SIGNER_INFO,ret->signer_info,
+				d2i_PKCS7_SIGNER_INFO,PKCS7_SIGNER_INFO_free);
+
+	M_ASN1_D2I_Finish(a,PKCS7_SIGN_ENVELOPE_free,
+		ASN1_F_D2I_PKCS7_SIGN_ENVELOPE);
+	}
+
+PKCS7_SIGN_ENVELOPE *PKCS7_SIGN_ENVELOPE_new(void)
+	{
+	PKCS7_SIGN_ENVELOPE *ret=NULL;
+	ASN1_CTX c;
+
+	M_ASN1_New_Malloc(ret,PKCS7_SIGN_ENVELOPE);
+	M_ASN1_New(ret->version,ASN1_INTEGER_new);
+	M_ASN1_New(ret->recipientinfo,sk_PKCS7_RECIP_INFO_new_null);
+	M_ASN1_New(ret->md_algs,sk_X509_ALGOR_new_null);
+	M_ASN1_New(ret->enc_data,PKCS7_ENC_CONTENT_new);
+	ret->cert=NULL;
+	ret->crl=NULL;
+	M_ASN1_New(ret->signer_info,sk_PKCS7_SIGNER_INFO_new_null);
+	return(ret);
+	M_ASN1_New_Error(ASN1_F_PKCS7_SIGN_ENVELOPE_NEW);
+	}
+
+void PKCS7_SIGN_ENVELOPE_free(PKCS7_SIGN_ENVELOPE *a)
+	{
+	if (a == NULL) return;
+	ASN1_INTEGER_free(a->version);
+	sk_PKCS7_RECIP_INFO_pop_free(a->recipientinfo,PKCS7_RECIP_INFO_free);
+	sk_X509_ALGOR_pop_free(a->md_algs,X509_ALGOR_free);
+	PKCS7_ENC_CONTENT_free(a->enc_data);
+	sk_X509_pop_free(a->cert,X509_free);
+	sk_X509_CRL_pop_free(a->crl,X509_CRL_free);
+	sk_PKCS7_SIGNER_INFO_pop_free(a->signer_info,PKCS7_SIGNER_INFO_free);
+	Free(a);
+	}
+
diff --git a/crypto/openssl/crypto/asn1/p7_signd.c b/crypto/openssl/crypto/asn1/p7_signd.c
new file mode 100644
index 000000000000..74f0f522e15d
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/p7_signd.c
@@ -0,0 +1,135 @@
+/* crypto/asn1/p7_signd.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+
+int i2d_PKCS7_SIGNED(PKCS7_SIGNED *a, unsigned char **pp)
+	{
+	M_ASN1_I2D_vars(a);
+
+	M_ASN1_I2D_len(a->version,i2d_ASN1_INTEGER);
+	M_ASN1_I2D_len_SET_type(X509_ALGOR,a->md_algs,i2d_X509_ALGOR);
+	M_ASN1_I2D_len(a->contents,i2d_PKCS7);
+	M_ASN1_I2D_len_IMP_SEQUENCE_opt_type(X509,a->cert,i2d_X509,0);
+	M_ASN1_I2D_len_IMP_SET_opt_type(X509_CRL,a->crl,i2d_X509_CRL,1);
+	M_ASN1_I2D_len_SET_type(PKCS7_SIGNER_INFO,a->signer_info,
+				i2d_PKCS7_SIGNER_INFO);
+
+	M_ASN1_I2D_seq_total();
+
+	M_ASN1_I2D_put(a->version,i2d_ASN1_INTEGER);
+	M_ASN1_I2D_put_SET_type(X509_ALGOR,a->md_algs,i2d_X509_ALGOR);
+	M_ASN1_I2D_put(a->contents,i2d_PKCS7);
+	M_ASN1_I2D_put_IMP_SEQUENCE_opt_type(X509,a->cert,i2d_X509,0);
+	M_ASN1_I2D_put_IMP_SET_opt_type(X509_CRL,a->crl,i2d_X509_CRL,1);
+	M_ASN1_I2D_put_SET_type(PKCS7_SIGNER_INFO,a->signer_info,
+				i2d_PKCS7_SIGNER_INFO);
+
+	M_ASN1_I2D_finish();
+	}
+
+PKCS7_SIGNED *d2i_PKCS7_SIGNED(PKCS7_SIGNED **a, unsigned char **pp,
+	     long length)
+	{
+	M_ASN1_D2I_vars(a,PKCS7_SIGNED *,PKCS7_SIGNED_new);
+
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get(ret->version,d2i_ASN1_INTEGER);
+	M_ASN1_D2I_get_set_type(X509_ALGOR,ret->md_algs,d2i_X509_ALGOR,
+				X509_ALGOR_free);
+	M_ASN1_D2I_get(ret->contents,d2i_PKCS7);
+	M_ASN1_D2I_get_IMP_set_opt_type(X509,ret->cert,d2i_X509,X509_free,0);
+	M_ASN1_D2I_get_IMP_set_opt_type(X509_CRL,ret->crl,d2i_X509_CRL,
+					X509_CRL_free,1);
+	M_ASN1_D2I_get_set_type(PKCS7_SIGNER_INFO,ret->signer_info,
+				d2i_PKCS7_SIGNER_INFO,PKCS7_SIGNER_INFO_free);
+
+	M_ASN1_D2I_Finish(a,PKCS7_SIGNED_free,ASN1_F_D2I_PKCS7_SIGNED);
+	}
+
+PKCS7_SIGNED *PKCS7_SIGNED_new(void)
+	{
+	PKCS7_SIGNED *ret=NULL;
+	ASN1_CTX c;
+
+	M_ASN1_New_Malloc(ret,PKCS7_SIGNED);
+	M_ASN1_New(ret->version,ASN1_INTEGER_new);
+	M_ASN1_New(ret->md_algs,sk_X509_ALGOR_new_null);
+	M_ASN1_New(ret->contents,PKCS7_new);
+	ret->cert=NULL;
+	ret->crl=NULL;
+	M_ASN1_New(ret->signer_info,sk_PKCS7_SIGNER_INFO_new_null);
+	return(ret);
+	M_ASN1_New_Error(ASN1_F_PKCS7_SIGNED_NEW);
+	}
+
+void PKCS7_SIGNED_free(PKCS7_SIGNED *a)
+	{
+	if (a == NULL) return;
+	ASN1_INTEGER_free(a->version);
+	sk_X509_ALGOR_pop_free(a->md_algs,X509_ALGOR_free);
+	PKCS7_free(a->contents);
+	sk_X509_pop_free(a->cert,X509_free);
+	sk_X509_CRL_pop_free(a->crl,X509_CRL_free);
+	sk_PKCS7_SIGNER_INFO_pop_free(a->signer_info,PKCS7_SIGNER_INFO_free);
+	Free(a);
+	}
diff --git a/crypto/openssl/crypto/asn1/p7_signi.c b/crypto/openssl/crypto/asn1/p7_signi.c
new file mode 100644
index 000000000000..21132ef4ddd7
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/p7_signi.c
@@ -0,0 +1,150 @@
+/* crypto/asn1/p7_signi.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+
+int i2d_PKCS7_SIGNER_INFO(PKCS7_SIGNER_INFO *a, unsigned char **pp)
+	{
+	M_ASN1_I2D_vars(a);
+
+	M_ASN1_I2D_len(a->version,i2d_ASN1_INTEGER);
+	M_ASN1_I2D_len(a->issuer_and_serial,i2d_PKCS7_ISSUER_AND_SERIAL);
+	M_ASN1_I2D_len(a->digest_alg,i2d_X509_ALGOR);
+	M_ASN1_I2D_len_IMP_SET_opt_type(X509_ATTRIBUTE,a->auth_attr,
+					i2d_X509_ATTRIBUTE,0);
+	M_ASN1_I2D_len(a->digest_enc_alg,i2d_X509_ALGOR);
+	M_ASN1_I2D_len(a->enc_digest,i2d_ASN1_OCTET_STRING);
+	M_ASN1_I2D_len_IMP_SET_opt_type(X509_ATTRIBUTE,a->unauth_attr,
+					i2d_X509_ATTRIBUTE,1);
+
+	M_ASN1_I2D_seq_total();
+
+	M_ASN1_I2D_put(a->version,i2d_ASN1_INTEGER);
+	M_ASN1_I2D_put(a->issuer_and_serial,i2d_PKCS7_ISSUER_AND_SERIAL);
+	M_ASN1_I2D_put(a->digest_alg,i2d_X509_ALGOR);
+	M_ASN1_I2D_put_IMP_SET_opt_type(X509_ATTRIBUTE,a->auth_attr,
+					i2d_X509_ATTRIBUTE,0);
+	M_ASN1_I2D_put(a->digest_enc_alg,i2d_X509_ALGOR);
+	M_ASN1_I2D_put(a->enc_digest,i2d_ASN1_OCTET_STRING);
+	M_ASN1_I2D_put_IMP_SET_opt_type(X509_ATTRIBUTE,a->unauth_attr,
+					i2d_X509_ATTRIBUTE,1);
+
+	M_ASN1_I2D_finish();
+	}
+
+PKCS7_SIGNER_INFO *d2i_PKCS7_SIGNER_INFO(PKCS7_SIGNER_INFO **a,
+	     unsigned char **pp, long length)
+	{
+	M_ASN1_D2I_vars(a,PKCS7_SIGNER_INFO *,PKCS7_SIGNER_INFO_new);
+
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get(ret->version,d2i_ASN1_INTEGER);
+	M_ASN1_D2I_get(ret->issuer_and_serial,d2i_PKCS7_ISSUER_AND_SERIAL);
+	M_ASN1_D2I_get(ret->digest_alg,d2i_X509_ALGOR);
+	M_ASN1_D2I_get_IMP_set_opt_type(X509_ATTRIBUTE,ret->auth_attr,
+					d2i_X509_ATTRIBUTE,X509_ATTRIBUTE_free,
+					0);
+	M_ASN1_D2I_get(ret->digest_enc_alg,d2i_X509_ALGOR);
+	M_ASN1_D2I_get(ret->enc_digest,d2i_ASN1_OCTET_STRING);
+	M_ASN1_D2I_get_IMP_set_opt_type(X509_ATTRIBUTE,ret->unauth_attr,
+					d2i_X509_ATTRIBUTE,
+					X509_ATTRIBUTE_free,1);
+
+	M_ASN1_D2I_Finish(a,PKCS7_SIGNER_INFO_free,
+		ASN1_F_D2I_PKCS7_SIGNER_INFO);
+	}
+
+PKCS7_SIGNER_INFO *PKCS7_SIGNER_INFO_new(void)
+	{
+	PKCS7_SIGNER_INFO *ret=NULL;
+	ASN1_CTX c;
+
+	M_ASN1_New_Malloc(ret,PKCS7_SIGNER_INFO);
+	M_ASN1_New(ret->version,ASN1_INTEGER_new);
+	M_ASN1_New(ret->issuer_and_serial,PKCS7_ISSUER_AND_SERIAL_new);
+	M_ASN1_New(ret->digest_alg,X509_ALGOR_new);
+	ret->auth_attr=NULL;
+	M_ASN1_New(ret->digest_enc_alg,X509_ALGOR_new);
+	M_ASN1_New(ret->enc_digest,ASN1_OCTET_STRING_new);
+	ret->unauth_attr=NULL;
+	ret->pkey=NULL;
+	return(ret);
+	M_ASN1_New_Error(ASN1_F_PKCS7_SIGNER_INFO_NEW);
+	}
+
+void PKCS7_SIGNER_INFO_free(PKCS7_SIGNER_INFO *a)
+	{
+	if (a == NULL) return;
+	ASN1_INTEGER_free(a->version);
+	PKCS7_ISSUER_AND_SERIAL_free(a->issuer_and_serial);
+	X509_ALGOR_free(a->digest_alg);
+	sk_X509_ATTRIBUTE_pop_free(a->auth_attr,X509_ATTRIBUTE_free);
+	X509_ALGOR_free(a->digest_enc_alg);
+	ASN1_OCTET_STRING_free(a->enc_digest);
+	sk_X509_ATTRIBUTE_pop_free(a->unauth_attr,X509_ATTRIBUTE_free);
+	if (a->pkey != NULL)
+		EVP_PKEY_free(a->pkey);
+	Free((char *)a);
+	}
+
+IMPLEMENT_STACK_OF(PKCS7_SIGNER_INFO)
+IMPLEMENT_ASN1_SET_OF(PKCS7_SIGNER_INFO)
diff --git a/crypto/openssl/crypto/asn1/p8_pkey.c b/crypto/openssl/crypto/asn1/p8_pkey.c
new file mode 100644
index 000000000000..aa9a4f6c9684
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/p8_pkey.c
@@ -0,0 +1,129 @@
+/* p8_pkey.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+
+int i2d_PKCS8_PRIV_KEY_INFO (PKCS8_PRIV_KEY_INFO *a, unsigned char **pp)
+{
+
+	M_ASN1_I2D_vars(a);
+
+	M_ASN1_I2D_len (a->version, i2d_ASN1_INTEGER);
+	M_ASN1_I2D_len (a->pkeyalg, i2d_X509_ALGOR);
+	M_ASN1_I2D_len (a->pkey, i2d_ASN1_TYPE);
+	M_ASN1_I2D_len_IMP_SET_opt_type (X509_ATTRIBUTE, a->attributes,
+					 i2d_X509_ATTRIBUTE, 0);
+	
+	M_ASN1_I2D_seq_total ();
+
+	M_ASN1_I2D_put (a->version, i2d_ASN1_INTEGER);
+	M_ASN1_I2D_put (a->pkeyalg, i2d_X509_ALGOR);
+	M_ASN1_I2D_put (a->pkey, i2d_ASN1_TYPE);
+	M_ASN1_I2D_put_IMP_SET_opt_type (X509_ATTRIBUTE, a->attributes,
+					 i2d_X509_ATTRIBUTE, 0);
+
+	M_ASN1_I2D_finish();
+}
+
+PKCS8_PRIV_KEY_INFO *PKCS8_PRIV_KEY_INFO_new(void)
+{
+	PKCS8_PRIV_KEY_INFO *ret=NULL;
+	ASN1_CTX c;
+	M_ASN1_New_Malloc(ret, PKCS8_PRIV_KEY_INFO);
+	M_ASN1_New (ret->version, ASN1_INTEGER_new);
+	M_ASN1_New (ret->pkeyalg, X509_ALGOR_new);
+	M_ASN1_New (ret->pkey, ASN1_TYPE_new);
+	ret->attributes = NULL;
+	ret->broken = PKCS8_OK;
+	return (ret);
+	M_ASN1_New_Error(ASN1_F_PKCS8_PRIV_KEY_INFO_NEW);
+}
+
+PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO(PKCS8_PRIV_KEY_INFO **a,
+	     unsigned char **pp, long length)
+{
+	M_ASN1_D2I_vars(a,PKCS8_PRIV_KEY_INFO *,PKCS8_PRIV_KEY_INFO_new);
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get (ret->version, d2i_ASN1_INTEGER);
+	M_ASN1_D2I_get (ret->pkeyalg, d2i_X509_ALGOR);
+	M_ASN1_D2I_get (ret->pkey, d2i_ASN1_TYPE);
+	M_ASN1_D2I_get_IMP_set_opt_type(X509_ATTRIBUTE, ret->attributes,
+					d2i_X509_ATTRIBUTE,
+					X509_ATTRIBUTE_free, 0);
+	if (ASN1_TYPE_get(ret->pkey) == V_ASN1_SEQUENCE) 
+						ret->broken = PKCS8_NO_OCTET;
+	M_ASN1_D2I_Finish(a, PKCS8_PRIV_KEY_INFO_free, ASN1_F_D2I_PKCS8_PRIV_KEY_INFO);
+}
+
+void PKCS8_PRIV_KEY_INFO_free (PKCS8_PRIV_KEY_INFO *a)
+{
+	if (a == NULL) return;
+	ASN1_INTEGER_free (a->version);
+	X509_ALGOR_free(a->pkeyalg);
+	/* Clear sensitive data */
+	if (a->pkey->value.octet_string)
+		memset (a->pkey->value.octet_string->data,
+				 0, a->pkey->value.octet_string->length);
+	ASN1_TYPE_free (a->pkey);
+	sk_X509_ATTRIBUTE_pop_free (a->attributes, X509_ATTRIBUTE_free);
+	Free (a);
+}
diff --git a/crypto/openssl/crypto/asn1/pkcs8.c b/crypto/openssl/crypto/asn1/pkcs8.c
new file mode 100644
index 000000000000..29c4ea6a296c
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/pkcs8.c
@@ -0,0 +1,131 @@
+/* crypto/asn1/pkcs8.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+
+int i2d_X509_KEY(X509 *a, unsigned char **pp)
+	{
+	M_ASN1_I2D_vars(a);
+
+	M_ASN1_I2D_len(a->cert_info,	i2d_X509_CINF);
+	M_ASN1_I2D_len(a->sig_alg,	i2d_X509_ALGOR);
+	M_ASN1_I2D_len(a->signature,	i2d_ASN1_BIT_STRING);
+
+	M_ASN1_I2D_seq_total();
+
+	M_ASN1_I2D_put(a->cert_info,	i2d_X509_CINF);
+	M_ASN1_I2D_put(a->sig_alg,	i2d_X509_ALGOR);
+	M_ASN1_I2D_put(a->signature,	i2d_ASN1_BIT_STRING);
+
+	M_ASN1_I2D_finish();
+	}
+
+X509 *d2i_X509_KEY(X509 **a, unsigned char **pp, long length)
+	{
+	M_ASN1_D2I_vars(a,X509 *,X509_new);
+
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get(ret->cert_info,d2i_X509_CINF);
+	M_ASN1_D2I_get(ret->sig_alg,d2i_X509_ALGOR);
+	M_ASN1_D2I_get(ret->signature,d2i_ASN1_BIT_STRING);
+	M_ASN1_D2I_Finish(a,X509_free,ASN1_F_D2I_X509);
+	}
+
+X509 *X509_KEY_new(void)
+	{
+	X509_KEY *ret=NULL;
+
+	M_ASN1_New_Malloc(ret,X509_KEY);
+	ret->references=1;
+	ret->type=NID
+	M_ASN1_New(ret->cert_info,X509_CINF_new);
+	M_ASN1_New(ret->sig_alg,X509_ALGOR_new);
+	M_ASN1_New(ret->signature,ASN1_BIT_STRING_new);
+	return(ret);
+	M_ASN1_New_Error(ASN1_F_X509_NEW);
+	}
+
+void X509_KEY_free(X509 *a)
+	{
+	int i;
+
+	if (a == NULL) return;
+
+	i=CRYPTO_add_lock(&a->references,-1,CRYPTO_LOCK_X509_KEY);
+#ifdef REF_PRINT
+	REF_PRINT("X509_KEY",a);
+#endif
+	if (i > 0) return;
+#ifdef REF_CHECK
+	if (i < 0)
+		{
+		fprintf(stderr,"X509_KEY_free, bad reference count\n");
+		abort();
+		}
+#endif
+
+	X509_CINF_free(a->cert_info);
+	X509_ALGOR_free(a->sig_alg);
+	ASN1_BIT_STRING_free(a->signature);
+	Free((char *)a);
+	}
+
diff --git a/crypto/openssl/crypto/asn1/t_crl.c b/crypto/openssl/crypto/asn1/t_crl.c
new file mode 100644
index 000000000000..c2e447ce6ff3
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/t_crl.c
@@ -0,0 +1,166 @@
+/* t_crl.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+#include 
+#include 
+
+static void ext_print(BIO *out, X509_EXTENSION *ex);
+#ifndef NO_FP_API
+int X509_CRL_print_fp(FILE *fp, X509_CRL *x)
+        {
+        BIO *b;
+        int ret;
+
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+		{
+		X509err(X509_F_X509_PRINT_FP,ERR_R_BUF_LIB);
+                return(0);
+		}
+        BIO_set_fp(b,fp,BIO_NOCLOSE);
+        ret=X509_CRL_print(b, x);
+        BIO_free(b);
+        return(ret);
+        }
+#endif
+
+int X509_CRL_print(BIO *out, X509_CRL *x)
+{
+	char buf[256];
+	unsigned char *s;
+	STACK_OF(X509_REVOKED) *rev;
+	X509_REVOKED *r;
+	long l;
+	int i, j, n;
+
+	BIO_printf(out, "Certificate Revocation List (CRL):\n");
+	l = X509_CRL_get_version(x);
+	BIO_printf(out, "%8sVersion %lu (0x%lx)\n", "", l+1, l);
+	i = OBJ_obj2nid(x->sig_alg->algorithm);
+	BIO_printf(out, "%8sSignature Algorithm: %s\n", "",
+				 (i == NID_undef) ? "NONE" : OBJ_nid2ln(i));
+	X509_NAME_oneline(X509_CRL_get_issuer(x),buf,256);
+	BIO_printf(out,"%8sIssuer: %s\n","",buf);
+	BIO_printf(out,"%8sLast Update: ","");
+	ASN1_TIME_print(out,X509_CRL_get_lastUpdate(x));
+	BIO_printf(out,"\n%8sNext Update: ","");
+	if (X509_CRL_get_nextUpdate(x))
+		 ASN1_TIME_print(out,X509_CRL_get_nextUpdate(x));
+	else BIO_printf(out,"NONE");
+	BIO_printf(out,"\n");
+
+	n=X509_CRL_get_ext_count(x);
+	if (n > 0) {
+		BIO_printf(out,"%8sCRL extensions:\n","");
+		for (i=0; iserialNumber);
+		BIO_printf(out,"\n        Revocation Date: ","");
+		ASN1_TIME_print(out,r->revocationDate);
+		BIO_printf(out,"\n");
+		for(j = 0; j < X509_REVOKED_get_ext_count(r); j++)
+				ext_print(out, X509_REVOKED_get_ext(r, j));
+	}
+
+	i=OBJ_obj2nid(x->sig_alg->algorithm);
+	BIO_printf(out,"    Signature Algorithm: %s",
+				(i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i));
+
+	s = x->signature->data;
+	n = x->signature->length;
+	for (i=0; ivalue);
+	}
+	BIO_write(out,"\n",1);
+}
diff --git a/crypto/openssl/crypto/asn1/t_pkey.c b/crypto/openssl/crypto/asn1/t_pkey.c
new file mode 100644
index 000000000000..0dc6e30c3dd4
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/t_pkey.c
@@ -0,0 +1,361 @@
+/* crypto/asn1/t_pkey.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#ifndef NO_RSA
+#include 
+#endif
+#ifndef NO_DH
+#include 
+#endif
+#ifndef NO_DSA
+#include 
+#endif
+
+static int print(BIO *fp,const char *str,BIGNUM *num,
+		unsigned char *buf,int off);
+#ifndef NO_RSA
+#ifndef NO_FP_API
+int RSA_print_fp(FILE *fp, RSA *x, int off)
+        {
+        BIO *b;
+        int ret;
+
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+		{
+		RSAerr(RSA_F_RSA_PRINT_FP,ERR_R_BUF_LIB);
+                return(0);
+		}
+        BIO_set_fp(b,fp,BIO_NOCLOSE);
+        ret=RSA_print(b,x,off);
+        BIO_free(b);
+        return(ret);
+        }
+#endif
+
+int RSA_print(BIO *bp, RSA *x, int off)
+	{
+	char str[128];
+	const char *s;
+	unsigned char *m=NULL;
+	int i,ret=0;
+
+	i=RSA_size(x);
+	m=(unsigned char *)Malloc((unsigned int)i+10);
+	if (m == NULL)
+		{
+		RSAerr(RSA_F_RSA_PRINT,ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+
+	if (off)
+		{
+		if (off > 128) off=128;
+		memset(str,' ',off);
+		}
+	if (x->d != NULL)
+		{
+		if (off && (BIO_write(bp,str,off) <= 0)) goto err;
+		if (BIO_printf(bp,"Private-Key: (%d bit)\n",BN_num_bits(x->n))
+			<= 0) goto err;
+		}
+
+	if (x->d == NULL)
+		sprintf(str,"Modulus (%d bit):",BN_num_bits(x->n));
+	else
+		strcpy(str,"modulus:");
+	if (!print(bp,str,x->n,m,off)) goto err;
+	s=(x->d == NULL)?"Exponent:":"publicExponent:";
+	if (!print(bp,s,x->e,m,off)) goto err;
+	if (!print(bp,"privateExponent:",x->d,m,off)) goto err;
+	if (!print(bp,"prime1:",x->p,m,off)) goto err;
+	if (!print(bp,"prime2:",x->q,m,off)) goto err;
+	if (!print(bp,"exponent1:",x->dmp1,m,off)) goto err;
+	if (!print(bp,"exponent2:",x->dmq1,m,off)) goto err;
+	if (!print(bp,"coefficient:",x->iqmp,m,off)) goto err;
+	ret=1;
+err:
+	if (m != NULL) Free((char *)m);
+	return(ret);
+	}
+#endif /* NO_RSA */
+
+#ifndef NO_DSA
+#ifndef NO_FP_API
+int DSA_print_fp(FILE *fp, DSA *x, int off)
+	{
+	BIO *b;
+	int ret;
+
+	if ((b=BIO_new(BIO_s_file())) == NULL)
+		{
+		DSAerr(DSA_F_DSA_PRINT_FP,ERR_R_BUF_LIB);
+		return(0);
+		}
+	BIO_set_fp(b,fp,BIO_NOCLOSE);
+	ret=DSA_print(b,x,off);
+	BIO_free(b);
+	return(ret);
+	}
+#endif
+
+int DSA_print(BIO *bp, DSA *x, int off)
+	{
+	char str[128];
+	unsigned char *m=NULL;
+	int i,ret=0;
+	BIGNUM *bn=NULL;
+
+	if (x->p != NULL)
+		bn=x->p;
+	else if (x->priv_key != NULL)
+		bn=x->priv_key;
+	else if (x->pub_key != NULL)
+		bn=x->pub_key;
+		
+	/* larger than needed but what the hell :-) */
+	if (bn != NULL)
+		i=BN_num_bytes(bn)*2;
+	else
+		i=256;
+	m=(unsigned char *)Malloc((unsigned int)i+10);
+	if (m == NULL)
+		{
+		DSAerr(DSA_F_DSA_PRINT,ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+
+	if (off)
+		{
+		if (off > 128) off=128;
+		memset(str,' ',off);
+		}
+	if (x->priv_key != NULL)
+		{
+		if (off && (BIO_write(bp,str,off) <= 0)) goto err;
+		if (BIO_printf(bp,"Private-Key: (%d bit)\n",BN_num_bits(x->p))
+			<= 0) goto err;
+		}
+
+	if ((x->priv_key != NULL) && !print(bp,"priv:",x->priv_key,m,off))
+		goto err;
+	if ((x->pub_key  != NULL) && !print(bp,"pub: ",x->pub_key,m,off))
+		goto err;
+	if ((x->p != NULL) && !print(bp,"P:   ",x->p,m,off)) goto err;
+	if ((x->q != NULL) && !print(bp,"Q:   ",x->q,m,off)) goto err;
+	if ((x->g != NULL) && !print(bp,"G:   ",x->g,m,off)) goto err;
+	ret=1;
+err:
+	if (m != NULL) Free((char *)m);
+	return(ret);
+	}
+#endif /* !NO_DSA */
+
+static int print(BIO *bp, const char *number, BIGNUM *num, unsigned char *buf,
+	     int off)
+	{
+	int n,i;
+	char str[128];
+	const char *neg;
+
+	if (num == NULL) return(1);
+	neg=(num->neg)?"-":"";
+	if (off)
+		{
+		if (off > 128) off=128;
+		memset(str,' ',off);
+		if (BIO_write(bp,str,off) <= 0) return(0);
+		}
+
+	if (BN_num_bytes(num) <= BN_BYTES)
+		{
+		if (BIO_printf(bp,"%s %s%lu (%s0x%lx)\n",number,neg,
+			(unsigned long)num->d[0],neg,(unsigned long)num->d[0])
+			<= 0) return(0);
+		}
+	else
+		{
+		buf[0]=0;
+		if (BIO_printf(bp,"%s%s",number,
+			(neg[0] == '-')?" (Negative)":"") <= 0)
+			return(0);
+		n=BN_bn2bin(num,&buf[1]);
+	
+		if (buf[1] & 0x80)
+			n++;
+		else	buf++;
+
+		for (i=0; ip);
+	m=(unsigned char *)Malloc((unsigned int)i+10);
+	if (m == NULL)
+		{
+		reason=ERR_R_MALLOC_FAILURE;
+		goto err;
+		}
+
+	if (BIO_printf(bp,"Diffie-Hellman-Parameters: (%d bit)\n",
+		BN_num_bits(x->p)) <= 0)
+		goto err;
+	if (!print(bp,"prime:",x->p,m,4)) goto err;
+	if (!print(bp,"generator:",x->g,m,4)) goto err;
+	if (x->length != 0)
+		{
+		if (BIO_printf(bp,"    recomented-private-length: %d bits\n",
+			(int)x->length) <= 0) goto err;
+		}
+	ret=1;
+	if (0)
+		{
+err:
+		DHerr(DH_F_DHPARAMS_PRINT,reason);
+		}
+	if (m != NULL) Free((char *)m);
+	return(ret);
+	}
+#endif
+
+#ifndef NO_DSA
+#ifndef NO_FP_API
+int DSAparams_print_fp(FILE *fp, DSA *x)
+        {
+        BIO *b;
+        int ret;
+
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+		{
+		DSAerr(DSA_F_DSAPARAMS_PRINT_FP,ERR_R_BUF_LIB);
+                return(0);
+		}
+        BIO_set_fp(b,fp,BIO_NOCLOSE);
+        ret=DSAparams_print(b, x);
+        BIO_free(b);
+        return(ret);
+        }
+#endif
+
+int DSAparams_print(BIO *bp, DSA *x)
+	{
+	unsigned char *m=NULL;
+	int reason=ERR_R_BUF_LIB,i,ret=0;
+
+	i=BN_num_bytes(x->p);
+	m=(unsigned char *)Malloc((unsigned int)i+10);
+	if (m == NULL)
+		{
+		reason=ERR_R_MALLOC_FAILURE;
+		goto err;
+		}
+
+	if (BIO_printf(bp,"DSA-Parameters: (%d bit)\n",
+		BN_num_bits(x->p)) <= 0)
+		goto err;
+	if (!print(bp,"p:",x->p,m,4)) goto err;
+	if (!print(bp,"q:",x->q,m,4)) goto err;
+	if (!print(bp,"g:",x->g,m,4)) goto err;
+	ret=1;
+err:
+	if (m != NULL) Free((char *)m);
+	DSAerr(DSA_F_DSAPARAMS_PRINT,reason);
+	return(ret);
+	}
+
+#endif /* !NO_DSA */
+
diff --git a/crypto/openssl/crypto/asn1/t_req.c b/crypto/openssl/crypto/asn1/t_req.c
new file mode 100644
index 000000000000..bdd749436ab9
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/t_req.c
@@ -0,0 +1,226 @@
+/* crypto/asn1/t_req.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+#include 
+
+#ifndef NO_FP_API
+int X509_REQ_print_fp(FILE *fp, X509_REQ *x)
+        {
+        BIO *b;
+        int ret;
+
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+		{
+		X509err(X509_F_X509_REQ_PRINT_FP,ERR_R_BUF_LIB);
+                return(0);
+		}
+        BIO_set_fp(b,fp,BIO_NOCLOSE);
+        ret=X509_REQ_print(b, x);
+        BIO_free(b);
+        return(ret);
+        }
+#endif
+
+int X509_REQ_print(BIO *bp, X509_REQ *x)
+	{
+	unsigned long l;
+	int i,n;
+	char *s;
+	const char *neg;
+	X509_REQ_INFO *ri;
+	EVP_PKEY *pkey;
+	STACK_OF(X509_ATTRIBUTE) *sk;
+	char str[128];
+
+	ri=x->req_info;
+	sprintf(str,"Certificate Request:\n");
+	if (BIO_puts(bp,str) <= 0) goto err;
+	sprintf(str,"%4sData:\n","");
+	if (BIO_puts(bp,str) <= 0) goto err;
+
+	neg=(ri->version->type == V_ASN1_NEG_INTEGER)?"-":"";
+	l=0;
+	for (i=0; iversion->length; i++)
+		{ l<<=8; l+=ri->version->data[i]; }
+	sprintf(str,"%8sVersion: %s%lu (%s0x%lx)\n","",neg,l,neg,l);
+	if (BIO_puts(bp,str) <= 0) goto err;
+	sprintf(str,"%8sSubject: ","");
+	if (BIO_puts(bp,str) <= 0) goto err;
+
+	X509_NAME_print(bp,ri->subject,16);
+	sprintf(str,"\n%8sSubject Public Key Info:\n","");
+	if (BIO_puts(bp,str) <= 0) goto err;
+	i=OBJ_obj2nid(ri->pubkey->algor->algorithm);
+	sprintf(str,"%12sPublic Key Algorithm: %s\n","",
+		(i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i));
+	if (BIO_puts(bp,str) <= 0) goto err;
+
+	pkey=X509_REQ_get_pubkey(x);
+#ifndef NO_RSA
+	if (pkey->type == EVP_PKEY_RSA)
+		{
+		BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","",
+			BN_num_bits(pkey->pkey.rsa->n));
+		RSA_print(bp,pkey->pkey.rsa,16);
+		}
+	else 
+#endif
+#ifndef NO_DSA
+		if (pkey->type == EVP_PKEY_DSA)
+		{
+		BIO_printf(bp,"%12sDSA Public Key:\n","");
+		DSA_print(bp,pkey->pkey.dsa,16);
+		}
+	else
+#endif
+		BIO_printf(bp,"%12sUnknown Public Key:\n","");
+
+	EVP_PKEY_free(pkey);
+
+	/* may not be */
+	sprintf(str,"%8sAttributes:\n","");
+	if (BIO_puts(bp,str) <= 0) goto err;
+
+	sk=x->req_info->attributes;
+	if ((sk == NULL) || (sk_X509_ATTRIBUTE_num(sk) == 0))
+		{
+		if (!x->req_info->req_kludge)
+			{
+			sprintf(str,"%12sa0:00\n","");
+			if (BIO_puts(bp,str) <= 0) goto err;
+			}
+		}
+	else
+		{
+		for (i=0; iobject)) > 0)
+			{
+			if (a->set)
+				{
+				ii=0;
+				count=sk_ASN1_TYPE_num(a->value.set);
+get_next:
+				at=sk_ASN1_TYPE_value(a->value.set,ii);
+				type=at->type;
+				bs=at->value.asn1_string;
+				}
+			else
+				{
+				t=a->value.single;
+				type=t->type;
+				bs=t->value.bit_string;
+				}
+			}
+			for (j=25-j; j>0; j--)
+				if (BIO_write(bp," ",1) != 1) goto err;
+			if (BIO_puts(bp,":") <= 0) goto err;
+			if (	(type == V_ASN1_PRINTABLESTRING) ||
+				(type == V_ASN1_T61STRING) ||
+				(type == V_ASN1_IA5STRING))
+				{
+				if (BIO_write(bp,(char *)bs->data,bs->length)
+					!= bs->length)
+					goto err;
+				BIO_puts(bp,"\n");
+				}
+			else
+				{
+				BIO_puts(bp,"unable to print attribute\n");
+				}
+			if (++ii < count) goto get_next;
+			}
+		}
+
+	i=OBJ_obj2nid(x->sig_alg->algorithm);
+	sprintf(str,"%4sSignature Algorithm: %s","",
+		(i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i));
+	if (BIO_puts(bp,str) <= 0) goto err;
+
+	n=x->signature->length;
+	s=(char *)x->signature->data;
+	for (i=0; i
+#include "cryptlib.h"
+#include 
+#include 
+#ifndef NO_RSA
+#include 
+#endif
+#ifndef NO_DSA
+#include 
+#endif
+#include 
+#include 
+#include 
+
+#ifndef NO_FP_API
+int X509_print_fp(FILE *fp, X509 *x)
+        {
+        BIO *b;
+        int ret;
+
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+		{
+		X509err(X509_F_X509_PRINT_FP,ERR_R_BUF_LIB);
+                return(0);
+		}
+        BIO_set_fp(b,fp,BIO_NOCLOSE);
+        ret=X509_print(b, x);
+        BIO_free(b);
+        return(ret);
+        }
+#endif
+
+int X509_print(BIO *bp, X509 *x)
+	{
+	long l;
+	int ret=0,i,j,n;
+	char *m=NULL,*s;
+	X509_CINF *ci;
+	ASN1_INTEGER *bs;
+	EVP_PKEY *pkey=NULL;
+	const char *neg;
+	X509_EXTENSION *ex;
+	ASN1_STRING *str=NULL;
+
+	ci=x->cert_info;
+	if (BIO_write(bp,"Certificate:\n",13) <= 0) goto err;
+	if (BIO_write(bp,"    Data:\n",10) <= 0) goto err;
+	l=X509_get_version(x);
+	if (BIO_printf(bp,"%8sVersion: %lu (0x%lx)\n","",l+1,l) <= 0) goto err;
+	if (BIO_write(bp,"        Serial Number:",22) <= 0) goto err;
+
+	bs=X509_get_serialNumber(x);
+	if (bs->length <= 4)
+		{
+		l=ASN1_INTEGER_get(bs);
+		if (l < 0)
+			{
+			l= -l;
+			neg="-";
+			}
+		else
+			neg="";
+		if (BIO_printf(bp," %s%lu (%s0x%lx)\n",neg,l,neg,l) <= 0)
+			goto err;
+		}
+	else
+		{
+		neg=(bs->type == V_ASN1_NEG_INTEGER)?" (Negative)":"";
+		if (BIO_printf(bp,"\n%12s%s","",neg) <= 0) goto err;
+
+		for (i=0; ilength; i++)
+			{
+			if (BIO_printf(bp,"%02x%c",bs->data[i],
+				((i+1 == bs->length)?'\n':':')) <= 0)
+				goto err;
+			}
+		}
+
+	i=OBJ_obj2nid(ci->signature->algorithm);
+	if (BIO_printf(bp,"%8sSignature Algorithm: %s\n","",
+		(i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)) <= 0)
+		goto err;
+
+	if (BIO_write(bp,"        Issuer: ",16) <= 0) goto err;
+	if (!X509_NAME_print(bp,X509_get_issuer_name(x),16)) goto err;
+	if (BIO_write(bp,"\n        Validity\n",18) <= 0) goto err;
+	if (BIO_write(bp,"            Not Before: ",24) <= 0) goto err;
+	if (!ASN1_TIME_print(bp,X509_get_notBefore(x))) goto err;
+	if (BIO_write(bp,"\n            Not After : ",25) <= 0) goto err;
+	if (!ASN1_TIME_print(bp,X509_get_notAfter(x))) goto err;
+	if (BIO_write(bp,"\n        Subject: ",18) <= 0) goto err;
+	if (!X509_NAME_print(bp,X509_get_subject_name(x),16)) goto err;
+	if (BIO_write(bp,"\n        Subject Public Key Info:\n",34) <= 0)
+		goto err;
+	i=OBJ_obj2nid(ci->key->algor->algorithm);
+	if (BIO_printf(bp,"%12sPublic Key Algorithm: %s\n","",
+		(i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)) <= 0) goto err;
+
+	pkey=X509_get_pubkey(x);
+	if (pkey == NULL)
+		{
+		BIO_printf(bp,"%12sUnable to load Public Key\n","");
+		ERR_print_errors(bp);
+		}
+	else
+#ifndef NO_RSA
+	if (pkey->type == EVP_PKEY_RSA)
+		{
+		BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","",
+		BN_num_bits(pkey->pkey.rsa->n));
+		RSA_print(bp,pkey->pkey.rsa,16);
+		}
+	else
+#endif
+#ifndef NO_DSA
+	if (pkey->type == EVP_PKEY_DSA)
+		{
+		BIO_printf(bp,"%12sDSA Public Key:\n","");
+		DSA_print(bp,pkey->pkey.dsa,16);
+		}
+	else
+#endif
+		BIO_printf(bp,"%12sUnknown Public Key:\n","");
+
+	EVP_PKEY_free(pkey);
+
+	n=X509_get_ext_count(x);
+	if (n > 0)
+		{
+		BIO_printf(bp,"%8sX509v3 extensions:\n","");
+		for (i=0; ivalue);
+				}
+			if (BIO_write(bp,"\n",1) <= 0) goto err;
+			}
+		}
+
+	i=OBJ_obj2nid(x->sig_alg->algorithm);
+	if (BIO_printf(bp,"%4sSignature Algorithm: %s","",
+		(i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)) <= 0) goto err;
+
+	n=x->signature->length;
+	s=(char *)x->signature->data;
+	for (i=0; idata;
+	for (i=0; ilength; i++)
+		{
+		if ((p[i] > '~') || ((p[i] < ' ') &&
+			(p[i] != '\n') && (p[i] != '\r')))
+			buf[n]='.';
+		else
+			buf[n]=p[i];
+		n++;
+		if (n >= 80)
+			{
+			if (BIO_write(bp,buf,n) <= 0)
+				return(0);
+			n=0;
+			}
+		}
+	if (n > 0)
+		if (BIO_write(bp,buf,n) <= 0)
+			return(0);
+	return(1);
+	}
+
+int ASN1_TIME_print(BIO *bp, ASN1_TIME *tm)
+{
+	if(tm->type == V_ASN1_UTCTIME) return ASN1_UTCTIME_print(bp, tm);
+	if(tm->type == V_ASN1_GENERALIZEDTIME)
+				return ASN1_GENERALIZEDTIME_print(bp, tm);
+	BIO_write(bp,"Bad time value",14);
+	return(0);
+}
+
+static const char *mon[12]=
+    {
+    "Jan","Feb","Mar","Apr","May","Jun",
+    "Jul","Aug","Sep","Oct","Nov","Dec"
+    };
+
+int ASN1_GENERALIZEDTIME_print(BIO *bp, ASN1_GENERALIZEDTIME *tm)
+	{
+	char *v;
+	int gmt=0;
+	int i;
+	int y=0,M=0,d=0,h=0,m=0,s=0;
+
+	i=tm->length;
+	v=(char *)tm->data;
+
+	if (i < 12) goto err;
+	if (v[i-1] == 'Z') gmt=1;
+	for (i=0; i<12; i++)
+		if ((v[i] > '9') || (v[i] < '0')) goto err;
+	y= (v[0]-'0')*1000+(v[1]-'0')*100 + (v[2]-'0')*10+(v[3]-'0');
+	M= (v[4]-'0')*10+(v[5]-'0');
+	if ((M > 12) || (M < 1)) goto err;
+	d= (v[6]-'0')*10+(v[7]-'0');
+	h= (v[8]-'0')*10+(v[9]-'0');
+	m=  (v[10]-'0')*10+(v[11]-'0');
+	if (	(v[12] >= '0') && (v[12] <= '9') &&
+		(v[13] >= '0') && (v[13] <= '9'))
+		s=  (v[12]-'0')*10+(v[13]-'0');
+
+	if (BIO_printf(bp,"%s %2d %02d:%02d:%02d %d%s",
+		mon[M-1],d,h,m,s,y,(gmt)?" GMT":"") <= 0)
+		return(0);
+	else
+		return(1);
+err:
+	BIO_write(bp,"Bad time value",14);
+	return(0);
+	}
+
+int ASN1_UTCTIME_print(BIO *bp, ASN1_UTCTIME *tm)
+	{
+	char *v;
+	int gmt=0;
+	int i;
+	int y=0,M=0,d=0,h=0,m=0,s=0;
+
+	i=tm->length;
+	v=(char *)tm->data;
+
+	if (i < 10) goto err;
+	if (v[i-1] == 'Z') gmt=1;
+	for (i=0; i<10; i++)
+		if ((v[i] > '9') || (v[i] < '0')) goto err;
+	y= (v[0]-'0')*10+(v[1]-'0');
+	if (y < 50) y+=100;
+	M= (v[2]-'0')*10+(v[3]-'0');
+	if ((M > 12) || (M < 1)) goto err;
+	d= (v[4]-'0')*10+(v[5]-'0');
+	h= (v[6]-'0')*10+(v[7]-'0');
+	m=  (v[8]-'0')*10+(v[9]-'0');
+	if (	(v[10] >= '0') && (v[10] <= '9') &&
+		(v[11] >= '0') && (v[11] <= '9'))
+		s=  (v[10]-'0')*10+(v[11]-'0');
+
+	if (BIO_printf(bp,"%s %2d %02d:%02d:%02d %d%s",
+		mon[M-1],d,h,m,s,y+1900,(gmt)?" GMT":"") <= 0)
+		return(0);
+	else
+		return(1);
+err:
+	BIO_write(bp,"Bad time value",14);
+	return(0);
+	}
+
+int X509_NAME_print(BIO *bp, X509_NAME *name, int obase)
+	{
+	char *s,*c;
+	int ret=0,l,ll,i,first=1;
+	char buf[256];
+
+	ll=80-2-obase;
+
+	s=X509_NAME_oneline(name,buf,256);
+	s++; /* skip the first slash */
+
+	l=ll;
+	c=s;
+	for (;;)
+		{
+#ifndef CHARSET_EBCDIC
+		if (	((*s == '/') &&
+				((s[1] >= 'A') && (s[1] <= 'Z') && (
+					(s[2] == '=') ||
+					((s[2] >= 'A') && (s[2] <= 'Z') &&
+					(s[3] == '='))
+				 ))) ||
+			(*s == '\0'))
+#else
+		if (	((*s == '/') &&
+				(isupper(s[1]) && (
+					(s[2] == '=') ||
+					(isupper(s[2]) &&
+					(s[3] == '='))
+				 ))) ||
+			(*s == '\0'))
+#endif
+			{
+			if ((l <= 0) && !first)
+				{
+				first=0;
+				if (BIO_write(bp,"\n",1) != 1) goto err;
+				for (i=0; i
+#include "cryptlib.h"
+#include 
+#include 
+
+int i2d_X509_ALGOR(X509_ALGOR *a, unsigned char **pp)
+	{
+	M_ASN1_I2D_vars(a);
+
+	M_ASN1_I2D_len(a->algorithm,i2d_ASN1_OBJECT);
+	if (a->parameter != NULL)
+		{ M_ASN1_I2D_len(a->parameter,i2d_ASN1_TYPE); }
+
+	M_ASN1_I2D_seq_total();
+	M_ASN1_I2D_put(a->algorithm,i2d_ASN1_OBJECT);
+	if (a->parameter != NULL)
+		{ M_ASN1_I2D_put(a->parameter,i2d_ASN1_TYPE); }
+
+	M_ASN1_I2D_finish();
+	}
+
+X509_ALGOR *d2i_X509_ALGOR(X509_ALGOR **a, unsigned char **pp, long length)
+	{
+	M_ASN1_D2I_vars(a,X509_ALGOR *,X509_ALGOR_new);
+
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get(ret->algorithm,d2i_ASN1_OBJECT);
+	if (!M_ASN1_D2I_end_sequence())
+		{ M_ASN1_D2I_get(ret->parameter,d2i_ASN1_TYPE); }
+	else
+		{
+		ASN1_TYPE_free(ret->parameter);
+		ret->parameter=NULL;
+		}
+	M_ASN1_D2I_Finish(a,X509_ALGOR_free,ASN1_F_D2I_X509_ALGOR);
+	}
+
+X509_ALGOR *X509_ALGOR_new(void)
+	{
+	X509_ALGOR *ret=NULL;
+	ASN1_CTX c;
+
+	M_ASN1_New_Malloc(ret,X509_ALGOR);
+	ret->algorithm=OBJ_nid2obj(NID_undef);
+	ret->parameter=NULL;
+	return(ret);
+	M_ASN1_New_Error(ASN1_F_X509_ALGOR_NEW);
+	}
+
+void X509_ALGOR_free(X509_ALGOR *a)
+	{
+	if (a == NULL) return;
+	ASN1_OBJECT_free(a->algorithm);
+	ASN1_TYPE_free(a->parameter);
+	Free((char *)a);
+	}
+
+IMPLEMENT_STACK_OF(X509_ALGOR)
+IMPLEMENT_ASN1_SET_OF(X509_ALGOR)
diff --git a/crypto/openssl/crypto/asn1/x_attrib.c b/crypto/openssl/crypto/asn1/x_attrib.c
new file mode 100644
index 000000000000..a1cbebf5a50e
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/x_attrib.c
@@ -0,0 +1,165 @@
+/* crypto/asn1/x_attrib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+
+/* sequence */
+int i2d_X509_ATTRIBUTE(X509_ATTRIBUTE *a, unsigned char **pp)
+	{
+	int k=0;
+	int r=0,ret=0;
+	unsigned char **p=NULL;
+
+	if (a == NULL) return(0);
+
+	p=NULL;
+	for (;;)
+		{
+		if (k)
+			{
+			r=ASN1_object_size(1,ret,V_ASN1_SEQUENCE);
+			if (pp == NULL) return(r);
+			p=pp;
+			ASN1_put_object(p,1,ret,V_ASN1_SEQUENCE,
+				V_ASN1_UNIVERSAL);
+			}
+
+		ret+=i2d_ASN1_OBJECT(a->object,p);
+		if (a->set)
+			ret+=i2d_ASN1_SET_OF_ASN1_TYPE(a->value.set,p,i2d_ASN1_TYPE,
+				V_ASN1_SET,V_ASN1_UNIVERSAL,IS_SET);
+		else
+			ret+=i2d_ASN1_TYPE(a->value.single,p);
+		if (k++) return(r);
+		}
+	}
+
+X509_ATTRIBUTE *d2i_X509_ATTRIBUTE(X509_ATTRIBUTE **a, unsigned char **pp,
+	     long length)
+	{
+	M_ASN1_D2I_vars(a,X509_ATTRIBUTE *,X509_ATTRIBUTE_new);
+
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get(ret->object,d2i_ASN1_OBJECT);
+
+	if ((c.slen != 0) &&
+		(M_ASN1_next == (V_ASN1_CONSTRUCTED|V_ASN1_UNIVERSAL|V_ASN1_SET)))
+		{
+		ret->set=1;
+		M_ASN1_D2I_get_set_type(ASN1_TYPE,ret->value.set,d2i_ASN1_TYPE,
+					ASN1_TYPE_free);
+		}
+	else
+		{
+		ret->set=0;
+		M_ASN1_D2I_get(ret->value.single,d2i_ASN1_TYPE);
+		}
+
+	M_ASN1_D2I_Finish(a,X509_ATTRIBUTE_free,ASN1_F_D2I_X509_ATTRIBUTE);
+	}
+
+X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value)
+	{
+	X509_ATTRIBUTE *ret=NULL;
+	ASN1_TYPE *val=NULL;
+
+	if ((ret=X509_ATTRIBUTE_new()) == NULL)
+		return(NULL);
+	ret->object=OBJ_nid2obj(nid);
+	ret->set=1;
+	if ((ret->value.set=sk_ASN1_TYPE_new_null()) == NULL) goto err;
+	if ((val=ASN1_TYPE_new()) == NULL) goto err;
+	if (!sk_ASN1_TYPE_push(ret->value.set,val)) goto err;
+
+	ASN1_TYPE_set(val,atrtype,value);
+	return(ret);
+err:
+	if (ret != NULL) X509_ATTRIBUTE_free(ret);
+	if (val != NULL) ASN1_TYPE_free(val);
+	return(NULL);
+	}
+
+X509_ATTRIBUTE *X509_ATTRIBUTE_new(void)
+	{
+	X509_ATTRIBUTE *ret=NULL;
+	ASN1_CTX c;
+
+	M_ASN1_New_Malloc(ret,X509_ATTRIBUTE);
+	ret->object=OBJ_nid2obj(NID_undef);
+	ret->set=0;
+	ret->value.ptr=NULL;
+	return(ret);
+	M_ASN1_New_Error(ASN1_F_X509_ATTRIBUTE_NEW);
+	}
+	
+void X509_ATTRIBUTE_free(X509_ATTRIBUTE *a)
+	{
+	if (a == NULL) return;
+	ASN1_OBJECT_free(a->object);
+	if (a->set)
+		sk_ASN1_TYPE_pop_free(a->value.set,ASN1_TYPE_free);
+	else
+		ASN1_TYPE_free(a->value.single);
+	Free((char *)a);
+	}
+
diff --git a/crypto/openssl/crypto/asn1/x_cinf.c b/crypto/openssl/crypto/asn1/x_cinf.c
new file mode 100644
index 000000000000..fe1b18a90ffb
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/x_cinf.c
@@ -0,0 +1,201 @@
+/* crypto/asn1/x_cinf.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+
+int i2d_X509_CINF(X509_CINF *a, unsigned char **pp)
+	{
+	int v1=0,v2=0;
+	M_ASN1_I2D_vars(a);
+
+	M_ASN1_I2D_len_EXP_opt(a->version,i2d_ASN1_INTEGER,0,v1);
+	M_ASN1_I2D_len(a->serialNumber,		i2d_ASN1_INTEGER);
+	M_ASN1_I2D_len(a->signature,		i2d_X509_ALGOR);
+	M_ASN1_I2D_len(a->issuer,		i2d_X509_NAME);
+	M_ASN1_I2D_len(a->validity,		i2d_X509_VAL);
+	M_ASN1_I2D_len(a->subject,		i2d_X509_NAME);
+	M_ASN1_I2D_len(a->key,			i2d_X509_PUBKEY);
+	M_ASN1_I2D_len_IMP_opt(a->issuerUID,	i2d_ASN1_BIT_STRING);
+	M_ASN1_I2D_len_IMP_opt(a->subjectUID,	i2d_ASN1_BIT_STRING);
+	M_ASN1_I2D_len_EXP_SEQUENCE_opt_type(X509_EXTENSION,a->extensions,
+					     i2d_X509_EXTENSION,3,
+					     V_ASN1_SEQUENCE,v2);
+
+	M_ASN1_I2D_seq_total();
+
+	M_ASN1_I2D_put_EXP_opt(a->version,i2d_ASN1_INTEGER,0,v1);
+	M_ASN1_I2D_put(a->serialNumber,		i2d_ASN1_INTEGER);
+	M_ASN1_I2D_put(a->signature,		i2d_X509_ALGOR);
+	M_ASN1_I2D_put(a->issuer,		i2d_X509_NAME);
+	M_ASN1_I2D_put(a->validity,		i2d_X509_VAL);
+	M_ASN1_I2D_put(a->subject,		i2d_X509_NAME);
+	M_ASN1_I2D_put(a->key,			i2d_X509_PUBKEY);
+	M_ASN1_I2D_put_IMP_opt(a->issuerUID,	i2d_ASN1_BIT_STRING,1);
+	M_ASN1_I2D_put_IMP_opt(a->subjectUID,	i2d_ASN1_BIT_STRING,2);
+	M_ASN1_I2D_put_EXP_SEQUENCE_opt_type(X509_EXTENSION,a->extensions,
+					     i2d_X509_EXTENSION,3,
+					     V_ASN1_SEQUENCE,v2);
+
+	M_ASN1_I2D_finish();
+	}
+
+X509_CINF *d2i_X509_CINF(X509_CINF **a, unsigned char **pp, long length)
+	{
+	int ver=0;
+	M_ASN1_D2I_vars(a,X509_CINF *,X509_CINF_new);
+
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	/* we have the optional version field */
+	if (M_ASN1_next == (V_ASN1_CONTEXT_SPECIFIC | V_ASN1_CONSTRUCTED | 0))
+		{
+		M_ASN1_D2I_get_EXP_opt(ret->version,d2i_ASN1_INTEGER,0);
+		if (ret->version->data != NULL)
+			ver=ret->version->data[0];
+		}
+	else
+		{
+		if (ret->version != NULL)
+			{
+			ASN1_INTEGER_free(ret->version);
+			ret->version=NULL;
+			}
+		}
+	M_ASN1_D2I_get(ret->serialNumber,d2i_ASN1_INTEGER);
+	M_ASN1_D2I_get(ret->signature,d2i_X509_ALGOR);
+	M_ASN1_D2I_get(ret->issuer,d2i_X509_NAME);
+	M_ASN1_D2I_get(ret->validity,d2i_X509_VAL);
+	M_ASN1_D2I_get(ret->subject,d2i_X509_NAME);
+	M_ASN1_D2I_get(ret->key,d2i_X509_PUBKEY);
+	if (ver >= 1) /* version 2 extensions */
+		{
+		if (ret->issuerUID != NULL)
+			{
+			ASN1_BIT_STRING_free(ret->issuerUID);
+			ret->issuerUID=NULL;
+			}
+		if (ret->subjectUID != NULL)
+			{
+			ASN1_BIT_STRING_free(ret->subjectUID);
+			ret->subjectUID=NULL;
+			}
+		M_ASN1_D2I_get_IMP_opt(ret->issuerUID,d2i_ASN1_BIT_STRING,  1,
+			V_ASN1_BIT_STRING);
+		M_ASN1_D2I_get_IMP_opt(ret->subjectUID,d2i_ASN1_BIT_STRING, 2,
+			V_ASN1_BIT_STRING);
+		}
+/* Note: some broken certificates include extensions but don't set
+ * the version number properly. By bypassing this check they can
+ * be parsed.
+ */
+
+#ifdef VERSION_EXT_CHECK
+	if (ver >= 2) /* version 3 extensions */
+#endif
+		{
+		if (ret->extensions != NULL)
+			while (sk_X509_EXTENSION_num(ret->extensions))
+				X509_EXTENSION_free(
+				      sk_X509_EXTENSION_pop(ret->extensions));
+		M_ASN1_D2I_get_EXP_set_opt_type(X509_EXTENSION,ret->extensions,
+						d2i_X509_EXTENSION,
+						X509_EXTENSION_free,3,
+						V_ASN1_SEQUENCE);
+		}
+	M_ASN1_D2I_Finish(a,X509_CINF_free,ASN1_F_D2I_X509_CINF);
+	}
+
+X509_CINF *X509_CINF_new(void)
+	{
+	X509_CINF *ret=NULL;
+	ASN1_CTX c;
+
+	M_ASN1_New_Malloc(ret,X509_CINF);
+	ret->version=NULL;
+	M_ASN1_New(ret->serialNumber,ASN1_INTEGER_new);
+	M_ASN1_New(ret->signature,X509_ALGOR_new);
+	M_ASN1_New(ret->issuer,X509_NAME_new);
+	M_ASN1_New(ret->validity,X509_VAL_new);
+	M_ASN1_New(ret->subject,X509_NAME_new);
+	M_ASN1_New(ret->key,X509_PUBKEY_new);
+	ret->issuerUID=NULL;
+	ret->subjectUID=NULL;
+	ret->extensions=NULL;
+	return(ret);
+	M_ASN1_New_Error(ASN1_F_X509_CINF_NEW);
+	}
+
+void X509_CINF_free(X509_CINF *a)
+	{
+	if (a == NULL) return;
+	ASN1_INTEGER_free(a->version);
+	ASN1_INTEGER_free(a->serialNumber);
+	X509_ALGOR_free(a->signature);
+	X509_NAME_free(a->issuer);
+	X509_VAL_free(a->validity);
+	X509_NAME_free(a->subject);
+	X509_PUBKEY_free(a->key);
+	ASN1_BIT_STRING_free(a->issuerUID);
+	ASN1_BIT_STRING_free(a->subjectUID);
+	sk_X509_EXTENSION_pop_free(a->extensions,X509_EXTENSION_free);
+	Free(a);
+	}
+
diff --git a/crypto/openssl/crypto/asn1/x_crl.c b/crypto/openssl/crypto/asn1/x_crl.c
new file mode 100644
index 000000000000..cd46bbebc282
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/x_crl.c
@@ -0,0 +1,350 @@
+/* crypto/asn1/x_crl.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+
+static int X509_REVOKED_cmp(X509_REVOKED **a,X509_REVOKED **b);
+static int X509_REVOKED_seq_cmp(X509_REVOKED **a,X509_REVOKED **b);
+int i2d_X509_REVOKED(X509_REVOKED *a, unsigned char **pp)
+	{
+	M_ASN1_I2D_vars(a);
+
+	M_ASN1_I2D_len(a->serialNumber,i2d_ASN1_INTEGER);
+	M_ASN1_I2D_len(a->revocationDate,i2d_ASN1_TIME);
+	M_ASN1_I2D_len_SEQUENCE_opt_type(X509_EXTENSION,a->extensions,
+					 i2d_X509_EXTENSION);
+
+	M_ASN1_I2D_seq_total();
+
+	M_ASN1_I2D_put(a->serialNumber,i2d_ASN1_INTEGER);
+	M_ASN1_I2D_put(a->revocationDate,i2d_ASN1_TIME);
+	M_ASN1_I2D_put_SEQUENCE_opt_type(X509_EXTENSION,a->extensions,
+					 i2d_X509_EXTENSION);
+
+	M_ASN1_I2D_finish();
+	}
+
+X509_REVOKED *d2i_X509_REVOKED(X509_REVOKED **a, unsigned char **pp,
+	     long length)
+	{
+	M_ASN1_D2I_vars(a,X509_REVOKED *,X509_REVOKED_new);
+
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get(ret->serialNumber,d2i_ASN1_INTEGER);
+	M_ASN1_D2I_get(ret->revocationDate,d2i_ASN1_TIME);
+	M_ASN1_D2I_get_seq_opt_type(X509_EXTENSION,ret->extensions,
+				    d2i_X509_EXTENSION,X509_EXTENSION_free);
+	M_ASN1_D2I_Finish(a,X509_REVOKED_free,ASN1_F_D2I_X509_REVOKED);
+	}
+
+int i2d_X509_CRL_INFO(X509_CRL_INFO *a, unsigned char **pp)
+	{
+	int v1=0;
+	long l=0;
+	int (*old_cmp)(X509_REVOKED **,X509_REVOKED **);
+	M_ASN1_I2D_vars(a);
+	
+	old_cmp=sk_X509_REVOKED_set_cmp_func(a->revoked,X509_REVOKED_seq_cmp);
+	sk_X509_REVOKED_sort(a->revoked);
+	sk_X509_REVOKED_set_cmp_func(a->revoked,old_cmp);
+
+	if ((a->version != NULL) && ((l=ASN1_INTEGER_get(a->version)) != 0))
+		{
+		M_ASN1_I2D_len(a->version,i2d_ASN1_INTEGER);
+		}
+	M_ASN1_I2D_len(a->sig_alg,i2d_X509_ALGOR);
+	M_ASN1_I2D_len(a->issuer,i2d_X509_NAME);
+	M_ASN1_I2D_len(a->lastUpdate,i2d_ASN1_TIME);
+	if (a->nextUpdate != NULL)
+		{ M_ASN1_I2D_len(a->nextUpdate,i2d_ASN1_TIME); }
+	M_ASN1_I2D_len_SEQUENCE_opt_type(X509_REVOKED,a->revoked,
+					 i2d_X509_REVOKED);
+	M_ASN1_I2D_len_EXP_SEQUENCE_opt_type(X509_EXTENSION,a->extensions,
+					     i2d_X509_EXTENSION,0,
+					     V_ASN1_SEQUENCE,v1);
+
+	M_ASN1_I2D_seq_total();
+
+	if ((a->version != NULL) && (l != 0))
+		{
+		M_ASN1_I2D_put(a->version,i2d_ASN1_INTEGER);
+		}
+	M_ASN1_I2D_put(a->sig_alg,i2d_X509_ALGOR);
+	M_ASN1_I2D_put(a->issuer,i2d_X509_NAME);
+	M_ASN1_I2D_put(a->lastUpdate,i2d_ASN1_UTCTIME);
+	if (a->nextUpdate != NULL)
+		{ M_ASN1_I2D_put(a->nextUpdate,i2d_ASN1_UTCTIME); }
+	M_ASN1_I2D_put_SEQUENCE_opt_type(X509_REVOKED,a->revoked,
+					 i2d_X509_REVOKED);
+	M_ASN1_I2D_put_EXP_SEQUENCE_opt_type(X509_EXTENSION,a->extensions,
+					     i2d_X509_EXTENSION,0,
+					     V_ASN1_SEQUENCE,v1);
+
+	M_ASN1_I2D_finish();
+	}
+
+X509_CRL_INFO *d2i_X509_CRL_INFO(X509_CRL_INFO **a, unsigned char **pp,
+	     long length)
+	{
+	int i,ver=0;
+	M_ASN1_D2I_vars(a,X509_CRL_INFO *,X509_CRL_INFO_new);
+
+
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get_opt(ret->version,d2i_ASN1_INTEGER,V_ASN1_INTEGER);
+	if (ret->version != NULL)
+		ver=ret->version->data[0];
+	
+	if ((ver == 0) && (ret->version != NULL))
+		{
+		ASN1_INTEGER_free(ret->version);
+		ret->version=NULL;
+		}
+	M_ASN1_D2I_get(ret->sig_alg,d2i_X509_ALGOR);
+	M_ASN1_D2I_get(ret->issuer,d2i_X509_NAME);
+	M_ASN1_D2I_get(ret->lastUpdate,d2i_ASN1_TIME);
+	/* Manually handle the OPTIONAL ASN1_TIME stuff */
+	if(c.slen != 0
+	   && ( (M_ASN1_next & ~V_ASN1_CONSTRUCTED) ==
+		    (V_ASN1_UNIVERSAL|V_ASN1_UTCTIME)
+		|| (M_ASN1_next & ~V_ASN1_CONSTRUCTED) ==
+		    (V_ASN1_UNIVERSAL|V_ASN1_GENERALIZEDTIME) ) ) {
+		M_ASN1_D2I_get(ret->nextUpdate,d2i_ASN1_TIME);
+	}
+	if(!ret->nextUpdate) 
+		M_ASN1_D2I_get_opt(ret->nextUpdate,d2i_ASN1_GENERALIZEDTIME,
+							V_ASN1_GENERALIZEDTIME);
+	if (ret->revoked != NULL)
+		{
+		while (sk_X509_REVOKED_num(ret->revoked))
+			X509_REVOKED_free(sk_X509_REVOKED_pop(ret->revoked));
+		}
+	M_ASN1_D2I_get_seq_opt_type(X509_REVOKED,ret->revoked,d2i_X509_REVOKED,
+				    X509_REVOKED_free);
+
+	if (ret->revoked != NULL)
+		{
+		for (i=0; irevoked); i++)
+			{
+			sk_X509_REVOKED_value(ret->revoked,i)->sequence=i;
+			}
+		}
+
+	if (ver >= 1)
+		{
+		if (ret->extensions != NULL)
+			{
+			while (sk_X509_EXTENSION_num(ret->extensions))
+				X509_EXTENSION_free(
+				sk_X509_EXTENSION_pop(ret->extensions));
+			}
+			
+		M_ASN1_D2I_get_EXP_set_opt_type(X509_EXTENSION,ret->extensions,
+						d2i_X509_EXTENSION,
+						X509_EXTENSION_free,0,
+						V_ASN1_SEQUENCE);
+		}
+
+	M_ASN1_D2I_Finish(a,X509_CRL_INFO_free,ASN1_F_D2I_X509_CRL_INFO);
+	}
+
+int i2d_X509_CRL(X509_CRL *a, unsigned char **pp)
+	{
+	M_ASN1_I2D_vars(a);
+
+	M_ASN1_I2D_len(a->crl,i2d_X509_CRL_INFO);
+	M_ASN1_I2D_len(a->sig_alg,i2d_X509_ALGOR);
+	M_ASN1_I2D_len(a->signature,i2d_ASN1_BIT_STRING);
+
+	M_ASN1_I2D_seq_total();
+
+	M_ASN1_I2D_put(a->crl,i2d_X509_CRL_INFO);
+	M_ASN1_I2D_put(a->sig_alg,i2d_X509_ALGOR);
+	M_ASN1_I2D_put(a->signature,i2d_ASN1_BIT_STRING);
+
+	M_ASN1_I2D_finish();
+	}
+
+X509_CRL *d2i_X509_CRL(X509_CRL **a, unsigned char **pp, long length)
+	{
+	M_ASN1_D2I_vars(a,X509_CRL *,X509_CRL_new);
+
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get(ret->crl,d2i_X509_CRL_INFO);
+	M_ASN1_D2I_get(ret->sig_alg,d2i_X509_ALGOR);
+	M_ASN1_D2I_get(ret->signature,d2i_ASN1_BIT_STRING);
+
+	M_ASN1_D2I_Finish(a,X509_CRL_free,ASN1_F_D2I_X509_CRL);
+	}
+
+
+X509_REVOKED *X509_REVOKED_new(void)
+	{
+	X509_REVOKED *ret=NULL;
+	ASN1_CTX c;
+
+	M_ASN1_New_Malloc(ret,X509_REVOKED);
+	M_ASN1_New(ret->serialNumber,ASN1_INTEGER_new);
+	M_ASN1_New(ret->revocationDate,ASN1_UTCTIME_new);
+	ret->extensions=NULL;
+	return(ret);
+	M_ASN1_New_Error(ASN1_F_X509_REVOKED_NEW);
+	}
+
+X509_CRL_INFO *X509_CRL_INFO_new(void)
+	{
+	X509_CRL_INFO *ret=NULL;
+	ASN1_CTX c;
+
+	M_ASN1_New_Malloc(ret,X509_CRL_INFO);
+	ret->version=NULL;
+	M_ASN1_New(ret->sig_alg,X509_ALGOR_new);
+	M_ASN1_New(ret->issuer,X509_NAME_new);
+	M_ASN1_New(ret->lastUpdate,ASN1_UTCTIME_new);
+	ret->nextUpdate=NULL;
+	M_ASN1_New(ret->revoked,sk_X509_REVOKED_new_null);
+	M_ASN1_New(ret->extensions,sk_X509_EXTENSION_new_null);
+	sk_X509_REVOKED_set_cmp_func(ret->revoked,X509_REVOKED_cmp);
+	return(ret);
+	M_ASN1_New_Error(ASN1_F_X509_CRL_INFO_NEW);
+	}
+
+X509_CRL *X509_CRL_new(void)
+	{
+	X509_CRL *ret=NULL;
+	ASN1_CTX c;
+
+	M_ASN1_New_Malloc(ret,X509_CRL);
+	ret->references=1;
+	M_ASN1_New(ret->crl,X509_CRL_INFO_new);
+	M_ASN1_New(ret->sig_alg,X509_ALGOR_new);
+	M_ASN1_New(ret->signature,ASN1_BIT_STRING_new);
+	return(ret);
+	M_ASN1_New_Error(ASN1_F_X509_CRL_NEW);
+	}
+
+void X509_REVOKED_free(X509_REVOKED *a)
+	{
+	if (a == NULL) return;
+	ASN1_INTEGER_free(a->serialNumber);
+	ASN1_UTCTIME_free(a->revocationDate);
+	sk_X509_EXTENSION_pop_free(a->extensions,X509_EXTENSION_free);
+	Free(a);
+	}
+
+void X509_CRL_INFO_free(X509_CRL_INFO *a)
+	{
+	if (a == NULL) return;
+	ASN1_INTEGER_free(a->version);
+	X509_ALGOR_free(a->sig_alg);
+	X509_NAME_free(a->issuer);
+	ASN1_UTCTIME_free(a->lastUpdate);
+	if (a->nextUpdate)
+		ASN1_UTCTIME_free(a->nextUpdate);
+	sk_X509_REVOKED_pop_free(a->revoked,X509_REVOKED_free);
+	sk_X509_EXTENSION_pop_free(a->extensions,X509_EXTENSION_free);
+	Free(a);
+	}
+
+void X509_CRL_free(X509_CRL *a)
+	{
+	int i;
+
+	if (a == NULL) return;
+
+	i=CRYPTO_add(&a->references,-1,CRYPTO_LOCK_X509_CRL);
+#ifdef REF_PRINT
+	REF_PRINT("X509_CRL",a);
+#endif
+	if (i > 0) return;
+#ifdef REF_CHECK
+	if (i < 0)
+		{
+		fprintf(stderr,"X509_CRL_free, bad reference count\n");
+		abort();
+		}
+#endif
+
+	X509_CRL_INFO_free(a->crl);
+	X509_ALGOR_free(a->sig_alg);
+	ASN1_BIT_STRING_free(a->signature);
+	Free(a);
+	}
+
+static int X509_REVOKED_cmp(X509_REVOKED **a, X509_REVOKED **b)
+	{
+	return(ASN1_STRING_cmp(
+		(ASN1_STRING *)(*a)->serialNumber,
+		(ASN1_STRING *)(*b)->serialNumber));
+	}
+
+static int X509_REVOKED_seq_cmp(X509_REVOKED **a, X509_REVOKED **b)
+	{
+	return((*a)->sequence-(*b)->sequence);
+	}
+
+IMPLEMENT_STACK_OF(X509_REVOKED)
+IMPLEMENT_ASN1_SET_OF(X509_REVOKED)
+IMPLEMENT_STACK_OF(X509_CRL)
+IMPLEMENT_ASN1_SET_OF(X509_CRL)
diff --git a/crypto/openssl/crypto/asn1/x_exten.c b/crypto/openssl/crypto/asn1/x_exten.c
new file mode 100644
index 000000000000..d5f9e1df9e0e
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/x_exten.c
@@ -0,0 +1,148 @@
+/* crypto/asn1/x_exten.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+
+int i2d_X509_EXTENSION(X509_EXTENSION *a, unsigned char **pp)
+	{
+	int k=0;
+	int r=0,ret=0;
+	unsigned char **p=NULL;
+
+	if (a == NULL) return(0);
+
+	p=NULL;
+	for (;;)
+		{
+		if (k)
+			{
+			r=ASN1_object_size(1,ret,V_ASN1_SEQUENCE);
+			if (pp == NULL) return(r);
+			p=pp;
+			ASN1_put_object(p,1,ret,V_ASN1_SEQUENCE,
+				V_ASN1_UNIVERSAL);
+			}
+
+		ret+=i2d_ASN1_OBJECT(a->object,p);
+		if ((a->critical) || a->netscape_hack)
+			ret+=i2d_ASN1_BOOLEAN(a->critical,p);
+		ret+=i2d_ASN1_OCTET_STRING(a->value,p);
+		if (k++) return(r);
+		}
+	}
+
+X509_EXTENSION *d2i_X509_EXTENSION(X509_EXTENSION **a, unsigned char **pp,
+	     long length)
+	{
+	int i;
+	M_ASN1_D2I_vars(a,X509_EXTENSION *,X509_EXTENSION_new);
+
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get(ret->object,d2i_ASN1_OBJECT);
+
+	if ((ret->argp != NULL) && (ret->ex_free != NULL))
+		ret->ex_free(ret);
+	ret->argl=0;
+	ret->argp=NULL;
+	ret->netscape_hack=0;
+	if ((c.slen != 0) &&
+		(M_ASN1_next == (V_ASN1_UNIVERSAL|V_ASN1_BOOLEAN)))
+		{
+		c.q=c.p;
+		if (d2i_ASN1_BOOLEAN(&i,&c.p,c.slen) < 0) goto err;
+		ret->critical=i;
+		c.slen-=(c.p-c.q);
+		if (ret->critical == 0) ret->netscape_hack=1;
+		}
+	M_ASN1_D2I_get(ret->value,d2i_ASN1_OCTET_STRING);
+
+	M_ASN1_D2I_Finish(a,X509_EXTENSION_free,ASN1_F_D2I_X509_EXTENSION);
+	}
+
+X509_EXTENSION *X509_EXTENSION_new(void)
+	{
+	X509_EXTENSION *ret=NULL;
+	ASN1_CTX c;
+
+	M_ASN1_New_Malloc(ret,X509_EXTENSION);
+	ret->object=OBJ_nid2obj(NID_undef);
+	M_ASN1_New(ret->value,ASN1_OCTET_STRING_new);
+	ret->critical=0;
+	ret->netscape_hack=0;
+	ret->argl=0L;
+	ret->argp=NULL;
+	ret->ex_free=NULL;
+	return(ret);
+	M_ASN1_New_Error(ASN1_F_X509_EXTENSION_NEW);
+	}
+	
+void X509_EXTENSION_free(X509_EXTENSION *a)
+	{
+	if (a == NULL) return;
+	if ((a->argp != NULL) && (a->ex_free != NULL))
+		a->ex_free(a);
+	ASN1_OBJECT_free(a->object);
+	ASN1_OCTET_STRING_free(a->value);
+	Free((char *)a);
+	}
+
diff --git a/crypto/openssl/crypto/asn1/x_info.c b/crypto/openssl/crypto/asn1/x_info.c
new file mode 100644
index 000000000000..99ce011f075f
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/x_info.c
@@ -0,0 +1,113 @@
+/* crypto/asn1/x_info.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+
+X509_INFO *X509_INFO_new(void)
+	{
+	X509_INFO *ret=NULL;
+
+	ret=(X509_INFO *)Malloc(sizeof(X509_INFO));
+	if (ret == NULL)
+		{
+		ASN1err(ASN1_F_X509_INFO_NEW,ERR_R_MALLOC_FAILURE);
+		return(NULL);
+		}
+ 
+        ret->enc_cipher.cipher=NULL;
+        ret->enc_len=0;
+        ret->enc_data=NULL;
+ 
+	ret->references=1;
+	ret->x509=NULL;
+	ret->crl=NULL;
+	ret->x_pkey=NULL;
+	return(ret);
+	}
+
+void X509_INFO_free(X509_INFO *x)
+	{
+	int i;
+
+	if (x == NULL) return;
+
+	i=CRYPTO_add(&x->references,-1,CRYPTO_LOCK_X509_INFO);
+#ifdef REF_PRINT
+	REF_PRINT("X509_INFO",x);
+#endif
+	if (i > 0) return;
+#ifdef REF_CHECK
+	if (i < 0)
+		{
+		fprintf(stderr,"X509_INFO_free, bad reference count\n");
+		abort();
+		}
+#endif
+
+	if (x->x509 != NULL) X509_free(x->x509);
+	if (x->crl != NULL) X509_CRL_free(x->crl);
+	if (x->x_pkey != NULL) X509_PKEY_free(x->x_pkey);
+	Free((char *)x);
+	}
+
+IMPLEMENT_STACK_OF(X509_INFO)
+
diff --git a/crypto/openssl/crypto/asn1/x_name.c b/crypto/openssl/crypto/asn1/x_name.c
new file mode 100644
index 000000000000..b09fba33fbd2
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/x_name.c
@@ -0,0 +1,279 @@
+/* crypto/asn1/x_name.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+
+static int i2d_X509_NAME_entries(X509_NAME *a);
+int i2d_X509_NAME_ENTRY(X509_NAME_ENTRY *a, unsigned char **pp)
+	{
+	M_ASN1_I2D_vars(a);
+
+	M_ASN1_I2D_len(a->object,i2d_ASN1_OBJECT);
+	M_ASN1_I2D_len(a->value,i2d_ASN1_PRINTABLE);
+
+	M_ASN1_I2D_seq_total();
+
+	M_ASN1_I2D_put(a->object,i2d_ASN1_OBJECT);
+	M_ASN1_I2D_put(a->value,i2d_ASN1_PRINTABLE);
+
+	M_ASN1_I2D_finish();
+	}
+
+X509_NAME_ENTRY *d2i_X509_NAME_ENTRY(X509_NAME_ENTRY **a, unsigned char **pp,
+	     long length)
+	{
+	M_ASN1_D2I_vars(a,X509_NAME_ENTRY *,X509_NAME_ENTRY_new);
+
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get(ret->object,d2i_ASN1_OBJECT);
+	M_ASN1_D2I_get(ret->value,d2i_ASN1_PRINTABLE);
+	ret->set=0;
+	M_ASN1_D2I_Finish(a,X509_NAME_ENTRY_free,ASN1_F_D2I_X509_NAME_ENTRY);
+	}
+
+int i2d_X509_NAME(X509_NAME *a, unsigned char **pp)
+	{
+	int ret;
+
+	if (a == NULL) return(0);
+	if (a->modified)
+		{
+		ret=i2d_X509_NAME_entries(a);
+		if (ret < 0) return(ret);
+		}
+
+	ret=a->bytes->length;
+	if (pp != NULL)
+		{
+		memcpy(*pp,a->bytes->data,ret);
+		*pp+=ret;
+		}
+	return(ret);
+	}
+
+static int i2d_X509_NAME_entries(X509_NAME *a)
+	{
+	X509_NAME_ENTRY *ne,*fe=NULL;
+	STACK_OF(X509_NAME_ENTRY) *sk;
+	BUF_MEM *buf=NULL;
+	int set=0,r,ret=0;
+	int i;
+	unsigned char *p;
+	int size=0;
+
+	sk=a->entries;
+	for (i=0; iset != set)
+			{
+			ret+=ASN1_object_size(1,size,V_ASN1_SET);
+			fe->size=size;
+			fe=ne;
+			size=0;
+			set=ne->set;
+			}
+		size+=i2d_X509_NAME_ENTRY(ne,NULL);
+		}
+
+	ret+=ASN1_object_size(1,size,V_ASN1_SET);
+	if (fe != NULL)
+		fe->size=size;
+
+	r=ASN1_object_size(1,ret,V_ASN1_SEQUENCE);
+
+	buf=a->bytes;
+	if (!BUF_MEM_grow(buf,r)) goto err;
+	p=(unsigned char *)buf->data;
+
+	ASN1_put_object(&p,1,ret,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
+
+	set= -1;
+	for (i=0; iset)
+			{
+			set=ne->set;
+			ASN1_put_object(&p,1,ne->size,
+				V_ASN1_SET,V_ASN1_UNIVERSAL);
+			}
+		i2d_X509_NAME_ENTRY(ne,&p);
+		}
+	a->modified=0;
+	return(r);
+err:
+	return(-1);
+	}
+
+X509_NAME *d2i_X509_NAME(X509_NAME **a, unsigned char **pp, long length)
+	{
+	int set=0,i;
+	int idx=0;
+	unsigned char *orig;
+	M_ASN1_D2I_vars(a,X509_NAME *,X509_NAME_new);
+
+	orig= *pp;
+	if (sk_X509_NAME_ENTRY_num(ret->entries) > 0)
+		{
+		while (sk_X509_NAME_ENTRY_num(ret->entries) > 0)
+			X509_NAME_ENTRY_free(
+				       sk_X509_NAME_ENTRY_pop(ret->entries));
+		}
+
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	for (;;)
+		{
+		if (M_ASN1_D2I_end_sequence()) break;
+		M_ASN1_D2I_get_set_type(X509_NAME_ENTRY,ret->entries,
+					d2i_X509_NAME_ENTRY,
+					X509_NAME_ENTRY_free);
+		for (; idx < sk_X509_NAME_ENTRY_num(ret->entries); idx++)
+			{
+			sk_X509_NAME_ENTRY_value(ret->entries,idx)->set=set;
+			}
+		set++;
+		}
+
+	i=(int)(c.p-orig);
+	if (!BUF_MEM_grow(ret->bytes,i)) goto err;
+	memcpy(ret->bytes->data,orig,i);
+	ret->bytes->length=i;
+	ret->modified=0;
+
+	M_ASN1_D2I_Finish(a,X509_NAME_free,ASN1_F_D2I_X509_NAME);
+	}
+
+X509_NAME *X509_NAME_new(void)
+	{
+	X509_NAME *ret=NULL;
+	ASN1_CTX c;
+
+	M_ASN1_New_Malloc(ret,X509_NAME);
+	if ((ret->entries=sk_X509_NAME_ENTRY_new(NULL)) == NULL)
+		{ c.line=__LINE__; goto err2; }
+	M_ASN1_New(ret->bytes,BUF_MEM_new);
+	ret->modified=1;
+	return(ret);
+	M_ASN1_New_Error(ASN1_F_X509_NAME_NEW);
+	}
+
+X509_NAME_ENTRY *X509_NAME_ENTRY_new(void)
+	{
+	X509_NAME_ENTRY *ret=NULL;
+	ASN1_CTX c;
+
+	M_ASN1_New_Malloc(ret,X509_NAME_ENTRY);
+/*	M_ASN1_New(ret->object,ASN1_OBJECT_new);*/
+	ret->object=NULL;
+	ret->set=0;
+	M_ASN1_New(ret->value,ASN1_STRING_new);
+	return(ret);
+	M_ASN1_New_Error(ASN1_F_X509_NAME_ENTRY_NEW);
+	}
+
+void X509_NAME_free(X509_NAME *a)
+	{
+	if(a == NULL)
+	    return;
+
+	BUF_MEM_free(a->bytes);
+	sk_X509_NAME_ENTRY_pop_free(a->entries,X509_NAME_ENTRY_free);
+	Free(a);
+	}
+
+void X509_NAME_ENTRY_free(X509_NAME_ENTRY *a)
+	{
+	if (a == NULL) return;
+	ASN1_OBJECT_free(a->object);
+	ASN1_BIT_STRING_free(a->value);
+	Free(a);
+	}
+
+int X509_NAME_set(X509_NAME **xn, X509_NAME *name)
+	{
+	X509_NAME *in;
+
+	if (*xn == NULL) return(0);
+
+	if (*xn != name)
+		{
+		in=X509_NAME_dup(name);
+		if (in != NULL)
+			{
+			X509_NAME_free(*xn);
+			*xn=in;
+			}
+		}
+	return(*xn != NULL);
+	}
+	
+IMPLEMENT_STACK_OF(X509_NAME_ENTRY)
+IMPLEMENT_ASN1_SET_OF(X509_NAME_ENTRY)
diff --git a/crypto/openssl/crypto/asn1/x_pkey.c b/crypto/openssl/crypto/asn1/x_pkey.c
new file mode 100644
index 000000000000..b0057eb212cd
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/x_pkey.c
@@ -0,0 +1,151 @@
+/* crypto/asn1/x_pkey.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+#include 
+
+/* need to implement */
+int i2d_X509_PKEY(X509_PKEY *a, unsigned char **pp)
+	{
+	return(0);
+	}
+
+X509_PKEY *d2i_X509_PKEY(X509_PKEY **a, unsigned char **pp, long length)
+	{
+	int i;
+	M_ASN1_D2I_vars(a,X509_PKEY *,X509_PKEY_new);
+
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get(ret->enc_algor,d2i_X509_ALGOR);
+	M_ASN1_D2I_get(ret->enc_pkey,d2i_ASN1_OCTET_STRING);
+
+	ret->cipher.cipher=EVP_get_cipherbyname(
+		OBJ_nid2ln(OBJ_obj2nid(ret->enc_algor->algorithm)));
+	if (ret->cipher.cipher == NULL)
+		{
+		c.error=ASN1_R_UNSUPPORTED_CIPHER;
+		c.line=__LINE__;
+		goto err;
+		}
+	if (ret->enc_algor->parameter->type == V_ASN1_OCTET_STRING) 
+		{
+		i=ret->enc_algor->parameter->value.octet_string->length;
+		if (i > EVP_MAX_IV_LENGTH)
+			{
+			c.error=ASN1_R_IV_TOO_LARGE;
+			c.line=__LINE__;
+			goto err;
+			}
+		memcpy(ret->cipher.iv,
+			ret->enc_algor->parameter->value.octet_string->data,i);
+		}
+	else
+		memset(ret->cipher.iv,0,EVP_MAX_IV_LENGTH);
+	M_ASN1_D2I_Finish(a,X509_PKEY_free,ASN1_F_D2I_X509_PKEY);
+	}
+
+X509_PKEY *X509_PKEY_new(void)
+	{
+	X509_PKEY *ret=NULL;
+	ASN1_CTX c;
+
+	M_ASN1_New_Malloc(ret,X509_PKEY);
+	ret->version=0;
+	M_ASN1_New(ret->enc_algor,X509_ALGOR_new);
+	M_ASN1_New(ret->enc_pkey,ASN1_OCTET_STRING_new);
+	ret->dec_pkey=NULL;
+	ret->key_length=0;
+	ret->key_data=NULL;
+	ret->key_free=0;
+	ret->cipher.cipher=NULL;
+	memset(ret->cipher.iv,0,EVP_MAX_IV_LENGTH);
+	ret->references=1;
+	return(ret);
+	M_ASN1_New_Error(ASN1_F_X509_PKEY_NEW);
+	}
+
+void X509_PKEY_free(X509_PKEY *x)
+	{
+	int i;
+
+	if (x == NULL) return;
+
+	i=CRYPTO_add(&x->references,-1,CRYPTO_LOCK_X509_PKEY);
+#ifdef REF_PRINT
+	REF_PRINT("X509_PKEY",x);
+#endif
+	if (i > 0) return;
+#ifdef REF_CHECK
+	if (i < 0)
+		{
+		fprintf(stderr,"X509_PKEY_free, bad reference count\n");
+		abort();
+		}
+#endif
+
+	if (x->enc_algor != NULL) X509_ALGOR_free(x->enc_algor);
+	if (x->enc_pkey != NULL) ASN1_OCTET_STRING_free(x->enc_pkey);
+	if (x->dec_pkey != NULL)EVP_PKEY_free(x->dec_pkey);
+	if ((x->key_data != NULL) && (x->key_free)) Free((char *)x->key_data);
+	Free((char *)(char *)x);
+	}
diff --git a/crypto/openssl/crypto/asn1/x_pubkey.c b/crypto/openssl/crypto/asn1/x_pubkey.c
new file mode 100644
index 000000000000..4ac32c59dd73
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/x_pubkey.c
@@ -0,0 +1,254 @@
+/* crypto/asn1/x_pubkey.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+
+int i2d_X509_PUBKEY(X509_PUBKEY *a, unsigned char **pp)
+	{
+	M_ASN1_I2D_vars(a);
+
+	M_ASN1_I2D_len(a->algor,	i2d_X509_ALGOR);
+	M_ASN1_I2D_len(a->public_key,	i2d_ASN1_BIT_STRING);
+
+	M_ASN1_I2D_seq_total();
+
+	M_ASN1_I2D_put(a->algor,	i2d_X509_ALGOR);
+	M_ASN1_I2D_put(a->public_key,	i2d_ASN1_BIT_STRING);
+
+	M_ASN1_I2D_finish();
+	}
+
+X509_PUBKEY *d2i_X509_PUBKEY(X509_PUBKEY **a, unsigned char **pp,
+	     long length)
+	{
+	M_ASN1_D2I_vars(a,X509_PUBKEY *,X509_PUBKEY_new);
+
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get(ret->algor,d2i_X509_ALGOR);
+	M_ASN1_D2I_get(ret->public_key,d2i_ASN1_BIT_STRING);
+	if (ret->pkey != NULL)
+		{
+		EVP_PKEY_free(ret->pkey);
+		ret->pkey=NULL;
+		}
+	M_ASN1_D2I_Finish(a,X509_PUBKEY_free,ASN1_F_D2I_X509_PUBKEY);
+	}
+
+X509_PUBKEY *X509_PUBKEY_new(void)
+	{
+	X509_PUBKEY *ret=NULL;
+	ASN1_CTX c;
+
+	M_ASN1_New_Malloc(ret,X509_PUBKEY);
+	M_ASN1_New(ret->algor,X509_ALGOR_new);
+	M_ASN1_New(ret->public_key,ASN1_BIT_STRING_new);
+	ret->pkey=NULL;
+	return(ret);
+	M_ASN1_New_Error(ASN1_F_X509_PUBKEY_NEW);
+	}
+
+void X509_PUBKEY_free(X509_PUBKEY *a)
+	{
+	if (a == NULL) return;
+	X509_ALGOR_free(a->algor);
+	ASN1_BIT_STRING_free(a->public_key);
+	if (a->pkey != NULL) EVP_PKEY_free(a->pkey);
+	Free((char *)a);
+	}
+
+int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
+	{
+	int ok=0;
+	X509_PUBKEY *pk;
+	X509_ALGOR *a;
+	ASN1_OBJECT *o;
+	unsigned char *s,*p;
+	int i;
+
+	if (x == NULL) return(0);
+
+	if ((pk=X509_PUBKEY_new()) == NULL) goto err;
+	a=pk->algor;
+
+	/* set the algorithm id */
+	if ((o=OBJ_nid2obj(pkey->type)) == NULL) goto err;
+	ASN1_OBJECT_free(a->algorithm);
+	a->algorithm=o;
+
+	/* Set the parameter list */
+	if (!pkey->save_parameters || (pkey->type == EVP_PKEY_RSA))
+		{
+		if ((a->parameter == NULL) ||
+			(a->parameter->type != V_ASN1_NULL))
+			{
+			ASN1_TYPE_free(a->parameter);
+			a->parameter=ASN1_TYPE_new();
+			a->parameter->type=V_ASN1_NULL;
+			}
+		}
+	else
+#ifndef NO_DSA
+		if (pkey->type == EVP_PKEY_DSA)
+		{
+		unsigned char *pp;
+		DSA *dsa;
+
+		dsa=pkey->pkey.dsa;
+		dsa->write_params=0;
+		ASN1_TYPE_free(a->parameter);
+		i=i2d_DSAparams(dsa,NULL);
+		p=(unsigned char *)Malloc(i);
+		pp=p;
+		i2d_DSAparams(dsa,&pp);
+		a->parameter=ASN1_TYPE_new();
+		a->parameter->type=V_ASN1_SEQUENCE;
+		a->parameter->value.sequence=ASN1_STRING_new();
+		ASN1_STRING_set(a->parameter->value.sequence,p,i);
+		Free(p);
+		}
+	else
+#endif
+		{
+		X509err(X509_F_X509_PUBKEY_SET,X509_R_UNSUPPORTED_ALGORITHM);
+		goto err;
+		}
+
+	if ((i=i2d_PublicKey(pkey,NULL)) <= 0) goto err;
+	if ((s=(unsigned char *)Malloc(i+1)) == NULL) goto err;
+	p=s;
+	i2d_PublicKey(pkey,&p);
+	if (!ASN1_BIT_STRING_set(pk->public_key,s,i)) goto err;
+	/* Set number of unused bits to zero */
+	pk->public_key->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
+	pk->public_key->flags|=ASN1_STRING_FLAG_BITS_LEFT;
+
+	Free(s);
+
+	CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
+	pk->pkey=pkey;
+
+	if (*x != NULL)
+		X509_PUBKEY_free(*x);
+
+	*x=pk;
+	pk=NULL;
+
+	ok=1;
+err:
+	if (pk != NULL) X509_PUBKEY_free(pk);
+	return(ok);
+	}
+
+EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
+	{
+	EVP_PKEY *ret=NULL;
+	long j;
+	int type;
+	unsigned char *p;
+#ifndef NO_DSA
+	X509_ALGOR *a;
+#endif
+
+	if (key == NULL) goto err;
+
+	if (key->pkey != NULL)
+	    {
+	    CRYPTO_add(&key->pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
+	    return(key->pkey);
+	    }
+
+	if (key->public_key == NULL) goto err;
+
+	type=OBJ_obj2nid(key->algor->algorithm);
+	p=key->public_key->data;
+        j=key->public_key->length;
+        if ((ret=d2i_PublicKey(type,NULL,&p,(long)j)) == NULL)
+		{
+		X509err(X509_F_X509_PUBKEY_GET,X509_R_ERR_ASN1_LIB);
+		goto err;
+		}
+	ret->save_parameters=0;
+
+#ifndef NO_DSA
+	a=key->algor;
+	if (ret->type == EVP_PKEY_DSA)
+		{
+		if (a->parameter->type == V_ASN1_SEQUENCE)
+			{
+			ret->pkey.dsa->write_params=0;
+			p=a->parameter->value.sequence->data;
+			j=a->parameter->value.sequence->length;
+			if (!d2i_DSAparams(&ret->pkey.dsa,&p,(long)j))
+				goto err;
+			}
+		ret->save_parameters=1;
+		}
+#endif
+	key->pkey=ret;
+	CRYPTO_add(&ret->references,1,CRYPTO_LOCK_EVP_PKEY);
+	return(ret);
+err:
+	if (ret != NULL)
+		EVP_PKEY_free(ret);
+	return(NULL);
+	}
+
diff --git a/crypto/openssl/crypto/asn1/x_req.c b/crypto/openssl/crypto/asn1/x_req.c
new file mode 100644
index 000000000000..9b1d6abe640a
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/x_req.c
@@ -0,0 +1,236 @@
+/* crypto/asn1/x_req.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+
+int i2d_X509_REQ_INFO(X509_REQ_INFO *a, unsigned char **pp)
+	{
+	M_ASN1_I2D_vars(a);
+
+	M_ASN1_I2D_len(a->version,		i2d_ASN1_INTEGER);
+	M_ASN1_I2D_len(a->subject,		i2d_X509_NAME);
+	M_ASN1_I2D_len(a->pubkey,		i2d_X509_PUBKEY);
+
+	/* this is a *nasty* hack reported to be required to
+	 * allow some CA Software to accept the cert request.
+	 * It is not following the PKCS standards ...
+	 * PKCS#10 pg 5
+	 * attributes [0] IMPLICIT Attibutes
+	 * NOTE: no OPTIONAL ... so it *must* be there
+	 */
+	if (a->req_kludge) 
+	        {
+	        M_ASN1_I2D_len_IMP_SET_opt_type(X509_ATTRIBUTE,a->attributes,i2d_X509_ATTRIBUTE,0);
+		}
+	else
+	        {
+	        M_ASN1_I2D_len_IMP_SET_type(X509_ATTRIBUTE,a->attributes,
+					    i2d_X509_ATTRIBUTE,0);
+		}
+	
+	M_ASN1_I2D_seq_total();
+	M_ASN1_I2D_put(a->version,		i2d_ASN1_INTEGER);
+	M_ASN1_I2D_put(a->subject,		i2d_X509_NAME);
+	M_ASN1_I2D_put(a->pubkey,		i2d_X509_PUBKEY);
+
+	/* this is a *nasty* hack reported to be required by some CA's.
+	 * It is not following the PKCS standards ...
+	 * PKCS#10 pg 5
+	 * attributes [0] IMPLICIT Attibutes
+	 * NOTE: no OPTIONAL ... so it *must* be there
+	 */
+	if (a->req_kludge)
+		{
+	        M_ASN1_I2D_put_IMP_SET_opt_type(X509_ATTRIBUTE,a->attributes,
+						i2d_X509_ATTRIBUTE,0);
+		}
+	else
+		{
+	        M_ASN1_I2D_put_IMP_SET_type(X509_ATTRIBUTE,a->attributes,
+					    i2d_X509_ATTRIBUTE,0);
+		}
+
+	M_ASN1_I2D_finish();
+	}
+
+X509_REQ_INFO *d2i_X509_REQ_INFO(X509_REQ_INFO **a, unsigned char **pp,
+	     long length)
+	{
+	M_ASN1_D2I_vars(a,X509_REQ_INFO *,X509_REQ_INFO_new);
+
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get(ret->version,d2i_ASN1_INTEGER);
+	M_ASN1_D2I_get(ret->subject,d2i_X509_NAME);
+	M_ASN1_D2I_get(ret->pubkey,d2i_X509_PUBKEY);
+
+	/* this is a *nasty* hack to allow for some CA's that
+	 * have been reported as requiring it.
+	 * It is not following the PKCS standards ...
+	 * PKCS#10 pg 5
+	 * attributes [0] IMPLICIT Attibutes
+	 * NOTE: no OPTIONAL ... so it *must* be there
+	 */
+	if (asn1_Finish(&c))
+		ret->req_kludge=1;
+	else
+		{
+		M_ASN1_D2I_get_IMP_set_type(X509_ATTRIBUTE,ret->attributes,
+					    d2i_X509_ATTRIBUTE,
+					    X509_ATTRIBUTE_free,0);
+		}
+
+	M_ASN1_D2I_Finish(a,X509_REQ_INFO_free,ASN1_F_D2I_X509_REQ_INFO);
+	}
+
+X509_REQ_INFO *X509_REQ_INFO_new(void)
+	{
+	X509_REQ_INFO *ret=NULL;
+	ASN1_CTX c;
+
+	M_ASN1_New_Malloc(ret,X509_REQ_INFO);
+	M_ASN1_New(ret->version,ASN1_INTEGER_new);
+	M_ASN1_New(ret->subject,X509_NAME_new);
+	M_ASN1_New(ret->pubkey,X509_PUBKEY_new);
+	M_ASN1_New(ret->attributes,sk_X509_ATTRIBUTE_new_null);
+	ret->req_kludge=0;
+	return(ret);
+	M_ASN1_New_Error(ASN1_F_X509_REQ_INFO_NEW);
+	}
+	
+void X509_REQ_INFO_free(X509_REQ_INFO *a)
+	{
+	if (a == NULL) return;
+	ASN1_INTEGER_free(a->version);
+	X509_NAME_free(a->subject);
+	X509_PUBKEY_free(a->pubkey);
+	sk_X509_ATTRIBUTE_pop_free(a->attributes,X509_ATTRIBUTE_free);
+	Free((char *)a);
+	}
+
+int i2d_X509_REQ(X509_REQ *a, unsigned char **pp)
+	{
+	M_ASN1_I2D_vars(a);
+	M_ASN1_I2D_len(a->req_info,	i2d_X509_REQ_INFO);
+	M_ASN1_I2D_len(a->sig_alg,	i2d_X509_ALGOR);
+	M_ASN1_I2D_len(a->signature,	i2d_ASN1_BIT_STRING);
+
+	M_ASN1_I2D_seq_total();
+
+	M_ASN1_I2D_put(a->req_info,	i2d_X509_REQ_INFO);
+	M_ASN1_I2D_put(a->sig_alg,	i2d_X509_ALGOR);
+	M_ASN1_I2D_put(a->signature,	i2d_ASN1_BIT_STRING);
+
+	M_ASN1_I2D_finish();
+	}
+
+X509_REQ *d2i_X509_REQ(X509_REQ **a, unsigned char **pp, long length)
+	{
+	M_ASN1_D2I_vars(a,X509_REQ *,X509_REQ_new);
+
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get(ret->req_info,d2i_X509_REQ_INFO);
+	M_ASN1_D2I_get(ret->sig_alg,d2i_X509_ALGOR);
+	M_ASN1_D2I_get(ret->signature,d2i_ASN1_BIT_STRING);
+	M_ASN1_D2I_Finish(a,X509_REQ_free,ASN1_F_D2I_X509_REQ);
+	}
+
+X509_REQ *X509_REQ_new(void)
+	{
+	X509_REQ *ret=NULL;
+	ASN1_CTX c;
+
+	M_ASN1_New_Malloc(ret,X509_REQ);
+	ret->references=1;
+	M_ASN1_New(ret->req_info,X509_REQ_INFO_new);
+	M_ASN1_New(ret->sig_alg,X509_ALGOR_new);
+	M_ASN1_New(ret->signature,ASN1_BIT_STRING_new);
+	return(ret);
+	M_ASN1_New_Error(ASN1_F_X509_REQ_NEW);
+	}
+
+void X509_REQ_free(X509_REQ *a)
+	{
+	int i;
+
+	if (a == NULL) return;
+
+	i=CRYPTO_add(&a->references,-1,CRYPTO_LOCK_X509_REQ);
+#ifdef REF_PRINT
+	REF_PRINT("X509_REQ",a);
+#endif
+	if (i > 0) return;
+#ifdef REF_CHECK
+	if (i < 0)
+		{
+		fprintf(stderr,"X509_REQ_free, bad reference count\n");
+		abort();
+		}
+#endif
+
+	X509_REQ_INFO_free(a->req_info);
+	X509_ALGOR_free(a->sig_alg);
+	ASN1_BIT_STRING_free(a->signature);
+	Free((char *)a);
+	}
+
+
diff --git a/crypto/openssl/crypto/asn1/x_sig.c b/crypto/openssl/crypto/asn1/x_sig.c
new file mode 100644
index 000000000000..c2782d1b9c08
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/x_sig.c
@@ -0,0 +1,110 @@
+/* crypto/asn1/x_sig.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+
+int i2d_X509_SIG(X509_SIG *a, unsigned char **pp)
+	{
+	M_ASN1_I2D_vars(a);
+
+	M_ASN1_I2D_len(a->algor,	i2d_X509_ALGOR);
+	M_ASN1_I2D_len(a->digest,	i2d_ASN1_OCTET_STRING);
+
+	M_ASN1_I2D_seq_total();
+
+	M_ASN1_I2D_put(a->algor,	i2d_X509_ALGOR);
+	M_ASN1_I2D_put(a->digest,	i2d_ASN1_OCTET_STRING);
+
+	M_ASN1_I2D_finish();
+	}
+
+X509_SIG *d2i_X509_SIG(X509_SIG **a, unsigned char **pp, long length)
+	{
+	M_ASN1_D2I_vars(a,X509_SIG *,X509_SIG_new);
+
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get(ret->algor,d2i_X509_ALGOR);
+	M_ASN1_D2I_get(ret->digest,d2i_ASN1_OCTET_STRING);
+	M_ASN1_D2I_Finish(a,X509_SIG_free,ASN1_F_D2I_X509_SIG);
+	}
+
+X509_SIG *X509_SIG_new(void)
+	{
+	X509_SIG *ret=NULL;
+	ASN1_CTX c;
+
+	M_ASN1_New_Malloc(ret,X509_SIG);
+	M_ASN1_New(ret->algor,X509_ALGOR_new);
+	M_ASN1_New(ret->digest,ASN1_OCTET_STRING_new);
+	return(ret);
+	M_ASN1_New_Error(ASN1_F_X509_SIG_NEW);
+	}
+
+void X509_SIG_free(X509_SIG *a)
+	{
+	if (a == NULL) return;
+	X509_ALGOR_free(a->algor);
+	ASN1_OCTET_STRING_free(a->digest);
+	Free((char *)a);
+	}
+
+
diff --git a/crypto/openssl/crypto/asn1/x_spki.c b/crypto/openssl/crypto/asn1/x_spki.c
new file mode 100644
index 000000000000..43e0023839ad
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/x_spki.c
@@ -0,0 +1,166 @@
+/* crypto/asn1/x_spki.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+ /* This module was send to me my Pat Richards  who
+  * wrote it.  It is under my Copyright with his permision
+  */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+
+int i2d_NETSCAPE_SPKAC(NETSCAPE_SPKAC *a, unsigned char **pp)
+	{
+	M_ASN1_I2D_vars(a);
+
+	M_ASN1_I2D_len(a->pubkey,	i2d_X509_PUBKEY);
+	M_ASN1_I2D_len(a->challenge,	i2d_ASN1_IA5STRING);
+
+	M_ASN1_I2D_seq_total();
+
+	M_ASN1_I2D_put(a->pubkey,	i2d_X509_PUBKEY);
+	M_ASN1_I2D_put(a->challenge,	i2d_ASN1_IA5STRING);
+
+	M_ASN1_I2D_finish();
+	}
+
+NETSCAPE_SPKAC *d2i_NETSCAPE_SPKAC(NETSCAPE_SPKAC **a, unsigned char **pp,
+	     long length)
+	{
+	M_ASN1_D2I_vars(a,NETSCAPE_SPKAC *,NETSCAPE_SPKAC_new);
+
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get(ret->pubkey,d2i_X509_PUBKEY);
+	M_ASN1_D2I_get(ret->challenge,d2i_ASN1_IA5STRING);
+	M_ASN1_D2I_Finish(a,NETSCAPE_SPKAC_free,ASN1_F_D2I_NETSCAPE_SPKAC);
+	}
+
+NETSCAPE_SPKAC *NETSCAPE_SPKAC_new(void)
+	{
+	NETSCAPE_SPKAC *ret=NULL;
+	ASN1_CTX c;
+
+	M_ASN1_New_Malloc(ret,NETSCAPE_SPKAC);
+	M_ASN1_New(ret->pubkey,X509_PUBKEY_new);
+	M_ASN1_New(ret->challenge,ASN1_IA5STRING_new);
+	return(ret);
+	M_ASN1_New_Error(ASN1_F_NETSCAPE_SPKAC_NEW);
+	}
+
+void NETSCAPE_SPKAC_free(NETSCAPE_SPKAC *a)
+	{
+	if (a == NULL) return;
+	X509_PUBKEY_free(a->pubkey);
+	ASN1_IA5STRING_free(a->challenge);
+	Free((char *)a);
+	}
+
+int i2d_NETSCAPE_SPKI(NETSCAPE_SPKI *a, unsigned char **pp)
+	{
+	M_ASN1_I2D_vars(a);
+
+	M_ASN1_I2D_len(a->spkac,	i2d_NETSCAPE_SPKAC);
+	M_ASN1_I2D_len(a->sig_algor,	i2d_X509_ALGOR);
+	M_ASN1_I2D_len(a->signature,	i2d_ASN1_BIT_STRING);
+
+	M_ASN1_I2D_seq_total();
+
+	M_ASN1_I2D_put(a->spkac,	i2d_NETSCAPE_SPKAC);
+	M_ASN1_I2D_put(a->sig_algor,	i2d_X509_ALGOR);
+	M_ASN1_I2D_put(a->signature,	i2d_ASN1_BIT_STRING);
+
+	M_ASN1_I2D_finish();
+	}
+
+NETSCAPE_SPKI *d2i_NETSCAPE_SPKI(NETSCAPE_SPKI **a, unsigned char **pp,
+	     long length)
+	{
+	M_ASN1_D2I_vars(a,NETSCAPE_SPKI *,NETSCAPE_SPKI_new);
+
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get(ret->spkac,d2i_NETSCAPE_SPKAC);
+	M_ASN1_D2I_get(ret->sig_algor,d2i_X509_ALGOR);
+	M_ASN1_D2I_get(ret->signature,d2i_ASN1_BIT_STRING);
+	M_ASN1_D2I_Finish(a,NETSCAPE_SPKI_free,ASN1_F_D2I_NETSCAPE_SPKI);
+	}
+
+NETSCAPE_SPKI *NETSCAPE_SPKI_new(void)
+	{
+	NETSCAPE_SPKI *ret=NULL;
+	ASN1_CTX c;
+
+	M_ASN1_New_Malloc(ret,NETSCAPE_SPKI);
+	M_ASN1_New(ret->spkac,NETSCAPE_SPKAC_new);
+	M_ASN1_New(ret->sig_algor,X509_ALGOR_new);
+	M_ASN1_New(ret->signature,ASN1_BIT_STRING_new);
+	return(ret);
+	M_ASN1_New_Error(ASN1_F_NETSCAPE_SPKI_NEW);
+	}
+
+void NETSCAPE_SPKI_free(NETSCAPE_SPKI *a)
+	{
+	if (a == NULL) return;
+	NETSCAPE_SPKAC_free(a->spkac);
+	X509_ALGOR_free(a->sig_algor);
+	ASN1_BIT_STRING_free(a->signature);
+	Free((char *)a);
+	}
+
diff --git a/crypto/openssl/crypto/asn1/x_val.c b/crypto/openssl/crypto/asn1/x_val.c
new file mode 100644
index 000000000000..84d6f7ca4dfc
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/x_val.c
@@ -0,0 +1,109 @@
+/* crypto/asn1/x_val.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+
+int i2d_X509_VAL(X509_VAL *a, unsigned char **pp)
+	{
+	M_ASN1_I2D_vars(a);
+
+	M_ASN1_I2D_len(a->notBefore,i2d_ASN1_TIME);
+	M_ASN1_I2D_len(a->notAfter,i2d_ASN1_TIME);
+
+	M_ASN1_I2D_seq_total();
+
+	M_ASN1_I2D_put(a->notBefore,i2d_ASN1_TIME);
+	M_ASN1_I2D_put(a->notAfter,i2d_ASN1_TIME);
+
+	M_ASN1_I2D_finish();
+	}
+
+X509_VAL *d2i_X509_VAL(X509_VAL **a, unsigned char **pp, long length)
+	{
+	M_ASN1_D2I_vars(a,X509_VAL *,X509_VAL_new);
+
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get(ret->notBefore,d2i_ASN1_TIME);
+	M_ASN1_D2I_get(ret->notAfter,d2i_ASN1_TIME);
+	M_ASN1_D2I_Finish(a,X509_VAL_free,ASN1_F_D2I_X509_VAL);
+	}
+
+X509_VAL *X509_VAL_new(void)
+	{
+	X509_VAL *ret=NULL;
+	ASN1_CTX c;
+
+	M_ASN1_New_Malloc(ret,X509_VAL);
+	M_ASN1_New(ret->notBefore,ASN1_TIME_new);
+	M_ASN1_New(ret->notAfter,ASN1_TIME_new);
+	return(ret);
+	M_ASN1_New_Error(ASN1_F_X509_VAL_NEW);
+	}
+
+void X509_VAL_free(X509_VAL *a)
+	{
+	if (a == NULL) return;
+	ASN1_TIME_free(a->notBefore);
+	ASN1_TIME_free(a->notAfter);
+	Free((char *)a);
+	}
+
diff --git a/crypto/openssl/crypto/asn1/x_x509.c b/crypto/openssl/crypto/asn1/x_x509.c
new file mode 100644
index 000000000000..7abf6b2a6bab
--- /dev/null
+++ b/crypto/openssl/crypto/asn1/x_x509.c
@@ -0,0 +1,151 @@
+/* crypto/asn1/x_x509.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+
+static ASN1_METHOD meth={
+	(int (*)())  i2d_X509,
+	(char *(*)())d2i_X509,
+	(char *(*)())X509_new,
+	(void (*)()) X509_free};
+
+ASN1_METHOD *X509_asn1_meth(void)
+	{
+	return(&meth);
+	}
+
+int i2d_X509(X509 *a, unsigned char **pp)
+	{
+	M_ASN1_I2D_vars(a);
+
+	M_ASN1_I2D_len(a->cert_info,	i2d_X509_CINF);
+	M_ASN1_I2D_len(a->sig_alg,	i2d_X509_ALGOR);
+	M_ASN1_I2D_len(a->signature,	i2d_ASN1_BIT_STRING);
+
+	M_ASN1_I2D_seq_total();
+
+	M_ASN1_I2D_put(a->cert_info,	i2d_X509_CINF);
+	M_ASN1_I2D_put(a->sig_alg,	i2d_X509_ALGOR);
+	M_ASN1_I2D_put(a->signature,	i2d_ASN1_BIT_STRING);
+
+	M_ASN1_I2D_finish();
+	}
+
+X509 *d2i_X509(X509 **a, unsigned char **pp, long length)
+	{
+	M_ASN1_D2I_vars(a,X509 *,X509_new);
+
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get(ret->cert_info,d2i_X509_CINF);
+	M_ASN1_D2I_get(ret->sig_alg,d2i_X509_ALGOR);
+	M_ASN1_D2I_get(ret->signature,d2i_ASN1_BIT_STRING);
+	if (ret->name != NULL) Free(ret->name);
+	ret->name=X509_NAME_oneline(ret->cert_info->subject,NULL,0);
+
+	M_ASN1_D2I_Finish(a,X509_free,ASN1_F_D2I_X509);
+	}
+
+X509 *X509_new(void)
+	{
+	X509 *ret=NULL;
+	ASN1_CTX c;
+
+	M_ASN1_New_Malloc(ret,X509);
+	ret->references=1;
+	ret->valid=0;
+	ret->name=NULL;
+	M_ASN1_New(ret->cert_info,X509_CINF_new);
+	M_ASN1_New(ret->sig_alg,X509_ALGOR_new);
+	M_ASN1_New(ret->signature,ASN1_BIT_STRING_new);
+	return(ret);
+	M_ASN1_New_Error(ASN1_F_X509_NEW);
+	}
+
+void X509_free(X509 *a)
+	{
+	int i;
+
+	if (a == NULL) return;
+
+	i=CRYPTO_add(&a->references,-1,CRYPTO_LOCK_X509);
+#ifdef REF_PRINT
+	REF_PRINT("X509",a);
+#endif
+	if (i > 0) return;
+#ifdef REF_CHECK
+	if (i < 0)
+		{
+		fprintf(stderr,"X509_free, bad reference count\n");
+		abort();
+		}
+#endif
+
+	/* CRYPTO_free_ex_data(bio_meth,(char *)a,&a->ex_data); */
+	X509_CINF_free(a->cert_info);
+	X509_ALGOR_free(a->sig_alg);
+	ASN1_BIT_STRING_free(a->signature);
+
+	if (a->name != NULL) Free(a->name);
+	Free((char *)a);
+	}
+
diff --git a/crypto/openssl/crypto/bf/COPYRIGHT b/crypto/openssl/crypto/bf/COPYRIGHT
new file mode 100644
index 000000000000..6857223506de
--- /dev/null
+++ b/crypto/openssl/crypto/bf/COPYRIGHT
@@ -0,0 +1,46 @@
+Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+All rights reserved.
+
+This package is an Blowfish implementation written
+by Eric Young (eay@cryptsoft.com).
+
+This library is free for commercial and non-commercial use as long as
+the following conditions are aheared to.  The following conditions
+apply to all code found in this distribution.
+
+Copyright remains Eric Young's, and as such any Copyright notices in
+the code are not to be removed.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+1. Redistributions of source code must retain the copyright
+   notice, this list of conditions and the following disclaimer.
+2. Redistributions in binary form must reproduce the above copyright
+   notice, this list of conditions and the following disclaimer in the
+   documentation and/or other materials provided with the distribution.
+3. All advertising materials mentioning features or use of this software
+   must display the following acknowledgement:
+   This product includes software developed by Eric Young (eay@cryptsoft.com)
+
+THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGE.
+
+The license and distribution terms for any publically available version or
+derivative of this code cannot be changed.  i.e. this code cannot simply be
+copied and put under another distrubution license
+[including the GNU Public License.]
+
+The reason behind this being stated in this direct manner is past
+experience in code simply being copied and the attribution removed
+from it and then being distributed as part of other packages. This
+implementation was a non-trivial and unpaid effort.
diff --git a/crypto/openssl/crypto/bf/INSTALL b/crypto/openssl/crypto/bf/INSTALL
new file mode 100644
index 000000000000..3b259235326a
--- /dev/null
+++ b/crypto/openssl/crypto/bf/INSTALL
@@ -0,0 +1,14 @@
+This Eric Young's blowfish implementation, taken from his SSLeay library
+and made available as a separate library.
+ 
+The version number (0.7.2m) is the SSLeay version that this library was
+taken from.
+ 
+To build, just unpack and type make.
+If you are not using gcc, edit the Makefile.
+If you are compiling for an x86 box, try the assembler (it needs improving).
+There are also some compile time options that can improve performance,
+these are documented in the Makefile.
+ 
+eric 15-Apr-1997
+ 
diff --git a/crypto/openssl/crypto/bf/Makefile.ssl b/crypto/openssl/crypto/bf/Makefile.ssl
new file mode 100644
index 000000000000..18bddda0db23
--- /dev/null
+++ b/crypto/openssl/crypto/bf/Makefile.ssl
@@ -0,0 +1,116 @@
+#
+# SSLeay/crypto/blowfish/Makefile
+#
+
+DIR=	bf
+TOP=	../..
+CC=	cc
+CPP=	$(CC) -E
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=		make -f Makefile.ssl
+MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+MAKEFILE=	Makefile.ssl
+AR=		ar r
+
+BF_ENC=		bf_enc.o
+# or use
+#DES_ENC=	bx86-elf.o
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=bftest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=bf_skey.c bf_ecb.c bf_enc.c bf_cfb64.c bf_ofb64.c 
+LIBOBJ=bf_skey.o bf_ecb.o $(BF_ENC) bf_cfb64.o bf_ofb64.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= blowfish.h
+HEADER=	bf_pi.h bf_locl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:	lib
+
+lib:	$(LIBOBJ)
+	$(AR) $(LIB) $(LIBOBJ)
+	$(RANLIB) $(LIB)
+	@touch lib
+
+# elf
+asm/bx86-elf.o: asm/bx86unix.cpp
+	$(CPP) -DELF asm/bx86unix.cpp | as -o asm/bx86-elf.o
+
+# solaris
+asm/bx86-sol.o: asm/bx86unix.cpp
+	$(CC) -E -DSOL asm/bx86unix.cpp | sed 's/^#.*//' > asm/bx86-sol.s
+	as -o asm/bx86-sol.o asm/bx86-sol.s
+	rm -f asm/bx86-sol.s
+
+# a.out
+asm/bx86-out.o: asm/bx86unix.cpp
+	$(CPP) -DOUT asm/bx86unix.cpp | as -o asm/bx86-out.o
+
+# bsdi
+asm/bx86bsdi.o: asm/bx86unix.cpp
+	$(CPP) -DBSDI asm/bx86unix.cpp | sed 's/ :/:/' | as -o asm/bx86bsdi.o
+
+asm/bx86unix.cpp:
+	(cd asm; $(PERL) bf-586.pl cpp $(PROCESSOR) >bx86unix.cpp)
+
+files:
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+	@for i in $(EXHEADER) ; \
+	do  \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+	done;
+
+tags:
+	ctags $(SRC)
+
+tests:
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+
+dclean:
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	rm -f asm/bx86unix.cpp *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+bf_cfb64.o: ../../include/openssl/blowfish.h
+bf_cfb64.o: ../../include/openssl/opensslconf.h bf_locl.h
+bf_ecb.o: ../../include/openssl/blowfish.h ../../include/openssl/opensslconf.h
+bf_ecb.o: ../../include/openssl/opensslv.h bf_locl.h
+bf_enc.o: ../../include/openssl/blowfish.h ../../include/openssl/opensslconf.h
+bf_enc.o: bf_locl.h
+bf_ofb64.o: ../../include/openssl/blowfish.h
+bf_ofb64.o: ../../include/openssl/opensslconf.h bf_locl.h
+bf_skey.o: ../../include/openssl/blowfish.h ../../include/openssl/opensslconf.h
+bf_skey.o: bf_locl.h bf_pi.h
diff --git a/crypto/openssl/crypto/bf/Makefile.uni b/crypto/openssl/crypto/bf/Makefile.uni
new file mode 100644
index 000000000000..f67e5ca23bcf
--- /dev/null
+++ b/crypto/openssl/crypto/bf/Makefile.uni
@@ -0,0 +1,157 @@
+# Targets
+# make          - twidle the options yourself :-)
+# make cc       - standard cc options
+# make gcc      - standard gcc options
+# make x86-elf  - linux-elf etc
+# make x86-out  - linux-a.out, FreeBSD etc
+# make x86-solaris
+# make x86-bdsi
+
+DIR=	bf
+TOP=	.
+# use BF_PTR2 for intel boxes,
+# BF_PTR for sparc and MIPS/SGI
+# use nothing for Alpha and HP.
+
+# There are 3 possible performance options, experiment :-)
+#OPTS= -DBF_PTR  # usr for sparc and MIPS/SGI
+#OPTS= -DBF_PTR2 # use for pentium
+OPTS=		 # use for pentium pro, Alpha and HP
+
+MAKE=make -f Makefile
+#CC=cc
+#CFLAG= -O
+
+CC=gcc
+#CFLAG= -O4 -funroll-loops -fomit-frame-pointer
+CFLAG= -O3 -fomit-frame-pointer
+
+CFLAGS=$(OPTS) $(CFLAG)
+CPP=$(CC) -E
+AS=as
+RANLIB=ranlib
+
+# Assember version of bf_encrypt().
+BF_ENC=bf_enc.o		# normal C version
+#BF_ENC=asm/bx86-elf.o	# elf format x86
+#BF_ENC=asm/bx86-out.o	# a.out format x86
+#BF_ENC=asm/bx86-sol.o	# solaris format x86 
+#BF_ENC=asm/bx86bsdi.o	# bsdi format x86 
+
+LIBDIR=/usr/local/lib
+BINDIR=/usr/local/bin
+INCDIR=/usr/local/include
+MANDIR=/usr/local/man
+MAN1=1
+MAN3=3
+SHELL=/bin/sh
+LIBOBJ=bf_skey.o bf_ecb.o $(BF_ENC) bf_cfb64.o bf_ofb64.o
+LIBSRC=bf_skey.c bf_ecb.c bf_enc.c bf_cfb64.c bf_ofb64.c
+
+GENERAL=Makefile Makefile.ssl Makefile.uni asm bf_locl.org README \
+	COPYRIGHT blowfish.doc INSTALL
+
+TESTING=    bftest bfspeed bf_opts
+TESTING_SRC=bftest.c bfspeed.c bf_opts.c
+HEADERS=bf_locl.h blowfish.h bf_pi.h
+
+ALL=	$(GENERAL) $(TESTING_SRC) $(LIBSRC) $(HEADERS)
+
+BLIB=	libblowfish.a
+
+all: $(BLIB) $(TESTING)
+
+cc:
+	$(MAKE) CC=cc CFLAGS="-O $(OPTS) $(CFLAG)" all
+
+gcc:
+	$(MAKE) CC=gcc CFLAGS="-O3 -fomit-frame-pointer $(OPTS) $(CFLAG)" all
+
+x86-elf:
+	$(MAKE) BF_ENC='asm/bx86-elf.o' CC=$(CC) CFLAGS="-DELF $(OPTS) $(CFLAG)" all
+
+x86-out:
+	$(MAKE) BF_ENC='asm/bx86-out.o' CC=$(CC) CFLAGS="-DOUT $(OPTS) $(CFLAG)" all
+
+x86-solaris:
+	$(MAKE) BF_ENC='asm/bx86-sol.o' CC=$(CC) CFLAGS="-DSOL $(OPTS) $(CFLAG)" all
+
+x86-bsdi:
+	$(MAKE) BF_ENC='asm/bx86bsdi.o' CC=$(CC) CFLAGS="-DBSDI $(OPTS) $(CFLAG)" all
+
+# elf
+asm/bx86-elf.o: asm/bx86unix.cpp
+	$(CPP) -DELF asm/bx86unix.cpp | $(AS) -o asm/bx86-elf.o
+
+# solaris
+asm/bx86-sol.o: asm/bx86unix.cpp
+	$(CC) -E -DSOL asm/bx86unix.cpp | sed 's/^#.*//' > asm/bx86-sol.s
+	as -o asm/bx86-sol.o asm/bx86-sol.s
+	rm -f asm/bx86-sol.s
+
+# a.out
+asm/bx86-out.o: asm/bx86unix.cpp
+	$(CPP) -DOUT asm/bx86unix.cpp | $(AS) -o asm/bx86-out.o
+
+# bsdi
+asm/bx86bsdi.o: asm/bx86unix.cpp
+	$(CPP) -DBSDI asm/bx86unix.cpp | $(AS) -o asm/bx86bsdi.o
+
+asm/bx86unix.cpp:
+	(cd asm; perl bf-586.pl cpp >bx86unix.cpp)
+	
+test:	all
+	./bftest
+
+$(BLIB): $(LIBOBJ)
+	/bin/rm -f $(BLIB)
+	ar cr $(BLIB) $(LIBOBJ)
+	$(RANLIB) $(BLIB)
+
+bftest: bftest.o $(BLIB)
+	$(CC) $(CFLAGS) -o bftest bftest.o $(BLIB)
+
+bfspeed: bfspeed.o $(BLIB)
+	$(CC) $(CFLAGS) -o bfspeed bfspeed.o $(BLIB)
+
+bf_opts: bf_opts.o $(BLIB)
+	$(CC) $(CFLAGS) -o bf_opts bf_opts.o $(BLIB)
+
+tags:
+	ctags $(TESTING_SRC) $(LIBBF)
+
+tar:
+	tar chf libbf.tar $(ALL)
+
+shar:
+	shar $(ALL) >libbf.shar
+
+depend:
+	makedepend $(LIBBF) $(TESTING_SRC)
+
+clean:
+	/bin/rm -f *.o tags core $(TESTING) $(BLIB) .nfs* *.old *.bak asm/*.o 
+
+dclean:
+	sed -e '/^# DO NOT DELETE THIS LINE/ q' Makefile >Makefile.new
+	mv -f Makefile.new Makefile
+
+# Eric is probably going to choke when he next looks at this --tjh
+install: $(BLIB)
+	if test $(INSTALLTOP); then \
+	    echo SSL style install; \
+	    cp $(BLIB) $(INSTALLTOP)/lib; \
+		$(RANLIB) $(BLIB); \
+	    chmod 644 $(INSTALLTOP)/lib/$(BLIB); \
+	    cp blowfish.h $(INSTALLTOP)/include; \
+	    chmod 644 $(INSTALLTOP)/include/blowfish.h; \
+	else \
+	    echo Standalone install; \
+	    cp $(BLIB) $(LIBDIR)/$(BLIB); \
+		$(RANLIB) $(BLIB); \
+	    chmod 644 $(LIBDIR)/$(BLIB); \
+	    cp blowfish.h $(INCDIR)/blowfish.h; \
+	    chmod 644 $(INCDIR)/blowfish.h; \
+	fi
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/openssl/crypto/bf/README b/crypto/openssl/crypto/bf/README
new file mode 100644
index 000000000000..f2712fd0e7df
--- /dev/null
+++ b/crypto/openssl/crypto/bf/README
@@ -0,0 +1,8 @@
+This is a quick packaging up of my blowfish code into a library.
+It has been lifted from SSLeay.
+The copyright notices seem a little harsh because I have not spent the
+time to rewrite the conditions from the normal SSLeay ones.
+
+Basically if you just want to play with the library, not a problem.
+
+eric 15-Apr-1997
diff --git a/crypto/openssl/crypto/bf/VERSION b/crypto/openssl/crypto/bf/VERSION
new file mode 100644
index 000000000000..be995855e43b
--- /dev/null
+++ b/crypto/openssl/crypto/bf/VERSION
@@ -0,0 +1,6 @@
+The version numbers will follow my SSL implementation
+
+0.7.2r - Some reasonable default compiler options from 
+	Peter Gutman 
+
+0.7.2m - the first release
diff --git a/crypto/openssl/crypto/bf/asm/bf-586.pl b/crypto/openssl/crypto/bf/asm/bf-586.pl
new file mode 100644
index 000000000000..b556642c949a
--- /dev/null
+++ b/crypto/openssl/crypto/bf/asm/bf-586.pl
@@ -0,0 +1,136 @@
+#!/usr/local/bin/perl
+
+push(@INC,"perlasm","../../perlasm");
+require "x86asm.pl";
+require "cbc.pl";
+
+&asm_init($ARGV[0],"bf-586.pl",$ARGV[$#ARGV] eq "386");
+
+$BF_ROUNDS=16;
+$BF_OFF=($BF_ROUNDS+2)*4;
+$L="edi";
+$R="esi";
+$P="ebp";
+$tmp1="eax";
+$tmp2="ebx";
+$tmp3="ecx";
+$tmp4="edx";
+
+&BF_encrypt("BF_encrypt",1);
+&BF_encrypt("BF_decrypt",0);
+&cbc("BF_cbc_encrypt","BF_encrypt","BF_decrypt",1,4,5,3,-1,-1);
+&asm_finish();
+
+sub BF_encrypt
+	{
+	local($name,$enc)=@_;
+
+	&function_begin_B($name,"");
+
+	&comment("");
+
+	&push("ebp");
+	&push("ebx");
+	&mov($tmp2,&wparam(0));
+	&mov($P,&wparam(1));
+	&push("esi");
+	&push("edi");
+
+	&comment("Load the 2 words");
+	&mov($L,&DWP(0,$tmp2,"",0));
+	&mov($R,&DWP(4,$tmp2,"",0));
+
+	&xor(	$tmp1,	$tmp1);
+
+	# encrypting part
+
+	if ($enc)
+		{
+		 &mov($tmp2,&DWP(0,$P,"",0));
+		&xor(	$tmp3,	$tmp3);
+
+		&xor($L,$tmp2);
+		for ($i=0; $i<$BF_ROUNDS; $i+=2)
+			{
+			&comment("");
+			&comment("Round $i");
+			&BF_ENCRYPT($i+1,$R,$L,$P,$tmp1,$tmp2,$tmp3,$tmp4,1);
+
+			&comment("");
+			&comment("Round ".sprintf("%d",$i+1));
+			&BF_ENCRYPT($i+2,$L,$R,$P,$tmp1,$tmp2,$tmp3,$tmp4,1);
+			}
+		# &mov($tmp1,&wparam(0)); In last loop
+		&mov($tmp4,&DWP(($BF_ROUNDS+1)*4,$P,"",0));
+		}
+	else
+		{
+		 &mov($tmp2,&DWP(($BF_ROUNDS+1)*4,$P,"",0));
+		&xor(	$tmp3,	$tmp3);
+
+		&xor($L,$tmp2);
+		for ($i=$BF_ROUNDS; $i>0; $i-=2)
+			{
+			&comment("");
+			&comment("Round $i");
+			&BF_ENCRYPT($i,$R,$L,$P,$tmp1,$tmp2,$tmp3,$tmp4,0);
+			&comment("");
+			&comment("Round ".sprintf("%d",$i-1));
+			&BF_ENCRYPT($i-1,$L,$R,$P,$tmp1,$tmp2,$tmp3,$tmp4,0);
+			}
+		# &mov($tmp1,&wparam(0)); In last loop
+		&mov($tmp4,&DWP(0,$P,"",0));
+		}
+
+	&xor($R,$tmp4);
+	&mov(&DWP(4,$tmp1,"",0),$L);
+
+	&mov(&DWP(0,$tmp1,"",0),$R);
+	&function_end($name);
+	}
+
+sub BF_ENCRYPT
+	{
+	local($i,$L,$R,$P,$tmp1,$tmp2,$tmp3,$tmp4,$enc)=@_;
+
+	&mov(	$tmp4,		&DWP(&n2a($i*4),$P,"",0)); # for next round
+
+	&mov(	$tmp2,		$R);
+	&xor(	$L,		$tmp4);
+
+	&shr(	$tmp2,		16);
+	&mov(	$tmp4,		$R);
+
+	&movb(	&LB($tmp1),	&HB($tmp2));	# A
+	&and(	$tmp2,		0xff);		# B
+
+	&movb(	&LB($tmp3),	&HB($tmp4));	# C
+	&and(	$tmp4,		0xff);		# D
+
+	&mov(	$tmp1,		&DWP(&n2a($BF_OFF+0x0000),$P,$tmp1,4));
+	&mov(	$tmp2,		&DWP(&n2a($BF_OFF+0x0400),$P,$tmp2,4));
+
+	&add(	$tmp2,		$tmp1);
+	&mov(	$tmp1,		&DWP(&n2a($BF_OFF+0x0800),$P,$tmp3,4));
+
+	&xor(	$tmp2,		$tmp1);
+	&mov(	$tmp4,		&DWP(&n2a($BF_OFF+0x0C00),$P,$tmp4,4));
+
+	&add(	$tmp2,		$tmp4);
+	if (($enc && ($i != 16)) || ((!$enc) && ($i != 1)))
+		{ &xor(	$tmp1,		$tmp1); }
+	else
+		{
+		&comment("Load parameter 0 ($i) enc=$enc");
+		&mov($tmp1,&wparam(0));
+		} # In last loop
+
+	&xor(	$L,		$tmp2);
+	# delay
+	}
+
+sub n2a
+	{
+	sprintf("%d",$_[0]);
+	}
+
diff --git a/crypto/openssl/crypto/bf/asm/bf-686.pl b/crypto/openssl/crypto/bf/asm/bf-686.pl
new file mode 100644
index 000000000000..8e4c25f59847
--- /dev/null
+++ b/crypto/openssl/crypto/bf/asm/bf-686.pl
@@ -0,0 +1,127 @@
+#!/usr/local/bin/perl
+
+push(@INC,"perlasm","../../perlasm");
+require "x86asm.pl";
+require "cbc.pl";
+
+&asm_init($ARGV[0],"bf-686.pl");
+
+$BF_ROUNDS=16;
+$BF_OFF=($BF_ROUNDS+2)*4;
+$L="ecx";
+$R="edx";
+$P="edi";
+$tot="esi";
+$tmp1="eax";
+$tmp2="ebx";
+$tmp3="ebp";
+
+&des_encrypt("BF_encrypt",1);
+&des_encrypt("BF_decrypt",0);
+&cbc("BF_cbc_encrypt","BF_encrypt","BF_decrypt",1,4,5,3,-1,-1);
+
+&asm_finish();
+
+&file_end();
+
+sub des_encrypt
+	{
+	local($name,$enc)=@_;
+
+	&function_begin($name,"");
+
+	&comment("");
+	&comment("Load the 2 words");
+	&mov("eax",&wparam(0));
+	&mov($L,&DWP(0,"eax","",0));
+	&mov($R,&DWP(4,"eax","",0));
+
+	&comment("");
+	&comment("P pointer, s and enc flag");
+	&mov($P,&wparam(1));
+
+	&xor(	$tmp1,	$tmp1);
+	&xor(	$tmp2,	$tmp2);
+
+	# encrypting part
+
+	if ($enc)
+		{
+		&xor($L,&DWP(0,$P,"",0));
+		for ($i=0; $i<$BF_ROUNDS; $i+=2)
+			{
+			&comment("");
+			&comment("Round $i");
+			&BF_ENCRYPT($i+1,$R,$L,$P,$tot,$tmp1,$tmp2,$tmp3);
+
+			&comment("");
+			&comment("Round ".sprintf("%d",$i+1));
+			&BF_ENCRYPT($i+2,$L,$R,$P,$tot,$tmp1,$tmp2,$tmp3);
+			}
+		&xor($R,&DWP(($BF_ROUNDS+1)*4,$P,"",0));
+
+		&mov("eax",&wparam(0));
+		&mov(&DWP(0,"eax","",0),$R);
+		&mov(&DWP(4,"eax","",0),$L);
+		&function_end_A($name);
+		}
+	else
+		{
+		&xor($L,&DWP(($BF_ROUNDS+1)*4,$P,"",0));
+		for ($i=$BF_ROUNDS; $i>0; $i-=2)
+			{
+			&comment("");
+			&comment("Round $i");
+			&BF_ENCRYPT($i,$R,$L,$P,$tot,$tmp1,$tmp2,$tmp3);
+			&comment("");
+			&comment("Round ".sprintf("%d",$i-1));
+			&BF_ENCRYPT($i-1,$L,$R,$P,$tot,$tmp1,$tmp2,$tmp3);
+			}
+		&xor($R,&DWP(0,$P,"",0));
+
+		&mov("eax",&wparam(0));
+		&mov(&DWP(0,"eax","",0),$R);
+		&mov(&DWP(4,"eax","",0),$L);
+		&function_end_A($name);
+		}
+
+	&function_end_B($name);
+	}
+
+sub BF_ENCRYPT
+	{
+	local($i,$L,$R,$P,$tot,$tmp1,$tmp2,$tmp3)=@_;
+
+	&rotr(	$R,		16);
+	&mov(	$tot,		&DWP(&n2a($i*4),$P,"",0));
+
+	&movb(	&LB($tmp1),	&HB($R));
+	&movb(	&LB($tmp2),	&LB($R));
+
+	&rotr(	$R,		16);
+	&xor(	$L,		$tot);
+
+	&mov(	$tot,		&DWP(&n2a($BF_OFF+0x0000),$P,$tmp1,4));
+	&mov(	$tmp3,		&DWP(&n2a($BF_OFF+0x0400),$P,$tmp2,4));
+
+	&movb(	&LB($tmp1),	&HB($R));
+	&movb(	&LB($tmp2),	&LB($R));
+
+	&add(	$tot,		$tmp3);
+	&mov(	$tmp1,		&DWP(&n2a($BF_OFF+0x0800),$P,$tmp1,4)); # delay
+
+	&xor(	$tot,		$tmp1);
+	&mov(	$tmp3,		&DWP(&n2a($BF_OFF+0x0C00),$P,$tmp2,4));
+
+	&add(	$tot,		$tmp3);
+	&xor(	$tmp1,		$tmp1);
+
+	&xor(	$L,		$tot);					
+	# delay
+	}
+
+sub n2a
+	{
+	sprintf("%d",$_[0]);
+	}
+
diff --git a/crypto/openssl/crypto/bf/asm/readme b/crypto/openssl/crypto/bf/asm/readme
new file mode 100644
index 000000000000..2385fa3812cf
--- /dev/null
+++ b/crypto/openssl/crypto/bf/asm/readme
@@ -0,0 +1,10 @@
+There are blowfish assembler generation scripts.
+bf-586.pl version is for the pentium and
+bf-686.pl is my original version, which is faster on the pentium pro.
+
+When using a bf-586.pl, the pentium pro/II is %8 slower than using
+bf-686.pl.  When using a bf-686.pl, the pentium is %16 slower
+than bf-586.pl
+
+So the default is bf-586.pl
+
diff --git a/crypto/openssl/crypto/bf/bf_cbc.c b/crypto/openssl/crypto/bf/bf_cbc.c
new file mode 100644
index 000000000000..95d1cdcdf927
--- /dev/null
+++ b/crypto/openssl/crypto/bf/bf_cbc.c
@@ -0,0 +1,143 @@
+/* crypto/bf/bf_cbc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "bf_locl.h"
+
+void BF_cbc_encrypt(unsigned char *in, unsigned char *out, long length,
+	     BF_KEY *ks, unsigned char *iv, int encrypt)
+	{
+	register BF_LONG tin0,tin1;
+	register BF_LONG tout0,tout1,xor0,xor1;
+	register long l=length;
+	BF_LONG tin[2];
+
+	if (encrypt)
+		{
+		n2l(iv,tout0);
+		n2l(iv,tout1);
+		iv-=8;
+		for (l-=8; l>=0; l-=8)
+			{
+			n2l(in,tin0);
+			n2l(in,tin1);
+			tin0^=tout0;
+			tin1^=tout1;
+			tin[0]=tin0;
+			tin[1]=tin1;
+			BF_encrypt(tin,ks);
+			tout0=tin[0];
+			tout1=tin[1];
+			l2n(tout0,out);
+			l2n(tout1,out);
+			}
+		if (l != -8)
+			{
+			n2ln(in,tin0,tin1,l+8);
+			tin0^=tout0;
+			tin1^=tout1;
+			tin[0]=tin0;
+			tin[1]=tin1;
+			BF_encrypt(tin,ks);
+			tout0=tin[0];
+			tout1=tin[1];
+			l2n(tout0,out);
+			l2n(tout1,out);
+			}
+		l2n(tout0,iv);
+		l2n(tout1,iv);
+		}
+	else
+		{
+		n2l(iv,xor0);
+		n2l(iv,xor1);
+		iv-=8;
+		for (l-=8; l>=0; l-=8)
+			{
+			n2l(in,tin0);
+			n2l(in,tin1);
+			tin[0]=tin0;
+			tin[1]=tin1;
+			BF_decrypt(tin,ks);
+			tout0=tin[0]^xor0;
+			tout1=tin[1]^xor1;
+			l2n(tout0,out);
+			l2n(tout1,out);
+			xor0=tin0;
+			xor1=tin1;
+			}
+		if (l != -8)
+			{
+			n2l(in,tin0);
+			n2l(in,tin1);
+			tin[0]=tin0;
+			tin[1]=tin1;
+			BF_decrypt(tin,ks);
+			tout0=tin[0]^xor0;
+			tout1=tin[1]^xor1;
+			l2nn(tout0,tout1,out,l+8);
+			xor0=tin0;
+			xor1=tin1;
+			}
+		l2n(xor0,iv);
+		l2n(xor1,iv);
+		}
+	tin0=tin1=tout0=tout1=xor0=xor1=0;
+	tin[0]=tin[1]=0;
+	}
+
diff --git a/crypto/openssl/crypto/bf/bf_cfb64.c b/crypto/openssl/crypto/bf/bf_cfb64.c
new file mode 100644
index 000000000000..1fb8905f49e6
--- /dev/null
+++ b/crypto/openssl/crypto/bf/bf_cfb64.c
@@ -0,0 +1,121 @@
+/* crypto/bf/bf_cfb64.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "bf_locl.h"
+
+/* The input and output encrypted as though 64bit cfb mode is being
+ * used.  The extra state information to record how much of the
+ * 64bit block we have used is contained in *num;
+ */
+
+void BF_cfb64_encrypt(unsigned char *in, unsigned char *out, long length,
+	     BF_KEY *schedule, unsigned char *ivec, int *num, int encrypt)
+	{
+	register BF_LONG v0,v1,t;
+	register int n= *num;
+	register long l=length;
+	BF_LONG ti[2];
+	unsigned char *iv,c,cc;
+
+	iv=(unsigned char *)ivec;
+	if (encrypt)
+		{
+		while (l--)
+			{
+			if (n == 0)
+				{
+				n2l(iv,v0); ti[0]=v0;
+				n2l(iv,v1); ti[1]=v1;
+				BF_encrypt((BF_LONG *)ti,schedule);
+				iv=(unsigned char *)ivec;
+				t=ti[0]; l2n(t,iv);
+				t=ti[1]; l2n(t,iv);
+				iv=(unsigned char *)ivec;
+				}
+			c= *(in++)^iv[n];
+			*(out++)=c;
+			iv[n]=c;
+			n=(n+1)&0x07;
+			}
+		}
+	else
+		{
+		while (l--)
+			{
+			if (n == 0)
+				{
+				n2l(iv,v0); ti[0]=v0;
+				n2l(iv,v1); ti[1]=v1;
+				BF_encrypt((BF_LONG *)ti,schedule);
+				iv=(unsigned char *)ivec;
+				t=ti[0]; l2n(t,iv);
+				t=ti[1]; l2n(t,iv);
+				iv=(unsigned char *)ivec;
+				}
+			cc= *(in++);
+			c=iv[n];
+			iv[n]=cc;
+			*(out++)=c^cc;
+			n=(n+1)&0x07;
+			}
+		}
+	v0=v1=ti[0]=ti[1]=t=c=cc=0;
+	*num=n;
+	}
+
diff --git a/crypto/openssl/crypto/bf/bf_ecb.c b/crypto/openssl/crypto/bf/bf_ecb.c
new file mode 100644
index 000000000000..9f8a24cdff57
--- /dev/null
+++ b/crypto/openssl/crypto/bf/bf_ecb.c
@@ -0,0 +1,96 @@
+/* crypto/bf/bf_ecb.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "bf_locl.h"
+#include 
+
+/* Blowfish as implemented from 'Blowfish: Springer-Verlag paper'
+ * (From LECTURE NOTES IN COIMPUTER SCIENCE 809, FAST SOFTWARE ENCRYPTION,
+ * CAMBRIDGE SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993)
+ */
+
+const char *BF_version="BlowFish" OPENSSL_VERSION_PTEXT;
+
+const char *BF_options(void)
+	{
+#ifdef BF_PTR
+	return("blowfish(ptr)");
+#elif defined(BF_PTR2)
+	return("blowfish(ptr2)");
+#else
+	return("blowfish(idx)");
+#endif
+	}
+
+void BF_ecb_encrypt(unsigned char *in, unsigned char *out, BF_KEY *ks,
+	     int encrypt)
+	{
+	BF_LONG l,d[2];
+
+	n2l(in,l); d[0]=l;
+	n2l(in,l); d[1]=l;
+	if (encrypt)
+		BF_encrypt(d,ks);
+	else
+		BF_decrypt(d,ks);
+	l=d[0]; l2n(l,out);
+	l=d[1]; l2n(l,out);
+	l=d[0]=d[1]=0;
+	}
+
diff --git a/crypto/openssl/crypto/bf/bf_enc.c b/crypto/openssl/crypto/bf/bf_enc.c
new file mode 100644
index 000000000000..ee0183456197
--- /dev/null
+++ b/crypto/openssl/crypto/bf/bf_enc.c
@@ -0,0 +1,304 @@
+/* crypto/bf/bf_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "bf_locl.h"
+
+/* Blowfish as implemented from 'Blowfish: Springer-Verlag paper'
+ * (From LECTURE NOTES IN COIMPUTER SCIENCE 809, FAST SOFTWARE ENCRYPTION,
+ * CAMBRIDGE SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993)
+ */
+
+#if (BF_ROUNDS != 16) && (BF_ROUNDS != 20)
+#error If you set BF_ROUNDS to some value other than 16 or 20, you will have \
+to modify the code.
+#endif
+
+void BF_encrypt(BF_LONG *data, BF_KEY *key)
+	{
+#ifndef BF_PTR2
+	register BF_LONG l,r,*p,*s;
+
+	p=key->P;
+	s= &(key->S[0]);
+	l=data[0];
+	r=data[1];
+
+	l^=p[0];
+	BF_ENC(r,l,s,p[ 1]);
+	BF_ENC(l,r,s,p[ 2]);
+	BF_ENC(r,l,s,p[ 3]);
+	BF_ENC(l,r,s,p[ 4]);
+	BF_ENC(r,l,s,p[ 5]);
+	BF_ENC(l,r,s,p[ 6]);
+	BF_ENC(r,l,s,p[ 7]);
+	BF_ENC(l,r,s,p[ 8]);
+	BF_ENC(r,l,s,p[ 9]);
+	BF_ENC(l,r,s,p[10]);
+	BF_ENC(r,l,s,p[11]);
+	BF_ENC(l,r,s,p[12]);
+	BF_ENC(r,l,s,p[13]);
+	BF_ENC(l,r,s,p[14]);
+	BF_ENC(r,l,s,p[15]);
+	BF_ENC(l,r,s,p[16]);
+#if BF_ROUNDS == 20
+	BF_ENC(r,l,s,p[17]);
+	BF_ENC(l,r,s,p[18]);
+	BF_ENC(r,l,s,p[19]);
+	BF_ENC(l,r,s,p[20]);
+#endif
+	r^=p[BF_ROUNDS+1];
+
+	data[1]=l&0xffffffffL;
+	data[0]=r&0xffffffffL;
+#else
+	register BF_LONG l,r,t,*k;
+
+	l=data[0];
+	r=data[1];
+	k=(BF_LONG*)key;
+
+	l^=k[0];
+	BF_ENC(r,l,k, 1);
+	BF_ENC(l,r,k, 2);
+	BF_ENC(r,l,k, 3);
+	BF_ENC(l,r,k, 4);
+	BF_ENC(r,l,k, 5);
+	BF_ENC(l,r,k, 6);
+	BF_ENC(r,l,k, 7);
+	BF_ENC(l,r,k, 8);
+	BF_ENC(r,l,k, 9);
+	BF_ENC(l,r,k,10);
+	BF_ENC(r,l,k,11);
+	BF_ENC(l,r,k,12);
+	BF_ENC(r,l,k,13);
+	BF_ENC(l,r,k,14);
+	BF_ENC(r,l,k,15);
+	BF_ENC(l,r,k,16);
+#if BF_ROUNDS == 20
+	BF_ENC(r,l,k,17);
+	BF_ENC(l,r,k,18);
+	BF_ENC(r,l,k,19);
+	BF_ENC(l,r,k,20);
+#endif
+	r^=k[BF_ROUNDS+1];
+
+	data[1]=l&0xffffffffL;
+	data[0]=r&0xffffffffL;
+#endif
+	}
+
+#ifndef BF_DEFAULT_OPTIONS
+
+void BF_decrypt(BF_LONG *data, BF_KEY *key)
+	{
+#ifndef BF_PTR2
+	register BF_LONG l,r,*p,*s;
+
+	p=key->P;
+	s= &(key->S[0]);
+	l=data[0];
+	r=data[1];
+
+	l^=p[BF_ROUNDS+1];
+#if BF_ROUNDS == 20
+	BF_ENC(r,l,s,p[20]);
+	BF_ENC(l,r,s,p[19]);
+	BF_ENC(r,l,s,p[18]);
+	BF_ENC(l,r,s,p[17]);
+#endif
+	BF_ENC(r,l,s,p[16]);
+	BF_ENC(l,r,s,p[15]);
+	BF_ENC(r,l,s,p[14]);
+	BF_ENC(l,r,s,p[13]);
+	BF_ENC(r,l,s,p[12]);
+	BF_ENC(l,r,s,p[11]);
+	BF_ENC(r,l,s,p[10]);
+	BF_ENC(l,r,s,p[ 9]);
+	BF_ENC(r,l,s,p[ 8]);
+	BF_ENC(l,r,s,p[ 7]);
+	BF_ENC(r,l,s,p[ 6]);
+	BF_ENC(l,r,s,p[ 5]);
+	BF_ENC(r,l,s,p[ 4]);
+	BF_ENC(l,r,s,p[ 3]);
+	BF_ENC(r,l,s,p[ 2]);
+	BF_ENC(l,r,s,p[ 1]);
+	r^=p[0];
+
+	data[1]=l&0xffffffffL;
+	data[0]=r&0xffffffffL;
+#else
+	register BF_LONG l,r,t,*k;
+
+	l=data[0];
+	r=data[1];
+	k=(BF_LONG *)key;
+
+	l^=k[BF_ROUNDS+1];
+#if BF_ROUNDS == 20
+	BF_ENC(r,l,k,20);
+	BF_ENC(l,r,k,19);
+	BF_ENC(r,l,k,18);
+	BF_ENC(l,r,k,17);
+#endif
+	BF_ENC(r,l,k,16);
+	BF_ENC(l,r,k,15);
+	BF_ENC(r,l,k,14);
+	BF_ENC(l,r,k,13);
+	BF_ENC(r,l,k,12);
+	BF_ENC(l,r,k,11);
+	BF_ENC(r,l,k,10);
+	BF_ENC(l,r,k, 9);
+	BF_ENC(r,l,k, 8);
+	BF_ENC(l,r,k, 7);
+	BF_ENC(r,l,k, 6);
+	BF_ENC(l,r,k, 5);
+	BF_ENC(r,l,k, 4);
+	BF_ENC(l,r,k, 3);
+	BF_ENC(r,l,k, 2);
+	BF_ENC(l,r,k, 1);
+	r^=k[0];
+
+	data[1]=l&0xffffffffL;
+	data[0]=r&0xffffffffL;
+#endif
+	}
+
+void BF_cbc_encrypt(unsigned char *in, unsigned char *out, long length,
+	     BF_KEY *ks, unsigned char *iv, int encrypt)
+	{
+	register BF_LONG tin0,tin1;
+	register BF_LONG tout0,tout1,xor0,xor1;
+	register long l=length;
+	BF_LONG tin[2];
+
+	if (encrypt)
+		{
+		n2l(iv,tout0);
+		n2l(iv,tout1);
+		iv-=8;
+		for (l-=8; l>=0; l-=8)
+			{
+			n2l(in,tin0);
+			n2l(in,tin1);
+			tin0^=tout0;
+			tin1^=tout1;
+			tin[0]=tin0;
+			tin[1]=tin1;
+			BF_encrypt(tin,ks);
+			tout0=tin[0];
+			tout1=tin[1];
+			l2n(tout0,out);
+			l2n(tout1,out);
+			}
+		if (l != -8)
+			{
+			n2ln(in,tin0,tin1,l+8);
+			tin0^=tout0;
+			tin1^=tout1;
+			tin[0]=tin0;
+			tin[1]=tin1;
+			BF_encrypt(tin,ks);
+			tout0=tin[0];
+			tout1=tin[1];
+			l2n(tout0,out);
+			l2n(tout1,out);
+			}
+		l2n(tout0,iv);
+		l2n(tout1,iv);
+		}
+	else
+		{
+		n2l(iv,xor0);
+		n2l(iv,xor1);
+		iv-=8;
+		for (l-=8; l>=0; l-=8)
+			{
+			n2l(in,tin0);
+			n2l(in,tin1);
+			tin[0]=tin0;
+			tin[1]=tin1;
+			BF_decrypt(tin,ks);
+			tout0=tin[0]^xor0;
+			tout1=tin[1]^xor1;
+			l2n(tout0,out);
+			l2n(tout1,out);
+			xor0=tin0;
+			xor1=tin1;
+			}
+		if (l != -8)
+			{
+			n2l(in,tin0);
+			n2l(in,tin1);
+			tin[0]=tin0;
+			tin[1]=tin1;
+			BF_decrypt(tin,ks);
+			tout0=tin[0]^xor0;
+			tout1=tin[1]^xor1;
+			l2nn(tout0,tout1,out,l+8);
+			xor0=tin0;
+			xor1=tin1;
+			}
+		l2n(xor0,iv);
+		l2n(xor1,iv);
+		}
+	tin0=tin1=tout0=tout1=xor0=xor1=0;
+	tin[0]=tin[1]=0;
+	}
+
+#endif
diff --git a/crypto/openssl/crypto/bf/bf_locl.h b/crypto/openssl/crypto/bf/bf_locl.h
new file mode 100644
index 000000000000..05756b5d3b65
--- /dev/null
+++ b/crypto/openssl/crypto/bf/bf_locl.h
@@ -0,0 +1,219 @@
+/* crypto/bf/bf_locl.h */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_BF_LOCL_H
+#define HEADER_BF_LOCL_H
+#include  /* BF_PTR, BF_PTR2 */
+
+#undef c2l
+#define c2l(c,l)	(l =((unsigned long)(*((c)++)))    , \
+			 l|=((unsigned long)(*((c)++)))<< 8L, \
+			 l|=((unsigned long)(*((c)++)))<<16L, \
+			 l|=((unsigned long)(*((c)++)))<<24L)
+
+/* NOTE - c is not incremented as per c2l */
+#undef c2ln
+#define c2ln(c,l1,l2,n)	{ \
+			c+=n; \
+			l1=l2=0; \
+			switch (n) { \
+			case 8: l2 =((unsigned long)(*(--(c))))<<24L; \
+			case 7: l2|=((unsigned long)(*(--(c))))<<16L; \
+			case 6: l2|=((unsigned long)(*(--(c))))<< 8L; \
+			case 5: l2|=((unsigned long)(*(--(c))));     \
+			case 4: l1 =((unsigned long)(*(--(c))))<<24L; \
+			case 3: l1|=((unsigned long)(*(--(c))))<<16L; \
+			case 2: l1|=((unsigned long)(*(--(c))))<< 8L; \
+			case 1: l1|=((unsigned long)(*(--(c))));     \
+				} \
+			}
+
+#undef l2c
+#define l2c(l,c)	(*((c)++)=(unsigned char)(((l)     )&0xff), \
+			 *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+			 *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+			 *((c)++)=(unsigned char)(((l)>>24L)&0xff))
+
+/* NOTE - c is not incremented as per l2c */
+#undef l2cn
+#define l2cn(l1,l2,c,n)	{ \
+			c+=n; \
+			switch (n) { \
+			case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \
+			case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \
+			case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \
+			case 5: *(--(c))=(unsigned char)(((l2)     )&0xff); \
+			case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \
+			case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \
+			case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \
+			case 1: *(--(c))=(unsigned char)(((l1)     )&0xff); \
+				} \
+			}
+
+/* NOTE - c is not incremented as per n2l */
+#define n2ln(c,l1,l2,n)	{ \
+			c+=n; \
+			l1=l2=0; \
+			switch (n) { \
+			case 8: l2 =((unsigned long)(*(--(c))))    ; \
+			case 7: l2|=((unsigned long)(*(--(c))))<< 8; \
+			case 6: l2|=((unsigned long)(*(--(c))))<<16; \
+			case 5: l2|=((unsigned long)(*(--(c))))<<24; \
+			case 4: l1 =((unsigned long)(*(--(c))))    ; \
+			case 3: l1|=((unsigned long)(*(--(c))))<< 8; \
+			case 2: l1|=((unsigned long)(*(--(c))))<<16; \
+			case 1: l1|=((unsigned long)(*(--(c))))<<24; \
+				} \
+			}
+
+/* NOTE - c is not incremented as per l2n */
+#define l2nn(l1,l2,c,n)	{ \
+			c+=n; \
+			switch (n) { \
+			case 8: *(--(c))=(unsigned char)(((l2)    )&0xff); \
+			case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
+			case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
+			case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
+			case 4: *(--(c))=(unsigned char)(((l1)    )&0xff); \
+			case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
+			case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
+			case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
+				} \
+			}
+
+#undef n2l
+#define n2l(c,l)        (l =((unsigned long)(*((c)++)))<<24L, \
+                         l|=((unsigned long)(*((c)++)))<<16L, \
+                         l|=((unsigned long)(*((c)++)))<< 8L, \
+                         l|=((unsigned long)(*((c)++))))
+
+#undef l2n
+#define l2n(l,c)        (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)     )&0xff))
+
+/* This is actually a big endian algorithm, the most significate byte
+ * is used to lookup array 0 */
+
+#if defined(BF_PTR2)
+
+/*
+ * This is basically a special Intel version. Point is that Intel
+ * doesn't have many registers, but offers a reach choice of addressing
+ * modes. So we spare some registers by directly traversing BF_KEY
+ * structure and hiring the most decorated addressing mode. The code
+ * generated by EGCS is *perfectly* competitive with assembler
+ * implementation!
+ */
+#define BF_ENC(LL,R,KEY,Pi) (\
+	LL^=KEY[Pi], \
+	t=  KEY[BF_ROUNDS+2 +   0 + ((R>>24)&0xFF)], \
+	t+= KEY[BF_ROUNDS+2 + 256 + ((R>>16)&0xFF)], \
+	t^= KEY[BF_ROUNDS+2 + 512 + ((R>>8 )&0xFF)], \
+	t+= KEY[BF_ROUNDS+2 + 768 + ((R    )&0xFF)], \
+	LL^=t \
+	)
+
+#elif defined(BF_PTR)
+
+#ifndef BF_LONG_LOG2
+#define BF_LONG_LOG2  2       /* default to BF_LONG being 32 bits */
+#endif
+#define BF_M  (0xFF<>BF_i)&BF_M gets folded into a single instruction, namely
+ * rlwinm. So let'em double-check if their compiler does it.
+ */
+
+#define BF_ENC(LL,R,S,P) ( \
+	LL^=P, \
+	LL^= (((*(BF_LONG *)((unsigned char *)&(S[  0])+((R>>BF_0)&BF_M))+ \
+		*(BF_LONG *)((unsigned char *)&(S[256])+((R>>BF_1)&BF_M)))^ \
+		*(BF_LONG *)((unsigned char *)&(S[512])+((R>>BF_2)&BF_M)))+ \
+		*(BF_LONG *)((unsigned char *)&(S[768])+((R<>24)&0xff)] + \
+		S[0x0100+((int)(R>>16)&0xff)])^ \
+		S[0x0200+((int)(R>> 8)&0xff)])+ \
+		S[0x0300+((int)(R    )&0xff)])&0xffffffffL \
+	)
+#endif
+
+#endif
diff --git a/crypto/openssl/crypto/bf/bf_ofb64.c b/crypto/openssl/crypto/bf/bf_ofb64.c
new file mode 100644
index 000000000000..8ceb8d9bdaa0
--- /dev/null
+++ b/crypto/openssl/crypto/bf/bf_ofb64.c
@@ -0,0 +1,110 @@
+/* crypto/bf/bf_ofb64.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "bf_locl.h"
+
+/* The input and output encrypted as though 64bit ofb mode is being
+ * used.  The extra state information to record how much of the
+ * 64bit block we have used is contained in *num;
+ */
+void BF_ofb64_encrypt(unsigned char *in, unsigned char *out, long length,
+	     BF_KEY *schedule, unsigned char *ivec, int *num)
+	{
+	register BF_LONG v0,v1,t;
+	register int n= *num;
+	register long l=length;
+	unsigned char d[8];
+	register char *dp;
+	BF_LONG ti[2];
+	unsigned char *iv;
+	int save=0;
+
+	iv=(unsigned char *)ivec;
+	n2l(iv,v0);
+	n2l(iv,v1);
+	ti[0]=v0;
+	ti[1]=v1;
+	dp=(char *)d;
+	l2n(v0,dp);
+	l2n(v1,dp);
+	while (l--)
+		{
+		if (n == 0)
+			{
+			BF_encrypt((BF_LONG *)ti,schedule);
+			dp=(char *)d;
+			t=ti[0]; l2n(t,dp);
+			t=ti[1]; l2n(t,dp);
+			save++;
+			}
+		*(out++)= *(in++)^d[n];
+		n=(n+1)&0x07;
+		}
+	if (save)
+		{
+		v0=ti[0];
+		v1=ti[1];
+		iv=(unsigned char *)ivec;
+		l2n(v0,iv);
+		l2n(v1,iv);
+		}
+	t=v0=v1=ti[0]=ti[1]=0;
+	*num=n;
+	}
+
diff --git a/crypto/openssl/crypto/bf/bf_opts.c b/crypto/openssl/crypto/bf/bf_opts.c
new file mode 100644
index 000000000000..5f330cc53ce6
--- /dev/null
+++ b/crypto/openssl/crypto/bf/bf_opts.c
@@ -0,0 +1,328 @@
+/* crypto/bf/bf_opts.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* define PART1, PART2, PART3 or PART4 to build only with a few of the options.
+ * This is for machines with 64k code segment size restrictions. */
+
+#if !defined(MSDOS) && (!defined(VMS) || defined(__DECC))
+#define TIMES
+#endif
+
+#include 
+
+#include 
+#include OPENSSL_UNISTD_IO
+OPENSSL_DECLARE_EXIT
+
+#include 
+#ifndef _IRIX
+#include 
+#endif
+#ifdef TIMES
+#include 
+#include 
+#endif
+
+/* Depending on the VMS version, the tms structure is perhaps defined.
+   The __TMS macro will show if it was.  If it wasn't defined, we should
+   undefine TIMES, since that tells the rest of the program how things
+   should be handled.				-- Richard Levitte */
+#if defined(VMS) && defined(__DECC) && !defined(__TMS)
+#undef TIMES
+#endif
+
+#ifndef TIMES
+#include 
+#endif
+
+#if defined(sun) || defined(__ultrix)
+#define _POSIX_SOURCE
+#include 
+#include 
+#endif
+
+#include 
+
+#define BF_DEFAULT_OPTIONS
+
+#undef BF_ENC
+#define BF_encrypt  BF_encrypt_normal
+#undef HEADER_BF_LOCL_H
+#include "bf_enc.c"
+
+#define BF_PTR
+#undef BF_PTR2
+#undef BF_ENC
+#undef BF_encrypt
+#define BF_encrypt  BF_encrypt_ptr
+#undef HEADER_BF_LOCL_H
+#include "bf_enc.c"
+
+#undef BF_PTR
+#define BF_PTR2
+#undef BF_ENC
+#undef BF_encrypt
+#define BF_encrypt  BF_encrypt_ptr2
+#undef HEADER_BF_LOCL_H
+#include "bf_enc.c"
+
+/* The following if from times(3) man page.  It may need to be changed */
+#ifndef HZ
+# ifndef CLK_TCK
+#  ifndef _BSD_CLK_TCK_ /* FreeBSD fix */
+#   define HZ	100.0
+#  else /* _BSD_CLK_TCK_ */
+#   define HZ ((double)_BSD_CLK_TCK_)
+#  endif
+# else /* CLK_TCK */
+#  define HZ ((double)CLK_TCK)
+# endif
+#endif
+
+#define BUFSIZE	((long)1024)
+long run=0;
+
+double Time_F(int s);
+#ifdef SIGALRM
+#if defined(__STDC__) || defined(sgi)
+#define SIGRETTYPE void
+#else
+#define SIGRETTYPE int
+#endif
+
+SIGRETTYPE sig_done(int sig);
+SIGRETTYPE sig_done(int sig)
+	{
+	signal(SIGALRM,sig_done);
+	run=0;
+#ifdef LINT
+	sig=sig;
+#endif
+	}
+#endif
+
+#define START	0
+#define STOP	1
+
+double Time_F(int s)
+	{
+	double ret;
+#ifdef TIMES
+	static struct tms tstart,tend;
+
+	if (s == START)
+		{
+		times(&tstart);
+		return(0);
+		}
+	else
+		{
+		times(&tend);
+		ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
+		return((ret == 0.0)?1e-6:ret);
+		}
+#else /* !times() */
+	static struct timeb tstart,tend;
+	long i;
+
+	if (s == START)
+		{
+		ftime(&tstart);
+		return(0);
+		}
+	else
+		{
+		ftime(&tend);
+		i=(long)tend.millitm-(long)tstart.millitm;
+		ret=((double)(tend.time-tstart.time))+((double)i)/1000.0;
+		return((ret == 0.0)?1e-6:ret);
+		}
+#endif
+	}
+
+#ifdef SIGALRM
+#define print_name(name) fprintf(stderr,"Doing %s's for 10 seconds\n",name); alarm(10);
+#else
+#define print_name(name) fprintf(stderr,"Doing %s %ld times\n",name,cb);
+#endif
+	
+#define time_it(func,name,index) \
+	print_name(name); \
+	Time_F(START); \
+	for (count=0,run=1; COND(cb); count+=4) \
+		{ \
+		unsigned long d[2]; \
+		func(d,&sch); \
+		func(d,&sch); \
+		func(d,&sch); \
+		func(d,&sch); \
+		} \
+	tm[index]=Time_F(STOP); \
+	fprintf(stderr,"%ld %s's in %.2f second\n",count,name,tm[index]); \
+	tm[index]=((double)COUNT(cb))/tm[index];
+
+#define print_it(name,index) \
+	fprintf(stderr,"%s bytes per sec = %12.2f (%5.1fuS)\n",name, \
+		tm[index]*8,1.0e6/tm[index]);
+
+int main(int argc, char **argv)
+	{
+	long count;
+	static unsigned char buf[BUFSIZE];
+	static char key[16]={	0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
+				0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0};
+	BF_KEY sch;
+	double d,tm[16],max=0;
+	int rank[16];
+	char *str[16];
+	int max_idx=0,i,num=0,j;
+#ifndef SIGALARM
+	long ca,cb,cc,cd,ce;
+#endif
+
+	for (i=0; i<12; i++)
+		{
+		tm[i]=0.0;
+		rank[i]=0;
+		}
+
+#ifndef TIMES
+	fprintf(stderr,"To get the most acurate results, try to run this\n");
+	fprintf(stderr,"program when this computer is idle.\n");
+#endif
+
+	BF_set_key(&sch,16,key);
+
+#ifndef SIGALRM
+	fprintf(stderr,"First we calculate the approximate speed ...\n");
+	count=10;
+	do	{
+		long i;
+		unsigned long data[2];
+
+		count*=2;
+		Time_F(START);
+		for (i=count; i; i--)
+			BF_encrypt(data,&sch);
+		d=Time_F(STOP);
+		} while (d < 3.0);
+	ca=count;
+	cb=count*3;
+	cc=count*3*8/BUFSIZE+1;
+	cd=count*8/BUFSIZE+1;
+
+	ce=count/20+1;
+#define COND(d) (count != (d))
+#define COUNT(d) (d)
+#else
+#define COND(c) (run)
+#define COUNT(d) (count)
+        signal(SIGALRM,sig_done);
+        alarm(10);
+#endif
+
+	time_it(BF_encrypt_normal,	"BF_encrypt_normal ", 0);
+	time_it(BF_encrypt_ptr,		"BF_encrypt_ptr    ", 1);
+	time_it(BF_encrypt_ptr2,	"BF_encrypt_ptr2   ", 2);
+	num+=3;
+
+	str[0]="";
+	print_it("BF_encrypt_normal ",0);
+	max=tm[0];
+	max_idx=0;
+	str[1]="ptr      ";
+	print_it("BF_encrypt_ptr ",1);
+	if (max < tm[1]) { max=tm[1]; max_idx=1; }
+	str[2]="ptr2     ";
+	print_it("BF_encrypt_ptr2 ",2);
+	if (max < tm[2]) { max=tm[2]; max_idx=2; }
+
+	printf("options    BF ecb/s\n");
+	printf("%s %12.2f 100.0%%\n",str[max_idx],tm[max_idx]);
+	d=tm[max_idx];
+	tm[max_idx]= -2.0;
+	max= -1.0;
+	for (;;)
+		{
+		for (i=0; i<3; i++)
+			{
+			if (max < tm[i]) { max=tm[i]; j=i; }
+			}
+		if (max < 0.0) break;
+		printf("%s %12.2f  %4.1f%%\n",str[j],tm[j],tm[j]/d*100.0);
+		tm[j]= -2.0;
+		max= -1.0;
+		}
+
+	switch (max_idx)
+		{
+	case 0:
+		printf("-DBF_DEFAULT_OPTIONS\n");
+		break;
+	case 1:
+		printf("-DBF_PTR\n");
+		break;
+	case 2:
+		printf("-DBF_PTR2\n");
+		break;
+		}
+	exit(0);
+#if defined(LINT) || defined(MSDOS)
+	return(0);
+#endif
+	}
diff --git a/crypto/openssl/crypto/bf/bf_pi.h b/crypto/openssl/crypto/bf/bf_pi.h
new file mode 100644
index 000000000000..417b9355385c
--- /dev/null
+++ b/crypto/openssl/crypto/bf/bf_pi.h
@@ -0,0 +1,325 @@
+/* crypto/bf/bf_pi.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+static BF_KEY bf_init= {
+	{
+	0x243f6a88L, 0x85a308d3L, 0x13198a2eL, 0x03707344L,
+	0xa4093822L, 0x299f31d0L, 0x082efa98L, 0xec4e6c89L,
+	0x452821e6L, 0x38d01377L, 0xbe5466cfL, 0x34e90c6cL,
+	0xc0ac29b7L, 0xc97c50ddL, 0x3f84d5b5L, 0xb5470917L,
+	0x9216d5d9L, 0x8979fb1b
+	},{
+	0xd1310ba6L, 0x98dfb5acL, 0x2ffd72dbL, 0xd01adfb7L, 
+	0xb8e1afedL, 0x6a267e96L, 0xba7c9045L, 0xf12c7f99L, 
+	0x24a19947L, 0xb3916cf7L, 0x0801f2e2L, 0x858efc16L, 
+	0x636920d8L, 0x71574e69L, 0xa458fea3L, 0xf4933d7eL, 
+	0x0d95748fL, 0x728eb658L, 0x718bcd58L, 0x82154aeeL, 
+	0x7b54a41dL, 0xc25a59b5L, 0x9c30d539L, 0x2af26013L, 
+	0xc5d1b023L, 0x286085f0L, 0xca417918L, 0xb8db38efL, 
+	0x8e79dcb0L, 0x603a180eL, 0x6c9e0e8bL, 0xb01e8a3eL, 
+	0xd71577c1L, 0xbd314b27L, 0x78af2fdaL, 0x55605c60L, 
+	0xe65525f3L, 0xaa55ab94L, 0x57489862L, 0x63e81440L, 
+	0x55ca396aL, 0x2aab10b6L, 0xb4cc5c34L, 0x1141e8ceL, 
+	0xa15486afL, 0x7c72e993L, 0xb3ee1411L, 0x636fbc2aL, 
+	0x2ba9c55dL, 0x741831f6L, 0xce5c3e16L, 0x9b87931eL, 
+	0xafd6ba33L, 0x6c24cf5cL, 0x7a325381L, 0x28958677L, 
+	0x3b8f4898L, 0x6b4bb9afL, 0xc4bfe81bL, 0x66282193L, 
+	0x61d809ccL, 0xfb21a991L, 0x487cac60L, 0x5dec8032L, 
+	0xef845d5dL, 0xe98575b1L, 0xdc262302L, 0xeb651b88L, 
+	0x23893e81L, 0xd396acc5L, 0x0f6d6ff3L, 0x83f44239L, 
+	0x2e0b4482L, 0xa4842004L, 0x69c8f04aL, 0x9e1f9b5eL, 
+	0x21c66842L, 0xf6e96c9aL, 0x670c9c61L, 0xabd388f0L, 
+	0x6a51a0d2L, 0xd8542f68L, 0x960fa728L, 0xab5133a3L, 
+	0x6eef0b6cL, 0x137a3be4L, 0xba3bf050L, 0x7efb2a98L, 
+	0xa1f1651dL, 0x39af0176L, 0x66ca593eL, 0x82430e88L, 
+	0x8cee8619L, 0x456f9fb4L, 0x7d84a5c3L, 0x3b8b5ebeL, 
+	0xe06f75d8L, 0x85c12073L, 0x401a449fL, 0x56c16aa6L, 
+	0x4ed3aa62L, 0x363f7706L, 0x1bfedf72L, 0x429b023dL, 
+	0x37d0d724L, 0xd00a1248L, 0xdb0fead3L, 0x49f1c09bL, 
+	0x075372c9L, 0x80991b7bL, 0x25d479d8L, 0xf6e8def7L, 
+	0xe3fe501aL, 0xb6794c3bL, 0x976ce0bdL, 0x04c006baL, 
+	0xc1a94fb6L, 0x409f60c4L, 0x5e5c9ec2L, 0x196a2463L, 
+	0x68fb6fafL, 0x3e6c53b5L, 0x1339b2ebL, 0x3b52ec6fL, 
+	0x6dfc511fL, 0x9b30952cL, 0xcc814544L, 0xaf5ebd09L, 
+	0xbee3d004L, 0xde334afdL, 0x660f2807L, 0x192e4bb3L, 
+	0xc0cba857L, 0x45c8740fL, 0xd20b5f39L, 0xb9d3fbdbL, 
+	0x5579c0bdL, 0x1a60320aL, 0xd6a100c6L, 0x402c7279L, 
+	0x679f25feL, 0xfb1fa3ccL, 0x8ea5e9f8L, 0xdb3222f8L, 
+	0x3c7516dfL, 0xfd616b15L, 0x2f501ec8L, 0xad0552abL, 
+	0x323db5faL, 0xfd238760L, 0x53317b48L, 0x3e00df82L, 
+	0x9e5c57bbL, 0xca6f8ca0L, 0x1a87562eL, 0xdf1769dbL, 
+	0xd542a8f6L, 0x287effc3L, 0xac6732c6L, 0x8c4f5573L, 
+	0x695b27b0L, 0xbbca58c8L, 0xe1ffa35dL, 0xb8f011a0L, 
+	0x10fa3d98L, 0xfd2183b8L, 0x4afcb56cL, 0x2dd1d35bL, 
+	0x9a53e479L, 0xb6f84565L, 0xd28e49bcL, 0x4bfb9790L, 
+	0xe1ddf2daL, 0xa4cb7e33L, 0x62fb1341L, 0xcee4c6e8L, 
+	0xef20cadaL, 0x36774c01L, 0xd07e9efeL, 0x2bf11fb4L, 
+	0x95dbda4dL, 0xae909198L, 0xeaad8e71L, 0x6b93d5a0L, 
+	0xd08ed1d0L, 0xafc725e0L, 0x8e3c5b2fL, 0x8e7594b7L, 
+	0x8ff6e2fbL, 0xf2122b64L, 0x8888b812L, 0x900df01cL, 
+	0x4fad5ea0L, 0x688fc31cL, 0xd1cff191L, 0xb3a8c1adL, 
+	0x2f2f2218L, 0xbe0e1777L, 0xea752dfeL, 0x8b021fa1L, 
+	0xe5a0cc0fL, 0xb56f74e8L, 0x18acf3d6L, 0xce89e299L, 
+	0xb4a84fe0L, 0xfd13e0b7L, 0x7cc43b81L, 0xd2ada8d9L, 
+	0x165fa266L, 0x80957705L, 0x93cc7314L, 0x211a1477L, 
+	0xe6ad2065L, 0x77b5fa86L, 0xc75442f5L, 0xfb9d35cfL, 
+	0xebcdaf0cL, 0x7b3e89a0L, 0xd6411bd3L, 0xae1e7e49L, 
+	0x00250e2dL, 0x2071b35eL, 0x226800bbL, 0x57b8e0afL, 
+	0x2464369bL, 0xf009b91eL, 0x5563911dL, 0x59dfa6aaL, 
+	0x78c14389L, 0xd95a537fL, 0x207d5ba2L, 0x02e5b9c5L, 
+	0x83260376L, 0x6295cfa9L, 0x11c81968L, 0x4e734a41L, 
+	0xb3472dcaL, 0x7b14a94aL, 0x1b510052L, 0x9a532915L, 
+	0xd60f573fL, 0xbc9bc6e4L, 0x2b60a476L, 0x81e67400L, 
+	0x08ba6fb5L, 0x571be91fL, 0xf296ec6bL, 0x2a0dd915L, 
+	0xb6636521L, 0xe7b9f9b6L, 0xff34052eL, 0xc5855664L, 
+	0x53b02d5dL, 0xa99f8fa1L, 0x08ba4799L, 0x6e85076aL, 
+	0x4b7a70e9L, 0xb5b32944L, 0xdb75092eL, 0xc4192623L, 
+	0xad6ea6b0L, 0x49a7df7dL, 0x9cee60b8L, 0x8fedb266L, 
+	0xecaa8c71L, 0x699a17ffL, 0x5664526cL, 0xc2b19ee1L, 
+	0x193602a5L, 0x75094c29L, 0xa0591340L, 0xe4183a3eL, 
+	0x3f54989aL, 0x5b429d65L, 0x6b8fe4d6L, 0x99f73fd6L, 
+	0xa1d29c07L, 0xefe830f5L, 0x4d2d38e6L, 0xf0255dc1L, 
+	0x4cdd2086L, 0x8470eb26L, 0x6382e9c6L, 0x021ecc5eL, 
+	0x09686b3fL, 0x3ebaefc9L, 0x3c971814L, 0x6b6a70a1L, 
+	0x687f3584L, 0x52a0e286L, 0xb79c5305L, 0xaa500737L, 
+	0x3e07841cL, 0x7fdeae5cL, 0x8e7d44ecL, 0x5716f2b8L, 
+	0xb03ada37L, 0xf0500c0dL, 0xf01c1f04L, 0x0200b3ffL, 
+	0xae0cf51aL, 0x3cb574b2L, 0x25837a58L, 0xdc0921bdL, 
+	0xd19113f9L, 0x7ca92ff6L, 0x94324773L, 0x22f54701L, 
+	0x3ae5e581L, 0x37c2dadcL, 0xc8b57634L, 0x9af3dda7L, 
+	0xa9446146L, 0x0fd0030eL, 0xecc8c73eL, 0xa4751e41L, 
+	0xe238cd99L, 0x3bea0e2fL, 0x3280bba1L, 0x183eb331L, 
+	0x4e548b38L, 0x4f6db908L, 0x6f420d03L, 0xf60a04bfL, 
+	0x2cb81290L, 0x24977c79L, 0x5679b072L, 0xbcaf89afL, 
+	0xde9a771fL, 0xd9930810L, 0xb38bae12L, 0xdccf3f2eL, 
+	0x5512721fL, 0x2e6b7124L, 0x501adde6L, 0x9f84cd87L, 
+	0x7a584718L, 0x7408da17L, 0xbc9f9abcL, 0xe94b7d8cL, 
+	0xec7aec3aL, 0xdb851dfaL, 0x63094366L, 0xc464c3d2L, 
+	0xef1c1847L, 0x3215d908L, 0xdd433b37L, 0x24c2ba16L, 
+	0x12a14d43L, 0x2a65c451L, 0x50940002L, 0x133ae4ddL, 
+	0x71dff89eL, 0x10314e55L, 0x81ac77d6L, 0x5f11199bL, 
+	0x043556f1L, 0xd7a3c76bL, 0x3c11183bL, 0x5924a509L, 
+	0xf28fe6edL, 0x97f1fbfaL, 0x9ebabf2cL, 0x1e153c6eL, 
+	0x86e34570L, 0xeae96fb1L, 0x860e5e0aL, 0x5a3e2ab3L, 
+	0x771fe71cL, 0x4e3d06faL, 0x2965dcb9L, 0x99e71d0fL, 
+	0x803e89d6L, 0x5266c825L, 0x2e4cc978L, 0x9c10b36aL, 
+	0xc6150ebaL, 0x94e2ea78L, 0xa5fc3c53L, 0x1e0a2df4L, 
+	0xf2f74ea7L, 0x361d2b3dL, 0x1939260fL, 0x19c27960L, 
+	0x5223a708L, 0xf71312b6L, 0xebadfe6eL, 0xeac31f66L, 
+	0xe3bc4595L, 0xa67bc883L, 0xb17f37d1L, 0x018cff28L, 
+	0xc332ddefL, 0xbe6c5aa5L, 0x65582185L, 0x68ab9802L, 
+	0xeecea50fL, 0xdb2f953bL, 0x2aef7dadL, 0x5b6e2f84L, 
+	0x1521b628L, 0x29076170L, 0xecdd4775L, 0x619f1510L, 
+	0x13cca830L, 0xeb61bd96L, 0x0334fe1eL, 0xaa0363cfL, 
+	0xb5735c90L, 0x4c70a239L, 0xd59e9e0bL, 0xcbaade14L, 
+	0xeecc86bcL, 0x60622ca7L, 0x9cab5cabL, 0xb2f3846eL, 
+	0x648b1eafL, 0x19bdf0caL, 0xa02369b9L, 0x655abb50L, 
+	0x40685a32L, 0x3c2ab4b3L, 0x319ee9d5L, 0xc021b8f7L, 
+	0x9b540b19L, 0x875fa099L, 0x95f7997eL, 0x623d7da8L, 
+	0xf837889aL, 0x97e32d77L, 0x11ed935fL, 0x16681281L, 
+	0x0e358829L, 0xc7e61fd6L, 0x96dedfa1L, 0x7858ba99L, 
+	0x57f584a5L, 0x1b227263L, 0x9b83c3ffL, 0x1ac24696L, 
+	0xcdb30aebL, 0x532e3054L, 0x8fd948e4L, 0x6dbc3128L, 
+	0x58ebf2efL, 0x34c6ffeaL, 0xfe28ed61L, 0xee7c3c73L, 
+	0x5d4a14d9L, 0xe864b7e3L, 0x42105d14L, 0x203e13e0L, 
+	0x45eee2b6L, 0xa3aaabeaL, 0xdb6c4f15L, 0xfacb4fd0L, 
+	0xc742f442L, 0xef6abbb5L, 0x654f3b1dL, 0x41cd2105L, 
+	0xd81e799eL, 0x86854dc7L, 0xe44b476aL, 0x3d816250L, 
+	0xcf62a1f2L, 0x5b8d2646L, 0xfc8883a0L, 0xc1c7b6a3L, 
+	0x7f1524c3L, 0x69cb7492L, 0x47848a0bL, 0x5692b285L, 
+	0x095bbf00L, 0xad19489dL, 0x1462b174L, 0x23820e00L, 
+	0x58428d2aL, 0x0c55f5eaL, 0x1dadf43eL, 0x233f7061L, 
+	0x3372f092L, 0x8d937e41L, 0xd65fecf1L, 0x6c223bdbL, 
+	0x7cde3759L, 0xcbee7460L, 0x4085f2a7L, 0xce77326eL, 
+	0xa6078084L, 0x19f8509eL, 0xe8efd855L, 0x61d99735L, 
+	0xa969a7aaL, 0xc50c06c2L, 0x5a04abfcL, 0x800bcadcL, 
+	0x9e447a2eL, 0xc3453484L, 0xfdd56705L, 0x0e1e9ec9L, 
+	0xdb73dbd3L, 0x105588cdL, 0x675fda79L, 0xe3674340L, 
+	0xc5c43465L, 0x713e38d8L, 0x3d28f89eL, 0xf16dff20L, 
+	0x153e21e7L, 0x8fb03d4aL, 0xe6e39f2bL, 0xdb83adf7L, 
+	0xe93d5a68L, 0x948140f7L, 0xf64c261cL, 0x94692934L, 
+	0x411520f7L, 0x7602d4f7L, 0xbcf46b2eL, 0xd4a20068L, 
+	0xd4082471L, 0x3320f46aL, 0x43b7d4b7L, 0x500061afL, 
+	0x1e39f62eL, 0x97244546L, 0x14214f74L, 0xbf8b8840L, 
+	0x4d95fc1dL, 0x96b591afL, 0x70f4ddd3L, 0x66a02f45L, 
+	0xbfbc09ecL, 0x03bd9785L, 0x7fac6dd0L, 0x31cb8504L, 
+	0x96eb27b3L, 0x55fd3941L, 0xda2547e6L, 0xabca0a9aL, 
+	0x28507825L, 0x530429f4L, 0x0a2c86daL, 0xe9b66dfbL, 
+	0x68dc1462L, 0xd7486900L, 0x680ec0a4L, 0x27a18deeL, 
+	0x4f3ffea2L, 0xe887ad8cL, 0xb58ce006L, 0x7af4d6b6L, 
+	0xaace1e7cL, 0xd3375fecL, 0xce78a399L, 0x406b2a42L, 
+	0x20fe9e35L, 0xd9f385b9L, 0xee39d7abL, 0x3b124e8bL, 
+	0x1dc9faf7L, 0x4b6d1856L, 0x26a36631L, 0xeae397b2L, 
+	0x3a6efa74L, 0xdd5b4332L, 0x6841e7f7L, 0xca7820fbL, 
+	0xfb0af54eL, 0xd8feb397L, 0x454056acL, 0xba489527L, 
+	0x55533a3aL, 0x20838d87L, 0xfe6ba9b7L, 0xd096954bL, 
+	0x55a867bcL, 0xa1159a58L, 0xcca92963L, 0x99e1db33L, 
+	0xa62a4a56L, 0x3f3125f9L, 0x5ef47e1cL, 0x9029317cL, 
+	0xfdf8e802L, 0x04272f70L, 0x80bb155cL, 0x05282ce3L, 
+	0x95c11548L, 0xe4c66d22L, 0x48c1133fL, 0xc70f86dcL, 
+	0x07f9c9eeL, 0x41041f0fL, 0x404779a4L, 0x5d886e17L, 
+	0x325f51ebL, 0xd59bc0d1L, 0xf2bcc18fL, 0x41113564L, 
+	0x257b7834L, 0x602a9c60L, 0xdff8e8a3L, 0x1f636c1bL, 
+	0x0e12b4c2L, 0x02e1329eL, 0xaf664fd1L, 0xcad18115L, 
+	0x6b2395e0L, 0x333e92e1L, 0x3b240b62L, 0xeebeb922L, 
+	0x85b2a20eL, 0xe6ba0d99L, 0xde720c8cL, 0x2da2f728L, 
+	0xd0127845L, 0x95b794fdL, 0x647d0862L, 0xe7ccf5f0L, 
+	0x5449a36fL, 0x877d48faL, 0xc39dfd27L, 0xf33e8d1eL, 
+	0x0a476341L, 0x992eff74L, 0x3a6f6eabL, 0xf4f8fd37L, 
+	0xa812dc60L, 0xa1ebddf8L, 0x991be14cL, 0xdb6e6b0dL, 
+	0xc67b5510L, 0x6d672c37L, 0x2765d43bL, 0xdcd0e804L, 
+	0xf1290dc7L, 0xcc00ffa3L, 0xb5390f92L, 0x690fed0bL, 
+	0x667b9ffbL, 0xcedb7d9cL, 0xa091cf0bL, 0xd9155ea3L, 
+	0xbb132f88L, 0x515bad24L, 0x7b9479bfL, 0x763bd6ebL, 
+	0x37392eb3L, 0xcc115979L, 0x8026e297L, 0xf42e312dL, 
+	0x6842ada7L, 0xc66a2b3bL, 0x12754cccL, 0x782ef11cL, 
+	0x6a124237L, 0xb79251e7L, 0x06a1bbe6L, 0x4bfb6350L, 
+	0x1a6b1018L, 0x11caedfaL, 0x3d25bdd8L, 0xe2e1c3c9L, 
+	0x44421659L, 0x0a121386L, 0xd90cec6eL, 0xd5abea2aL, 
+	0x64af674eL, 0xda86a85fL, 0xbebfe988L, 0x64e4c3feL, 
+	0x9dbc8057L, 0xf0f7c086L, 0x60787bf8L, 0x6003604dL, 
+	0xd1fd8346L, 0xf6381fb0L, 0x7745ae04L, 0xd736fcccL, 
+	0x83426b33L, 0xf01eab71L, 0xb0804187L, 0x3c005e5fL, 
+	0x77a057beL, 0xbde8ae24L, 0x55464299L, 0xbf582e61L, 
+	0x4e58f48fL, 0xf2ddfda2L, 0xf474ef38L, 0x8789bdc2L, 
+	0x5366f9c3L, 0xc8b38e74L, 0xb475f255L, 0x46fcd9b9L, 
+	0x7aeb2661L, 0x8b1ddf84L, 0x846a0e79L, 0x915f95e2L, 
+	0x466e598eL, 0x20b45770L, 0x8cd55591L, 0xc902de4cL, 
+	0xb90bace1L, 0xbb8205d0L, 0x11a86248L, 0x7574a99eL, 
+	0xb77f19b6L, 0xe0a9dc09L, 0x662d09a1L, 0xc4324633L, 
+	0xe85a1f02L, 0x09f0be8cL, 0x4a99a025L, 0x1d6efe10L, 
+	0x1ab93d1dL, 0x0ba5a4dfL, 0xa186f20fL, 0x2868f169L, 
+	0xdcb7da83L, 0x573906feL, 0xa1e2ce9bL, 0x4fcd7f52L, 
+	0x50115e01L, 0xa70683faL, 0xa002b5c4L, 0x0de6d027L, 
+	0x9af88c27L, 0x773f8641L, 0xc3604c06L, 0x61a806b5L, 
+	0xf0177a28L, 0xc0f586e0L, 0x006058aaL, 0x30dc7d62L, 
+	0x11e69ed7L, 0x2338ea63L, 0x53c2dd94L, 0xc2c21634L, 
+	0xbbcbee56L, 0x90bcb6deL, 0xebfc7da1L, 0xce591d76L, 
+	0x6f05e409L, 0x4b7c0188L, 0x39720a3dL, 0x7c927c24L, 
+	0x86e3725fL, 0x724d9db9L, 0x1ac15bb4L, 0xd39eb8fcL, 
+	0xed545578L, 0x08fca5b5L, 0xd83d7cd3L, 0x4dad0fc4L, 
+	0x1e50ef5eL, 0xb161e6f8L, 0xa28514d9L, 0x6c51133cL, 
+	0x6fd5c7e7L, 0x56e14ec4L, 0x362abfceL, 0xddc6c837L, 
+	0xd79a3234L, 0x92638212L, 0x670efa8eL, 0x406000e0L, 
+	0x3a39ce37L, 0xd3faf5cfL, 0xabc27737L, 0x5ac52d1bL, 
+	0x5cb0679eL, 0x4fa33742L, 0xd3822740L, 0x99bc9bbeL, 
+	0xd5118e9dL, 0xbf0f7315L, 0xd62d1c7eL, 0xc700c47bL, 
+	0xb78c1b6bL, 0x21a19045L, 0xb26eb1beL, 0x6a366eb4L, 
+	0x5748ab2fL, 0xbc946e79L, 0xc6a376d2L, 0x6549c2c8L, 
+	0x530ff8eeL, 0x468dde7dL, 0xd5730a1dL, 0x4cd04dc6L, 
+	0x2939bbdbL, 0xa9ba4650L, 0xac9526e8L, 0xbe5ee304L, 
+	0xa1fad5f0L, 0x6a2d519aL, 0x63ef8ce2L, 0x9a86ee22L, 
+	0xc089c2b8L, 0x43242ef6L, 0xa51e03aaL, 0x9cf2d0a4L, 
+	0x83c061baL, 0x9be96a4dL, 0x8fe51550L, 0xba645bd6L, 
+	0x2826a2f9L, 0xa73a3ae1L, 0x4ba99586L, 0xef5562e9L, 
+	0xc72fefd3L, 0xf752f7daL, 0x3f046f69L, 0x77fa0a59L, 
+	0x80e4a915L, 0x87b08601L, 0x9b09e6adL, 0x3b3ee593L, 
+	0xe990fd5aL, 0x9e34d797L, 0x2cf0b7d9L, 0x022b8b51L, 
+	0x96d5ac3aL, 0x017da67dL, 0xd1cf3ed6L, 0x7c7d2d28L, 
+	0x1f9f25cfL, 0xadf2b89bL, 0x5ad6b472L, 0x5a88f54cL, 
+	0xe029ac71L, 0xe019a5e6L, 0x47b0acfdL, 0xed93fa9bL, 
+	0xe8d3c48dL, 0x283b57ccL, 0xf8d56629L, 0x79132e28L, 
+	0x785f0191L, 0xed756055L, 0xf7960e44L, 0xe3d35e8cL, 
+	0x15056dd4L, 0x88f46dbaL, 0x03a16125L, 0x0564f0bdL, 
+	0xc3eb9e15L, 0x3c9057a2L, 0x97271aecL, 0xa93a072aL, 
+	0x1b3f6d9bL, 0x1e6321f5L, 0xf59c66fbL, 0x26dcf319L, 
+	0x7533d928L, 0xb155fdf5L, 0x03563482L, 0x8aba3cbbL, 
+	0x28517711L, 0xc20ad9f8L, 0xabcc5167L, 0xccad925fL, 
+	0x4de81751L, 0x3830dc8eL, 0x379d5862L, 0x9320f991L, 
+	0xea7a90c2L, 0xfb3e7bceL, 0x5121ce64L, 0x774fbe32L, 
+	0xa8b6e37eL, 0xc3293d46L, 0x48de5369L, 0x6413e680L, 
+	0xa2ae0810L, 0xdd6db224L, 0x69852dfdL, 0x09072166L, 
+	0xb39a460aL, 0x6445c0ddL, 0x586cdecfL, 0x1c20c8aeL, 
+	0x5bbef7ddL, 0x1b588d40L, 0xccd2017fL, 0x6bb4e3bbL, 
+	0xdda26a7eL, 0x3a59ff45L, 0x3e350a44L, 0xbcb4cdd5L, 
+	0x72eacea8L, 0xfa6484bbL, 0x8d6612aeL, 0xbf3c6f47L, 
+	0xd29be463L, 0x542f5d9eL, 0xaec2771bL, 0xf64e6370L, 
+	0x740e0d8dL, 0xe75b1357L, 0xf8721671L, 0xaf537d5dL, 
+	0x4040cb08L, 0x4eb4e2ccL, 0x34d2466aL, 0x0115af84L, 
+	0xe1b00428L, 0x95983a1dL, 0x06b89fb4L, 0xce6ea048L, 
+	0x6f3f3b82L, 0x3520ab82L, 0x011a1d4bL, 0x277227f8L, 
+	0x611560b1L, 0xe7933fdcL, 0xbb3a792bL, 0x344525bdL, 
+	0xa08839e1L, 0x51ce794bL, 0x2f32c9b7L, 0xa01fbac9L, 
+	0xe01cc87eL, 0xbcc7d1f6L, 0xcf0111c3L, 0xa1e8aac7L, 
+	0x1a908749L, 0xd44fbd9aL, 0xd0dadecbL, 0xd50ada38L, 
+	0x0339c32aL, 0xc6913667L, 0x8df9317cL, 0xe0b12b4fL, 
+	0xf79e59b7L, 0x43f5bb3aL, 0xf2d519ffL, 0x27d9459cL, 
+	0xbf97222cL, 0x15e6fc2aL, 0x0f91fc71L, 0x9b941525L, 
+	0xfae59361L, 0xceb69cebL, 0xc2a86459L, 0x12baa8d1L, 
+	0xb6c1075eL, 0xe3056a0cL, 0x10d25065L, 0xcb03a442L, 
+	0xe0ec6e0eL, 0x1698db3bL, 0x4c98a0beL, 0x3278e964L, 
+	0x9f1f9532L, 0xe0d392dfL, 0xd3a0342bL, 0x8971f21eL, 
+	0x1b0a7441L, 0x4ba3348cL, 0xc5be7120L, 0xc37632d8L, 
+	0xdf359f8dL, 0x9b992f2eL, 0xe60b6f47L, 0x0fe3f11dL, 
+	0xe54cda54L, 0x1edad891L, 0xce6279cfL, 0xcd3e7e6fL, 
+	0x1618b166L, 0xfd2c1d05L, 0x848fd2c5L, 0xf6fb2299L, 
+	0xf523f357L, 0xa6327623L, 0x93a83531L, 0x56cccd02L, 
+	0xacf08162L, 0x5a75ebb5L, 0x6e163697L, 0x88d273ccL, 
+	0xde966292L, 0x81b949d0L, 0x4c50901bL, 0x71c65614L, 
+	0xe6c6c7bdL, 0x327a140aL, 0x45e1d006L, 0xc3f27b9aL, 
+	0xc9aa53fdL, 0x62a80f00L, 0xbb25bfe2L, 0x35bdd2f6L, 
+	0x71126905L, 0xb2040222L, 0xb6cbcf7cL, 0xcd769c2bL, 
+	0x53113ec0L, 0x1640e3d3L, 0x38abbd60L, 0x2547adf0L, 
+	0xba38209cL, 0xf746ce76L, 0x77afa1c5L, 0x20756060L, 
+	0x85cbfe4eL, 0x8ae88dd8L, 0x7aaaf9b0L, 0x4cf9aa7eL, 
+	0x1948c25cL, 0x02fb8a8cL, 0x01c36ae4L, 0xd6ebe1f9L, 
+	0x90d4f869L, 0xa65cdea0L, 0x3f09252dL, 0xc208e69fL, 
+	0xb74e6132L, 0xce77e25bL, 0x578fdfe3L, 0x3ac372e6L, 
+	}
+	};
+
diff --git a/crypto/openssl/crypto/bf/bf_skey.c b/crypto/openssl/crypto/bf/bf_skey.c
new file mode 100644
index 000000000000..eefa8e6f51dc
--- /dev/null
+++ b/crypto/openssl/crypto/bf/bf_skey.c
@@ -0,0 +1,116 @@
+/* crypto/bf/bf_skey.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+#include "bf_locl.h"
+#include "bf_pi.h"
+
+void BF_set_key(BF_KEY *key, int len, unsigned char *data)
+	{
+	int i;
+	BF_LONG *p,ri,in[2];
+	unsigned char *d,*end;
+
+
+	memcpy((char *)key,(char *)&bf_init,sizeof(BF_KEY));
+	p=key->P;
+
+	if (len > ((BF_ROUNDS+2)*4)) len=(BF_ROUNDS+2)*4;
+
+	d=data;
+	end= &(data[len]);
+	for (i=0; i<(BF_ROUNDS+2); i++)
+		{
+		ri= *(d++);
+		if (d >= end) d=data;
+
+		ri<<=8;
+		ri|= *(d++);
+		if (d >= end) d=data;
+
+		ri<<=8;
+		ri|= *(d++);
+		if (d >= end) d=data;
+
+		ri<<=8;
+		ri|= *(d++);
+		if (d >= end) d=data;
+
+		p[i]^=ri;
+		}
+
+	in[0]=0L;
+	in[1]=0L;
+	for (i=0; i<(BF_ROUNDS+2); i+=2)
+		{
+		BF_encrypt(in,key);
+		p[i  ]=in[0];
+		p[i+1]=in[1];
+		}
+
+	p=key->S;
+	for (i=0; i<4*256; i+=2)
+		{
+		BF_encrypt(in,key);
+		p[i  ]=in[0];
+		p[i+1]=in[1];
+		}
+	}
+
diff --git a/crypto/openssl/crypto/bf/bfs.cpp b/crypto/openssl/crypto/bf/bfs.cpp
new file mode 100644
index 000000000000..d74c45776078
--- /dev/null
+++ b/crypto/openssl/crypto/bf/bfs.cpp
@@ -0,0 +1,67 @@
+//
+// gettsc.inl
+//
+// gives access to the Pentium's (secret) cycle counter
+//
+// This software was written by Leonard Janke (janke@unixg.ubc.ca)
+// in 1996-7 and is entered, by him, into the public domain.
+
+#if defined(__WATCOMC__)
+void GetTSC(unsigned long&);
+#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
+#elif defined(__GNUC__)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  asm volatile(".byte 15, 49\n\t"
+	       : "=eax" (tsc)
+	       :
+	       : "%edx", "%eax");
+}
+#elif defined(_MSC_VER)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  unsigned long a;
+  __asm _emit 0fh
+  __asm _emit 31h
+  __asm mov a, eax;
+  tsc=a;
+}
+#endif      
+
+#include 
+#include 
+#include 
+
+void main(int argc,char *argv[])
+	{
+	BF_KEY key;
+	unsigned long s1,s2,e1,e2;
+	unsigned long data[2];
+	int i,j;
+
+	for (j=0; j<6; j++)
+		{
+		for (i=0; i<1000; i++) /**/
+			{
+			BF_encrypt(&data[0],&key);
+			GetTSC(s1);
+			BF_encrypt(&data[0],&key);
+			BF_encrypt(&data[0],&key);
+			BF_encrypt(&data[0],&key);
+			GetTSC(e1);
+			GetTSC(s2);
+			BF_encrypt(&data[0],&key);
+			BF_encrypt(&data[0],&key);
+			BF_encrypt(&data[0],&key);
+			BF_encrypt(&data[0],&key);
+			GetTSC(e2);
+			BF_encrypt(&data[0],&key);
+			}
+
+		printf("blowfish %d %d (%d)\n",
+			e1-s1,e2-s2,((e2-s2)-(e1-s1)));
+		}
+	}
+
diff --git a/crypto/openssl/crypto/bf/bfspeed.c b/crypto/openssl/crypto/bf/bfspeed.c
new file mode 100644
index 000000000000..9b893e92cc54
--- /dev/null
+++ b/crypto/openssl/crypto/bf/bfspeed.c
@@ -0,0 +1,274 @@
+/* crypto/bf/bfspeed.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* 11-Sep-92 Andrew Daviel   Support for Silicon Graphics IRIX added */
+/* 06-Apr-92 Luke Brennan    Support for VMS and add extra signal calls */
+
+#if !defined(MSDOS) && (!defined(VMS) || defined(__DECC))
+#define TIMES
+#endif
+
+#include 
+
+#include 
+#include OPENSSL_UNISTD_IO
+OPENSSL_DECLARE_EXIT
+
+#include 
+#ifndef _IRIX
+#include 
+#endif
+#ifdef TIMES
+#include 
+#include 
+#endif
+
+/* Depending on the VMS version, the tms structure is perhaps defined.
+   The __TMS macro will show if it was.  If it wasn't defined, we should
+   undefine TIMES, since that tells the rest of the program how things
+   should be handled.				-- Richard Levitte */
+#if defined(VMS) && defined(__DECC) && !defined(__TMS)
+#undef TIMES
+#endif
+
+#ifndef TIMES
+#include 
+#endif
+
+#if defined(sun) || defined(__ultrix)
+#define _POSIX_SOURCE
+#include 
+#include 
+#endif
+
+#include 
+
+/* The following if from times(3) man page.  It may need to be changed */
+#ifndef HZ
+#ifndef CLK_TCK
+#define HZ	100.0
+#else /* CLK_TCK */
+#define HZ ((double)CLK_TCK)
+#endif
+#endif
+
+#define BUFSIZE	((long)1024)
+long run=0;
+
+double Time_F(int s);
+#ifdef SIGALRM
+#if defined(__STDC__) || defined(sgi) || defined(_AIX)
+#define SIGRETTYPE void
+#else
+#define SIGRETTYPE int
+#endif
+
+SIGRETTYPE sig_done(int sig);
+SIGRETTYPE sig_done(int sig)
+	{
+	signal(SIGALRM,sig_done);
+	run=0;
+#ifdef LINT
+	sig=sig;
+#endif
+	}
+#endif
+
+#define START	0
+#define STOP	1
+
+double Time_F(int s)
+	{
+	double ret;
+#ifdef TIMES
+	static struct tms tstart,tend;
+
+	if (s == START)
+		{
+		times(&tstart);
+		return(0);
+		}
+	else
+		{
+		times(&tend);
+		ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
+		return((ret == 0.0)?1e-6:ret);
+		}
+#else /* !times() */
+	static struct timeb tstart,tend;
+	long i;
+
+	if (s == START)
+		{
+		ftime(&tstart);
+		return(0);
+		}
+	else
+		{
+		ftime(&tend);
+		i=(long)tend.millitm-(long)tstart.millitm;
+		ret=((double)(tend.time-tstart.time))+((double)i)/1e3;
+		return((ret == 0.0)?1e-6:ret);
+		}
+#endif
+	}
+
+int main(int argc, char **argv)
+	{
+	long count;
+	static unsigned char buf[BUFSIZE];
+	static unsigned char key[] ={
+			0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
+			0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10,
+			};
+	BF_KEY sch;
+	double a,b,c,d;
+#ifndef SIGALRM
+	long ca,cb,cc;
+#endif
+
+#ifndef TIMES
+	printf("To get the most acurate results, try to run this\n");
+	printf("program when this computer is idle.\n");
+#endif
+
+#ifndef SIGALRM
+	printf("First we calculate the approximate speed ...\n");
+	BF_set_key(&sch,16,key);
+	count=10;
+	do	{
+		long i;
+		BF_LONG data[2];
+
+		count*=2;
+		Time_F(START);
+		for (i=count; i; i--)
+			BF_encrypt(data,&sch);
+		d=Time_F(STOP);
+		} while (d < 3.0);
+	ca=count/512;
+	cb=count;
+	cc=count*8/BUFSIZE+1;
+	printf("Doing BF_set_key %ld times\n",ca);
+#define COND(d)	(count != (d))
+#define COUNT(d) (d)
+#else
+#define COND(c)	(run)
+#define COUNT(d) (count)
+	signal(SIGALRM,sig_done);
+	printf("Doing BF_set_key for 10 seconds\n");
+	alarm(10);
+#endif
+
+	Time_F(START);
+	for (count=0,run=1; COND(ca); count+=4)
+		{
+		BF_set_key(&sch,16,key);
+		BF_set_key(&sch,16,key);
+		BF_set_key(&sch,16,key);
+		BF_set_key(&sch,16,key);
+		}
+	d=Time_F(STOP);
+	printf("%ld BF_set_key's in %.2f seconds\n",count,d);
+	a=((double)COUNT(ca))/d;
+
+#ifdef SIGALRM
+	printf("Doing BF_encrypt's for 10 seconds\n");
+	alarm(10);
+#else
+	printf("Doing BF_encrypt %ld times\n",cb);
+#endif
+	Time_F(START);
+	for (count=0,run=1; COND(cb); count+=4)
+		{
+		BF_LONG data[2];
+
+		BF_encrypt(data,&sch);
+		BF_encrypt(data,&sch);
+		BF_encrypt(data,&sch);
+		BF_encrypt(data,&sch);
+		}
+	d=Time_F(STOP);
+	printf("%ld BF_encrypt's in %.2f second\n",count,d);
+	b=((double)COUNT(cb)*8)/d;
+
+#ifdef SIGALRM
+	printf("Doing BF_cbc_encrypt on %ld byte blocks for 10 seconds\n",
+		BUFSIZE);
+	alarm(10);
+#else
+	printf("Doing BF_cbc_encrypt %ld times on %ld byte blocks\n",cc,
+		BUFSIZE);
+#endif
+	Time_F(START);
+	for (count=0,run=1; COND(cc); count++)
+		BF_cbc_encrypt(buf,buf,BUFSIZE,&sch,
+			&(key[0]),BF_ENCRYPT);
+	d=Time_F(STOP);
+	printf("%ld BF_cbc_encrypt's of %ld byte blocks in %.2f second\n",
+		count,BUFSIZE,d);
+	c=((double)COUNT(cc)*BUFSIZE)/d;
+
+	printf("Blowfish set_key       per sec = %12.3f (%9.3fuS)\n",a,1.0e6/a);
+	printf("Blowfish raw ecb bytes per sec = %12.3f (%9.3fuS)\n",b,8.0e6/b);
+	printf("Blowfish cbc     bytes per sec = %12.3f (%9.3fuS)\n",c,8.0e6/c);
+	exit(0);
+#if defined(LINT) || defined(MSDOS)
+	return(0);
+#endif
+	}
diff --git a/crypto/openssl/crypto/bf/bftest.c b/crypto/openssl/crypto/bf/bftest.c
new file mode 100644
index 000000000000..6ecd2609a929
--- /dev/null
+++ b/crypto/openssl/crypto/bf/bftest.c
@@ -0,0 +1,533 @@
+/* crypto/bf/bftest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* This has been a quickly hacked 'ideatest.c'.  When I add tests for other
+ * RC2 modes, more of the code will be uncommented. */
+
+#include 
+#include 
+#include 
+
+#ifdef NO_BF
+int main(int argc, char *argv[])
+{
+    printf("No BF support\n");
+    return(0);
+}
+#else
+#include 
+
+#ifdef CHARSET_EBCDIC
+#include 
+#endif
+
+char *bf_key[2]={
+	"abcdefghijklmnopqrstuvwxyz",
+	"Who is John Galt?"
+	};
+
+/* big endian */
+BF_LONG bf_plain[2][2]={
+	{0x424c4f57L,0x46495348L},
+	{0xfedcba98L,0x76543210L}
+	};
+
+BF_LONG bf_cipher[2][2]={
+	{0x324ed0feL,0xf413a203L},
+	{0xcc91732bL,0x8022f684L}
+	};
+/************/
+
+/* Lets use the DES test vectors :-) */
+#define NUM_TESTS 34
+static unsigned char ecb_data[NUM_TESTS][8]={
+	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+	{0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
+	{0x30,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+	{0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
+	{0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+	{0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
+	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+	{0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10},
+	{0x7C,0xA1,0x10,0x45,0x4A,0x1A,0x6E,0x57},
+	{0x01,0x31,0xD9,0x61,0x9D,0xC1,0x37,0x6E},
+	{0x07,0xA1,0x13,0x3E,0x4A,0x0B,0x26,0x86},
+	{0x38,0x49,0x67,0x4C,0x26,0x02,0x31,0x9E},
+	{0x04,0xB9,0x15,0xBA,0x43,0xFE,0xB5,0xB6},
+	{0x01,0x13,0xB9,0x70,0xFD,0x34,0xF2,0xCE},
+	{0x01,0x70,0xF1,0x75,0x46,0x8F,0xB5,0xE6},
+	{0x43,0x29,0x7F,0xAD,0x38,0xE3,0x73,0xFE},
+	{0x07,0xA7,0x13,0x70,0x45,0xDA,0x2A,0x16},
+	{0x04,0x68,0x91,0x04,0xC2,0xFD,0x3B,0x2F},
+	{0x37,0xD0,0x6B,0xB5,0x16,0xCB,0x75,0x46},
+	{0x1F,0x08,0x26,0x0D,0x1A,0xC2,0x46,0x5E},
+	{0x58,0x40,0x23,0x64,0x1A,0xBA,0x61,0x76},
+	{0x02,0x58,0x16,0x16,0x46,0x29,0xB0,0x07},
+	{0x49,0x79,0x3E,0xBC,0x79,0xB3,0x25,0x8F},
+	{0x4F,0xB0,0x5E,0x15,0x15,0xAB,0x73,0xA7},
+	{0x49,0xE9,0x5D,0x6D,0x4C,0xA2,0x29,0xBF},
+	{0x01,0x83,0x10,0xDC,0x40,0x9B,0x26,0xD6},
+	{0x1C,0x58,0x7F,0x1C,0x13,0x92,0x4F,0xEF},
+	{0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01},
+	{0x1F,0x1F,0x1F,0x1F,0x0E,0x0E,0x0E,0x0E},
+	{0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1,0xFE},
+	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+	{0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
+	{0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+	{0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10}};
+
+static unsigned char plain_data[NUM_TESTS][8]={
+	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+	{0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
+	{0x10,0x00,0x00,0x00,0x00,0x00,0x00,0x01},
+	{0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
+	{0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
+	{0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+	{0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+	{0x01,0xA1,0xD6,0xD0,0x39,0x77,0x67,0x42},
+	{0x5C,0xD5,0x4C,0xA8,0x3D,0xEF,0x57,0xDA},
+	{0x02,0x48,0xD4,0x38,0x06,0xF6,0x71,0x72},
+	{0x51,0x45,0x4B,0x58,0x2D,0xDF,0x44,0x0A},
+	{0x42,0xFD,0x44,0x30,0x59,0x57,0x7F,0xA2},
+	{0x05,0x9B,0x5E,0x08,0x51,0xCF,0x14,0x3A},
+	{0x07,0x56,0xD8,0xE0,0x77,0x47,0x61,0xD2},
+	{0x76,0x25,0x14,0xB8,0x29,0xBF,0x48,0x6A},
+	{0x3B,0xDD,0x11,0x90,0x49,0x37,0x28,0x02},
+	{0x26,0x95,0x5F,0x68,0x35,0xAF,0x60,0x9A},
+	{0x16,0x4D,0x5E,0x40,0x4F,0x27,0x52,0x32},
+	{0x6B,0x05,0x6E,0x18,0x75,0x9F,0x5C,0xCA},
+	{0x00,0x4B,0xD6,0xEF,0x09,0x17,0x60,0x62},
+	{0x48,0x0D,0x39,0x00,0x6E,0xE7,0x62,0xF2},
+	{0x43,0x75,0x40,0xC8,0x69,0x8F,0x3C,0xFA},
+	{0x07,0x2D,0x43,0xA0,0x77,0x07,0x52,0x92},
+	{0x02,0xFE,0x55,0x77,0x81,0x17,0xF1,0x2A},
+	{0x1D,0x9D,0x5C,0x50,0x18,0xF7,0x28,0xC2},
+	{0x30,0x55,0x32,0x28,0x6D,0x6F,0x29,0x5A},
+	{0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+	{0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+	{0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+	{0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
+	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+	{0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF}};
+
+static unsigned char cipher_data[NUM_TESTS][8]={
+	{0x4E,0xF9,0x97,0x45,0x61,0x98,0xDD,0x78},
+	{0x51,0x86,0x6F,0xD5,0xB8,0x5E,0xCB,0x8A},
+	{0x7D,0x85,0x6F,0x9A,0x61,0x30,0x63,0xF2},
+	{0x24,0x66,0xDD,0x87,0x8B,0x96,0x3C,0x9D},
+	{0x61,0xF9,0xC3,0x80,0x22,0x81,0xB0,0x96},
+	{0x7D,0x0C,0xC6,0x30,0xAF,0xDA,0x1E,0xC7},
+	{0x4E,0xF9,0x97,0x45,0x61,0x98,0xDD,0x78},
+	{0x0A,0xCE,0xAB,0x0F,0xC6,0xA0,0xA2,0x8D},
+	{0x59,0xC6,0x82,0x45,0xEB,0x05,0x28,0x2B},
+	{0xB1,0xB8,0xCC,0x0B,0x25,0x0F,0x09,0xA0},
+	{0x17,0x30,0xE5,0x77,0x8B,0xEA,0x1D,0xA4},
+	{0xA2,0x5E,0x78,0x56,0xCF,0x26,0x51,0xEB},
+	{0x35,0x38,0x82,0xB1,0x09,0xCE,0x8F,0x1A},
+	{0x48,0xF4,0xD0,0x88,0x4C,0x37,0x99,0x18},
+	{0x43,0x21,0x93,0xB7,0x89,0x51,0xFC,0x98},
+	{0x13,0xF0,0x41,0x54,0xD6,0x9D,0x1A,0xE5},
+	{0x2E,0xED,0xDA,0x93,0xFF,0xD3,0x9C,0x79},
+	{0xD8,0x87,0xE0,0x39,0x3C,0x2D,0xA6,0xE3},
+	{0x5F,0x99,0xD0,0x4F,0x5B,0x16,0x39,0x69},
+	{0x4A,0x05,0x7A,0x3B,0x24,0xD3,0x97,0x7B},
+	{0x45,0x20,0x31,0xC1,0xE4,0xFA,0xDA,0x8E},
+	{0x75,0x55,0xAE,0x39,0xF5,0x9B,0x87,0xBD},
+	{0x53,0xC5,0x5F,0x9C,0xB4,0x9F,0xC0,0x19},
+	{0x7A,0x8E,0x7B,0xFA,0x93,0x7E,0x89,0xA3},
+	{0xCF,0x9C,0x5D,0x7A,0x49,0x86,0xAD,0xB5},
+	{0xD1,0xAB,0xB2,0x90,0x65,0x8B,0xC7,0x78},
+	{0x55,0xCB,0x37,0x74,0xD1,0x3E,0xF2,0x01},
+	{0xFA,0x34,0xEC,0x48,0x47,0xB2,0x68,0xB2},
+	{0xA7,0x90,0x79,0x51,0x08,0xEA,0x3C,0xAE},
+	{0xC3,0x9E,0x07,0x2D,0x9F,0xAC,0x63,0x1D},
+	{0x01,0x49,0x33,0xE0,0xCD,0xAF,0xF6,0xE4},
+	{0xF2,0x1E,0x9A,0x77,0xB7,0x1C,0x49,0xBC},
+	{0x24,0x59,0x46,0x88,0x57,0x54,0x36,0x9A},
+	{0x6B,0x5C,0x5A,0x9C,0x5D,0x9E,0x0A,0x5A},
+	};
+
+static unsigned char cbc_key [16]={
+	0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
+	0xf0,0xe1,0xd2,0xc3,0xb4,0xa5,0x96,0x87};
+static unsigned char cbc_iv [8]={0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10};
+static char cbc_data[40]="7654321 Now is the time for ";
+static unsigned char cbc_ok[32]={
+	0x6B,0x77,0xB4,0xD6,0x30,0x06,0xDE,0xE6,
+	0x05,0xB1,0x56,0xE2,0x74,0x03,0x97,0x93,
+	0x58,0xDE,0xB9,0xE7,0x15,0x46,0x16,0xD9,
+	0x59,0xF1,0x65,0x2B,0xD5,0xFF,0x92,0xCC};
+
+static unsigned char cfb64_ok[]={
+	0xE7,0x32,0x14,0xA2,0x82,0x21,0x39,0xCA,
+	0xF2,0x6E,0xCF,0x6D,0x2E,0xB9,0xE7,0x6E,
+	0x3D,0xA3,0xDE,0x04,0xD1,0x51,0x72,0x00,
+	0x51,0x9D,0x57,0xA6,0xC3};
+
+static unsigned char ofb64_ok[]={
+	0xE7,0x32,0x14,0xA2,0x82,0x21,0x39,0xCA,
+	0x62,0xB3,0x43,0xCC,0x5B,0x65,0x58,0x73,
+	0x10,0xDD,0x90,0x8D,0x0C,0x24,0x1B,0x22,
+	0x63,0xC2,0xCF,0x80,0xDA};
+
+#define KEY_TEST_NUM	25
+unsigned char key_test[KEY_TEST_NUM]={
+	0xf0,0xe1,0xd2,0xc3,0xb4,0xa5,0x96,0x87,
+	0x78,0x69,0x5a,0x4b,0x3c,0x2d,0x1e,0x0f,
+	0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77,
+	0x88};
+
+unsigned char key_data[8]=
+	{0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10};
+
+unsigned char key_out[KEY_TEST_NUM][8]={
+	{0xF9,0xAD,0x59,0x7C,0x49,0xDB,0x00,0x5E},
+	{0xE9,0x1D,0x21,0xC1,0xD9,0x61,0xA6,0xD6},
+	{0xE9,0xC2,0xB7,0x0A,0x1B,0xC6,0x5C,0xF3},
+	{0xBE,0x1E,0x63,0x94,0x08,0x64,0x0F,0x05},
+	{0xB3,0x9E,0x44,0x48,0x1B,0xDB,0x1E,0x6E},
+	{0x94,0x57,0xAA,0x83,0xB1,0x92,0x8C,0x0D},
+	{0x8B,0xB7,0x70,0x32,0xF9,0x60,0x62,0x9D},
+	{0xE8,0x7A,0x24,0x4E,0x2C,0xC8,0x5E,0x82},
+	{0x15,0x75,0x0E,0x7A,0x4F,0x4E,0xC5,0x77},
+	{0x12,0x2B,0xA7,0x0B,0x3A,0xB6,0x4A,0xE0},
+	{0x3A,0x83,0x3C,0x9A,0xFF,0xC5,0x37,0xF6},
+	{0x94,0x09,0xDA,0x87,0xA9,0x0F,0x6B,0xF2},
+	{0x88,0x4F,0x80,0x62,0x50,0x60,0xB8,0xB4},
+	{0x1F,0x85,0x03,0x1C,0x19,0xE1,0x19,0x68},
+	{0x79,0xD9,0x37,0x3A,0x71,0x4C,0xA3,0x4F},
+	{0x93,0x14,0x28,0x87,0xEE,0x3B,0xE1,0x5C},
+	{0x03,0x42,0x9E,0x83,0x8C,0xE2,0xD1,0x4B},
+	{0xA4,0x29,0x9E,0x27,0x46,0x9F,0xF6,0x7B},
+	{0xAF,0xD5,0xAE,0xD1,0xC1,0xBC,0x96,0xA8},
+	{0x10,0x85,0x1C,0x0E,0x38,0x58,0xDA,0x9F},
+	{0xE6,0xF5,0x1E,0xD7,0x9B,0x9D,0xB2,0x1F},
+	{0x64,0xA6,0xE1,0x4A,0xFD,0x36,0xB4,0x6F},
+	{0x80,0xC7,0xD7,0xD4,0x5A,0x54,0x79,0xAD},
+	{0x05,0x04,0x4B,0x62,0xFA,0x52,0xD0,0x80},
+	};
+
+static int test(void );
+static int print_test_data(void );
+int main(int argc, char *argv[])
+	{
+	int ret;
+
+	if (argc > 1)
+		ret=print_test_data();
+	else
+		ret=test();
+
+	exit(ret);
+	return(0);
+	}
+
+static int print_test_data(void)
+	{
+	unsigned int i,j;
+
+	printf("ecb test data\n");
+	printf("key bytes\t\tclear bytes\t\tcipher bytes\n");
+	for (i=0; i
+ */
+#else
+#define BF_LONG unsigned int
+#endif
+
+#define BF_ROUNDS	16
+#define BF_BLOCK	8
+
+typedef struct bf_key_st
+	{
+	BF_LONG P[BF_ROUNDS+2];
+	BF_LONG S[4*256];
+	} BF_KEY;
+
+ 
+void BF_set_key(BF_KEY *key, int len, unsigned char *data);
+void BF_ecb_encrypt(unsigned char *in,unsigned char *out,BF_KEY *key,
+	int enc);
+void BF_encrypt(BF_LONG *data,BF_KEY *key);
+void BF_decrypt(BF_LONG *data,BF_KEY *key);
+void BF_cbc_encrypt(unsigned char *in, unsigned char *out, long length,
+	BF_KEY *ks, unsigned char *iv, int enc);
+void BF_cfb64_encrypt(unsigned char *in, unsigned char *out, long length,
+	BF_KEY *schedule, unsigned char *ivec, int *num, int enc);
+void BF_ofb64_encrypt(unsigned char *in, unsigned char *out, long length,
+	BF_KEY *schedule, unsigned char *ivec, int *num);
+const char *BF_options(void);
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
diff --git a/crypto/openssl/crypto/bio/Makefile.ssl b/crypto/openssl/crypto/bio/Makefile.ssl
new file mode 100644
index 000000000000..f54c7ee1f09e
--- /dev/null
+++ b/crypto/openssl/crypto/bio/Makefile.ssl
@@ -0,0 +1,210 @@
+#
+# SSLeay/crypto/bio/Makefile
+#
+
+DIR=	bio
+TOP=	../..
+CC=	cc
+INCLUDES= -I.. -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=		make -f Makefile.ssl
+MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+MAKEFILE=	Makefile.ssl
+AR=		ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= bio_lib.c bio_cb.c bio_err.c \
+	bss_mem.c bss_null.c bss_fd.c \
+	bss_file.c bss_sock.c bss_conn.c \
+	bf_null.c bf_buff.c b_print.c b_dump.c \
+	b_sock.c bss_acpt.c bf_nbio.c bss_log.c bss_bio.c
+LIBOBJ= bio_lib.o bio_cb.o bio_err.o \
+	bss_mem.o bss_null.o bss_fd.o \
+	bss_file.o bss_sock.o bss_conn.o \
+	bf_null.o bf_buff.o b_print.o b_dump.o \
+	b_sock.o bss_acpt.o bf_nbio.o bss_log.o bss_bio.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= bio.h
+HEADER=	bss_file.c $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:	lib
+
+lib:	$(LIBOBJ)
+	$(AR) $(LIB) $(LIBOBJ)
+	$(RANLIB) $(LIB)
+	@touch lib
+
+files:
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+	@for i in $(EXHEADER); \
+	do  \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+	done;
+
+tags:
+	ctags $(SRC)
+
+tests:
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+
+dclean:
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+b_dump.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+b_dump.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+b_dump.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+b_dump.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+b_dump.o: ../../include/openssl/stack.h ../cryptlib.h
+b_print.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+b_print.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+b_print.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+b_print.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+b_print.o: ../../include/openssl/stack.h ../cryptlib.h
+b_sock.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+b_sock.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+b_sock.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+b_sock.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+b_sock.o: ../../include/openssl/stack.h ../cryptlib.h
+bf_buff.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+bf_buff.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+bf_buff.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+bf_buff.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+bf_buff.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+bf_buff.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+bf_buff.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+bf_buff.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+bf_buff.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+bf_buff.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+bf_buff.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+bf_buff.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+bf_buff.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+bf_buff.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+bf_buff.o: ../../include/openssl/stack.h ../cryptlib.h
+bf_nbio.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+bf_nbio.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+bf_nbio.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+bf_nbio.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+bf_nbio.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+bf_nbio.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+bf_nbio.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+bf_nbio.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+bf_nbio.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+bf_nbio.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+bf_nbio.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+bf_nbio.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+bf_nbio.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+bf_nbio.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+bf_nbio.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+bf_nbio.o: ../cryptlib.h
+bf_null.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+bf_null.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+bf_null.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+bf_null.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+bf_null.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+bf_null.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+bf_null.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+bf_null.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+bf_null.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+bf_null.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+bf_null.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+bf_null.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+bf_null.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+bf_null.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+bf_null.o: ../../include/openssl/stack.h ../cryptlib.h
+bio_cb.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+bio_cb.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+bio_cb.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bio_cb.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bio_cb.o: ../../include/openssl/stack.h ../cryptlib.h
+bio_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+bio_err.o: ../../include/openssl/err.h ../../include/openssl/opensslv.h
+bio_err.o: ../../include/openssl/stack.h
+bio_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+bio_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+bio_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bio_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bio_lib.o: ../../include/openssl/stack.h ../cryptlib.h
+bss_acpt.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+bss_acpt.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+bss_acpt.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bss_acpt.o: ../../include/openssl/opensslconf.h
+bss_acpt.o: ../../include/openssl/opensslv.h ../../include/openssl/stack.h
+bss_acpt.o: ../cryptlib.h
+bss_bio.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+bss_bio.o: ../../include/openssl/err.h ../../include/openssl/opensslv.h
+bss_bio.o: ../../include/openssl/stack.h
+bss_conn.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+bss_conn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+bss_conn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bss_conn.o: ../../include/openssl/opensslconf.h
+bss_conn.o: ../../include/openssl/opensslv.h ../../include/openssl/stack.h
+bss_conn.o: ../cryptlib.h
+bss_fd.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+bss_fd.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+bss_fd.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bss_fd.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bss_fd.o: ../../include/openssl/stack.h ../cryptlib.h bss_sock.c
+bss_file.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+bss_file.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+bss_file.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bss_file.o: ../../include/openssl/opensslconf.h
+bss_file.o: ../../include/openssl/opensslv.h ../../include/openssl/stack.h
+bss_file.o: ../cryptlib.h
+bss_log.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+bss_log.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+bss_log.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bss_log.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bss_log.o: ../../include/openssl/stack.h ../cryptlib.h
+bss_mem.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+bss_mem.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+bss_mem.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bss_mem.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bss_mem.o: ../../include/openssl/stack.h ../cryptlib.h
+bss_null.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+bss_null.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+bss_null.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bss_null.o: ../../include/openssl/opensslconf.h
+bss_null.o: ../../include/openssl/opensslv.h ../../include/openssl/stack.h
+bss_null.o: ../cryptlib.h
+bss_sock.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+bss_sock.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+bss_sock.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bss_sock.o: ../../include/openssl/opensslconf.h
+bss_sock.o: ../../include/openssl/opensslv.h ../../include/openssl/stack.h
+bss_sock.o: ../cryptlib.h
diff --git a/crypto/openssl/crypto/bio/b_dump.c b/crypto/openssl/crypto/bio/b_dump.c
new file mode 100644
index 000000000000..a7cd82897850
--- /dev/null
+++ b/crypto/openssl/crypto/bio/b_dump.c
@@ -0,0 +1,128 @@
+/* crypto/bio/b_dump.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* 
+ * Stolen from tjh's ssl/ssl_trc.c stuff.
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+
+#define TRUNCATE
+#define DUMP_WIDTH	16
+
+int BIO_dump(BIO *bio, const char *s, int len)
+{
+  int ret=0;
+  char buf[160+1],tmp[20];
+  int i,j,rows,trunc;
+  unsigned char ch;
+
+  trunc=0;
+
+#ifdef TRUNCATE
+  for(; (len > 0) && ((s[len-1] == ' ') || (s[len-1] == '\0')); len--) 
+    trunc++;
+#endif
+
+  rows=(len/DUMP_WIDTH);
+  if ((rows*DUMP_WIDTH)=len) {
+	strcat(buf,"   ");
+      } else {
+        ch=((unsigned char)*((char *)(s)+i*DUMP_WIDTH+j)) & 0xff;
+	sprintf(tmp,"%02x%c",ch,j==7?'-':' ');
+        strcat(buf,tmp);
+      }
+    }
+    strcat(buf,"  ");
+    for(j=0;j=len)
+	break;
+      ch=((unsigned char)*((char *)(s)+i*DUMP_WIDTH+j)) & 0xff;
+#ifndef CHARSET_EBCDIC
+      sprintf(tmp,"%c",((ch>=' ')&&(ch<='~'))?ch:'.');
+#else
+      sprintf(tmp,"%c",((ch>=os_toascii[' '])&&(ch<=os_toascii['~']))
+	      ? os_toebcdic[ch]
+	      : '.');
+#endif
+      strcat(buf,tmp);
+    }
+    strcat(buf,"\n");
+    /* if this is the last call then update the ddt_dump thing so that
+     * we will move the selection point in the debug window 
+     */
+    ret+=BIO_write(bio,(char *)buf,strlen(buf));
+  }
+#ifdef TRUNCATE
+  if (trunc > 0) {
+    sprintf(buf,"%04x - \n",len+trunc);
+    ret+=BIO_write(bio,(char *)buf,strlen(buf));
+  }
+#endif
+  return(ret);
+}
+
diff --git a/crypto/openssl/crypto/bio/b_print.c b/crypto/openssl/crypto/bio/b_print.c
new file mode 100644
index 000000000000..f448004298af
--- /dev/null
+++ b/crypto/openssl/crypto/bio/b_print.c
@@ -0,0 +1,87 @@
+/* crypto/bio/b_print.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* 
+ * Stolen from tjh's ssl/ssl_trc.c stuff.
+ */
+
+#include 
+#include 
+#include "cryptlib.h"
+#include 
+
+int BIO_printf (BIO *bio, ...)
+	{
+	va_list args;
+	char *format;
+	int ret;
+	MS_STATIC char hugebuf[1024*2]; /* 10k in one chunk is the limit */
+
+	va_start(args, bio);
+	format=va_arg(args, char *);
+
+	hugebuf[0]='\0';
+
+	vsprintf(hugebuf,format,args);
+
+	ret=BIO_write(bio,hugebuf,strlen(hugebuf));
+
+	va_end(args);
+	return(ret);
+	}
+
diff --git a/crypto/openssl/crypto/bio/b_sock.c b/crypto/openssl/crypto/bio/b_sock.c
new file mode 100644
index 000000000000..d29b29ff8b32
--- /dev/null
+++ b/crypto/openssl/crypto/bio/b_sock.c
@@ -0,0 +1,703 @@
+/* crypto/bio/b_sock.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef NO_SOCK
+
+#include 
+#include 
+#include 
+#define USE_SOCKETS
+#include "cryptlib.h"
+#include 
+
+#ifdef WIN16
+#define SOCKET_PROTOCOL 0 /* more microsoft stupidity */
+#else
+#define SOCKET_PROTOCOL IPPROTO_TCP
+#endif
+
+#ifdef SO_MAXCONN
+#define MAX_LISTEN  SOMAXCONN
+#elif defined(SO_MAXCONN)
+#define MAX_LISTEN  SO_MAXCONN
+#else
+#define MAX_LISTEN  32
+#endif
+
+#ifdef WINDOWS
+static int wsa_init_done=0;
+#endif
+
+static unsigned long BIO_ghbn_hits=0L;
+static unsigned long BIO_ghbn_miss=0L;
+
+#define GHBN_NUM	4
+static struct ghbn_cache_st
+	{
+	char name[129];
+	struct hostent *ent;
+	unsigned long order;
+	} ghbn_cache[GHBN_NUM];
+
+static int get_ip(const char *str,unsigned char *ip);
+static void ghbn_free(struct hostent *a);
+static struct hostent *ghbn_dup(struct hostent *a);
+int BIO_get_host_ip(const char *str, unsigned char *ip)
+	{
+	int i;
+	int err = 1;
+	int locked = 0;
+	struct hostent *he;
+
+	i=get_ip(str,ip);
+	if (i > 0) return(1);
+	if (i < 0)
+		{
+		BIOerr(BIO_F_BIO_GET_HOST_IP,BIO_R_INVALID_IP_ADDRESS);
+		goto err;
+		}
+
+	/* do a gethostbyname */
+	if (!BIO_sock_init())
+		return(0); /* don't generate another error code here */
+
+	CRYPTO_w_lock(CRYPTO_LOCK_GETHOSTBYNAME);
+	locked = 1;
+	he=BIO_gethostbyname(str);
+	if (he == NULL)
+		{
+		BIOerr(BIO_F_BIO_GET_HOST_IP,BIO_R_BAD_HOSTNAME_LOOKUP);
+		goto err;
+		}
+
+	/* cast to short because of win16 winsock definition */
+	if ((short)he->h_addrtype != AF_INET)
+		{
+		BIOerr(BIO_F_BIO_GET_HOST_IP,BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET);
+		goto err;
+		}
+	for (i=0; i<4; i++)
+		ip[i]=he->h_addr_list[0][i];
+	err = 0;
+
+ err:
+	if (locked)
+		CRYPTO_w_unlock(CRYPTO_LOCK_GETHOSTBYNAME);
+	if (err)
+		{
+		ERR_add_error_data(2,"host=",str);
+		return 0;
+		}
+	else
+		return 1;
+	}
+
+int BIO_get_port(const char *str, unsigned short *port_ptr)
+	{
+	int i;
+	struct servent *s;
+
+	if (str == NULL)
+		{
+		BIOerr(BIO_F_BIO_GET_PORT,BIO_R_NO_PORT_DEFINED);
+		return(0);
+		}
+	i=atoi(str);
+	if (i != 0)
+		*port_ptr=(unsigned short)i;
+	else
+		{
+		CRYPTO_w_lock(CRYPTO_LOCK_GETSERVBYNAME);
+ 		s=getservbyname(str,"tcp");
+		if(s != NULL)
+			*port_ptr=ntohs((unsigned short)s->s_port);
+		CRYPTO_w_unlock(CRYPTO_LOCK_GETSERVBYNAME);
+		if(s == NULL)
+			{
+			if (strcmp(str,"http") == 0)
+				*port_ptr=80;
+			else if (strcmp(str,"telnet") == 0)
+				*port_ptr=23;
+			else if (strcmp(str,"socks") == 0)
+				*port_ptr=1080;
+			else if (strcmp(str,"https") == 0)
+				*port_ptr=443;
+			else if (strcmp(str,"ssl") == 0)
+				*port_ptr=443;
+			else if (strcmp(str,"ftp") == 0)
+				*port_ptr=21;
+			else if (strcmp(str,"gopher") == 0)
+				*port_ptr=70;
+#if 0
+			else if (strcmp(str,"wais") == 0)
+				*port_ptr=21;
+#endif
+			else
+				{
+				SYSerr(SYS_F_GETSERVBYNAME,get_last_socket_error());
+				ERR_add_error_data(3,"service='",str,"'");
+				return(0);
+				}
+			}
+		}
+	return(1);
+	}
+
+int BIO_sock_error(int sock)
+	{
+	int j,i;
+	int size;
+		 
+	size=sizeof(int);
+	/* Note: under Windows the third parameter is of type (char *)
+	 * whereas under other systems it is (void *) if you don't have
+	 * a cast it will choke the compiler: if you do have a cast then
+	 * you can either go for (char *) or (void *).
+	 */
+	i=getsockopt(sock,SOL_SOCKET,SO_ERROR,(void *)&j,(void *)&size);
+	if (i < 0)
+		return(1);
+	else
+		return(j);
+	}
+
+long BIO_ghbn_ctrl(int cmd, int iarg, char *parg)
+	{
+	int i;
+	char **p;
+
+	switch (cmd)
+		{
+	case BIO_GHBN_CTRL_HITS:
+		return(BIO_ghbn_hits);
+		/* break; */
+	case BIO_GHBN_CTRL_MISSES:
+		return(BIO_ghbn_miss);
+		/* break; */
+	case BIO_GHBN_CTRL_CACHE_SIZE:
+		return(GHBN_NUM);
+		/* break; */
+	case BIO_GHBN_CTRL_GET_ENTRY:
+		if ((iarg >= 0) && (iarg  0))
+			{
+			p=(char **)parg;
+			if (p == NULL) return(0);
+			*p=ghbn_cache[iarg].name;
+			ghbn_cache[iarg].name[128]='\0';
+			return(1);
+			}
+		return(0);
+		/* break; */
+	case BIO_GHBN_CTRL_FLUSH:
+		for (i=0; ih_aliases[i] != NULL; i++)
+		;
+	i++;
+	ret->h_aliases = (char **)Malloc(i*sizeof(char *));
+	if (ret->h_aliases == NULL)
+		goto err;
+	memset(ret->h_aliases, 0, i*sizeof(char *));
+
+	for (i=0; a->h_addr_list[i] != NULL; i++)
+		;
+	i++;
+	ret->h_addr_list=(char **)Malloc(i*sizeof(char *));
+	if (ret->h_addr_list == NULL)
+		goto err;
+	memset(ret->h_addr_list, 0, i*sizeof(char *));
+
+	j=strlen(a->h_name)+1;
+	if ((ret->h_name=Malloc(j)) == NULL) goto err;
+	memcpy((char *)ret->h_name,a->h_name,j+1);
+	for (i=0; a->h_aliases[i] != NULL; i++)
+		{
+		j=strlen(a->h_aliases[i])+1;
+		if ((ret->h_aliases[i]=Malloc(j)) == NULL) goto err;
+		memcpy(ret->h_aliases[i],a->h_aliases[i],j+1);
+		}
+	ret->h_length=a->h_length;
+	ret->h_addrtype=a->h_addrtype;
+	for (i=0; a->h_addr_list[i] != NULL; i++)
+		{
+		if ((ret->h_addr_list[i]=Malloc(a->h_length)) == NULL)
+			goto err;
+		memcpy(ret->h_addr_list[i],a->h_addr_list[i],a->h_length);
+		}
+	if (0)
+		{
+err:	
+		if (ret != NULL)
+			ghbn_free(ret);
+		ret=NULL;
+		}
+	MemCheck_on();
+	return(ret);
+	}
+
+static void ghbn_free(struct hostent *a)
+	{
+	int i;
+
+	if(a == NULL)
+	    return;
+
+	if (a->h_aliases != NULL)
+		{
+		for (i=0; a->h_aliases[i] != NULL; i++)
+			Free(a->h_aliases[i]);
+		Free(a->h_aliases);
+		}
+	if (a->h_addr_list != NULL)
+		{
+		for (i=0; a->h_addr_list[i] != NULL; i++)
+			Free(a->h_addr_list[i]);
+		Free(a->h_addr_list);
+		}
+	if (a->h_name != NULL) Free((char *)a->h_name);
+	Free(a);
+	}
+
+struct hostent *BIO_gethostbyname(const char *name)
+	{
+	struct hostent *ret;
+	int i,lowi=0,j;
+	unsigned long low= (unsigned long)-1;
+
+/*	return(gethostbyname(name)); */
+
+#if 0 /* It doesn't make sense to use locking here: The function interface
+	   * is not thread-safe, because threads can never be sure when
+	   * some other thread destroys the data they were given a pointer to.
+	   */
+	CRYPTO_w_lock(CRYPTO_LOCK_GETHOSTBYNAME);
+#endif
+	j=strlen(name);
+	if (j < 128)
+		{
+		for (i=0; i ghbn_cache[i].order)
+				{
+				low=ghbn_cache[i].order;
+				lowi=i;
+				}
+			if (ghbn_cache[i].order > 0)
+				{
+				if (strncmp(name,ghbn_cache[i].name,128) == 0)
+					break;
+				}
+			}
+		}
+	else
+		i=GHBN_NUM;
+
+	if (i == GHBN_NUM) /* no hit*/
+		{
+		BIO_ghbn_miss++;
+		ret=gethostbyname(name);
+
+		if (ret == NULL)
+			goto end;
+		if (j > 128) /* too big to cache */
+			{
+#if 0 /* If we were trying to make this function thread-safe (which
+	   * is bound to fail), we'd have to give up in this case
+	   * (or allocate more memory). */
+			ret = NULL;
+#endif
+			goto end;
+			}
+
+		/* else add to cache */
+		if (ghbn_cache[lowi].ent != NULL)
+			ghbn_free(ghbn_cache[lowi].ent); /* XXX not thread-safe */
+		ghbn_cache[lowi].name[0] = '\0';
+
+		if((ret=ghbn_cache[lowi].ent=ghbn_dup(ret)) == NULL)
+			{
+			BIOerr(BIO_F_BIO_GETHOSTBYNAME,ERR_R_MALLOC_FAILURE);
+			goto end;
+			}
+		strncpy(ghbn_cache[lowi].name,name,128);
+		ghbn_cache[lowi].order=BIO_ghbn_miss+BIO_ghbn_hits;
+		}
+	else
+		{
+		BIO_ghbn_hits++;
+		ret= ghbn_cache[i].ent;
+		ghbn_cache[i].order=BIO_ghbn_miss+BIO_ghbn_hits;
+		}
+end:
+#if 0
+	CRYPTO_w_unlock(CRYPTO_LOCK_GETHOSTBYNAME);
+#endif
+	return(ret);
+	}
+
+int BIO_sock_init(void)
+	{
+#ifdef WINDOWS
+	static struct WSAData wsa_state;
+
+	if (!wsa_init_done)
+		{
+		int err;
+	  
+#ifdef SIGINT
+		signal(SIGINT,(void (*)(int))BIO_sock_cleanup);
+#endif
+		wsa_init_done=1;
+		memset(&wsa_state,0,sizeof(wsa_state));
+		if (WSAStartup(0x0101,&wsa_state)!=0)
+			{
+			err=WSAGetLastError();
+			SYSerr(SYS_F_WSASTARTUP,err);
+			BIOerr(BIO_F_BIO_SOCK_INIT,BIO_R_WSASTARTUP);
+			return(-1);
+			}
+		}
+#endif /* WINDOWS */
+	return(1);
+	}
+
+void BIO_sock_cleanup(void)
+	{
+#ifdef WINDOWS
+	if (wsa_init_done)
+		{
+		wsa_init_done=0;
+		WSACancelBlockingCall();
+		WSACleanup();
+		}
+#endif
+	}
+
+#if !defined(VMS) || __VMS_VER >= 70000000
+
+int BIO_socket_ioctl(int fd, long type, unsigned long *arg)
+	{
+	int i;
+
+	i=ioctlsocket(fd,type,arg);
+	if (i < 0)
+		SYSerr(SYS_F_IOCTLSOCKET,get_last_socket_error());
+	return(i);
+	}
+#endif /* __VMS_VER */
+
+/* The reason I have implemented this instead of using sscanf is because
+ * Visual C 1.52c gives an unresolved external when linking a DLL :-( */
+static int get_ip(const char *str, unsigned char ip[4])
+	{
+	unsigned int tmp[4];
+	int num=0,c,ok=0;
+
+	tmp[0]=tmp[1]=tmp[2]=tmp[3]=0;
+
+	for (;;)
+		{
+		c= *(str++);
+		if ((c >= '0') && (c <= '9'))
+			{
+			ok=1;
+			tmp[num]=tmp[num]*10+c-'0';
+			if (tmp[num] > 255) return(-1);
+			}
+		else if (c == '.')
+			{
+			if (!ok) return(-1);
+			if (num == 3) break;
+			num++;
+			ok=0;
+			}
+		else if ((num == 3) && ok)
+			break;
+		else
+			return(0);
+		}
+	ip[0]=tmp[0];
+	ip[1]=tmp[1];
+	ip[2]=tmp[2];
+	ip[3]=tmp[3];
+	return(1);
+	}
+
+int BIO_get_accept_socket(char *host, int bind_mode)
+	{
+	int ret=0;
+	struct sockaddr_in server,client;
+	int s= -1,cs;
+	unsigned char ip[4];
+	unsigned short port;
+	char *str,*e;
+	const char *h,*p;
+	unsigned long l;
+	int err_num;
+
+	if (!BIO_sock_init()) return(INVALID_SOCKET);
+
+	if ((str=BUF_strdup(host)) == NULL) return(INVALID_SOCKET);
+
+	h=p=NULL;
+	h=str;
+	for (e=str; *e; e++)
+		{
+		if (*e == ':')
+			{
+			p= &(e[1]);
+			*e='\0';
+			}
+		else if (*e == '/')
+			{
+			*e='\0';
+			break;
+			}
+		}
+
+	if (p == NULL)
+		{
+		p=h;
+		h="*";
+		}
+
+	if (!BIO_get_port(p,&port)) return(INVALID_SOCKET);
+
+	memset((char *)&server,0,sizeof(server));
+	server.sin_family=AF_INET;
+	server.sin_port=htons(port);
+
+	if (strcmp(h,"*") == 0)
+		server.sin_addr.s_addr=INADDR_ANY;
+	else
+		{
+		if (!BIO_get_host_ip(h,&(ip[0]))) return(INVALID_SOCKET);
+		l=(unsigned long)
+			((unsigned long)ip[0]<<24L)|
+			((unsigned long)ip[1]<<16L)|
+			((unsigned long)ip[2]<< 8L)|
+			((unsigned long)ip[3]);
+		server.sin_addr.s_addr=htonl(l);
+		}
+
+again:
+	s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
+	if (s == INVALID_SOCKET)
+		{
+		SYSerr(SYS_F_SOCKET,get_last_socket_error());
+		ERR_add_error_data(3,"port='",host,"'");
+		BIOerr(BIO_F_BIO_GET_ACCEPT_SOCKET,BIO_R_UNABLE_TO_CREATE_SOCKET);
+		goto err;
+		}
+
+#ifdef SO_REUSEADDR
+	if (bind_mode == BIO_BIND_REUSEADDR)
+		{
+		int i=1;
+
+		ret=setsockopt(s,SOL_SOCKET,SO_REUSEADDR,(char *)&i,sizeof(i));
+		bind_mode=BIO_BIND_NORMAL;
+		}
+#endif
+	if (bind(s,(struct sockaddr *)&server,sizeof(server)) == -1)
+		{
+#ifdef SO_REUSEADDR
+		err_num=get_last_socket_error();
+		if ((bind_mode == BIO_BIND_REUSEADDR_IF_UNUSED) &&
+			(err_num == EADDRINUSE))
+			{
+			memcpy((char *)&client,(char *)&server,sizeof(server));
+			if (strcmp(h,"*") == 0)
+				client.sin_addr.s_addr=htonl(0x7F000001);
+			cs=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
+			if (cs != INVALID_SOCKET)
+				{
+				int ii;
+				ii=connect(cs,(struct sockaddr *)&client,
+					sizeof(client));
+				closesocket(cs);
+				if (ii == INVALID_SOCKET)
+					{
+					bind_mode=BIO_BIND_REUSEADDR;
+					closesocket(s);
+					goto again;
+					}
+				/* else error */
+				}
+			/* else error */
+			}
+#endif
+		SYSerr(SYS_F_BIND,err_num);
+		ERR_add_error_data(3,"port='",host,"'");
+		BIOerr(BIO_F_BIO_GET_ACCEPT_SOCKET,BIO_R_UNABLE_TO_BIND_SOCKET);
+		goto err;
+		}
+	if (listen(s,MAX_LISTEN) == -1)
+		{
+		SYSerr(SYS_F_BIND,get_last_socket_error());
+		ERR_add_error_data(3,"port='",host,"'");
+		BIOerr(BIO_F_BIO_GET_ACCEPT_SOCKET,BIO_R_UNABLE_TO_LISTEN_SOCKET);
+		goto err;
+		}
+	ret=1;
+err:
+	if (str != NULL) Free(str);
+	if ((ret == 0) && (s != INVALID_SOCKET))
+		{
+		closesocket(s);
+		s= INVALID_SOCKET;
+		}
+	return(s);
+	}
+
+int BIO_accept(int sock, char **addr)
+	{
+	int ret=INVALID_SOCKET;
+	static struct sockaddr_in from;
+	unsigned long l;
+	unsigned short port;
+	int len;
+	char *p;
+
+	memset((char *)&from,0,sizeof(from));
+	len=sizeof(from);
+	/* Note: under VMS with SOCKETSHR the fourth parameter is currently
+	 * of type (int *) whereas under other systems it is (void *) if
+	 * you don't have a cast it will choke the compiler: if you do
+	 * have a cast then you can either go for (int *) or (void *).
+	 */
+	ret=accept(sock,(struct sockaddr *)&from,(void *)&len);
+	if (ret == INVALID_SOCKET)
+		{
+		SYSerr(SYS_F_ACCEPT,get_last_socket_error());
+		BIOerr(BIO_F_BIO_ACCEPT,BIO_R_ACCEPT_ERROR);
+		goto end;
+		}
+
+	if (addr == NULL) goto end;
+
+	l=ntohl(from.sin_addr.s_addr);
+	port=ntohs(from.sin_port);
+	if (*addr == NULL)
+		{
+		if ((p=Malloc(24)) == NULL)
+			{
+			BIOerr(BIO_F_BIO_ACCEPT,ERR_R_MALLOC_FAILURE);
+			goto end;
+			}
+		*addr=p;
+		}
+	sprintf(*addr,"%d.%d.%d.%d:%d",
+		(unsigned char)(l>>24L)&0xff,
+		(unsigned char)(l>>16L)&0xff,
+		(unsigned char)(l>> 8L)&0xff,
+		(unsigned char)(l     )&0xff,
+		port);
+end:
+	return(ret);
+	}
+
+int BIO_set_tcp_ndelay(int s, int on)
+	{
+	int ret=0;
+#if defined(TCP_NODELAY) && (defined(IPPROTO_TCP) || defined(SOL_TCP))
+	int opt;
+
+#ifdef SOL_TCP
+	opt=SOL_TCP;
+#else
+#ifdef IPPROTO_TCP
+	opt=IPPROTO_TCP;
+#endif
+#endif
+	
+	ret=setsockopt(s,opt,TCP_NODELAY,(char *)&on,sizeof(on));
+#endif
+	return(ret == 0);
+	}
+#endif
+
+int BIO_socket_nbio(int s, int mode)
+	{
+	int ret= -1;
+	unsigned long l;
+
+	l=mode;
+#ifdef FIONBIO
+	ret=BIO_socket_ioctl(s,FIONBIO,&l);
+#endif
+	return(ret == 0);
+	}
diff --git a/crypto/openssl/crypto/bio/bf_buff.c b/crypto/openssl/crypto/bio/bf_buff.c
new file mode 100644
index 000000000000..acd814813892
--- /dev/null
+++ b/crypto/openssl/crypto/bio/bf_buff.c
@@ -0,0 +1,485 @@
+/* crypto/bio/bf_buff.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+
+static int buffer_write(BIO *h,char *buf,int num);
+static int buffer_read(BIO *h,char *buf,int size);
+static int buffer_puts(BIO *h,char *str);
+static int buffer_gets(BIO *h,char *str,int size);
+static long buffer_ctrl(BIO *h,int cmd,long arg1,char *arg2);
+static int buffer_new(BIO *h);
+static int buffer_free(BIO *data);
+#define DEFAULT_BUFFER_SIZE	1024
+
+static BIO_METHOD methods_buffer=
+	{
+	BIO_TYPE_BUFFER,
+	"buffer",
+	buffer_write,
+	buffer_read,
+	buffer_puts,
+	buffer_gets,
+	buffer_ctrl,
+	buffer_new,
+	buffer_free,
+	};
+
+BIO_METHOD *BIO_f_buffer(void)
+	{
+	return(&methods_buffer);
+	}
+
+static int buffer_new(BIO *bi)
+	{
+	BIO_F_BUFFER_CTX *ctx;
+
+	ctx=(BIO_F_BUFFER_CTX *)Malloc(sizeof(BIO_F_BUFFER_CTX));
+	if (ctx == NULL) return(0);
+	ctx->ibuf=(char *)Malloc(DEFAULT_BUFFER_SIZE);
+	if (ctx->ibuf == NULL) { Free(ctx); return(0); }
+	ctx->obuf=(char *)Malloc(DEFAULT_BUFFER_SIZE);
+	if (ctx->obuf == NULL) { Free(ctx->ibuf); Free(ctx); return(0); }
+	ctx->ibuf_size=DEFAULT_BUFFER_SIZE;
+	ctx->obuf_size=DEFAULT_BUFFER_SIZE;
+	ctx->ibuf_len=0;
+	ctx->ibuf_off=0;
+	ctx->obuf_len=0;
+	ctx->obuf_off=0;
+
+	bi->init=1;
+	bi->ptr=(char *)ctx;
+	bi->flags=0;
+	return(1);
+	}
+
+static int buffer_free(BIO *a)
+	{
+	BIO_F_BUFFER_CTX *b;
+
+	if (a == NULL) return(0);
+	b=(BIO_F_BUFFER_CTX *)a->ptr;
+	if (b->ibuf != NULL) Free(b->ibuf);
+	if (b->obuf != NULL) Free(b->obuf);
+	Free(a->ptr);
+	a->ptr=NULL;
+	a->init=0;
+	a->flags=0;
+	return(1);
+	}
+	
+static int buffer_read(BIO *b, char *out, int outl)
+	{
+	int i,num=0;
+	BIO_F_BUFFER_CTX *ctx;
+
+	if (out == NULL) return(0);
+	ctx=(BIO_F_BUFFER_CTX *)b->ptr;
+
+	if ((ctx == NULL) || (b->next_bio == NULL)) return(0);
+	num=0;
+	BIO_clear_retry_flags(b);
+
+start:
+	i=ctx->ibuf_len;
+	/* If there is stuff left over, grab it */
+	if (i != 0)
+		{
+		if (i > outl) i=outl;
+		memcpy(out,&(ctx->ibuf[ctx->ibuf_off]),i);
+		ctx->ibuf_off+=i;
+		ctx->ibuf_len-=i;
+		num+=i;
+		if (outl == i)  return(num);
+		outl-=i;
+		out+=i;
+		}
+
+	/* We may have done a partial read. try to do more.
+	 * We have nothing in the buffer.
+	 * If we get an error and have read some data, just return it
+	 * and let them retry to get the error again.
+	 * copy direct to parent address space */
+	if (outl > ctx->ibuf_size)
+		{
+		for (;;)
+			{
+			i=BIO_read(b->next_bio,out,outl);
+			if (i <= 0)
+				{
+				BIO_copy_next_retry(b);
+				if (i < 0) return((num > 0)?num:i);
+				if (i == 0) return(num);
+				}
+			num+=i;
+			if (outl == i) return(num);
+			out+=i;
+			outl-=i;
+			}
+		}
+	/* else */
+
+	/* we are going to be doing some buffering */
+	i=BIO_read(b->next_bio,ctx->ibuf,ctx->ibuf_size);
+	if (i <= 0)
+		{
+		BIO_copy_next_retry(b);
+		if (i < 0) return((num > 0)?num:i);
+		if (i == 0) return(num);
+		}
+	ctx->ibuf_off=0;
+	ctx->ibuf_len=i;
+
+	/* Lets re-read using ourselves :-) */
+	goto start;
+	}
+
+static int buffer_write(BIO *b, char *in, int inl)
+	{
+	int i,num=0;
+	BIO_F_BUFFER_CTX *ctx;
+
+	if ((in == NULL) || (inl <= 0)) return(0);
+	ctx=(BIO_F_BUFFER_CTX *)b->ptr;
+	if ((ctx == NULL) || (b->next_bio == NULL)) return(0);
+
+	BIO_clear_retry_flags(b);
+start:
+	i=ctx->obuf_size-(ctx->obuf_len+ctx->obuf_off);
+	/* add to buffer and return */
+	if (i >= inl)
+		{
+		memcpy(&(ctx->obuf[ctx->obuf_len]),in,inl);
+		ctx->obuf_len+=inl;
+		return(num+inl);
+		}
+	/* else */
+	/* stuff already in buffer, so add to it first, then flush */
+	if (ctx->obuf_len != 0)
+		{
+		if (i > 0) /* lets fill it up if we can */
+			{
+			memcpy(&(ctx->obuf[ctx->obuf_len]),in,i);
+			in+=i;
+			inl-=i;
+			num+=i;
+			ctx->obuf_len+=i;
+			}
+		/* we now have a full buffer needing flushing */
+		for (;;)
+			{
+			i=BIO_write(b->next_bio,&(ctx->obuf[ctx->obuf_off]),
+				ctx->obuf_len);
+			if (i <= 0)
+				{
+				BIO_copy_next_retry(b);
+
+				if (i < 0) return((num > 0)?num:i);
+				if (i == 0) return(num);
+				}
+			ctx->obuf_off+=i;
+			ctx->obuf_len-=i;
+			if (ctx->obuf_len == 0) break;
+			}
+		}
+	/* we only get here if the buffer has been flushed and we
+	 * still have stuff to write */
+	ctx->obuf_off=0;
+
+	/* we now have inl bytes to write */
+	while (inl >= ctx->obuf_size)
+		{
+		i=BIO_write(b->next_bio,in,inl);
+		if (i <= 0)
+			{
+			BIO_copy_next_retry(b);
+			if (i < 0) return((num > 0)?num:i);
+			if (i == 0) return(num);
+			}
+		num+=i;
+		in+=i;
+		inl-=i;
+		if (inl == 0) return(num);
+		}
+
+	/* copy the rest into the buffer since we have only a small 
+	 * amount left */
+	goto start;
+	}
+
+static long buffer_ctrl(BIO *b, int cmd, long num, char *ptr)
+	{
+	BIO *dbio;
+	BIO_F_BUFFER_CTX *ctx;
+	long ret=1;
+	char *p1,*p2;
+	int r,i,*ip;
+	int ibs,obs;
+
+	ctx=(BIO_F_BUFFER_CTX *)b->ptr;
+
+	switch (cmd)
+		{
+	case BIO_CTRL_RESET:
+		ctx->ibuf_off=0;
+		ctx->ibuf_len=0;
+		ctx->obuf_off=0;
+		ctx->obuf_len=0;
+		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+		break;
+	case BIO_CTRL_INFO:
+		ret=(long)ctx->obuf_len;
+		break;
+	case BIO_C_GET_BUFF_NUM_LINES:
+		ret=0;
+		p1=ctx->ibuf;
+		for (i=ctx->ibuf_off; iibuf_len; i++)
+			{
+			if (p1[i] == '\n') ret++;
+			}
+		break;
+	case BIO_CTRL_WPENDING:
+		ret=(long)ctx->obuf_len;
+		if (ret == 0)
+			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+		break;
+	case BIO_CTRL_PENDING:
+		ret=(long)ctx->ibuf_len;
+		if (ret == 0)
+			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+		break;
+	case BIO_C_SET_BUFF_READ_DATA:
+		if (num > ctx->ibuf_size)
+			{
+			p1=Malloc((int)num);
+			if (p1 == NULL) goto malloc_error;
+			if (ctx->ibuf != NULL) Free(ctx->ibuf);
+			ctx->ibuf=p1;
+			}
+		ctx->ibuf_off=0;
+		ctx->ibuf_len=(int)num;
+		memcpy(ctx->ibuf,ptr,(int)num);
+		ret=1;
+		break;
+	case BIO_C_SET_BUFF_SIZE:
+		if (ptr != NULL)
+			{
+			ip=(int *)ptr;
+			if (*ip == 0)
+				{
+				ibs=(int)num;
+				obs=ctx->obuf_size;
+				}
+			else /* if (*ip == 1) */
+				{
+				ibs=ctx->ibuf_size;
+				obs=(int)num;
+				}
+			}
+		else
+			{
+			ibs=(int)num;
+			obs=(int)num;
+			}
+		p1=ctx->ibuf;
+		p2=ctx->obuf;
+		if ((ibs > DEFAULT_BUFFER_SIZE) && (ibs != ctx->ibuf_size))
+			{
+			p1=(char *)Malloc((int)num);
+			if (p1 == NULL) goto malloc_error;
+			}
+		if ((obs > DEFAULT_BUFFER_SIZE) && (obs != ctx->obuf_size))
+			{
+			p2=(char *)Malloc((int)num);
+			if (p2 == NULL)
+				{
+				if (p1 != ctx->ibuf) Free(p1);
+				goto malloc_error;
+				}
+			}
+		if (ctx->ibuf != p1)
+			{
+			Free(ctx->ibuf);
+			ctx->ibuf=p1;
+			ctx->ibuf_off=0;
+			ctx->ibuf_len=0;
+			ctx->ibuf_size=ibs;
+			}
+		if (ctx->obuf != p2)
+			{
+			Free(ctx->obuf);
+			ctx->obuf=p2;
+			ctx->obuf_off=0;
+			ctx->obuf_len=0;
+			ctx->obuf_size=obs;
+			}
+		break;
+	case BIO_C_DO_STATE_MACHINE:
+		BIO_clear_retry_flags(b);
+		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+		BIO_copy_next_retry(b);
+		break;
+
+	case BIO_CTRL_FLUSH:
+		if (ctx->obuf_len <= 0)
+			{
+			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+			break;
+			}
+
+		for (;;)
+			{
+			BIO_clear_retry_flags(b);
+			if (ctx->obuf_len > ctx->obuf_off)
+				{
+				r=BIO_write(b->next_bio,
+					&(ctx->obuf[ctx->obuf_off]),
+					ctx->obuf_len-ctx->obuf_off);
+#if 0
+fprintf(stderr,"FLUSH [%3d] %3d -> %3d\n",ctx->obuf_off,ctx->obuf_len-ctx->obuf_off,r);
+#endif
+				BIO_copy_next_retry(b);
+				if (r <= 0) return((long)r);
+				ctx->obuf_off+=r;
+				}
+			else
+				{
+				ctx->obuf_len=0;
+				ctx->obuf_off=0;
+				ret=1;
+				break;
+				}
+			}
+		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+		break;
+	case BIO_CTRL_DUP:
+		dbio=(BIO *)ptr;
+		if (	!BIO_set_read_buffer_size(dbio,ctx->ibuf_size) ||
+			!BIO_set_write_buffer_size(dbio,ctx->obuf_size))
+			ret=0;
+		break;
+	default:
+		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+		break;
+		}
+	return(ret);
+malloc_error:
+	BIOerr(BIO_F_BUFFER_CTRL,ERR_R_MALLOC_FAILURE);
+	return(0);
+	}
+
+static int buffer_gets(BIO *b, char *buf, int size)
+	{
+	BIO_F_BUFFER_CTX *ctx;
+	int num=0,i,flag;
+	char *p;
+
+	ctx=(BIO_F_BUFFER_CTX *)b->ptr;
+	size--; /* reserve space for a '\0' */
+	BIO_clear_retry_flags(b);
+
+	for (;;)
+		{
+		if (ctx->ibuf_len > 0)
+			{
+			p= &(ctx->ibuf[ctx->ibuf_off]);
+			flag=0;
+			for (i=0; (iibuf_len) && (iibuf_len-=i;
+			ctx->ibuf_off+=i;
+			if ((flag) || (i == size))
+				{
+				*buf='\0';
+				return(num);
+				}
+			}
+		else	/* read another chunk */
+			{
+			i=BIO_read(b->next_bio,ctx->ibuf,ctx->ibuf_size);
+			if (i <= 0)
+				{
+				BIO_copy_next_retry(b);
+				if (i < 0) return((num > 0)?num:i);
+				if (i == 0) return(num);
+				}
+			ctx->ibuf_len=i;
+			ctx->ibuf_off=0;
+			}
+		}
+	}
+
+static int buffer_puts(BIO *b, char *str)
+	{
+	return(BIO_write(b,str,strlen(str)));
+	}
+
diff --git a/crypto/openssl/crypto/bio/bf_nbio.c b/crypto/openssl/crypto/bio/bf_nbio.c
new file mode 100644
index 000000000000..cbec2bae29a8
--- /dev/null
+++ b/crypto/openssl/crypto/bio/bf_nbio.c
@@ -0,0 +1,240 @@
+/* crypto/bio/bf_nbio.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+
+/* BIO_put and BIO_get both add to the digest,
+ * BIO_gets returns the digest */
+
+static int nbiof_write(BIO *h,char *buf,int num);
+static int nbiof_read(BIO *h,char *buf,int size);
+static int nbiof_puts(BIO *h,char *str);
+static int nbiof_gets(BIO *h,char *str,int size);
+static long nbiof_ctrl(BIO *h,int cmd,long arg1,char *arg2);
+static int nbiof_new(BIO *h);
+static int nbiof_free(BIO *data);
+typedef struct nbio_test_st
+	{
+	/* only set if we sent a 'should retry' error */
+	int lrn;
+	int lwn;
+	} NBIO_TEST;
+
+static BIO_METHOD methods_nbiof=
+	{
+	BIO_TYPE_NBIO_TEST,
+	"non-blocking IO test filter",
+	nbiof_write,
+	nbiof_read,
+	nbiof_puts,
+	nbiof_gets,
+	nbiof_ctrl,
+	nbiof_new,
+	nbiof_free,
+	};
+
+BIO_METHOD *BIO_f_nbio_test(void)
+	{
+	return(&methods_nbiof);
+	}
+
+static int nbiof_new(BIO *bi)
+	{
+	NBIO_TEST *nt;
+
+	nt=(NBIO_TEST *)Malloc(sizeof(NBIO_TEST));
+	nt->lrn= -1;
+	nt->lwn= -1;
+	bi->ptr=(char *)nt;
+	bi->init=1;
+	bi->flags=0;
+	return(1);
+	}
+
+static int nbiof_free(BIO *a)
+	{
+	if (a == NULL) return(0);
+	if (a->ptr != NULL)
+		Free(a->ptr);
+	a->ptr=NULL;
+	a->init=0;
+	a->flags=0;
+	return(1);
+	}
+	
+static int nbiof_read(BIO *b, char *out, int outl)
+	{
+	NBIO_TEST *nt;
+	int ret=0;
+#if 0
+	int num;
+	unsigned char n;
+#endif
+
+	if (out == NULL) return(0);
+	if (b->next_bio == NULL) return(0);
+	nt=(NBIO_TEST *)b->ptr;
+
+	BIO_clear_retry_flags(b);
+#if 0
+	RAND_bytes(&n,1);
+	num=(n&0x07);
+
+	if (outl > num) outl=num;
+
+	if (num == 0)
+		{
+		ret= -1;
+		BIO_set_retry_read(b);
+		}
+	else
+#endif
+		{
+		ret=BIO_read(b->next_bio,out,outl);
+		if (ret < 0)
+			BIO_copy_next_retry(b);
+		}
+	return(ret);
+	}
+
+static int nbiof_write(BIO *b, char *in, int inl)
+	{
+	NBIO_TEST *nt;
+	int ret=0;
+	int num;
+	unsigned char n;
+
+	if ((in == NULL) || (inl <= 0)) return(0);
+	if (b->next_bio == NULL) return(0);
+	nt=(NBIO_TEST *)b->ptr;
+
+	BIO_clear_retry_flags(b);
+
+#if 1
+	if (nt->lwn > 0)
+		{
+		num=nt->lwn;
+		nt->lwn=0;
+		}
+	else
+		{
+		RAND_bytes(&n,1);
+		num=(n&7);
+		}
+
+	if (inl > num) inl=num;
+
+	if (num == 0)
+		{
+		ret= -1;
+		BIO_set_retry_write(b);
+		}
+	else
+#endif
+		{
+		ret=BIO_write(b->next_bio,in,inl);
+		if (ret < 0)
+			{
+			BIO_copy_next_retry(b);
+			nt->lwn=inl;
+			}
+		}
+	return(ret);
+	}
+
+static long nbiof_ctrl(BIO *b, int cmd, long num, char *ptr)
+	{
+	long ret;
+
+	if (b->next_bio == NULL) return(0);
+	switch (cmd)
+		{
+        case BIO_C_DO_STATE_MACHINE:
+		BIO_clear_retry_flags(b);
+		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+		BIO_copy_next_retry(b);
+		break;
+	case BIO_CTRL_DUP:
+		ret=0L;
+		break;
+	default:
+		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+		break;
+		}
+	return(ret);
+	}
+
+static int nbiof_gets(BIO *bp, char *buf, int size)
+	{
+	if (bp->next_bio == NULL) return(0);
+	return(BIO_gets(bp->next_bio,buf,size));
+	}
+
+
+static int nbiof_puts(BIO *bp, char *str)
+	{
+	if (bp->next_bio == NULL) return(0);
+	return(BIO_puts(bp->next_bio,str));
+	}
+
+
diff --git a/crypto/openssl/crypto/bio/bf_null.c b/crypto/openssl/crypto/bio/bf_null.c
new file mode 100644
index 000000000000..3254a55dce7f
--- /dev/null
+++ b/crypto/openssl/crypto/bio/bf_null.c
@@ -0,0 +1,168 @@
+/* crypto/bio/bf_null.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+
+/* BIO_put and BIO_get both add to the digest,
+ * BIO_gets returns the digest */
+
+static int nullf_write(BIO *h,char *buf,int num);
+static int nullf_read(BIO *h,char *buf,int size);
+static int nullf_puts(BIO *h,char *str);
+static int nullf_gets(BIO *h,char *str,int size);
+static long nullf_ctrl(BIO *h,int cmd,long arg1,char *arg2);
+static int nullf_new(BIO *h);
+static int nullf_free(BIO *data);
+static BIO_METHOD methods_nullf=
+	{
+	BIO_TYPE_NULL_FILTER,
+	"NULL filter",
+	nullf_write,
+	nullf_read,
+	nullf_puts,
+	nullf_gets,
+	nullf_ctrl,
+	nullf_new,
+	nullf_free,
+	};
+
+BIO_METHOD *BIO_f_null(void)
+	{
+	return(&methods_nullf);
+	}
+
+static int nullf_new(BIO *bi)
+	{
+	bi->init=1;
+	bi->ptr=NULL;
+	bi->flags=0;
+	return(1);
+	}
+
+static int nullf_free(BIO *a)
+	{
+	if (a == NULL) return(0);
+/*	a->ptr=NULL;
+	a->init=0;
+	a->flags=0;*/
+	return(1);
+	}
+	
+static int nullf_read(BIO *b, char *out, int outl)
+	{
+	int ret=0;
+ 
+	if (out == NULL) return(0);
+	if (b->next_bio == NULL) return(0);
+	ret=BIO_read(b->next_bio,out,outl);
+	BIO_clear_retry_flags(b);
+	BIO_copy_next_retry(b);
+	return(ret);
+	}
+
+static int nullf_write(BIO *b, char *in, int inl)
+	{
+	int ret=0;
+
+	if ((in == NULL) || (inl <= 0)) return(0);
+	if (b->next_bio == NULL) return(0);
+	ret=BIO_write(b->next_bio,in,inl);
+	BIO_clear_retry_flags(b);
+	BIO_copy_next_retry(b);
+	return(ret);
+	}
+
+static long nullf_ctrl(BIO *b, int cmd, long num, char *ptr)
+	{
+	long ret;
+
+	if (b->next_bio == NULL) return(0);
+	switch(cmd)
+		{
+        case BIO_C_DO_STATE_MACHINE:
+		BIO_clear_retry_flags(b);
+		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+		BIO_copy_next_retry(b);
+		break;
+	case BIO_CTRL_DUP:
+		ret=0L;
+		break;
+	default:
+		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+		}
+	return(ret);
+	}
+
+static int nullf_gets(BIO *bp, char *buf, int size)
+	{
+	if (bp->next_bio == NULL) return(0);
+	return(BIO_gets(bp->next_bio,buf,size));
+	}
+
+
+static int nullf_puts(BIO *bp, char *str)
+	{
+	if (bp->next_bio == NULL) return(0);
+	return(BIO_puts(bp->next_bio,str));
+	}
+
+
diff --git a/crypto/openssl/crypto/bio/bio.h b/crypto/openssl/crypto/bio/bio.h
new file mode 100644
index 000000000000..54bf622a3bd5
--- /dev/null
+++ b/crypto/openssl/crypto/bio/bio.h
@@ -0,0 +1,643 @@
+/* crypto/bio/bio.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_BIO_H
+#define HEADER_BIO_H
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#include 
+#include 
+#include 
+
+/* These are the 'types' of BIOs */
+#define BIO_TYPE_NONE		0
+#define BIO_TYPE_MEM		(1|0x0400)
+#define BIO_TYPE_FILE		(2|0x0400)
+
+#define BIO_TYPE_FD		(4|0x0400|0x0100)
+#define BIO_TYPE_SOCKET		(5|0x0400|0x0100)
+#define BIO_TYPE_NULL		(6|0x0400)
+#define BIO_TYPE_SSL		(7|0x0200)
+#define BIO_TYPE_MD		(8|0x0200)		/* pasive filter */
+#define BIO_TYPE_BUFFER		(9|0x0200)		/* filter */
+#define BIO_TYPE_CIPHER		(10|0x0200)		/* filter */
+#define BIO_TYPE_BASE64		(11|0x0200)		/* filter */
+#define BIO_TYPE_CONNECT	(12|0x0400|0x0100)	/* socket - connect */
+#define BIO_TYPE_ACCEPT		(13|0x0400|0x0100)	/* socket for accept */
+#define BIO_TYPE_PROXY_CLIENT	(14|0x0200)		/* client proxy BIO */
+#define BIO_TYPE_PROXY_SERVER	(15|0x0200)		/* server proxy BIO */
+#define BIO_TYPE_NBIO_TEST	(16|0x0200)		/* server proxy BIO */
+#define BIO_TYPE_NULL_FILTER	(17|0x0200)
+#define BIO_TYPE_BER		(18|0x0200)		/* BER -> bin filter */
+#define BIO_TYPE_BIO		(19|0x0400)		/* (half a) BIO pair */
+
+#define BIO_TYPE_DESCRIPTOR	0x0100	/* socket, fd, connect or accept */
+#define BIO_TYPE_FILTER		0x0200
+#define BIO_TYPE_SOURCE_SINK	0x0400
+
+/* BIO_FILENAME_READ|BIO_CLOSE to open or close on free.
+ * BIO_set_fp(in,stdin,BIO_NOCLOSE); */
+#define BIO_NOCLOSE		0x00
+#define BIO_CLOSE		0x01
+
+/* These are used in the following macros and are passed to
+ * BIO_ctrl() */
+#define BIO_CTRL_RESET		1  /* opt - rewind/zero etc */
+#define BIO_CTRL_EOF		2  /* opt - are we at the eof */
+#define BIO_CTRL_INFO		3  /* opt - extra tit-bits */
+#define BIO_CTRL_SET		4  /* man - set the 'IO' type */
+#define BIO_CTRL_GET		5  /* man - get the 'IO' type */
+#define BIO_CTRL_PUSH		6  /* opt - internal, used to signify change */
+#define BIO_CTRL_POP		7  /* opt - internal, used to signify change */
+#define BIO_CTRL_GET_CLOSE	8  /* man - set the 'close' on free */
+#define BIO_CTRL_SET_CLOSE	9  /* man - set the 'close' on free */
+#define BIO_CTRL_PENDING	10  /* opt - is their more data buffered */
+#define BIO_CTRL_FLUSH		11  /* opt - 'flush' buffered output */
+#define BIO_CTRL_DUP		12  /* man - extra stuff for 'duped' BIO */
+#define BIO_CTRL_WPENDING	13  /* opt - number of bytes still to write */
+/* callback is int cb(BIO *bio,state,ret); */
+#define BIO_CTRL_SET_CALLBACK	14  /* opt - set callback function */
+#define BIO_CTRL_GET_CALLBACK	15  /* opt - set callback function */
+
+#define BIO_CTRL_SET_FILENAME	30	/* BIO_s_file special */
+
+/* modifiers */
+#define BIO_FP_READ		0x02
+#define BIO_FP_WRITE		0x04
+#define BIO_FP_APPEND		0x08
+#define BIO_FP_TEXT		0x10
+
+#define BIO_FLAGS_READ		0x01
+#define BIO_FLAGS_WRITE		0x02
+#define BIO_FLAGS_IO_SPECIAL	0x04
+#define BIO_FLAGS_RWS (BIO_FLAGS_READ|BIO_FLAGS_WRITE|BIO_FLAGS_IO_SPECIAL)
+#define BIO_FLAGS_SHOULD_RETRY	0x08
+
+/* Used in BIO_gethostbyname() */
+#define BIO_GHBN_CTRL_HITS		1
+#define BIO_GHBN_CTRL_MISSES		2
+#define BIO_GHBN_CTRL_CACHE_SIZE	3
+#define BIO_GHBN_CTRL_GET_ENTRY		4
+#define BIO_GHBN_CTRL_FLUSH		5
+
+/* Mostly used in the SSL BIO */
+/* Not used anymore
+ * #define BIO_FLAGS_PROTOCOL_DELAYED_READ 0x10
+ * #define BIO_FLAGS_PROTOCOL_DELAYED_WRITE 0x20
+ * #define BIO_FLAGS_PROTOCOL_STARTUP	0x40
+ */
+
+#define BIO_FLAGS_BASE64_NO_NL	0x100
+
+#define BIO_set_flags(b,f) ((b)->flags|=(f))
+#define BIO_get_flags(b) ((b)->flags)
+#define BIO_set_retry_special(b) \
+		((b)->flags|=(BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY))
+#define BIO_set_retry_read(b) \
+		((b)->flags|=(BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY))
+#define BIO_set_retry_write(b) \
+		((b)->flags|=(BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY))
+
+/* These are normally used internally in BIOs */
+#define BIO_clear_flags(b,f) ((b)->flags&= ~(f))
+#define BIO_clear_retry_flags(b) \
+		((b)->flags&= ~(BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY))
+#define BIO_get_retry_flags(b) \
+		((b)->flags&(BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY))
+
+/* These shouldbe used by the application to tell why we should retry */
+#define BIO_should_read(a)		((a)->flags & BIO_FLAGS_READ)
+#define BIO_should_write(a)		((a)->flags & BIO_FLAGS_WRITE)
+#define BIO_should_io_special(a)	((a)->flags & BIO_FLAGS_IO_SPECIAL)
+#define BIO_retry_type(a)		((a)->flags & BIO_FLAGS_RWS)
+#define BIO_should_retry(a)		((a)->flags & BIO_FLAGS_SHOULD_RETRY)
+
+/* The next two are used in conjunction with the
+ * BIO_should_io_special() condition.  After this returns true,
+ * BIO *BIO_get_retry_BIO(BIO *bio, int *reason); will walk the BIO 
+ * stack and return the 'reason' for the special and the offending BIO.
+ * Given a BIO, BIO_get_retry_reason(bio) will return the code. */
+/* Returned from the SSL bio when the certificate retrieval code had an error */
+#define BIO_RR_SSL_X509_LOOKUP		0x01
+/* Returned from the connect BIO when a connect would have blocked */
+#define BIO_RR_CONNECT			0x02
+
+/* These are passed by the BIO callback */
+#define BIO_CB_FREE	0x01
+#define BIO_CB_READ	0x02
+#define BIO_CB_WRITE	0x03
+#define BIO_CB_PUTS	0x04
+#define BIO_CB_GETS	0x05
+#define BIO_CB_CTRL	0x06
+
+/* The callback is called before and after the underling operation,
+ * The BIO_CB_RETURN flag indicates if it is after the call */
+#define BIO_CB_RETURN	0x80
+#define BIO_CB_return(a) ((a)|BIO_CB_RETURN))
+#define BIO_cb_pre(a)	(!((a)&BIO_CB_RETURN))
+#define BIO_cb_post(a)	((a)&BIO_CB_RETURN)
+
+#define BIO_set_callback(b,cb)		((b)->callback=(cb))
+#define BIO_set_callback_arg(b,arg)	((b)->cb_arg=(char *)(arg))
+#define BIO_get_callback_arg(b)		((b)->cb_arg)
+#define BIO_get_callback(b)		((b)->callback)
+#define BIO_method_name(b)		((b)->method->name)
+#define BIO_method_type(b)		((b)->method->type)
+
+#ifndef WIN16
+typedef struct bio_method_st
+	{
+	int type;
+	const char *name;
+	int (*bwrite)();
+	int (*bread)();
+	int (*bputs)();
+	int (*bgets)();
+	long (*ctrl)();
+	int (*create)();
+	int (*destroy)();
+	} BIO_METHOD;
+#else
+typedef struct bio_method_st
+	{
+	int type;
+	const char *name;
+	int (_far *bwrite)();
+	int (_far *bread)();
+	int (_far *bputs)();
+	int (_far *bgets)();
+	long (_far *ctrl)();
+	int (_far *create)();
+	int (_far *destroy)();
+	} BIO_METHOD;
+#endif
+
+typedef struct bio_st
+	{
+	BIO_METHOD *method;
+	/* bio, mode, argp, argi, argl, ret */
+	long (*callback)(struct bio_st *,int,const char *,int, long,long);
+	char *cb_arg; /* first argument for the callback */
+
+	int init;
+	int shutdown;
+	int flags;	/* extra storage */
+	int retry_reason;
+	int num;
+	void *ptr;
+	struct bio_st *next_bio;	/* used by filter BIOs */
+	struct bio_st *prev_bio;	/* used by filter BIOs */
+	int references;
+	unsigned long num_read;
+	unsigned long num_write;
+
+	CRYPTO_EX_DATA ex_data;
+	} BIO;
+
+typedef struct bio_f_buffer_ctx_struct
+	{
+	/* BIO *bio; */ /* this is now in the BIO struct */
+	int ibuf_size;	/* how big is the input buffer */
+	int obuf_size;	/* how big is the output buffer */
+
+	char *ibuf;		/* the char array */
+	int ibuf_len;		/* how many bytes are in it */
+	int ibuf_off;		/* write/read offset */
+
+	char *obuf;		/* the char array */
+	int obuf_len;		/* how many bytes are in it */
+	int obuf_off;		/* write/read offset */
+	} BIO_F_BUFFER_CTX;
+
+/* connect BIO stuff */
+#define BIO_CONN_S_BEFORE		1
+#define BIO_CONN_S_GET_IP		2
+#define BIO_CONN_S_GET_PORT		3
+#define BIO_CONN_S_CREATE_SOCKET	4
+#define BIO_CONN_S_CONNECT		5
+#define BIO_CONN_S_OK			6
+#define BIO_CONN_S_BLOCKED_CONNECT	7
+#define BIO_CONN_S_NBIO			8
+/*#define BIO_CONN_get_param_hostname	BIO_ctrl */
+
+#define BIO_number_read(b)	((b)->num_read)
+#define BIO_number_written(b)	((b)->num_write)
+
+#define BIO_C_SET_CONNECT			100
+#define BIO_C_DO_STATE_MACHINE			101
+#define BIO_C_SET_NBIO				102
+#define BIO_C_SET_PROXY_PARAM			103
+#define BIO_C_SET_FD				104
+#define BIO_C_GET_FD				105
+#define BIO_C_SET_FILE_PTR			106
+#define BIO_C_GET_FILE_PTR			107
+#define BIO_C_SET_FILENAME			108
+#define BIO_C_SET_SSL				109
+#define BIO_C_GET_SSL				110
+#define BIO_C_SET_MD				111
+#define BIO_C_GET_MD				112
+#define BIO_C_GET_CIPHER_STATUS			113
+#define BIO_C_SET_BUF_MEM			114
+#define BIO_C_GET_BUF_MEM_PTR			115
+#define BIO_C_GET_BUFF_NUM_LINES		116
+#define BIO_C_SET_BUFF_SIZE			117
+#define BIO_C_SET_ACCEPT			118
+#define BIO_C_SSL_MODE				119
+#define BIO_C_GET_MD_CTX			120
+#define BIO_C_GET_PROXY_PARAM			121
+#define BIO_C_SET_BUFF_READ_DATA		122 /* data to read first */
+#define BIO_C_GET_CONNECT			123
+#define BIO_C_GET_ACCEPT			124
+#define BIO_C_SET_SSL_RENEGOTIATE_BYTES		125
+#define BIO_C_GET_SSL_NUM_RENEGOTIATES		126
+#define BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT	127
+#define BIO_C_FILE_SEEK				128
+#define BIO_C_GET_CIPHER_CTX			129
+#define BIO_C_SET_BUF_MEM_EOF_RETURN		130/*return end of input value*/
+#define BIO_C_SET_BIND_MODE			131
+#define BIO_C_GET_BIND_MODE			132
+#define BIO_C_FILE_TELL				133
+#define BIO_C_GET_SOCKS				134
+#define BIO_C_SET_SOCKS				135
+
+#define BIO_C_SET_WRITE_BUF_SIZE		136/* for BIO_s_bio */
+#define BIO_C_GET_WRITE_BUF_SIZE		137
+#define BIO_C_MAKE_BIO_PAIR			138
+#define BIO_C_DESTROY_BIO_PAIR			139
+#define BIO_C_GET_WRITE_GUARANTEE		140
+#define BIO_C_GET_READ_REQUEST			141
+#define BIO_C_SHUTDOWN_WR			142
+
+
+#define BIO_set_app_data(s,arg)		BIO_set_ex_data(s,0,(char *)arg)
+#define BIO_get_app_data(s)		BIO_get_ex_data(s,0)
+
+/* BIO_s_connect() and BIO_s_socks4a_connect() */
+#define BIO_set_conn_hostname(b,name) BIO_ctrl(b,BIO_C_SET_CONNECT,0,(char *)name)
+#define BIO_set_conn_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,1,(char *)port)
+#define BIO_set_conn_ip(b,ip)	  BIO_ctrl(b,BIO_C_SET_CONNECT,2,(char *)ip)
+#define BIO_set_conn_int_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,3,(char *)port)
+#define BIO_get_conn_hostname(b)  BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0)
+#define BIO_get_conn_port(b)      BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1)
+#define BIO_get_conn_ip(b,ip) BIO_ptr_ctrl(b,BIO_C_SET_CONNECT,2)
+#define BIO_get_conn_int_port(b,port) BIO_int_ctrl(b,BIO_C_SET_CONNECT,3,port)
+
+
+#define BIO_set_nbio(b,n)	BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
+
+/* BIO_s_accept_socket() */
+#define BIO_set_accept_port(b,name) BIO_ctrl(b,BIO_C_SET_ACCEPT,0,(char *)name)
+#define BIO_get_accept_port(b)	BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,0)
+/* #define BIO_set_nbio(b,n)	BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) */
+#define BIO_set_nbio_accept(b,n) BIO_ctrl(b,BIO_C_SET_ACCEPT,1,(n)?"a":NULL)
+#define BIO_set_accept_bios(b,bio) BIO_ctrl(b,BIO_C_SET_ACCEPT,2,(char *)bio)
+
+#define BIO_BIND_NORMAL			0
+#define BIO_BIND_REUSEADDR_IF_UNUSED	1
+#define BIO_BIND_REUSEADDR		2
+#define BIO_set_bind_mode(b,mode) BIO_ctrl(b,BIO_C_SET_BIND_MODE,mode,NULL)
+#define BIO_get_bind_mode(b,mode) BIO_ctrl(b,BIO_C_GET_BIND_MODE,0,NULL)
+
+#define BIO_do_connect(b)	BIO_do_handshake(b)
+#define BIO_do_accept(b)	BIO_do_handshake(b)
+#define BIO_do_handshake(b)	BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL)
+
+/* BIO_s_proxy_client() */
+#define BIO_set_url(b,url)	BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,0,(char *)(url))
+#define BIO_set_proxies(b,p)	BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,1,(char *)(p))
+/* BIO_set_nbio(b,n) */
+#define BIO_set_filter_bio(b,s) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,2,(char *)(s))
+/* BIO *BIO_get_filter_bio(BIO *bio); */
+#define BIO_set_proxy_cb(b,cb) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,3,(char *)(cb))
+#define BIO_set_proxy_header(b,sk) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,4,(char *)sk)
+#define BIO_set_no_connect_return(b,bool) BIO_int_ctrl(b,BIO_C_SET_PROXY_PARAM,5,bool)
+
+#define BIO_get_proxy_header(b,skp) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,0,(char *)skp)
+#define BIO_get_proxies(b,pxy_p) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,1,(char *)(pxy_p))
+#define BIO_get_url(b,url)	BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,2,(char *)(url))
+#define BIO_get_no_connect_return(b)	BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,5,NULL)
+
+#define BIO_set_fd(b,fd,c)	BIO_int_ctrl(b,BIO_C_SET_FD,c,fd)
+#define BIO_get_fd(b,c)		BIO_ctrl(b,BIO_C_GET_FD,0,(char *)c)
+
+#define BIO_set_fp(b,fp,c)	BIO_ctrl(b,BIO_C_SET_FILE_PTR,c,(char *)fp)
+#define BIO_get_fp(b,fpp)	BIO_ctrl(b,BIO_C_GET_FILE_PTR,0,(char *)fpp)
+
+#define BIO_seek(b,ofs)	(int)BIO_ctrl(b,BIO_C_FILE_SEEK,ofs,NULL)
+#define BIO_tell(b)	(int)BIO_ctrl(b,BIO_C_FILE_TELL,0,NULL)
+
+/* name is cast to lose const, but might be better to route through a function
+   so we can do it safely */
+#ifdef CONST_STRICT
+/* If you are wondering why this isn't defined, its because CONST_STRICT is
+ * purely a compile-time kludge to allow const to be checked.
+ */
+int BIO_read_filename(BIO *b,const char *name);
+#else
+#define BIO_read_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \
+		BIO_CLOSE|BIO_FP_READ,(char *)name)
+#endif
+#define BIO_write_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \
+		BIO_CLOSE|BIO_FP_WRITE,name)
+#define BIO_append_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \
+		BIO_CLOSE|BIO_FP_APPEND,name)
+#define BIO_rw_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \
+		BIO_CLOSE|BIO_FP_READ|BIO_FP_WRITE,name)
+
+/* WARNING WARNING, this ups the reference count on the read bio of the
+ * SSL structure.  This is because the ssl read BIO is now pointed to by
+ * the next_bio field in the bio.  So when you free the BIO, make sure
+ * you are doing a BIO_free_all() to catch the underlying BIO. */
+#define BIO_set_ssl(b,ssl,c)	BIO_ctrl(b,BIO_C_SET_SSL,c,(char *)ssl)
+#define BIO_get_ssl(b,sslp)	BIO_ctrl(b,BIO_C_GET_SSL,0,(char *)sslp)
+#define BIO_set_ssl_mode(b,client)	BIO_ctrl(b,BIO_C_SSL_MODE,client,NULL)
+#define BIO_set_ssl_renegotiate_bytes(b,num) \
+	BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_BYTES,num,NULL);
+#define BIO_get_num_renegotiates(b) \
+	BIO_ctrl(b,BIO_C_SET_SSL_NUM_RENEGOTIATES,0,NULL);
+#define BIO_set_ssl_renegotiate_timeout(b,seconds) \
+	BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL);
+
+/* defined in evp.h */
+/* #define BIO_set_md(b,md)	BIO_ctrl(b,BIO_C_SET_MD,1,(char *)md) */
+
+#define BIO_get_mem_data(b,pp)	BIO_ctrl(b,BIO_CTRL_INFO,0,(char *)pp)
+#define BIO_set_mem_buf(b,bm,c)	BIO_ctrl(b,BIO_C_SET_BUF_MEM,c,(char *)bm)
+#define BIO_get_mem_ptr(b,pp)	BIO_ctrl(b,BIO_C_GET_BUF_MEM_PTR,0,(char *)pp)
+#define BIO_set_mem_eof_return(b,v) \
+				BIO_ctrl(b,BIO_C_SET_BUF_MEM_EOF_RETURN,v,NULL)
+
+/* For the BIO_f_buffer() type */
+#define BIO_get_buffer_num_lines(b)	BIO_ctrl(b,BIO_C_GET_BUFF_NUM_LINES,0,NULL)
+#define BIO_set_buffer_size(b,size)	BIO_ctrl(b,BIO_C_SET_BUFF_SIZE,size,NULL)
+#define BIO_set_read_buffer_size(b,size) BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,0)
+#define BIO_set_write_buffer_size(b,size) BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,1)
+#define BIO_set_buffer_read_data(b,buf,num) BIO_ctrl(b,BIO_C_SET_BUFF_READ_DATA,num,buf)
+
+/* Don't use the next one unless you know what you are doing :-) */
+#define BIO_dup_state(b,ret)	BIO_ctrl(b,BIO_CTRL_DUP,0,(char *)(ret))
+
+#define BIO_reset(b)		(int)BIO_ctrl(b,BIO_CTRL_RESET,0,NULL)
+#define BIO_eof(b)		(int)BIO_ctrl(b,BIO_CTRL_EOF,0,NULL)
+#define BIO_set_close(b,c)	(int)BIO_ctrl(b,BIO_CTRL_SET_CLOSE,(c),NULL)
+#define BIO_get_close(b)	(int)BIO_ctrl(b,BIO_CTRL_GET_CLOSE,0,NULL)
+#define BIO_pending(b)		(int)BIO_ctrl(b,BIO_CTRL_PENDING,0,NULL)
+#define BIO_wpending(b)		(int)BIO_ctrl(b,BIO_CTRL_WPENDING,0,NULL)
+/* ...pending macros have inappropriate return type */
+size_t BIO_ctrl_pending(BIO *b);
+size_t BIO_ctrl_wpending(BIO *b);
+#define BIO_flush(b)		(int)BIO_ctrl(b,BIO_CTRL_FLUSH,0,NULL)
+#define BIO_get_info_callback(b,cbp) (int)BIO_ctrl(b,BIO_CTRL_GET_CALLBACK,0,(char *)cbp)
+#define BIO_set_info_callback(b,cb) (int)BIO_ctrl(b,BIO_CTRL_SET_CALLBACK,0,(char *)cb)
+
+/* For the BIO_f_buffer() type */
+#define BIO_buffer_get_num_lines(b) BIO_ctrl(b,BIO_CTRL_GET,0,NULL)
+
+/* For BIO_s_bio() */
+#define BIO_set_write_buf_size(b,size) (int)BIO_ctrl(b,BIO_C_SET_WRITE_BUF_SIZE,size,NULL)
+#define BIO_get_write_buf_size(b,size) (size_t)BIO_ctrl(b,BIO_C_GET_WRITE_BUF_SIZE,size,NULL)
+#define BIO_make_bio_pair(b1,b2)   (int)BIO_ctrl(b1,BIO_C_MAKE_BIO_PAIR,0,b2)
+#define BIO_destroy_bio_pair(b)    (int)BIO_ctrl(b,BIO_C_DESTROY_BIO_PAIR,0,NULL)
+/* macros with inappropriate type -- but ...pending macros use int too: */
+#define BIO_get_write_guarantee(b) (int)BIO_ctrl(b,BIO_C_GET_WRITE_GUARANTEE,0,NULL)
+#define BIO_get_read_request(b)    (int)BIO_ctrl(b,BIO_C_GET_READ_REQUEST,0,NULL)
+size_t BIO_ctrl_get_write_guarantee(BIO *b);
+size_t BIO_ctrl_get_read_request(BIO *b);
+
+
+
+#ifdef NO_STDIO
+#define NO_FP_API
+#endif
+
+
+/* These two aren't currently implemented */
+/* int BIO_get_ex_num(BIO *bio); */
+/* void BIO_set_ex_free_func(BIO *bio,int idx,void (*cb)()); */
+int BIO_set_ex_data(BIO *bio,int idx,char *data);
+char *BIO_get_ex_data(BIO *bio,int idx);
+int BIO_get_ex_new_index(long argl, char *argp, int (*new_func)(),
+	int (*dup_func)(), void (*free_func)());
+
+#  if defined(WIN16) && defined(_WINDLL)
+BIO_METHOD *BIO_s_file_internal(void);
+BIO *BIO_new_file_internal(char *filename, char *mode);
+BIO *BIO_new_fp_internal(FILE *stream, int close_flag);
+#    define BIO_s_file	BIO_s_file_internal
+#    define BIO_new_file	BIO_new_file_internal
+#    define BIO_new_fp	BIO_new_fp_internal
+#  else /* FP_API */
+BIO_METHOD *BIO_s_file(void );
+BIO *BIO_new_file(const char *filename, const char *mode);
+BIO *BIO_new_fp(FILE *stream, int close_flag);
+#    define BIO_s_file_internal		BIO_s_file
+#    define BIO_new_file_internal	BIO_new_file
+#    define BIO_new_fp_internal		BIO_s_file
+#  endif /* FP_API */
+BIO *	BIO_new(BIO_METHOD *type);
+int	BIO_set(BIO *a,BIO_METHOD *type);
+int	BIO_free(BIO *a);
+int	BIO_read(BIO *b, void *data, int len);
+int	BIO_gets(BIO *bp,char *buf, int size);
+int	BIO_write(BIO *b, const char *data, int len);
+int	BIO_puts(BIO *bp,const char *buf);
+long	BIO_ctrl(BIO *bp,int cmd,long larg,void *parg);
+char *	BIO_ptr_ctrl(BIO *bp,int cmd,long larg);
+long	BIO_int_ctrl(BIO *bp,int cmd,long larg,int iarg);
+BIO *	BIO_push(BIO *b,BIO *append);
+BIO *	BIO_pop(BIO *b);
+void	BIO_free_all(BIO *a);
+BIO *	BIO_find_type(BIO *b,int bio_type);
+BIO *	BIO_get_retry_BIO(BIO *bio, int *reason);
+int	BIO_get_retry_reason(BIO *bio);
+BIO *	BIO_dup_chain(BIO *in);
+
+#ifndef WIN16
+long BIO_debug_callback(BIO *bio,int cmd,const char *argp,int argi,
+	long argl,long ret);
+#else
+long _far _loadds BIO_debug_callback(BIO *bio,int cmd,const char *argp,int argi,
+	long argl,long ret);
+#endif
+
+BIO_METHOD *BIO_s_mem(void);
+BIO_METHOD *BIO_s_socket(void);
+BIO_METHOD *BIO_s_connect(void);
+BIO_METHOD *BIO_s_accept(void);
+BIO_METHOD *BIO_s_fd(void);
+BIO_METHOD *BIO_s_log(void);
+BIO_METHOD *BIO_s_bio(void);
+BIO_METHOD *BIO_s_null(void);
+BIO_METHOD *BIO_f_null(void);
+BIO_METHOD *BIO_f_buffer(void);
+BIO_METHOD *BIO_f_nbio_test(void);
+/* BIO_METHOD *BIO_f_ber(void); */
+
+int BIO_sock_should_retry(int i);
+int BIO_sock_non_fatal_error(int error);
+int BIO_fd_should_retry(int i);
+int BIO_fd_non_fatal_error(int error);
+int BIO_dump(BIO *b,const char *bytes,int len);
+
+struct hostent *BIO_gethostbyname(const char *name);
+/* We might want a thread-safe interface too:
+ * struct hostent *BIO_gethostbyname_r(const char *name,
+ *     struct hostent *result, void *buffer, size_t buflen);
+ * or something similar (caller allocates a struct hostent,
+ * pointed to by "result", and additional buffer space for the various
+ * substructures; if the buffer does not suffice, NULL is returned
+ * and an appropriate error code is set).
+ */
+int BIO_sock_error(int sock);
+int BIO_socket_ioctl(int fd, long type, unsigned long *arg);
+int BIO_socket_nbio(int fd,int mode);
+int BIO_get_port(const char *str, unsigned short *port_ptr);
+int BIO_get_host_ip(const char *str, unsigned char *ip);
+int BIO_get_accept_socket(char *host_port,int mode);
+int BIO_accept(int sock,char **ip_port);
+int BIO_sock_init(void );
+void BIO_sock_cleanup(void);
+int BIO_set_tcp_ndelay(int sock,int turn_on);
+
+void ERR_load_BIO_strings(void );
+
+BIO *BIO_new_socket(int sock, int close_flag);
+BIO *BIO_new_fd(int fd, int close_flag);
+BIO *BIO_new_connect(char *host_port);
+BIO *BIO_new_accept(char *host_port);
+
+int BIO_new_bio_pair(BIO **bio1, size_t writebuf1,
+	BIO **bio2, size_t writebuf2);
+/* If successful, returns 1 and in *bio1, *bio2 two BIO pair endpoints.
+ * Otherwise returns 0 and sets *bio1 and *bio2 to NULL.
+ * Size 0 uses default value.
+ */
+
+void BIO_copy_next_retry(BIO *b);
+
+long BIO_ghbn_ctrl(int cmd,int iarg,char *parg);
+
+int BIO_printf(BIO *bio, ...);
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+
+/* Error codes for the BIO functions. */
+
+/* Function codes. */
+#define BIO_F_ACPT_STATE				 100
+#define BIO_F_BIO_ACCEPT				 101
+#define BIO_F_BIO_BER_GET_HEADER			 102
+#define BIO_F_BIO_CTRL					 103
+#define BIO_F_BIO_GETHOSTBYNAME				 120
+#define BIO_F_BIO_GETS					 104
+#define BIO_F_BIO_GET_ACCEPT_SOCKET			 105
+#define BIO_F_BIO_GET_HOST_IP				 106
+#define BIO_F_BIO_GET_PORT				 107
+#define BIO_F_BIO_MAKE_PAIR				 121
+#define BIO_F_BIO_NEW					 108
+#define BIO_F_BIO_NEW_FILE				 109
+#define BIO_F_BIO_PUTS					 110
+#define BIO_F_BIO_READ					 111
+#define BIO_F_BIO_SOCK_INIT				 112
+#define BIO_F_BIO_WRITE					 113
+#define BIO_F_BUFFER_CTRL				 114
+#define BIO_F_CONN_STATE				 115
+#define BIO_F_FILE_CTRL					 116
+#define BIO_F_MEM_WRITE					 117
+#define BIO_F_SSL_NEW					 118
+#define BIO_F_WSASTARTUP				 119
+
+/* Reason codes. */
+#define BIO_R_ACCEPT_ERROR				 100
+#define BIO_R_BAD_FOPEN_MODE				 101
+#define BIO_R_BAD_HOSTNAME_LOOKUP			 102
+#define BIO_R_BROKEN_PIPE				 124
+#define BIO_R_CONNECT_ERROR				 103
+#define BIO_R_ERROR_SETTING_NBIO			 104
+#define BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET	 105
+#define BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET	 106
+#define BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET		 107
+#define BIO_R_INVALID_ARGUMENT				 125
+#define BIO_R_INVALID_IP_ADDRESS			 108
+#define BIO_R_IN_USE					 123
+#define BIO_R_KEEPALIVE					 109
+#define BIO_R_NBIO_CONNECT_ERROR			 110
+#define BIO_R_NO_ACCEPT_PORT_SPECIFIED			 111
+#define BIO_R_NO_HOSTNAME_SPECIFIED			 112
+#define BIO_R_NO_PORT_DEFINED				 113
+#define BIO_R_NO_PORT_SPECIFIED				 114
+#define BIO_R_NULL_PARAMETER				 115
+#define BIO_R_TAG_MISMATCH				 116
+#define BIO_R_UNABLE_TO_BIND_SOCKET			 117
+#define BIO_R_UNABLE_TO_CREATE_SOCKET			 118
+#define BIO_R_UNABLE_TO_LISTEN_SOCKET			 119
+#define BIO_R_UNINITIALIZED				 120
+#define BIO_R_UNSUPPORTED_METHOD			 121
+#define BIO_R_WSASTARTUP				 122
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
+
diff --git a/crypto/openssl/crypto/bio/bio_cb.c b/crypto/openssl/crypto/bio/bio_cb.c
new file mode 100644
index 000000000000..37c7c2266683
--- /dev/null
+++ b/crypto/openssl/crypto/bio/bio_cb.c
@@ -0,0 +1,133 @@
+/* crypto/bio/bio_cb.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+
+long MS_CALLBACK BIO_debug_callback(BIO *bio, int cmd, const char *argp,
+	     int argi, long argl, long ret)
+	{
+	BIO *b;
+	MS_STATIC char buf[256];
+	char *p;
+	long r=1;
+
+	if (BIO_CB_RETURN & cmd)
+		r=ret;
+
+	sprintf(buf,"BIO[%08lX]:",(unsigned long)bio);
+	p= &(buf[14]);
+	switch (cmd)
+		{
+	case BIO_CB_FREE:
+		sprintf(p,"Free - %s\n",bio->method->name);
+		break;
+	case BIO_CB_READ:
+		if (bio->method->type & BIO_TYPE_DESCRIPTOR)
+			sprintf(p,"read(%d,%d) - %s fd=%d\n",bio->num,argi,bio->method->name,bio->num);
+		else
+			sprintf(p,"read(%d,%d) - %s\n",bio->num,argi,bio->method->name);
+		break;
+	case BIO_CB_WRITE:
+		if (bio->method->type & BIO_TYPE_DESCRIPTOR)
+			sprintf(p,"write(%d,%d) - %s fd=%d\n",bio->num,argi,bio->method->name,bio->num);
+		else
+			sprintf(p,"write(%d,%d) - %s\n",bio->num,argi,bio->method->name);
+		break;
+	case BIO_CB_PUTS:
+		sprintf(p,"puts() - %s\n",bio->method->name);
+		break;
+	case BIO_CB_GETS:
+		sprintf(p,"gets(%d) - %s\n",argi,bio->method->name);
+		break;
+	case BIO_CB_CTRL:
+		sprintf(p,"ctrl(%d) - %s\n",argi,bio->method->name);
+		break;
+	case BIO_CB_RETURN|BIO_CB_READ:
+		sprintf(p,"read return %ld\n",ret);
+		break;
+	case BIO_CB_RETURN|BIO_CB_WRITE:
+		sprintf(p,"write return %ld\n",ret);
+		break;
+	case BIO_CB_RETURN|BIO_CB_GETS:
+		sprintf(p,"gets return %ld\n",ret);
+		break;
+	case BIO_CB_RETURN|BIO_CB_PUTS:
+		sprintf(p,"puts return %ld\n",ret);
+		break;
+	case BIO_CB_RETURN|BIO_CB_CTRL:
+		sprintf(p,"ctrl return %ld\n",ret);
+		break;
+	default:
+		sprintf(p,"bio callback - unknown type (%d)\n",cmd);
+		break;
+		}
+
+	b=(BIO *)bio->cb_arg;
+	if (b != NULL)
+		BIO_write(b,buf,strlen(buf));
+#if !defined(NO_STDIO) && !defined(WIN16)
+	else
+		fputs(buf,stderr);
+#endif
+	return(r);
+	}
diff --git a/crypto/openssl/crypto/bio/bio_err.c b/crypto/openssl/crypto/bio/bio_err.c
new file mode 100644
index 000000000000..712d98a3a1a9
--- /dev/null
+++ b/crypto/openssl/crypto/bio/bio_err.c
@@ -0,0 +1,139 @@
+/* crypto/bio/bio_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file.
+ */
+
+#include 
+#include 
+#include 
+
+/* BEGIN ERROR CODES */
+#ifndef NO_ERR
+static ERR_STRING_DATA BIO_str_functs[]=
+	{
+{ERR_PACK(0,BIO_F_ACPT_STATE,0),	"ACPT_STATE"},
+{ERR_PACK(0,BIO_F_BIO_ACCEPT,0),	"BIO_accept"},
+{ERR_PACK(0,BIO_F_BIO_BER_GET_HEADER,0),	"BIO_BER_GET_HEADER"},
+{ERR_PACK(0,BIO_F_BIO_CTRL,0),	"BIO_ctrl"},
+{ERR_PACK(0,BIO_F_BIO_GETHOSTBYNAME,0),	"BIO_gethostbyname"},
+{ERR_PACK(0,BIO_F_BIO_GETS,0),	"BIO_gets"},
+{ERR_PACK(0,BIO_F_BIO_GET_ACCEPT_SOCKET,0),	"BIO_get_accept_socket"},
+{ERR_PACK(0,BIO_F_BIO_GET_HOST_IP,0),	"BIO_get_host_ip"},
+{ERR_PACK(0,BIO_F_BIO_GET_PORT,0),	"BIO_get_port"},
+{ERR_PACK(0,BIO_F_BIO_MAKE_PAIR,0),	"BIO_MAKE_PAIR"},
+{ERR_PACK(0,BIO_F_BIO_NEW,0),	"BIO_new"},
+{ERR_PACK(0,BIO_F_BIO_NEW_FILE,0),	"BIO_new_file"},
+{ERR_PACK(0,BIO_F_BIO_PUTS,0),	"BIO_puts"},
+{ERR_PACK(0,BIO_F_BIO_READ,0),	"BIO_read"},
+{ERR_PACK(0,BIO_F_BIO_SOCK_INIT,0),	"BIO_sock_init"},
+{ERR_PACK(0,BIO_F_BIO_WRITE,0),	"BIO_write"},
+{ERR_PACK(0,BIO_F_BUFFER_CTRL,0),	"BUFFER_CTRL"},
+{ERR_PACK(0,BIO_F_CONN_STATE,0),	"CONN_STATE"},
+{ERR_PACK(0,BIO_F_FILE_CTRL,0),	"FILE_CTRL"},
+{ERR_PACK(0,BIO_F_MEM_WRITE,0),	"MEM_WRITE"},
+{ERR_PACK(0,BIO_F_SSL_NEW,0),	"SSL_new"},
+{ERR_PACK(0,BIO_F_WSASTARTUP,0),	"WSASTARTUP"},
+{0,NULL}
+	};
+
+static ERR_STRING_DATA BIO_str_reasons[]=
+	{
+{BIO_R_ACCEPT_ERROR                      ,"accept error"},
+{BIO_R_BAD_FOPEN_MODE                    ,"bad fopen mode"},
+{BIO_R_BAD_HOSTNAME_LOOKUP               ,"bad hostname lookup"},
+{BIO_R_BROKEN_PIPE                       ,"broken pipe"},
+{BIO_R_CONNECT_ERROR                     ,"connect error"},
+{BIO_R_ERROR_SETTING_NBIO                ,"error setting nbio"},
+{BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET,"error setting nbio on accepted socket"},
+{BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET,"error setting nbio on accept socket"},
+{BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET ,"gethostbyname addr is not af inet"},
+{BIO_R_INVALID_ARGUMENT                  ,"invalid argument"},
+{BIO_R_INVALID_IP_ADDRESS                ,"invalid ip address"},
+{BIO_R_IN_USE                            ,"in use"},
+{BIO_R_KEEPALIVE                         ,"keepalive"},
+{BIO_R_NBIO_CONNECT_ERROR                ,"nbio connect error"},
+{BIO_R_NO_ACCEPT_PORT_SPECIFIED          ,"no accept port specified"},
+{BIO_R_NO_HOSTNAME_SPECIFIED             ,"no hostname specified"},
+{BIO_R_NO_PORT_DEFINED                   ,"no port defined"},
+{BIO_R_NO_PORT_SPECIFIED                 ,"no port specified"},
+{BIO_R_NULL_PARAMETER                    ,"null parameter"},
+{BIO_R_TAG_MISMATCH                      ,"tag mismatch"},
+{BIO_R_UNABLE_TO_BIND_SOCKET             ,"unable to bind socket"},
+{BIO_R_UNABLE_TO_CREATE_SOCKET           ,"unable to create socket"},
+{BIO_R_UNABLE_TO_LISTEN_SOCKET           ,"unable to listen socket"},
+{BIO_R_UNINITIALIZED                     ,"uninitialized"},
+{BIO_R_UNSUPPORTED_METHOD                ,"unsupported method"},
+{BIO_R_WSASTARTUP                        ,"wsastartup"},
+{0,NULL}
+	};
+
+#endif
+
+void ERR_load_BIO_strings(void)
+	{
+	static int init=1;
+
+	if (init)
+		{
+		init=0;
+#ifndef NO_ERR
+		ERR_load_strings(ERR_LIB_BIO,BIO_str_functs);
+		ERR_load_strings(ERR_LIB_BIO,BIO_str_reasons);
+#endif
+
+		}
+	}
diff --git a/crypto/openssl/crypto/bio/bio_lib.c b/crypto/openssl/crypto/bio/bio_lib.c
new file mode 100644
index 000000000000..b72688ea901c
--- /dev/null
+++ b/crypto/openssl/crypto/bio/bio_lib.c
@@ -0,0 +1,496 @@
+/* crypto/bio/bio_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+
+static STACK *bio_meth=NULL;
+static int bio_meth_num=0;
+
+BIO *BIO_new(BIO_METHOD *method)
+	{
+	BIO *ret=NULL;
+
+	ret=(BIO *)Malloc(sizeof(BIO));
+	if (ret == NULL)
+		{
+		BIOerr(BIO_F_BIO_NEW,ERR_R_MALLOC_FAILURE);
+		return(NULL);
+		}
+	if (!BIO_set(ret,method))
+		{
+		Free(ret);
+		ret=NULL;
+		}
+	return(ret);
+	}
+
+int BIO_set(BIO *bio, BIO_METHOD *method)
+	{
+	bio->method=method;
+	bio->callback=NULL;
+	bio->cb_arg=NULL;
+	bio->init=0;
+	bio->shutdown=1;
+	bio->flags=0;
+	bio->retry_reason=0;
+	bio->num=0;
+	bio->ptr=NULL;
+	bio->prev_bio=NULL;
+	bio->next_bio=NULL;
+	bio->references=1;
+	bio->num_read=0L;
+	bio->num_write=0L;
+	CRYPTO_new_ex_data(bio_meth,(char *)bio,&bio->ex_data);
+	if (method->create != NULL)
+		if (!method->create(bio))
+			return(0);
+	return(1);
+	}
+
+int BIO_free(BIO *a)
+	{
+	int ret=0,i;
+
+	if (a == NULL) return(0);
+
+	i=CRYPTO_add(&a->references,-1,CRYPTO_LOCK_BIO);
+#ifdef REF_PRINT
+	REF_PRINT("BIO",a);
+#endif
+	if (i > 0) return(1);
+#ifdef REF_CHECK
+	if (i < 0)
+		{
+		fprintf(stderr,"BIO_free, bad reference count\n");
+		abort();
+		}
+#endif
+	if ((a->callback != NULL) &&
+		((i=(int)a->callback(a,BIO_CB_FREE,NULL,0,0L,1L)) <= 0))
+			return(i);
+
+	CRYPTO_free_ex_data(bio_meth,(char *)a,&a->ex_data);
+
+	if ((a->method == NULL) || (a->method->destroy == NULL)) return(1);
+	ret=a->method->destroy(a);
+	Free(a);
+	return(1);
+	}
+
+int BIO_read(BIO *b, void *out, int outl)
+	{
+	int i;
+	long (*cb)();
+
+	if ((b == NULL) || (b->method == NULL) || (b->method->bread == NULL))
+		{
+		BIOerr(BIO_F_BIO_READ,BIO_R_UNSUPPORTED_METHOD);
+		return(-2);
+		}
+
+	cb=b->callback;
+	if ((cb != NULL) &&
+		((i=(int)cb(b,BIO_CB_READ,out,outl,0L,1L)) <= 0))
+			return(i);
+
+	if (!b->init)
+		{
+		BIOerr(BIO_F_BIO_READ,BIO_R_UNINITIALIZED);
+		return(-2);
+		}
+
+	i=b->method->bread(b,out,outl);
+
+	if (i > 0) b->num_read+=(unsigned long)i;
+
+	if (cb != NULL)
+		i=(int)cb(b,BIO_CB_READ|BIO_CB_RETURN,out,outl,
+			0L,(long)i);
+	return(i);
+	}
+
+int BIO_write(BIO *b, const char *in, int inl)
+	{
+	int i;
+	long (*cb)();
+
+	if (b == NULL)
+		return(0);
+
+	cb=b->callback;
+	if ((b->method == NULL) || (b->method->bwrite == NULL))
+		{
+		BIOerr(BIO_F_BIO_WRITE,BIO_R_UNSUPPORTED_METHOD);
+		return(-2);
+		}
+
+	if ((cb != NULL) &&
+		((i=(int)cb(b,BIO_CB_WRITE,in,inl,0L,1L)) <= 0))
+			return(i);
+
+	if (!b->init)
+		{
+		BIOerr(BIO_F_BIO_WRITE,BIO_R_UNINITIALIZED);
+		return(-2);
+		}
+
+	i=b->method->bwrite(b,in,inl);
+
+	if (i > 0) b->num_write+=(unsigned long)i;
+
+	/* This is evil and not thread safe.  If the BIO has been freed,
+	 * we must not call the callback.  The only way to be able to
+	 * determine this is the reference count which is now invalid since
+	 * the memory has been free()ed.
+	 */
+	if (b->references <= 0) abort();
+	if (cb != NULL) /* && (b->references >= 1)) */
+		i=(int)cb(b,BIO_CB_WRITE|BIO_CB_RETURN,in,inl,
+			0L,(long)i);
+	return(i);
+	}
+
+int BIO_puts(BIO *b, const char *in)
+	{
+	int i;
+	long (*cb)();
+
+	if ((b == NULL) || (b->method == NULL) || (b->method->bputs == NULL))
+		{
+		BIOerr(BIO_F_BIO_PUTS,BIO_R_UNSUPPORTED_METHOD);
+		return(-2);
+		}
+
+	cb=b->callback;
+
+	if ((cb != NULL) &&
+		((i=(int)cb(b,BIO_CB_PUTS,in,0,0L,1L)) <= 0))
+			return(i);
+
+	if (!b->init)
+		{
+		BIOerr(BIO_F_BIO_PUTS,BIO_R_UNINITIALIZED);
+		return(-2);
+		}
+
+	i=b->method->bputs(b,in);
+
+	if (cb != NULL)
+		i=(int)cb(b,BIO_CB_PUTS|BIO_CB_RETURN,in,0,
+			0L,(long)i);
+	return(i);
+	}
+
+int BIO_gets(BIO *b, char *in, int inl)
+	{
+	int i;
+	long (*cb)();
+
+	if ((b == NULL) || (b->method == NULL) || (b->method->bgets == NULL))
+		{
+		BIOerr(BIO_F_BIO_GETS,BIO_R_UNSUPPORTED_METHOD);
+		return(-2);
+		}
+
+	cb=b->callback;
+
+	if ((cb != NULL) &&
+		((i=(int)cb(b,BIO_CB_GETS,in,inl,0L,1L)) <= 0))
+			return(i);
+
+	if (!b->init)
+		{
+		BIOerr(BIO_F_BIO_GETS,BIO_R_UNINITIALIZED);
+		return(-2);
+		}
+
+	i=b->method->bgets(b,in,inl);
+
+	if (cb != NULL)
+		i=(int)cb(b,BIO_CB_GETS|BIO_CB_RETURN,in,inl,
+			0L,(long)i);
+	return(i);
+	}
+
+long BIO_int_ctrl(BIO *b, int cmd, long larg, int iarg)
+	{
+	int i;
+
+	i=iarg;
+	return(BIO_ctrl(b,cmd,larg,(char *)&i));
+	}
+
+char *BIO_ptr_ctrl(BIO *b, int cmd, long larg)
+	{
+	char *p=NULL;
+
+	if (BIO_ctrl(b,cmd,larg,(char *)&p) <= 0)
+		return(NULL);
+	else
+		return(p);
+	}
+
+long BIO_ctrl(BIO *b, int cmd, long larg, void *parg)
+	{
+	long ret;
+	long (*cb)();
+
+	if (b == NULL) return(0);
+
+	if ((b->method == NULL) || (b->method->ctrl == NULL))
+		{
+		BIOerr(BIO_F_BIO_CTRL,BIO_R_UNSUPPORTED_METHOD);
+		return(-2);
+		}
+
+	cb=b->callback;
+
+	if ((cb != NULL) &&
+		((ret=cb(b,BIO_CB_CTRL,parg,cmd,larg,1L)) <= 0))
+		return(ret);
+
+	ret=b->method->ctrl(b,cmd,larg,parg);
+
+	if (cb != NULL)
+		ret=cb(b,BIO_CB_CTRL|BIO_CB_RETURN,parg,cmd,
+			larg,ret);
+	return(ret);
+	}
+
+/* It is unfortunate to duplicate in functions what the BIO_(w)pending macros
+ * do; but those macros have inappropriate return type, and for interfacing
+ * from other programming languages, C macros aren't much of a help anyway. */
+size_t BIO_ctrl_pending(BIO *bio)
+    {
+	return BIO_ctrl(bio, BIO_CTRL_PENDING, 0, NULL);
+	}
+
+size_t BIO_ctrl_wpending(BIO *bio)
+    {
+	return BIO_ctrl(bio, BIO_CTRL_WPENDING, 0, NULL);
+	}
+
+
+/* put the 'bio' on the end of b's list of operators */
+BIO *BIO_push(BIO *b, BIO *bio)
+	{
+	BIO *lb;
+
+	if (b == NULL) return(bio);
+	lb=b;
+	while (lb->next_bio != NULL)
+		lb=lb->next_bio;
+	lb->next_bio=bio;
+	if (bio != NULL)
+		bio->prev_bio=lb;
+	/* called to do internal processing */
+	BIO_ctrl(b,BIO_CTRL_PUSH,0,NULL);
+	return(b);
+	}
+
+/* Remove the first and return the rest */
+BIO *BIO_pop(BIO *b)
+	{
+	BIO *ret;
+
+	if (b == NULL) return(NULL);
+	ret=b->next_bio;
+
+	if (b->prev_bio != NULL)
+		b->prev_bio->next_bio=b->next_bio;
+	if (b->next_bio != NULL)
+		b->next_bio->prev_bio=b->prev_bio;
+
+	b->next_bio=NULL;
+	b->prev_bio=NULL;
+	BIO_ctrl(b,BIO_CTRL_POP,0,NULL);
+	return(ret);
+	}
+
+BIO *BIO_get_retry_BIO(BIO *bio, int *reason)
+	{
+	BIO *b,*last;
+
+	b=last=bio;
+	for (;;)
+		{
+		if (!BIO_should_retry(b)) break;
+		last=b;
+		b=b->next_bio;
+		if (b == NULL) break;
+		}
+	if (reason != NULL) *reason=last->retry_reason;
+	return(last);
+	}
+
+int BIO_get_retry_reason(BIO *bio)
+	{
+	return(bio->retry_reason);
+	}
+
+BIO *BIO_find_type(BIO *bio, int type)
+	{
+	int mt,mask;
+
+	mask=type&0xff;
+	do	{
+		if (bio->method != NULL)
+			{
+			mt=bio->method->type;
+
+			if (!mask)
+				{
+				if (mt & type) return(bio);
+				}
+			else if (mt == type)
+				return(bio);
+			}
+		bio=bio->next_bio;
+		} while (bio != NULL);
+	return(NULL);
+	}
+
+void BIO_free_all(BIO *bio)
+	{
+	BIO *b;
+	int ref;
+
+	while (bio != NULL)
+		{
+		b=bio;
+		ref=b->references;
+		bio=bio->next_bio;
+		BIO_free(b);
+		/* Since ref count > 1, don't free anyone else. */
+		if (ref > 1) break;
+		}
+	}
+
+BIO *BIO_dup_chain(BIO *in)
+	{
+	BIO *ret=NULL,*eoc=NULL,*bio,*new;
+
+	for (bio=in; bio != NULL; bio=bio->next_bio)
+		{
+		if ((new=BIO_new(bio->method)) == NULL) goto err;
+		new->callback=bio->callback;
+		new->cb_arg=bio->cb_arg;
+		new->init=bio->init;
+		new->shutdown=bio->shutdown;
+		new->flags=bio->flags;
+
+		/* This will let SSL_s_sock() work with stdin/stdout */
+		new->num=bio->num;
+
+		if (!BIO_dup_state(bio,(char *)new))
+			{
+			BIO_free(new);
+			goto err;
+			}
+
+		/* copy app data */
+		if (!CRYPTO_dup_ex_data(bio_meth,&new->ex_data,&bio->ex_data))
+			goto err;
+
+		if (ret == NULL)
+			{
+			eoc=new;
+			ret=eoc;
+			}
+		else
+			{
+			BIO_push(eoc,new);
+			eoc=new;
+			}
+		}
+	return(ret);
+err:
+	if (ret != NULL)
+		BIO_free(ret);
+	return(NULL);	
+	}
+
+void BIO_copy_next_retry(BIO *b)
+	{
+	BIO_set_flags(b,BIO_get_retry_flags(b->next_bio));
+	b->retry_reason=b->next_bio->retry_reason;
+	}
+
+int BIO_get_ex_new_index(long argl, char *argp, int (*new_func)(),
+	     int (*dup_func)(), void (*free_func)())
+	{
+	bio_meth_num++;
+	return(CRYPTO_get_ex_new_index(bio_meth_num-1,&bio_meth,
+		argl,argp,new_func,dup_func,free_func));
+	}
+
+int BIO_set_ex_data(BIO *bio, int idx, char *data)
+	{
+	return(CRYPTO_set_ex_data(&(bio->ex_data),idx,data));
+	}
+
+char *BIO_get_ex_data(BIO *bio, int idx)
+	{
+	return(CRYPTO_get_ex_data(&(bio->ex_data),idx));
+	}
+
diff --git a/crypto/openssl/crypto/bio/bss_acpt.c b/crypto/openssl/crypto/bio/bss_acpt.c
new file mode 100644
index 000000000000..47af80f76d51
--- /dev/null
+++ b/crypto/openssl/crypto/bio/bss_acpt.c
@@ -0,0 +1,466 @@
+/* crypto/bio/bss_acpt.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef NO_SOCK
+
+#include 
+#include 
+#define USE_SOCKETS
+#include "cryptlib.h"
+#include 
+
+#ifdef WIN16
+#define SOCKET_PROTOCOL 0 /* more microsoft stupidity */
+#else
+#define SOCKET_PROTOCOL IPPROTO_TCP
+#endif
+
+#if (defined(VMS) && __VMS_VER < 70000000)
+/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */
+#undef FIONBIO
+#endif
+
+typedef struct bio_accept_st
+	{
+	int state;
+	char *param_addr;
+
+	int accept_sock;
+	int accept_nbio;
+
+	char *addr;
+	int nbio;
+	/* If 0, it means normal, if 1, do a connect on bind failure,
+	 * and if there is no-one listening, bind with SO_REUSEADDR.
+	 * If 2, always use SO_REUSEADDR. */
+	int bind_mode;
+	BIO *bio_chain;
+	} BIO_ACCEPT;
+
+static int acpt_write(BIO *h,char *buf,int num);
+static int acpt_read(BIO *h,char *buf,int size);
+static int acpt_puts(BIO *h,char *str);
+static long acpt_ctrl(BIO *h,int cmd,long arg1,char *arg2);
+static int acpt_new(BIO *h);
+static int acpt_free(BIO *data);
+static int acpt_state(BIO *b, BIO_ACCEPT *c);
+static void acpt_close_socket(BIO *data);
+BIO_ACCEPT *BIO_ACCEPT_new(void );
+void BIO_ACCEPT_free(BIO_ACCEPT *a);
+
+#define ACPT_S_BEFORE			1
+#define ACPT_S_GET_ACCEPT_SOCKET	2
+#define ACPT_S_OK			3
+
+static BIO_METHOD methods_acceptp=
+	{
+	BIO_TYPE_ACCEPT,
+	"socket accept",
+	acpt_write,
+	acpt_read,
+	acpt_puts,
+	NULL, /* connect_gets, */
+	acpt_ctrl,
+	acpt_new,
+	acpt_free,
+	};
+
+BIO_METHOD *BIO_s_accept(void)
+	{
+	return(&methods_acceptp);
+	}
+
+static int acpt_new(BIO *bi)
+	{
+	BIO_ACCEPT *ba;
+
+	bi->init=0;
+	bi->num=INVALID_SOCKET;
+	bi->flags=0;
+	if ((ba=BIO_ACCEPT_new()) == NULL)
+		return(0);
+	bi->ptr=(char *)ba;
+	ba->state=ACPT_S_BEFORE;
+	bi->shutdown=1;
+	return(1);
+	}
+
+BIO_ACCEPT *BIO_ACCEPT_new(void)
+	{
+	BIO_ACCEPT *ret;
+
+	if ((ret=(BIO_ACCEPT *)Malloc(sizeof(BIO_ACCEPT))) == NULL)
+		return(NULL);
+
+	memset(ret,0,sizeof(BIO_ACCEPT));
+	ret->accept_sock=INVALID_SOCKET;
+	ret->bind_mode=BIO_BIND_NORMAL;
+	return(ret);
+	}
+
+void BIO_ACCEPT_free(BIO_ACCEPT *a)
+	{
+	if(a == NULL)
+	    return;
+
+	if (a->param_addr != NULL) Free(a->param_addr);
+	if (a->addr != NULL) Free(a->addr);
+	if (a->bio_chain != NULL) BIO_free(a->bio_chain);
+	Free(a);
+	}
+
+static void acpt_close_socket(BIO *bio)
+	{
+	BIO_ACCEPT *c;
+
+	c=(BIO_ACCEPT *)bio->ptr;
+	if (c->accept_sock != INVALID_SOCKET)
+		{
+		shutdown(c->accept_sock,2);
+		closesocket(c->accept_sock);
+		c->accept_sock=INVALID_SOCKET;
+		bio->num=INVALID_SOCKET;
+		}
+	}
+
+static int acpt_free(BIO *a)
+	{
+	BIO_ACCEPT *data;
+
+	if (a == NULL) return(0);
+	data=(BIO_ACCEPT *)a->ptr;
+	 
+	if (a->shutdown)
+		{
+		acpt_close_socket(a);
+		BIO_ACCEPT_free(data);
+		a->ptr=NULL;
+		a->flags=0;
+		a->init=0;
+		}
+	return(1);
+	}
+	
+static int acpt_state(BIO *b, BIO_ACCEPT *c)
+	{
+	BIO *bio=NULL,*dbio;
+	int s= -1;
+	int i;
+
+again:
+	switch (c->state)
+		{
+	case ACPT_S_BEFORE:
+		if (c->param_addr == NULL)
+			{
+			BIOerr(BIO_F_ACPT_STATE,BIO_R_NO_ACCEPT_PORT_SPECIFIED);
+			return(-1);
+			}
+		s=BIO_get_accept_socket(c->param_addr,c->bind_mode);
+		if (s == INVALID_SOCKET)
+			return(-1);
+
+		if (c->accept_nbio)
+			{
+			if (!BIO_socket_nbio(s,1))
+				{
+				closesocket(s);
+				BIOerr(BIO_F_ACPT_STATE,BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET);
+				return(-1);
+				}
+			}
+		c->accept_sock=s;
+		b->num=s;
+		c->state=ACPT_S_GET_ACCEPT_SOCKET;
+		return(1);
+		/* break; */
+	case ACPT_S_GET_ACCEPT_SOCKET:
+		if (b->next_bio != NULL)
+			{
+			c->state=ACPT_S_OK;
+			goto again;
+			}
+		i=BIO_accept(c->accept_sock,&(c->addr));
+		if (i < 0) return(i);
+		bio=BIO_new_socket(i,BIO_CLOSE);
+		if (bio == NULL) goto err;
+
+		BIO_set_callback(bio,BIO_get_callback(b));
+		BIO_set_callback_arg(bio,BIO_get_callback_arg(b));
+
+		if (c->nbio)
+			{
+			if (!BIO_socket_nbio(i,1))
+				{
+				BIOerr(BIO_F_ACPT_STATE,BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET);
+				goto err;
+				}
+			}
+
+		/* If the accept BIO has an bio_chain, we dup it and
+		 * put the new socket at the end. */
+		if (c->bio_chain != NULL)
+			{
+			if ((dbio=BIO_dup_chain(c->bio_chain)) == NULL)
+				goto err;
+			if (!BIO_push(dbio,bio)) goto err;
+			bio=dbio;
+			}
+		if (BIO_push(b,bio) == NULL) goto err;
+
+		c->state=ACPT_S_OK;
+		return(1);
+err:
+		if (bio != NULL)
+			BIO_free(bio);
+		else if (s >= 0)
+			closesocket(s);
+		return(0);
+		/* break; */
+	case ACPT_S_OK:
+		if (b->next_bio == NULL)
+			{
+			c->state=ACPT_S_GET_ACCEPT_SOCKET;
+			goto again;
+			}
+		return(1);
+		/* break; */
+	default:	
+		return(0);
+		/* break; */
+		}
+
+	}
+
+static int acpt_read(BIO *b, char *out, int outl)
+	{
+	int ret=0;
+	BIO_ACCEPT *data;
+
+	BIO_clear_retry_flags(b);
+	data=(BIO_ACCEPT *)b->ptr;
+
+	while (b->next_bio == NULL)
+		{
+		ret=acpt_state(b,data);
+		if (ret <= 0) return(ret);
+		}
+
+	ret=BIO_read(b->next_bio,out,outl);
+	BIO_copy_next_retry(b);
+	return(ret);
+	}
+
+static int acpt_write(BIO *b, char *in, int inl)
+	{
+	int ret;
+	BIO_ACCEPT *data;
+
+	BIO_clear_retry_flags(b);
+	data=(BIO_ACCEPT *)b->ptr;
+
+	while (b->next_bio == NULL)
+		{
+		ret=acpt_state(b,data);
+		if (ret <= 0) return(ret);
+		}
+
+	ret=BIO_write(b->next_bio,in,inl);
+	BIO_copy_next_retry(b);
+	return(ret);
+	}
+
+static long acpt_ctrl(BIO *b, int cmd, long num, char *ptr)
+	{
+	BIO *dbio;
+	int *ip;
+	long ret=1;
+	BIO_ACCEPT *data;
+	char **pp;
+
+	data=(BIO_ACCEPT *)b->ptr;
+
+	switch (cmd)
+		{
+	case BIO_CTRL_RESET:
+		ret=0;
+		data->state=ACPT_S_BEFORE;
+		acpt_close_socket(b);
+		b->flags=0;
+		break;
+	case BIO_C_DO_STATE_MACHINE:
+		/* use this one to start the connection */
+		ret=(long)acpt_state(b,data);
+		break;
+	case BIO_C_SET_ACCEPT:
+		if (ptr != NULL)
+			{
+			if (num == 0)
+				{
+				b->init=1;
+				if (data->param_addr != NULL)
+					Free(data->param_addr);
+				data->param_addr=BUF_strdup(ptr);
+				}
+			else if (num == 1)
+				{
+				data->accept_nbio=(ptr != NULL);
+				}
+			else if (num == 2)
+				{
+				if (data->bio_chain != NULL)
+					BIO_free(data->bio_chain);
+				data->bio_chain=(BIO *)ptr;
+				}
+			}
+		break;
+	case BIO_C_SET_NBIO:
+		data->nbio=(int)num;
+		break;
+	case BIO_C_SET_FD:
+		b->init=1;
+		b->num= *((int *)ptr);
+		data->accept_sock=b->num;
+		data->state=ACPT_S_GET_ACCEPT_SOCKET;
+		b->shutdown=(int)num;
+		b->init=1;
+		break;
+	case BIO_C_GET_FD:
+		if (b->init)
+			{
+			ip=(int *)ptr;
+			if (ip != NULL)
+				*ip=data->accept_sock;
+			ret=data->accept_sock;
+			}
+		else
+			ret= -1;
+		break;
+	case BIO_C_GET_ACCEPT:
+		if (b->init)
+			{
+			if (ptr != NULL)
+				{
+				pp=(char **)ptr;
+				*pp=data->param_addr;
+				}
+			else
+				ret= -1;
+			}
+		else
+			ret= -1;
+		break;
+	case BIO_CTRL_GET_CLOSE:
+		ret=b->shutdown;
+		break;
+	case BIO_CTRL_SET_CLOSE:
+		b->shutdown=(int)num;
+		break;
+	case BIO_CTRL_PENDING:
+	case BIO_CTRL_WPENDING:
+		ret=0;
+		break;
+	case BIO_CTRL_FLUSH:
+		break;
+	case BIO_C_SET_BIND_MODE:
+		data->bind_mode=(int)num;
+		break;
+	case BIO_C_GET_BIND_MODE:
+		ret=(long)data->bind_mode;
+		break;
+	case BIO_CTRL_DUP:
+		dbio=(BIO *)ptr;
+/*		if (data->param_port) EAY EAY
+			BIO_set_port(dbio,data->param_port);
+		if (data->param_hostname)
+			BIO_set_hostname(dbio,data->param_hostname);
+		BIO_set_nbio(dbio,data->nbio); */
+		break;
+
+	default:
+		ret=0;
+		break;
+		}
+	return(ret);
+	}
+
+static int acpt_puts(BIO *bp, char *str)
+	{
+	int n,ret;
+
+	n=strlen(str);
+	ret=acpt_write(bp,str,n);
+	return(ret);
+	}
+
+BIO *BIO_new_accept(char *str)
+	{
+	BIO *ret;
+
+	ret=BIO_new(BIO_s_accept());
+	if (ret == NULL) return(NULL);
+	if (BIO_set_accept_port(ret,str))
+		return(ret);
+	else
+		{
+		BIO_free(ret);
+		return(NULL);
+		}
+	}
+
+#endif
diff --git a/crypto/openssl/crypto/bio/bss_bio.c b/crypto/openssl/crypto/bio/bss_bio.c
new file mode 100644
index 000000000000..562e9d8de274
--- /dev/null
+++ b/crypto/openssl/crypto/bio/bss_bio.c
@@ -0,0 +1,588 @@
+/* crypto/bio/bss_bio.c  -*- Mode: C; c-file-style: "eay" -*- */
+
+/* Special method for a BIO where the other endpoint is also a BIO
+ * of this kind, handled by the same thread (i.e. the "peer" is actually
+ * ourselves, wearing a different hat).
+ * Such "BIO pairs" are mainly for using the SSL library with I/O interfaces
+ * for which no specific BIO method is available.
+ * See ssl/ssltest.c for some hints on how this can be used. */
+
+#ifndef BIO_PAIR_DEBUG
+# undef NDEBUG /* avoid conflicting definitions */
+# define NDEBUG
+#endif
+
+#include 
+#include 
+#include 
+
+#include 
+#include 
+#include 
+
+static int bio_new(BIO *bio);
+static int bio_free(BIO *bio);
+static int bio_read(BIO *bio, char *buf, int size);
+static int bio_write(BIO *bio, char *buf, int num);
+static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr);
+static int bio_puts(BIO *bio, char *str);
+
+static int bio_make_pair(BIO *bio1, BIO *bio2);
+static void bio_destroy_pair(BIO *bio);
+
+static BIO_METHOD methods_biop =
+{
+	BIO_TYPE_BIO,
+	"BIO pair",
+	bio_write,
+	bio_read,
+	bio_puts,
+	NULL /* no bio_gets */,
+	bio_ctrl,
+	bio_new,
+	bio_free
+};
+
+BIO_METHOD *BIO_s_bio(void)
+	{
+	return &methods_biop;
+	}
+
+struct bio_bio_st
+{
+	BIO *peer;     /* NULL if buf == NULL.
+	                * If peer != NULL, then peer->ptr is also a bio_bio_st,
+	                * and its "peer" member points back to us.
+	                * peer != NULL iff init != 0 in the BIO. */
+	
+	/* This is for what we write (i.e. reading uses peer's struct): */
+	int closed;     /* valid iff peer != NULL */
+	size_t len;     /* valid iff buf != NULL; 0 if peer == NULL */
+	size_t offset;  /* valid iff buf != NULL; 0 if len == 0 */
+	size_t size;
+	char *buf;      /* "size" elements (if != NULL) */
+
+	size_t request; /* valid iff peer != NULL; 0 if len != 0,
+	                 * otherwise set by peer to number of bytes
+	                 * it (unsuccesfully) tried to read,
+	                 * never more than buffer space (size-len) warrants. */
+};
+
+static int bio_new(BIO *bio)
+	{
+	struct bio_bio_st *b;
+	
+	b = Malloc(sizeof *b);
+	if (b == NULL)
+		return 0;
+
+	b->peer = NULL;
+	b->size = 17*1024; /* enough for one TLS record (just a default) */
+	b->buf = NULL;
+
+	bio->ptr = b;
+	return 1;
+	}
+
+
+static int bio_free(BIO *bio)
+	{
+	struct bio_bio_st *b;
+
+	if (bio == NULL)
+		return 0;
+	b = bio->ptr;
+
+	assert(b != NULL);
+
+	if (b->peer)
+		bio_destroy_pair(bio);
+	
+	if (b->buf != NULL)
+		{
+		Free(b->buf);
+		}
+
+	Free(b);
+
+	return 1;
+	}
+
+
+
+static int bio_read(BIO *bio, char *buf, int size_)
+	{
+	size_t size = size_;
+	size_t rest;
+	struct bio_bio_st *b, *peer_b;
+
+	BIO_clear_retry_flags(bio);
+
+	if (!bio->init)
+		return 0;
+
+	b = bio->ptr;
+	assert(b != NULL);
+	assert(b->peer != NULL);
+	peer_b = b->peer->ptr;
+	assert(peer_b != NULL);
+	assert(peer_b->buf != NULL);
+
+	peer_b->request = 0; /* will be set in "retry_read" situation */
+
+	if (buf == NULL || size == 0)
+		return 0;
+
+	if (peer_b->len == 0)
+		{
+		if (peer_b->closed)
+			return 0; /* writer has closed, and no data is left */
+		else
+			{
+			BIO_set_retry_read(bio); /* buffer is empty */
+			if (size <= peer_b->size)
+				peer_b->request = size;
+			else
+				/* don't ask for more than the peer can
+				 * deliver in one write */
+				peer_b->request = peer_b->size;
+			return -1;
+			}
+		}
+
+	/* we can read */
+	if (peer_b->len < size)
+		size = peer_b->len;
+
+	/* now read "size" bytes */
+	
+	rest = size;
+	
+	assert(rest > 0);
+	do /* one or two iterations */
+		{
+		size_t chunk;
+		
+		assert(rest <= peer_b->len);
+		if (peer_b->offset + rest <= peer_b->size)
+			chunk = rest;
+		else
+			/* wrap around ring buffer */
+			chunk = peer_b->size - peer_b->offset;
+		assert(peer_b->offset + chunk <= peer_b->size);
+		
+		memcpy(buf, peer_b->buf + peer_b->offset, chunk);
+		
+		peer_b->len -= chunk;
+		if (peer_b->len)
+			{
+			peer_b->offset += chunk;
+			assert(peer_b->offset <= peer_b->size);
+			if (peer_b->offset == peer_b->size)
+				peer_b->offset = 0;
+			buf += chunk;
+			}
+		else
+			{
+			/* buffer now empty, no need to advance "buf" */
+			assert(chunk == rest);
+			peer_b->offset = 0;
+			}
+		rest -= chunk;
+		}
+	while (rest);
+	
+	return size;
+	}
+
+static int bio_write(BIO *bio, char *buf, int num_)
+	{
+	size_t num = num_;
+	size_t rest;
+	struct bio_bio_st *b;
+
+	BIO_clear_retry_flags(bio);
+
+	if (!bio->init || buf == NULL || num == 0)
+		return 0;
+
+	b = bio->ptr;		
+	assert(b != NULL);
+	assert(b->peer != NULL);
+	assert(b->buf != NULL);
+
+	b->request = 0;
+	if (b->closed)
+		{
+		/* we already closed */
+		BIOerr(BIO_F_BIO_WRITE, BIO_R_BROKEN_PIPE);
+		return -1;
+		}
+
+	assert(b->len <= b->size);
+
+	if (b->len == b->size)
+		{
+		BIO_set_retry_write(bio); /* buffer is full */
+		return -1;
+		}
+
+	/* we can write */
+	if (num > b->size - b->len)
+		num = b->size - b->len;
+	
+	/* now write "num" bytes */
+
+	rest = num;
+	
+	assert(rest > 0);
+	do /* one or two iterations */
+		{
+		size_t write_offset;
+		size_t chunk;
+
+		assert(b->len + rest <= b->size);
+
+		write_offset = b->offset + b->len;
+		if (write_offset >= b->size)
+			write_offset -= b->size;
+		/* b->buf[write_offset] is the first byte we can write to. */
+
+		if (write_offset + rest <= b->size)
+			chunk = rest;
+		else
+			/* wrap around ring buffer */
+			chunk = b->size - write_offset;
+		
+		memcpy(b->buf + write_offset, buf, chunk);
+		
+		b->len += chunk;
+
+		assert(b->len <= b->size);
+		
+		rest -= chunk;
+		buf += chunk;
+		}
+	while (rest);
+
+	return num;
+	}
+
+
+static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr)
+	{
+	long ret;
+	struct bio_bio_st *b = bio->ptr;
+	
+	assert(b != NULL);
+
+	switch (cmd)
+		{
+	/* specific CTRL codes */
+
+	case BIO_C_SET_WRITE_BUF_SIZE:
+		if (b->peer)
+			{
+			BIOerr(BIO_F_BIO_CTRL, BIO_R_IN_USE);
+			ret = 0;
+			}
+		else if (num == 0)
+			{
+			BIOerr(BIO_F_BIO_CTRL, BIO_R_INVALID_ARGUMENT);
+			ret = 0;
+			}
+		else
+			{
+			size_t new_size = num;
+
+			if (b->size != new_size)
+				{
+				if (b->buf) 
+					{
+					Free(b->buf);
+					b->buf = NULL;
+					}
+				b->size = new_size;
+				}
+			ret = 1;
+			}
+		break;
+
+	case BIO_C_GET_WRITE_BUF_SIZE:
+		num = (long) b->size;
+
+	case BIO_C_MAKE_BIO_PAIR:
+		{
+		BIO *other_bio = ptr;
+		
+		if (bio_make_pair(bio, other_bio))
+			ret = 1;
+		else
+			ret = 0;
+		}
+		break;
+		
+	case BIO_C_DESTROY_BIO_PAIR:
+		/* Effects both BIOs in the pair -- call just once!
+		 * Or let BIO_free(bio1); BIO_free(bio2); do the job. */
+		bio_destroy_pair(bio);
+		ret = 1;
+		break;
+
+	case BIO_C_GET_WRITE_GUARANTEE:
+		/* How many bytes can the caller feed to the next write
+		 * withouth having to keep any? */
+		if (b->peer == NULL || b->closed)
+			ret = 0;
+		else
+			ret = (long) b->size - b->len;
+		break;
+
+	case BIO_C_GET_READ_REQUEST:
+		/* If the peer unsuccesfully tried to read, how many bytes
+		 * were requested?  (As with BIO_CTRL_PENDING, that number
+		 * can usually be treated as boolean.) */
+		ret = (long) b->request;
+		break;
+
+	case BIO_C_SHUTDOWN_WR:
+		/* similar to shutdown(..., SHUT_WR) */
+		b->closed = 1;
+		ret = 1;
+		break;
+
+
+	/* standard CTRL codes follow */
+
+	case BIO_CTRL_RESET:
+		if (b->buf != NULL)
+			{
+			b->len = 0;
+			b->offset = 0;
+			}
+		ret = 0;
+		break;		
+
+	case BIO_CTRL_GET_CLOSE:
+		ret = bio->shutdown;
+		break;
+
+	case BIO_CTRL_SET_CLOSE:
+		bio->shutdown = (int) num;
+		ret = 1;
+		break;
+
+	case BIO_CTRL_PENDING:
+		if (b->peer != NULL)
+			{
+			struct bio_bio_st *peer_b = b->peer->ptr;
+			
+			ret = (long) peer_b->len;
+			}
+		else
+			ret = 0;
+		break;
+
+	case BIO_CTRL_WPENDING:
+		if (b->buf != NULL)
+			ret = (long) b->len;
+		else
+			ret = 0;
+		break;
+
+	case BIO_CTRL_DUP:
+		/* See BIO_dup_chain for circumstances we have to expect. */
+		{
+		BIO *other_bio = ptr;
+		struct bio_bio_st *other_b;
+		
+		assert(other_bio != NULL);
+		other_b = other_bio->ptr;
+		assert(other_b != NULL);
+		
+		assert(other_b->buf == NULL); /* other_bio is always fresh */
+
+		other_b->size = b->size;
+		}
+
+		ret = 1;
+		break;
+
+	case BIO_CTRL_FLUSH:
+		ret = 1;
+		break;
+
+	case BIO_CTRL_EOF:
+		{
+		BIO *other_bio = ptr;
+		
+		if (other_bio)
+			{
+			struct bio_bio_st *other_b = other_bio->ptr;
+			
+			assert(other_b != NULL);
+			ret = other_b->len == 0 && other_b->closed;
+			}
+		else
+			ret = 1;
+		}
+		break;
+
+	default:
+		ret = 0;
+		}
+	return ret;
+	}
+
+static int bio_puts(BIO *bio, char *str)
+	{
+	return bio_write(bio, str, strlen(str));
+	}
+
+
+static int bio_make_pair(BIO *bio1, BIO *bio2)
+	{
+	struct bio_bio_st *b1, *b2;
+
+	assert(bio1 != NULL);
+	assert(bio2 != NULL);
+
+	b1 = bio1->ptr;
+	b2 = bio2->ptr;
+	
+	if (b1->peer != NULL || b2->peer != NULL)
+		{
+		BIOerr(BIO_F_BIO_MAKE_PAIR, BIO_R_IN_USE);
+		return 0;
+		}
+	
+	if (b1->buf == NULL)
+		{
+		b1->buf = Malloc(b1->size);
+		if (b1->buf == NULL)
+			{
+			BIOerr(BIO_F_BIO_MAKE_PAIR, ERR_R_MALLOC_FAILURE);
+			return 0;
+			}
+		b1->len = 0;
+		b1->offset = 0;
+		}
+	
+	if (b2->buf == NULL)
+		{
+		b2->buf = Malloc(b2->size);
+		if (b2->buf == NULL)
+			{
+			BIOerr(BIO_F_BIO_MAKE_PAIR, ERR_R_MALLOC_FAILURE);
+			return 0;
+			}
+		b2->len = 0;
+		b2->offset = 0;
+		}
+	
+	b1->peer = bio2;
+	b1->closed = 0;
+	b1->request = 0;
+	b2->peer = bio1;
+	b2->closed = 0;
+	b2->request = 0;
+
+	bio1->init = 1;
+	bio2->init = 1;
+
+	return 1;
+	}
+
+static void bio_destroy_pair(BIO *bio)
+	{
+	struct bio_bio_st *b = bio->ptr;
+
+	if (b != NULL)
+		{
+		BIO *peer_bio = b->peer;
+
+		if (peer_bio != NULL)
+			{
+			struct bio_bio_st *peer_b = peer_bio->ptr;
+
+			assert(peer_b != NULL);
+			assert(peer_b->peer == bio);
+
+			peer_b->peer = NULL;
+			peer_bio->init = 0;
+			assert(peer_b->buf != NULL);
+			peer_b->len = 0;
+			peer_b->offset = 0;
+			
+			b->peer = NULL;
+			bio->init = 0;
+			assert(b->buf != NULL);
+			b->len = 0;
+			b->offset = 0;
+			}
+		}
+	}
+ 
+
+/* Exported convenience functions */
+int BIO_new_bio_pair(BIO **bio1_p, size_t writebuf1,
+	BIO **bio2_p, size_t writebuf2)
+	 {
+	 BIO *bio1 = NULL, *bio2 = NULL;
+	 long r;
+	 int ret = 0;
+
+	 bio1 = BIO_new(BIO_s_bio());
+	 if (bio1 == NULL)
+		 goto err;
+	 bio2 = BIO_new(BIO_s_bio());
+	 if (bio2 == NULL)
+		 goto err;
+
+	 if (writebuf1)
+		 {
+		 r = BIO_set_write_buf_size(bio1, writebuf1);
+		 if (!r)
+			 goto err;
+		 }
+	 if (writebuf2)
+		 {
+		 r = BIO_set_write_buf_size(bio2, writebuf2);
+		 if (!r)
+			 goto err;
+		 }
+
+	 r = BIO_make_bio_pair(bio1, bio2);
+	 if (!r)
+		 goto err;
+	 ret = 1;
+
+ err:
+	 if (ret == 0)
+		 {
+		 if (bio1)
+			 {
+			 BIO_free(bio1);
+			 bio1 = NULL;
+			 }
+		 if (bio2)
+			 {
+			 BIO_free(bio2);
+			 bio2 = NULL;
+			 }
+		 }
+
+	 *bio1_p = bio1;
+	 *bio2_p = bio2;
+	 return ret;
+	 }
+
+size_t BIO_ctrl_get_write_guarantee(BIO *bio)
+	{
+	return BIO_ctrl(bio, BIO_C_GET_WRITE_GUARANTEE, 0, NULL);
+	}
+
+size_t BIO_ctrl_get_read_request(BIO *bio)
+	{
+	return BIO_ctrl(bio, BIO_C_GET_READ_REQUEST, 0, NULL);
+	}
diff --git a/crypto/openssl/crypto/bio/bss_conn.c b/crypto/openssl/crypto/bio/bss_conn.c
new file mode 100644
index 000000000000..68c46e3d6994
--- /dev/null
+++ b/crypto/openssl/crypto/bio/bss_conn.c
@@ -0,0 +1,618 @@
+/* crypto/bio/bss_conn.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef NO_SOCK
+
+#include 
+#include 
+#define USE_SOCKETS
+#include "cryptlib.h"
+#include 
+
+#ifdef WIN16
+#define SOCKET_PROTOCOL 0 /* more microsoft stupidity */
+#else
+#define SOCKET_PROTOCOL IPPROTO_TCP
+#endif
+
+#if (defined(VMS) && __VMS_VER < 70000000)
+/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */
+#undef FIONBIO
+#endif
+
+
+typedef struct bio_connect_st
+	{
+	int state;
+
+	char *param_hostname;
+	char *param_port;
+	int nbio;
+
+	unsigned char ip[4];
+	unsigned short port;
+
+	struct sockaddr_in them;
+
+	/* int socket; this will be kept in bio->num so that it is
+	 * compatable with the bss_sock bio */ 
+
+	/* called when the connection is initially made
+	 *  callback(BIO,state,ret);  The callback should return
+	 * 'ret'.  state is for compatablity with the ssl info_callback */
+	int (*info_callback)();
+	} BIO_CONNECT;
+
+static int conn_write(BIO *h,char *buf,int num);
+static int conn_read(BIO *h,char *buf,int size);
+static int conn_puts(BIO *h,char *str);
+static long conn_ctrl(BIO *h,int cmd,long arg1,char *arg2);
+static int conn_new(BIO *h);
+static int conn_free(BIO *data);
+
+static int conn_state(BIO *b, BIO_CONNECT *c);
+static void conn_close_socket(BIO *data);
+BIO_CONNECT *BIO_CONNECT_new(void );
+void BIO_CONNECT_free(BIO_CONNECT *a);
+
+static BIO_METHOD methods_connectp=
+	{
+	BIO_TYPE_CONNECT,
+	"socket connect",
+	conn_write,
+	conn_read,
+	conn_puts,
+	NULL, /* connect_gets, */
+	conn_ctrl,
+	conn_new,
+	conn_free,
+	};
+
+static int conn_state(BIO *b, BIO_CONNECT *c)
+	{
+	int ret= -1,i;
+	unsigned long l;
+	char *p,*q;
+	int (*cb)()=NULL;
+
+	if (c->info_callback != NULL)
+		cb=c->info_callback;
+
+	for (;;)
+		{
+		switch (c->state)
+			{
+		case BIO_CONN_S_BEFORE:
+			p=c->param_hostname;
+			if (p == NULL)
+				{
+				BIOerr(BIO_F_CONN_STATE,BIO_R_NO_HOSTNAME_SPECIFIED);
+				goto exit_loop;
+				}
+			for ( ; *p != '\0'; p++)
+				{
+				if ((*p == ':') || (*p == '/')) break;
+				}
+
+			i= *p;
+			if ((i == ':') || (i == '/'))
+				{
+
+				*(p++)='\0';
+				if (i == ':')
+					{
+					for (q=p; *q; q++)
+						if (*q == '/')
+							{
+							*q='\0';
+							break;
+							}
+					if (c->param_port != NULL)
+						Free(c->param_port);
+					c->param_port=BUF_strdup(p);
+					}
+				}
+
+			if (c->param_port == NULL)
+				{
+				BIOerr(BIO_F_CONN_STATE,BIO_R_NO_PORT_SPECIFIED);
+				ERR_add_error_data(2,"host=",c->param_hostname);
+				goto exit_loop;
+				}
+			c->state=BIO_CONN_S_GET_IP;
+			break;
+
+		case BIO_CONN_S_GET_IP:
+			if (BIO_get_host_ip(c->param_hostname,&(c->ip[0])) <= 0)
+				goto exit_loop;
+			c->state=BIO_CONN_S_GET_PORT;
+			break;
+
+		case BIO_CONN_S_GET_PORT:
+			if (c->param_port == NULL)
+				{
+				abort();
+				goto exit_loop;
+				}
+			else if (BIO_get_port(c->param_port,&c->port) <= 0)
+				goto exit_loop;
+			c->state=BIO_CONN_S_CREATE_SOCKET;
+			break;
+
+		case BIO_CONN_S_CREATE_SOCKET:
+			/* now setup address */
+			memset((char *)&c->them,0,sizeof(c->them));
+			c->them.sin_family=AF_INET;
+			c->them.sin_port=htons((unsigned short)c->port);
+			l=(unsigned long)
+				((unsigned long)c->ip[0]<<24L)|
+				((unsigned long)c->ip[1]<<16L)|
+				((unsigned long)c->ip[2]<< 8L)|
+				((unsigned long)c->ip[3]);
+			c->them.sin_addr.s_addr=htonl(l);
+			c->state=BIO_CONN_S_CREATE_SOCKET;
+
+			ret=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
+			if (ret == INVALID_SOCKET)
+				{
+				SYSerr(SYS_F_SOCKET,get_last_socket_error());
+				ERR_add_error_data(4,"host=",c->param_hostname,
+					":",c->param_port);
+				BIOerr(BIO_F_CONN_STATE,BIO_R_UNABLE_TO_CREATE_SOCKET);
+				goto exit_loop;
+				}
+			b->num=ret;
+			c->state=BIO_CONN_S_NBIO;
+			break;
+
+		case BIO_CONN_S_NBIO:
+			if (c->nbio)
+				{
+				if (!BIO_socket_nbio(b->num,1))
+					{
+					BIOerr(BIO_F_CONN_STATE,BIO_R_ERROR_SETTING_NBIO);
+					ERR_add_error_data(4,"host=",
+						c->param_hostname,
+						":",c->param_port);
+					goto exit_loop;
+					}
+				}
+			c->state=BIO_CONN_S_CONNECT;
+
+#ifdef SO_KEEPALIVE
+			i=1;
+			i=setsockopt(b->num,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
+			if (i < 0)
+				{
+				SYSerr(SYS_F_SOCKET,get_last_socket_error());
+				ERR_add_error_data(4,"host=",c->param_hostname,
+					":",c->param_port);
+				BIOerr(BIO_F_CONN_STATE,BIO_R_KEEPALIVE);
+				goto exit_loop;
+				}
+#endif
+			break;
+
+		case BIO_CONN_S_CONNECT:
+			BIO_clear_retry_flags(b);
+			ret=connect(b->num,
+				(struct sockaddr *)&c->them,
+				sizeof(c->them));
+			b->retry_reason=0;
+			if (ret < 0)
+				{
+				if (BIO_sock_should_retry(ret))
+					{
+					BIO_set_retry_special(b);
+					c->state=BIO_CONN_S_BLOCKED_CONNECT;
+					b->retry_reason=BIO_RR_CONNECT;
+					}
+				else
+					{
+					SYSerr(SYS_F_CONNECT,get_last_socket_error());
+					ERR_add_error_data(4,"host=",
+						c->param_hostname,
+						":",c->param_port);
+					BIOerr(BIO_F_CONN_STATE,BIO_R_CONNECT_ERROR);
+					}
+				goto exit_loop;
+				}
+			else
+				c->state=BIO_CONN_S_OK;
+			break;
+
+		case BIO_CONN_S_BLOCKED_CONNECT:
+			i=BIO_sock_error(b->num);
+			if (i)
+				{
+				BIO_clear_retry_flags(b);
+				SYSerr(SYS_F_CONNECT,i);
+				ERR_add_error_data(4,"host=",
+					c->param_hostname,
+					":",c->param_port);
+				BIOerr(BIO_F_CONN_STATE,BIO_R_NBIO_CONNECT_ERROR);
+				ret=0;
+				goto exit_loop;
+				}
+			else
+				c->state=BIO_CONN_S_OK;
+			break;
+
+		case BIO_CONN_S_OK:
+			ret=1;
+			goto exit_loop;
+		default:
+			abort();
+			goto exit_loop;
+			}
+
+		if (cb != NULL)
+			{
+			if (!(ret=cb((BIO *)b,c->state,ret)))
+				goto end;
+			}
+		}
+
+	/* Loop does not exit */
+exit_loop:
+	if (cb != NULL)
+		ret=cb((BIO *)b,c->state,ret);
+end:
+	return(ret);
+	}
+
+BIO_CONNECT *BIO_CONNECT_new(void)
+	{
+	BIO_CONNECT *ret;
+
+	if ((ret=(BIO_CONNECT *)Malloc(sizeof(BIO_CONNECT))) == NULL)
+		return(NULL);
+	ret->state=BIO_CONN_S_BEFORE;
+	ret->param_hostname=NULL;
+	ret->param_port=NULL;
+	ret->info_callback=NULL;
+	ret->nbio=0;
+	ret->ip[0]=0;
+	ret->ip[1]=0;
+	ret->ip[2]=0;
+	ret->ip[3]=0;
+	ret->port=0;
+	memset((char *)&ret->them,0,sizeof(ret->them));
+	return(ret);
+	}
+
+void BIO_CONNECT_free(BIO_CONNECT *a)
+	{
+	if(a == NULL)
+	    return;
+
+	if (a->param_hostname != NULL)
+		Free(a->param_hostname);
+	if (a->param_port != NULL)
+		Free(a->param_port);
+	Free(a);
+	}
+
+BIO_METHOD *BIO_s_connect(void)
+	{
+	return(&methods_connectp);
+	}
+
+static int conn_new(BIO *bi)
+	{
+	bi->init=0;
+	bi->num=INVALID_SOCKET;
+	bi->flags=0;
+	if ((bi->ptr=(char *)BIO_CONNECT_new()) == NULL)
+		return(0);
+	else
+		return(1);
+	}
+
+static void conn_close_socket(BIO *bio)
+	{
+	BIO_CONNECT *c;
+
+	c=(BIO_CONNECT *)bio->ptr;
+	if (bio->num != INVALID_SOCKET)
+		{
+		/* Only do a shutdown if things were established */
+		if (c->state == BIO_CONN_S_OK)
+			shutdown(bio->num,2);
+		closesocket(bio->num);
+		bio->num=INVALID_SOCKET;
+		}
+	}
+
+static int conn_free(BIO *a)
+	{
+	BIO_CONNECT *data;
+
+	if (a == NULL) return(0);
+	data=(BIO_CONNECT *)a->ptr;
+	 
+	if (a->shutdown)
+		{
+		conn_close_socket(a);
+		BIO_CONNECT_free(data);
+		a->ptr=NULL;
+		a->flags=0;
+		a->init=0;
+		}
+	return(1);
+	}
+	
+static int conn_read(BIO *b, char *out, int outl)
+	{
+	int ret=0;
+	BIO_CONNECT *data;
+
+	data=(BIO_CONNECT *)b->ptr;
+	if (data->state != BIO_CONN_S_OK)
+		{
+		ret=conn_state(b,data);
+		if (ret <= 0)
+				return(ret);
+		}
+
+	if (out != NULL)
+		{
+		clear_socket_error();
+		ret=readsocket(b->num,out,outl);
+		BIO_clear_retry_flags(b);
+		if (ret <= 0)
+			{
+			if (BIO_sock_should_retry(ret))
+				BIO_set_retry_read(b);
+			}
+		}
+	return(ret);
+	}
+
+static int conn_write(BIO *b, char *in, int inl)
+	{
+	int ret;
+	BIO_CONNECT *data;
+
+	data=(BIO_CONNECT *)b->ptr;
+	if (data->state != BIO_CONN_S_OK)
+		{
+		ret=conn_state(b,data);
+		if (ret <= 0) return(ret);
+		}
+
+	clear_socket_error();
+	ret=writesocket(b->num,in,inl);
+	BIO_clear_retry_flags(b);
+	if (ret <= 0)
+		{
+		if (BIO_sock_should_retry(ret))
+			BIO_set_retry_write(b);
+		}
+	return(ret);
+	}
+
+static long conn_ctrl(BIO *b, int cmd, long num, char *ptr)
+	{
+	BIO *dbio;
+	int *ip;
+	const char **pptr;
+	long ret=1;
+	BIO_CONNECT *data;
+
+	data=(BIO_CONNECT *)b->ptr;
+
+	switch (cmd)
+		{
+	case BIO_CTRL_RESET:
+		ret=0;
+		data->state=BIO_CONN_S_BEFORE;
+		conn_close_socket(b);
+		b->flags=0;
+		break;
+	case BIO_C_DO_STATE_MACHINE:
+		/* use this one to start the connection */
+		if (!data->state != BIO_CONN_S_OK)
+			ret=(long)conn_state(b,data);
+		else
+			ret=1;
+		break;
+	case BIO_C_GET_CONNECT:
+		if (ptr != NULL)
+			{
+			pptr=(const char **)ptr;
+			if (num == 0)
+				{
+				*pptr=data->param_hostname;
+
+				}
+			else if (num == 1)
+				{
+				*pptr=data->param_port;
+				}
+			else if (num == 2)
+				{
+				*pptr= (char *)&(data->ip[0]);
+				}
+			else if (num == 3)
+				{
+				*((int *)ptr)=data->port;
+				}
+			if ((!b->init) || (ptr == NULL))
+				*pptr="not initalised";
+			ret=1;
+			}
+		break;
+	case BIO_C_SET_CONNECT:
+		if (ptr != NULL)
+			{
+			b->init=1;
+			if (num == 0)
+				{
+				if (data->param_hostname != NULL)
+					Free(data->param_hostname);
+				data->param_hostname=BUF_strdup(ptr);
+				}
+			else if (num == 1)
+				{
+				if (data->param_port != NULL)
+					Free(data->param_port);
+				data->param_port=BUF_strdup(ptr);
+				}
+			else if (num == 2)
+				{
+				char buf[16];
+
+				sprintf(buf,"%d.%d.%d.%d",
+					ptr[0],ptr[1],ptr[2],ptr[3]);
+				if (data->param_hostname != NULL)
+					Free(data->param_hostname);
+				data->param_hostname=BUF_strdup(buf);
+				memcpy(&(data->ip[0]),ptr,4);
+				}
+			else if (num == 3)
+				{
+				char buf[16];
+
+				sprintf(buf,"%d",*(int *)ptr);
+				if (data->param_port != NULL)
+					Free(data->param_port);
+				data->param_port=BUF_strdup(buf);
+				data->port= *(int *)ptr;
+				}
+			}
+		break;
+	case BIO_C_SET_NBIO:
+		data->nbio=(int)num;
+		break;
+	case BIO_C_GET_FD:
+		if (b->init)
+			{
+			ip=(int *)ptr;
+			if (ip != NULL)
+				*ip=b->num;
+			ret=b->num;
+			}
+		else
+			ret= -1;
+		break;
+	case BIO_CTRL_GET_CLOSE:
+		ret=b->shutdown;
+		break;
+	case BIO_CTRL_SET_CLOSE:
+		b->shutdown=(int)num;
+		break;
+	case BIO_CTRL_PENDING:
+	case BIO_CTRL_WPENDING:
+		ret=0;
+		break;
+	case BIO_CTRL_FLUSH:
+		break;
+	case BIO_CTRL_DUP:
+		dbio=(BIO *)ptr;
+		if (data->param_port)
+			BIO_set_conn_port(dbio,data->param_port);
+		if (data->param_hostname)
+			BIO_set_conn_hostname(dbio,data->param_hostname);
+		BIO_set_nbio(dbio,data->nbio);
+		(void)BIO_set_info_callback(dbio,data->info_callback);
+		break;
+	case BIO_CTRL_SET_CALLBACK:
+		data->info_callback=(int (*)())ptr;
+		break;
+	case BIO_CTRL_GET_CALLBACK:
+		{
+		int (**fptr)();
+
+		fptr=(int (**)())ptr;
+		*fptr=data->info_callback;
+		}
+		break;
+	default:
+		ret=0;
+		break;
+		}
+	return(ret);
+	}
+
+static int conn_puts(BIO *bp, char *str)
+	{
+	int n,ret;
+
+	n=strlen(str);
+	ret=conn_write(bp,str,n);
+	return(ret);
+	}
+
+BIO *BIO_new_connect(char *str)
+	{
+	BIO *ret;
+
+	ret=BIO_new(BIO_s_connect());
+	if (ret == NULL) return(NULL);
+	if (BIO_set_conn_hostname(ret,str))
+		return(ret);
+	else
+		{
+		BIO_free(ret);
+		return(NULL);
+		}
+	}
+
+#endif
+
diff --git a/crypto/openssl/crypto/bio/bss_fd.c b/crypto/openssl/crypto/bio/bss_fd.c
new file mode 100644
index 000000000000..686c4909a2a8
--- /dev/null
+++ b/crypto/openssl/crypto/bio/bss_fd.c
@@ -0,0 +1,62 @@
+/* crypto/bio/bss_fd.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#define BIO_FD
+#include "bss_sock.c"
+#undef BIO_FD
+
diff --git a/crypto/openssl/crypto/bio/bss_file.c b/crypto/openssl/crypto/bio/bss_file.c
new file mode 100644
index 000000000000..52c0c39df045
--- /dev/null
+++ b/crypto/openssl/crypto/bio/bss_file.c
@@ -0,0 +1,309 @@
+/* crypto/bio/bss_file.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/*
+ * 03-Dec-1997	rdenny@dc3.com  Fix bug preventing use of stdin/stdout
+ *		with binary data (e.g. asn1parse -inform DER < xxx) under
+ *		Windows
+ */
+
+#ifndef HEADER_BSS_FILE_C
+#define HEADER_BSS_FILE_C
+
+#include 
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+
+#if !defined(NO_STDIO)
+
+static int MS_CALLBACK file_write(BIO *h,char *buf,int num);
+static int MS_CALLBACK file_read(BIO *h,char *buf,int size);
+static int MS_CALLBACK file_puts(BIO *h,char *str);
+static int MS_CALLBACK file_gets(BIO *h,char *str,int size);
+static long MS_CALLBACK file_ctrl(BIO *h,int cmd,long arg1,char *arg2);
+static int MS_CALLBACK file_new(BIO *h);
+static int MS_CALLBACK file_free(BIO *data);
+static BIO_METHOD methods_filep=
+	{
+	BIO_TYPE_FILE,
+	"FILE pointer",
+	file_write,
+	file_read,
+	file_puts,
+	file_gets,
+	file_ctrl,
+	file_new,
+	file_free,
+	};
+
+BIO *BIO_new_file(const char *filename, const char *mode)
+	{
+	BIO *ret;
+	FILE *file;
+
+	if ((file=fopen(filename,mode)) == NULL)
+		{
+		SYSerr(SYS_F_FOPEN,get_last_sys_error());
+		ERR_add_error_data(5,"fopen('",filename,"','",mode,"')");
+		BIOerr(BIO_F_BIO_NEW_FILE,ERR_R_SYS_LIB);
+		return(NULL);
+		}
+	if ((ret=BIO_new(BIO_s_file_internal())) == NULL)
+		return(NULL);
+
+	BIO_set_fp(ret,file,BIO_CLOSE);
+	return(ret);
+	}
+
+BIO *BIO_new_fp(FILE *stream, int close_flag)
+	{
+	BIO *ret;
+
+	if ((ret=BIO_new(BIO_s_file())) == NULL)
+		return(NULL);
+
+	BIO_set_fp(ret,stream,close_flag);
+	return(ret);
+	}
+
+BIO_METHOD *BIO_s_file(void)
+	{
+	return(&methods_filep);
+	}
+
+static int MS_CALLBACK file_new(BIO *bi)
+	{
+	bi->init=0;
+	bi->num=0;
+	bi->ptr=NULL;
+	return(1);
+	}
+
+static int MS_CALLBACK file_free(BIO *a)
+	{
+	if (a == NULL) return(0);
+	if (a->shutdown)
+		{
+		if ((a->init) && (a->ptr != NULL))
+			{
+			fclose((FILE *)a->ptr);
+			a->ptr=NULL;
+			}
+		a->init=0;
+		}
+	return(1);
+	}
+	
+static int MS_CALLBACK file_read(BIO *b, char *out, int outl)
+	{
+	int ret=0;
+
+	if (b->init && (out != NULL))
+		{
+		ret=fread(out,1,(int)outl,(FILE *)b->ptr);
+		}
+	return(ret);
+	}
+
+static int MS_CALLBACK file_write(BIO *b, char *in, int inl)
+	{
+	int ret=0;
+
+	if (b->init && (in != NULL))
+		{
+		if (fwrite(in,(int)inl,1,(FILE *)b->ptr))
+			ret=inl;
+		/* ret=fwrite(in,1,(int)inl,(FILE *)b->ptr); */
+		/* acording to Tim Hudson , the commented
+		 * out version above can cause 'inl' write calls under
+		 * some stupid stdio implementations (VMS) */
+		}
+	return(ret);
+	}
+
+static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, char *ptr)
+	{
+	long ret=1;
+	FILE *fp=(FILE *)b->ptr;
+	FILE **fpp;
+	char p[4];
+
+	switch (cmd)
+		{
+	case BIO_C_FILE_SEEK:
+	case BIO_CTRL_RESET:
+		ret=(long)fseek(fp,num,0);
+		break;
+	case BIO_CTRL_EOF:
+		ret=(long)feof(fp);
+		break;
+	case BIO_C_FILE_TELL:
+	case BIO_CTRL_INFO:
+		ret=ftell(fp);
+		break;
+	case BIO_C_SET_FILE_PTR:
+		file_free(b);
+		b->shutdown=(int)num&BIO_CLOSE;
+		b->ptr=(char *)ptr;
+		b->init=1;
+#if defined(MSDOS) || defined(WINDOWS)
+		/* Set correct text/binary mode */
+		if (num & BIO_FP_TEXT)
+			_setmode(fileno((FILE *)ptr),_O_TEXT);
+		else
+			_setmode(fileno((FILE *)ptr),_O_BINARY);
+#endif
+		break;
+	case BIO_C_SET_FILENAME:
+		file_free(b);
+		b->shutdown=(int)num&BIO_CLOSE;
+		if (num & BIO_FP_APPEND)
+			{
+			if (num & BIO_FP_READ)
+				strcpy(p,"a+");
+			else	strcpy(p,"a");
+			}
+		else if ((num & BIO_FP_READ) && (num & BIO_FP_WRITE))
+			strcpy(p,"r+");
+		else if (num & BIO_FP_WRITE)
+			strcpy(p,"w");
+		else if (num & BIO_FP_READ)
+			strcpy(p,"r");
+		else
+			{
+			BIOerr(BIO_F_FILE_CTRL,BIO_R_BAD_FOPEN_MODE);
+			ret=0;
+			break;
+			}
+#if defined(MSDOS) || defined(WINDOWS)
+		if (!(num & BIO_FP_TEXT))
+			strcat(p,"b");
+		else
+			strcat(p,"t");
+#endif
+		fp=fopen(ptr,p);
+		if (fp == NULL)
+			{
+			SYSerr(SYS_F_FOPEN,get_last_sys_error());
+			ERR_add_error_data(5,"fopen('",ptr,"','",p,"')");
+			BIOerr(BIO_F_FILE_CTRL,ERR_R_SYS_LIB);
+			ret=0;
+			break;
+			}
+		b->ptr=(char *)fp;
+		b->init=1;
+		break;
+	case BIO_C_GET_FILE_PTR:
+		/* the ptr parameter is actually a FILE ** in this case. */
+		if (ptr != NULL)
+			{
+			fpp=(FILE **)ptr;
+			*fpp=(FILE *)b->ptr;
+			}
+		break;
+	case BIO_CTRL_GET_CLOSE:
+		ret=(long)b->shutdown;
+		break;
+	case BIO_CTRL_SET_CLOSE:
+		b->shutdown=(int)num;
+		break;
+	case BIO_CTRL_FLUSH:
+		fflush((FILE *)b->ptr);
+		break;
+	case BIO_CTRL_DUP:
+		ret=1;
+		break;
+
+	case BIO_CTRL_WPENDING:
+	case BIO_CTRL_PENDING:
+	case BIO_CTRL_PUSH:
+	case BIO_CTRL_POP:
+	default:
+		ret=0;
+		break;
+		}
+	return(ret);
+	}
+
+static int MS_CALLBACK file_gets(BIO *bp, char *buf, int size)
+	{
+	int ret=0;
+
+	buf[0]='\0';
+	fgets(buf,size,(FILE *)bp->ptr);
+	if (buf[0] != '\0')
+		ret=strlen(buf);
+	return(ret);
+	}
+
+static int MS_CALLBACK file_puts(BIO *bp, char *str)
+	{
+	int n,ret;
+
+	n=strlen(str);
+	ret=file_write(bp,str,n);
+	return(ret);
+	}
+
+#endif /* NO_STDIO */
+
+#endif /* HEADER_BSS_FILE_C */
+
+
diff --git a/crypto/openssl/crypto/bio/bss_log.c b/crypto/openssl/crypto/bio/bss_log.c
new file mode 100644
index 000000000000..db82e757e7a5
--- /dev/null
+++ b/crypto/openssl/crypto/bio/bss_log.c
@@ -0,0 +1,232 @@
+/* crypto/bio/bss_log.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/*
+	Why BIO_s_log?
+
+	BIO_s_log is useful for system daemons (or services under NT).
+	It is one-way BIO, it sends all stuff to syslogd (or event log
+	under NT).
+
+*/
+
+
+#include 
+#include 
+
+#ifndef WIN32
+#ifdef __ultrix
+#include 
+#else
+#include 
+#endif
+#endif
+
+#include "cryptlib.h"
+#include 
+#include 
+#ifndef NO_SYSLOG
+
+
+static int MS_CALLBACK slg_write(BIO *h,char *buf,int num);
+static int MS_CALLBACK slg_puts(BIO *h,char *str);
+static long MS_CALLBACK slg_ctrl(BIO *h,int cmd,long arg1,char *arg2);
+static int MS_CALLBACK slg_new(BIO *h);
+static int MS_CALLBACK slg_free(BIO *data);
+static int xopenlog(BIO* bp, const char* name, int level);
+static int xcloselog(BIO* bp);
+
+static BIO_METHOD methods_slg=
+	{
+	BIO_TYPE_MEM,"syslog",
+	slg_write,
+	NULL,
+	slg_puts,
+	NULL,
+	slg_ctrl,
+	slg_new,
+	slg_free,
+	};
+
+BIO_METHOD *BIO_s_log(void)
+	{
+	return(&methods_slg);
+	}
+
+static int MS_CALLBACK slg_new(BIO *bi)
+	{
+	bi->init=1;
+	bi->num=0;
+	bi->ptr=NULL;
+#ifndef WIN32
+	xopenlog(bi, "application", LOG_DAEMON);
+#else
+	xopenlog(bi, "application", 0);
+#endif
+	return(1);
+	}
+
+static int MS_CALLBACK slg_free(BIO *a)
+	{
+	if (a == NULL) return(0);
+	xcloselog(a);
+	return(1);
+	}
+	
+static int MS_CALLBACK slg_write(BIO *b, char *in, int inl)
+	{
+	int ret= inl;
+	char* buf= in;
+	char* pp;
+#if defined(WIN32)
+	LPTSTR lpszStrings[1];
+	WORD evtype= EVENTLOG_ERROR_TYPE;
+#else
+	int priority;
+#endif
+
+	if((buf= (char *)Malloc(inl+ 1)) == NULL){
+		return(0);
+	}
+	strncpy(buf, in, inl);
+	buf[inl]= '\0';
+#if defined(WIN32)
+	if(strncmp(buf, "ERR ", 4) == 0){
+		evtype= EVENTLOG_ERROR_TYPE;
+		pp= buf+ 4;
+	}else if(strncmp(buf, "WAR ", 4) == 0){
+		evtype= EVENTLOG_WARNING_TYPE;
+		pp= buf+ 4;
+	}else if(strncmp(buf, "INF ", 4) == 0){
+		evtype= EVENTLOG_INFORMATION_TYPE;
+		pp= buf+ 4;
+	}else{
+		evtype= EVENTLOG_ERROR_TYPE;
+		pp= buf;
+	}
+	lpszStrings[0]= pp;
+
+	if(b->ptr)
+		ReportEvent(b->ptr, evtype, 0, 1024, NULL, 1, 0,
+				lpszStrings, NULL);
+#else
+	if(strncmp(buf, "ERR ", 4) == 0){
+		priority= LOG_ERR;
+		pp= buf+ 4;
+	}else if(strncmp(buf, "WAR ", 4) == 0){
+		priority= LOG_WARNING;
+		pp= buf+ 4;
+	}else if(strncmp(buf, "INF ", 4) == 0){
+		priority= LOG_INFO;
+		pp= buf+ 4;
+	}else{
+		priority= LOG_ERR;
+		pp= buf;
+	}
+
+	syslog(priority, "%s", pp);
+#endif
+	Free(buf);
+	return(ret);
+	}
+
+static long MS_CALLBACK slg_ctrl(BIO *b, int cmd, long num, char *ptr)
+	{
+	switch (cmd)
+		{
+	case BIO_CTRL_SET:
+		xcloselog(b);
+		xopenlog(b, ptr, num);
+		break;
+	default:
+		break;
+		}
+	return(0);
+	}
+
+static int MS_CALLBACK slg_puts(BIO *bp, char *str)
+	{
+	int n,ret;
+
+	n=strlen(str);
+	ret=slg_write(bp,str,n);
+	return(ret);
+	}
+
+static int xopenlog(BIO* bp, const char* name, int level)
+{
+#if defined(WIN32)
+	if((bp->ptr= (char *)RegisterEventSource(NULL, name)) == NULL){
+		return(0);
+	}
+#else
+	openlog(name, LOG_PID|LOG_CONS, level);
+#endif
+	return(1);
+}
+
+static int xcloselog(BIO* bp)
+{
+#if defined(WIN32)
+	if(bp->ptr)
+		DeregisterEventSource((HANDLE)(bp->ptr));
+	bp->ptr= NULL;
+#else
+	closelog();
+#endif
+	return(1);
+}
+
+#endif
diff --git a/crypto/openssl/crypto/bio/bss_mem.c b/crypto/openssl/crypto/bio/bss_mem.c
new file mode 100644
index 000000000000..7e749a503ef3
--- /dev/null
+++ b/crypto/openssl/crypto/bio/bss_mem.c
@@ -0,0 +1,276 @@
+/* crypto/bio/bss_mem.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include "cryptlib.h"
+#include 
+
+static int mem_write(BIO *h,char *buf,int num);
+static int mem_read(BIO *h,char *buf,int size);
+static int mem_puts(BIO *h,char *str);
+static int mem_gets(BIO *h,char *str,int size);
+static long mem_ctrl(BIO *h,int cmd,long arg1,char *arg2);
+static int mem_new(BIO *h);
+static int mem_free(BIO *data);
+static BIO_METHOD mem_method=
+	{
+	BIO_TYPE_MEM,
+	"memory buffer",
+	mem_write,
+	mem_read,
+	mem_puts,
+	mem_gets,
+	mem_ctrl,
+	mem_new,
+	mem_free,
+	};
+
+/* bio->num is used to hold the value to return on 'empty', if it is
+ * 0, should_retry is not set */
+
+BIO_METHOD *BIO_s_mem(void)
+	{
+	return(&mem_method);
+	}
+
+static int mem_new(BIO *bi)
+	{
+	BUF_MEM *b;
+
+	if ((b=BUF_MEM_new()) == NULL)
+		return(0);
+	bi->shutdown=1;
+	bi->init=1;
+	bi->num= -1;
+	bi->ptr=(char *)b;
+	return(1);
+	}
+
+static int mem_free(BIO *a)
+	{
+	if (a == NULL) return(0);
+	if (a->shutdown)
+		{
+		if ((a->init) && (a->ptr != NULL))
+			{
+			BUF_MEM_free((BUF_MEM *)a->ptr);
+			a->ptr=NULL;
+			}
+		}
+	return(1);
+	}
+	
+static int mem_read(BIO *b, char *out, int outl)
+	{
+	int ret= -1;
+	BUF_MEM *bm;
+	int i;
+	char *from,*to;
+
+	bm=(BUF_MEM *)b->ptr;
+	BIO_clear_retry_flags(b);
+	ret=(outl > bm->length)?bm->length:outl;
+	if ((out != NULL) && (ret > 0))
+		{
+		memcpy(out,bm->data,ret);
+		bm->length-=ret;
+		/* memmove(&(bm->data[0]),&(bm->data[ret]), bm->length); */
+		from=(char *)&(bm->data[ret]);
+		to=(char *)&(bm->data[0]);
+		for (i=0; ilength; i++)
+			to[i]=from[i];
+		}
+	else if (bm->length == 0)
+		{
+		if (b->num != 0)
+			BIO_set_retry_read(b);
+		ret= b->num;
+		}
+	return(ret);
+	}
+
+static int mem_write(BIO *b, char *in, int inl)
+	{
+	int ret= -1;
+	int blen;
+	BUF_MEM *bm;
+
+	bm=(BUF_MEM *)b->ptr;
+	if (in == NULL)
+		{
+		BIOerr(BIO_F_MEM_WRITE,BIO_R_NULL_PARAMETER);
+		goto end;
+		}
+
+	BIO_clear_retry_flags(b);
+	blen=bm->length;
+	if (BUF_MEM_grow(bm,blen+inl) != (blen+inl))
+		goto end;
+	memcpy(&(bm->data[blen]),in,inl);
+	ret=inl;
+end:
+	return(ret);
+	}
+
+static long mem_ctrl(BIO *b, int cmd, long num, char *ptr)
+	{
+	long ret=1;
+	char **pptr;
+
+	BUF_MEM *bm=(BUF_MEM *)b->ptr;
+
+	switch (cmd)
+		{
+	case BIO_CTRL_RESET:
+		if (bm->data != NULL)
+			memset(bm->data,0,bm->max);
+		bm->length=0;
+		break;
+	case BIO_CTRL_EOF:
+		ret=(long)(bm->length == 0);
+		break;
+	case BIO_C_SET_BUF_MEM_EOF_RETURN:
+		b->num=(int)num;
+		break;
+	case BIO_CTRL_INFO:
+		ret=(long)bm->length;
+		if (ptr != NULL)
+			{
+			pptr=(char **)ptr;
+			*pptr=(char *)&(bm->data[0]);
+			}
+		break;
+	case BIO_C_SET_BUF_MEM:
+		mem_free(b);
+		b->shutdown=(int)num;
+		b->ptr=ptr;
+		break;
+	case BIO_C_GET_BUF_MEM_PTR:
+		if (ptr != NULL)
+			{
+			pptr=(char **)ptr;
+			*pptr=(char *)bm;
+			}
+		break;
+	case BIO_CTRL_GET_CLOSE:
+		ret=(long)b->shutdown;
+		break;
+	case BIO_CTRL_SET_CLOSE:
+		b->shutdown=(int)num;
+		break;
+
+	case BIO_CTRL_WPENDING:
+		ret=0L;
+		break;
+	case BIO_CTRL_PENDING:
+		ret=(long)bm->length;
+		break;
+	case BIO_CTRL_DUP:
+	case BIO_CTRL_FLUSH:
+		ret=1;
+		break;
+	case BIO_CTRL_PUSH:
+	case BIO_CTRL_POP:
+	default:
+		ret=0;
+		break;
+		}
+	return(ret);
+	}
+
+static int mem_gets(BIO *bp, char *buf, int size)
+	{
+	int i,j;
+	int ret= -1;
+	char *p;
+	BUF_MEM *bm=(BUF_MEM *)bp->ptr;
+
+	BIO_clear_retry_flags(bp);
+	j=bm->length;
+	if (j <= 0) return(0);
+	p=bm->data;
+	for (i=0; i 0) buf[i]='\0';
+	ret=i;
+	return(ret);
+	}
+
+static int mem_puts(BIO *bp, char *str)
+	{
+	int n,ret;
+
+	n=strlen(str);
+	ret=mem_write(bp,str,n);
+	/* memory semantics is that it will always work */
+	return(ret);
+	}
+
diff --git a/crypto/openssl/crypto/bio/bss_null.c b/crypto/openssl/crypto/bio/bss_null.c
new file mode 100644
index 000000000000..d04be888e53f
--- /dev/null
+++ b/crypto/openssl/crypto/bio/bss_null.c
@@ -0,0 +1,149 @@
+/* crypto/bio/bss_null.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include "cryptlib.h"
+#include 
+
+static int null_write(BIO *h,char *buf,int num);
+static int null_read(BIO *h,char *buf,int size);
+static int null_puts(BIO *h,char *str);
+static int null_gets(BIO *h,char *str,int size);
+static long null_ctrl(BIO *h,int cmd,long arg1,char *arg2);
+static int null_new(BIO *h);
+static int null_free(BIO *data);
+static BIO_METHOD null_method=
+	{
+	BIO_TYPE_NULL,
+	"NULL",
+	null_write,
+	null_read,
+	null_puts,
+	null_gets,
+	null_ctrl,
+	null_new,
+	null_free,
+	};
+
+BIO_METHOD *BIO_s_null(void)
+	{
+	return(&null_method);
+	}
+
+static int null_new(BIO *bi)
+	{
+	bi->init=1;
+	bi->num=0;
+	bi->ptr=(NULL);
+	return(1);
+	}
+
+static int null_free(BIO *a)
+	{
+	if (a == NULL) return(0);
+	return(1);
+	}
+	
+static int null_read(BIO *b, char *out, int outl)
+	{
+	return(0);
+	}
+
+static int null_write(BIO *b, char *in, int inl)
+	{
+	return(inl);
+	}
+
+static long null_ctrl(BIO *b, int cmd, long num, char *ptr)
+	{
+	long ret=1;
+
+	switch (cmd)
+		{
+	case BIO_CTRL_RESET:
+	case BIO_CTRL_EOF:
+	case BIO_CTRL_SET:
+	case BIO_CTRL_SET_CLOSE:
+	case BIO_CTRL_FLUSH:
+	case BIO_CTRL_DUP:
+		ret=1;
+		break;
+	case BIO_CTRL_GET_CLOSE:
+	case BIO_CTRL_INFO:
+	case BIO_CTRL_GET:
+	case BIO_CTRL_PENDING:
+	case BIO_CTRL_WPENDING:
+	default:
+		ret=0;
+		break;
+		}
+	return(ret);
+	}
+
+static int null_gets(BIO *bp, char *buf, int size)
+	{
+	return(0);
+	}
+
+static int null_puts(BIO *bp, char *str)
+	{
+	if (str == NULL) return(0);
+	return(strlen(str));
+	}
+
diff --git a/crypto/openssl/crypto/bio/bss_rtcp.c b/crypto/openssl/crypto/bio/bss_rtcp.c
new file mode 100644
index 000000000000..2ef040057e3f
--- /dev/null
+++ b/crypto/openssl/crypto/bio/bss_rtcp.c
@@ -0,0 +1,293 @@
+/* crypto/bio/bss_rtcp.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* Written by David L. Jones 
+ * Date:   22-JUL-1996
+ * Revised: 25-SEP-1997		Update for 0.8.1, BIO_CTRL_SET -> BIO_C_SET_FD
+ */
+/* VMS */
+#include 
+#include 
+#include 
+#include 
+#include "cryptlib.h"
+#include 
+
+#include 		/* VMS IO$_ definitions */
+#include 
+
+typedef unsigned short io_channel;
+/*************************************************************************/
+struct io_status { short status, count; long flags; };
+
+struct rpc_msg {		/* Should have member alignment inhibited */
+   char channel;		/* 'A'-app data. 'R'-remote client 'G'-global */
+   char function;		/* 'G'-get, 'P'-put, 'C'-confirm, 'X'-close */
+   unsigned short int length;	/* Amount of data returned or max to return */
+   char data[4092];		/* variable data */
+};
+#define RPC_HDR_SIZE (sizeof(struct rpc_msg) - 4092)
+
+struct rpc_ctx {
+    int filled, pos;
+    struct rpc_msg msg;
+};
+
+static int rtcp_write(BIO *h,char *buf,int num);
+static int rtcp_read(BIO *h,char *buf,int size);
+static int rtcp_puts(BIO *h,char *str);
+static int rtcp_gets(BIO *h,char *str,int size);
+static long rtcp_ctrl(BIO *h,int cmd,long arg1,char *arg2);
+static int rtcp_new(BIO *h);
+static int rtcp_free(BIO *data);
+
+static BIO_METHOD rtcp_method=
+	{
+	BIO_TYPE_FD,
+	"RTCP",
+	rtcp_write,
+	rtcp_read,
+	rtcp_puts,
+	rtcp_gets,
+	rtcp_ctrl,
+	rtcp_new,
+	rtcp_free,
+	};
+
+BIO_METHOD *BIO_s_rtcp(void)
+	{
+	return(&rtcp_method);
+	}
+/*****************************************************************************/
+/* Decnet I/O routines.
+ */
+
+#ifdef __DECC
+#pragma message save
+#pragma message disable DOLLARID
+#endif
+
+static int get ( io_channel chan, char *buffer, int maxlen, int *length )
+{
+    int status;
+    struct io_status iosb;
+    status = sys$qiow ( 0, chan, IO$_READVBLK, &iosb, 0, 0,
+	buffer, maxlen, 0, 0, 0, 0 );
+    if ( (status&1) == 1 ) status = iosb.status;
+    if ( (status&1) == 1 ) *length = iosb.count;
+    return status;
+}
+
+static int put ( io_channel chan, char *buffer, int length )
+{
+    int status;
+    struct io_status iosb;
+    status = sys$qiow ( 0, chan, IO$_WRITEVBLK, &iosb, 0, 0,
+	buffer, length, 0, 0, 0, 0 );
+    if ( (status&1) == 1 ) status = iosb.status;
+    return status;
+}
+
+#ifdef __DECC
+#pragma message restore
+#endif
+
+/***************************************************************************/
+
+static int rtcp_new(BIO *bi)
+{
+    struct rpc_ctx *ctx;
+	bi->init=1;
+	bi->num=0;
+	bi->flags = 0;
+	bi->ptr=Malloc(sizeof(struct rpc_ctx));
+	ctx = (struct rpc_ctx *) bi->ptr;
+	ctx->filled = 0;
+	ctx->pos = 0;
+	return(1);
+}
+
+static int rtcp_free(BIO *a)
+{
+	if (a == NULL) return(0);
+	if ( a->ptr ) Free ( a->ptr );
+	a->ptr = NULL;
+	return(1);
+}
+	
+static int rtcp_read(BIO *b, char *out, int outl)
+{
+    int status, length;
+    struct rpc_ctx *ctx;
+    /*
+     * read data, return existing.
+     */
+    ctx = (struct rpc_ctx *) b->ptr;
+    if ( ctx->pos < ctx->filled ) {
+	length = ctx->filled - ctx->pos;
+	if ( length > outl ) length = outl;
+	memmove ( out, &ctx->msg.data[ctx->pos], length );
+	ctx->pos += length;
+	return length;
+    }
+    /*
+     * Requst more data from R channel.
+     */
+    ctx->msg.channel = 'R';
+    ctx->msg.function = 'G';
+    ctx->msg.length = sizeof(ctx->msg.data);
+    status = put ( b->num, (char *) &ctx->msg, RPC_HDR_SIZE );
+    if ( (status&1) == 0 ) {
+	return -1;
+    }
+    /*
+     * Read.
+     */
+    ctx->pos = ctx->filled = 0;
+    status = get ( b->num, (char *) &ctx->msg, sizeof(ctx->msg), &length );
+    if ( (status&1) == 0 ) length = -1;
+    if ( ctx->msg.channel != 'R' || ctx->msg.function != 'C' ) {
+	length = -1;
+    }
+    ctx->filled = length - RPC_HDR_SIZE;
+    
+    if ( ctx->pos < ctx->filled ) {
+	length = ctx->filled - ctx->pos;
+	if ( length > outl ) length = outl;
+	memmove ( out, ctx->msg.data, length );
+	ctx->pos += length;
+	return length;
+    }
+
+    return length;
+}
+
+static int rtcp_write(BIO *b, char *in, int inl)
+{
+    int status, i, segment, length;
+    struct rpc_ctx *ctx;
+    /*
+     * Output data, send in chunks no larger that sizeof(ctx->msg.data).
+     */
+    ctx = (struct rpc_ctx *) b->ptr;
+    for ( i = 0; i < inl; i += segment ) {
+	segment = inl - i;
+	if ( segment > sizeof(ctx->msg.data) ) segment = sizeof(ctx->msg.data);
+	ctx->msg.channel = 'R';
+	ctx->msg.function = 'P';
+	ctx->msg.length = segment;
+	memmove ( ctx->msg.data, &in[i], segment );
+	status = put ( b->num, (char *) &ctx->msg, segment + RPC_HDR_SIZE );
+	if ((status&1) == 0 ) { i = -1; break; }
+
+	status = get ( b->num, (char *) &ctx->msg, sizeof(ctx->msg), &length );
+	if ( ((status&1) == 0) || (length < RPC_HDR_SIZE) ) { i = -1; break; }
+	if ( (ctx->msg.channel != 'R') || (ctx->msg.function != 'C') ) {
+	   printf("unexpected response when confirming put %c %c\n",
+		ctx->msg.channel, ctx->msg.function );
+
+	}
+    }
+    return(i);
+}
+
+static long rtcp_ctrl(BIO *b, int cmd, long num, char *ptr)
+	{
+	long ret=1;
+
+	switch (cmd)
+		{
+	case BIO_CTRL_RESET:
+	case BIO_CTRL_EOF:
+		ret = 1;
+		break;
+	case BIO_C_SET_FD:
+		b->num = num;
+		ret = 1;
+	 	break;
+	case BIO_CTRL_SET_CLOSE:
+	case BIO_CTRL_FLUSH:
+	case BIO_CTRL_DUP:
+		ret=1;
+		break;
+	case BIO_CTRL_GET_CLOSE:
+	case BIO_CTRL_INFO:
+	case BIO_CTRL_GET:
+	case BIO_CTRL_PENDING:
+	case BIO_CTRL_WPENDING:
+	default:
+		ret=0;
+		break;
+		}
+	return(ret);
+	}
+
+static int rtcp_gets(BIO *bp, char *buf, int size)
+	{
+	return(0);
+	}
+
+static int rtcp_puts(BIO *bp, char *str)
+{
+    int length;
+    if (str == NULL) return(0);
+    length = strlen ( str );
+    if ( length == 0 ) return (0);
+    return rtcp_write ( bp,str, length );
+}
+
diff --git a/crypto/openssl/crypto/bio/bss_sock.c b/crypto/openssl/crypto/bio/bss_sock.c
new file mode 100644
index 000000000000..d336b99fe81a
--- /dev/null
+++ b/crypto/openssl/crypto/bio/bss_sock.c
@@ -0,0 +1,423 @@
+/* crypto/bio/bss_sock.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#if !defined(NO_SOCK) || defined(BIO_FD)
+
+#include 
+#include 
+#define USE_SOCKETS
+#include "cryptlib.h"
+#include 
+
+#ifndef BIO_FD
+static int sock_write(BIO *h,char *buf,int num);
+static int sock_read(BIO *h,char *buf,int size);
+static int sock_puts(BIO *h,char *str);
+static long sock_ctrl(BIO *h,int cmd,long arg1,char *arg2);
+static int sock_new(BIO *h);
+static int sock_free(BIO *data);
+int BIO_sock_should_retry(int s);
+#else
+
+static int fd_write(BIO *h,char *buf,int num);
+static int fd_read(BIO *h,char *buf,int size);
+static int fd_puts(BIO *h,char *str);
+static long fd_ctrl(BIO *h,int cmd,long arg1,char *arg2);
+static int fd_new(BIO *h);
+static int fd_free(BIO *data);
+int BIO_fd_should_retry(int s);
+#endif
+
+#ifndef BIO_FD
+static BIO_METHOD methods_sockp=
+	{
+	BIO_TYPE_SOCKET,
+	"socket",
+	sock_write,
+	sock_read,
+	sock_puts,
+	NULL, /* sock_gets, */
+	sock_ctrl,
+	sock_new,
+	sock_free,
+	};
+
+BIO_METHOD *BIO_s_socket(void)
+	{
+	return(&methods_sockp);
+	}
+#else
+static BIO_METHOD methods_fdp=
+	{
+	BIO_TYPE_FD,"file descriptor",
+	fd_write,
+	fd_read,
+	fd_puts,
+	NULL, /* fd_gets, */
+	fd_ctrl,
+	fd_new,
+	fd_free,
+	};
+
+BIO_METHOD *BIO_s_fd(void)
+	{
+	return(&methods_fdp);
+	}
+#endif
+
+#ifndef BIO_FD
+BIO *BIO_new_socket(int fd, int close_flag)
+#else
+BIO *BIO_new_fd(int fd,int close_flag)
+#endif
+	{
+	BIO *ret;
+
+#ifndef BIO_FD
+	ret=BIO_new(BIO_s_socket());
+#else
+	ret=BIO_new(BIO_s_fd());
+#endif
+	if (ret == NULL) return(NULL);
+	BIO_set_fd(ret,fd,close_flag);
+	return(ret);
+	}
+
+#ifndef BIO_FD
+static int sock_new(BIO *bi)
+#else
+static int fd_new(BIO *bi)
+#endif
+	{
+	bi->init=0;
+	bi->num=0;
+	bi->ptr=NULL;
+	bi->flags=0;
+	return(1);
+	}
+
+#ifndef BIO_FD
+static int sock_free(BIO *a)
+#else
+static int fd_free(BIO *a)
+#endif
+	{
+	if (a == NULL) return(0);
+	if (a->shutdown)
+		{
+		if (a->init)
+			{
+#ifndef BIO_FD
+			shutdown(a->num,2);
+			closesocket(a->num);
+#else			/* BIO_FD */
+			close(a->num);
+#endif
+
+			}
+		a->init=0;
+		a->flags=0;
+		}
+	return(1);
+	}
+	
+#ifndef BIO_FD
+static int sock_read(BIO *b, char *out, int outl)
+#else
+static int fd_read(BIO *b, char *out,int outl)
+#endif
+	{
+	int ret=0;
+
+	if (out != NULL)
+		{
+#ifndef BIO_FD
+		clear_socket_error();
+		ret=readsocket(b->num,out,outl);
+#else
+		clear_sys_error();
+		ret=read(b->num,out,outl);
+#endif
+		BIO_clear_retry_flags(b);
+		if (ret <= 0)
+			{
+#ifndef BIO_FD
+			if (BIO_sock_should_retry(ret))
+#else
+			if (BIO_fd_should_retry(ret))
+#endif
+				BIO_set_retry_read(b);
+			}
+		}
+	return(ret);
+	}
+
+#ifndef BIO_FD
+static int sock_write(BIO *b, char *in, int inl)
+#else
+static int fd_write(BIO *b, char *in, int inl)
+#endif
+	{
+	int ret;
+	
+#ifndef BIO_FD
+	clear_socket_error();
+	ret=writesocket(b->num,in,inl);
+#else
+	clear_sys_error();
+	ret=write(b->num,in,inl);
+#endif
+	BIO_clear_retry_flags(b);
+	if (ret <= 0)
+		{
+#ifndef BIO_FD
+		if (BIO_sock_should_retry(ret))
+#else
+		if (BIO_fd_should_retry(ret))
+#endif
+			BIO_set_retry_write(b);
+		}
+	return(ret);
+	}
+
+#ifndef BIO_FD
+static long sock_ctrl(BIO *b, int cmd, long num, char *ptr)
+#else
+static long fd_ctrl(BIO *b, int cmd, long num, char *ptr)
+#endif
+	{
+	long ret=1;
+	int *ip;
+
+	switch (cmd)
+		{
+	case BIO_CTRL_RESET:
+		num=0;
+	case BIO_C_FILE_SEEK:
+#ifdef BIO_FD
+		ret=(long)lseek(b->num,num,0);
+#else
+		ret=0;
+#endif
+		break;
+	case BIO_C_FILE_TELL:
+	case BIO_CTRL_INFO:
+#ifdef BIO_FD
+		ret=(long)lseek(b->num,0,1);
+#else
+		ret=0;
+#endif
+		break;
+	case BIO_C_SET_FD:
+#ifndef BIO_FD
+		sock_free(b);
+#else
+		fd_free(b);
+#endif
+		b->num= *((int *)ptr);
+		b->shutdown=(int)num;
+		b->init=1;
+		break;
+	case BIO_C_GET_FD:
+		if (b->init)
+			{
+			ip=(int *)ptr;
+			if (ip != NULL) *ip=b->num;
+			ret=b->num;
+			}
+		else
+			ret= -1;
+		break;
+	case BIO_CTRL_GET_CLOSE:
+		ret=b->shutdown;
+		break;
+	case BIO_CTRL_SET_CLOSE:
+		b->shutdown=(int)num;
+		break;
+	case BIO_CTRL_PENDING:
+	case BIO_CTRL_WPENDING:
+		ret=0;
+		break;
+	case BIO_CTRL_DUP:
+	case BIO_CTRL_FLUSH:
+		ret=1;
+		break;
+	default:
+		ret=0;
+		break;
+		}
+	return(ret);
+	}
+
+#ifdef undef
+static int sock_gets(BIO *bp, char *buf,int size)
+	{
+	return(-1);
+	}
+#endif
+
+#ifndef BIO_FD
+static int sock_puts(BIO *bp, char *str)
+#else
+static int fd_puts(BIO *bp, char *str)
+#endif
+	{
+	int n,ret;
+
+	n=strlen(str);
+#ifndef BIO_FD
+	ret=sock_write(bp,str,n);
+#else
+	ret=fd_write(bp,str,n);
+#endif
+	return(ret);
+	}
+
+#ifndef BIO_FD
+int BIO_sock_should_retry(int i)
+#else
+int BIO_fd_should_retry(int i)
+#endif
+	{
+	int err;
+
+	if ((i == 0) || (i == -1))
+		{
+#ifndef BIO_FD
+		err=get_last_socket_error();
+#else
+		err=get_last_sys_error();
+#endif
+
+#if defined(WINDOWS) && 0 /* more microsoft stupidity? perhaps not? Ben 4/1/99 */
+		if ((i == -1) && (err == 0))
+			return(1);
+#endif
+
+#ifndef BIO_FD
+		return(BIO_sock_non_fatal_error(err));
+#else
+		return(BIO_fd_non_fatal_error(err));
+#endif
+		}
+	return(0);
+	}
+
+#ifndef BIO_FD
+int BIO_sock_non_fatal_error(int err)
+#else
+int BIO_fd_non_fatal_error(int err)
+#endif
+	{
+	switch (err)
+		{
+#if !defined(BIO_FD) && defined(WINDOWS)
+# if defined(WSAEWOULDBLOCK)
+	case WSAEWOULDBLOCK:
+# endif
+
+# if 0 /* This appears to always be an error */
+#  if defined(WSAENOTCONN)
+	case WSAENOTCONN:
+#  endif
+# endif
+#endif
+
+#ifdef EWOULDBLOCK
+# ifdef WSAEWOULDBLOCK
+#  if WSAEWOULDBLOCK != EWOULDBLOCK
+	case EWOULDBLOCK:
+#  endif
+# else
+	case EWOULDBLOCK:
+# endif
+#endif
+
+#if defined(ENOTCONN)
+	case ENOTCONN:
+#endif
+
+#ifdef EINTR
+	case EINTR:
+#endif
+
+#ifdef EAGAIN
+#if EWOULDBLOCK != EAGAIN
+	case EAGAIN:
+# endif
+#endif
+
+#ifdef EPROTO
+	case EPROTO:
+#endif
+
+#ifdef EINPROGRESS
+	case EINPROGRESS:
+#endif
+
+#ifdef EALREADY
+	case EALREADY:
+#endif
+		return(1);
+		/* break; */
+	default:
+		break;
+		}
+	return(0);
+	}
+#endif
diff --git a/crypto/openssl/crypto/bn/Makefile.ssl b/crypto/openssl/crypto/bn/Makefile.ssl
new file mode 100644
index 000000000000..fcabb62452b3
--- /dev/null
+++ b/crypto/openssl/crypto/bn/Makefile.ssl
@@ -0,0 +1,276 @@
+#
+# SSLeay/crypto/bn/Makefile
+#
+
+DIR=	bn
+TOP=	../..
+CC=	cc
+INCLUDES= -I.. -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=		make -f Makefile.ssl
+MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+MAKEFILE=	Makefile.ssl
+AR=		ar r
+
+BN_ASM=		bn_asm.o
+# or use
+#BN_ASM=	bn86-elf.o
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+ASFLAGS=$(CFLAGS)
+
+GENERAL=Makefile
+TEST=bntest.c exptest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=	bn_add.c bn_div.c bn_exp.c bn_lib.c bn_mul.c \
+	bn_print.c bn_rand.c bn_shift.c bn_word.c bn_blind.c \
+	bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_asm.c bn_recp.c bn_mont.c \
+	bn_mpi.c bn_exp2.c
+
+LIBOBJ=	bn_add.o bn_div.o bn_exp.o bn_lib.o bn_mul.o \
+	bn_print.o bn_rand.o bn_shift.o bn_word.o bn_blind.o \
+	bn_gcd.o bn_prime.o bn_err.o bn_sqr.o $(BN_ASM) bn_recp.o bn_mont.o \
+	bn_mpi.o bn_exp2.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= bn.h
+HEADER=	bn_lcl.h bn_prime.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:	lib
+
+knuth: bn_knuth.c
+	cc -pg -I.. -I../../include bn_knuth.c -o knuth $(LIB) #../../../libefence.a
+
+knuth.fast: bn_knuth.c
+	cc -pg -fast -I.. -I../../include bn_knuth.c -o knuth $(LIB) #../../../libefence.a
+
+
+lib:	$(LIBOBJ)
+	$(AR) $(LIB) $(LIBOBJ)
+	$(RANLIB) $(LIB)
+	@touch lib
+
+# elf
+asm/bn86-elf.o: asm/bn86unix.cpp
+	$(CPP) -DELF asm/bn86unix.cpp | as -o asm/bn86-elf.o
+
+asm/co86-elf.o: asm/co86unix.cpp
+	$(CPP) -DELF asm/co86unix.cpp | as -o asm/co86-elf.o
+
+# solaris
+asm/bn86-sol.o: asm/bn86unix.cpp
+	$(CC) -E -DSOL asm/bn86unix.cpp | sed 's/^#.*//' > asm/bn86-sol.s
+	as -o asm/bn86-sol.o asm/bn86-sol.s
+	rm -f asm/bn86-sol.s
+
+asm/co86-sol.o: asm/co86unix.cpp
+	$(CC) -E -DSOL asm/co86unix.cpp | sed 's/^#.*//' > asm/co86-sol.s
+	as -o asm/co86-sol.o asm/co86-sol.s
+	rm -f asm/co86-sol.s
+
+# a.out
+asm/bn86-out.o: asm/bn86unix.cpp
+	$(CPP) -DOUT asm/bn86unix.cpp | as -o asm/bn86-out.o
+
+asm/co86-out.o: asm/co86unix.cpp
+	$(CPP) -DOUT asm/co86unix.cpp | as -o asm/co86-out.o
+
+# bsdi
+asm/bn86bsdi.o: asm/bn86unix.cpp
+	$(CPP) -DBSDI asm/bn86unix.cpp | sed 's/ :/:/' | as -o asm/bn86bsdi.o
+
+asm/co86bsdi.o: asm/co86unix.cpp
+	$(CPP) -DBSDI asm/co86unix.cpp | sed 's/ :/:/' | as -o asm/co86bsdi.o
+
+asm/bn86unix.cpp: asm/bn-586.pl
+	(cd asm; $(PERL) bn-586.pl cpp >bn86unix.cpp )
+
+asm/co86unix.cpp: asm/co-586.pl
+	(cd asm; $(PERL) co-586.pl cpp >co86unix.cpp )
+
+asm/sparcv8.o: asm/sparcv8.S
+
+asm/sparcv8plus.o: asm/sparcv8plus.S
+
+# Old GNU assembler doesn't understand V9 instructions, so we
+# hire /usr/ccs/bin/as to do the job. Note that option is called
+# *-gcc27, but even gcc 2>=8 users may experience similar problem
+# if they didn't bother to upgrade GNU assembler. Such users should
+# not choose this option, but be adviced to *remove* GNU assembler
+# or upgrade it.
+asm/sparcv8plus-gcc27.o: asm/sparcv8plus.S
+	$(CC) $(ASFLAGS) -E asm/sparcv8plus.S | \
+		/usr/ccs/bin/as -xarch=v8plus - -o asm/sparcv8plus-gcc27.o
+
+# MIPS 64 bit assember 
+asm/mips3.o: asm/mips3.s
+
+# MIPS 32 bit assember
+asm/mips1.o: asm/mips1.s
+	/usr/bin/as -O2 -o asm/mips1.o asm/mips1.s
+
+files:
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+	@for i in $(EXHEADER) ; \
+	do  \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+	done;
+
+exptest:
+	rm -f exptest
+	gcc -I../../include -g2 -ggdb -o exptest exptest.c ../../libcrypto.a
+
+div:
+	rm -f a.out
+	gcc -I.. -g div.c ../../libcrypto.a
+
+tags:
+	ctags $(SRC)
+
+tests:
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+
+dclean:
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	rm -f asm/co86unix.cpp asm/bn86unix.cpp *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff bn_asm.s
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+bn_add.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_add.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_add.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+bn_add.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+bn_add.o: ../../include/openssl/opensslv.h ../../include/openssl/stack.h
+bn_add.o: ../cryptlib.h bn_lcl.h
+bn_asm.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_asm.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_asm.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+bn_asm.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+bn_asm.o: ../../include/openssl/opensslv.h ../../include/openssl/stack.h
+bn_asm.o: ../cryptlib.h bn_lcl.h
+bn_blind.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_blind.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_blind.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+bn_blind.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+bn_blind.o: ../../include/openssl/opensslv.h ../../include/openssl/stack.h
+bn_blind.o: ../cryptlib.h bn_lcl.h
+bn_div.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_div.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_div.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+bn_div.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+bn_div.o: ../../include/openssl/opensslv.h ../../include/openssl/stack.h
+bn_div.o: ../cryptlib.h bn_lcl.h
+bn_err.o: ../../include/openssl/bn.h ../../include/openssl/err.h
+bn_err.o: ../../include/openssl/opensslconf.h
+bn_exp.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_exp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_exp.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+bn_exp.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+bn_exp.o: ../../include/openssl/opensslv.h ../../include/openssl/stack.h
+bn_exp.o: ../cryptlib.h bn_lcl.h
+bn_exp2.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_exp2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_exp2.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+bn_exp2.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+bn_exp2.o: ../../include/openssl/opensslv.h ../../include/openssl/stack.h
+bn_exp2.o: ../cryptlib.h bn_lcl.h
+bn_gcd.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_gcd.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_gcd.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+bn_gcd.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+bn_gcd.o: ../../include/openssl/opensslv.h ../../include/openssl/stack.h
+bn_gcd.o: ../cryptlib.h bn_lcl.h
+bn_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+bn_lib.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+bn_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/stack.h
+bn_lib.o: ../cryptlib.h bn_lcl.h
+bn_mont.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_mont.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_mont.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+bn_mont.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+bn_mont.o: ../../include/openssl/opensslv.h ../../include/openssl/stack.h
+bn_mont.o: ../cryptlib.h bn_lcl.h
+bn_mpi.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_mpi.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_mpi.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+bn_mpi.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+bn_mpi.o: ../../include/openssl/opensslv.h ../../include/openssl/stack.h
+bn_mpi.o: ../cryptlib.h bn_lcl.h
+bn_mul.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_mul.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_mul.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+bn_mul.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+bn_mul.o: ../../include/openssl/opensslv.h ../../include/openssl/stack.h
+bn_mul.o: ../cryptlib.h bn_lcl.h
+bn_prime.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_prime.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_prime.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+bn_prime.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+bn_prime.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+bn_prime.o: ../../include/openssl/stack.h ../cryptlib.h bn_lcl.h bn_prime.h
+bn_print.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_print.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_print.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+bn_print.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+bn_print.o: ../../include/openssl/opensslv.h ../../include/openssl/stack.h
+bn_print.o: ../cryptlib.h bn_lcl.h
+bn_rand.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_rand.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_rand.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+bn_rand.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+bn_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+bn_rand.o: ../../include/openssl/stack.h ../cryptlib.h bn_lcl.h
+bn_recp.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_recp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_recp.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+bn_recp.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+bn_recp.o: ../../include/openssl/opensslv.h ../../include/openssl/stack.h
+bn_recp.o: ../cryptlib.h bn_lcl.h
+bn_shift.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_shift.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_shift.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+bn_shift.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+bn_shift.o: ../../include/openssl/opensslv.h ../../include/openssl/stack.h
+bn_shift.o: ../cryptlib.h bn_lcl.h
+bn_sqr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_sqr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_sqr.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+bn_sqr.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+bn_sqr.o: ../../include/openssl/opensslv.h ../../include/openssl/stack.h
+bn_sqr.o: ../cryptlib.h bn_lcl.h
+bn_word.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_word.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_word.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+bn_word.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+bn_word.o: ../../include/openssl/opensslv.h ../../include/openssl/stack.h
+bn_word.o: ../cryptlib.h bn_lcl.h
diff --git a/crypto/openssl/crypto/bn/asm/README b/crypto/openssl/crypto/bn/asm/README
new file mode 100644
index 000000000000..d93fbff77f5f
--- /dev/null
+++ b/crypto/openssl/crypto/bn/asm/README
@@ -0,0 +1,30 @@
+All assember in this directory are just version of the file
+crypto/bn/bn_mulw.c.
+
+Quite a few of these files are just the assember output from gcc since on 
+quite a few machines they are 2 times faster than the system compiler.
+
+For the x86, I have hand written assember because of the bad job all
+compilers seem to do on it.  This normally gives a 2 time speed up in the RSA
+routines.
+
+For the DEC alpha, I also hand wrote the assember (except the division which
+is just the output from the C compiler pasted on the end of the file).
+On the 2 alpha C compilers I had access to, it was not possible to do
+64b x 64b -> 128b calculations (both long and the long long data types
+were 64 bits).  So the hand assember gives access to the 128 bit result and
+a 2 times speedup :-).
+
+The x86xxxx.obj files are the assembled version of x86xxxx.asm files.
+I had such a hard time finding a macro assember for Microsoft, I decided to
+include the object file to save others the hassle :-).
+
+I have also included uu encoded versions of the .obj incase they get
+trashed.
+
+There are 2 versions of assember for the HP PA-RISC.
+pa-risc.s is the origional one which works fine.
+pa-risc2.s is a new version that often generates warnings but if the
+tests pass, it gives performance that is over 2 times faster than
+pa-risc.s.
+Both were generated using gcc :-)
diff --git a/crypto/openssl/crypto/bn/asm/alpha.s b/crypto/openssl/crypto/bn/asm/alpha.s
new file mode 100644
index 000000000000..a351694ca238
--- /dev/null
+++ b/crypto/openssl/crypto/bn/asm/alpha.s
@@ -0,0 +1,1898 @@
+ # DEC Alpha assember
+ # The bn_div_words is actually gcc output but the other parts are hand done.
+ # Thanks to tzeruch@ceddec.com for sending me the gcc output for
+ # bn_div_words.
+ # I've gone back and re-done most of routines.
+ # The key thing to remeber for the 164 CPU is that while a
+ # multiply operation takes 8 cycles, another one can only be issued
+ # after 4 cycles have elapsed.  I've done modification to help
+ # improve this.  Also, normally, a ld instruction will not be available
+ # for about 3 cycles.
+	.file	1 "bn_asm.c"
+	.set noat
+gcc2_compiled.:
+__gnu_compiled_c:
+	.text
+	.align 3
+	.globl bn_mul_add_words
+	.ent bn_mul_add_words
+bn_mul_add_words:
+bn_mul_add_words..ng:
+	.frame $30,0,$26,0
+	.prologue 0
+	.align 5
+	subq	$18,4,$18
+	bis	$31,$31,$0
+	blt	$18,$43		# if we are -1, -2, -3 or -4 goto tail code
+	ldq	$20,0($17)	# 1 1
+	ldq	$1,0($16)	# 1 1
+	.align 3
+$42:
+	mulq	$20,$19,$5	# 1 2 1	######
+	ldq	$21,8($17)	# 2 1
+	ldq	$2,8($16)	# 2 1
+	umulh	$20,$19,$20	# 1 2	######
+	ldq	$27,16($17)	# 3 1
+	ldq	$3,16($16)	# 3 1
+	mulq	$21,$19,$6	# 2 2 1	######
+	 ldq	$28,24($17)	# 4 1
+	addq	$1,$5,$1	# 1 2 2
+	 ldq	$4,24($16)	# 4 1
+	umulh	$21,$19,$21	# 2 2	######
+	 cmpult	$1,$5,$22	# 1 2 3 1
+	addq	$20,$22,$20	# 1 3 1
+	 addq	$1,$0,$1	# 1 2 3 1
+	mulq	$27,$19,$7	# 3 2 1	######
+	 cmpult	$1,$0,$0	# 1 2 3 2
+	addq	$2,$6,$2	# 2 2 2
+	 addq	$20,$0,$0	# 1 3 2 
+	cmpult	$2,$6,$23	# 2 2 3 1
+	 addq	$21,$23,$21	# 2 3 1
+	umulh	$27,$19,$27	# 3 2	######
+	 addq	$2,$0,$2	# 2 2 3 1
+	cmpult	$2,$0,$0	# 2 2 3 2
+	 subq	$18,4,$18
+	mulq	$28,$19,$8	# 4 2 1	######
+	 addq	$21,$0,$0	# 2 3 2 
+	addq	$3,$7,$3	# 3 2 2
+	 addq	$16,32,$16
+	cmpult	$3,$7,$24	# 3 2 3 1
+	 stq	$1,-32($16)	# 1 2 4
+	umulh	$28,$19,$28	# 4 2	######
+	 addq	$27,$24,$27	# 3 3 1
+	addq	$3,$0,$3	# 3 2 3 1
+	 stq	$2,-24($16)	# 2 2 4
+	cmpult	$3,$0,$0	# 3 2 3 2
+	 stq	$3,-16($16)	# 3 2 4
+	addq	$4,$8,$4	# 4 2 2
+	 addq	$27,$0,$0	# 3 3 2 
+	cmpult	$4,$8,$25	# 4 2 3 1
+	 addq	$17,32,$17
+	addq	$28,$25,$28	# 4 3 1
+	 addq	$4,$0,$4	# 4 2 3 1
+	cmpult	$4,$0,$0	# 4 2 3 2
+	 stq	$4,-8($16)	# 4 2 4
+	addq	$28,$0,$0	# 4 3 2 
+	 blt	$18,$43
+
+	ldq	$20,0($17)	# 1 1
+	ldq	$1,0($16)	# 1 1
+
+	br	$42
+
+	.align 4
+$45:
+	ldq	$20,0($17)	# 4 1
+	ldq	$1,0($16)	# 4 1
+	mulq	$20,$19,$5	# 4 2 1
+	subq	$18,1,$18
+	addq	$16,8,$16
+	addq	$17,8,$17
+	umulh	$20,$19,$20	# 4 2
+	addq	$1,$5,$1	# 4 2 2
+	cmpult	$1,$5,$22	# 4 2 3 1
+	addq	$20,$22,$20	# 4 3 1
+	addq	$1,$0,$1	# 4 2 3 1
+	cmpult	$1,$0,$0	# 4 2 3 2
+	addq	$20,$0,$0	# 4 3 2 
+	stq	$1,-8($16)	# 4 2 4
+	bgt	$18,$45
+	ret	$31,($26),1	# else exit
+
+	.align 4
+$43:
+	addq	$18,4,$18
+	bgt	$18,$45		# goto tail code
+	ret	$31,($26),1	# else exit
+
+	.end bn_mul_add_words
+	.align 3
+	.globl bn_mul_words
+	.ent bn_mul_words
+bn_mul_words:
+bn_mul_words..ng:
+	.frame $30,0,$26,0
+	.prologue 0
+	.align 5
+	subq	$18,4,$18
+	bis	$31,$31,$0
+	blt	$18,$143	# if we are -1, -2, -3 or -4 goto tail code
+	ldq	$20,0($17)	# 1 1
+	.align 3
+$142:
+
+	mulq	$20,$19,$5	# 1 2 1	#####
+	 ldq	$21,8($17)	# 2 1
+	 ldq	$27,16($17)	# 3 1
+	umulh	$20,$19,$20	# 1 2	#####
+	 ldq	$28,24($17)	# 4 1
+	mulq	$21,$19,$6	# 2 2 1	#####
+	 addq	$5,$0,$5	# 1 2 3 1
+	subq	$18,4,$18
+	 cmpult	$5,$0,$0	# 1 2 3 2
+	umulh	$21,$19,$21	# 2 2	#####
+	 addq	$20,$0,$0	# 1 3 2 
+	addq	$17,32,$17
+	 addq	$6,$0,$6	# 2 2 3 1
+	mulq	$27,$19,$7	# 3 2 1	#####
+	 cmpult	$6,$0,$0	# 2 2 3 2
+	addq	$21,$0,$0	# 2 3 2 
+	 addq	$16,32,$16
+	umulh	$27,$19,$27	# 3 2	#####
+	 stq	$5,-32($16)	# 1 2 4
+	mulq	$28,$19,$8	# 4 2 1	#####
+	 addq	$7,$0,$7	# 3 2 3 1
+	stq	$6,-24($16)	# 2 2 4
+	 cmpult	$7,$0,$0	# 3 2 3 2
+	umulh	$28,$19,$28	# 4 2	#####
+	 addq	$27,$0,$0	# 3 3 2 
+	stq	$7,-16($16)	# 3 2 4
+	 addq	$8,$0,$8	# 4 2 3 1
+	cmpult	$8,$0,$0	# 4 2 3 2
+
+	addq	$28,$0,$0	# 4 3 2 
+
+	stq	$8,-8($16)	# 4 2 4
+
+	blt	$18,$143
+
+	ldq	$20,0($17)	# 1 1
+
+	br	$142
+
+	.align 4
+$145:
+	ldq	$20,0($17)	# 4 1
+	mulq	$20,$19,$5	# 4 2 1
+	subq	$18,1,$18
+	umulh	$20,$19,$20	# 4 2
+	addq	$5,$0,$5	# 4 2 3 1
+	 addq	$16,8,$16
+	cmpult	$5,$0,$0	# 4 2 3 2
+	 addq	$17,8,$17
+	addq	$20,$0,$0	# 4 3 2 
+	stq	$5,-8($16)	# 4 2 4
+
+	bgt	$18,$145
+	ret	$31,($26),1	# else exit
+
+	.align 4
+$143:
+	addq	$18,4,$18
+	bgt	$18,$145	# goto tail code
+	ret	$31,($26),1	# else exit
+
+	.end bn_mul_words
+	.align 3
+	.globl bn_sqr_words
+	.ent bn_sqr_words
+bn_sqr_words:
+bn_sqr_words..ng:
+	.frame $30,0,$26,0
+	.prologue 0
+
+	subq	$18,4,$18
+	blt	$18,$543	# if we are -1, -2, -3 or -4 goto tail code
+	ldq	$20,0($17)	# 1 1
+	.align 3
+$542:
+	mulq	$20,$20,$5		######
+	 ldq	$21,8($17)	# 1 1
+	subq	$18,4
+ 	umulh	$20,$20,$1		######
+	ldq	$27,16($17)	# 1 1
+	mulq	$21,$21,$6		######
+	ldq	$28,24($17)	# 1 1
+	stq	$5,0($16)	# r[0]
+ 	umulh	$21,$21,$2		######
+	stq	$1,8($16)	# r[1]
+	mulq	$27,$27,$7		######
+	stq	$6,16($16)	# r[0]
+ 	umulh	$27,$27,$3		######
+	stq	$2,24($16)	# r[1]
+	mulq	$28,$28,$8		######
+	stq	$7,32($16)	# r[0]
+ 	umulh	$28,$28,$4		######
+	stq	$3,40($16)	# r[1]
+
+ 	addq	$16,64,$16
+ 	addq	$17,32,$17
+	stq	$8,-16($16)	# r[0]
+	stq	$4,-8($16)	# r[1]
+
+	blt	$18,$543
+	ldq	$20,0($17)	# 1 1
+ 	br 	$542
+
+$442:
+	ldq	$20,0($17)   # a[0]
+	mulq	$20,$20,$5  # a[0]*w low part       r2
+	addq	$16,16,$16
+	addq	$17,8,$17
+	subq	$18,1,$18
+        umulh	$20,$20,$1  # a[0]*w high part       r3
+	stq	$5,-16($16)   # r[0]
+        stq	$1,-8($16)   # r[1]
+
+	bgt	$18,$442
+	ret	$31,($26),1	# else exit
+
+	.align 4
+$543:
+	addq	$18,4,$18
+	bgt	$18,$442	# goto tail code
+	ret	$31,($26),1	# else exit
+	.end bn_sqr_words
+
+	.align 3
+	.globl bn_add_words
+	.ent bn_add_words
+bn_add_words:
+bn_add_words..ng:
+	.frame $30,0,$26,0
+	.prologue 0
+
+	subq	$19,4,$19
+	bis	$31,$31,$0	# carry = 0
+	blt	$19,$900
+	ldq	$5,0($17)	# a[0]
+	ldq	$1,0($18)	# b[1]
+	.align 3
+$901:
+	addq	$1,$5,$1	# r=a+b;
+	 ldq	$6,8($17)	# a[1]
+	cmpult	$1,$5,$22	# did we overflow?
+	 ldq	$2,8($18)	# b[1]
+	addq	$1,$0,$1	# c+= overflow
+	 ldq	$7,16($17)	# a[2]
+	cmpult	$1,$0,$0	# overflow?
+	 ldq	$3,16($18)	# b[2]
+	addq	$0,$22,$0
+	 ldq	$8,24($17)	# a[3]
+	addq	$2,$6,$2	# r=a+b;
+	 ldq	$4,24($18)	# b[3]
+	cmpult	$2,$6,$23	# did we overflow?
+	 addq	$3,$7,$3	# r=a+b;
+	addq	$2,$0,$2	# c+= overflow
+	 cmpult	$3,$7,$24	# did we overflow?
+	cmpult	$2,$0,$0	# overflow?
+	 addq	$4,$8,$4	# r=a+b;
+	addq	$0,$23,$0
+	 cmpult	$4,$8,$25	# did we overflow?
+	addq	$3,$0,$3	# c+= overflow
+	 stq	$1,0($16)	# r[0]=c
+	cmpult	$3,$0,$0	# overflow?
+	 stq	$2,8($16)	# r[1]=c
+	addq	$0,$24,$0
+	 stq	$3,16($16)	# r[2]=c
+	addq	$4,$0,$4	# c+= overflow
+	 subq	$19,4,$19	# loop--
+	cmpult	$4,$0,$0	# overflow?
+	 addq	$17,32,$17	# a++
+	addq	$0,$25,$0
+	 stq	$4,24($16)	# r[3]=c
+	addq	$18,32,$18	# b++
+	 addq	$16,32,$16	# r++
+
+	blt	$19,$900
+	 ldq	$5,0($17)	# a[0]
+	ldq	$1,0($18)	# b[1]
+	 br	$901
+	.align 4
+$945:
+	ldq	$5,0($17)	# a[0]
+	 ldq	$1,0($18)	# b[1]
+	addq	$1,$5,$1	# r=a+b;
+	 subq	$19,1,$19	# loop--
+	addq	$1,$0,$1	# c+= overflow
+	 addq	$17,8,$17	# a++
+	cmpult	$1,$5,$22	# did we overflow?
+	 cmpult	$1,$0,$0	# overflow?
+	addq	$18,8,$18	# b++
+	 stq	$1,0($16)	# r[0]=c
+	addq	$0,$22,$0
+	 addq	$16,8,$16	# r++
+
+	bgt	$19,$945
+	ret	$31,($26),1	# else exit
+
+$900:
+	addq	$19,4,$19
+	bgt	$19,$945	# goto tail code
+	ret	$31,($26),1	# else exit
+	.end bn_add_words
+
+ #
+ # What follows was taken directly from the C compiler with a few
+ # hacks to redo the lables.
+ #
+.text
+	.align 3
+	.globl bn_div_words
+	.ent bn_div_words
+bn_div_words:
+	ldgp $29,0($27)
+bn_div_words..ng:
+	lda $30,-48($30)
+	.frame $30,48,$26,0
+	stq $26,0($30)
+	stq $9,8($30)
+	stq $10,16($30)
+	stq $11,24($30)
+	stq $12,32($30)
+	stq $13,40($30)
+	.mask 0x4003e00,-48
+	.prologue 1
+	bis $16,$16,$9
+	bis $17,$17,$10
+	bis $18,$18,$11
+	bis $31,$31,$13
+	bis $31,2,$12
+	bne $11,$119
+	lda $0,-1
+	br $31,$136
+	.align 4
+$119:
+	bis $11,$11,$16
+	jsr $26,BN_num_bits_word
+	ldgp $29,0($26)
+	subq $0,64,$1
+	beq $1,$120
+	bis $31,1,$1
+	sll $1,$0,$1
+	cmpule $9,$1,$1
+	bne $1,$120
+ #	lda $16,_IO_stderr_
+ #	lda $17,$C32
+ #	bis $0,$0,$18
+ #	jsr $26,fprintf
+ #	ldgp $29,0($26)
+	jsr $26,abort
+	ldgp $29,0($26)
+	.align 4
+$120:
+	bis $31,64,$3
+	cmpult $9,$11,$2
+	subq $3,$0,$1
+	addl $1,$31,$0
+	subq $9,$11,$1
+	cmoveq $2,$1,$9
+	beq $0,$122
+	zapnot $0,15,$2
+	subq $3,$0,$1
+	sll $11,$2,$11
+	sll $9,$2,$3
+	srl $10,$1,$1
+	sll $10,$2,$10
+	bis $3,$1,$9
+$122:
+	srl $11,32,$5
+	zapnot $11,15,$6
+	lda $7,-1
+	.align 5
+$123:
+	srl $9,32,$1
+	subq $1,$5,$1
+	bne $1,$126
+	zapnot $7,15,$27
+	br $31,$127
+	.align 4
+$126:
+	bis $9,$9,$24
+	bis $5,$5,$25
+	divqu $24,$25,$27
+$127:
+	srl $10,32,$4
+	.align 5
+$128:
+	mulq $27,$5,$1
+	subq $9,$1,$3
+	zapnot $3,240,$1
+	bne $1,$129
+	mulq $6,$27,$2
+	sll $3,32,$1
+	addq $1,$4,$1
+	cmpule $2,$1,$2
+	bne $2,$129
+	subq $27,1,$27
+	br $31,$128
+	.align 4
+$129:
+	mulq $27,$6,$1
+	mulq $27,$5,$4
+	srl $1,32,$3
+	sll $1,32,$1
+	addq $4,$3,$4
+	cmpult $10,$1,$2
+	subq $10,$1,$10
+	addq $2,$4,$2
+	cmpult $9,$2,$1
+	bis $2,$2,$4
+	beq $1,$134
+	addq $9,$11,$9
+	subq $27,1,$27
+$134:
+	subl $12,1,$12
+	subq $9,$4,$9
+	beq $12,$124
+	sll $27,32,$13
+	sll $9,32,$2
+	srl $10,32,$1
+	sll $10,32,$10
+	bis $2,$1,$9
+	br $31,$123
+	.align 4
+$124:
+	bis $13,$27,$0
+$136:
+	ldq $26,0($30)
+	ldq $9,8($30)
+	ldq $10,16($30)
+	ldq $11,24($30)
+	ldq $12,32($30)
+	ldq $13,40($30)
+	addq $30,48,$30
+	ret $31,($26),1
+	.end bn_div_words
+
+	.set noat
+	.text
+	.align 3
+	.globl bn_sub_words
+	.ent bn_sub_words
+bn_sub_words:
+bn_sub_words..ng:
+	.frame $30,0,$26,0
+	.prologue 0
+
+	subq	$19,	4,	$19
+	bis	$31,	$31,	$0
+	blt	$19,	$100
+	ldq	$1,	0($17)
+	ldq	$2,	0($18)
+$101:
+	ldq	$3,	8($17)
+	cmpult	$1,	$2,	$4
+	ldq	$5,	8($18)
+	subq	$1,	$2,	$1
+	ldq	$6,	16($17)
+	cmpult	$1,	$0,	$2
+	ldq	$7,	16($18)
+	subq	$1,	$0,	$23
+	ldq	$8,	24($17)
+	addq	$2,	$4,	$0
+	cmpult	$3,	$5,	$24
+	subq	$3,	$5,	$3
+	ldq	$22,	24($18)
+	cmpult	$3,	$0,	$5
+	subq	$3,	$0,	$25
+	addq	$5,	$24,	$0
+	cmpult	$6,	$7,	$27
+	subq	$6,	$7,	$6
+	stq	$23,	0($16)
+	cmpult	$6,	$0,	$7
+	subq	$6,	$0,	$28
+	addq	$7,	$27,	$0
+	cmpult	$8,	$22,	$21
+	subq	$8,	$22,	$8
+	stq	$25,	8($16)
+	cmpult	$8,	$0,	$22
+	subq	$8,	$0,	$20
+	addq	$22,	$21,	$0
+	stq	$28,	16($16)
+	subq	$19,	4,	$19
+	stq	$20,	24($16)
+	addq	$17,	32,	$17
+	addq	$18,	32,	$18
+	addq	$16,	32,	$16
+	blt	$19,	$100
+	ldq	$1,	0($17)
+	ldq	$2,	0($18)
+	br	$101
+$102:
+	ldq	$1,	0($17)
+	ldq	$2,	0($18)
+	cmpult	$1,	$2,	$27
+	subq	$1,	$2,	$1
+	cmpult	$1,	$0,	$2
+	subq	$1,	$0,	$1
+	stq	$1,	0($16)
+	addq	$2,	$27,	$0
+	addq	$17,	8,	$17
+	addq	$18,	8,	$18
+	addq	$16,	8,	$16
+	subq	$19,	1,	$19
+	bgt	$19,	$102
+	ret	$31,($26),1
+$100:
+	addq	$19,	4,	$19
+	bgt	$19,	$102
+$103:
+	ret	$31,($26),1
+	.end bn_sub_words
+	.text
+	.align 3
+	.globl bn_mul_comba4
+	.ent bn_mul_comba4
+bn_mul_comba4:
+bn_mul_comba4..ng:
+	.frame $30,0,$26,0
+	.prologue 0
+
+	ldq	$0,	0($17)
+	ldq	$1,	0($18)
+	ldq	$2,	8($17)
+	ldq	$3,	8($18)
+	ldq	$4,	16($17)
+	ldq	$5,	16($18)
+	ldq	$6,	24($17)
+	ldq	$7,	24($18)
+	bis	$31,	$31,	$23
+	mulq	$0,	$1,	$8
+	umulh	$0,	$1,	$22
+	stq	$8,	0($16)
+	bis	$31,	$31,	$8
+	mulq	$0,	$3,	$24
+	umulh	$0,	$3,	$25
+	addq	$22,	$24,	$22
+	cmpult	$22,	$24,	$27
+	addq	$27,	$25,	$25
+	addq	$23,	$25,	$23
+	cmpult	$23,	$25,	$28
+	addq	$8,	$28,	$8
+	mulq	$2,	$1,	$21
+	umulh	$2,	$1,	$20
+	addq	$22,	$21,	$22
+	cmpult	$22,	$21,	$19
+	addq	$19,	$20,	$20
+	addq	$23,	$20,	$23
+	cmpult	$23,	$20,	$17
+	addq	$8,	$17,	$8
+	stq	$22,	8($16)
+	bis	$31,	$31,	$22
+	mulq	$2,	$3,	$18
+	umulh	$2,	$3,	$24
+	addq	$23,	$18,	$23
+	cmpult	$23,	$18,	$27
+	addq	$27,	$24,	$24
+	addq	$8,	$24,	$8
+	cmpult	$8,	$24,	$25
+	addq	$22,	$25,	$22
+	mulq	$0,	$5,	$28
+	umulh	$0,	$5,	$21
+	addq	$23,	$28,	$23
+	cmpult	$23,	$28,	$19
+	addq	$19,	$21,	$21
+	addq	$8,	$21,	$8
+	cmpult	$8,	$21,	$20
+	addq	$22,	$20,	$22
+	mulq	$4,	$1,	$17
+	umulh	$4,	$1,	$18
+	addq	$23,	$17,	$23
+	cmpult	$23,	$17,	$27
+	addq	$27,	$18,	$18
+	addq	$8,	$18,	$8
+	cmpult	$8,	$18,	$24
+	addq	$22,	$24,	$22
+	stq	$23,	16($16)
+	bis	$31,	$31,	$23
+	mulq	$0,	$7,	$25
+	umulh	$0,	$7,	$28
+	addq	$8,	$25,	$8
+	cmpult	$8,	$25,	$19
+	addq	$19,	$28,	$28
+	addq	$22,	$28,	$22
+	cmpult	$22,	$28,	$21
+	addq	$23,	$21,	$23
+	mulq	$2,	$5,	$20
+	umulh	$2,	$5,	$17
+	addq	$8,	$20,	$8
+	cmpult	$8,	$20,	$27
+	addq	$27,	$17,	$17
+	addq	$22,	$17,	$22
+	cmpult	$22,	$17,	$18
+	addq	$23,	$18,	$23
+	mulq	$4,	$3,	$24
+	umulh	$4,	$3,	$25
+	addq	$8,	$24,	$8
+	cmpult	$8,	$24,	$19
+	addq	$19,	$25,	$25
+	addq	$22,	$25,	$22
+	cmpult	$22,	$25,	$28
+	addq	$23,	$28,	$23
+	mulq	$6,	$1,	$21
+	umulh	$6,	$1,	$0
+	addq	$8,	$21,	$8
+	cmpult	$8,	$21,	$20
+	addq	$20,	$0,	$0
+	addq	$22,	$0,	$22
+	cmpult	$22,	$0,	$27
+	addq	$23,	$27,	$23
+	stq	$8,	24($16)
+	bis	$31,	$31,	$8
+	mulq	$2,	$7,	$17
+	umulh	$2,	$7,	$18
+	addq	$22,	$17,	$22
+	cmpult	$22,	$17,	$24
+	addq	$24,	$18,	$18
+	addq	$23,	$18,	$23
+	cmpult	$23,	$18,	$19
+	addq	$8,	$19,	$8
+	mulq	$4,	$5,	$25
+	umulh	$4,	$5,	$28
+	addq	$22,	$25,	$22
+	cmpult	$22,	$25,	$21
+	addq	$21,	$28,	$28
+	addq	$23,	$28,	$23
+	cmpult	$23,	$28,	$20
+	addq	$8,	$20,	$8
+	mulq	$6,	$3,	$0
+	umulh	$6,	$3,	$27
+	addq	$22,	$0,	$22
+	cmpult	$22,	$0,	$1
+	addq	$1,	$27,	$27
+	addq	$23,	$27,	$23
+	cmpult	$23,	$27,	$17
+	addq	$8,	$17,	$8
+	stq	$22,	32($16)
+	bis	$31,	$31,	$22
+	mulq	$4,	$7,	$24
+	umulh	$4,	$7,	$18
+	addq	$23,	$24,	$23
+	cmpult	$23,	$24,	$19
+	addq	$19,	$18,	$18
+	addq	$8,	$18,	$8
+	cmpult	$8,	$18,	$2
+	addq	$22,	$2,	$22
+	mulq	$6,	$5,	$25
+	umulh	$6,	$5,	$21
+	addq	$23,	$25,	$23
+	cmpult	$23,	$25,	$28
+	addq	$28,	$21,	$21
+	addq	$8,	$21,	$8
+	cmpult	$8,	$21,	$20
+	addq	$22,	$20,	$22
+	stq	$23,	40($16)
+	bis	$31,	$31,	$23
+	mulq	$6,	$7,	$0
+	umulh	$6,	$7,	$1
+	addq	$8,	$0,	$8
+	cmpult	$8,	$0,	$27
+	addq	$27,	$1,	$1
+	addq	$22,	$1,	$22
+	cmpult	$22,	$1,	$17
+	addq	$23,	$17,	$23
+	stq	$8,	48($16)
+	stq	$22,	56($16)
+	ret	$31,($26),1
+	.end bn_mul_comba4
+	.text
+	.align 3
+	.globl bn_mul_comba8
+	.ent bn_mul_comba8
+bn_mul_comba8:
+bn_mul_comba8..ng:
+	.frame $30,0,$26,0
+	.prologue 0
+
+	subq	$30,	16,	$30
+	ldq	$0,	0($17)
+	ldq	$1,	0($18)
+	stq	$9,	0($30)
+	stq	$10,	8($30)
+	ldq	$2,	8($17)
+	ldq	$3,	8($18)
+	ldq	$4,	16($17)
+	ldq	$5,	16($18)
+	ldq	$6,	24($17)
+	ldq	$7,	24($18)
+	ldq	$8,	8($17)
+	ldq	$22,	8($18)
+	ldq	$23,	8($17)
+	ldq	$24,	8($18)
+	ldq	$25,	8($17)
+	ldq	$27,	8($18)
+	ldq	$28,	8($17)
+	ldq	$21,	8($18)
+	bis	$31,	$31,	$9
+	mulq	$0,	$1,	$20
+	umulh	$0,	$1,	$19
+	stq	$20,	0($16)
+	bis	$31,	$31,	$20
+	mulq	$0,	$3,	$10
+	umulh	$0,	$3,	$17
+	addq	$19,	$10,	$19
+	cmpult	$19,	$10,	$18
+	addq	$18,	$17,	$17
+	addq	$9,	$17,	$9
+	cmpult	$9,	$17,	$10
+	addq	$20,	$10,	$20
+	mulq	$2,	$1,	$18
+	umulh	$2,	$1,	$17
+	addq	$19,	$18,	$19
+	cmpult	$19,	$18,	$10
+	addq	$10,	$17,	$17
+	addq	$9,	$17,	$9
+	cmpult	$9,	$17,	$18
+	addq	$20,	$18,	$20
+	stq	$19,	8($16)
+	bis	$31,	$31,	$19
+	mulq	$0,	$5,	$10
+	umulh	$0,	$5,	$17
+	addq	$9,	$10,	$9
+	cmpult	$9,	$10,	$18
+	addq	$18,	$17,	$17
+	addq	$20,	$17,	$20
+	cmpult	$20,	$17,	$10
+	addq	$19,	$10,	$19
+	mulq	$2,	$3,	$18
+	umulh	$2,	$3,	$17
+	addq	$9,	$18,	$9
+	cmpult	$9,	$18,	$10
+	addq	$10,	$17,	$17
+	addq	$20,	$17,	$20
+	cmpult	$20,	$17,	$18
+	addq	$19,	$18,	$19
+	mulq	$4,	$1,	$10
+	umulh	$4,	$1,	$17
+	addq	$9,	$10,	$9
+	cmpult	$9,	$10,	$18
+	addq	$18,	$17,	$17
+	addq	$20,	$17,	$20
+	cmpult	$20,	$17,	$10
+	addq	$19,	$10,	$19
+	stq	$9,	16($16)
+	bis	$31,	$31,	$9
+	mulq	$0,	$7,	$18
+	umulh	$0,	$7,	$17
+	addq	$20,	$18,	$20
+	cmpult	$20,	$18,	$10
+	addq	$10,	$17,	$17
+	addq	$19,	$17,	$19
+	cmpult	$19,	$17,	$18
+	addq	$9,	$18,	$9
+	mulq	$2,	$5,	$10
+	umulh	$2,	$5,	$17
+	addq	$20,	$10,	$20
+	cmpult	$20,	$10,	$18
+	addq	$18,	$17,	$17
+	addq	$19,	$17,	$19
+	cmpult	$19,	$17,	$10
+	addq	$9,	$10,	$9
+	mulq	$4,	$3,	$18
+	umulh	$4,	$3,	$17
+	addq	$20,	$18,	$20
+	cmpult	$20,	$18,	$10
+	addq	$10,	$17,	$17
+	addq	$19,	$17,	$19
+	cmpult	$19,	$17,	$18
+	addq	$9,	$18,	$9
+	mulq	$6,	$1,	$10
+	umulh	$6,	$1,	$17
+	addq	$20,	$10,	$20
+	cmpult	$20,	$10,	$18
+	addq	$18,	$17,	$17
+	addq	$19,	$17,	$19
+	cmpult	$19,	$17,	$10
+	addq	$9,	$10,	$9
+	stq	$20,	24($16)
+	bis	$31,	$31,	$20
+	mulq	$0,	$22,	$18
+	umulh	$0,	$22,	$17
+	addq	$19,	$18,	$19
+	cmpult	$19,	$18,	$10
+	addq	$10,	$17,	$17
+	addq	$9,	$17,	$9
+	cmpult	$9,	$17,	$18
+	addq	$20,	$18,	$20
+	mulq	$2,	$7,	$10
+	umulh	$2,	$7,	$17
+	addq	$19,	$10,	$19
+	cmpult	$19,	$10,	$18
+	addq	$18,	$17,	$17
+	addq	$9,	$17,	$9
+	cmpult	$9,	$17,	$10
+	addq	$20,	$10,	$20
+	mulq	$4,	$5,	$18
+	umulh	$4,	$5,	$17
+	addq	$19,	$18,	$19
+	cmpult	$19,	$18,	$10
+	addq	$10,	$17,	$17
+	addq	$9,	$17,	$9
+	cmpult	$9,	$17,	$18
+	addq	$20,	$18,	$20
+	mulq	$6,	$3,	$10
+	umulh	$6,	$3,	$17
+	addq	$19,	$10,	$19
+	cmpult	$19,	$10,	$18
+	addq	$18,	$17,	$17
+	addq	$9,	$17,	$9
+	cmpult	$9,	$17,	$10
+	addq	$20,	$10,	$20
+	mulq	$8,	$1,	$18
+	umulh	$8,	$1,	$17
+	addq	$19,	$18,	$19
+	cmpult	$19,	$18,	$10
+	addq	$10,	$17,	$17
+	addq	$9,	$17,	$9
+	cmpult	$9,	$17,	$18
+	addq	$20,	$18,	$20
+	stq	$19,	32($16)
+	bis	$31,	$31,	$19
+	mulq	$0,	$24,	$10
+	umulh	$0,	$24,	$17
+	addq	$9,	$10,	$9
+	cmpult	$9,	$10,	$18
+	addq	$18,	$17,	$17
+	addq	$20,	$17,	$20
+	cmpult	$20,	$17,	$10
+	addq	$19,	$10,	$19
+	mulq	$2,	$22,	$18
+	umulh	$2,	$22,	$17
+	addq	$9,	$18,	$9
+	cmpult	$9,	$18,	$10
+	addq	$10,	$17,	$17
+	addq	$20,	$17,	$20
+	cmpult	$20,	$17,	$18
+	addq	$19,	$18,	$19
+	mulq	$4,	$7,	$10
+	umulh	$4,	$7,	$17
+	addq	$9,	$10,	$9
+	cmpult	$9,	$10,	$18
+	addq	$18,	$17,	$17
+	addq	$20,	$17,	$20
+	cmpult	$20,	$17,	$10
+	addq	$19,	$10,	$19
+	mulq	$6,	$5,	$18
+	umulh	$6,	$5,	$17
+	addq	$9,	$18,	$9
+	cmpult	$9,	$18,	$10
+	addq	$10,	$17,	$17
+	addq	$20,	$17,	$20
+	cmpult	$20,	$17,	$18
+	addq	$19,	$18,	$19
+	mulq	$8,	$3,	$10
+	umulh	$8,	$3,	$17
+	addq	$9,	$10,	$9
+	cmpult	$9,	$10,	$18
+	addq	$18,	$17,	$17
+	addq	$20,	$17,	$20
+	cmpult	$20,	$17,	$10
+	addq	$19,	$10,	$19
+	mulq	$23,	$1,	$18
+	umulh	$23,	$1,	$17
+	addq	$9,	$18,	$9
+	cmpult	$9,	$18,	$10
+	addq	$10,	$17,	$17
+	addq	$20,	$17,	$20
+	cmpult	$20,	$17,	$18
+	addq	$19,	$18,	$19
+	stq	$9,	40($16)
+	bis	$31,	$31,	$9
+	mulq	$0,	$27,	$10
+	umulh	$0,	$27,	$17
+	addq	$20,	$10,	$20
+	cmpult	$20,	$10,	$18
+	addq	$18,	$17,	$17
+	addq	$19,	$17,	$19
+	cmpult	$19,	$17,	$10
+	addq	$9,	$10,	$9
+	mulq	$2,	$24,	$18
+	umulh	$2,	$24,	$17
+	addq	$20,	$18,	$20
+	cmpult	$20,	$18,	$10
+	addq	$10,	$17,	$17
+	addq	$19,	$17,	$19
+	cmpult	$19,	$17,	$18
+	addq	$9,	$18,	$9
+	mulq	$4,	$22,	$10
+	umulh	$4,	$22,	$17
+	addq	$20,	$10,	$20
+	cmpult	$20,	$10,	$18
+	addq	$18,	$17,	$17
+	addq	$19,	$17,	$19
+	cmpult	$19,	$17,	$10
+	addq	$9,	$10,	$9
+	mulq	$6,	$7,	$18
+	umulh	$6,	$7,	$17
+	addq	$20,	$18,	$20
+	cmpult	$20,	$18,	$10
+	addq	$10,	$17,	$17
+	addq	$19,	$17,	$19
+	cmpult	$19,	$17,	$18
+	addq	$9,	$18,	$9
+	mulq	$8,	$5,	$10
+	umulh	$8,	$5,	$17
+	addq	$20,	$10,	$20
+	cmpult	$20,	$10,	$18
+	addq	$18,	$17,	$17
+	addq	$19,	$17,	$19
+	cmpult	$19,	$17,	$10
+	addq	$9,	$10,	$9
+	mulq	$23,	$3,	$18
+	umulh	$23,	$3,	$17
+	addq	$20,	$18,	$20
+	cmpult	$20,	$18,	$10
+	addq	$10,	$17,	$17
+	addq	$19,	$17,	$19
+	cmpult	$19,	$17,	$18
+	addq	$9,	$18,	$9
+	mulq	$25,	$1,	$10
+	umulh	$25,	$1,	$17
+	addq	$20,	$10,	$20
+	cmpult	$20,	$10,	$18
+	addq	$18,	$17,	$17
+	addq	$19,	$17,	$19
+	cmpult	$19,	$17,	$10
+	addq	$9,	$10,	$9
+	stq	$20,	48($16)
+	bis	$31,	$31,	$20
+	mulq	$0,	$21,	$18
+	umulh	$0,	$21,	$17
+	addq	$19,	$18,	$19
+	cmpult	$19,	$18,	$10
+	addq	$10,	$17,	$17
+	addq	$9,	$17,	$9
+	cmpult	$9,	$17,	$18
+	addq	$20,	$18,	$20
+	mulq	$2,	$27,	$10
+	umulh	$2,	$27,	$17
+	addq	$19,	$10,	$19
+	cmpult	$19,	$10,	$18
+	addq	$18,	$17,	$17
+	addq	$9,	$17,	$9
+	cmpult	$9,	$17,	$0
+	addq	$20,	$0,	$20
+	mulq	$4,	$24,	$10
+	umulh	$4,	$24,	$18
+	addq	$19,	$10,	$19
+	cmpult	$19,	$10,	$17
+	addq	$17,	$18,	$18
+	addq	$9,	$18,	$9
+	cmpult	$9,	$18,	$0
+	addq	$20,	$0,	$20
+	mulq	$6,	$22,	$10
+	umulh	$6,	$22,	$17
+	addq	$19,	$10,	$19
+	cmpult	$19,	$10,	$18
+	addq	$18,	$17,	$17
+	addq	$9,	$17,	$9
+	cmpult	$9,	$17,	$0
+	addq	$20,	$0,	$20
+	mulq	$8,	$7,	$10
+	umulh	$8,	$7,	$18
+	addq	$19,	$10,	$19
+	cmpult	$19,	$10,	$17
+	addq	$17,	$18,	$18
+	addq	$9,	$18,	$9
+	cmpult	$9,	$18,	$0
+	addq	$20,	$0,	$20
+	mulq	$23,	$5,	$10
+	umulh	$23,	$5,	$17
+	addq	$19,	$10,	$19
+	cmpult	$19,	$10,	$18
+	addq	$18,	$17,	$17
+	addq	$9,	$17,	$9
+	cmpult	$9,	$17,	$0
+	addq	$20,	$0,	$20
+	mulq	$25,	$3,	$10
+	umulh	$25,	$3,	$18
+	addq	$19,	$10,	$19
+	cmpult	$19,	$10,	$17
+	addq	$17,	$18,	$18
+	addq	$9,	$18,	$9
+	cmpult	$9,	$18,	$0
+	addq	$20,	$0,	$20
+	mulq	$28,	$1,	$10
+	umulh	$28,	$1,	$17
+	addq	$19,	$10,	$19
+	cmpult	$19,	$10,	$18
+	addq	$18,	$17,	$17
+	addq	$9,	$17,	$9
+	cmpult	$9,	$17,	$0
+	addq	$20,	$0,	$20
+	stq	$19,	56($16)
+	bis	$31,	$31,	$19
+	mulq	$2,	$21,	$10
+	umulh	$2,	$21,	$18
+	addq	$9,	$10,	$9
+	cmpult	$9,	$10,	$17
+	addq	$17,	$18,	$18
+	addq	$20,	$18,	$20
+	cmpult	$20,	$18,	$0
+	addq	$19,	$0,	$19
+	mulq	$4,	$27,	$1
+	umulh	$4,	$27,	$10
+	addq	$9,	$1,	$9
+	cmpult	$9,	$1,	$17
+	addq	$17,	$10,	$10
+	addq	$20,	$10,	$20
+	cmpult	$20,	$10,	$18
+	addq	$19,	$18,	$19
+	mulq	$6,	$24,	$0
+	umulh	$6,	$24,	$2
+	addq	$9,	$0,	$9
+	cmpult	$9,	$0,	$1
+	addq	$1,	$2,	$2
+	addq	$20,	$2,	$20
+	cmpult	$20,	$2,	$17
+	addq	$19,	$17,	$19
+	mulq	$8,	$22,	$10
+	umulh	$8,	$22,	$18
+	addq	$9,	$10,	$9
+	cmpult	$9,	$10,	$0
+	addq	$0,	$18,	$18
+	addq	$20,	$18,	$20
+	cmpult	$20,	$18,	$1
+	addq	$19,	$1,	$19
+	mulq	$23,	$7,	$2
+	umulh	$23,	$7,	$17
+	addq	$9,	$2,	$9
+	cmpult	$9,	$2,	$10
+	addq	$10,	$17,	$17
+	addq	$20,	$17,	$20
+	cmpult	$20,	$17,	$0
+	addq	$19,	$0,	$19
+	mulq	$25,	$5,	$18
+	umulh	$25,	$5,	$1
+	addq	$9,	$18,	$9
+	cmpult	$9,	$18,	$2
+	addq	$2,	$1,	$1
+	addq	$20,	$1,	$20
+	cmpult	$20,	$1,	$10
+	addq	$19,	$10,	$19
+	mulq	$28,	$3,	$17
+	umulh	$28,	$3,	$0
+	addq	$9,	$17,	$9
+	cmpult	$9,	$17,	$18
+	addq	$18,	$0,	$0
+	addq	$20,	$0,	$20
+	cmpult	$20,	$0,	$2
+	addq	$19,	$2,	$19
+	stq	$9,	64($16)
+	bis	$31,	$31,	$9
+	mulq	$4,	$21,	$1
+	umulh	$4,	$21,	$10
+	addq	$20,	$1,	$20
+	cmpult	$20,	$1,	$17
+	addq	$17,	$10,	$10
+	addq	$19,	$10,	$19
+	cmpult	$19,	$10,	$18
+	addq	$9,	$18,	$9
+	mulq	$6,	$27,	$0
+	umulh	$6,	$27,	$2
+	addq	$20,	$0,	$20
+	cmpult	$20,	$0,	$3
+	addq	$3,	$2,	$2
+	addq	$19,	$2,	$19
+	cmpult	$19,	$2,	$1
+	addq	$9,	$1,	$9
+	mulq	$8,	$24,	$17
+	umulh	$8,	$24,	$10
+	addq	$20,	$17,	$20
+	cmpult	$20,	$17,	$18
+	addq	$18,	$10,	$10
+	addq	$19,	$10,	$19
+	cmpult	$19,	$10,	$4
+	addq	$9,	$4,	$9
+	mulq	$23,	$22,	$0
+	umulh	$23,	$22,	$3
+	addq	$20,	$0,	$20
+	cmpult	$20,	$0,	$2
+	addq	$2,	$3,	$3
+	addq	$19,	$3,	$19
+	cmpult	$19,	$3,	$1
+	addq	$9,	$1,	$9
+	mulq	$25,	$7,	$17
+	umulh	$25,	$7,	$18
+	addq	$20,	$17,	$20
+	cmpult	$20,	$17,	$10
+	addq	$10,	$18,	$18
+	addq	$19,	$18,	$19
+	cmpult	$19,	$18,	$4
+	addq	$9,	$4,	$9
+	mulq	$28,	$5,	$0
+	umulh	$28,	$5,	$2
+	addq	$20,	$0,	$20
+	cmpult	$20,	$0,	$3
+	addq	$3,	$2,	$2
+	addq	$19,	$2,	$19
+	cmpult	$19,	$2,	$1
+	addq	$9,	$1,	$9
+	stq	$20,	72($16)
+	bis	$31,	$31,	$20
+	mulq	$6,	$21,	$17
+	umulh	$6,	$21,	$10
+	addq	$19,	$17,	$19
+	cmpult	$19,	$17,	$18
+	addq	$18,	$10,	$10
+	addq	$9,	$10,	$9
+	cmpult	$9,	$10,	$4
+	addq	$20,	$4,	$20
+	mulq	$8,	$27,	$0
+	umulh	$8,	$27,	$3
+	addq	$19,	$0,	$19
+	cmpult	$19,	$0,	$2
+	addq	$2,	$3,	$3
+	addq	$9,	$3,	$9
+	cmpult	$9,	$3,	$1
+	addq	$20,	$1,	$20
+	mulq	$23,	$24,	$5
+	umulh	$23,	$24,	$17
+	addq	$19,	$5,	$19
+	cmpult	$19,	$5,	$18
+	addq	$18,	$17,	$17
+	addq	$9,	$17,	$9
+	cmpult	$9,	$17,	$10
+	addq	$20,	$10,	$20
+	mulq	$25,	$22,	$4
+	umulh	$25,	$22,	$6
+	addq	$19,	$4,	$19
+	cmpult	$19,	$4,	$0
+	addq	$0,	$6,	$6
+	addq	$9,	$6,	$9
+	cmpult	$9,	$6,	$2
+	addq	$20,	$2,	$20
+	mulq	$28,	$7,	$3
+	umulh	$28,	$7,	$1
+	addq	$19,	$3,	$19
+	cmpult	$19,	$3,	$5
+	addq	$5,	$1,	$1
+	addq	$9,	$1,	$9
+	cmpult	$9,	$1,	$18
+	addq	$20,	$18,	$20
+	stq	$19,	80($16)
+	bis	$31,	$31,	$19
+	mulq	$8,	$21,	$17
+	umulh	$8,	$21,	$10
+	addq	$9,	$17,	$9
+	cmpult	$9,	$17,	$4
+	addq	$4,	$10,	$10
+	addq	$20,	$10,	$20
+	cmpult	$20,	$10,	$0
+	addq	$19,	$0,	$19
+	mulq	$23,	$27,	$6
+	umulh	$23,	$27,	$2
+	addq	$9,	$6,	$9
+	cmpult	$9,	$6,	$3
+	addq	$3,	$2,	$2
+	addq	$20,	$2,	$20
+	cmpult	$20,	$2,	$5
+	addq	$19,	$5,	$19
+	mulq	$25,	$24,	$1
+	umulh	$25,	$24,	$18
+	addq	$9,	$1,	$9
+	cmpult	$9,	$1,	$7
+	addq	$7,	$18,	$18
+	addq	$20,	$18,	$20
+	cmpult	$20,	$18,	$17
+	addq	$19,	$17,	$19
+	mulq	$28,	$22,	$4
+	umulh	$28,	$22,	$10
+	addq	$9,	$4,	$9
+	cmpult	$9,	$4,	$0
+	addq	$0,	$10,	$10
+	addq	$20,	$10,	$20
+	cmpult	$20,	$10,	$8
+	addq	$19,	$8,	$19
+	stq	$9,	88($16)
+	bis	$31,	$31,	$9
+	mulq	$23,	$21,	$6
+	umulh	$23,	$21,	$3
+	addq	$20,	$6,	$20
+	cmpult	$20,	$6,	$2
+	addq	$2,	$3,	$3
+	addq	$19,	$3,	$19
+	cmpult	$19,	$3,	$5
+	addq	$9,	$5,	$9
+	mulq	$25,	$27,	$1
+	umulh	$25,	$27,	$7
+	addq	$20,	$1,	$20
+	cmpult	$20,	$1,	$18
+	addq	$18,	$7,	$7
+	addq	$19,	$7,	$19
+	cmpult	$19,	$7,	$17
+	addq	$9,	$17,	$9
+	mulq	$28,	$24,	$4
+	umulh	$28,	$24,	$0
+	addq	$20,	$4,	$20
+	cmpult	$20,	$4,	$10
+	addq	$10,	$0,	$0
+	addq	$19,	$0,	$19
+	cmpult	$19,	$0,	$8
+	addq	$9,	$8,	$9
+	stq	$20,	96($16)
+	bis	$31,	$31,	$20
+	mulq	$25,	$21,	$22
+	umulh	$25,	$21,	$6
+	addq	$19,	$22,	$19
+	cmpult	$19,	$22,	$2
+	addq	$2,	$6,	$6
+	addq	$9,	$6,	$9
+	cmpult	$9,	$6,	$3
+	addq	$20,	$3,	$20
+	mulq	$28,	$27,	$5
+	umulh	$28,	$27,	$23
+	addq	$19,	$5,	$19
+	cmpult	$19,	$5,	$1
+	addq	$1,	$23,	$23
+	addq	$9,	$23,	$9
+	cmpult	$9,	$23,	$18
+	addq	$20,	$18,	$20
+	stq	$19,	104($16)
+	bis	$31,	$31,	$19
+	mulq	$28,	$21,	$7
+	umulh	$28,	$21,	$17
+	addq	$9,	$7,	$9
+	cmpult	$9,	$7,	$4
+	addq	$4,	$17,	$17
+	addq	$20,	$17,	$20
+	cmpult	$20,	$17,	$10
+	addq	$19,	$10,	$19
+	stq	$9,	112($16)
+	stq	$20,	120($16)
+	ldq	$9,	0($30)
+	ldq	$10,	8($30)
+	addq	$30,	16,	$30
+	ret	$31,($26),1
+	.end bn_mul_comba8
+	.text
+	.align 3
+	.globl bn_sqr_comba4
+	.ent bn_sqr_comba4
+bn_sqr_comba4:
+bn_sqr_comba4..ng:
+	.frame $30,0,$26,0
+	.prologue 0
+
+	ldq	$0,	0($17)
+	ldq	$1,	8($17)
+	ldq	$2,	16($17)
+	ldq	$3,	24($17)
+	bis	$31,	$31,	$6
+	mulq	$0,	$0,	$4
+	umulh	$0,	$0,	$5
+	stq	$4,	0($16)
+	bis	$31,	$31,	$4
+	mulq	$0,	$1,	$7
+	umulh	$0,	$1,	$8
+	cmplt	$7,	$31,	$22
+	cmplt	$8,	$31,	$23
+	addq	$7,	$7,	$7
+	addq	$8,	$8,	$8
+	addq	$8,	$22,	$8
+	addq	$4,	$23,	$4
+	addq	$5,	$7,	$5
+	addq	$6,	$8,	$6
+	cmpult	$5,	$7,	$24
+	cmpult	$6,	$8,	$25
+	addq	$6,	$24,	$6
+	addq	$4,	$25,	$4
+	stq	$5,	8($16)
+	bis	$31,	$31,	$5
+	mulq	$1,	$1,	$27
+	umulh	$1,	$1,	$28
+	addq	$6,	$27,	$6
+	addq	$4,	$28,	$4
+	cmpult	$6,	$27,	$21
+	cmpult	$4,	$28,	$20
+	addq	$4,	$21,	$4
+	addq	$5,	$20,	$5
+	mulq	$2,	$0,	$19
+	umulh	$2,	$0,	$18
+	cmplt	$19,	$31,	$17
+	cmplt	$18,	$31,	$22
+	addq	$19,	$19,	$19
+	addq	$18,	$18,	$18
+	addq	$18,	$17,	$18
+	addq	$5,	$22,	$5
+	addq	$6,	$19,	$6
+	addq	$4,	$18,	$4
+	cmpult	$6,	$19,	$23
+	cmpult	$4,	$18,	$7
+	addq	$4,	$23,	$4
+	addq	$5,	$7,	$5
+	stq	$6,	16($16)
+	bis	$31,	$31,	$6
+	mulq	$3,	$0,	$8
+	umulh	$3,	$0,	$24
+	cmplt	$8,	$31,	$25
+	cmplt	$24,	$31,	$27
+	addq	$8,	$8,	$8
+	addq	$24,	$24,	$24
+	addq	$24,	$25,	$24
+	addq	$6,	$27,	$6
+	addq	$4,	$8,	$4
+	addq	$5,	$24,	$5
+	cmpult	$4,	$8,	$28
+	cmpult	$5,	$24,	$21
+	addq	$5,	$28,	$5
+	addq	$6,	$21,	$6
+	mulq	$2,	$1,	$20
+	umulh	$2,	$1,	$17
+	cmplt	$20,	$31,	$22
+	cmplt	$17,	$31,	$19
+	addq	$20,	$20,	$20
+	addq	$17,	$17,	$17
+	addq	$17,	$22,	$17
+	addq	$6,	$19,	$6
+	addq	$4,	$20,	$4
+	addq	$5,	$17,	$5
+	cmpult	$4,	$20,	$18
+	cmpult	$5,	$17,	$23
+	addq	$5,	$18,	$5
+	addq	$6,	$23,	$6
+	stq	$4,	24($16)
+	bis	$31,	$31,	$4
+	mulq	$2,	$2,	$7
+	umulh	$2,	$2,	$25
+	addq	$5,	$7,	$5
+	addq	$6,	$25,	$6
+	cmpult	$5,	$7,	$27
+	cmpult	$6,	$25,	$8
+	addq	$6,	$27,	$6
+	addq	$4,	$8,	$4
+	mulq	$3,	$1,	$24
+	umulh	$3,	$1,	$28
+	cmplt	$24,	$31,	$21
+	cmplt	$28,	$31,	$22
+	addq	$24,	$24,	$24
+	addq	$28,	$28,	$28
+	addq	$28,	$21,	$28
+	addq	$4,	$22,	$4
+	addq	$5,	$24,	$5
+	addq	$6,	$28,	$6
+	cmpult	$5,	$24,	$19
+	cmpult	$6,	$28,	$20
+	addq	$6,	$19,	$6
+	addq	$4,	$20,	$4
+	stq	$5,	32($16)
+	bis	$31,	$31,	$5
+	mulq	$3,	$2,	$17
+	umulh	$3,	$2,	$18
+	cmplt	$17,	$31,	$23
+	cmplt	$18,	$31,	$7
+	addq	$17,	$17,	$17
+	addq	$18,	$18,	$18
+	addq	$18,	$23,	$18
+	addq	$5,	$7,	$5
+	addq	$6,	$17,	$6
+	addq	$4,	$18,	$4
+	cmpult	$6,	$17,	$25
+	cmpult	$4,	$18,	$27
+	addq	$4,	$25,	$4
+	addq	$5,	$27,	$5
+	stq	$6,	40($16)
+	bis	$31,	$31,	$6
+	mulq	$3,	$3,	$8
+	umulh	$3,	$3,	$21
+	addq	$4,	$8,	$4
+	addq	$5,	$21,	$5
+	cmpult	$4,	$8,	$22
+	cmpult	$5,	$21,	$24
+	addq	$5,	$22,	$5
+	addq	$6,	$24,	$6
+	stq	$4,	48($16)
+	stq	$5,	56($16)
+	ret	$31,($26),1
+	.end bn_sqr_comba4
+	.text
+	.align 3
+	.globl bn_sqr_comba8
+	.ent bn_sqr_comba8
+bn_sqr_comba8:
+bn_sqr_comba8..ng:
+	.frame $30,0,$26,0
+	.prologue 0
+
+	ldq	$0,	0($17)
+	ldq	$1,	8($17)
+	ldq	$2,	16($17)
+	ldq	$3,	24($17)
+	ldq	$4,	32($17)
+	ldq	$5,	40($17)
+	ldq	$6,	48($17)
+	ldq	$7,	56($17)
+	bis	$31,	$31,	$23
+	mulq	$0,	$0,	$8
+	umulh	$0,	$0,	$22
+	stq	$8,	0($16)
+	bis	$31,	$31,	$8
+	mulq	$1,	$0,	$24
+	umulh	$1,	$0,	$25
+	cmplt	$24,	$31,	$27
+	cmplt	$25,	$31,	$28
+	addq	$24,	$24,	$24
+	addq	$25,	$25,	$25
+	addq	$25,	$27,	$25
+	addq	$8,	$28,	$8
+	addq	$22,	$24,	$22
+	addq	$23,	$25,	$23
+	cmpult	$22,	$24,	$21
+	cmpult	$23,	$25,	$20
+	addq	$23,	$21,	$23
+	addq	$8,	$20,	$8
+	stq	$22,	8($16)
+	bis	$31,	$31,	$22
+	mulq	$1,	$1,	$19
+	umulh	$1,	$1,	$18
+	addq	$23,	$19,	$23
+	addq	$8,	$18,	$8
+	cmpult	$23,	$19,	$17
+	cmpult	$8,	$18,	$27
+	addq	$8,	$17,	$8
+	addq	$22,	$27,	$22
+	mulq	$2,	$0,	$28
+	umulh	$2,	$0,	$24
+	cmplt	$28,	$31,	$25
+	cmplt	$24,	$31,	$21
+	addq	$28,	$28,	$28
+	addq	$24,	$24,	$24
+	addq	$24,	$25,	$24
+	addq	$22,	$21,	$22
+	addq	$23,	$28,	$23
+	addq	$8,	$24,	$8
+	cmpult	$23,	$28,	$20
+	cmpult	$8,	$24,	$19
+	addq	$8,	$20,	$8
+	addq	$22,	$19,	$22
+	stq	$23,	16($16)
+	bis	$31,	$31,	$23
+	mulq	$2,	$1,	$18
+	umulh	$2,	$1,	$17
+	cmplt	$18,	$31,	$27
+	cmplt	$17,	$31,	$25
+	addq	$18,	$18,	$18
+	addq	$17,	$17,	$17
+	addq	$17,	$27,	$17
+	addq	$23,	$25,	$23
+	addq	$8,	$18,	$8
+	addq	$22,	$17,	$22
+	cmpult	$8,	$18,	$21
+	cmpult	$22,	$17,	$28
+	addq	$22,	$21,	$22
+	addq	$23,	$28,	$23
+	mulq	$3,	$0,	$24
+	umulh	$3,	$0,	$20
+	cmplt	$24,	$31,	$19
+	cmplt	$20,	$31,	$27
+	addq	$24,	$24,	$24
+	addq	$20,	$20,	$20
+	addq	$20,	$19,	$20
+	addq	$23,	$27,	$23
+	addq	$8,	$24,	$8
+	addq	$22,	$20,	$22
+	cmpult	$8,	$24,	$25
+	cmpult	$22,	$20,	$18
+	addq	$22,	$25,	$22
+	addq	$23,	$18,	$23
+	stq	$8,	24($16)
+	bis	$31,	$31,	$8
+	mulq	$2,	$2,	$17
+	umulh	$2,	$2,	$21
+	addq	$22,	$17,	$22
+	addq	$23,	$21,	$23
+	cmpult	$22,	$17,	$28
+	cmpult	$23,	$21,	$19
+	addq	$23,	$28,	$23
+	addq	$8,	$19,	$8
+	mulq	$3,	$1,	$27
+	umulh	$3,	$1,	$24
+	cmplt	$27,	$31,	$20
+	cmplt	$24,	$31,	$25
+	addq	$27,	$27,	$27
+	addq	$24,	$24,	$24
+	addq	$24,	$20,	$24
+	addq	$8,	$25,	$8
+	addq	$22,	$27,	$22
+	addq	$23,	$24,	$23
+	cmpult	$22,	$27,	$18
+	cmpult	$23,	$24,	$17
+	addq	$23,	$18,	$23
+	addq	$8,	$17,	$8
+	mulq	$4,	$0,	$21
+	umulh	$4,	$0,	$28
+	cmplt	$21,	$31,	$19
+	cmplt	$28,	$31,	$20
+	addq	$21,	$21,	$21
+	addq	$28,	$28,	$28
+	addq	$28,	$19,	$28
+	addq	$8,	$20,	$8
+	addq	$22,	$21,	$22
+	addq	$23,	$28,	$23
+	cmpult	$22,	$21,	$25
+	cmpult	$23,	$28,	$27
+	addq	$23,	$25,	$23
+	addq	$8,	$27,	$8
+	stq	$22,	32($16)
+	bis	$31,	$31,	$22
+	mulq	$3,	$2,	$24
+	umulh	$3,	$2,	$18
+	cmplt	$24,	$31,	$17
+	cmplt	$18,	$31,	$19
+	addq	$24,	$24,	$24
+	addq	$18,	$18,	$18
+	addq	$18,	$17,	$18
+	addq	$22,	$19,	$22
+	addq	$23,	$24,	$23
+	addq	$8,	$18,	$8
+	cmpult	$23,	$24,	$20
+	cmpult	$8,	$18,	$21
+	addq	$8,	$20,	$8
+	addq	$22,	$21,	$22
+	mulq	$4,	$1,	$28
+	umulh	$4,	$1,	$25
+	cmplt	$28,	$31,	$27
+	cmplt	$25,	$31,	$17
+	addq	$28,	$28,	$28
+	addq	$25,	$25,	$25
+	addq	$25,	$27,	$25
+	addq	$22,	$17,	$22
+	addq	$23,	$28,	$23
+	addq	$8,	$25,	$8
+	cmpult	$23,	$28,	$19
+	cmpult	$8,	$25,	$24
+	addq	$8,	$19,	$8
+	addq	$22,	$24,	$22
+	mulq	$5,	$0,	$18
+	umulh	$5,	$0,	$20
+	cmplt	$18,	$31,	$21
+	cmplt	$20,	$31,	$27
+	addq	$18,	$18,	$18
+	addq	$20,	$20,	$20
+	addq	$20,	$21,	$20
+	addq	$22,	$27,	$22
+	addq	$23,	$18,	$23
+	addq	$8,	$20,	$8
+	cmpult	$23,	$18,	$17
+	cmpult	$8,	$20,	$28
+	addq	$8,	$17,	$8
+	addq	$22,	$28,	$22
+	stq	$23,	40($16)
+	bis	$31,	$31,	$23
+	mulq	$3,	$3,	$25
+	umulh	$3,	$3,	$19
+	addq	$8,	$25,	$8
+	addq	$22,	$19,	$22
+	cmpult	$8,	$25,	$24
+	cmpult	$22,	$19,	$21
+	addq	$22,	$24,	$22
+	addq	$23,	$21,	$23
+	mulq	$4,	$2,	$27
+	umulh	$4,	$2,	$18
+	cmplt	$27,	$31,	$20
+	cmplt	$18,	$31,	$17
+	addq	$27,	$27,	$27
+	addq	$18,	$18,	$18
+	addq	$18,	$20,	$18
+	addq	$23,	$17,	$23
+	addq	$8,	$27,	$8
+	addq	$22,	$18,	$22
+	cmpult	$8,	$27,	$28
+	cmpult	$22,	$18,	$25
+	addq	$22,	$28,	$22
+	addq	$23,	$25,	$23
+	mulq	$5,	$1,	$19
+	umulh	$5,	$1,	$24
+	cmplt	$19,	$31,	$21
+	cmplt	$24,	$31,	$20
+	addq	$19,	$19,	$19
+	addq	$24,	$24,	$24
+	addq	$24,	$21,	$24
+	addq	$23,	$20,	$23
+	addq	$8,	$19,	$8
+	addq	$22,	$24,	$22
+	cmpult	$8,	$19,	$17
+	cmpult	$22,	$24,	$27
+	addq	$22,	$17,	$22
+	addq	$23,	$27,	$23
+	mulq	$6,	$0,	$18
+	umulh	$6,	$0,	$28
+	cmplt	$18,	$31,	$25
+	cmplt	$28,	$31,	$21
+	addq	$18,	$18,	$18
+	addq	$28,	$28,	$28
+	addq	$28,	$25,	$28
+	addq	$23,	$21,	$23
+	addq	$8,	$18,	$8
+	addq	$22,	$28,	$22
+	cmpult	$8,	$18,	$20
+	cmpult	$22,	$28,	$19
+	addq	$22,	$20,	$22
+	addq	$23,	$19,	$23
+	stq	$8,	48($16)
+	bis	$31,	$31,	$8
+	mulq	$4,	$3,	$24
+	umulh	$4,	$3,	$17
+	cmplt	$24,	$31,	$27
+	cmplt	$17,	$31,	$25
+	addq	$24,	$24,	$24
+	addq	$17,	$17,	$17
+	addq	$17,	$27,	$17
+	addq	$8,	$25,	$8
+	addq	$22,	$24,	$22
+	addq	$23,	$17,	$23
+	cmpult	$22,	$24,	$21
+	cmpult	$23,	$17,	$18
+	addq	$23,	$21,	$23
+	addq	$8,	$18,	$8
+	mulq	$5,	$2,	$28
+	umulh	$5,	$2,	$20
+	cmplt	$28,	$31,	$19
+	cmplt	$20,	$31,	$27
+	addq	$28,	$28,	$28
+	addq	$20,	$20,	$20
+	addq	$20,	$19,	$20
+	addq	$8,	$27,	$8
+	addq	$22,	$28,	$22
+	addq	$23,	$20,	$23
+	cmpult	$22,	$28,	$25
+	cmpult	$23,	$20,	$24
+	addq	$23,	$25,	$23
+	addq	$8,	$24,	$8
+	mulq	$6,	$1,	$17
+	umulh	$6,	$1,	$21
+	cmplt	$17,	$31,	$18
+	cmplt	$21,	$31,	$19
+	addq	$17,	$17,	$17
+	addq	$21,	$21,	$21
+	addq	$21,	$18,	$21
+	addq	$8,	$19,	$8
+	addq	$22,	$17,	$22
+	addq	$23,	$21,	$23
+	cmpult	$22,	$17,	$27
+	cmpult	$23,	$21,	$28
+	addq	$23,	$27,	$23
+	addq	$8,	$28,	$8
+	mulq	$7,	$0,	$20
+	umulh	$7,	$0,	$25
+	cmplt	$20,	$31,	$24
+	cmplt	$25,	$31,	$18
+	addq	$20,	$20,	$20
+	addq	$25,	$25,	$25
+	addq	$25,	$24,	$25
+	addq	$8,	$18,	$8
+	addq	$22,	$20,	$22
+	addq	$23,	$25,	$23
+	cmpult	$22,	$20,	$19
+	cmpult	$23,	$25,	$17
+	addq	$23,	$19,	$23
+	addq	$8,	$17,	$8
+	stq	$22,	56($16)
+	bis	$31,	$31,	$22
+	mulq	$4,	$4,	$21
+	umulh	$4,	$4,	$27
+	addq	$23,	$21,	$23
+	addq	$8,	$27,	$8
+	cmpult	$23,	$21,	$28
+	cmpult	$8,	$27,	$24
+	addq	$8,	$28,	$8
+	addq	$22,	$24,	$22
+	mulq	$5,	$3,	$18
+	umulh	$5,	$3,	$20
+	cmplt	$18,	$31,	$25
+	cmplt	$20,	$31,	$19
+	addq	$18,	$18,	$18
+	addq	$20,	$20,	$20
+	addq	$20,	$25,	$20
+	addq	$22,	$19,	$22
+	addq	$23,	$18,	$23
+	addq	$8,	$20,	$8
+	cmpult	$23,	$18,	$17
+	cmpult	$8,	$20,	$21
+	addq	$8,	$17,	$8
+	addq	$22,	$21,	$22
+	mulq	$6,	$2,	$27
+	umulh	$6,	$2,	$28
+	cmplt	$27,	$31,	$24
+	cmplt	$28,	$31,	$25
+	addq	$27,	$27,	$27
+	addq	$28,	$28,	$28
+	addq	$28,	$24,	$28
+	addq	$22,	$25,	$22
+	addq	$23,	$27,	$23
+	addq	$8,	$28,	$8
+	cmpult	$23,	$27,	$19
+	cmpult	$8,	$28,	$18
+	addq	$8,	$19,	$8
+	addq	$22,	$18,	$22
+	mulq	$7,	$1,	$20
+	umulh	$7,	$1,	$17
+	cmplt	$20,	$31,	$21
+	cmplt	$17,	$31,	$24
+	addq	$20,	$20,	$20
+	addq	$17,	$17,	$17
+	addq	$17,	$21,	$17
+	addq	$22,	$24,	$22
+	addq	$23,	$20,	$23
+	addq	$8,	$17,	$8
+	cmpult	$23,	$20,	$25
+	cmpult	$8,	$17,	$27
+	addq	$8,	$25,	$8
+	addq	$22,	$27,	$22
+	stq	$23,	64($16)
+	bis	$31,	$31,	$23
+	mulq	$5,	$4,	$28
+	umulh	$5,	$4,	$19
+	cmplt	$28,	$31,	$18
+	cmplt	$19,	$31,	$21
+	addq	$28,	$28,	$28
+	addq	$19,	$19,	$19
+	addq	$19,	$18,	$19
+	addq	$23,	$21,	$23
+	addq	$8,	$28,	$8
+	addq	$22,	$19,	$22
+	cmpult	$8,	$28,	$24
+	cmpult	$22,	$19,	$20
+	addq	$22,	$24,	$22
+	addq	$23,	$20,	$23
+	mulq	$6,	$3,	$17
+	umulh	$6,	$3,	$25
+	cmplt	$17,	$31,	$27
+	cmplt	$25,	$31,	$18
+	addq	$17,	$17,	$17
+	addq	$25,	$25,	$25
+	addq	$25,	$27,	$25
+	addq	$23,	$18,	$23
+	addq	$8,	$17,	$8
+	addq	$22,	$25,	$22
+	cmpult	$8,	$17,	$21
+	cmpult	$22,	$25,	$28
+	addq	$22,	$21,	$22
+	addq	$23,	$28,	$23
+	mulq	$7,	$2,	$19
+	umulh	$7,	$2,	$24
+	cmplt	$19,	$31,	$20
+	cmplt	$24,	$31,	$27
+	addq	$19,	$19,	$19
+	addq	$24,	$24,	$24
+	addq	$24,	$20,	$24
+	addq	$23,	$27,	$23
+	addq	$8,	$19,	$8
+	addq	$22,	$24,	$22
+	cmpult	$8,	$19,	$18
+	cmpult	$22,	$24,	$17
+	addq	$22,	$18,	$22
+	addq	$23,	$17,	$23
+	stq	$8,	72($16)
+	bis	$31,	$31,	$8
+	mulq	$5,	$5,	$25
+	umulh	$5,	$5,	$21
+	addq	$22,	$25,	$22
+	addq	$23,	$21,	$23
+	cmpult	$22,	$25,	$28
+	cmpult	$23,	$21,	$20
+	addq	$23,	$28,	$23
+	addq	$8,	$20,	$8
+	mulq	$6,	$4,	$27
+	umulh	$6,	$4,	$19
+	cmplt	$27,	$31,	$24
+	cmplt	$19,	$31,	$18
+	addq	$27,	$27,	$27
+	addq	$19,	$19,	$19
+	addq	$19,	$24,	$19
+	addq	$8,	$18,	$8
+	addq	$22,	$27,	$22
+	addq	$23,	$19,	$23
+	cmpult	$22,	$27,	$17
+	cmpult	$23,	$19,	$25
+	addq	$23,	$17,	$23
+	addq	$8,	$25,	$8
+	mulq	$7,	$3,	$21
+	umulh	$7,	$3,	$28
+	cmplt	$21,	$31,	$20
+	cmplt	$28,	$31,	$24
+	addq	$21,	$21,	$21
+	addq	$28,	$28,	$28
+	addq	$28,	$20,	$28
+	addq	$8,	$24,	$8
+	addq	$22,	$21,	$22
+	addq	$23,	$28,	$23
+	cmpult	$22,	$21,	$18
+	cmpult	$23,	$28,	$27
+	addq	$23,	$18,	$23
+	addq	$8,	$27,	$8
+	stq	$22,	80($16)
+	bis	$31,	$31,	$22
+	mulq	$6,	$5,	$19
+	umulh	$6,	$5,	$17
+	cmplt	$19,	$31,	$25
+	cmplt	$17,	$31,	$20
+	addq	$19,	$19,	$19
+	addq	$17,	$17,	$17
+	addq	$17,	$25,	$17
+	addq	$22,	$20,	$22
+	addq	$23,	$19,	$23
+	addq	$8,	$17,	$8
+	cmpult	$23,	$19,	$24
+	cmpult	$8,	$17,	$21
+	addq	$8,	$24,	$8
+	addq	$22,	$21,	$22
+	mulq	$7,	$4,	$28
+	umulh	$7,	$4,	$18
+	cmplt	$28,	$31,	$27
+	cmplt	$18,	$31,	$25
+	addq	$28,	$28,	$28
+	addq	$18,	$18,	$18
+	addq	$18,	$27,	$18
+	addq	$22,	$25,	$22
+	addq	$23,	$28,	$23
+	addq	$8,	$18,	$8
+	cmpult	$23,	$28,	$20
+	cmpult	$8,	$18,	$19
+	addq	$8,	$20,	$8
+	addq	$22,	$19,	$22
+	stq	$23,	88($16)
+	bis	$31,	$31,	$23
+	mulq	$6,	$6,	$17
+	umulh	$6,	$6,	$24
+	addq	$8,	$17,	$8
+	addq	$22,	$24,	$22
+	cmpult	$8,	$17,	$21
+	cmpult	$22,	$24,	$27
+	addq	$22,	$21,	$22
+	addq	$23,	$27,	$23
+	mulq	$7,	$5,	$25
+	umulh	$7,	$5,	$28
+	cmplt	$25,	$31,	$18
+	cmplt	$28,	$31,	$20
+	addq	$25,	$25,	$25
+	addq	$28,	$28,	$28
+	addq	$28,	$18,	$28
+	addq	$23,	$20,	$23
+	addq	$8,	$25,	$8
+	addq	$22,	$28,	$22
+	cmpult	$8,	$25,	$19
+	cmpult	$22,	$28,	$17
+	addq	$22,	$19,	$22
+	addq	$23,	$17,	$23
+	stq	$8,	96($16)
+	bis	$31,	$31,	$8
+	mulq	$7,	$6,	$24
+	umulh	$7,	$6,	$21
+	cmplt	$24,	$31,	$27
+	cmplt	$21,	$31,	$18
+	addq	$24,	$24,	$24
+	addq	$21,	$21,	$21
+	addq	$21,	$27,	$21
+	addq	$8,	$18,	$8
+	addq	$22,	$24,	$22
+	addq	$23,	$21,	$23
+	cmpult	$22,	$24,	$20
+	cmpult	$23,	$21,	$25
+	addq	$23,	$20,	$23
+	addq	$8,	$25,	$8
+	stq	$22,	104($16)
+	bis	$31,	$31,	$22
+	mulq	$7,	$7,	$28
+	umulh	$7,	$7,	$19
+	addq	$23,	$28,	$23
+	addq	$8,	$19,	$8
+	cmpult	$23,	$28,	$17
+	cmpult	$8,	$19,	$27
+	addq	$8,	$17,	$8
+	addq	$22,	$27,	$22
+	stq	$23,	112($16)
+	stq	$8,	120($16)
+	ret	$31,($26),1
+	.end bn_sqr_comba8
diff --git a/crypto/openssl/crypto/bn/asm/alpha.s.works b/crypto/openssl/crypto/bn/asm/alpha.s.works
new file mode 100644
index 000000000000..ee6c58780998
--- /dev/null
+++ b/crypto/openssl/crypto/bn/asm/alpha.s.works
@@ -0,0 +1,533 @@
+
+ # DEC Alpha assember
+ # The bn_div64 is actually gcc output but the other parts are hand done.
+ # Thanks to tzeruch@ceddec.com for sending me the gcc output for
+ # bn_div64.
+ # I've gone back and re-done most of routines.
+ # The key thing to remeber for the 164 CPU is that while a
+ # multiply operation takes 8 cycles, another one can only be issued
+ # after 4 cycles have elapsed.  I've done modification to help
+ # improve this.  Also, normally, a ld instruction will not be available
+ # for about 3 cycles.
+	.file	1 "bn_asm.c"
+	.set noat
+gcc2_compiled.:
+__gnu_compiled_c:
+	.text
+	.align 3
+	.globl bn_mul_add_words
+	.ent bn_mul_add_words
+bn_mul_add_words:
+bn_mul_add_words..ng:
+	.frame $30,0,$26,0
+	.prologue 0
+	.align 5
+	subq	$18,4,$18
+	bis	$31,$31,$0
+	blt	$18,$43		# if we are -1, -2, -3 or -4 goto tail code
+	ldq	$20,0($17)	# 1 1
+	ldq	$1,0($16)	# 1 1
+	.align 3
+$42:
+	mulq	$20,$19,$5	# 1 2 1	######
+	ldq	$21,8($17)	# 2 1
+	ldq	$2,8($16)	# 2 1
+	umulh	$20,$19,$20	# 1 2	######
+	ldq	$27,16($17)	# 3 1
+	ldq	$3,16($16)	# 3 1
+	mulq	$21,$19,$6	# 2 2 1	######
+	 ldq	$28,24($17)	# 4 1
+	addq	$1,$5,$1	# 1 2 2
+	 ldq	$4,24($16)	# 4 1
+	umulh	$21,$19,$21	# 2 2	######
+	 cmpult	$1,$5,$22	# 1 2 3 1
+	addq	$20,$22,$20	# 1 3 1
+	 addq	$1,$0,$1	# 1 2 3 1
+	mulq	$27,$19,$7	# 3 2 1	######
+	 cmpult	$1,$0,$0	# 1 2 3 2
+	addq	$2,$6,$2	# 2 2 2
+	 addq	$20,$0,$0	# 1 3 2 
+	cmpult	$2,$6,$23	# 2 2 3 1
+	 addq	$21,$23,$21	# 2 3 1
+	umulh	$27,$19,$27	# 3 2	######
+	 addq	$2,$0,$2	# 2 2 3 1
+	cmpult	$2,$0,$0	# 2 2 3 2
+	 subq	$18,4,$18
+	mulq	$28,$19,$8	# 4 2 1	######
+	 addq	$21,$0,$0	# 2 3 2 
+	addq	$3,$7,$3	# 3 2 2
+	 addq	$16,32,$16
+	cmpult	$3,$7,$24	# 3 2 3 1
+	 stq	$1,-32($16)	# 1 2 4
+	umulh	$28,$19,$28	# 4 2	######
+	 addq	$27,$24,$27	# 3 3 1
+	addq	$3,$0,$3	# 3 2 3 1
+	 stq	$2,-24($16)	# 2 2 4
+	cmpult	$3,$0,$0	# 3 2 3 2
+	 stq	$3,-16($16)	# 3 2 4
+	addq	$4,$8,$4	# 4 2 2
+	 addq	$27,$0,$0	# 3 3 2 
+	cmpult	$4,$8,$25	# 4 2 3 1
+	 addq	$17,32,$17
+	addq	$28,$25,$28	# 4 3 1
+	 addq	$4,$0,$4	# 4 2 3 1
+	cmpult	$4,$0,$0	# 4 2 3 2
+	 stq	$4,-8($16)	# 4 2 4
+	addq	$28,$0,$0	# 4 3 2 
+	 blt	$18,$43
+
+	ldq	$20,0($17)	# 1 1
+	ldq	$1,0($16)	# 1 1
+
+	br	$42
+
+	.align 4
+$45:
+	ldq	$20,0($17)	# 4 1
+	ldq	$1,0($16)	# 4 1
+	mulq	$20,$19,$5	# 4 2 1
+	subq	$18,1,$18
+	addq	$16,8,$16
+	addq	$17,8,$17
+	umulh	$20,$19,$20	# 4 2
+	addq	$1,$5,$1	# 4 2 2
+	cmpult	$1,$5,$22	# 4 2 3 1
+	addq	$20,$22,$20	# 4 3 1
+	addq	$1,$0,$1	# 4 2 3 1
+	cmpult	$1,$0,$0	# 4 2 3 2
+	addq	$20,$0,$0	# 4 3 2 
+	stq	$1,-8($16)	# 4 2 4
+	bgt	$18,$45
+	ret	$31,($26),1	# else exit
+
+	.align 4
+$43:
+	addq	$18,4,$18
+	bgt	$18,$45		# goto tail code
+	ret	$31,($26),1	# else exit
+
+	.end bn_mul_add_words
+	.align 3
+	.globl bn_mul_words
+	.ent bn_mul_words
+bn_mul_words:
+bn_mul_words..ng:
+	.frame $30,0,$26,0
+	.prologue 0
+	.align 5
+	subq	$18,4,$18
+	bis	$31,$31,$0
+	blt	$18,$143	# if we are -1, -2, -3 or -4 goto tail code
+	ldq	$20,0($17)	# 1 1
+	.align 3
+$142:
+
+	mulq	$20,$19,$5	# 1 2 1	#####
+	 ldq	$21,8($17)	# 2 1
+	 ldq	$27,16($17)	# 3 1
+	umulh	$20,$19,$20	# 1 2	#####
+	 ldq	$28,24($17)	# 4 1
+	mulq	$21,$19,$6	# 2 2 1	#####
+	 addq	$5,$0,$5	# 1 2 3 1
+	subq	$18,4,$18
+	 cmpult	$5,$0,$0	# 1 2 3 2
+	umulh	$21,$19,$21	# 2 2	#####
+	 addq	$20,$0,$0	# 1 3 2 
+	addq	$17,32,$17
+	 addq	$6,$0,$6	# 2 2 3 1
+	mulq	$27,$19,$7	# 3 2 1	#####
+	 cmpult	$6,$0,$0	# 2 2 3 2
+	addq	$21,$0,$0	# 2 3 2 
+	 addq	$16,32,$16
+	umulh	$27,$19,$27	# 3 2	#####
+	 stq	$5,-32($16)	# 1 2 4
+	mulq	$28,$19,$8	# 4 2 1	#####
+	 addq	$7,$0,$7	# 3 2 3 1
+	stq	$6,-24($16)	# 2 2 4
+	 cmpult	$7,$0,$0	# 3 2 3 2
+	umulh	$28,$19,$28	# 4 2	#####
+	 addq	$27,$0,$0	# 3 3 2 
+	stq	$7,-16($16)	# 3 2 4
+	 addq	$8,$0,$8	# 4 2 3 1
+	cmpult	$8,$0,$0	# 4 2 3 2
+
+	addq	$28,$0,$0	# 4 3 2 
+
+	stq	$8,-8($16)	# 4 2 4
+
+	blt	$18,$143
+
+	ldq	$20,0($17)	# 1 1
+
+	br	$142
+
+	.align 4
+$145:
+	ldq	$20,0($17)	# 4 1
+	mulq	$20,$19,$5	# 4 2 1
+	subq	$18,1,$18
+	umulh	$20,$19,$20	# 4 2
+	addq	$5,$0,$5	# 4 2 3 1
+	 addq	$16,8,$16
+	cmpult	$5,$0,$0	# 4 2 3 2
+	 addq	$17,8,$17
+	addq	$20,$0,$0	# 4 3 2 
+	stq	$5,-8($16)	# 4 2 4
+
+	bgt	$18,$145
+	ret	$31,($26),1	# else exit
+
+	.align 4
+$143:
+	addq	$18,4,$18
+	bgt	$18,$145	# goto tail code
+	ret	$31,($26),1	# else exit
+
+	.end bn_mul_words
+	.align 3
+	.globl bn_sqr_words
+	.ent bn_sqr_words
+bn_sqr_words:
+bn_sqr_words..ng:
+	.frame $30,0,$26,0
+	.prologue 0
+
+	subq	$18,4,$18
+	blt	$18,$543	# if we are -1, -2, -3 or -4 goto tail code
+	ldq	$20,0($17)	# 1 1
+	.align 3
+$542:
+	mulq	$20,$20,$5		######
+	 ldq	$21,8($17)	# 1 1
+	subq	$18,4
+ 	umulh	$20,$20,$1		######
+	ldq	$27,16($17)	# 1 1
+	mulq	$21,$21,$6		######
+	ldq	$28,24($17)	# 1 1
+	stq	$5,0($16)	# r[0]
+ 	umulh	$21,$21,$2		######
+	stq	$1,8($16)	# r[1]
+	mulq	$27,$27,$7		######
+	stq	$6,16($16)	# r[0]
+ 	umulh	$27,$27,$3		######
+	stq	$2,24($16)	# r[1]
+	mulq	$28,$28,$8		######
+	stq	$7,32($16)	# r[0]
+ 	umulh	$28,$28,$4		######
+	stq	$3,40($16)	# r[1]
+
+ 	addq	$16,64,$16
+ 	addq	$17,32,$17
+	stq	$8,-16($16)	# r[0]
+	stq	$4,-8($16)	# r[1]
+
+	blt	$18,$543
+	ldq	$20,0($17)	# 1 1
+ 	br 	$542
+
+$442:
+	ldq	$20,0($17)   # a[0]
+	mulq	$20,$20,$5  # a[0]*w low part       r2
+	addq	$16,16,$16
+	addq	$17,8,$17
+	subq	$18,1,$18
+        umulh	$20,$20,$1  # a[0]*w high part       r3
+	stq	$5,-16($16)   # r[0]
+        stq	$1,-8($16)   # r[1]
+
+	bgt	$18,$442
+	ret	$31,($26),1	# else exit
+
+	.align 4
+$543:
+	addq	$18,4,$18
+	bgt	$18,$442	# goto tail code
+	ret	$31,($26),1	# else exit
+	.end bn_sqr_words
+
+	.align 3
+	.globl bn_add_words
+	.ent bn_add_words
+bn_add_words:
+bn_add_words..ng:
+	.frame $30,0,$26,0
+	.prologue 0
+
+	subq	$19,4,$19
+	bis	$31,$31,$0	# carry = 0
+	blt	$19,$900
+	ldq	$5,0($17)	# a[0]
+	ldq	$1,0($18)	# b[1]
+	.align 3
+$901:
+	addq	$1,$5,$1	# r=a+b;
+	 ldq	$6,8($17)	# a[1]
+	cmpult	$1,$5,$22	# did we overflow?
+	 ldq	$2,8($18)	# b[1]
+	addq	$1,$0,$1	# c+= overflow
+	 ldq	$7,16($17)	# a[2]
+	cmpult	$1,$0,$0	# overflow?
+	 ldq	$3,16($18)	# b[2]
+	addq	$0,$22,$0
+	 ldq	$8,24($17)	# a[3]
+	addq	$2,$6,$2	# r=a+b;
+	 ldq	$4,24($18)	# b[3]
+	cmpult	$2,$6,$23	# did we overflow?
+	 addq	$3,$7,$3	# r=a+b;
+	addq	$2,$0,$2	# c+= overflow
+	 cmpult	$3,$7,$24	# did we overflow?
+	cmpult	$2,$0,$0	# overflow?
+	 addq	$4,$8,$4	# r=a+b;
+	addq	$0,$23,$0
+	 cmpult	$4,$8,$25	# did we overflow?
+	addq	$3,$0,$3	# c+= overflow
+	 stq	$1,0($16)	# r[0]=c
+	cmpult	$3,$0,$0	# overflow?
+	 stq	$2,8($16)	# r[1]=c
+	addq	$0,$24,$0
+	 stq	$3,16($16)	# r[2]=c
+	addq	$4,$0,$4	# c+= overflow
+	 subq	$19,4,$19	# loop--
+	cmpult	$4,$0,$0	# overflow?
+	 addq	$17,32,$17	# a++
+	addq	$0,$25,$0
+	 stq	$4,24($16)	# r[3]=c
+	addq	$18,32,$18	# b++
+	 addq	$16,32,$16	# r++
+
+	blt	$19,$900
+	 ldq	$5,0($17)	# a[0]
+	ldq	$1,0($18)	# b[1]
+	 br	$901
+	.align 4
+$945:
+	ldq	$5,0($17)	# a[0]
+	 ldq	$1,0($18)	# b[1]
+	addq	$1,$5,$1	# r=a+b;
+	 subq	$19,1,$19	# loop--
+	addq	$1,$0,$1	# c+= overflow
+	 addq	$17,8,$17	# a++
+	cmpult	$1,$5,$22	# did we overflow?
+	 cmpult	$1,$0,$0	# overflow?
+	addq	$18,8,$18	# b++
+	 stq	$1,0($16)	# r[0]=c
+	addq	$0,$22,$0
+	 addq	$16,8,$16	# r++
+
+	bgt	$19,$945
+	ret	$31,($26),1	# else exit
+
+$900:
+	addq	$19,4,$19
+	bgt	$19,$945	# goto tail code
+	ret	$31,($26),1	# else exit
+	.end bn_add_words
+
+ #
+ # What follows was taken directly from the C compiler with a few
+ # hacks to redo the lables.
+ #
+.text
+	.align 3
+	.globl bn_div64
+	.ent bn_div64
+bn_div64:
+	ldgp $29,0($27)
+bn_div64..ng:
+	lda $30,-48($30)
+	.frame $30,48,$26,0
+	stq $26,0($30)
+	stq $9,8($30)
+	stq $10,16($30)
+	stq $11,24($30)
+	stq $12,32($30)
+	stq $13,40($30)
+	.mask 0x4003e00,-48
+	.prologue 1
+	bis $16,$16,$9
+	bis $17,$17,$10
+	bis $18,$18,$11
+	bis $31,$31,$13
+	bis $31,2,$12
+	bne $11,$119
+	lda $0,-1
+	br $31,$136
+	.align 4
+$119:
+	bis $11,$11,$16
+	jsr $26,BN_num_bits_word
+	ldgp $29,0($26)
+	subq $0,64,$1
+	beq $1,$120
+	bis $31,1,$1
+	sll $1,$0,$1
+	cmpule $9,$1,$1
+	bne $1,$120
+ #	lda $16,_IO_stderr_
+ #	lda $17,$C32
+ #	bis $0,$0,$18
+ #	jsr $26,fprintf
+ #	ldgp $29,0($26)
+	jsr $26,abort
+	ldgp $29,0($26)
+	.align 4
+$120:
+	bis $31,64,$3
+	cmpult $9,$11,$2
+	subq $3,$0,$1
+	addl $1,$31,$0
+	subq $9,$11,$1
+	cmoveq $2,$1,$9
+	beq $0,$122
+	zapnot $0,15,$2
+	subq $3,$0,$1
+	sll $11,$2,$11
+	sll $9,$2,$3
+	srl $10,$1,$1
+	sll $10,$2,$10
+	bis $3,$1,$9
+$122:
+	srl $11,32,$5
+	zapnot $11,15,$6
+	lda $7,-1
+	.align 5
+$123:
+	srl $9,32,$1
+	subq $1,$5,$1
+	bne $1,$126
+	zapnot $7,15,$27
+	br $31,$127
+	.align 4
+$126:
+	bis $9,$9,$24
+	bis $5,$5,$25
+	divqu $24,$25,$27
+$127:
+	srl $10,32,$4
+	.align 5
+$128:
+	mulq $27,$5,$1
+	subq $9,$1,$3
+	zapnot $3,240,$1
+	bne $1,$129
+	mulq $6,$27,$2
+	sll $3,32,$1
+	addq $1,$4,$1
+	cmpule $2,$1,$2
+	bne $2,$129
+	subq $27,1,$27
+	br $31,$128
+	.align 4
+$129:
+	mulq $27,$6,$1
+	mulq $27,$5,$4
+	srl $1,32,$3
+	sll $1,32,$1
+	addq $4,$3,$4
+	cmpult $10,$1,$2
+	subq $10,$1,$10
+	addq $2,$4,$2
+	cmpult $9,$2,$1
+	bis $2,$2,$4
+	beq $1,$134
+	addq $9,$11,$9
+	subq $27,1,$27
+$134:
+	subl $12,1,$12
+	subq $9,$4,$9
+	beq $12,$124
+	sll $27,32,$13
+	sll $9,32,$2
+	srl $10,32,$1
+	sll $10,32,$10
+	bis $2,$1,$9
+	br $31,$123
+	.align 4
+$124:
+	bis $13,$27,$0
+$136:
+	ldq $26,0($30)
+	ldq $9,8($30)
+	ldq $10,16($30)
+	ldq $11,24($30)
+	ldq $12,32($30)
+	ldq $13,40($30)
+	addq $30,48,$30
+	ret $31,($26),1
+	.end bn_div64
+
+	.set noat
+	.text
+	.align 3
+	.globl bn_sub_words
+	.ent bn_sub_words
+bn_sub_words:
+bn_sub_words..ng:
+	.frame $30,0,$26,0
+	.prologue 0
+
+	subq	$19,	4,	$19
+	bis	$31,	$31,	$0
+	blt	$19,	$100
+	ldq	$1,	0($17)
+	ldq	$2,	0($18)
+$101:
+	ldq	$3,	8($17)
+	cmpult	$1,	$2,	$4
+	ldq	$5,	8($18)
+	subq	$1,	$2,	$1
+	ldq	$6,	16($17)
+	cmpult	$1,	$0,	$2
+	ldq	$7,	16($18)
+	subq	$1,	$0,	$23
+	ldq	$8,	24($17)
+	addq	$2,	$4,	$0
+	cmpult	$3,	$5,	$24
+	subq	$3,	$5,	$3
+	ldq	$22,	24($18)
+	cmpult	$3,	$0,	$5
+	subq	$3,	$0,	$25
+	addq	$5,	$24,	$0
+	cmpult	$6,	$7,	$27
+	subq	$6,	$7,	$6
+	stq	$23,	0($16)
+	cmpult	$6,	$0,	$7
+	subq	$6,	$0,	$28
+	addq	$7,	$27,	$0
+	cmpult	$8,	$22,	$21
+	subq	$8,	$22,	$8
+	stq	$25,	8($16)
+	cmpult	$8,	$0,	$22
+	subq	$8,	$0,	$20
+	addq	$22,	$21,	$0
+	stq	$28,	16($16)
+	subq	$19,	4,	$19
+	stq	$20,	24($16)
+	addq	$17,	32,	$17
+	addq	$18,	32,	$18
+	addq	$16,	32,	$16
+	blt	$19,	$100
+	ldq	$1,	0($17)
+	ldq	$2,	0($18)
+	br	$101
+$102:
+	ldq	$1,	0($17)
+	ldq	$2,	0($18)
+	cmpult	$1,	$2,	$27
+	subq	$1,	$2,	$1
+	cmpult	$1,	$0,	$2
+	subq	$1,	$0,	$1
+	stq	$1,	0($16)
+	addq	$2,	$27,	$0
+	addq	$17,	8,	$17
+	addq	$18,	8,	$18
+	addq	$16,	8,	$16
+	subq	$19,	1,	$19
+	bgt	$19,	$102
+	ret	$31,($26),1
+$100:
+	addq	$19,	4,	$19
+	bgt	$19,	$102
+$103:
+	ret	$31,($26),1
+	.end bn_sub_words
diff --git a/crypto/openssl/crypto/bn/asm/alpha.works/add.pl b/crypto/openssl/crypto/bn/asm/alpha.works/add.pl
new file mode 100644
index 000000000000..4dc76e6b69f7
--- /dev/null
+++ b/crypto/openssl/crypto/bn/asm/alpha.works/add.pl
@@ -0,0 +1,119 @@
+#!/usr/local/bin/perl
+# alpha assember 
+
+sub bn_add_words
+	{
+	local($name)=@_;
+	local($cc,$a,$b,$r);
+
+	&init_pool(4);
+	($cc)=GR("r0");
+
+	$rp=&wparam(0);
+	$ap=&wparam(1);
+	$bp=&wparam(2);
+	$count=&wparam(3);
+
+	&function_begin($name,"");
+
+	&comment("");
+	&sub($count,4,$count);
+	&mov("zero",$cc);
+	&br(&label("finish"));
+	&blt($count,&label("finish"));
+
+	($a0,$b0)=&NR(2);
+	&ld($a0,&QWPw(0,$ap));
+	&ld($b0,&QWPw(0,$bp));
+
+##########################################################
+	&set_label("loop");
+
+	($a1)=&NR(1); &ld($a1,&QWPw(1,$ap));
+	($b1)=&NR(1); &ld($b1,&QWPw(1,$bp));
+	($a2)=&NR(1); &ld($a2,&QWPw(2,$ap));
+	($b2)=&NR(1); &ld($b2,&QWPw(2,$bp));
+	($a3)=&NR(1); &ld($a3,&QWPw(3,$ap));
+	($b3)=&NR(1); &ld($b3,&QWPw(3,$bp));
+
+	($o0,$t0)=&NR(2);
+	&add($a0,$b0,$o0); 
+	&cmpult($o0,$b0,$t0);
+	&add($o0,$cc,$o0);
+	&cmpult($o0,$cc,$cc);
+	&add($cc,$t0,$cc);	&FR($t0);
+
+	($t1,$o1)=&NR(2);
+
+	&add($a1,$b1,$o1);	&FR($a1);
+	&cmpult($o1,$b1,$t1);	&FR($b1);
+	&add($o1,$cc,$o1);
+	&cmpult($o1,$cc,$cc);
+	&add($cc,$t1,$cc);	&FR($t1);
+
+	($t2,$o2)=&NR(2);
+
+	&add($a2,$b2,$o2);	&FR($a2);
+	&cmpult($o2,$b2,$t2);	&FR($b2);
+	&add($o2,$cc,$o2);
+	&cmpult($o2,$cc,$cc);
+	&add($cc,$t2,$cc);	&FR($t2);
+
+	($t3,$o3)=&NR(2);
+
+	&add($a3,$b3,$o3);	&FR($a3);
+	&cmpult($o3,$b3,$t3);	&FR($b3);
+	&add($o3,$cc,$o3);
+	&cmpult($o3,$cc,$cc);
+	&add($cc,$t3,$cc);	&FR($t3);
+
+	&st($o0,&QWPw(0,$rp)); &FR($o0);
+	&st($o1,&QWPw(0,$rp)); &FR($o1);
+	&st($o2,&QWPw(0,$rp)); &FR($o2);
+	&st($o3,&QWPw(0,$rp)); &FR($o3);
+
+	&sub($count,4,$count);	# count-=4
+	&add($ap,4*$QWS,$ap);	# count+=4
+	&add($bp,4*$QWS,$bp);	# count+=4
+	&add($rp,4*$QWS,$rp);	# count+=4
+
+	&blt($count,&label("finish"));
+	&ld($a0,&QWPw(0,$ap));
+	 &ld($b0,&QWPw(0,$bp));
+	&br(&label("loop"));
+##################################################
+	# Do the last 0..3 words
+
+	($t0,$o0)=&NR(2);
+	&set_label("last_loop");
+
+	&ld($a0,&QWPw(0,$ap));	# get a
+	&ld($b0,&QWPw(0,$bp));	# get b
+
+	&add($a0,$b0,$o0); 
+	&cmpult($o0,$b0,$t0);	# will we borrow?
+	&add($o0,$cc,$o0);	# will we borrow?
+	&cmpult($o0,$cc,$cc);	# will we borrow?
+	&add($cc,$t0,$cc);	# add the borrows
+	&st($o0,&QWPw(0,$rp));	# save
+
+	&add($ap,$QWS,$ap);
+	&add($bp,$QWS,$bp);
+	&add($rp,$QWS,$rp);
+	&sub($count,1,$count);
+	&bgt($count,&label("last_loop"));
+	&function_end_A($name);
+
+######################################################
+	&set_label("finish");
+	&add($count,4,$count);
+	&bgt($count,&label("last_loop"));
+
+	&FR($o0,$t0,$a0,$b0);
+	&set_label("end");
+	&function_end($name);
+
+	&fin_pool;
+	}
+
+1;
diff --git a/crypto/openssl/crypto/bn/asm/alpha.works/div.pl b/crypto/openssl/crypto/bn/asm/alpha.works/div.pl
new file mode 100644
index 000000000000..7ec144377fa6
--- /dev/null
+++ b/crypto/openssl/crypto/bn/asm/alpha.works/div.pl
@@ -0,0 +1,144 @@
+#!/usr/local/bin/perl
+
+sub bn_div64
+	{
+	local($data)=<<'EOF';
+ #
+ # What follows was taken directly from the C compiler with a few
+ # hacks to redo the lables.
+ #
+.text
+        .set noreorder
+	.set volatile
+	.align 3
+	.globl bn_div64
+	.ent bn_div64
+bn_div64:
+	ldgp $29,0($27)
+bn_div64..ng:
+	lda $30,-48($30)
+	.frame $30,48,$26,0
+	stq $26,0($30)
+	stq $9,8($30)
+	stq $10,16($30)
+	stq $11,24($30)
+	stq $12,32($30)
+	stq $13,40($30)
+	.mask 0x4003e00,-48
+	.prologue 1
+	bis $16,$16,$9
+	bis $17,$17,$10
+	bis $18,$18,$11
+	bis $31,$31,$13
+	bis $31,2,$12
+	bne $11,$9119
+	lda $0,-1
+	br $31,$9136
+	.align 4
+$9119:
+	bis $11,$11,$16
+	jsr $26,BN_num_bits_word
+	ldgp $29,0($26)
+	subq $0,64,$1
+	beq $1,$9120
+	bis $31,1,$1
+	sll $1,$0,$1
+	cmpule $9,$1,$1
+	bne $1,$9120
+ #	lda $16,_IO_stderr_
+ #	lda $17,$C32
+ #	bis $0,$0,$18
+ #	jsr $26,fprintf
+ #	ldgp $29,0($26)
+	jsr $26,abort
+	ldgp $29,0($26)
+	.align 4
+$9120:
+	bis $31,64,$3
+	cmpult $9,$11,$2
+	subq $3,$0,$1
+	addl $1,$31,$0
+	subq $9,$11,$1
+	cmoveq $2,$1,$9
+	beq $0,$9122
+	zapnot $0,15,$2
+	subq $3,$0,$1
+	sll $11,$2,$11
+	sll $9,$2,$3
+	srl $10,$1,$1
+	sll $10,$2,$10
+	bis $3,$1,$9
+$9122:
+	srl $11,32,$5
+	zapnot $11,15,$6
+	lda $7,-1
+	.align 5
+$9123:
+	srl $9,32,$1
+	subq $1,$5,$1
+	bne $1,$9126
+	zapnot $7,15,$27
+	br $31,$9127
+	.align 4
+$9126:
+	bis $9,$9,$24
+	bis $5,$5,$25
+	divqu $24,$25,$27
+$9127:
+	srl $10,32,$4
+	.align 5
+$9128:
+	mulq $27,$5,$1
+	subq $9,$1,$3
+	zapnot $3,240,$1
+	bne $1,$9129
+	mulq $6,$27,$2
+	sll $3,32,$1
+	addq $1,$4,$1
+	cmpule $2,$1,$2
+	bne $2,$9129
+	subq $27,1,$27
+	br $31,$9128
+	.align 4
+$9129:
+	mulq $27,$6,$1
+	mulq $27,$5,$4
+	srl $1,32,$3
+	sll $1,32,$1
+	addq $4,$3,$4
+	cmpult $10,$1,$2
+	subq $10,$1,$10
+	addq $2,$4,$2
+	cmpult $9,$2,$1
+	bis $2,$2,$4
+	beq $1,$9134
+	addq $9,$11,$9
+	subq $27,1,$27
+$9134:
+	subl $12,1,$12
+	subq $9,$4,$9
+	beq $12,$9124
+	sll $27,32,$13
+	sll $9,32,$2
+	srl $10,32,$1
+	sll $10,32,$10
+	bis $2,$1,$9
+	br $31,$9123
+	.align 4
+$9124:
+	bis $13,$27,$0
+$9136:
+	ldq $26,0($30)
+	ldq $9,8($30)
+	ldq $10,16($30)
+	ldq $11,24($30)
+	ldq $12,32($30)
+	ldq $13,40($30)
+	addq $30,48,$30
+	ret $31,($26),1
+	.end bn_div64
+EOF
+	&asm_add($data);
+	}
+
+1;
diff --git a/crypto/openssl/crypto/bn/asm/alpha.works/mul.pl b/crypto/openssl/crypto/bn/asm/alpha.works/mul.pl
new file mode 100644
index 000000000000..b182bae4520b
--- /dev/null
+++ b/crypto/openssl/crypto/bn/asm/alpha.works/mul.pl
@@ -0,0 +1,116 @@
+#!/usr/local/bin/perl
+# alpha assember 
+
+sub bn_mul_words
+	{
+	local($name)=@_;
+	local($cc,$a,$b,$r,$couny);
+
+	&init_pool(4);
+	($cc)=GR("r0");
+
+	$rp=&wparam(0);
+	$ap=&wparam(1);
+	$count=&wparam(2);
+	$word=&wparam(3);
+
+	&function_begin($name,"");
+
+	&comment("");
+	&sub($count,4,$count);
+	&mov("zero",$cc);
+	&br(&label("finish"));
+	&blt($count,&label("finish"));
+
+	($a0,$r0)=&NR(2);
+	&ld($a0,&QWPw(0,$ap));
+	&ld($r0,&QWPw(0,$rp));
+
+$a=<<'EOF';
+##########################################################
+	&set_label("loop");
+
+	($a1)=&NR(1); &ld($a1,&QWPw(1,$ap));
+	($b1)=&NR(1); &ld($b1,&QWPw(1,$bp));
+	($a2)=&NR(1); &ld($a2,&QWPw(2,$ap));
+	($b2)=&NR(1); &ld($b2,&QWPw(2,$bp));
+	($a3)=&NR(1); &ld($a3,&QWPw(3,$ap));
+	($b3)=&NR(1); &ld($b3,&QWPw(3,$bp));
+
+	($o0,$t0)=&NR(2);
+	&add($a0,$b0,$o0); 
+	&cmpult($o0,$b0,$t0);
+	&add($o0,$cc,$o0);
+	&cmpult($o0,$cc,$cc);
+	&add($cc,$t0,$cc);	&FR($t0);
+
+	($t1,$o1)=&NR(2);
+
+	&add($a1,$b1,$o1);	&FR($a1);
+	&cmpult($o1,$b1,$t1);	&FR($b1);
+	&add($o1,$cc,$o1);
+	&cmpult($o1,$cc,$cc);
+	&add($cc,$t1,$cc);	&FR($t1);
+
+	($t2,$o2)=&NR(2);
+
+	&add($a2,$b2,$o2);	&FR($a2);
+	&cmpult($o2,$b2,$t2);	&FR($b2);
+	&add($o2,$cc,$o2);
+	&cmpult($o2,$cc,$cc);
+	&add($cc,$t2,$cc);	&FR($t2);
+
+	($t3,$o3)=&NR(2);
+
+	&add($a3,$b3,$o3);	&FR($a3);
+	&cmpult($o3,$b3,$t3);	&FR($b3);
+	&add($o3,$cc,$o3);
+	&cmpult($o3,$cc,$cc);
+	&add($cc,$t3,$cc);	&FR($t3);
+
+	&st($o0,&QWPw(0,$rp)); &FR($o0);
+	&st($o1,&QWPw(0,$rp)); &FR($o1);
+	&st($o2,&QWPw(0,$rp)); &FR($o2);
+	&st($o3,&QWPw(0,$rp)); &FR($o3);
+
+	&sub($count,4,$count);	# count-=4
+	&add($ap,4*$QWS,$ap);	# count+=4
+	&add($bp,4*$QWS,$bp);	# count+=4
+	&add($rp,4*$QWS,$rp);	# count+=4
+
+	&blt($count,&label("finish"));
+	&ld($a0,&QWPw(0,$ap));
+	 &ld($b0,&QWPw(0,$bp));
+	&br(&label("loop"));
+EOF
+##################################################
+	# Do the last 0..3 words
+
+	&set_label("last_loop");
+
+	&ld(($a0)=&NR(1),&QWPw(0,$ap));	# get a
+	&mul($a0,$word,($l0)=&NR(1));
+	 &add($ap,$QWS,$ap);
+	&muh($a0,$word,($h0)=&NR(1));	&FR($a0);
+	&add($l0,$cc,$l0);
+	 &add($rp,$QWS,$rp);
+	 &sub($count,1,$count);
+	&cmpult($l0,$cc,$cc);
+	&st($l0,&QWPw(-1,$rp));		&FR($l0);
+	&add($h0,$cc,$cc);		&FR($h0);
+
+	&bgt($count,&label("last_loop"));
+	&function_end_A($name);
+
+######################################################
+	&set_label("finish");
+	&add($count,4,$count);
+	&bgt($count,&label("last_loop"));
+
+	&set_label("end");
+	&function_end($name);
+
+	&fin_pool;
+	}
+
+1;
diff --git a/crypto/openssl/crypto/bn/asm/alpha.works/mul_add.pl b/crypto/openssl/crypto/bn/asm/alpha.works/mul_add.pl
new file mode 100644
index 000000000000..e37f6315fbc8
--- /dev/null
+++ b/crypto/openssl/crypto/bn/asm/alpha.works/mul_add.pl
@@ -0,0 +1,120 @@
+#!/usr/local/bin/perl
+# alpha assember 
+
+sub bn_mul_add_words
+	{
+	local($name)=@_;
+	local($cc,$a,$b,$r,$couny);
+
+	&init_pool(4);
+	($cc)=GR("r0");
+
+	$rp=&wparam(0);
+	$ap=&wparam(1);
+	$count=&wparam(2);
+	$word=&wparam(3);
+
+	&function_begin($name,"");
+
+	&comment("");
+	&sub($count,4,$count);
+	&mov("zero",$cc);
+	&br(&label("finish"));
+	&blt($count,&label("finish"));
+
+	($a0,$r0)=&NR(2);
+	&ld($a0,&QWPw(0,$ap));
+	&ld($r0,&QWPw(0,$rp));
+
+$a=<<'EOF';
+##########################################################
+	&set_label("loop");
+
+	($a1)=&NR(1); &ld($a1,&QWPw(1,$ap));
+	($b1)=&NR(1); &ld($b1,&QWPw(1,$bp));
+	($a2)=&NR(1); &ld($a2,&QWPw(2,$ap));
+	($b2)=&NR(1); &ld($b2,&QWPw(2,$bp));
+	($a3)=&NR(1); &ld($a3,&QWPw(3,$ap));
+	($b3)=&NR(1); &ld($b3,&QWPw(3,$bp));
+
+	($o0,$t0)=&NR(2);
+	&add($a0,$b0,$o0); 
+	&cmpult($o0,$b0,$t0);
+	&add($o0,$cc,$o0);
+	&cmpult($o0,$cc,$cc);
+	&add($cc,$t0,$cc);	&FR($t0);
+
+	($t1,$o1)=&NR(2);
+
+	&add($a1,$b1,$o1);	&FR($a1);
+	&cmpult($o1,$b1,$t1);	&FR($b1);
+	&add($o1,$cc,$o1);
+	&cmpult($o1,$cc,$cc);
+	&add($cc,$t1,$cc);	&FR($t1);
+
+	($t2,$o2)=&NR(2);
+
+	&add($a2,$b2,$o2);	&FR($a2);
+	&cmpult($o2,$b2,$t2);	&FR($b2);
+	&add($o2,$cc,$o2);
+	&cmpult($o2,$cc,$cc);
+	&add($cc,$t2,$cc);	&FR($t2);
+
+	($t3,$o3)=&NR(2);
+
+	&add($a3,$b3,$o3);	&FR($a3);
+	&cmpult($o3,$b3,$t3);	&FR($b3);
+	&add($o3,$cc,$o3);
+	&cmpult($o3,$cc,$cc);
+	&add($cc,$t3,$cc);	&FR($t3);
+
+	&st($o0,&QWPw(0,$rp)); &FR($o0);
+	&st($o1,&QWPw(0,$rp)); &FR($o1);
+	&st($o2,&QWPw(0,$rp)); &FR($o2);
+	&st($o3,&QWPw(0,$rp)); &FR($o3);
+
+	&sub($count,4,$count);	# count-=4
+	&add($ap,4*$QWS,$ap);	# count+=4
+	&add($bp,4*$QWS,$bp);	# count+=4
+	&add($rp,4*$QWS,$rp);	# count+=4
+
+	&blt($count,&label("finish"));
+	&ld($a0,&QWPw(0,$ap));
+	 &ld($b0,&QWPw(0,$bp));
+	&br(&label("loop"));
+EOF
+##################################################
+	# Do the last 0..3 words
+
+	&set_label("last_loop");
+
+	&ld(($a0)=&NR(1),&QWPw(0,$ap));	# get a
+	&ld(($r0)=&NR(1),&QWPw(0,$rp));	# get b
+	&mul($a0,$word,($l0)=&NR(1));
+	 &sub($count,1,$count);
+	 &add($ap,$QWS,$ap);
+	&muh($a0,$word,($h0)=&NR(1));	&FR($a0);
+	&add($r0,$l0,$r0);
+	 &add($rp,$QWS,$rp);
+	&cmpult($r0,$l0,($t0)=&NR(1));	&FR($l0);
+	 &add($r0,$cc,$r0);
+	&add($h0,$t0,$h0);		&FR($t0);
+	 &cmpult($r0,$cc,$cc);
+	&st($r0,&QWPw(-1,$rp));		&FR($r0);
+	 &add($h0,$cc,$cc);		&FR($h0);
+
+	&bgt($count,&label("last_loop"));
+	&function_end_A($name);
+
+######################################################
+	&set_label("finish");
+	&add($count,4,$count);
+	&bgt($count,&label("last_loop"));
+
+	&set_label("end");
+	&function_end($name);
+
+	&fin_pool;
+	}
+
+1;
diff --git a/crypto/openssl/crypto/bn/asm/alpha.works/mul_c4.pl b/crypto/openssl/crypto/bn/asm/alpha.works/mul_c4.pl
new file mode 100644
index 000000000000..5efd20128140
--- /dev/null
+++ b/crypto/openssl/crypto/bn/asm/alpha.works/mul_c4.pl
@@ -0,0 +1,213 @@
+#!/usr/local/bin/perl
+# alpha assember 
+
+sub mul_add_c
+	{
+	local($a,$b,$c0,$c1,$c2)=@_;
+	local($l1,$h1,$t1,$t2);
+
+	&mul($a,$b,($l1)=&NR(1));
+	&muh($a,$b,($h1)=&NR(1));
+	&add($c0,$l1,$c0);
+	&cmpult($c0,$l1,($t1)=&NR(1));	&FR($l1);
+	&add($t1,$h1,$h1);		&FR($t1);
+	&add($c1,$h1,$c1);
+	&cmpult($c1,$h1,($t2)=&NR(1));	&FR($h1);
+	&add($c2,$t2,$c2);		&FR($t2);
+	}
+
+sub bn_mul_comba4
+	{
+	local($name)=@_;
+	local(@a,@b,$r,$c0,$c1,$c2);
+
+	$cnt=1;
+	&init_pool(3);
+
+	$rp=&wparam(0);
+	$ap=&wparam(1);
+	$bp=&wparam(2);
+
+	&function_begin($name,"");
+
+	&comment("");
+
+	&ld(($a[0])=&NR(1),&QWPw(0,$ap));
+	&ld(($b[0])=&NR(1),&QWPw(0,$bp));
+	&ld(($a[1])=&NR(1),&QWPw(1,$ap));
+	&ld(($b[1])=&NR(1),&QWPw(1,$bp));
+	&mul($a[0],$b[0],($r00)=&NR(1));
+	&ld(($a[2])=&NR(1),&QWPw(2,$ap));
+	&ld(($b[2])=&NR(1),&QWPw(2,$bp));
+	&muh($a[0],$b[0],($r01)=&NR(1));
+	&FR($ap); &ld(($a[3])=&NR(1),&QWPw(3,$ap));
+	&FR($bp); &ld(($b[3])=&NR(1),&QWPw(3,$bp));
+	&mul($a[0],$b[1],($r02)=&NR(1));
+
+	($R,$H1,$H2)=&NR(3);
+
+	&st($r00,&QWPw(0,$rp));	&FR($r00);
+
+	&mov("zero",$R);
+	&mul($a[1],$b[0],($r03)=&NR(1));
+
+	&mov("zero",$H1);
+	&mov("zero",$H0);
+	 &add($R,$r01,$R);
+	&muh($a[0],$b[1],($r04)=&NR(1));
+	 &cmpult($R,$r01,($t01)=&NR(1));	&FR($r01);
+	 &add($R,$r02,$R);
+	 &add($H1,$t01,$H1)			&FR($t01);
+	&muh($a[1],$b[0],($r05)=&NR(1));
+	 &cmpult($R,$r02,($t02)=&NR(1));	&FR($r02);
+	 &add($R,$r03,$R);
+	 &add($H2,$t02,$H2)			&FR($t02);
+	&mul($a[0],$b[2],($r06)=&NR(1));
+	 &cmpult($R,$r03,($t03)=&NR(1));	&FR($r03);
+	 &add($H1,$t03,$H1)			&FR($t03);
+	&st($R,&QWPw(1,$rp));
+	&add($H1,$H2,$R);
+
+	&mov("zero",$H1);
+	 &add($R,$r04,$R);
+	&mov("zero",$H2);
+	&mul($a[1],$b[1],($r07)=&NR(1));
+	 &cmpult($R,$r04,($t04)=&NR(1));	&FR($r04);
+	 &add($R,$r05,$R);
+	 &add($H1,$t04,$H1)			&FR($t04);
+	&mul($a[2],$b[0],($r08)=&NR(1));
+	 &cmpult($R,$r05,($t05)=&NR(1));	&FR($r05);
+	 &add($R,$r01,$R);
+	 &add($H2,$t05,$H2)			&FR($t05);
+	&muh($a[0],$b[2],($r09)=&NR(1));
+	 &cmpult($R,$r06,($t06)=&NR(1));	&FR($r06);
+	 &add($R,$r07,$R);
+	 &add($H1,$t06,$H1)			&FR($t06);
+	&muh($a[1],$b[1],($r10)=&NR(1));
+	 &cmpult($R,$r07,($t07)=&NR(1));	&FR($r07);
+	 &add($R,$r08,$R);
+	 &add($H2,$t07,$H2)			&FR($t07);
+	&muh($a[2],$b[0],($r11)=&NR(1));
+	 &cmpult($R,$r08,($t08)=&NR(1));	&FR($r08);
+	 &add($H1,$t08,$H1)			&FR($t08);
+	&st($R,&QWPw(2,$rp));
+	&add($H1,$H2,$R);
+
+	&mov("zero",$H1);
+	 &add($R,$r09,$R);
+	&mov("zero",$H2);
+	&mul($a[0],$b[3],($r12)=&NR(1));
+	 &cmpult($R,$r09,($t09)=&NR(1));	&FR($r09);
+	 &add($R,$r10,$R);
+	 &add($H1,$t09,$H1)			&FR($t09);
+	&mul($a[1],$b[2],($r13)=&NR(1));
+	 &cmpult($R,$r10,($t10)=&NR(1));	&FR($r10);
+	 &add($R,$r11,$R);
+	 &add($H1,$t10,$H1)			&FR($t10);
+	&mul($a[2],$b[1],($r14)=&NR(1));
+	 &cmpult($R,$r11,($t11)=&NR(1));	&FR($r11);
+	 &add($R,$r12,$R);
+	 &add($H1,$t11,$H1)			&FR($t11);
+	&mul($a[3],$b[0],($r15)=&NR(1));
+	 &cmpult($R,$r12,($t12)=&NR(1));	&FR($r12);
+	 &add($R,$r13,$R);
+	 &add($H1,$t12,$H1)			&FR($t12);
+	&muh($a[0],$b[3],($r16)=&NR(1));
+	 &cmpult($R,$r13,($t13)=&NR(1));	&FR($r13);
+	 &add($R,$r14,$R);
+	 &add($H1,$t13,$H1)			&FR($t13);
+	&muh($a[1],$b[2],($r17)=&NR(1));
+	 &cmpult($R,$r14,($t14)=&NR(1));	&FR($r14);
+	 &add($R,$r15,$R);
+	 &add($H1,$t14,$H1)			&FR($t14);
+	&muh($a[2],$b[1],($r18)=&NR(1));
+	 &cmpult($R,$r15,($t15)=&NR(1));	&FR($r15);
+	 &add($H1,$t15,$H1)			&FR($t15);
+	&st($R,&QWPw(3,$rp));
+	&add($H1,$H2,$R);
+
+	&mov("zero",$H1);
+	 &add($R,$r16,$R);
+	&mov("zero",$H2);
+	&muh($a[3],$b[0],($r19)=&NR(1));
+	 &cmpult($R,$r16,($t16)=&NR(1));	&FR($r16);
+	 &add($R,$r17,$R);
+	 &add($H1,$t16,$H1)			&FR($t16);
+	&mul($a[1],$b[3],($r20)=&NR(1));
+	 &cmpult($R,$r17,($t17)=&NR(1));	&FR($r17);
+	 &add($R,$r18,$R);
+	 &add($H1,$t17,$H1)			&FR($t17);
+	&mul($a[2],$b[2],($r21)=&NR(1));
+	 &cmpult($R,$r18,($t18)=&NR(1));	&FR($r18);
+	 &add($R,$r19,$R);
+	 &add($H1,$t18,$H1)			&FR($t18);
+	&mul($a[3],$b[1],($r22)=&NR(1));
+	 &cmpult($R,$r19,($t19)=&NR(1));	&FR($r19);
+	 &add($R,$r20,$R);
+	 &add($H1,$t19,$H1)			&FR($t19);
+	&muh($a[1],$b[3],($r23)=&NR(1));
+	 &cmpult($R,$r20,($t20)=&NR(1));	&FR($r20);
+	 &add($R,$r21,$R);
+	 &add($H1,$t20,$H1)			&FR($t20);
+	&muh($a[2],$b[2],($r24)=&NR(1));
+	 &cmpult($R,$r21,($t21)=&NR(1));	&FR($r21);
+	 &add($R,$r22,$R);
+	 &add($H1,$t21,$H1)			&FR($t21);
+	&muh($a[3],$b[1],($r25)=&NR(1));
+	 &cmpult($R,$r22,($t22)=&NR(1));	&FR($r22);
+	 &add($H1,$t22,$H1)			&FR($t22);
+	&st($R,&QWPw(4,$rp));
+	&add($H1,$H2,$R);
+
+	&mov("zero",$H1);
+	 &add($R,$r23,$R);
+	&mov("zero",$H2);
+	&mul($a[2],$b[3],($r26)=&NR(1));
+	 &cmpult($R,$r23,($t23)=&NR(1));	&FR($r23);
+	 &add($R,$r24,$R);
+	 &add($H1,$t23,$H1)			&FR($t23);
+	&mul($a[3],$b[2],($r27)=&NR(1));
+	 &cmpult($R,$r24,($t24)=&NR(1));	&FR($r24);
+	 &add($R,$r25,$R);
+	 &add($H1,$t24,$H1)			&FR($t24);
+	&muh($a[2],$b[3],($r28)=&NR(1));
+	 &cmpult($R,$r25,($t25)=&NR(1));	&FR($r25);
+	 &add($R,$r26,$R);
+	 &add($H1,$t25,$H1)			&FR($t25);
+	&muh($a[3],$b[2],($r29)=&NR(1));
+	 &cmpult($R,$r26,($t26)=&NR(1));	&FR($r26);
+	 &add($R,$r27,$R);
+	 &add($H1,$t26,$H1)			&FR($t26);
+	&mul($a[3],$b[3],($r30)=&NR(1));
+	 &cmpult($R,$r27,($t27)=&NR(1));	&FR($r27);
+	 &add($H1,$t27,$H1)			&FR($t27);
+	&st($R,&QWPw(5,$rp));
+	&add($H1,$H2,$R);
+
+	&mov("zero",$H1);
+	 &add($R,$r28,$R);
+	&mov("zero",$H2);
+	&muh($a[3],$b[3],($r31)=&NR(1));
+	 &cmpult($R,$r28,($t28)=&NR(1));	&FR($r28);
+	 &add($R,$r29,$R);
+	 &add($H1,$t28,$H1)			&FR($t28);
+	############
+	 &cmpult($R,$r29,($t29)=&NR(1));	&FR($r29);
+	 &add($R,$r30,$R);
+	 &add($H1,$t29,$H1)			&FR($t29);
+        ############
+	 &cmpult($R,$r30,($t30)=&NR(1));	&FR($r30);
+	 &add($H1,$t30,$H1)			&FR($t30);
+	&st($R,&QWPw(6,$rp));
+	&add($H1,$H2,$R);
+
+	 &add($R,$r31,$R);			&FR($r31);
+	&st($R,&QWPw(7,$rp));
+
+	&FR($R,$H1,$H2);
+	&function_end($name);
+
+	&fin_pool;
+	}
+
+1;
diff --git a/crypto/openssl/crypto/bn/asm/alpha.works/mul_c4.works.pl b/crypto/openssl/crypto/bn/asm/alpha.works/mul_c4.works.pl
new file mode 100644
index 000000000000..79d86dd25cd1
--- /dev/null
+++ b/crypto/openssl/crypto/bn/asm/alpha.works/mul_c4.works.pl
@@ -0,0 +1,98 @@
+#!/usr/local/bin/perl
+# alpha assember 
+
+sub mul_add_c
+	{
+	local($a,$b,$c0,$c1,$c2)=@_;
+	local($l1,$h1,$t1,$t2);
+
+print STDERR "count=$cnt\n"; $cnt++;
+	&mul($a,$b,($l1)=&NR(1));
+	&muh($a,$b,($h1)=&NR(1));
+	&add($c0,$l1,$c0);
+	&cmpult($c0,$l1,($t1)=&NR(1));	&FR($l1);
+	&add($t1,$h1,$h1);		&FR($t1);
+	&add($c1,$h1,$c1);
+	&cmpult($c1,$h1,($t2)=&NR(1));	&FR($h1);
+	&add($c2,$t2,$c2);		&FR($t2);
+	}
+
+sub bn_mul_comba4
+	{
+	local($name)=@_;
+	local(@a,@b,$r,$c0,$c1,$c2);
+
+	$cnt=1;
+	&init_pool(3);
+
+	$rp=&wparam(0);
+	$ap=&wparam(1);
+	$bp=&wparam(2);
+
+	&function_begin($name,"");
+
+	&comment("");
+
+	&ld(($a[0])=&NR(1),&QWPw(0,$ap));
+	&ld(($b[0])=&NR(1),&QWPw(0,$bp));
+	&ld(($a[1])=&NR(1),&QWPw(1,$ap));
+	&ld(($b[1])=&NR(1),&QWPw(1,$bp));
+	&ld(($a[2])=&NR(1),&QWPw(2,$ap));
+	&ld(($b[2])=&NR(1),&QWPw(2,$bp));
+	&ld(($a[3])=&NR(1),&QWPw(3,$ap));	&FR($ap);
+	&ld(($b[3])=&NR(1),&QWPw(3,$bp));	&FR($bp);
+
+	($c0,$c1,$c2)=&NR(3);
+	&mov("zero",$c2);
+	&mul($a[0],$b[0],$c0);
+	&muh($a[0],$b[0],$c1);
+	&st($c0,&QWPw(0,$rp));			&FR($c0); ($c0)=&NR($c0);
+	($c0,$c1,$c2)=($c1,$c2,$c0);
+	&mov("zero",$c2);
+
+	&mul_add_c($a[0],$b[1],$c0,$c1,$c2);
+	&mul_add_c($a[1],$b[0],$c0,$c1,$c2);
+	&st($c0,&QWPw(1,$rp));			&FR($c0); ($c0)=&NR($c0);
+	($c0,$c1,$c2)=($c1,$c2,$c0);
+	&mov("zero",$c2);
+
+	&mul_add_c($a[1],$b[1],$c0,$c1,$c2);
+	&mul_add_c($a[0],$b[2],$c0,$c1,$c2);
+	&mul_add_c($a[2],$b[0],$c0,$c1,$c2);
+	&st($c0,&QWPw(2,$rp));			&FR($c0); ($c0)=&NR($c0);
+	($c0,$c1,$c2)=($c1,$c2,$c0);
+	&mov("zero",$c2);
+
+	&mul_add_c($a[0],$b[3],$c0,$c1,$c2);	&FR($a[0]);
+	&mul_add_c($a[1],$b[2],$c0,$c1,$c2);
+	&mul_add_c($a[2],$b[1],$c0,$c1,$c2);
+	&mul_add_c($a[3],$b[0],$c0,$c1,$c2);	&FR($b[0]);
+	&st($c0,&QWPw(3,$rp));			&FR($c0); ($c0)=&NR($c0);
+	($c0,$c1,$c2)=($c1,$c2,$c0);
+	&mov("zero",$c2);
+
+	&mul_add_c($a[1],$b[3],$c0,$c1,$c2);	&FR($a[1]);
+	&mul_add_c($a[2],$b[2],$c0,$c1,$c2);
+	&mul_add_c($a[3],$b[1],$c0,$c1,$c2);	&FR($b[1]);
+	&st($c0,&QWPw(4,$rp));			&FR($c0); ($c0)=&NR($c0);
+	($c0,$c1,$c2)=($c1,$c2,$c0);
+	&mov("zero",$c2);
+
+	&mul_add_c($a[2],$b[3],$c0,$c1,$c2);	&FR($a[2]);
+	&mul_add_c($a[3],$b[2],$c0,$c1,$c2);	&FR($b[2]);
+	&st($c0,&QWPw(5,$rp));			&FR($c0); ($c0)=&NR($c0);
+	($c0,$c1,$c2)=($c1,$c2,$c0);
+	&mov("zero",$c2);
+
+	&mul_add_c($a[3],$b[3],$c0,$c1,$c2);	&FR($a[3],$b[3]);
+	&st($c0,&QWPw(6,$rp));
+	&st($c1,&QWPw(7,$rp));
+
+	&FR($c0,$c1,$c2);
+
+	&function_end($name);
+
+	&fin_pool;
+	}
+
+1;
diff --git a/crypto/openssl/crypto/bn/asm/alpha.works/mul_c8.pl b/crypto/openssl/crypto/bn/asm/alpha.works/mul_c8.pl
new file mode 100644
index 000000000000..525ca7494b73
--- /dev/null
+++ b/crypto/openssl/crypto/bn/asm/alpha.works/mul_c8.pl
@@ -0,0 +1,177 @@
+#!/usr/local/bin/perl
+# alpha assember 
+
+sub bn_mul_comba8
+	{
+	local($name)=@_;
+	local(@a,@b,$r,$c0,$c1,$c2);
+
+	$cnt=1;
+	&init_pool(3);
+
+	$rp=&wparam(0);
+	$ap=&wparam(1);
+	$bp=&wparam(2);
+
+	&function_begin($name,"");
+
+	&comment("");
+
+	&stack_push(2);
+	&ld(($a[0])=&NR(1),&QWPw(0,$ap));
+	&ld(($b[0])=&NR(1),&QWPw(0,$bp));
+	&st($reg_s0,&swtmp(0)); &FR($reg_s0);
+	&st($reg_s1,&swtmp(1)); &FR($reg_s1);
+	&ld(($a[1])=&NR(1),&QWPw(1,$ap));
+	&ld(($b[1])=&NR(1),&QWPw(1,$bp));
+	&ld(($a[2])=&NR(1),&QWPw(2,$ap));
+	&ld(($b[2])=&NR(1),&QWPw(2,$bp));
+	&ld(($a[3])=&NR(1),&QWPw(3,$ap));
+	&ld(($b[3])=&NR(1),&QWPw(3,$bp));
+	&ld(($a[4])=&NR(1),&QWPw(1,$ap));
+	&ld(($b[4])=&NR(1),&QWPw(1,$bp));
+	&ld(($a[5])=&NR(1),&QWPw(1,$ap));
+	&ld(($b[5])=&NR(1),&QWPw(1,$bp));
+	&ld(($a[6])=&NR(1),&QWPw(1,$ap));
+	&ld(($b[6])=&NR(1),&QWPw(1,$bp));
+	&ld(($a[7])=&NR(1),&QWPw(1,$ap));	&FR($ap);
+	&ld(($b[7])=&NR(1),&QWPw(1,$bp));	&FR($bp);
+
+	($c0,$c1,$c2)=&NR(3);
+	&mov("zero",$c2);
+	&mul($a[0],$b[0],$c0);
+	&muh($a[0],$b[0],$c1);
+	&st($c0,&QWPw(0,$rp));			&FR($c0); ($c0)=&NR(1);
+	($c0,$c1,$c2)=($c1,$c2,$c0);
+	&mov("zero",$c2);
+
+	&mul_add_c($a[0],$b[1],$c0,$c1,$c2);
+	&mul_add_c($a[1],$b[0],$c0,$c1,$c2);
+	&st($c0,&QWPw(1,$rp));			&FR($c0); ($c0)=&NR(1);
+	($c0,$c1,$c2)=($c1,$c2,$c0);
+	&mov("zero",$c2);
+
+	&mul_add_c($a[0],$b[2],$c0,$c1,$c2);
+	&mul_add_c($a[1],$b[1],$c0,$c1,$c2);
+	&mul_add_c($a[2],$b[0],$c0,$c1,$c2);
+	&st($c0,&QWPw(2,$rp));			&FR($c0); ($c0)=&NR(1);
+	($c0,$c1,$c2)=($c1,$c2,$c0);
+	&mov("zero",$c2);
+
+	&mul_add_c($a[0],$b[3],$c0,$c1,$c2);
+	&mul_add_c($a[1],$b[2],$c0,$c1,$c2);
+	&mul_add_c($a[2],$b[1],$c0,$c1,$c2);
+	&mul_add_c($a[3],$b[0],$c0,$c1,$c2);
+	&st($c0,&QWPw(3,$rp));			&FR($c0); ($c0)=&NR(1);
+	($c0,$c1,$c2)=($c1,$c2,$c0);
+	&mov("zero",$c2);
+
+	&mul_add_c($a[0],$b[4],$c0,$c1,$c2);
+	&mul_add_c($a[1],$b[3],$c0,$c1,$c2);
+	&mul_add_c($a[2],$b[2],$c0,$c1,$c2);
+	&mul_add_c($a[3],$b[1],$c0,$c1,$c2);
+	&mul_add_c($a[4],$b[0],$c0,$c1,$c2);
+	&st($c0,&QWPw(4,$rp));			&FR($c0); ($c0)=&NR(1);
+	($c0,$c1,$c2)=($c1,$c2,$c0);
+	&mov("zero",$c2);
+
+	&mul_add_c($a[0],$b[5],$c0,$c1,$c2);
+	&mul_add_c($a[1],$b[4],$c0,$c1,$c2);
+	&mul_add_c($a[2],$b[3],$c0,$c1,$c2);
+	&mul_add_c($a[3],$b[2],$c0,$c1,$c2);
+	&mul_add_c($a[4],$b[1],$c0,$c1,$c2);
+	&mul_add_c($a[5],$b[0],$c0,$c1,$c2);
+	&st($c0,&QWPw(5,$rp));			&FR($c0); ($c0)=&NR(1);
+	($c0,$c1,$c2)=($c1,$c2,$c0);
+	&mov("zero",$c2);
+
+	&mul_add_c($a[0],$b[6],$c0,$c1,$c2);
+	&mul_add_c($a[1],$b[5],$c0,$c1,$c2);
+	&mul_add_c($a[2],$b[4],$c0,$c1,$c2);
+	&mul_add_c($a[3],$b[3],$c0,$c1,$c2);
+	&mul_add_c($a[4],$b[2],$c0,$c1,$c2);
+	&mul_add_c($a[5],$b[1],$c0,$c1,$c2);
+	&mul_add_c($a[6],$b[0],$c0,$c1,$c2);
+	&st($c0,&QWPw(6,$rp));			&FR($c0); ($c0)=&NR(1);
+	($c0,$c1,$c2)=($c1,$c2,$c0);
+	&mov("zero",$c2);
+
+	&mul_add_c($a[0],$b[7],$c0,$c1,$c2);	&FR($a[0]);
+	&mul_add_c($a[1],$b[6],$c0,$c1,$c2);
+	&mul_add_c($a[2],$b[5],$c0,$c1,$c2);
+	&mul_add_c($a[3],$b[4],$c0,$c1,$c2);
+	&mul_add_c($a[4],$b[3],$c0,$c1,$c2);
+	&mul_add_c($a[5],$b[2],$c0,$c1,$c2);
+	&mul_add_c($a[6],$b[1],$c0,$c1,$c2);
+	&mul_add_c($a[7],$b[0],$c0,$c1,$c2);	&FR($b[0]);
+	&st($c0,&QWPw(7,$rp));			&FR($c0); ($c0)=&NR(1);
+	($c0,$c1,$c2)=($c1,$c2,$c0);
+	&mov("zero",$c2);
+
+	&mul_add_c($a[1],$b[7],$c0,$c1,$c2);	&FR($a[1]);
+	&mul_add_c($a[2],$b[6],$c0,$c1,$c2);
+	&mul_add_c($a[3],$b[5],$c0,$c1,$c2);
+	&mul_add_c($a[4],$b[4],$c0,$c1,$c2);
+	&mul_add_c($a[5],$b[3],$c0,$c1,$c2);
+	&mul_add_c($a[6],$b[2],$c0,$c1,$c2);
+	&mul_add_c($a[7],$b[1],$c0,$c1,$c2);	&FR($b[1]);
+	&st($c0,&QWPw(8,$rp));			&FR($c0); ($c0)=&NR(1);
+	($c0,$c1,$c2)=($c1,$c2,$c0);
+	&mov("zero",$c2);
+
+	&mul_add_c($a[2],$b[7],$c0,$c1,$c2);	&FR($a[2]);
+	&mul_add_c($a[3],$b[6],$c0,$c1,$c2);
+	&mul_add_c($a[4],$b[5],$c0,$c1,$c2);
+	&mul_add_c($a[5],$b[4],$c0,$c1,$c2);
+	&mul_add_c($a[6],$b[3],$c0,$c1,$c2);
+	&mul_add_c($a[7],$b[2],$c0,$c1,$c2);	&FR($b[2]);
+	&st($c0,&QWPw(9,$rp));			&FR($c0); ($c0)=&NR(1);
+	($c0,$c1,$c2)=($c1,$c2,$c0);
+	&mov("zero",$c2);
+
+	&mul_add_c($a[3],$b[7],$c0,$c1,$c2);	&FR($a[3]);
+	&mul_add_c($a[4],$b[6],$c0,$c1,$c2);
+	&mul_add_c($a[5],$b[5],$c0,$c1,$c2);
+	&mul_add_c($a[6],$b[4],$c0,$c1,$c2);
+	&mul_add_c($a[7],$b[3],$c0,$c1,$c2);	&FR($b[3]);
+	&st($c0,&QWPw(10,$rp));			&FR($c0); ($c0)=&NR(1);
+	($c0,$c1,$c2)=($c1,$c2,$c0);
+	&mov("zero",$c2);
+
+	&mul_add_c($a[4],$b[7],$c0,$c1,$c2);	&FR($a[4]);
+	&mul_add_c($a[5],$b[6],$c0,$c1,$c2);
+	&mul_add_c($a[6],$b[5],$c0,$c1,$c2);
+	&mul_add_c($a[7],$b[4],$c0,$c1,$c2);	&FR($b[4]);
+	&st($c0,&QWPw(11,$rp));			&FR($c0); ($c0)=&NR(1);
+	($c0,$c1,$c2)=($c1,$c2,$c0);
+	&mov("zero",$c2);
+
+	&mul_add_c($a[5],$b[7],$c0,$c1,$c2);	&FR($a[5]);
+	&mul_add_c($a[6],$b[6],$c0,$c1,$c2);
+	&mul_add_c($a[7],$b[5],$c0,$c1,$c2);	&FR($b[5]);
+	&st($c0,&QWPw(12,$rp));			&FR($c0); ($c0)=&NR(1);
+	($c0,$c1,$c2)=($c1,$c2,$c0);
+	&mov("zero",$c2);
+
+	&mul_add_c($a[6],$b[7],$c0,$c1,$c2);	&FR($a[6]);
+	&mul_add_c($a[7],$b[6],$c0,$c1,$c2);	&FR($b[6]);
+	&st($c0,&QWPw(13,$rp));			&FR($c0); ($c0)=&NR(1);
+	($c0,$c1,$c2)=($c1,$c2,$c0);
+	&mov("zero",$c2);
+
+	&mul_add_c($a[7],$b[7],$c0,$c1,$c2);	&FR($a[7],$b[7]);
+	&st($c0,&QWPw(14,$rp));
+	&st($c1,&QWPw(15,$rp));
+
+	&FR($c0,$c1,$c2);
+
+	&ld($reg_s0,&swtmp(0));
+	&ld($reg_s1,&swtmp(1));
+	&stack_pop(2);
+
+	&function_end($name);
+
+	&fin_pool;
+	}
+
+1;
diff --git a/crypto/openssl/crypto/bn/asm/alpha.works/sqr.pl b/crypto/openssl/crypto/bn/asm/alpha.works/sqr.pl
new file mode 100644
index 000000000000..a55b696906e1
--- /dev/null
+++ b/crypto/openssl/crypto/bn/asm/alpha.works/sqr.pl
@@ -0,0 +1,113 @@
+#!/usr/local/bin/perl
+# alpha assember 
+
+sub bn_sqr_words
+	{
+	local($name)=@_;
+	local($cc,$a,$b,$r,$couny);
+
+	&init_pool(3);
+	($cc)=GR("r0");
+
+	$rp=&wparam(0);
+	$ap=&wparam(1);
+	$count=&wparam(2);
+
+	&function_begin($name,"");
+
+	&comment("");
+	&sub($count,4,$count);
+	&mov("zero",$cc);
+	&br(&label("finish"));
+	&blt($count,&label("finish"));
+
+	($a0,$r0)=&NR(2);
+	&ld($a0,&QWPw(0,$ap));
+	&ld($r0,&QWPw(0,$rp));
+
+$a=<<'EOF';
+##########################################################
+	&set_label("loop");
+
+	($a1)=&NR(1); &ld($a1,&QWPw(1,$ap));
+	($b1)=&NR(1); &ld($b1,&QWPw(1,$bp));
+	($a2)=&NR(1); &ld($a2,&QWPw(2,$ap));
+	($b2)=&NR(1); &ld($b2,&QWPw(2,$bp));
+	($a3)=&NR(1); &ld($a3,&QWPw(3,$ap));
+	($b3)=&NR(1); &ld($b3,&QWPw(3,$bp));
+
+	($o0,$t0)=&NR(2);
+	&add($a0,$b0,$o0); 
+	&cmpult($o0,$b0,$t0);
+	&add($o0,$cc,$o0);
+	&cmpult($o0,$cc,$cc);
+	&add($cc,$t0,$cc);	&FR($t0);
+
+	($t1,$o1)=&NR(2);
+
+	&add($a1,$b1,$o1);	&FR($a1);
+	&cmpult($o1,$b1,$t1);	&FR($b1);
+	&add($o1,$cc,$o1);
+	&cmpult($o1,$cc,$cc);
+	&add($cc,$t1,$cc);	&FR($t1);
+
+	($t2,$o2)=&NR(2);
+
+	&add($a2,$b2,$o2);	&FR($a2);
+	&cmpult($o2,$b2,$t2);	&FR($b2);
+	&add($o2,$cc,$o2);
+	&cmpult($o2,$cc,$cc);
+	&add($cc,$t2,$cc);	&FR($t2);
+
+	($t3,$o3)=&NR(2);
+
+	&add($a3,$b3,$o3);	&FR($a3);
+	&cmpult($o3,$b3,$t3);	&FR($b3);
+	&add($o3,$cc,$o3);
+	&cmpult($o3,$cc,$cc);
+	&add($cc,$t3,$cc);	&FR($t3);
+
+	&st($o0,&QWPw(0,$rp)); &FR($o0);
+	&st($o1,&QWPw(0,$rp)); &FR($o1);
+	&st($o2,&QWPw(0,$rp)); &FR($o2);
+	&st($o3,&QWPw(0,$rp)); &FR($o3);
+
+	&sub($count,4,$count);	# count-=4
+	&add($ap,4*$QWS,$ap);	# count+=4
+	&add($bp,4*$QWS,$bp);	# count+=4
+	&add($rp,4*$QWS,$rp);	# count+=4
+
+	&blt($count,&label("finish"));
+	&ld($a0,&QWPw(0,$ap));
+	 &ld($b0,&QWPw(0,$bp));
+	&br(&label("loop"));
+EOF
+##################################################
+	# Do the last 0..3 words
+
+	&set_label("last_loop");
+
+	&ld(($a0)=&NR(1),&QWPw(0,$ap));	# get a
+	&mul($a0,$a0,($l0)=&NR(1));
+	 &add($ap,$QWS,$ap);
+	 &add($rp,2*$QWS,$rp);
+	 &sub($count,1,$count);
+	&muh($a0,$a0,($h0)=&NR(1));	&FR($a0);
+	&st($l0,&QWPw(-2,$rp));		&FR($l0);
+	&st($h0,&QWPw(-1,$rp));		&FR($h0);
+
+	&bgt($count,&label("last_loop"));
+	&function_end_A($name);
+
+######################################################
+	&set_label("finish");
+	&add($count,4,$count);
+	&bgt($count,&label("last_loop"));
+
+	&set_label("end");
+	&function_end($name);
+
+	&fin_pool;
+	}
+
+1;
diff --git a/crypto/openssl/crypto/bn/asm/alpha.works/sqr_c4.pl b/crypto/openssl/crypto/bn/asm/alpha.works/sqr_c4.pl
new file mode 100644
index 000000000000..bf33f5b50372
--- /dev/null
+++ b/crypto/openssl/crypto/bn/asm/alpha.works/sqr_c4.pl
@@ -0,0 +1,109 @@
+#!/usr/local/bin/perl
+# alpha assember 
+
+sub sqr_add_c
+	{
+	local($a,$c0,$c1,$c2)=@_;
+	local($l1,$h1,$t1,$t2);
+
+	&mul($a,$a,($l1)=&NR(1));
+	&muh($a,$a,($h1)=&NR(1));
+	&add($c0,$l1,$c0);
+	&add($c1,$h1,$c1);
+	&cmpult($c0,$l1,($t1)=&NR(1));	&FR($l1);
+	&cmpult($c1,$h1,($t2)=&NR(1));	&FR($h1);
+	&add($c1,$t1,$c1);		&FR($t1);
+	&add($c2,$t2,$c2);		&FR($t2);
+	}
+
+sub sqr_add_c2
+	{
+	local($a,$b,$c0,$c1,$c2)=@_;
+	local($l1,$h1,$t1,$t2);
+
+	&mul($a,$b,($l1)=&NR(1));
+	&muh($a,$b,($h1)=&NR(1));
+	&cmplt($l1,"zero",($lc1)=&NR(1));
+	&cmplt($h1,"zero",($hc1)=&NR(1));
+	&add($l1,$l1,$l1);
+	&add($h1,$h1,$h1);
+	&add($h1,$lc1,$h1);		&FR($lc1);
+	&add($c2,$hc1,$c2);		&FR($hc1);
+
+	&add($c0,$l1,$c0);
+	&add($c1,$h1,$c1);
+	&cmpult($c0,$l1,($lc1)=&NR(1));	&FR($l1);
+	&cmpult($c1,$h1,($hc1)=&NR(1));	&FR($h1);
+
+	&add($c1,$lc1,$c1);		&FR($lc1);
+	&add($c2,$hc1,$c2);		&FR($hc1);
+	}
+
+
+sub bn_sqr_comba4
+	{
+	local($name)=@_;
+	local(@a,@b,$r,$c0,$c1,$c2);
+
+	$cnt=1;
+	&init_pool(2);
+
+	$rp=&wparam(0);
+	$ap=&wparam(1);
+
+	&function_begin($name,"");
+
+	&comment("");
+
+	&ld(($a[0])=&NR(1),&QWPw(0,$ap));
+	&ld(($a[1])=&NR(1),&QWPw(1,$ap));
+	&ld(($a[2])=&NR(1),&QWPw(2,$ap));
+        &ld(($a[3])=&NR(1),&QWPw(3,$ap)); &FR($ap);
+
+	($c0,$c1,$c2)=&NR(3);
+
+	&mov("zero",$c2);
+	&mul($a[0],$a[0],$c0);
+	&muh($a[0],$a[0],$c1);
+	&st($c0,&QWPw(0,$rp));
+	($c0,$c1,$c2)=($c1,$c2,$c0);
+	&mov("zero",$c2);
+
+	&sqr_add_c2($a[0],$a[1],$c0,$c1,$c2);
+	&st($c0,&QWPw(1,$rp));
+	($c0,$c1,$c2)=($c1,$c2,$c0);
+	&mov("zero",$c2);
+
+	&sqr_add_c($a[1],$c0,$c1,$c2);
+	&sqr_add_c2($a[2],$a[0],$c0,$c1,$c2);
+	&st($c0,&QWPw(2,$rp));
+	($c0,$c1,$c2)=($c1,$c2,$c0);
+	&mov("zero",$c2);
+
+	&sqr_add_c2($a[3],$a[0],$c0,$c1,$c2);
+	&sqr_add_c2($a[2],$a[1],$c0,$c1,$c2);
+	&st($c0,&QWPw(3,$rp));
+	($c0,$c1,$c2)=($c1,$c2,$c0);
+	&mov("zero",$c2);
+
+	&sqr_add_c($a[2],$c0,$c1,$c2);
+	&sqr_add_c2($a[3],$a[1],$c0,$c1,$c2);
+	&st($c0,&QWPw(4,$rp));
+	($c0,$c1,$c2)=($c1,$c2,$c0);
+	&mov("zero",$c2);
+
+	&sqr_add_c2($a[3],$a[2],$c0,$c1,$c2);
+	&st($c0,&QWPw(5,$rp));
+	($c0,$c1,$c2)=($c1,$c2,$c0);
+	&mov("zero",$c2);
+
+	&sqr_add_c($a[3],$c0,$c1,$c2);
+	&st($c0,&QWPw(6,$rp));
+	&st($c1,&QWPw(7,$rp));
+
+	&function_end($name);
+
+	&fin_pool;
+	}
+
+1;
diff --git a/crypto/openssl/crypto/bn/asm/alpha.works/sqr_c8.pl b/crypto/openssl/crypto/bn/asm/alpha.works/sqr_c8.pl
new file mode 100644
index 000000000000..b4afe085f1c9
--- /dev/null
+++ b/crypto/openssl/crypto/bn/asm/alpha.works/sqr_c8.pl
@@ -0,0 +1,132 @@
+#!/usr/local/bin/perl
+# alpha assember 
+
+sub bn_sqr_comba8
+	{
+	local($name)=@_;
+	local(@a,@b,$r,$c0,$c1,$c2);
+
+	$cnt=1;
+	&init_pool(2);
+
+	$rp=&wparam(0);
+	$ap=&wparam(1);
+
+	&function_begin($name,"");
+
+	&comment("");
+
+	&ld(($a[0])=&NR(1),&QWPw(0,$ap));
+	&ld(($a[1])=&NR(1),&QWPw(1,$ap));
+	&ld(($a[2])=&NR(1),&QWPw(2,$ap));
+	&ld(($a[3])=&NR(1),&QWPw(3,$ap));
+	&ld(($a[4])=&NR(1),&QWPw(4,$ap));
+	&ld(($a[5])=&NR(1),&QWPw(5,$ap));
+	&ld(($a[6])=&NR(1),&QWPw(6,$ap));
+        &ld(($a[7])=&NR(1),&QWPw(7,$ap)); &FR($ap);
+
+	($c0,$c1,$c2)=&NR(3);
+
+	&mov("zero",$c2);
+	&mul($a[0],$a[0],$c0);
+	&muh($a[0],$a[0],$c1);
+	&st($c0,&QWPw(0,$rp));
+	($c0,$c1,$c2)=($c1,$c2,$c0);
+	&mov("zero",$c2);
+
+	&sqr_add_c2($a[1],$a[0],$c0,$c1,$c2);
+	&st($c0,&QWPw(1,$rp));
+	($c0,$c1,$c2)=($c1,$c2,$c0);
+	&mov("zero",$c2);
+
+	&sqr_add_c($a[1],$c0,$c1,$c2);
+	&sqr_add_c2($a[2],$a[0],$c0,$c1,$c2);
+	&st($c0,&QWPw(2,$rp));
+	($c0,$c1,$c2)=($c1,$c2,$c0);
+	&mov("zero",$c2);
+
+	&sqr_add_c2($a[2],$a[1],$c0,$c1,$c2);
+	&sqr_add_c2($a[3],$a[0],$c0,$c1,$c2);
+	&st($c0,&QWPw(3,$rp));
+	($c0,$c1,$c2)=($c1,$c2,$c0);
+	&mov("zero",$c2);
+
+	&sqr_add_c($a[2],$c0,$c1,$c2);
+	&sqr_add_c2($a[3],$a[1],$c0,$c1,$c2);
+	&sqr_add_c2($a[4],$a[0],$c0,$c1,$c2);
+	&st($c0,&QWPw(4,$rp));
+	($c0,$c1,$c2)=($c1,$c2,$c0);
+	&mov("zero",$c2);
+
+	&sqr_add_c2($a[3],$a[2],$c0,$c1,$c2);
+	&sqr_add_c2($a[4],$a[1],$c0,$c1,$c2);
+	&sqr_add_c2($a[5],$a[0],$c0,$c1,$c2);
+	&st($c0,&QWPw(5,$rp));
+	($c0,$c1,$c2)=($c1,$c2,$c0);
+	&mov("zero",$c2);
+
+	&sqr_add_c($a[3],$c0,$c1,$c2);
+	&sqr_add_c2($a[4],$a[2],$c0,$c1,$c2);
+	&sqr_add_c2($a[5],$a[1],$c0,$c1,$c2);
+	&sqr_add_c2($a[6],$a[0],$c0,$c1,$c2);
+	&st($c0,&QWPw(6,$rp));
+	($c0,$c1,$c2)=($c1,$c2,$c0);
+	&mov("zero",$c2);
+
+	&sqr_add_c2($a[4],$a[3],$c0,$c1,$c2);
+	&sqr_add_c2($a[5],$a[2],$c0,$c1,$c2);
+	&sqr_add_c2($a[6],$a[1],$c0,$c1,$c2);
+	&sqr_add_c2($a[7],$a[0],$c0,$c1,$c2);
+	&st($c0,&QWPw(7,$rp));
+	($c0,$c1,$c2)=($c1,$c2,$c0);
+	&mov("zero",$c2);
+
+	&sqr_add_c($a[4],$c0,$c1,$c2);
+	&sqr_add_c2($a[5],$a[3],$c0,$c1,$c2);
+	&sqr_add_c2($a[6],$a[2],$c0,$c1,$c2);
+	&sqr_add_c2($a[7],$a[1],$c0,$c1,$c2);
+	&st($c0,&QWPw(8,$rp));
+	($c0,$c1,$c2)=($c1,$c2,$c0);
+	&mov("zero",$c2);
+
+	&sqr_add_c2($a[5],$a[4],$c0,$c1,$c2);
+	&sqr_add_c2($a[6],$a[3],$c0,$c1,$c2);
+	&sqr_add_c2($a[7],$a[2],$c0,$c1,$c2);
+	&st($c0,&QWPw(9,$rp));
+	($c0,$c1,$c2)=($c1,$c2,$c0);
+	&mov("zero",$c2);
+
+	&sqr_add_c($a[5],$c0,$c1,$c2);
+	&sqr_add_c2($a[6],$a[4],$c0,$c1,$c2);
+	&sqr_add_c2($a[7],$a[3],$c0,$c1,$c2);
+	&st($c0,&QWPw(10,$rp));
+	($c0,$c1,$c2)=($c1,$c2,$c0);
+	&mov("zero",$c2);
+
+	&sqr_add_c2($a[6],$a[5],$c0,$c1,$c2);
+	&sqr_add_c2($a[7],$a[4],$c0,$c1,$c2);
+	&st($c0,&QWPw(11,$rp));
+	($c0,$c1,$c2)=($c1,$c2,$c0);
+	&mov("zero",$c2);
+
+	&sqr_add_c($a[6],$c0,$c1,$c2);
+	&sqr_add_c2($a[7],$a[5],$c0,$c1,$c2);
+	&st($c0,&QWPw(12,$rp));
+	($c0,$c1,$c2)=($c1,$c2,$c0);
+	&mov("zero",$c2);
+
+	&sqr_add_c2($a[7],$a[6],$c0,$c1,$c2);
+	&st($c0,&QWPw(13,$rp));
+	($c0,$c1,$c2)=($c1,$c2,$c0);
+	&mov("zero",$c2);
+
+	&sqr_add_c($a[7],$c0,$c1,$c2);
+	&st($c0,&QWPw(14,$rp));
+	&st($c1,&QWPw(15,$rp));
+
+	&function_end($name);
+
+	&fin_pool;
+	}
+
+1;
diff --git a/crypto/openssl/crypto/bn/asm/alpha.works/sub.pl b/crypto/openssl/crypto/bn/asm/alpha.works/sub.pl
new file mode 100644
index 000000000000..d998da5c21a2
--- /dev/null
+++ b/crypto/openssl/crypto/bn/asm/alpha.works/sub.pl
@@ -0,0 +1,108 @@
+#!/usr/local/bin/perl
+# alpha assember
+
+sub bn_sub_words
+	{
+	local($name)=@_;
+	local($cc,$a,$b,$r);
+
+	&init_pool(4);
+	($cc)=GR("r0");
+
+	$rp=&wparam(0);
+	$ap=&wparam(1);
+	$bp=&wparam(2);
+	$count=&wparam(3);
+
+	&function_begin($name,"");
+
+	&comment("");
+	&sub($count,4,$count);
+	&mov("zero",$cc);
+	&blt($count,&label("finish"));
+
+	($a0,$b0)=&NR(2);
+	&ld($a0,&QWPw(0,$ap));
+	&ld($b0,&QWPw(0,$bp));
+
+##########################################################
+	&set_label("loop");
+
+	($a1,$tmp,$b1,$a2,$b2,$a3,$b3,$o0)=&NR(8);
+	&ld($a1,&QWPw(1,$ap));
+	 &cmpult($a0,$b0,$tmp);	# will we borrow?
+	&ld($b1,&QWPw(1,$bp));
+	 &sub($a0,$b0,$a0);		# do the subtract
+	&ld($a2,&QWPw(2,$ap));
+	 &cmpult($a0,$cc,$b0);	# will we borrow?
+	&ld($b2,&QWPw(2,$bp));
+	 &sub($a0,$cc,$o0);	# will we borrow?
+	&ld($a3,&QWPw(3,$ap));
+	 &add($b0,$tmp,$cc); ($t1,$o1)=&NR(2); &FR($tmp);
+
+	&cmpult($a1,$b1,$t1);	# will we borrow?
+	 &sub($a1,$b1,$a1);	# do the subtract
+	&ld($b3,&QWPw(3,$bp));
+	 &cmpult($a1,$cc,$b1);	# will we borrow?
+	&sub($a1,$cc,$o1);	# will we borrow?
+	 &add($b1,$t1,$cc); ($tmp,$o2)=&NR(2); &FR($t1,$a1,$b1);
+	
+	&cmpult($a2,$b2,$tmp);	# will we borrow?
+	 &sub($a2,$b2,$a2);		# do the subtract
+	&st($o0,&QWPw(0,$rp));	&FR($o0); # save
+	 &cmpult($a2,$cc,$b2);	# will we borrow?
+	&sub($a2,$cc,$o2);	# will we borrow?
+	 &add($b2,$tmp,$cc); ($t3,$o3)=&NR(2); &FR($tmp,$a2,$b2);
+
+	&cmpult($a3,$b3,$t3);	# will we borrow?
+	 &sub($a3,$b3,$a3);	# do the subtract
+	&st($o1,&QWPw(1,$rp)); &FR($o1);
+	 &cmpult($a3,$cc,$b3);	# will we borrow?
+	&sub($a3,$cc,$o3);	# will we borrow?
+	 &add($b3,$t3,$cc); &FR($t3,$a3,$b3);
+
+	&st($o2,&QWPw(2,$rp));	&FR($o2);
+	 &sub($count,4,$count);	# count-=4
+	&st($o3,&QWPw(3,$rp));	&FR($o3);
+	 &add($ap,4*$QWS,$ap);	# count+=4
+	&add($bp,4*$QWS,$bp);	# count+=4
+	 &add($rp,4*$QWS,$rp);	# count+=4
+
+	&blt($count,&label("finish"));
+	&ld($a0,&QWPw(0,$ap));
+	 &ld($b0,&QWPw(0,$bp));
+	&br(&label("loop"));
+##################################################
+	# Do the last 0..3 words
+
+	&set_label("last_loop");
+
+	&ld($a0,&QWPw(0,$ap));	# get a
+	 &ld($b0,&QWPw(0,$bp));	# get b
+	&cmpult($a0,$b0,$tmp);	# will we borrow?
+	&sub($a0,$b0,$a0);	# do the subtract
+	&cmpult($a0,$cc,$b0);	# will we borrow?
+	&sub($a0,$cc,$a0);	# will we borrow?
+	&st($a0,&QWPw(0,$rp));	# save
+	&add($b0,$tmp,$cc);	# add the borrows
+
+	&add($ap,$QWS,$ap);
+	&add($bp,$QWS,$bp);
+	&add($rp,$QWS,$rp);
+	&sub($count,1,$count);
+	&bgt($count,&label("last_loop"));
+	&function_end_A($name);
+
+######################################################
+	&set_label("finish");
+	&add($count,4,$count);
+	&bgt($count,&label("last_loop"));
+
+	&FR($a0,$b0);
+	&set_label("end");
+	&function_end($name);
+
+	&fin_pool;
+	}
+
+1;
diff --git a/crypto/openssl/crypto/bn/asm/alpha/add.pl b/crypto/openssl/crypto/bn/asm/alpha/add.pl
new file mode 100644
index 000000000000..13bf51642816
--- /dev/null
+++ b/crypto/openssl/crypto/bn/asm/alpha/add.pl
@@ -0,0 +1,118 @@
+#!/usr/local/bin/perl
+# alpha assember 
+
+sub bn_add_words
+	{
+	local($name)=@_;
+	local($cc,$a,$b,$r);
+
+	&init_pool(4);
+	($cc)=GR("r0");
+
+	$rp=&wparam(0);
+	$ap=&wparam(1);
+	$bp=&wparam(2);
+	$count=&wparam(3);
+
+	&function_begin($name,"");
+
+	&comment("");
+	&sub($count,4,$count);
+	 &mov("zero",$cc);
+	&blt($count,&label("finish"));
+
+	($a0,$b0)=&NR(2);
+
+##########################################################
+	&set_label("loop");
+
+	&ld(($a0)=&NR(1),&QWPw(0,$ap));
+	 &ld(($b0)=&NR(1),&QWPw(0,$bp));
+	&ld(($a1)=&NR(1),&QWPw(1,$ap));
+	 &ld(($b1)=&NR(1),&QWPw(1,$bp));
+
+	($o0,$t0)=&NR(2);
+	&add($a0,$b0,$o0); 
+	 &ld(($a2)=&NR(1),&QWPw(2,$ap));
+	&cmpult($o0,$b0,$t0);
+	 &add($o0,$cc,$o0);
+	&cmpult($o0,$cc,$cc);
+	 &ld(($b2)=&NR(1),&QWPw(2,$bp));
+	&add($cc,$t0,$cc);	&FR($t0);
+
+	($t1,$o1)=&NR(2);
+
+	 &add($a1,$b1,$o1);	&FR($a1);
+	&cmpult($o1,$b1,$t1);	&FR($b1);
+	 &add($o1,$cc,$o1);
+	&cmpult($o1,$cc,$cc);
+	 &ld(($a3)=&NR(1),&QWPw(3,$ap));
+	&add($cc,$t1,$cc);	&FR($t1);
+
+	($t2,$o2)=&NR(2);
+
+	 &add($a2,$b2,$o2);	&FR($a2);
+	&cmpult($o2,$b2,$t2);	&FR($b2);
+	 &add($o2,$cc,$o2);
+	&cmpult($o2,$cc,$cc);
+	 &ld(($b3)=&NR(1),&QWPw(3,$bp));
+	&st($o0,&QWPw(0,$rp)); &FR($o0);
+	 &add($cc,$t2,$cc);	&FR($t2);
+
+	($t3,$o3)=&NR(2);
+
+	&st($o1,&QWPw(0,$rp)); &FR($o1);
+	 &add($a3,$b3,$o3);	&FR($a3);
+	&cmpult($o3,$b3,$t3);	&FR($b3);
+	 &add($o3,$cc,$o3);
+	&st($o2,&QWPw(0,$rp)); &FR($o2);
+	 &cmpult($o3,$cc,$cc);
+	&st($o3,&QWPw(0,$rp)); &FR($o3);
+	 &add($cc,$t3,$cc);	&FR($t3);
+
+
+	&sub($count,4,$count);	# count-=4
+	 &add($ap,4*$QWS,$ap);	# count+=4
+	&add($bp,4*$QWS,$bp);	# count+=4
+	 &add($rp,4*$QWS,$rp);	# count+=4
+
+	###
+	 &bge($count,&label("loop"));
+	###
+	&br(&label("finish"));
+##################################################
+	# Do the last 0..3 words
+
+	($t0,$o0)=&NR(2);
+	&set_label("last_loop");
+
+	&ld($a0,&QWPw(0,$ap));	# get a
+	 &ld($b0,&QWPw(0,$bp));	# get b
+	&add($ap,$QWS,$ap);
+	 &add($bp,$QWS,$bp);
+	&add($a0,$b0,$o0); 
+	 &sub($count,1,$count);
+	&cmpult($o0,$b0,$t0);	# will we borrow?
+	 &add($o0,$cc,$o0);	# will we borrow?
+	&cmpult($o0,$cc,$cc);	# will we borrow?
+	 &add($rp,$QWS,$rp);
+	&st($o0,&QWPw(-1,$rp));	# save
+	 &add($cc,$t0,$cc);	# add the borrows
+
+	###
+	 &bgt($count,&label("last_loop"));
+	&function_end_A($name);
+
+######################################################
+	&set_label("finish");
+	&add($count,4,$count);
+	 &bgt($count,&label("last_loop"));
+
+	&FR($o0,$t0,$a0,$b0);
+	&set_label("end");
+	&function_end($name);
+
+	&fin_pool;
+	}
+
+1;
diff --git a/crypto/openssl/crypto/bn/asm/alpha/div.pl b/crypto/openssl/crypto/bn/asm/alpha/div.pl
new file mode 100644
index 000000000000..e9e680897aae
--- /dev/null
+++ b/crypto/openssl/crypto/bn/asm/alpha/div.pl
@@ -0,0 +1,144 @@
+#!/usr/local/bin/perl
+
+sub bn_div_words
+	{
+	local($data)=<<'EOF';
+ #
+ # What follows was taken directly from the C compiler with a few
+ # hacks to redo the lables.
+ #
+.text
+        .set noreorder
+	.set volatile
+	.align 3
+	.globl bn_div_words
+	.ent bn_div_words
+bn_div_words
+	ldgp $29,0($27)
+bn_div_words.ng:
+	lda $30,-48($30)
+	.frame $30,48,$26,0
+	stq $26,0($30)
+	stq $9,8($30)
+	stq $10,16($30)
+	stq $11,24($30)
+	stq $12,32($30)
+	stq $13,40($30)
+	.mask 0x4003e00,-48
+	.prologue 1
+	bis $16,$16,$9
+	bis $17,$17,$10
+	bis $18,$18,$11
+	bis $31,$31,$13
+	bis $31,2,$12
+	bne $11,$9119
+	lda $0,-1
+	br $31,$9136
+	.align 4
+$9119:
+	bis $11,$11,$16
+	jsr $26,BN_num_bits_word
+	ldgp $29,0($26)
+	subq $0,64,$1
+	beq $1,$9120
+	bis $31,1,$1
+	sll $1,$0,$1
+	cmpule $9,$1,$1
+	bne $1,$9120
+ #	lda $16,_IO_stderr_
+ #	lda $17,$C32
+ #	bis $0,$0,$18
+ #	jsr $26,fprintf
+ #	ldgp $29,0($26)
+	jsr $26,abort
+	ldgp $29,0($26)
+	.align 4
+$9120:
+	bis $31,64,$3
+	cmpult $9,$11,$2
+	subq $3,$0,$1
+	addl $1,$31,$0
+	subq $9,$11,$1
+	cmoveq $2,$1,$9
+	beq $0,$9122
+	zapnot $0,15,$2
+	subq $3,$0,$1
+	sll $11,$2,$11
+	sll $9,$2,$3
+	srl $10,$1,$1
+	sll $10,$2,$10
+	bis $3,$1,$9
+$9122:
+	srl $11,32,$5
+	zapnot $11,15,$6
+	lda $7,-1
+	.align 5
+$9123:
+	srl $9,32,$1
+	subq $1,$5,$1
+	bne $1,$9126
+	zapnot $7,15,$27
+	br $31,$9127
+	.align 4
+$9126:
+	bis $9,$9,$24
+	bis $5,$5,$25
+	divqu $24,$25,$27
+$9127:
+	srl $10,32,$4
+	.align 5
+$9128:
+	mulq $27,$5,$1
+	subq $9,$1,$3
+	zapnot $3,240,$1
+	bne $1,$9129
+	mulq $6,$27,$2
+	sll $3,32,$1
+	addq $1,$4,$1
+	cmpule $2,$1,$2
+	bne $2,$9129
+	subq $27,1,$27
+	br $31,$9128
+	.align 4
+$9129:
+	mulq $27,$6,$1
+	mulq $27,$5,$4
+	srl $1,32,$3
+	sll $1,32,$1
+	addq $4,$3,$4
+	cmpult $10,$1,$2
+	subq $10,$1,$10
+	addq $2,$4,$2
+	cmpult $9,$2,$1
+	bis $2,$2,$4
+	beq $1,$9134
+	addq $9,$11,$9
+	subq $27,1,$27
+$9134:
+	subl $12,1,$12
+	subq $9,$4,$9
+	beq $12,$9124
+	sll $27,32,$13
+	sll $9,32,$2
+	srl $10,32,$1
+	sll $10,32,$10
+	bis $2,$1,$9
+	br $31,$9123
+	.align 4
+$9124:
+	bis $13,$27,$0
+$9136:
+	ldq $26,0($30)
+	ldq $9,8($30)
+	ldq $10,16($30)
+	ldq $11,24($30)
+	ldq $12,32($30)
+	ldq $13,40($30)
+	addq $30,48,$30
+	ret $31,($26),1
+	.end bn_div_words
+EOF
+	&asm_add($data);
+	}
+
+1;
diff --git a/crypto/openssl/crypto/bn/asm/alpha/mul.pl b/crypto/openssl/crypto/bn/asm/alpha/mul.pl
new file mode 100644
index 000000000000..76c926566c7f
--- /dev/null
+++ b/crypto/openssl/crypto/bn/asm/alpha/mul.pl
@@ -0,0 +1,104 @@
+#!/usr/local/bin/perl
+# alpha assember 
+
+sub bn_mul_words
+	{
+	local($name)=@_;
+	local($cc,$a,$b,$r,$couny);
+
+	&init_pool(4);
+	($cc)=GR("r0");
+
+	$rp=&wparam(0);
+	$ap=&wparam(1);
+	$count=&wparam(2);
+	$word=&wparam(3);
+
+	&function_begin($name,"");
+
+	&comment("");
+	&sub($count,4,$count);
+	 &mov("zero",$cc);
+	###
+	 &blt($count,&label("finish"));
+
+	($a0)=&NR(1); &ld($a0,&QWPw(0,$ap));
+
+	&set_label("loop");
+
+	($a1)=&NR(1); &ld($a1,&QWPw(1,$ap));
+	 ($a2)=&NR(1); &ld($a2,&QWPw(2,$ap));
+
+	&muh($a0,$word,($h0)=&NR(1));	&FR($a0);
+	 ($a3)=&NR(1); &ld($a3,&QWPw(3,$ap));
+	 						### wait 8
+	&mul($a0,$word,($l0)=&NR(1));	&FR($a0);
+	 						### wait 8
+	&muh($a1,$word,($h1)=&NR(1));	&FR($a1);
+	 &add($l0,$cc,$l0);				### wait 8
+	&mul($a1,$word,($l1)=&NR(1));	&FR($a1);
+	 &cmpult($l0,$cc,$cc);				### wait 8
+	&muh($a2,$word,($h2)=&NR(1));	&FR($a2);
+	 &add($h0,$cc,$cc);	&FR($h0); 		### wait 8
+	&mul($a2,$word,($l2)=&NR(1));	&FR($a2);
+	 &add($l1,$cc,$l1);				### wait 8
+	&st($l0,&QWPw(0,$rp));		&FR($l0);
+	 &cmpult($l1,$cc,$cc);				### wait 8
+	&muh($a3,$word,($h3)=&NR(1));	&FR($a3);
+	 &add($h1,$cc,$cc);		&FR($h1);
+	&mul($a3,$word,($l3)=&NR(1));	&FR($a3);
+	 &add($l2,$cc,$l2);
+	&st($l1,&QWPw(1,$rp));		&FR($l1);
+	 &cmpult($l2,$cc,$cc);
+	&add($h2,$cc,$cc);		&FR($h2);
+	 &sub($count,4,$count);	# count-=4
+	&st($l2,&QWPw(2,$rp));		&FR($l2);
+	 &add($l3,$cc,$l3);
+	&cmpult($l3,$cc,$cc);
+	 &add($bp,4*$QWS,$bp);	# count+=4
+	&add($h3,$cc,$cc);		&FR($h3);
+	 &add($ap,4*$QWS,$ap);	# count+=4
+	&st($l3,&QWPw(3,$rp));		&FR($l3);
+	 &add($rp,4*$QWS,$rp);	# count+=4
+	###
+	 &blt($count,&label("finish"));
+	 ($a0)=&NR(1); &ld($a0,&QWPw(0,$ap));
+	&br(&label("finish"));
+##################################################
+
+##################################################
+	# Do the last 0..3 words
+
+	&set_label("last_loop");
+
+	&ld(($a0)=&NR(1),&QWPw(0,$ap));	# get a
+	 ###
+	###
+	 ###
+	&muh($a0,$word,($h0)=&NR(1));
+	 ### Wait 8 for next mul issue
+	&mul($a0,$word,($l0)=&NR(1)); &FR($a0)
+	 &add($ap,$QWS,$ap);
+	### Loose 12 until result is available
+	&add($rp,$QWS,$rp);
+	 &sub($count,1,$count);
+	&add($l0,$cc,$l0);
+	 ###
+	&st($l0,&QWPw(-1,$rp));		&FR($l0);
+	 &cmpult($l0,$cc,$cc);
+	&add($h0,$cc,$cc);		&FR($h0);
+	 &bgt($count,&label("last_loop"));
+	&function_end_A($name);
+
+######################################################
+	&set_label("finish");
+	&add($count,4,$count);
+	&bgt($count,&label("last_loop"));
+
+	&set_label("end");
+	&function_end($name);
+
+	&fin_pool;
+	}
+
+1;
diff --git a/crypto/openssl/crypto/bn/asm/alpha/mul_add.pl b/crypto/openssl/crypto/bn/asm/alpha/mul_add.pl
new file mode 100644
index 000000000000..0d6df69bc4b0
--- /dev/null
+++ b/crypto/openssl/crypto/bn/asm/alpha/mul_add.pl
@@ -0,0 +1,123 @@
+#!/usr/local/bin/perl
+# alpha assember 
+
+sub bn_mul_add_words
+	{
+	local($name)=@_;
+	local($cc,$a,$b,$r,$couny);
+
+	&init_pool(4);
+	($cc)=GR("r0");
+
+	$rp=&wparam(0);
+	$ap=&wparam(1);
+	$count=&wparam(2);
+	$word=&wparam(3);
+
+	&function_begin($name,"");
+
+	&comment("");
+	&sub($count,4,$count);
+	 &mov("zero",$cc);
+	###
+	 &blt($count,&label("finish"));
+
+	&ld(($a0)=&NR(1),&QWPw(0,$ap));
+
+$a=<<'EOF';
+##########################################################
+	&set_label("loop");
+
+	&ld(($r0)=&NR(1),&QWPw(0,$rp));
+	 &ld(($a1)=&NR(1),&QWPw(1,$ap));
+	&muh($a0,$word,($h0)=&NR(1));
+	 &ld(($r1)=&NR(1),&QWPw(1,$rp));
+	&ld(($a2)=&NR(1),&QWPw(2,$ap));
+	 ###
+	&mul($a0,$word,($l0)=&NR(1));	&FR($a0);
+	 &ld(($r2)=&NR(1),&QWPw(2,$rp));
+	&muh($a1,$word,($h1)=&NR(1));
+	 &ld(($a3)=&NR(1),&QWPw(3,$ap));
+	&mul($a1,$word,($l1)=&NR(1));	&FR($a1);
+	 &ld(($r3)=&NR(1),&QWPw(3,$rp));
+	&add($r0,$l0,$r0);
+	 &add($r1,$l1,$r1);
+	&cmpult($r0,$l0,($t0)=&NR(1));	&FR($l0);
+	 &cmpult($r1,$l1,($t1)=&NR(1));	&FR($l1);
+	&muh($a2,$word,($h2)=&NR(1));
+	 &add($r0,$cc,$r0);
+	&add($h0,$t0,$h0);		&FR($t0);
+	 &cmpult($r0,$cc,$cc);
+	&add($h1,$t1,$h1);		&FR($t1);
+	 &add($h0,$cc,$cc);		&FR($h0);
+	&mul($a2,$word,($l2)=&NR(1));	&FR($a2);
+	 &add($r1,$cc,$r1);
+	&cmpult($r1,$cc,$cc);
+	 &add($r2,$l2,$r2);
+	&add($h1,$cc,$cc);		&FR($h1);
+	 &cmpult($r2,$l2,($t2)=&NR(1));	&FR($l2);
+	&muh($a3,$word,($h3)=&NR(1));
+	 &add($r2,$cc,$r2);
+	&st($r0,&QWPw(0,$rp)); &FR($r0);
+	 &add($h2,$t2,$h2);		&FR($t2);
+	&st($r1,&QWPw(1,$rp)); &FR($r1);
+	 &cmpult($r2,$cc,$cc);
+	&mul($a3,$word,($l3)=&NR(1));	&FR($a3);
+	 &add($h2,$cc,$cc);		&FR($h2);
+	&st($r2,&QWPw(2,$rp)); &FR($r2);
+	 &sub($count,4,$count);	# count-=4
+	 &add($rp,4*$QWS,$rp);	# count+=4
+	&add($r3,$l3,$r3);
+	 &add($ap,4*$QWS,$ap);	# count+=4
+	&cmpult($r3,$l3,($t3)=&NR(1));	&FR($l3);
+	 &add($r3,$cc,$r3);
+	&add($h3,$t3,$h3);		&FR($t3);
+	 &cmpult($r3,$cc,$cc);
+	&st($r3,&QWPw(-1,$rp)); &FR($r3);
+	 &add($h3,$cc,$cc);		&FR($h3);
+
+	###
+	 &blt($count,&label("finish"));
+	&ld(($a0)=&NR(1),&QWPw(0,$ap));
+	 &br(&label("loop"));
+EOF
+##################################################
+	# Do the last 0..3 words
+
+	&set_label("last_loop");
+
+	&ld(($a0)=&NR(1),&QWPw(0,$ap));	# get a
+	 &ld(($r0)=&NR(1),&QWPw(0,$rp));	# get b
+	###
+	 ###
+	&muh($a0,$word,($h0)=&NR(1));	&FR($a0);
+	 ### wait 8
+	&mul($a0,$word,($l0)=&NR(1));	&FR($a0);
+	 &add($rp,$QWS,$rp);
+	&add($ap,$QWS,$ap);
+	 &sub($count,1,$count);
+	### wait 3 until l0 is available
+	&add($r0,$l0,$r0);
+	 ###
+	&cmpult($r0,$l0,($t0)=&NR(1));	&FR($l0);
+	 &add($r0,$cc,$r0);
+	&add($h0,$t0,$h0);		&FR($t0);
+	 &cmpult($r0,$cc,$cc);
+	&add($h0,$cc,$cc);		&FR($h0);
+
+	&st($r0,&QWPw(-1,$rp));		&FR($r0);
+	 &bgt($count,&label("last_loop"));
+	&function_end_A($name);
+
+######################################################
+	&set_label("finish");
+	&add($count,4,$count);
+	 &bgt($count,&label("last_loop"));
+
+	&set_label("end");
+	&function_end($name);
+
+	&fin_pool;
+	}
+
+1;
diff --git a/crypto/openssl/crypto/bn/asm/alpha/mul_c4.pl b/crypto/openssl/crypto/bn/asm/alpha/mul_c4.pl
new file mode 100644
index 000000000000..9cc876ded4ae
--- /dev/null
+++ b/crypto/openssl/crypto/bn/asm/alpha/mul_c4.pl
@@ -0,0 +1,215 @@
+#!/usr/local/bin/perl
+# alpha assember 
+
+# upto
+
+sub mul_add_c
+	{
+	local($a,$b,$c0,$c1,$c2)=@_;
+	local($l1,$h1,$t1,$t2);
+
+	&mul($a,$b,($l1)=&NR(1));
+	&muh($a,$b,($h1)=&NR(1));
+	&add($c0,$l1,$c0);
+	&cmpult($c0,$l1,($t1)=&NR(1));	&FR($l1);
+	&add($t1,$h1,$h1);		&FR($t1);
+	&add($c1,$h1,$c1);
+	&cmpult($c1,$h1,($t2)=&NR(1));	&FR($h1);
+	&add($c2,$t2,$c2);		&FR($t2);
+	}
+
+sub bn_mul_comba4
+	{
+	local($name)=@_;
+	local(@a,@b,$r,$c0,$c1,$c2);
+
+	$cnt=1;
+	&init_pool(3);
+
+	$rp=&wparam(0);
+	$ap=&wparam(1);
+	$bp=&wparam(2);
+
+	&function_begin($name,"");
+
+	&comment("");
+
+	&ld(($a[0])=&NR(1),&QWPw(0,$ap));
+	&ld(($b[0])=&NR(1),&QWPw(0,$bp));
+	&ld(($a[1])=&NR(1),&QWPw(1,$ap));
+	&ld(($b[1])=&NR(1),&QWPw(1,$bp));
+	&mul($a[0],$b[0],($r00)=&NR(1));
+	&ld(($a[2])=&NR(1),&QWPw(2,$ap));
+	&ld(($b[2])=&NR(1),&QWPw(2,$bp));
+	&muh($a[0],$b[0],($r01)=&NR(1));
+	&FR($ap); &ld(($a[3])=&NR(1),&QWPw(3,$ap));
+	&FR($bp); &ld(($b[3])=&NR(1),&QWPw(3,$bp));
+	&mul($a[0],$b[1],($r02)=&NR(1));
+
+	($R,$H1,$H2)=&NR(3);
+
+	&st($r00,&QWPw(0,$rp));	&FR($r00);
+
+	&mov("zero",$R);
+	&mul($a[1],$b[0],($r03)=&NR(1));
+
+	&mov("zero",$H1);
+	&mov("zero",$H0);
+	 &add($R,$r01,$R);
+	&muh($a[0],$b[1],($r04)=&NR(1));
+	 &cmpult($R,$r01,($t01)=&NR(1));	&FR($r01);
+	 &add($R,$r02,$R);
+	 &add($H1,$t01,$H1)			&FR($t01);
+	&muh($a[1],$b[0],($r05)=&NR(1));
+	 &cmpult($R,$r02,($t02)=&NR(1));	&FR($r02);
+	 &add($R,$r03,$R);
+	 &add($H2,$t02,$H2)			&FR($t02);
+	&mul($a[0],$b[2],($r06)=&NR(1));
+	 &cmpult($R,$r03,($t03)=&NR(1));	&FR($r03);
+	 &add($H1,$t03,$H1)			&FR($t03);
+	&st($R,&QWPw(1,$rp));
+	&add($H1,$H2,$R);
+
+	&mov("zero",$H1);
+	 &add($R,$r04,$R);
+	&mov("zero",$H2);
+	&mul($a[1],$b[1],($r07)=&NR(1));
+	 &cmpult($R,$r04,($t04)=&NR(1));	&FR($r04);
+	 &add($R,$r05,$R);
+	 &add($H1,$t04,$H1)			&FR($t04);
+	&mul($a[2],$b[0],($r08)=&NR(1));
+	 &cmpult($R,$r05,($t05)=&NR(1));	&FR($r05);
+	 &add($R,$r01,$R);
+	 &add($H2,$t05,$H2)			&FR($t05);
+	&muh($a[0],$b[2],($r09)=&NR(1));
+	 &cmpult($R,$r06,($t06)=&NR(1));	&FR($r06);
+	 &add($R,$r07,$R);
+	 &add($H1,$t06,$H1)			&FR($t06);
+	&muh($a[1],$b[1],($r10)=&NR(1));
+	 &cmpult($R,$r07,($t07)=&NR(1));	&FR($r07);
+	 &add($R,$r08,$R);
+	 &add($H2,$t07,$H2)			&FR($t07);
+	&muh($a[2],$b[0],($r11)=&NR(1));
+	 &cmpult($R,$r08,($t08)=&NR(1));	&FR($r08);
+	 &add($H1,$t08,$H1)			&FR($t08);
+	&st($R,&QWPw(2,$rp));
+	&add($H1,$H2,$R);
+
+	&mov("zero",$H1);
+	 &add($R,$r09,$R);
+	&mov("zero",$H2);
+	&mul($a[0],$b[3],($r12)=&NR(1));
+	 &cmpult($R,$r09,($t09)=&NR(1));	&FR($r09);
+	 &add($R,$r10,$R);
+	 &add($H1,$t09,$H1)			&FR($t09);
+	&mul($a[1],$b[2],($r13)=&NR(1));
+	 &cmpult($R,$r10,($t10)=&NR(1));	&FR($r10);
+	 &add($R,$r11,$R);
+	 &add($H1,$t10,$H1)			&FR($t10);
+	&mul($a[2],$b[1],($r14)=&NR(1));
+	 &cmpult($R,$r11,($t11)=&NR(1));	&FR($r11);
+	 &add($R,$r12,$R);
+	 &add($H1,$t11,$H1)			&FR($t11);
+	&mul($a[3],$b[0],($r15)=&NR(1));
+	 &cmpult($R,$r12,($t12)=&NR(1));	&FR($r12);
+	 &add($R,$r13,$R);
+	 &add($H1,$t12,$H1)			&FR($t12);
+	&muh($a[0],$b[3],($r16)=&NR(1));
+	 &cmpult($R,$r13,($t13)=&NR(1));	&FR($r13);
+	 &add($R,$r14,$R);
+	 &add($H1,$t13,$H1)			&FR($t13);
+	&muh($a[1],$b[2],($r17)=&NR(1));
+	 &cmpult($R,$r14,($t14)=&NR(1));	&FR($r14);
+	 &add($R,$r15,$R);
+	 &add($H1,$t14,$H1)			&FR($t14);
+	&muh($a[2],$b[1],($r18)=&NR(1));
+	 &cmpult($R,$r15,($t15)=&NR(1));	&FR($r15);
+	 &add($H1,$t15,$H1)			&FR($t15);
+	&st($R,&QWPw(3,$rp));
+	&add($H1,$H2,$R);
+
+	&mov("zero",$H1);
+	 &add($R,$r16,$R);
+	&mov("zero",$H2);
+	&muh($a[3],$b[0],($r19)=&NR(1));
+	 &cmpult($R,$r16,($t16)=&NR(1));	&FR($r16);
+	 &add($R,$r17,$R);
+	 &add($H1,$t16,$H1)			&FR($t16);
+	&mul($a[1],$b[3],($r20)=&NR(1));
+	 &cmpult($R,$r17,($t17)=&NR(1));	&FR($r17);
+	 &add($R,$r18,$R);
+	 &add($H1,$t17,$H1)			&FR($t17);
+	&mul($a[2],$b[2],($r21)=&NR(1));
+	 &cmpult($R,$r18,($t18)=&NR(1));	&FR($r18);
+	 &add($R,$r19,$R);
+	 &add($H1,$t18,$H1)			&FR($t18);
+	&mul($a[3],$b[1],($r22)=&NR(1));
+	 &cmpult($R,$r19,($t19)=&NR(1));	&FR($r19);
+	 &add($R,$r20,$R);
+	 &add($H1,$t19,$H1)			&FR($t19);
+	&muh($a[1],$b[3],($r23)=&NR(1));
+	 &cmpult($R,$r20,($t20)=&NR(1));	&FR($r20);
+	 &add($R,$r21,$R);
+	 &add($H1,$t20,$H1)			&FR($t20);
+	&muh($a[2],$b[2],($r24)=&NR(1));
+	 &cmpult($R,$r21,($t21)=&NR(1));	&FR($r21);
+	 &add($R,$r22,$R);
+	 &add($H1,$t21,$H1)			&FR($t21);
+	&muh($a[3],$b[1],($r25)=&NR(1));
+	 &cmpult($R,$r22,($t22)=&NR(1));	&FR($r22);
+	 &add($H1,$t22,$H1)			&FR($t22);
+	&st($R,&QWPw(4,$rp));
+	&add($H1,$H2,$R);
+
+	&mov("zero",$H1);
+	 &add($R,$r23,$R);
+	&mov("zero",$H2);
+	&mul($a[2],$b[3],($r26)=&NR(1));
+	 &cmpult($R,$r23,($t23)=&NR(1));	&FR($r23);
+	 &add($R,$r24,$R);
+	 &add($H1,$t23,$H1)			&FR($t23);
+	&mul($a[3],$b[2],($r27)=&NR(1));
+	 &cmpult($R,$r24,($t24)=&NR(1));	&FR($r24);
+	 &add($R,$r25,$R);
+	 &add($H1,$t24,$H1)			&FR($t24);
+	&muh($a[2],$b[3],($r28)=&NR(1));
+	 &cmpult($R,$r25,($t25)=&NR(1));	&FR($r25);
+	 &add($R,$r26,$R);
+	 &add($H1,$t25,$H1)			&FR($t25);
+	&muh($a[3],$b[2],($r29)=&NR(1));
+	 &cmpult($R,$r26,($t26)=&NR(1));	&FR($r26);
+	 &add($R,$r27,$R);
+	 &add($H1,$t26,$H1)			&FR($t26);
+	&mul($a[3],$b[3],($r30)=&NR(1));
+	 &cmpult($R,$r27,($t27)=&NR(1));	&FR($r27);
+	 &add($H1,$t27,$H1)			&FR($t27);
+	&st($R,&QWPw(5,$rp));
+	&add($H1,$H2,$R);
+
+	&mov("zero",$H1);
+	 &add($R,$r28,$R);
+	&mov("zero",$H2);
+	&muh($a[3],$b[3],($r31)=&NR(1));
+	 &cmpult($R,$r28,($t28)=&NR(1));	&FR($r28);
+	 &add($R,$r29,$R);
+	 &add($H1,$t28,$H1)			&FR($t28);
+	############
+	 &cmpult($R,$r29,($t29)=&NR(1));	&FR($r29);
+	 &add($R,$r30,$R);
+	 &add($H1,$t29,$H1)			&FR($t29);
+        ############
+	 &cmpult($R,$r30,($t30)=&NR(1));	&FR($r30);
+	 &add($H1,$t30,$H1)			&FR($t30);
+	&st($R,&QWPw(6,$rp));
+	&add($H1,$H2,$R);
+
+	 &add($R,$r31,$R);			&FR($r31);
+	&st($R,&QWPw(7,$rp));
+
+	&FR($R,$H1,$H2);
+	&function_end($name);
+
+	&fin_pool;
+	}
+
+1;
diff --git a/crypto/openssl/crypto/bn/asm/alpha/mul_c4.works.pl b/crypto/openssl/crypto/bn/asm/alpha/mul_c4.works.pl
new file mode 100644
index 000000000000..79d86dd25cd1
--- /dev/null
+++ b/crypto/openssl/crypto/bn/asm/alpha/mul_c4.works.pl
@@ -0,0 +1,98 @@
+#!/usr/local/bin/perl
+# alpha assember 
+
+sub mul_add_c
+	{
+	local($a,$b,$c0,$c1,$c2)=@_;
+	local($l1,$h1,$t1,$t2);
+
+print STDERR "count=$cnt\n"; $cnt++;
+	&mul($a,$b,($l1)=&NR(1));
+	&muh($a,$b,($h1)=&NR(1));
+	&add($c0,$l1,$c0);
+	&cmpult($c0,$l1,($t1)=&NR(1));	&FR($l1);
+	&add($t1,$h1,$h1);		&FR($t1);
+	&add($c1,$h1,$c1);
+	&cmpult($c1,$h1,($t2)=&NR(1));	&FR($h1);
+	&add($c2,$t2,$c2);		&FR($t2);
+	}
+
+sub bn_mul_comba4
+	{
+	local($name)=@_;
+	local(@a,@b,$r,$c0,$c1,$c2);
+
+	$cnt=1;
+	&init_pool(3);
+
+	$rp=&wparam(0);
+	$ap=&wparam(1);
+	$bp=&wparam(2);
+
+	&function_begin($name,"");
+
+	&comment("");
+
+	&ld(($a[0])=&NR(1),&QWPw(0,$ap));
+	&ld(($b[0])=&NR(1),&QWPw(0,$bp));
+	&ld(($a[1])=&NR(1),&QWPw(1,$ap));
+	&ld(($b[1])=&NR(1),&QWPw(1,$bp));
+	&ld(($a[2])=&NR(1),&QWPw(2,$ap));
+	&ld(($b[2])=&NR(1),&QWPw(2,$bp));
+	&ld(($a[3])=&NR(1),&QWPw(3,$ap));	&FR($ap);
+	&ld(($b[3])=&NR(1),&QWPw(3,$bp));	&FR($bp);
+
+	($c0,$c1,$c2)=&NR(3);
+	&mov("zero",$c2);
+	&mul($a[0],$b[0],$c0);
+	&muh($a[0],$b[0],$c1);
+	&st($c0,&QWPw(0,$rp));			&FR($c0); ($c0)=&NR($c0);
+	($c0,$c1,$c2)=($c1,$c2,$c0);
+	&mov("zero",$c2);
+
+	&mul_add_c($a[0],$b[1],$c0,$c1,$c2);
+	&mul_add_c($a[1],$b[0],$c0,$c1,$c2);
+	&st($c0,&QWPw(1,$rp));			&FR($c0); ($c0)=&NR($c0);
+	($c0,$c1,$c2)=($c1,$c2,$c0);
+	&mov("zero",$c2);
+
+	&mul_add_c($a[1],$b[1],$c0,$c1,$c2);
+	&mul_add_c($a[0],$b[2],$c0,$c1,$c2);
+	&mul_add_c($a[2],$b[0],$c0,$c1,$c2);
+	&st($c0,&QWPw(2,$rp));			&FR($c0); ($c0)=&NR($c0);
+	($c0,$c1,$c2)=($c1,$c2,$c0);
+	&mov("zero",$c2);
+
+	&mul_add_c($a[0],$b[3],$c0,$c1,$c2);	&FR($a[0]);
+	&mul_add_c($a[1],$b[2],$c0,$c1,$c2);
+	&mul_add_c($a[2],$b[1],$c0,$c1,$c2);
+	&mul_add_c($a[3],$b[0],$c0,$c1,$c2);	&FR($b[0]);
+	&st($c0,&QWPw(3,$rp));			&FR($c0); ($c0)=&NR($c0);
+	($c0,$c1,$c2)=($c1,$c2,$c0);
+	&mov("zero",$c2);
+
+	&mul_add_c($a[1],$b[3],$c0,$c1,$c2);	&FR($a[1]);
+	&mul_add_c($a[2],$b[2],$c0,$c1,$c2);
+	&mul_add_c($a[3],$b[1],$c0,$c1,$c2);	&FR($b[1]);
+	&st($c0,&QWPw(4,$rp));			&FR($c0); ($c0)=&NR($c0);
+	($c0,$c1,$c2)=($c1,$c2,$c0);
+	&mov("zero",$c2);
+
+	&mul_add_c($a[2],$b[3],$c0,$c1,$c2);	&FR($a[2]);
+	&mul_add_c($a[3],$b[2],$c0,$c1,$c2);	&FR($b[2]);
+	&st($c0,&QWPw(5,$rp));			&FR($c0); ($c0)=&NR($c0);
+	($c0,$c1,$c2)=($c1,$c2,$c0);
+	&mov("zero",$c2);
+
+	&mul_add_c($a[3],$b[3],$c0,$c1,$c2);	&FR($a[3],$b[3]);
+	&st($c0,&QWPw(6,$rp));
+	&st($c1,&QWPw(7,$rp));
+
+	&FR($c0,$c1,$c2);
+
+	&function_end($name);
+
+	&fin_pool;
+	}
+
+1;
diff --git a/crypto/openssl/crypto/bn/asm/alpha/mul_c8.pl b/crypto/openssl/crypto/bn/asm/alpha/mul_c8.pl
new file mode 100644
index 000000000000..525ca7494b73
--- /dev/null
+++ b/crypto/openssl/crypto/bn/asm/alpha/mul_c8.pl
@@ -0,0 +1,177 @@
+#!/usr/local/bin/perl
+# alpha assember 
+
+sub bn_mul_comba8
+	{
+	local($name)=@_;
+	local(@a,@b,$r,$c0,$c1,$c2);
+
+	$cnt=1;
+	&init_pool(3);
+
+	$rp=&wparam(0);
+	$ap=&wparam(1);
+	$bp=&wparam(2);
+
+	&function_begin($name,"");
+
+	&comment("");
+
+	&stack_push(2);
+	&ld(($a[0])=&NR(1),&QWPw(0,$ap));
+	&ld(($b[0])=&NR(1),&QWPw(0,$bp));
+	&st($reg_s0,&swtmp(0)); &FR($reg_s0);
+	&st($reg_s1,&swtmp(1)); &FR($reg_s1);
+	&ld(($a[1])=&NR(1),&QWPw(1,$ap));
+	&ld(($b[1])=&NR(1),&QWPw(1,$bp));
+	&ld(($a[2])=&NR(1),&QWPw(2,$ap));
+	&ld(($b[2])=&NR(1),&QWPw(2,$bp));
+	&ld(($a[3])=&NR(1),&QWPw(3,$ap));
+	&ld(($b[3])=&NR(1),&QWPw(3,$bp));
+	&ld(($a[4])=&NR(1),&QWPw(1,$ap));
+	&ld(($b[4])=&NR(1),&QWPw(1,$bp));
+	&ld(($a[5])=&NR(1),&QWPw(1,$ap));
+	&ld(($b[5])=&NR(1),&QWPw(1,$bp));
+	&ld(($a[6])=&NR(1),&QWPw(1,$ap));
+	&ld(($b[6])=&NR(1),&QWPw(1,$bp));
+	&ld(($a[7])=&NR(1),&QWPw(1,$ap));	&FR($ap);
+	&ld(($b[7])=&NR(1),&QWPw(1,$bp));	&FR($bp);
+
+	($c0,$c1,$c2)=&NR(3);
+	&mov("zero",$c2);
+	&mul($a[0],$b[0],$c0);
+	&muh($a[0],$b[0],$c1);
+	&st($c0,&QWPw(0,$rp));			&FR($c0); ($c0)=&NR(1);
+	($c0,$c1,$c2)=($c1,$c2,$c0);
+	&mov("zero",$c2);
+
+	&mul_add_c($a[0],$b[1],$c0,$c1,$c2);
+	&mul_add_c($a[1],$b[0],$c0,$c1,$c2);
+	&st($c0,&QWPw(1,$rp));			&FR($c0); ($c0)=&NR(1);
+	($c0,$c1,$c2)=($c1,$c2,$c0);
+	&mov("zero",$c2);
+
+	&mul_add_c($a[0],$b[2],$c0,$c1,$c2);
+	&mul_add_c($a[1],$b[1],$c0,$c1,$c2);
+	&mul_add_c($a[2],$b[0],$c0,$c1,$c2);
+	&st($c0,&QWPw(2,$rp));			&FR($c0); ($c0)=&NR(1);
+	($c0,$c1,$c2)=($c1,$c2,$c0);
+	&mov("zero",$c2);
+
+	&mul_add_c($a[0],$b[3],$c0,$c1,$c2);
+	&mul_add_c($a[1],$b[2],$c0,$c1,$c2);
+	&mul_add_c($a[2],$b[1],$c0,$c1,$c2);
+	&mul_add_c($a[3],$b[0],$c0,$c1,$c2);
+	&st($c0,&QWPw(3,$rp));			&FR($c0); ($c0)=&NR(1);
+	($c0,$c1,$c2)=($c1,$c2,$c0);
+	&mov("zero",$c2);
+
+	&mul_add_c($a[0],$b[4],$c0,$c1,$c2);
+	&mul_add_c($a[1],$b[3],$c0,$c1,$c2);
+	&mul_add_c($a[2],$b[2],$c0,$c1,$c2);
+	&mul_add_c($a[3],$b[1],$c0,$c1,$c2);
+	&mul_add_c($a[4],$b[0],$c0,$c1,$c2);
+	&st($c0,&QWPw(4,$rp));			&FR($c0); ($c0)=&NR(1);
+	($c0,$c1,$c2)=($c1,$c2,$c0);
+	&mov("zero",$c2);
+
+	&mul_add_c($a[0],$b[5],$c0,$c1,$c2);
+	&mul_add_c($a[1],$b[4],$c0,$c1,$c2);
+	&mul_add_c($a[2],$b[3],$c0,$c1,$c2);
+	&mul_add_c($a[3],$b[2],$c0,$c1,$c2);
+	&mul_add_c($a[4],$b[1],$c0,$c1,$c2);
+	&mul_add_c($a[5],$b[0],$c0,$c1,$c2);
+	&st($c0,&QWPw(5,$rp));			&FR($c0); ($c0)=&NR(1);
+	($c0,$c1,$c2)=($c1,$c2,$c0);
+	&mov("zero",$c2);
+
+	&mul_add_c($a[0],$b[6],$c0,$c1,$c2);
+	&mul_add_c($a[1],$b[5],$c0,$c1,$c2);
+	&mul_add_c($a[2],$b[4],$c0,$c1,$c2);
+	&mul_add_c($a[3],$b[3],$c0,$c1,$c2);
+	&mul_add_c($a[4],$b[2],$c0,$c1,$c2);
+	&mul_add_c($a[5],$b[1],$c0,$c1,$c2);
+	&mul_add_c($a[6],$b[0],$c0,$c1,$c2);
+	&st($c0,&QWPw(6,$rp));			&FR($c0); ($c0)=&NR(1);
+	($c0,$c1,$c2)=($c1,$c2,$c0);
+	&mov("zero",$c2);
+
+	&mul_add_c($a[0],$b[7],$c0,$c1,$c2);	&FR($a[0]);
+	&mul_add_c($a[1],$b[6],$c0,$c1,$c2);
+	&mul_add_c($a[2],$b[5],$c0,$c1,$c2);
+	&mul_add_c($a[3],$b[4],$c0,$c1,$c2);
+	&mul_add_c($a[4],$b[3],$c0,$c1,$c2);
+	&mul_add_c($a[5],$b[2],$c0,$c1,$c2);
+	&mul_add_c($a[6],$b[1],$c0,$c1,$c2);
+	&mul_add_c($a[7],$b[0],$c0,$c1,$c2);	&FR($b[0]);
+	&st($c0,&QWPw(7,$rp));			&FR($c0); ($c0)=&NR(1);
+	($c0,$c1,$c2)=($c1,$c2,$c0);
+	&mov("zero",$c2);
+
+	&mul_add_c($a[1],$b[7],$c0,$c1,$c2);	&FR($a[1]);
+	&mul_add_c($a[2],$b[6],$c0,$c1,$c2);
+	&mul_add_c($a[3],$b[5],$c0,$c1,$c2);
+	&mul_add_c($a[4],$b[4],$c0,$c1,$c2);
+	&mul_add_c($a[5],$b[3],$c0,$c1,$c2);
+	&mul_add_c($a[6],$b[2],$c0,$c1,$c2);
+	&mul_add_c($a[7],$b[1],$c0,$c1,$c2);	&FR($b[1]);
+	&st($c0,&QWPw(8,$rp));			&FR($c0); ($c0)=&NR(1);
+	($c0,$c1,$c2)=($c1,$c2,$c0);
+	&mov("zero",$c2);
+
+	&mul_add_c($a[2],$b[7],$c0,$c1,$c2);	&FR($a[2]);
+	&mul_add_c($a[3],$b[6],$c0,$c1,$c2);
+	&mul_add_c($a[4],$b[5],$c0,$c1,$c2);
+	&mul_add_c($a[5],$b[4],$c0,$c1,$c2);
+	&mul_add_c($a[6],$b[3],$c0,$c1,$c2);
+	&mul_add_c($a[7],$b[2],$c0,$c1,$c2);	&FR($b[2]);
+	&st($c0,&QWPw(9,$rp));			&FR($c0); ($c0)=&NR(1);
+	($c0,$c1,$c2)=($c1,$c2,$c0);
+	&mov("zero",$c2);
+
+	&mul_add_c($a[3],$b[7],$c0,$c1,$c2);	&FR($a[3]);
+	&mul_add_c($a[4],$b[6],$c0,$c1,$c2);
+	&mul_add_c($a[5],$b[5],$c0,$c1,$c2);
+	&mul_add_c($a[6],$b[4],$c0,$c1,$c2);
+	&mul_add_c($a[7],$b[3],$c0,$c1,$c2);	&FR($b[3]);
+	&st($c0,&QWPw(10,$rp));			&FR($c0); ($c0)=&NR(1);
+	($c0,$c1,$c2)=($c1,$c2,$c0);
+	&mov("zero",$c2);
+
+	&mul_add_c($a[4],$b[7],$c0,$c1,$c2);	&FR($a[4]);
+	&mul_add_c($a[5],$b[6],$c0,$c1,$c2);
+	&mul_add_c($a[6],$b[5],$c0,$c1,$c2);
+	&mul_add_c($a[7],$b[4],$c0,$c1,$c2);	&FR($b[4]);
+	&st($c0,&QWPw(11,$rp));			&FR($c0); ($c0)=&NR(1);
+	($c0,$c1,$c2)=($c1,$c2,$c0);
+	&mov("zero",$c2);
+
+	&mul_add_c($a[5],$b[7],$c0,$c1,$c2);	&FR($a[5]);
+	&mul_add_c($a[6],$b[6],$c0,$c1,$c2);
+	&mul_add_c($a[7],$b[5],$c0,$c1,$c2);	&FR($b[5]);
+	&st($c0,&QWPw(12,$rp));			&FR($c0); ($c0)=&NR(1);
+	($c0,$c1,$c2)=($c1,$c2,$c0);
+	&mov("zero",$c2);
+
+	&mul_add_c($a[6],$b[7],$c0,$c1,$c2);	&FR($a[6]);
+	&mul_add_c($a[7],$b[6],$c0,$c1,$c2);	&FR($b[6]);
+	&st($c0,&QWPw(13,$rp));			&FR($c0); ($c0)=&NR(1);
+	($c0,$c1,$c2)=($c1,$c2,$c0);
+	&mov("zero",$c2);
+
+	&mul_add_c($a[7],$b[7],$c0,$c1,$c2);	&FR($a[7],$b[7]);
+	&st($c0,&QWPw(14,$rp));
+	&st($c1,&QWPw(15,$rp));
+
+	&FR($c0,$c1,$c2);
+
+	&ld($reg_s0,&swtmp(0));
+	&ld($reg_s1,&swtmp(1));
+	&stack_pop(2);
+
+	&function_end($name);
+
+	&fin_pool;
+	}
+
+1;
diff --git a/crypto/openssl/crypto/bn/asm/alpha/sqr.pl b/crypto/openssl/crypto/bn/asm/alpha/sqr.pl
new file mode 100644
index 000000000000..a55b696906e1
--- /dev/null
+++ b/crypto/openssl/crypto/bn/asm/alpha/sqr.pl
@@ -0,0 +1,113 @@
+#!/usr/local/bin/perl
+# alpha assember 
+
+sub bn_sqr_words
+	{
+	local($name)=@_;
+	local($cc,$a,$b,$r,$couny);
+
+	&init_pool(3);
+	($cc)=GR("r0");
+
+	$rp=&wparam(0);
+	$ap=&wparam(1);
+	$count=&wparam(2);
+
+	&function_begin($name,"");
+
+	&comment("");
+	&sub($count,4,$count);
+	&mov("zero",$cc);
+	&br(&label("finish"));
+	&blt($count,&label("finish"));
+
+	($a0,$r0)=&NR(2);
+	&ld($a0,&QWPw(0,$ap));
+	&ld($r0,&QWPw(0,$rp));
+
+$a=<<'EOF';
+##########################################################
+	&set_label("loop");
+
+	($a1)=&NR(1); &ld($a1,&QWPw(1,$ap));
+	($b1)=&NR(1); &ld($b1,&QWPw(1,$bp));
+	($a2)=&NR(1); &ld($a2,&QWPw(2,$ap));
+	($b2)=&NR(1); &ld($b2,&QWPw(2,$bp));
+	($a3)=&NR(1); &ld($a3,&QWPw(3,$ap));
+	($b3)=&NR(1); &ld($b3,&QWPw(3,$bp));
+
+	($o0,$t0)=&NR(2);
+	&add($a0,$b0,$o0); 
+	&cmpult($o0,$b0,$t0);
+	&add($o0,$cc,$o0);
+	&cmpult($o0,$cc,$cc);
+	&add($cc,$t0,$cc);	&FR($t0);
+
+	($t1,$o1)=&NR(2);
+
+	&add($a1,$b1,$o1);	&FR($a1);
+	&cmpult($o1,$b1,$t1);	&FR($b1);
+	&add($o1,$cc,$o1);
+	&cmpult($o1,$cc,$cc);
+	&add($cc,$t1,$cc);	&FR($t1);
+
+	($t2,$o2)=&NR(2);
+
+	&add($a2,$b2,$o2);	&FR($a2);
+	&cmpult($o2,$b2,$t2);	&FR($b2);
+	&add($o2,$cc,$o2);
+	&cmpult($o2,$cc,$cc);
+	&add($cc,$t2,$cc);	&FR($t2);
+
+	($t3,$o3)=&NR(2);
+
+	&add($a3,$b3,$o3);	&FR($a3);
+	&cmpult($o3,$b3,$t3);	&FR($b3);
+	&add($o3,$cc,$o3);
+	&cmpult($o3,$cc,$cc);
+	&add($cc,$t3,$cc);	&FR($t3);
+
+	&st($o0,&QWPw(0,$rp)); &FR($o0);
+	&st($o1,&QWPw(0,$rp)); &FR($o1);
+	&st($o2,&QWPw(0,$rp)); &FR($o2);
+	&st($o3,&QWPw(0,$rp)); &FR($o3);
+
+	&sub($count,4,$count);	# count-=4
+	&add($ap,4*$QWS,$ap);	# count+=4
+	&add($bp,4*$QWS,$bp);	# count+=4
+	&add($rp,4*$QWS,$rp);	# count+=4
+
+	&blt($count,&label("finish"));
+	&ld($a0,&QWPw(0,$ap));
+	 &ld($b0,&QWPw(0,$bp));
+	&br(&label("loop"));
+EOF
+##################################################
+	# Do the last 0..3 words
+
+	&set_label("last_loop");
+
+	&ld(($a0)=&NR(1),&QWPw(0,$ap));	# get a
+	&mul($a0,$a0,($l0)=&NR(1));
+	 &add($ap,$QWS,$ap);
+	 &add($rp,2*$QWS,$rp);
+	 &sub($count,1,$count);
+	&muh($a0,$a0,($h0)=&NR(1));	&FR($a0);
+	&st($l0,&QWPw(-2,$rp));		&FR($l0);
+	&st($h0,&QWPw(-1,$rp));		&FR($h0);
+
+	&bgt($count,&label("last_loop"));
+	&function_end_A($name);
+
+######################################################
+	&set_label("finish");
+	&add($count,4,$count);
+	&bgt($count,&label("last_loop"));
+
+	&set_label("end");
+	&function_end($name);
+
+	&fin_pool;
+	}
+
+1;
diff --git a/crypto/openssl/crypto/bn/asm/alpha/sqr_c4.pl b/crypto/openssl/crypto/bn/asm/alpha/sqr_c4.pl
new file mode 100644
index 000000000000..bf33f5b50372
--- /dev/null
+++ b/crypto/openssl/crypto/bn/asm/alpha/sqr_c4.pl
@@ -0,0 +1,109 @@
+#!/usr/local/bin/perl
+# alpha assember 
+
+sub sqr_add_c
+	{
+	local($a,$c0,$c1,$c2)=@_;
+	local($l1,$h1,$t1,$t2);
+
+	&mul($a,$a,($l1)=&NR(1));
+	&muh($a,$a,($h1)=&NR(1));
+	&add($c0,$l1,$c0);
+	&add($c1,$h1,$c1);
+	&cmpult($c0,$l1,($t1)=&NR(1));	&FR($l1);
+	&cmpult($c1,$h1,($t2)=&NR(1));	&FR($h1);
+	&add($c1,$t1,$c1);		&FR($t1);
+	&add($c2,$t2,$c2);		&FR($t2);
+	}
+
+sub sqr_add_c2
+	{
+	local($a,$b,$c0,$c1,$c2)=@_;
+	local($l1,$h1,$t1,$t2);
+
+	&mul($a,$b,($l1)=&NR(1));
+	&muh($a,$b,($h1)=&NR(1));
+	&cmplt($l1,"zero",($lc1)=&NR(1));
+	&cmplt($h1,"zero",($hc1)=&NR(1));
+	&add($l1,$l1,$l1);
+	&add($h1,$h1,$h1);
+	&add($h1,$lc1,$h1);		&FR($lc1);
+	&add($c2,$hc1,$c2);		&FR($hc1);
+
+	&add($c0,$l1,$c0);
+	&add($c1,$h1,$c1);
+	&cmpult($c0,$l1,($lc1)=&NR(1));	&FR($l1);
+	&cmpult($c1,$h1,($hc1)=&NR(1));	&FR($h1);
+
+	&add($c1,$lc1,$c1);		&FR($lc1);
+	&add($c2,$hc1,$c2);		&FR($hc1);
+	}
+
+
+sub bn_sqr_comba4
+	{
+	local($name)=@_;
+	local(@a,@b,$r,$c0,$c1,$c2);
+
+	$cnt=1;
+	&init_pool(2);
+
+	$rp=&wparam(0);
+	$ap=&wparam(1);
+
+	&function_begin($name,"");
+
+	&comment("");
+
+	&ld(($a[0])=&NR(1),&QWPw(0,$ap));
+	&ld(($a[1])=&NR(1),&QWPw(1,$ap));
+	&ld(($a[2])=&NR(1),&QWPw(2,$ap));
+        &ld(($a[3])=&NR(1),&QWPw(3,$ap)); &FR($ap);
+
+	($c0,$c1,$c2)=&NR(3);
+
+	&mov("zero",$c2);
+	&mul($a[0],$a[0],$c0);
+	&muh($a[0],$a[0],$c1);
+	&st($c0,&QWPw(0,$rp));
+	($c0,$c1,$c2)=($c1,$c2,$c0);
+	&mov("zero",$c2);
+
+	&sqr_add_c2($a[0],$a[1],$c0,$c1,$c2);
+	&st($c0,&QWPw(1,$rp));
+	($c0,$c1,$c2)=($c1,$c2,$c0);
+	&mov("zero",$c2);
+
+	&sqr_add_c($a[1],$c0,$c1,$c2);
+	&sqr_add_c2($a[2],$a[0],$c0,$c1,$c2);
+	&st($c0,&QWPw(2,$rp));
+	($c0,$c1,$c2)=($c1,$c2,$c0);
+	&mov("zero",$c2);
+
+	&sqr_add_c2($a[3],$a[0],$c0,$c1,$c2);
+	&sqr_add_c2($a[2],$a[1],$c0,$c1,$c2);
+	&st($c0,&QWPw(3,$rp));
+	($c0,$c1,$c2)=($c1,$c2,$c0);
+	&mov("zero",$c2);
+
+	&sqr_add_c($a[2],$c0,$c1,$c2);
+	&sqr_add_c2($a[3],$a[1],$c0,$c1,$c2);
+	&st($c0,&QWPw(4,$rp));
+	($c0,$c1,$c2)=($c1,$c2,$c0);
+	&mov("zero",$c2);
+
+	&sqr_add_c2($a[3],$a[2],$c0,$c1,$c2);
+	&st($c0,&QWPw(5,$rp));
+	($c0,$c1,$c2)=($c1,$c2,$c0);
+	&mov("zero",$c2);
+
+	&sqr_add_c($a[3],$c0,$c1,$c2);
+	&st($c0,&QWPw(6,$rp));
+	&st($c1,&QWPw(7,$rp));
+
+	&function_end($name);
+
+	&fin_pool;
+	}
+
+1;
diff --git a/crypto/openssl/crypto/bn/asm/alpha/sqr_c8.pl b/crypto/openssl/crypto/bn/asm/alpha/sqr_c8.pl
new file mode 100644
index 000000000000..b4afe085f1c9
--- /dev/null
+++ b/crypto/openssl/crypto/bn/asm/alpha/sqr_c8.pl
@@ -0,0 +1,132 @@
+#!/usr/local/bin/perl
+# alpha assember 
+
+sub bn_sqr_comba8
+	{
+	local($name)=@_;
+	local(@a,@b,$r,$c0,$c1,$c2);
+
+	$cnt=1;
+	&init_pool(2);
+
+	$rp=&wparam(0);
+	$ap=&wparam(1);
+
+	&function_begin($name,"");
+
+	&comment("");
+
+	&ld(($a[0])=&NR(1),&QWPw(0,$ap));
+	&ld(($a[1])=&NR(1),&QWPw(1,$ap));
+	&ld(($a[2])=&NR(1),&QWPw(2,$ap));
+	&ld(($a[3])=&NR(1),&QWPw(3,$ap));
+	&ld(($a[4])=&NR(1),&QWPw(4,$ap));
+	&ld(($a[5])=&NR(1),&QWPw(5,$ap));
+	&ld(($a[6])=&NR(1),&QWPw(6,$ap));
+        &ld(($a[7])=&NR(1),&QWPw(7,$ap)); &FR($ap);
+
+	($c0,$c1,$c2)=&NR(3);
+
+	&mov("zero",$c2);
+	&mul($a[0],$a[0],$c0);
+	&muh($a[0],$a[0],$c1);
+	&st($c0,&QWPw(0,$rp));
+	($c0,$c1,$c2)=($c1,$c2,$c0);
+	&mov("zero",$c2);
+
+	&sqr_add_c2($a[1],$a[0],$c0,$c1,$c2);
+	&st($c0,&QWPw(1,$rp));
+	($c0,$c1,$c2)=($c1,$c2,$c0);
+	&mov("zero",$c2);
+
+	&sqr_add_c($a[1],$c0,$c1,$c2);
+	&sqr_add_c2($a[2],$a[0],$c0,$c1,$c2);
+	&st($c0,&QWPw(2,$rp));
+	($c0,$c1,$c2)=($c1,$c2,$c0);
+	&mov("zero",$c2);
+
+	&sqr_add_c2($a[2],$a[1],$c0,$c1,$c2);
+	&sqr_add_c2($a[3],$a[0],$c0,$c1,$c2);
+	&st($c0,&QWPw(3,$rp));
+	($c0,$c1,$c2)=($c1,$c2,$c0);
+	&mov("zero",$c2);
+
+	&sqr_add_c($a[2],$c0,$c1,$c2);
+	&sqr_add_c2($a[3],$a[1],$c0,$c1,$c2);
+	&sqr_add_c2($a[4],$a[0],$c0,$c1,$c2);
+	&st($c0,&QWPw(4,$rp));
+	($c0,$c1,$c2)=($c1,$c2,$c0);
+	&mov("zero",$c2);
+
+	&sqr_add_c2($a[3],$a[2],$c0,$c1,$c2);
+	&sqr_add_c2($a[4],$a[1],$c0,$c1,$c2);
+	&sqr_add_c2($a[5],$a[0],$c0,$c1,$c2);
+	&st($c0,&QWPw(5,$rp));
+	($c0,$c1,$c2)=($c1,$c2,$c0);
+	&mov("zero",$c2);
+
+	&sqr_add_c($a[3],$c0,$c1,$c2);
+	&sqr_add_c2($a[4],$a[2],$c0,$c1,$c2);
+	&sqr_add_c2($a[5],$a[1],$c0,$c1,$c2);
+	&sqr_add_c2($a[6],$a[0],$c0,$c1,$c2);
+	&st($c0,&QWPw(6,$rp));
+	($c0,$c1,$c2)=($c1,$c2,$c0);
+	&mov("zero",$c2);
+
+	&sqr_add_c2($a[4],$a[3],$c0,$c1,$c2);
+	&sqr_add_c2($a[5],$a[2],$c0,$c1,$c2);
+	&sqr_add_c2($a[6],$a[1],$c0,$c1,$c2);
+	&sqr_add_c2($a[7],$a[0],$c0,$c1,$c2);
+	&st($c0,&QWPw(7,$rp));
+	($c0,$c1,$c2)=($c1,$c2,$c0);
+	&mov("zero",$c2);
+
+	&sqr_add_c($a[4],$c0,$c1,$c2);
+	&sqr_add_c2($a[5],$a[3],$c0,$c1,$c2);
+	&sqr_add_c2($a[6],$a[2],$c0,$c1,$c2);
+	&sqr_add_c2($a[7],$a[1],$c0,$c1,$c2);
+	&st($c0,&QWPw(8,$rp));
+	($c0,$c1,$c2)=($c1,$c2,$c0);
+	&mov("zero",$c2);
+
+	&sqr_add_c2($a[5],$a[4],$c0,$c1,$c2);
+	&sqr_add_c2($a[6],$a[3],$c0,$c1,$c2);
+	&sqr_add_c2($a[7],$a[2],$c0,$c1,$c2);
+	&st($c0,&QWPw(9,$rp));
+	($c0,$c1,$c2)=($c1,$c2,$c0);
+	&mov("zero",$c2);
+
+	&sqr_add_c($a[5],$c0,$c1,$c2);
+	&sqr_add_c2($a[6],$a[4],$c0,$c1,$c2);
+	&sqr_add_c2($a[7],$a[3],$c0,$c1,$c2);
+	&st($c0,&QWPw(10,$rp));
+	($c0,$c1,$c2)=($c1,$c2,$c0);
+	&mov("zero",$c2);
+
+	&sqr_add_c2($a[6],$a[5],$c0,$c1,$c2);
+	&sqr_add_c2($a[7],$a[4],$c0,$c1,$c2);
+	&st($c0,&QWPw(11,$rp));
+	($c0,$c1,$c2)=($c1,$c2,$c0);
+	&mov("zero",$c2);
+
+	&sqr_add_c($a[6],$c0,$c1,$c2);
+	&sqr_add_c2($a[7],$a[5],$c0,$c1,$c2);
+	&st($c0,&QWPw(12,$rp));
+	($c0,$c1,$c2)=($c1,$c2,$c0);
+	&mov("zero",$c2);
+
+	&sqr_add_c2($a[7],$a[6],$c0,$c1,$c2);
+	&st($c0,&QWPw(13,$rp));
+	($c0,$c1,$c2)=($c1,$c2,$c0);
+	&mov("zero",$c2);
+
+	&sqr_add_c($a[7],$c0,$c1,$c2);
+	&st($c0,&QWPw(14,$rp));
+	&st($c1,&QWPw(15,$rp));
+
+	&function_end($name);
+
+	&fin_pool;
+	}
+
+1;
diff --git a/crypto/openssl/crypto/bn/asm/alpha/sub.pl b/crypto/openssl/crypto/bn/asm/alpha/sub.pl
new file mode 100644
index 000000000000..d998da5c21a2
--- /dev/null
+++ b/crypto/openssl/crypto/bn/asm/alpha/sub.pl
@@ -0,0 +1,108 @@
+#!/usr/local/bin/perl
+# alpha assember
+
+sub bn_sub_words
+	{
+	local($name)=@_;
+	local($cc,$a,$b,$r);
+
+	&init_pool(4);
+	($cc)=GR("r0");
+
+	$rp=&wparam(0);
+	$ap=&wparam(1);
+	$bp=&wparam(2);
+	$count=&wparam(3);
+
+	&function_begin($name,"");
+
+	&comment("");
+	&sub($count,4,$count);
+	&mov("zero",$cc);
+	&blt($count,&label("finish"));
+
+	($a0,$b0)=&NR(2);
+	&ld($a0,&QWPw(0,$ap));
+	&ld($b0,&QWPw(0,$bp));
+
+##########################################################
+	&set_label("loop");
+
+	($a1,$tmp,$b1,$a2,$b2,$a3,$b3,$o0)=&NR(8);
+	&ld($a1,&QWPw(1,$ap));
+	 &cmpult($a0,$b0,$tmp);	# will we borrow?
+	&ld($b1,&QWPw(1,$bp));
+	 &sub($a0,$b0,$a0);		# do the subtract
+	&ld($a2,&QWPw(2,$ap));
+	 &cmpult($a0,$cc,$b0);	# will we borrow?
+	&ld($b2,&QWPw(2,$bp));
+	 &sub($a0,$cc,$o0);	# will we borrow?
+	&ld($a3,&QWPw(3,$ap));
+	 &add($b0,$tmp,$cc); ($t1,$o1)=&NR(2); &FR($tmp);
+
+	&cmpult($a1,$b1,$t1);	# will we borrow?
+	 &sub($a1,$b1,$a1);	# do the subtract
+	&ld($b3,&QWPw(3,$bp));
+	 &cmpult($a1,$cc,$b1);	# will we borrow?
+	&sub($a1,$cc,$o1);	# will we borrow?
+	 &add($b1,$t1,$cc); ($tmp,$o2)=&NR(2); &FR($t1,$a1,$b1);
+	
+	&cmpult($a2,$b2,$tmp);	# will we borrow?
+	 &sub($a2,$b2,$a2);		# do the subtract
+	&st($o0,&QWPw(0,$rp));	&FR($o0); # save
+	 &cmpult($a2,$cc,$b2);	# will we borrow?
+	&sub($a2,$cc,$o2);	# will we borrow?
+	 &add($b2,$tmp,$cc); ($t3,$o3)=&NR(2); &FR($tmp,$a2,$b2);
+
+	&cmpult($a3,$b3,$t3);	# will we borrow?
+	 &sub($a3,$b3,$a3);	# do the subtract
+	&st($o1,&QWPw(1,$rp)); &FR($o1);
+	 &cmpult($a3,$cc,$b3);	# will we borrow?
+	&sub($a3,$cc,$o3);	# will we borrow?
+	 &add($b3,$t3,$cc); &FR($t3,$a3,$b3);
+
+	&st($o2,&QWPw(2,$rp));	&FR($o2);
+	 &sub($count,4,$count);	# count-=4
+	&st($o3,&QWPw(3,$rp));	&FR($o3);
+	 &add($ap,4*$QWS,$ap);	# count+=4
+	&add($bp,4*$QWS,$bp);	# count+=4
+	 &add($rp,4*$QWS,$rp);	# count+=4
+
+	&blt($count,&label("finish"));
+	&ld($a0,&QWPw(0,$ap));
+	 &ld($b0,&QWPw(0,$bp));
+	&br(&label("loop"));
+##################################################
+	# Do the last 0..3 words
+
+	&set_label("last_loop");
+
+	&ld($a0,&QWPw(0,$ap));	# get a
+	 &ld($b0,&QWPw(0,$bp));	# get b
+	&cmpult($a0,$b0,$tmp);	# will we borrow?
+	&sub($a0,$b0,$a0);	# do the subtract
+	&cmpult($a0,$cc,$b0);	# will we borrow?
+	&sub($a0,$cc,$a0);	# will we borrow?
+	&st($a0,&QWPw(0,$rp));	# save
+	&add($b0,$tmp,$cc);	# add the borrows
+
+	&add($ap,$QWS,$ap);
+	&add($bp,$QWS,$bp);
+	&add($rp,$QWS,$rp);
+	&sub($count,1,$count);
+	&bgt($count,&label("last_loop"));
+	&function_end_A($name);
+
+######################################################
+	&set_label("finish");
+	&add($count,4,$count);
+	&bgt($count,&label("last_loop"));
+
+	&FR($a0,$b0);
+	&set_label("end");
+	&function_end($name);
+
+	&fin_pool;
+	}
+
+1;
diff --git a/crypto/openssl/crypto/bn/asm/bn-586.pl b/crypto/openssl/crypto/bn/asm/bn-586.pl
new file mode 100644
index 000000000000..5191bed273eb
--- /dev/null
+++ b/crypto/openssl/crypto/bn/asm/bn-586.pl
@@ -0,0 +1,384 @@
+#!/usr/local/bin/perl
+
+push(@INC,"perlasm","../../perlasm");
+require "x86asm.pl";
+
+&asm_init($ARGV[0],$0);
+
+&bn_mul_add_words("bn_mul_add_words");
+&bn_mul_words("bn_mul_words");
+&bn_sqr_words("bn_sqr_words");
+&bn_div_words("bn_div_words");
+&bn_add_words("bn_add_words");
+&bn_sub_words("bn_sub_words");
+
+&asm_finish();
+
+sub bn_mul_add_words
+	{
+	local($name)=@_;
+
+	&function_begin($name,"");
+
+	&comment("");
+	$Low="eax";
+	$High="edx";
+	$a="ebx";
+	$w="ebp";
+	$r="edi";
+	$c="esi";
+
+	&xor($c,$c);		# clear carry
+	&mov($r,&wparam(0));	#
+
+	&mov("ecx",&wparam(2));	#
+	&mov($a,&wparam(1));	#
+
+	&and("ecx",0xfffffff8);	# num / 8
+	&mov($w,&wparam(3));	#
+
+	&push("ecx");		# Up the stack for a tmp variable
+
+	&jz(&label("maw_finish"));
+
+	&set_label("maw_loop",0);
+
+	&mov(&swtmp(0),"ecx");	#
+
+	for ($i=0; $i<32; $i+=4)
+		{
+		&comment("Round $i");
+
+		 &mov("eax",&DWP($i,$a,"",0)); 	# *a
+		&mul($w);			# *a * w
+		&add("eax",$c);		# L(t)+= *r
+		 &mov($c,&DWP($i,$r,"",0));	# L(t)+= *r
+		&adc("edx",0);			# H(t)+=carry
+		 &add("eax",$c);		# L(t)+=c
+		&adc("edx",0);			# H(t)+=carry
+		 &mov(&DWP($i,$r,"",0),"eax");	# *r= L(t);
+		&mov($c,"edx");			# c=  H(t);
+		}
+
+	&comment("");
+	&mov("ecx",&swtmp(0));	#
+	&add($a,32);
+	&add($r,32);
+	&sub("ecx",8);
+	&jnz(&label("maw_loop"));
+
+	&set_label("maw_finish",0);
+	&mov("ecx",&wparam(2));	# get num
+	&and("ecx",7);
+	&jnz(&label("maw_finish2"));	# helps branch prediction
+	&jmp(&label("maw_end"));
+
+	&set_label("maw_finish2",1);
+	for ($i=0; $i<7; $i++)
+		{
+		&comment("Tail Round $i");
+		 &mov("eax",&DWP($i*4,$a,"",0));# *a
+		&mul($w);			# *a * w
+		&add("eax",$c);			# L(t)+=c
+		 &mov($c,&DWP($i*4,$r,"",0));	# L(t)+= *r
+		&adc("edx",0);			# H(t)+=carry
+		 &add("eax",$c);
+		&adc("edx",0);			# H(t)+=carry
+		 &dec("ecx") if ($i != 7-1);
+		&mov(&DWP($i*4,$r,"",0),"eax");	# *r= L(t);
+		 &mov($c,"edx");			# c=  H(t);
+		&jz(&label("maw_end")) if ($i != 7-1);
+		}
+	&set_label("maw_end",0);
+	&mov("eax",$c);
+
+	&pop("ecx");	# clear variable from
+
+	&function_end($name);
+	}
+
+sub bn_mul_words
+	{
+	local($name)=@_;
+
+	&function_begin($name,"");
+
+	&comment("");
+	$Low="eax";
+	$High="edx";
+	$a="ebx";
+	$w="ecx";
+	$r="edi";
+	$c="esi";
+	$num="ebp";
+
+	&xor($c,$c);		# clear carry
+	&mov($r,&wparam(0));	#
+	&mov($a,&wparam(1));	#
+	&mov($num,&wparam(2));	#
+	&mov($w,&wparam(3));	#
+
+	&and($num,0xfffffff8);	# num / 8
+	&jz(&label("mw_finish"));
+
+	&set_label("mw_loop",0);
+	for ($i=0; $i<32; $i+=4)
+		{
+		&comment("Round $i");
+
+		 &mov("eax",&DWP($i,$a,"",0)); 	# *a
+		&mul($w);			# *a * w
+		&add("eax",$c);			# L(t)+=c
+		 # XXX
+
+		&adc("edx",0);			# H(t)+=carry
+		 &mov(&DWP($i,$r,"",0),"eax");	# *r= L(t);
+
+		&mov($c,"edx");			# c=  H(t);
+		}
+
+	&comment("");
+	&add($a,32);
+	&add($r,32);
+	&sub($num,8);
+	&jz(&label("mw_finish"));
+	&jmp(&label("mw_loop"));
+
+	&set_label("mw_finish",0);
+	&mov($num,&wparam(2));	# get num
+	&and($num,7);
+	&jnz(&label("mw_finish2"));
+	&jmp(&label("mw_end"));
+
+	&set_label("mw_finish2",1);
+	for ($i=0; $i<7; $i++)
+		{
+		&comment("Tail Round $i");
+		 &mov("eax",&DWP($i*4,$a,"",0));# *a
+		&mul($w);			# *a * w
+		&add("eax",$c);			# L(t)+=c
+		 # XXX
+		&adc("edx",0);			# H(t)+=carry
+		 &mov(&DWP($i*4,$r,"",0),"eax");# *r= L(t);
+		&mov($c,"edx");			# c=  H(t);
+		 &dec($num) if ($i != 7-1);
+		&jz(&label("mw_end")) if ($i != 7-1);
+		}
+	&set_label("mw_end",0);
+	&mov("eax",$c);
+
+	&function_end($name);
+	}
+
+sub bn_sqr_words
+	{
+	local($name)=@_;
+
+	&function_begin($name,"");
+
+	&comment("");
+	$r="esi";
+	$a="edi";
+	$num="ebx";
+
+	&mov($r,&wparam(0));	#
+	&mov($a,&wparam(1));	#
+	&mov($num,&wparam(2));	#
+
+	&and($num,0xfffffff8);	# num / 8
+	&jz(&label("sw_finish"));
+
+	&set_label("sw_loop",0);
+	for ($i=0; $i<32; $i+=4)
+		{
+		&comment("Round $i");
+		&mov("eax",&DWP($i,$a,"",0)); 	# *a
+		 # XXX
+		&mul("eax");			# *a * *a
+		&mov(&DWP($i*2,$r,"",0),"eax");	#
+		 &mov(&DWP($i*2+4,$r,"",0),"edx");#
+		}
+
+	&comment("");
+	&add($a,32);
+	&add($r,64);
+	&sub($num,8);
+	&jnz(&label("sw_loop"));
+
+	&set_label("sw_finish",0);
+	&mov($num,&wparam(2));	# get num
+	&and($num,7);
+	&jz(&label("sw_end"));
+
+	for ($i=0; $i<7; $i++)
+		{
+		&comment("Tail Round $i");
+		&mov("eax",&DWP($i*4,$a,"",0));	# *a
+		 # XXX
+		&mul("eax");			# *a * *a
+		&mov(&DWP($i*8,$r,"",0),"eax");	#
+		 &dec($num) if ($i != 7-1);
+		&mov(&DWP($i*8+4,$r,"",0),"edx");
+		 &jz(&label("sw_end")) if ($i != 7-1);
+		}
+	&set_label("sw_end",0);
+
+	&function_end($name);
+	}
+
+sub bn_div_words
+	{
+	local($name)=@_;
+
+	&function_begin($name,"");
+	&mov("edx",&wparam(0));	#
+	&mov("eax",&wparam(1));	#
+	&mov("ebx",&wparam(2));	#
+	&div("ebx");
+	&function_end($name);
+	}
+
+sub bn_add_words
+	{
+	local($name)=@_;
+
+	&function_begin($name,"");
+
+	&comment("");
+	$a="esi";
+	$b="edi";
+	$c="eax";
+	$r="ebx";
+	$tmp1="ecx";
+	$tmp2="edx";
+	$num="ebp";
+
+	&mov($r,&wparam(0));	# get r
+	 &mov($a,&wparam(1));	# get a
+	&mov($b,&wparam(2));	# get b
+	 &mov($num,&wparam(3));	# get num
+	&xor($c,$c);		# clear carry
+	 &and($num,0xfffffff8);	# num / 8
+
+	&jz(&label("aw_finish"));
+
+	&set_label("aw_loop",0);
+	for ($i=0; $i<8; $i++)
+		{
+		&comment("Round $i");
+
+		&mov($tmp1,&DWP($i*4,$a,"",0)); 	# *a
+		 &mov($tmp2,&DWP($i*4,$b,"",0)); 	# *b
+		&add($tmp1,$c);
+		 &mov($c,0);
+		&adc($c,$c);
+		 &add($tmp1,$tmp2);
+		&adc($c,0);
+		 &mov(&DWP($i*4,$r,"",0),$tmp1); 	# *r
+		}
+
+	&comment("");
+	&add($a,32);
+	 &add($b,32);
+	&add($r,32);
+	 &sub($num,8);
+	&jnz(&label("aw_loop"));
+
+	&set_label("aw_finish",0);
+	&mov($num,&wparam(3));	# get num
+	&and($num,7);
+	 &jz(&label("aw_end"));
+
+	for ($i=0; $i<7; $i++)
+		{
+		&comment("Tail Round $i");
+		&mov($tmp1,&DWP($i*4,$a,"",0));	# *a
+		 &mov($tmp2,&DWP($i*4,$b,"",0));# *b
+		&add($tmp1,$c);
+		 &mov($c,0);
+		&adc($c,$c);
+		 &add($tmp1,$tmp2);
+		&adc($c,0);
+		 &dec($num) if ($i != 6);
+		&mov(&DWP($i*4,$r,"",0),$tmp1);	# *a
+		 &jz(&label("aw_end")) if ($i != 6);
+		}
+	&set_label("aw_end",0);
+
+#	&mov("eax",$c);		# $c is "eax"
+
+	&function_end($name);
+	}
+
+sub bn_sub_words
+	{
+	local($name)=@_;
+
+	&function_begin($name,"");
+
+	&comment("");
+	$a="esi";
+	$b="edi";
+	$c="eax";
+	$r="ebx";
+	$tmp1="ecx";
+	$tmp2="edx";
+	$num="ebp";
+
+	&mov($r,&wparam(0));	# get r
+	 &mov($a,&wparam(1));	# get a
+	&mov($b,&wparam(2));	# get b
+	 &mov($num,&wparam(3));	# get num
+	&xor($c,$c);		# clear carry
+	 &and($num,0xfffffff8);	# num / 8
+
+	&jz(&label("aw_finish"));
+
+	&set_label("aw_loop",0);
+	for ($i=0; $i<8; $i++)
+		{
+		&comment("Round $i");
+
+		&mov($tmp1,&DWP($i*4,$a,"",0)); 	# *a
+		 &mov($tmp2,&DWP($i*4,$b,"",0)); 	# *b
+		&sub($tmp1,$c);
+		 &mov($c,0);
+		&adc($c,$c);
+		 &sub($tmp1,$tmp2);
+		&adc($c,0);
+		 &mov(&DWP($i*4,$r,"",0),$tmp1); 	# *r
+		}
+
+	&comment("");
+	&add($a,32);
+	 &add($b,32);
+	&add($r,32);
+	 &sub($num,8);
+	&jnz(&label("aw_loop"));
+
+	&set_label("aw_finish",0);
+	&mov($num,&wparam(3));	# get num
+	&and($num,7);
+	 &jz(&label("aw_end"));
+
+	for ($i=0; $i<7; $i++)
+		{
+		&comment("Tail Round $i");
+		&mov($tmp1,&DWP($i*4,$a,"",0));	# *a
+		 &mov($tmp2,&DWP($i*4,$b,"",0));# *b
+		&sub($tmp1,$c);
+		 &mov($c,0);
+		&adc($c,$c);
+		 &sub($tmp1,$tmp2);
+		&adc($c,0);
+		 &dec($num) if ($i != 6);
+		&mov(&DWP($i*4,$r,"",0),$tmp1);	# *a
+		 &jz(&label("aw_end")) if ($i != 6);
+		}
+	&set_label("aw_end",0);
+
+#	&mov("eax",$c);		# $c is "eax"
+
+	&function_end($name);
+	}
+
diff --git a/crypto/openssl/crypto/bn/asm/bn-alpha.pl b/crypto/openssl/crypto/bn/asm/bn-alpha.pl
new file mode 100644
index 000000000000..302edf237678
--- /dev/null
+++ b/crypto/openssl/crypto/bn/asm/bn-alpha.pl
@@ -0,0 +1,571 @@
+#!/usr/local/bin/perl
+# I have this in perl so I can use more usefull register names and then convert
+# them into alpha registers.
+#
+
+$d=&data();
+$d =~ s/CC/0/g;
+$d =~ s/R1/1/g;
+$d =~ s/R2/2/g;
+$d =~ s/R3/3/g;
+$d =~ s/R4/4/g;
+$d =~ s/L1/5/g;
+$d =~ s/L2/6/g;
+$d =~ s/L3/7/g;
+$d =~ s/L4/8/g;
+$d =~ s/O1/22/g;
+$d =~ s/O2/23/g;
+$d =~ s/O3/24/g;
+$d =~ s/O4/25/g;
+$d =~ s/A1/20/g;
+$d =~ s/A2/21/g;
+$d =~ s/A3/27/g;
+$d =~ s/A4/28/g;
+if (0){
+}
+
+print $d;
+
+sub data
+	{
+	local($data)=<<'EOF';
+
+ # DEC Alpha assember
+ # The bn_div_words is actually gcc output but the other parts are hand done.
+ # Thanks to tzeruch@ceddec.com for sending me the gcc output for
+ # bn_div_words.
+ # I've gone back and re-done most of routines.
+ # The key thing to remeber for the 164 CPU is that while a
+ # multiply operation takes 8 cycles, another one can only be issued
+ # after 4 cycles have elapsed.  I've done modification to help
+ # improve this.  Also, normally, a ld instruction will not be available
+ # for about 3 cycles.
+	.file	1 "bn_asm.c"
+	.set noat
+gcc2_compiled.:
+__gnu_compiled_c:
+	.text
+	.align 3
+	.globl bn_mul_add_words
+	.ent bn_mul_add_words
+bn_mul_add_words:
+bn_mul_add_words..ng:
+	.frame $30,0,$26,0
+	.prologue 0
+	.align 5
+	subq	$18,4,$18
+	bis	$31,$31,$CC
+	blt	$18,$43		# if we are -1, -2, -3 or -4 goto tail code
+	ldq	$A1,0($17)	# 1 1
+	ldq	$R1,0($16)	# 1 1
+	.align 3
+$42:
+	mulq	$A1,$19,$L1	# 1 2 1	######
+	ldq	$A2,8($17)	# 2 1
+	ldq	$R2,8($16)	# 2 1
+	umulh	$A1,$19,$A1	# 1 2	######
+	ldq	$A3,16($17)	# 3 1
+	ldq	$R3,16($16)	# 3 1
+	mulq	$A2,$19,$L2	# 2 2 1	######
+	 ldq	$A4,24($17)	# 4 1
+	addq	$R1,$L1,$R1	# 1 2 2
+	 ldq	$R4,24($16)	# 4 1
+	umulh	$A2,$19,$A2	# 2 2	######
+	 cmpult	$R1,$L1,$O1	# 1 2 3 1
+	addq	$A1,$O1,$A1	# 1 3 1
+	 addq	$R1,$CC,$R1	# 1 2 3 1
+	mulq	$A3,$19,$L3	# 3 2 1	######
+	 cmpult	$R1,$CC,$CC	# 1 2 3 2
+	addq	$R2,$L2,$R2	# 2 2 2
+	 addq	$A1,$CC,$CC	# 1 3 2 
+	cmpult	$R2,$L2,$O2	# 2 2 3 1
+	 addq	$A2,$O2,$A2	# 2 3 1
+	umulh	$A3,$19,$A3	# 3 2	######
+	 addq	$R2,$CC,$R2	# 2 2 3 1
+	cmpult	$R2,$CC,$CC	# 2 2 3 2
+	 subq	$18,4,$18
+	mulq	$A4,$19,$L4	# 4 2 1	######
+	 addq	$A2,$CC,$CC	# 2 3 2 
+	addq	$R3,$L3,$R3	# 3 2 2
+	 addq	$16,32,$16
+	cmpult	$R3,$L3,$O3	# 3 2 3 1
+	 stq	$R1,-32($16)	# 1 2 4
+	umulh	$A4,$19,$A4	# 4 2	######
+	 addq	$A3,$O3,$A3	# 3 3 1
+	addq	$R3,$CC,$R3	# 3 2 3 1
+	 stq	$R2,-24($16)	# 2 2 4
+	cmpult	$R3,$CC,$CC	# 3 2 3 2
+	 stq	$R3,-16($16)	# 3 2 4
+	addq	$R4,$L4,$R4	# 4 2 2
+	 addq	$A3,$CC,$CC	# 3 3 2 
+	cmpult	$R4,$L4,$O4	# 4 2 3 1
+	 addq	$17,32,$17
+	addq	$A4,$O4,$A4	# 4 3 1
+	 addq	$R4,$CC,$R4	# 4 2 3 1
+	cmpult	$R4,$CC,$CC	# 4 2 3 2
+	 stq	$R4,-8($16)	# 4 2 4
+	addq	$A4,$CC,$CC	# 4 3 2 
+	 blt	$18,$43
+
+	ldq	$A1,0($17)	# 1 1
+	ldq	$R1,0($16)	# 1 1
+
+	br	$42
+
+	.align 4
+$45:
+	ldq	$A1,0($17)	# 4 1
+	ldq	$R1,0($16)	# 4 1
+	mulq	$A1,$19,$L1	# 4 2 1
+	subq	$18,1,$18
+	addq	$16,8,$16
+	addq	$17,8,$17
+	umulh	$A1,$19,$A1	# 4 2
+	addq	$R1,$L1,$R1	# 4 2 2
+	cmpult	$R1,$L1,$O1	# 4 2 3 1
+	addq	$A1,$O1,$A1	# 4 3 1
+	addq	$R1,$CC,$R1	# 4 2 3 1
+	cmpult	$R1,$CC,$CC	# 4 2 3 2
+	addq	$A1,$CC,$CC	# 4 3 2 
+	stq	$R1,-8($16)	# 4 2 4
+	bgt	$18,$45
+	ret	$31,($26),1	# else exit
+
+	.align 4
+$43:
+	addq	$18,4,$18
+	bgt	$18,$45		# goto tail code
+	ret	$31,($26),1	# else exit
+
+	.end bn_mul_add_words
+	.align 3
+	.globl bn_mul_words
+	.ent bn_mul_words
+bn_mul_words:
+bn_mul_words..ng:
+	.frame $30,0,$26,0
+	.prologue 0
+	.align 5
+	subq	$18,4,$18
+	bis	$31,$31,$CC
+	blt	$18,$143	# if we are -1, -2, -3 or -4 goto tail code
+	ldq	$A1,0($17)	# 1 1
+	.align 3
+$142:
+
+	mulq	$A1,$19,$L1	# 1 2 1	#####
+	 ldq	$A2,8($17)	# 2 1
+	 ldq	$A3,16($17)	# 3 1
+	umulh	$A1,$19,$A1	# 1 2	#####
+	 ldq	$A4,24($17)	# 4 1
+	mulq	$A2,$19,$L2	# 2 2 1	#####
+	 addq	$L1,$CC,$L1	# 1 2 3 1
+	subq	$18,4,$18
+	 cmpult	$L1,$CC,$CC	# 1 2 3 2
+	umulh	$A2,$19,$A2	# 2 2	#####
+	 addq	$A1,$CC,$CC	# 1 3 2 
+	addq	$17,32,$17
+	 addq	$L2,$CC,$L2	# 2 2 3 1
+	mulq	$A3,$19,$L3	# 3 2 1	#####
+	 cmpult	$L2,$CC,$CC	# 2 2 3 2
+	addq	$A2,$CC,$CC	# 2 3 2 
+	 addq	$16,32,$16
+	umulh	$A3,$19,$A3	# 3 2	#####
+	 stq	$L1,-32($16)	# 1 2 4
+	mulq	$A4,$19,$L4	# 4 2 1	#####
+	 addq	$L3,$CC,$L3	# 3 2 3 1
+	stq	$L2,-24($16)	# 2 2 4
+	 cmpult	$L3,$CC,$CC	# 3 2 3 2
+	umulh	$A4,$19,$A4	# 4 2	#####
+	 addq	$A3,$CC,$CC	# 3 3 2 
+	stq	$L3,-16($16)	# 3 2 4
+	 addq	$L4,$CC,$L4	# 4 2 3 1
+	cmpult	$L4,$CC,$CC	# 4 2 3 2
+
+	addq	$A4,$CC,$CC	# 4 3 2 
+
+	stq	$L4,-8($16)	# 4 2 4
+
+	blt	$18,$143
+
+	ldq	$A1,0($17)	# 1 1
+
+	br	$142
+
+	.align 4
+$145:
+	ldq	$A1,0($17)	# 4 1
+	mulq	$A1,$19,$L1	# 4 2 1
+	subq	$18,1,$18
+	umulh	$A1,$19,$A1	# 4 2
+	addq	$L1,$CC,$L1	# 4 2 3 1
+	 addq	$16,8,$16
+	cmpult	$L1,$CC,$CC	# 4 2 3 2
+	 addq	$17,8,$17
+	addq	$A1,$CC,$CC	# 4 3 2 
+	stq	$L1,-8($16)	# 4 2 4
+
+	bgt	$18,$145
+	ret	$31,($26),1	# else exit
+
+	.align 4
+$143:
+	addq	$18,4,$18
+	bgt	$18,$145	# goto tail code
+	ret	$31,($26),1	# else exit
+
+	.end bn_mul_words
+	.align 3
+	.globl bn_sqr_words
+	.ent bn_sqr_words
+bn_sqr_words:
+bn_sqr_words..ng:
+	.frame $30,0,$26,0
+	.prologue 0
+
+	subq	$18,4,$18
+	blt	$18,$543	# if we are -1, -2, -3 or -4 goto tail code
+	ldq	$A1,0($17)	# 1 1
+	.align 3
+$542:
+	mulq	$A1,$A1,$L1		######
+	 ldq	$A2,8($17)	# 1 1
+	subq	$18,4
+ 	umulh	$A1,$A1,$R1		######
+	ldq	$A3,16($17)	# 1 1
+	mulq	$A2,$A2,$L2		######
+	ldq	$A4,24($17)	# 1 1
+	stq	$L1,0($16)	# r[0]
+ 	umulh	$A2,$A2,$R2		######
+	stq	$R1,8($16)	# r[1]
+	mulq	$A3,$A3,$L3		######
+	stq	$L2,16($16)	# r[0]
+ 	umulh	$A3,$A3,$R3		######
+	stq	$R2,24($16)	# r[1]
+	mulq	$A4,$A4,$L4		######
+	stq	$L3,32($16)	# r[0]
+ 	umulh	$A4,$A4,$R4		######
+	stq	$R3,40($16)	# r[1]
+
+ 	addq	$16,64,$16
+ 	addq	$17,32,$17
+	stq	$L4,-16($16)	# r[0]
+	stq	$R4,-8($16)	# r[1]
+
+	blt	$18,$543
+	ldq	$A1,0($17)	# 1 1
+ 	br 	$542
+
+$442:
+	ldq	$A1,0($17)   # a[0]
+	mulq	$A1,$A1,$L1  # a[0]*w low part       r2
+	addq	$16,16,$16
+	addq	$17,8,$17
+	subq	$18,1,$18
+        umulh	$A1,$A1,$R1  # a[0]*w high part       r3
+	stq	$L1,-16($16)   # r[0]
+        stq	$R1,-8($16)   # r[1]
+
+	bgt	$18,$442
+	ret	$31,($26),1	# else exit
+
+	.align 4
+$543:
+	addq	$18,4,$18
+	bgt	$18,$442	# goto tail code
+	ret	$31,($26),1	# else exit
+	.end bn_sqr_words
+
+	.align 3
+	.globl bn_add_words
+	.ent bn_add_words
+bn_add_words:
+bn_add_words..ng:
+	.frame $30,0,$26,0
+	.prologue 0
+
+	subq	$19,4,$19
+	bis	$31,$31,$CC	# carry = 0
+	blt	$19,$900
+	ldq	$L1,0($17)	# a[0]
+	ldq	$R1,0($18)	# b[1]
+	.align 3
+$901:
+	addq	$R1,$L1,$R1	# r=a+b;
+	 ldq	$L2,8($17)	# a[1]
+	cmpult	$R1,$L1,$O1	# did we overflow?
+	 ldq	$R2,8($18)	# b[1]
+	addq	$R1,$CC,$R1	# c+= overflow
+	 ldq	$L3,16($17)	# a[2]
+	cmpult	$R1,$CC,$CC	# overflow?
+	 ldq	$R3,16($18)	# b[2]
+	addq	$CC,$O1,$CC
+	 ldq	$L4,24($17)	# a[3]
+	addq	$R2,$L2,$R2	# r=a+b;
+	 ldq	$R4,24($18)	# b[3]
+	cmpult	$R2,$L2,$O2	# did we overflow?
+	 addq	$R3,$L3,$R3	# r=a+b;
+	addq	$R2,$CC,$R2	# c+= overflow
+	 cmpult	$R3,$L3,$O3	# did we overflow?
+	cmpult	$R2,$CC,$CC	# overflow?
+	 addq	$R4,$L4,$R4	# r=a+b;
+	addq	$CC,$O2,$CC
+	 cmpult	$R4,$L4,$O4	# did we overflow?
+	addq	$R3,$CC,$R3	# c+= overflow
+	 stq	$R1,0($16)	# r[0]=c
+	cmpult	$R3,$CC,$CC	# overflow?
+	 stq	$R2,8($16)	# r[1]=c
+	addq	$CC,$O3,$CC
+	 stq	$R3,16($16)	# r[2]=c
+	addq	$R4,$CC,$R4	# c+= overflow
+	 subq	$19,4,$19	# loop--
+	cmpult	$R4,$CC,$CC	# overflow?
+	 addq	$17,32,$17	# a++
+	addq	$CC,$O4,$CC
+	 stq	$R4,24($16)	# r[3]=c
+	addq	$18,32,$18	# b++
+	 addq	$16,32,$16	# r++
+
+	blt	$19,$900
+	 ldq	$L1,0($17)	# a[0]
+	ldq	$R1,0($18)	# b[1]
+	 br	$901
+	.align 4
+$945:
+	ldq	$L1,0($17)	# a[0]
+	 ldq	$R1,0($18)	# b[1]
+	addq	$R1,$L1,$R1	# r=a+b;
+	 subq	$19,1,$19	# loop--
+	addq	$R1,$CC,$R1	# c+= overflow
+	 addq	$17,8,$17	# a++
+	cmpult	$R1,$L1,$O1	# did we overflow?
+	 cmpult	$R1,$CC,$CC	# overflow?
+	addq	$18,8,$18	# b++
+	 stq	$R1,0($16)	# r[0]=c
+	addq	$CC,$O1,$CC
+	 addq	$16,8,$16	# r++
+
+	bgt	$19,$945
+	ret	$31,($26),1	# else exit
+
+$900:
+	addq	$19,4,$19
+	bgt	$19,$945	# goto tail code
+	ret	$31,($26),1	# else exit
+	.end bn_add_words
+
+	.align 3
+	.globl bn_sub_words
+	.ent bn_sub_words
+bn_sub_words:
+bn_sub_words..ng:
+	.frame $30,0,$26,0
+	.prologue 0
+
+	subq	$19,4,$19
+	bis	$31,$31,$CC	# carry = 0
+ br	$800
+	blt	$19,$800
+	ldq	$L1,0($17)	# a[0]
+	ldq	$R1,0($18)	# b[1]
+	.align 3
+$801:
+	addq	$R1,$L1,$R1	# r=a+b;
+	 ldq	$L2,8($17)	# a[1]
+	cmpult	$R1,$L1,$O1	# did we overflow?
+	 ldq	$R2,8($18)	# b[1]
+	addq	$R1,$CC,$R1	# c+= overflow
+	 ldq	$L3,16($17)	# a[2]
+	cmpult	$R1,$CC,$CC	# overflow?
+	 ldq	$R3,16($18)	# b[2]
+	addq	$CC,$O1,$CC
+	 ldq	$L4,24($17)	# a[3]
+	addq	$R2,$L2,$R2	# r=a+b;
+	 ldq	$R4,24($18)	# b[3]
+	cmpult	$R2,$L2,$O2	# did we overflow?
+	 addq	$R3,$L3,$R3	# r=a+b;
+	addq	$R2,$CC,$R2	# c+= overflow
+	 cmpult	$R3,$L3,$O3	# did we overflow?
+	cmpult	$R2,$CC,$CC	# overflow?
+	 addq	$R4,$L4,$R4	# r=a+b;
+	addq	$CC,$O2,$CC
+	 cmpult	$R4,$L4,$O4	# did we overflow?
+	addq	$R3,$CC,$R3	# c+= overflow
+	 stq	$R1,0($16)	# r[0]=c
+	cmpult	$R3,$CC,$CC	# overflow?
+	 stq	$R2,8($16)	# r[1]=c
+	addq	$CC,$O3,$CC
+	 stq	$R3,16($16)	# r[2]=c
+	addq	$R4,$CC,$R4	# c+= overflow
+	 subq	$19,4,$19	# loop--
+	cmpult	$R4,$CC,$CC	# overflow?
+	 addq	$17,32,$17	# a++
+	addq	$CC,$O4,$CC
+	 stq	$R4,24($16)	# r[3]=c
+	addq	$18,32,$18	# b++
+	 addq	$16,32,$16	# r++
+
+	blt	$19,$800
+	 ldq	$L1,0($17)	# a[0]
+	ldq	$R1,0($18)	# b[1]
+	 br	$801
+	.align 4
+$845:
+	ldq	$L1,0($17)	# a[0]
+	 ldq	$R1,0($18)	# b[1]
+	cmpult	$L1,$R1,$O1	# will we borrow?
+	 subq	$L1,$R1,$R1	# r=a-b;
+	subq	$19,1,$19	# loop--
+	 cmpult  $R1,$CC,$O2	# will we borrow?
+	subq	$R1,$CC,$R1	# c+= overflow
+	 addq	$17,8,$17	# a++
+	addq	$18,8,$18	# b++
+	 stq	$R1,0($16)	# r[0]=c
+	addq	$O2,$O1,$CC
+	 addq	$16,8,$16	# r++
+
+	bgt	$19,$845
+	ret	$31,($26),1	# else exit
+
+$800:
+	addq	$19,4,$19
+	bgt	$19,$845	# goto tail code
+	ret	$31,($26),1	# else exit
+	.end bn_sub_words
+
+ #
+ # What follows was taken directly from the C compiler with a few
+ # hacks to redo the lables.
+ #
+.text
+	.align 3
+	.globl bn_div_words
+	.ent bn_div_words
+bn_div_words:
+	ldgp $29,0($27)
+bn_div_words..ng:
+	lda $30,-48($30)
+	.frame $30,48,$26,0
+	stq $26,0($30)
+	stq $9,8($30)
+	stq $10,16($30)
+	stq $11,24($30)
+	stq $12,32($30)
+	stq $13,40($30)
+	.mask 0x4003e00,-48
+	.prologue 1
+	bis $16,$16,$9
+	bis $17,$17,$10
+	bis $18,$18,$11
+	bis $31,$31,$13
+	bis $31,2,$12
+	bne $11,$119
+	lda $0,-1
+	br $31,$136
+	.align 4
+$119:
+	bis $11,$11,$16
+	jsr $26,BN_num_bits_word
+	ldgp $29,0($26)
+	subq $0,64,$1
+	beq $1,$120
+	bis $31,1,$1
+	sll $1,$0,$1
+	cmpule $9,$1,$1
+	bne $1,$120
+ #	lda $16,_IO_stderr_
+ #	lda $17,$C32
+ #	bis $0,$0,$18
+ #	jsr $26,fprintf
+ #	ldgp $29,0($26)
+	jsr $26,abort
+	ldgp $29,0($26)
+	.align 4
+$120:
+	bis $31,64,$3
+	cmpult $9,$11,$2
+	subq $3,$0,$1
+	addl $1,$31,$0
+	subq $9,$11,$1
+	cmoveq $2,$1,$9
+	beq $0,$122
+	zapnot $0,15,$2
+	subq $3,$0,$1
+	sll $11,$2,$11
+	sll $9,$2,$3
+	srl $10,$1,$1
+	sll $10,$2,$10
+	bis $3,$1,$9
+$122:
+	srl $11,32,$5
+	zapnot $11,15,$6
+	lda $7,-1
+	.align 5
+$123:
+	srl $9,32,$1
+	subq $1,$5,$1
+	bne $1,$126
+	zapnot $7,15,$27
+	br $31,$127
+	.align 4
+$126:
+	bis $9,$9,$24
+	bis $5,$5,$25
+	divqu $24,$25,$27
+$127:
+	srl $10,32,$4
+	.align 5
+$128:
+	mulq $27,$5,$1
+	subq $9,$1,$3
+	zapnot $3,240,$1
+	bne $1,$129
+	mulq $6,$27,$2
+	sll $3,32,$1
+	addq $1,$4,$1
+	cmpule $2,$1,$2
+	bne $2,$129
+	subq $27,1,$27
+	br $31,$128
+	.align 4
+$129:
+	mulq $27,$6,$1
+	mulq $27,$5,$4
+	srl $1,32,$3
+	sll $1,32,$1
+	addq $4,$3,$4
+	cmpult $10,$1,$2
+	subq $10,$1,$10
+	addq $2,$4,$2
+	cmpult $9,$2,$1
+	bis $2,$2,$4
+	beq $1,$134
+	addq $9,$11,$9
+	subq $27,1,$27
+$134:
+	subl $12,1,$12
+	subq $9,$4,$9
+	beq $12,$124
+	sll $27,32,$13
+	sll $9,32,$2
+	srl $10,32,$1
+	sll $10,32,$10
+	bis $2,$1,$9
+	br $31,$123
+	.align 4
+$124:
+	bis $13,$27,$0
+$136:
+	ldq $26,0($30)
+	ldq $9,8($30)
+	ldq $10,16($30)
+	ldq $11,24($30)
+	ldq $12,32($30)
+	ldq $13,40($30)
+	addq $30,48,$30
+	ret $31,($26),1
+	.end bn_div_words
+EOF
+	return($data);
+	}
+
diff --git a/crypto/openssl/crypto/bn/asm/ca.pl b/crypto/openssl/crypto/bn/asm/ca.pl
new file mode 100644
index 000000000000..c1ce67a6b4d5
--- /dev/null
+++ b/crypto/openssl/crypto/bn/asm/ca.pl
@@ -0,0 +1,33 @@
+#!/usr/local/bin/perl
+# I have this in perl so I can use more usefull register names and then convert
+# them into alpha registers.
+#
+
+push(@INC,"perlasm","../../perlasm");
+require "alpha.pl";
+require "alpha/mul_add.pl";
+require "alpha/mul.pl";
+require "alpha/sqr.pl";
+require "alpha/add.pl";
+require "alpha/sub.pl";
+require "alpha/mul_c8.pl";
+require "alpha/mul_c4.pl";
+require "alpha/sqr_c4.pl";
+require "alpha/sqr_c8.pl";
+require "alpha/div.pl";
+
+&asm_init($ARGV[0],$0);
+
+&bn_mul_words("bn_mul_words");
+&bn_sqr_words("bn_sqr_words");
+&bn_mul_add_words("bn_mul_add_words");
+&bn_add_words("bn_add_words");
+&bn_sub_words("bn_sub_words");
+&bn_div_words("bn_div_words");
+&bn_mul_comba8("bn_mul_comba8");
+&bn_mul_comba4("bn_mul_comba4");
+&bn_sqr_comba4("bn_sqr_comba4");
+&bn_sqr_comba8("bn_sqr_comba8");
+
+&asm_finish();
+
diff --git a/crypto/openssl/crypto/bn/asm/co-586.pl b/crypto/openssl/crypto/bn/asm/co-586.pl
new file mode 100644
index 000000000000..5d962cb957d3
--- /dev/null
+++ b/crypto/openssl/crypto/bn/asm/co-586.pl
@@ -0,0 +1,286 @@
+#!/usr/local/bin/perl
+
+push(@INC,"perlasm","../../perlasm");
+require "x86asm.pl";
+
+&asm_init($ARGV[0],$0);
+
+&bn_mul_comba("bn_mul_comba8",8);
+&bn_mul_comba("bn_mul_comba4",4);
+&bn_sqr_comba("bn_sqr_comba8",8);
+&bn_sqr_comba("bn_sqr_comba4",4);
+
+&asm_finish();
+
+sub mul_add_c
+	{
+	local($a,$ai,$b,$bi,$c0,$c1,$c2,$pos,$i,$na,$nb)=@_;
+
+	# pos == -1 if eax and edx are pre-loaded, 0 to load from next
+	# words, and 1 if load return value
+
+	&comment("mul a[$ai]*b[$bi]");
+
+	# "eax" and "edx" will always be pre-loaded.
+	# &mov("eax",&DWP($ai*4,$a,"",0)) ;
+	# &mov("edx",&DWP($bi*4,$b,"",0));
+
+	&mul("edx");
+	&add($c0,"eax");
+	 &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 0;	# laod next a
+	 &mov("eax",&wparam(0)) if $pos > 0;			# load r[]
+	 ###
+	&adc($c1,"edx");
+	 &mov("edx",&DWP(($nb)*4,$b,"",0)) if $pos == 0;	# laod next b
+	 &mov("edx",&DWP(($nb)*4,$b,"",0)) if $pos == 1;	# laod next b
+	 ###
+	&adc($c2,0);
+	 # is pos > 1, it means it is the last loop 
+	 &mov(&DWP($i*4,"eax","",0),$c0) if $pos > 0;		# save r[];
+	&mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 1;		# laod next a
+	}
+
+sub sqr_add_c
+	{
+	local($r,$a,$ai,$bi,$c0,$c1,$c2,$pos,$i,$na,$nb)=@_;
+
+	# pos == -1 if eax and edx are pre-loaded, 0 to load from next
+	# words, and 1 if load return value
+
+	&comment("sqr a[$ai]*a[$bi]");
+
+	# "eax" and "edx" will always be pre-loaded.
+	# &mov("eax",&DWP($ai*4,$a,"",0)) ;
+	# &mov("edx",&DWP($bi*4,$b,"",0));
+
+	if ($ai == $bi)
+		{ &mul("eax");}
+	else
+		{ &mul("edx");}
+	&add($c0,"eax");
+	 &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 0;	# load next a
+	 ###
+	&adc($c1,"edx");
+	 &mov("edx",&DWP(($nb)*4,$a,"",0)) if ($pos == 1) && ($na != $nb);
+	 ###
+	&adc($c2,0);
+	 # is pos > 1, it means it is the last loop 
+	 &mov(&DWP($i*4,$r,"",0),$c0) if $pos > 0;		# save r[];
+	&mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 1;		# load next b
+	}
+
+sub sqr_add_c2
+	{
+	local($r,$a,$ai,$bi,$c0,$c1,$c2,$pos,$i,$na,$nb)=@_;
+
+	# pos == -1 if eax and edx are pre-loaded, 0 to load from next
+	# words, and 1 if load return value
+
+	&comment("sqr a[$ai]*a[$bi]");
+
+	# "eax" and "edx" will always be pre-loaded.
+	# &mov("eax",&DWP($ai*4,$a,"",0)) ;
+	# &mov("edx",&DWP($bi*4,$a,"",0));
+
+	if ($ai == $bi)
+		{ &mul("eax");}
+	else
+		{ &mul("edx");}
+	&add("eax","eax");
+	 ###
+	&adc("edx","edx");
+	 ###
+	&adc($c2,0);
+	 &add($c0,"eax");
+	&adc($c1,"edx");
+	 &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 0;	# load next a
+	 &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 1;	# load next b
+	&adc($c2,0);
+	&mov(&DWP($i*4,$r,"",0),$c0) if $pos > 0;		# save r[];
+	 &mov("edx",&DWP(($nb)*4,$a,"",0)) if ($pos <= 1) && ($na != $nb);
+	 ###
+	}
+
+sub bn_mul_comba
+	{
+	local($name,$num)=@_;
+	local($a,$b,$c0,$c1,$c2);
+	local($i,$as,$ae,$bs,$be,$ai,$bi);
+	local($tot,$end);
+
+	&function_begin_B($name,"");
+
+	$c0="ebx";
+	$c1="ecx";
+	$c2="ebp";
+	$a="esi";
+	$b="edi";
+	
+	$as=0;
+	$ae=0;
+	$bs=0;
+	$be=0;
+	$tot=$num+$num-1;
+
+	&push("esi");
+	 &mov($a,&wparam(1));
+	&push("edi");
+	 &mov($b,&wparam(2));
+	&push("ebp");
+	 &push("ebx");
+
+	&xor($c0,$c0);
+	 &mov("eax",&DWP(0,$a,"",0));	# load the first word 
+	&xor($c1,$c1);
+	 &mov("edx",&DWP(0,$b,"",0));	# load the first second 
+
+	for ($i=0; $i<$tot; $i++)
+		{
+		$ai=$as;
+		$bi=$bs;
+		$end=$be+1;
+
+		&comment("################## Calculate word $i"); 
+
+		for ($j=$bs; $j<$end; $j++)
+			{
+			&xor($c2,$c2) if ($j == $bs);
+			if (($j+1) == $end)
+				{
+				$v=1;
+				$v=2 if (($i+1) == $tot);
+				}
+			else
+				{ $v=0; }
+			if (($j+1) != $end)
+				{
+				$na=($ai-1);
+				$nb=($bi+1);
+				}
+			else
+				{
+				$na=$as+($i < ($num-1));
+				$nb=$bs+($i >= ($num-1));
+				}
+#printf STDERR "[$ai,$bi] -> [$na,$nb]\n";
+			&mul_add_c($a,$ai,$b,$bi,$c0,$c1,$c2,$v,$i,$na,$nb);
+			if ($v)
+				{
+				&comment("saved r[$i]");
+				# &mov("eax",&wparam(0));
+				# &mov(&DWP($i*4,"eax","",0),$c0);
+				($c0,$c1,$c2)=($c1,$c2,$c0);
+				}
+			$ai--;
+			$bi++;
+			}
+		$as++ if ($i < ($num-1));
+		$ae++ if ($i >= ($num-1));
+
+		$bs++ if ($i >= ($num-1));
+		$be++ if ($i < ($num-1));
+		}
+	&comment("save r[$i]");
+	# &mov("eax",&wparam(0));
+	&mov(&DWP($i*4,"eax","",0),$c0);
+
+	&pop("ebx");
+	&pop("ebp");
+	&pop("edi");
+	&pop("esi");
+	&ret();
+	&function_end_B($name);
+	}
+
+sub bn_sqr_comba
+	{
+	local($name,$num)=@_;
+	local($r,$a,$c0,$c1,$c2)=@_;
+	local($i,$as,$ae,$bs,$be,$ai,$bi);
+	local($b,$tot,$end,$half);
+
+	&function_begin_B($name,"");
+
+	$c0="ebx";
+	$c1="ecx";
+	$c2="ebp";
+	$a="esi";
+	$r="edi";
+
+	&push("esi");
+	 &push("edi");
+	&push("ebp");
+	 &push("ebx");
+	&mov($r,&wparam(0));
+	 &mov($a,&wparam(1));
+	&xor($c0,$c0);
+	 &xor($c1,$c1);
+	&mov("eax",&DWP(0,$a,"",0)); # load the first word
+
+	$as=0;
+	$ae=0;
+	$bs=0;
+	$be=0;
+	$tot=$num+$num-1;
+
+	for ($i=0; $i<$tot; $i++)
+		{
+		$ai=$as;
+		$bi=$bs;
+		$end=$be+1;
+
+		&comment("############### Calculate word $i");
+		for ($j=$bs; $j<$end; $j++)
+			{
+			&xor($c2,$c2) if ($j == $bs);
+			if (($ai-1) < ($bi+1))
+				{
+				$v=1;
+				$v=2 if ($i+1) == $tot;
+				}
+			else
+				{ $v=0; }
+			if (!$v)
+				{
+				$na=$ai-1;
+				$nb=$bi+1;
+				}
+			else
+				{
+				$na=$as+($i < ($num-1));
+				$nb=$bs+($i >= ($num-1));
+				}
+			if ($ai == $bi)
+				{
+				&sqr_add_c($r,$a,$ai,$bi,
+					$c0,$c1,$c2,$v,$i,$na,$nb);
+				}
+			else
+				{
+				&sqr_add_c2($r,$a,$ai,$bi,
+					$c0,$c1,$c2,$v,$i,$na,$nb);
+				}
+			if ($v)
+				{
+				&comment("saved r[$i]");
+				#&mov(&DWP($i*4,$r,"",0),$c0);
+				($c0,$c1,$c2)=($c1,$c2,$c0);
+				last;
+				}
+			$ai--;
+			$bi++;
+			}
+		$as++ if ($i < ($num-1));
+		$ae++ if ($i >= ($num-1));
+
+		$bs++ if ($i >= ($num-1));
+		$be++ if ($i < ($num-1));
+		}
+	&mov(&DWP($i*4,$r,"",0),$c0);
+	&pop("ebx");
+	&pop("ebp");
+	&pop("edi");
+	&pop("esi");
+	&ret();
+	&function_end_B($name);
+	}
diff --git a/crypto/openssl/crypto/bn/asm/co-alpha.pl b/crypto/openssl/crypto/bn/asm/co-alpha.pl
new file mode 100644
index 000000000000..67dad3e3d5fb
--- /dev/null
+++ b/crypto/openssl/crypto/bn/asm/co-alpha.pl
@@ -0,0 +1,116 @@
+#!/usr/local/bin/perl
+# I have this in perl so I can use more usefull register names and then convert
+# them into alpha registers.
+#
+
+push(@INC,"perlasm","../../perlasm");
+require "alpha.pl";
+
+&asm_init($ARGV[0],$0);
+
+print &bn_sub_words("bn_sub_words");
+
+&asm_finish();
+
+sub bn_sub_words
+	{
+	local($name)=@_;
+	local($cc,$a,$b,$r);
+
+	$cc="r0";
+	$a0="r1"; $b0="r5"; $r0="r9";  $tmp="r13";
+	$a1="r2"; $b1="r6"; $r1="r10"; $t1="r14";
+	$a2="r3"; $b2="r7"; $r2="r11";
+	$a3="r4"; $b3="r8"; $r3="r12"; $t3="r15";
+
+	$rp=&wparam(0);
+	$ap=&wparam(1);
+	$bp=&wparam(2);
+	$count=&wparam(3);
+
+	&function_begin($name,"");
+
+	&comment("");
+	&sub($count,4,$count);
+	&mov("zero",$cc);
+	&blt($count,&label("finish"));
+
+	&ld($a0,&QWPw(0,$ap));
+	&ld($b0,&QWPw(0,$bp));
+
+##########################################################
+	&set_label("loop");
+
+	&ld($a1,&QWPw(1,$ap));
+	 &cmpult($a0,$b0,$tmp);	# will we borrow?
+	&ld($b1,&QWPw(1,$bp));
+	 &sub($a0,$b0,$a0);		# do the subtract
+	&ld($a2,&QWPw(2,$ap));
+	 &cmpult($a0,$cc,$b0);	# will we borrow?
+	&ld($b2,&QWPw(2,$bp));
+	 &sub($a0,$cc,$a0);	# will we borrow?
+	&ld($a3,&QWPw(3,$ap));
+	 &add($b0,$tmp,$cc);	# add the borrows
+
+	&cmpult($a1,$b1,$t1);	# will we borrow?
+	 &sub($a1,$b1,$a1);	# do the subtract
+	&ld($b3,&QWPw(3,$bp));
+	 &cmpult($a1,$cc,$b1);	# will we borrow?
+	&sub($a1,$cc,$a1);	# will we borrow?
+	 &add($b1,$t1,$cc);	# add the borrows
+
+	&cmpult($a2,$b2,$tmp);	# will we borrow?
+	 &sub($a2,$b2,$a2);		# do the subtract
+	&st($a0,&QWPw(0,$rp));	# save
+	 &cmpult($a2,$cc,$b2);	# will we borrow?
+	&sub($a2,$cc,$a2);	# will we borrow?
+	 &add($b2,$tmp,$cc);	# add the borrows
+
+	&cmpult($a3,$b3,$t3);	# will we borrow?
+	 &sub($a3,$b3,$a3);		# do the subtract
+	&st($a1,&QWPw(1,$rp));	# save
+	 &cmpult($a3,$cc,$b3);	# will we borrow?
+	&sub($a3,$cc,$a3);	# will we borrow?
+	 &add($b3,$t3,$cc);	# add the borrows
+
+	&st($a2,&QWPw(2,$rp));	# save
+	 &sub($count,4,$count);	# count-=4
+	&st($a3,&QWPw(3,$rp));	# save
+	 &add($ap,4*$QWS,$ap);	# count+=4
+	&add($bp,4*$QWS,$bp);	# count+=4
+	 &add($rp,4*$QWS,$rp);	# count+=4
+
+	&blt($count,&label("finish"));
+	&ld($a0,&QWPw(0,$ap));
+	 &ld($b0,&QWPw(0,$bp));
+	&br(&label("loop"));
+##################################################
+	# Do the last 0..3 words
+
+	&set_label("last_loop");
+
+	&ld($a0,&QWPw(0,$ap));	# get a
+	 &ld($b0,&QWPw(0,$bp));	# get b
+	&cmpult($a0,$b0,$tmp);	# will we borrow?
+	&sub($a0,$b0,$a0);	# do the subtract
+	&cmpult($a0,$cc,$b0);	# will we borrow?
+	&sub($a0,$cc,$a0);	# will we borrow?
+	&st($a0,&QWPw(0,$rp));	# save
+	&add($b0,$tmp,$cc);	# add the borrows
+
+	&add($ap,$QWS,$ap);
+	&add($bp,$QWS,$bp);
+	&add($rp,$QWS,$rp);
+	&sub($count,1,$count);
+	&bgt($count,&label("last_loop"));
+	&function_end_A($name);
+
+######################################################
+	&set_label("finish");
+	&add($count,4,$count);
+	&bgt($count,&label("last_loop"));
+
+	&set_label("end");
+	&function_end($name);
+	}
+
diff --git a/crypto/openssl/crypto/bn/asm/mips1.s b/crypto/openssl/crypto/bn/asm/mips1.s
new file mode 100644
index 000000000000..44fa1254c763
--- /dev/null
+++ b/crypto/openssl/crypto/bn/asm/mips1.s
@@ -0,0 +1,539 @@
+/* This assember is for R2000/R3000 machines, or higher ones that do
+ * no want to do any 64 bit arithmatic.
+ * Make sure that the SSLeay bignum library is compiled with 
+ * THIRTY_TWO_BIT set.
+ * This must either be compiled with the system CC, or, if you use GNU gas,
+ * cc -E mips1.s|gas -o mips1.o
+ */
+	.set	reorder
+	.set	noat
+
+#define R1	$1
+#define CC	$2
+#define	R2	$3
+#define R3	$8
+#define R4	$9
+#define L1	$10
+#define L2 	$11
+#define L3	$12
+#define L4 	$13
+#define H1 	$14
+#define H2	$15
+#define H3	$24
+#define H4	$25
+
+#define P1	$4
+#define P2	$5
+#define P3	$6
+#define P4	$7
+
+	.align	2
+	.ent	bn_mul_add_words
+	.globl	bn_mul_add_words
+.text
+bn_mul_add_words:
+	.frame	$sp,0,$31
+	.mask	0x00000000,0
+	.fmask	0x00000000,0
+
+	#blt	P3,4,$lab34
+	
+	subu	R1,P3,4
+	move	CC,$0
+	bltz	R1,$lab34
+$lab2:	
+	lw	R1,0(P1)
+	 lw	L1,0(P2)
+	lw	R2,4(P1)
+	 lw	L2,4(P2)
+	lw	R3,8(P1)
+	 lw	L3,8(P2)
+	lw	R4,12(P1)
+	 lw	L4,12(P2)
+	multu	L1,P4
+	 addu	R1,R1,CC
+	mflo	L1
+	 sltu	CC,R1,CC
+	addu	R1,R1,L1
+	 mfhi	H1
+	sltu	L1,R1,L1
+	 sw	R1,0(P1)
+	addu	CC,CC,L1
+	 multu	L2,P4
+	addu	CC,H1,CC
+	mflo	L2
+	 addu	R2,R2,CC
+	sltu	CC,R2,CC
+	 mfhi	H2
+	addu	R2,R2,L2
+	 addu	P2,P2,16
+	sltu	L2,R2,L2
+	 sw	R2,4(P1)
+	addu	CC,CC,L2
+	 multu	L3,P4
+	addu	CC,H2,CC
+	mflo	L3
+	 addu	R3,R3,CC
+	sltu	CC,R3,CC
+	 mfhi	H3
+	addu	R3,R3,L3
+	 addu	P1,P1,16
+	sltu	L3,R3,L3
+	 sw	R3,-8(P1)
+	addu	CC,CC,L3
+	 multu	L4,P4
+	addu	CC,H3,CC
+	mflo	L4
+	 addu	R4,R4,CC
+	sltu	CC,R4,CC
+	 mfhi	H4
+	addu	R4,R4,L4
+	 subu	P3,P3,4
+	sltu	L4,R4,L4
+	addu	CC,CC,L4
+	addu	CC,H4,CC
+
+	subu	R1,P3,4
+	sw	R4,-4(P1)	# delay slot
+	bgez	R1,$lab2
+
+	bleu	P3,0,$lab3
+	.align	2
+$lab33: 
+	lw	L1,0(P2)
+	 lw	R1,0(P1)
+	multu	L1,P4
+	 addu	R1,R1,CC
+	sltu	CC,R1,CC
+	 addu	P1,P1,4
+	mflo	L1
+	 mfhi	H1
+	addu	R1,R1,L1
+	 addu	P2,P2,4
+	sltu	L1,R1,L1
+	 subu	P3,P3,1
+	addu	CC,CC,L1
+	 sw	R1,-4(P1)
+	addu	CC,H1,CC
+	 bgtz	P3,$lab33
+	j	$31
+	.align	2
+$lab3:
+	j	$31
+	.align	2
+$lab34:
+	bgt	P3,0,$lab33
+	j	$31
+	.end	bn_mul_add_words
+
+	.align	2
+	# Program Unit: bn_mul_words
+	.ent	bn_mul_words
+	.globl	bn_mul_words
+.text
+bn_mul_words:
+	.frame	$sp,0,$31
+	.mask	0x00000000,0
+	.fmask	0x00000000,0
+	
+	subu	P3,P3,4
+	move	CC,$0
+	bltz	P3,$lab45
+$lab44:	
+	lw	L1,0(P2)
+	 lw	L2,4(P2)
+	lw	L3,8(P2)
+	 lw	L4,12(P2)
+	multu	L1,P4
+	 subu	P3,P3,4
+	mflo	L1
+	 mfhi	H1
+	addu	L1,L1,CC
+	 multu	L2,P4
+	sltu	CC,L1,CC
+	 sw	L1,0(P1)
+	addu	CC,H1,CC
+	 mflo	L2
+	mfhi	H2
+	 addu	L2,L2,CC
+	multu	L3,P4
+	 sltu	CC,L2,CC
+	sw	L2,4(P1)
+	 addu	CC,H2,CC
+	mflo	L3
+	 mfhi	H3
+	addu	L3,L3,CC
+	 multu	L4,P4
+	sltu	CC,L3,CC
+	 sw	L3,8(P1)
+	addu	CC,H3,CC
+	 mflo	L4
+	mfhi	H4
+	 addu	L4,L4,CC
+	addu	P1,P1,16
+	 sltu	CC,L4,CC
+	addu	P2,P2,16
+	 addu	CC,H4,CC
+	sw	L4,-4(P1)
+
+	bgez	P3,$lab44
+	b	$lab45
+$lab46:
+	lw	L1,0(P2)
+	 addu	P1,P1,4
+	multu	L1,P4
+	 addu	P2,P2,4
+	mflo	L1
+	 mfhi	H1
+	addu	L1,L1,CC
+	 subu	P3,P3,1
+	sltu	CC,L1,CC
+	 sw	L1,-4(P1)
+	addu	CC,H1,CC
+	 bgtz	P3,$lab46
+	j	$31
+$lab45:
+	addu	P3,P3,4
+	bgtz	P3,$lab46
+	j	$31
+	.align	2
+	.end	bn_mul_words
+
+	# Program Unit: bn_sqr_words
+	.ent	bn_sqr_words
+	.globl	bn_sqr_words
+.text
+bn_sqr_words:
+	.frame	$sp,0,$31
+	.mask	0x00000000,0
+	.fmask	0x00000000,0
+	
+	subu	P3,P3,4
+	bltz	P3,$lab55
+$lab54:
+	lw	L1,0(P2)
+	 lw	L2,4(P2)
+	lw	L3,8(P2)
+	 lw	L4,12(P2)
+
+	multu	L1,L1
+	 subu	P3,P3,4
+	mflo	L1
+	 mfhi	H1
+	sw	L1,0(P1)
+	 sw	H1,4(P1)
+
+	multu	L2,L2
+	 addu	P1,P1,32
+	mflo	L2
+	 mfhi	H2
+	sw	L2,-24(P1)
+	 sw	H2,-20(P1)
+
+	multu	L3,L3
+	 addu	P2,P2,16
+	mflo	L3
+	 mfhi	H3
+	sw	L3,-16(P1)
+	 sw	H3,-12(P1)
+
+	multu	L4,L4
+
+	mflo	L4
+	 mfhi	H4
+	sw	L4,-8(P1)
+	 sw	H4,-4(P1)
+
+	bgtz	P3,$lab54
+	b	$lab55
+$lab56:	
+	lw	L1,0(P2)
+	addu	P1,P1,8
+	multu	L1,L1
+	addu	P2,P2,4
+	subu	P3,P3,1
+	mflo	L1
+	mfhi	H1
+	sw	L1,-8(P1)
+	sw	H1,-4(P1)
+
+	bgtz	P3,$lab56
+	j	$31
+$lab55:
+	addu	P3,P3,4
+	bgtz	P3,$lab56
+	j	$31
+	.align	2
+	.end	bn_sqr_words
+
+	# Program Unit: bn_add_words
+	.ent	bn_add_words
+	.globl	bn_add_words
+.text
+bn_add_words: 	 # 0x590
+	.frame	$sp,0,$31
+	.mask	0x00000000,0
+	.fmask	0x00000000,0
+	
+	subu	P4,P4,4
+	move	CC,$0
+	bltz	P4,$lab65
+$lab64:	
+	lw	L1,0(P2)
+	lw	R1,0(P3)
+	lw	L2,4(P2)
+	lw	R2,4(P3)
+
+	addu	L1,L1,CC
+	 lw	L3,8(P2)
+	sltu	CC,L1,CC
+	 addu	L1,L1,R1
+	sltu	R1,L1,R1
+	 lw	R3,8(P3)
+	addu	CC,CC,R1
+	 lw	L4,12(P2)
+
+	addu	L2,L2,CC
+	 lw	R4,12(P3)
+	sltu	CC,L2,CC
+	 addu	L2,L2,R2
+	sltu	R2,L2,R2
+	 sw	L1,0(P1)
+	addu	CC,CC,R2
+	 addu	P1,P1,16
+	addu	L3,L3,CC
+	 sw	L2,-12(P1)
+ 
+	sltu	CC,L3,CC
+	 addu	L3,L3,R3
+	sltu	R3,L3,R3
+	 addu	P2,P2,16
+	addu	CC,CC,R3
+
+	addu	L4,L4,CC
+	 addu	P3,P3,16
+	sltu	CC,L4,CC
+	 addu	L4,L4,R4
+	subu	P4,P4,4
+	 sltu	R4,L4,R4
+	sw	L3,-8(P1)
+	 addu	CC,CC,R4
+	sw	L4,-4(P1)
+
+	bgtz	P4,$lab64
+	b	$lab65
+$lab66:
+	lw	L1,0(P2)
+	 lw	R1,0(P3)
+	addu	L1,L1,CC
+	 addu	P1,P1,4
+	sltu	CC,L1,CC
+	 addu	P2,P2,4
+	addu	P3,P3,4
+	 addu	L1,L1,R1
+	subu	P4,P4,1
+	 sltu	R1,L1,R1
+	sw	L1,-4(P1)
+	 addu	CC,CC,R1
+
+	bgtz	P4,$lab66
+	j	$31
+$lab65:
+	addu	P4,P4,4
+	bgtz	P4,$lab66
+	j	$31
+	.end	bn_add_words
+
+	# Program Unit: bn_div64
+	.set	at
+	.set	reorder
+	.text	
+	.align	2
+	.globl	bn_div64
+ # 321		{
+	.ent	bn_div64 2
+bn_div64:
+	subu	$sp, 64
+	sw	$31, 56($sp)
+	sw	$16, 48($sp)
+	.mask	0x80010000, -56
+	.frame	$sp, 64, $31
+	move	$9, $4
+	move	$12, $5
+	move	$16, $6
+ # 322		BN_ULONG dh,dl,q,ret=0,th,tl,t;
+	move	$31, $0
+ # 323		int i,count=2;
+	li	$13, 2
+ # 324	
+ # 325		if (d == 0) return(BN_MASK2);
+	bne	$16, 0, $80
+	li	$2, -1
+	b	$93
+$80:
+ # 326	
+ # 327		i=BN_num_bits_word(d);
+	move	$4, $16
+	sw	$31, 16($sp)
+	sw	$9, 24($sp)
+	sw	$12, 32($sp)
+	sw	$13, 40($sp)
+	.livereg	0x800ff0e,0xfff
+	jal	BN_num_bits_word
+	li	$4, 32
+	lw	$31, 16($sp)
+	lw	$9, 24($sp)
+	lw	$12, 32($sp)
+	lw	$13, 40($sp)
+	move	$3, $2
+ # 328		if ((i != BN_BITS2) && (h > (BN_ULONG)1<= d) h-=d;
+	bltu	$9, $16, $82
+	subu	$9, $9, $16
+$82:
+ # 337	
+ # 338		if (i)
+	beq	$3, 0, $83
+ # 339			{
+ # 340			d<<=i;
+	sll	$16, $16, $3
+ # 341			h=(h<>(BN_BITS2-i));
+	sll	$24, $9, $3
+	subu	$25, $4, $3
+	srl	$14, $12, $25
+	or	$9, $24, $14
+ # 342			l<<=i;
+	sll	$12, $12, $3
+ # 343			}
+$83:
+ # 344		dh=(d&BN_MASK2h)>>BN_BITS4;
+ # 345		dl=(d&BN_MASK2l);
+	and	$8, $16, -65536
+	srl	$8, $8, 16
+	and	$10, $16, 65535
+	li	$6, -65536
+$84:
+ # 346		for (;;)
+ # 347			{
+ # 348			if ((h>>BN_BITS4) == dh)
+	srl	$15, $9, 16
+	bne	$8, $15, $85
+ # 349				q=BN_MASK2l;
+	li	$5, 65535
+	b	$86
+$85:
+ # 350			else
+ # 351				q=h/dh;
+	divu	$5, $9, $8
+$86:
+ # 352	
+ # 353			for (;;)
+ # 354				{
+ # 355				t=(h-q*dh);
+	mul	$4, $5, $8
+	subu	$2, $9, $4
+	move	$3, $2
+ # 356				if ((t&BN_MASK2h) ||
+ # 357					((dl*q) <= (
+ # 358						(t<>BN_BITS4))))
+	and	$25, $2, $6
+	bne	$25, $0, $87
+	mul	$24, $10, $5
+	sll	$14, $3, 16
+	and	$15, $12, $6
+	srl	$25, $15, 16
+	addu	$15, $14, $25
+	bgtu	$24, $15, $88
+$87:
+ # 360					break;
+	mul	$3, $10, $5
+	b	$89
+$88:
+ # 361				q--;
+	addu	$5, $5, -1
+ # 362				}
+	b	$86
+$89:
+ # 363			th=q*dh;
+ # 364			tl=q*dl;
+ # 365			t=(tl>>BN_BITS4);
+ # 366			tl=(tl<>BN_BITS4))&BN_MASK2;
+	sll	$24, $9, 16
+	srl	$15, $12, 16
+	or	$9, $24, $15
+ # 382			l=(l&BN_MASK2l)<"
+
+/*
+ * ====================================================================
+ * Written by Andy Polyakov  for the OpenSSL
+ * project.
+ *
+ * Rights for redistribution and usage in source and binary forms are
+ * granted according to the OpenSSL license. Warranty of any kind is
+ * disclaimed.
+ * ====================================================================
+ */
+
+/*
+ * This is my modest contributon to the OpenSSL project (see
+ * http://www.openssl.org/ for more information about it) and is
+ * a drop-in MIPS III/IV ISA replacement for crypto/bn/bn_asm.c
+ * module. For updates see http://fy.chalmers.se/~appro/hpe/.
+ *
+ * The module is designed to work with either of the "new" MIPS ABI(5),
+ * namely N32 or N64, offered by IRIX 6.x. It's not ment to work under
+ * IRIX 5.x not only because it doesn't support new ABIs but also
+ * because 5.x kernels put R4x00 CPU into 32-bit mode and all those
+ * 64-bit instructions (daddu, dmultu, etc.) found below gonna only
+ * cause illegal instruction exception:-(
+ *
+ * In addition the code depends on preprocessor flags set up by MIPSpro
+ * compiler driver (either as or cc) and therefore (probably?) can't be
+ * compiled by the GNU assembler. GNU C driver manages fine though...
+ * I mean as long as -mmips-as is specified or is the default option,
+ * because then it simply invokes /usr/bin/as which in turn takes
+ * perfect care of the preprocessor definitions. Another neat feature
+ * offered by the MIPSpro assembler is an optimization pass. This gave
+ * me the opportunity to have the code looking more regular as all those
+ * architecture dependent instruction rescheduling details were left to
+ * the assembler. Cool, huh?
+ *
+ * Performance improvement is astonishing! 'apps/openssl speed rsa dsa'
+ * goes way over 3 times faster!
+ *
+ *					
+ */
+#include 
+#include 
+
+#if _MIPS_ISA>=4
+#define	MOVNZ(cond,dst,src)	\
+	movn	dst,src,cond
+#else
+#define	MOVNZ(cond,dst,src)	\
+	.set	noreorder;	\
+	bnezl	cond,.+8;	\
+	move	dst,src;	\
+	.set	reorder
+#endif
+
+.text
+
+.set	noat
+.set	reorder
+
+#define	MINUS4	v1
+
+.align	5
+LEAF(bn_mul_add_words)
+	.set	noreorder
+	bgtzl	a2,.L_bn_mul_add_words_proceed
+	ld	t0,0(a1)
+	jr	ra
+	move	v0,zero
+	.set	reorder
+
+.L_bn_mul_add_words_proceed:
+	li	MINUS4,-4
+	and	ta0,a2,MINUS4
+	move	v0,zero
+	beqz	ta0,.L_bn_mul_add_words_tail
+
+.L_bn_mul_add_words_loop:
+	dmultu	t0,a3
+	ld	t1,0(a0)
+	ld	t2,8(a1)
+	ld	t3,8(a0)
+	ld	ta0,16(a1)
+	ld	ta1,16(a0)
+	daddu	t1,v0
+	sltu	v0,t1,v0	/* All manuals say it "compares 32-bit
+				 * values", but it seems to work fine
+				 * even on 64-bit registers. */
+	mflo	AT
+	mfhi	t0
+	daddu	t1,AT
+	daddu	v0,t0
+	sltu	AT,t1,AT
+	sd	t1,0(a0)
+	daddu	v0,AT
+
+	dmultu	t2,a3
+	ld	ta2,24(a1)
+	ld	ta3,24(a0)
+	daddu	t3,v0
+	sltu	v0,t3,v0
+	mflo	AT
+	mfhi	t2
+	daddu	t3,AT
+	daddu	v0,t2
+	sltu	AT,t3,AT
+	sd	t3,8(a0)
+	daddu	v0,AT
+
+	dmultu	ta0,a3
+	subu	a2,4
+	PTR_ADD	a0,32
+	PTR_ADD	a1,32
+	daddu	ta1,v0
+	sltu	v0,ta1,v0
+	mflo	AT
+	mfhi	ta0
+	daddu	ta1,AT
+	daddu	v0,ta0
+	sltu	AT,ta1,AT
+	sd	ta1,-16(a0)
+	daddu	v0,AT
+
+
+	dmultu	ta2,a3
+	and	ta0,a2,MINUS4
+	daddu	ta3,v0
+	sltu	v0,ta3,v0
+	mflo	AT
+	mfhi	ta2
+	daddu	ta3,AT
+	daddu	v0,ta2
+	sltu	AT,ta3,AT
+	sd	ta3,-8(a0)
+	daddu	v0,AT
+	.set	noreorder
+	bgtzl	ta0,.L_bn_mul_add_words_loop
+	ld	t0,0(a1)
+
+	bnezl	a2,.L_bn_mul_add_words_tail
+	ld	t0,0(a1)
+	.set	reorder
+
+.L_bn_mul_add_words_return:
+	jr	ra
+
+.L_bn_mul_add_words_tail:
+	dmultu	t0,a3
+	ld	t1,0(a0)
+	subu	a2,1
+	daddu	t1,v0
+	sltu	v0,t1,v0
+	mflo	AT
+	mfhi	t0
+	daddu	t1,AT
+	daddu	v0,t0
+	sltu	AT,t1,AT
+	sd	t1,0(a0)
+	daddu	v0,AT
+	beqz	a2,.L_bn_mul_add_words_return
+
+	ld	t0,8(a1)
+	dmultu	t0,a3
+	ld	t1,8(a0)
+	subu	a2,1
+	daddu	t1,v0
+	sltu	v0,t1,v0
+	mflo	AT
+	mfhi	t0
+	daddu	t1,AT
+	daddu	v0,t0
+	sltu	AT,t1,AT
+	sd	t1,8(a0)
+	daddu	v0,AT
+	beqz	a2,.L_bn_mul_add_words_return
+
+	ld	t0,16(a1)
+	dmultu	t0,a3
+	ld	t1,16(a0)
+	daddu	t1,v0
+	sltu	v0,t1,v0
+	mflo	AT
+	mfhi	t0
+	daddu	t1,AT
+	daddu	v0,t0
+	sltu	AT,t1,AT
+	sd	t1,16(a0)
+	daddu	v0,AT
+	jr	ra
+END(bn_mul_add_words)
+
+.align	5
+LEAF(bn_mul_words)
+	.set	noreorder
+	bgtzl	a2,.L_bn_mul_words_proceed
+	ld	t0,0(a1)
+	jr	ra
+	move	v0,zero
+	.set	reorder
+
+.L_bn_mul_words_proceed:
+	li	MINUS4,-4
+	and	ta0,a2,MINUS4
+	move	v0,zero
+	beqz	ta0,.L_bn_mul_words_tail
+
+.L_bn_mul_words_loop:
+	dmultu	t0,a3
+	ld	t2,8(a1)
+	ld	ta0,16(a1)
+	ld	ta2,24(a1)
+	mflo	AT
+	mfhi	t0
+	daddu	v0,AT
+	sltu	t1,v0,AT
+	sd	v0,0(a0)
+	daddu	v0,t1,t0
+
+	dmultu	t2,a3
+	subu	a2,4
+	PTR_ADD	a0,32
+	PTR_ADD	a1,32
+	mflo	AT
+	mfhi	t2
+	daddu	v0,AT
+	sltu	t3,v0,AT
+	sd	v0,-24(a0)
+	daddu	v0,t3,t2
+
+	dmultu	ta0,a3
+	mflo	AT
+	mfhi	ta0
+	daddu	v0,AT
+	sltu	ta1,v0,AT
+	sd	v0,-16(a0)
+	daddu	v0,ta1,ta0
+
+
+	dmultu	ta2,a3
+	and	ta0,a2,MINUS4
+	mflo	AT
+	mfhi	ta2
+	daddu	v0,AT
+	sltu	ta3,v0,AT
+	sd	v0,-8(a0)
+	daddu	v0,ta3,ta2
+	.set	noreorder
+	bgtzl	ta0,.L_bn_mul_words_loop
+	ld	t0,0(a1)
+
+	bnezl	a2,.L_bn_mul_words_tail
+	ld	t0,0(a1)
+	.set	reorder
+
+.L_bn_mul_words_return:
+	jr	ra
+
+.L_bn_mul_words_tail:
+	dmultu	t0,a3
+	subu	a2,1
+	mflo	AT
+	mfhi	t0
+	daddu	v0,AT
+	sltu	t1,v0,AT
+	sd	v0,0(a0)
+	daddu	v0,t1,t0
+	beqz	a2,.L_bn_mul_words_return
+
+	ld	t0,8(a1)
+	dmultu	t0,a3
+	subu	a2,1
+	mflo	AT
+	mfhi	t0
+	daddu	v0,AT
+	sltu	t1,v0,AT
+	sd	v0,8(a0)
+	daddu	v0,t1,t0
+	beqz	a2,.L_bn_mul_words_return
+
+	ld	t0,16(a1)
+	dmultu	t0,a3
+	mflo	AT
+	mfhi	t0
+	daddu	v0,AT
+	sltu	t1,v0,AT
+	sd	v0,16(a0)
+	daddu	v0,t1,t0
+	jr	ra
+END(bn_mul_words)
+
+.align	5
+LEAF(bn_sqr_words)
+	.set	noreorder
+	bgtzl	a2,.L_bn_sqr_words_proceed
+	ld	t0,0(a1)
+	jr	ra
+	move	v0,zero
+	.set	reorder
+
+.L_bn_sqr_words_proceed:
+	li	MINUS4,-4
+	and	ta0,a2,MINUS4
+	move	v0,zero
+	beqz	ta0,.L_bn_sqr_words_tail
+
+.L_bn_sqr_words_loop:
+	dmultu	t0,t0
+	ld	t2,8(a1)
+	ld	ta0,16(a1)
+	ld	ta2,24(a1)
+	mflo	t1
+	mfhi	t0
+	sd	t1,0(a0)
+	sd	t0,8(a0)
+
+	dmultu	t2,t2
+	subu	a2,4
+	PTR_ADD	a0,64
+	PTR_ADD	a1,32
+	mflo	t3
+	mfhi	t2
+	sd	t3,-48(a0)
+	sd	t2,-40(a0)
+
+	dmultu	ta0,ta0
+	mflo	ta1
+	mfhi	ta0
+	sd	ta1,-32(a0)
+	sd	ta0,-24(a0)
+
+
+	dmultu	ta2,ta2
+	and	ta0,a2,MINUS4
+	mflo	ta3
+	mfhi	ta2
+	sd	ta3,-16(a0)
+	sd	ta2,-8(a0)
+
+	.set	noreorder
+	bgtzl	ta0,.L_bn_sqr_words_loop
+	ld	t0,0(a1)
+
+	bnezl	a2,.L_bn_sqr_words_tail
+	ld	t0,0(a1)
+	.set	reorder
+
+.L_bn_sqr_words_return:
+	move	v0,zero
+	jr	ra
+
+.L_bn_sqr_words_tail:
+	dmultu	t0,t0
+	subu	a2,1
+	mflo	t1
+	mfhi	t0
+	sd	t1,0(a0)
+	sd	t0,8(a0)
+	beqz	a2,.L_bn_sqr_words_return
+
+	ld	t0,8(a1)
+	dmultu	t0,t0
+	subu	a2,1
+	mflo	t1
+	mfhi	t0
+	sd	t1,16(a0)
+	sd	t0,24(a0)
+	beqz	a2,.L_bn_sqr_words_return
+
+	ld	t0,16(a1)
+	dmultu	t0,t0
+	mflo	t1
+	mfhi	t0
+	sd	t1,32(a0)
+	sd	t0,40(a0)
+	jr	ra
+END(bn_sqr_words)
+
+.align	5
+LEAF(bn_add_words)
+	.set	noreorder
+	bgtzl	a3,.L_bn_add_words_proceed
+	ld	t0,0(a1)
+	jr	ra
+	move	v0,zero
+	.set	reorder
+
+.L_bn_add_words_proceed:
+	li	MINUS4,-4
+	and	AT,a3,MINUS4
+	move	v0,zero
+	beqz	AT,.L_bn_add_words_tail
+
+.L_bn_add_words_loop:
+	ld	ta0,0(a2)
+	ld	t1,8(a1)
+	ld	ta1,8(a2)
+	ld	t2,16(a1)
+	ld	ta2,16(a2)
+	ld	t3,24(a1)
+	ld	ta3,24(a2)
+	daddu	ta0,t0
+	subu	a3,4
+	sltu	t8,ta0,t0
+	daddu	t0,ta0,v0
+	PTR_ADD	a0,32
+	sltu	v0,t0,ta0
+	sd	t0,-32(a0)
+	daddu	v0,t8
+
+	daddu	ta1,t1
+	PTR_ADD	a1,32
+	sltu	t9,ta1,t1
+	daddu	t1,ta1,v0
+	PTR_ADD	a2,32
+	sltu	v0,t1,ta1
+	sd	t1,-24(a0)
+	daddu	v0,t9
+
+	daddu	ta2,t2
+	and	AT,a3,MINUS4
+	sltu	t8,ta2,t2
+	daddu	t2,ta2,v0
+	sltu	v0,t2,ta2
+	sd	t2,-16(a0)
+	daddu	v0,t8
+	
+	daddu	ta3,t3
+	sltu	t9,ta3,t3
+	daddu	t3,ta3,v0
+	sltu	v0,t3,ta3
+	sd	t3,-8(a0)
+	daddu	v0,t9
+	
+	.set	noreorder
+	bgtzl	AT,.L_bn_add_words_loop
+	ld	t0,0(a1)
+
+	bnezl	a3,.L_bn_add_words_tail
+	ld	t0,0(a1)
+	.set	reorder
+
+.L_bn_add_words_return:
+	jr	ra
+
+.L_bn_add_words_tail:
+	ld	ta0,0(a2)
+	daddu	ta0,t0
+	subu	a3,1
+	sltu	t8,ta0,t0
+	daddu	t0,ta0,v0
+	sltu	v0,t0,ta0
+	sd	t0,0(a0)
+	daddu	v0,t8
+	beqz	a3,.L_bn_add_words_return
+
+	ld	t1,8(a1)
+	ld	ta1,8(a2)
+	daddu	ta1,t1
+	subu	a3,1
+	sltu	t9,ta1,t1
+	daddu	t1,ta1,v0
+	sltu	v0,t1,ta1
+	sd	t1,8(a0)
+	daddu	v0,t9
+	beqz	a3,.L_bn_add_words_return
+
+	ld	t2,16(a1)
+	ld	ta2,16(a2)
+	daddu	ta2,t2
+	sltu	t8,ta2,t2
+	daddu	t2,ta2,v0
+	sltu	v0,t2,ta2
+	sd	t2,16(a0)
+	daddu	v0,t8
+	jr	ra
+END(bn_add_words)
+
+.align	5
+LEAF(bn_sub_words)
+	.set	noreorder
+	bgtzl	a3,.L_bn_sub_words_proceed
+	ld	t0,0(a1)
+	jr	ra
+	move	v0,zero
+	.set	reorder
+
+.L_bn_sub_words_proceed:
+	li	MINUS4,-4
+	and	AT,a3,MINUS4
+	move	v0,zero
+	beqz	AT,.L_bn_sub_words_tail
+
+.L_bn_sub_words_loop:
+	ld	ta0,0(a2)
+	ld	t1,8(a1)
+	ld	ta1,8(a2)
+	ld	t2,16(a1)
+	ld	ta2,16(a2)
+	ld	t3,24(a1)
+	ld	ta3,24(a2)
+	sltu	t8,t0,ta0
+	dsubu	t0,ta0
+	subu	a3,4
+	dsubu	ta0,t0,v0
+	and	AT,a3,MINUS4
+	sd	ta0,0(a0)
+	MOVNZ	(t0,v0,t8)
+
+	sltu	t9,t1,ta1
+	dsubu	t1,ta1
+	PTR_ADD	a0,32
+	dsubu	ta1,t1,v0
+	PTR_ADD	a1,32
+	sd	ta1,-24(a0)
+	MOVNZ	(t1,v0,t9)
+
+
+	sltu	t8,t2,ta2
+	dsubu	t2,ta2
+	dsubu	ta2,t2,v0
+	PTR_ADD	a2,32
+	sd	ta2,-16(a0)
+	MOVNZ	(t2,v0,t8)
+
+	sltu	t9,t3,ta3
+	dsubu	t3,ta3
+	dsubu	ta3,t3,v0
+	sd	ta3,-8(a0)
+	MOVNZ	(t3,v0,t9)
+
+	.set	noreorder
+	bgtzl	AT,.L_bn_sub_words_loop
+	ld	t0,0(a1)
+
+	bnezl	a3,.L_bn_sub_words_tail
+	ld	t0,0(a1)
+	.set	reorder
+
+.L_bn_sub_words_return:
+	jr	ra
+
+.L_bn_sub_words_tail:
+	ld	ta0,0(a2)
+	subu	a3,1
+	sltu	t8,t0,ta0
+	dsubu	t0,ta0
+	dsubu	ta0,t0,v0
+	MOVNZ	(t0,v0,t8)
+	sd	ta0,0(a0)
+	beqz	a3,.L_bn_sub_words_return
+
+	ld	t1,8(a1)
+	subu	a3,1
+	ld	ta1,8(a2)
+	sltu	t9,t1,ta1
+	dsubu	t1,ta1
+	dsubu	ta1,t1,v0
+	MOVNZ	(t1,v0,t9)
+	sd	ta1,8(a0)
+	beqz	a3,.L_bn_sub_words_return
+
+	ld	t2,16(a1)
+	ld	ta2,16(a2)
+	sltu	t8,t2,ta2
+	dsubu	t2,ta2
+	dsubu	ta2,t2,v0
+	MOVNZ	(t2,v0,t8)
+	sd	ta2,16(a0)
+	jr	ra
+END(bn_sub_words)
+
+#undef	MINUS4
+
+.align	5
+LEAF(bn_div_words)
+	.set	noreorder
+	bnezl	a2,.L_bn_div_words_proceed
+	move	v1,zero
+	jr	ra
+	li	v0,-1		/* I'd rather signal div-by-zero
+				 * which can be done with 'break 7' */
+
+.L_bn_div_words_proceed:
+	bltz	a2,.L_bn_div_words_body
+	move	t9,v1
+	dsll	a2,1
+	bgtz	a2,.-4
+	addu	t9,1
+
+	.set	reorder
+	negu	t1,t9
+	li	t2,-1
+	dsll	t2,t1
+	and	t2,a0
+	dsrl	AT,a1,t1
+	.set	noreorder
+	bnezl	t2,.+8
+	break	6		/* signal overflow */
+	.set	reorder
+	dsll	a0,t9
+	dsll	a1,t9
+	or	a0,AT
+
+#define	QT	ta0
+#define	HH	ta1
+#define	DH	v1
+.L_bn_div_words_body:
+	dsrl	DH,a2,32
+	sgeu	AT,a0,a2
+	.set	noreorder
+	bnezl	AT,.+8
+	dsubu	a0,a2
+	.set	reorder
+
+	li	QT,-1
+	dsrl	HH,a0,32
+	dsrl	QT,32	/* q=0xffffffff */
+	beq	DH,HH,.L_bn_div_words_skip_div1
+	ddivu	zero,a0,DH
+	mflo	QT
+.L_bn_div_words_skip_div1:
+	dmultu	a2,QT
+	dsll	t3,a0,32
+	dsrl	AT,a1,32
+	or	t3,AT
+	mflo	t0
+	mfhi	t1
+.L_bn_div_words_inner_loop1:
+	sltu	t2,t3,t0
+	seq	t8,HH,t1
+	sltu	AT,HH,t1
+	and	t2,t8
+	or	AT,t2
+	.set	noreorder
+	beqz	AT,.L_bn_div_words_inner_loop1_done
+	sltu	t2,t0,a2
+	.set	reorder
+	dsubu	QT,1
+	dsubu	t0,a2
+	dsubu	t1,t2
+	b	.L_bn_div_words_inner_loop1
+.L_bn_div_words_inner_loop1_done:	
+
+	dsll	a1,32
+	dsubu	a0,t3,t0
+	dsll	v0,QT,32
+
+	li	QT,-1
+	dsrl	HH,a0,32
+	dsrl	QT,32	/* q=0xffffffff */
+	beq	DH,HH,.L_bn_div_words_skip_div2
+	ddivu	zero,a0,DH
+	mflo	QT
+.L_bn_div_words_skip_div2:
+	dmultu	a2,QT
+	dsll	t3,a0,32
+	dsrl	AT,a1,32
+	or	t3,AT
+	mflo	t0
+	mfhi	t1
+.L_bn_div_words_inner_loop2:
+	sltu	t2,t3,t0
+	seq	t8,HH,t1
+	sltu	AT,HH,t1
+	and	t2,t8
+	or	AT,t2
+	.set	noreorder
+	beqz	AT,.L_bn_div_words_inner_loop2_done
+	sltu	t2,t0,a2
+	.set	reorder
+	dsubu	QT,1
+	dsubu	t0,a2
+	dsubu	t1,t2
+	b	.L_bn_div_words_inner_loop2
+.L_bn_div_words_inner_loop2_done:	
+
+	dsubu	a0,t3,t0
+	or	v0,QT
+	dsrl	v1,a0,t9	/* v1 contains remainder if anybody wants it */
+	dsrl	a2,t9		/* restore a2 */
+	jr	ra
+#undef	HH
+#undef	DH
+#undef	QT
+END(bn_div_words)
+
+.align 5
+LEAF(bn_div_3_words)
+	.set	reorder
+	move	a3,a0		/* we know that bn_div_words doesn't
+				 * touch a3, ta2, ta3 and preserves a2
+				 * so that we can save two arguments
+				 * and return address in registers
+				 * instead of stack:-)
+				 */
+	ld	a0,(a3)
+	move	ta2,a2
+	move	a2,a1
+	ld	a1,-8(a3)
+	move	ta3,ra
+	move	v1,zero
+	li	v0,-1
+	beq	a0,a2,.L_bn_div_3_words_skip_div
+	jal	bn_div_words
+	move	ra,ta3
+.L_bn_div_3_words_skip_div:
+	dmultu	ta2,v0
+	ld	t2,-16(a3)
+	mflo	t0
+	mfhi	t1
+.L_bn_div_3_words_inner_loop:
+	sgeu	AT,t2,t0
+	seq	t9,t1,v1
+	sltu	t8,t1,v1
+	and	AT,t9
+	or	AT,t8
+	bnez	AT,.L_bn_div_3_words_inner_loop_done
+	daddu	v1,a2
+	sltu	t3,t0,ta2
+	sltu	AT,v1,a2
+	dsubu	v0,1
+	dsubu	t0,ta2
+	dsubu	t1,t3
+	beqz	AT,.L_bn_div_3_words_inner_loop
+.L_bn_div_3_words_inner_loop_done:
+	jr	ra
+END(bn_div_3_words)
+
+#define	a_0	t0
+#define	a_1	t1
+#define	a_2	t2
+#define	a_3	t3
+#define	b_0	ta0
+#define	b_1	ta1
+#define	b_2	ta2
+#define	b_3	ta3
+
+#define	a_4	s0
+#define	a_5	s2
+#define	a_6	s4
+#define	a_7	a1	/* once we load a[7] we don't need a anymore */
+#define	b_4	s1
+#define	b_5	s3
+#define	b_6	s5
+#define	b_7	a2	/* once we load b[7] we don't need b anymore */
+
+#define	t_1	t8
+#define	t_2	t9
+
+#define	c_1	v0
+#define	c_2	v1
+#define	c_3	a3
+
+#define	FRAME_SIZE	48
+
+.align	5
+LEAF(bn_mul_comba8)
+	.set	noreorder
+	PTR_SUB	sp,FRAME_SIZE
+	.frame	sp,64,ra
+	.set	reorder
+	ld	a_0,0(a1)	/* If compiled with -mips3 option on
+				 * R5000 box assembler barks on this
+				 * line with "shouldn't have mult/div
+				 * as last instruction in bb (R10K
+				 * bug)" warning. If anybody out there
+				 * has a clue about how to circumvent
+				 * this do send me a note.
+				 *		
+				 */
+	ld	b_0,0(a2)
+	ld	a_1,8(a1)
+	ld	a_2,16(a1)
+	ld	a_3,24(a1)
+	ld	b_1,8(a2)
+	ld	b_2,16(a2)
+	ld	b_3,24(a2)
+	dmultu	a_0,b_0		/* mul_add_c(a[0],b[0],c1,c2,c3); */
+	sd	s0,0(sp)
+	sd	s1,8(sp)
+	sd	s2,16(sp)
+	sd	s3,24(sp)
+	sd	s4,32(sp)
+	sd	s5,40(sp)
+	mflo	c_1
+	mfhi	c_2
+
+	dmultu	a_0,b_1		/* mul_add_c(a[0],b[1],c2,c3,c1); */
+	ld	a_4,32(a1)
+	ld	a_5,40(a1)
+	ld	a_6,48(a1)
+	ld	a_7,56(a1)
+	ld	b_4,32(a2)
+	ld	b_5,40(a2)
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	c_3,t_2,AT
+	dmultu	a_1,b_0		/* mul_add_c(a[1],b[0],c2,c3,c1); */
+	ld	b_6,48(a2)
+	ld	b_7,56(a2)
+	sd	c_1,0(a0)	/* r[0]=c1; */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	c_1,c_3,t_2
+	sd	c_2,8(a0)	/* r[1]=c2; */
+
+	dmultu	a_2,b_0		/* mul_add_c(a[2],b[0],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	dmultu	a_1,b_1		/* mul_add_c(a[1],b[1],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	c_2,c_1,t_2
+	dmultu	a_0,b_2		/* mul_add_c(a[0],b[2],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	AT,c_1,t_2
+	daddu	c_2,AT
+	sd	c_3,16(a0)	/* r[2]=c3; */
+
+	dmultu	a_0,b_3		/* mul_add_c(a[0],b[3],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	dmultu	a_1,b_2		/* mul_add_c(a[1],b[2],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	c_3,c_2,t_2
+	dmultu	a_2,b_1		/* mul_add_c(a[2],b[1],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	AT,c_2,t_2
+	daddu	c_3,AT
+	dmultu	a_3,b_0		/* mul_add_c(a[3],b[0],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	AT,c_2,t_2
+	daddu	c_3,AT
+	sd	c_1,24(a0)	/* r[3]=c1; */
+
+	dmultu	a_4,b_0		/* mul_add_c(a[4],b[0],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	dmultu	a_3,b_1		/* mul_add_c(a[3],b[1],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	c_1,c_3,t_2
+	dmultu	a_2,b_2		/* mul_add_c(a[2],b[2],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	AT,c_3,t_2
+	daddu	c_1,AT
+	dmultu	a_1,b_3		/* mul_add_c(a[1],b[3],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	AT,c_3,t_2
+	daddu	c_1,AT
+	dmultu	a_0,b_4		/* mul_add_c(a[0],b[4],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	AT,c_3,t_2
+	daddu	c_1,AT
+	sd	c_2,32(a0)	/* r[4]=c2; */
+
+	dmultu	a_0,b_5		/* mul_add_c(a[0],b[5],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	dmultu	a_1,b_4		/* mul_add_c(a[1],b[4],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	c_2,c_1,t_2
+	dmultu	a_2,b_3		/* mul_add_c(a[2],b[3],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	AT,c_1,t_2
+	daddu	c_2,AT
+	dmultu	a_3,b_2		/* mul_add_c(a[3],b[2],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	AT,c_1,t_2
+	daddu	c_2,AT
+	dmultu	a_4,b_1		/* mul_add_c(a[4],b[1],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	AT,c_1,t_2
+	daddu	c_2,AT
+	dmultu	a_5,b_0		/* mul_add_c(a[5],b[0],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	AT,c_1,t_2
+	daddu	c_2,AT
+	sd	c_3,40(a0)	/* r[5]=c3; */
+
+	dmultu	a_6,b_0		/* mul_add_c(a[6],b[0],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	dmultu	a_5,b_1		/* mul_add_c(a[5],b[1],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	c_3,c_2,t_2
+	dmultu	a_4,b_2		/* mul_add_c(a[4],b[2],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	AT,c_2,t_2
+	daddu	c_3,AT
+	dmultu	a_3,b_3		/* mul_add_c(a[3],b[3],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	AT,c_2,t_2
+	daddu	c_3,AT
+	dmultu	a_2,b_4		/* mul_add_c(a[2],b[4],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	AT,c_2,t_2
+	daddu	c_3,AT
+	dmultu	a_1,b_5		/* mul_add_c(a[1],b[5],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	AT,c_2,t_2
+	daddu	c_3,AT
+	dmultu	a_0,b_6		/* mul_add_c(a[0],b[6],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	AT,c_2,t_2
+	daddu	c_3,AT
+	sd	c_1,48(a0)	/* r[6]=c1; */
+
+	dmultu	a_0,b_7		/* mul_add_c(a[0],b[7],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	dmultu	a_1,b_6		/* mul_add_c(a[1],b[6],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	c_1,c_3,t_2
+	dmultu	a_2,b_5		/* mul_add_c(a[2],b[5],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	AT,c_3,t_2
+	daddu	c_1,AT
+	dmultu	a_3,b_4		/* mul_add_c(a[3],b[4],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	AT,c_3,t_2
+	daddu	c_1,AT
+	dmultu	a_4,b_3		/* mul_add_c(a[4],b[3],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	AT,c_3,t_2
+	daddu	c_1,AT
+	dmultu	a_5,b_2		/* mul_add_c(a[5],b[2],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	AT,c_3,t_2
+	daddu	c_1,AT
+	dmultu	a_6,b_1		/* mul_add_c(a[6],b[1],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	AT,c_3,t_2
+	daddu	c_1,AT
+	dmultu	a_7,b_0		/* mul_add_c(a[7],b[0],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	AT,c_3,t_2
+	daddu	c_1,AT
+	sd	c_2,56(a0)	/* r[7]=c2; */
+
+	dmultu	a_7,b_1		/* mul_add_c(a[7],b[1],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	dmultu	a_6,b_2		/* mul_add_c(a[6],b[2],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	c_2,c_1,t_2
+	dmultu	a_5,b_3		/* mul_add_c(a[5],b[3],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	AT,c_1,t_2
+	daddu	c_2,AT
+	dmultu	a_4,b_4		/* mul_add_c(a[4],b[4],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	AT,c_1,t_2
+	daddu	c_2,AT
+	dmultu	a_3,b_5		/* mul_add_c(a[3],b[5],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	AT,c_1,t_2
+	daddu	c_2,AT
+	dmultu	a_2,b_6		/* mul_add_c(a[2],b[6],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	AT,c_1,t_2
+	daddu	c_2,AT
+	dmultu	a_1,b_7		/* mul_add_c(a[1],b[7],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	AT,c_1,t_2
+	daddu	c_2,AT
+	sd	c_3,64(a0)	/* r[8]=c3; */
+
+	dmultu	a_2,b_7		/* mul_add_c(a[2],b[7],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	dmultu	a_3,b_6		/* mul_add_c(a[3],b[6],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	c_3,c_2,t_2
+	dmultu	a_4,b_5		/* mul_add_c(a[4],b[5],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	AT,c_2,t_2
+	daddu	c_3,AT
+	dmultu	a_5,b_4		/* mul_add_c(a[5],b[4],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	AT,c_2,t_2
+	daddu	c_3,AT
+	dmultu	a_6,b_3		/* mul_add_c(a[6],b[3],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	AT,c_2,t_2
+	daddu	c_3,AT
+	dmultu	a_7,b_2		/* mul_add_c(a[7],b[2],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	AT,c_2,t_2
+	daddu	c_3,AT
+	sd	c_1,72(a0)	/* r[9]=c1; */
+
+	dmultu	a_7,b_3		/* mul_add_c(a[7],b[3],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	dmultu	a_6,b_4		/* mul_add_c(a[6],b[4],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	c_1,c_3,t_2
+	dmultu	a_5,b_5		/* mul_add_c(a[5],b[5],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	AT,c_3,t_2
+	daddu	c_1,AT
+	dmultu	a_4,b_6		/* mul_add_c(a[4],b[6],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	AT,c_3,t_2
+	daddu	c_1,AT
+	dmultu	a_3,b_7		/* mul_add_c(a[3],b[7],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	AT,c_3,t_2
+	daddu	c_1,AT
+	sd	c_2,80(a0)	/* r[10]=c2; */
+
+	dmultu	a_4,b_7		/* mul_add_c(a[4],b[7],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	dmultu	a_5,b_6		/* mul_add_c(a[5],b[6],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	c_2,c_1,t_2
+	dmultu	a_6,b_5		/* mul_add_c(a[6],b[5],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	AT,c_1,t_2
+	daddu	c_2,AT
+	dmultu	a_7,b_4		/* mul_add_c(a[7],b[4],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	AT,c_1,t_2
+	daddu	c_2,AT
+	sd	c_3,88(a0)	/* r[11]=c3; */
+
+	dmultu	a_7,b_5		/* mul_add_c(a[7],b[5],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	dmultu	a_6,b_6		/* mul_add_c(a[6],b[6],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	c_3,c_2,t_2
+	dmultu	a_5,b_7		/* mul_add_c(a[5],b[7],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	AT,c_2,t_2
+	daddu	c_3,AT
+	sd	c_1,96(a0)	/* r[12]=c1; */
+
+	dmultu	a_6,b_7		/* mul_add_c(a[6],b[7],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	dmultu	a_7,b_6		/* mul_add_c(a[7],b[6],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	c_1,c_3,t_2
+	sd	c_2,104(a0)	/* r[13]=c2; */
+
+	dmultu	a_7,b_7		/* mul_add_c(a[7],b[7],c3,c1,c2); */
+	ld	s0,0(sp)
+	ld	s1,8(sp)
+	ld	s2,16(sp)
+	ld	s3,24(sp)
+	ld	s4,32(sp)
+	ld	s5,40(sp)
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sd	c_3,112(a0)	/* r[14]=c3; */
+	sd	c_1,120(a0)	/* r[15]=c1; */
+
+	PTR_ADD	sp,FRAME_SIZE
+
+	jr	ra
+END(bn_mul_comba8)
+
+.align	5
+LEAF(bn_mul_comba4)
+	.set	reorder
+	ld	a_0,0(a1)
+	ld	b_0,0(a2)
+	ld	a_1,8(a1)
+	ld	a_2,16(a1)
+	dmultu	a_0,b_0		/* mul_add_c(a[0],b[0],c1,c2,c3); */
+	ld	a_3,24(a1)
+	ld	b_1,8(a2)
+	ld	b_2,16(a2)
+	ld	b_3,24(a2)
+	mflo	c_1
+	mfhi	c_2
+	sd	c_1,0(a0)
+
+	dmultu	a_0,b_1		/* mul_add_c(a[0],b[1],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	c_3,t_2,AT
+	dmultu	a_1,b_0		/* mul_add_c(a[1],b[0],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	c_1,c_3,t_2
+	sd	c_2,8(a0)
+
+	dmultu	a_2,b_0		/* mul_add_c(a[2],b[0],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	dmultu	a_1,b_1		/* mul_add_c(a[1],b[1],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	c_2,c_1,t_2
+	dmultu	a_0,b_2		/* mul_add_c(a[0],b[2],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	AT,c_1,t_2
+	daddu	c_2,AT
+	sd	c_3,16(a0)
+
+	dmultu	a_0,b_3		/* mul_add_c(a[0],b[3],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	dmultu	a_1,b_2		/* mul_add_c(a[1],b[2],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	c_3,c_2,t_2
+	dmultu	a_2,b_1		/* mul_add_c(a[2],b[1],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	AT,c_2,t_2
+	daddu	c_3,AT
+	dmultu	a_3,b_0		/* mul_add_c(a[3],b[0],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	AT,c_2,t_2
+	daddu	c_3,AT
+	sd	c_1,24(a0)
+
+	dmultu	a_3,b_1		/* mul_add_c(a[3],b[1],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	dmultu	a_2,b_2		/* mul_add_c(a[2],b[2],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	c_1,c_3,t_2
+	dmultu	a_1,b_3		/* mul_add_c(a[1],b[3],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	AT,c_3,t_2
+	daddu	c_1,AT
+	sd	c_2,32(a0)
+
+	dmultu	a_2,b_3		/* mul_add_c(a[2],b[3],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	dmultu	a_3,b_2		/* mul_add_c(a[3],b[2],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	c_2,c_1,t_2
+	sd	c_3,40(a0)
+
+	dmultu	a_3,b_3		/* mul_add_c(a[3],b[3],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sd	c_1,48(a0)
+	sd	c_2,56(a0)
+
+	jr	ra
+END(bn_mul_comba4)
+
+#undef	a_4
+#undef	a_5
+#undef	a_6
+#undef	a_7
+#define	a_4	b_0
+#define	a_5	b_1
+#define	a_6	b_2
+#define	a_7	b_3
+
+.align	5
+LEAF(bn_sqr_comba8)
+	.set	reorder
+	ld	a_0,0(a1)
+	ld	a_1,8(a1)
+	ld	a_2,16(a1)
+	ld	a_3,24(a1)
+
+	dmultu	a_0,a_0		/* mul_add_c(a[0],b[0],c1,c2,c3); */
+	ld	a_4,32(a1)
+	ld	a_5,40(a1)
+	ld	a_6,48(a1)
+	ld	a_7,56(a1)
+	mflo	c_1
+	mfhi	c_2
+	sd	c_1,0(a0)
+
+	dmultu	a_0,a_1		/* mul_add_c2(a[0],b[1],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	c_3,t_2,AT
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	c_1,c_3,t_2
+	sd	c_2,8(a0)
+
+	dmultu	a_2,a_0		/* mul_add_c2(a[2],b[0],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	a2,t_2,AT
+	daddu	c_1,a2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	c_2,c_1,t_2
+	dmultu	a_1,a_1		/* mul_add_c(a[1],b[1],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	AT,c_1,t_2
+	daddu	c_2,AT
+	sd	c_3,16(a0)
+
+	dmultu	a_0,a_3		/* mul_add_c2(a[0],b[3],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	a2,t_2,AT
+	daddu	c_2,a2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	c_3,c_2,t_2
+	dmultu	a_1,a_2		/* mul_add_c2(a[1],b[2],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	a2,t_2,AT
+	daddu	c_2,a2
+	sltu	AT,c_2,a2
+	daddu	c_3,AT
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	AT,c_2,t_2
+	daddu	c_3,AT
+	sd	c_1,24(a0)
+
+	dmultu	a_4,a_0		/* mul_add_c2(a[4],b[0],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	a2,t_2,AT
+	daddu	c_3,a2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	c_1,c_3,t_2
+	dmultu	a_3,a_1		/* mul_add_c2(a[3],b[1],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	a2,t_2,AT
+	daddu	c_3,a2
+	sltu	AT,c_3,a2
+	daddu	c_1,AT
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	AT,c_3,t_2
+	daddu	c_1,AT
+	dmultu	a_2,a_2		/* mul_add_c(a[2],b[2],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	AT,c_3,t_2
+	daddu	c_1,AT
+	sd	c_2,32(a0)
+
+	dmultu	a_0,a_5		/* mul_add_c2(a[0],b[5],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	a2,t_2,AT
+	daddu	c_1,a2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	c_2,c_1,t_2
+	dmultu	a_1,a_4		/* mul_add_c2(a[1],b[4],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	a2,t_2,AT
+	daddu	c_1,a2
+	sltu	AT,c_1,a2
+	daddu	c_2,AT
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	AT,c_1,t_2
+	daddu	c_2,AT
+	dmultu	a_2,a_3		/* mul_add_c2(a[2],b[3],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	a2,t_2,AT
+	daddu	c_1,a2
+	sltu	AT,c_1,a2
+	daddu	c_2,AT
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	AT,c_1,t_2
+	daddu	c_2,AT
+	sd	c_3,40(a0)
+
+	dmultu	a_6,a_0		/* mul_add_c2(a[6],b[0],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	a2,t_2,AT
+	daddu	c_2,a2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	c_3,c_2,t_2
+	dmultu	a_5,a_1		/* mul_add_c2(a[5],b[1],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	a2,t_2,AT
+	daddu	c_2,a2
+	sltu	AT,c_2,a2
+	daddu	c_3,AT
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	AT,c_2,t_2
+	daddu	c_3,AT
+	dmultu	a_4,a_2		/* mul_add_c2(a[4],b[2],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	a2,t_2,AT
+	daddu	c_2,a2
+	sltu	AT,c_2,a2
+	daddu	c_3,AT
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	AT,c_2,t_2
+	daddu	c_3,AT
+	dmultu	a_3,a_3		/* mul_add_c(a[3],b[3],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	AT,c_2,t_2
+	daddu	c_3,AT
+	sd	c_1,48(a0)
+
+	dmultu	a_0,a_7		/* mul_add_c2(a[0],b[7],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	a2,t_2,AT
+	daddu	c_3,a2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	c_1,c_3,t_2
+	dmultu	a_1,a_6		/* mul_add_c2(a[1],b[6],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	a2,t_2,AT
+	daddu	c_3,a2
+	sltu	AT,c_3,a2
+	daddu	c_1,AT
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	AT,c_3,t_2
+	daddu	c_1,AT
+	dmultu	a_2,a_5		/* mul_add_c2(a[2],b[5],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	a2,t_2,AT
+	daddu	c_3,a2
+	sltu	AT,c_3,a2
+	daddu	c_1,AT
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	AT,c_3,t_2
+	daddu	c_1,AT
+	dmultu	a_3,a_4		/* mul_add_c2(a[3],b[4],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	a2,t_2,AT
+	daddu	c_3,a2
+	sltu	AT,c_3,a2
+	daddu	c_1,AT
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	AT,c_3,t_2
+	daddu	c_1,AT
+	sd	c_2,56(a0)
+
+	dmultu	a_7,a_1		/* mul_add_c2(a[7],b[1],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	a2,t_2,AT
+	daddu	c_1,a2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	c_2,c_1,t_2
+	dmultu	a_6,a_2		/* mul_add_c2(a[6],b[2],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	a2,t_2,AT
+	daddu	c_1,a2
+	sltu	AT,c_1,a2
+	daddu	c_2,AT
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	AT,c_1,t_2
+	daddu	c_2,AT
+	dmultu	a_5,a_3		/* mul_add_c2(a[5],b[3],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	a2,t_2,AT
+	daddu	c_1,a2
+	sltu	AT,c_1,a2
+	daddu	c_2,AT
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	AT,c_1,t_2
+	daddu	c_2,AT
+	dmultu	a_4,a_4		/* mul_add_c(a[4],b[4],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	AT,c_1,t_2
+	daddu	c_2,AT
+	sd	c_3,64(a0)
+
+	dmultu	a_2,a_7		/* mul_add_c2(a[2],b[7],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	a2,t_2,AT
+	daddu	c_2,a2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	c_3,c_2,t_2
+	dmultu	a_3,a_6		/* mul_add_c2(a[3],b[6],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	a2,t_2,AT
+	daddu	c_2,a2
+	sltu	AT,c_2,a2
+	daddu	c_3,AT
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	AT,c_2,t_2
+	daddu	c_3,AT
+	dmultu	a_4,a_5		/* mul_add_c2(a[4],b[5],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	a2,t_2,AT
+	daddu	c_2,a2
+	sltu	AT,c_2,a2
+	daddu	c_3,AT
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	AT,c_2,t_2
+	daddu	c_3,AT
+	sd	c_1,72(a0)
+
+	dmultu	a_7,a_3		/* mul_add_c2(a[7],b[3],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	a2,t_2,AT
+	daddu	c_3,a2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	c_1,c_3,t_2
+	dmultu	a_6,a_4		/* mul_add_c2(a[6],b[4],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	a2,t_2,AT
+	daddu	c_3,a2
+	sltu	AT,c_3,a2
+	daddu	c_1,AT
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	AT,c_3,t_2
+	daddu	c_1,AT
+	dmultu	a_5,a_5		/* mul_add_c(a[5],b[5],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	AT,c_3,t_2
+	daddu	c_1,AT
+	sd	c_2,80(a0)
+
+	dmultu	a_4,a_7		/* mul_add_c2(a[4],b[7],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	a2,t_2,AT
+	daddu	c_1,a2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	c_2,c_1,t_2
+	dmultu	a_5,a_6		/* mul_add_c2(a[5],b[6],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	a2,t_2,AT
+	daddu	c_1,a2
+	sltu	AT,c_1,a2
+	daddu	c_2,AT
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	AT,c_1,t_2
+	daddu	c_2,AT
+	sd	c_3,88(a0)
+
+	dmultu	a_7,a_5		/* mul_add_c2(a[7],b[5],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	a2,t_2,AT
+	daddu	c_2,a2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	c_3,c_2,t_2
+	dmultu	a_6,a_6		/* mul_add_c(a[6],b[6],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	AT,c_2,t_2
+	daddu	c_3,AT
+	sd	c_1,96(a0)
+
+	dmultu	a_6,a_7		/* mul_add_c2(a[6],b[7],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	a2,t_2,AT
+	daddu	c_3,a2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	c_1,c_3,t_2
+	sd	c_2,104(a0)
+
+	dmultu	a_7,a_7		/* mul_add_c(a[7],b[7],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sd	c_3,112(a0)
+	sd	c_1,120(a0)
+
+	jr	ra
+END(bn_sqr_comba8)
+
+.align	5
+LEAF(bn_sqr_comba4)
+	.set	reorder
+	ld	a_0,0(a1)
+	ld	a_1,8(a1)
+	ld	a_2,16(a1)
+	ld	a_3,24(a1)
+	dmultu	a_0,a_0		/* mul_add_c(a[0],b[0],c1,c2,c3); */
+	mflo	c_1
+	mfhi	c_2
+	sd	c_1,0(a0)
+
+	dmultu	a_0,a_1		/* mul_add_c2(a[0],b[1],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	c_3,t_2,AT
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	c_1,c_3,t_2
+	sd	c_2,8(a0)
+
+	dmultu	a_2,a_0		/* mul_add_c2(a[2],b[0],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	a2,t_2,AT
+	daddu	c_1,a2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	c_2,c_1,t_2
+	dmultu	a_1,a_1		/* mul_add_c(a[1],b[1],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	AT,c_1,t_2
+	daddu	c_2,AT
+	sd	c_3,16(a0)
+
+	dmultu	a_0,a_3		/* mul_add_c2(a[0],b[3],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	a2,t_2,AT
+	daddu	c_2,a2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	c_3,c_2,t_2
+	dmultu	a_1,a_2		/* mul_add_c(a2[1],b[2],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	a2,t_2,AT
+	daddu	c_2,a2
+	sltu	AT,c_2,a2
+	daddu	c_3,AT
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	AT,c_2,t_2
+	daddu	c_3,AT
+	sd	c_1,24(a0)
+
+	dmultu	a_3,a_1		/* mul_add_c2(a[3],b[1],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	a2,t_2,AT
+	daddu	c_3,a2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	c_1,c_3,t_2
+	dmultu	a_2,a_2		/* mul_add_c(a[2],b[2],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	AT,c_3,t_2
+	daddu	c_1,AT
+	sd	c_2,32(a0)
+
+	dmultu	a_2,a_3		/* mul_add_c2(a[2],b[3],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	a2,t_2,AT
+	daddu	c_1,a2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	c_2,c_1,t_2
+	sd	c_3,40(a0)
+
+	dmultu	a_3,a_3		/* mul_add_c(a[3],b[3],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sd	c_1,48(a0)
+	sd	c_2,56(a0)
+
+	jr	ra
+END(bn_sqr_comba4)
diff --git a/crypto/openssl/crypto/bn/asm/pa-risc.s b/crypto/openssl/crypto/bn/asm/pa-risc.s
new file mode 100644
index 000000000000..775130a1912e
--- /dev/null
+++ b/crypto/openssl/crypto/bn/asm/pa-risc.s
@@ -0,0 +1,710 @@
+	.SPACE $PRIVATE$
+	.SUBSPA $DATA$,QUAD=1,ALIGN=8,ACCESS=31
+	.SUBSPA $BSS$,QUAD=1,ALIGN=8,ACCESS=31,ZERO,SORT=82
+	.SPACE $TEXT$
+	.SUBSPA $LIT$,QUAD=0,ALIGN=8,ACCESS=44
+	.SUBSPA $CODE$,QUAD=0,ALIGN=8,ACCESS=44,CODE_ONLY
+	.IMPORT $global$,DATA
+	.IMPORT $$dyncall,MILLICODE
+; gcc_compiled.:
+	.SPACE $TEXT$
+	.SUBSPA $CODE$
+
+	.align 4
+	.EXPORT bn_mul_add_words,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR,ARGW3=GR,RTNVAL=GR
+bn_mul_add_words
+	.PROC
+	.CALLINFO FRAME=0,CALLS,SAVE_RP
+	.ENTRY
+	stw %r2,-20(0,%r30)
+	ldi 0,%r28
+	extru %r23,31,16,%r2
+	stw %r2,-16(0,%r30)
+	extru %r23,15,16,%r23
+	ldil L'65536,%r31
+	fldws -16(0,%r30),%fr11R
+	stw %r23,-16(0,%r30)
+	ldo 12(%r25),%r29
+	ldo 12(%r26),%r23
+	fldws -16(0,%r30),%fr11L
+L$0002
+	ldw 0(0,%r25),%r19
+	extru %r19,31,16,%r20
+	stw %r20,-16(0,%r30)
+	extru %r19,15,16,%r19
+	fldws -16(0,%r30),%fr22L
+	stw %r19,-16(0,%r30)
+	xmpyu %fr22L,%fr11R,%fr8
+	fldws -16(0,%r30),%fr22L
+	fstws %fr8R,-16(0,%r30)
+	xmpyu %fr11R,%fr22L,%fr10
+	ldw -16(0,%r30),%r2
+	stw %r20,-16(0,%r30)
+	xmpyu %fr22L,%fr11L,%fr9
+	fldws -16(0,%r30),%fr22L
+	fstws %fr10R,-16(0,%r30)
+	copy %r2,%r22
+	ldw -16(0,%r30),%r2
+	fstws %fr9R,-16(0,%r30)
+	xmpyu %fr11L,%fr22L,%fr8
+	copy %r2,%r19
+	ldw -16(0,%r30),%r2
+	fstws %fr8R,-16(0,%r30)
+	copy %r2,%r20
+	ldw -16(0,%r30),%r2
+	addl %r2,%r19,%r21
+	comclr,<<= %r19,%r21,0
+	addl %r20,%r31,%r20
+L$0005
+	extru %r21,15,16,%r19
+	addl %r20,%r19,%r20
+	zdep %r21,15,16,%r19
+	addl %r22,%r19,%r22
+	comclr,<<= %r19,%r22,0
+	addi,tr 1,%r20,%r19
+	copy %r20,%r19
+	addl %r22,%r28,%r20
+	comclr,<<= %r28,%r20,0
+	addi 1,%r19,%r19
+	ldw 0(0,%r26),%r28
+	addl %r20,%r28,%r20
+	comclr,<<= %r28,%r20,0
+	addi,tr 1,%r19,%r28
+	copy %r19,%r28
+	addib,= -1,%r24,L$0003
+	stw %r20,0(0,%r26)
+	ldw -8(0,%r29),%r19
+	extru %r19,31,16,%r20
+	stw %r20,-16(0,%r30)
+	extru %r19,15,16,%r19
+	fldws -16(0,%r30),%fr22L
+	stw %r19,-16(0,%r30)
+	xmpyu %fr22L,%fr11R,%fr8
+	fldws -16(0,%r30),%fr22L
+	fstws %fr8R,-16(0,%r30)
+	xmpyu %fr11R,%fr22L,%fr10
+	ldw -16(0,%r30),%r2
+	stw %r20,-16(0,%r30)
+	xmpyu %fr22L,%fr11L,%fr9
+	fldws -16(0,%r30),%fr22L
+	fstws %fr10R,-16(0,%r30)
+	copy %r2,%r22
+	ldw -16(0,%r30),%r2
+	fstws %fr9R,-16(0,%r30)
+	xmpyu %fr11L,%fr22L,%fr8
+	copy %r2,%r19
+	ldw -16(0,%r30),%r2
+	fstws %fr8R,-16(0,%r30)
+	copy %r2,%r20
+	ldw -16(0,%r30),%r2
+	addl %r2,%r19,%r21
+	comclr,<<= %r19,%r21,0
+	addl %r20,%r31,%r20
+L$0010
+	extru %r21,15,16,%r19
+	addl %r20,%r19,%r20
+	zdep %r21,15,16,%r19
+	addl %r22,%r19,%r22
+	comclr,<<= %r19,%r22,0
+	addi,tr 1,%r20,%r19
+	copy %r20,%r19
+	addl %r22,%r28,%r20
+	comclr,<<= %r28,%r20,0
+	addi 1,%r19,%r19
+	ldw -8(0,%r23),%r28
+	addl %r20,%r28,%r20
+	comclr,<<= %r28,%r20,0
+	addi,tr 1,%r19,%r28
+	copy %r19,%r28
+	addib,= -1,%r24,L$0003
+	stw %r20,-8(0,%r23)
+	ldw -4(0,%r29),%r19
+	extru %r19,31,16,%r20
+	stw %r20,-16(0,%r30)
+	extru %r19,15,16,%r19
+	fldws -16(0,%r30),%fr22L
+	stw %r19,-16(0,%r30)
+	xmpyu %fr22L,%fr11R,%fr8
+	fldws -16(0,%r30),%fr22L
+	fstws %fr8R,-16(0,%r30)
+	xmpyu %fr11R,%fr22L,%fr10
+	ldw -16(0,%r30),%r2
+	stw %r20,-16(0,%r30)
+	xmpyu %fr22L,%fr11L,%fr9
+	fldws -16(0,%r30),%fr22L
+	fstws %fr10R,-16(0,%r30)
+	copy %r2,%r22
+	ldw -16(0,%r30),%r2
+	fstws %fr9R,-16(0,%r30)
+	xmpyu %fr11L,%fr22L,%fr8
+	copy %r2,%r19
+	ldw -16(0,%r30),%r2
+	fstws %fr8R,-16(0,%r30)
+	copy %r2,%r20
+	ldw -16(0,%r30),%r2
+	addl %r2,%r19,%r21
+	comclr,<<= %r19,%r21,0
+	addl %r20,%r31,%r20
+L$0015
+	extru %r21,15,16,%r19
+	addl %r20,%r19,%r20
+	zdep %r21,15,16,%r19
+	addl %r22,%r19,%r22
+	comclr,<<= %r19,%r22,0
+	addi,tr 1,%r20,%r19
+	copy %r20,%r19
+	addl %r22,%r28,%r20
+	comclr,<<= %r28,%r20,0
+	addi 1,%r19,%r19
+	ldw -4(0,%r23),%r28
+	addl %r20,%r28,%r20
+	comclr,<<= %r28,%r20,0
+	addi,tr 1,%r19,%r28
+	copy %r19,%r28
+	addib,= -1,%r24,L$0003
+	stw %r20,-4(0,%r23)
+	ldw 0(0,%r29),%r19
+	extru %r19,31,16,%r20
+	stw %r20,-16(0,%r30)
+	extru %r19,15,16,%r19
+	fldws -16(0,%r30),%fr22L
+	stw %r19,-16(0,%r30)
+	xmpyu %fr22L,%fr11R,%fr8
+	fldws -16(0,%r30),%fr22L
+	fstws %fr8R,-16(0,%r30)
+	xmpyu %fr11R,%fr22L,%fr10
+	ldw -16(0,%r30),%r2
+	stw %r20,-16(0,%r30)
+	xmpyu %fr22L,%fr11L,%fr9
+	fldws -16(0,%r30),%fr22L
+	fstws %fr10R,-16(0,%r30)
+	copy %r2,%r22
+	ldw -16(0,%r30),%r2
+	fstws %fr9R,-16(0,%r30)
+	xmpyu %fr11L,%fr22L,%fr8
+	copy %r2,%r19
+	ldw -16(0,%r30),%r2
+	fstws %fr8R,-16(0,%r30)
+	copy %r2,%r20
+	ldw -16(0,%r30),%r2
+	addl %r2,%r19,%r21
+	comclr,<<= %r19,%r21,0
+	addl %r20,%r31,%r20
+L$0020
+	extru %r21,15,16,%r19
+	addl %r20,%r19,%r20
+	zdep %r21,15,16,%r19
+	addl %r22,%r19,%r22
+	comclr,<<= %r19,%r22,0
+	addi,tr 1,%r20,%r19
+	copy %r20,%r19
+	addl %r22,%r28,%r20
+	comclr,<<= %r28,%r20,0
+	addi 1,%r19,%r19
+	ldw 0(0,%r23),%r28
+	addl %r20,%r28,%r20
+	comclr,<<= %r28,%r20,0
+	addi,tr 1,%r19,%r28
+	copy %r19,%r28
+	addib,= -1,%r24,L$0003
+	stw %r20,0(0,%r23)
+	ldo 16(%r29),%r29
+	ldo 16(%r25),%r25
+	ldo 16(%r23),%r23
+	bl L$0002,0
+	ldo 16(%r26),%r26
+L$0003
+	ldw -20(0,%r30),%r2
+	bv,n 0(%r2)
+	.EXIT
+	.PROCEND
+	.align 4
+	.EXPORT bn_mul_words,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR,ARGW3=GR,RTNVAL=GR
+bn_mul_words
+	.PROC
+	.CALLINFO FRAME=0,CALLS,SAVE_RP
+	.ENTRY
+	stw %r2,-20(0,%r30)
+	ldi 0,%r28
+	extru %r23,31,16,%r2
+	stw %r2,-16(0,%r30)
+	extru %r23,15,16,%r23
+	ldil L'65536,%r31
+	fldws -16(0,%r30),%fr11R
+	stw %r23,-16(0,%r30)
+	ldo 12(%r26),%r29
+	ldo 12(%r25),%r23
+	fldws -16(0,%r30),%fr11L
+L$0026
+	ldw 0(0,%r25),%r19
+	extru %r19,31,16,%r20
+	stw %r20,-16(0,%r30)
+	extru %r19,15,16,%r19
+	fldws -16(0,%r30),%fr22L
+	stw %r19,-16(0,%r30)
+	xmpyu %fr22L,%fr11R,%fr8
+	fldws -16(0,%r30),%fr22L
+	fstws %fr8R,-16(0,%r30)
+	xmpyu %fr11R,%fr22L,%fr10
+	ldw -16(0,%r30),%r2
+	stw %r20,-16(0,%r30)
+	xmpyu %fr22L,%fr11L,%fr9
+	fldws -16(0,%r30),%fr22L
+	fstws %fr10R,-16(0,%r30)
+	copy %r2,%r22
+	ldw -16(0,%r30),%r2
+	fstws %fr9R,-16(0,%r30)
+	xmpyu %fr11L,%fr22L,%fr8
+	copy %r2,%r19
+	ldw -16(0,%r30),%r2
+	fstws %fr8R,-16(0,%r30)
+	copy %r2,%r20
+	ldw -16(0,%r30),%r2
+	addl %r2,%r19,%r21
+	comclr,<<= %r19,%r21,0
+	addl %r20,%r31,%r20
+L$0029
+	extru %r21,15,16,%r19
+	addl %r20,%r19,%r20
+	zdep %r21,15,16,%r19
+	addl %r22,%r19,%r22
+	comclr,<<= %r19,%r22,0
+	addi,tr 1,%r20,%r19
+	copy %r20,%r19
+	addl %r22,%r28,%r20
+	comclr,<<= %r28,%r20,0
+	addi,tr 1,%r19,%r28
+	copy %r19,%r28
+	addib,= -1,%r24,L$0027
+	stw %r20,0(0,%r26)
+	ldw -8(0,%r23),%r19
+	extru %r19,31,16,%r20
+	stw %r20,-16(0,%r30)
+	extru %r19,15,16,%r19
+	fldws -16(0,%r30),%fr22L
+	stw %r19,-16(0,%r30)
+	xmpyu %fr22L,%fr11R,%fr8
+	fldws -16(0,%r30),%fr22L
+	fstws %fr8R,-16(0,%r30)
+	xmpyu %fr11R,%fr22L,%fr10
+	ldw -16(0,%r30),%r2
+	stw %r20,-16(0,%r30)
+	xmpyu %fr22L,%fr11L,%fr9
+	fldws -16(0,%r30),%fr22L
+	fstws %fr10R,-16(0,%r30)
+	copy %r2,%r22
+	ldw -16(0,%r30),%r2
+	fstws %fr9R,-16(0,%r30)
+	xmpyu %fr11L,%fr22L,%fr8
+	copy %r2,%r19
+	ldw -16(0,%r30),%r2
+	fstws %fr8R,-16(0,%r30)
+	copy %r2,%r20
+	ldw -16(0,%r30),%r2
+	addl %r2,%r19,%r21
+	comclr,<<= %r19,%r21,0
+	addl %r20,%r31,%r20
+L$0033
+	extru %r21,15,16,%r19
+	addl %r20,%r19,%r20
+	zdep %r21,15,16,%r19
+	addl %r22,%r19,%r22
+	comclr,<<= %r19,%r22,0
+	addi,tr 1,%r20,%r19
+	copy %r20,%r19
+	addl %r22,%r28,%r20
+	comclr,<<= %r28,%r20,0
+	addi,tr 1,%r19,%r28
+	copy %r19,%r28
+	addib,= -1,%r24,L$0027
+	stw %r20,-8(0,%r29)
+	ldw -4(0,%r23),%r19
+	extru %r19,31,16,%r20
+	stw %r20,-16(0,%r30)
+	extru %r19,15,16,%r19
+	fldws -16(0,%r30),%fr22L
+	stw %r19,-16(0,%r30)
+	xmpyu %fr22L,%fr11R,%fr8
+	fldws -16(0,%r30),%fr22L
+	fstws %fr8R,-16(0,%r30)
+	xmpyu %fr11R,%fr22L,%fr10
+	ldw -16(0,%r30),%r2
+	stw %r20,-16(0,%r30)
+	xmpyu %fr22L,%fr11L,%fr9
+	fldws -16(0,%r30),%fr22L
+	fstws %fr10R,-16(0,%r30)
+	copy %r2,%r22
+	ldw -16(0,%r30),%r2
+	fstws %fr9R,-16(0,%r30)
+	xmpyu %fr11L,%fr22L,%fr8
+	copy %r2,%r19
+	ldw -16(0,%r30),%r2
+	fstws %fr8R,-16(0,%r30)
+	copy %r2,%r20
+	ldw -16(0,%r30),%r2
+	addl %r2,%r19,%r21
+	comclr,<<= %r19,%r21,0
+	addl %r20,%r31,%r20
+L$0037
+	extru %r21,15,16,%r19
+	addl %r20,%r19,%r20
+	zdep %r21,15,16,%r19
+	addl %r22,%r19,%r22
+	comclr,<<= %r19,%r22,0
+	addi,tr 1,%r20,%r19
+	copy %r20,%r19
+	addl %r22,%r28,%r20
+	comclr,<<= %r28,%r20,0
+	addi,tr 1,%r19,%r28
+	copy %r19,%r28
+	addib,= -1,%r24,L$0027
+	stw %r20,-4(0,%r29)
+	ldw 0(0,%r23),%r19
+	extru %r19,31,16,%r20
+	stw %r20,-16(0,%r30)
+	extru %r19,15,16,%r19
+	fldws -16(0,%r30),%fr22L
+	stw %r19,-16(0,%r30)
+	xmpyu %fr22L,%fr11R,%fr8
+	fldws -16(0,%r30),%fr22L
+	fstws %fr8R,-16(0,%r30)
+	xmpyu %fr11R,%fr22L,%fr10
+	ldw -16(0,%r30),%r2
+	stw %r20,-16(0,%r30)
+	xmpyu %fr22L,%fr11L,%fr9
+	fldws -16(0,%r30),%fr22L
+	fstws %fr10R,-16(0,%r30)
+	copy %r2,%r22
+	ldw -16(0,%r30),%r2
+	fstws %fr9R,-16(0,%r30)
+	xmpyu %fr11L,%fr22L,%fr8
+	copy %r2,%r19
+	ldw -16(0,%r30),%r2
+	fstws %fr8R,-16(0,%r30)
+	copy %r2,%r20
+	ldw -16(0,%r30),%r2
+	addl %r2,%r19,%r21
+	comclr,<<= %r19,%r21,0
+	addl %r20,%r31,%r20
+L$0041
+	extru %r21,15,16,%r19
+	addl %r20,%r19,%r20
+	zdep %r21,15,16,%r19
+	addl %r22,%r19,%r22
+	comclr,<<= %r19,%r22,0
+	addi,tr 1,%r20,%r19
+	copy %r20,%r19
+	addl %r22,%r28,%r20
+	comclr,<<= %r28,%r20,0
+	addi,tr 1,%r19,%r28
+	copy %r19,%r28
+	addib,= -1,%r24,L$0027
+	stw %r20,0(0,%r29)
+	ldo 16(%r23),%r23
+	ldo 16(%r25),%r25
+	ldo 16(%r29),%r29
+	bl L$0026,0
+	ldo 16(%r26),%r26
+L$0027
+	ldw -20(0,%r30),%r2
+	bv,n 0(%r2)
+	.EXIT
+	.PROCEND
+	.align 4
+	.EXPORT bn_sqr_words,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR
+bn_sqr_words
+	.PROC
+	.CALLINFO FRAME=0,NO_CALLS
+	.ENTRY
+	ldo 28(%r26),%r23
+	ldo 12(%r25),%r28
+L$0046
+	ldw 0(0,%r25),%r21
+	extru %r21,31,16,%r22
+	stw %r22,-16(0,%r30)
+	extru %r21,15,16,%r21
+	fldws -16(0,%r30),%fr10L
+	stw %r21,-16(0,%r30)
+	fldws -16(0,%r30),%fr10R
+	xmpyu %fr10L,%fr10R,%fr8
+	fstws %fr8R,-16(0,%r30)
+	ldw -16(0,%r30),%r29
+	stw %r22,-16(0,%r30)
+	fldws -16(0,%r30),%fr10R
+	stw %r21,-16(0,%r30)
+	copy %r29,%r19
+	xmpyu %fr10L,%fr10R,%fr8
+	fldws -16(0,%r30),%fr10L
+	stw %r21,-16(0,%r30)
+	fldws -16(0,%r30),%fr10R
+	fstws %fr8R,-16(0,%r30)
+	extru %r19,16,17,%r20
+	zdep %r19,14,15,%r19
+	ldw -16(0,%r30),%r29
+	xmpyu %fr10L,%fr10R,%fr9
+	addl %r29,%r19,%r22
+	stw %r22,0(0,%r26)
+	fstws %fr9R,-16(0,%r30)
+	ldw -16(0,%r30),%r29
+	addl %r29,%r20,%r21
+	comclr,<<= %r19,%r22,0
+	addi 1,%r21,%r21
+	addib,= -1,%r24,L$0057
+	stw %r21,-24(0,%r23)
+	ldw -8(0,%r28),%r21
+	extru %r21,31,16,%r22
+	stw %r22,-16(0,%r30)
+	extru %r21,15,16,%r21
+	fldws -16(0,%r30),%fr10L
+	stw %r21,-16(0,%r30)
+	fldws -16(0,%r30),%fr10R
+	xmpyu %fr10L,%fr10R,%fr8
+	fstws %fr8R,-16(0,%r30)
+	ldw -16(0,%r30),%r29
+	stw %r22,-16(0,%r30)
+	fldws -16(0,%r30),%fr10R
+	stw %r21,-16(0,%r30)
+	copy %r29,%r19
+	xmpyu %fr10L,%fr10R,%fr8
+	fldws -16(0,%r30),%fr10L
+	stw %r21,-16(0,%r30)
+	fldws -16(0,%r30),%fr10R
+	fstws %fr8R,-16(0,%r30)
+	extru %r19,16,17,%r20
+	zdep %r19,14,15,%r19
+	ldw -16(0,%r30),%r29
+	xmpyu %fr10L,%fr10R,%fr9
+	addl %r29,%r19,%r22
+	stw %r22,-20(0,%r23)
+	fstws %fr9R,-16(0,%r30)
+	ldw -16(0,%r30),%r29
+	addl %r29,%r20,%r21
+	comclr,<<= %r19,%r22,0
+	addi 1,%r21,%r21
+	addib,= -1,%r24,L$0057
+	stw %r21,-16(0,%r23)
+	ldw -4(0,%r28),%r21
+	extru %r21,31,16,%r22
+	stw %r22,-16(0,%r30)
+	extru %r21,15,16,%r21
+	fldws -16(0,%r30),%fr10L
+	stw %r21,-16(0,%r30)
+	fldws -16(0,%r30),%fr10R
+	xmpyu %fr10L,%fr10R,%fr8
+	fstws %fr8R,-16(0,%r30)
+	ldw -16(0,%r30),%r29
+	stw %r22,-16(0,%r30)
+	fldws -16(0,%r30),%fr10R
+	stw %r21,-16(0,%r30)
+	copy %r29,%r19
+	xmpyu %fr10L,%fr10R,%fr8
+	fldws -16(0,%r30),%fr10L
+	stw %r21,-16(0,%r30)
+	fldws -16(0,%r30),%fr10R
+	fstws %fr8R,-16(0,%r30)
+	extru %r19,16,17,%r20
+	zdep %r19,14,15,%r19
+	ldw -16(0,%r30),%r29
+	xmpyu %fr10L,%fr10R,%fr9
+	addl %r29,%r19,%r22
+	stw %r22,-12(0,%r23)
+	fstws %fr9R,-16(0,%r30)
+	ldw -16(0,%r30),%r29
+	addl %r29,%r20,%r21
+	comclr,<<= %r19,%r22,0
+	addi 1,%r21,%r21
+	addib,= -1,%r24,L$0057
+	stw %r21,-8(0,%r23)
+	ldw 0(0,%r28),%r21
+	extru %r21,31,16,%r22
+	stw %r22,-16(0,%r30)
+	extru %r21,15,16,%r21
+	fldws -16(0,%r30),%fr10L
+	stw %r21,-16(0,%r30)
+	fldws -16(0,%r30),%fr10R
+	xmpyu %fr10L,%fr10R,%fr8
+	fstws %fr8R,-16(0,%r30)
+	ldw -16(0,%r30),%r29
+	stw %r22,-16(0,%r30)
+	fldws -16(0,%r30),%fr10R
+	stw %r21,-16(0,%r30)
+	copy %r29,%r19
+	xmpyu %fr10L,%fr10R,%fr8
+	fldws -16(0,%r30),%fr10L
+	stw %r21,-16(0,%r30)
+	fldws -16(0,%r30),%fr10R
+	fstws %fr8R,-16(0,%r30)
+	extru %r19,16,17,%r20
+	zdep %r19,14,15,%r19
+	ldw -16(0,%r30),%r29
+	xmpyu %fr10L,%fr10R,%fr9
+	addl %r29,%r19,%r22
+	stw %r22,-4(0,%r23)
+	fstws %fr9R,-16(0,%r30)
+	ldw -16(0,%r30),%r29
+	addl %r29,%r20,%r21
+	comclr,<<= %r19,%r22,0
+	addi 1,%r21,%r21
+	addib,= -1,%r24,L$0057
+	stw %r21,0(0,%r23)
+	ldo 16(%r28),%r28
+	ldo 16(%r25),%r25
+	ldo 32(%r23),%r23
+	bl L$0046,0
+	ldo 32(%r26),%r26
+L$0057
+	bv,n 0(%r2)
+	.EXIT
+	.PROCEND
+	.IMPORT BN_num_bits_word,CODE
+	.IMPORT fprintf,CODE
+	.IMPORT __iob,DATA
+	.SPACE $TEXT$
+	.SUBSPA $LIT$
+
+	.align 4
+L$C0000
+	.STRING "Division would overflow\x0a\x00"
+	.IMPORT abort,CODE
+	.SPACE $TEXT$
+	.SUBSPA $CODE$
+
+	.align 4
+	.EXPORT bn_div64,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR,RTNVAL=GR
+bn_div64
+	.PROC
+	.CALLINFO FRAME=128,CALLS,SAVE_RP,ENTRY_GR=8
+	.ENTRY
+	stw %r2,-20(0,%r30)
+	stwm %r8,128(0,%r30)
+	stw %r7,-124(0,%r30)
+	stw %r4,-112(0,%r30)
+	stw %r3,-108(0,%r30)
+	copy %r26,%r3
+	copy %r25,%r4
+	stw %r6,-120(0,%r30)
+	ldi 0,%r7
+	stw %r5,-116(0,%r30)
+	movb,<> %r24,%r5,L$0059
+	ldi 2,%r6
+	bl L$0076,0
+	ldi -1,%r28
+L$0059
+	.CALL ARGW0=GR
+	bl BN_num_bits_word,%r2
+	copy %r5,%r26
+	ldi 32,%r19
+	comb,= %r19,%r28,L$0060
+	subi 31,%r28,%r19
+	mtsar %r19
+	zvdepi 1,32,%r19
+	comb,>>= %r19,%r3,L$0060
+	addil LR'__iob-$global$+32,%r27
+	ldo RR'__iob-$global$+32(%r1),%r26
+	ldil LR'L$C0000,%r25
+	.CALL ARGW0=GR,ARGW1=GR
+	bl fprintf,%r2
+	ldo RR'L$C0000(%r25),%r25
+	.CALL 
+	bl abort,%r2
+	nop
+L$0060
+	comb,>> %r5,%r3,L$0061
+	subi 32,%r28,%r28
+	sub %r3,%r5,%r3
+L$0061
+	comib,= 0,%r28,L$0062
+	subi 31,%r28,%r19
+	mtsar %r19
+	zvdep %r5,32,%r5
+	zvdep %r3,32,%r21
+	subi 32,%r28,%r20
+	mtsar %r20
+	vshd 0,%r4,%r20
+	or %r21,%r20,%r3
+	mtsar %r19
+	zvdep %r4,32,%r4
+L$0062
+	extru %r5,15,16,%r23
+	extru %r5,31,16,%r28
+L$0063
+	extru %r3,15,16,%r19
+	comb,<> %r23,%r19,L$0066
+	copy %r3,%r26
+	bl L$0067,0
+	zdepi -1,31,16,%r29
+L$0066
+	.IMPORT $$divU,MILLICODE
+	bl $$divU,%r31
+	copy %r23,%r25
+L$0067
+	stw %r29,-16(0,%r30)
+	fldws -16(0,%r30),%fr10L
+	stw %r28,-16(0,%r30)
+	fldws -16(0,%r30),%fr10R
+	stw %r23,-16(0,%r30)
+	xmpyu %fr10L,%fr10R,%fr8
+	fldws -16(0,%r30),%fr10R
+	fstws %fr8R,-16(0,%r30)
+	xmpyu %fr10L,%fr10R,%fr9
+	ldw -16(0,%r30),%r8
+	fstws %fr9R,-16(0,%r30)
+	copy %r8,%r22
+	ldw -16(0,%r30),%r8
+	extru %r4,15,16,%r24
+	copy %r8,%r21
+L$0068
+	sub %r3,%r21,%r20
+	copy %r20,%r19
+	depi 0,31,16,%r19
+	comib,<> 0,%r19,L$0069
+	zdep %r20,15,16,%r19
+	addl %r19,%r24,%r19
+	comb,>>= %r19,%r22,L$0069
+	sub %r22,%r28,%r22
+	sub %r21,%r23,%r21
+	bl L$0068,0
+	ldo -1(%r29),%r29
+L$0069
+	stw %r29,-16(0,%r30)
+	fldws -16(0,%r30),%fr10L
+	stw %r28,-16(0,%r30)
+	fldws -16(0,%r30),%fr10R
+	xmpyu %fr10L,%fr10R,%fr8
+	fstws %fr8R,-16(0,%r30)
+	ldw -16(0,%r30),%r8
+	stw %r23,-16(0,%r30)
+	fldws -16(0,%r30),%fr10R
+	copy %r8,%r19
+	xmpyu %fr10L,%fr10R,%fr8
+	fstws %fr8R,-16(0,%r30)
+	extru %r19,15,16,%r20
+	ldw -16(0,%r30),%r8
+	zdep %r19,15,16,%r19
+	addl %r8,%r20,%r20
+	comclr,<<= %r19,%r4,0
+	addi 1,%r20,%r20
+	comb,<<= %r20,%r3,L$0074
+	sub %r4,%r19,%r4
+	addl %r3,%r5,%r3
+	ldo -1(%r29),%r29
+L$0074
+	addib,= -1,%r6,L$0064
+	sub %r3,%r20,%r3
+	zdep %r29,15,16,%r7
+	shd %r3,%r4,16,%r3
+	bl L$0063,0
+	zdep %r4,15,16,%r4
+L$0064
+	or %r7,%r29,%r28
+L$0076
+	ldw -148(0,%r30),%r2
+	ldw -124(0,%r30),%r7
+	ldw -120(0,%r30),%r6
+	ldw -116(0,%r30),%r5
+	ldw -112(0,%r30),%r4
+	ldw -108(0,%r30),%r3
+	bv 0(%r2)
+	ldwm -128(0,%r30),%r8
+	.EXIT
+	.PROCEND
diff --git a/crypto/openssl/crypto/bn/asm/pa-risc2.s b/crypto/openssl/crypto/bn/asm/pa-risc2.s
new file mode 100644
index 000000000000..c2725996a450
--- /dev/null
+++ b/crypto/openssl/crypto/bn/asm/pa-risc2.s
@@ -0,0 +1,416 @@
+	.SPACE $PRIVATE$
+	.SUBSPA $DATA$,QUAD=1,ALIGN=8,ACCESS=31
+	.SUBSPA $BSS$,QUAD=1,ALIGN=8,ACCESS=31,ZERO,SORT=82
+	.SPACE $TEXT$
+	.SUBSPA $LIT$,QUAD=0,ALIGN=8,ACCESS=44
+	.SUBSPA $CODE$,QUAD=0,ALIGN=8,ACCESS=44,CODE_ONLY
+	.IMPORT $global$,DATA
+	.IMPORT $$dyncall,MILLICODE
+; gcc_compiled.:
+	.SPACE $TEXT$
+	.SUBSPA $CODE$
+
+	.align 4
+	.EXPORT bn_mul_add_words,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR,ARGW3=GR,RTNVAL=GR
+bn_mul_add_words
+	.PROC
+	.CALLINFO FRAME=64,CALLS,SAVE_RP,ENTRY_GR=4
+	.ENTRY
+	stw %r2,-20(0,%r30)
+	stwm %r4,64(0,%r30)
+	copy %r24,%r31
+	stw %r3,-60(0,%r30)
+	ldi 0,%r20
+	ldo 12(%r26),%r2
+	stw %r23,-16(0,%r30)
+	copy %r25,%r3
+	ldo 12(%r3),%r1
+	fldws -16(0,%r30),%fr8L
+L$0010
+	copy %r20,%r25
+	ldi 0,%r24
+	fldws 0(0,%r3),%fr9L
+	ldw 0(0,%r26),%r19
+	xmpyu %fr8L,%fr9L,%fr9
+	fstds %fr9,-16(0,%r30)
+	copy %r19,%r23
+	ldw -16(0,%r30),%r28
+	ldw -12(0,%r30),%r29
+	ldi 0,%r22
+	add %r23,%r29,%r29
+	addc %r22,%r28,%r28
+	add %r25,%r29,%r29
+	addc %r24,%r28,%r28
+	copy %r28,%r21
+	ldi 0,%r20
+	copy %r21,%r20
+	addib,= -1,%r31,L$0011
+	stw %r29,0(0,%r26)
+	copy %r20,%r25
+	ldi 0,%r24
+	fldws -8(0,%r1),%fr9L
+	ldw -8(0,%r2),%r19
+	xmpyu %fr8L,%fr9L,%fr9
+	fstds %fr9,-16(0,%r30)
+	copy %r19,%r23
+	ldw -16(0,%r30),%r28
+	ldw -12(0,%r30),%r29
+	ldi 0,%r22
+	add %r23,%r29,%r29
+	addc %r22,%r28,%r28
+	add %r25,%r29,%r29
+	addc %r24,%r28,%r28
+	copy %r28,%r21
+	ldi 0,%r20
+	copy %r21,%r20
+	addib,= -1,%r31,L$0011
+	stw %r29,-8(0,%r2)
+	copy %r20,%r25
+	ldi 0,%r24
+	fldws -4(0,%r1),%fr9L
+	ldw -4(0,%r2),%r19
+	xmpyu %fr8L,%fr9L,%fr9
+	fstds %fr9,-16(0,%r30)
+	copy %r19,%r23
+	ldw -16(0,%r30),%r28
+	ldw -12(0,%r30),%r29
+	ldi 0,%r22
+	add %r23,%r29,%r29
+	addc %r22,%r28,%r28
+	add %r25,%r29,%r29
+	addc %r24,%r28,%r28
+	copy %r28,%r21
+	ldi 0,%r20
+	copy %r21,%r20
+	addib,= -1,%r31,L$0011
+	stw %r29,-4(0,%r2)
+	copy %r20,%r25
+	ldi 0,%r24
+	fldws 0(0,%r1),%fr9L
+	ldw 0(0,%r2),%r19
+	xmpyu %fr8L,%fr9L,%fr9
+	fstds %fr9,-16(0,%r30)
+	copy %r19,%r23
+	ldw -16(0,%r30),%r28
+	ldw -12(0,%r30),%r29
+	ldi 0,%r22
+	add %r23,%r29,%r29
+	addc %r22,%r28,%r28
+	add %r25,%r29,%r29
+	addc %r24,%r28,%r28
+	copy %r28,%r21
+	ldi 0,%r20
+	copy %r21,%r20
+	addib,= -1,%r31,L$0011
+	stw %r29,0(0,%r2)
+	ldo 16(%r1),%r1
+	ldo 16(%r3),%r3
+	ldo 16(%r2),%r2
+	bl L$0010,0
+	ldo 16(%r26),%r26
+L$0011
+	copy %r20,%r28
+	ldw -84(0,%r30),%r2
+	ldw -60(0,%r30),%r3
+	bv 0(%r2)
+	ldwm -64(0,%r30),%r4
+	.EXIT
+	.PROCEND
+	.align 4
+	.EXPORT bn_mul_words,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR,ARGW3=GR,RTNVAL=GR
+bn_mul_words
+	.PROC
+	.CALLINFO FRAME=64,CALLS,SAVE_RP,ENTRY_GR=3
+	.ENTRY
+	stw %r2,-20(0,%r30)
+	copy %r25,%r2
+	stwm %r4,64(0,%r30)
+	copy %r24,%r19
+	ldi 0,%r28
+	stw %r23,-16(0,%r30)
+	ldo 12(%r26),%r31
+	ldo 12(%r2),%r29
+	fldws -16(0,%r30),%fr8L
+L$0026
+	fldws 0(0,%r2),%fr9L
+	xmpyu %fr8L,%fr9L,%fr9
+	fstds %fr9,-16(0,%r30)
+	copy %r28,%r21
+	ldi 0,%r20
+	ldw -16(0,%r30),%r24
+	ldw -12(0,%r30),%r25
+	add %r21,%r25,%r25
+	addc %r20,%r24,%r24
+	copy %r24,%r23
+	ldi 0,%r22
+	copy %r23,%r28
+	addib,= -1,%r19,L$0027
+	stw %r25,0(0,%r26)
+	fldws -8(0,%r29),%fr9L
+	xmpyu %fr8L,%fr9L,%fr9
+	fstds %fr9,-16(0,%r30)
+	copy %r28,%r21
+	ldi 0,%r20
+	ldw -16(0,%r30),%r24
+	ldw -12(0,%r30),%r25
+	add %r21,%r25,%r25
+	addc %r20,%r24,%r24
+	copy %r24,%r23
+	ldi 0,%r22
+	copy %r23,%r28
+	addib,= -1,%r19,L$0027
+	stw %r25,-8(0,%r31)
+	fldws -4(0,%r29),%fr9L
+	xmpyu %fr8L,%fr9L,%fr9
+	fstds %fr9,-16(0,%r30)
+	copy %r28,%r21
+	ldi 0,%r20
+	ldw -16(0,%r30),%r24
+	ldw -12(0,%r30),%r25
+	add %r21,%r25,%r25
+	addc %r20,%r24,%r24
+	copy %r24,%r23
+	ldi 0,%r22
+	copy %r23,%r28
+	addib,= -1,%r19,L$0027
+	stw %r25,-4(0,%r31)
+	fldws 0(0,%r29),%fr9L
+	xmpyu %fr8L,%fr9L,%fr9
+	fstds %fr9,-16(0,%r30)
+	copy %r28,%r21
+	ldi 0,%r20
+	ldw -16(0,%r30),%r24
+	ldw -12(0,%r30),%r25
+	add %r21,%r25,%r25
+	addc %r20,%r24,%r24
+	copy %r24,%r23
+	ldi 0,%r22
+	copy %r23,%r28
+	addib,= -1,%r19,L$0027
+	stw %r25,0(0,%r31)
+	ldo 16(%r29),%r29
+	ldo 16(%r2),%r2
+	ldo 16(%r31),%r31
+	bl L$0026,0
+	ldo 16(%r26),%r26
+L$0027
+	ldw -84(0,%r30),%r2
+	bv 0(%r2)
+	ldwm -64(0,%r30),%r4
+	.EXIT
+	.PROCEND
+	.align 4
+	.EXPORT bn_sqr_words,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR
+bn_sqr_words
+	.PROC
+	.CALLINFO FRAME=0,NO_CALLS
+	.ENTRY
+	ldo 28(%r26),%r19
+	ldo 12(%r25),%r28
+L$0042
+	fldws 0(0,%r25),%fr8L
+	fldws 0(0,%r25),%fr8R
+	xmpyu %fr8L,%fr8R,%fr8
+	fstds %fr8,-16(0,%r30)
+	ldw -16(0,%r30),%r22
+	ldw -12(0,%r30),%r23
+	stw %r23,0(0,%r26)
+	copy %r22,%r21
+	ldi 0,%r20
+	addib,= -1,%r24,L$0049
+	stw %r21,-24(0,%r19)
+	fldws -8(0,%r28),%fr8L
+	fldws -8(0,%r28),%fr8R
+	xmpyu %fr8L,%fr8R,%fr8
+	fstds %fr8,-16(0,%r30)
+	ldw -16(0,%r30),%r22
+	ldw -12(0,%r30),%r23
+	stw %r23,-20(0,%r19)
+	copy %r22,%r21
+	ldi 0,%r20
+	addib,= -1,%r24,L$0049
+	stw %r21,-16(0,%r19)
+	fldws -4(0,%r28),%fr8L
+	fldws -4(0,%r28),%fr8R
+	xmpyu %fr8L,%fr8R,%fr8
+	fstds %fr8,-16(0,%r30)
+	ldw -16(0,%r30),%r22
+	ldw -12(0,%r30),%r23
+	stw %r23,-12(0,%r19)
+	copy %r22,%r21
+	ldi 0,%r20
+	addib,= -1,%r24,L$0049
+	stw %r21,-8(0,%r19)
+	fldws 0(0,%r28),%fr8L
+	fldws 0(0,%r28),%fr8R
+	xmpyu %fr8L,%fr8R,%fr8
+	fstds %fr8,-16(0,%r30)
+	ldw -16(0,%r30),%r22
+	ldw -12(0,%r30),%r23
+	stw %r23,-4(0,%r19)
+	copy %r22,%r21
+	ldi 0,%r20
+	addib,= -1,%r24,L$0049
+	stw %r21,0(0,%r19)
+	ldo 16(%r28),%r28
+	ldo 16(%r25),%r25
+	ldo 32(%r19),%r19
+	bl L$0042,0
+	ldo 32(%r26),%r26
+L$0049
+	bv,n 0(%r2)
+	.EXIT
+	.PROCEND
+	.IMPORT BN_num_bits_word,CODE
+	.IMPORT fprintf,CODE
+	.IMPORT __iob,DATA
+	.SPACE $TEXT$
+	.SUBSPA $LIT$
+
+	.align 4
+L$C0000
+	.STRING "Division would overflow (%d)\x0a\x00"
+	.IMPORT abort,CODE
+	.SPACE $TEXT$
+	.SUBSPA $CODE$
+
+	.align 4
+	.EXPORT bn_div64,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR,RTNVAL=GR
+bn_div64
+	.PROC
+	.CALLINFO FRAME=128,CALLS,SAVE_RP,ENTRY_GR=8
+	.ENTRY
+	stw %r2,-20(0,%r30)
+	stwm %r8,128(0,%r30)
+	stw %r7,-124(0,%r30)
+	stw %r4,-112(0,%r30)
+	stw %r3,-108(0,%r30)
+	copy %r26,%r3
+	copy %r25,%r4
+	stw %r6,-120(0,%r30)
+	ldi 0,%r7
+	stw %r5,-116(0,%r30)
+	movb,<> %r24,%r5,L$0051
+	ldi 2,%r6
+	bl L$0068,0
+	ldi -1,%r28
+L$0051
+	.CALL ARGW0=GR
+	bl BN_num_bits_word,%r2
+	copy %r5,%r26
+	copy %r28,%r24
+	ldi 32,%r19
+	comb,= %r19,%r24,L$0052
+	subi 31,%r24,%r19
+	mtsar %r19
+	zvdepi 1,32,%r19
+	comb,>>= %r19,%r3,L$0052
+	addil LR'__iob-$global$+32,%r27
+	ldo RR'__iob-$global$+32(%r1),%r26
+	ldil LR'L$C0000,%r25
+	.CALL ARGW0=GR,ARGW1=GR,ARGW2=GR
+	bl fprintf,%r2
+	ldo RR'L$C0000(%r25),%r25
+	.CALL 
+	bl abort,%r2
+	nop
+L$0052
+	comb,>> %r5,%r3,L$0053
+	subi 32,%r24,%r24
+	sub %r3,%r5,%r3
+L$0053
+	comib,= 0,%r24,L$0054
+	subi 31,%r24,%r19
+	mtsar %r19
+	zvdep %r5,32,%r5
+	zvdep %r3,32,%r21
+	subi 32,%r24,%r20
+	mtsar %r20
+	vshd 0,%r4,%r20
+	or %r21,%r20,%r3
+	mtsar %r19
+	zvdep %r4,32,%r4
+L$0054
+	extru %r5,15,16,%r23
+	extru %r5,31,16,%r28
+L$0055
+	extru %r3,15,16,%r19
+	comb,<> %r23,%r19,L$0058
+	copy %r3,%r26
+	bl L$0059,0
+	zdepi -1,31,16,%r29
+L$0058
+	.IMPORT $$divU,MILLICODE
+	bl $$divU,%r31
+	copy %r23,%r25
+L$0059
+	stw %r29,-16(0,%r30)
+	fldws -16(0,%r30),%fr10L
+	stw %r28,-16(0,%r30)
+	fldws -16(0,%r30),%fr10R
+	stw %r23,-16(0,%r30)
+	xmpyu %fr10L,%fr10R,%fr8
+	fldws -16(0,%r30),%fr10R
+	fstws %fr8R,-16(0,%r30)
+	xmpyu %fr10L,%fr10R,%fr9
+	ldw -16(0,%r30),%r8
+	fstws %fr9R,-16(0,%r30)
+	copy %r8,%r22
+	ldw -16(0,%r30),%r8
+	extru %r4,15,16,%r24
+	copy %r8,%r21
+L$0060
+	sub %r3,%r21,%r20
+	copy %r20,%r19
+	depi 0,31,16,%r19
+	comib,<> 0,%r19,L$0061
+	zdep %r20,15,16,%r19
+	addl %r19,%r24,%r19
+	comb,>>= %r19,%r22,L$0061
+	sub %r22,%r28,%r22
+	sub %r21,%r23,%r21
+	bl L$0060,0
+	ldo -1(%r29),%r29
+L$0061
+	stw %r29,-16(0,%r30)
+	fldws -16(0,%r30),%fr10L
+	stw %r28,-16(0,%r30)
+	fldws -16(0,%r30),%fr10R
+	xmpyu %fr10L,%fr10R,%fr8
+	fstws %fr8R,-16(0,%r30)
+	ldw -16(0,%r30),%r8
+	stw %r23,-16(0,%r30)
+	fldws -16(0,%r30),%fr10R
+	copy %r8,%r19
+	xmpyu %fr10L,%fr10R,%fr8
+	fstws %fr8R,-16(0,%r30)
+	extru %r19,15,16,%r20
+	ldw -16(0,%r30),%r8
+	zdep %r19,15,16,%r19
+	addl %r8,%r20,%r20
+	comclr,<<= %r19,%r4,0
+	addi 1,%r20,%r20
+	comb,<<= %r20,%r3,L$0066
+	sub %r4,%r19,%r4
+	addl %r3,%r5,%r3
+	ldo -1(%r29),%r29
+L$0066
+	addib,= -1,%r6,L$0056
+	sub %r3,%r20,%r3
+	zdep %r29,15,16,%r7
+	shd %r3,%r4,16,%r3
+	bl L$0055,0
+	zdep %r4,15,16,%r4
+L$0056
+	or %r7,%r29,%r28
+L$0068
+	ldw -148(0,%r30),%r2
+	ldw -124(0,%r30),%r7
+	ldw -120(0,%r30),%r6
+	ldw -116(0,%r30),%r5
+	ldw -112(0,%r30),%r4
+	ldw -108(0,%r30),%r3
+	bv 0(%r2)
+	ldwm -128(0,%r30),%r8
+	.EXIT
+	.PROCEND
diff --git a/crypto/openssl/crypto/bn/asm/r3000.s b/crypto/openssl/crypto/bn/asm/r3000.s
new file mode 100644
index 000000000000..e95269afa381
--- /dev/null
+++ b/crypto/openssl/crypto/bn/asm/r3000.s
@@ -0,0 +1,646 @@
+	.file	1 "../bn_mulw.c"
+	.set	nobopt
+	.option pic2
+
+ # GNU C 2.6.3 [AL 1.1, MM 40] SGI running IRIX 5.0 compiled by GNU C
+
+ # Cc1 defaults:
+ # -mabicalls
+
+ # Cc1 arguments (-G value = 0, Cpu = 3000, ISA = 1):
+ # -quiet -dumpbase -O2 -o
+
+gcc2_compiled.:
+__gnu_compiled_c:
+	.rdata
+
+	.byte	0x24,0x52,0x65,0x76,0x69,0x73,0x69,0x6f
+	.byte	0x6e,0x3a,0x20,0x31,0x2e,0x34,0x39,0x20
+	.byte	0x24,0x0
+
+	.byte	0x24,0x52,0x65,0x76,0x69,0x73,0x69,0x6f
+	.byte	0x6e,0x3a,0x20,0x31,0x2e,0x33,0x34,0x20
+	.byte	0x24,0x0
+
+	.byte	0x24,0x52,0x65,0x76,0x69,0x73,0x69,0x6f
+	.byte	0x6e,0x3a,0x20,0x31,0x2e,0x35,0x20,0x24
+	.byte	0x0
+
+	.byte	0x24,0x52,0x65,0x76,0x69,0x73,0x69,0x6f
+	.byte	0x6e,0x3a,0x20,0x31,0x2e,0x38,0x20,0x24
+	.byte	0x0
+
+	.byte	0x24,0x52,0x65,0x76,0x69,0x73,0x69,0x6f
+	.byte	0x6e,0x3a,0x20,0x31,0x2e,0x32,0x33,0x20
+	.byte	0x24,0x0
+
+	.byte	0x24,0x52,0x65,0x76,0x69,0x73,0x69,0x6f
+	.byte	0x6e,0x3a,0x20,0x31,0x2e,0x37,0x38,0x20
+	.byte	0x24,0x0
+
+	.byte	0x24,0x52,0x65,0x76,0x69,0x73,0x69,0x6f
+	.byte	0x6e,0x3a,0x20,0x33,0x2e,0x37,0x30,0x20
+	.byte	0x24,0x0
+
+	.byte	0x24,0x52,0x65,0x76,0x69,0x73,0x69,0x6f
+	.byte	0x6e,0x3a,0x20,0x31,0x2e,0x32,0x20,0x24
+	.byte	0x0
+
+	.byte	0x24,0x52,0x65,0x76,0x69,0x73,0x69,0x6f
+	.byte	0x6e,0x3a,0x20,0x31,0x2e,0x34,0x20,0x24
+	.byte	0x0
+
+	.byte	0x24,0x52,0x65,0x76,0x69,0x73,0x69,0x6f
+	.byte	0x6e,0x3a,0x20,0x31,0x2e,0x38,0x20,0x24
+	.byte	0x0
+	.text
+	.align	2
+	.globl	bn_mul_add_words
+	.ent	bn_mul_add_words
+bn_mul_add_words:
+	.frame	$sp,0,$31		# vars= 0, regs= 0/0, args= 0, extra= 0
+	.mask	0x00000000,0
+	.fmask	0x00000000,0
+	.set	noreorder
+	.cpload	$25
+	.set	reorder
+	move	$12,$4
+	move	$14,$5
+	move	$9,$6
+	move	$13,$7
+	move	$8,$0
+	addu	$10,$12,12
+	addu	$11,$14,12
+$L2:
+	lw	$6,0($14)
+	#nop
+	multu	$13,$6
+	mfhi	$6
+	mflo	$7
+	#nop
+	move	$5,$8
+	move	$4,$0
+	lw	$3,0($12)
+	addu	$9,$9,-1
+	move	$2,$0
+	addu	$7,$7,$3
+	sltu	$8,$7,$3
+	addu	$6,$6,$2
+	addu	$6,$6,$8
+	addu	$7,$7,$5
+	sltu	$2,$7,$5
+	addu	$6,$6,$4
+	addu	$6,$6,$2
+	srl	$3,$6,0
+	move	$2,$0
+	move	$8,$3
+	.set	noreorder
+	.set	nomacro
+	beq	$9,$0,$L3
+	sw	$7,0($12)
+	.set	macro
+	.set	reorder
+
+	lw	$6,-8($11)
+	#nop
+	multu	$13,$6
+	mfhi	$6
+	mflo	$7
+	#nop
+	move	$5,$8
+	move	$4,$0
+	lw	$3,-8($10)
+	addu	$9,$9,-1
+	move	$2,$0
+	addu	$7,$7,$3
+	sltu	$8,$7,$3
+	addu	$6,$6,$2
+	addu	$6,$6,$8
+	addu	$7,$7,$5
+	sltu	$2,$7,$5
+	addu	$6,$6,$4
+	addu	$6,$6,$2
+	srl	$3,$6,0
+	move	$2,$0
+	move	$8,$3
+	.set	noreorder
+	.set	nomacro
+	beq	$9,$0,$L3
+	sw	$7,-8($10)
+	.set	macro
+	.set	reorder
+
+	lw	$6,-4($11)
+	#nop
+	multu	$13,$6
+	mfhi	$6
+	mflo	$7
+	#nop
+	move	$5,$8
+	move	$4,$0
+	lw	$3,-4($10)
+	addu	$9,$9,-1
+	move	$2,$0
+	addu	$7,$7,$3
+	sltu	$8,$7,$3
+	addu	$6,$6,$2
+	addu	$6,$6,$8
+	addu	$7,$7,$5
+	sltu	$2,$7,$5
+	addu	$6,$6,$4
+	addu	$6,$6,$2
+	srl	$3,$6,0
+	move	$2,$0
+	move	$8,$3
+	.set	noreorder
+	.set	nomacro
+	beq	$9,$0,$L3
+	sw	$7,-4($10)
+	.set	macro
+	.set	reorder
+
+	lw	$6,0($11)
+	#nop
+	multu	$13,$6
+	mfhi	$6
+	mflo	$7
+	#nop
+	move	$5,$8
+	move	$4,$0
+	lw	$3,0($10)
+	addu	$9,$9,-1
+	move	$2,$0
+	addu	$7,$7,$3
+	sltu	$8,$7,$3
+	addu	$6,$6,$2
+	addu	$6,$6,$8
+	addu	$7,$7,$5
+	sltu	$2,$7,$5
+	addu	$6,$6,$4
+	addu	$6,$6,$2
+	srl	$3,$6,0
+	move	$2,$0
+	move	$8,$3
+	.set	noreorder
+	.set	nomacro
+	beq	$9,$0,$L3
+	sw	$7,0($10)
+	.set	macro
+	.set	reorder
+
+	addu	$11,$11,16
+	addu	$14,$14,16
+	addu	$10,$10,16
+	.set	noreorder
+	.set	nomacro
+	j	$L2
+	addu	$12,$12,16
+	.set	macro
+	.set	reorder
+
+$L3:
+	.set	noreorder
+	.set	nomacro
+	j	$31
+	move	$2,$8
+	.set	macro
+	.set	reorder
+
+	.end	bn_mul_add_words
+	.align	2
+	.globl	bn_mul_words
+	.ent	bn_mul_words
+bn_mul_words:
+	.frame	$sp,0,$31		# vars= 0, regs= 0/0, args= 0, extra= 0
+	.mask	0x00000000,0
+	.fmask	0x00000000,0
+	.set	noreorder
+	.cpload	$25
+	.set	reorder
+	move	$11,$4
+	move	$12,$5
+	move	$8,$6
+	move	$6,$0
+	addu	$10,$11,12
+	addu	$9,$12,12
+$L10:
+	lw	$4,0($12)
+	#nop
+	multu	$7,$4
+	mfhi	$4
+	mflo	$5
+	#nop
+	move	$3,$6
+	move	$2,$0
+	addu	$8,$8,-1
+	addu	$5,$5,$3
+	sltu	$6,$5,$3
+	addu	$4,$4,$2
+	addu	$4,$4,$6
+	srl	$3,$4,0
+	move	$2,$0
+	move	$6,$3
+	.set	noreorder
+	.set	nomacro
+	beq	$8,$0,$L11
+	sw	$5,0($11)
+	.set	macro
+	.set	reorder
+
+	lw	$4,-8($9)
+	#nop
+	multu	$7,$4
+	mfhi	$4
+	mflo	$5
+	#nop
+	move	$3,$6
+	move	$2,$0
+	addu	$8,$8,-1
+	addu	$5,$5,$3
+	sltu	$6,$5,$3
+	addu	$4,$4,$2
+	addu	$4,$4,$6
+	srl	$3,$4,0
+	move	$2,$0
+	move	$6,$3
+	.set	noreorder
+	.set	nomacro
+	beq	$8,$0,$L11
+	sw	$5,-8($10)
+	.set	macro
+	.set	reorder
+
+	lw	$4,-4($9)
+	#nop
+	multu	$7,$4
+	mfhi	$4
+	mflo	$5
+	#nop
+	move	$3,$6
+	move	$2,$0
+	addu	$8,$8,-1
+	addu	$5,$5,$3
+	sltu	$6,$5,$3
+	addu	$4,$4,$2
+	addu	$4,$4,$6
+	srl	$3,$4,0
+	move	$2,$0
+	move	$6,$3
+	.set	noreorder
+	.set	nomacro
+	beq	$8,$0,$L11
+	sw	$5,-4($10)
+	.set	macro
+	.set	reorder
+
+	lw	$4,0($9)
+	#nop
+	multu	$7,$4
+	mfhi	$4
+	mflo	$5
+	#nop
+	move	$3,$6
+	move	$2,$0
+	addu	$8,$8,-1
+	addu	$5,$5,$3
+	sltu	$6,$5,$3
+	addu	$4,$4,$2
+	addu	$4,$4,$6
+	srl	$3,$4,0
+	move	$2,$0
+	move	$6,$3
+	.set	noreorder
+	.set	nomacro
+	beq	$8,$0,$L11
+	sw	$5,0($10)
+	.set	macro
+	.set	reorder
+
+	addu	$9,$9,16
+	addu	$12,$12,16
+	addu	$10,$10,16
+	.set	noreorder
+	.set	nomacro
+	j	$L10
+	addu	$11,$11,16
+	.set	macro
+	.set	reorder
+
+$L11:
+	.set	noreorder
+	.set	nomacro
+	j	$31
+	move	$2,$6
+	.set	macro
+	.set	reorder
+
+	.end	bn_mul_words
+	.align	2
+	.globl	bn_sqr_words
+	.ent	bn_sqr_words
+bn_sqr_words:
+	.frame	$sp,0,$31		# vars= 0, regs= 0/0, args= 0, extra= 0
+	.mask	0x00000000,0
+	.fmask	0x00000000,0
+	.set	noreorder
+	.cpload	$25
+	.set	reorder
+	move	$9,$4
+	addu	$7,$9,28
+	addu	$8,$5,12
+$L18:
+	lw	$2,0($5)
+	#nop
+	multu	$2,$2
+	mfhi	$2
+	mflo	$3
+	#nop
+	addu	$6,$6,-1
+	sw	$3,0($9)
+	srl	$3,$2,0
+	move	$2,$0
+	.set	noreorder
+	.set	nomacro
+	beq	$6,$0,$L19
+	sw	$3,-24($7)
+	.set	macro
+	.set	reorder
+
+	lw	$2,-8($8)
+	#nop
+	multu	$2,$2
+	mfhi	$2
+	mflo	$3
+	#nop
+	addu	$6,$6,-1
+	sw	$3,-20($7)
+	srl	$3,$2,0
+	move	$2,$0
+	.set	noreorder
+	.set	nomacro
+	beq	$6,$0,$L19
+	sw	$3,-16($7)
+	.set	macro
+	.set	reorder
+
+	lw	$2,-4($8)
+	#nop
+	multu	$2,$2
+	mfhi	$2
+	mflo	$3
+	#nop
+	addu	$6,$6,-1
+	sw	$3,-12($7)
+	srl	$3,$2,0
+	move	$2,$0
+	.set	noreorder
+	.set	nomacro
+	beq	$6,$0,$L19
+	sw	$3,-8($7)
+	.set	macro
+	.set	reorder
+
+	lw	$2,0($8)
+	#nop
+	multu	$2,$2
+	mfhi	$2
+	mflo	$3
+	#nop
+	addu	$6,$6,-1
+	sw	$3,-4($7)
+	srl	$3,$2,0
+	move	$2,$0
+	.set	noreorder
+	.set	nomacro
+	beq	$6,$0,$L19
+	sw	$3,0($7)
+	.set	macro
+	.set	reorder
+
+	addu	$8,$8,16
+	addu	$5,$5,16
+	addu	$7,$7,32
+	.set	noreorder
+	.set	nomacro
+	j	$L18
+	addu	$9,$9,32
+	.set	macro
+	.set	reorder
+
+$L19:
+	j	$31
+	.end	bn_sqr_words
+	.rdata
+	.align	2
+$LC0:
+
+	.byte	0x44,0x69,0x76,0x69,0x73,0x69,0x6f,0x6e
+	.byte	0x20,0x77,0x6f,0x75,0x6c,0x64,0x20,0x6f
+	.byte	0x76,0x65,0x72,0x66,0x6c,0x6f,0x77,0xa
+	.byte	0x0
+	.text
+	.align	2
+	.globl	bn_div64
+	.ent	bn_div64
+bn_div64:
+	.frame	$sp,56,$31		# vars= 0, regs= 7/0, args= 16, extra= 8
+	.mask	0x901f0000,-8
+	.fmask	0x00000000,0
+	.set	noreorder
+	.cpload	$25
+	.set	reorder
+	subu	$sp,$sp,56
+	.cprestore 16
+	sw	$16,24($sp)
+	move	$16,$4
+	sw	$17,28($sp)
+	move	$17,$5
+	sw	$18,32($sp)
+	move	$18,$6
+	sw	$20,40($sp)
+	move	$20,$0
+	sw	$19,36($sp)
+	li	$19,0x00000002		# 2
+	sw	$31,48($sp)
+	.set	noreorder
+	.set	nomacro
+	bne	$18,$0,$L26
+	sw	$28,44($sp)
+	.set	macro
+	.set	reorder
+
+	.set	noreorder
+	.set	nomacro
+	j	$L43
+	li	$2,-1			# 0xffffffff
+	.set	macro
+	.set	reorder
+
+$L26:
+	move	$4,$18
+	jal	BN_num_bits_word
+	move	$4,$2
+	li	$2,0x00000020		# 32
+	.set	noreorder
+	.set	nomacro
+	beq	$4,$2,$L27
+	li	$2,0x00000001		# 1
+	.set	macro
+	.set	reorder
+
+	sll	$2,$2,$4
+	sltu	$2,$2,$16
+	.set	noreorder
+	.set	nomacro
+	beq	$2,$0,$L44
+	li	$5,0x00000020		# 32
+	.set	macro
+	.set	reorder
+
+	la	$4,__iob+32
+	la	$5,$LC0
+	jal	fprintf
+	jal	abort
+$L27:
+	li	$5,0x00000020		# 32
+$L44:
+	sltu	$2,$16,$18
+	.set	noreorder
+	.set	nomacro
+	bne	$2,$0,$L28
+	subu	$4,$5,$4
+	.set	macro
+	.set	reorder
+
+	subu	$16,$16,$18
+$L28:
+	.set	noreorder
+	.set	nomacro
+	beq	$4,$0,$L29
+	li	$10,-65536			# 0xffff0000
+	.set	macro
+	.set	reorder
+
+	sll	$18,$18,$4
+	sll	$3,$16,$4
+	subu	$2,$5,$4
+	srl	$2,$17,$2
+	or	$16,$3,$2
+	sll	$17,$17,$4
+$L29:
+	srl	$7,$18,16
+	andi	$9,$18,0xffff
+$L30:
+	srl	$2,$16,16
+	.set	noreorder
+	.set	nomacro
+	beq	$2,$7,$L34
+	li	$6,0x0000ffff		# 65535
+	.set	macro
+	.set	reorder
+
+	divu	$6,$16,$7
+$L34:
+	mult	$6,$9
+	mflo	$5
+	#nop
+	#nop
+	mult	$6,$7
+	and	$2,$17,$10
+	srl	$8,$2,16
+	mflo	$4
+$L35:
+	subu	$3,$16,$4
+	and	$2,$3,$10
+	.set	noreorder
+	.set	nomacro
+	bne	$2,$0,$L36
+	sll	$2,$3,16
+	.set	macro
+	.set	reorder
+
+	addu	$2,$2,$8
+	sltu	$2,$2,$5
+	.set	noreorder
+	.set	nomacro
+	beq	$2,$0,$L36
+	subu	$5,$5,$9
+	.set	macro
+	.set	reorder
+
+	subu	$4,$4,$7
+	.set	noreorder
+	.set	nomacro
+	j	$L35
+	addu	$6,$6,-1
+	.set	macro
+	.set	reorder
+
+$L36:
+	mult	$6,$7
+	mflo	$5
+	#nop
+	#nop
+	mult	$6,$9
+	mflo	$4
+	#nop
+	#nop
+	srl	$3,$4,16
+	sll	$2,$4,16
+	and	$4,$2,$10
+	sltu	$2,$17,$4
+	.set	noreorder
+	.set	nomacro
+	beq	$2,$0,$L40
+	addu	$5,$5,$3
+	.set	macro
+	.set	reorder
+
+	addu	$5,$5,1
+$L40:
+	sltu	$2,$16,$5
+	.set	noreorder
+	.set	nomacro
+	beq	$2,$0,$L41
+	subu	$17,$17,$4
+	.set	macro
+	.set	reorder
+
+	addu	$16,$16,$18
+	addu	$6,$6,-1
+$L41:
+	addu	$19,$19,-1
+	.set	noreorder
+	.set	nomacro
+	beq	$19,$0,$L31
+	subu	$16,$16,$5
+	.set	macro
+	.set	reorder
+
+	sll	$20,$6,16
+	sll	$3,$16,16
+	srl	$2,$17,16
+	or	$16,$3,$2
+	.set	noreorder
+	.set	nomacro
+	j	$L30
+	sll	$17,$17,16
+	.set	macro
+	.set	reorder
+
+$L31:
+	or	$2,$20,$6
+$L43:
+	lw	$31,48($sp)
+	lw	$20,40($sp)
+	lw	$19,36($sp)
+	lw	$18,32($sp)
+	lw	$17,28($sp)
+	lw	$16,24($sp)
+	addu	$sp,$sp,56
+	j	$31
+	.end	bn_div64
+
+	.globl abort .text
+	.globl fprintf .text
+	.globl BN_num_bits_word .text
diff --git a/crypto/openssl/crypto/bn/asm/sparcv8.S b/crypto/openssl/crypto/bn/asm/sparcv8.S
new file mode 100644
index 000000000000..88c5dc480a76
--- /dev/null
+++ b/crypto/openssl/crypto/bn/asm/sparcv8.S
@@ -0,0 +1,1458 @@
+.ident	"sparcv8.s, Version 1.4"
+.ident	"SPARC v8 ISA artwork by Andy Polyakov "
+
+/*
+ * ====================================================================
+ * Written by Andy Polyakov  for the OpenSSL
+ * project.
+ *
+ * Rights for redistribution and usage in source and binary forms are
+ * granted according to the OpenSSL license. Warranty of any kind is
+ * disclaimed.
+ * ====================================================================
+ */
+
+/*
+ * This is my modest contributon to OpenSSL project (see
+ * http://www.openssl.org/ for more information about it) and is
+ * a drop-in SuperSPARC ISA replacement for crypto/bn/bn_asm.c
+ * module. For updates see http://fy.chalmers.se/~appro/hpe/.
+ *
+ * See bn_asm.sparc.v8plus.S for more details.
+ */
+
+/*
+ * Revision history.
+ *
+ * 1.1	- new loop unrolling model(*);
+ * 1.2	- made gas friendly;
+ * 1.3	- fixed problem with /usr/ccs/lib/cpp;
+ * 1.4	- some retunes;
+ *
+ * (*)	see bn_asm.sparc.v8plus.S for details
+ */
+
+.section	".text",#alloc,#execinstr
+.file		"bn_asm.sparc.v8.S"
+
+.align	32
+
+.global bn_mul_add_words
+/*
+ * BN_ULONG bn_mul_add_words(rp,ap,num,w)
+ * BN_ULONG *rp,*ap;
+ * int num;
+ * BN_ULONG w;
+ */
+bn_mul_add_words:
+	cmp	%o2,0
+	bg,a	.L_bn_mul_add_words_proceed
+	ld	[%o1],%g2
+	retl
+	clr	%o0
+
+.L_bn_mul_add_words_proceed:
+	andcc	%o2,-4,%g0
+	bz	.L_bn_mul_add_words_tail
+	clr	%o5
+
+.L_bn_mul_add_words_loop:
+	ld	[%o0],%o4
+	ld	[%o1+4],%g3
+	umul	%o3,%g2,%g2
+	rd	%y,%g1
+	addcc	%o4,%o5,%o4
+	addx	%g1,0,%g1
+	addcc	%o4,%g2,%o4
+	st	%o4,[%o0]
+	addx	%g1,0,%o5
+
+	ld	[%o0+4],%o4
+	ld	[%o1+8],%g2
+	umul	%o3,%g3,%g3
+	dec	4,%o2
+	rd	%y,%g1
+	addcc	%o4,%o5,%o4
+	addx	%g1,0,%g1
+	addcc	%o4,%g3,%o4
+	st	%o4,[%o0+4]
+	addx	%g1,0,%o5
+
+	ld	[%o0+8],%o4
+	ld	[%o1+12],%g3
+	umul	%o3,%g2,%g2
+	inc	16,%o1
+	rd	%y,%g1
+	addcc	%o4,%o5,%o4
+	addx	%g1,0,%g1
+	addcc	%o4,%g2,%o4
+	st	%o4,[%o0+8]
+	addx	%g1,0,%o5
+
+	ld	[%o0+12],%o4
+	umul	%o3,%g3,%g3
+	inc	16,%o0
+	rd	%y,%g1
+	addcc	%o4,%o5,%o4
+	addx	%g1,0,%g1
+	addcc	%o4,%g3,%o4
+	st	%o4,[%o0-4]
+	addx	%g1,0,%o5
+	andcc	%o2,-4,%g0
+	bnz,a	.L_bn_mul_add_words_loop
+	ld	[%o1],%g2
+
+	tst	%o2
+	bnz,a	.L_bn_mul_add_words_tail
+	ld	[%o1],%g2
+.L_bn_mul_add_words_return:
+	retl
+	mov	%o5,%o0
+	nop
+
+.L_bn_mul_add_words_tail:
+	ld	[%o0],%o4
+	umul	%o3,%g2,%g2
+	addcc	%o4,%o5,%o4
+	rd	%y,%g1
+	addx	%g1,0,%g1
+	addcc	%o4,%g2,%o4
+	addx	%g1,0,%o5
+	deccc	%o2
+	bz	.L_bn_mul_add_words_return
+	st	%o4,[%o0]
+
+	ld	[%o1+4],%g2
+	ld	[%o0+4],%o4
+	umul	%o3,%g2,%g2
+	rd	%y,%g1
+	addcc	%o4,%o5,%o4
+	addx	%g1,0,%g1
+	addcc	%o4,%g2,%o4
+	addx	%g1,0,%o5
+	deccc	%o2
+	bz	.L_bn_mul_add_words_return
+	st	%o4,[%o0+4]
+
+	ld	[%o1+8],%g2
+	ld	[%o0+8],%o4
+	umul	%o3,%g2,%g2
+	rd	%y,%g1
+	addcc	%o4,%o5,%o4
+	addx	%g1,0,%g1
+	addcc	%o4,%g2,%o4
+	st	%o4,[%o0+8]
+	retl
+	addx	%g1,0,%o0
+
+.type	bn_mul_add_words,#function
+.size	bn_mul_add_words,(.-bn_mul_add_words)
+
+.align	32
+
+.global bn_mul_words
+/*
+ * BN_ULONG bn_mul_words(rp,ap,num,w)
+ * BN_ULONG *rp,*ap;
+ * int num;
+ * BN_ULONG w;
+ */
+bn_mul_words:
+	cmp	%o2,0
+	bg,a	.L_bn_mul_words_proceeed
+	ld	[%o1],%g2
+	retl
+	clr	%o0
+
+.L_bn_mul_words_proceeed:
+	andcc	%o2,-4,%g0
+	bz	.L_bn_mul_words_tail
+	clr	%o5
+
+.L_bn_mul_words_loop:
+	ld	[%o1+4],%g3
+	umul	%o3,%g2,%g2
+	addcc	%g2,%o5,%g2
+	rd	%y,%g1
+	addx	%g1,0,%o5
+	st	%g2,[%o0]
+
+	ld	[%o1+8],%g2
+	umul	%o3,%g3,%g3
+	addcc	%g3,%o5,%g3
+	rd	%y,%g1
+	dec	4,%o2
+	addx	%g1,0,%o5
+	st	%g3,[%o0+4]
+
+	ld	[%o1+12],%g3
+	umul	%o3,%g2,%g2
+	addcc	%g2,%o5,%g2
+	rd	%y,%g1
+	inc	16,%o1
+	st	%g2,[%o0+8]
+	addx	%g1,0,%o5
+
+	umul	%o3,%g3,%g3
+	addcc	%g3,%o5,%g3
+	rd	%y,%g1
+	inc	16,%o0
+	addx	%g1,0,%o5
+	st	%g3,[%o0-4]
+	andcc	%o2,-4,%g0
+	nop
+	bnz,a	.L_bn_mul_words_loop
+	ld	[%o1],%g2
+
+	tst	%o2
+	bnz,a	.L_bn_mul_words_tail
+	ld	[%o1],%g2
+.L_bn_mul_words_return:
+	retl
+	mov	%o5,%o0
+	nop
+
+.L_bn_mul_words_tail:
+	umul	%o3,%g2,%g2
+	addcc	%g2,%o5,%g2
+	rd	%y,%g1
+	addx	%g1,0,%o5
+	deccc	%o2
+	bz	.L_bn_mul_words_return
+	st	%g2,[%o0]
+	nop
+
+	ld	[%o1+4],%g2
+	umul	%o3,%g2,%g2
+	addcc	%g2,%o5,%g2
+	rd	%y,%g1
+	addx	%g1,0,%o5
+	deccc	%o2
+	bz	.L_bn_mul_words_return
+	st	%g2,[%o0+4]
+
+	ld	[%o1+8],%g2
+	umul	%o3,%g2,%g2
+	addcc	%g2,%o5,%g2
+	rd	%y,%g1
+	st	%g2,[%o0+8]
+	retl
+	addx	%g1,0,%o0
+
+.type	bn_mul_words,#function
+.size	bn_mul_words,(.-bn_mul_words)
+
+.align  32
+.global	bn_sqr_words
+/*
+ * void bn_sqr_words(r,a,n)
+ * BN_ULONG *r,*a;
+ * int n;
+ */
+bn_sqr_words:
+	cmp	%o2,0
+	bg,a	.L_bn_sqr_words_proceeed
+	ld	[%o1],%g2
+	retl
+	clr	%o0
+
+.L_bn_sqr_words_proceeed:
+	andcc	%o2,-4,%g0
+	bz	.L_bn_sqr_words_tail
+	clr	%o5
+
+.L_bn_sqr_words_loop:
+	ld	[%o1+4],%g3
+	umul	%g2,%g2,%o4
+	st	%o4,[%o0]
+	rd	%y,%o5
+	st	%o5,[%o0+4]
+
+	ld	[%o1+8],%g2
+	umul	%g3,%g3,%o4
+	dec	4,%o2
+	st	%o4,[%o0+8]
+	rd	%y,%o5
+	st	%o5,[%o0+12]
+	nop
+
+	ld	[%o1+12],%g3
+	umul	%g2,%g2,%o4
+	st	%o4,[%o0+16]
+	rd	%y,%o5
+	inc	16,%o1
+	st	%o5,[%o0+20]
+
+	umul	%g3,%g3,%o4
+	inc	32,%o0
+	st	%o4,[%o0-8]
+	rd	%y,%o5
+	st	%o5,[%o0-4]
+	andcc	%o2,-4,%g2
+	bnz,a	.L_bn_sqr_words_loop
+	ld	[%o1],%g2
+
+	tst	%o2
+	nop
+	bnz,a	.L_bn_sqr_words_tail
+	ld	[%o1],%g2
+.L_bn_sqr_words_return:
+	retl
+	clr	%o0
+
+.L_bn_sqr_words_tail:
+	umul	%g2,%g2,%o4
+	st	%o4,[%o0]
+	deccc	%o2
+	rd	%y,%o5
+	bz	.L_bn_sqr_words_return
+	st	%o5,[%o0+4]
+
+	ld	[%o1+4],%g2
+	umul	%g2,%g2,%o4
+	st	%o4,[%o0+8]
+	deccc	%o2
+	rd	%y,%o5
+	nop
+	bz	.L_bn_sqr_words_return
+	st	%o5,[%o0+12]
+
+	ld	[%o1+8],%g2
+	umul	%g2,%g2,%o4
+	st	%o4,[%o0+16]
+	rd	%y,%o5
+	st	%o5,[%o0+20]
+	retl
+	clr	%o0
+
+.type	bn_sqr_words,#function
+.size	bn_sqr_words,(.-bn_sqr_words)
+
+.align	32
+
+.global bn_div_words
+/*
+ * BN_ULONG bn_div_words(h,l,d)
+ * BN_ULONG h,l,d;
+ */
+bn_div_words:
+	wr	%o0,%y
+	udiv	%o1,%o2,%o0
+	retl
+	nop
+
+.type	bn_div_words,#function
+.size	bn_div_words,(.-bn_div_words)
+
+.align	32
+
+.global bn_add_words
+/*
+ * BN_ULONG bn_add_words(rp,ap,bp,n)
+ * BN_ULONG *rp,*ap,*bp;
+ * int n;
+ */
+bn_add_words:
+	cmp	%o3,0
+	bg,a	.L_bn_add_words_proceed
+	ld	[%o1],%o4
+	retl
+	clr	%o0
+
+.L_bn_add_words_proceed:
+	andcc	%o3,-4,%g0
+	bz	.L_bn_add_words_tail
+	clr	%g1
+	ba	.L_bn_add_words_warn_loop
+	addcc	%g0,0,%g0	! clear carry flag
+
+.L_bn_add_words_loop:
+	ld	[%o1],%o4
+.L_bn_add_words_warn_loop:
+	ld	[%o2],%o5
+	ld	[%o1+4],%g3
+	ld	[%o2+4],%g4
+	dec	4,%o3
+	addxcc	%o5,%o4,%o5
+	st	%o5,[%o0]
+
+	ld	[%o1+8],%o4
+	ld	[%o2+8],%o5
+	inc	16,%o1
+	addxcc	%g3,%g4,%g3
+	st	%g3,[%o0+4]
+	
+	ld	[%o1-4],%g3
+	ld	[%o2+12],%g4
+	inc	16,%o2
+	addxcc	%o5,%o4,%o5
+	st	%o5,[%o0+8]
+
+	inc	16,%o0
+	addxcc	%g3,%g4,%g3
+	st	%g3,[%o0-4]
+	addx	%g0,0,%g1
+	andcc	%o3,-4,%g0
+	bnz,a	.L_bn_add_words_loop
+	addcc	%g1,-1,%g0
+
+	tst	%o3
+	bnz,a	.L_bn_add_words_tail
+	ld	[%o1],%o4
+.L_bn_add_words_return:
+	retl
+	mov	%g1,%o0
+
+.L_bn_add_words_tail:
+	addcc	%g1,-1,%g0
+	ld	[%o2],%o5
+	addxcc	%o5,%o4,%o5
+	addx	%g0,0,%g1
+	deccc	%o3
+	bz	.L_bn_add_words_return
+	st	%o5,[%o0]
+
+	ld	[%o1+4],%o4
+	addcc	%g1,-1,%g0
+	ld	[%o2+4],%o5
+	addxcc	%o5,%o4,%o5
+	addx	%g0,0,%g1
+	deccc	%o3
+	bz	.L_bn_add_words_return
+	st	%o5,[%o0+4]
+
+	ld	[%o1+8],%o4
+	addcc	%g1,-1,%g0
+	ld	[%o2+8],%o5
+	addxcc	%o5,%o4,%o5
+	st	%o5,[%o0+8]
+	retl
+	addx	%g0,0,%o0
+
+.type	bn_add_words,#function
+.size	bn_add_words,(.-bn_add_words)
+
+.align	32
+
+.global bn_sub_words
+/*
+ * BN_ULONG bn_sub_words(rp,ap,bp,n)
+ * BN_ULONG *rp,*ap,*bp;
+ * int n;
+ */
+bn_sub_words:
+	cmp	%o3,0
+	bg,a	.L_bn_sub_words_proceed
+	ld	[%o1],%o4
+	retl
+	clr	%o0
+
+.L_bn_sub_words_proceed:
+	andcc	%o3,-4,%g0
+	bz	.L_bn_sub_words_tail
+	clr	%g1
+	ba	.L_bn_sub_words_warm_loop
+	addcc	%g0,0,%g0	! clear carry flag
+
+.L_bn_sub_words_loop:
+	ld	[%o1],%o4
+.L_bn_sub_words_warm_loop:
+	ld	[%o2],%o5
+	ld	[%o1+4],%g3
+	ld	[%o2+4],%g4
+	dec	4,%o3
+	subxcc	%o4,%o5,%o5
+	st	%o5,[%o0]
+
+	ld	[%o1+8],%o4
+	ld	[%o2+8],%o5
+	inc	16,%o1
+	subxcc	%g3,%g4,%g4
+	st	%g4,[%o0+4]
+	
+	ld	[%o1-4],%g3
+	ld	[%o2+12],%g4
+	inc	16,%o2
+	subxcc	%o4,%o5,%o5
+	st	%o5,[%o0+8]
+
+	inc	16,%o0
+	subxcc	%g3,%g4,%g4
+	st	%g4,[%o0-4]
+	addx	%g0,0,%g1
+	andcc	%o3,-4,%g0
+	bnz,a	.L_bn_sub_words_loop
+	addcc	%g1,-1,%g0
+
+	tst	%o3
+	nop
+	bnz,a	.L_bn_sub_words_tail
+	ld	[%o1],%o4
+.L_bn_sub_words_return:
+	retl
+	mov	%g1,%o0
+
+.L_bn_sub_words_tail:
+	addcc	%g1,-1,%g0
+	ld	[%o2],%o5
+	subxcc	%o4,%o5,%o5
+	addx	%g0,0,%g1
+	deccc	%o3
+	bz	.L_bn_sub_words_return
+	st	%o5,[%o0]
+	nop
+
+	ld	[%o1+4],%o4
+	addcc	%g1,-1,%g0
+	ld	[%o2+4],%o5
+	subxcc	%o4,%o5,%o5
+	addx	%g0,0,%g1
+	deccc	%o3
+	bz	.L_bn_sub_words_return
+	st	%o5,[%o0+4]
+
+	ld	[%o1+8],%o4
+	addcc	%g1,-1,%g0
+	ld	[%o2+8],%o5
+	subxcc	%o4,%o5,%o5
+	st	%o5,[%o0+8]
+	retl
+	addx	%g0,0,%o0
+
+.type	bn_sub_words,#function
+.size	bn_sub_words,(.-bn_sub_words)
+
+#define FRAME_SIZE	-96
+
+/*
+ * Here is register usage map for *all* routines below.
+ */
+#define t_1	%o0
+#define	t_2	%o1
+#define c_1	%o2
+#define c_2	%o3
+#define c_3	%o4
+
+#define ap(I)	[%i1+4*I]
+#define bp(I)	[%i2+4*I]
+#define rp(I)	[%i0+4*I]
+
+#define	a_0	%l0
+#define	a_1	%l1
+#define	a_2	%l2
+#define	a_3	%l3
+#define	a_4	%l4
+#define	a_5	%l5
+#define	a_6	%l6
+#define	a_7	%l7
+
+#define	b_0	%i3
+#define	b_1	%i4
+#define	b_2	%i5
+#define	b_3	%o5
+#define	b_4	%g1
+#define	b_5	%g2
+#define	b_6	%g3
+#define	b_7	%g4
+
+.align	32
+.global bn_mul_comba8
+/*
+ * void bn_mul_comba8(r,a,b)
+ * BN_ULONG *r,*a,*b;
+ */
+bn_mul_comba8:
+	save	%sp,FRAME_SIZE,%sp
+	ld	ap(0),a_0
+	ld	bp(0),b_0
+	umul	a_0,b_0,c_1	!=!mul_add_c(a[0],b[0],c1,c2,c3);
+	ld	bp(1),b_1
+	rd	%y,c_2
+	st	c_1,rp(0)	!r[0]=c1;
+
+	umul	a_0,b_1,t_1	!=!mul_add_c(a[0],b[1],c2,c3,c1);
+	ld	ap(1),a_1
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2
+	addxcc	%g0,t_2,c_3	!=
+	addx	%g0,%g0,c_1
+	ld	ap(2),a_2
+	umul	a_1,b_0,t_1	!mul_add_c(a[1],b[0],c2,c3,c1);
+	addcc	c_2,t_1,c_2	!=
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3
+	st	c_2,rp(1)	!r[1]=c2;
+	addx	c_1,%g0,c_1	!=
+
+	umul	a_2,b_0,t_1	!mul_add_c(a[2],b[0],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1	!=
+	addx	%g0,%g0,c_2
+	ld	bp(2),b_2
+	umul	a_1,b_1,t_1	!mul_add_c(a[1],b[1],c3,c1,c2);
+	addcc	c_3,t_1,c_3	!=
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	ld	bp(3),b_3
+	addx	c_2,%g0,c_2	!=
+	umul	a_0,b_2,t_1	!mul_add_c(a[0],b[2],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1	!=
+	addx	c_2,%g0,c_2
+	st	c_3,rp(2)	!r[2]=c3;
+
+	umul	a_0,b_3,t_1	!mul_add_c(a[0],b[3],c1,c2,c3);
+	addcc	c_1,t_1,c_1	!=
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	addx	%g0,%g0,c_3
+	umul	a_1,b_2,t_1	!=!mul_add_c(a[1],b[2],c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3	!=
+	ld	ap(3),a_3
+	umul	a_2,b_1,t_1	!mul_add_c(a[2],b[1],c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2		!=
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3
+	ld	ap(4),a_4
+	umul	a_3,b_0,t_1	!mul_add_c(a[3],b[0],c1,c2,c3);!=
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3	!=
+	st	c_1,rp(3)	!r[3]=c1;
+
+	umul	a_4,b_0,t_1	!mul_add_c(a[4],b[0],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	%g0,%g0,c_1
+	umul	a_3,b_1,t_1	!mul_add_c(a[3],b[1],c2,c3,c1);
+	addcc	c_2,t_1,c_2	!=
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1
+	umul	a_2,b_2,t_1	!=!mul_add_c(a[2],b[2],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1	!=
+	ld	bp(4),b_4
+	umul	a_1,b_3,t_1	!mul_add_c(a[1],b[3],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1
+	ld	bp(5),b_5
+	umul	a_0,b_4,t_1	!=!mul_add_c(a[0],b[4],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1	!=
+	st	c_2,rp(4)	!r[4]=c2;
+
+	umul	a_0,b_5,t_1	!mul_add_c(a[0],b[5],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2		!=
+	addxcc	c_1,t_2,c_1
+	addx	%g0,%g0,c_2
+	umul	a_1,b_4,t_1	!mul_add_c(a[1],b[4],c3,c1,c2);
+	addcc	c_3,t_1,c_3	!=
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2
+	umul	a_2,b_3,t_1	!=!mul_add_c(a[2],b[3],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2	!=
+	umul	a_3,b_2,t_1	!mul_add_c(a[3],b[2],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1	!=
+	addx	c_2,%g0,c_2
+	ld	ap(5),a_5
+	umul	a_4,b_1,t_1	!mul_add_c(a[4],b[1],c3,c1,c2);
+	addcc	c_3,t_1,c_3	!=
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	ld	ap(6),a_6
+	addx	c_2,%g0,c_2	!=
+	umul	a_5,b_0,t_1	!mul_add_c(a[5],b[0],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1	!=
+	addx	c_2,%g0,c_2
+	st	c_3,rp(5)	!r[5]=c3;
+
+	umul	a_6,b_0,t_1	!mul_add_c(a[6],b[0],c1,c2,c3);
+	addcc	c_1,t_1,c_1	!=
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	addx	%g0,%g0,c_3
+	umul	a_5,b_1,t_1	!=!mul_add_c(a[5],b[1],c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3	!=
+	umul	a_4,b_2,t_1	!mul_add_c(a[4],b[2],c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2	!=
+	addx	c_3,%g0,c_3
+	umul	a_3,b_3,t_1	!mul_add_c(a[3],b[3],c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2		!=
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3
+	umul	a_2,b_4,t_1	!mul_add_c(a[2],b[4],c1,c2,c3);
+	addcc	c_1,t_1,c_1	!=
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	ld	bp(6),b_6
+	addx	c_3,%g0,c_3	!=
+	umul	a_1,b_5,t_1	!mul_add_c(a[1],b[5],c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2	!=
+	addx	c_3,%g0,c_3
+	ld	bp(7),b_7
+	umul	a_0,b_6,t_1	!mul_add_c(a[0],b[6],c1,c2,c3);
+	addcc	c_1,t_1,c_1	!=
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	st	c_1,rp(6)	!r[6]=c1;
+	addx	c_3,%g0,c_3	!=
+
+	umul	a_0,b_7,t_1	!mul_add_c(a[0],b[7],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3	!=
+	addx	%g0,%g0,c_1
+	umul	a_1,b_6,t_1	!mul_add_c(a[1],b[6],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1
+	umul	a_2,b_5,t_1	!mul_add_c(a[2],b[5],c2,c3,c1);
+	addcc	c_2,t_1,c_2	!=
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1
+	umul	a_3,b_4,t_1	!=!mul_add_c(a[3],b[4],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1	!=
+	umul	a_4,b_3,t_1	!mul_add_c(a[4],b[3],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3	!=
+	addx	c_1,%g0,c_1
+	umul	a_5,b_2,t_1	!mul_add_c(a[5],b[2],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1
+	ld	ap(7),a_7
+	umul	a_6,b_1,t_1	!=!mul_add_c(a[6],b[1],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1	!=
+	umul	a_7,b_0,t_1	!mul_add_c(a[7],b[0],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3	!=
+	addx	c_1,%g0,c_1
+	st	c_2,rp(7)	!r[7]=c2;
+
+	umul	a_7,b_1,t_1	!mul_add_c(a[7],b[1],c3,c1,c2);
+	addcc	c_3,t_1,c_3	!=
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	addx	%g0,%g0,c_2
+	umul	a_6,b_2,t_1	!=!mul_add_c(a[6],b[2],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2	!=
+	umul	a_5,b_3,t_1	!mul_add_c(a[5],b[3],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1	!=
+	addx	c_2,%g0,c_2
+	umul	a_4,b_4,t_1	!mul_add_c(a[4],b[4],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2		!=
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2
+	umul	a_3,b_5,t_1	!mul_add_c(a[3],b[5],c3,c1,c2);
+	addcc	c_3,t_1,c_3	!=
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2
+	umul	a_2,b_6,t_1	!=!mul_add_c(a[2],b[6],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2	!=
+	umul	a_1,b_7,t_1	!mul_add_c(a[1],b[7],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1	!
+	addx	c_2,%g0,c_2
+	st	c_3,rp(8)	!r[8]=c3;
+
+	umul	a_2,b_7,t_1	!mul_add_c(a[2],b[7],c1,c2,c3);
+	addcc	c_1,t_1,c_1	!=
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	addx	%g0,%g0,c_3
+	umul	a_3,b_6,t_1	!=!mul_add_c(a[3],b[6],c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3	!=
+	umul	a_4,b_5,t_1	!mul_add_c(a[4],b[5],c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2	!=
+	addx	c_3,%g0,c_3
+	umul	a_5,b_4,t_1	!mul_add_c(a[5],b[4],c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2		!=
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3
+	umul	a_6,b_3,t_1	!mul_add_c(a[6],b[3],c1,c2,c3);
+	addcc	c_1,t_1,c_1	!=
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3
+	umul	a_7,b_2,t_1	!=!mul_add_c(a[7],b[2],c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3	!=
+	st	c_1,rp(9)	!r[9]=c1;
+
+	umul	a_7,b_3,t_1	!mul_add_c(a[7],b[3],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	%g0,%g0,c_1
+	umul	a_6,b_4,t_1	!mul_add_c(a[6],b[4],c2,c3,c1);
+	addcc	c_2,t_1,c_2	!=
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1
+	umul	a_5,b_5,t_1	!=!mul_add_c(a[5],b[5],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1	!=
+	umul	a_4,b_6,t_1	!mul_add_c(a[4],b[6],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3	!=
+	addx	c_1,%g0,c_1
+	umul	a_3,b_7,t_1	!mul_add_c(a[3],b[7],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1
+	st	c_2,rp(10)	!r[10]=c2;
+
+	umul	a_4,b_7,t_1	!=!mul_add_c(a[4],b[7],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	addx	%g0,%g0,c_2	!=
+	umul	a_5,b_6,t_1	!mul_add_c(a[5],b[6],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1	!=
+	addx	c_2,%g0,c_2
+	umul	a_6,b_5,t_1	!mul_add_c(a[6],b[5],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2		!=
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2
+	umul	a_7,b_4,t_1	!mul_add_c(a[7],b[4],c3,c1,c2);
+	addcc	c_3,t_1,c_3	!=
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	st	c_3,rp(11)	!r[11]=c3;
+	addx	c_2,%g0,c_2	!=
+
+	umul	a_7,b_5,t_1	!mul_add_c(a[7],b[5],c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2	!=
+	addx	%g0,%g0,c_3
+	umul	a_6,b_6,t_1	!mul_add_c(a[6],b[6],c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2		!=
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3
+	umul	a_5,b_7,t_1	!mul_add_c(a[5],b[7],c1,c2,c3);
+	addcc	c_1,t_1,c_1	!=
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	st	c_1,rp(12)	!r[12]=c1;
+	addx	c_3,%g0,c_3	!=
+
+	umul	a_6,b_7,t_1	!mul_add_c(a[6],b[7],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3	!=
+	addx	%g0,%g0,c_1
+	umul	a_7,b_6,t_1	!mul_add_c(a[7],b[6],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1
+	st	c_2,rp(13)	!r[13]=c2;
+
+	umul	a_7,b_7,t_1	!=!mul_add_c(a[7],b[7],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	nop			!=
+	st	c_3,rp(14)	!r[14]=c3;
+	st	c_1,rp(15)	!r[15]=c1;
+
+	ret
+	restore	%g0,%g0,%o0
+
+.type	bn_mul_comba8,#function
+.size	bn_mul_comba8,(.-bn_mul_comba8)
+
+.align	32
+
+.global bn_mul_comba4
+/*
+ * void bn_mul_comba4(r,a,b)
+ * BN_ULONG *r,*a,*b;
+ */
+bn_mul_comba4:
+	save	%sp,FRAME_SIZE,%sp
+	ld	ap(0),a_0
+	ld	bp(0),b_0
+	umul	a_0,b_0,c_1	!=!mul_add_c(a[0],b[0],c1,c2,c3);
+	ld	bp(1),b_1
+	rd	%y,c_2
+	st	c_1,rp(0)	!r[0]=c1;
+
+	umul	a_0,b_1,t_1	!=!mul_add_c(a[0],b[1],c2,c3,c1);
+	ld	ap(1),a_1
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	%g0,t_2,c_3
+	addx	%g0,%g0,c_1
+	ld	ap(2),a_2
+	umul	a_1,b_0,t_1	!=!mul_add_c(a[1],b[0],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1	!=
+	st	c_2,rp(1)	!r[1]=c2;
+
+	umul	a_2,b_0,t_1	!mul_add_c(a[2],b[0],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2		!=
+	addxcc	c_1,t_2,c_1
+	addx	%g0,%g0,c_2
+	ld	bp(2),b_2
+	umul	a_1,b_1,t_1	!=!mul_add_c(a[1],b[1],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2	!=
+	ld	bp(3),b_3
+	umul	a_0,b_2,t_1	!mul_add_c(a[0],b[2],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2		!=
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2
+	st	c_3,rp(2)	!r[2]=c3;
+
+	umul	a_0,b_3,t_1	!=!mul_add_c(a[0],b[3],c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	addx	%g0,%g0,c_3	!=
+	umul	a_1,b_2,t_1	!mul_add_c(a[1],b[2],c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2	!=
+	addx	c_3,%g0,c_3
+	ld	ap(3),a_3
+	umul	a_2,b_1,t_1	!mul_add_c(a[2],b[1],c1,c2,c3);
+	addcc	c_1,t_1,c_1	!=
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3
+	umul	a_3,b_0,t_1	!=!mul_add_c(a[3],b[0],c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3	!=
+	st	c_1,rp(3)	!r[3]=c1;
+
+	umul	a_3,b_1,t_1	!mul_add_c(a[3],b[1],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	%g0,%g0,c_1
+	umul	a_2,b_2,t_1	!mul_add_c(a[2],b[2],c2,c3,c1);
+	addcc	c_2,t_1,c_2	!=
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1
+	umul	a_1,b_3,t_1	!=!mul_add_c(a[1],b[3],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1	!=
+	st	c_2,rp(4)	!r[4]=c2;
+
+	umul	a_2,b_3,t_1	!mul_add_c(a[2],b[3],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2		!=
+	addxcc	c_1,t_2,c_1
+	addx	%g0,%g0,c_2
+	umul	a_3,b_2,t_1	!mul_add_c(a[3],b[2],c3,c1,c2);
+	addcc	c_3,t_1,c_3	!=
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	st	c_3,rp(5)	!r[5]=c3;
+	addx	c_2,%g0,c_2	!=
+
+	umul	a_3,b_3,t_1	!mul_add_c(a[3],b[3],c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2	!=
+	st	c_1,rp(6)	!r[6]=c1;
+	st	c_2,rp(7)	!r[7]=c2;
+	
+	ret
+	restore	%g0,%g0,%o0
+
+.type	bn_mul_comba4,#function
+.size	bn_mul_comba4,(.-bn_mul_comba4)
+
+.align	32
+
+.global bn_sqr_comba8
+bn_sqr_comba8:
+	save	%sp,FRAME_SIZE,%sp
+	ld	ap(0),a_0
+	ld	ap(1),a_1
+	umul	a_0,a_0,c_1	!=!sqr_add_c(a,0,c1,c2,c3);
+	rd	%y,c_2
+	st	c_1,rp(0)	!r[0]=c1;
+
+	ld	ap(2),a_2
+	umul	a_0,a_1,t_1	!=!sqr_add_c2(a,1,0,c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2
+	addxcc	%g0,t_2,c_3
+	addx	%g0,%g0,c_1	!=
+	addcc	c_2,t_1,c_2
+	addxcc	c_3,t_2,c_3
+	st	c_2,rp(1)	!r[1]=c2;
+	addx	c_1,%g0,c_1	!=
+
+	umul	a_2,a_0,t_1	!sqr_add_c2(a,2,0,c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1	!=
+	addx	%g0,%g0,c_2
+	addcc	c_3,t_1,c_3
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2	!=
+	ld	ap(3),a_3
+	umul	a_1,a_1,t_1	!sqr_add_c(a,1,c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2		!=
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2
+	st	c_3,rp(2)	!r[2]=c3;
+
+	umul	a_0,a_3,t_1	!=!sqr_add_c2(a,3,0,c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	addx	%g0,%g0,c_3	!=
+	addcc	c_1,t_1,c_1
+	addxcc	c_2,t_2,c_2
+	ld	ap(4),a_4
+	addx	c_3,%g0,c_3	!=
+	umul	a_1,a_2,t_1	!sqr_add_c2(a,2,1,c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2	!=
+	addx	c_3,%g0,c_3
+	addcc	c_1,t_1,c_1
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3	!=
+	st	c_1,rp(3)	!r[3]=c1;
+
+	umul	a_4,a_0,t_1	!sqr_add_c2(a,4,0,c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	%g0,%g0,c_1
+	addcc	c_2,t_1,c_2
+	addxcc	c_3,t_2,c_3	!=
+	addx	c_1,%g0,c_1
+	umul	a_3,a_1,t_1	!sqr_add_c2(a,3,1,c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1
+	addcc	c_2,t_1,c_2
+	addxcc	c_3,t_2,c_3	!=
+	addx	c_1,%g0,c_1
+	ld	ap(5),a_5
+	umul	a_2,a_2,t_1	!sqr_add_c(a,2,c2,c3,c1);
+	addcc	c_2,t_1,c_2	!=
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3
+	st	c_2,rp(4)	!r[4]=c2;
+	addx	c_1,%g0,c_1	!=
+
+	umul	a_0,a_5,t_1	!sqr_add_c2(a,5,0,c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1	!=
+	addx	%g0,%g0,c_2
+	addcc	c_3,t_1,c_3
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2	!=
+	umul	a_1,a_4,t_1	!sqr_add_c2(a,4,1,c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1	!=
+	addx	c_2,%g0,c_2
+	addcc	c_3,t_1,c_3
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2	!=
+	ld	ap(6),a_6
+	umul	a_2,a_3,t_1	!sqr_add_c2(a,3,2,c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2		!=
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2
+	addcc	c_3,t_1,c_3
+	addxcc	c_1,t_2,c_1	!=
+	addx	c_2,%g0,c_2
+	st	c_3,rp(5)	!r[5]=c3;
+
+	umul	a_6,a_0,t_1	!sqr_add_c2(a,6,0,c1,c2,c3);
+	addcc	c_1,t_1,c_1	!=
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	addx	%g0,%g0,c_3
+	addcc	c_1,t_1,c_1	!=
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3
+	umul	a_5,a_1,t_1	!sqr_add_c2(a,5,1,c1,c2,c3);
+	addcc	c_1,t_1,c_1	!=
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3
+	addcc	c_1,t_1,c_1	!=
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3
+	umul	a_4,a_2,t_1	!sqr_add_c2(a,4,2,c1,c2,c3);
+	addcc	c_1,t_1,c_1	!=
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3
+	addcc	c_1,t_1,c_1	!=
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3
+	ld	ap(7),a_7
+	umul	a_3,a_3,t_1	!=!sqr_add_c(a,3,c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3	!=
+	st	c_1,rp(6)	!r[6]=c1;
+
+	umul	a_0,a_7,t_1	!sqr_add_c2(a,7,0,c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	%g0,%g0,c_1
+	addcc	c_2,t_1,c_2
+	addxcc	c_3,t_2,c_3	!=
+	addx	c_1,%g0,c_1
+	umul	a_1,a_6,t_1	!sqr_add_c2(a,6,1,c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1
+	addcc	c_2,t_1,c_2
+	addxcc	c_3,t_2,c_3	!=
+	addx	c_1,%g0,c_1
+	umul	a_2,a_5,t_1	!sqr_add_c2(a,5,2,c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1
+	addcc	c_2,t_1,c_2
+	addxcc	c_3,t_2,c_3	!=
+	addx	c_1,%g0,c_1
+	umul	a_3,a_4,t_1	!sqr_add_c2(a,4,3,c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1
+	addcc	c_2,t_1,c_2
+	addxcc	c_3,t_2,c_3	!=
+	addx	c_1,%g0,c_1
+	st	c_2,rp(7)	!r[7]=c2;
+
+	umul	a_7,a_1,t_1	!sqr_add_c2(a,7,1,c3,c1,c2);
+	addcc	c_3,t_1,c_3	!=
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	addx	%g0,%g0,c_2
+	addcc	c_3,t_1,c_3	!=
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2
+	umul	a_6,a_2,t_1	!sqr_add_c2(a,6,2,c3,c1,c2);
+	addcc	c_3,t_1,c_3	!=
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2
+	addcc	c_3,t_1,c_3	!=
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2
+	umul	a_5,a_3,t_1	!sqr_add_c2(a,5,3,c3,c1,c2);
+	addcc	c_3,t_1,c_3	!=
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2
+	addcc	c_3,t_1,c_3	!=
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2
+	umul	a_4,a_4,t_1	!sqr_add_c(a,4,c3,c1,c2);
+	addcc	c_3,t_1,c_3	!=
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	st	c_3,rp(8)	!r[8]=c3;
+	addx	c_2,%g0,c_2	!=
+
+	umul	a_2,a_7,t_1	!sqr_add_c2(a,7,2,c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2	!=
+	addx	%g0,%g0,c_3
+	addcc	c_1,t_1,c_1
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3	!=
+	umul	a_3,a_6,t_1	!sqr_add_c2(a,6,3,c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2	!=
+	addx	c_3,%g0,c_3
+	addcc	c_1,t_1,c_1
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3	!=
+	umul	a_4,a_5,t_1	!sqr_add_c2(a,5,4,c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2	!=
+	addx	c_3,%g0,c_3
+	addcc	c_1,t_1,c_1
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3	!=
+	st	c_1,rp(9)	!r[9]=c1;
+
+	umul	a_7,a_3,t_1	!sqr_add_c2(a,7,3,c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	%g0,%g0,c_1
+	addcc	c_2,t_1,c_2
+	addxcc	c_3,t_2,c_3	!=
+	addx	c_1,%g0,c_1
+	umul	a_6,a_4,t_1	!sqr_add_c2(a,6,4,c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1
+	addcc	c_2,t_1,c_2
+	addxcc	c_3,t_2,c_3	!=
+	addx	c_1,%g0,c_1
+	umul	a_5,a_5,t_1	!sqr_add_c(a,5,c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1
+	st	c_2,rp(10)	!r[10]=c2;
+
+	umul	a_4,a_7,t_1	!=!sqr_add_c2(a,7,4,c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	addx	%g0,%g0,c_2	!=
+	addcc	c_3,t_1,c_3
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2
+	umul	a_5,a_6,t_1	!=!sqr_add_c2(a,6,5,c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2	!=
+	addcc	c_3,t_1,c_3
+	addxcc	c_1,t_2,c_1
+	st	c_3,rp(11)	!r[11]=c3;
+	addx	c_2,%g0,c_2	!=
+
+	umul	a_7,a_5,t_1	!sqr_add_c2(a,7,5,c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2	!=
+	addx	%g0,%g0,c_3
+	addcc	c_1,t_1,c_1
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3	!=
+	umul	a_6,a_6,t_1	!sqr_add_c(a,6,c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2	!=
+	addx	c_3,%g0,c_3
+	st	c_1,rp(12)	!r[12]=c1;
+
+	umul	a_6,a_7,t_1	!sqr_add_c2(a,7,6,c2,c3,c1);
+	addcc	c_2,t_1,c_2	!=
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3
+	addx	%g0,%g0,c_1
+	addcc	c_2,t_1,c_2	!=
+	addxcc	c_3,t_2,c_3
+	st	c_2,rp(13)	!r[13]=c2;
+	addx	c_1,%g0,c_1	!=
+
+	umul	a_7,a_7,t_1	!sqr_add_c(a,7,c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1	!=
+	st	c_3,rp(14)	!r[14]=c3;
+	st	c_1,rp(15)	!r[15]=c1;
+
+	ret
+	restore	%g0,%g0,%o0
+
+.type	bn_sqr_comba8,#function
+.size	bn_sqr_comba8,(.-bn_sqr_comba8)
+
+.align	32
+
+.global bn_sqr_comba4
+/*
+ * void bn_sqr_comba4(r,a)
+ * BN_ULONG *r,*a;
+ */
+bn_sqr_comba4:
+	save	%sp,FRAME_SIZE,%sp
+	ld	ap(0),a_0
+	umul	a_0,a_0,c_1	!sqr_add_c(a,0,c1,c2,c3);
+	ld	ap(1),a_1	!=
+	rd	%y,c_2
+	st	c_1,rp(0)	!r[0]=c1;
+
+	ld	ap(2),a_2
+	umul	a_0,a_1,t_1	!=!sqr_add_c2(a,1,0,c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2
+	addxcc	%g0,t_2,c_3
+	addx	%g0,%g0,c_1	!=
+	addcc	c_2,t_1,c_2
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1	!=
+	st	c_2,rp(1)	!r[1]=c2;
+
+	umul	a_2,a_0,t_1	!sqr_add_c2(a,2,0,c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2		!=
+	addxcc	c_1,t_2,c_1
+	addx	%g0,%g0,c_2
+	addcc	c_3,t_1,c_3
+	addxcc	c_1,t_2,c_1	!=
+	addx	c_2,%g0,c_2
+	ld	ap(3),a_3
+	umul	a_1,a_1,t_1	!sqr_add_c(a,1,c3,c1,c2);
+	addcc	c_3,t_1,c_3	!=
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	st	c_3,rp(2)	!r[2]=c3;
+	addx	c_2,%g0,c_2	!=
+
+	umul	a_0,a_3,t_1	!sqr_add_c2(a,3,0,c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2	!=
+	addx	%g0,%g0,c_3
+	addcc	c_1,t_1,c_1
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3	!=
+	umul	a_1,a_2,t_1	!sqr_add_c2(a,2,1,c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2	!=
+	addx	c_3,%g0,c_3
+	addcc	c_1,t_1,c_1
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3	!=
+	st	c_1,rp(3)	!r[3]=c1;
+
+	umul	a_3,a_1,t_1	!sqr_add_c2(a,3,1,c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	%g0,%g0,c_1
+	addcc	c_2,t_1,c_2
+	addxcc	c_3,t_2,c_3	!=
+	addx	c_1,%g0,c_1
+	umul	a_2,a_2,t_1	!sqr_add_c(a,2,c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1
+	st	c_2,rp(4)	!r[4]=c2;
+
+	umul	a_2,a_3,t_1	!=!sqr_add_c2(a,3,2,c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	addx	%g0,%g0,c_2	!=
+	addcc	c_3,t_1,c_3
+	addxcc	c_1,t_2,c_1
+	st	c_3,rp(5)	!r[5]=c3;
+	addx	c_2,%g0,c_2	!=
+
+	umul	a_3,a_3,t_1	!sqr_add_c(a,3,c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2	!=
+	st	c_1,rp(6)	!r[6]=c1;
+	st	c_2,rp(7)	!r[7]=c2;
+	
+	ret
+	restore	%g0,%g0,%o0
+
+.type	bn_sqr_comba4,#function
+.size	bn_sqr_comba4,(.-bn_sqr_comba4)
+
+.align	32
diff --git a/crypto/openssl/crypto/bn/asm/sparcv8plus.S b/crypto/openssl/crypto/bn/asm/sparcv8plus.S
new file mode 100644
index 000000000000..0074dfdb750e
--- /dev/null
+++ b/crypto/openssl/crypto/bn/asm/sparcv8plus.S
@@ -0,0 +1,1535 @@
+.ident	"sparcv8plus.s, Version 1.4"
+.ident	"SPARC v9 ISA artwork by Andy Polyakov "
+
+/*
+ * ====================================================================
+ * Written by Andy Polyakov  for the OpenSSL
+ * project.
+ *
+ * Rights for redistribution and usage in source and binary forms are
+ * granted according to the OpenSSL license. Warranty of any kind is
+ * disclaimed.
+ * ====================================================================
+ */
+
+/*
+ * This is my modest contributon to OpenSSL project (see
+ * http://www.openssl.org/ for more information about it) and is
+ * a drop-in UltraSPARC ISA replacement for crypto/bn/bn_asm.c
+ * module. For updates see http://fy.chalmers.se/~appro/hpe/.
+ *
+ * Questions-n-answers.
+ *
+ * Q. How to compile?
+ * A. With SC4.x/SC5.x:
+ *
+ *	cc -xarch=v8plus -c bn_asm.sparc.v8plus.S -o bn_asm.o
+ *
+ *    and with gcc:
+ *
+ *	gcc -mcpu=ultrasparc -c bn_asm.sparc.v8plus.S -o bn_asm.o
+ *
+ *    or if above fails (it does if you have gas installed):
+ *
+ *	gcc -E bn_asm.sparc.v8plus.S | as -xarch=v8plus /dev/fd/0 -o bn_asm.o
+ *
+ *    Quick-n-dirty way to fuse the module into the library.
+ *    Provided that the library is already configured and built
+ *    (in 0.9.2 case with no-asm option):
+ *
+ *	# cd crypto/bn
+ *	# cp /some/place/bn_asm.sparc.v8plus.S .
+ *	# cc -xarch=v8plus -c bn_asm.sparc.v8plus.S -o bn_asm.o
+ *	# make
+ *	# cd ../..
+ *	# make; make test
+ *
+ *    Quick-n-dirty way to get rid of it:
+ *
+ *	# cd crypto/bn
+ *	# touch bn_asm.c
+ *	# make
+ *	# cd ../..
+ *	# make; make test
+ *
+ * Q. V8plus achitecture? What kind of beast is that?
+ * A. Well, it's rather a programming model than an architecture...
+ *    It's actually v9-compliant, i.e. *any* UltraSPARC, CPU under
+ *    special conditions, namely when kernel doesn't preserve upper
+ *    32 bits of otherwise 64-bit registers during a context switch.
+ *
+ * Q. Why just UltraSPARC? What about SuperSPARC?
+ * A. Original release did target UltraSPARC only. Now SuperSPARC
+ *    version is provided along. Both version share bn_*comba[48]
+ *    implementations (see comment later in code for explanation).
+ *    But what's so special about this UltraSPARC implementation?
+ *    Why didn't I let compiler do the job? Trouble is that most of
+ *    available compilers (well, SC5.0 is the only exception) don't
+ *    attempt to take advantage of UltraSPARC's 64-bitness under
+ *    32-bit kernels even though it's perfectly possible (see next
+ *    question).
+ *
+ * Q. 64-bit registers under 32-bit kernels? Didn't you just say it
+ *    doesn't work?
+ * A. You can't adress *all* registers as 64-bit wide:-( The catch is
+ *    that you actually may rely upon %o0-%o5 and %g1-%g4 being fully
+ *    preserved if you're in a leaf function, i.e. such never calling
+ *    any other functions. All functions in this module are leaf and
+ *    10 registers is a handful. And as a matter of fact none-"comba"
+ *    routines don't require even that much and I could even afford to
+ *    not allocate own stack frame for 'em:-)
+ *
+ * Q. What about 64-bit kernels?
+ * A. What about 'em? Just kidding:-) Pure 64-bit version is currently
+ *    under evaluation and development...
+ *
+ * Q. What about shared libraries?
+ * A. What about 'em? Kidding again:-) Code does *not* contain any
+ *    code position dependencies and it's safe to include it into
+ *    shared library as is.
+ *
+ * Q. How much faster does it go?
+ * A. Do you have a good benchmark? In either case below is what I
+ *    experience with crypto/bn/expspeed.c test program:
+ *
+ *	v8plus module on U10/300MHz against bn_asm.c compiled with:
+ *
+ *	cc-5.0 -xarch=v8plus -xO5 -xdepend	+7-12%
+ *	cc-4.2 -xarch=v8plus -xO5 -xdepend	+25-35%
+ *	egcs-1.1.2 -mcpu=ultrasparc -O3		+35-45%
+ *
+ *	v8 module on SS10/60MHz against bn_asm.c compiled with:
+ *
+ *	cc-5.0 -xarch=v8 -xO5 -xdepend		+7-10%
+ *	cc-4.2 -xarch=v8 -xO5 -xdepend		+10%
+ *	egcs-1.1.2 -mv8 -O3			+35-45%
+ *
+ *    As you can see it's damn hard to beat the new Sun C compiler
+ *    and it's in first place GNU C users who will appreciate this
+ *    assembler implementation:-)	
+ */
+
+/*
+ * Revision history.
+ *
+ * 1.0	- initial release;
+ * 1.1	- new loop unrolling model(*);
+ *	- some more fine tuning;
+ * 1.2	- made gas friendly;
+ *	- updates to documentation concerning v9;
+ *	- new performance comparison matrix;
+ * 1.3	- fixed problem with /usr/ccs/lib/cpp;
+ * 1.4	- native V9 bn_*_comba[48] implementation (15% more efficient)
+ *	  resulting in slight overall performance kick;
+ *	- some retunes;
+ *	- support for GNU as added;
+ *
+ * (*)	Originally unrolled loop looked like this:
+ *	    for (;;) {
+ *		op(p+0); if (--n==0) break;
+ *		op(p+1); if (--n==0) break;
+ *		op(p+2); if (--n==0) break;
+ *		op(p+3); if (--n==0) break;
+ *		p+=4;
+ *	    }
+ *	I unroll according to following:
+ *	    while (n&~3) {
+ *		op(p+0); op(p+1); op(p+2); op(p+3);
+ *		p+=4; n=-4;
+ *	    }
+ *	    if (n) {
+ *		op(p+0); if (--n==0) return;
+ *		op(p+2); if (--n==0) return;
+ *		op(p+3); return;
+ *	    }
+ */
+
+/*
+ * GNU assembler can't stand stuw:-(
+ */
+#define stuw st
+
+.section	".text",#alloc,#execinstr
+.file		"bn_asm.sparc.v8plus.S"
+
+.align	32
+
+.global bn_mul_add_words
+/*
+ * BN_ULONG bn_mul_add_words(rp,ap,num,w)
+ * BN_ULONG *rp,*ap;
+ * int num;
+ * BN_ULONG w;
+ */
+bn_mul_add_words:
+	brgz,a	%o2,.L_bn_mul_add_words_proceed
+	lduw	[%o1],%g2
+	retl
+	clr	%o0
+
+.L_bn_mul_add_words_proceed:
+	srl	%o3,%g0,%o3	! clruw	%o3
+	andcc	%o2,-4,%g0
+	bz,pn	%icc,.L_bn_mul_add_words_tail
+	clr	%o5
+
+.L_bn_mul_add_words_loop:	! wow! 32 aligned!
+	lduw	[%o0],%g1
+	lduw	[%o1+4],%g3
+	mulx	%o3,%g2,%g2
+	add	%g1,%o5,%o4
+	nop
+	add	%o4,%g2,%o4
+	stuw	%o4,[%o0]
+	srlx	%o4,32,%o5
+
+	lduw	[%o0+4],%g1
+	lduw	[%o1+8],%g2
+	mulx	%o3,%g3,%g3
+	add	%g1,%o5,%o4
+	dec	4,%o2
+	add	%o4,%g3,%o4
+	stuw	%o4,[%o0+4]
+	srlx	%o4,32,%o5
+
+	lduw	[%o0+8],%g1
+	lduw	[%o1+12],%g3
+	mulx	%o3,%g2,%g2
+	add	%g1,%o5,%o4
+	inc	16,%o1
+	add	%o4,%g2,%o4
+	stuw	%o4,[%o0+8]
+	srlx	%o4,32,%o5
+
+	lduw	[%o0+12],%g1
+	mulx	%o3,%g3,%g3
+	add	%g1,%o5,%o4
+	inc	16,%o0
+	add	%o4,%g3,%o4
+	andcc	%o2,-4,%g0
+	stuw	%o4,[%o0-4]
+	srlx	%o4,32,%o5
+	bnz,a,pt	%icc,.L_bn_mul_add_words_loop
+	lduw	[%o1],%g2
+
+	brnz,a,pn	%o2,.L_bn_mul_add_words_tail
+	lduw	[%o1],%g2
+.L_bn_mul_add_words_return:
+	retl
+	mov	%o5,%o0
+
+.L_bn_mul_add_words_tail:
+	lduw	[%o0],%g1
+	mulx	%o3,%g2,%g2
+	add	%g1,%o5,%o4
+	dec	%o2
+	add	%o4,%g2,%o4
+	srlx	%o4,32,%o5
+	brz,pt	%o2,.L_bn_mul_add_words_return
+	stuw	%o4,[%o0]
+
+	lduw	[%o1+4],%g2
+	lduw	[%o0+4],%g1
+	mulx	%o3,%g2,%g2
+	add	%g1,%o5,%o4
+	dec	%o2
+	add	%o4,%g2,%o4
+	srlx	%o4,32,%o5
+	brz,pt	%o2,.L_bn_mul_add_words_return
+	stuw	%o4,[%o0+4]
+
+	lduw	[%o1+8],%g2
+	lduw	[%o0+8],%g1
+	mulx	%o3,%g2,%g2
+	add	%g1,%o5,%o4
+	add	%o4,%g2,%o4
+	stuw	%o4,[%o0+8]
+	retl
+	srlx	%o4,32,%o0
+
+.type	bn_mul_add_words,#function
+.size	bn_mul_add_words,(.-bn_mul_add_words)
+
+.align	32
+
+.global bn_mul_words
+/*
+ * BN_ULONG bn_mul_words(rp,ap,num,w)
+ * BN_ULONG *rp,*ap;
+ * int num;
+ * BN_ULONG w;
+ */
+bn_mul_words:
+	brgz,a	%o2,.L_bn_mul_words_proceeed
+	lduw	[%o1],%g2
+	retl
+	clr	%o0
+
+.L_bn_mul_words_proceeed:
+	srl	%o3,%g0,%o3	! clruw	%o3
+	andcc	%o2,-4,%g0
+	bz,pn	%icc,.L_bn_mul_words_tail
+	clr	%o5
+
+.L_bn_mul_words_loop:		! wow! 32 aligned!
+	lduw	[%o1+4],%g3
+	mulx	%o3,%g2,%g2
+	add	%g2,%o5,%o4
+	nop
+	stuw	%o4,[%o0]
+	srlx	%o4,32,%o5
+
+	lduw	[%o1+8],%g2
+	mulx	%o3,%g3,%g3
+	add	%g3,%o5,%o4
+	dec	4,%o2
+	stuw	%o4,[%o0+4]
+	srlx	%o4,32,%o5
+
+	lduw	[%o1+12],%g3
+	mulx	%o3,%g2,%g2
+	add	%g2,%o5,%o4
+	inc	16,%o1
+	stuw	%o4,[%o0+8]
+	srlx	%o4,32,%o5
+
+	mulx	%o3,%g3,%g3
+	add	%g3,%o5,%o4
+	inc	16,%o0
+	stuw	%o4,[%o0-4]
+	srlx	%o4,32,%o5
+	andcc	%o2,-4,%g0
+	bnz,a,pt	%icc,.L_bn_mul_words_loop
+	lduw	[%o1],%g2
+	nop
+	nop
+
+	brnz,a,pn	%o2,.L_bn_mul_words_tail
+	lduw	[%o1],%g2
+.L_bn_mul_words_return:
+	retl
+	mov	%o5,%o0
+
+.L_bn_mul_words_tail:
+	mulx	%o3,%g2,%g2
+	add	%g2,%o5,%o4
+	dec	%o2
+	srlx	%o4,32,%o5
+	brz,pt	%o2,.L_bn_mul_words_return
+	stuw	%o4,[%o0]
+
+	lduw	[%o1+4],%g2
+	mulx	%o3,%g2,%g2
+	add	%g2,%o5,%o4
+	dec	%o2
+	srlx	%o4,32,%o5
+	brz,pt	%o2,.L_bn_mul_words_return
+	stuw	%o4,[%o0+4]
+
+	lduw	[%o1+8],%g2
+	mulx	%o3,%g2,%g2
+	add	%g2,%o5,%o4
+	stuw	%o4,[%o0+8]
+	retl
+	srlx	%o4,32,%o0
+
+.type	bn_mul_words,#function
+.size	bn_mul_words,(.-bn_mul_words)
+
+.align  32
+.global	bn_sqr_words
+/*
+ * void bn_sqr_words(r,a,n)
+ * BN_ULONG *r,*a;
+ * int n;
+ */
+bn_sqr_words:
+	brgz,a	%o2,.L_bn_sqr_words_proceeed
+	lduw	[%o1],%g2
+	retl
+	clr	%o0
+
+.L_bn_sqr_words_proceeed:
+	andcc	%o2,-4,%g0
+	nop
+	bz,pn	%icc,.L_bn_sqr_words_tail
+	nop
+
+.L_bn_sqr_words_loop:		! wow! 32 aligned!
+	lduw	[%o1+4],%g3
+	mulx	%g2,%g2,%o4
+	stuw	%o4,[%o0]
+	srlx	%o4,32,%o5
+	stuw	%o5,[%o0+4]
+	nop
+
+	lduw	[%o1+8],%g2
+	mulx	%g3,%g3,%o4
+	dec	4,%o2
+	stuw	%o4,[%o0+8]
+	srlx	%o4,32,%o5
+	stuw	%o5,[%o0+12]
+
+	lduw	[%o1+12],%g3
+	mulx	%g2,%g2,%o4
+	srlx	%o4,32,%o5
+	stuw	%o4,[%o0+16]
+	inc	16,%o1
+	stuw	%o5,[%o0+20]
+
+	mulx	%g3,%g3,%o4
+	inc	32,%o0
+	stuw	%o4,[%o0-8]
+	srlx	%o4,32,%o5
+	andcc	%o2,-4,%g2
+	stuw	%o5,[%o0-4]
+	bnz,a,pt	%icc,.L_bn_sqr_words_loop
+	lduw	[%o1],%g2
+	nop
+
+	brnz,a,pn	%o2,.L_bn_sqr_words_tail
+	lduw	[%o1],%g2
+.L_bn_sqr_words_return:
+	retl
+	clr	%o0
+
+.L_bn_sqr_words_tail:
+	mulx	%g2,%g2,%o4
+	dec	%o2
+	stuw	%o4,[%o0]
+	srlx	%o4,32,%o5
+	brz,pt	%o2,.L_bn_sqr_words_return
+	stuw	%o5,[%o0+4]
+
+	lduw	[%o1+4],%g2
+	mulx	%g2,%g2,%o4
+	dec	%o2
+	stuw	%o4,[%o0+8]
+	srlx	%o4,32,%o5
+	brz,pt	%o2,.L_bn_sqr_words_return
+	stuw	%o5,[%o0+12]
+
+	lduw	[%o1+8],%g2
+	mulx	%g2,%g2,%o4
+	srlx	%o4,32,%o5
+	stuw	%o4,[%o0+16]
+	stuw	%o5,[%o0+20]
+	retl
+	clr	%o0
+
+.type	bn_sqr_words,#function
+.size	bn_sqr_words,(.-bn_sqr_words)
+
+.align	32
+.global bn_div_words
+/*
+ * BN_ULONG bn_div_words(h,l,d)
+ * BN_ULONG h,l,d;
+ */
+bn_div_words:
+	sllx	%o0,32,%o0
+	or	%o0,%o1,%o0
+	udivx	%o0,%o2,%o0
+	retl
+	srl	%o0,%g0,%o0	! clruw	%o0
+
+.type	bn_div_words,#function
+.size	bn_div_words,(.-bn_div_words)
+
+.align	32
+
+.global bn_add_words
+/*
+ * BN_ULONG bn_add_words(rp,ap,bp,n)
+ * BN_ULONG *rp,*ap,*bp;
+ * int n;
+ */
+bn_add_words:
+	brgz,a	%o3,.L_bn_add_words_proceed
+	lduw	[%o1],%o4
+	retl
+	clr	%o0
+
+.L_bn_add_words_proceed:
+	andcc	%o3,-4,%g0
+	bz,pn	%icc,.L_bn_add_words_tail
+	addcc	%g0,0,%g0	! clear carry flag
+	nop
+
+.L_bn_add_words_loop:		! wow! 32 aligned!
+	dec	4,%o3
+	lduw	[%o2],%o5
+	lduw	[%o1+4],%g1
+	lduw	[%o2+4],%g2
+	lduw	[%o1+8],%g3
+	lduw	[%o2+8],%g4
+	addccc	%o5,%o4,%o5
+	stuw	%o5,[%o0]
+
+	lduw	[%o1+12],%o4
+	lduw	[%o2+12],%o5
+	inc	16,%o1
+	addccc	%g1,%g2,%g1
+	stuw	%g1,[%o0+4]
+	
+	inc	16,%o2
+	addccc	%g3,%g4,%g3
+	stuw	%g3,[%o0+8]
+
+	inc	16,%o0
+	addccc	%o5,%o4,%o5
+	stuw	%o5,[%o0-4]
+	and	%o3,-4,%g1
+	brnz,a,pt	%g1,.L_bn_add_words_loop
+	lduw	[%o1],%o4
+
+	brnz,a,pn	%o3,.L_bn_add_words_tail
+	lduw	[%o1],%o4
+.L_bn_add_words_return:
+	clr	%o0
+	retl
+	movcs	%icc,1,%o0
+	nop
+
+.L_bn_add_words_tail:
+	lduw	[%o2],%o5
+	dec	%o3
+	addccc	%o5,%o4,%o5
+	brz,pt	%o3,.L_bn_add_words_return
+	stuw	%o5,[%o0]
+
+	lduw	[%o1+4],%o4
+	lduw	[%o2+4],%o5
+	dec	%o3
+	addccc	%o5,%o4,%o5
+	brz,pt	%o3,.L_bn_add_words_return
+	stuw	%o5,[%o0+4]
+
+	lduw	[%o1+8],%o4
+	lduw	[%o2+8],%o5
+	addccc	%o5,%o4,%o5
+	stuw	%o5,[%o0+8]
+	clr	%o0
+	retl
+	movcs	%icc,1,%o0
+
+.type	bn_add_words,#function
+.size	bn_add_words,(.-bn_add_words)
+
+.global bn_sub_words
+/*
+ * BN_ULONG bn_sub_words(rp,ap,bp,n)
+ * BN_ULONG *rp,*ap,*bp;
+ * int n;
+ */
+bn_sub_words:
+	brgz,a	%o3,.L_bn_sub_words_proceed
+	lduw	[%o1],%o4
+	retl
+	clr	%o0
+
+.L_bn_sub_words_proceed:
+	andcc	%o3,-4,%g0
+	bz,pn	%icc,.L_bn_sub_words_tail
+	addcc	%g0,0,%g0	! clear carry flag
+	nop
+
+.L_bn_sub_words_loop:		! wow! 32 aligned!
+	dec	4,%o3
+	lduw	[%o2],%o5
+	lduw	[%o1+4],%g1
+	lduw	[%o2+4],%g2
+	lduw	[%o1+8],%g3
+	lduw	[%o2+8],%g4
+	subccc	%o4,%o5,%o5
+	stuw	%o5,[%o0]
+
+	lduw	[%o1+12],%o4
+	lduw	[%o2+12],%o5
+	inc	16,%o1
+	subccc	%g1,%g2,%g2
+	stuw	%g2,[%o0+4]
+
+	inc	16,%o2
+	subccc	%g3,%g4,%g4
+	stuw	%g4,[%o0+8]
+
+	inc	16,%o0
+	subccc	%o4,%o5,%o5
+	stuw	%o5,[%o0-4]
+	and	%o3,-4,%g1
+	brnz,a,pt	%g1,.L_bn_sub_words_loop
+	lduw	[%o1],%o4
+
+	brnz,a,pn	%o3,.L_bn_sub_words_tail
+	lduw	[%o1],%o4
+.L_bn_sub_words_return:
+	clr	%o0
+	retl
+	movcs	%icc,1,%o0
+	nop
+
+.L_bn_sub_words_tail:		! wow! 32 aligned!
+	lduw	[%o2],%o5
+	dec	%o3
+	subccc	%o4,%o5,%o5
+	brz,pt	%o3,.L_bn_sub_words_return
+	stuw	%o5,[%o0]
+
+	lduw	[%o1+4],%o4
+	lduw	[%o2+4],%o5
+	dec	%o3
+	subccc	%o4,%o5,%o5
+	brz,pt	%o3,.L_bn_sub_words_return
+	stuw	%o5,[%o0+4]
+
+	lduw	[%o1+8],%o4
+	lduw	[%o2+8],%o5
+	subccc	%o4,%o5,%o5
+	stuw	%o5,[%o0+8]
+	clr	%o0
+	retl
+	movcs	%icc,1,%o0
+
+.type	bn_sub_words,#function
+.size	bn_sub_words,(.-bn_sub_words)
+
+/*
+ * Code below depends on the fact that upper parts of the %l0-%l7
+ * and %i0-%i7 are zeroed by kernel after context switch. In
+ * previous versions this comment stated that "the trouble is that
+ * it's not feasible to implement the mumbo-jumbo in less V9
+ * instructions:-(" which apparently isn't true thanks to
+ * 'bcs,a %xcc,.+8; inc %rd' pair. But the performance improvement
+ * results not from the shorter code, but from elimination of
+ * multicycle none-pairable 'rd %y,%rd' instructions.
+ *
+ *							Andy.
+ */
+
+#define FRAME_SIZE	-96
+
+/*
+ * Here is register usage map for *all* routines below.
+ */
+#define t_1	%o0
+#define	t_2	%o1
+#define c_12	%o2
+#define c_3	%o3
+
+#define ap(I)	[%i1+4*I]
+#define bp(I)	[%i2+4*I]
+#define rp(I)	[%i0+4*I]
+
+#define	a_0	%l0
+#define	a_1	%l1
+#define	a_2	%l2
+#define	a_3	%l3
+#define	a_4	%l4
+#define	a_5	%l5
+#define	a_6	%l6
+#define	a_7	%l7
+
+#define	b_0	%i3
+#define	b_1	%i4
+#define	b_2	%i5
+#define	b_3	%o4
+#define	b_4	%o5
+#define	b_5	%o7
+#define	b_6	%g1
+#define	b_7	%g4
+
+.align	32
+.global bn_mul_comba8
+/*
+ * void bn_mul_comba8(r,a,b)
+ * BN_ULONG *r,*a,*b;
+ */
+bn_mul_comba8:
+	save	%sp,FRAME_SIZE,%sp
+	mov	1,t_2
+	lduw	ap(0),a_0
+	sllx	t_2,32,t_2
+	lduw	bp(0),b_0	!=
+	lduw	bp(1),b_1
+	mulx	a_0,b_0,t_1	!mul_add_c(a[0],b[0],c1,c2,c3);
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(0)	!=!r[0]=c1;
+
+	lduw	ap(1),a_1
+	mulx	a_0,b_1,t_1	!mul_add_c(a[0],b[1],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	clr	c_3		!=
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	lduw	ap(2),a_2
+	mulx	a_1,b_0,t_1	!=!mul_add_c(a[1],b[0],c2,c3,c1);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12	!=
+	stuw	t_1,rp(1)	!r[1]=c2;
+	or	c_12,c_3,c_12
+
+	mulx	a_2,b_0,t_1	!mul_add_c(a[2],b[0],c3,c1,c2);
+	addcc	c_12,t_1,c_12	!=
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	lduw	bp(2),b_2	!=
+	mulx	a_1,b_1,t_1	!mul_add_c(a[1],b[1],c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3	!=
+	lduw	bp(3),b_3
+	mulx	a_0,b_2,t_1	!mul_add_c(a[0],b[2],c3,c1,c2);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(2)	!r[2]=c3;
+	or	c_12,c_3,c_12	!=
+
+	mulx	a_0,b_3,t_1	!mul_add_c(a[0],b[3],c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_1,b_2,t_1	!=!mul_add_c(a[1],b[2],c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	lduw	ap(3),a_3
+	mulx	a_2,b_1,t_1	!mul_add_c(a[2],b[1],c1,c2,c3);
+	addcc	c_12,t_1,c_12	!=
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	lduw	ap(4),a_4
+	mulx	a_3,b_0,t_1	!=!mul_add_c(a[3],b[0],c1,c2,c3);!=
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12	!=
+	stuw	t_1,rp(3)	!r[3]=c1;
+	or	c_12,c_3,c_12
+
+	mulx	a_4,b_0,t_1	!mul_add_c(a[4],b[0],c2,c3,c1);
+	addcc	c_12,t_1,c_12	!=
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_3,b_1,t_1	!=!mul_add_c(a[3],b[1],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_2,b_2,t_1	!=!mul_add_c(a[2],b[2],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	lduw	bp(4),b_4	!=
+	mulx	a_1,b_3,t_1	!mul_add_c(a[1],b[3],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3	!=
+	lduw	bp(5),b_5
+	mulx	a_0,b_4,t_1	!mul_add_c(a[0],b[4],c2,c3,c1);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(4)	!r[4]=c2;
+	or	c_12,c_3,c_12	!=
+
+	mulx	a_0,b_5,t_1	!mul_add_c(a[0],b[5],c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_1,b_4,t_1	!mul_add_c(a[1],b[4],c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_2,b_3,t_1	!mul_add_c(a[2],b[3],c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_3,b_2,t_1	!mul_add_c(a[3],b[2],c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	lduw	ap(5),a_5
+	mulx	a_4,b_1,t_1	!mul_add_c(a[4],b[1],c3,c1,c2);
+	addcc	c_12,t_1,c_12	!=
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	lduw	ap(6),a_6
+	mulx	a_5,b_0,t_1	!=!mul_add_c(a[5],b[0],c3,c1,c2);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12	!=
+	stuw	t_1,rp(5)	!r[5]=c3;
+	or	c_12,c_3,c_12
+
+	mulx	a_6,b_0,t_1	!mul_add_c(a[6],b[0],c1,c2,c3);
+	addcc	c_12,t_1,c_12	!=
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_5,b_1,t_1	!=!mul_add_c(a[5],b[1],c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_4,b_2,t_1	!=!mul_add_c(a[4],b[2],c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_3,b_3,t_1	!=!mul_add_c(a[3],b[3],c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_2,b_4,t_1	!=!mul_add_c(a[2],b[4],c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	lduw	bp(6),b_6	!=
+	mulx	a_1,b_5,t_1	!mul_add_c(a[1],b[5],c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3	!=
+	lduw	bp(7),b_7
+	mulx	a_0,b_6,t_1	!mul_add_c(a[0],b[6],c1,c2,c3);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(6)	!r[6]=c1;
+	or	c_12,c_3,c_12	!=
+
+	mulx	a_0,b_7,t_1	!mul_add_c(a[0],b[7],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_1,b_6,t_1	!mul_add_c(a[1],b[6],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_2,b_5,t_1	!mul_add_c(a[2],b[5],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_3,b_4,t_1	!mul_add_c(a[3],b[4],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_4,b_3,t_1	!mul_add_c(a[4],b[3],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_5,b_2,t_1	!mul_add_c(a[5],b[2],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	lduw	ap(7),a_7
+	mulx	a_6,b_1,t_1	!=!mul_add_c(a[6],b[1],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_7,b_0,t_1	!=!mul_add_c(a[7],b[0],c2,c3,c1);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12	!=
+	stuw	t_1,rp(7)	!r[7]=c2;
+	or	c_12,c_3,c_12
+
+	mulx	a_7,b_1,t_1	!=!mul_add_c(a[7],b[1],c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3	!=
+	mulx	a_6,b_2,t_1	!mul_add_c(a[6],b[2],c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3	!=
+	mulx	a_5,b_3,t_1	!mul_add_c(a[5],b[3],c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3	!=
+	mulx	a_4,b_4,t_1	!mul_add_c(a[4],b[4],c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3	!=
+	mulx	a_3,b_5,t_1	!mul_add_c(a[3],b[5],c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3	!=
+	mulx	a_2,b_6,t_1	!mul_add_c(a[2],b[6],c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3	!=
+	mulx	a_1,b_7,t_1	!mul_add_c(a[1],b[7],c3,c1,c2);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3	!=
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(8)	!r[8]=c3;
+	or	c_12,c_3,c_12
+
+	mulx	a_2,b_7,t_1	!=!mul_add_c(a[2],b[7],c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3	!=
+	mulx	a_3,b_6,t_1	!mul_add_c(a[3],b[6],c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_4,b_5,t_1	!mul_add_c(a[4],b[5],c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_5,b_4,t_1	!mul_add_c(a[5],b[4],c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_6,b_3,t_1	!mul_add_c(a[6],b[3],c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_7,b_2,t_1	!mul_add_c(a[7],b[2],c1,c2,c3);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(9)	!r[9]=c1;
+	or	c_12,c_3,c_12	!=
+
+	mulx	a_7,b_3,t_1	!mul_add_c(a[7],b[3],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_6,b_4,t_1	!mul_add_c(a[6],b[4],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_5,b_5,t_1	!mul_add_c(a[5],b[5],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_4,b_6,t_1	!mul_add_c(a[4],b[6],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_3,b_7,t_1	!mul_add_c(a[3],b[7],c2,c3,c1);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(10)	!r[10]=c2;
+	or	c_12,c_3,c_12	!=
+
+	mulx	a_4,b_7,t_1	!mul_add_c(a[4],b[7],c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_5,b_6,t_1	!mul_add_c(a[5],b[6],c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_6,b_5,t_1	!mul_add_c(a[6],b[5],c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_7,b_4,t_1	!mul_add_c(a[7],b[4],c3,c1,c2);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(11)	!r[11]=c3;
+	or	c_12,c_3,c_12	!=
+
+	mulx	a_7,b_5,t_1	!mul_add_c(a[7],b[5],c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_6,b_6,t_1	!mul_add_c(a[6],b[6],c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_5,b_7,t_1	!mul_add_c(a[5],b[7],c1,c2,c3);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(12)	!r[12]=c1;
+	or	c_12,c_3,c_12	!=
+
+	mulx	a_6,b_7,t_1	!mul_add_c(a[6],b[7],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_7,b_6,t_1	!mul_add_c(a[7],b[6],c2,c3,c1);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	st	t_1,rp(13)	!r[13]=c2;
+	or	c_12,c_3,c_12	!=
+
+	mulx	a_7,b_7,t_1	!mul_add_c(a[7],b[7],c3,c1,c2);
+	addcc	c_12,t_1,t_1
+	srlx	t_1,32,c_12	!=
+	stuw	t_1,rp(14)	!r[14]=c3;
+	stuw	c_12,rp(15)	!r[15]=c1;
+
+	ret
+	restore	%g0,%g0,%o0	!=
+
+.type	bn_mul_comba8,#function
+.size	bn_mul_comba8,(.-bn_mul_comba8)
+
+.align	32
+
+.global bn_mul_comba4
+/*
+ * void bn_mul_comba4(r,a,b)
+ * BN_ULONG *r,*a,*b;
+ */
+bn_mul_comba4:
+	save	%sp,FRAME_SIZE,%sp
+	lduw	ap(0),a_0
+	mov	1,t_2
+	lduw	bp(0),b_0
+	sllx	t_2,32,t_2	!=
+	lduw	bp(1),b_1
+	mulx	a_0,b_0,t_1	!mul_add_c(a[0],b[0],c1,c2,c3);
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(0)	!=!r[0]=c1;
+
+	lduw	ap(1),a_1
+	mulx	a_0,b_1,t_1	!mul_add_c(a[0],b[1],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	clr	c_3		!=
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	lduw	ap(2),a_2
+	mulx	a_1,b_0,t_1	!=!mul_add_c(a[1],b[0],c2,c3,c1);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12	!=
+	stuw	t_1,rp(1)	!r[1]=c2;
+	or	c_12,c_3,c_12
+
+	mulx	a_2,b_0,t_1	!mul_add_c(a[2],b[0],c3,c1,c2);
+	addcc	c_12,t_1,c_12	!=
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	lduw	bp(2),b_2	!=
+	mulx	a_1,b_1,t_1	!mul_add_c(a[1],b[1],c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3	!=
+	lduw	bp(3),b_3
+	mulx	a_0,b_2,t_1	!mul_add_c(a[0],b[2],c3,c1,c2);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(2)	!r[2]=c3;
+	or	c_12,c_3,c_12	!=
+
+	mulx	a_0,b_3,t_1	!mul_add_c(a[0],b[3],c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_1,b_2,t_1	!mul_add_c(a[1],b[2],c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	lduw	ap(3),a_3
+	mulx	a_2,b_1,t_1	!mul_add_c(a[2],b[1],c1,c2,c3);
+	addcc	c_12,t_1,c_12	!=
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_3,b_0,t_1	!mul_add_c(a[3],b[0],c1,c2,c3);!=
+	addcc	c_12,t_1,t_1	!=
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(3)	!=!r[3]=c1;
+	or	c_12,c_3,c_12
+
+	mulx	a_3,b_1,t_1	!mul_add_c(a[3],b[1],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	clr	c_3		!=
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_2,b_2,t_1	!mul_add_c(a[2],b[2],c2,c3,c1);
+	addcc	c_12,t_1,c_12	!=
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_1,b_3,t_1	!mul_add_c(a[1],b[3],c2,c3,c1);
+	addcc	c_12,t_1,t_1	!=
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(4)	!=!r[4]=c2;
+	or	c_12,c_3,c_12
+
+	mulx	a_2,b_3,t_1	!mul_add_c(a[2],b[3],c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	clr	c_3		!=
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_3,b_2,t_1	!mul_add_c(a[3],b[2],c3,c1,c2);
+	addcc	c_12,t_1,t_1	!=
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(5)	!=!r[5]=c3;
+	or	c_12,c_3,c_12
+
+	mulx	a_3,b_3,t_1	!mul_add_c(a[3],b[3],c1,c2,c3);
+	addcc	c_12,t_1,t_1
+	srlx	t_1,32,c_12	!=
+	stuw	t_1,rp(6)	!r[6]=c1;
+	stuw	c_12,rp(7)	!r[7]=c2;
+	
+	ret
+	restore	%g0,%g0,%o0
+
+.type	bn_mul_comba4,#function
+.size	bn_mul_comba4,(.-bn_mul_comba4)
+
+.align	32
+
+.global bn_sqr_comba8
+bn_sqr_comba8:
+	save	%sp,FRAME_SIZE,%sp
+	mov	1,t_2
+	lduw	ap(0),a_0
+	sllx	t_2,32,t_2
+	lduw	ap(1),a_1
+	mulx	a_0,a_0,t_1	!sqr_add_c(a,0,c1,c2,c3);
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(0)	!r[0]=c1;
+
+	lduw	ap(2),a_2
+	mulx	a_0,a_1,t_1	!=!sqr_add_c2(a,1,0,c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(1)	!r[1]=c2;
+	or	c_12,c_3,c_12
+
+	mulx	a_2,a_0,t_1	!sqr_add_c2(a,2,0,c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	lduw	ap(3),a_3
+	mulx	a_1,a_1,t_1	!sqr_add_c(a,1,c3,c1,c2);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(2)	!r[2]=c3;
+	or	c_12,c_3,c_12
+
+	mulx	a_0,a_3,t_1	!sqr_add_c2(a,3,0,c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	lduw	ap(4),a_4
+	mulx	a_1,a_2,t_1	!sqr_add_c2(a,2,1,c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	st	t_1,rp(3)	!r[3]=c1;
+	or	c_12,c_3,c_12
+
+	mulx	a_4,a_0,t_1	!sqr_add_c2(a,4,0,c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_3,a_1,t_1	!sqr_add_c2(a,3,1,c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	lduw	ap(5),a_5
+	mulx	a_2,a_2,t_1	!sqr_add_c(a,2,c2,c3,c1);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(4)	!r[4]=c2;
+	or	c_12,c_3,c_12
+
+	mulx	a_0,a_5,t_1	!sqr_add_c2(a,5,0,c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_1,a_4,t_1	!sqr_add_c2(a,4,1,c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	lduw	ap(6),a_6
+	mulx	a_2,a_3,t_1	!sqr_add_c2(a,3,2,c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(5)	!r[5]=c3;
+	or	c_12,c_3,c_12
+
+	mulx	a_6,a_0,t_1	!sqr_add_c2(a,6,0,c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_5,a_1,t_1	!sqr_add_c2(a,5,1,c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_4,a_2,t_1	!sqr_add_c2(a,4,2,c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	lduw	ap(7),a_7
+	mulx	a_3,a_3,t_1	!=!sqr_add_c(a,3,c1,c2,c3);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(6)	!r[6]=c1;
+	or	c_12,c_3,c_12
+
+	mulx	a_0,a_7,t_1	!sqr_add_c2(a,7,0,c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_1,a_6,t_1	!sqr_add_c2(a,6,1,c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_2,a_5,t_1	!sqr_add_c2(a,5,2,c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_3,a_4,t_1	!sqr_add_c2(a,4,3,c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(7)	!r[7]=c2;
+	or	c_12,c_3,c_12
+
+	mulx	a_7,a_1,t_1	!sqr_add_c2(a,7,1,c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_6,a_2,t_1	!sqr_add_c2(a,6,2,c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_5,a_3,t_1	!sqr_add_c2(a,5,3,c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_4,a_4,t_1	!sqr_add_c(a,4,c3,c1,c2);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(8)	!r[8]=c3;
+	or	c_12,c_3,c_12
+
+	mulx	a_2,a_7,t_1	!sqr_add_c2(a,7,2,c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_3,a_6,t_1	!sqr_add_c2(a,6,3,c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_4,a_5,t_1	!sqr_add_c2(a,5,4,c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(9)	!r[9]=c1;
+	or	c_12,c_3,c_12
+
+	mulx	a_7,a_3,t_1	!sqr_add_c2(a,7,3,c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_6,a_4,t_1	!sqr_add_c2(a,6,4,c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_5,a_5,t_1	!sqr_add_c(a,5,c2,c3,c1);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(10)	!r[10]=c2;
+	or	c_12,c_3,c_12
+
+	mulx	a_4,a_7,t_1	!sqr_add_c2(a,7,4,c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_5,a_6,t_1	!sqr_add_c2(a,6,5,c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(11)	!r[11]=c3;
+	or	c_12,c_3,c_12
+
+	mulx	a_7,a_5,t_1	!sqr_add_c2(a,7,5,c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_6,a_6,t_1	!sqr_add_c(a,6,c1,c2,c3);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(12)	!r[12]=c1;
+	or	c_12,c_3,c_12
+
+	mulx	a_6,a_7,t_1	!sqr_add_c2(a,7,6,c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(13)	!r[13]=c2;
+	or	c_12,c_3,c_12
+
+	mulx	a_7,a_7,t_1	!sqr_add_c(a,7,c3,c1,c2);
+	addcc	c_12,t_1,t_1
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(14)	!r[14]=c3;
+	stuw	c_12,rp(15)	!r[15]=c1;
+
+	ret
+	restore	%g0,%g0,%o0
+
+.type	bn_sqr_comba8,#function
+.size	bn_sqr_comba8,(.-bn_sqr_comba8)
+
+.align	32
+
+.global bn_sqr_comba4
+/*
+ * void bn_sqr_comba4(r,a)
+ * BN_ULONG *r,*a;
+ */
+bn_sqr_comba4:
+	save	%sp,FRAME_SIZE,%sp
+	mov	1,t_2
+	lduw	ap(0),a_0
+	sllx	t_2,32,t_2
+	lduw	ap(1),a_1
+	mulx	a_0,a_0,t_1	!sqr_add_c(a,0,c1,c2,c3);
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(0)	!r[0]=c1;
+
+	lduw	ap(2),a_2
+	mulx	a_0,a_1,t_1	!sqr_add_c2(a,1,0,c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(1)	!r[1]=c2;
+	or	c_12,c_3,c_12
+
+	mulx	a_2,a_0,t_1	!sqr_add_c2(a,2,0,c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	lduw	ap(3),a_3
+	mulx	a_1,a_1,t_1	!sqr_add_c(a,1,c3,c1,c2);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(2)	!r[2]=c3;
+	or	c_12,c_3,c_12
+
+	mulx	a_0,a_3,t_1	!sqr_add_c2(a,3,0,c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_1,a_2,t_1	!sqr_add_c2(a,2,1,c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(3)	!r[3]=c1;
+	or	c_12,c_3,c_12
+
+	mulx	a_3,a_1,t_1	!sqr_add_c2(a,3,1,c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_2,a_2,t_1	!sqr_add_c(a,2,c2,c3,c1);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(4)	!r[4]=c2;
+	or	c_12,c_3,c_12
+
+	mulx	a_2,a_3,t_1	!sqr_add_c2(a,3,2,c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(5)	!r[5]=c3;
+	or	c_12,c_3,c_12
+
+	mulx	a_3,a_3,t_1	!sqr_add_c(a,3,c1,c2,c3);
+	addcc	c_12,t_1,t_1
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(6)	!r[6]=c1;
+	stuw	c_12,rp(7)	!r[7]=c2;
+	
+	ret
+	restore	%g0,%g0,%o0
+
+.type	bn_sqr_comba4,#function
+.size	bn_sqr_comba4,(.-bn_sqr_comba4)
+
+.align	32
diff --git a/crypto/openssl/crypto/bn/asm/x86.pl b/crypto/openssl/crypto/bn/asm/x86.pl
new file mode 100644
index 000000000000..1bc4f1bb2747
--- /dev/null
+++ b/crypto/openssl/crypto/bn/asm/x86.pl
@@ -0,0 +1,28 @@
+#!/usr/local/bin/perl
+
+push(@INC,"perlasm","../../perlasm");
+require "x86asm.pl";
+
+require("x86/mul_add.pl");
+require("x86/mul.pl");
+require("x86/sqr.pl");
+require("x86/div.pl");
+require("x86/add.pl");
+require("x86/sub.pl");
+require("x86/comba.pl");
+
+&asm_init($ARGV[0],$0);
+
+&bn_mul_add_words("bn_mul_add_words");
+&bn_mul_words("bn_mul_words");
+&bn_sqr_words("bn_sqr_words");
+&bn_div_words("bn_div_words");
+&bn_add_words("bn_add_words");
+&bn_sub_words("bn_sub_words");
+&bn_mul_comba("bn_mul_comba8",8);
+&bn_mul_comba("bn_mul_comba4",4);
+&bn_sqr_comba("bn_sqr_comba8",8);
+&bn_sqr_comba("bn_sqr_comba4",4);
+
+&asm_finish();
+
diff --git a/crypto/openssl/crypto/bn/asm/x86/add.pl b/crypto/openssl/crypto/bn/asm/x86/add.pl
new file mode 100644
index 000000000000..0b5cf583e37f
--- /dev/null
+++ b/crypto/openssl/crypto/bn/asm/x86/add.pl
@@ -0,0 +1,76 @@
+#!/usr/local/bin/perl
+# x86 assember
+
+sub bn_add_words
+	{
+	local($name)=@_;
+
+	&function_begin($name,"");
+
+	&comment("");
+	$a="esi";
+	$b="edi";
+	$c="eax";
+	$r="ebx";
+	$tmp1="ecx";
+	$tmp2="edx";
+	$num="ebp";
+
+	&mov($r,&wparam(0));	# get r
+	 &mov($a,&wparam(1));	# get a
+	&mov($b,&wparam(2));	# get b
+	 &mov($num,&wparam(3));	# get num
+	&xor($c,$c);		# clear carry
+	 &and($num,0xfffffff8);	# num / 8
+
+	&jz(&label("aw_finish"));
+
+	&set_label("aw_loop",0);
+	for ($i=0; $i<8; $i++)
+		{
+		&comment("Round $i");
+
+		&mov($tmp1,&DWP($i*4,$a,"",0)); 	# *a
+		 &mov($tmp2,&DWP($i*4,$b,"",0)); 	# *b
+		&add($tmp1,$c);
+		 &mov($c,0);
+		&adc($c,$c);
+		 &add($tmp1,$tmp2);
+		&adc($c,0);
+		 &mov(&DWP($i*4,$r,"",0),$tmp1); 	# *r
+		}
+
+	&comment("");
+	&add($a,32);
+	 &add($b,32);
+	&add($r,32);
+	 &sub($num,8);
+	&jnz(&label("aw_loop"));
+
+	&set_label("aw_finish",0);
+	&mov($num,&wparam(3));	# get num
+	&and($num,7);
+	 &jz(&label("aw_end"));
+
+	for ($i=0; $i<7; $i++)
+		{
+		&comment("Tail Round $i");
+		&mov($tmp1,&DWP($i*4,$a,"",0));	# *a
+		 &mov($tmp2,&DWP($i*4,$b,"",0));# *b
+		&add($tmp1,$c);
+		 &mov($c,0);
+		&adc($c,$c);
+		 &add($tmp1,$tmp2);
+		&adc($c,0);
+		 &dec($num) if ($i != 6);
+		&mov(&DWP($i*4,$r,"",0),$tmp1);	# *a
+		 &jz(&label("aw_end")) if ($i != 6);
+		}
+	&set_label("aw_end",0);
+
+#	&mov("eax",$c);		# $c is "eax"
+
+	&function_end($name);
+	}
+
+1;
diff --git a/crypto/openssl/crypto/bn/asm/x86/comba.pl b/crypto/openssl/crypto/bn/asm/x86/comba.pl
new file mode 100644
index 000000000000..22912536293d
--- /dev/null
+++ b/crypto/openssl/crypto/bn/asm/x86/comba.pl
@@ -0,0 +1,277 @@
+#!/usr/local/bin/perl
+# x86 assember
+
+sub mul_add_c
+	{
+	local($a,$ai,$b,$bi,$c0,$c1,$c2,$pos,$i,$na,$nb)=@_;
+
+	# pos == -1 if eax and edx are pre-loaded, 0 to load from next
+	# words, and 1 if load return value
+
+	&comment("mul a[$ai]*b[$bi]");
+
+	# "eax" and "edx" will always be pre-loaded.
+	# &mov("eax",&DWP($ai*4,$a,"",0)) ;
+	# &mov("edx",&DWP($bi*4,$b,"",0));
+
+	&mul("edx");
+	&add($c0,"eax");
+	 &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 0;	# laod next a
+	 &mov("eax",&wparam(0)) if $pos > 0;			# load r[]
+	 ###
+	&adc($c1,"edx");
+	 &mov("edx",&DWP(($nb)*4,$b,"",0)) if $pos == 0;	# laod next b
+	 &mov("edx",&DWP(($nb)*4,$b,"",0)) if $pos == 1;	# laod next b
+	 ###
+	&adc($c2,0);
+	 # is pos > 1, it means it is the last loop 
+	 &mov(&DWP($i*4,"eax","",0),$c0) if $pos > 0;		# save r[];
+	&mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 1;		# laod next a
+	}
+
+sub sqr_add_c
+	{
+	local($r,$a,$ai,$bi,$c0,$c1,$c2,$pos,$i,$na,$nb)=@_;
+
+	# pos == -1 if eax and edx are pre-loaded, 0 to load from next
+	# words, and 1 if load return value
+
+	&comment("sqr a[$ai]*a[$bi]");
+
+	# "eax" and "edx" will always be pre-loaded.
+	# &mov("eax",&DWP($ai*4,$a,"",0)) ;
+	# &mov("edx",&DWP($bi*4,$b,"",0));
+
+	if ($ai == $bi)
+		{ &mul("eax");}
+	else
+		{ &mul("edx");}
+	&add($c0,"eax");
+	 &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 0;	# load next a
+	 ###
+	&adc($c1,"edx");
+	 &mov("edx",&DWP(($nb)*4,$a,"",0)) if ($pos == 1) && ($na != $nb);
+	 ###
+	&adc($c2,0);
+	 # is pos > 1, it means it is the last loop 
+	 &mov(&DWP($i*4,$r,"",0),$c0) if $pos > 0;		# save r[];
+	&mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 1;		# load next b
+	}
+
+sub sqr_add_c2
+	{
+	local($r,$a,$ai,$bi,$c0,$c1,$c2,$pos,$i,$na,$nb)=@_;
+
+	# pos == -1 if eax and edx are pre-loaded, 0 to load from next
+	# words, and 1 if load return value
+
+	&comment("sqr a[$ai]*a[$bi]");
+
+	# "eax" and "edx" will always be pre-loaded.
+	# &mov("eax",&DWP($ai*4,$a,"",0)) ;
+	# &mov("edx",&DWP($bi*4,$a,"",0));
+
+	if ($ai == $bi)
+		{ &mul("eax");}
+	else
+		{ &mul("edx");}
+	&add("eax","eax");
+	 ###
+	&adc("edx","edx");
+	 ###
+	&adc($c2,0);
+	 &add($c0,"eax");
+	&adc($c1,"edx");
+	 &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 0;	# load next a
+	 &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 1;	# load next b
+	&adc($c2,0);
+	&mov(&DWP($i*4,$r,"",0),$c0) if $pos > 0;		# save r[];
+	 &mov("edx",&DWP(($nb)*4,$a,"",0)) if ($pos <= 1) && ($na != $nb);
+	 ###
+	}
+
+sub bn_mul_comba
+	{
+	local($name,$num)=@_;
+	local($a,$b,$c0,$c1,$c2);
+	local($i,$as,$ae,$bs,$be,$ai,$bi);
+	local($tot,$end);
+
+	&function_begin_B($name,"");
+
+	$c0="ebx";
+	$c1="ecx";
+	$c2="ebp";
+	$a="esi";
+	$b="edi";
+	
+	$as=0;
+	$ae=0;
+	$bs=0;
+	$be=0;
+	$tot=$num+$num-1;
+
+	&push("esi");
+	 &mov($a,&wparam(1));
+	&push("edi");
+	 &mov($b,&wparam(2));
+	&push("ebp");
+	 &push("ebx");
+
+	&xor($c0,$c0);
+	 &mov("eax",&DWP(0,$a,"",0));	# load the first word 
+	&xor($c1,$c1);
+	 &mov("edx",&DWP(0,$b,"",0));	# load the first second 
+
+	for ($i=0; $i<$tot; $i++)
+		{
+		$ai=$as;
+		$bi=$bs;
+		$end=$be+1;
+
+		&comment("################## Calculate word $i"); 
+
+		for ($j=$bs; $j<$end; $j++)
+			{
+			&xor($c2,$c2) if ($j == $bs);
+			if (($j+1) == $end)
+				{
+				$v=1;
+				$v=2 if (($i+1) == $tot);
+				}
+			else
+				{ $v=0; }
+			if (($j+1) != $end)
+				{
+				$na=($ai-1);
+				$nb=($bi+1);
+				}
+			else
+				{
+				$na=$as+($i < ($num-1));
+				$nb=$bs+($i >= ($num-1));
+				}
+#printf STDERR "[$ai,$bi] -> [$na,$nb]\n";
+			&mul_add_c($a,$ai,$b,$bi,$c0,$c1,$c2,$v,$i,$na,$nb);
+			if ($v)
+				{
+				&comment("saved r[$i]");
+				# &mov("eax",&wparam(0));
+				# &mov(&DWP($i*4,"eax","",0),$c0);
+				($c0,$c1,$c2)=($c1,$c2,$c0);
+				}
+			$ai--;
+			$bi++;
+			}
+		$as++ if ($i < ($num-1));
+		$ae++ if ($i >= ($num-1));
+
+		$bs++ if ($i >= ($num-1));
+		$be++ if ($i < ($num-1));
+		}
+	&comment("save r[$i]");
+	# &mov("eax",&wparam(0));
+	&mov(&DWP($i*4,"eax","",0),$c0);
+
+	&pop("ebx");
+	&pop("ebp");
+	&pop("edi");
+	&pop("esi");
+	&ret();
+	&function_end_B($name);
+	}
+
+sub bn_sqr_comba
+	{
+	local($name,$num)=@_;
+	local($r,$a,$c0,$c1,$c2)=@_;
+	local($i,$as,$ae,$bs,$be,$ai,$bi);
+	local($b,$tot,$end,$half);
+
+	&function_begin_B($name,"");
+
+	$c0="ebx";
+	$c1="ecx";
+	$c2="ebp";
+	$a="esi";
+	$r="edi";
+
+	&push("esi");
+	 &push("edi");
+	&push("ebp");
+	 &push("ebx");
+	&mov($r,&wparam(0));
+	 &mov($a,&wparam(1));
+	&xor($c0,$c0);
+	 &xor($c1,$c1);
+	&mov("eax",&DWP(0,$a,"",0)); # load the first word
+
+	$as=0;
+	$ae=0;
+	$bs=0;
+	$be=0;
+	$tot=$num+$num-1;
+
+	for ($i=0; $i<$tot; $i++)
+		{
+		$ai=$as;
+		$bi=$bs;
+		$end=$be+1;
+
+		&comment("############### Calculate word $i");
+		for ($j=$bs; $j<$end; $j++)
+			{
+			&xor($c2,$c2) if ($j == $bs);
+			if (($ai-1) < ($bi+1))
+				{
+				$v=1;
+				$v=2 if ($i+1) == $tot;
+				}
+			else
+				{ $v=0; }
+			if (!$v)
+				{
+				$na=$ai-1;
+				$nb=$bi+1;
+				}
+			else
+				{
+				$na=$as+($i < ($num-1));
+				$nb=$bs+($i >= ($num-1));
+				}
+			if ($ai == $bi)
+				{
+				&sqr_add_c($r,$a,$ai,$bi,
+					$c0,$c1,$c2,$v,$i,$na,$nb);
+				}
+			else
+				{
+				&sqr_add_c2($r,$a,$ai,$bi,
+					$c0,$c1,$c2,$v,$i,$na,$nb);
+				}
+			if ($v)
+				{
+				&comment("saved r[$i]");
+				#&mov(&DWP($i*4,$r,"",0),$c0);
+				($c0,$c1,$c2)=($c1,$c2,$c0);
+				last;
+				}
+			$ai--;
+			$bi++;
+			}
+		$as++ if ($i < ($num-1));
+		$ae++ if ($i >= ($num-1));
+
+		$bs++ if ($i >= ($num-1));
+		$be++ if ($i < ($num-1));
+		}
+	&mov(&DWP($i*4,$r,"",0),$c0);
+	&pop("ebx");
+	&pop("ebp");
+	&pop("edi");
+	&pop("esi");
+	&ret();
+	&function_end_B($name);
+	}
+
+1;
diff --git a/crypto/openssl/crypto/bn/asm/x86/div.pl b/crypto/openssl/crypto/bn/asm/x86/div.pl
new file mode 100644
index 000000000000..0e90152caa95
--- /dev/null
+++ b/crypto/openssl/crypto/bn/asm/x86/div.pl
@@ -0,0 +1,15 @@
+#!/usr/local/bin/perl
+# x86 assember
+
+sub bn_div_words
+	{
+	local($name)=@_;
+
+	&function_begin($name,"");
+	&mov("edx",&wparam(0));	#
+	&mov("eax",&wparam(1));	#
+	&mov("ebx",&wparam(2));	#
+	&div("ebx");
+	&function_end($name);
+	}
+1;
diff --git a/crypto/openssl/crypto/bn/asm/x86/f b/crypto/openssl/crypto/bn/asm/x86/f
new file mode 100644
index 000000000000..22e411222431
--- /dev/null
+++ b/crypto/openssl/crypto/bn/asm/x86/f
@@ -0,0 +1,3 @@
+#!/usr/local/bin/perl
+# x86 assember
+
diff --git a/crypto/openssl/crypto/bn/asm/x86/mul.pl b/crypto/openssl/crypto/bn/asm/x86/mul.pl
new file mode 100644
index 000000000000..674cb9b05512
--- /dev/null
+++ b/crypto/openssl/crypto/bn/asm/x86/mul.pl
@@ -0,0 +1,77 @@
+#!/usr/local/bin/perl
+# x86 assember
+
+sub bn_mul_words
+	{
+	local($name)=@_;
+
+	&function_begin($name,"");
+
+	&comment("");
+	$Low="eax";
+	$High="edx";
+	$a="ebx";
+	$w="ecx";
+	$r="edi";
+	$c="esi";
+	$num="ebp";
+
+	&xor($c,$c);		# clear carry
+	&mov($r,&wparam(0));	#
+	&mov($a,&wparam(1));	#
+	&mov($num,&wparam(2));	#
+	&mov($w,&wparam(3));	#
+
+	&and($num,0xfffffff8);	# num / 8
+	&jz(&label("mw_finish"));
+
+	&set_label("mw_loop",0);
+	for ($i=0; $i<32; $i+=4)
+		{
+		&comment("Round $i");
+
+		 &mov("eax",&DWP($i,$a,"",0)); 	# *a
+		&mul($w);			# *a * w
+		&add("eax",$c);			# L(t)+=c
+		 # XXX
+
+		&adc("edx",0);			# H(t)+=carry
+		 &mov(&DWP($i,$r,"",0),"eax");	# *r= L(t);
+
+		&mov($c,"edx");			# c=  H(t);
+		}
+
+	&comment("");
+	&add($a,32);
+	&add($r,32);
+	&sub($num,8);
+	&jz(&label("mw_finish"));
+	&jmp(&label("mw_loop"));
+
+	&set_label("mw_finish",0);
+	&mov($num,&wparam(2));	# get num
+	&and($num,7);
+	&jnz(&label("mw_finish2"));
+	&jmp(&label("mw_end"));
+
+	&set_label("mw_finish2",1);
+	for ($i=0; $i<7; $i++)
+		{
+		&comment("Tail Round $i");
+		 &mov("eax",&DWP($i*4,$a,"",0));# *a
+		&mul($w);			# *a * w
+		&add("eax",$c);			# L(t)+=c
+		 # XXX
+		&adc("edx",0);			# H(t)+=carry
+		 &mov(&DWP($i*4,$r,"",0),"eax");# *r= L(t);
+		&mov($c,"edx");			# c=  H(t);
+		 &dec($num) if ($i != 7-1);
+		&jz(&label("mw_end")) if ($i != 7-1);
+		}
+	&set_label("mw_end",0);
+	&mov("eax",$c);
+
+	&function_end($name);
+	}
+
+1;
diff --git a/crypto/openssl/crypto/bn/asm/x86/mul_add.pl b/crypto/openssl/crypto/bn/asm/x86/mul_add.pl
new file mode 100644
index 000000000000..61830d3a906a
--- /dev/null
+++ b/crypto/openssl/crypto/bn/asm/x86/mul_add.pl
@@ -0,0 +1,87 @@
+#!/usr/local/bin/perl
+# x86 assember
+
+sub bn_mul_add_words
+	{
+	local($name)=@_;
+
+	&function_begin($name,"");
+
+	&comment("");
+	$Low="eax";
+	$High="edx";
+	$a="ebx";
+	$w="ebp";
+	$r="edi";
+	$c="esi";
+
+	&xor($c,$c);		# clear carry
+	&mov($r,&wparam(0));	#
+
+	&mov("ecx",&wparam(2));	#
+	&mov($a,&wparam(1));	#
+
+	&and("ecx",0xfffffff8);	# num / 8
+	&mov($w,&wparam(3));	#
+
+	&push("ecx");		# Up the stack for a tmp variable
+
+	&jz(&label("maw_finish"));
+
+	&set_label("maw_loop",0);
+
+	&mov(&swtmp(0),"ecx");	#
+
+	for ($i=0; $i<32; $i+=4)
+		{
+		&comment("Round $i");
+
+		 &mov("eax",&DWP($i,$a,"",0)); 	# *a
+		&mul($w);			# *a * w
+		&add("eax",$c);		# L(t)+= *r
+		 &mov($c,&DWP($i,$r,"",0));	# L(t)+= *r
+		&adc("edx",0);			# H(t)+=carry
+		 &add("eax",$c);		# L(t)+=c
+		&adc("edx",0);			# H(t)+=carry
+		 &mov(&DWP($i,$r,"",0),"eax");	# *r= L(t);
+		&mov($c,"edx");			# c=  H(t);
+		}
+
+	&comment("");
+	&mov("ecx",&swtmp(0));	#
+	&add($a,32);
+	&add($r,32);
+	&sub("ecx",8);
+	&jnz(&label("maw_loop"));
+
+	&set_label("maw_finish",0);
+	&mov("ecx",&wparam(2));	# get num
+	&and("ecx",7);
+	&jnz(&label("maw_finish2"));	# helps branch prediction
+	&jmp(&label("maw_end"));
+
+	&set_label("maw_finish2",1);
+	for ($i=0; $i<7; $i++)
+		{
+		&comment("Tail Round $i");
+		 &mov("eax",&DWP($i*4,$a,"",0));# *a
+		&mul($w);			# *a * w
+		&add("eax",$c);			# L(t)+=c
+		 &mov($c,&DWP($i*4,$r,"",0));	# L(t)+= *r
+		&adc("edx",0);			# H(t)+=carry
+		 &add("eax",$c);
+		&adc("edx",0);			# H(t)+=carry
+		 &dec("ecx") if ($i != 7-1);
+		&mov(&DWP($i*4,$r,"",0),"eax");	# *r= L(t);
+		 &mov($c,"edx");			# c=  H(t);
+		&jz(&label("maw_end")) if ($i != 7-1);
+		}
+	&set_label("maw_end",0);
+	&mov("eax",$c);
+
+	&pop("ecx");	# clear variable from
+
+	&function_end($name);
+	}
+
+1;
diff --git a/crypto/openssl/crypto/bn/asm/x86/sqr.pl b/crypto/openssl/crypto/bn/asm/x86/sqr.pl
new file mode 100644
index 000000000000..1f90993cf689
--- /dev/null
+++ b/crypto/openssl/crypto/bn/asm/x86/sqr.pl
@@ -0,0 +1,60 @@
+#!/usr/local/bin/perl
+# x86 assember
+
+sub bn_sqr_words
+	{
+	local($name)=@_;
+
+	&function_begin($name,"");
+
+	&comment("");
+	$r="esi";
+	$a="edi";
+	$num="ebx";
+
+	&mov($r,&wparam(0));	#
+	&mov($a,&wparam(1));	#
+	&mov($num,&wparam(2));	#
+
+	&and($num,0xfffffff8);	# num / 8
+	&jz(&label("sw_finish"));
+
+	&set_label("sw_loop",0);
+	for ($i=0; $i<32; $i+=4)
+		{
+		&comment("Round $i");
+		&mov("eax",&DWP($i,$a,"",0)); 	# *a
+		 # XXX
+		&mul("eax");			# *a * *a
+		&mov(&DWP($i*2,$r,"",0),"eax");	#
+		 &mov(&DWP($i*2+4,$r,"",0),"edx");#
+		}
+
+	&comment("");
+	&add($a,32);
+	&add($r,64);
+	&sub($num,8);
+	&jnz(&label("sw_loop"));
+
+	&set_label("sw_finish",0);
+	&mov($num,&wparam(2));	# get num
+	&and($num,7);
+	&jz(&label("sw_end"));
+
+	for ($i=0; $i<7; $i++)
+		{
+		&comment("Tail Round $i");
+		&mov("eax",&DWP($i*4,$a,"",0));	# *a
+		 # XXX
+		&mul("eax");			# *a * *a
+		&mov(&DWP($i*8,$r,"",0),"eax");	#
+		 &dec($num) if ($i != 7-1);
+		&mov(&DWP($i*8+4,$r,"",0),"edx");
+		 &jz(&label("sw_end")) if ($i != 7-1);
+		}
+	&set_label("sw_end",0);
+
+	&function_end($name);
+	}
+
+1;
diff --git a/crypto/openssl/crypto/bn/asm/x86/sub.pl b/crypto/openssl/crypto/bn/asm/x86/sub.pl
new file mode 100644
index 000000000000..837b0e1b078d
--- /dev/null
+++ b/crypto/openssl/crypto/bn/asm/x86/sub.pl
@@ -0,0 +1,76 @@
+#!/usr/local/bin/perl
+# x86 assember
+
+sub bn_sub_words
+	{
+	local($name)=@_;
+
+	&function_begin($name,"");
+
+	&comment("");
+	$a="esi";
+	$b="edi";
+	$c="eax";
+	$r="ebx";
+	$tmp1="ecx";
+	$tmp2="edx";
+	$num="ebp";
+
+	&mov($r,&wparam(0));	# get r
+	 &mov($a,&wparam(1));	# get a
+	&mov($b,&wparam(2));	# get b
+	 &mov($num,&wparam(3));	# get num
+	&xor($c,$c);		# clear carry
+	 &and($num,0xfffffff8);	# num / 8
+
+	&jz(&label("aw_finish"));
+
+	&set_label("aw_loop",0);
+	for ($i=0; $i<8; $i++)
+		{
+		&comment("Round $i");
+
+		&mov($tmp1,&DWP($i*4,$a,"",0)); 	# *a
+		 &mov($tmp2,&DWP($i*4,$b,"",0)); 	# *b
+		&sub($tmp1,$c);
+		 &mov($c,0);
+		&adc($c,$c);
+		 &sub($tmp1,$tmp2);
+		&adc($c,0);
+		 &mov(&DWP($i*4,$r,"",0),$tmp1); 	# *r
+		}
+
+	&comment("");
+	&add($a,32);
+	 &add($b,32);
+	&add($r,32);
+	 &sub($num,8);
+	&jnz(&label("aw_loop"));
+
+	&set_label("aw_finish",0);
+	&mov($num,&wparam(3));	# get num
+	&and($num,7);
+	 &jz(&label("aw_end"));
+
+	for ($i=0; $i<7; $i++)
+		{
+		&comment("Tail Round $i");
+		&mov($tmp1,&DWP($i*4,$a,"",0));	# *a
+		 &mov($tmp2,&DWP($i*4,$b,"",0));# *b
+		&sub($tmp1,$c);
+		 &mov($c,0);
+		&adc($c,$c);
+		 &sub($tmp1,$tmp2);
+		&adc($c,0);
+		 &dec($num) if ($i != 6);
+		&mov(&DWP($i*4,$r,"",0),$tmp1);	# *a
+		 &jz(&label("aw_end")) if ($i != 6);
+		}
+	&set_label("aw_end",0);
+
+#	&mov("eax",$c);		# $c is "eax"
+
+	&function_end($name);
+	}
+
+1;
diff --git a/crypto/openssl/crypto/bn/bn.h b/crypto/openssl/crypto/bn/bn.h
new file mode 100644
index 000000000000..f935e1ca79d7
--- /dev/null
+++ b/crypto/openssl/crypto/bn/bn.h
@@ -0,0 +1,467 @@
+/* crypto/bn/bn.h */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_BN_H
+#define HEADER_BN_H
+
+#ifndef WIN16
+#include  /* FILE */
+#endif
+#include 
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#ifdef VMS
+#undef BN_LLONG /* experimental, so far... */
+#endif
+
+#define BN_MUL_COMBA
+#define BN_SQR_COMBA
+#define BN_RECURSION
+#define RECP_MUL_MOD
+#define MONT_MUL_MOD
+
+/* This next option uses the C libraries (2 word)/(1 word) function.
+ * If it is not defined, I use my C version (which is slower).
+ * The reason for this flag is that when the particular C compiler
+ * library routine is used, and the library is linked with a different
+ * compiler, the library is missing.  This mostly happens when the
+ * library is built with gcc and then linked using nornal cc.  This would
+ * be a common occurance because gcc normally produces code that is
+ * 2 times faster than system compilers for the big number stuff.
+ * For machines with only one compiler (or shared libraries), this should
+ * be on.  Again this in only really a problem on machines
+ * using "long long's", are 32bit, and are not using my assember code. */
+#if defined(MSDOS) || defined(WINDOWS) || defined(linux)
+#define BN_DIV2W
+#endif
+
+/* assuming long is 64bit - this is the DEC Alpha
+ * unsigned long long is only 64 bits :-(, don't define
+ * BN_LLONG for the DEC Alpha */
+#ifdef SIXTY_FOUR_BIT_LONG
+#define BN_ULLONG	unsigned long long
+#define BN_ULONG	unsigned long
+#define BN_LONG		long
+#define BN_BITS		128
+#define BN_BYTES	8
+#define BN_BITS2	64
+#define BN_BITS4	32
+#define BN_MASK		(0xffffffffffffffffffffffffffffffffLL)
+#define BN_MASK2	(0xffffffffffffffffL)
+#define BN_MASK2l	(0xffffffffL)
+#define BN_MASK2h	(0xffffffff00000000L)
+#define BN_MASK2h1	(0xffffffff80000000L)
+#define BN_TBIT		(0x8000000000000000L)
+#define BN_DEC_CONV	(10000000000000000000UL)
+#define BN_DEC_FMT1	"%lu"
+#define BN_DEC_FMT2	"%019lu"
+#define BN_DEC_NUM	19
+#endif
+
+/* This is where the long long data type is 64 bits, but long is 32.
+ * For machines where there are 64bit registers, this is the mode to use.
+ * IRIX, on R4000 and above should use this mode, along with the relevent
+ * assember code :-).  Do NOT define BN_LLONG.
+ */
+#ifdef SIXTY_FOUR_BIT
+#undef BN_LLONG
+#undef BN_ULLONG
+#define BN_ULONG	unsigned long long
+#define BN_LONG		long long
+#define BN_BITS		128
+#define BN_BYTES	8
+#define BN_BITS2	64
+#define BN_BITS4	32
+#define BN_MASK2	(0xffffffffffffffffLL)
+#define BN_MASK2l	(0xffffffffL)
+#define BN_MASK2h	(0xffffffff00000000LL)
+#define BN_MASK2h1	(0xffffffff80000000LL)
+#define BN_TBIT		(0x8000000000000000LL)
+#define BN_DEC_CONV	(10000000000000000000LL)
+#define BN_DEC_FMT1	"%llu"
+#define BN_DEC_FMT2	"%019llu"
+#define BN_DEC_NUM	19
+#endif
+
+#ifdef THIRTY_TWO_BIT
+#if defined(WIN32) && !defined(__GNUC__)
+#define BN_ULLONG	unsigned _int64
+#else
+#define BN_ULLONG	unsigned long long
+#endif
+#define BN_ULONG	unsigned long
+#define BN_LONG		long
+#define BN_BITS		64
+#define BN_BYTES	4
+#define BN_BITS2	32
+#define BN_BITS4	16
+#ifdef WIN32
+/* VC++ doesn't like the LL suffix */
+#define BN_MASK		(0xffffffffffffffffL)
+#else
+#define BN_MASK		(0xffffffffffffffffLL)
+#endif
+#define BN_MASK2	(0xffffffffL)
+#define BN_MASK2l	(0xffff)
+#define BN_MASK2h1	(0xffff8000L)
+#define BN_MASK2h	(0xffff0000L)
+#define BN_TBIT		(0x80000000L)
+#define BN_DEC_CONV	(1000000000L)
+#define BN_DEC_FMT1	"%lu"
+#define BN_DEC_FMT2	"%09lu"
+#define BN_DEC_NUM	9
+#endif
+
+#ifdef SIXTEEN_BIT
+#ifndef BN_DIV2W
+#define BN_DIV2W
+#endif
+#define BN_ULLONG	unsigned long
+#define BN_ULONG	unsigned short
+#define BN_LONG		short
+#define BN_BITS		32
+#define BN_BYTES	2
+#define BN_BITS2	16
+#define BN_BITS4	8
+#define BN_MASK		(0xffffffff)
+#define BN_MASK2	(0xffff)
+#define BN_MASK2l	(0xff)
+#define BN_MASK2h1	(0xff80)
+#define BN_MASK2h	(0xff00)
+#define BN_TBIT		(0x8000)
+#define BN_DEC_CONV	(100000)
+#define BN_DEC_FMT1	"%u"
+#define BN_DEC_FMT2	"%05u"
+#define BN_DEC_NUM	5
+#endif
+
+#ifdef EIGHT_BIT
+#ifndef BN_DIV2W
+#define BN_DIV2W
+#endif
+#define BN_ULLONG	unsigned short
+#define BN_ULONG	unsigned char
+#define BN_LONG		char
+#define BN_BITS		16
+#define BN_BYTES	1
+#define BN_BITS2	8
+#define BN_BITS4	4
+#define BN_MASK		(0xffff)
+#define BN_MASK2	(0xff)
+#define BN_MASK2l	(0xf)
+#define BN_MASK2h1	(0xf8)
+#define BN_MASK2h	(0xf0)
+#define BN_TBIT		(0x80)
+#define BN_DEC_CONV	(100)
+#define BN_DEC_FMT1	"%u"
+#define BN_DEC_FMT2	"%02u"
+#define BN_DEC_NUM	2
+#endif
+
+#define BN_DEFAULT_BITS	1280
+
+#ifdef BIGNUM
+#undef BIGNUM
+#endif
+
+#define BN_FLG_MALLOCED		0x01
+#define BN_FLG_STATIC_DATA	0x02
+#define BN_FLG_FREE		0x8000	/* used for debuging */
+#define BN_set_flags(b,n)	((b)->flags|=(n))
+#define BN_get_flags(b,n)	((b)->flags&(n))
+
+typedef struct bignum_st
+	{
+	BN_ULONG *d;	/* Pointer to an array of 'BN_BITS2' bit chunks. */
+	int top;	/* Index of last used d +1. */
+	/* The next are internal book keeping for bn_expand. */
+	int max;	/* Size of the d array. */
+	int neg;	/* one if the number is negative */
+	int flags;
+	} BIGNUM;
+
+/* Used for temp variables */
+#define BN_CTX_NUM	12
+typedef struct bignum_ctx
+	{
+	int tos;
+	BIGNUM bn[BN_CTX_NUM+1];
+	int flags;
+	} BN_CTX;
+
+typedef struct bn_blinding_st
+	{
+	int init;
+	BIGNUM *A;
+	BIGNUM *Ai;
+	BIGNUM *mod; /* just a reference */
+	} BN_BLINDING;
+
+/* Used for montgomery multiplication */
+typedef struct bn_mont_ctx_st
+        {
+	int use_word;	/* 0 for word form, 1 for long form */
+        int ri;         /* number of bits in R */
+        BIGNUM RR;     /* used to convert to montgomery form */
+        BIGNUM N;      /* The modulus */
+        BIGNUM Ni;     /* The inverse of N */
+	BN_ULONG n0;	/* word form of inverse, normally only one of
+			 * Ni or n0 is defined */
+	int flags;
+        } BN_MONT_CTX;
+
+/* Used for reciprocal division/mod functions
+ * It cannot be shared between threads
+ */
+typedef struct bn_recp_ctx_st
+	{
+	BIGNUM N;	/* the divisor */
+	BIGNUM Nr;	/* the reciprocal */
+	int num_bits;
+	int shift;
+	int flags;
+	} BN_RECP_CTX;
+
+#define BN_to_montgomery(r,a,mont,ctx)	BN_mod_mul_montgomery(\
+	r,a,&((mont)->RR),(mont),ctx)
+
+#define BN_prime_checks		(5)
+
+#define BN_num_bytes(a)	((BN_num_bits(a)+7)/8)
+#define BN_is_word(a,w)	(((a)->top == 1) && ((a)->d[0] == (BN_ULONG)(w)))
+#define BN_is_zero(a)	(((a)->top == 0) || BN_is_word(a,0))
+#define BN_is_one(a)	(BN_is_word((a),1))
+#define BN_is_odd(a)	(((a)->top > 0) && ((a)->d[0] & 1))
+#define BN_one(a)	(BN_set_word((a),1))
+#define BN_zero(a)	(BN_set_word((a),0))
+
+/*#define BN_ascii2bn(a)	BN_hex2bn(a) */
+/*#define BN_bn2ascii(a)	BN_bn2hex(a) */
+
+#define bn_expand(n,b) ((((((b+BN_BITS2-1))/BN_BITS2)) <= (n)->max)?\
+	(n):bn_expand2((n),(b)/BN_BITS2+1))
+#define bn_wexpand(n,b) (((b) <= (n)->max)?(n):bn_expand2((n),(b)))
+
+#define bn_fix_top(a) \
+        { \
+        BN_ULONG *ftl; \
+	if ((a)->top > 0) \
+		{ \
+		for (ftl= &((a)->d[(a)->top-1]); (a)->top > 0; (a)->top--) \
+		if (*(ftl--)) break; \
+		} \
+	}
+
+BIGNUM *BN_value_one(void);
+char *	BN_options(void);
+BN_CTX *BN_CTX_new(void);
+void	BN_CTX_init(BN_CTX *c);
+void	BN_CTX_free(BN_CTX *c);
+int     BN_rand(BIGNUM *rnd, int bits, int top,int bottom);
+int	BN_num_bits(const BIGNUM *a);
+int	BN_num_bits_word(BN_ULONG);
+BIGNUM *BN_new(void);
+void	BN_init(BIGNUM *);
+void	BN_clear_free(BIGNUM *a);
+BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b);
+BIGNUM *BN_bin2bn(const unsigned char *s,int len,BIGNUM *ret);
+int	BN_bn2bin(const BIGNUM *a, unsigned char *to);
+BIGNUM *BN_mpi2bn(unsigned char *s,int len,BIGNUM *ret);
+int	BN_bn2mpi(const BIGNUM *a, unsigned char *to);
+int	BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
+int	BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
+int	BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
+int	BN_add(BIGNUM *r, BIGNUM *a, BIGNUM *b);
+int	BN_mod(BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx);
+int	BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
+	       BN_CTX *ctx);
+int	BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b,BN_CTX *ctx);
+int	BN_sqr(BIGNUM *r, BIGNUM *a,BN_CTX *ctx);
+BN_ULONG BN_mod_word(BIGNUM *a, BN_ULONG w);
+BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w);
+int	BN_mul_word(BIGNUM *a, BN_ULONG w);
+int	BN_add_word(BIGNUM *a, BN_ULONG w);
+int	BN_sub_word(BIGNUM *a, BN_ULONG w);
+int	BN_set_word(BIGNUM *a, BN_ULONG w);
+BN_ULONG BN_get_word(BIGNUM *a);
+int	BN_cmp(const BIGNUM *a, const BIGNUM *b);
+void	BN_free(BIGNUM *a);
+int	BN_is_bit_set(const BIGNUM *a, int n);
+int	BN_lshift(BIGNUM *r, const BIGNUM *a, int n);
+int	BN_lshift1(BIGNUM *r, BIGNUM *a);
+int	BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p,BN_CTX *ctx);
+int	BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+		   const BIGNUM *m,BN_CTX *ctx);
+int	BN_mod_exp_mont(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+			const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+int	BN_mod_exp2_mont(BIGNUM *r, BIGNUM *a1, BIGNUM *p1,BIGNUM *a2,
+		BIGNUM *p2,BIGNUM *m,BN_CTX *ctx,BN_MONT_CTX *m_ctx);
+int	BN_mod_exp_simple(BIGNUM *r, BIGNUM *a, BIGNUM *p,
+	BIGNUM *m,BN_CTX *ctx);
+int	BN_mask_bits(BIGNUM *a,int n);
+int	BN_mod_mul(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m, BN_CTX *ctx);
+#ifndef WIN16
+int	BN_print_fp(FILE *fp, BIGNUM *a);
+#endif
+#ifdef HEADER_BIO_H
+int	BN_print(BIO *fp, const BIGNUM *a);
+#else
+int	BN_print(char *fp, const BIGNUM *a);
+#endif
+int	BN_reciprocal(BIGNUM *r, BIGNUM *m, int len, BN_CTX *ctx);
+int	BN_rshift(BIGNUM *r, BIGNUM *a, int n);
+int	BN_rshift1(BIGNUM *r, BIGNUM *a);
+void	BN_clear(BIGNUM *a);
+BIGNUM *bn_expand2(BIGNUM *b, int bits);
+BIGNUM *BN_dup(const BIGNUM *a);
+int	BN_ucmp(const BIGNUM *a, const BIGNUM *b);
+int	BN_set_bit(BIGNUM *a, int n);
+int	BN_clear_bit(BIGNUM *a, int n);
+char *	BN_bn2hex(const BIGNUM *a);
+char *	BN_bn2dec(const BIGNUM *a);
+int 	BN_hex2bn(BIGNUM **a, const char *str);
+int 	BN_dec2bn(BIGNUM **a, const char *str);
+int	BN_gcd(BIGNUM *r,BIGNUM *in_a,BIGNUM *in_b,BN_CTX *ctx);
+BIGNUM *BN_mod_inverse(BIGNUM *ret,BIGNUM *a, const BIGNUM *n,BN_CTX *ctx);
+BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int strong,BIGNUM *add,
+		BIGNUM *rem,void (*callback)(int,int,void *),void *cb_arg);
+int	BN_is_prime(BIGNUM *p,int nchecks,void (*callback)(int,int,void *),
+		BN_CTX *ctx,void *cb_arg);
+void	ERR_load_BN_strings(void );
+
+BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w);
+BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w);
+void     bn_sqr_words(BN_ULONG *rp, BN_ULONG *ap, int num);
+BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d);
+BN_ULONG bn_add_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int num);
+BN_ULONG bn_sub_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int num);
+
+BN_MONT_CTX *BN_MONT_CTX_new(void );
+void BN_MONT_CTX_init(BN_MONT_CTX *ctx);
+int BN_mod_mul_montgomery(BIGNUM *r,BIGNUM *a,BIGNUM *b,BN_MONT_CTX *mont,
+			  BN_CTX *ctx);
+int BN_from_montgomery(BIGNUM *r,BIGNUM *a,BN_MONT_CTX *mont,BN_CTX *ctx);
+void BN_MONT_CTX_free(BN_MONT_CTX *mont);
+int BN_MONT_CTX_set(BN_MONT_CTX *mont,const BIGNUM *modulus,BN_CTX *ctx);
+BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to,BN_MONT_CTX *from);
+
+BN_BLINDING *BN_BLINDING_new(BIGNUM *A,BIGNUM *Ai,BIGNUM *mod);
+void BN_BLINDING_free(BN_BLINDING *b);
+int BN_BLINDING_update(BN_BLINDING *b,BN_CTX *ctx);
+int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *r, BN_CTX *ctx);
+int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
+
+void BN_set_params(int mul,int high,int low,int mont);
+int BN_get_params(int which); /* 0, mul, 1 high, 2 low, 3 mont */
+
+void	BN_RECP_CTX_init(BN_RECP_CTX *recp);
+BN_RECP_CTX *BN_RECP_CTX_new(void);
+void	BN_RECP_CTX_free(BN_RECP_CTX *recp);
+int	BN_RECP_CTX_set(BN_RECP_CTX *recp,const BIGNUM *rdiv,BN_CTX *ctx);
+int	BN_mod_mul_reciprocal(BIGNUM *r, BIGNUM *x, BIGNUM *y,
+		BN_RECP_CTX *recp,BN_CTX *ctx);
+int	BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+			const BIGNUM *m, BN_CTX *ctx);
+int	BN_div_recp(BIGNUM *dv, BIGNUM *rem, BIGNUM *m,
+		BN_RECP_CTX *recp, BN_CTX *ctx);
+
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+
+/* Error codes for the BN functions. */
+
+/* Function codes. */
+#define BN_F_BN_BLINDING_CONVERT			 100
+#define BN_F_BN_BLINDING_INVERT				 101
+#define BN_F_BN_BLINDING_NEW				 102
+#define BN_F_BN_BLINDING_UPDATE				 103
+#define BN_F_BN_BN2DEC					 104
+#define BN_F_BN_BN2HEX					 105
+#define BN_F_BN_CTX_NEW					 106
+#define BN_F_BN_DIV					 107
+#define BN_F_BN_EXPAND2					 108
+#define BN_F_BN_MOD_EXP_MONT				 109
+#define BN_F_BN_MOD_INVERSE				 110
+#define BN_F_BN_MOD_MUL_RECIPROCAL			 111
+#define BN_F_BN_MPI2BN					 112
+#define BN_F_BN_NEW					 113
+#define BN_F_BN_RAND					 114
+#define BN_F_BN_USUB					 115
+
+/* Reason codes. */
+#define BN_R_ARG2_LT_ARG3				 100
+#define BN_R_BAD_RECIPROCAL				 101
+#define BN_R_CALLED_WITH_EVEN_MODULUS			 102
+#define BN_R_DIV_BY_ZERO				 103
+#define BN_R_ENCODING_ERROR				 104
+#define BN_R_EXPAND_ON_STATIC_BIGNUM_DATA		 105
+#define BN_R_INVALID_LENGTH				 106
+#define BN_R_NOT_INITIALIZED				 107
+#define BN_R_NO_INVERSE					 108
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
+
diff --git a/crypto/openssl/crypto/bn/bn.mul b/crypto/openssl/crypto/bn/bn.mul
new file mode 100644
index 000000000000..9728870d38ae
--- /dev/null
+++ b/crypto/openssl/crypto/bn/bn.mul
@@ -0,0 +1,19 @@
+We need
+
+* bn_mul_comba8
+* bn_mul_comba4
+* bn_mul_normal
+* bn_mul_recursive
+
+* bn_sqr_comba8
+* bn_sqr_comba4
+bn_sqr_normal -> BN_sqr
+* bn_sqr_recursive
+
+* bn_mul_low_recursive
+* bn_mul_low_normal
+* bn_mul_high
+
+* bn_mul_part_recursive	# symetric but not power of 2
+
+bn_mul_asymetric_recursive # uneven, but do the chop up.
diff --git a/crypto/openssl/crypto/bn/bn_add.c b/crypto/openssl/crypto/bn/bn_add.c
new file mode 100644
index 000000000000..c5ab066c9e46
--- /dev/null
+++ b/crypto/openssl/crypto/bn/bn_add.c
@@ -0,0 +1,307 @@
+/* crypto/bn/bn_add.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+/* r can == a or b */
+int BN_add(BIGNUM *r, BIGNUM *a, BIGNUM *b)
+	{
+	BIGNUM *tmp;
+
+	bn_check_top(a);
+	bn_check_top(b);
+
+	/*  a +  b	a+b
+	 *  a + -b	a-b
+	 * -a +  b	b-a
+	 * -a + -b	-(a+b)
+	 */
+	if (a->neg ^ b->neg)
+		{
+		/* only one is negative */
+		if (a->neg)
+			{ tmp=a; a=b; b=tmp; }
+
+		/* we are now a - b */
+
+		if (BN_ucmp(a,b) < 0)
+			{
+			if (!BN_usub(r,b,a)) return(0);
+			r->neg=1;
+			}
+		else
+			{
+			if (!BN_usub(r,a,b)) return(0);
+			r->neg=0;
+			}
+		return(1);
+		}
+
+	if (a->neg) /* both are neg */
+		r->neg=1;
+	else
+		r->neg=0;
+
+	if (!BN_uadd(r,a,b)) return(0);
+	return(1);
+	}
+
+/* unsigned add of b to a, r must be large enough */
+int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
+	{
+	register int i;
+	int max,min;
+	BN_ULONG *ap,*bp,*rp,carry,t1;
+	const BIGNUM *tmp;
+
+	bn_check_top(a);
+	bn_check_top(b);
+
+	if (a->top < b->top)
+		{ tmp=a; a=b; b=tmp; }
+	max=a->top;
+	min=b->top;
+
+	if (bn_wexpand(r,max+1) == NULL)
+		return(0);
+
+	r->top=max;
+
+
+	ap=a->d;
+	bp=b->d;
+	rp=r->d;
+	carry=0;
+
+	carry=bn_add_words(rp,ap,bp,min);
+	rp+=min;
+	ap+=min;
+	bp+=min;
+	i=min;
+
+	if (carry)
+		{
+		while (i < max)
+			{
+			i++;
+			t1= *(ap++);
+			if ((*(rp++)=(t1+1)&BN_MASK2) >= t1)
+				{
+				carry=0;
+				break;
+				}
+			}
+		if ((i >= max) && carry)
+			{
+			*(rp++)=1;
+			r->top++;
+			}
+		}
+	if (rp != ap)
+		{
+		for (; itop < b->top) /* hmm... should not be happening */
+		{
+		BNerr(BN_F_BN_USUB,BN_R_ARG2_LT_ARG3);
+		return(0);
+		}
+
+	max=a->top;
+	min=b->top;
+	if (bn_wexpand(r,max) == NULL) return(0);
+
+	ap=a->d;
+	bp=b->d;
+	rp=r->d;
+
+#if 1
+	carry=0;
+	for (i=0; i t2) break;
+			}
+		}
+#if 0
+	memcpy(rp,ap,sizeof(*rp)*(max-i));
+#else
+	if (rp != ap)
+		{
+		for (;;)
+			{
+			if (i++ >= max) break;
+			rp[0]=ap[0];
+			if (i++ >= max) break;
+			rp[1]=ap[1];
+			if (i++ >= max) break;
+			rp[2]=ap[2];
+			if (i++ >= max) break;
+			rp[3]=ap[3];
+			rp+=4;
+			ap+=4;
+			}
+		}
+#endif
+
+	r->top=max;
+	bn_fix_top(r);
+	return(1);
+	}
+
+int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
+	{
+	int max;
+	int add=0,neg=0;
+	const BIGNUM *tmp;
+
+	bn_check_top(a);
+	bn_check_top(b);
+
+	/*  a -  b	a-b
+	 *  a - -b	a+b
+	 * -a -  b	-(a+b)
+	 * -a - -b	b-a
+	 */
+	if (a->neg)
+		{
+		if (b->neg)
+			{ tmp=a; a=b; b=tmp; }
+		else
+			{ add=1; neg=1; }
+		}
+	else
+		{
+		if (b->neg) { add=1; neg=0; }
+		}
+
+	if (add)
+		{
+		if (!BN_uadd(r,a,b)) return(0);
+		r->neg=neg;
+		return(1);
+		}
+
+	/* We are actually doing a - b :-) */
+
+	max=(a->top > b->top)?a->top:b->top;
+	if (bn_wexpand(r,max) == NULL) return(0);
+	if (BN_ucmp(a,b) < 0)
+		{
+		if (!BN_usub(r,b,a)) return(0);
+		r->neg=1;
+		}
+	else
+		{
+		if (!BN_usub(r,a,b)) return(0);
+		r->neg=0;
+		}
+	return(1);
+	}
+
diff --git a/crypto/openssl/crypto/bn/bn_asm.c b/crypto/openssl/crypto/bn/bn_asm.c
new file mode 100644
index 000000000000..4d3da16a0c9a
--- /dev/null
+++ b/crypto/openssl/crypto/bn/bn_asm.c
@@ -0,0 +1,802 @@
+/* crypto/bn/bn_asm.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+#ifdef BN_LLONG 
+
+BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
+	{
+	BN_ULONG c1=0;
+
+	bn_check_num(num);
+	if (num <= 0) return(c1);
+
+	for (;;)
+		{
+		mul_add(rp[0],ap[0],w,c1);
+		if (--num == 0) break;
+		mul_add(rp[1],ap[1],w,c1);
+		if (--num == 0) break;
+		mul_add(rp[2],ap[2],w,c1);
+		if (--num == 0) break;
+		mul_add(rp[3],ap[3],w,c1);
+		if (--num == 0) break;
+		ap+=4;
+		rp+=4;
+		}
+	
+	return(c1);
+	} 
+
+BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
+	{
+	BN_ULONG c1=0;
+
+	bn_check_num(num);
+	if (num <= 0) return(c1);
+
+	/* for (;;) */
+	while (1) /* circumvent egcs-1.1.2 bug */
+		{
+		mul(rp[0],ap[0],w,c1);
+		if (--num == 0) break;
+		mul(rp[1],ap[1],w,c1);
+		if (--num == 0) break;
+		mul(rp[2],ap[2],w,c1);
+		if (--num == 0) break;
+		mul(rp[3],ap[3],w,c1);
+		if (--num == 0) break;
+		ap+=4;
+		rp+=4;
+		}
+	return(c1);
+	} 
+
+void bn_sqr_words(BN_ULONG *r, BN_ULONG *a, int n)
+        {
+	bn_check_num(n);
+	if (n <= 0) return;
+	for (;;)
+		{
+		BN_ULLONG t;
+
+		t=(BN_ULLONG)(a[0])*(a[0]);
+		r[0]=Lw(t); r[1]=Hw(t);
+		if (--n == 0) break;
+
+		t=(BN_ULLONG)(a[1])*(a[1]);
+		r[2]=Lw(t); r[3]=Hw(t);
+		if (--n == 0) break;
+
+		t=(BN_ULLONG)(a[2])*(a[2]);
+		r[4]=Lw(t); r[5]=Hw(t);
+		if (--n == 0) break;
+
+		t=(BN_ULLONG)(a[3])*(a[3]);
+		r[6]=Lw(t); r[7]=Hw(t);
+		if (--n == 0) break;
+
+		a+=4;
+		r+=8;
+		}
+	}
+
+#else
+
+BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
+	{
+	BN_ULONG c=0;
+	BN_ULONG bl,bh;
+
+	bn_check_num(num);
+	if (num <= 0) return((BN_ULONG)0);
+
+	bl=LBITS(w);
+	bh=HBITS(w);
+
+	for (;;)
+		{
+		mul_add(rp[0],ap[0],bl,bh,c);
+		if (--num == 0) break;
+		mul_add(rp[1],ap[1],bl,bh,c);
+		if (--num == 0) break;
+		mul_add(rp[2],ap[2],bl,bh,c);
+		if (--num == 0) break;
+		mul_add(rp[3],ap[3],bl,bh,c);
+		if (--num == 0) break;
+		ap+=4;
+		rp+=4;
+		}
+	return(c);
+	} 
+
+BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
+	{
+	BN_ULONG carry=0;
+	BN_ULONG bl,bh;
+
+	bn_check_num(num);
+	if (num <= 0) return((BN_ULONG)0);
+
+	bl=LBITS(w);
+	bh=HBITS(w);
+
+	for (;;)
+		{
+		mul(rp[0],ap[0],bl,bh,carry);
+		if (--num == 0) break;
+		mul(rp[1],ap[1],bl,bh,carry);
+		if (--num == 0) break;
+		mul(rp[2],ap[2],bl,bh,carry);
+		if (--num == 0) break;
+		mul(rp[3],ap[3],bl,bh,carry);
+		if (--num == 0) break;
+		ap+=4;
+		rp+=4;
+		}
+	return(carry);
+	} 
+
+void bn_sqr_words(BN_ULONG *r, BN_ULONG *a, int n)
+        {
+	bn_check_num(n);
+	if (n <= 0) return;
+	for (;;)
+		{
+		sqr64(r[0],r[1],a[0]);
+		if (--n == 0) break;
+
+		sqr64(r[2],r[3],a[1]);
+		if (--n == 0) break;
+
+		sqr64(r[4],r[5],a[2]);
+		if (--n == 0) break;
+
+		sqr64(r[6],r[7],a[3]);
+		if (--n == 0) break;
+
+		a+=4;
+		r+=8;
+		}
+	}
+
+#endif
+
+#if defined(BN_LLONG) && defined(BN_DIV2W)
+
+BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
+	{
+	return((BN_ULONG)(((((BN_ULLONG)h)< (BN_ULONG)1<= d) h-=d;
+
+	if (i)
+		{
+		d<<=i;
+		h=(h<>(BN_BITS2-i));
+		l<<=i;
+		}
+	dh=(d&BN_MASK2h)>>BN_BITS4;
+	dl=(d&BN_MASK2l);
+	for (;;)
+		{
+		if ((h>>BN_BITS4) == dh)
+			q=BN_MASK2l;
+		else
+			q=h/dh;
+
+		th=q*dh;
+		tl=dl*q;
+		for (;;)
+			{
+			t=h-th;
+			if ((t&BN_MASK2h) ||
+				((tl) <= (
+					(t<>BN_BITS4))))
+				break;
+			q--;
+			th-=dh;
+			tl-=dl;
+			}
+		t=(tl>>BN_BITS4);
+		tl=(tl<>BN_BITS4))&BN_MASK2;
+		l=(l&BN_MASK2l)<>=BN_BITS2;
+		if (--n <= 0) break;
+
+		ll+=(BN_ULLONG)a[1]+b[1];
+		r[1]=(BN_ULONG)ll&BN_MASK2;
+		ll>>=BN_BITS2;
+		if (--n <= 0) break;
+
+		ll+=(BN_ULLONG)a[2]+b[2];
+		r[2]=(BN_ULONG)ll&BN_MASK2;
+		ll>>=BN_BITS2;
+		if (--n <= 0) break;
+
+		ll+=(BN_ULLONG)a[3]+b[3];
+		r[3]=(BN_ULONG)ll&BN_MASK2;
+		ll>>=BN_BITS2;
+		if (--n <= 0) break;
+
+		a+=4;
+		b+=4;
+		r+=4;
+		}
+	return((BN_ULONG)ll);
+	}
+#else
+BN_ULONG bn_add_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
+        {
+	BN_ULONG c,l,t;
+
+	bn_check_num(n);
+	if (n <= 0) return((BN_ULONG)0);
+
+	c=0;
+	for (;;)
+		{
+		t=a[0];
+		t=(t+c)&BN_MASK2;
+		c=(t < c);
+		l=(t+b[0])&BN_MASK2;
+		c+=(l < t);
+		r[0]=l;
+		if (--n <= 0) break;
+
+		t=a[1];
+		t=(t+c)&BN_MASK2;
+		c=(t < c);
+		l=(t+b[1])&BN_MASK2;
+		c+=(l < t);
+		r[1]=l;
+		if (--n <= 0) break;
+
+		t=a[2];
+		t=(t+c)&BN_MASK2;
+		c=(t < c);
+		l=(t+b[2])&BN_MASK2;
+		c+=(l < t);
+		r[2]=l;
+		if (--n <= 0) break;
+
+		t=a[3];
+		t=(t+c)&BN_MASK2;
+		c=(t < c);
+		l=(t+b[3])&BN_MASK2;
+		c+=(l < t);
+		r[3]=l;
+		if (--n <= 0) break;
+
+		a+=4;
+		b+=4;
+		r+=4;
+		}
+	return((BN_ULONG)c);
+	}
+#endif
+
+BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
+        {
+	BN_ULONG t1,t2;
+	int c=0;
+
+	bn_check_num(n);
+	if (n <= 0) return((BN_ULONG)0);
+
+	for (;;)
+		{
+		t1=a[0]; t2=b[0];
+		r[0]=(t1-t2-c)&BN_MASK2;
+		if (t1 != t2) c=(t1 < t2);
+		if (--n <= 0) break;
+
+		t1=a[1]; t2=b[1];
+		r[1]=(t1-t2-c)&BN_MASK2;
+		if (t1 != t2) c=(t1 < t2);
+		if (--n <= 0) break;
+
+		t1=a[2]; t2=b[2];
+		r[2]=(t1-t2-c)&BN_MASK2;
+		if (t1 != t2) c=(t1 < t2);
+		if (--n <= 0) break;
+
+		t1=a[3]; t2=b[3];
+		r[3]=(t1-t2-c)&BN_MASK2;
+		if (t1 != t2) c=(t1 < t2);
+		if (--n <= 0) break;
+
+		a+=4;
+		b+=4;
+		r+=4;
+		}
+	return(c);
+	}
+
+#ifdef BN_MUL_COMBA
+
+#undef bn_mul_comba8
+#undef bn_mul_comba4
+#undef bn_sqr_comba8
+#undef bn_sqr_comba4
+
+#ifdef BN_LLONG
+#define mul_add_c(a,b,c0,c1,c2) \
+	t=(BN_ULLONG)a*b; \
+	t1=(BN_ULONG)Lw(t); \
+	t2=(BN_ULONG)Hw(t); \
+	c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \
+	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
+
+#define mul_add_c2(a,b,c0,c1,c2) \
+	t=(BN_ULLONG)a*b; \
+	tt=(t+t)&BN_MASK; \
+	if (tt < t) c2++; \
+	t1=(BN_ULONG)Lw(tt); \
+	t2=(BN_ULONG)Hw(tt); \
+	c0=(c0+t1)&BN_MASK2;  \
+	if ((c0 < t1) && (((++t2)&BN_MASK2) == 0)) c2++; \
+	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
+
+#define sqr_add_c(a,i,c0,c1,c2) \
+	t=(BN_ULLONG)a[i]*a[i]; \
+	t1=(BN_ULONG)Lw(t); \
+	t2=(BN_ULONG)Hw(t); \
+	c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \
+	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
+
+#define sqr_add_c2(a,i,j,c0,c1,c2) \
+	mul_add_c2((a)[i],(a)[j],c0,c1,c2)
+#else
+#define mul_add_c(a,b,c0,c1,c2) \
+	t1=LBITS(a); t2=HBITS(a); \
+	bl=LBITS(b); bh=HBITS(b); \
+	mul64(t1,t2,bl,bh); \
+	c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \
+	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
+
+#define mul_add_c2(a,b,c0,c1,c2) \
+	t1=LBITS(a); t2=HBITS(a); \
+	bl=LBITS(b); bh=HBITS(b); \
+	mul64(t1,t2,bl,bh); \
+	if (t2 & BN_TBIT) c2++; \
+	t2=(t2+t2)&BN_MASK2; \
+	if (t1 & BN_TBIT) t2++; \
+	t1=(t1+t1)&BN_MASK2; \
+	c0=(c0+t1)&BN_MASK2;  \
+	if ((c0 < t1) && (((++t2)&BN_MASK2) == 0)) c2++; \
+	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
+
+#define sqr_add_c(a,i,c0,c1,c2) \
+	sqr64(t1,t2,(a)[i]); \
+	c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \
+	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
+
+#define sqr_add_c2(a,i,j,c0,c1,c2) \
+	mul_add_c2((a)[i],(a)[j],c0,c1,c2)
+#endif
+
+void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+	{
+#ifdef BN_LLONG
+	BN_ULLONG t;
+#else
+	BN_ULONG bl,bh;
+#endif
+	BN_ULONG t1,t2;
+	BN_ULONG c1,c2,c3;
+
+	c1=0;
+	c2=0;
+	c3=0;
+	mul_add_c(a[0],b[0],c1,c2,c3);
+	r[0]=c1;
+	c1=0;
+	mul_add_c(a[0],b[1],c2,c3,c1);
+	mul_add_c(a[1],b[0],c2,c3,c1);
+	r[1]=c2;
+	c2=0;
+	mul_add_c(a[2],b[0],c3,c1,c2);
+	mul_add_c(a[1],b[1],c3,c1,c2);
+	mul_add_c(a[0],b[2],c3,c1,c2);
+	r[2]=c3;
+	c3=0;
+	mul_add_c(a[0],b[3],c1,c2,c3);
+	mul_add_c(a[1],b[2],c1,c2,c3);
+	mul_add_c(a[2],b[1],c1,c2,c3);
+	mul_add_c(a[3],b[0],c1,c2,c3);
+	r[3]=c1;
+	c1=0;
+	mul_add_c(a[4],b[0],c2,c3,c1);
+	mul_add_c(a[3],b[1],c2,c3,c1);
+	mul_add_c(a[2],b[2],c2,c3,c1);
+	mul_add_c(a[1],b[3],c2,c3,c1);
+	mul_add_c(a[0],b[4],c2,c3,c1);
+	r[4]=c2;
+	c2=0;
+	mul_add_c(a[0],b[5],c3,c1,c2);
+	mul_add_c(a[1],b[4],c3,c1,c2);
+	mul_add_c(a[2],b[3],c3,c1,c2);
+	mul_add_c(a[3],b[2],c3,c1,c2);
+	mul_add_c(a[4],b[1],c3,c1,c2);
+	mul_add_c(a[5],b[0],c3,c1,c2);
+	r[5]=c3;
+	c3=0;
+	mul_add_c(a[6],b[0],c1,c2,c3);
+	mul_add_c(a[5],b[1],c1,c2,c3);
+	mul_add_c(a[4],b[2],c1,c2,c3);
+	mul_add_c(a[3],b[3],c1,c2,c3);
+	mul_add_c(a[2],b[4],c1,c2,c3);
+	mul_add_c(a[1],b[5],c1,c2,c3);
+	mul_add_c(a[0],b[6],c1,c2,c3);
+	r[6]=c1;
+	c1=0;
+	mul_add_c(a[0],b[7],c2,c3,c1);
+	mul_add_c(a[1],b[6],c2,c3,c1);
+	mul_add_c(a[2],b[5],c2,c3,c1);
+	mul_add_c(a[3],b[4],c2,c3,c1);
+	mul_add_c(a[4],b[3],c2,c3,c1);
+	mul_add_c(a[5],b[2],c2,c3,c1);
+	mul_add_c(a[6],b[1],c2,c3,c1);
+	mul_add_c(a[7],b[0],c2,c3,c1);
+	r[7]=c2;
+	c2=0;
+	mul_add_c(a[7],b[1],c3,c1,c2);
+	mul_add_c(a[6],b[2],c3,c1,c2);
+	mul_add_c(a[5],b[3],c3,c1,c2);
+	mul_add_c(a[4],b[4],c3,c1,c2);
+	mul_add_c(a[3],b[5],c3,c1,c2);
+	mul_add_c(a[2],b[6],c3,c1,c2);
+	mul_add_c(a[1],b[7],c3,c1,c2);
+	r[8]=c3;
+	c3=0;
+	mul_add_c(a[2],b[7],c1,c2,c3);
+	mul_add_c(a[3],b[6],c1,c2,c3);
+	mul_add_c(a[4],b[5],c1,c2,c3);
+	mul_add_c(a[5],b[4],c1,c2,c3);
+	mul_add_c(a[6],b[3],c1,c2,c3);
+	mul_add_c(a[7],b[2],c1,c2,c3);
+	r[9]=c1;
+	c1=0;
+	mul_add_c(a[7],b[3],c2,c3,c1);
+	mul_add_c(a[6],b[4],c2,c3,c1);
+	mul_add_c(a[5],b[5],c2,c3,c1);
+	mul_add_c(a[4],b[6],c2,c3,c1);
+	mul_add_c(a[3],b[7],c2,c3,c1);
+	r[10]=c2;
+	c2=0;
+	mul_add_c(a[4],b[7],c3,c1,c2);
+	mul_add_c(a[5],b[6],c3,c1,c2);
+	mul_add_c(a[6],b[5],c3,c1,c2);
+	mul_add_c(a[7],b[4],c3,c1,c2);
+	r[11]=c3;
+	c3=0;
+	mul_add_c(a[7],b[5],c1,c2,c3);
+	mul_add_c(a[6],b[6],c1,c2,c3);
+	mul_add_c(a[5],b[7],c1,c2,c3);
+	r[12]=c1;
+	c1=0;
+	mul_add_c(a[6],b[7],c2,c3,c1);
+	mul_add_c(a[7],b[6],c2,c3,c1);
+	r[13]=c2;
+	c2=0;
+	mul_add_c(a[7],b[7],c3,c1,c2);
+	r[14]=c3;
+	r[15]=c1;
+	}
+
+void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+	{
+#ifdef BN_LLONG
+	BN_ULLONG t;
+#else
+	BN_ULONG bl,bh;
+#endif
+	BN_ULONG t1,t2;
+	BN_ULONG c1,c2,c3;
+
+	c1=0;
+	c2=0;
+	c3=0;
+	mul_add_c(a[0],b[0],c1,c2,c3);
+	r[0]=c1;
+	c1=0;
+	mul_add_c(a[0],b[1],c2,c3,c1);
+	mul_add_c(a[1],b[0],c2,c3,c1);
+	r[1]=c2;
+	c2=0;
+	mul_add_c(a[2],b[0],c3,c1,c2);
+	mul_add_c(a[1],b[1],c3,c1,c2);
+	mul_add_c(a[0],b[2],c3,c1,c2);
+	r[2]=c3;
+	c3=0;
+	mul_add_c(a[0],b[3],c1,c2,c3);
+	mul_add_c(a[1],b[2],c1,c2,c3);
+	mul_add_c(a[2],b[1],c1,c2,c3);
+	mul_add_c(a[3],b[0],c1,c2,c3);
+	r[3]=c1;
+	c1=0;
+	mul_add_c(a[3],b[1],c2,c3,c1);
+	mul_add_c(a[2],b[2],c2,c3,c1);
+	mul_add_c(a[1],b[3],c2,c3,c1);
+	r[4]=c2;
+	c2=0;
+	mul_add_c(a[2],b[3],c3,c1,c2);
+	mul_add_c(a[3],b[2],c3,c1,c2);
+	r[5]=c3;
+	c3=0;
+	mul_add_c(a[3],b[3],c1,c2,c3);
+	r[6]=c1;
+	r[7]=c2;
+	}
+
+void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a)
+	{
+#ifdef BN_LLONG
+	BN_ULLONG t,tt;
+#else
+	BN_ULONG bl,bh;
+#endif
+	BN_ULONG t1,t2;
+	BN_ULONG c1,c2,c3;
+
+	c1=0;
+	c2=0;
+	c3=0;
+	sqr_add_c(a,0,c1,c2,c3);
+	r[0]=c1;
+	c1=0;
+	sqr_add_c2(a,1,0,c2,c3,c1);
+	r[1]=c2;
+	c2=0;
+	sqr_add_c(a,1,c3,c1,c2);
+	sqr_add_c2(a,2,0,c3,c1,c2);
+	r[2]=c3;
+	c3=0;
+	sqr_add_c2(a,3,0,c1,c2,c3);
+	sqr_add_c2(a,2,1,c1,c2,c3);
+	r[3]=c1;
+	c1=0;
+	sqr_add_c(a,2,c2,c3,c1);
+	sqr_add_c2(a,3,1,c2,c3,c1);
+	sqr_add_c2(a,4,0,c2,c3,c1);
+	r[4]=c2;
+	c2=0;
+	sqr_add_c2(a,5,0,c3,c1,c2);
+	sqr_add_c2(a,4,1,c3,c1,c2);
+	sqr_add_c2(a,3,2,c3,c1,c2);
+	r[5]=c3;
+	c3=0;
+	sqr_add_c(a,3,c1,c2,c3);
+	sqr_add_c2(a,4,2,c1,c2,c3);
+	sqr_add_c2(a,5,1,c1,c2,c3);
+	sqr_add_c2(a,6,0,c1,c2,c3);
+	r[6]=c1;
+	c1=0;
+	sqr_add_c2(a,7,0,c2,c3,c1);
+	sqr_add_c2(a,6,1,c2,c3,c1);
+	sqr_add_c2(a,5,2,c2,c3,c1);
+	sqr_add_c2(a,4,3,c2,c3,c1);
+	r[7]=c2;
+	c2=0;
+	sqr_add_c(a,4,c3,c1,c2);
+	sqr_add_c2(a,5,3,c3,c1,c2);
+	sqr_add_c2(a,6,2,c3,c1,c2);
+	sqr_add_c2(a,7,1,c3,c1,c2);
+	r[8]=c3;
+	c3=0;
+	sqr_add_c2(a,7,2,c1,c2,c3);
+	sqr_add_c2(a,6,3,c1,c2,c3);
+	sqr_add_c2(a,5,4,c1,c2,c3);
+	r[9]=c1;
+	c1=0;
+	sqr_add_c(a,5,c2,c3,c1);
+	sqr_add_c2(a,6,4,c2,c3,c1);
+	sqr_add_c2(a,7,3,c2,c3,c1);
+	r[10]=c2;
+	c2=0;
+	sqr_add_c2(a,7,4,c3,c1,c2);
+	sqr_add_c2(a,6,5,c3,c1,c2);
+	r[11]=c3;
+	c3=0;
+	sqr_add_c(a,6,c1,c2,c3);
+	sqr_add_c2(a,7,5,c1,c2,c3);
+	r[12]=c1;
+	c1=0;
+	sqr_add_c2(a,7,6,c2,c3,c1);
+	r[13]=c2;
+	c2=0;
+	sqr_add_c(a,7,c3,c1,c2);
+	r[14]=c3;
+	r[15]=c1;
+	}
+
+void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a)
+	{
+#ifdef BN_LLONG
+	BN_ULLONG t,tt;
+#else
+	BN_ULONG bl,bh;
+#endif
+	BN_ULONG t1,t2;
+	BN_ULONG c1,c2,c3;
+
+	c1=0;
+	c2=0;
+	c3=0;
+	sqr_add_c(a,0,c1,c2,c3);
+	r[0]=c1;
+	c1=0;
+	sqr_add_c2(a,1,0,c2,c3,c1);
+	r[1]=c2;
+	c2=0;
+	sqr_add_c(a,1,c3,c1,c2);
+	sqr_add_c2(a,2,0,c3,c1,c2);
+	r[2]=c3;
+	c3=0;
+	sqr_add_c2(a,3,0,c1,c2,c3);
+	sqr_add_c2(a,2,1,c1,c2,c3);
+	r[3]=c1;
+	c1=0;
+	sqr_add_c(a,2,c2,c3,c1);
+	sqr_add_c2(a,3,1,c2,c3,c1);
+	r[4]=c2;
+	c2=0;
+	sqr_add_c2(a,3,2,c3,c1,c2);
+	r[5]=c3;
+	c3=0;
+	sqr_add_c(a,3,c1,c2,c3);
+	r[6]=c1;
+	r[7]=c2;
+	}
+#else
+
+/* hmm... is it faster just to do a multiply? */
+#undef bn_sqr_comba4
+void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a)
+	{
+	BN_ULONG t[8];
+	bn_sqr_normal(r,a,4,t);
+	}
+
+#undef bn_sqr_comba8
+void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a)
+	{
+	BN_ULONG t[16];
+	bn_sqr_normal(r,a,8,t);
+	}
+
+void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+	{
+	r[4]=bn_mul_words(    &(r[0]),a,4,b[0]);
+	r[5]=bn_mul_add_words(&(r[1]),a,4,b[1]);
+	r[6]=bn_mul_add_words(&(r[2]),a,4,b[2]);
+	r[7]=bn_mul_add_words(&(r[3]),a,4,b[3]);
+	}
+
+void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+	{
+	r[ 8]=bn_mul_words(    &(r[0]),a,8,b[0]);
+	r[ 9]=bn_mul_add_words(&(r[1]),a,8,b[1]);
+	r[10]=bn_mul_add_words(&(r[2]),a,8,b[2]);
+	r[11]=bn_mul_add_words(&(r[3]),a,8,b[3]);
+	r[12]=bn_mul_add_words(&(r[4]),a,8,b[4]);
+	r[13]=bn_mul_add_words(&(r[5]),a,8,b[5]);
+	r[14]=bn_mul_add_words(&(r[6]),a,8,b[6]);
+	r[15]=bn_mul_add_words(&(r[7]),a,8,b[7]);
+	}
+
+#endif /* BN_COMBA */
diff --git a/crypto/openssl/crypto/bn/bn_blind.c b/crypto/openssl/crypto/bn/bn_blind.c
new file mode 100644
index 000000000000..1b1bb060463f
--- /dev/null
+++ b/crypto/openssl/crypto/bn/bn_blind.c
@@ -0,0 +1,144 @@
+/* crypto/bn/bn_blind.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+BN_BLINDING *BN_BLINDING_new(BIGNUM *A, BIGNUM *Ai, BIGNUM *mod)
+	{
+	BN_BLINDING *ret=NULL;
+
+	bn_check_top(Ai);
+	bn_check_top(mod);
+
+	if ((ret=(BN_BLINDING *)Malloc(sizeof(BN_BLINDING))) == NULL)
+		{
+		BNerr(BN_F_BN_BLINDING_NEW,ERR_R_MALLOC_FAILURE);
+		return(NULL);
+		}
+	memset(ret,0,sizeof(BN_BLINDING));
+	if ((ret->A=BN_new()) == NULL) goto err;
+	if ((ret->Ai=BN_new()) == NULL) goto err;
+	if (!BN_copy(ret->A,A)) goto err;
+	if (!BN_copy(ret->Ai,Ai)) goto err;
+	ret->mod=mod;
+	return(ret);
+err:
+	if (ret != NULL) BN_BLINDING_free(ret);
+	return(NULL);
+	}
+
+void BN_BLINDING_free(BN_BLINDING *r)
+	{
+	if(r == NULL)
+	    return;
+
+	if (r->A  != NULL) BN_free(r->A );
+	if (r->Ai != NULL) BN_free(r->Ai);
+	Free(r);
+	}
+
+int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx)
+	{
+	int ret=0;
+
+	if ((b->A == NULL) || (b->Ai == NULL))
+		{
+		BNerr(BN_F_BN_BLINDING_UPDATE,BN_R_NOT_INITIALIZED);
+		goto err;
+		}
+		
+	if (!BN_mod_mul(b->A,b->A,b->A,b->mod,ctx)) goto err;
+	if (!BN_mod_mul(b->Ai,b->Ai,b->Ai,b->mod,ctx)) goto err;
+
+	ret=1;
+err:
+	return(ret);
+	}
+
+int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx)
+	{
+	bn_check_top(n);
+
+	if ((b->A == NULL) || (b->Ai == NULL))
+		{
+		BNerr(BN_F_BN_BLINDING_CONVERT,BN_R_NOT_INITIALIZED);
+		return(0);
+		}
+	return(BN_mod_mul(n,n,b->A,b->mod,ctx));
+	}
+
+int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx)
+	{
+	int ret;
+
+	bn_check_top(n);
+	if ((b->A == NULL) || (b->Ai == NULL))
+		{
+		BNerr(BN_F_BN_BLINDING_INVERT,BN_R_NOT_INITIALIZED);
+		return(0);
+		}
+	if ((ret=BN_mod_mul(n,n,b->Ai,b->mod,ctx)) >= 0)
+		{
+		if (!BN_BLINDING_update(b,ctx))
+			return(0);
+		}
+	return(ret);
+	}
+
diff --git a/crypto/openssl/crypto/bn/bn_comba.c b/crypto/openssl/crypto/bn/bn_comba.c
new file mode 100644
index 000000000000..7ad09b4a6df9
--- /dev/null
+++ b/crypto/openssl/crypto/bn/bn_comba.c
@@ -0,0 +1,345 @@
+/* crypto/bn/bn_comba.c */
+#include 
+#include "bn_lcl.h"
+/* Auto generated from crypto/bn/comba.pl
+ */
+
+#undef bn_mul_comba8
+#undef bn_mul_comba4
+#undef bn_sqr_comba8
+#undef bn_sqr_comba4
+
+#ifdef BN_LLONG
+#define mul_add_c(a,b,c0,c1,c2) \
+	t=(BN_ULLONG)a*b; \
+	t1=(BN_ULONG)Lw(t); \
+	t2=(BN_ULONG)Hw(t); \
+	c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \
+	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
+
+#define mul_add_c2(a,b,c0,c1,c2) \
+	t=(BN_ULLONG)a*b; \
+	tt=(t+t)&BN_MASK; \
+	if (tt < t) c2++; \
+	t1=(BN_ULONG)Lw(tt); \
+	t2=(BN_ULONG)Hw(tt); \
+	c0=(c0+t1)&BN_MASK2;  \
+	if ((c0 < t1) && (((++t2)&BN_MASK2) == 0)) c2++; \
+	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
+
+#define sqr_add_c(a,i,c0,c1,c2) \
+	t=(BN_ULLONG)a[i]*a[i]; \
+	t1=(BN_ULONG)Lw(t); \
+	t2=(BN_ULONG)Hw(t); \
+	c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \
+	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
+
+#define sqr_add_c2(a,i,j,c0,c1,c2) \
+	mul_add_c2((a)[i],(a)[j],c0,c1,c2)
+#else
+#define mul_add_c(a,b,c0,c1,c2) \
+	t1=LBITS(a); t2=HBITS(a); \
+	bl=LBITS(b); bh=HBITS(b); \
+	mul64(t1,t2,bl,bh); \
+	c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \
+	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
+
+#define mul_add_c2(a,b,c0,c1,c2) \
+	t1=LBITS(a); t2=HBITS(a); \
+	bl=LBITS(b); bh=HBITS(b); \
+	mul64(t1,t2,bl,bh); \
+	if (t2 & BN_TBIT) c2++; \
+	t2=(t2+t2)&BN_MASK2; \
+	if (t1 & BN_TBIT) t2++; \
+	t1=(t1+t1)&BN_MASK2; \
+	c0=(c0+t1)&BN_MASK2;  \
+	if ((c0 < t1) && (((++t2)&BN_MASK2) == 0)) c2++; \
+	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
+
+#define sqr_add_c(a,i,c0,c1,c2) \
+	sqr64(t1,t2,(a)[i]); \
+	c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \
+	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
+
+#define sqr_add_c2(a,i,j,c0,c1,c2) \
+	mul_add_c2((a)[i],(a)[j],c0,c1,c2)
+#endif
+
+void bn_mul_comba88(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b);
+void bn_mul_comba44(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b);
+void bn_sqr_comba88(BN_ULONG *r,BN_ULONG *a);
+void bn_sqr_comba44(BN_ULONG *r,BN_ULONG *a);
+
+void bn_mul_comba88(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+	{
+#ifdef BN_LLONG
+	BN_ULLONG t;
+#else
+	BN_ULONG bl,bh;
+#endif
+	BN_ULONG t1,t2;
+	BN_ULONG c1,c2,c3;
+
+	c1=0;
+	c2=0;
+	c3=0;
+	mul_add_c(a[0],b[0],c1,c2,c3);
+	r[0]=c1;
+	c1=0;
+	mul_add_c(a[0],b[1],c2,c3,c1);
+	mul_add_c(a[1],b[0],c2,c3,c1);
+	r[1]=c2;
+	c2=0;
+	mul_add_c(a[2],b[0],c3,c1,c2);
+	mul_add_c(a[1],b[1],c3,c1,c2);
+	mul_add_c(a[0],b[2],c3,c1,c2);
+	r[2]=c3;
+	c3=0;
+	mul_add_c(a[0],b[3],c1,c2,c3);
+	mul_add_c(a[1],b[2],c1,c2,c3);
+	mul_add_c(a[2],b[1],c1,c2,c3);
+	mul_add_c(a[3],b[0],c1,c2,c3);
+	r[3]=c1;
+	c1=0;
+	mul_add_c(a[4],b[0],c2,c3,c1);
+	mul_add_c(a[3],b[1],c2,c3,c1);
+	mul_add_c(a[2],b[2],c2,c3,c1);
+	mul_add_c(a[1],b[3],c2,c3,c1);
+	mul_add_c(a[0],b[4],c2,c3,c1);
+	r[4]=c2;
+	c2=0;
+	mul_add_c(a[0],b[5],c3,c1,c2);
+	mul_add_c(a[1],b[4],c3,c1,c2);
+	mul_add_c(a[2],b[3],c3,c1,c2);
+	mul_add_c(a[3],b[2],c3,c1,c2);
+	mul_add_c(a[4],b[1],c3,c1,c2);
+	mul_add_c(a[5],b[0],c3,c1,c2);
+	r[5]=c3;
+	c3=0;
+	mul_add_c(a[6],b[0],c1,c2,c3);
+	mul_add_c(a[5],b[1],c1,c2,c3);
+	mul_add_c(a[4],b[2],c1,c2,c3);
+	mul_add_c(a[3],b[3],c1,c2,c3);
+	mul_add_c(a[2],b[4],c1,c2,c3);
+	mul_add_c(a[1],b[5],c1,c2,c3);
+	mul_add_c(a[0],b[6],c1,c2,c3);
+	r[6]=c1;
+	c1=0;
+	mul_add_c(a[0],b[7],c2,c3,c1);
+	mul_add_c(a[1],b[6],c2,c3,c1);
+	mul_add_c(a[2],b[5],c2,c3,c1);
+	mul_add_c(a[3],b[4],c2,c3,c1);
+	mul_add_c(a[4],b[3],c2,c3,c1);
+	mul_add_c(a[5],b[2],c2,c3,c1);
+	mul_add_c(a[6],b[1],c2,c3,c1);
+	mul_add_c(a[7],b[0],c2,c3,c1);
+	r[7]=c2;
+	c2=0;
+	mul_add_c(a[7],b[1],c3,c1,c2);
+	mul_add_c(a[6],b[2],c3,c1,c2);
+	mul_add_c(a[5],b[3],c3,c1,c2);
+	mul_add_c(a[4],b[4],c3,c1,c2);
+	mul_add_c(a[3],b[5],c3,c1,c2);
+	mul_add_c(a[2],b[6],c3,c1,c2);
+	mul_add_c(a[1],b[7],c3,c1,c2);
+	r[8]=c3;
+	c3=0;
+	mul_add_c(a[2],b[7],c1,c2,c3);
+	mul_add_c(a[3],b[6],c1,c2,c3);
+	mul_add_c(a[4],b[5],c1,c2,c3);
+	mul_add_c(a[5],b[4],c1,c2,c3);
+	mul_add_c(a[6],b[3],c1,c2,c3);
+	mul_add_c(a[7],b[2],c1,c2,c3);
+	r[9]=c1;
+	c1=0;
+	mul_add_c(a[7],b[3],c2,c3,c1);
+	mul_add_c(a[6],b[4],c2,c3,c1);
+	mul_add_c(a[5],b[5],c2,c3,c1);
+	mul_add_c(a[4],b[6],c2,c3,c1);
+	mul_add_c(a[3],b[7],c2,c3,c1);
+	r[10]=c2;
+	c2=0;
+	mul_add_c(a[4],b[7],c3,c1,c2);
+	mul_add_c(a[5],b[6],c3,c1,c2);
+	mul_add_c(a[6],b[5],c3,c1,c2);
+	mul_add_c(a[7],b[4],c3,c1,c2);
+	r[11]=c3;
+	c3=0;
+	mul_add_c(a[7],b[5],c1,c2,c3);
+	mul_add_c(a[6],b[6],c1,c2,c3);
+	mul_add_c(a[5],b[7],c1,c2,c3);
+	r[12]=c1;
+	c1=0;
+	mul_add_c(a[6],b[7],c2,c3,c1);
+	mul_add_c(a[7],b[6],c2,c3,c1);
+	r[13]=c2;
+	c2=0;
+	mul_add_c(a[7],b[7],c3,c1,c2);
+	r[14]=c3;
+	r[15]=c1;
+	}
+
+void bn_mul_comba44(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+	{
+#ifdef BN_LLONG
+	BN_ULLONG t;
+#else
+	BN_ULONG bl,bh;
+#endif
+	BN_ULONG t1,t2;
+	BN_ULONG c1,c2,c3;
+
+	c1=0;
+	c2=0;
+	c3=0;
+	mul_add_c(a[0],b[0],c1,c2,c3);
+	r[0]=c1;
+	c1=0;
+	mul_add_c(a[0],b[1],c2,c3,c1);
+	mul_add_c(a[1],b[0],c2,c3,c1);
+	r[1]=c2;
+	c2=0;
+	mul_add_c(a[2],b[0],c3,c1,c2);
+	mul_add_c(a[1],b[1],c3,c1,c2);
+	mul_add_c(a[0],b[2],c3,c1,c2);
+	r[2]=c3;
+	c3=0;
+	mul_add_c(a[0],b[3],c1,c2,c3);
+	mul_add_c(a[1],b[2],c1,c2,c3);
+	mul_add_c(a[2],b[1],c1,c2,c3);
+	mul_add_c(a[3],b[0],c1,c2,c3);
+	r[3]=c1;
+	c1=0;
+	mul_add_c(a[3],b[1],c2,c3,c1);
+	mul_add_c(a[2],b[2],c2,c3,c1);
+	mul_add_c(a[1],b[3],c2,c3,c1);
+	r[4]=c2;
+	c2=0;
+	mul_add_c(a[2],b[3],c3,c1,c2);
+	mul_add_c(a[3],b[2],c3,c1,c2);
+	r[5]=c3;
+	c3=0;
+	mul_add_c(a[3],b[3],c1,c2,c3);
+	r[6]=c1;
+	r[7]=c2;
+	}
+
+void bn_sqr_comba88(BN_ULONG *r, BN_ULONG *a)
+	{
+#ifdef BN_LLONG
+	BN_ULLONG t,tt;
+#else
+	BN_ULONG bl,bh;
+#endif
+	BN_ULONG t1,t2;
+	BN_ULONG c1,c2,c3;
+
+	c1=0;
+	c2=0;
+	c3=0;
+	sqr_add_c(a,0,c1,c2,c3);
+	r[0]=c1;
+	c1=0;
+	sqr_add_c2(a,1,0,c2,c3,c1);
+	r[1]=c2;
+	c2=0;
+	sqr_add_c(a,1,c3,c1,c2);
+	sqr_add_c2(a,2,0,c3,c1,c2);
+	r[2]=c3;
+	c3=0;
+	sqr_add_c2(a,3,0,c1,c2,c3);
+	sqr_add_c2(a,2,1,c1,c2,c3);
+	r[3]=c1;
+	c1=0;
+	sqr_add_c(a,2,c2,c3,c1);
+	sqr_add_c2(a,3,1,c2,c3,c1);
+	sqr_add_c2(a,4,0,c2,c3,c1);
+	r[4]=c2;
+	c2=0;
+	sqr_add_c2(a,5,0,c3,c1,c2);
+	sqr_add_c2(a,4,1,c3,c1,c2);
+	sqr_add_c2(a,3,2,c3,c1,c2);
+	r[5]=c3;
+	c3=0;
+	sqr_add_c(a,3,c1,c2,c3);
+	sqr_add_c2(a,4,2,c1,c2,c3);
+	sqr_add_c2(a,5,1,c1,c2,c3);
+	sqr_add_c2(a,6,0,c1,c2,c3);
+	r[6]=c1;
+	c1=0;
+	sqr_add_c2(a,7,0,c2,c3,c1);
+	sqr_add_c2(a,6,1,c2,c3,c1);
+	sqr_add_c2(a,5,2,c2,c3,c1);
+	sqr_add_c2(a,4,3,c2,c3,c1);
+	r[7]=c2;
+	c2=0;
+	sqr_add_c(a,4,c3,c1,c2);
+	sqr_add_c2(a,5,3,c3,c1,c2);
+	sqr_add_c2(a,6,2,c3,c1,c2);
+	sqr_add_c2(a,7,1,c3,c1,c2);
+	r[8]=c3;
+	c3=0;
+	sqr_add_c2(a,7,2,c1,c2,c3);
+	sqr_add_c2(a,6,3,c1,c2,c3);
+	sqr_add_c2(a,5,4,c1,c2,c3);
+	r[9]=c1;
+	c1=0;
+	sqr_add_c(a,5,c2,c3,c1);
+	sqr_add_c2(a,6,4,c2,c3,c1);
+	sqr_add_c2(a,7,3,c2,c3,c1);
+	r[10]=c2;
+	c2=0;
+	sqr_add_c2(a,7,4,c3,c1,c2);
+	sqr_add_c2(a,6,5,c3,c1,c2);
+	r[11]=c3;
+	c3=0;
+	sqr_add_c(a,6,c1,c2,c3);
+	sqr_add_c2(a,7,5,c1,c2,c3);
+	r[12]=c1;
+	c1=0;
+	sqr_add_c2(a,7,6,c2,c3,c1);
+	r[13]=c2;
+	c2=0;
+	sqr_add_c(a,7,c3,c1,c2);
+	r[14]=c3;
+	r[15]=c1;
+	}
+
+void bn_sqr_comba44(BN_ULONG *r, BN_ULONG *a)
+	{
+#ifdef BN_LLONG
+	BN_ULLONG t,tt;
+#else
+	BN_ULONG bl,bh;
+#endif
+	BN_ULONG t1,t2;
+	BN_ULONG c1,c2,c3;
+
+	c1=0;
+	c2=0;
+	c3=0;
+	sqr_add_c(a,0,c1,c2,c3);
+	r[0]=c1;
+	c1=0;
+	sqr_add_c2(a,1,0,c2,c3,c1);
+	r[1]=c2;
+	c2=0;
+	sqr_add_c(a,1,c3,c1,c2);
+	sqr_add_c2(a,2,0,c3,c1,c2);
+	r[2]=c3;
+	c3=0;
+	sqr_add_c2(a,3,0,c1,c2,c3);
+	sqr_add_c2(a,2,1,c1,c2,c3);
+	r[3]=c1;
+	c1=0;
+	sqr_add_c(a,2,c2,c3,c1);
+	sqr_add_c2(a,3,1,c2,c3,c1);
+	r[4]=c2;
+	c2=0;
+	sqr_add_c2(a,3,2,c3,c1,c2);
+	r[5]=c3;
+	c3=0;
+	sqr_add_c(a,3,c1,c2,c3);
+	r[6]=c1;
+	r[7]=c2;
+	}
diff --git a/crypto/openssl/crypto/bn/bn_div.c b/crypto/openssl/crypto/bn/bn_div.c
new file mode 100644
index 000000000000..150dd289a583
--- /dev/null
+++ b/crypto/openssl/crypto/bn/bn_div.c
@@ -0,0 +1,358 @@
+/* crypto/bn/bn_div.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+/* The old slow way */
+#if 0
+int BN_div(BIGNUM *dv, BIGNUM *rem, BIGNUM *m, BIGNUM *d, BN_CTX *ctx)
+	{
+	int i,nm,nd;
+	BIGNUM *D;
+
+	bn_check_top(m);
+	bn_check_top(d);
+	if (BN_is_zero(d))
+		{
+		BNerr(BN_F_BN_DIV,BN_R_DIV_BY_ZERO);
+		return(0);
+		}
+
+	if (BN_ucmp(m,d) < 0)
+		{
+		if (rem != NULL)
+			{ if (BN_copy(rem,m) == NULL) return(0); }
+		if (dv != NULL) BN_zero(dv);
+		return(1);
+		}
+
+	D= &(ctx->bn[ctx->tos]);
+	if (dv == NULL) dv= &(ctx->bn[ctx->tos+1]);
+	if (rem == NULL) rem= &(ctx->bn[ctx->tos+2]);
+
+	nd=BN_num_bits(d);
+	nm=BN_num_bits(m);
+	if (BN_copy(D,d) == NULL) return(0);
+	if (BN_copy(rem,m) == NULL) return(0);
+
+	/* The next 2 are needed so we can do a dv->d[0]|=1 later
+	 * since BN_lshift1 will only work once there is a value :-) */
+	BN_zero(dv);
+	bn_wexpand(dv,1);
+	dv->top=1;
+
+	if (!BN_lshift(D,D,nm-nd)) return(0);
+	for (i=nm-nd; i>=0; i--)
+		{
+		if (!BN_lshift1(dv,dv)) return(0);
+		if (BN_ucmp(rem,D) >= 0)
+			{
+			dv->d[0]|=1;
+			if (!BN_usub(rem,rem,D)) return(0);
+			}
+/* CAN IMPROVE (and have now :=) */
+		if (!BN_rshift1(D,D)) return(0);
+		}
+	rem->neg=BN_is_zero(rem)?0:m->neg;
+	dv->neg=m->neg^d->neg;
+	return(1);
+	}
+
+#else
+
+int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
+	   BN_CTX *ctx)
+	{
+	int norm_shift,i,j,loop;
+	BIGNUM *tmp,wnum,*snum,*sdiv,*res;
+	BN_ULONG *resp,*wnump;
+	BN_ULONG d0,d1;
+	int num_n,div_n;
+
+	bn_check_top(num);
+	bn_check_top(divisor);
+
+	if (BN_is_zero(divisor))
+		{
+		BNerr(BN_F_BN_DIV,BN_R_DIV_BY_ZERO);
+		return(0);
+		}
+
+	if (BN_ucmp(num,divisor) < 0)
+		{
+		if (rm != NULL)
+			{ if (BN_copy(rm,num) == NULL) return(0); }
+		if (dv != NULL) BN_zero(dv);
+		return(1);
+		}
+
+	tmp= &(ctx->bn[ctx->tos]);
+	tmp->neg=0;
+	snum= &(ctx->bn[ctx->tos+1]);
+	sdiv= &(ctx->bn[ctx->tos+2]);
+	if (dv == NULL)
+		res= &(ctx->bn[ctx->tos+3]);
+	else	res=dv;
+
+	/* First we normalise the numbers */
+	norm_shift=BN_BITS2-((BN_num_bits(divisor))%BN_BITS2);
+	BN_lshift(sdiv,divisor,norm_shift);
+	sdiv->neg=0;
+	norm_shift+=BN_BITS2;
+	BN_lshift(snum,num,norm_shift);
+	snum->neg=0;
+	div_n=sdiv->top;
+	num_n=snum->top;
+	loop=num_n-div_n;
+
+	/* Lets setup a 'window' into snum
+	 * This is the part that corresponds to the current
+	 * 'area' being divided */
+	BN_init(&wnum);
+	wnum.d=	 &(snum->d[loop]);
+	wnum.top= div_n;
+	wnum.max= snum->max+1; /* a bit of a lie */
+
+	/* Get the top 2 words of sdiv */
+	/* i=sdiv->top; */
+	d0=sdiv->d[div_n-1];
+	d1=(div_n == 1)?0:sdiv->d[div_n-2];
+
+	/* pointer to the 'top' of snum */
+	wnump= &(snum->d[num_n-1]);
+
+	/* Setup to 'res' */
+	res->neg= (num->neg^divisor->neg);
+	if (!bn_wexpand(res,(loop+1))) goto err;
+	res->top=loop;
+	resp= &(res->d[loop-1]);
+
+	/* space for temp */
+	if (!bn_wexpand(tmp,(div_n+1))) goto err;
+
+	if (BN_ucmp(&wnum,sdiv) >= 0)
+		{
+		if (!BN_usub(&wnum,&wnum,sdiv)) goto err;
+		*resp=1;
+		res->d[res->top-1]=1;
+		}
+	else
+		res->top--;
+	resp--;
+
+	for (i=0; i=2
+#  if defined(__i386)
+   /*
+    * There were two reasons for implementing this template:
+    * - GNU C generates a call to a function (__udivdi3 to be exact)
+    *   in reply to ((((BN_ULLONG)n0)<
+    */
+#  define bn_div_words(n0,n1,d0)		\
+	({  asm volatile (			\
+		"divl	%4"			\
+		: "=a"(q), "=d"(rem)		\
+		: "a"(n1), "d"(n0), "g"(d0)	\
+		: "cc");			\
+	    q;					\
+	})
+#  define REMINDER_IS_ALREADY_CALCULATED
+#  endif /* __ */
+# endif /* __GNUC__ */
+#endif /* NO_ASM */
+		BN_ULONG n0,n1,rem=0;
+
+		n0=wnump[0];
+		n1=wnump[-1];
+		if (n0 == d0)
+			q=BN_MASK2;
+		else
+#if defined(BN_LLONG) && defined(BN_DIV2W) && !defined(bn_div_words)
+			q=((((BN_ULLONG)n0)<d,sdiv->d,div_n,q);
+		tmp->d[div_n]=l0;
+		for (j=div_n+1; j>0; j--)
+			if (tmp->d[j-1]) break;
+		tmp->top=j;
+
+		j=wnum.top;
+		BN_sub(&wnum,&wnum,tmp);
+
+		snum->top=snum->top+wnum.top-j;
+
+		if (wnum.neg)
+			{
+			q--;
+			j=wnum.top;
+			BN_add(&wnum,&wnum,sdiv);
+			snum->top+=wnum.top-j;
+			}
+		*(resp--)=q;
+		wnump--;
+		}
+	if (rm != NULL)
+		{
+		BN_rshift(rm,snum,norm_shift);
+		rm->neg=num->neg;
+		}
+	return(1);
+err:
+	return(0);
+	}
+
+#endif
+
+/* rem != m */
+int BN_mod(BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx)
+	{
+#if 0 /* The old slow way */
+	int i,nm,nd;
+	BIGNUM *dv;
+
+	if (BN_ucmp(m,d) < 0)
+		return((BN_copy(rem,m) == NULL)?0:1);
+
+	dv= &(ctx->bn[ctx->tos]);
+
+	if (!BN_copy(rem,m)) return(0);
+
+	nm=BN_num_bits(rem);
+	nd=BN_num_bits(d);
+	if (!BN_lshift(dv,d,nm-nd)) return(0);
+	for (i=nm-nd; i>=0; i--)
+		{
+		if (BN_cmp(rem,dv) >= 0)
+			{
+			if (!BN_sub(rem,rem,dv)) return(0);
+			}
+		if (!BN_rshift1(dv,dv)) return(0);
+		}
+	return(1);
+#else
+	return(BN_div(NULL,rem,m,d,ctx));
+#endif
+	}
+
diff --git a/crypto/openssl/crypto/bn/bn_err.c b/crypto/openssl/crypto/bn/bn_err.c
new file mode 100644
index 000000000000..73e80774e57b
--- /dev/null
+++ b/crypto/openssl/crypto/bn/bn_err.c
@@ -0,0 +1,116 @@
+/* crypto/bn/bn_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file.
+ */
+
+#include 
+#include 
+#include 
+
+/* BEGIN ERROR CODES */
+#ifndef NO_ERR
+static ERR_STRING_DATA BN_str_functs[]=
+	{
+{ERR_PACK(0,BN_F_BN_BLINDING_CONVERT,0),	"BN_BLINDING_convert"},
+{ERR_PACK(0,BN_F_BN_BLINDING_INVERT,0),	"BN_BLINDING_invert"},
+{ERR_PACK(0,BN_F_BN_BLINDING_NEW,0),	"BN_BLINDING_new"},
+{ERR_PACK(0,BN_F_BN_BLINDING_UPDATE,0),	"BN_BLINDING_update"},
+{ERR_PACK(0,BN_F_BN_BN2DEC,0),	"BN_bn2dec"},
+{ERR_PACK(0,BN_F_BN_BN2HEX,0),	"BN_bn2hex"},
+{ERR_PACK(0,BN_F_BN_CTX_NEW,0),	"BN_CTX_new"},
+{ERR_PACK(0,BN_F_BN_DIV,0),	"BN_div"},
+{ERR_PACK(0,BN_F_BN_EXPAND2,0),	"bn_expand2"},
+{ERR_PACK(0,BN_F_BN_MOD_EXP_MONT,0),	"BN_mod_exp_mont"},
+{ERR_PACK(0,BN_F_BN_MOD_INVERSE,0),	"BN_mod_inverse"},
+{ERR_PACK(0,BN_F_BN_MOD_MUL_RECIPROCAL,0),	"BN_mod_mul_reciprocal"},
+{ERR_PACK(0,BN_F_BN_MPI2BN,0),	"BN_mpi2bn"},
+{ERR_PACK(0,BN_F_BN_NEW,0),	"BN_new"},
+{ERR_PACK(0,BN_F_BN_RAND,0),	"BN_rand"},
+{ERR_PACK(0,BN_F_BN_USUB,0),	"BN_usub"},
+{0,NULL}
+	};
+
+static ERR_STRING_DATA BN_str_reasons[]=
+	{
+{BN_R_ARG2_LT_ARG3                       ,"arg2 lt arg3"},
+{BN_R_BAD_RECIPROCAL                     ,"bad reciprocal"},
+{BN_R_CALLED_WITH_EVEN_MODULUS           ,"called with even modulus"},
+{BN_R_DIV_BY_ZERO                        ,"div by zero"},
+{BN_R_ENCODING_ERROR                     ,"encoding error"},
+{BN_R_EXPAND_ON_STATIC_BIGNUM_DATA       ,"expand on static bignum data"},
+{BN_R_INVALID_LENGTH                     ,"invalid length"},
+{BN_R_NOT_INITIALIZED                    ,"not initialized"},
+{BN_R_NO_INVERSE                         ,"no inverse"},
+{0,NULL}
+	};
+
+#endif
+
+void ERR_load_BN_strings(void)
+	{
+	static int init=1;
+
+	if (init)
+		{
+		init=0;
+#ifndef NO_ERR
+		ERR_load_strings(ERR_LIB_BN,BN_str_functs);
+		ERR_load_strings(ERR_LIB_BN,BN_str_reasons);
+#endif
+
+		}
+	}
diff --git a/crypto/openssl/crypto/bn/bn_exp.c b/crypto/openssl/crypto/bn/bn_exp.c
new file mode 100644
index 000000000000..2df1614ada17
--- /dev/null
+++ b/crypto/openssl/crypto/bn/bn_exp.c
@@ -0,0 +1,549 @@
+/* crypto/bn/bn_exp.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+#define TABLE_SIZE	16
+
+/* slow but works */
+int BN_mod_mul(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m, BN_CTX *ctx)
+	{
+	BIGNUM *t;
+	int r=0;
+
+	bn_check_top(a);
+	bn_check_top(b);
+	bn_check_top(m);
+
+	t= &(ctx->bn[ctx->tos++]);
+	if (a == b)
+		{ if (!BN_sqr(t,a,ctx)) goto err; }
+	else
+		{ if (!BN_mul(t,a,b,ctx)) goto err; }
+	if (!BN_mod(ret,t,m,ctx)) goto err;
+	r=1;
+err:
+	ctx->tos--;
+	return(r);
+	}
+
+#if 0
+/* this one works - simple but works */
+int BN_mod_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BIGNUM *m, BN_CTX *ctx)
+	{
+	int i,bits,ret=0;
+	BIGNUM *v,*tmp;
+
+	v= &(ctx->bn[ctx->tos++]);
+	tmp= &(ctx->bn[ctx->tos++]);
+
+	if (BN_copy(v,a) == NULL) goto err;
+	bits=BN_num_bits(p);
+
+	if (BN_is_odd(p))
+		{ if (BN_copy(r,a) == NULL) goto err; }
+	else	{ if (!BN_one(r)) goto err; }
+
+	for (i=1; itos-=2;
+	return(ret);
+	}
+
+#endif
+
+/* this one works - simple but works */
+int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BN_CTX *ctx)
+	{
+	int i,bits,ret=0,tos;
+	BIGNUM *v,*rr;
+
+	tos=ctx->tos;
+	v= &(ctx->bn[ctx->tos++]);
+	if ((r == a) || (r == p))
+		rr= &(ctx->bn[ctx->tos++]);
+	else
+		rr=r;
+
+	if (BN_copy(v,a) == NULL) goto err;
+	bits=BN_num_bits(p);
+
+	if (BN_is_odd(p))
+		{ if (BN_copy(rr,a) == NULL) goto err; }
+	else	{ if (!BN_one(rr)) goto err; }
+
+	for (i=1; itos=tos;
+	if (r != rr) BN_copy(r,rr);
+	return(ret);
+	}
+
+int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
+	       BN_CTX *ctx)
+	{
+	int ret;
+
+	bn_check_top(a);
+	bn_check_top(p);
+	bn_check_top(m);
+
+#ifdef MONT_MUL_MOD
+	/* I have finally been able to take out this pre-condition of
+	 * the top bit being set.  It was caused by an error in BN_div
+	 * with negatives.  There was also another problem when for a^b%m
+	 * a >= m.  eay 07-May-97 */
+/*	if ((m->d[m->top-1]&BN_TBIT) && BN_is_odd(m)) */
+
+	if (BN_is_odd(m))
+		{ ret=BN_mod_exp_mont(r,a,p,m,ctx,NULL); }
+	else
+#endif
+#ifdef RECP_MUL_MOD
+		{ ret=BN_mod_exp_recp(r,a,p,m,ctx); }
+#else
+		{ ret=BN_mod_exp_simple(r,a,p,m,ctx); }
+#endif
+
+	return(ret);
+	}
+
+/* #ifdef RECP_MUL_MOD */
+int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+		    const BIGNUM *m, BN_CTX *ctx)
+	{
+	int i,j,bits,ret=0,wstart,wend,window,wvalue;
+	int start=1,ts=0;
+	BIGNUM *aa;
+	BIGNUM val[TABLE_SIZE];
+	BN_RECP_CTX recp;
+
+	aa= &(ctx->bn[ctx->tos++]);
+	bits=BN_num_bits(p);
+
+	if (bits == 0)
+		{
+		BN_one(r);
+		return(1);
+		}
+	BN_RECP_CTX_init(&recp);
+	if (BN_RECP_CTX_set(&recp,m,ctx) <= 0) goto err;
+
+	BN_init(&(val[0]));
+	ts=1;
+
+	if (!BN_mod(&(val[0]),a,m,ctx)) goto err;		/* 1 */
+	if (!BN_mod_mul_reciprocal(aa,&(val[0]),&(val[0]),&recp,ctx))
+		goto err;				/* 2 */
+
+	if (bits <= 17) /* This is probably 3 or 0x10001, so just do singles */
+		window=1;
+	else if (bits >= 256)
+		window=5;	/* max size of window */
+	else if (bits >= 128)
+		window=4;
+	else
+		window=3;
+
+	j=1<<(window-1);
+	for (i=1; i>1]),&recp,ctx))
+			goto err;
+
+		/* move the 'window' down further */
+		wstart-=wend+1;
+		wvalue=0;
+		start=0;
+		if (wstart < 0) break;
+		}
+	ret=1;
+err:
+	ctx->tos--;
+	for (i=0; id[0] & 1))
+		{
+		BNerr(BN_F_BN_MOD_EXP_MONT,BN_R_CALLED_WITH_EVEN_MODULUS);
+		return(0);
+		}
+	d= &(ctx->bn[ctx->tos++]);
+	r= &(ctx->bn[ctx->tos++]);
+	bits=BN_num_bits(p);
+	if (bits == 0)
+		{
+		BN_one(r);
+		return(1);
+		}
+
+	/* If this is not done, things will break in the montgomery
+	 * part */
+
+#if 1
+	if (in_mont != NULL)
+		mont=in_mont;
+	else
+#endif
+		{
+		if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
+		if (!BN_MONT_CTX_set(mont,m,ctx)) goto err;
+		}
+
+	BN_init(&val[0]);
+	ts=1;
+	if (BN_ucmp(a,m) >= 0)
+		{
+		BN_mod(&(val[0]),a,m,ctx);
+		aa= &(val[0]);
+		}
+	else
+		aa=a;
+	if (!BN_to_montgomery(&(val[0]),aa,mont,ctx)) goto err; /* 1 */
+	if (!BN_mod_mul_montgomery(d,&(val[0]),&(val[0]),mont,ctx)) goto err; /* 2 */
+
+	if (bits <= 20) /* This is probably 3 or 0x10001, so just do singles */
+		window=1;
+	else if (bits >= 256)
+		window=5;	/* max size of window */
+	else if (bits >= 128)
+		window=4;
+	else
+		window=3;
+
+	j=1<<(window-1);
+	for (i=1; i>1]),mont,ctx))
+			goto err;
+
+		/* move the 'window' down further */
+		wstart-=wend+1;
+		wvalue=0;
+		start=0;
+		if (wstart < 0) break;
+		}
+	BN_from_montgomery(rr,r,mont,ctx);
+	ret=1;
+err:
+	if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont);
+	ctx->tos-=2;
+	for (i=0; ibn[ctx->tos++]);
+	bits=BN_num_bits(p);
+
+	if (bits == 0)
+		{
+		BN_one(r);
+		return(1);
+		}
+
+	BN_init(&(val[0]));
+	ts=1;
+	if (!BN_mod(&(val[0]),a,m,ctx)) goto err;		/* 1 */
+	if (!BN_mod_mul(d,&(val[0]),&(val[0]),m,ctx))
+		goto err;				/* 2 */
+
+	if (bits <= 17) /* This is probably 3 or 0x10001, so just do singles */
+		window=1;
+	else if (bits >= 256)
+		window=5;	/* max size of window */
+	else if (bits >= 128)
+		window=4;
+	else
+		window=3;
+
+	j=1<<(window-1);
+	for (i=1; i>1]),m,ctx))
+			goto err;
+
+		/* move the 'window' down further */
+		wstart-=wend+1;
+		wvalue=0;
+		start=0;
+		if (wstart < 0) break;
+		}
+	ret=1;
+err:
+	ctx->tos--;
+	for (i=0; i
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+/* I've done some timing with different table sizes.
+ * The main hassle is that even with bits set at 3, this requires
+ * 63 BIGNUMs to store the pre-calculated values.
+ *          512   1024 
+ * bits=1  75.4%  79.4%
+ * bits=2  61.2%  62.4%
+ * bits=3  61.3%  59.3%
+ * The lack of speed improvment is also a function of the pre-calculation
+ * which could be removed.
+ */
+#define EXP2_TABLE_BITS	2 /* 1  2  3  4  5  */
+#define EXP2_TABLE_SIZE	4 /* 2  4  8 16 32  */
+
+int BN_mod_exp2_mont(BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, BIGNUM *a2,
+	     BIGNUM *p2, BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
+	{
+	int i,j,k,bits,bits1,bits2,ret=0,wstart,wend,window,xvalue,yvalue;
+	int start=1,ts=0,x,y;
+	BIGNUM *d,*aa1,*aa2,*r;
+	BIGNUM val[EXP2_TABLE_SIZE][EXP2_TABLE_SIZE];
+	BN_MONT_CTX *mont=NULL;
+
+	bn_check_top(a1);
+	bn_check_top(p1);
+	bn_check_top(a2);
+	bn_check_top(p2);
+	bn_check_top(m);
+
+	if (!(m->d[0] & 1))
+		{
+		BNerr(BN_F_BN_MOD_EXP_MONT,BN_R_CALLED_WITH_EVEN_MODULUS);
+		return(0);
+		}
+	d= &(ctx->bn[ctx->tos++]);
+	r= &(ctx->bn[ctx->tos++]);
+	bits1=BN_num_bits(p1);
+	bits2=BN_num_bits(p2);
+	if ((bits1 == 0) && (bits2 == 0))
+		{
+		BN_one(r);
+		return(1);
+		}
+	bits=(bits1 > bits2)?bits1:bits2;
+
+	/* If this is not done, things will break in the montgomery
+	 * part */
+
+	if (in_mont != NULL)
+		mont=in_mont;
+	else
+		{
+		if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
+		if (!BN_MONT_CTX_set(mont,m,ctx)) goto err;
+		}
+
+	BN_init(&(val[0][0]));
+	BN_init(&(val[1][1]));
+	BN_init(&(val[0][1]));
+	BN_init(&(val[1][0]));
+	ts=1;
+	if (BN_ucmp(a1,m) >= 0)
+		{
+		BN_mod(&(val[1][0]),a1,m,ctx);
+		aa1= &(val[1][0]);
+		}
+	else
+		aa1=a1;
+	if (BN_ucmp(a2,m) >= 0)
+		{
+		BN_mod(&(val[0][1]),a2,m,ctx);
+		aa2= &(val[0][1]);
+		}
+	else
+		aa2=a2;
+	if (!BN_to_montgomery(&(val[1][0]),aa1,mont,ctx)) goto err;
+	if (!BN_to_montgomery(&(val[0][1]),aa2,mont,ctx)) goto err;
+	if (!BN_mod_mul_montgomery(&(val[1][1]),
+		&(val[1][0]),&(val[0][1]),mont,ctx))
+		goto err;
+
+#if 0
+	if (bits <= 20) /* This is probably 3 or 0x10001, so just do singles */
+		window=1;
+	else if (bits > 250)
+		window=5;	/* max size of window */
+	else if (bits >= 120)
+		window=4;
+	else
+		window=3;
+#else
+	window=EXP2_TABLE_BITS;
+#endif
+
+	k=1<= 2)
+			{
+			BN_init(&(val[x][0]));
+			BN_init(&(val[x][1]));
+			if (!BN_mod_mul_montgomery(&(val[x][0]),
+				&(val[1][0]),&(val[x-1][0]),mont,ctx)) goto err;
+			if (!BN_mod_mul_montgomery(&(val[x][1]),
+				&(val[1][0]),&(val[x-1][1]),mont,ctx)) goto err;
+			}
+		for (y=2; ytos-=2;
+	for (i=0; i
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+static BIGNUM *euclid(BIGNUM *a, BIGNUM *b);
+int BN_gcd(BIGNUM *r, BIGNUM *in_a, BIGNUM *in_b, BN_CTX *ctx)
+	{
+	BIGNUM *a,*b,*t;
+	int ret=0;
+
+	bn_check_top(in_a);
+	bn_check_top(in_b);
+
+	a= &(ctx->bn[ctx->tos]);
+	b= &(ctx->bn[ctx->tos+1]);
+
+	if (BN_copy(a,in_a) == NULL) goto err;
+	if (BN_copy(b,in_b) == NULL) goto err;
+
+	if (BN_cmp(a,b) < 0) { t=a; a=b; b=t; }
+	t=euclid(a,b);
+	if (t == NULL) goto err;
+
+	if (BN_copy(r,t) == NULL) goto err;
+	ret=1;
+err:
+	return(ret);
+	}
+
+static BIGNUM *euclid(BIGNUM *a, BIGNUM *b)
+	{
+	BIGNUM *t;
+	int shifts=0;
+
+	bn_check_top(a);
+	bn_check_top(b);
+
+	for (;;)
+		{
+		if (BN_is_zero(b))
+			break;
+
+		if (BN_is_odd(a))
+			{
+			if (BN_is_odd(b))
+				{
+				if (!BN_sub(a,a,b)) goto err;
+				if (!BN_rshift1(a,a)) goto err;
+				if (BN_cmp(a,b) < 0)
+					{ t=a; a=b; b=t; }
+				}
+			else		/* a odd - b even */
+				{
+				if (!BN_rshift1(b,b)) goto err;
+				if (BN_cmp(a,b) < 0)
+					{ t=a; a=b; b=t; }
+				}
+			}
+		else			/* a is even */
+			{
+			if (BN_is_odd(b))
+				{
+				if (!BN_rshift1(a,a)) goto err;
+				if (BN_cmp(a,b) < 0)
+					{ t=a; a=b; b=t; }
+				}
+			else		/* a even - b even */
+				{
+				if (!BN_rshift1(a,a)) goto err;
+				if (!BN_rshift1(b,b)) goto err;
+				shifts++;
+				}
+			}
+		}
+	if (shifts)
+		{
+		if (!BN_lshift(a,a,shifts)) goto err;
+		}
+	return(a);
+err:
+	return(NULL);
+	}
+
+/* solves ax == 1 (mod n) */
+BIGNUM *BN_mod_inverse(BIGNUM *in, BIGNUM *a, const BIGNUM *n, BN_CTX *ctx)
+	{
+	BIGNUM *A,*B,*X,*Y,*M,*D,*R;
+	BIGNUM *T,*ret=NULL;
+	int sign;
+
+	bn_check_top(a);
+	bn_check_top(n);
+
+	A= &(ctx->bn[ctx->tos]);
+	B= &(ctx->bn[ctx->tos+1]);
+	X= &(ctx->bn[ctx->tos+2]);
+	D= &(ctx->bn[ctx->tos+3]);
+	M= &(ctx->bn[ctx->tos+4]);
+	Y= &(ctx->bn[ctx->tos+5]);
+	ctx->tos+=6;
+	if (in == NULL)
+		R=BN_new();
+	else
+		R=in;
+	if (R == NULL) goto err;
+
+	BN_zero(X);
+	BN_one(Y);
+	if (BN_copy(A,a) == NULL) goto err;
+	if (BN_copy(B,n) == NULL) goto err;
+	sign=1;
+
+	while (!BN_is_zero(B))
+		{
+		if (!BN_div(D,M,A,B,ctx)) goto err;
+		T=A;
+		A=B;
+		B=M;
+		/* T has a struct, M does not */
+
+		if (!BN_mul(T,D,X,ctx)) goto err;
+		if (!BN_add(T,T,Y)) goto err;
+		M=Y;
+		Y=X;
+		X=T;
+		sign= -sign;
+		}
+	if (sign < 0)
+		{
+		if (!BN_sub(Y,n,Y)) goto err;
+		}
+
+	if (BN_is_one(A))
+		{ if (!BN_mod(R,Y,n,ctx)) goto err; }
+	else
+		{
+		BNerr(BN_F_BN_MOD_INVERSE,BN_R_NO_INVERSE);
+		goto err;
+		}
+	ret=R;
+err:
+	if ((ret == NULL) && (in == NULL)) BN_free(R);
+	ctx->tos-=6;
+	return(ret);
+	}
+
diff --git a/crypto/openssl/crypto/bn/bn_lcl.h b/crypto/openssl/crypto/bn/bn_lcl.h
new file mode 100644
index 000000000000..85a372695b9c
--- /dev/null
+++ b/crypto/openssl/crypto/bn/bn_lcl.h
@@ -0,0 +1,268 @@
+/* crypto/bn/bn_lcl.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_BN_LCL_H
+#define HEADER_BN_LCL_H
+
+#include 
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* Pentium pro 16,16,16,32,64 */
+/* Alpha       16,16,16,16.64 */
+#define BN_MULL_SIZE_NORMAL			(16) /* 32 */
+#define BN_MUL_RECURSIVE_SIZE_NORMAL		(16) /* 32 less than */
+#define BN_SQR_RECURSIVE_SIZE_NORMAL		(16) /* 32 */
+#define BN_MUL_LOW_RECURSIVE_SIZE_NORMAL	(32) /* 32 */
+#define BN_MONT_CTX_SET_SIZE_WORD		(64) /* 32 */
+
+#if 0
+#ifndef BN_MUL_COMBA
+/* #define bn_mul_comba8(r,a,b)	bn_mul_normal(r,a,8,b,8) */
+/* #define bn_mul_comba4(r,a,b)	bn_mul_normal(r,a,4,b,4) */
+#endif
+
+#ifndef BN_SQR_COMBA
+/* This is probably faster than using the C code - I need to check */
+#define bn_sqr_comba8(r,a)	bn_mul_normal(r,a,8,a,8)
+#define bn_sqr_comba4(r,a)	bn_mul_normal(r,a,4,a,4)
+#endif
+#endif
+
+/*************************************************************
+ * Using the long long type
+ */
+#define Lw(t)    (((BN_ULONG)(t))&BN_MASK2)
+#define Hw(t)    (((BN_ULONG)((t)>>BN_BITS2))&BN_MASK2)
+
+/* These are used for internal error checking and are not normally used */
+#ifdef BN_DEBUG
+#define bn_check_top(a) \
+	{ if (((a)->top < 0) || ((a)->top > (a)->max)) \
+		{ char *nullp=NULL; *nullp='z'; } }
+#define bn_check_num(a) if ((a) < 0) { char *nullp=NULL; *nullp='z'; }
+#else
+#define bn_check_top(a)
+#define bn_check_num(a)
+#endif
+
+/* This macro is to add extra stuff for development checking */
+#ifdef BN_DEBUG
+#define	bn_set_max(r) ((r)->max=(r)->top,BN_set_flags((r),BN_FLG_STATIC_DATA))
+#else
+#define	bn_set_max(r)
+#endif
+
+/* These macros are used to 'take' a section of a bignum for read only use */
+#define bn_set_low(r,a,n) \
+	{ \
+	(r)->top=((a)->top > (n))?(n):(a)->top; \
+	(r)->d=(a)->d; \
+	(r)->neg=(a)->neg; \
+	(r)->flags|=BN_FLG_STATIC_DATA; \
+	bn_set_max(r); \
+	}
+
+#define bn_set_high(r,a,n) \
+	{ \
+	if ((a)->top > (n)) \
+		{ \
+		(r)->top=(a)->top-n; \
+		(r)->d= &((a)->d[n]); \
+		} \
+	else \
+		(r)->top=0; \
+	(r)->neg=(a)->neg; \
+	(r)->flags|=BN_FLG_STATIC_DATA; \
+	bn_set_max(r); \
+	}
+
+/* #define bn_expand(n,b) ((((b)/BN_BITS2) <= (n)->max)?(n):bn_expand2((n),(b))) */
+
+#ifdef BN_LLONG
+#define mul_add(r,a,w,c) { \
+	BN_ULLONG t; \
+	t=(BN_ULLONG)w * (a) + (r) + (c); \
+	(r)= Lw(t); \
+	(c)= Hw(t); \
+	}
+
+#define mul(r,a,w,c) { \
+	BN_ULLONG t; \
+	t=(BN_ULLONG)w * (a) + (c); \
+	(r)= Lw(t); \
+	(c)= Hw(t); \
+	}
+
+#else
+/*************************************************************
+ * No long long type
+ */
+
+#define LBITS(a)	((a)&BN_MASK2l)
+#define HBITS(a)	(((a)>>BN_BITS4)&BN_MASK2l)
+#define	L2HBITS(a)	((BN_ULONG)((a)&BN_MASK2l)<>BN_BITS2)&BN_MASKl)
+#define	LL2HBITS(a)	((BN_ULLONG)((a)&BN_MASKl)<>(BN_BITS4-1); \
+	m =(m&BN_MASK2l)<<(BN_BITS4+1); \
+	l=(l+m)&BN_MASK2; if (l < m) h++; \
+	(lo)=l; \
+	(ho)=h; \
+	}
+
+#define mul_add(r,a,bl,bh,c) { \
+	BN_ULONG l,h; \
+ \
+	h= (a); \
+	l=LBITS(h); \
+	h=HBITS(h); \
+	mul64(l,h,(bl),(bh)); \
+ \
+	/* non-multiply part */ \
+	l=(l+(c))&BN_MASK2; if (l < (c)) h++; \
+	(c)=(r); \
+	l=(l+(c))&BN_MASK2; if (l < (c)) h++; \
+	(c)=h&BN_MASK2; \
+	(r)=l; \
+	}
+
+#define mul(r,a,bl,bh,c) { \
+	BN_ULONG l,h; \
+ \
+	h= (a); \
+	l=LBITS(h); \
+	h=HBITS(h); \
+	mul64(l,h,(bl),(bh)); \
+ \
+	/* non-multiply part */ \
+	l+=(c); if ((l&BN_MASK2) < (c)) h++; \
+	(c)=h&BN_MASK2; \
+	(r)=l&BN_MASK2; \
+	}
+
+#endif
+
+OPENSSL_EXTERN int bn_limit_bits;
+OPENSSL_EXTERN int bn_limit_num;        /* (1<
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+const char *BN_version="Big Number" OPENSSL_VERSION_PTEXT;
+
+/* For a 32 bit machine
+ * 2 -   4 ==  128
+ * 3 -   8 ==  256
+ * 4 -  16 ==  512
+ * 5 -  32 == 1024
+ * 6 -  64 == 2048
+ * 7 - 128 == 4096
+ * 8 - 256 == 8192
+ */
+OPENSSL_GLOBAL int bn_limit_bits=0;
+OPENSSL_GLOBAL int bn_limit_num=8;        /* (1<= 0)
+		{
+		if (mult > (sizeof(int)*8)-1)
+			mult=sizeof(int)*8-1;
+		bn_limit_bits=mult;
+		bn_limit_num=1<= 0)
+		{
+		if (high > (sizeof(int)*8)-1)
+			high=sizeof(int)*8-1;
+		bn_limit_bits_high=high;
+		bn_limit_num_high=1<= 0)
+		{
+		if (low > (sizeof(int)*8)-1)
+			low=sizeof(int)*8-1;
+		bn_limit_bits_low=low;
+		bn_limit_num_low=1<= 0)
+		{
+		if (mont > (sizeof(int)*8)-1)
+			mont=sizeof(int)*8-1;
+		bn_limit_bits_mont=mont;
+		bn_limit_num_mont=1<>56)]+56);
+				}
+			else	return(bits[(int)(l>>48)]+48);
+			}
+		else
+			{
+			if (l & 0x0000ff0000000000L)
+				{
+				return(bits[(int)(l>>40)]+40);
+				}
+			else	return(bits[(int)(l>>32)]+32);
+			}
+		}
+	else
+#else
+#ifdef SIXTY_FOUR_BIT
+	if (l & 0xffffffff00000000LL)
+		{
+		if (l & 0xffff000000000000LL)
+			{
+			if (l & 0xff00000000000000LL)
+				{
+				return(bits[(int)(l>>56)]+56);
+				}
+			else	return(bits[(int)(l>>48)]+48);
+			}
+		else
+			{
+			if (l & 0x0000ff0000000000LL)
+				{
+				return(bits[(int)(l>>40)]+40);
+				}
+			else	return(bits[(int)(l>>32)]+32);
+			}
+		}
+	else
+#endif
+#endif
+		{
+#if defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)
+		if (l & 0xffff0000L)
+			{
+			if (l & 0xff000000L)
+				return(bits[(int)(l>>24L)]+24);
+			else	return(bits[(int)(l>>16L)]+16);
+			}
+		else
+#endif
+			{
+#if defined(SIXTEEN_BIT) || defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)
+			if (l & 0xff00L)
+				return(bits[(int)(l>>8)]+8);
+			else	
+#endif
+				return(bits[(int)(l   )]  );
+			}
+		}
+	}
+
+int BN_num_bits(const BIGNUM *a)
+	{
+	BN_ULONG l;
+	int i;
+
+	bn_check_top(a);
+
+	if (a->top == 0) return(0);
+	l=a->d[a->top-1];
+	i=(a->top-1)*BN_BITS2;
+	if (l == 0)
+		{
+#if !defined(NO_STDIO) && !defined(WIN16)
+		fprintf(stderr,"BAD TOP VALUE\n");
+#endif
+		abort();
+		}
+	return(i+BN_num_bits_word(l));
+	}
+
+void BN_clear_free(BIGNUM *a)
+	{
+	int i;
+
+	if (a == NULL) return;
+	if (a->d != NULL)
+		{
+		memset(a->d,0,a->max*sizeof(a->d[0]));
+		if (!(BN_get_flags(a,BN_FLG_STATIC_DATA)))
+			Free(a->d);
+		}
+	i=BN_get_flags(a,BN_FLG_MALLOCED);
+	memset(a,0,sizeof(BIGNUM));
+	if (i)
+		Free(a);
+	}
+
+void BN_free(BIGNUM *a)
+	{
+	if (a == NULL) return;
+	if ((a->d != NULL) && !(BN_get_flags(a,BN_FLG_STATIC_DATA)))
+		Free(a->d);
+	a->flags|=BN_FLG_FREE; /* REMOVE? */
+	if (a->flags & BN_FLG_MALLOCED)
+		Free(a);
+	}
+
+void BN_init(BIGNUM *a)
+	{
+	memset(a,0,sizeof(BIGNUM));
+	}
+
+BIGNUM *BN_new(void)
+	{
+	BIGNUM *ret;
+
+	if ((ret=(BIGNUM *)Malloc(sizeof(BIGNUM))) == NULL)
+		{
+		BNerr(BN_F_BN_NEW,ERR_R_MALLOC_FAILURE);
+		return(NULL);
+		}
+	ret->flags=BN_FLG_MALLOCED;
+	ret->top=0;
+	ret->neg=0;
+	ret->max=0;
+	ret->d=NULL;
+	return(ret);
+	}
+
+
+BN_CTX *BN_CTX_new(void)
+	{
+	BN_CTX *ret;
+
+	ret=(BN_CTX *)Malloc(sizeof(BN_CTX));
+	if (ret == NULL)
+		{
+		BNerr(BN_F_BN_CTX_NEW,ERR_R_MALLOC_FAILURE);
+		return(NULL);
+		}
+
+	BN_CTX_init(ret);
+	ret->flags=BN_FLG_MALLOCED;
+	return(ret);
+	}
+
+void BN_CTX_init(BN_CTX *ctx)
+	{
+	memset(ctx,0,sizeof(BN_CTX));
+	ctx->tos=0;
+	ctx->flags=0;
+	}
+
+void BN_CTX_free(BN_CTX *c)
+	{
+	int i;
+
+	if(c == NULL)
+	    return;
+
+	for (i=0; ibn[i]));
+	if (c->flags & BN_FLG_MALLOCED)
+		Free(c);
+	}
+
+BIGNUM *bn_expand2(BIGNUM *b, int words)
+	{
+	BN_ULONG *A,*a;
+	const BN_ULONG *B;
+	int i;
+
+	bn_check_top(b);
+
+	if (words > b->max)
+		{
+		bn_check_top(b);	
+		if (BN_get_flags(b,BN_FLG_STATIC_DATA))
+			{
+			BNerr(BN_F_BN_EXPAND2,BN_R_EXPAND_ON_STATIC_BIGNUM_DATA);
+			return(NULL);
+			}
+		a=A=(BN_ULONG *)Malloc(sizeof(BN_ULONG)*(words+1));
+		if (A == NULL)
+			{
+			BNerr(BN_F_BN_EXPAND2,ERR_R_MALLOC_FAILURE);
+			return(NULL);
+			}
+#if 1
+		B=b->d;
+		/* Check if the previous number needs to be copied */
+		if (B != NULL)
+			{
+#if 0
+			/* This lot is an unrolled loop to copy b->top 
+			 * BN_ULONGs from B to A
+			 */
+/*
+ * I have nothing against unrolling but it's usually done for
+ * several reasons, namely:
+ * - minimize percentage of decision making code, i.e. branches;
+ * - avoid cache trashing;
+ * - make it possible to schedule loads earlier;
+ * Now let's examine the code below. The cornerstone of C is
+ * "programmer is always right" and that's what we love it for:-)
+ * For this very reason C compilers have to be paranoid when it
+ * comes to data aliasing and assume the worst. Yeah, but what
+ * does it mean in real life? This means that loop body below will
+ * be compiled to sequence of loads immediately followed by stores
+ * as compiler assumes the worst, something in A==B+1 style. As a
+ * result CPU pipeline is going to starve for incoming data. Secondly
+ * if A and B happen to share same cache line such code is going to
+ * cause severe cache trashing. Both factors have severe impact on
+ * performance of modern CPUs and this is the reason why this
+ * particulare piece of code is #ifdefed away and replaced by more
+ * "friendly" version found in #else section below. This comment
+ * also applies to BN_copy function.
+ *
+ *					
+ */
+			for (i=b->top&(~7); i>0; i-=8)
+				{
+				A[0]=B[0]; A[1]=B[1]; A[2]=B[2]; A[3]=B[3];
+				A[4]=B[4]; A[5]=B[5]; A[6]=B[6]; A[7]=B[7];
+				A+=8;
+				B+=8;
+				}
+			switch (b->top&7)
+				{
+			case 7:
+				A[6]=B[6];
+			case 6:
+				A[5]=B[5];
+			case 5:
+				A[4]=B[4];
+			case 4:
+				A[3]=B[3];
+			case 3:
+				A[2]=B[2];
+			case 2:
+				A[1]=B[1];
+			case 1:
+				A[0]=B[0];
+			case 0:
+				/* I need the 'case 0' entry for utrix cc.
+				 * If the optimiser is turned on, it does the
+				 * switch table by doing
+				 * a=top&7
+				 * a--;
+				 * goto jump_table[a];
+				 * If top is 0, this makes us jump to 0xffffffc 
+				 * which is rather bad :-(.
+				 * eric 23-Apr-1998
+				 */
+				;
+				}
+#else
+			for (i=b->top>>2; i>0; i--,A+=4,B+=4)
+				{
+				/*
+				 * The fact that the loop is unrolled
+				 * 4-wise is a tribute to Intel. It's
+				 * the one that doesn't have enough
+				 * registers to accomodate more data.
+				 * I'd unroll it 8-wise otherwise:-)
+				 *
+				 *		
+				 */
+				BN_ULONG a0,a1,a2,a3;
+				a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3];
+				A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3;
+				}
+			switch (b->top&3)
+				{
+				case 3:	A[2]=B[2];
+				case 2:	A[1]=B[1];
+				case 1:	A[0]=B[0];
+				case 0:	; /* ultrix cc workaround, see above */
+				}
+#endif
+			Free(b->d);
+			}
+
+		b->d=a;
+		b->max=words;
+
+		/* Now need to zero any data between b->top and b->max */
+
+		A= &(b->d[b->top]);
+		for (i=(b->max - b->top)>>3; i>0; i--,A+=8)
+			{
+			A[0]=0; A[1]=0; A[2]=0; A[3]=0;
+			A[4]=0; A[5]=0; A[6]=0; A[7]=0;
+			}
+		for (i=(b->max - b->top)&7; i>0; i--,A++)
+			A[0]=0;
+#else
+			memset(A,0,sizeof(BN_ULONG)*(words+1));
+			memcpy(A,b->d,sizeof(b->d[0])*b->top);
+			b->d=a;
+			b->max=words;
+#endif
+		
+/*		memset(&(p[b->max]),0,((words+1)-b->max)*sizeof(BN_ULONG)); */
+/*	{ int i; for (i=b->max; itop) == NULL) return(NULL);
+
+#if 1
+	A=a->d;
+	B=b->d;
+	for (i=b->top>>2; i>0; i--,A+=4,B+=4)
+		{
+		BN_ULONG a0,a1,a2,a3;
+		a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3];
+		A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3;
+		}
+	switch (b->top&3)
+		{
+		case 3: A[2]=B[2];
+		case 2: A[1]=B[1];
+		case 1: A[0]=B[0];
+		case 0: ; /* ultrix cc workaround, see comments in bn_expand2 */
+		}
+#else
+	memcpy(a->d,b->d,sizeof(b->d[0])*b->top);
+#endif
+
+/*	memset(&(a->d[b->top]),0,sizeof(a->d[0])*(a->max-b->top));*/
+	a->top=b->top;
+	if ((a->top == 0) && (a->d != NULL))
+		a->d[0]=0;
+	a->neg=b->neg;
+	return(a);
+	}
+
+void BN_clear(BIGNUM *a)
+	{
+	if (a->d != NULL)
+		memset(a->d,0,a->max*sizeof(a->d[0]));
+	a->top=0;
+	a->neg=0;
+	}
+
+BN_ULONG BN_get_word(BIGNUM *a)
+	{
+	int i,n;
+	BN_ULONG ret=0;
+
+	n=BN_num_bytes(a);
+	if (n > sizeof(BN_ULONG))
+		return(BN_MASK2);
+	for (i=a->top-1; i>=0; i--)
+		{
+#ifndef SIXTY_FOUR_BIT /* the data item > unsigned long */
+		ret<<=BN_BITS4; /* stops the compiler complaining */
+		ret<<=BN_BITS4;
+#else
+		ret=0;
+#endif
+		ret|=a->d[i];
+		}
+	return(ret);
+	}
+
+int BN_set_word(BIGNUM *a, BN_ULONG w)
+	{
+	int i,n;
+	if (bn_expand(a,sizeof(BN_ULONG)*8) == NULL) return(0);
+
+	n=sizeof(BN_ULONG)/BN_BYTES;
+	a->neg=0;
+	a->top=0;
+	a->d[0]=(BN_ULONG)w&BN_MASK2;
+	if (a->d[0] != 0) a->top=1;
+	for (i=1; i>=BN_BITS2 so compilers don't complain
+		 * on builds where sizeof(long) == BN_TYPES */
+#ifndef SIXTY_FOUR_BIT /* the data item > unsigned long */
+		w>>=BN_BITS4;
+		w>>=BN_BITS4;
+#else
+		w=0;
+#endif
+		a->d[i]=(BN_ULONG)w&BN_MASK2;
+		if (a->d[i] != 0) a->top=i+1;
+		}
+	return(1);
+	}
+
+/* ignore negative */
+BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret)
+	{
+	unsigned int i,m;
+	unsigned int n;
+	BN_ULONG l;
+
+	if (ret == NULL) ret=BN_new();
+	if (ret == NULL) return(NULL);
+	l=0;
+	n=len;
+	if (n == 0)
+		{
+		ret->top=0;
+		return(ret);
+		}
+	if (bn_expand(ret,(int)(n+2)*8) == NULL)
+		return(NULL);
+	i=((n-1)/BN_BYTES)+1;
+	m=((n-1)%(BN_BYTES));
+	ret->top=i;
+	while (n-- > 0)
+		{
+		l=(l<<8L)| *(s++);
+		if (m-- == 0)
+			{
+			ret->d[--i]=l;
+			l=0;
+			m=BN_BYTES-1;
+			}
+		}
+	/* need to call this due to clear byte at top if avoiding
+	 * having the top bit set (-ve number) */
+	bn_fix_top(ret);
+	return(ret);
+	}
+
+/* ignore negative */
+int BN_bn2bin(const BIGNUM *a, unsigned char *to)
+	{
+	int n,i;
+	BN_ULONG l;
+
+	n=i=BN_num_bytes(a);
+	while (i-- > 0)
+		{
+		l=a->d[i/BN_BYTES];
+		*(to++)=(unsigned char)(l>>(8*(i%BN_BYTES)))&0xff;
+		}
+	return(n);
+	}
+
+int BN_ucmp(const BIGNUM *a, const BIGNUM *b)
+	{
+	int i;
+	BN_ULONG t1,t2,*ap,*bp;
+
+	bn_check_top(a);
+	bn_check_top(b);
+
+	i=a->top-b->top;
+	if (i != 0) return(i);
+	ap=a->d;
+	bp=b->d;
+	for (i=a->top-1; i>=0; i--)
+		{
+		t1= ap[i];
+		t2= bp[i];
+		if (t1 != t2)
+			return(t1 > t2?1:-1);
+		}
+	return(0);
+	}
+
+int BN_cmp(const BIGNUM *a, const BIGNUM *b)
+	{
+	int i;
+	int gt,lt;
+	BN_ULONG t1,t2;
+
+	if ((a == NULL) || (b == NULL))
+		{
+		if (a != NULL)
+			return(-1);
+		else if (b != NULL)
+			return(1);
+		else
+			return(0);
+		}
+
+	bn_check_top(a);
+	bn_check_top(b);
+
+	if (a->neg != b->neg)
+		{
+		if (a->neg)
+			return(-1);
+		else	return(1);
+		}
+	if (a->neg == 0)
+		{ gt=1; lt= -1; }
+	else	{ gt= -1; lt=1; }
+
+	if (a->top > b->top) return(gt);
+	if (a->top < b->top) return(lt);
+	for (i=a->top-1; i>=0; i--)
+		{
+		t1=a->d[i];
+		t2=b->d[i];
+		if (t1 > t2) return(gt);
+		if (t1 < t2) return(lt);
+		}
+	return(0);
+	}
+
+int BN_set_bit(BIGNUM *a, int n)
+	{
+	int i,j,k;
+
+	i=n/BN_BITS2;
+	j=n%BN_BITS2;
+	if (a->top <= i)
+		{
+		if (bn_wexpand(a,i+1) == NULL) return(0);
+		for(k=a->top; kd[k]=0;
+		a->top=i+1;
+		}
+
+	a->d[i]|=(((BN_ULONG)1)<top <= i) return(0);
+
+	a->d[i]&=(~(((BN_ULONG)1)<top <= i) return(0);
+	return((a->d[i]&(((BN_ULONG)1)<= a->top) return(0);
+	if (b == 0)
+		a->top=w;
+	else
+		{
+		a->top=w+1;
+		a->d[w]&= ~(BN_MASK2< bb)?1:-1);
+	for (i=n-2; i>=0; i--)
+		{
+		aa=a[i];
+		bb=b[i];
+		if (aa != bb) return((aa > bb)?1:-1);
+		}
+	return(0);
+	}
+
diff --git a/crypto/openssl/crypto/bn/bn_mont.c b/crypto/openssl/crypto/bn/bn_mont.c
new file mode 100644
index 000000000000..ee0f410c22a2
--- /dev/null
+++ b/crypto/openssl/crypto/bn/bn_mont.c
@@ -0,0 +1,407 @@
+/* crypto/bn/bn_mont.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/*
+ * Details about Montgomery multiplication algorithms can be found at:
+ * http://www.ece.orst.edu/ISL/Publications.html
+ * http://www.ece.orst.edu/ISL/Koc/papers/j37acmon.pdf
+ */
+
+#include 
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+#define MONT_WORD
+
+int BN_mod_mul_montgomery(BIGNUM *r, BIGNUM *a, BIGNUM *b,
+			  BN_MONT_CTX *mont, BN_CTX *ctx)
+	{
+	BIGNUM *tmp,*tmp2;
+
+        tmp= &(ctx->bn[ctx->tos]);
+        tmp2= &(ctx->bn[ctx->tos]);
+	ctx->tos+=2;
+
+	bn_check_top(tmp);
+	bn_check_top(tmp2);
+
+	if (a == b)
+		{
+#if 0
+		bn_wexpand(tmp,a->top*2);
+		bn_wexpand(tmp2,a->top*4);
+		bn_sqr_recursive(tmp->d,a->d,a->top,tmp2->d);
+		tmp->top=a->top*2;
+		if (tmp->d[tmp->top-1] == 0)
+			tmp->top--;
+#else
+		if (!BN_sqr(tmp,a,ctx)) goto err;
+#endif
+		}
+	else
+		{
+		if (!BN_mul(tmp,a,b,ctx)) goto err;
+		}
+	/* reduce from aRR to aR */
+	if (!BN_from_montgomery(r,tmp,mont,ctx)) goto err;
+	ctx->tos-=2;
+	return(1);
+err:
+	return(0);
+	}
+
+int BN_from_montgomery(BIGNUM *ret, BIGNUM *a, BN_MONT_CTX *mont,
+	     BN_CTX *ctx)
+	{
+#ifdef BN_RECURSION_MONT
+	if (mont->use_word)
+#endif
+		{
+		BIGNUM *n,*r;
+		BN_ULONG *ap,*np,*rp,n0,v,*nrp;
+		int al,nl,max,i,x,ri;
+		int retn=0;
+
+		r= &(ctx->bn[ctx->tos]);
+
+		if (!BN_copy(r,a)) goto err1;
+		n= &(mont->N);
+
+		ap=a->d;
+		/* mont->ri is the size of mont->N in bits/words */
+		al=ri=mont->ri/BN_BITS2;
+
+		nl=n->top;
+		if ((al == 0) || (nl == 0)) { r->top=0; return(1); }
+
+		max=(nl+al+1); /* allow for overflow (no?) XXX */
+		if (bn_wexpand(r,max) == NULL) goto err1;
+		if (bn_wexpand(ret,max) == NULL) goto err1;
+
+		r->neg=a->neg^n->neg;
+		np=n->d;
+		rp=r->d;
+		nrp= &(r->d[nl]);
+
+		/* clear the top words of T */
+#if 1
+		for (i=r->top; id[i]=0;
+#else
+		memset(&(r->d[r->top]),0,(max-r->top)*sizeof(BN_ULONG)); 
+#endif
+
+		r->top=max;
+		n0=mont->n0;
+
+#ifdef BN_COUNT
+printf("word BN_from_montgomery %d * %d\n",nl,nl);
+#endif
+		for (i=0; i= v)
+				continue;
+			else
+				{
+				if (((++nrp[0])&BN_MASK2) != 0) continue;
+				if (((++nrp[1])&BN_MASK2) != 0) continue;
+				for (x=2; (((++nrp[x])&BN_MASK2) == 0); x++) ;
+				}
+			}
+		bn_fix_top(r);
+
+		/* mont->ri will be a multiple of the word size */
+#if 0
+		BN_rshift(ret,r,mont->ri);
+#else
+		x=ri;
+		rp=ret->d;
+		ap= &(r->d[x]);
+		if (r->top < x)
+			al=0;
+		else
+			al=r->top-x;
+		ret->top=al;
+		al-=4;
+		for (i=0; iN)) >= 0)
+			{
+			BN_usub(ret,ret,&(mont->N)); /* XXX */
+			}
+		retn=1;
+err1:
+		return(retn);
+		}
+#ifdef BN_RECURSION_MONT
+	else /* bignum version */ 
+		{
+		BIGNUM *t1,*t2,*t3;
+		int j,i;
+
+#ifdef BN_COUNT
+printf("number BN_from_montgomery\n");
+#endif
+
+		t1= &(ctx->bn[ctx->tos]);
+		t2= &(ctx->bn[ctx->tos+1]);
+		t3= &(ctx->bn[ctx->tos+2]);
+
+		i=mont->Ni.top;
+		bn_wexpand(ret,i); /* perhaps only i*2 */
+		bn_wexpand(t1,i*4); /* perhaps only i*2 */
+		bn_wexpand(t2,i*2); /* perhaps only i   */
+
+		bn_mul_low_recursive(t2->d,a->d,mont->Ni.d,i,t1->d);
+
+		BN_zero(t3);
+		BN_set_bit(t3,mont->N.top*BN_BITS2);
+		bn_sub_words(t3->d,t3->d,a->d,i);
+		bn_mul_high(ret->d,t2->d,mont->N.d,t3->d,i,t1->d);
+
+		/* hmm... if a is between i and 2*i, things are bad */
+		if (a->top > i)
+			{
+			j=(int)(bn_add_words(ret->d,ret->d,&(a->d[i]),i));
+			if (j) /* overflow */
+				bn_sub_words(ret->d,ret->d,mont->N.d,i);
+			}
+		ret->top=i;
+		bn_fix_top(ret);
+		if (a->d[0])
+			BN_add_word(ret,1); /* Always? */
+		else	/* Very very rare */
+			{
+			for (i=1; iN.top-1; i++)
+				{
+				if (a->d[i])
+					{
+					BN_add_word(ret,1); /* Always? */
+					break;
+					}
+				}
+			}
+
+		if (BN_ucmp(ret,&(mont->N)) >= 0)
+			BN_usub(ret,ret,&(mont->N));
+
+		return(1);
+		}
+#endif
+	}
+
+BN_MONT_CTX *BN_MONT_CTX_new(void)
+	{
+	BN_MONT_CTX *ret;
+
+	if ((ret=(BN_MONT_CTX *)Malloc(sizeof(BN_MONT_CTX))) == NULL)
+		return(NULL);
+
+	BN_MONT_CTX_init(ret);
+	ret->flags=BN_FLG_MALLOCED;
+	return(ret);
+	}
+
+void BN_MONT_CTX_init(BN_MONT_CTX *ctx)
+	{
+	ctx->use_word=0;
+	ctx->ri=0;
+	BN_init(&(ctx->RR));
+	BN_init(&(ctx->N));
+	BN_init(&(ctx->Ni));
+	ctx->flags=0;
+	}
+
+void BN_MONT_CTX_free(BN_MONT_CTX *mont)
+	{
+	if(mont == NULL)
+	    return;
+
+	BN_free(&(mont->RR));
+	BN_free(&(mont->N));
+	BN_free(&(mont->Ni));
+	if (mont->flags & BN_FLG_MALLOCED)
+		Free(mont);
+	}
+
+int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
+	{
+	BIGNUM Ri,*R;
+
+	BN_init(&Ri);
+	R= &(mont->RR);					/* grab RR as a temp */
+	BN_copy(&(mont->N),mod);			/* Set N */
+
+#ifdef BN_RECURSION_MONT
+	if (mont->N.top < BN_MONT_CTX_SET_SIZE_WORD)
+#endif
+		{
+		BIGNUM tmod;
+		BN_ULONG buf[2];
+
+		mont->use_word=1;
+
+		mont->ri=(BN_num_bits(mod)+(BN_BITS2-1))/BN_BITS2*BN_BITS2;
+		BN_zero(R);
+		BN_set_bit(R,BN_BITS2);
+		/* I was bad, this modification of a passed variable was
+		 * breaking the multithreaded stuff :-(
+		 * z=mod->top;
+		 * mod->top=1; */
+
+		buf[0]=mod->d[0];
+		buf[1]=0;
+		tmod.d=buf;
+		tmod.top=1;
+		tmod.max=mod->max;
+		tmod.neg=mod->neg;
+
+		if ((BN_mod_inverse(&Ri,R,&tmod,ctx)) == NULL)
+			goto err;
+		BN_lshift(&Ri,&Ri,BN_BITS2);			/* R*Ri */
+		if (!BN_is_zero(&Ri))
+			{
+#if 1
+			BN_sub_word(&Ri,1);
+#else
+			BN_usub(&Ri,&Ri,BN_value_one());	/* R*Ri - 1 */
+#endif
+			}
+		else
+			{
+			/* This is not common..., 1 in BN_MASK2,
+			 * It happens when buf[0] was == 1.  So for 8 bit,
+			 * this is 1/256, 16bit, 1 in 2^16 etc.
+			 */
+			BN_set_word(&Ri,BN_MASK2);
+			}
+		BN_div(&Ri,NULL,&Ri,&tmod,ctx);
+		mont->n0=Ri.d[0];
+		BN_free(&Ri);
+		/* mod->top=z; */
+		}
+#ifdef BN_RECURSION_MONT
+	else
+		{
+		mont->use_word=0;
+		mont->ri=(BN_num_bits(mod)+(BN_BITS2-1))/BN_BITS2*BN_BITS2;
+#if 1
+		BN_zero(R);
+		BN_set_bit(R,mont->ri);
+#else
+		BN_lshift(R,BN_value_one(),mont->ri);	/* R */
+#endif
+		if ((BN_mod_inverse(&Ri,R,mod,ctx)) == NULL)
+			goto err;
+		BN_lshift(&Ri,&Ri,mont->ri);		/* R*Ri */
+#if 1
+		BN_sub_word(&Ri,1);
+#else
+		BN_usub(&Ri,&Ri,BN_value_one());	/* R*Ri - 1 */
+#endif
+		BN_div(&(mont->Ni),NULL,&Ri,mod,ctx);
+		BN_free(&Ri);
+		}
+#endif
+
+	/* setup RR for conversions */
+#if 1
+	BN_zero(&(mont->RR));
+	BN_set_bit(&(mont->RR),mont->ri*2);
+#else
+	BN_lshift(mont->RR,BN_value_one(),mont->ri*2);
+#endif
+	BN_mod(&(mont->RR),&(mont->RR),&(mont->N),ctx);
+
+	return(1);
+err:
+	return(0);
+	}
+
+BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from)
+	{
+	if (to == from) return(to);
+
+	BN_copy(&(to->RR),&(from->RR));
+	BN_copy(&(to->N),&(from->N));
+	BN_copy(&(to->Ni),&(from->Ni));
+	to->use_word=from->use_word;
+	to->ri=from->ri;
+	to->n0=from->n0;
+	return(to);
+	}
+
diff --git a/crypto/openssl/crypto/bn/bn_mpi.c b/crypto/openssl/crypto/bn/bn_mpi.c
new file mode 100644
index 000000000000..80e1dca6b734
--- /dev/null
+++ b/crypto/openssl/crypto/bn/bn_mpi.c
@@ -0,0 +1,129 @@
+/* crypto/bn/bn_mpi.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+int BN_bn2mpi(const BIGNUM *a, unsigned char *d)
+	{
+	int bits;
+	int num=0;
+	int ext=0;
+	long l;
+
+	bits=BN_num_bits(a);
+	num=(bits+7)/8;
+	if (bits > 0)
+		{
+		ext=((bits & 0x07) == 0);
+		}
+	if (d == NULL)
+		return(num+4+ext);
+
+	l=num+ext;
+	d[0]=(unsigned char)(l>>24)&0xff;
+	d[1]=(unsigned char)(l>>16)&0xff;
+	d[2]=(unsigned char)(l>> 8)&0xff;
+	d[3]=(unsigned char)(l    )&0xff;
+	if (ext) d[4]=0;
+	num=BN_bn2bin(a,&(d[4+ext]));
+	if (a->neg)
+		d[4]|=0x80;
+	return(num+4+ext);
+	}
+
+BIGNUM *BN_mpi2bn(unsigned char *d, int n, BIGNUM *a)
+	{
+	long len;
+	int neg=0;
+
+	if (n < 4)
+		{
+		BNerr(BN_F_BN_MPI2BN,BN_R_INVALID_LENGTH);
+		return(NULL);
+		}
+	len=((long)d[0]<<24)|((long)d[1]<<16)|((int)d[2]<<8)|(int)d[3];
+	if ((len+4) != n)
+		{
+		BNerr(BN_F_BN_MPI2BN,BN_R_ENCODING_ERROR);
+		return(NULL);
+		}
+
+	if (a == NULL) a=BN_new();
+	if (a == NULL) return(NULL);
+
+	if (len == 0)
+		{
+		a->neg=0;
+		a->top=0;
+		return(a);
+		}
+	d+=4;
+	if ((*d) & 0x80)
+		neg=1;
+	if (BN_bin2bn(d,(int)len,a) == NULL)
+		return(NULL);
+	a->neg=neg;
+	if (neg)
+		{
+		BN_clear_bit(a,BN_num_bits(a)-1);
+		}
+	return(a);
+	}
+
diff --git a/crypto/openssl/crypto/bn/bn_mul.c b/crypto/openssl/crypto/bn/bn_mul.c
new file mode 100644
index 000000000000..38c47f3d1f09
--- /dev/null
+++ b/crypto/openssl/crypto/bn/bn_mul.c
@@ -0,0 +1,756 @@
+/* crypto/bn/bn_mul.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+#ifdef BN_RECURSION
+/* r is 2*n2 words in size,
+ * a and b are both n2 words in size.
+ * n2 must be a power of 2.
+ * We multiply and return the result.
+ * t must be 2*n2 words in size
+ * We calulate
+ * a[0]*b[0]
+ * a[0]*b[0]+a[1]*b[1]+(a[0]-a[1])*(b[1]-b[0])
+ * a[1]*b[1]
+ */
+void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
+	     BN_ULONG *t)
+	{
+	int n=n2/2,c1,c2;
+	unsigned int neg,zero;
+	BN_ULONG ln,lo,*p;
+
+#ifdef BN_COUNT
+printf(" bn_mul_recursive %d * %d\n",n2,n2);
+#endif
+#ifdef BN_MUL_COMBA
+/*	if (n2 == 4)
+		{
+		bn_mul_comba4(r,a,b);
+		return;
+		}
+	else */ if (n2 == 8)
+		{
+		bn_mul_comba8(r,a,b);
+		return; 
+		}
+#endif
+	if (n2 < BN_MUL_RECURSIVE_SIZE_NORMAL)
+		{
+		/* This should not happen */
+		bn_mul_normal(r,a,n2,b,n2);
+		return;
+		}
+	/* r=(a[0]-a[1])*(b[1]-b[0]) */
+	c1=bn_cmp_words(a,&(a[n]),n);
+	c2=bn_cmp_words(&(b[n]),b,n);
+	zero=neg=0;
+	switch (c1*3+c2)
+		{
+	case -4:
+		bn_sub_words(t,      &(a[n]),a,      n); /* - */
+		bn_sub_words(&(t[n]),b,      &(b[n]),n); /* - */
+		break;
+	case -3:
+		zero=1;
+		break;
+	case -2:
+		bn_sub_words(t,      &(a[n]),a,      n); /* - */
+		bn_sub_words(&(t[n]),&(b[n]),b,      n); /* + */
+		neg=1;
+		break;
+	case -1:
+	case 0:
+	case 1:
+		zero=1;
+		break;
+	case 2:
+		bn_sub_words(t,      a,      &(a[n]),n); /* + */
+		bn_sub_words(&(t[n]),b,      &(b[n]),n); /* - */
+		neg=1;
+		break;
+	case 3:
+		zero=1;
+		break;
+	case 4:
+		bn_sub_words(t,      a,      &(a[n]),n);
+		bn_sub_words(&(t[n]),&(b[n]),b,      n);
+		break;
+		}
+
+#ifdef BN_MUL_COMBA
+	if (n == 4)
+		{
+		if (!zero)
+			bn_mul_comba4(&(t[n2]),t,&(t[n]));
+		else
+			memset(&(t[n2]),0,8*sizeof(BN_ULONG));
+		
+		bn_mul_comba4(r,a,b);
+		bn_mul_comba4(&(r[n2]),&(a[n]),&(b[n]));
+		}
+	else if (n == 8)
+		{
+		if (!zero)
+			bn_mul_comba8(&(t[n2]),t,&(t[n]));
+		else
+			memset(&(t[n2]),0,16*sizeof(BN_ULONG));
+		
+		bn_mul_comba8(r,a,b);
+		bn_mul_comba8(&(r[n2]),&(a[n]),&(b[n]));
+		}
+	else
+#endif
+		{
+		p= &(t[n2*2]);
+		if (!zero)
+			bn_mul_recursive(&(t[n2]),t,&(t[n]),n,p);
+		else
+			memset(&(t[n2]),0,n2*sizeof(BN_ULONG));
+		bn_mul_recursive(r,a,b,n,p);
+		bn_mul_recursive(&(r[n2]),&(a[n]),&(b[n]),n,p);
+		}
+
+	/* t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign
+	 * r[10] holds (a[0]*b[0])
+	 * r[32] holds (b[1]*b[1])
+	 */
+
+	c1=(int)(bn_add_words(t,r,&(r[n2]),n2));
+
+	if (neg) /* if t[32] is negative */
+		{
+		c1-=(int)(bn_sub_words(&(t[n2]),t,&(t[n2]),n2));
+		}
+	else
+		{
+		/* Might have a carry */
+		c1+=(int)(bn_add_words(&(t[n2]),&(t[n2]),t,n2));
+		}
+
+	/* t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1])
+	 * r[10] holds (a[0]*b[0])
+	 * r[32] holds (b[1]*b[1])
+	 * c1 holds the carry bits
+	 */
+	c1+=(int)(bn_add_words(&(r[n]),&(r[n]),&(t[n2]),n2));
+	if (c1)
+		{
+		p= &(r[n+n2]);
+		lo= *p;
+		ln=(lo+c1)&BN_MASK2;
+		*p=ln;
+
+		/* The overflow will stop before we over write
+		 * words we should not overwrite */
+		if (ln < (BN_ULONG)c1)
+			{
+			do	{
+				p++;
+				lo= *p;
+				ln=(lo+1)&BN_MASK2;
+				*p=ln;
+				} while (ln == 0);
+			}
+		}
+	}
+
+/* n+tn is the word length
+ * t needs to be n*4 is size, as does r */
+void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int tn,
+	     int n, BN_ULONG *t)
+	{
+	int i,j,n2=n*2;
+	unsigned int c1;
+	BN_ULONG ln,lo,*p;
+
+#ifdef BN_COUNT
+printf(" bn_mul_part_recursive %d * %d\n",tn+n,tn+n);
+#endif
+	if (n < 8)
+		{
+		i=tn+n;
+		bn_mul_normal(r,a,i,b,i);
+		return;
+		}
+
+	/* r=(a[0]-a[1])*(b[1]-b[0]) */
+	bn_sub_words(t,      a,      &(a[n]),n); /* + */
+	bn_sub_words(&(t[n]),b,      &(b[n]),n); /* - */
+
+/*	if (n == 4)
+		{
+		bn_mul_comba4(&(t[n2]),t,&(t[n]));
+		bn_mul_comba4(r,a,b);
+		bn_mul_normal(&(r[n2]),&(a[n]),tn,&(b[n]),tn);
+		memset(&(r[n2+tn*2]),0,sizeof(BN_ULONG)*(n2-tn*2));
+		}
+	else */ if (n == 8)
+		{
+		bn_mul_comba8(&(t[n2]),t,&(t[n]));
+		bn_mul_comba8(r,a,b);
+		bn_mul_normal(&(r[n2]),&(a[n]),tn,&(b[n]),tn);
+		memset(&(r[n2+tn*2]),0,sizeof(BN_ULONG)*(n2-tn*2));
+		}
+	else
+		{
+		p= &(t[n2*2]);
+		bn_mul_recursive(&(t[n2]),t,&(t[n]),n,p);
+		bn_mul_recursive(r,a,b,n,p);
+		i=n/2;
+		/* If there is only a bottom half to the number,
+		 * just do it */
+		j=tn-i;
+		if (j == 0)
+			{
+			bn_mul_recursive(&(r[n2]),&(a[n]),&(b[n]),i,p);
+			memset(&(r[n2+i*2]),0,sizeof(BN_ULONG)*(n2-i*2));
+			}
+		else if (j > 0) /* eg, n == 16, i == 8 and tn == 11 */
+				{
+				bn_mul_part_recursive(&(r[n2]),&(a[n]),&(b[n]),
+					j,i,p);
+				memset(&(r[n2+tn*2]),0,
+					sizeof(BN_ULONG)*(n2-tn*2));
+				}
+		else /* (j < 0) eg, n == 16, i == 8 and tn == 5 */
+			{
+			memset(&(r[n2]),0,sizeof(BN_ULONG)*n2);
+			if (tn < BN_MUL_RECURSIVE_SIZE_NORMAL)
+				{
+				bn_mul_normal(&(r[n2]),&(a[n]),tn,&(b[n]),tn);
+				}
+			else
+				{
+				for (;;)
+					{
+					i/=2;
+					if (i < tn)
+						{
+						bn_mul_part_recursive(&(r[n2]),
+							&(a[n]),&(b[n]),
+							tn-i,i,p);
+						break;
+						}
+					else if (i == tn)
+						{
+						bn_mul_recursive(&(r[n2]),
+							&(a[n]),&(b[n]),
+							i,p);
+						break;
+						}
+					}
+				}
+			}
+		}
+
+	/* t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign
+	 * r[10] holds (a[0]*b[0])
+	 * r[32] holds (b[1]*b[1])
+	 */
+
+	c1=(int)(bn_add_words(t,r,&(r[n2]),n2));
+	c1-=(int)(bn_sub_words(&(t[n2]),t,&(t[n2]),n2));
+
+	/* t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1])
+	 * r[10] holds (a[0]*b[0])
+	 * r[32] holds (b[1]*b[1])
+	 * c1 holds the carry bits
+	 */
+	c1+=(int)(bn_add_words(&(r[n]),&(r[n]),&(t[n2]),n2));
+	if (c1)
+		{
+		p= &(r[n+n2]);
+		lo= *p;
+		ln=(lo+c1)&BN_MASK2;
+		*p=ln;
+
+		/* The overflow will stop before we over write
+		 * words we should not overwrite */
+		if (ln < c1)
+			{
+			do	{
+				p++;
+				lo= *p;
+				ln=(lo+1)&BN_MASK2;
+				*p=ln;
+				} while (ln == 0);
+			}
+		}
+	}
+
+/* a and b must be the same size, which is n2.
+ * r needs to be n2 words and t needs to be n2*2
+ */
+void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
+	     BN_ULONG *t)
+	{
+	int n=n2/2;
+
+#ifdef BN_COUNT
+printf(" bn_mul_low_recursive %d * %d\n",n2,n2);
+#endif
+
+	bn_mul_recursive(r,a,b,n,&(t[0]));
+	if (n >= BN_MUL_LOW_RECURSIVE_SIZE_NORMAL)
+		{
+		bn_mul_low_recursive(&(t[0]),&(a[0]),&(b[n]),n,&(t[n2]));
+		bn_add_words(&(r[n]),&(r[n]),&(t[0]),n);
+		bn_mul_low_recursive(&(t[0]),&(a[n]),&(b[0]),n,&(t[n2]));
+		bn_add_words(&(r[n]),&(r[n]),&(t[0]),n);
+		}
+	else
+		{
+		bn_mul_low_normal(&(t[0]),&(a[0]),&(b[n]),n);
+		bn_mul_low_normal(&(t[n]),&(a[n]),&(b[0]),n);
+		bn_add_words(&(r[n]),&(r[n]),&(t[0]),n);
+		bn_add_words(&(r[n]),&(r[n]),&(t[n]),n);
+		}
+	}
+
+/* a and b must be the same size, which is n2.
+ * r needs to be n2 words and t needs to be n2*2
+ * l is the low words of the output.
+ * t needs to be n2*3
+ */
+void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2,
+	     BN_ULONG *t)
+	{
+	int i,n;
+	int c1,c2;
+	int neg,oneg,zero;
+	BN_ULONG ll,lc,*lp,*mp;
+
+#ifdef BN_COUNT
+printf(" bn_mul_high %d * %d\n",n2,n2);
+#endif
+	n=n2/2;
+
+	/* Calculate (al-ah)*(bh-bl) */
+	neg=zero=0;
+	c1=bn_cmp_words(&(a[0]),&(a[n]),n);
+	c2=bn_cmp_words(&(b[n]),&(b[0]),n);
+	switch (c1*3+c2)
+		{
+	case -4:
+		bn_sub_words(&(r[0]),&(a[n]),&(a[0]),n);
+		bn_sub_words(&(r[n]),&(b[0]),&(b[n]),n);
+		break;
+	case -3:
+		zero=1;
+		break;
+	case -2:
+		bn_sub_words(&(r[0]),&(a[n]),&(a[0]),n);
+		bn_sub_words(&(r[n]),&(b[n]),&(b[0]),n);
+		neg=1;
+		break;
+	case -1:
+	case 0:
+	case 1:
+		zero=1;
+		break;
+	case 2:
+		bn_sub_words(&(r[0]),&(a[0]),&(a[n]),n);
+		bn_sub_words(&(r[n]),&(b[0]),&(b[n]),n);
+		neg=1;
+		break;
+	case 3:
+		zero=1;
+		break;
+	case 4:
+		bn_sub_words(&(r[0]),&(a[0]),&(a[n]),n);
+		bn_sub_words(&(r[n]),&(b[n]),&(b[0]),n);
+		break;
+		}
+		
+	oneg=neg;
+	/* t[10] = (a[0]-a[1])*(b[1]-b[0]) */
+	/* r[10] = (a[1]*b[1]) */
+#ifdef BN_MUL_COMBA
+	if (n == 8)
+		{
+		bn_mul_comba8(&(t[0]),&(r[0]),&(r[n]));
+		bn_mul_comba8(r,&(a[n]),&(b[n]));
+		}
+	else
+#endif
+		{
+		bn_mul_recursive(&(t[0]),&(r[0]),&(r[n]),n,&(t[n2]));
+		bn_mul_recursive(r,&(a[n]),&(b[n]),n,&(t[n2]));
+		}
+
+	/* s0 == low(al*bl)
+	 * s1 == low(ah*bh)+low((al-ah)*(bh-bl))+low(al*bl)+high(al*bl)
+	 * We know s0 and s1 so the only unknown is high(al*bl)
+	 * high(al*bl) == s1 - low(ah*bh+s0+(al-ah)*(bh-bl))
+	 * high(al*bl) == s1 - (r[0]+l[0]+t[0])
+	 */
+	if (l != NULL)
+		{
+		lp= &(t[n2+n]);
+		c1=(int)(bn_add_words(lp,&(r[0]),&(l[0]),n));
+		}
+	else
+		{
+		c1=0;
+		lp= &(r[0]);
+		}
+
+	if (neg)
+		neg=(int)(bn_sub_words(&(t[n2]),lp,&(t[0]),n));
+	else
+		{
+		bn_add_words(&(t[n2]),lp,&(t[0]),n);
+		neg=0;
+		}
+
+	if (l != NULL)
+		{
+		bn_sub_words(&(t[n2+n]),&(l[n]),&(t[n2]),n);
+		}
+	else
+		{
+		lp= &(t[n2+n]);
+		mp= &(t[n2]);
+		for (i=0; i 0)
+			{
+			lc=c1;
+			do	{
+				ll=(r[i]+lc)&BN_MASK2;
+				r[i++]=ll;
+				lc=(lc > ll);
+				} while (lc);
+			}
+		else
+			{
+			lc= -c1;
+			do	{
+				ll=r[i];
+				r[i++]=(ll-lc)&BN_MASK2;
+				lc=(lc > ll);
+				} while (lc);
+			}
+		}
+	if (c2 != 0) /* Add starting at r[1] */
+		{
+		i=n;
+		if (c2 > 0)
+			{
+			lc=c2;
+			do	{
+				ll=(r[i]+lc)&BN_MASK2;
+				r[i++]=ll;
+				lc=(lc > ll);
+				} while (lc);
+			}
+		else
+			{
+			lc= -c2;
+			do	{
+				ll=r[i];
+				r[i++]=(ll-lc)&BN_MASK2;
+				lc=(lc > ll);
+				} while (lc);
+			}
+		}
+	}
+#endif
+
+int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx)
+	{
+	int top,al,bl;
+	BIGNUM *rr;
+#ifdef BN_RECURSION
+	BIGNUM *t;
+	int i,j,k;
+#endif
+
+#ifdef BN_COUNT
+printf("BN_mul %d * %d\n",a->top,b->top);
+#endif
+
+	bn_check_top(a);
+	bn_check_top(b);
+	bn_check_top(r);
+
+	al=a->top;
+	bl=b->top;
+	r->neg=a->neg^b->neg;
+
+	if ((al == 0) || (bl == 0))
+		{
+		BN_zero(r);
+		return(1);
+		}
+	top=al+bl;
+
+	if ((r == a) || (r == b))
+		rr= &(ctx->bn[ctx->tos+1]);
+	else
+		rr=r;
+
+#if defined(BN_MUL_COMBA) || defined(BN_RECURSION)
+	if (al == bl)
+		{
+#  ifdef BN_MUL_COMBA
+/*		if (al == 4)
+			{
+			if (bn_wexpand(rr,8) == NULL) return(0);
+			rr->top=8;
+			bn_mul_comba4(rr->d,a->d,b->d);
+			goto end;
+			}
+		else */ if (al == 8)
+			{
+			if (bn_wexpand(rr,16) == NULL) return(0);
+			rr->top=16;
+			bn_mul_comba8(rr->d,a->d,b->d);
+			goto end;
+			}
+		else
+#  endif
+#ifdef BN_RECURSION
+		if (al < BN_MULL_SIZE_NORMAL)
+#endif
+			{
+			if (bn_wexpand(rr,top) == NULL) return(0);
+			rr->top=top;
+			bn_mul_normal(rr->d,a->d,al,b->d,bl);
+			goto end;
+			}
+#  ifdef BN_RECURSION
+		goto symetric;
+#  endif
+		}
+#endif
+#ifdef BN_RECURSION
+	else if ((al < BN_MULL_SIZE_NORMAL) || (bl < BN_MULL_SIZE_NORMAL))
+		{
+		if (bn_wexpand(rr,top) == NULL) return(0);
+		rr->top=top;
+		bn_mul_normal(rr->d,a->d,al,b->d,bl);
+		goto end;
+		}
+	else
+		{
+		i=(al-bl);
+		if ((i ==  1) && !BN_get_flags(b,BN_FLG_STATIC_DATA))
+			{
+			bn_wexpand(b,al);
+			b->d[bl]=0;
+			bl++;
+			goto symetric;
+			}
+		else if ((i ==  -1) && !BN_get_flags(a,BN_FLG_STATIC_DATA))
+			{
+			bn_wexpand(a,bl);
+			a->d[al]=0;
+			al++;
+			goto symetric;
+			}
+		}
+#endif
+
+	/* asymetric and >= 4 */ 
+	if (bn_wexpand(rr,top) == NULL) return(0);
+	rr->top=top;
+	bn_mul_normal(rr->d,a->d,al,b->d,bl);
+
+#ifdef BN_RECURSION
+	if (0)
+		{
+symetric:
+		/* symetric and > 4 */
+		/* 16 or larger */
+		j=BN_num_bits_word((BN_ULONG)al);
+		j=1<<(j-1);
+		k=j+j;
+		t= &(ctx->bn[ctx->tos]);
+		if (al == j) /* exact multiple */
+			{
+			bn_wexpand(t,k*2);
+			bn_wexpand(rr,k*2);
+			bn_mul_recursive(rr->d,a->d,b->d,al,t->d);
+			}
+		else
+			{
+			bn_wexpand(a,k);
+			bn_wexpand(b,k);
+			bn_wexpand(t,k*4);
+			bn_wexpand(rr,k*4);
+			for (i=a->top; id[i]=0;
+			for (i=b->top; id[i]=0;
+			bn_mul_part_recursive(rr->d,a->d,b->d,al-j,j,t->d);
+			}
+		rr->top=top;
+		}
+#endif
+#if defined(BN_MUL_COMBA) || defined(BN_RECURSION)
+end:
+#endif
+	bn_fix_top(rr);
+	if (r != rr) BN_copy(r,rr);
+	return(1);
+	}
+
+void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb)
+	{
+	BN_ULONG *rr;
+
+#ifdef BN_COUNT
+printf(" bn_mul_normal %d * %d\n",na,nb);
+#endif
+
+	if (na < nb)
+		{
+		int itmp;
+		BN_ULONG *ltmp;
+
+		itmp=na; na=nb; nb=itmp;
+		ltmp=a;   a=b;   b=ltmp;
+
+		}
+	rr= &(r[na]);
+	rr[0]=bn_mul_words(r,a,na,b[0]);
+
+	for (;;)
+		{
+		if (--nb <= 0) return;
+		rr[1]=bn_mul_add_words(&(r[1]),a,na,b[1]);
+		if (--nb <= 0) return;
+		rr[2]=bn_mul_add_words(&(r[2]),a,na,b[2]);
+		if (--nb <= 0) return;
+		rr[3]=bn_mul_add_words(&(r[3]),a,na,b[3]);
+		if (--nb <= 0) return;
+		rr[4]=bn_mul_add_words(&(r[4]),a,na,b[4]);
+		rr+=4;
+		r+=4;
+		b+=4;
+		}
+	}
+
+void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
+	{
+#ifdef BN_COUNT
+printf(" bn_mul_low_normal %d * %d\n",n,n);
+#endif
+	bn_mul_words(r,a,n,b[0]);
+
+	for (;;)
+		{
+		if (--n <= 0) return;
+		bn_mul_add_words(&(r[1]),a,n,b[1]);
+		if (--n <= 0) return;
+		bn_mul_add_words(&(r[2]),a,n,b[2]);
+		if (--n <= 0) return;
+		bn_mul_add_words(&(r[3]),a,n,b[3]);
+		if (--n <= 0) return;
+		bn_mul_add_words(&(r[4]),a,n,b[4]);
+		r+=4;
+		b+=4;
+		}
+	}
+
diff --git a/crypto/openssl/crypto/bn/bn_opts.c b/crypto/openssl/crypto/bn/bn_opts.c
new file mode 100644
index 000000000000..381be529b2f6
--- /dev/null
+++ b/crypto/openssl/crypto/bn/bn_opts.c
@@ -0,0 +1,324 @@
+/* crypto/bn/expspeed.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* most of this code has been pilfered from my libdes speed.c program */
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#define DEFAULT_SIZE	512
+#define DEFAULT_TIME	3
+
+int verbose=1;
+
+typedef struct parms_st
+	{
+	char *name;
+	void (*func)();
+	BIGNUM r;
+	BIGNUM a;
+	BIGNUM b;
+	BIGNUM c;
+	BIGNUM low;
+	BN_CTX *ctx;
+	BN_MONT_CTX *mont;
+	int w;
+	} PARMS;
+
+void do_mul_exp(int num,PARMS *p);
+void do_mul(int num,PARMS *p);
+void do_sqr(int num,PARMS *p);
+void do_mul_low(int num,PARMS *p);
+void do_mul_high(int num,PARMS *p);
+void do_from_montgomery(int num,PARMS *p);
+int time_it(int sec, PARMS *p);
+void do_it(int sec, PARMS *p);
+
+#define P_EXP	1
+#define P_MUL	2
+#define P_SQR	3
+#define P_MULL	4
+#define P_MULH	5
+#define P_MRED	6
+
+int main(int argc, char **argv)
+	{
+	PARMS p;
+	BN_MONT_CTX *mont;
+	int size=0,num;
+	char *name;
+	int type=P_EXP;
+
+	mont=BN_MONT_CTX_new();
+	p.mont=NULL;
+	p.ctx=BN_CTX_new();
+	BN_init(&p.r);
+	BN_init(&p.a);
+	BN_init(&p.b);
+	BN_init(&p.c);
+	BN_init(&p.low);
+	p.w=0;
+
+	for (;;)
+		{
+		if (argc > 1)
+			{
+			if (argv[1][0] == '-')
+				{
+				switch(argv[1][1])
+					{
+				case 'e': type=P_EXP; break;
+				case 'm': type=P_MUL; break;
+				case 's': type=P_SQR; break;
+				case 'l': type=P_MULL; break;
+				case 'h': type=P_MULH; break;
+				case 'r': type=P_MRED; break;
+				default:
+					fprintf(stderr,"options: -[emslhr]\n");
+					exit(1);
+					}
+				}
+			else
+				{
+				size=atoi(argv[1]);
+				}
+			argc--;
+			argv++;
+			}
+		else
+			break;
+		}
+	if (size == 0)
+		size=DEFAULT_SIZE;
+
+	printf("bit size:%5d\n",size);
+
+	BN_rand(&p.a,size,1,0);
+	BN_rand(&p.b,size,1,0);
+	BN_rand(&p.c,size,1,1);
+	BN_mod(&p.a,&p.a,&p.c,p.ctx);
+	BN_mod(&p.b,&p.b,&p.c,p.ctx);
+	p.w=(p.a.top+1)/2;
+
+	BN_mul(&p.low,&p.a,&p.b,p.ctx);
+	p.low.top=p.a.top;
+	
+	switch(type)
+		{
+	case P_EXP:
+		p.name="r=a^b%c";
+		p.func=do_mul_exp;
+		p.mont=mont;
+		break;
+	case P_MUL:
+		p.name="r=a*b";
+		p.func=do_mul;
+		break;
+	case P_SQR:
+		p.name="r=a*a";
+		p.func=do_sqr;
+		break;
+	case P_MULL:
+		p.name="r=low(a*b)";
+		p.func=do_mul_low;
+		break;
+	case P_MULH:
+		p.name="r=high(a*b)";
+		p.func=do_mul_high;
+		break;
+	case P_MRED:
+		p.name="r=montgomery_reduction(a)";
+		p.func=do_from_montgomery;
+		p.mont=mont;
+		break;
+	default:
+		fprintf(stderr,"options: -[emslhr]\n");
+		exit(1);
+		}
+
+	num=time_it(DEFAULT_TIME,&p);
+	do_it(num,&p);
+	}
+
+void do_it(int num, PARMS *p)
+	{
+	char *start,*end;
+	int i,j,number;
+	double d;
+
+	start=ms_time_new();
+	end=ms_time_new();
+
+	number=BN_num_bits_word((BN_ULONG)BN_num_bits(&(p->c)))-
+		BN_num_bits_word(BN_BITS2)+2;
+	for (i=number-1; i >=0; i--)
+		{
+		if (i == 1) continue;
+		BN_set_params(i,i,i,1);
+		if (p->mont != NULL)
+			BN_MONT_CTX_set(p->mont,&(p->c),p->ctx);
+
+		printf("Timing %5d (%2d bit) %2d %2d %2d %2d :",
+			(1<func(num,p);
+		ms_time_get(end);
+		d=ms_time_diff(start,end);
+		printf("%6.6f sec, or %d in %.4f seconds\n",
+			(double)d/num,num,d);
+		}
+	}
+
+int time_it(int sec, PARMS *p)
+	{
+	char *start,*end;
+	int i,j;
+	double d;
+
+	if (p->mont != NULL)
+		BN_MONT_CTX_set(p->mont,&(p->c),p->ctx);
+
+	start=ms_time_new();
+	end=ms_time_new();
+
+	i=1;
+	for (;;)
+		{
+		if (verbose)
+			printf("timing %s for %d interations\n",p->name,i);
+
+		ms_time_get(start);
+		p->func(i,p);
+		ms_time_get(end);
+		d=ms_time_diff(start,end);
+
+		if 	(d < 0.01) i*=100;
+		else if (d < 0.1 ) i*=10;
+		else if (d > (double)sec) break;
+		else
+			{
+			i=(int)(1.0*i*sec/d);
+			break;
+			}
+		}
+	if (verbose)
+		printf("using %d interations\n",i);
+	return(i);
+	}
+
+void do_mul_exp(int num, PARMS *p)
+	{
+	int i;
+
+	for (i=0; ir),&(p->a),&(p->b),&(p->c),
+			p->ctx,p->mont);
+	}
+
+void do_mul(int num, PARMS *p)
+	{
+	int i;
+
+	for (i=0; ir),&(p->a),&(p->b),p->ctx);
+	}
+
+void do_sqr(int num, PARMS *p)
+	{
+	int i;
+
+	for (i=0; ir),&(p->a),p->ctx);
+	}
+
+void do_mul_low(int num, PARMS *p)
+	{
+	int i;
+	
+	for (i=0; ir),&(p->a),&(p->b),p->w,p->ctx);
+	}
+
+void do_mul_high(int num, PARMS *p)
+	{
+	int i;
+
+	for (i=0; ir),&(p->a),&(p->b),&(p->low),p->w,p->ctx);
+	}
+
+void do_from_montgomery(int num, PARMS *p)
+	{
+	int i;
+	
+	for (i=0; ir),&(p->a),p->mont,p->ctx);
+	}
+
diff --git a/crypto/openssl/crypto/bn/bn_prime.c b/crypto/openssl/crypto/bn/bn_prime.c
new file mode 100644
index 000000000000..6fa0f9be1ee3
--- /dev/null
+++ b/crypto/openssl/crypto/bn/bn_prime.c
@@ -0,0 +1,447 @@
+/* crypto/bn/bn_prime.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include "cryptlib.h"
+#include "bn_lcl.h"
+#include 
+
+/* The quick seive algorithm approach to weeding out primes is
+ * Philip Zimmermann's, as implemented in PGP.  I have had a read of
+ * his comments and implemented my own version.
+ */
+#include "bn_prime.h"
+
+static int witness(BIGNUM *a, BIGNUM *n, BN_CTX *ctx,BN_CTX *ctx2,
+	BN_MONT_CTX *mont);
+static int probable_prime(BIGNUM *rnd, int bits);
+static int probable_prime_dh(BIGNUM *rnd, int bits,
+	BIGNUM *add, BIGNUM *rem, BN_CTX *ctx);
+static int probable_prime_dh_strong(BIGNUM *rnd, int bits,
+	BIGNUM *add, BIGNUM *rem, BN_CTX *ctx);
+BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int strong, BIGNUM *add,
+	     BIGNUM *rem, void (*callback)(int,int,void *), void *cb_arg)
+	{
+	BIGNUM *rnd=NULL;
+	BIGNUM t;
+	int i,j,c1=0;
+	BN_CTX *ctx;
+
+	ctx=BN_CTX_new();
+	if (ctx == NULL) goto err;
+	if (ret == NULL)
+		{
+		if ((rnd=BN_new()) == NULL) goto err;
+		}
+	else
+		rnd=ret;
+	BN_init(&t);
+loop: 
+	/* make a random number and set the top and bottom bits */
+	if (add == NULL)
+		{
+		if (!probable_prime(rnd,bits)) goto err;
+		}
+	else
+		{
+		if (strong)
+			{
+			if (!probable_prime_dh_strong(rnd,bits,add,rem,ctx))
+				 goto err;
+			}
+		else
+			{
+			if (!probable_prime_dh(rnd,bits,add,rem,ctx))
+				goto err;
+			}
+		}
+	/* if (BN_mod_word(rnd,(BN_ULONG)3) == 1) goto loop; */
+	if (callback != NULL) callback(0,c1++,cb_arg);
+
+	if (!strong)
+		{
+		i=BN_is_prime(rnd,BN_prime_checks,callback,ctx,cb_arg);
+		if (i == -1) goto err;
+		if (i == 0) goto loop;
+		}
+	else
+		{
+		/* for a strong prime generation,
+		 * check that (p-1)/2 is prime.
+		 * Since a prime is odd, We just
+		 * need to divide by 2 */
+		if (!BN_rshift1(&t,rnd)) goto err;
+
+		for (i=0; ibn[ctx->tos++]);
+
+	/* Setup the montgomery structure */
+	if (!BN_MONT_CTX_set(mont,a,ctx2)) goto err;
+
+	for (i=0; itos--;
+	if ((ctx_passed == NULL) && (ctx != NULL))
+		BN_CTX_free(ctx);
+	if (ctx2 != NULL)
+		BN_CTX_free(ctx2);
+	if (mont != NULL) BN_MONT_CTX_free(mont);
+		
+	return(ret);
+	}
+
+#define RECP_MUL_MOD
+
+static int witness(BIGNUM *a, BIGNUM *n, BN_CTX *ctx, BN_CTX *ctx2,
+	     BN_MONT_CTX *mont)
+	{
+	int k,i,ret= -1,good;
+	BIGNUM *d,*dd,*tmp,*d1,*d2,*n1;
+	BIGNUM *mont_one,*mont_n1,*mont_a;
+
+	d1= &(ctx->bn[ctx->tos]);
+	d2= &(ctx->bn[ctx->tos+1]);
+	n1= &(ctx->bn[ctx->tos+2]);
+	ctx->tos+=3;
+
+	mont_one= &(ctx2->bn[ctx2->tos]);
+	mont_n1= &(ctx2->bn[ctx2->tos+1]);
+	mont_a= &(ctx2->bn[ctx2->tos+2]);
+	ctx2->tos+=3;
+
+	d=d1;
+	dd=d2;
+	if (!BN_one(d)) goto err;
+	if (!BN_sub(n1,n,d)) goto err; /* n1=n-1; */
+	k=BN_num_bits(n1);
+
+	if (!BN_to_montgomery(mont_one,BN_value_one(),mont,ctx2)) goto err;
+	if (!BN_to_montgomery(mont_n1,n1,mont,ctx2)) goto err;
+	if (!BN_to_montgomery(mont_a,a,mont,ctx2)) goto err;
+
+	BN_copy(d,mont_one);
+	for (i=k-1; i>=0; i--)
+		{
+		if (	(BN_cmp(d,mont_one) != 0) &&
+			(BN_cmp(d,mont_n1) != 0))
+			good=1;
+		else
+			good=0;
+
+		BN_mod_mul_montgomery(dd,d,d,mont,ctx2);
+
+		if (good && (BN_cmp(dd,mont_one) == 0))
+			{
+			ret=1;
+			goto err;
+			}
+		if (BN_is_bit_set(n1,i))
+			{
+			BN_mod_mul_montgomery(d,dd,mont_a,mont,ctx2);
+			}
+		else
+			{
+			tmp=d;
+			d=dd;
+			dd=tmp;
+			}
+		}
+	if (BN_cmp(d,mont_one) == 0)
+		i=0;
+	else	i=1;
+	ret=i;
+err:
+	ctx->tos-=3;
+	ctx2->tos-=3;
+	return(ret);
+	}
+
+static int probable_prime(BIGNUM *rnd, int bits)
+	{
+	int i;
+	MS_STATIC BN_ULONG mods[NUMPRIMES];
+	BN_ULONG delta,d;
+
+again:
+	if (!BN_rand(rnd,bits,1,1)) return(0);
+	/* we now have a random number 'rand' to test. */
+	for (i=1; ibn[ctx->tos++]);
+
+	if (!BN_rand(rnd,bits,0,1)) goto err;
+
+	/* we need ((rnd-rem) % add) == 0 */
+
+	if (!BN_mod(t1,rnd,add,ctx)) goto err;
+	if (!BN_sub(rnd,rnd,t1)) goto err;
+	if (rem == NULL)
+		{ if (!BN_add_word(rnd,1)) goto err; }
+	else
+		{ if (!BN_add(rnd,rnd,rem)) goto err; }
+
+	/* we now have a random number 'rand' to test. */
+
+	loop: for (i=1; itos--;
+	return(ret);
+	}
+
+static int probable_prime_dh_strong(BIGNUM *p, int bits, BIGNUM *padd,
+	     BIGNUM *rem, BN_CTX *ctx)
+	{
+	int i,ret=0;
+	BIGNUM *t1,*qadd=NULL,*q=NULL;
+
+	bits--;
+	t1= &(ctx->bn[ctx->tos++]);
+	q= &(ctx->bn[ctx->tos++]);
+	qadd= &(ctx->bn[ctx->tos++]);
+
+	if (!BN_rshift1(qadd,padd)) goto err;
+		
+	if (!BN_rand(q,bits,0,1)) goto err;
+
+	/* we need ((rnd-rem) % add) == 0 */
+	if (!BN_mod(t1,q,qadd,ctx)) goto err;
+	if (!BN_sub(q,q,t1)) goto err;
+	if (rem == NULL)
+		{ if (!BN_add_word(q,1)) goto err; }
+	else
+		{
+		if (!BN_rshift1(t1,rem)) goto err;
+		if (!BN_add(q,q,t1)) goto err;
+		}
+
+	/* we now have a random number 'rand' to test. */
+	if (!BN_lshift1(p,q)) goto err;
+	if (!BN_add_word(p,1)) goto err;
+
+	loop: for (i=1; itos-=3;
+	return(ret);
+	}
+
+#if 0
+static int witness(BIGNUM *a, BIGNUM *n, BN_CTX *ctx)
+	{
+	int k,i,nb,ret= -1;
+	BIGNUM *d,*dd,*tmp;
+	BIGNUM *d1,*d2,*x,*n1,*inv;
+
+	d1= &(ctx->bn[ctx->tos]);
+	d2= &(ctx->bn[ctx->tos+1]);
+	x=  &(ctx->bn[ctx->tos+2]);
+	n1= &(ctx->bn[ctx->tos+3]);
+	inv=&(ctx->bn[ctx->tos+4]);
+	ctx->tos+=5;
+
+	d=d1;
+	dd=d2;
+	if (!BN_one(d)) goto err;
+	if (!BN_sub(n1,n,d)) goto err; /* n1=n-1; */
+	k=BN_num_bits(n1);
+
+	/* i=BN_num_bits(n); */
+#ifdef RECP_MUL_MOD
+	nb=BN_reciprocal(inv,n,ctx); /**/
+	if (nb == -1) goto err;
+#endif
+
+	for (i=k-1; i>=0; i--)
+		{
+		if (BN_copy(x,d) == NULL) goto err;
+#ifndef RECP_MUL_MOD
+		if (!BN_mod_mul(dd,d,d,n,ctx)) goto err;
+#else
+		if (!BN_mod_mul_reciprocal(dd,d,d,n,inv,nb,ctx)) goto err;
+#endif
+		if (	BN_is_one(dd) &&
+			!BN_is_one(x) &&
+			(BN_cmp(x,n1) != 0))
+			{
+			ret=1;
+			goto err;
+			}
+		if (BN_is_bit_set(n1,i))
+			{
+#ifndef RECP_MUL_MOD
+			if (!BN_mod_mul(d,dd,a,n,ctx)) goto err;
+#else
+			if (!BN_mod_mul_reciprocal(d,dd,a,n,inv,nb,ctx)) goto err; 
+#endif
+			}
+		else
+			{
+			tmp=d;
+			d=dd;
+			dd=tmp;
+			}
+		}
+	if (BN_is_one(d))
+		i=0;
+	else	i=1;
+	ret=i;
+err:
+	ctx->tos-=5;
+	return(ret);
+	}
+#endif
diff --git a/crypto/openssl/crypto/bn/bn_prime.h b/crypto/openssl/crypto/bn/bn_prime.h
new file mode 100644
index 000000000000..6fce0210cdd4
--- /dev/null
+++ b/crypto/openssl/crypto/bn/bn_prime.h
@@ -0,0 +1,325 @@
+/* crypto/bn/bn_prime.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef EIGHT_BIT
+#define NUMPRIMES 2048
+#else
+#define NUMPRIMES 54
+#endif
+static unsigned int primes[NUMPRIMES]=
+	{
+	   2,   3,   5,   7,  11,  13,  17,  19,
+	  23,  29,  31,  37,  41,  43,  47,  53,
+	  59,  61,  67,  71,  73,  79,  83,  89,
+	  97, 101, 103, 107, 109, 113, 127, 131,
+	 137, 139, 149, 151, 157, 163, 167, 173,
+	 179, 181, 191, 193, 197, 199, 211, 223,
+	 227, 229, 233, 239, 241, 251,
+#ifndef EIGHT_BIT
+	 257, 263,
+	 269, 271, 277, 281, 283, 293, 307, 311,
+	 313, 317, 331, 337, 347, 349, 353, 359,
+	 367, 373, 379, 383, 389, 397, 401, 409,
+	 419, 421, 431, 433, 439, 443, 449, 457,
+	 461, 463, 467, 479, 487, 491, 499, 503,
+	 509, 521, 523, 541, 547, 557, 563, 569,
+	 571, 577, 587, 593, 599, 601, 607, 613,
+	 617, 619, 631, 641, 643, 647, 653, 659,
+	 661, 673, 677, 683, 691, 701, 709, 719,
+	 727, 733, 739, 743, 751, 757, 761, 769,
+	 773, 787, 797, 809, 811, 821, 823, 827,
+	 829, 839, 853, 857, 859, 863, 877, 881,
+	 883, 887, 907, 911, 919, 929, 937, 941,
+	 947, 953, 967, 971, 977, 983, 991, 997,
+	1009,1013,1019,1021,1031,1033,1039,1049,
+	1051,1061,1063,1069,1087,1091,1093,1097,
+	1103,1109,1117,1123,1129,1151,1153,1163,
+	1171,1181,1187,1193,1201,1213,1217,1223,
+	1229,1231,1237,1249,1259,1277,1279,1283,
+	1289,1291,1297,1301,1303,1307,1319,1321,
+	1327,1361,1367,1373,1381,1399,1409,1423,
+	1427,1429,1433,1439,1447,1451,1453,1459,
+	1471,1481,1483,1487,1489,1493,1499,1511,
+	1523,1531,1543,1549,1553,1559,1567,1571,
+	1579,1583,1597,1601,1607,1609,1613,1619,
+	1621,1627,1637,1657,1663,1667,1669,1693,
+	1697,1699,1709,1721,1723,1733,1741,1747,
+	1753,1759,1777,1783,1787,1789,1801,1811,
+	1823,1831,1847,1861,1867,1871,1873,1877,
+	1879,1889,1901,1907,1913,1931,1933,1949,
+	1951,1973,1979,1987,1993,1997,1999,2003,
+	2011,2017,2027,2029,2039,2053,2063,2069,
+	2081,2083,2087,2089,2099,2111,2113,2129,
+	2131,2137,2141,2143,2153,2161,2179,2203,
+	2207,2213,2221,2237,2239,2243,2251,2267,
+	2269,2273,2281,2287,2293,2297,2309,2311,
+	2333,2339,2341,2347,2351,2357,2371,2377,
+	2381,2383,2389,2393,2399,2411,2417,2423,
+	2437,2441,2447,2459,2467,2473,2477,2503,
+	2521,2531,2539,2543,2549,2551,2557,2579,
+	2591,2593,2609,2617,2621,2633,2647,2657,
+	2659,2663,2671,2677,2683,2687,2689,2693,
+	2699,2707,2711,2713,2719,2729,2731,2741,
+	2749,2753,2767,2777,2789,2791,2797,2801,
+	2803,2819,2833,2837,2843,2851,2857,2861,
+	2879,2887,2897,2903,2909,2917,2927,2939,
+	2953,2957,2963,2969,2971,2999,3001,3011,
+	3019,3023,3037,3041,3049,3061,3067,3079,
+	3083,3089,3109,3119,3121,3137,3163,3167,
+	3169,3181,3187,3191,3203,3209,3217,3221,
+	3229,3251,3253,3257,3259,3271,3299,3301,
+	3307,3313,3319,3323,3329,3331,3343,3347,
+	3359,3361,3371,3373,3389,3391,3407,3413,
+	3433,3449,3457,3461,3463,3467,3469,3491,
+	3499,3511,3517,3527,3529,3533,3539,3541,
+	3547,3557,3559,3571,3581,3583,3593,3607,
+	3613,3617,3623,3631,3637,3643,3659,3671,
+	3673,3677,3691,3697,3701,3709,3719,3727,
+	3733,3739,3761,3767,3769,3779,3793,3797,
+	3803,3821,3823,3833,3847,3851,3853,3863,
+	3877,3881,3889,3907,3911,3917,3919,3923,
+	3929,3931,3943,3947,3967,3989,4001,4003,
+	4007,4013,4019,4021,4027,4049,4051,4057,
+	4073,4079,4091,4093,4099,4111,4127,4129,
+	4133,4139,4153,4157,4159,4177,4201,4211,
+	4217,4219,4229,4231,4241,4243,4253,4259,
+	4261,4271,4273,4283,4289,4297,4327,4337,
+	4339,4349,4357,4363,4373,4391,4397,4409,
+	4421,4423,4441,4447,4451,4457,4463,4481,
+	4483,4493,4507,4513,4517,4519,4523,4547,
+	4549,4561,4567,4583,4591,4597,4603,4621,
+	4637,4639,4643,4649,4651,4657,4663,4673,
+	4679,4691,4703,4721,4723,4729,4733,4751,
+	4759,4783,4787,4789,4793,4799,4801,4813,
+	4817,4831,4861,4871,4877,4889,4903,4909,
+	4919,4931,4933,4937,4943,4951,4957,4967,
+	4969,4973,4987,4993,4999,5003,5009,5011,
+	5021,5023,5039,5051,5059,5077,5081,5087,
+	5099,5101,5107,5113,5119,5147,5153,5167,
+	5171,5179,5189,5197,5209,5227,5231,5233,
+	5237,5261,5273,5279,5281,5297,5303,5309,
+	5323,5333,5347,5351,5381,5387,5393,5399,
+	5407,5413,5417,5419,5431,5437,5441,5443,
+	5449,5471,5477,5479,5483,5501,5503,5507,
+	5519,5521,5527,5531,5557,5563,5569,5573,
+	5581,5591,5623,5639,5641,5647,5651,5653,
+	5657,5659,5669,5683,5689,5693,5701,5711,
+	5717,5737,5741,5743,5749,5779,5783,5791,
+	5801,5807,5813,5821,5827,5839,5843,5849,
+	5851,5857,5861,5867,5869,5879,5881,5897,
+	5903,5923,5927,5939,5953,5981,5987,6007,
+	6011,6029,6037,6043,6047,6053,6067,6073,
+	6079,6089,6091,6101,6113,6121,6131,6133,
+	6143,6151,6163,6173,6197,6199,6203,6211,
+	6217,6221,6229,6247,6257,6263,6269,6271,
+	6277,6287,6299,6301,6311,6317,6323,6329,
+	6337,6343,6353,6359,6361,6367,6373,6379,
+	6389,6397,6421,6427,6449,6451,6469,6473,
+	6481,6491,6521,6529,6547,6551,6553,6563,
+	6569,6571,6577,6581,6599,6607,6619,6637,
+	6653,6659,6661,6673,6679,6689,6691,6701,
+	6703,6709,6719,6733,6737,6761,6763,6779,
+	6781,6791,6793,6803,6823,6827,6829,6833,
+	6841,6857,6863,6869,6871,6883,6899,6907,
+	6911,6917,6947,6949,6959,6961,6967,6971,
+	6977,6983,6991,6997,7001,7013,7019,7027,
+	7039,7043,7057,7069,7079,7103,7109,7121,
+	7127,7129,7151,7159,7177,7187,7193,7207,
+	7211,7213,7219,7229,7237,7243,7247,7253,
+	7283,7297,7307,7309,7321,7331,7333,7349,
+	7351,7369,7393,7411,7417,7433,7451,7457,
+	7459,7477,7481,7487,7489,7499,7507,7517,
+	7523,7529,7537,7541,7547,7549,7559,7561,
+	7573,7577,7583,7589,7591,7603,7607,7621,
+	7639,7643,7649,7669,7673,7681,7687,7691,
+	7699,7703,7717,7723,7727,7741,7753,7757,
+	7759,7789,7793,7817,7823,7829,7841,7853,
+	7867,7873,7877,7879,7883,7901,7907,7919,
+	7927,7933,7937,7949,7951,7963,7993,8009,
+	8011,8017,8039,8053,8059,8069,8081,8087,
+	8089,8093,8101,8111,8117,8123,8147,8161,
+	8167,8171,8179,8191,8209,8219,8221,8231,
+	8233,8237,8243,8263,8269,8273,8287,8291,
+	8293,8297,8311,8317,8329,8353,8363,8369,
+	8377,8387,8389,8419,8423,8429,8431,8443,
+	8447,8461,8467,8501,8513,8521,8527,8537,
+	8539,8543,8563,8573,8581,8597,8599,8609,
+	8623,8627,8629,8641,8647,8663,8669,8677,
+	8681,8689,8693,8699,8707,8713,8719,8731,
+	8737,8741,8747,8753,8761,8779,8783,8803,
+	8807,8819,8821,8831,8837,8839,8849,8861,
+	8863,8867,8887,8893,8923,8929,8933,8941,
+	8951,8963,8969,8971,8999,9001,9007,9011,
+	9013,9029,9041,9043,9049,9059,9067,9091,
+	9103,9109,9127,9133,9137,9151,9157,9161,
+	9173,9181,9187,9199,9203,9209,9221,9227,
+	9239,9241,9257,9277,9281,9283,9293,9311,
+	9319,9323,9337,9341,9343,9349,9371,9377,
+	9391,9397,9403,9413,9419,9421,9431,9433,
+	9437,9439,9461,9463,9467,9473,9479,9491,
+	9497,9511,9521,9533,9539,9547,9551,9587,
+	9601,9613,9619,9623,9629,9631,9643,9649,
+	9661,9677,9679,9689,9697,9719,9721,9733,
+	9739,9743,9749,9767,9769,9781,9787,9791,
+	9803,9811,9817,9829,9833,9839,9851,9857,
+	9859,9871,9883,9887,9901,9907,9923,9929,
+	9931,9941,9949,9967,9973,10007,10009,10037,
+	10039,10061,10067,10069,10079,10091,10093,10099,
+	10103,10111,10133,10139,10141,10151,10159,10163,
+	10169,10177,10181,10193,10211,10223,10243,10247,
+	10253,10259,10267,10271,10273,10289,10301,10303,
+	10313,10321,10331,10333,10337,10343,10357,10369,
+	10391,10399,10427,10429,10433,10453,10457,10459,
+	10463,10477,10487,10499,10501,10513,10529,10531,
+	10559,10567,10589,10597,10601,10607,10613,10627,
+	10631,10639,10651,10657,10663,10667,10687,10691,
+	10709,10711,10723,10729,10733,10739,10753,10771,
+	10781,10789,10799,10831,10837,10847,10853,10859,
+	10861,10867,10883,10889,10891,10903,10909,10937,
+	10939,10949,10957,10973,10979,10987,10993,11003,
+	11027,11047,11057,11059,11069,11071,11083,11087,
+	11093,11113,11117,11119,11131,11149,11159,11161,
+	11171,11173,11177,11197,11213,11239,11243,11251,
+	11257,11261,11273,11279,11287,11299,11311,11317,
+	11321,11329,11351,11353,11369,11383,11393,11399,
+	11411,11423,11437,11443,11447,11467,11471,11483,
+	11489,11491,11497,11503,11519,11527,11549,11551,
+	11579,11587,11593,11597,11617,11621,11633,11657,
+	11677,11681,11689,11699,11701,11717,11719,11731,
+	11743,11777,11779,11783,11789,11801,11807,11813,
+	11821,11827,11831,11833,11839,11863,11867,11887,
+	11897,11903,11909,11923,11927,11933,11939,11941,
+	11953,11959,11969,11971,11981,11987,12007,12011,
+	12037,12041,12043,12049,12071,12073,12097,12101,
+	12107,12109,12113,12119,12143,12149,12157,12161,
+	12163,12197,12203,12211,12227,12239,12241,12251,
+	12253,12263,12269,12277,12281,12289,12301,12323,
+	12329,12343,12347,12373,12377,12379,12391,12401,
+	12409,12413,12421,12433,12437,12451,12457,12473,
+	12479,12487,12491,12497,12503,12511,12517,12527,
+	12539,12541,12547,12553,12569,12577,12583,12589,
+	12601,12611,12613,12619,12637,12641,12647,12653,
+	12659,12671,12689,12697,12703,12713,12721,12739,
+	12743,12757,12763,12781,12791,12799,12809,12821,
+	12823,12829,12841,12853,12889,12893,12899,12907,
+	12911,12917,12919,12923,12941,12953,12959,12967,
+	12973,12979,12983,13001,13003,13007,13009,13033,
+	13037,13043,13049,13063,13093,13099,13103,13109,
+	13121,13127,13147,13151,13159,13163,13171,13177,
+	13183,13187,13217,13219,13229,13241,13249,13259,
+	13267,13291,13297,13309,13313,13327,13331,13337,
+	13339,13367,13381,13397,13399,13411,13417,13421,
+	13441,13451,13457,13463,13469,13477,13487,13499,
+	13513,13523,13537,13553,13567,13577,13591,13597,
+	13613,13619,13627,13633,13649,13669,13679,13681,
+	13687,13691,13693,13697,13709,13711,13721,13723,
+	13729,13751,13757,13759,13763,13781,13789,13799,
+	13807,13829,13831,13841,13859,13873,13877,13879,
+	13883,13901,13903,13907,13913,13921,13931,13933,
+	13963,13967,13997,13999,14009,14011,14029,14033,
+	14051,14057,14071,14081,14083,14087,14107,14143,
+	14149,14153,14159,14173,14177,14197,14207,14221,
+	14243,14249,14251,14281,14293,14303,14321,14323,
+	14327,14341,14347,14369,14387,14389,14401,14407,
+	14411,14419,14423,14431,14437,14447,14449,14461,
+	14479,14489,14503,14519,14533,14537,14543,14549,
+	14551,14557,14561,14563,14591,14593,14621,14627,
+	14629,14633,14639,14653,14657,14669,14683,14699,
+	14713,14717,14723,14731,14737,14741,14747,14753,
+	14759,14767,14771,14779,14783,14797,14813,14821,
+	14827,14831,14843,14851,14867,14869,14879,14887,
+	14891,14897,14923,14929,14939,14947,14951,14957,
+	14969,14983,15013,15017,15031,15053,15061,15073,
+	15077,15083,15091,15101,15107,15121,15131,15137,
+	15139,15149,15161,15173,15187,15193,15199,15217,
+	15227,15233,15241,15259,15263,15269,15271,15277,
+	15287,15289,15299,15307,15313,15319,15329,15331,
+	15349,15359,15361,15373,15377,15383,15391,15401,
+	15413,15427,15439,15443,15451,15461,15467,15473,
+	15493,15497,15511,15527,15541,15551,15559,15569,
+	15581,15583,15601,15607,15619,15629,15641,15643,
+	15647,15649,15661,15667,15671,15679,15683,15727,
+	15731,15733,15737,15739,15749,15761,15767,15773,
+	15787,15791,15797,15803,15809,15817,15823,15859,
+	15877,15881,15887,15889,15901,15907,15913,15919,
+	15923,15937,15959,15971,15973,15991,16001,16007,
+	16033,16057,16061,16063,16067,16069,16073,16087,
+	16091,16097,16103,16111,16127,16139,16141,16183,
+	16187,16189,16193,16217,16223,16229,16231,16249,
+	16253,16267,16273,16301,16319,16333,16339,16349,
+	16361,16363,16369,16381,16411,16417,16421,16427,
+	16433,16447,16451,16453,16477,16481,16487,16493,
+	16519,16529,16547,16553,16561,16567,16573,16603,
+	16607,16619,16631,16633,16649,16651,16657,16661,
+	16673,16691,16693,16699,16703,16729,16741,16747,
+	16759,16763,16787,16811,16823,16829,16831,16843,
+	16871,16879,16883,16889,16901,16903,16921,16927,
+	16931,16937,16943,16963,16979,16981,16987,16993,
+	17011,17021,17027,17029,17033,17041,17047,17053,
+	17077,17093,17099,17107,17117,17123,17137,17159,
+	17167,17183,17189,17191,17203,17207,17209,17231,
+	17239,17257,17291,17293,17299,17317,17321,17327,
+	17333,17341,17351,17359,17377,17383,17387,17389,
+	17393,17401,17417,17419,17431,17443,17449,17467,
+	17471,17477,17483,17489,17491,17497,17509,17519,
+	17539,17551,17569,17573,17579,17581,17597,17599,
+	17609,17623,17627,17657,17659,17669,17681,17683,
+	17707,17713,17729,17737,17747,17749,17761,17783,
+	17789,17791,17807,17827,17837,17839,17851,17863,
+#endif
+	};
diff --git a/crypto/openssl/crypto/bn/bn_prime.pl b/crypto/openssl/crypto/bn/bn_prime.pl
new file mode 100644
index 000000000000..979385a3343a
--- /dev/null
+++ b/crypto/openssl/crypto/bn/bn_prime.pl
@@ -0,0 +1,56 @@
+#!/usr/local/bin/perl
+# bn_prime.pl
+
+$num=2048;
+$num=$ARGV[0] if ($#ARGV >= 0);
+
+push(@primes,2);
+$p=1;
+loop: while ($#primes < $num-1)
+	{
+	$p+=2;
+	$s=int(sqrt($p));
+
+	for ($i=0; $primes[$i]<=$s; $i++)
+		{
+		next loop if (($p%$primes[$i]) == 0);
+		}
+	push(@primes,$p);
+	}
+
+print <<"EOF";
+/* Auto generated by bn_prime.pl */
+/* Copyright (C) 1995-1997 Eric Young (eay\@mincom.oz.au).
+ * All rights reserved.
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * See the COPYRIGHT file in the SSLeay distribution for more details.
+ */
+
+EOF
+
+for ($i=0; $i <= $#primes; $i++)
+	{
+	if ($primes[$i] > 256)
+		{
+		$eight=$i;
+		last;
+		}
+	}
+
+printf "#ifndef EIGHT_BIT\n";
+printf "#define NUMPRIMES %d\n",$num;
+printf "#else\n";
+printf "#define NUMPRIMES %d\n",$eight;
+printf "#endif\n";
+print "static unsigned int primes[NUMPRIMES]=\n\t{\n\t";
+$init=0;
+for ($i=0; $i <= $#primes; $i++)
+	{
+	printf "\n#ifndef EIGHT_BIT\n\t" if ($primes[$i] > 256) && !($init++);
+	printf("\n\t") if (($i%8) == 0) && ($i != 0);
+	printf("%4d,",$primes[$i]);
+	}
+print "\n#endif\n\t};\n";
+
+
diff --git a/crypto/openssl/crypto/bn/bn_print.c b/crypto/openssl/crypto/bn/bn_print.c
new file mode 100644
index 000000000000..2f5ab2617bd2
--- /dev/null
+++ b/crypto/openssl/crypto/bn/bn_print.c
@@ -0,0 +1,323 @@
+/* crypto/bn/bn_print.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include "cryptlib.h"
+#include 
+#include "bn_lcl.h"
+
+static const char *Hex="0123456789ABCDEF";
+
+/* Must 'Free' the returned data */
+char *BN_bn2hex(const BIGNUM *a)
+	{
+	int i,j,v,z=0;
+	char *buf;
+	char *p;
+
+	buf=(char *)Malloc(a->top*BN_BYTES*2+2);
+	if (buf == NULL)
+		{
+		BNerr(BN_F_BN_BN2HEX,ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+	p=buf;
+	if (a->neg) *(p++)='-';
+	if (a->top == 0) *(p++)='0';
+	for (i=a->top-1; i >=0; i--)
+		{
+		for (j=BN_BITS2-8; j >= 0; j-=8)
+			{
+			/* strip leading zeros */
+			v=((int)(a->d[i]>>(long)j))&0xff;
+			if (z || (v != 0))
+				{
+				*(p++)=Hex[v>>4];
+				*(p++)=Hex[v&0x0f];
+				z=1;
+				}
+			}
+		}
+	*p='\0';
+err:
+	return(buf);
+	}
+
+/* Must 'Free' the returned data */
+char *BN_bn2dec(const BIGNUM *a)
+	{
+	int i=0,num;
+	char *buf=NULL;
+	char *p;
+	BIGNUM *t=NULL;
+	BN_ULONG *bn_data=NULL,*lp;
+
+	i=BN_num_bits(a)*3;
+	num=(i/10+i/1000+3)+1;
+	bn_data=(BN_ULONG *)Malloc((num/BN_DEC_NUM+1)*sizeof(BN_ULONG));
+	buf=(char *)Malloc(num+3);
+	if ((buf == NULL) || (bn_data == NULL))
+		{
+		BNerr(BN_F_BN_BN2DEC,ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+	if ((t=BN_dup(a)) == NULL) goto err;
+
+	p=buf;
+	lp=bn_data;
+	if (t->neg) *(p++)='-';
+	if (t->top == 0)
+		{
+		*(p++)='0';
+		*(p++)='\0';
+		}
+	else
+		{
+		i=0;
+		while (!BN_is_zero(t))
+			{
+			*lp=BN_div_word(t,BN_DEC_CONV);
+			lp++;
+			}
+		lp--;
+		/* We now have a series of blocks, BN_DEC_NUM chars
+		 * in length, where the last one needs trucation.
+		 * The blocks need to be reversed in order. */
+		sprintf(p,BN_DEC_FMT1,*lp);
+		while (*p) p++;
+		while (lp != bn_data)
+			{
+			lp--;
+			sprintf(p,BN_DEC_FMT2,*lp);
+			while (*p) p++;
+			}
+		}
+err:
+	if (bn_data != NULL) Free(bn_data);
+	if (t != NULL) BN_free(t);
+	return(buf);
+	}
+
+int BN_hex2bn(BIGNUM **bn, const char *a)
+	{
+	BIGNUM *ret=NULL;
+	BN_ULONG l=0;
+	int neg=0,h,m,i,j,k,c;
+	int num;
+
+	if ((a == NULL) || (*a == '\0')) return(0);
+
+	if (*a == '-') { neg=1; a++; }
+
+	for (i=0; isxdigit((unsigned char) a[i]); i++)
+		;
+
+	num=i+neg;
+	if (bn == NULL) return(num);
+
+	/* a is the start of the hex digets, and it is 'i' long */
+	if (*bn == NULL)
+		{
+		if ((ret=BN_new()) == NULL) return(0);
+		}
+	else
+		{
+		ret= *bn;
+		BN_zero(ret);
+		}
+
+	/* i is the number of hex digests; */
+	if (bn_expand(ret,i*4) == NULL) goto err;
+
+	j=i; /* least significate 'hex' */
+	m=0;
+	h=0;
+	while (j > 0)
+		{
+		m=((BN_BYTES*2) <= j)?(BN_BYTES*2):j;
+		l=0;
+		for (;;)
+			{
+			c=a[j-m];
+			if ((c >= '0') && (c <= '9')) k=c-'0';
+			else if ((c >= 'a') && (c <= 'f')) k=c-'a'+10;
+			else if ((c >= 'A') && (c <= 'F')) k=c-'A'+10;
+			else k=0; /* paranoia */
+			l=(l<<4)|k;
+
+			if (--m <= 0)
+				{
+				ret->d[h++]=l;
+				break;
+				}
+			}
+		j-=(BN_BYTES*2);
+		}
+	ret->top=h;
+	bn_fix_top(ret);
+	ret->neg=neg;
+
+	*bn=ret;
+	return(num);
+err:
+	if (*bn == NULL) BN_free(ret);
+	return(0);
+	}
+
+int BN_dec2bn(BIGNUM **bn, const char *a)
+	{
+	BIGNUM *ret=NULL;
+	BN_ULONG l=0;
+	int neg=0,i,j;
+	int num;
+
+	if ((a == NULL) || (*a == '\0')) return(0);
+	if (*a == '-') { neg=1; a++; }
+
+	for (i=0; isdigit((unsigned char) a[i]); i++)
+		;
+
+	num=i+neg;
+	if (bn == NULL) return(num);
+
+	/* a is the start of the digets, and it is 'i' long.
+	 * We chop it into BN_DEC_NUM digets at a time */
+	if (*bn == NULL)
+		{
+		if ((ret=BN_new()) == NULL) return(0);
+		}
+	else
+		{
+		ret= *bn;
+		BN_zero(ret);
+		}
+
+	/* i is the number of digests, a bit of an over expand; */
+	if (bn_expand(ret,i*4) == NULL) goto err;
+
+	j=BN_DEC_NUM-(i%BN_DEC_NUM);
+	if (j == BN_DEC_NUM) j=0;
+	l=0;
+	while (*a)
+		{
+		l*=10;
+		l+= *a-'0';
+		a++;
+		if (++j == BN_DEC_NUM)
+			{
+			BN_mul_word(ret,BN_DEC_CONV);
+			BN_add_word(ret,l);
+			l=0;
+			j=0;
+			}
+		}
+	ret->neg=neg;
+
+	bn_fix_top(ret);
+	*bn=ret;
+	return(num);
+err:
+	if (*bn == NULL) BN_free(ret);
+	return(0);
+	}
+
+#ifndef NO_BIO
+
+#ifndef NO_FP_API
+int BN_print_fp(FILE *fp, BIGNUM *a)
+	{
+	BIO *b;
+	int ret;
+
+	if ((b=BIO_new(BIO_s_file())) == NULL)
+		return(0);
+	BIO_set_fp(b,fp,BIO_NOCLOSE);
+	ret=BN_print(b,a);
+	BIO_free(b);
+	return(ret);
+	}
+#endif
+
+int BN_print(BIO *bp, const BIGNUM *a)
+	{
+	int i,j,v,z=0;
+	int ret=0;
+
+	if ((a->neg) && (BIO_write(bp,"-",1) != 1)) goto end;
+	if ((a->top == 0) && (BIO_write(bp,"0",1) != 1)) goto end;
+	for (i=a->top-1; i >=0; i--)
+		{
+		for (j=BN_BITS2-4; j >= 0; j-=4)
+			{
+			/* strip leading zeros */
+			v=((int)(a->d[i]>>(long)j))&0x0f;
+			if (z || (v != 0))
+				{
+				if (BIO_write(bp,&(Hex[v]),1) != 1)
+					goto end;
+				z=1;
+				}
+			}
+		}
+	ret=1;
+end:
+	return(ret);
+	}
+
+#endif
diff --git a/crypto/openssl/crypto/bn/bn_rand.c b/crypto/openssl/crypto/bn/bn_rand.c
new file mode 100644
index 000000000000..91b8e34ae65b
--- /dev/null
+++ b/crypto/openssl/crypto/bn/bn_rand.c
@@ -0,0 +1,117 @@
+/* crypto/bn/bn_rand.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include "cryptlib.h"
+#include "bn_lcl.h"
+#include 
+
+int BN_rand(BIGNUM *rnd, int bits, int top, int bottom)
+	{
+	unsigned char *buf=NULL;
+	int ret=0,bit,bytes,mask;
+	time_t tim;
+
+	bytes=(bits+7)/8;
+	bit=(bits-1)%8;
+	mask=0xff<
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+void BN_RECP_CTX_init(BN_RECP_CTX *recp)
+	{
+	BN_init(&(recp->N));
+	BN_init(&(recp->Nr));
+	recp->num_bits=0;
+	recp->flags=0;
+	}
+
+BN_RECP_CTX *BN_RECP_CTX_new(void)
+	{
+	BN_RECP_CTX *ret;
+
+	if ((ret=(BN_RECP_CTX *)Malloc(sizeof(BN_RECP_CTX))) == NULL)
+		return(NULL);
+
+	BN_RECP_CTX_init(ret);
+	ret->flags=BN_FLG_MALLOCED;
+	return(ret);
+	}
+
+void BN_RECP_CTX_free(BN_RECP_CTX *recp)
+	{
+	if(recp == NULL)
+	    return;
+
+	BN_free(&(recp->N));
+	BN_free(&(recp->Nr));
+	if (recp->flags & BN_FLG_MALLOCED)
+		Free(recp);
+	}
+
+int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *d, BN_CTX *ctx)
+	{
+	BN_copy(&(recp->N),d);
+	BN_zero(&(recp->Nr));
+	recp->num_bits=BN_num_bits(d);
+	recp->shift=0;
+	return(1);
+	}
+
+int BN_mod_mul_reciprocal(BIGNUM *r, BIGNUM *x, BIGNUM *y, BN_RECP_CTX *recp,
+	     BN_CTX *ctx)
+	{
+	int ret=0;
+	BIGNUM *a;
+
+	a= &(ctx->bn[ctx->tos++]);
+	if (y != NULL)
+		{
+		if (x == y)
+			{ if (!BN_sqr(a,x,ctx)) goto err; }
+		else
+			{ if (!BN_mul(a,x,y,ctx)) goto err; }
+		}
+	else
+		a=x; /* Just do the mod */
+
+	BN_div_recp(NULL,r,a,recp,ctx);
+	ret=1;
+err:
+	ctx->tos--;
+	return(ret);
+	}
+
+int BN_div_recp(BIGNUM *dv, BIGNUM *rem, BIGNUM *m, BN_RECP_CTX *recp,
+	     BN_CTX *ctx)
+	{
+	int i,j,tos,ret=0,ex;
+	BIGNUM *a,*b,*d,*r;
+
+	tos=ctx->tos;
+	a= &(ctx->bn[ctx->tos++]);
+	b= &(ctx->bn[ctx->tos++]);
+	if (dv != NULL)
+		d=dv;
+	else
+		d= &(ctx->bn[ctx->tos++]);
+	if (rem != NULL)
+		r=rem;
+	else
+		r= &(ctx->bn[ctx->tos++]);
+
+	if (BN_ucmp(m,&(recp->N)) < 0)
+		{
+		BN_zero(d);
+		BN_copy(r,m);
+		ctx->tos=tos;
+		return(1);
+		}
+
+	/* We want the remainder
+	 * Given input of ABCDEF / ab
+	 * we need multiply ABCDEF by 3 digests of the reciprocal of ab
+	 *
+	 */
+	i=BN_num_bits(m);
+
+	j=recp->num_bits*2;
+	if (j > i)
+		{
+		i=j;
+		ex=0;
+		}
+	else
+		{
+		ex=(i-j)/2;
+		}
+
+	j=i/2;
+
+	if (i != recp->shift)
+		recp->shift=BN_reciprocal(&(recp->Nr),&(recp->N),
+			i,ctx);
+
+	if (!BN_rshift(a,m,j-ex)) goto err;
+	if (!BN_mul(b,a,&(recp->Nr),ctx)) goto err;
+	if (!BN_rshift(d,b,j+ex)) goto err;
+	d->neg=0;
+	if (!BN_mul(b,&(recp->N),d,ctx)) goto err;
+	if (!BN_usub(r,m,b)) goto err;
+	r->neg=0;
+
+	j=0;
+#if 1
+	while (BN_ucmp(r,&(recp->N)) >= 0)
+		{
+		if (j++ > 2)
+			{
+			BNerr(BN_F_BN_MOD_MUL_RECIPROCAL,BN_R_BAD_RECIPROCAL);
+			goto err;
+			}
+		if (!BN_usub(r,r,&(recp->N))) goto err;
+		if (!BN_add_word(d,1)) goto err;
+		}
+#endif
+
+	r->neg=BN_is_zero(r)?0:m->neg;
+	d->neg=m->neg^recp->N.neg;
+	ret=1;
+err:
+	ctx->tos=tos;
+	return(ret);
+	} 
+
+/* len is the expected size of the result
+ * We actually calculate with an extra word of precision, so
+ * we can do faster division if the remainder is not required.
+ */
+int BN_reciprocal(BIGNUM *r, BIGNUM *m, int len, BN_CTX *ctx)
+	{
+	int ret= -1;
+	BIGNUM t;
+
+	BN_init(&t);
+
+	BN_zero(&t);
+	if (!BN_set_bit(&t,len)) goto err;
+
+	if (!BN_div(r,NULL,&t,m,ctx)) goto err;
+	ret=len;
+err:
+	BN_free(&t);
+	return(ret);
+	}
+
diff --git a/crypto/openssl/crypto/bn/bn_shift.c b/crypto/openssl/crypto/bn/bn_shift.c
new file mode 100644
index 000000000000..61aae65a6bfc
--- /dev/null
+++ b/crypto/openssl/crypto/bn/bn_shift.c
@@ -0,0 +1,200 @@
+/* crypto/bn/bn_shift.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+int BN_lshift1(BIGNUM *r, BIGNUM *a)
+	{
+	register BN_ULONG *ap,*rp,t,c;
+	int i;
+
+	if (r != a)
+		{
+		r->neg=a->neg;
+		if (bn_wexpand(r,a->top+1) == NULL) return(0);
+		r->top=a->top;
+		}
+	else
+		{
+		if (bn_wexpand(r,a->top+1) == NULL) return(0);
+		}
+	ap=a->d;
+	rp=r->d;
+	c=0;
+	for (i=0; itop; i++)
+		{
+		t= *(ap++);
+		*(rp++)=((t<<1)|c)&BN_MASK2;
+		c=(t & BN_TBIT)?1:0;
+		}
+	if (c)
+		{
+		*rp=1;
+		r->top++;
+		}
+	return(1);
+	}
+
+int BN_rshift1(BIGNUM *r, BIGNUM *a)
+	{
+	BN_ULONG *ap,*rp,t,c;
+	int i;
+
+	if (BN_is_zero(a))
+		{
+		BN_zero(r);
+		return(1);
+		}
+	if (a != r)
+		{
+		if (bn_wexpand(r,a->top) == NULL) return(0);
+		r->top=a->top;
+		r->neg=a->neg;
+		}
+	ap=a->d;
+	rp=r->d;
+	c=0;
+	for (i=a->top-1; i>=0; i--)
+		{
+		t=ap[i];
+		rp[i]=((t>>1)&BN_MASK2)|c;
+		c=(t&1)?BN_TBIT:0;
+		}
+	bn_fix_top(r);
+	return(1);
+	}
+
+int BN_lshift(BIGNUM *r, const BIGNUM *a, int n)
+	{
+	int i,nw,lb,rb;
+	BN_ULONG *t,*f;
+	BN_ULONG l;
+
+	r->neg=a->neg;
+	if (bn_wexpand(r,a->top+(n/BN_BITS2)+1) == NULL) return(0);
+	nw=n/BN_BITS2;
+	lb=n%BN_BITS2;
+	rb=BN_BITS2-lb;
+	f=a->d;
+	t=r->d;
+	t[a->top+nw]=0;
+	if (lb == 0)
+		for (i=a->top-1; i>=0; i--)
+			t[nw+i]=f[i];
+	else
+		for (i=a->top-1; i>=0; i--)
+			{
+			l=f[i];
+			t[nw+i+1]|=(l>>rb)&BN_MASK2;
+			t[nw+i]=(l<top=a->top+nw+1;
+	bn_fix_top(r);
+	return(1);
+	}
+
+int BN_rshift(BIGNUM *r, BIGNUM *a, int n)
+	{
+	int i,j,nw,lb,rb;
+	BN_ULONG *t,*f;
+	BN_ULONG l,tmp;
+
+	nw=n/BN_BITS2;
+	rb=n%BN_BITS2;
+	lb=BN_BITS2-rb;
+	if (nw > a->top)
+		{
+		BN_zero(r);
+		return(1);
+		}
+	if (r != a)
+		{
+		r->neg=a->neg;
+		if (bn_wexpand(r,a->top-nw+1) == NULL) return(0);
+		}
+
+	f= &(a->d[nw]);
+	t=r->d;
+	j=a->top-nw;
+	r->top=j;
+
+	if (rb == 0)
+		{
+		for (i=j+1; i > 0; i--)
+			*(t++)= *(f++);
+		}
+	else
+		{
+		l= *(f++);
+		for (i=1; i>rb)&BN_MASK2;
+			l= *(f++);
+			*(t++) =(tmp|(l<>rb)&BN_MASK2;
+		}
+	*t=0;
+	bn_fix_top(r);
+	return(1);
+	}
diff --git a/crypto/openssl/crypto/bn/bn_sqr.c b/crypto/openssl/crypto/bn/bn_sqr.c
new file mode 100644
index 000000000000..12cce4d7ce27
--- /dev/null
+++ b/crypto/openssl/crypto/bn/bn_sqr.c
@@ -0,0 +1,281 @@
+/* crypto/bn/bn_sqr.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+/* r must not be a */
+/* I've just gone over this and it is now %20 faster on x86 - eay - 27 Jun 96 */
+int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx)
+	{
+	int max,al;
+	BIGNUM *tmp,*rr;
+
+#ifdef BN_COUNT
+printf("BN_sqr %d * %d\n",a->top,a->top);
+#endif
+	bn_check_top(a);
+	tmp= &(ctx->bn[ctx->tos]);
+	rr=(a != r)?r: (&ctx->bn[ctx->tos+1]);
+
+	al=a->top;
+	if (al <= 0)
+		{
+		r->top=0;
+		return(1);
+		}
+
+	max=(al+al);
+	if (bn_wexpand(rr,max+1) == NULL) return(0);
+
+	r->neg=0;
+	if (al == 4)
+		{
+#ifndef BN_SQR_COMBA
+		BN_ULONG t[8];
+		bn_sqr_normal(rr->d,a->d,4,t);
+#else
+		bn_sqr_comba4(rr->d,a->d);
+#endif
+		}
+	else if (al == 8)
+		{
+#ifndef BN_SQR_COMBA
+		BN_ULONG t[16];
+		bn_sqr_normal(rr->d,a->d,8,t);
+#else
+		bn_sqr_comba8(rr->d,a->d);
+#endif
+		}
+	else 
+		{
+#if defined(BN_RECURSION)
+		if (al < BN_SQR_RECURSIVE_SIZE_NORMAL)
+			{
+			BN_ULONG t[BN_SQR_RECURSIVE_SIZE_NORMAL*2];
+			bn_sqr_normal(rr->d,a->d,al,t);
+			}
+		else
+			{
+			int j,k;
+
+			j=BN_num_bits_word((BN_ULONG)al);
+			j=1<<(j-1);
+			k=j+j;
+			if (al == j)
+				{
+				if (bn_wexpand(a,k*2) == NULL) return(0);
+				if (bn_wexpand(tmp,k*2) == NULL) return(0);
+				bn_sqr_recursive(rr->d,a->d,al,tmp->d);
+				}
+			else
+				{
+				if (bn_wexpand(tmp,max) == NULL) return(0);
+				bn_sqr_normal(rr->d,a->d,al,tmp->d);
+				}
+			}
+#else
+		if (bn_wexpand(tmp,max) == NULL) return(0);
+		bn_sqr_normal(rr->d,a->d,al,tmp->d);
+#endif
+		}
+
+	rr->top=max;
+	if ((max > 0) && (rr->d[max-1] == 0)) rr->top--;
+	if (rr != r) BN_copy(r,rr);
+	return(1);
+	}
+
+/* tmp must have 2*n words */
+void bn_sqr_normal(BN_ULONG *r, BN_ULONG *a, int n, BN_ULONG *tmp)
+	{
+	int i,j,max;
+	BN_ULONG *ap,*rp;
+
+	max=n*2;
+	ap=a;
+	rp=r;
+	rp[0]=rp[max-1]=0;
+	rp++;
+	j=n;
+
+	if (--j > 0)
+		{
+		ap++;
+		rp[j]=bn_mul_words(rp,ap,j,ap[-1]);
+		rp+=2;
+		}
+
+	for (i=n-2; i>0; i--)
+		{
+		j--;
+		ap++;
+		rp[j]=bn_mul_add_words(rp,ap,j,ap[-1]);
+		rp+=2;
+		}
+
+	bn_add_words(r,r,r,max);
+
+	/* There will not be a carry */
+
+	bn_sqr_words(tmp,a,n);
+
+	bn_add_words(r,r,tmp,max);
+	}
+
+#ifdef BN_RECURSION
+/* r is 2*n words in size,
+ * a and b are both n words in size.
+ * n must be a power of 2.
+ * We multiply and return the result.
+ * t must be 2*n words in size
+ * We calulate
+ * a[0]*b[0]
+ * a[0]*b[0]+a[1]*b[1]+(a[0]-a[1])*(b[1]-b[0])
+ * a[1]*b[1]
+ */
+void bn_sqr_recursive(BN_ULONG *r, BN_ULONG *a, int n2, BN_ULONG *t)
+	{
+	int n=n2/2;
+	int zero,c1;
+	BN_ULONG ln,lo,*p;
+
+#ifdef BN_COUNT
+printf(" bn_sqr_recursive %d * %d\n",n2,n2);
+#endif
+	if (n2 == 4)
+		{
+#ifndef BN_SQR_COMBA
+		bn_sqr_normal(r,a,4,t);
+#else
+		bn_sqr_comba4(r,a);
+#endif
+		return;
+		}
+	else if (n2 == 8)
+		{
+#ifndef BN_SQR_COMBA
+		bn_sqr_normal(r,a,8,t);
+#else
+		bn_sqr_comba8(r,a);
+#endif
+		return;
+		}
+	if (n2 < BN_SQR_RECURSIVE_SIZE_NORMAL)
+		{
+		bn_sqr_normal(r,a,n2,t);
+		return;
+		}
+	/* r=(a[0]-a[1])*(a[1]-a[0]) */
+	c1=bn_cmp_words(a,&(a[n]),n);
+	zero=0;
+	if (c1 > 0)
+		bn_sub_words(t,a,&(a[n]),n);
+	else if (c1 < 0)
+		bn_sub_words(t,&(a[n]),a,n);
+	else
+		zero=1;
+
+	/* The result will always be negative unless it is zero */
+	p= &(t[n2*2]);
+
+	if (!zero)
+		bn_sqr_recursive(&(t[n2]),t,n,p);
+	else
+		memset(&(t[n2]),0,n*sizeof(BN_ULONG));
+	bn_sqr_recursive(r,a,n,p);
+	bn_sqr_recursive(&(r[n2]),&(a[n]),n,p);
+
+	/* t[32] holds (a[0]-a[1])*(a[1]-a[0]), it is negative or zero
+	 * r[10] holds (a[0]*b[0])
+	 * r[32] holds (b[1]*b[1])
+	 */
+
+	c1=(int)(bn_add_words(t,r,&(r[n2]),n2));
+
+	/* t[32] is negative */
+	c1-=(int)(bn_sub_words(&(t[n2]),t,&(t[n2]),n2));
+
+	/* t[32] holds (a[0]-a[1])*(a[1]-a[0])+(a[0]*a[0])+(a[1]*a[1])
+	 * r[10] holds (a[0]*a[0])
+	 * r[32] holds (a[1]*a[1])
+	 * c1 holds the carry bits
+	 */
+	c1+=(int)(bn_add_words(&(r[n]),&(r[n]),&(t[n2]),n2));
+	if (c1)
+		{
+		p= &(r[n+n2]);
+		lo= *p;
+		ln=(lo+c1)&BN_MASK2;
+		*p=ln;
+
+		/* The overflow will stop before we over write
+		 * words we should not overwrite */
+		if (ln < (BN_ULONG)c1)
+			{
+			do	{
+				p++;
+				lo= *p;
+				ln=(lo+1)&BN_MASK2;
+				*p=ln;
+				} while (ln == 0);
+			}
+		}
+	}
+#endif
diff --git a/crypto/openssl/crypto/bn/bn_word.c b/crypto/openssl/crypto/bn/bn_word.c
new file mode 100644
index 000000000000..c0cfbc679701
--- /dev/null
+++ b/crypto/openssl/crypto/bn/bn_word.c
@@ -0,0 +1,194 @@
+/* crypto/bn/bn_word.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+BN_ULONG BN_mod_word(BIGNUM *a, BN_ULONG w)
+	{
+#ifndef BN_LLONG
+	BN_ULONG ret=0;
+#else
+	BN_ULLONG ret=0;
+#endif
+	int i;
+
+	w&=BN_MASK2;
+	for (i=a->top-1; i>=0; i--)
+		{
+#ifndef BN_LLONG
+		ret=((ret<d[i]>>BN_BITS4)&BN_MASK2l))%w;
+		ret=((ret<d[i]&BN_MASK2l))%w;
+#else
+		ret=(BN_ULLONG)(((ret<<(BN_ULLONG)BN_BITS2)|a->d[i])%
+			(BN_ULLONG)w);
+#endif
+		}
+	return((BN_ULONG)ret);
+	}
+
+BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w)
+	{
+	BN_ULONG ret;
+	int i;
+
+	if (a->top == 0) return(0);
+	ret=0;
+	w&=BN_MASK2;
+	for (i=a->top-1; i>=0; i--)
+		{
+		BN_ULONG l,d;
+		
+		l=a->d[i];
+		d=bn_div_words(ret,l,w);
+		ret=(l-((d*w)&BN_MASK2))&BN_MASK2;
+		a->d[i]=d;
+		}
+	if ((a->top > 0) && (a->d[a->top-1] == 0))
+		a->top--;
+	return(ret);
+	}
+
+int BN_add_word(BIGNUM *a, BN_ULONG w)
+	{
+	BN_ULONG l;
+	int i;
+
+	if (a->neg)
+		{
+		a->neg=0;
+		i=BN_sub_word(a,w);
+		if (!BN_is_zero(a))
+			a->neg=1;
+		return(i);
+		}
+	w&=BN_MASK2;
+	if (bn_wexpand(a,a->top+1) == NULL) return(0);
+	i=0;
+	for (;;)
+		{
+		l=(a->d[i]+(BN_ULONG)w)&BN_MASK2;
+		a->d[i]=l;
+		if (w > l)
+			w=1;
+		else
+			break;
+		i++;
+		}
+	if (i >= a->top)
+		a->top++;
+	return(1);
+	}
+
+int BN_sub_word(BIGNUM *a, BN_ULONG w)
+	{
+	int i;
+
+	if (a->neg)
+		{
+		a->neg=0;
+		i=BN_add_word(a,w);
+		a->neg=1;
+		return(i);
+		}
+
+	w&=BN_MASK2;
+	if ((a->top == 1) && (a->d[0] < w))
+		{
+		a->d[0]=w-a->d[0];
+		a->neg=1;
+		return(1);
+		}
+	i=0;
+	for (;;)
+		{
+		if (a->d[i] >= w)
+			{
+			a->d[i]-=w;
+			break;
+			}
+		else
+			{
+			a->d[i]=(a->d[i]-w)&BN_MASK2;
+			i++;
+			w=1;
+			}
+		}
+	if ((a->d[i] == 0) && (i == (a->top-1)))
+		a->top--;
+	return(1);
+	}
+
+int BN_mul_word(BIGNUM *a, BN_ULONG w)
+	{
+	BN_ULONG ll;
+
+	w&=BN_MASK2;
+	if (a->top)
+		{
+		ll=bn_mul_words(a->d,a->d,a->top,w);
+		if (ll)
+			{
+			if (bn_wexpand(a,a->top+1) == NULL) return(0);
+			a->d[a->top++]=ll;
+			}
+		}
+	return(1);
+	}
+
diff --git a/crypto/openssl/crypto/bn/bnspeed.c b/crypto/openssl/crypto/bn/bnspeed.c
new file mode 100644
index 000000000000..0922aa3e1689
--- /dev/null
+++ b/crypto/openssl/crypto/bn/bnspeed.c
@@ -0,0 +1,231 @@
+/* crypto/bn/bnspeed.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* most of this code has been pilfered from my libdes speed.c program */
+
+#define BASENUM	1000000
+#undef PROG
+#define PROG bnspeed_main
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#if !defined(MSDOS) && (!defined(VMS) || defined(__DECC))
+#define TIMES
+#endif
+
+#ifndef _IRIX
+#include 
+#endif
+#ifdef TIMES
+#include 
+#include 
+#endif
+
+/* Depending on the VMS version, the tms structure is perhaps defined.
+   The __TMS macro will show if it was.  If it wasn't defined, we should
+   undefine TIMES, since that tells the rest of the program how things
+   should be handled.				-- Richard Levitte */
+#if defined(VMS) && defined(__DECC) && !defined(__TMS)
+#undef TIMES
+#endif
+
+#ifndef TIMES
+#include 
+#endif
+
+#if defined(sun) || defined(__ultrix)
+#define _POSIX_SOURCE
+#include 
+#include 
+#endif
+
+#include 
+#include 
+
+/* The following if from times(3) man page.  It may need to be changed */
+#ifndef HZ
+# ifndef CLK_TCK
+#  ifndef _BSD_CLK_TCK_ /* FreeBSD hack */
+#   define HZ	100.0
+#  else /* _BSD_CLK_TCK_ */
+#   define HZ ((double)_BSD_CLK_TCK_)
+#  endif
+# else /* CLK_TCK */
+#  define HZ ((double)CLK_TCK)
+# endif
+#endif
+
+#undef BUFSIZE
+#define BUFSIZE	((long)1024*8)
+int run=0;
+
+static double Time_F(int s);
+#define START	0
+#define STOP	1
+
+static double Time_F(int s)
+	{
+	double ret;
+#ifdef TIMES
+	static struct tms tstart,tend;
+
+	if (s == START)
+		{
+		times(&tstart);
+		return(0);
+		}
+	else
+		{
+		times(&tend);
+		ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
+		return((ret < 1e-3)?1e-3:ret);
+		}
+#else /* !times() */
+	static struct timeb tstart,tend;
+	long i;
+
+	if (s == START)
+		{
+		ftime(&tstart);
+		return(0);
+		}
+	else
+		{
+		ftime(&tend);
+		i=(long)tend.millitm-(long)tstart.millitm;
+		ret=((double)(tend.time-tstart.time))+((double)i)/1000.0;
+		return((ret < 0.001)?0.001:ret);
+		}
+#endif
+	}
+
+#define NUM_SIZES	5
+static int sizes[NUM_SIZES]={128,256,512,1024,2048};
+/*static int sizes[NUM_SIZES]={59,179,299,419,539}; */
+
+void do_mul(BIGNUM *r,BIGNUM *a,BIGNUM *b,BN_CTX *ctx); 
+
+int main(int argc, char **argv)
+	{
+	BN_CTX *ctx;
+	BIGNUM a,b,c;
+
+	ctx=BN_CTX_new();
+	BN_init(&a);
+	BN_init(&b);
+	BN_init(&c);
+
+	do_mul(&a,&b,&c,ctx);
+	}
+
+void do_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx)
+	{
+	int i,j,k;
+	double tm;
+	long num;
+
+	for (i=0; i %8.3fms\n",sizes[i],sizes[j],tm*1000.0/num);
+			}
+		}
+
+	for (i=0; i %8.3fms\n",sizes[i],sizes[i],tm*1000.0/num);
+		}
+
+	for (i=0; i %8.3fms\n",sizes[j],sizes[i]-1,tm*1000.0/num);
+			}
+		}
+	}
+
diff --git a/crypto/openssl/crypto/bn/bntest.c b/crypto/openssl/crypto/bn/bntest.c
new file mode 100644
index 000000000000..df4b81f5b2fe
--- /dev/null
+++ b/crypto/openssl/crypto/bn/bntest.c
@@ -0,0 +1,1016 @@
+/* crypto/bn/bntest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+
+#include "openssl/e_os.h"
+
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#ifdef WINDOWS
+#include "../bio/bss_file.c"
+#endif
+
+int test_add(BIO *bp);
+int test_sub(BIO *bp);
+int test_lshift1(BIO *bp);
+int test_lshift(BIO *bp,BN_CTX *ctx,BIGNUM *a_);
+int test_rshift1(BIO *bp);
+int test_rshift(BIO *bp,BN_CTX *ctx);
+int test_div(BIO *bp,BN_CTX *ctx);
+int test_div_recp(BIO *bp,BN_CTX *ctx);
+int test_mul(BIO *bp);
+int test_sqr(BIO *bp,BN_CTX *ctx);
+int test_mont(BIO *bp,BN_CTX *ctx);
+int test_mod(BIO *bp,BN_CTX *ctx);
+int test_mod_mul(BIO *bp,BN_CTX *ctx);
+int test_mod_exp(BIO *bp,BN_CTX *ctx);
+int test_exp(BIO *bp,BN_CTX *ctx);
+int rand_neg(void);
+static int results=0;
+
+#ifdef NO_STDIO
+#define APPS_WIN16
+#include "bss_file.c"
+#endif
+
+static unsigned char lst1[]="\xC6\x4F\x43\x04\x2A\xEA\xCA\x6E\x58\x36\x80\x5B\xE8\xC9"
+"\x9B\x04\x5D\x48\x36\xC2\xFD\x16\xC9\x64\xF0";
+
+int main(int argc, char *argv[])
+	{
+	BN_CTX *ctx;
+	BIO *out;
+	char *outfile=NULL;
+
+	argc--;
+	argv++;
+	while (argc >= 1)
+		{
+		if (strcmp(*argv,"-results") == 0)
+			results=1;
+		else if (strcmp(*argv,"-out") == 0)
+			{
+			if (--argc < 1) break;
+			outfile= *(++argv);
+			}
+		argc--;
+		argv++;
+		}
+
+
+	ctx=BN_CTX_new();
+	if (ctx == NULL) exit(1);
+
+	out=BIO_new(BIO_s_file());
+	if (out == NULL) exit(1);
+	if (outfile == NULL)
+		{
+		BIO_set_fp(out,stdout,BIO_NOCLOSE);
+		}
+	else
+		{
+		if (!BIO_write_filename(out,outfile))
+			{
+			perror(outfile);
+			exit(1);
+			}
+		}
+
+	if (!results)
+		BIO_puts(out,"obase=16\nibase=16\n");
+
+	fprintf(stderr,"test BN_add\n");
+	if (!test_add(out)) goto err;
+	fflush(stdout);
+
+	fprintf(stderr,"test BN_sub\n");
+	if (!test_sub(out)) goto err;
+	fflush(stdout);
+
+	fprintf(stderr,"test BN_lshift1\n");
+	if (!test_lshift1(out)) goto err;
+	fflush(stdout);
+
+	fprintf(stderr,"test BN_lshift (fixed)\n");
+	if (!test_lshift(out,ctx,BN_bin2bn(lst1,sizeof(lst1)-1,NULL)))
+	    goto err;
+	fflush(stdout);
+
+	fprintf(stderr,"test BN_lshift\n");
+	if (!test_lshift(out,ctx,NULL)) goto err;
+	fflush(stdout);
+
+	fprintf(stderr,"test BN_rshift1\n");
+	if (!test_rshift1(out)) goto err;
+	fflush(stdout);
+
+	fprintf(stderr,"test BN_rshift\n");
+	if (!test_rshift(out,ctx)) goto err;
+	fflush(stdout);
+
+	fprintf(stderr,"test BN_sqr\n");
+	if (!test_sqr(out,ctx)) goto err;
+	fflush(stdout);
+
+	fprintf(stderr,"test BN_mul\n");
+	if (!test_mul(out)) goto err;
+	fflush(stdout);
+
+	fprintf(stderr,"test BN_div\n");
+	if (!test_div(out,ctx)) goto err;
+	fflush(stdout);
+
+	fprintf(stderr,"test BN_div_recp\n");
+	if (!test_div_recp(out,ctx)) goto err;
+	fflush(stdout);
+
+	fprintf(stderr,"test BN_mod\n");
+	if (!test_mod(out,ctx)) goto err;
+	fflush(stdout);
+
+	fprintf(stderr,"test BN_mod_mul\n");
+	if (!test_mod_mul(out,ctx)) goto err;
+	fflush(stdout);
+
+/*
+	fprintf(stderr,"test BN_mont\n");
+	if (!test_mont(out,ctx)) goto err;
+	fflush(stdout);
+*/
+	fprintf(stderr,"test BN_mod_exp\n");
+	if (!test_mod_exp(out,ctx)) goto err;
+	fflush(stdout);
+
+	fprintf(stderr,"test BN_exp\n");
+	if (!test_exp(out,ctx)) goto err;
+	fflush(stdout);
+
+/**/
+	exit(0);
+err:
+	BIO_puts(out,"1\n"); /* make sure bc fails if we are piping to it */
+	ERR_load_crypto_strings();
+	ERR_print_errors(out);
+	exit(1);
+	return(1);
+	}
+
+int test_add(BIO *bp)
+	{
+	BIGNUM a,b,c;
+	int i;
+	int j;
+
+	BN_init(&a);
+	BN_init(&b);
+	BN_init(&c);
+
+	BN_rand(&a,512,0,0);
+	for (i=0; i<100; i++)
+		{
+		BN_rand(&b,450+i,0,0);
+		a.neg=rand_neg();
+		b.neg=rand_neg();
+		if (bp == NULL)
+			for (j=0; j<10000; j++)
+				BN_add(&c,&a,&b);
+		BN_add(&c,&a,&b);
+		if (bp != NULL)
+			{
+			if (!results)
+				{
+				BN_print(bp,&a);
+				BIO_puts(bp," + ");
+				BN_print(bp,&b);
+				BIO_puts(bp," - ");
+				}
+			BN_print(bp,&c);
+			BIO_puts(bp,"\n");
+			}
+		a.neg=!a.neg;
+		b.neg=!b.neg;
+		BN_add(&c,&c,&b);
+		BN_add(&c,&c,&a);
+		if(!BN_is_zero(&c))
+		    {
+		    BIO_puts(bp,"Add test failed!\n");
+		    return 0;
+		    }
+		}
+	BN_free(&a);
+	BN_free(&b);
+	BN_free(&c);
+	return(1);
+	}
+
+int test_sub(BIO *bp)
+	{
+	BIGNUM a,b,c;
+	int i;
+	int j;
+
+	BN_init(&a);
+	BN_init(&b);
+	BN_init(&c);
+
+	BN_rand(&a,512,0,0);
+	for (i=0; i<100; i++)
+		{
+		BN_rand(&b,400+i,0,0);
+		a.neg=rand_neg();
+		b.neg=rand_neg();
+		if (bp == NULL)
+			for (j=0; j<10000; j++)
+				BN_sub(&c,&a,&b);
+		BN_sub(&c,&a,&b);
+		if (bp != NULL)
+			{
+			if (!results)
+				{
+				BN_print(bp,&a);
+				BIO_puts(bp," - ");
+				BN_print(bp,&b);
+				BIO_puts(bp," - ");
+				}
+			BN_print(bp,&c);
+			BIO_puts(bp,"\n");
+			}
+		BN_add(&c,&c,&b);
+		BN_sub(&c,&c,&a);
+		if(!BN_is_zero(&c))
+		    {
+		    BIO_puts(bp,"Subtract test failed!\n");
+		    return 0;
+		    }
+		}
+	BN_free(&a);
+	BN_free(&b);
+	BN_free(&c);
+	return(1);
+	}
+
+int test_div(BIO *bp, BN_CTX *ctx)
+	{
+	BIGNUM a,b,c,d,e;
+	int i;
+	int j;
+
+	BN_init(&a);
+	BN_init(&b);
+	BN_init(&c);
+	BN_init(&d);
+	BN_init(&e);
+
+	BN_rand(&a,400,0,0);
+	for (i=0; i<100; i++)
+		{
+		BN_rand(&b,50+i,0,0);
+		a.neg=rand_neg();
+		b.neg=rand_neg();
+		if (bp == NULL)
+			for (j=0; j<100; j++)
+				BN_div(&d,&c,&a,&b,ctx);
+		BN_div(&d,&c,&a,&b,ctx);
+		if (bp != NULL)
+			{
+			if (!results)
+				{
+				BN_print(bp,&a);
+				BIO_puts(bp," / ");
+				BN_print(bp,&b);
+				BIO_puts(bp," - ");
+				}
+			BN_print(bp,&d);
+			BIO_puts(bp,"\n");
+
+			if (!results)
+				{
+				BN_print(bp,&a);
+				BIO_puts(bp," % ");
+				BN_print(bp,&b);
+				BIO_puts(bp," - ");
+				}
+			BN_print(bp,&c);
+			BIO_puts(bp,"\n");
+			}
+		BN_mul(&e,&d,&b,ctx);
+		BN_add(&d,&e,&c);
+		BN_sub(&d,&d,&a);
+		if(!BN_is_zero(&d))
+		    {
+		    BIO_puts(bp,"Division test failed!\n");
+		    return 0;
+		    }
+		}
+	BN_free(&a);
+	BN_free(&b);
+	BN_free(&c);
+	BN_free(&d);
+	BN_free(&e);
+	return(1);
+	}
+
+int test_div_recp(BIO *bp, BN_CTX *ctx)
+	{
+	BIGNUM a,b,c,d,e;
+	BN_RECP_CTX recp;
+	int i;
+	int j;
+
+	BN_RECP_CTX_init(&recp);
+	BN_init(&a);
+	BN_init(&b);
+	BN_init(&c);
+	BN_init(&d);
+	BN_init(&e);
+
+	BN_rand(&a,400,0,0);
+	for (i=0; i<100; i++)
+		{
+		BN_rand(&b,50+i,0,0);
+		a.neg=rand_neg();
+		b.neg=rand_neg();
+		BN_RECP_CTX_set(&recp,&b,ctx);
+		if (bp == NULL)
+			for (j=0; j<100; j++)
+				BN_div_recp(&d,&c,&a,&recp,ctx);
+		BN_div_recp(&d,&c,&a,&recp,ctx);
+		if (bp != NULL)
+			{
+			if (!results)
+				{
+				BN_print(bp,&a);
+				BIO_puts(bp," / ");
+				BN_print(bp,&b);
+				BIO_puts(bp," - ");
+				}
+			BN_print(bp,&d);
+			BIO_puts(bp,"\n");
+
+			if (!results)
+				{
+				BN_print(bp,&a);
+				BIO_puts(bp," % ");
+				BN_print(bp,&b);
+				BIO_puts(bp," - ");
+				}
+			BN_print(bp,&c);
+			BIO_puts(bp,"\n");
+			}
+		BN_mul(&e,&d,&b,ctx);
+		BN_add(&d,&e,&c);
+		BN_sub(&d,&d,&a);
+		if(!BN_is_zero(&d))
+		    {
+		    BIO_puts(bp,"Reciprocal division test failed!\n");
+		    return 0;
+		    }
+		}
+	BN_free(&a);
+	BN_free(&b);
+	BN_free(&c);
+	BN_free(&d);
+	BN_free(&e);
+	BN_RECP_CTX_free(&recp);
+	return(1);
+	}
+
+int test_mul(BIO *bp)
+	{
+	BIGNUM a,b,c,d,e;
+	int i;
+	int j;
+	BN_CTX ctx;
+
+	BN_CTX_init(&ctx);
+	BN_init(&a);
+	BN_init(&b);
+	BN_init(&c);
+	BN_init(&d);
+	BN_init(&e);
+
+	BN_rand(&a,200,0,0);
+	for (i=0; i<100; i++)
+		{
+		BN_rand(&b,250+i,0,0);
+		BN_rand(&b,200,0,0);
+		a.neg=rand_neg();
+		b.neg=rand_neg();
+		if (bp == NULL)
+			for (j=0; j<100; j++)
+				BN_mul(&c,&a,&b,&ctx);
+		BN_mul(&c,&a,&b,&ctx);
+		if (bp != NULL)
+			{
+			if (!results)
+				{
+				BN_print(bp,&a);
+				BIO_puts(bp," * ");
+				BN_print(bp,&b);
+				BIO_puts(bp," - ");
+				}
+			BN_print(bp,&c);
+			BIO_puts(bp,"\n");
+			}
+		BN_div(&d,&e,&c,&a,&ctx);
+		BN_sub(&d,&d,&b);
+		if(!BN_is_zero(&d) || !BN_is_zero(&e))
+		    {
+		    BIO_puts(bp,"Multiplication test failed!\n");
+		    return 0;
+		    }
+		}
+	BN_free(&a);
+	BN_free(&b);
+	BN_free(&c);
+	BN_free(&d);
+	BN_free(&e);
+	BN_CTX_free(&ctx);
+	return(1);
+	}
+
+int test_sqr(BIO *bp, BN_CTX *ctx)
+	{
+	BIGNUM a,c,d,e;
+	int i;
+	int j;
+
+	BN_init(&a);
+	BN_init(&c);
+	BN_init(&d);
+	BN_init(&e);
+
+	for (i=0; i<40; i++)
+		{
+		BN_rand(&a,40+i*10,0,0);
+		a.neg=rand_neg();
+		if (bp == NULL)
+			for (j=0; j<100; j++)
+				BN_sqr(&c,&a,ctx);
+		BN_sqr(&c,&a,ctx);
+		if (bp != NULL)
+			{
+			if (!results)
+				{
+				BN_print(bp,&a);
+				BIO_puts(bp," * ");
+				BN_print(bp,&a);
+				BIO_puts(bp," - ");
+				}
+			BN_print(bp,&c);
+			BIO_puts(bp,"\n");
+			}
+		BN_div(&d,&e,&c,&a,ctx);
+		BN_sub(&d,&d,&a);
+		if(!BN_is_zero(&d) || !BN_is_zero(&e))
+		    {
+		    BIO_puts(bp,"Square test failed!\n");
+		    return 0;
+		    }
+		}
+	BN_free(&a);
+	BN_free(&c);
+	BN_free(&d);
+	BN_free(&e);
+	return(1);
+	}
+
+int test_mont(BIO *bp, BN_CTX *ctx)
+	{
+	BIGNUM a,b,c,d,A,B;
+	BIGNUM n;
+	int i;
+	int j;
+	BN_MONT_CTX *mont;
+
+	BN_init(&a);
+	BN_init(&b);
+	BN_init(&c);
+	BN_init(&d);
+	BN_init(&A);
+	BN_init(&B);
+	BN_init(&n);
+
+	mont=BN_MONT_CTX_new();
+
+	BN_rand(&a,100,0,0); /**/
+	BN_rand(&b,100,0,0); /**/
+	for (i=0; i<10; i++)
+		{
+		BN_rand(&n,(100%BN_BITS2+1)*BN_BITS2*i*BN_BITS2,0,1); /**/
+		BN_MONT_CTX_set(mont,&n,ctx);
+
+		BN_to_montgomery(&A,&a,mont,ctx);
+		BN_to_montgomery(&B,&b,mont,ctx);
+
+		if (bp == NULL)
+			for (j=0; j<100; j++)
+				BN_mod_mul_montgomery(&c,&A,&B,mont,ctx);/**/
+		BN_mod_mul_montgomery(&c,&A,&B,mont,ctx);/**/
+		BN_from_montgomery(&A,&c,mont,ctx);/**/
+		if (bp != NULL)
+			{
+			if (!results)
+				{
+#ifdef undef
+fprintf(stderr,"%d * %d %% %d\n",
+BN_num_bits(&a),
+BN_num_bits(&b),
+BN_num_bits(mont->N));
+#endif
+				BN_print(bp,&a);
+				BIO_puts(bp," * ");
+				BN_print(bp,&b);
+				BIO_puts(bp," % ");
+				BN_print(bp,&(mont->N));
+				BIO_puts(bp," - ");
+				}
+			BN_print(bp,&A);
+			BIO_puts(bp,"\n");
+			}
+		BN_mod_mul(&d,&a,&b,&n,ctx);
+		BN_sub(&d,&d,&A);
+		if(!BN_is_zero(&d))
+		    {
+		    BIO_puts(bp,"Montgomery multiplication test failed!\n");
+		    return 0;
+		    }
+		}
+	BN_MONT_CTX_free(mont);
+	BN_free(&a);
+	BN_free(&b);
+	BN_free(&c);
+	BN_free(&d);
+	BN_free(&A);
+	BN_free(&B);
+	BN_free(&n);
+	return(1);
+	}
+
+int test_mod(BIO *bp, BN_CTX *ctx)
+	{
+	BIGNUM *a,*b,*c,*d,*e;
+	int i;
+	int j;
+
+	a=BN_new();
+	b=BN_new();
+	c=BN_new();
+	d=BN_new();
+	e=BN_new();
+
+	BN_rand(a,1024,0,0); /**/
+	for (i=0; i<20; i++)
+		{
+		BN_rand(b,450+i*10,0,0); /**/
+		a->neg=rand_neg();
+		b->neg=rand_neg();
+		if (bp == NULL)
+			for (j=0; j<100; j++)
+				BN_mod(c,a,b,ctx);/**/
+		BN_mod(c,a,b,ctx);/**/
+		if (bp != NULL)
+			{
+			if (!results)
+				{
+				BN_print(bp,a);
+				BIO_puts(bp," % ");
+				BN_print(bp,b);
+				BIO_puts(bp," - ");
+				}
+			BN_print(bp,c);
+			BIO_puts(bp,"\n");
+			}
+		BN_div(d,e,a,b,ctx);
+		BN_sub(e,e,c);
+		if(!BN_is_zero(e))
+		    {
+		    BIO_puts(bp,"Modulo test failed!\n");
+		    return 0;
+		    }
+		}
+	BN_free(a);
+	BN_free(b);
+	BN_free(c);
+	BN_free(d);
+	BN_free(e);
+	return(1);
+	}
+
+int test_mod_mul(BIO *bp, BN_CTX *ctx)
+	{
+	BIGNUM *a,*b,*c,*d,*e;
+	int i;
+
+	a=BN_new();
+	b=BN_new();
+	c=BN_new();
+	d=BN_new();
+	e=BN_new();
+
+	BN_rand(c,1024,0,0); /**/
+	for (i=0; i<10; i++)
+		{
+		BN_rand(a,475+i*10,0,0); /**/
+		BN_rand(b,425+i*10,0,0); /**/
+		a->neg=rand_neg();
+		b->neg=rand_neg();
+	/*	if (bp == NULL)
+			for (j=0; j<100; j++)
+				BN_mod_mul(d,a,b,c,ctx);*/ /**/
+
+		if (!BN_mod_mul(e,a,b,c,ctx))
+			{
+			unsigned long l;
+
+			while ((l=ERR_get_error()))
+				fprintf(stderr,"ERROR:%s\n",
+					ERR_error_string(l,NULL));
+			exit(1);
+			}
+		if (bp != NULL)
+			{
+			if (!results)
+				{
+				BN_print(bp,a);
+				BIO_puts(bp," * ");
+				BN_print(bp,b);
+				BIO_puts(bp," % ");
+				BN_print(bp,c);
+				BIO_puts(bp," - ");
+				}
+			BN_print(bp,e);
+			BIO_puts(bp,"\n");
+			}
+		BN_mul(d,a,b,ctx);
+		BN_sub(d,d,e);
+		BN_div(a,b,d,c,ctx);
+		if(!BN_is_zero(b))
+		    {
+		    BIO_puts(bp,"Modulo multiply test failed!\n");
+		    return 0;
+		    }
+		}
+	BN_free(a);
+	BN_free(b);
+	BN_free(c);
+	BN_free(d);
+	BN_free(e);
+	return(1);
+	}
+
+int test_mod_exp(BIO *bp, BN_CTX *ctx)
+	{
+	BIGNUM *a,*b,*c,*d,*e;
+	int i;
+
+	a=BN_new();
+	b=BN_new();
+	c=BN_new();
+	d=BN_new();
+	e=BN_new();
+
+	BN_rand(c,30,0,1); /* must be odd for montgomery */
+	for (i=0; i<6; i++)
+		{
+		BN_rand(a,20+i*5,0,0); /**/
+		BN_rand(b,2+i,0,0); /**/
+
+		if (!BN_mod_exp(d,a,b,c,ctx))
+			return(00);
+
+		if (bp != NULL)
+			{
+			if (!results)
+				{
+				BN_print(bp,a);
+				BIO_puts(bp," ^ ");
+				BN_print(bp,b);
+				BIO_puts(bp," % ");
+				BN_print(bp,c);
+				BIO_puts(bp," - ");
+				}
+			BN_print(bp,d);
+			BIO_puts(bp,"\n");
+			}
+		BN_exp(e,a,b,ctx);
+		BN_sub(e,e,d);
+		BN_div(a,b,e,c,ctx);
+		if(!BN_is_zero(b))
+		    {
+		    BIO_puts(bp,"Modulo exponentiation test failed!\n");
+		    return 0;
+		    }
+		}
+	BN_free(a);
+	BN_free(b);
+	BN_free(c);
+	BN_free(d);
+	BN_free(e);
+	return(1);
+	}
+
+int test_exp(BIO *bp, BN_CTX *ctx)
+	{
+	BIGNUM *a,*b,*d,*e,*one;
+	int i;
+
+	a=BN_new();
+	b=BN_new();
+	d=BN_new();
+	e=BN_new();
+	one=BN_new();
+	BN_one(one);
+
+	for (i=0; i<6; i++)
+		{
+		BN_rand(a,20+i*5,0,0); /**/
+		BN_rand(b,2+i,0,0); /**/
+
+		if (!BN_exp(d,a,b,ctx))
+			return(00);
+
+		if (bp != NULL)
+			{
+			if (!results)
+				{
+				BN_print(bp,a);
+				BIO_puts(bp," ^ ");
+				BN_print(bp,b);
+				BIO_puts(bp," - ");
+				}
+			BN_print(bp,d);
+			BIO_puts(bp,"\n");
+			}
+		BN_one(e);
+		for( ; !BN_is_zero(b) ; BN_sub(b,b,one))
+		    BN_mul(e,e,a,ctx);
+		BN_sub(e,e,d);
+		if(!BN_is_zero(e))
+		    {
+		    BIO_puts(bp,"Exponentiation test failed!\n");
+		    return 0;
+		    }
+		}
+	BN_free(a);
+	BN_free(b);
+	BN_free(d);
+	BN_free(e);
+	BN_free(one);
+	return(1);
+	}
+
+int test_lshift(BIO *bp,BN_CTX *ctx,BIGNUM *a_)
+	{
+	BIGNUM *a,*b,*c,*d;
+	int i;
+
+	b=BN_new();
+	c=BN_new();
+	d=BN_new();
+	BN_one(c);
+
+	if(a_)
+	    a=a_;
+	else
+	    {
+	    a=BN_new();
+	    BN_rand(a,200,0,0); /**/
+	    a->neg=rand_neg();
+	    }
+	for (i=0; i<70; i++)
+		{
+		BN_lshift(b,a,i+1);
+		BN_add(c,c,c);
+		if (bp != NULL)
+			{
+			if (!results)
+				{
+				BN_print(bp,a);
+				BIO_puts(bp," * ");
+				BN_print(bp,c);
+				BIO_puts(bp," - ");
+				}
+			BN_print(bp,b);
+			BIO_puts(bp,"\n");
+			}
+		BN_mul(d,a,c,ctx);
+		BN_sub(d,d,b);
+		if(!BN_is_zero(d))
+		    {
+		    BIO_puts(bp,"Left shift test failed!\n");
+		    BIO_puts(bp,"a=");
+		    BN_print(bp,a);
+		    BIO_puts(bp,"\nb=");
+		    BN_print(bp,b);
+		    BIO_puts(bp,"\nc=");
+		    BN_print(bp,c);
+		    BIO_puts(bp,"\nd=");
+		    BN_print(bp,d);
+		    BIO_puts(bp,"\n");
+		    return 0;
+		    }
+		}
+	BN_free(a);
+	BN_free(b);
+	BN_free(c);
+	BN_free(d);
+	return(1);
+	}
+
+int test_lshift1(BIO *bp)
+	{
+	BIGNUM *a,*b,*c;
+	int i;
+
+	a=BN_new();
+	b=BN_new();
+	c=BN_new();
+
+	BN_rand(a,200,0,0); /**/
+	a->neg=rand_neg();
+	for (i=0; i<70; i++)
+		{
+		BN_lshift1(b,a);
+		if (bp != NULL)
+			{
+			if (!results)
+				{
+				BN_print(bp,a);
+				BIO_puts(bp," * 2");
+				BIO_puts(bp," - ");
+				}
+			BN_print(bp,b);
+			BIO_puts(bp,"\n");
+			}
+		BN_add(c,a,a);
+		BN_sub(a,b,c);
+		if(!BN_is_zero(a))
+		    {
+		    BIO_puts(bp,"Left shift one test failed!\n");
+		    return 0;
+		    }
+		
+		BN_copy(a,b);
+		}
+	BN_free(a);
+	BN_free(b);
+	BN_free(c);
+	return(1);
+	}
+
+int test_rshift(BIO *bp,BN_CTX *ctx)
+	{
+	BIGNUM *a,*b,*c,*d,*e;
+	int i;
+
+	a=BN_new();
+	b=BN_new();
+	c=BN_new();
+	d=BN_new();
+	e=BN_new();
+	BN_one(c);
+
+	BN_rand(a,200,0,0); /**/
+	a->neg=rand_neg();
+	for (i=0; i<70; i++)
+		{
+		BN_rshift(b,a,i+1);
+		BN_add(c,c,c);
+		if (bp != NULL)
+			{
+			if (!results)
+				{
+				BN_print(bp,a);
+				BIO_puts(bp," / ");
+				BN_print(bp,c);
+				BIO_puts(bp," - ");
+				}
+			BN_print(bp,b);
+			BIO_puts(bp,"\n");
+			}
+		BN_div(d,e,a,c,ctx);
+		BN_sub(d,d,b);
+		if(!BN_is_zero(d))
+		    {
+		    BIO_puts(bp,"Right shift test failed!\n");
+		    return 0;
+		    }
+		}
+	BN_free(a);
+	BN_free(b);
+	BN_free(c);
+	BN_free(d);
+	BN_free(e);
+	return(1);
+	}
+
+int test_rshift1(BIO *bp)
+	{
+	BIGNUM *a,*b,*c;
+	int i;
+
+	a=BN_new();
+	b=BN_new();
+	c=BN_new();
+
+	BN_rand(a,200,0,0); /**/
+	a->neg=rand_neg();
+	for (i=0; i<70; i++)
+		{
+		BN_rshift1(b,a);
+		if (bp != NULL)
+			{
+			if (!results)
+				{
+				BN_print(bp,a);
+				BIO_puts(bp," / 2");
+				BIO_puts(bp," - ");
+				}
+			BN_print(bp,b);
+			BIO_puts(bp,"\n");
+			}
+		BN_sub(c,a,b);
+		BN_sub(c,c,b);
+		if(!BN_is_zero(c) && !BN_is_one(c))
+		    {
+		    BIO_puts(bp,"Right shift one test failed!\n");
+		    return 0;
+		    }
+		BN_copy(a,b);
+		}
+	BN_free(a);
+	BN_free(b);
+	BN_free(c);
+	return(1);
+	}
+
+int rand_neg(void)
+	{
+	static unsigned int neg=0;
+	static int sign[8]={0,0,0,1,1,0,1,1};
+
+	return(sign[(neg++)%8]);
+	}
diff --git a/crypto/openssl/crypto/bn/comba.pl b/crypto/openssl/crypto/bn/comba.pl
new file mode 100644
index 000000000000..211a8b45c786
--- /dev/null
+++ b/crypto/openssl/crypto/bn/comba.pl
@@ -0,0 +1,285 @@
+#!/usr/local/bin/perl
+
+$num=8;
+$num2=8/2;
+
+print <<"EOF";
+/* crypto/bn/bn_comba.c */
+#include 
+#include "bn_lcl.h"
+/* Auto generated from crypto/bn/comba.pl
+ */
+
+#undef bn_mul_comba8
+#undef bn_mul_comba4
+#undef bn_sqr_comba8
+#undef bn_sqr_comba4
+
+#ifdef BN_LLONG
+#define mul_add_c(a,b,c0,c1,c2) \\
+	t=(BN_ULLONG)a*b; \\
+	t1=(BN_ULONG)Lw(t); \\
+	t2=(BN_ULONG)Hw(t); \\
+	c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \\
+	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
+
+#define mul_add_c2(a,b,c0,c1,c2) \\
+	t=(BN_ULLONG)a*b; \\
+	tt=(t+t)&BN_MASK; \\
+	if (tt < t) c2++; \\
+	t1=(BN_ULONG)Lw(tt); \\
+	t2=(BN_ULONG)Hw(tt); \\
+	c0=(c0+t1)&BN_MASK2;  \\
+	if ((c0 < t1) && (((++t2)&BN_MASK2) == 0)) c2++; \\
+	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
+
+#define sqr_add_c(a,i,c0,c1,c2) \\
+	t=(BN_ULLONG)a[i]*a[i]; \\
+	t1=(BN_ULONG)Lw(t); \\
+	t2=(BN_ULONG)Hw(t); \\
+	c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \\
+	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
+
+#define sqr_add_c2(a,i,j,c0,c1,c2) \\
+	mul_add_c2((a)[i],(a)[j],c0,c1,c2)
+#else
+#define mul_add_c(a,b,c0,c1,c2) \\
+	t1=LBITS(a); t2=HBITS(a); \\
+	bl=LBITS(b); bh=HBITS(b); \\
+	mul64(t1,t2,bl,bh); \\
+	c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \\
+	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
+
+#define mul_add_c2(a,b,c0,c1,c2) \\
+	t1=LBITS(a); t2=HBITS(a); \\
+	bl=LBITS(b); bh=HBITS(b); \\
+	mul64(t1,t2,bl,bh); \\
+	if (t2 & BN_TBIT) c2++; \\
+	t2=(t2+t2)&BN_MASK2; \\
+	if (t1 & BN_TBIT) t2++; \\
+	t1=(t1+t1)&BN_MASK2; \\
+	c0=(c0+t1)&BN_MASK2;  \\
+	if ((c0 < t1) && (((++t2)&BN_MASK2) == 0)) c2++; \\
+	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
+
+#define sqr_add_c(a,i,c0,c1,c2) \\
+	sqr64(t1,t2,(a)[i]); \\
+	c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \\
+	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
+
+#define sqr_add_c2(a,i,j,c0,c1,c2) \\
+	mul_add_c2((a)[i],(a)[j],c0,c1,c2)
+#endif
+
+void bn_mul_comba${num}(r,a,b)
+BN_ULONG *r,*a,*b;
+	{
+#ifdef BN_LLONG
+	BN_ULLONG t;
+#else
+	BN_ULONG bl,bh;
+#endif
+	BN_ULONG t1,t2;
+	BN_ULONG c1,c2,c3;
+
+EOF
+$ret=&combas_mul("r","a","b",$num,"c1","c2","c3");
+printf <<"EOF";
+	}
+
+void bn_mul_comba${num2}(r,a,b)
+BN_ULONG *r,*a,*b;
+	{
+#ifdef BN_LLONG
+	BN_ULLONG t;
+#else
+	BN_ULONG bl,bh;
+#endif
+	BN_ULONG t1,t2;
+	BN_ULONG c1,c2,c3;
+
+EOF
+$ret=&combas_mul("r","a","b",$num2,"c1","c2","c3");
+printf <<"EOF";
+	}
+
+void bn_sqr_comba${num}(r,a)
+BN_ULONG *r,*a;
+	{
+#ifdef BN_LLONG
+	BN_ULLONG t,tt;
+#else
+	BN_ULONG bl,bh;
+#endif
+	BN_ULONG t1,t2;
+	BN_ULONG c1,c2,c3;
+
+EOF
+$ret=&combas_sqr("r","a",$num,"c1","c2","c3");
+printf <<"EOF";
+	}
+
+void bn_sqr_comba${num2}(r,a)
+BN_ULONG *r,*a;
+	{
+#ifdef BN_LLONG
+	BN_ULLONG t,tt;
+#else
+	BN_ULONG bl,bh;
+#endif
+	BN_ULONG t1,t2;
+	BN_ULONG c1,c2,c3;
+
+EOF
+$ret=&combas_sqr("r","a",$num2,"c1","c2","c3");
+printf <<"EOF";
+	}
+EOF
+
+sub bn_str
+	{
+	local($var,$val)=@_;
+	print "\t$var=$val;\n";
+	}
+
+sub bn_ary
+	{
+	local($var,$idx)=@_;
+	return("${var}[$idx]");
+	}
+
+sub bn_clr
+	{
+	local($var)=@_;
+
+	print "\t$var=0;\n";
+	}
+
+sub bn_mad
+	{
+	local($a,$b,$c0,$c1,$c2,$num)=@_;
+
+	if ($num == 2)
+		{ printf("\tmul_add_c2($a,$b,$c0,$c1,$c2);\n"); }
+	else
+		{ printf("\tmul_add_c($a,$b,$c0,$c1,$c2);\n"); }
+	}
+
+sub bn_sad
+	{
+	local($a,$i,$j,$c0,$c1,$c2,$num)=@_;
+
+	if ($num == 2)
+		{ printf("\tsqr_add_c2($a,$i,$j,$c0,$c1,$c2);\n"); }
+	else
+		{ printf("\tsqr_add_c($a,$i,$c0,$c1,$c2);\n"); }
+	}
+
+sub combas_mul
+	{
+	local($r,$a,$b,$num,$c0,$c1,$c2)=@_;
+	local($i,$as,$ae,$bs,$be,$ai,$bi);
+	local($tot,$end);
+
+	$as=0;
+	$ae=0;
+	$bs=0;
+	$be=0;
+	$tot=$num+$num-1;
+	&bn_clr($c0);
+	&bn_clr($c1);
+	for ($i=0; $i<$tot; $i++)
+		{
+		$ai=$as;
+		$bi=$bs;
+		$end=$be+1;
+		@numa=@numb=();
+
+#print "($as $ae) ($bs $be) $bs -> $end [$i $num]\n";
+		for ($j=$bs; $j<$end; $j++)
+			{
+			push(@numa,$ai);
+			push(@numb,$bi);
+			$ai--;
+			$bi++;
+			}
+
+		if ($i & 1)
+			{
+			@numa=reverse(@numa);
+			@numb=reverse(@numb);
+			}
+
+		&bn_clr($c2);
+		for ($j=0; $j<=$#numa; $j++)
+			{
+			&bn_mad(&bn_ary($a,$numa[$j]),
+				&bn_ary($b,$numb[$j]),$c0,$c1,$c2,1);
+			}
+		&bn_str(&bn_ary($r,$i),$c0);
+		($c0,$c1,$c2)=($c1,$c2,$c0);
+
+		$as++ if ($i < ($num-1));
+		$ae++ if ($i >= ($num-1));
+
+		$bs++ if ($i >= ($num-1));
+		$be++ if ($i < ($num-1));
+		}
+	&bn_str(&bn_ary($r,$i),$c0);
+	}
+
+sub combas_sqr
+	{
+	local($r,$a,$num,$c0,$c1,$c2)=@_;
+	local($i,$as,$ae,$bs,$be,$ai,$bi);
+	local($b,$tot,$end,$half);
+
+	$b=$a;
+	$as=0;
+	$ae=0;
+	$bs=0;
+	$be=0;
+	$tot=$num+$num-1;
+	&bn_clr($c0);
+	&bn_clr($c1);
+	for ($i=0; $i<$tot; $i++)
+		{
+		$ai=$as;
+		$bi=$bs;
+		$end=$be+1;
+		@numa=@numb=();
+
+#print "($as $ae) ($bs $be) $bs -> $end [$i $num]\n";
+		for ($j=$bs; $j<$end; $j++)
+			{
+			push(@numa,$ai);
+			push(@numb,$bi);
+			$ai--;
+			$bi++;
+			last if ($ai < $bi);
+			}
+		if (!($i & 1))
+			{
+			@numa=reverse(@numa);
+			@numb=reverse(@numb);
+			}
+
+		&bn_clr($c2);
+		for ($j=0; $j <= $#numa; $j++)
+			{
+			if ($numa[$j] == $numb[$j])
+				{&bn_sad($a,$numa[$j],$numb[$j],$c0,$c1,$c2,1);}
+			else
+				{&bn_sad($a,$numa[$j],$numb[$j],$c0,$c1,$c2,2);}
+			}
+		&bn_str(&bn_ary($r,$i),$c0);
+		($c0,$c1,$c2)=($c1,$c2,$c0);
+
+		$as++ if ($i < ($num-1));
+		$ae++ if ($i >= ($num-1));
+
+		$bs++ if ($i >= ($num-1));
+		$be++ if ($i < ($num-1));
+		}
+	&bn_str(&bn_ary($r,$i),$c0);
+	}
diff --git a/crypto/openssl/crypto/bn/d.c b/crypto/openssl/crypto/bn/d.c
new file mode 100644
index 000000000000..ced2291b2555
--- /dev/null
+++ b/crypto/openssl/crypto/bn/d.c
@@ -0,0 +1,72 @@
+#include 
+#include 
+#include "bn_lcl.h"
+
+#define SIZE_A (100*4+4)
+#define SIZE_B (13*4)
+
+main(argc,argv)
+int argc;
+char *argv[];
+	{
+	BN_CTX ctx;
+	BN_RECP_CTX recp;
+	BIGNUM a,b,dd,d,r,rr,t,l;
+	int i;
+
+	MemCheck_start();
+	MemCheck_on();
+	BN_CTX_init(&ctx);
+	BN_RECP_CTX_init(&recp);
+
+	BN_init(&r);
+	BN_init(&rr);
+	BN_init(&d);
+	BN_init(&dd);
+	BN_init(&a);
+	BN_init(&b);
+
+	{
+	BN_rand(&a,SIZE_A,0,0);
+	BN_rand(&b,SIZE_B,0,0);
+
+	a.neg=1;
+	BN_RECP_CTX_set(&recp,&b,&ctx);
+
+	BN_print_fp(stdout,&a); printf(" a\n");
+	BN_print_fp(stdout,&b); printf(" b\n");
+
+	BN_print_fp(stdout,&recp.N); printf(" N\n");
+	BN_print_fp(stdout,&recp.Nr); printf(" Nr num_bits=%d\n",recp.num_bits);
+
+	BN_div_recp(&r,&d,&a,&recp,&ctx);
+
+for (i=0; i<300; i++)
+	BN_div(&rr,&dd,&a,&b,&ctx);
+
+	BN_print_fp(stdout,&r); printf(" div recp\n");
+	BN_print_fp(stdout,&rr); printf(" div\n");
+	BN_print_fp(stdout,&d); printf(" rem recp\n");
+	BN_print_fp(stdout,&dd); printf(" rem\n");
+	}
+	BN_CTX_free(&ctx);
+	BN_RECP_CTX_free(&recp);
+
+	BN_free(&r);
+	BN_free(&rr);
+	BN_free(&d);
+	BN_free(&dd);
+	BN_free(&a);
+	BN_free(&b);
+
+	{
+	BIO *out;
+
+	if ((out=BIO_new(BIO_s_file())) != NULL)
+		BIO_set_fp(out,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+
+        CRYPTO_mem_leaks(out);
+	BIO_free(out);
+	}
+
+	}
diff --git a/crypto/openssl/crypto/bn/exp.c b/crypto/openssl/crypto/bn/exp.c
new file mode 100644
index 000000000000..ec443459d818
--- /dev/null
+++ b/crypto/openssl/crypto/bn/exp.c
@@ -0,0 +1,60 @@
+#include 
+#include 
+#include "bn_lcl.h"
+
+#define SIZE	256
+#define NUM	(8*8*8)
+#define MOD	(8*8*8*8*8)
+
+main(argc,argv)
+int argc;
+char *argv[];
+	{
+	BN_CTX ctx;
+	BIGNUM a,b,c,r,rr,t,l;
+	int j,i,size=SIZE,num=NUM,mod=MOD;
+	char *start,*end;
+	BN_MONT_CTX mont;
+	double d,md;
+
+	BN_MONT_CTX_init(&mont);
+	BN_CTX_init(&ctx);
+	BN_init(&a);
+	BN_init(&b);
+	BN_init(&c);
+	BN_init(&r);
+
+	start=ms_time_new();
+	end=ms_time_new();
+	while (size <= 1024*8)
+		{
+		BN_rand(&a,size,0,0);
+		BN_rand(&b,size,1,0);
+		BN_rand(&c,size,0,1);
+
+		BN_mod(&a,&a,&c,&ctx);
+
+		ms_time_get(start);
+		for (i=0; i<10; i++)
+			BN_MONT_CTX_set(&mont,&c,&ctx);
+		ms_time_get(end);
+		md=ms_time_diff(start,end);
+
+		ms_time_get(start);
+		for (i=0; i
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#if !defined(MSDOS) && (!defined(VMS) || defined(__DECC))
+#define TIMES
+#endif
+
+#ifndef _IRIX
+#include 
+#endif
+#ifdef TIMES
+#include 
+#include 
+#endif
+
+/* Depending on the VMS version, the tms structure is perhaps defined.
+   The __TMS macro will show if it was.  If it wasn't defined, we should
+   undefine TIMES, since that tells the rest of the program how things
+   should be handled.				-- Richard Levitte */
+#if defined(VMS) && defined(__DECC) && !defined(__TMS)
+#undef TIMES
+#endif
+
+#ifndef TIMES
+#include 
+#endif
+
+#if defined(sun) || defined(__ultrix)
+#define _POSIX_SOURCE
+#include 
+#include 
+#endif
+
+#include 
+#include 
+
+/* The following if from times(3) man page.  It may need to be changed */
+#ifndef HZ
+# ifndef CLK_TCK
+#  ifndef _BSD_CLK_TCK_ /* FreeBSD hack */
+#   define HZ	100.0
+#  else /* _BSD_CLK_TCK_ */
+#   define HZ ((double)_BSD_CLK_TCK_)
+#  endif
+# else /* CLK_TCK */
+#  define HZ ((double)CLK_TCK)
+# endif
+#endif
+
+#undef BUFSIZE
+#define BUFSIZE	((long)1024*8)
+int run=0;
+
+static double Time_F(int s);
+#define START	0
+#define STOP	1
+
+static double Time_F(int s)
+	{
+	double ret;
+#ifdef TIMES
+	static struct tms tstart,tend;
+
+	if (s == START)
+		{
+		times(&tstart);
+		return(0);
+		}
+	else
+		{
+		times(&tend);
+		ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
+		return((ret < 1e-3)?1e-3:ret);
+		}
+#else /* !times() */
+	static struct timeb tstart,tend;
+	long i;
+
+	if (s == START)
+		{
+		ftime(&tstart);
+		return(0);
+		}
+	else
+		{
+		ftime(&tend);
+		i=(long)tend.millitm-(long)tstart.millitm;
+		ret=((double)(tend.time-tstart.time))+((double)i)/1000.0;
+		return((ret < 0.001)?0.001:ret);
+		}
+#endif
+	}
+
+#define NUM_SIZES	6
+static int sizes[NUM_SIZES]={256,512,1024,2048,4096,8192};
+static int mul_c[NUM_SIZES]={8*8*8*8*8,8*8*8*8,8*8*8,8*8,8,1};
+/*static int sizes[NUM_SIZES]={59,179,299,419,539}; */
+
+void do_mul_exp(BIGNUM *r,BIGNUM *a,BIGNUM *b,BIGNUM *c,BN_CTX *ctx); 
+
+int main(int argc, char **argv)
+	{
+	BN_CTX *ctx;
+	BIGNUM *a,*b,*c,*r;
+
+	ctx=BN_CTX_new();
+	a=BN_new();
+	b=BN_new();
+	c=BN_new();
+	r=BN_new();
+
+	do_mul_exp(r,a,b,c,ctx);
+	}
+
+void do_mul_exp(BIGNUM *r, BIGNUM *a, BIGNUM *b, BIGNUM *c, BN_CTX *ctx)
+	{
+	int i,k;
+	double tm;
+	long num;
+	BN_MONT_CTX m;
+
+	memset(&m,0,sizeof(m));
+
+	num=BASENUM;
+	for (i=0; i %8.3fms %5.1f\n",sizes[i],sizes[i],sizes[i],tm*1000.0/num,tm*mul_c[i]/num);
+		num/=7;
+		if (num <= 0) num=1;
+		}
+
+	}
+
diff --git a/crypto/openssl/crypto/bn/exptest.c b/crypto/openssl/crypto/bn/exptest.c
new file mode 100644
index 000000000000..9e4ae91d2015
--- /dev/null
+++ b/crypto/openssl/crypto/bn/exptest.c
@@ -0,0 +1,172 @@
+/* crypto/bn/exptest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#ifdef WINDOWS
+#include "../bio/bss_file.c"
+#endif
+
+#define NUM_BITS	(BN_BITS*2)
+
+int main(int argc, char *argv[])
+	{
+	BN_CTX *ctx;
+	BIO *out=NULL;
+	int i,ret;
+	unsigned char c;
+	BIGNUM *r_mont,*r_recp,*r_simple,*a,*b,*m;
+
+	ERR_load_BN_strings();
+
+	ctx=BN_CTX_new();
+	if (ctx == NULL) exit(1);
+	r_mont=BN_new();
+	r_recp=BN_new();
+	r_simple=BN_new();
+	a=BN_new();
+	b=BN_new();
+	m=BN_new();
+	if (	(r_mont == NULL) || (r_recp == NULL) ||
+		(a == NULL) || (b == NULL))
+		goto err;
+
+	out=BIO_new(BIO_s_file());
+
+	if (out == NULL) exit(1);
+	BIO_set_fp(out,stdout,BIO_NOCLOSE);
+
+	for (i=0; i<200; i++)
+		{
+		RAND_bytes(&c,1);
+		c=(c%BN_BITS)-BN_BITS2;
+		BN_rand(a,NUM_BITS+c,0,0);
+
+		RAND_bytes(&c,1);
+		c=(c%BN_BITS)-BN_BITS2;
+		BN_rand(b,NUM_BITS+c,0,0);
+
+		RAND_bytes(&c,1);
+		c=(c%BN_BITS)-BN_BITS2;
+		BN_rand(m,NUM_BITS+c,0,1);
+
+		BN_mod(a,a,m,ctx);
+		BN_mod(b,b,m,ctx);
+
+		ret=BN_mod_exp_mont(r_mont,a,b,m,ctx,NULL);
+		if (ret <= 0)
+			{
+			printf("BN_mod_exp_mont() problems\n");
+			ERR_print_errors(out);
+			exit(1);
+			}
+
+		ret=BN_mod_exp_recp(r_recp,a,b,m,ctx);
+		if (ret <= 0)
+			{
+			printf("BN_mod_exp_recp() problems\n");
+			ERR_print_errors(out);
+			exit(1);
+			}
+
+		ret=BN_mod_exp_simple(r_simple,a,b,m,ctx);
+		if (ret <= 0)
+			{
+			printf("BN_mod_exp_simple() problems\n");
+			ERR_print_errors(out);
+			exit(1);
+			}
+
+		if (BN_cmp(r_simple, r_mont) == 0
+		    && BN_cmp(r_simple,r_recp) == 0)
+			{
+			printf(".");
+			fflush(stdout);
+			}
+		else
+		  	{
+			if (BN_cmp(r_simple,r_mont) != 0)
+				printf("\nsimple and mont results differ\n");
+			if (BN_cmp(r_simple,r_recp) != 0)
+				printf("\nsimple and recp results differ\n");
+
+			printf("a (%3d) = ",BN_num_bits(a));   BN_print(out,a);
+			printf("\nb (%3d) = ",BN_num_bits(b)); BN_print(out,b);
+			printf("\nm (%3d) = ",BN_num_bits(m)); BN_print(out,m);
+			printf("\nsimple   =");	BN_print(out,r_simple);
+			printf("\nrecp     =");	BN_print(out,r_recp);
+			printf("\nmont     ="); BN_print(out,r_mont);
+			printf("\n");
+			exit(1);
+			}
+		}
+	CRYPTO_mem_leaks(out);
+	printf(" done\n");
+	exit(0);
+err:
+	ERR_load_crypto_strings();
+	ERR_print_errors(out);
+	exit(1);
+	return(1);
+	}
+
diff --git a/crypto/openssl/crypto/bn/new b/crypto/openssl/crypto/bn/new
new file mode 100644
index 000000000000..285d506f1997
--- /dev/null
+++ b/crypto/openssl/crypto/bn/new
@@ -0,0 +1,23 @@
+void BN_RECP_CTX_init(BN_RECP_CTX *recp);
+BN_RECP_CTX *BN_RECP_CTX_new();
+void BN_RECP_CTX_free(BN_RECP_CTX *recp);
+int BN_RECP_CTX_set(BN_RECP_CTX *recp,BIGNUM *div,BN_CTX *ctx);
+
+int BN_mod_exp_recp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BIGNUM *m,
+	BN_RECP_CTX *recp,BN_CTX *ctx);
+
+int BN_div_recp(BIGNUM *dv, BIGNUM *rem, BIGNUM *m, BIGNUM *d,
+	BN_RECP_CTX *recp, BN_CTX *ctx);
+int BN_mod_recp(BIGNUM *rem, BIGNUM *m, BIGNUM *d,
+	BN_RECP_CTX *recp, BN_CTX *ctx);
+int BN_mod_mul_recp(BIGNUM *ret,BIGNUM *a,BIGNUM *b,BIGNUM *m
+
+int BN_mod_exp_montgomery(BIGNUM *r, BIGNUM *a, BIGNUM *p,
+	BN_MONT_CTX *m_ctx,BN_CTX *ctx);
+int BN_mod_exp2_montgomery(BIGNUM *r, BIGNUM *a1, BIGNUM *p1,BIGNUM *a2,
+                BIGNUM *p2,BN_MONT_CTX *m_ctx,BN_CTX *ctx);
+
+
+bn_div64 -> bn_div_words
+
+
diff --git a/crypto/openssl/crypto/bn/old/b_sqr.c b/crypto/openssl/crypto/bn/old/b_sqr.c
new file mode 100644
index 000000000000..715cb1c8abbd
--- /dev/null
+++ b/crypto/openssl/crypto/bn/old/b_sqr.c
@@ -0,0 +1,199 @@
+/* crypto/bn/bn_mul.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+static int bn_mm(BIGNUM *m,BIGNUM *A,BIGNUM *B, BIGNUM *sk,BN_CTX *ctx);
+
+/* r must be different to a and b */
+/* int BN_mmul(r, a, b) */
+int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b)
+	{
+	BN_ULONG *ap,*bp,*rp;
+	BIGNUM *sk;
+	int i,n,ret;
+	int max,al,bl;
+	BN_CTX ctx;
+
+	bn_check_top(a);
+	bn_check_top(b);
+
+	al=a->top;
+	bl=b->top;
+	if ((al == 0) || (bl == 0))
+		{
+		r->top=0;
+		return(1);
+		}
+#ifdef BN_MUL_DEBUG
+printf("BN_mul(%d,%d)\n",a->top,b->top);
+#endif
+
+	if (	(bn_limit_bits > 0) &&
+		(bl > bn_limit_num) && (al > bn_limit_num))
+		{
+		n=(BN_num_bits_word(al|bl)-bn_limit_bits);
+		n*=2;
+		sk=(BIGNUM *)Malloc(sizeof(BIGNUM)*n);
+		memset(sk,0,sizeof(BIGNUM)*n);
+		memset(&ctx,0,sizeof(ctx));
+
+		ret=bn_mm(r,a,b,&(sk[0]),&ctx);
+		for (i=0; itop=max;
+	r->neg=a->neg^b->neg;
+	ap=a->d;
+	bp=b->d;
+	rp=r->d;
+
+	rp[al]=bn_mul_words(rp,ap,al,*(bp++));
+	rp++;
+	for (i=1; i 0) && (r->d[max-1] == 0)) r->top--;
+	return(1);
+	}
+
+
+#define ahal	(sk[0])
+#define blbh	(sk[1])
+
+/* r must be different to a and b */
+int bn_mm(BIGNUM *m, BIGNUM *A, BIGNUM *B, BIGNUM *sk, BN_CTX *ctx)
+	{
+	int n,num,sqr=0;
+	int an,bn;
+	BIGNUM ah,al,bh,bl;
+
+	an=A->top;
+	bn=B->top;
+#ifdef BN_MUL_DEBUG
+printf("bn_mm(%d,%d)\n",A->top,B->top);
+#endif
+
+	if (A == B) sqr=1;
+	num=(an>bn)?an:bn;
+	n=(num+1)/2;
+	/* Are going to now chop things into 'num' word chunks. */
+
+	BN_init(&ah);
+	BN_init(&al);
+	BN_init(&bh);
+	BN_init(&bl);
+
+	bn_set_low (&al,A,n);
+	bn_set_high(&ah,A,n);
+	bn_set_low (&bl,B,n);
+	bn_set_high(&bh,B,n);
+
+	BN_sub(&ahal,&ah,&al);
+	BN_sub(&blbh,&bl,&bh);
+
+	if (num <= (bn_limit_num+bn_limit_num))
+		{
+		BN_mul(m,&ahal,&blbh);
+		if (sqr)
+			{
+			BN_sqr(&ahal,&al,ctx);
+			BN_sqr(&blbh,&ah,ctx);
+			}
+		else
+			{
+			BN_mul(&ahal,&al,&bl);
+			BN_mul(&blbh,&ah,&bh);
+			}
+		}
+	else
+		{
+		bn_mm(m,&ahal,&blbh,&(sk[2]),ctx);
+		bn_mm(&ahal,&al,&bl,&(sk[2]),ctx);
+		bn_mm(&blbh,&ah,&bh,&(sk[2]),ctx);
+		}
+
+	BN_add(m,m,&ahal);
+	BN_add(m,m,&blbh);
+
+	BN_lshift(m,m,n*BN_BITS2);
+	BN_lshift(&blbh,&blbh,n*BN_BITS2*2);
+
+	BN_add(m,m,&ahal);
+	BN_add(m,m,&blbh);
+
+	m->neg=A->neg^B->neg;
+	return(1);
+	}
+#undef ahal	(sk[0])
+#undef blbh	(sk[1])
+
+#include "bn_low.c"
+#include "bn_high.c"
diff --git a/crypto/openssl/crypto/bn/old/bn_com.c b/crypto/openssl/crypto/bn/old/bn_com.c
new file mode 100644
index 000000000000..7666b2304c84
--- /dev/null
+++ b/crypto/openssl/crypto/bn/old/bn_com.c
@@ -0,0 +1,90 @@
+/* crypto/bn/bn_mulw.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+#ifdef BN_LLONG 
+
+ab
+12
+   a2 b2
+a1 b1
+
+abc
+123
+      a3 b3 c3
+   a2 b2 c2
+a1 b1 c1
+
+abcd
+1234
+         a4 b4 c4 d4
+      a3 b3 c3 d3
+   a2 b2 c2 d2
+a1 b1 c1 d1
+
+abcde
+01234
+               a5 b5 c5 d5 e5
+            a4 b4 c4 d4 e4
+         a3 b3 c3 d3 e3
+      a2 b2 c2 d2 e2
+   a1 b1 c1 d1 e1
+a0 b0 c0 d0 e0
diff --git a/crypto/openssl/crypto/bn/old/bn_high.c b/crypto/openssl/crypto/bn/old/bn_high.c
new file mode 100644
index 000000000000..763bcb605b3a
--- /dev/null
+++ b/crypto/openssl/crypto/bn/old/bn_high.c
@@ -0,0 +1,135 @@
+#include 
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+#undef BN_MUL_HIGH_DEBUG
+
+#ifdef BN_MUL_HIGH_DEBUG
+#define debug_BN_print(a,b,c) BN_print_fp(a,b); printf(c);
+#else
+#define debug_BN_print(a,b,c)
+#endif
+
+int BN_mul_high(BIGNUM *r,BIGNUM *a,BIGNUM *b,BIGNUM *low, int words);
+
+#undef t1
+#undef t2
+
+int BN_mul_high(BIGNUM *r, BIGNUM *a, BIGNUM *b, BIGNUM *low, int words)
+	{
+	int w2,borrow=0,full=0;
+	BIGNUM t1,t2,t3,h,ah,al,bh,bl,m,s0,s1;
+	BN_ULONG ul1,ul2;
+	
+	BN_mul(r,a,b);
+	BN_rshift(r,r,words*BN_BITS2);
+	return(1);
+
+	w2=(words+1)/2;
+
+#ifdef BN_MUL_HIGH_DEBUG
+fprintf(stdout,"words=%d w2=%d\n",words,w2);
+#endif
+debug_BN_print(stdout,a," a\n");
+debug_BN_print(stdout,b," b\n");
+debug_BN_print(stdout,low," low\n");
+	BN_init(&al); BN_init(&ah);
+	BN_init(&bl); BN_init(&bh);
+	BN_init(&t1); BN_init(&t2); BN_init(&t3);
+	BN_init(&s0); BN_init(&s1);
+	BN_init(&h); BN_init(&m);
+
+	bn_set_low (&al,a,w2);
+	bn_set_high(&ah,a,w2);
+	bn_set_low (&bl,b,w2);
+	bn_set_high(&bh,b,w2);
+
+	bn_set_low(&s0,low,w2);
+	bn_set_high(&s1,low,w2);
+
+debug_BN_print(stdout,&al," al\n");
+debug_BN_print(stdout,&ah," ah\n");
+debug_BN_print(stdout,&bl," bl\n");
+debug_BN_print(stdout,&bh," bh\n");
+debug_BN_print(stdout,&s0," s0\n");
+debug_BN_print(stdout,&s1," s1\n");
+
+	/* Calculate (al-ah)*(bh-bl) */
+	BN_sub(&t1,&al,&ah);
+	BN_sub(&t2,&bh,&bl);
+	BN_mul(&m,&t1,&t2);
+
+	/* Calculate ah*bh */
+	BN_mul(&h,&ah,&bh);
+
+	/* s0 == low(al*bl)
+	 * s1 == low(ah*bh)+low((al-ah)*(bh-bl))+low(al*bl)+high(al*bl)
+	 * We know s0 and s1 so the only unknown is high(al*bl)
+	 * high(al*bl) == s1 - low(ah*bh+(al-ah)*(bh-bl)+s0)
+	 */
+	BN_add(&m,&m,&h);
+	BN_add(&t2,&m,&s0);
+
+debug_BN_print(stdout,&t2," middle value\n");
+
+	/* Quick and dirty mask off of high words */
+	if (w2 < t2.top) t2.top=w2;
+#if 0
+	bn_set_low(&t3,&t2,w2);
+#endif
+
+debug_BN_print(stdout,&t2," low middle value\n");
+	BN_sub(&t1,&s1,&t2);
+
+	if (t1.neg)
+		{
+debug_BN_print(stdout,&t1," before\n");
+		BN_zero(&t2);
+		BN_set_bit(&t2,w2*BN_BITS2);
+		BN_add(&t1,&t2,&t1);
+		/* BN_mask_bits(&t1,w2*BN_BITS2); */
+		/* if (words < t1.top) t1.top=words; */
+debug_BN_print(stdout,&t1," after\n");
+		borrow=1;
+		}
+
+/* XXXXX SPEED THIS UP */
+	/* al*bl == high(al*bl)<
+#include 
+#include 
+#include "bn_lcl.h"
+
+/* r is 2*n2 words in size,
+ * a and b are both n2 words in size.
+ * n2 must be a power of 2.
+ * We multiply and return the result.
+ * t must be 2*n2 words in size
+ * We calulate
+ * a[0]*b[0]
+ * a[0]*b[0]+a[1]*b[1]+(a[0]-a[1])*(b[1]-b[0])
+ * a[1]*b[1]
+ */
+void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
+	     BN_ULONG *t)
+	{
+	int n=n2/2;
+	int neg,zero,c1,c2;
+	BN_ULONG ln,lo,*p;
+
+#ifdef BN_COUNT
+printf(" bn_mul_recursive %d * %d\n",n2,n2);
+#endif
+	if (n2 <= 8)
+		{
+		if (n2 == 8)
+			bn_mul_comba8(r,a,b);
+		else
+			bn_mul_normal(r,a,n2,b,n2);
+		return;
+		}
+
+	if (n2 < BN_MUL_RECURSIVE_SIZE_NORMAL)
+		{
+		/* This should not happen */
+		/*abort(); */
+		bn_mul_normal(r,a,n2,b,n2);
+		return;
+		}
+	/* r=(a[0]-a[1])*(b[1]-b[0]) */
+	c1=bn_cmp_words(a,&(a[n]),n);
+	c2=bn_cmp_words(&(b[n]),b,n);
+	zero=neg=0;
+	switch (c1*3+c2)
+		{
+	case -4:
+		bn_sub_words(t,      &(a[n]),a,      n); /* - */
+		bn_sub_words(&(t[n]),b,      &(b[n]),n); /* - */
+		break;
+	case -3:
+		zero=1;
+		break;
+	case -2:
+		bn_sub_words(t,      &(a[n]),a,      n); /* - */
+		bn_sub_words(&(t[n]),&(b[n]),b,      n); /* + */
+		neg=1;
+		break;
+	case -1:
+	case 0:
+	case 1:
+		zero=1;
+		break;
+	case 2:
+		bn_sub_words(t,      a,      &(a[n]),n); /* + */
+		bn_sub_words(&(t[n]),b,      &(b[n]),n); /* - */
+		neg=1;
+		break;
+	case 3:
+		zero=1;
+		break;
+	case 4:
+		bn_sub_words(t,      a,      &(a[n]),n);
+		bn_sub_words(&(t[n]),&(b[n]),b,      n);
+		break;
+		}
+
+	if (n == 8)
+		{
+		if (!zero)
+			bn_mul_comba8(&(t[n2]),t,&(t[n]));
+		else
+			memset(&(t[n2]),0,8*sizeof(BN_ULONG));
+		
+		bn_mul_comba8(r,a,b);
+		bn_mul_comba8(&(r[n2]),&(a[n]),&(b[n]));
+		}
+	else
+		{
+		p= &(t[n2*2]);
+		if (!zero)
+			bn_mul_recursive(&(t[n2]),t,&(t[n]),n,p);
+		else
+			memset(&(t[n2]),0,n*sizeof(BN_ULONG));
+		bn_mul_recursive(r,a,b,n,p);
+		bn_mul_recursive(&(r[n2]),&(a[n]),&(b[n]),n,p);
+		}
+
+	/* t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign
+	 * r[10] holds (a[0]*b[0])
+	 * r[32] holds (b[1]*b[1])
+	 */
+
+	c1=bn_add_words(t,r,&(r[n2]),n2);
+
+	if (neg) /* if t[32] is negative */
+		{
+		c1-=bn_sub_words(&(t[n2]),t,&(t[n2]),n2);
+		}
+	else
+		{
+		/* Might have a carry */
+		c1+=bn_add_words(&(t[n2]),&(t[n2]),t,n2);
+		}
+
+	/* t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1])
+	 * r[10] holds (a[0]*b[0])
+	 * r[32] holds (b[1]*b[1])
+	 * c1 holds the carry bits
+	 */
+	c1+=bn_add_words(&(r[n]),&(r[n]),&(t[n2]),n2);
+	if (c1)
+		{
+		p= &(r[n+n2]);
+		lo= *p;
+		ln=(lo+c1)&BN_MASK2;
+		*p=ln;
+
+		/* The overflow will stop before we over write
+		 * words we should not overwrite */
+		if (ln < c1)
+			{
+			do	{
+				p++;
+				lo= *p;
+				ln=(lo+1)&BN_MASK2;
+				*p=ln;
+				} while (ln == 0);
+			}
+		}
+	}
+
+/* n+tn is the word length
+ * t needs to be n*4 is size, as does r */
+void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int tn,
+	     int n, BN_ULONG *t)
+	{
+	int n2=n*2,i,j;
+	int c1;
+	BN_ULONG ln,lo,*p;
+
+#ifdef BN_COUNT
+printf(" bn_mul_part_recursive %d * %d\n",tn+n,tn+n);
+#endif
+	if (n < 8)
+		{
+		i=tn+n;
+		bn_mul_normal(r,a,i,b,i);
+		return;
+		}
+
+	/* r=(a[0]-a[1])*(b[1]-b[0]) */
+	bn_sub_words(t,      a,      &(a[n]),n); /* + */
+	bn_sub_words(&(t[n]),b,      &(b[n]),n); /* - */
+
+	if (n == 8)
+		{
+		bn_mul_comba8(&(t[n2]),t,&(t[n]));
+		bn_mul_comba8(r,a,b);
+		bn_mul_normal(&(r[n2]),&(a[n]),tn,&(b[n]),tn);
+		memset(&(r[n2+tn*2]),0,sizeof(BN_ULONG)*(n2-tn*2));
+		}
+	else
+		{
+		p= &(t[n2*2]);
+		bn_mul_recursive(&(t[n2]),t,&(t[n]),n,p);
+		bn_mul_recursive(r,a,b,n,p);
+		i=n/2;
+		/* If there is only a bottom half to the number,
+		 * just do it */
+		j=tn-i;
+		if (j == 0)
+			{
+			bn_mul_recursive(&(r[n2]),&(a[n]),&(b[n]),i,p);
+			memset(&(r[n2+i*2]),0,sizeof(BN_ULONG)*(n2-i*2));
+			}
+		else if (j > 0) /* eg, n == 16, i == 8 and tn == 11 */
+				{
+				bn_mul_part_recursive(&(r[n2]),&(a[n]),&(b[n]),
+					j,i,p);
+				memset(&(r[n2+tn*2]),0,
+					sizeof(BN_ULONG)*(n2-tn*2));
+				}
+		else /* (j < 0) eg, n == 16, i == 8 and tn == 5 */
+			{
+			memset(&(r[n2]),0,sizeof(BN_ULONG)*(tn*2));
+			for (;;)
+				{
+				i/=2;
+				if (i < tn)
+					{
+					bn_mul_part_recursive(&(r[n2]),
+						&(a[n]),&(b[n]),
+						tn-i,i,p);
+					break;
+					}
+				else if (i == tn)
+					{
+					bn_mul_recursive(&(r[n2]),
+						&(a[n]),&(b[n]),
+						i,p);
+					break;
+					}
+				}
+			}
+		}
+
+	/* t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign
+	 * r[10] holds (a[0]*b[0])
+	 * r[32] holds (b[1]*b[1])
+	 */
+
+	c1=bn_add_words(t,r,&(r[n2]),n2);
+	c1-=bn_sub_words(&(t[n2]),t,&(t[n2]),n2);
+
+	/* t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1])
+	 * r[10] holds (a[0]*b[0])
+	 * r[32] holds (b[1]*b[1])
+	 * c1 holds the carry bits
+	 */
+	c1+=bn_add_words(&(r[n]),&(r[n]),&(t[n2]),n2);
+	if (c1)
+		{
+		p= &(r[n+n2]);
+		lo= *p;
+		ln=(lo+c1)&BN_MASK2;
+		*p=ln;
+
+		/* The overflow will stop before we over write
+		 * words we should not overwrite */
+		if (ln < c1)
+			{
+			do	{
+				p++;
+				lo= *p;
+				ln=(lo+1)&BN_MASK2;
+				*p=ln;
+				} while (ln == 0);
+			}
+		}
+	}
+
+/* r is 2*n words in size,
+ * a and b are both n words in size.
+ * n must be a power of 2.
+ * We multiply and return the result.
+ * t must be 2*n words in size
+ * We calulate
+ * a[0]*b[0]
+ * a[0]*b[0]+a[1]*b[1]+(a[0]-a[1])*(b[1]-b[0])
+ * a[1]*b[1]
+ */
+void bn_sqr_recursive(BN_ULONG *r, BN_ULONG *a, int n2, BN_ULONG *t)
+	{
+	int n=n2/2;
+	int zero,c1;
+	BN_ULONG ln,lo,*p;
+
+#ifdef BN_COUNT
+printf(" bn_sqr_recursive %d * %d\n",n2,n2);
+#endif
+	if (n2 == 4)
+		{
+		bn_sqr_comba4(r,a);
+		return;
+		}
+	else if (n2 == 8)
+		{
+		bn_sqr_comba8(r,a);
+		return;
+		}
+	if (n2 < BN_SQR_RECURSIVE_SIZE_NORMAL)
+		{
+		bn_sqr_normal(r,a,n2,t);
+		return;
+		abort();
+		}
+	/* r=(a[0]-a[1])*(a[1]-a[0]) */
+	c1=bn_cmp_words(a,&(a[n]),n);
+	zero=0;
+	if (c1 > 0)
+		bn_sub_words(t,a,&(a[n]),n);
+	else if (c1 < 0)
+		bn_sub_words(t,&(a[n]),a,n);
+	else
+		zero=1;
+
+	/* The result will always be negative unless it is zero */
+
+	if (n == 8)
+		{
+		if (!zero)
+			bn_sqr_comba8(&(t[n2]),t);
+		else
+			memset(&(t[n2]),0,8*sizeof(BN_ULONG));
+		
+		bn_sqr_comba8(r,a);
+		bn_sqr_comba8(&(r[n2]),&(a[n]));
+		}
+	else
+		{
+		p= &(t[n2*2]);
+		if (!zero)
+			bn_sqr_recursive(&(t[n2]),t,n,p);
+		else
+			memset(&(t[n2]),0,n*sizeof(BN_ULONG));
+		bn_sqr_recursive(r,a,n,p);
+		bn_sqr_recursive(&(r[n2]),&(a[n]),n,p);
+		}
+
+	/* t[32] holds (a[0]-a[1])*(a[1]-a[0]), it is negative or zero
+	 * r[10] holds (a[0]*b[0])
+	 * r[32] holds (b[1]*b[1])
+	 */
+
+	c1=bn_add_words(t,r,&(r[n2]),n2);
+
+	/* t[32] is negative */
+	c1-=bn_sub_words(&(t[n2]),t,&(t[n2]),n2);
+
+	/* t[32] holds (a[0]-a[1])*(a[1]-a[0])+(a[0]*a[0])+(a[1]*a[1])
+	 * r[10] holds (a[0]*a[0])
+	 * r[32] holds (a[1]*a[1])
+	 * c1 holds the carry bits
+	 */
+	c1+=bn_add_words(&(r[n]),&(r[n]),&(t[n2]),n2);
+	if (c1)
+		{
+		p= &(r[n+n2]);
+		lo= *p;
+		ln=(lo+c1)&BN_MASK2;
+		*p=ln;
+
+		/* The overflow will stop before we over write
+		 * words we should not overwrite */
+		if (ln < c1)
+			{
+			do	{
+				p++;
+				lo= *p;
+				ln=(lo+1)&BN_MASK2;
+				*p=ln;
+				} while (ln == 0);
+			}
+		}
+	}
+
+#if 1
+/* a and b must be the same size, which is n2.
+ * r needs to be n2 words and t needs to be n2*2
+ */
+void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
+	     BN_ULONG *t)
+	{
+	int n=n2/2;
+
+#ifdef BN_COUNT
+printf(" bn_mul_low_recursive %d * %d\n",n2,n2);
+#endif
+
+	bn_mul_recursive(r,a,b,n,&(t[0]));
+	if (n > BN_MUL_LOW_RECURSIVE_SIZE_NORMAL)
+		{
+		bn_mul_low_recursive(&(t[0]),&(a[0]),&(b[n]),n,&(t[n2]));
+		bn_add_words(&(r[n]),&(r[n]),&(t[0]),n);
+		bn_mul_low_recursive(&(t[0]),&(a[n]),&(b[0]),n,&(t[n2]));
+		bn_add_words(&(r[n]),&(r[n]),&(t[0]),n);
+		}
+	else
+		{
+		bn_mul_low_normal(&(t[0]),&(a[0]),&(b[n]),n);
+		bn_mul_low_normal(&(t[n]),&(a[n]),&(b[0]),n);
+		bn_add_words(&(r[n]),&(r[n]),&(t[0]),n);
+		bn_add_words(&(r[n]),&(r[n]),&(t[n]),n);
+		}
+	}
+
+/* a and b must be the same size, which is n2.
+ * r needs to be n2 words and t needs to be n2*2
+ * l is the low words of the output.
+ * t needs to be n2*3
+ */
+void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2,
+	     BN_ULONG *t)
+	{
+	int j,i,n,c1,c2;
+	int neg,oneg,zero;
+	BN_ULONG ll,lc,*lp,*mp;
+
+#ifdef BN_COUNT
+printf(" bn_mul_high %d * %d\n",n2,n2);
+#endif
+	n=(n2+1)/2;
+
+	/* Calculate (al-ah)*(bh-bl) */
+	neg=zero=0;
+	c1=bn_cmp_words(&(a[0]),&(a[n]),n);
+	c2=bn_cmp_words(&(b[n]),&(b[0]),n);
+	switch (c1*3+c2)
+		{
+	case -4:
+		bn_sub_words(&(r[0]),&(a[n]),&(a[0]),n);
+		bn_sub_words(&(r[n]),&(b[0]),&(b[n]),n);
+		break;
+	case -3:
+		zero=1;
+		break;
+	case -2:
+		bn_sub_words(&(r[0]),&(a[n]),&(a[0]),n);
+		bn_sub_words(&(r[n]),&(b[n]),&(b[0]),n);
+		neg=1;
+		break;
+	case -1:
+	case 0:
+	case 1:
+		zero=1;
+		break;
+	case 2:
+		bn_sub_words(&(r[0]),&(a[0]),&(a[n]),n);
+		bn_sub_words(&(r[n]),&(b[0]),&(b[n]),n);
+		neg=1;
+		break;
+	case 3:
+		zero=1;
+		break;
+	case 4:
+		bn_sub_words(&(r[0]),&(a[0]),&(a[n]),n);
+		bn_sub_words(&(r[n]),&(b[n]),&(b[0]),n);
+		break;
+		}
+		
+	oneg=neg;
+	/* t[10] = (a[0]-a[1])*(b[1]-b[0]) */
+	bn_mul_recursive(&(t[0]),&(r[0]),&(r[n]),n,&(t[n2]));
+	/* r[10] = (a[1]*b[1]) */
+	bn_mul_recursive(r,&(a[n]),&(b[n]),n,&(t[n2]));
+
+	/* s0 == low(al*bl)
+	 * s1 == low(ah*bh)+low((al-ah)*(bh-bl))+low(al*bl)+high(al*bl)
+	 * We know s0 and s1 so the only unknown is high(al*bl)
+	 * high(al*bl) == s1 - low(ah*bh+s0+(al-ah)*(bh-bl))
+	 * high(al*bl) == s1 - (r[0]+l[0]+t[0])
+	 */
+	if (l != NULL)
+		{
+		lp= &(t[n2+n]);
+		c1=bn_add_words(lp,&(r[0]),&(l[0]),n);
+		}
+	else
+		{
+		c1=0;
+		lp= &(r[0]);
+		}
+
+	if (neg)
+		neg=bn_sub_words(&(t[n2]),lp,&(t[0]),n);
+	else
+		{
+		bn_add_words(&(t[n2]),lp,&(t[0]),n);
+		neg=0;
+		}
+
+	if (l != NULL)
+		{
+		bn_sub_words(&(t[n2+n]),&(l[n]),&(t[n2]),n);
+		}
+	else
+		{
+		lp= &(t[n2+n]);
+		mp= &(t[n2]);
+		for (i=0; i 0)
+			{
+			lc=c1;
+			do	{
+				ll=(r[i]+lc)&BN_MASK2;
+				r[i++]=ll;
+				lc=(lc > ll);
+				} while (lc);
+			}
+		else
+			{
+			lc= -c1;
+			do	{
+				ll=r[i];
+				r[i++]=(ll-lc)&BN_MASK2;
+				lc=(lc > ll);
+				} while (lc);
+			}
+		}
+	if (c2 != 0) /* Add starting at r[1] */
+		{
+		i=n;
+		if (c2 > 0)
+			{
+			lc=c2;
+			do	{
+				ll=(r[i]+lc)&BN_MASK2;
+				r[i++]=ll;
+				lc=(lc > ll);
+				} while (lc);
+			}
+		else
+			{
+			lc= -c2;
+			do	{
+				ll=r[i];
+				r[i++]=(ll-lc)&BN_MASK2;
+				lc=(lc > ll);
+				} while (lc);
+			}
+		}
+	}
+#endif
diff --git a/crypto/openssl/crypto/bn/old/bn_low.c b/crypto/openssl/crypto/bn/old/bn_low.c
new file mode 100644
index 000000000000..cbc406751c09
--- /dev/null
+++ b/crypto/openssl/crypto/bn/old/bn_low.c
@@ -0,0 +1,194 @@
+/* crypto/bn/bn_mul.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+static int bn_mm_low(BIGNUM *m,BIGNUM *A,BIGNUM *B, int num,
+		BIGNUM *sk,BN_CTX *ctx);
+int BN_mul_low(BIGNUM *r, BIGNUM *a, BIGNUM *b,int words);
+
+/* r must be different to a and b */
+int BN_mul_low(BIGNUM *r, BIGNUM *a, BIGNUM *b, int num)
+	{
+	BN_ULONG *ap,*bp,*rp;
+	BIGNUM *sk;
+	int j,i,n,ret;
+	int max,al,bl;
+	BN_CTX ctx;
+
+	bn_check_top(a);
+	bn_check_top(b);
+
+#ifdef BN_MUL_DEBUG
+printf("BN_mul_low(%d,%d,%d)\n",a->top,b->top,num);
+#endif
+
+	al=a->top;
+	bl=b->top;
+	if ((al == 0) || (bl == 0))
+		{
+		r->top=0;
+		return(1);
+		}
+
+	if ((bn_limit_bits_low > 0) && (num > bn_limit_num_low))
+		{
+		n=BN_num_bits_word(num*2)-bn_limit_bits_low;
+		n*=2;
+		sk=(BIGNUM *)Malloc(sizeof(BIGNUM)*n);
+		memset(sk,0,sizeof(BIGNUM)*n);
+		memset(&ctx,0,sizeof(ctx));
+
+		ret=bn_mm_low(r,a,b,num,&(sk[0]),&ctx);
+		for (i=0; ineg=a->neg^b->neg;
+	ap=a->d;
+	bp=b->d;
+	rp=r->d;
+	r->top=(max > num)?num:max;
+
+	rp[al]=bn_mul_words(rp,ap,al,*(bp++));
+	rp++;
+	j=bl;
+	for (i=1; i= num--)
+			{
+			al--;
+			if (al <= 0) break;
+			}
+		rp[al]=bn_mul_add_words(rp,ap,al,*(bp++));
+		rp++;
+		}
+	
+	while ((r->top > 0) && (r->d[r->top-1] == 0))
+		r->top--;
+	return(1);
+	}
+
+
+#define t1	(sk[0])
+#define t2	(sk[1])
+
+/* r must be different to a and b */
+int bn_mm_low(BIGNUM *m, BIGNUM *A, BIGNUM *B, int num, BIGNUM *sk,
+	     BN_CTX *ctx)
+	{
+	int n; /* ,sqr=0; */
+	int an,bn;
+	BIGNUM ah,al,bh,bl;
+
+	bn_wexpand(m,num+3);
+	an=A->top;
+	bn=B->top;
+
+#ifdef BN_MUL_DEBUG
+printf("bn_mm_low(%d,%d,%d)\n",A->top,B->top,num);
+#endif
+
+	n=(num+1)/2;
+
+	BN_init(&ah); BN_init(&al); BN_init(&bh); BN_init(&bl);
+
+	bn_set_low( &al,A,n);
+	bn_set_high(&ah,A,n);
+	bn_set_low( &bl,B,n);
+	bn_set_high(&bh,B,n);
+
+	if (num <= (bn_limit_num_low+bn_limit_num_low))
+		{
+		BN_mul(m,&al,&bl);
+		BN_mul_low(&t1,&al,&bh,n);
+		BN_mul_low(&t2,&ah,&bl,n);
+		}
+	else
+		{
+		bn_mm(m  ,&al,&bl,&(sk[2]),ctx);
+		bn_mm_low(&t1,&al,&bh,n,&(sk[2]),ctx);
+		bn_mm_low(&t2,&ah,&bl,n,&(sk[2]),ctx);
+		}
+
+	BN_add(&t1,&t1,&t2);
+
+	/* We will now do an evil hack instead of
+	 * BN_lshift(&t1,&t1,n*BN_BITS2);
+	 * BN_add(m,m,&t1);
+	 * BN_mask_bits(m,num*BN_BITS2);
+	 */
+	bn_set_high(&ah,m,n); ah.max=num+2;
+	BN_add(&ah,&ah,&t1);
+	m->top=num;
+
+	m->neg=A->neg^B->neg;
+	return(1);
+	}
+
+#undef t1	(sk[0])
+#undef t2	(sk[1])
diff --git a/crypto/openssl/crypto/bn/old/bn_m.c b/crypto/openssl/crypto/bn/old/bn_m.c
new file mode 100644
index 000000000000..522beb02bca1
--- /dev/null
+++ b/crypto/openssl/crypto/bn/old/bn_m.c
@@ -0,0 +1,139 @@
+/* crypto/bn/bn_m.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+/*#include "cryptlib.h"*/
+#include "bn_lcl.h"
+
+#define limit_bits 5			/* 2^5, or 32 words */
+#define limit_num (1<top|b->top)-limit_bits);
+	n*=2;
+	sk=(BIGNUM *)malloc(sizeof(BIGNUM)*n);
+	for (i=0; itop;
+	bn=B->top;
+	if ((an <= limit_num) || (bn <= limit_num))
+		{
+		return(BN_mul(m,A,B));
+		}
+
+	anum=(an>bn)?an:bn;
+	num=(anum)/2;
+
+	/* Are going to now chop things into 'num' word chunks. */
+	bnum=num*BN_BITS2;
+
+	BN_init(&ahal);
+	BN_init(&blbh);
+	BN_init(&ah);
+	BN_init(&al);
+	BN_init(&bh);
+	BN_init(&bl);
+
+	al.top=num;
+	al.d=A->d;
+	ah.top=A->top-num;
+	ah.d= &(A->d[num]);
+
+	bl.top=num;
+	bl.d=B->d;
+	bh.top=B->top-num;
+	bh.d= &(B->d[num]);
+
+	BN_sub(&ahal,&ah,&al);
+	BN_sub(&blbh,&bl,&bh);
+
+	BN_mm(m,&ahal,&blbh,&(sk[2]));
+	BN_mm(&ahal,&al,&bl,&(sk[2]));
+	BN_mm(&blbh,&ah,&bh,&(sk[2]));
+
+	BN_add(m,m,&ahal);
+	BN_add(m,m,&blbh);
+
+	BN_lshift(m,m,bnum);
+	BN_add(m,m,&ahal);
+
+	BN_lshift(&blbh,&blbh,bnum*2);
+	BN_add(m,m,&blbh);
+
+	m->neg=A->neg^B->neg;
+	return(1);
+	}
+
diff --git a/crypto/openssl/crypto/bn/old/bn_mul.c.works b/crypto/openssl/crypto/bn/old/bn_mul.c.works
new file mode 100644
index 000000000000..6d565d44a277
--- /dev/null
+++ b/crypto/openssl/crypto/bn/old/bn_mul.c.works
@@ -0,0 +1,219 @@
+/* crypto/bn/bn_mul.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+int bn_mm(BIGNUM *m,BIGNUM *A,BIGNUM *B, BIGNUM *sk,BN_CTX *ctx);
+
+/* r must be different to a and b */
+int BN_mul(r, a, b)
+BIGNUM *r;
+BIGNUM *a;
+BIGNUM *b;
+	{
+	BN_ULONG *ap,*bp,*rp;
+	BIGNUM *sk;
+	int i,n,ret;
+	int max,al,bl;
+	BN_CTX ctx;
+
+	bn_check_top(a);
+	bn_check_top(b);
+
+	al=a->top;
+	bl=b->top;
+	if ((al == 0) || (bl == 0))
+		{
+		r->top=0;
+		return(1);
+		}
+#ifdef BN_MUL_DEBUG
+printf("BN_mul(%d,%d)\n",a->top,b->top);
+#endif
+
+#ifdef BN_RECURSION
+	if (	(bn_limit_bits > 0) &&
+		(bl > bn_limit_num) && (al > bn_limit_num))
+		{
+		n=(BN_num_bits_word(al|bl)-bn_limit_bits);
+		n*=2;
+		sk=(BIGNUM *)Malloc(sizeof(BIGNUM)*n);
+		memset(sk,0,sizeof(BIGNUM)*n);
+		memset(&ctx,0,sizeof(ctx));
+
+		ret=bn_mm(r,a,b,&(sk[0]),&ctx);
+		for (i=0; itop=max;
+	r->neg=a->neg^b->neg;
+	ap=a->d;
+	bp=b->d;
+	rp=r->d;
+
+#ifdef BN_RECURSION
+	if ((al == bl) && (al == 8))
+		{
+		bn_mul_comba8(rp,ap,bp);
+		}
+	else
+#endif
+		{
+		rp[al]=bn_mul_words(rp,ap,al,*(bp++));
+		rp++;
+		for (i=1; i 0) && (r->d[max-1] == 0)) r->top--;
+	return(1);
+	}
+
+#ifdef BN_RECURSION
+
+#define ahal	(sk[0])
+#define blbh	(sk[1])
+
+/* r must be different to a and b */
+int bn_mm(m, A, B, sk,ctx)
+BIGNUM *m,*A,*B;
+BIGNUM *sk;
+BN_CTX *ctx;
+	{
+	int n,num,sqr=0;
+	int an,bn;
+	BIGNUM ah,al,bh,bl;
+
+	an=A->top;
+	bn=B->top;
+#ifdef BN_MUL_DEBUG
+printf("bn_mm(%d,%d)\n",A->top,B->top);
+#endif
+
+	if (A == B) sqr=1;
+	num=(an>bn)?an:bn;
+	n=(num+1)/2;
+	/* Are going to now chop things into 'num' word chunks. */
+
+	BN_init(&ah);
+	BN_init(&al);
+	BN_init(&bh);
+	BN_init(&bl);
+
+	bn_set_low (&al,A,n);
+	bn_set_high(&ah,A,n);
+	bn_set_low (&bl,B,n);
+	bn_set_high(&bh,B,n);
+
+	BN_sub(&ahal,&ah,&al);
+	BN_sub(&blbh,&bl,&bh);
+
+	if (num <= (bn_limit_num+bn_limit_num))
+		{
+		BN_mul(m,&ahal,&blbh);
+		if (sqr)
+			{
+			BN_sqr(&ahal,&al,ctx);
+			BN_sqr(&blbh,&ah,ctx);
+			}
+		else
+			{
+			BN_mul(&ahal,&al,&bl);
+			BN_mul(&blbh,&ah,&bh);
+			}
+		}
+	else
+		{
+		bn_mm(m,&ahal,&blbh,&(sk[2]),ctx);
+		bn_mm(&ahal,&al,&bl,&(sk[2]),ctx);
+		bn_mm(&blbh,&ah,&bh,&(sk[2]),ctx);
+		}
+
+	BN_add(m,m,&ahal);
+	BN_add(m,m,&blbh);
+
+	BN_lshift(m,m,n*BN_BITS2);
+	BN_lshift(&blbh,&blbh,n*BN_BITS2*2);
+
+	BN_add(m,m,&ahal);
+	BN_add(m,m,&blbh);
+
+	m->neg=A->neg^B->neg;
+	return(1);
+	}
+#undef ahal	(sk[0])
+#undef blbh	(sk[1])
+
+#include "bn_low.c"
+#include "bn_high.c"
+#include "f.c"
+
+#endif
diff --git a/crypto/openssl/crypto/bn/old/bn_wmul.c b/crypto/openssl/crypto/bn/old/bn_wmul.c
new file mode 100644
index 000000000000..a467b2f17aa2
--- /dev/null
+++ b/crypto/openssl/crypto/bn/old/bn_wmul.c
@@ -0,0 +1,173 @@
+#include 
+#include "bn_lcl.h"
+
+#if 1
+
+int bn_mull(BIGNUM *r,BIGNUM *a,BIGNUM *b, BN_CTX *ctx);
+
+int bn_mull(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx)
+	{
+	int top,i,j,k,al,bl;
+	BIGNUM *t;
+
+#ifdef BN_COUNT
+printf("bn_mull %d * %d\n",a->top,b->top);
+#endif
+
+	bn_check_top(a);
+	bn_check_top(b);
+	bn_check_top(r);
+
+	al=a->top;
+	bl=b->top;
+	r->neg=a->neg^b->neg;
+
+	top=al+bl;
+	if ((al < 4) || (bl < 4))
+		{
+		if (bn_wexpand(r,top) == NULL) return(0);
+		r->top=top;
+		bn_mul_normal(r->d,a->d,al,b->d,bl);
+		goto end;
+		}
+	else if (al == bl) /* A good start, they are the same size */
+		goto symetric;
+	else
+		{
+		i=(al-bl);
+		if ((i ==  1) && !BN_get_flags(b,BN_FLG_STATIC_DATA))
+			{
+			bn_wexpand(b,al);
+			b->d[bl]=0;
+			bl++;
+			goto symetric;
+			}
+		else if ((i ==  -1) && !BN_get_flags(a,BN_FLG_STATIC_DATA))
+			{
+			bn_wexpand(a,bl);
+			a->d[al]=0;
+			al++;
+			goto symetric;
+			}
+		}
+
+	/* asymetric and >= 4 */ 
+	if (bn_wexpand(r,top) == NULL) return(0);
+	r->top=top;
+	bn_mul_normal(r->d,a->d,al,b->d,bl);
+
+	if (0)
+		{
+		/* symetric and > 4 */
+symetric:
+		if (al == 4)
+			{
+			if (bn_wexpand(r,al*2) == NULL) return(0);
+			r->top=top;
+			bn_mul_comba4(r->d,a->d,b->d);
+			goto end;
+			}
+		if (al == 8)
+			{
+			if (bn_wexpand(r,al*2) == NULL) return(0);
+			r->top=top;
+			bn_mul_comba8(r->d,a->d,b->d);
+			goto end;
+			}
+		if (al <= BN_MULL_NORMAL_SIZE)
+			{
+			if (bn_wexpand(r,al*2) == NULL) return(0);
+			r->top=top;
+			bn_mul_normal(r->d,a->d,al,b->d,bl);
+			goto end;
+			}
+		/* 16 or larger */
+		j=BN_num_bits_word((BN_ULONG)al);
+		j=1<<(j-1);
+		k=j+j;
+		t= &(ctx->bn[ctx->tos]);
+		if (al == j) /* exact multiple */
+			{
+			bn_wexpand(t,k*2);
+			bn_wexpand(r,k*2);
+			bn_mul_recursive(r->d,a->d,b->d,al,t->d);
+			}
+		else
+			{
+			bn_wexpand(a,k);
+			bn_wexpand(b,k);
+			bn_wexpand(t,k*4);
+			bn_wexpand(r,k*4);
+			for (i=a->top; id[i]=0;
+			for (i=b->top; id[i]=0;
+			bn_mul_part_recursive(r->d,a->d,b->d,al-j,j,t->d);
+			}
+		r->top=top;
+		}
+end:
+	bn_fix_top(r);
+	return(1);
+	}
+#endif
+
+void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb)
+	{
+	BN_ULONG *rr;
+
+#ifdef BN_COUNT
+printf(" bn_mul_normal %d * %d\n",na,nb);
+#endif
+
+	if (na < nb)
+		{
+		int itmp;
+		BN_ULONG *ltmp;
+
+		itmp=na; na=nb; nb=itmp;
+		ltmp=a;   a=b;   b=ltmp;
+
+		}
+	rr= &(r[na]);
+	rr[0]=bn_mul_words(r,a,na,b[0]);
+
+	for (;;)
+		{
+		if (--nb <= 0) return;
+		rr[1]=bn_mul_add_words(&(r[1]),a,na,b[1]);
+		if (--nb <= 0) return;
+		rr[2]=bn_mul_add_words(&(r[2]),a,na,b[2]);
+		if (--nb <= 0) return;
+		rr[3]=bn_mul_add_words(&(r[3]),a,na,b[3]);
+		if (--nb <= 0) return;
+		rr[4]=bn_mul_add_words(&(r[4]),a,na,b[4]);
+		rr+=4;
+		r+=4;
+		b+=4;
+		}
+	}
+
+#if 1
+void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
+	{
+#ifdef BN_COUNT
+printf(" bn_mul_low_normal %d * %d\n",n,n);
+#endif
+	bn_mul_words(r,a,n,b[0]);
+
+	for (;;)
+		{
+		if (--n <= 0) return;
+		bn_mul_add_words(&(r[1]),a,n,b[1]);
+		if (--n <= 0) return;
+		bn_mul_add_words(&(r[2]),a,n,b[2]);
+		if (--n <= 0) return;
+		bn_mul_add_words(&(r[3]),a,n,b[3]);
+		if (--n <= 0) return;
+		bn_mul_add_words(&(r[4]),a,n,b[4]);
+		r+=4;
+		b+=4;
+		}
+	}
+#endif
diff --git a/crypto/openssl/crypto/bn/old/build b/crypto/openssl/crypto/bn/old/build
new file mode 100755
index 000000000000..8cd99e5f179a
--- /dev/null
+++ b/crypto/openssl/crypto/bn/old/build
@@ -0,0 +1,3 @@
+#!/bin/sh -x
+
+gcc -g -I../../include test.c -L../.. -lcrypto
diff --git a/crypto/openssl/crypto/bn/old/info b/crypto/openssl/crypto/bn/old/info
new file mode 100644
index 000000000000..5ac99c3b2377
--- /dev/null
+++ b/crypto/openssl/crypto/bn/old/info
@@ -0,0 +1,22 @@
+Given A1A0 * B1B0 == S3S2S1S0
+
+S0=     low(A0*B0)
+S1=     low( (A1-A0)*(B0-B1)) +low( A1*B1) +high(A0*B0)
+S2=     high((A1-A0)*(B0-B1)) +high(A1*B1) +low( A1*B1)
+S3=     high(A1*B1);
+
+Assume we know S1 and S0, and can calulate A1*B1 and high((A1-A0)*(B0-B1))
+
+k0=	S0 == low(A0*B0)
+k1=	S1
+k2=	low( A1*B1)
+k3=	high(A1*B1)
+k4=	high((A1-A0)*(B0-B1))
+
+k1=	low((A1-A0)*(B0-B1)) +k2 +high(A0*B0)
+S2=	k4 +k3 +k2
+S3=	k3
+
+S1-k2= low((A1-A0)*(B0-B1)) +high(A0*B0)
+
+We potentially have a carry or a borrow from S1
diff --git a/crypto/openssl/crypto/bn/old/test.works b/crypto/openssl/crypto/bn/old/test.works
new file mode 100644
index 000000000000..127c7b415d88
--- /dev/null
+++ b/crypto/openssl/crypto/bn/old/test.works
@@ -0,0 +1,205 @@
+#include 
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+#define SIZE	128
+
+#define BN_MONT_CTX_set		bn_mcs
+#define BN_from_montgomery	bn_fm
+#define BN_mod_mul_montgomery	bn_mmm
+#undef BN_to_montgomery
+#define BN_to_montgomery(r,a,mont,ctx)	bn_mmm(\
+	r,a,(mont)->RR,(mont),ctx)
+
+main()
+	{
+	BIGNUM prime,a,b,r,A,B,R;
+	BN_MONT_CTX *mont;
+	BN_CTX *ctx;
+	int i;
+
+	ctx=BN_CTX_new();
+	BN_init(&prime);
+	BN_init(&a); BN_init(&b); BN_init(&r);
+	BN_init(&A); BN_init(&B); BN_init(&R);
+
+	BN_generate_prime(&prime,SIZE,0,NULL,NULL,NULL,NULL);
+	BN_rand(&A,SIZE,1,0);
+	BN_rand(&B,SIZE,1,0);
+	BN_mod(&A,&A,&prime,ctx);
+	BN_mod(&B,&B,&prime,ctx);
+
+	mont=BN_MONT_CTX_new();
+	BN_MONT_CTX_set(mont,&prime,ctx);
+
+	BN_to_montgomery(&a,&A,mont,ctx);
+	BN_to_montgomery(&b,&B,mont,ctx);
+
+	BN_mul(&r,&a,&b);
+	BN_print_fp(stdout,&r); printf("\n");
+	BN_from_montgomery(&r,&r,mont,ctx);
+	BN_print_fp(stdout,&r); printf("\n");
+	BN_from_montgomery(&r,&r,mont,ctx);
+	BN_print_fp(stdout,&r); printf("\n");
+
+	BN_mod_mul(&R,&A,&B,&prime,ctx);
+
+	BN_print_fp(stdout,&a); printf("\n");
+	BN_print_fp(stdout,&b); printf("\n");
+	BN_print_fp(stdout,&prime); printf("\n");
+	BN_print_fp(stdout,&r); printf("\n\n");
+
+	BN_print_fp(stdout,&A); printf("\n");
+	BN_print_fp(stdout,&B); printf("\n");
+	BN_print_fp(stdout,&prime); printf("\n");
+	BN_print_fp(stdout,&R); printf("\n\n");
+
+	BN_mul(&r,&a,&b);
+	BN_print_fp(stdout,&r); printf(" <- BA*DC\n");
+	BN_copy(&A,&r);
+	i=SIZE/2;
+	BN_mask_bits(&A,i*2);
+//	BN_print_fp(stdout,&A); printf(" <- low(BA*DC)\n");
+	bn_do_lower(&r,&a,&b,&A,i);
+//	BN_print_fp(stdout,&r); printf(" <- low(BA*DC)\n");
+	}
+
+int bn_mul_low(r,a,b,low,i)
+BIGNUM *r,*a,*b,*low;
+int i;
+	{
+	int w;
+	BIGNUM Kh,Km,t1,t2,h,ah,al,bh,bl,l,m,s0,s1;
+
+	BN_init(&Kh); BN_init(&Km); BN_init(&t1); BN_init(&t2); BN_init(&l);
+	BN_init(&ah); BN_init(&al); BN_init(&bh); BN_init(&bl); BN_init(&h);
+	BN_init(&m); BN_init(&s0); BN_init(&s1);
+
+	BN_copy(&al,a); BN_mask_bits(&al,i); BN_rshift(&ah,a,i);
+	BN_copy(&bl,b); BN_mask_bits(&bl,i); BN_rshift(&bh,b,i);
+
+
+	BN_sub(&t1,&al,&ah);
+	BN_sub(&t2,&bh,&bl);
+	BN_mul(&m,&t1,&t2);
+	BN_mul(&h,&ah,&bh);
+
+	BN_copy(&s0,low); BN_mask_bits(&s0,i);
+	BN_rshift(&s1,low,i);
+
+	BN_add(&t1,&h,&m);
+	BN_add(&t1,&t1,&s0);
+
+	BN_copy(&t2,&t1); BN_mask_bits(&t2,i);
+	BN_sub(&t1,&s1,&t2);
+	BN_lshift(&t1,&t1,i);
+	BN_add(&t1,&t1,&s0);
+	if (t1.neg)
+		{
+		BN_lshift(&t2,BN_value_one(),i*2);
+		BN_add(&t1,&t2,&t1);
+		BN_mask_bits(&t1,i*2);
+		}
+	
+	BN_free(&Kh); BN_free(&Km); BN_free(&t1); BN_free(&t2);
+	BN_free(&ah); BN_free(&al); BN_free(&bh); BN_free(&bl);
+	}
+
+int BN_mod_mul_montgomery(r,a,b,mont,ctx)
+BIGNUM *r,*a,*b;
+BN_MONT_CTX *mont;
+BN_CTX *ctx;
+	{
+	BIGNUM *tmp;
+
+        tmp= &(ctx->bn[ctx->tos++]);
+
+	if (a == b)
+		{
+		if (!BN_sqr(tmp,a,ctx)) goto err;
+		}
+	else
+		{
+		if (!BN_mul(tmp,a,b)) goto err;
+		}
+	/* reduce from aRR to aR */
+	if (!BN_from_montgomery(r,tmp,mont,ctx)) goto err;
+	ctx->tos--;
+	return(1);
+err:
+	return(0);
+	}
+
+int BN_from_montgomery(r,a,mont,ctx)
+BIGNUM *r;
+BIGNUM *a;
+BN_MONT_CTX *mont;
+BN_CTX *ctx;
+	{
+	BIGNUM z1;
+	BIGNUM *t1,*t2;
+	BN_ULONG *ap,*bp,*rp;
+	int j,i,bl,al;
+
+	BN_init(&z1);
+	t1= &(ctx->bn[ctx->tos]);
+	t2= &(ctx->bn[ctx->tos+1]);
+
+	if (!BN_copy(t1,a)) goto err;
+	/* can cheat */
+	BN_mask_bits(t1,mont->ri);
+	if (!BN_mul(t2,t1,mont->Ni)) goto err;
+	BN_mask_bits(t2,mont->ri);
+
+	if (!BN_mul(t1,t2,mont->N)) goto err;
+	if (!BN_add(t2,t1,a)) goto err;
+
+	/* At this point, t2 has the bottom ri bits set to zero.
+	 * This means that the bottom ri bits == the 1^ri minus the bottom
+	 * ri bits of a.
+	 * This means that only the bits above 'ri' in a need to be added,
+	 * and XXXXXXXXXXXXXXXXXXXXXXXX
+	 */
+BN_print_fp(stdout,t2); printf("\n");
+	BN_rshift(r,t2,mont->ri);
+
+	if (BN_ucmp(r,mont->N) >= 0)
+		bn_qsub(r,r,mont->N);
+
+	return(1);
+err:
+	return(0);
+	}
+
+int BN_MONT_CTX_set(mont,mod,ctx)
+BN_MONT_CTX *mont;
+BIGNUM *mod;
+BN_CTX *ctx;
+	{
+	BIGNUM *Ri=NULL,*R=NULL;
+
+	if (mont->RR == NULL) mont->RR=BN_new();
+	if (mont->N == NULL)  mont->N=BN_new();
+
+	R=mont->RR;					/* grab RR as a temp */
+	BN_copy(mont->N,mod);				/* Set N */
+
+	mont->ri=(BN_num_bits(mod)+(BN_BITS2-1))/BN_BITS2*BN_BITS2;
+	BN_lshift(R,BN_value_one(),mont->ri);			/* R */
+	if ((Ri=BN_mod_inverse(NULL,R,mod,ctx)) == NULL) goto err;/* Ri */
+	BN_lshift(Ri,Ri,mont->ri);				/* R*Ri */
+	bn_qsub(Ri,Ri,BN_value_one());				/* R*Ri - 1 */
+	BN_div(Ri,NULL,Ri,mod,ctx);
+	if (mont->Ni != NULL) BN_free(mont->Ni);
+	mont->Ni=Ri;					/* Ni=(R*Ri-1)/N */
+
+	/* setup RR for conversions */
+	BN_lshift(mont->RR,BN_value_one(),mont->ri*2);
+	BN_mod(mont->RR,mont->RR,mont->N,ctx);
+
+	return(1);
+err:
+	return(0);
+	}
+
+
diff --git a/crypto/openssl/crypto/bn/test.c b/crypto/openssl/crypto/bn/test.c
new file mode 100644
index 000000000000..a048b9f878d7
--- /dev/null
+++ b/crypto/openssl/crypto/bn/test.c
@@ -0,0 +1,241 @@
+#include 
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+#define SIZE	32
+
+#define BN_MONT_CTX_set		bn_mcs
+#define BN_from_montgomery	bn_fm
+#define BN_mod_mul_montgomery	bn_mmm
+#undef BN_to_montgomery
+#define BN_to_montgomery(r,a,mont,ctx)	bn_mmm(\
+	r,a,(mont)->RR,(mont),ctx)
+
+main()
+	{
+	BIGNUM prime,a,b,r,A,B,R;
+	BN_MONT_CTX *mont;
+	BN_CTX *ctx;
+	int i;
+
+	ctx=BN_CTX_new();
+	BN_init(&prime);
+	BN_init(&a); BN_init(&b); BN_init(&r);
+	BN_init(&A); BN_init(&B); BN_init(&R);
+
+	BN_generate_prime(&prime,SIZE,0,NULL,NULL,NULL,NULL);
+	BN_rand(&A,SIZE,1,0);
+	BN_rand(&B,SIZE,1,0);
+	BN_mod(&A,&A,&prime,ctx);
+	BN_mod(&B,&B,&prime,ctx);
+
+	i=A.top;
+	BN_mul(&R,&A,&B,ctx);
+	BN_mask_bits(&R,i*BN_BITS2);
+
+
+	BN_print_fp(stdout,&A); printf(" <- a\n");
+	BN_print_fp(stdout,&B); printf(" <- b\n");
+	BN_mul_high(&r,&A,&B,&R,i);
+	BN_print_fp(stdout,&r); printf(" <- high(BA*DC)\n");
+
+	BN_mask_bits(&A,i*32);
+	BN_mask_bits(&B,i*32);
+
+	BN_mul(&R,&A,&B);
+	BN_rshift(&R,&R,i*32);
+	BN_print_fp(stdout,&R); printf(" <- norm BA*DC\n");
+	BN_sub(&R,&R,&r);
+	BN_print_fp(stdout,&R); printf(" <- diff\n");
+	}
+
+#if 0
+int bn_mul_high(BIGNUM *r, BIGNUM *a, BIGNUM *b, BIGNUM *low, int words)
+	{
+	int i;
+	BIGNUM t1,t2,t3,h,ah,al,bh,bl,m,s0,s1;
+
+	BN_init(&al); BN_init(&ah);
+	BN_init(&bl); BN_init(&bh);
+	BN_init(&t1); BN_init(&t2); BN_init(&t3);
+	BN_init(&s0); BN_init(&s1);
+	BN_init(&h); BN_init(&m);
+
+	i=a->top;
+	if (i >= words)
+		{
+		al.top=words;
+		ah.top=a->top-words;
+		ah.d= &(a->d[ah.top]);
+		}
+	else
+		al.top=i;
+	al.d=a->d;
+
+	i=b->top;
+	if (i >= words)
+		{
+		bl.top=words;
+		bh.top=i-words;
+		bh.d= &(b->d[bh.top]);
+		}
+	else
+		bl.top=i;
+	bl.d=b->d;
+
+	i=low->top;
+	if (i >= words)
+		{
+		s0.top=words;
+		s1.top=i-words;
+		s1.d= &(low->d[s1.top]);
+		}
+	else
+		s0.top=i;
+	s0.d=low->d;
+
+al.max=al.top; ah.max=ah.top;
+bl.max=bl.top; bh.max=bh.top;
+s0.max=bl.top; s1.max=bh.top;
+
+	/* Calculate (al-ah)*(bh-bl) */
+	BN_sub(&t1,&al,&ah);
+	BN_sub(&t2,&bh,&bl);
+	BN_mul(&m,&t1,&t2);
+
+	/* Calculate ah*bh */
+	BN_mul(&h,&ah,&bh);
+
+	/* s0 == low(al*bl)
+	 * s1 == low(ah*bh)+low((al-ah)*(bh-bl))+low(al*bl)+high(al*bl)
+	 * We know s0 and s1 so the only unknown is high(al*bl)
+	 * high(al*bl) == s1 - low(ah*bh+(al-ah)*(bh-bl)+s0)
+	 */
+	BN_add(&m,&m,&h);
+	BN_add(&t2,&m,&s0);
+	/* Quick and dirty mask off of high words */
+	t3.d=t2.d;
+	t3.top=(t2.top > words)?words:t2.top;
+	t3.neg=t2.neg;
+t3.max=t3.top;
+/* BN_print_fp(stdout,&s1); printf(" s1\n"); */
+/* BN_print_fp(stdout,&t2); printf(" middle value\n"); */
+/* BN_print_fp(stdout,&t3); printf(" low middle value\n"); */
+	BN_sub(&t1,&s1,&t3);
+
+	if (t1.neg)
+		{
+/*printf("neg fixup\n"); BN_print_fp(stdout,&t1); printf(" before\n"); */
+		BN_lshift(&t2,BN_value_one(),words*32);
+		BN_add(&t1,&t2,&t1);
+		BN_mask_bits(&t1,words*32);
+/* BN_print_fp(stdout,&t1); printf(" after\n"); */
+		}
+	/* al*bl == high(al*bl)<bn[ctx->tos++]);
+
+	if (a == b)
+		{
+		if (!BN_sqr(tmp,a,ctx)) goto err;
+		}
+	else
+		{
+		if (!BN_mul(tmp,a,b)) goto err;
+		}
+	/* reduce from aRR to aR */
+	if (!BN_from_montgomery(r,tmp,mont,ctx)) goto err;
+	ctx->tos--;
+	return(1);
+err:
+	return(0);
+	}
+
+int BN_from_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont, BN_CTX *ctx)
+	{
+	BIGNUM z1;
+	BIGNUM *t1,*t2;
+	BN_ULONG *ap,*bp,*rp;
+	int j,i,bl,al;
+
+	BN_init(&z1);
+	t1= &(ctx->bn[ctx->tos]);
+	t2= &(ctx->bn[ctx->tos+1]);
+
+	if (!BN_copy(t1,a)) goto err;
+	/* can cheat */
+	BN_mask_bits(t1,mont->ri);
+	if (!BN_mul(t2,t1,mont->Ni)) goto err;
+	BN_mask_bits(t2,mont->ri);
+
+	if (!BN_mul(t1,t2,mont->N)) goto err;
+	if (!BN_add(t2,t1,a)) goto err;
+
+	/* At this point, t2 has the bottom ri bits set to zero.
+	 * This means that the bottom ri bits == the 1^ri minus the bottom
+	 * ri bits of a.
+	 * This means that only the bits above 'ri' in a need to be added,
+	 * and XXXXXXXXXXXXXXXXXXXXXXXX
+	 */
+BN_print_fp(stdout,t2); printf("\n");
+	BN_rshift(r,t2,mont->ri);
+
+	if (BN_ucmp(r,mont->N) >= 0)
+		BN_usub(r,r,mont->N);
+
+	return(1);
+err:
+	return(0);
+	}
+
+int BN_MONT_CTX_set(BN_MONT_CTX *mont, BIGNUM *mod, BN_CTX *ctx)
+	{
+	BIGNUM *Ri=NULL,*R=NULL;
+
+	if (mont->RR == NULL) mont->RR=BN_new();
+	if (mont->N == NULL)  mont->N=BN_new();
+
+	R=mont->RR;					/* grab RR as a temp */
+	BN_copy(mont->N,mod);				/* Set N */
+
+	mont->ri=(BN_num_bits(mod)+(BN_BITS2-1))/BN_BITS2*BN_BITS2;
+	BN_lshift(R,BN_value_one(),mont->ri);			/* R */
+	if ((Ri=BN_mod_inverse(NULL,R,mod,ctx)) == NULL) goto err;/* Ri */
+	BN_lshift(Ri,Ri,mont->ri);				/* R*Ri */
+	BN_usub(Ri,Ri,BN_value_one());				/* R*Ri - 1 */
+	BN_div(Ri,NULL,Ri,mod,ctx);
+	if (mont->Ni != NULL) BN_free(mont->Ni);
+	mont->Ni=Ri;					/* Ni=(R*Ri-1)/N */
+
+	/* setup RR for conversions */
+	BN_lshift(mont->RR,BN_value_one(),mont->ri*2);
+	BN_mod(mont->RR,mont->RR,mont->N,ctx);
+
+	return(1);
+err:
+	return(0);
+	}
+
+
+#endif
diff --git a/crypto/openssl/crypto/bn/todo b/crypto/openssl/crypto/bn/todo
new file mode 100644
index 000000000000..e47e381aea13
--- /dev/null
+++ b/crypto/openssl/crypto/bn/todo
@@ -0,0 +1,3 @@
+Cache RECP_CTX values
+make the result argument independant of the inputs.
+split up the _exp_ functions
diff --git a/crypto/openssl/crypto/buffer/Makefile.ssl b/crypto/openssl/crypto/buffer/Makefile.ssl
new file mode 100644
index 000000000000..b615c4c12db5
--- /dev/null
+++ b/crypto/openssl/crypto/buffer/Makefile.ssl
@@ -0,0 +1,86 @@
+#
+# SSLeay/crypto/buffer/Makefile
+#
+
+DIR=	buffer
+TOP=	../..
+CC=	cc
+INCLUDES= -I.. -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=		make -f Makefile.ssl
+MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+MAKEFILE=	Makefile.ssl
+AR=		ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= buffer.c buf_err.c
+LIBOBJ= buffer.o buf_err.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= buffer.h
+HEADER=	$(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:	lib
+
+lib:	$(LIBOBJ)
+	$(AR) $(LIB) $(LIBOBJ)
+	$(RANLIB) $(LIB)
+	@touch lib
+
+files:
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+	@for i in $(EXHEADER) ; \
+	do  \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+	done;
+
+tags:
+	ctags $(SRC)
+
+tests:
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+
+dclean:
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+buf_err.o: ../../include/openssl/buffer.h ../../include/openssl/err.h
+buffer.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+buffer.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+buffer.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+buffer.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+buffer.o: ../../include/openssl/stack.h ../cryptlib.h
diff --git a/crypto/openssl/crypto/buffer/buf_err.c b/crypto/openssl/crypto/buffer/buf_err.c
new file mode 100644
index 000000000000..7f9fd1f6c367
--- /dev/null
+++ b/crypto/openssl/crypto/buffer/buf_err.c
@@ -0,0 +1,94 @@
+/* crypto/buffer/buf_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file.
+ */
+
+#include 
+#include 
+#include 
+
+/* BEGIN ERROR CODES */
+#ifndef NO_ERR
+static ERR_STRING_DATA BUF_str_functs[]=
+	{
+{ERR_PACK(0,BUF_F_BUF_MEM_GROW,0),	"BUF_MEM_grow"},
+{ERR_PACK(0,BUF_F_BUF_MEM_NEW,0),	"BUF_MEM_new"},
+{ERR_PACK(0,BUF_F_BUF_STRDUP,0),	"BUF_strdup"},
+{0,NULL}
+	};
+
+static ERR_STRING_DATA BUF_str_reasons[]=
+	{
+{0,NULL}
+	};
+
+#endif
+
+void ERR_load_BUF_strings(void)
+	{
+	static int init=1;
+
+	if (init)
+		{
+		init=0;
+#ifndef NO_ERR
+		ERR_load_strings(ERR_LIB_BUF,BUF_str_functs);
+		ERR_load_strings(ERR_LIB_BUF,BUF_str_reasons);
+#endif
+
+		}
+	}
diff --git a/crypto/openssl/crypto/buffer/buffer.c b/crypto/openssl/crypto/buffer/buffer.c
new file mode 100644
index 000000000000..c3a108ea5211
--- /dev/null
+++ b/crypto/openssl/crypto/buffer/buffer.c
@@ -0,0 +1,144 @@
+/* crypto/buffer/buffer.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+
+BUF_MEM *BUF_MEM_new(void)
+	{
+	BUF_MEM *ret;
+
+	ret=Malloc(sizeof(BUF_MEM));
+	if (ret == NULL)
+		{
+		BUFerr(BUF_F_BUF_MEM_NEW,ERR_R_MALLOC_FAILURE);
+		return(NULL);
+		}
+	ret->length=0;
+	ret->max=0;
+	ret->data=NULL;
+	return(ret);
+	}
+
+void BUF_MEM_free(BUF_MEM *a)
+	{
+	if(a == NULL)
+	    return;
+
+	if (a->data != NULL)
+		{
+		memset(a->data,0,(unsigned int)a->max);
+		Free(a->data);
+		}
+	Free(a);
+	}
+
+int BUF_MEM_grow(BUF_MEM *str, int len)
+	{
+	char *ret;
+	unsigned int n;
+
+	if (str->length >= len)
+		{
+		str->length=len;
+		return(len);
+		}
+	if (str->max >= len)
+		{
+		memset(&str->data[str->length],0,len-str->length);
+		str->length=len;
+		return(len);
+		}
+	n=(len+3)/3*4;
+	if (str->data == NULL)
+		ret=Malloc(n);
+	else
+		ret=Realloc(str->data,n);
+	if (ret == NULL)
+		{
+		BUFerr(BUF_F_BUF_MEM_GROW,ERR_R_MALLOC_FAILURE);
+		len=0;
+		}
+	else
+		{
+		str->data=ret;
+		str->length=len;
+		str->max=n;
+		}
+	return(len);
+	}
+
+char *BUF_strdup(const char *str)
+	{
+	char *ret;
+	int n;
+
+	if (str == NULL) return(NULL);
+
+	n=strlen(str);
+	ret=Malloc(n+1);
+	if (ret == NULL) 
+		{
+		BUFerr(BUF_F_BUF_STRDUP,ERR_R_MALLOC_FAILURE);
+		return(NULL);
+		}
+	memcpy(ret,str,n+1);
+	return(ret);
+	}
+
diff --git a/crypto/openssl/crypto/buffer/buffer.h b/crypto/openssl/crypto/buffer/buffer.h
new file mode 100644
index 000000000000..bff26bf39191
--- /dev/null
+++ b/crypto/openssl/crypto/buffer/buffer.h
@@ -0,0 +1,98 @@
+/* crypto/buffer/buffer.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_BUFFER_H
+#define HEADER_BUFFER_H
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+typedef struct buf_mem_st
+	{
+	int length;	/* current number of bytes */
+	char *data;
+	int max;	/* size of buffer */
+	} BUF_MEM;
+
+BUF_MEM *BUF_MEM_new(void);
+void	BUF_MEM_free(BUF_MEM *a);
+int	BUF_MEM_grow(BUF_MEM *str, int len);
+char *	BUF_strdup(const char *str);
+
+void ERR_load_BUF_strings(void );
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+
+/* Error codes for the BUF functions. */
+
+/* Function codes. */
+#define BUF_F_BUF_MEM_GROW				 100
+#define BUF_F_BUF_MEM_NEW				 101
+#define BUF_F_BUF_STRDUP				 102
+
+/* Reason codes. */
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
+
diff --git a/crypto/openssl/crypto/cast/Makefile.ssl b/crypto/openssl/crypto/cast/Makefile.ssl
new file mode 100644
index 000000000000..cc040576ae63
--- /dev/null
+++ b/crypto/openssl/crypto/cast/Makefile.ssl
@@ -0,0 +1,124 @@
+#
+# SSLeay/crypto/cast/Makefile
+#
+
+DIR=	cast
+TOP=	../..
+CC=	cc
+CPP=	$(CC) -E
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=		make -f Makefile.ssl
+MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+MAKEFILE=	Makefile.ssl
+AR=		ar r
+
+CAST_ENC=c_enc.o
+# or use
+#CAST_ENC=asm/cx86-elf.o
+#CAST_ENC=asm/cx86-out.o
+#CAST_ENC=asm/cx86-sol.o
+#CAST_ENC=asm/cx86bdsi.o
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=casttest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=c_skey.c c_ecb.c c_enc.c c_cfb64.c c_ofb64.c 
+LIBOBJ=c_skey.o c_ecb.o $(CAST_ENC) c_cfb64.o c_ofb64.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= cast.h
+HEADER=	cast_s.h cast_lcl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:	lib
+
+lib:	$(LIBOBJ)
+	$(AR) $(LIB) $(LIBOBJ)
+	$(RANLIB) $(LIB)
+	@touch lib
+
+# elf
+asm/cx86-elf.o: asm/cx86unix.cpp
+	$(CPP) -DELF asm/cx86unix.cpp | as -o asm/cx86-elf.o
+
+# solaris
+asm/cx86-sol.o: asm/cx86unix.cpp
+	$(CC) -E -DSOL asm/cx86unix.cpp | sed 's/^#.*//' > asm/cx86-sol.s
+	as -o asm/cx86-sol.o asm/cx86-sol.s
+	rm -f asm/cx86-sol.s
+
+# a.out
+asm/cx86-out.o: asm/cx86unix.cpp
+	$(CPP) -DOUT asm/cx86unix.cpp | as -o asm/cx86-out.o
+
+# bsdi
+asm/cx86bsdi.o: asm/cx86unix.cpp
+	$(CPP) -DBSDI asm/cx86unix.cpp | sed 's/ :/:/' | as -o asm/cx86bsdi.o
+
+asm/cx86unix.cpp: asm/cast-586.pl
+	(cd asm; $(PERL) cast-586.pl cpp $(PROCESSOR) >cx86unix.cpp)
+
+files:
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+	@for i in $(EXHEADER) ; \
+	do  \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+	done;
+
+tags:
+	ctags $(SRC)
+
+tests:
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+
+dclean:
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	rm -f asm/cx86unix.cpp *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+c_cfb64.o: ../../include/openssl/cast.h ../../include/openssl/e_os.h
+c_cfb64.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+c_cfb64.o: cast_lcl.h
+c_ecb.o: ../../include/openssl/cast.h ../../include/openssl/e_os.h
+c_ecb.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+c_ecb.o: ../../include/openssl/opensslv.h cast_lcl.h
+c_enc.o: ../../include/openssl/cast.h ../../include/openssl/e_os.h
+c_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+c_enc.o: cast_lcl.h
+c_ofb64.o: ../../include/openssl/cast.h ../../include/openssl/e_os.h
+c_ofb64.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+c_ofb64.o: cast_lcl.h
+c_skey.o: ../../include/openssl/cast.h ../../include/openssl/e_os.h
+c_skey.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+c_skey.o: cast_lcl.h cast_s.h
diff --git a/crypto/openssl/crypto/cast/Makefile.uni b/crypto/openssl/crypto/cast/Makefile.uni
new file mode 100644
index 000000000000..a5870897cfa4
--- /dev/null
+++ b/crypto/openssl/crypto/cast/Makefile.uni
@@ -0,0 +1,124 @@
+# Targets
+# make          - twidle the options yourself :-)
+# make cc       - standard cc options
+# make gcc      - standard gcc options
+# make x86-elf  - linux-elf etc
+# make x86-out  - linux-a.out, FreeBSD etc
+# make x86-solaris
+# make x86-bdsi
+
+# There are 3 possible performance options, experiment :-)
+#OPTS= -DBF_PTR
+#OPTS= -DBF_PTR2
+OPTS=
+
+DIR=    cast
+TOP=    .
+CC=     gcc
+CFLAG=	-O3 -fomit-frame-pointer
+
+CPP=    $(CC) -E
+INCLUDES=
+INSTALLTOP=/usr/local/lib
+MAKE=           make
+MAKEDEPEND=     makedepend
+MAKEFILE=       Makefile.uni
+AR=             ar r
+RANLIB=         ranlib
+
+CAST_ENC=c_enc.o
+# or use
+#CAST_ENC=asm/cx86-elf.o
+#CAST_ENC=asm/cx86-out.o
+#CAST_ENC=asm/cx86-sol.o
+#CAST_ENC=asm/cx86bdsi.o
+
+CFLAGS= $(OPTS) $(INCLUDES) $(CFLAG) -DFULL_TEST
+
+GENERAL=Makefile
+TEST=casttest
+APP1=cast_spd
+APP2=castopts
+APPS=$(APP1) $(APP2)
+
+LIB=libcast.a
+LIBSRC=c_skey.c c_ecb.c c_enc.c c_cfb64.c c_ofb64.c
+LIBOBJ=c_skey.o c_ecb.o $(CAST_ENC) c_cfb64.o c_ofb64.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= cast.h
+HEADER= cast_lcl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+all:    $(LIB) $(TEST) $(APPS)
+
+$(LIB):    $(LIBOBJ)
+	$(AR) $(LIB) $(LIBOBJ)
+	$(RANLIB) $(LIB)
+# elf
+asm/cx86-elf.o: asm/cx86unix.cpp
+	$(CPP) -DELF asm/cx86unix.cpp | as -o asm/cx86-elf.o
+
+# solaris
+asm/cx86-sol.o: asm/cx86unix.cpp
+	$(CC) -E -DSOL asm/cx86unix.cpp | sed 's/^#.*//' > asm/cx86-sol.s
+	as -o asm/cx86-sol.o asm/cx86-sol.s
+	rm -f asm/cx86-sol.s
+
+# a.out
+asm/cx86-out.o: asm/cx86unix.cpp
+	$(CPP) -DOUT asm/cx86unix.cpp | as -o asm/cx86-out.o
+
+# bsdi
+asm/cx86bsdi.o: asm/cx86unix.cpp
+	$(CPP) -DBSDI asm/cx86unix.cpp | as -o asm/cx86bsdi.o
+
+asm/cx86unix.cpp:
+	(cd asm; perl cast-586.pl cpp >cx86unix.cpp)
+
+test:	$(TEST)
+	./$(TEST)
+
+$(TEST): $(TEST).c $(LIB)
+	$(CC) -o $(TEST) $(CFLAGS) $(TEST).c $(LIB)
+
+$(APP1): $(APP1).c $(LIB)
+	$(CC) -o $(APP1) $(CFLAGS) $(APP1).c $(LIB)
+
+$(APP2): $(APP2).c $(LIB)
+	$(CC) -o $(APP2) $(CFLAGS) $(APP2).c $(LIB)
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+
+dclean:
+	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	/bin/rm -f $(LIB) $(TEST) $(APPS) *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+cc:
+	$(MAKE) CC="cc" CFLAG="-O" all
+
+gcc:
+	$(MAKE) CC="gcc" CFLAGS="-O3 -fomit-frame-pointer" all
+
+x86-elf:
+	$(MAKE) CAST_ENC="asm/cx86-elf.o" CFLAG="-DELF $(CFLAGS)" all
+
+x86-out:
+	$(MAKE) CAST_ENC="asm/cx86-out.o" CFLAG="-DOUT $(CFLAGS)" all
+
+x86-solaris:
+	$(MAKE) CAST_ENC="asm/cx86-sol.o" CFLAG="-DSOL $(CFLAGS)" all
+
+x86-bdsi:
+	$(MAKE) CAST_ENC="asm/cx86-bdsi.o" CFLAG="-DBDSI $(CFLAGS)" all
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/openssl/crypto/cast/asm/cast-586.pl b/crypto/openssl/crypto/cast/asm/cast-586.pl
new file mode 100644
index 000000000000..6be0bfe57245
--- /dev/null
+++ b/crypto/openssl/crypto/cast/asm/cast-586.pl
@@ -0,0 +1,176 @@
+#!/usr/local/bin/perl
+
+# define for pentium pro friendly version
+$ppro=1;
+
+push(@INC,"perlasm","../../perlasm");
+require "x86asm.pl";
+require "cbc.pl";
+
+&asm_init($ARGV[0],"cast-586.pl",$ARGV[$#ARGV] eq "386");
+
+$CAST_ROUNDS=16;
+$L="edi";
+$R="esi";
+$K="ebp";
+$tmp1="ecx";
+$tmp2="ebx";
+$tmp3="eax";
+$tmp4="edx";
+$S1="CAST_S_table0";
+$S2="CAST_S_table1";
+$S3="CAST_S_table2";
+$S4="CAST_S_table3";
+
+@F1=("add","xor","sub");
+@F2=("xor","sub","add");
+@F3=("sub","add","xor");
+
+&CAST_encrypt("CAST_encrypt",1);
+&CAST_encrypt("CAST_decrypt",0);
+&cbc("CAST_cbc_encrypt","CAST_encrypt","CAST_decrypt",1,4,5,3,-1,-1);
+
+&asm_finish();
+
+sub CAST_encrypt {
+    local($name,$enc)=@_;
+
+    local($win_ex)=<<"EOF";
+EXTERN	_CAST_S_table0:DWORD
+EXTERN	_CAST_S_table1:DWORD
+EXTERN	_CAST_S_table2:DWORD
+EXTERN	_CAST_S_table3:DWORD
+EOF
+    &main::external_label(
+			  "CAST_S_table0",
+			  "CAST_S_table1",
+			  "CAST_S_table2",
+			  "CAST_S_table3",
+			  );
+
+    &function_begin_B($name,$win_ex);
+
+    &comment("");
+
+    &push("ebp");
+    &push("ebx");
+    &mov($tmp2,&wparam(0));
+    &mov($K,&wparam(1));
+    &push("esi");
+    &push("edi");
+
+    &comment("Load the 2 words");
+    &mov($L,&DWP(0,$tmp2,"",0));
+    &mov($R,&DWP(4,$tmp2,"",0));
+
+    &comment('Get short key flag');
+    &mov($tmp3,&DWP(128,$K,"",0));
+    if($enc) {
+	&push($tmp3);
+    } else {
+	&or($tmp3,$tmp3);
+	&jnz(&label('cast_dec_skip'));
+    }
+
+    &xor($tmp3,	$tmp3);
+
+    # encrypting part
+
+    if ($enc) {
+	&E_CAST( 0,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 1,$S,$R,$L,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 2,$S,$L,$R,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 3,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 4,$S,$L,$R,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 5,$S,$R,$L,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 6,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 7,$S,$R,$L,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 8,$S,$L,$R,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 9,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST(10,$S,$L,$R,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST(11,$S,$R,$L,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
+	&comment('test short key flag');
+	&pop($tmp4);
+	&or($tmp4,$tmp4);
+	&jnz(&label('cast_enc_done'));
+	&E_CAST(12,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST(13,$S,$R,$L,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST(14,$S,$L,$R,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST(15,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
+    } else {
+	&E_CAST(15,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST(14,$S,$R,$L,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST(13,$S,$L,$R,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST(12,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
+	&set_label('cast_dec_skip');
+	&E_CAST(11,$S,$L,$R,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST(10,$S,$R,$L,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 9,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 8,$S,$R,$L,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 7,$S,$L,$R,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 6,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 5,$S,$L,$R,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 4,$S,$R,$L,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 3,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 2,$S,$R,$L,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 1,$S,$L,$R,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 0,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
+    }
+
+    &set_label('cast_enc_done') if $enc;
+# Why the nop? - Ben 17/1/99
+    &nop();
+    &mov($tmp3,&wparam(0));
+    &mov(&DWP(4,$tmp3,"",0),$L);
+    &mov(&DWP(0,$tmp3,"",0),$R);
+    &function_end($name);
+}
+
+sub E_CAST {
+    local($i,$S,$L,$R,$K,$OP1,$OP2,$OP3,$tmp1,$tmp2,$tmp3,$tmp4)=@_;
+    # Ri needs to have 16 pre added.
+
+    &comment("round $i");
+    &mov(	$tmp4,		&DWP($i*8,$K,"",1));
+
+    &mov(	$tmp1,		&DWP($i*8+4,$K,"",1));
+    &$OP1(	$tmp4,		$R);
+
+    &rotl(	$tmp4,		&LB($tmp1));
+
+    if ($ppro) {
+	&mov(	$tmp2,		$tmp4);		# B
+	&xor(	$tmp1,		$tmp1);
+	
+	&movb(	&LB($tmp1),	&HB($tmp4));	# A
+	&and(	$tmp2,		0xff);
+
+	&shr(	$tmp4,		16); 		#
+	&xor(	$tmp3,		$tmp3);
+    } else {
+	&mov(	$tmp2,		$tmp4);		# B
+	&movb(	&LB($tmp1),	&HB($tmp4));	# A	# BAD BAD BAD
+	
+	&shr(	$tmp4,		16); 		#
+	&and(	$tmp2,		0xff);
+    }
+
+    &movb(	&LB($tmp3),	&HB($tmp4));	# C	# BAD BAD BAD
+    &and(	$tmp4,		0xff);		# D
+
+    &mov(	$tmp1,		&DWP($S1,"",$tmp1,4));
+    &mov(	$tmp2,		&DWP($S2,"",$tmp2,4));
+
+    &$OP2(	$tmp1,		$tmp2);
+    &mov(	$tmp2,		&DWP($S3,"",$tmp3,4));
+
+    &$OP3(	$tmp1,		$tmp2);
+    &mov(	$tmp2,		&DWP($S4,"",$tmp4,4));
+
+    &$OP1(	$tmp1,		$tmp2);
+    # XXX
+
+    &xor(	$L,		$tmp1);
+    # XXX
+}
+
diff --git a/crypto/openssl/crypto/cast/asm/readme b/crypto/openssl/crypto/cast/asm/readme
new file mode 100644
index 000000000000..fbcd76289e26
--- /dev/null
+++ b/crypto/openssl/crypto/cast/asm/readme
@@ -0,0 +1,7 @@
+There is a ppro flag in cast-586 which turns on/off
+generation of pentium pro/II friendly code
+
+This flag makes the inner loop one cycle longer, but generates 
+code that runs %30 faster on the pentium pro/II, while only %7 slower
+on the pentium.  By default, this flag is on.
+
diff --git a/crypto/openssl/crypto/cast/c_cfb64.c b/crypto/openssl/crypto/cast/c_cfb64.c
new file mode 100644
index 000000000000..514c005c325f
--- /dev/null
+++ b/crypto/openssl/crypto/cast/c_cfb64.c
@@ -0,0 +1,122 @@
+/* crypto/cast/c_cfb64.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cast_lcl.h"
+
+/* The input and output encrypted as though 64bit cfb mode is being
+ * used.  The extra state information to record how much of the
+ * 64bit block we have used is contained in *num;
+ */
+
+void CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+			long length, CAST_KEY *schedule, unsigned char *ivec,
+			int *num, int enc)
+	{
+	register CAST_LONG v0,v1,t;
+	register int n= *num;
+	register long l=length;
+	CAST_LONG ti[2];
+	unsigned char *iv,c,cc;
+
+	iv=ivec;
+	if (enc)
+		{
+		while (l--)
+			{
+			if (n == 0)
+				{
+				n2l(iv,v0); ti[0]=v0;
+				n2l(iv,v1); ti[1]=v1;
+				CAST_encrypt((CAST_LONG *)ti,schedule);
+				iv=ivec;
+				t=ti[0]; l2n(t,iv);
+				t=ti[1]; l2n(t,iv);
+				iv=ivec;
+				}
+			c= *(in++)^iv[n];
+			*(out++)=c;
+			iv[n]=c;
+			n=(n+1)&0x07;
+			}
+		}
+	else
+		{
+		while (l--)
+			{
+			if (n == 0)
+				{
+				n2l(iv,v0); ti[0]=v0;
+				n2l(iv,v1); ti[1]=v1;
+				CAST_encrypt((CAST_LONG *)ti,schedule);
+				iv=ivec;
+				t=ti[0]; l2n(t,iv);
+				t=ti[1]; l2n(t,iv);
+				iv=ivec;
+				}
+			cc= *(in++);
+			c=iv[n];
+			iv[n]=cc;
+			*(out++)=c^cc;
+			n=(n+1)&0x07;
+			}
+		}
+	v0=v1=ti[0]=ti[1]=t=c=cc=0;
+	*num=n;
+	}
+
diff --git a/crypto/openssl/crypto/cast/c_ecb.c b/crypto/openssl/crypto/cast/c_ecb.c
new file mode 100644
index 000000000000..33182f2b7126
--- /dev/null
+++ b/crypto/openssl/crypto/cast/c_ecb.c
@@ -0,0 +1,80 @@
+/* crypto/cast/c_ecb.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cast_lcl.h"
+#include 
+
+char *CAST_version="CAST" OPENSSL_VERSION_PTEXT;
+
+void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out,
+		      CAST_KEY *ks, int enc)
+	{
+	CAST_LONG l,d[2];
+
+	n2l(in,l); d[0]=l;
+	n2l(in,l); d[1]=l;
+	if (enc)
+		CAST_encrypt(d,ks);
+	else
+		CAST_decrypt(d,ks);
+	l=d[0]; l2n(l,out);
+	l=d[1]; l2n(l,out);
+	l=d[0]=d[1]=0;
+	}
+
diff --git a/crypto/openssl/crypto/cast/c_enc.c b/crypto/openssl/crypto/cast/c_enc.c
new file mode 100644
index 000000000000..0fe2cffeccff
--- /dev/null
+++ b/crypto/openssl/crypto/cast/c_enc.c
@@ -0,0 +1,207 @@
+/* crypto/cast/c_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cast_lcl.h"
+
+void CAST_encrypt(CAST_LONG *data, CAST_KEY *key)
+	{
+	register CAST_LONG l,r,*k,t;
+
+	k= &(key->data[0]);
+	l=data[0];
+	r=data[1];
+
+	E_CAST( 0,k,l,r,+,^,-);
+	E_CAST( 1,k,r,l,^,-,+);
+	E_CAST( 2,k,l,r,-,+,^);
+	E_CAST( 3,k,r,l,+,^,-);
+	E_CAST( 4,k,l,r,^,-,+);
+	E_CAST( 5,k,r,l,-,+,^);
+	E_CAST( 6,k,l,r,+,^,-);
+	E_CAST( 7,k,r,l,^,-,+);
+	E_CAST( 8,k,l,r,-,+,^);
+	E_CAST( 9,k,r,l,+,^,-);
+	E_CAST(10,k,l,r,^,-,+);
+	E_CAST(11,k,r,l,-,+,^);
+	if(!key->short_key)
+	    {
+	    E_CAST(12,k,l,r,+,^,-);
+	    E_CAST(13,k,r,l,^,-,+);
+	    E_CAST(14,k,l,r,-,+,^);
+	    E_CAST(15,k,r,l,+,^,-);
+	    }
+
+	data[1]=l&0xffffffffL;
+	data[0]=r&0xffffffffL;
+	}
+
+void CAST_decrypt(CAST_LONG *data, CAST_KEY *key)
+	{
+	register CAST_LONG l,r,*k,t;
+
+	k= &(key->data[0]);
+	l=data[0];
+	r=data[1];
+
+	if(!key->short_key)
+	    {
+	    E_CAST(15,k,l,r,+,^,-);
+	    E_CAST(14,k,r,l,-,+,^);
+	    E_CAST(13,k,l,r,^,-,+);
+	    E_CAST(12,k,r,l,+,^,-);
+	    }
+	E_CAST(11,k,l,r,-,+,^);
+	E_CAST(10,k,r,l,^,-,+);
+	E_CAST( 9,k,l,r,+,^,-);
+	E_CAST( 8,k,r,l,-,+,^);
+	E_CAST( 7,k,l,r,^,-,+);
+	E_CAST( 6,k,r,l,+,^,-);
+	E_CAST( 5,k,l,r,-,+,^);
+	E_CAST( 4,k,r,l,^,-,+);
+	E_CAST( 3,k,l,r,+,^,-);
+	E_CAST( 2,k,r,l,-,+,^);
+	E_CAST( 1,k,l,r,^,-,+);
+	E_CAST( 0,k,r,l,+,^,-);
+
+	data[1]=l&0xffffffffL;
+	data[0]=r&0xffffffffL;
+	}
+
+void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
+	     CAST_KEY *ks, unsigned char *iv, int enc)
+	{
+	register CAST_LONG tin0,tin1;
+	register CAST_LONG tout0,tout1,xor0,xor1;
+	register long l=length;
+	CAST_LONG tin[2];
+
+	if (enc)
+		{
+		n2l(iv,tout0);
+		n2l(iv,tout1);
+		iv-=8;
+		for (l-=8; l>=0; l-=8)
+			{
+			n2l(in,tin0);
+			n2l(in,tin1);
+			tin0^=tout0;
+			tin1^=tout1;
+			tin[0]=tin0;
+			tin[1]=tin1;
+			CAST_encrypt(tin,ks);
+			tout0=tin[0];
+			tout1=tin[1];
+			l2n(tout0,out);
+			l2n(tout1,out);
+			}
+		if (l != -8)
+			{
+			n2ln(in,tin0,tin1,l+8);
+			tin0^=tout0;
+			tin1^=tout1;
+			tin[0]=tin0;
+			tin[1]=tin1;
+			CAST_encrypt(tin,ks);
+			tout0=tin[0];
+			tout1=tin[1];
+			l2n(tout0,out);
+			l2n(tout1,out);
+			}
+		l2n(tout0,iv);
+		l2n(tout1,iv);
+		}
+	else
+		{
+		n2l(iv,xor0);
+		n2l(iv,xor1);
+		iv-=8;
+		for (l-=8; l>=0; l-=8)
+			{
+			n2l(in,tin0);
+			n2l(in,tin1);
+			tin[0]=tin0;
+			tin[1]=tin1;
+			CAST_decrypt(tin,ks);
+			tout0=tin[0]^xor0;
+			tout1=tin[1]^xor1;
+			l2n(tout0,out);
+			l2n(tout1,out);
+			xor0=tin0;
+			xor1=tin1;
+			}
+		if (l != -8)
+			{
+			n2l(in,tin0);
+			n2l(in,tin1);
+			tin[0]=tin0;
+			tin[1]=tin1;
+			CAST_decrypt(tin,ks);
+			tout0=tin[0]^xor0;
+			tout1=tin[1]^xor1;
+			l2nn(tout0,tout1,out,l+8);
+			xor0=tin0;
+			xor1=tin1;
+			}
+		l2n(xor0,iv);
+		l2n(xor1,iv);
+		}
+	tin0=tin1=tout0=tout1=xor0=xor1=0;
+	tin[0]=tin[1]=0;
+	}
+
diff --git a/crypto/openssl/crypto/cast/c_ofb64.c b/crypto/openssl/crypto/cast/c_ofb64.c
new file mode 100644
index 000000000000..fd0469a62faa
--- /dev/null
+++ b/crypto/openssl/crypto/cast/c_ofb64.c
@@ -0,0 +1,111 @@
+/* crypto/cast/c_ofb64.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cast_lcl.h"
+
+/* The input and output encrypted as though 64bit ofb mode is being
+ * used.  The extra state information to record how much of the
+ * 64bit block we have used is contained in *num;
+ */
+void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+			long length, CAST_KEY *schedule, unsigned char *ivec,
+			int *num)
+	{
+	register CAST_LONG v0,v1,t;
+	register int n= *num;
+	register long l=length;
+	unsigned char d[8];
+	register char *dp;
+	CAST_LONG ti[2];
+	unsigned char *iv;
+	int save=0;
+
+	iv=ivec;
+	n2l(iv,v0);
+	n2l(iv,v1);
+	ti[0]=v0;
+	ti[1]=v1;
+	dp=(char *)d;
+	l2n(v0,dp);
+	l2n(v1,dp);
+	while (l--)
+		{
+		if (n == 0)
+			{
+			CAST_encrypt((CAST_LONG *)ti,schedule);
+			dp=(char *)d;
+			t=ti[0]; l2n(t,dp);
+			t=ti[1]; l2n(t,dp);
+			save++;
+			}
+		*(out++)= *(in++)^d[n];
+		n=(n+1)&0x07;
+		}
+	if (save)
+		{
+		v0=ti[0];
+		v1=ti[1];
+		iv=ivec;
+		l2n(v0,iv);
+		l2n(v1,iv);
+		}
+	t=v0=v1=ti[0]=ti[1]=0;
+	*num=n;
+	}
+
diff --git a/crypto/openssl/crypto/cast/c_skey.c b/crypto/openssl/crypto/cast/c_skey.c
new file mode 100644
index 000000000000..acf2c3eeb51e
--- /dev/null
+++ b/crypto/openssl/crypto/cast/c_skey.c
@@ -0,0 +1,166 @@
+/* crypto/cast/c_skey.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cast_lcl.h"
+#include "cast_s.h"
+
+#define CAST_exp(l,A,a,n) \
+	A[n/4]=l; \
+	a[n+3]=(l    )&0xff; \
+	a[n+2]=(l>> 8)&0xff; \
+	a[n+1]=(l>>16)&0xff; \
+	a[n+0]=(l>>24)&0xff;
+
+#define S4 CAST_S_table4
+#define S5 CAST_S_table5
+#define S6 CAST_S_table6
+#define S7 CAST_S_table7
+
+void CAST_set_key(CAST_KEY *key, int len, unsigned char *data)
+	{
+	CAST_LONG x[16];
+	CAST_LONG z[16];
+	CAST_LONG k[32];
+	CAST_LONG X[4],Z[4];
+	CAST_LONG l,*K;
+	int i;
+
+	for (i=0; i<16; i++) x[i]=0;
+	if (len > 16) len=16;
+	for (i=0; ishort_key=1;
+	else
+	    key->short_key=0;
+
+	K= &k[0];
+	X[0]=((x[ 0]<<24)|(x[ 1]<<16)|(x[ 2]<<8)|x[ 3])&0xffffffffL;
+	X[1]=((x[ 4]<<24)|(x[ 5]<<16)|(x[ 6]<<8)|x[ 7])&0xffffffffL;
+	X[2]=((x[ 8]<<24)|(x[ 9]<<16)|(x[10]<<8)|x[11])&0xffffffffL;
+	X[3]=((x[12]<<24)|(x[13]<<16)|(x[14]<<8)|x[15])&0xffffffffL;
+
+	for (;;)
+		{
+	l=X[0]^S4[x[13]]^S5[x[15]]^S6[x[12]]^S7[x[14]]^S6[x[ 8]];
+	CAST_exp(l,Z,z, 0);
+	l=X[2]^S4[z[ 0]]^S5[z[ 2]]^S6[z[ 1]]^S7[z[ 3]]^S7[x[10]];
+	CAST_exp(l,Z,z, 4);
+	l=X[3]^S4[z[ 7]]^S5[z[ 6]]^S6[z[ 5]]^S7[z[ 4]]^S4[x[ 9]];
+	CAST_exp(l,Z,z, 8);
+	l=X[1]^S4[z[10]]^S5[z[ 9]]^S6[z[11]]^S7[z[ 8]]^S5[x[11]];
+	CAST_exp(l,Z,z,12);
+
+	K[ 0]= S4[z[ 8]]^S5[z[ 9]]^S6[z[ 7]]^S7[z[ 6]]^S4[z[ 2]];
+	K[ 1]= S4[z[10]]^S5[z[11]]^S6[z[ 5]]^S7[z[ 4]]^S5[z[ 6]];
+	K[ 2]= S4[z[12]]^S5[z[13]]^S6[z[ 3]]^S7[z[ 2]]^S6[z[ 9]];
+	K[ 3]= S4[z[14]]^S5[z[15]]^S6[z[ 1]]^S7[z[ 0]]^S7[z[12]];
+
+	l=Z[2]^S4[z[ 5]]^S5[z[ 7]]^S6[z[ 4]]^S7[z[ 6]]^S6[z[ 0]];
+	CAST_exp(l,X,x, 0);
+	l=Z[0]^S4[x[ 0]]^S5[x[ 2]]^S6[x[ 1]]^S7[x[ 3]]^S7[z[ 2]];
+	CAST_exp(l,X,x, 4);
+	l=Z[1]^S4[x[ 7]]^S5[x[ 6]]^S6[x[ 5]]^S7[x[ 4]]^S4[z[ 1]];
+	CAST_exp(l,X,x, 8);
+	l=Z[3]^S4[x[10]]^S5[x[ 9]]^S6[x[11]]^S7[x[ 8]]^S5[z[ 3]];
+	CAST_exp(l,X,x,12);
+
+	K[ 4]= S4[x[ 3]]^S5[x[ 2]]^S6[x[12]]^S7[x[13]]^S4[x[ 8]];
+	K[ 5]= S4[x[ 1]]^S5[x[ 0]]^S6[x[14]]^S7[x[15]]^S5[x[13]];
+	K[ 6]= S4[x[ 7]]^S5[x[ 6]]^S6[x[ 8]]^S7[x[ 9]]^S6[x[ 3]];
+	K[ 7]= S4[x[ 5]]^S5[x[ 4]]^S6[x[10]]^S7[x[11]]^S7[x[ 7]];
+
+	l=X[0]^S4[x[13]]^S5[x[15]]^S6[x[12]]^S7[x[14]]^S6[x[ 8]];
+	CAST_exp(l,Z,z, 0);
+	l=X[2]^S4[z[ 0]]^S5[z[ 2]]^S6[z[ 1]]^S7[z[ 3]]^S7[x[10]];
+	CAST_exp(l,Z,z, 4);
+	l=X[3]^S4[z[ 7]]^S5[z[ 6]]^S6[z[ 5]]^S7[z[ 4]]^S4[x[ 9]];
+	CAST_exp(l,Z,z, 8);
+	l=X[1]^S4[z[10]]^S5[z[ 9]]^S6[z[11]]^S7[z[ 8]]^S5[x[11]];
+	CAST_exp(l,Z,z,12);
+
+	K[ 8]= S4[z[ 3]]^S5[z[ 2]]^S6[z[12]]^S7[z[13]]^S4[z[ 9]];
+	K[ 9]= S4[z[ 1]]^S5[z[ 0]]^S6[z[14]]^S7[z[15]]^S5[z[12]];
+	K[10]= S4[z[ 7]]^S5[z[ 6]]^S6[z[ 8]]^S7[z[ 9]]^S6[z[ 2]];
+	K[11]= S4[z[ 5]]^S5[z[ 4]]^S6[z[10]]^S7[z[11]]^S7[z[ 6]];
+
+	l=Z[2]^S4[z[ 5]]^S5[z[ 7]]^S6[z[ 4]]^S7[z[ 6]]^S6[z[ 0]];
+	CAST_exp(l,X,x, 0);
+	l=Z[0]^S4[x[ 0]]^S5[x[ 2]]^S6[x[ 1]]^S7[x[ 3]]^S7[z[ 2]];
+	CAST_exp(l,X,x, 4);
+	l=Z[1]^S4[x[ 7]]^S5[x[ 6]]^S6[x[ 5]]^S7[x[ 4]]^S4[z[ 1]];
+	CAST_exp(l,X,x, 8);
+	l=Z[3]^S4[x[10]]^S5[x[ 9]]^S6[x[11]]^S7[x[ 8]]^S5[z[ 3]];
+	CAST_exp(l,X,x,12);
+
+	K[12]= S4[x[ 8]]^S5[x[ 9]]^S6[x[ 7]]^S7[x[ 6]]^S4[x[ 3]];
+	K[13]= S4[x[10]]^S5[x[11]]^S6[x[ 5]]^S7[x[ 4]]^S5[x[ 7]];
+	K[14]= S4[x[12]]^S5[x[13]]^S6[x[ 3]]^S7[x[ 2]]^S6[x[ 8]];
+	K[15]= S4[x[14]]^S5[x[15]]^S6[x[ 1]]^S7[x[ 0]]^S7[x[13]];
+	if (K != k)  break;
+	K+=16;
+		}
+
+	for (i=0; i<16; i++)
+		{
+		key->data[i*2]=k[i];
+		key->data[i*2+1]=((k[i+16])+16)&0x1f;
+		}
+	}
+
diff --git a/crypto/openssl/crypto/cast/cast.h b/crypto/openssl/crypto/cast/cast.h
new file mode 100644
index 000000000000..6cc5e8aa8cf0
--- /dev/null
+++ b/crypto/openssl/crypto/cast/cast.h
@@ -0,0 +1,103 @@
+/* crypto/cast/cast.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_CAST_H
+#define HEADER_CAST_H
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#ifdef NO_CAST
+#error CAST is disabled.
+#endif
+
+#define CAST_ENCRYPT	1
+#define CAST_DECRYPT	0
+
+#define CAST_LONG unsigned long
+
+#define CAST_BLOCK	8
+#define CAST_KEY_LENGTH	16
+
+typedef struct cast_key_st
+	{
+	CAST_LONG data[32];
+	int short_key;	/* Use reduced rounds for short key */
+	} CAST_KEY;
+
+ 
+void CAST_set_key(CAST_KEY *key, int len, unsigned char *data);
+void CAST_ecb_encrypt(const unsigned char *in,unsigned char *out,CAST_KEY *key,
+		      int enc);
+void CAST_encrypt(CAST_LONG *data,CAST_KEY *key);
+void CAST_decrypt(CAST_LONG *data,CAST_KEY *key);
+void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
+		      CAST_KEY *ks, unsigned char *iv, int enc);
+void CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+			long length, CAST_KEY *schedule, unsigned char *ivec,
+			int *num, int enc);
+void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out, 
+			long length, CAST_KEY *schedule, unsigned char *ivec,
+			int *num);
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
diff --git a/crypto/openssl/crypto/cast/cast_lcl.h b/crypto/openssl/crypto/cast/cast_lcl.h
new file mode 100644
index 000000000000..83cf382a9140
--- /dev/null
+++ b/crypto/openssl/crypto/cast/cast_lcl.h
@@ -0,0 +1,226 @@
+/* crypto/cast/cast_lcl.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifdef WIN32
+#include 
+#endif
+
+
+#include "openssl/e_os.h" /* OPENSSL_EXTERN */
+
+#undef c2l
+#define c2l(c,l)	(l =((unsigned long)(*((c)++)))    , \
+			 l|=((unsigned long)(*((c)++)))<< 8L, \
+			 l|=((unsigned long)(*((c)++)))<<16L, \
+			 l|=((unsigned long)(*((c)++)))<<24L)
+
+/* NOTE - c is not incremented as per c2l */
+#undef c2ln
+#define c2ln(c,l1,l2,n)	{ \
+			c+=n; \
+			l1=l2=0; \
+			switch (n) { \
+			case 8: l2 =((unsigned long)(*(--(c))))<<24L; \
+			case 7: l2|=((unsigned long)(*(--(c))))<<16L; \
+			case 6: l2|=((unsigned long)(*(--(c))))<< 8L; \
+			case 5: l2|=((unsigned long)(*(--(c))));     \
+			case 4: l1 =((unsigned long)(*(--(c))))<<24L; \
+			case 3: l1|=((unsigned long)(*(--(c))))<<16L; \
+			case 2: l1|=((unsigned long)(*(--(c))))<< 8L; \
+			case 1: l1|=((unsigned long)(*(--(c))));     \
+				} \
+			}
+
+#undef l2c
+#define l2c(l,c)	(*((c)++)=(unsigned char)(((l)     )&0xff), \
+			 *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+			 *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+			 *((c)++)=(unsigned char)(((l)>>24L)&0xff))
+
+/* NOTE - c is not incremented as per l2c */
+#undef l2cn
+#define l2cn(l1,l2,c,n)	{ \
+			c+=n; \
+			switch (n) { \
+			case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \
+			case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \
+			case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \
+			case 5: *(--(c))=(unsigned char)(((l2)     )&0xff); \
+			case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \
+			case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \
+			case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \
+			case 1: *(--(c))=(unsigned char)(((l1)     )&0xff); \
+				} \
+			}
+
+/* NOTE - c is not incremented as per n2l */
+#define n2ln(c,l1,l2,n)	{ \
+			c+=n; \
+			l1=l2=0; \
+			switch (n) { \
+			case 8: l2 =((unsigned long)(*(--(c))))    ; \
+			case 7: l2|=((unsigned long)(*(--(c))))<< 8; \
+			case 6: l2|=((unsigned long)(*(--(c))))<<16; \
+			case 5: l2|=((unsigned long)(*(--(c))))<<24; \
+			case 4: l1 =((unsigned long)(*(--(c))))    ; \
+			case 3: l1|=((unsigned long)(*(--(c))))<< 8; \
+			case 2: l1|=((unsigned long)(*(--(c))))<<16; \
+			case 1: l1|=((unsigned long)(*(--(c))))<<24; \
+				} \
+			}
+
+/* NOTE - c is not incremented as per l2n */
+#define l2nn(l1,l2,c,n)	{ \
+			c+=n; \
+			switch (n) { \
+			case 8: *(--(c))=(unsigned char)(((l2)    )&0xff); \
+			case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
+			case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
+			case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
+			case 4: *(--(c))=(unsigned char)(((l1)    )&0xff); \
+			case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
+			case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
+			case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
+				} \
+			}
+
+#undef n2l
+#define n2l(c,l)        (l =((unsigned long)(*((c)++)))<<24L, \
+                         l|=((unsigned long)(*((c)++)))<<16L, \
+                         l|=((unsigned long)(*((c)++)))<< 8L, \
+                         l|=((unsigned long)(*((c)++))))
+
+#undef l2n
+#define l2n(l,c)        (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)     )&0xff))
+
+#if defined(WIN32)
+#define ROTL(a,n)     (_lrotl(a,n))
+#else
+#define ROTL(a,n)     ((((a)<<(n))&0xffffffffL)|((a)>>(32-(n))))
+#endif
+
+#define C_M    0x3fc
+#define C_0    22L
+#define C_1    14L
+#define C_2     6L
+#define C_3     2L /* left shift */
+
+/* The rotate has an extra 16 added to it to help the x86 asm */
+#if defined(CAST_PTR)
+#define E_CAST(n,key,L,R,OP1,OP2,OP3) \
+	{ \
+	int i; \
+	t=(key[n*2] OP1 R)&0xffffffffL; \
+	i=key[n*2+1]; \
+	t=ROTL(t,i); \
+	L^= (((((*(CAST_LONG *)((unsigned char *) \
+			CAST_S_table0+((t>>C_2)&C_M)) OP2 \
+		*(CAST_LONG *)((unsigned char *) \
+			CAST_S_table1+((t<>C_0)&C_M)))&0xffffffffL) OP1 \
+		*(CAST_LONG *)((unsigned char *) \
+			CAST_S_table3+((t>>C_1)&C_M)))&0xffffffffL; \
+	}
+#elif defined(CAST_PTR2)
+#define E_CAST(n,key,L,R,OP1,OP2,OP3) \
+	{ \
+	int i; \
+	CAST_LONG u,v,w; \
+	w=(key[n*2] OP1 R)&0xffffffffL; \
+	i=key[n*2+1]; \
+	w=ROTL(w,i); \
+	u=w>>C_2; \
+	v=w<>C_0; \
+	t=(t OP2 *(CAST_LONG *)((unsigned char *)CAST_S_table1+v))&0xffffffffL;\
+	v=w>>C_1; \
+	u&=C_M; \
+	v&=C_M; \
+	t=(t OP3 *(CAST_LONG *)((unsigned char *)CAST_S_table2+u)&0xffffffffL);\
+	t=(t OP1 *(CAST_LONG *)((unsigned char *)CAST_S_table3+v)&0xffffffffL);\
+	L^=(t&0xffffffff); \
+	}
+#else
+#define E_CAST(n,key,L,R,OP1,OP2,OP3) \
+	{ \
+	CAST_LONG a,b,c,d; \
+	t=(key[n*2] OP1 R)&0xffffffff; \
+	t=ROTL(t,(key[n*2+1])); \
+	a=CAST_S_table0[(t>> 8)&0xff]; \
+	b=CAST_S_table1[(t    )&0xff]; \
+	c=CAST_S_table2[(t>>24)&0xff]; \
+	d=CAST_S_table3[(t>>16)&0xff]; \
+	L^=(((((a OP2 b)&0xffffffffL) OP3 c)&0xffffffffL) OP1 d)&0xffffffffL; \
+	}
+#endif
+
+OPENSSL_EXTERN CAST_LONG CAST_S_table0[256];
+OPENSSL_EXTERN CAST_LONG CAST_S_table1[256];
+OPENSSL_EXTERN CAST_LONG CAST_S_table2[256];
+OPENSSL_EXTERN CAST_LONG CAST_S_table3[256];
+OPENSSL_EXTERN CAST_LONG CAST_S_table4[256];
+OPENSSL_EXTERN CAST_LONG CAST_S_table5[256];
+OPENSSL_EXTERN CAST_LONG CAST_S_table6[256];
+OPENSSL_EXTERN CAST_LONG CAST_S_table7[256];
diff --git a/crypto/openssl/crypto/cast/cast_s.h b/crypto/openssl/crypto/cast/cast_s.h
new file mode 100644
index 000000000000..9af28972c510
--- /dev/null
+++ b/crypto/openssl/crypto/cast/cast_s.h
@@ -0,0 +1,585 @@
+/* crypto/cast/cast_s.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+OPENSSL_GLOBAL CAST_LONG CAST_S_table0[256]={
+	0x30fb40d4,0x9fa0ff0b,0x6beccd2f,0x3f258c7a,
+	0x1e213f2f,0x9c004dd3,0x6003e540,0xcf9fc949,
+	0xbfd4af27,0x88bbbdb5,0xe2034090,0x98d09675,
+	0x6e63a0e0,0x15c361d2,0xc2e7661d,0x22d4ff8e,
+	0x28683b6f,0xc07fd059,0xff2379c8,0x775f50e2,
+	0x43c340d3,0xdf2f8656,0x887ca41a,0xa2d2bd2d,
+	0xa1c9e0d6,0x346c4819,0x61b76d87,0x22540f2f,
+	0x2abe32e1,0xaa54166b,0x22568e3a,0xa2d341d0,
+	0x66db40c8,0xa784392f,0x004dff2f,0x2db9d2de,
+	0x97943fac,0x4a97c1d8,0x527644b7,0xb5f437a7,
+	0xb82cbaef,0xd751d159,0x6ff7f0ed,0x5a097a1f,
+	0x827b68d0,0x90ecf52e,0x22b0c054,0xbc8e5935,
+	0x4b6d2f7f,0x50bb64a2,0xd2664910,0xbee5812d,
+	0xb7332290,0xe93b159f,0xb48ee411,0x4bff345d,
+	0xfd45c240,0xad31973f,0xc4f6d02e,0x55fc8165,
+	0xd5b1caad,0xa1ac2dae,0xa2d4b76d,0xc19b0c50,
+	0x882240f2,0x0c6e4f38,0xa4e4bfd7,0x4f5ba272,
+	0x564c1d2f,0xc59c5319,0xb949e354,0xb04669fe,
+	0xb1b6ab8a,0xc71358dd,0x6385c545,0x110f935d,
+	0x57538ad5,0x6a390493,0xe63d37e0,0x2a54f6b3,
+	0x3a787d5f,0x6276a0b5,0x19a6fcdf,0x7a42206a,
+	0x29f9d4d5,0xf61b1891,0xbb72275e,0xaa508167,
+	0x38901091,0xc6b505eb,0x84c7cb8c,0x2ad75a0f,
+	0x874a1427,0xa2d1936b,0x2ad286af,0xaa56d291,
+	0xd7894360,0x425c750d,0x93b39e26,0x187184c9,
+	0x6c00b32d,0x73e2bb14,0xa0bebc3c,0x54623779,
+	0x64459eab,0x3f328b82,0x7718cf82,0x59a2cea6,
+	0x04ee002e,0x89fe78e6,0x3fab0950,0x325ff6c2,
+	0x81383f05,0x6963c5c8,0x76cb5ad6,0xd49974c9,
+	0xca180dcf,0x380782d5,0xc7fa5cf6,0x8ac31511,
+	0x35e79e13,0x47da91d0,0xf40f9086,0xa7e2419e,
+	0x31366241,0x051ef495,0xaa573b04,0x4a805d8d,
+	0x548300d0,0x00322a3c,0xbf64cddf,0xba57a68e,
+	0x75c6372b,0x50afd341,0xa7c13275,0x915a0bf5,
+	0x6b54bfab,0x2b0b1426,0xab4cc9d7,0x449ccd82,
+	0xf7fbf265,0xab85c5f3,0x1b55db94,0xaad4e324,
+	0xcfa4bd3f,0x2deaa3e2,0x9e204d02,0xc8bd25ac,
+	0xeadf55b3,0xd5bd9e98,0xe31231b2,0x2ad5ad6c,
+	0x954329de,0xadbe4528,0xd8710f69,0xaa51c90f,
+	0xaa786bf6,0x22513f1e,0xaa51a79b,0x2ad344cc,
+	0x7b5a41f0,0xd37cfbad,0x1b069505,0x41ece491,
+	0xb4c332e6,0x032268d4,0xc9600acc,0xce387e6d,
+	0xbf6bb16c,0x6a70fb78,0x0d03d9c9,0xd4df39de,
+	0xe01063da,0x4736f464,0x5ad328d8,0xb347cc96,
+	0x75bb0fc3,0x98511bfb,0x4ffbcc35,0xb58bcf6a,
+	0xe11f0abc,0xbfc5fe4a,0xa70aec10,0xac39570a,
+	0x3f04442f,0x6188b153,0xe0397a2e,0x5727cb79,
+	0x9ceb418f,0x1cacd68d,0x2ad37c96,0x0175cb9d,
+	0xc69dff09,0xc75b65f0,0xd9db40d8,0xec0e7779,
+	0x4744ead4,0xb11c3274,0xdd24cb9e,0x7e1c54bd,
+	0xf01144f9,0xd2240eb1,0x9675b3fd,0xa3ac3755,
+	0xd47c27af,0x51c85f4d,0x56907596,0xa5bb15e6,
+	0x580304f0,0xca042cf1,0x011a37ea,0x8dbfaadb,
+	0x35ba3e4a,0x3526ffa0,0xc37b4d09,0xbc306ed9,
+	0x98a52666,0x5648f725,0xff5e569d,0x0ced63d0,
+	0x7c63b2cf,0x700b45e1,0xd5ea50f1,0x85a92872,
+	0xaf1fbda7,0xd4234870,0xa7870bf3,0x2d3b4d79,
+	0x42e04198,0x0cd0ede7,0x26470db8,0xf881814c,
+	0x474d6ad7,0x7c0c5e5c,0xd1231959,0x381b7298,
+	0xf5d2f4db,0xab838653,0x6e2f1e23,0x83719c9e,
+	0xbd91e046,0x9a56456e,0xdc39200c,0x20c8c571,
+	0x962bda1c,0xe1e696ff,0xb141ab08,0x7cca89b9,
+	0x1a69e783,0x02cc4843,0xa2f7c579,0x429ef47d,
+	0x427b169c,0x5ac9f049,0xdd8f0f00,0x5c8165bf,
+	};
+OPENSSL_GLOBAL CAST_LONG CAST_S_table1[256]={
+	0x1f201094,0xef0ba75b,0x69e3cf7e,0x393f4380,
+	0xfe61cf7a,0xeec5207a,0x55889c94,0x72fc0651,
+	0xada7ef79,0x4e1d7235,0xd55a63ce,0xde0436ba,
+	0x99c430ef,0x5f0c0794,0x18dcdb7d,0xa1d6eff3,
+	0xa0b52f7b,0x59e83605,0xee15b094,0xe9ffd909,
+	0xdc440086,0xef944459,0xba83ccb3,0xe0c3cdfb,
+	0xd1da4181,0x3b092ab1,0xf997f1c1,0xa5e6cf7b,
+	0x01420ddb,0xe4e7ef5b,0x25a1ff41,0xe180f806,
+	0x1fc41080,0x179bee7a,0xd37ac6a9,0xfe5830a4,
+	0x98de8b7f,0x77e83f4e,0x79929269,0x24fa9f7b,
+	0xe113c85b,0xacc40083,0xd7503525,0xf7ea615f,
+	0x62143154,0x0d554b63,0x5d681121,0xc866c359,
+	0x3d63cf73,0xcee234c0,0xd4d87e87,0x5c672b21,
+	0x071f6181,0x39f7627f,0x361e3084,0xe4eb573b,
+	0x602f64a4,0xd63acd9c,0x1bbc4635,0x9e81032d,
+	0x2701f50c,0x99847ab4,0xa0e3df79,0xba6cf38c,
+	0x10843094,0x2537a95e,0xf46f6ffe,0xa1ff3b1f,
+	0x208cfb6a,0x8f458c74,0xd9e0a227,0x4ec73a34,
+	0xfc884f69,0x3e4de8df,0xef0e0088,0x3559648d,
+	0x8a45388c,0x1d804366,0x721d9bfd,0xa58684bb,
+	0xe8256333,0x844e8212,0x128d8098,0xfed33fb4,
+	0xce280ae1,0x27e19ba5,0xd5a6c252,0xe49754bd,
+	0xc5d655dd,0xeb667064,0x77840b4d,0xa1b6a801,
+	0x84db26a9,0xe0b56714,0x21f043b7,0xe5d05860,
+	0x54f03084,0x066ff472,0xa31aa153,0xdadc4755,
+	0xb5625dbf,0x68561be6,0x83ca6b94,0x2d6ed23b,
+	0xeccf01db,0xa6d3d0ba,0xb6803d5c,0xaf77a709,
+	0x33b4a34c,0x397bc8d6,0x5ee22b95,0x5f0e5304,
+	0x81ed6f61,0x20e74364,0xb45e1378,0xde18639b,
+	0x881ca122,0xb96726d1,0x8049a7e8,0x22b7da7b,
+	0x5e552d25,0x5272d237,0x79d2951c,0xc60d894c,
+	0x488cb402,0x1ba4fe5b,0xa4b09f6b,0x1ca815cf,
+	0xa20c3005,0x8871df63,0xb9de2fcb,0x0cc6c9e9,
+	0x0beeff53,0xe3214517,0xb4542835,0x9f63293c,
+	0xee41e729,0x6e1d2d7c,0x50045286,0x1e6685f3,
+	0xf33401c6,0x30a22c95,0x31a70850,0x60930f13,
+	0x73f98417,0xa1269859,0xec645c44,0x52c877a9,
+	0xcdff33a6,0xa02b1741,0x7cbad9a2,0x2180036f,
+	0x50d99c08,0xcb3f4861,0xc26bd765,0x64a3f6ab,
+	0x80342676,0x25a75e7b,0xe4e6d1fc,0x20c710e6,
+	0xcdf0b680,0x17844d3b,0x31eef84d,0x7e0824e4,
+	0x2ccb49eb,0x846a3bae,0x8ff77888,0xee5d60f6,
+	0x7af75673,0x2fdd5cdb,0xa11631c1,0x30f66f43,
+	0xb3faec54,0x157fd7fa,0xef8579cc,0xd152de58,
+	0xdb2ffd5e,0x8f32ce19,0x306af97a,0x02f03ef8,
+	0x99319ad5,0xc242fa0f,0xa7e3ebb0,0xc68e4906,
+	0xb8da230c,0x80823028,0xdcdef3c8,0xd35fb171,
+	0x088a1bc8,0xbec0c560,0x61a3c9e8,0xbca8f54d,
+	0xc72feffa,0x22822e99,0x82c570b4,0xd8d94e89,
+	0x8b1c34bc,0x301e16e6,0x273be979,0xb0ffeaa6,
+	0x61d9b8c6,0x00b24869,0xb7ffce3f,0x08dc283b,
+	0x43daf65a,0xf7e19798,0x7619b72f,0x8f1c9ba4,
+	0xdc8637a0,0x16a7d3b1,0x9fc393b7,0xa7136eeb,
+	0xc6bcc63e,0x1a513742,0xef6828bc,0x520365d6,
+	0x2d6a77ab,0x3527ed4b,0x821fd216,0x095c6e2e,
+	0xdb92f2fb,0x5eea29cb,0x145892f5,0x91584f7f,
+	0x5483697b,0x2667a8cc,0x85196048,0x8c4bacea,
+	0x833860d4,0x0d23e0f9,0x6c387e8a,0x0ae6d249,
+	0xb284600c,0xd835731d,0xdcb1c647,0xac4c56ea,
+	0x3ebd81b3,0x230eabb0,0x6438bc87,0xf0b5b1fa,
+	0x8f5ea2b3,0xfc184642,0x0a036b7a,0x4fb089bd,
+	0x649da589,0xa345415e,0x5c038323,0x3e5d3bb9,
+	0x43d79572,0x7e6dd07c,0x06dfdf1e,0x6c6cc4ef,
+	0x7160a539,0x73bfbe70,0x83877605,0x4523ecf1,
+	};
+OPENSSL_GLOBAL CAST_LONG CAST_S_table2[256]={
+	0x8defc240,0x25fa5d9f,0xeb903dbf,0xe810c907,
+	0x47607fff,0x369fe44b,0x8c1fc644,0xaececa90,
+	0xbeb1f9bf,0xeefbcaea,0xe8cf1950,0x51df07ae,
+	0x920e8806,0xf0ad0548,0xe13c8d83,0x927010d5,
+	0x11107d9f,0x07647db9,0xb2e3e4d4,0x3d4f285e,
+	0xb9afa820,0xfade82e0,0xa067268b,0x8272792e,
+	0x553fb2c0,0x489ae22b,0xd4ef9794,0x125e3fbc,
+	0x21fffcee,0x825b1bfd,0x9255c5ed,0x1257a240,
+	0x4e1a8302,0xbae07fff,0x528246e7,0x8e57140e,
+	0x3373f7bf,0x8c9f8188,0xa6fc4ee8,0xc982b5a5,
+	0xa8c01db7,0x579fc264,0x67094f31,0xf2bd3f5f,
+	0x40fff7c1,0x1fb78dfc,0x8e6bd2c1,0x437be59b,
+	0x99b03dbf,0xb5dbc64b,0x638dc0e6,0x55819d99,
+	0xa197c81c,0x4a012d6e,0xc5884a28,0xccc36f71,
+	0xb843c213,0x6c0743f1,0x8309893c,0x0feddd5f,
+	0x2f7fe850,0xd7c07f7e,0x02507fbf,0x5afb9a04,
+	0xa747d2d0,0x1651192e,0xaf70bf3e,0x58c31380,
+	0x5f98302e,0x727cc3c4,0x0a0fb402,0x0f7fef82,
+	0x8c96fdad,0x5d2c2aae,0x8ee99a49,0x50da88b8,
+	0x8427f4a0,0x1eac5790,0x796fb449,0x8252dc15,
+	0xefbd7d9b,0xa672597d,0xada840d8,0x45f54504,
+	0xfa5d7403,0xe83ec305,0x4f91751a,0x925669c2,
+	0x23efe941,0xa903f12e,0x60270df2,0x0276e4b6,
+	0x94fd6574,0x927985b2,0x8276dbcb,0x02778176,
+	0xf8af918d,0x4e48f79e,0x8f616ddf,0xe29d840e,
+	0x842f7d83,0x340ce5c8,0x96bbb682,0x93b4b148,
+	0xef303cab,0x984faf28,0x779faf9b,0x92dc560d,
+	0x224d1e20,0x8437aa88,0x7d29dc96,0x2756d3dc,
+	0x8b907cee,0xb51fd240,0xe7c07ce3,0xe566b4a1,
+	0xc3e9615e,0x3cf8209d,0x6094d1e3,0xcd9ca341,
+	0x5c76460e,0x00ea983b,0xd4d67881,0xfd47572c,
+	0xf76cedd9,0xbda8229c,0x127dadaa,0x438a074e,
+	0x1f97c090,0x081bdb8a,0x93a07ebe,0xb938ca15,
+	0x97b03cff,0x3dc2c0f8,0x8d1ab2ec,0x64380e51,
+	0x68cc7bfb,0xd90f2788,0x12490181,0x5de5ffd4,
+	0xdd7ef86a,0x76a2e214,0xb9a40368,0x925d958f,
+	0x4b39fffa,0xba39aee9,0xa4ffd30b,0xfaf7933b,
+	0x6d498623,0x193cbcfa,0x27627545,0x825cf47a,
+	0x61bd8ba0,0xd11e42d1,0xcead04f4,0x127ea392,
+	0x10428db7,0x8272a972,0x9270c4a8,0x127de50b,
+	0x285ba1c8,0x3c62f44f,0x35c0eaa5,0xe805d231,
+	0x428929fb,0xb4fcdf82,0x4fb66a53,0x0e7dc15b,
+	0x1f081fab,0x108618ae,0xfcfd086d,0xf9ff2889,
+	0x694bcc11,0x236a5cae,0x12deca4d,0x2c3f8cc5,
+	0xd2d02dfe,0xf8ef5896,0xe4cf52da,0x95155b67,
+	0x494a488c,0xb9b6a80c,0x5c8f82bc,0x89d36b45,
+	0x3a609437,0xec00c9a9,0x44715253,0x0a874b49,
+	0xd773bc40,0x7c34671c,0x02717ef6,0x4feb5536,
+	0xa2d02fff,0xd2bf60c4,0xd43f03c0,0x50b4ef6d,
+	0x07478cd1,0x006e1888,0xa2e53f55,0xb9e6d4bc,
+	0xa2048016,0x97573833,0xd7207d67,0xde0f8f3d,
+	0x72f87b33,0xabcc4f33,0x7688c55d,0x7b00a6b0,
+	0x947b0001,0x570075d2,0xf9bb88f8,0x8942019e,
+	0x4264a5ff,0x856302e0,0x72dbd92b,0xee971b69,
+	0x6ea22fde,0x5f08ae2b,0xaf7a616d,0xe5c98767,
+	0xcf1febd2,0x61efc8c2,0xf1ac2571,0xcc8239c2,
+	0x67214cb8,0xb1e583d1,0xb7dc3e62,0x7f10bdce,
+	0xf90a5c38,0x0ff0443d,0x606e6dc6,0x60543a49,
+	0x5727c148,0x2be98a1d,0x8ab41738,0x20e1be24,
+	0xaf96da0f,0x68458425,0x99833be5,0x600d457d,
+	0x282f9350,0x8334b362,0xd91d1120,0x2b6d8da0,
+	0x642b1e31,0x9c305a00,0x52bce688,0x1b03588a,
+	0xf7baefd5,0x4142ed9c,0xa4315c11,0x83323ec5,
+	0xdfef4636,0xa133c501,0xe9d3531c,0xee353783,
+	};
+OPENSSL_GLOBAL CAST_LONG CAST_S_table3[256]={
+	0x9db30420,0x1fb6e9de,0xa7be7bef,0xd273a298,
+	0x4a4f7bdb,0x64ad8c57,0x85510443,0xfa020ed1,
+	0x7e287aff,0xe60fb663,0x095f35a1,0x79ebf120,
+	0xfd059d43,0x6497b7b1,0xf3641f63,0x241e4adf,
+	0x28147f5f,0x4fa2b8cd,0xc9430040,0x0cc32220,
+	0xfdd30b30,0xc0a5374f,0x1d2d00d9,0x24147b15,
+	0xee4d111a,0x0fca5167,0x71ff904c,0x2d195ffe,
+	0x1a05645f,0x0c13fefe,0x081b08ca,0x05170121,
+	0x80530100,0xe83e5efe,0xac9af4f8,0x7fe72701,
+	0xd2b8ee5f,0x06df4261,0xbb9e9b8a,0x7293ea25,
+	0xce84ffdf,0xf5718801,0x3dd64b04,0xa26f263b,
+	0x7ed48400,0x547eebe6,0x446d4ca0,0x6cf3d6f5,
+	0x2649abdf,0xaea0c7f5,0x36338cc1,0x503f7e93,
+	0xd3772061,0x11b638e1,0x72500e03,0xf80eb2bb,
+	0xabe0502e,0xec8d77de,0x57971e81,0xe14f6746,
+	0xc9335400,0x6920318f,0x081dbb99,0xffc304a5,
+	0x4d351805,0x7f3d5ce3,0xa6c866c6,0x5d5bcca9,
+	0xdaec6fea,0x9f926f91,0x9f46222f,0x3991467d,
+	0xa5bf6d8e,0x1143c44f,0x43958302,0xd0214eeb,
+	0x022083b8,0x3fb6180c,0x18f8931e,0x281658e6,
+	0x26486e3e,0x8bd78a70,0x7477e4c1,0xb506e07c,
+	0xf32d0a25,0x79098b02,0xe4eabb81,0x28123b23,
+	0x69dead38,0x1574ca16,0xdf871b62,0x211c40b7,
+	0xa51a9ef9,0x0014377b,0x041e8ac8,0x09114003,
+	0xbd59e4d2,0xe3d156d5,0x4fe876d5,0x2f91a340,
+	0x557be8de,0x00eae4a7,0x0ce5c2ec,0x4db4bba6,
+	0xe756bdff,0xdd3369ac,0xec17b035,0x06572327,
+	0x99afc8b0,0x56c8c391,0x6b65811c,0x5e146119,
+	0x6e85cb75,0xbe07c002,0xc2325577,0x893ff4ec,
+	0x5bbfc92d,0xd0ec3b25,0xb7801ab7,0x8d6d3b24,
+	0x20c763ef,0xc366a5fc,0x9c382880,0x0ace3205,
+	0xaac9548a,0xeca1d7c7,0x041afa32,0x1d16625a,
+	0x6701902c,0x9b757a54,0x31d477f7,0x9126b031,
+	0x36cc6fdb,0xc70b8b46,0xd9e66a48,0x56e55a79,
+	0x026a4ceb,0x52437eff,0x2f8f76b4,0x0df980a5,
+	0x8674cde3,0xedda04eb,0x17a9be04,0x2c18f4df,
+	0xb7747f9d,0xab2af7b4,0xefc34d20,0x2e096b7c,
+	0x1741a254,0xe5b6a035,0x213d42f6,0x2c1c7c26,
+	0x61c2f50f,0x6552daf9,0xd2c231f8,0x25130f69,
+	0xd8167fa2,0x0418f2c8,0x001a96a6,0x0d1526ab,
+	0x63315c21,0x5e0a72ec,0x49bafefd,0x187908d9,
+	0x8d0dbd86,0x311170a7,0x3e9b640c,0xcc3e10d7,
+	0xd5cad3b6,0x0caec388,0xf73001e1,0x6c728aff,
+	0x71eae2a1,0x1f9af36e,0xcfcbd12f,0xc1de8417,
+	0xac07be6b,0xcb44a1d8,0x8b9b0f56,0x013988c3,
+	0xb1c52fca,0xb4be31cd,0xd8782806,0x12a3a4e2,
+	0x6f7de532,0x58fd7eb6,0xd01ee900,0x24adffc2,
+	0xf4990fc5,0x9711aac5,0x001d7b95,0x82e5e7d2,
+	0x109873f6,0x00613096,0xc32d9521,0xada121ff,
+	0x29908415,0x7fbb977f,0xaf9eb3db,0x29c9ed2a,
+	0x5ce2a465,0xa730f32c,0xd0aa3fe8,0x8a5cc091,
+	0xd49e2ce7,0x0ce454a9,0xd60acd86,0x015f1919,
+	0x77079103,0xdea03af6,0x78a8565e,0xdee356df,
+	0x21f05cbe,0x8b75e387,0xb3c50651,0xb8a5c3ef,
+	0xd8eeb6d2,0xe523be77,0xc2154529,0x2f69efdf,
+	0xafe67afb,0xf470c4b2,0xf3e0eb5b,0xd6cc9876,
+	0x39e4460c,0x1fda8538,0x1987832f,0xca007367,
+	0xa99144f8,0x296b299e,0x492fc295,0x9266beab,
+	0xb5676e69,0x9bd3ddda,0xdf7e052f,0xdb25701c,
+	0x1b5e51ee,0xf65324e6,0x6afce36c,0x0316cc04,
+	0x8644213e,0xb7dc59d0,0x7965291f,0xccd6fd43,
+	0x41823979,0x932bcdf6,0xb657c34d,0x4edfd282,
+	0x7ae5290c,0x3cb9536b,0x851e20fe,0x9833557e,
+	0x13ecf0b0,0xd3ffb372,0x3f85c5c1,0x0aef7ed2,
+	};
+OPENSSL_GLOBAL CAST_LONG CAST_S_table4[256]={
+	0x7ec90c04,0x2c6e74b9,0x9b0e66df,0xa6337911,
+	0xb86a7fff,0x1dd358f5,0x44dd9d44,0x1731167f,
+	0x08fbf1fa,0xe7f511cc,0xd2051b00,0x735aba00,
+	0x2ab722d8,0x386381cb,0xacf6243a,0x69befd7a,
+	0xe6a2e77f,0xf0c720cd,0xc4494816,0xccf5c180,
+	0x38851640,0x15b0a848,0xe68b18cb,0x4caadeff,
+	0x5f480a01,0x0412b2aa,0x259814fc,0x41d0efe2,
+	0x4e40b48d,0x248eb6fb,0x8dba1cfe,0x41a99b02,
+	0x1a550a04,0xba8f65cb,0x7251f4e7,0x95a51725,
+	0xc106ecd7,0x97a5980a,0xc539b9aa,0x4d79fe6a,
+	0xf2f3f763,0x68af8040,0xed0c9e56,0x11b4958b,
+	0xe1eb5a88,0x8709e6b0,0xd7e07156,0x4e29fea7,
+	0x6366e52d,0x02d1c000,0xc4ac8e05,0x9377f571,
+	0x0c05372a,0x578535f2,0x2261be02,0xd642a0c9,
+	0xdf13a280,0x74b55bd2,0x682199c0,0xd421e5ec,
+	0x53fb3ce8,0xc8adedb3,0x28a87fc9,0x3d959981,
+	0x5c1ff900,0xfe38d399,0x0c4eff0b,0x062407ea,
+	0xaa2f4fb1,0x4fb96976,0x90c79505,0xb0a8a774,
+	0xef55a1ff,0xe59ca2c2,0xa6b62d27,0xe66a4263,
+	0xdf65001f,0x0ec50966,0xdfdd55bc,0x29de0655,
+	0x911e739a,0x17af8975,0x32c7911c,0x89f89468,
+	0x0d01e980,0x524755f4,0x03b63cc9,0x0cc844b2,
+	0xbcf3f0aa,0x87ac36e9,0xe53a7426,0x01b3d82b,
+	0x1a9e7449,0x64ee2d7e,0xcddbb1da,0x01c94910,
+	0xb868bf80,0x0d26f3fd,0x9342ede7,0x04a5c284,
+	0x636737b6,0x50f5b616,0xf24766e3,0x8eca36c1,
+	0x136e05db,0xfef18391,0xfb887a37,0xd6e7f7d4,
+	0xc7fb7dc9,0x3063fcdf,0xb6f589de,0xec2941da,
+	0x26e46695,0xb7566419,0xf654efc5,0xd08d58b7,
+	0x48925401,0xc1bacb7f,0xe5ff550f,0xb6083049,
+	0x5bb5d0e8,0x87d72e5a,0xab6a6ee1,0x223a66ce,
+	0xc62bf3cd,0x9e0885f9,0x68cb3e47,0x086c010f,
+	0xa21de820,0xd18b69de,0xf3f65777,0xfa02c3f6,
+	0x407edac3,0xcbb3d550,0x1793084d,0xb0d70eba,
+	0x0ab378d5,0xd951fb0c,0xded7da56,0x4124bbe4,
+	0x94ca0b56,0x0f5755d1,0xe0e1e56e,0x6184b5be,
+	0x580a249f,0x94f74bc0,0xe327888e,0x9f7b5561,
+	0xc3dc0280,0x05687715,0x646c6bd7,0x44904db3,
+	0x66b4f0a3,0xc0f1648a,0x697ed5af,0x49e92ff6,
+	0x309e374f,0x2cb6356a,0x85808573,0x4991f840,
+	0x76f0ae02,0x083be84d,0x28421c9a,0x44489406,
+	0x736e4cb8,0xc1092910,0x8bc95fc6,0x7d869cf4,
+	0x134f616f,0x2e77118d,0xb31b2be1,0xaa90b472,
+	0x3ca5d717,0x7d161bba,0x9cad9010,0xaf462ba2,
+	0x9fe459d2,0x45d34559,0xd9f2da13,0xdbc65487,
+	0xf3e4f94e,0x176d486f,0x097c13ea,0x631da5c7,
+	0x445f7382,0x175683f4,0xcdc66a97,0x70be0288,
+	0xb3cdcf72,0x6e5dd2f3,0x20936079,0x459b80a5,
+	0xbe60e2db,0xa9c23101,0xeba5315c,0x224e42f2,
+	0x1c5c1572,0xf6721b2c,0x1ad2fff3,0x8c25404e,
+	0x324ed72f,0x4067b7fd,0x0523138e,0x5ca3bc78,
+	0xdc0fd66e,0x75922283,0x784d6b17,0x58ebb16e,
+	0x44094f85,0x3f481d87,0xfcfeae7b,0x77b5ff76,
+	0x8c2302bf,0xaaf47556,0x5f46b02a,0x2b092801,
+	0x3d38f5f7,0x0ca81f36,0x52af4a8a,0x66d5e7c0,
+	0xdf3b0874,0x95055110,0x1b5ad7a8,0xf61ed5ad,
+	0x6cf6e479,0x20758184,0xd0cefa65,0x88f7be58,
+	0x4a046826,0x0ff6f8f3,0xa09c7f70,0x5346aba0,
+	0x5ce96c28,0xe176eda3,0x6bac307f,0x376829d2,
+	0x85360fa9,0x17e3fe2a,0x24b79767,0xf5a96b20,
+	0xd6cd2595,0x68ff1ebf,0x7555442c,0xf19f06be,
+	0xf9e0659a,0xeeb9491d,0x34010718,0xbb30cab8,
+	0xe822fe15,0x88570983,0x750e6249,0xda627e55,
+	0x5e76ffa8,0xb1534546,0x6d47de08,0xefe9e7d4,
+	};
+OPENSSL_GLOBAL CAST_LONG CAST_S_table5[256]={
+	0xf6fa8f9d,0x2cac6ce1,0x4ca34867,0xe2337f7c,
+	0x95db08e7,0x016843b4,0xeced5cbc,0x325553ac,
+	0xbf9f0960,0xdfa1e2ed,0x83f0579d,0x63ed86b9,
+	0x1ab6a6b8,0xde5ebe39,0xf38ff732,0x8989b138,
+	0x33f14961,0xc01937bd,0xf506c6da,0xe4625e7e,
+	0xa308ea99,0x4e23e33c,0x79cbd7cc,0x48a14367,
+	0xa3149619,0xfec94bd5,0xa114174a,0xeaa01866,
+	0xa084db2d,0x09a8486f,0xa888614a,0x2900af98,
+	0x01665991,0xe1992863,0xc8f30c60,0x2e78ef3c,
+	0xd0d51932,0xcf0fec14,0xf7ca07d2,0xd0a82072,
+	0xfd41197e,0x9305a6b0,0xe86be3da,0x74bed3cd,
+	0x372da53c,0x4c7f4448,0xdab5d440,0x6dba0ec3,
+	0x083919a7,0x9fbaeed9,0x49dbcfb0,0x4e670c53,
+	0x5c3d9c01,0x64bdb941,0x2c0e636a,0xba7dd9cd,
+	0xea6f7388,0xe70bc762,0x35f29adb,0x5c4cdd8d,
+	0xf0d48d8c,0xb88153e2,0x08a19866,0x1ae2eac8,
+	0x284caf89,0xaa928223,0x9334be53,0x3b3a21bf,
+	0x16434be3,0x9aea3906,0xefe8c36e,0xf890cdd9,
+	0x80226dae,0xc340a4a3,0xdf7e9c09,0xa694a807,
+	0x5b7c5ecc,0x221db3a6,0x9a69a02f,0x68818a54,
+	0xceb2296f,0x53c0843a,0xfe893655,0x25bfe68a,
+	0xb4628abc,0xcf222ebf,0x25ac6f48,0xa9a99387,
+	0x53bddb65,0xe76ffbe7,0xe967fd78,0x0ba93563,
+	0x8e342bc1,0xe8a11be9,0x4980740d,0xc8087dfc,
+	0x8de4bf99,0xa11101a0,0x7fd37975,0xda5a26c0,
+	0xe81f994f,0x9528cd89,0xfd339fed,0xb87834bf,
+	0x5f04456d,0x22258698,0xc9c4c83b,0x2dc156be,
+	0x4f628daa,0x57f55ec5,0xe2220abe,0xd2916ebf,
+	0x4ec75b95,0x24f2c3c0,0x42d15d99,0xcd0d7fa0,
+	0x7b6e27ff,0xa8dc8af0,0x7345c106,0xf41e232f,
+	0x35162386,0xe6ea8926,0x3333b094,0x157ec6f2,
+	0x372b74af,0x692573e4,0xe9a9d848,0xf3160289,
+	0x3a62ef1d,0xa787e238,0xf3a5f676,0x74364853,
+	0x20951063,0x4576698d,0xb6fad407,0x592af950,
+	0x36f73523,0x4cfb6e87,0x7da4cec0,0x6c152daa,
+	0xcb0396a8,0xc50dfe5d,0xfcd707ab,0x0921c42f,
+	0x89dff0bb,0x5fe2be78,0x448f4f33,0x754613c9,
+	0x2b05d08d,0x48b9d585,0xdc049441,0xc8098f9b,
+	0x7dede786,0xc39a3373,0x42410005,0x6a091751,
+	0x0ef3c8a6,0x890072d6,0x28207682,0xa9a9f7be,
+	0xbf32679d,0xd45b5b75,0xb353fd00,0xcbb0e358,
+	0x830f220a,0x1f8fb214,0xd372cf08,0xcc3c4a13,
+	0x8cf63166,0x061c87be,0x88c98f88,0x6062e397,
+	0x47cf8e7a,0xb6c85283,0x3cc2acfb,0x3fc06976,
+	0x4e8f0252,0x64d8314d,0xda3870e3,0x1e665459,
+	0xc10908f0,0x513021a5,0x6c5b68b7,0x822f8aa0,
+	0x3007cd3e,0x74719eef,0xdc872681,0x073340d4,
+	0x7e432fd9,0x0c5ec241,0x8809286c,0xf592d891,
+	0x08a930f6,0x957ef305,0xb7fbffbd,0xc266e96f,
+	0x6fe4ac98,0xb173ecc0,0xbc60b42a,0x953498da,
+	0xfba1ae12,0x2d4bd736,0x0f25faab,0xa4f3fceb,
+	0xe2969123,0x257f0c3d,0x9348af49,0x361400bc,
+	0xe8816f4a,0x3814f200,0xa3f94043,0x9c7a54c2,
+	0xbc704f57,0xda41e7f9,0xc25ad33a,0x54f4a084,
+	0xb17f5505,0x59357cbe,0xedbd15c8,0x7f97c5ab,
+	0xba5ac7b5,0xb6f6deaf,0x3a479c3a,0x5302da25,
+	0x653d7e6a,0x54268d49,0x51a477ea,0x5017d55b,
+	0xd7d25d88,0x44136c76,0x0404a8c8,0xb8e5a121,
+	0xb81a928a,0x60ed5869,0x97c55b96,0xeaec991b,
+	0x29935913,0x01fdb7f1,0x088e8dfa,0x9ab6f6f5,
+	0x3b4cbf9f,0x4a5de3ab,0xe6051d35,0xa0e1d855,
+	0xd36b4cf1,0xf544edeb,0xb0e93524,0xbebb8fbd,
+	0xa2d762cf,0x49c92f54,0x38b5f331,0x7128a454,
+	0x48392905,0xa65b1db8,0x851c97bd,0xd675cf2f,
+	};
+OPENSSL_GLOBAL CAST_LONG CAST_S_table6[256]={
+	0x85e04019,0x332bf567,0x662dbfff,0xcfc65693,
+	0x2a8d7f6f,0xab9bc912,0xde6008a1,0x2028da1f,
+	0x0227bce7,0x4d642916,0x18fac300,0x50f18b82,
+	0x2cb2cb11,0xb232e75c,0x4b3695f2,0xb28707de,
+	0xa05fbcf6,0xcd4181e9,0xe150210c,0xe24ef1bd,
+	0xb168c381,0xfde4e789,0x5c79b0d8,0x1e8bfd43,
+	0x4d495001,0x38be4341,0x913cee1d,0x92a79c3f,
+	0x089766be,0xbaeeadf4,0x1286becf,0xb6eacb19,
+	0x2660c200,0x7565bde4,0x64241f7a,0x8248dca9,
+	0xc3b3ad66,0x28136086,0x0bd8dfa8,0x356d1cf2,
+	0x107789be,0xb3b2e9ce,0x0502aa8f,0x0bc0351e,
+	0x166bf52a,0xeb12ff82,0xe3486911,0xd34d7516,
+	0x4e7b3aff,0x5f43671b,0x9cf6e037,0x4981ac83,
+	0x334266ce,0x8c9341b7,0xd0d854c0,0xcb3a6c88,
+	0x47bc2829,0x4725ba37,0xa66ad22b,0x7ad61f1e,
+	0x0c5cbafa,0x4437f107,0xb6e79962,0x42d2d816,
+	0x0a961288,0xe1a5c06e,0x13749e67,0x72fc081a,
+	0xb1d139f7,0xf9583745,0xcf19df58,0xbec3f756,
+	0xc06eba30,0x07211b24,0x45c28829,0xc95e317f,
+	0xbc8ec511,0x38bc46e9,0xc6e6fa14,0xbae8584a,
+	0xad4ebc46,0x468f508b,0x7829435f,0xf124183b,
+	0x821dba9f,0xaff60ff4,0xea2c4e6d,0x16e39264,
+	0x92544a8b,0x009b4fc3,0xaba68ced,0x9ac96f78,
+	0x06a5b79a,0xb2856e6e,0x1aec3ca9,0xbe838688,
+	0x0e0804e9,0x55f1be56,0xe7e5363b,0xb3a1f25d,
+	0xf7debb85,0x61fe033c,0x16746233,0x3c034c28,
+	0xda6d0c74,0x79aac56c,0x3ce4e1ad,0x51f0c802,
+	0x98f8f35a,0x1626a49f,0xeed82b29,0x1d382fe3,
+	0x0c4fb99a,0xbb325778,0x3ec6d97b,0x6e77a6a9,
+	0xcb658b5c,0xd45230c7,0x2bd1408b,0x60c03eb7,
+	0xb9068d78,0xa33754f4,0xf430c87d,0xc8a71302,
+	0xb96d8c32,0xebd4e7be,0xbe8b9d2d,0x7979fb06,
+	0xe7225308,0x8b75cf77,0x11ef8da4,0xe083c858,
+	0x8d6b786f,0x5a6317a6,0xfa5cf7a0,0x5dda0033,
+	0xf28ebfb0,0xf5b9c310,0xa0eac280,0x08b9767a,
+	0xa3d9d2b0,0x79d34217,0x021a718d,0x9ac6336a,
+	0x2711fd60,0x438050e3,0x069908a8,0x3d7fedc4,
+	0x826d2bef,0x4eeb8476,0x488dcf25,0x36c9d566,
+	0x28e74e41,0xc2610aca,0x3d49a9cf,0xbae3b9df,
+	0xb65f8de6,0x92aeaf64,0x3ac7d5e6,0x9ea80509,
+	0xf22b017d,0xa4173f70,0xdd1e16c3,0x15e0d7f9,
+	0x50b1b887,0x2b9f4fd5,0x625aba82,0x6a017962,
+	0x2ec01b9c,0x15488aa9,0xd716e740,0x40055a2c,
+	0x93d29a22,0xe32dbf9a,0x058745b9,0x3453dc1e,
+	0xd699296e,0x496cff6f,0x1c9f4986,0xdfe2ed07,
+	0xb87242d1,0x19de7eae,0x053e561a,0x15ad6f8c,
+	0x66626c1c,0x7154c24c,0xea082b2a,0x93eb2939,
+	0x17dcb0f0,0x58d4f2ae,0x9ea294fb,0x52cf564c,
+	0x9883fe66,0x2ec40581,0x763953c3,0x01d6692e,
+	0xd3a0c108,0xa1e7160e,0xe4f2dfa6,0x693ed285,
+	0x74904698,0x4c2b0edd,0x4f757656,0x5d393378,
+	0xa132234f,0x3d321c5d,0xc3f5e194,0x4b269301,
+	0xc79f022f,0x3c997e7e,0x5e4f9504,0x3ffafbbd,
+	0x76f7ad0e,0x296693f4,0x3d1fce6f,0xc61e45be,
+	0xd3b5ab34,0xf72bf9b7,0x1b0434c0,0x4e72b567,
+	0x5592a33d,0xb5229301,0xcfd2a87f,0x60aeb767,
+	0x1814386b,0x30bcc33d,0x38a0c07d,0xfd1606f2,
+	0xc363519b,0x589dd390,0x5479f8e6,0x1cb8d647,
+	0x97fd61a9,0xea7759f4,0x2d57539d,0x569a58cf,
+	0xe84e63ad,0x462e1b78,0x6580f87e,0xf3817914,
+	0x91da55f4,0x40a230f3,0xd1988f35,0xb6e318d2,
+	0x3ffa50bc,0x3d40f021,0xc3c0bdae,0x4958c24c,
+	0x518f36b2,0x84b1d370,0x0fedce83,0x878ddada,
+	0xf2a279c7,0x94e01be8,0x90716f4b,0x954b8aa3,
+	};
+OPENSSL_GLOBAL CAST_LONG CAST_S_table7[256]={
+	0xe216300d,0xbbddfffc,0xa7ebdabd,0x35648095,
+	0x7789f8b7,0xe6c1121b,0x0e241600,0x052ce8b5,
+	0x11a9cfb0,0xe5952f11,0xece7990a,0x9386d174,
+	0x2a42931c,0x76e38111,0xb12def3a,0x37ddddfc,
+	0xde9adeb1,0x0a0cc32c,0xbe197029,0x84a00940,
+	0xbb243a0f,0xb4d137cf,0xb44e79f0,0x049eedfd,
+	0x0b15a15d,0x480d3168,0x8bbbde5a,0x669ded42,
+	0xc7ece831,0x3f8f95e7,0x72df191b,0x7580330d,
+	0x94074251,0x5c7dcdfa,0xabbe6d63,0xaa402164,
+	0xb301d40a,0x02e7d1ca,0x53571dae,0x7a3182a2,
+	0x12a8ddec,0xfdaa335d,0x176f43e8,0x71fb46d4,
+	0x38129022,0xce949ad4,0xb84769ad,0x965bd862,
+	0x82f3d055,0x66fb9767,0x15b80b4e,0x1d5b47a0,
+	0x4cfde06f,0xc28ec4b8,0x57e8726e,0x647a78fc,
+	0x99865d44,0x608bd593,0x6c200e03,0x39dc5ff6,
+	0x5d0b00a3,0xae63aff2,0x7e8bd632,0x70108c0c,
+	0xbbd35049,0x2998df04,0x980cf42a,0x9b6df491,
+	0x9e7edd53,0x06918548,0x58cb7e07,0x3b74ef2e,
+	0x522fffb1,0xd24708cc,0x1c7e27cd,0xa4eb215b,
+	0x3cf1d2e2,0x19b47a38,0x424f7618,0x35856039,
+	0x9d17dee7,0x27eb35e6,0xc9aff67b,0x36baf5b8,
+	0x09c467cd,0xc18910b1,0xe11dbf7b,0x06cd1af8,
+	0x7170c608,0x2d5e3354,0xd4de495a,0x64c6d006,
+	0xbcc0c62c,0x3dd00db3,0x708f8f34,0x77d51b42,
+	0x264f620f,0x24b8d2bf,0x15c1b79e,0x46a52564,
+	0xf8d7e54e,0x3e378160,0x7895cda5,0x859c15a5,
+	0xe6459788,0xc37bc75f,0xdb07ba0c,0x0676a3ab,
+	0x7f229b1e,0x31842e7b,0x24259fd7,0xf8bef472,
+	0x835ffcb8,0x6df4c1f2,0x96f5b195,0xfd0af0fc,
+	0xb0fe134c,0xe2506d3d,0x4f9b12ea,0xf215f225,
+	0xa223736f,0x9fb4c428,0x25d04979,0x34c713f8,
+	0xc4618187,0xea7a6e98,0x7cd16efc,0x1436876c,
+	0xf1544107,0xbedeee14,0x56e9af27,0xa04aa441,
+	0x3cf7c899,0x92ecbae6,0xdd67016d,0x151682eb,
+	0xa842eedf,0xfdba60b4,0xf1907b75,0x20e3030f,
+	0x24d8c29e,0xe139673b,0xefa63fb8,0x71873054,
+	0xb6f2cf3b,0x9f326442,0xcb15a4cc,0xb01a4504,
+	0xf1e47d8d,0x844a1be5,0xbae7dfdc,0x42cbda70,
+	0xcd7dae0a,0x57e85b7a,0xd53f5af6,0x20cf4d8c,
+	0xcea4d428,0x79d130a4,0x3486ebfb,0x33d3cddc,
+	0x77853b53,0x37effcb5,0xc5068778,0xe580b3e6,
+	0x4e68b8f4,0xc5c8b37e,0x0d809ea2,0x398feb7c,
+	0x132a4f94,0x43b7950e,0x2fee7d1c,0x223613bd,
+	0xdd06caa2,0x37df932b,0xc4248289,0xacf3ebc3,
+	0x5715f6b7,0xef3478dd,0xf267616f,0xc148cbe4,
+	0x9052815e,0x5e410fab,0xb48a2465,0x2eda7fa4,
+	0xe87b40e4,0xe98ea084,0x5889e9e1,0xefd390fc,
+	0xdd07d35b,0xdb485694,0x38d7e5b2,0x57720101,
+	0x730edebc,0x5b643113,0x94917e4f,0x503c2fba,
+	0x646f1282,0x7523d24a,0xe0779695,0xf9c17a8f,
+	0x7a5b2121,0xd187b896,0x29263a4d,0xba510cdf,
+	0x81f47c9f,0xad1163ed,0xea7b5965,0x1a00726e,
+	0x11403092,0x00da6d77,0x4a0cdd61,0xad1f4603,
+	0x605bdfb0,0x9eedc364,0x22ebe6a8,0xcee7d28a,
+	0xa0e736a0,0x5564a6b9,0x10853209,0xc7eb8f37,
+	0x2de705ca,0x8951570f,0xdf09822b,0xbd691a6c,
+	0xaa12e4f2,0x87451c0f,0xe0f6a27a,0x3ada4819,
+	0x4cf1764f,0x0d771c2b,0x67cdb156,0x350d8384,
+	0x5938fa0f,0x42399ef3,0x36997b07,0x0e84093d,
+	0x4aa93e61,0x8360d87b,0x1fa98b0c,0x1149382c,
+	0xe97625a5,0x0614d1b7,0x0e25244b,0x0c768347,
+	0x589e8d82,0x0d2059d1,0xa466bb1e,0xf8da0a82,
+	0x04f19130,0xba6e4ec0,0x99265164,0x1ee7230d,
+	0x50b2ad80,0xeaee6801,0x8db2a283,0xea8bf59e,
+	};
diff --git a/crypto/openssl/crypto/cast/cast_spd.c b/crypto/openssl/crypto/cast/cast_spd.c
new file mode 100644
index 000000000000..c0726906c209
--- /dev/null
+++ b/crypto/openssl/crypto/cast/cast_spd.c
@@ -0,0 +1,275 @@
+/* crypto/cast/cast_spd.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* 11-Sep-92 Andrew Daviel   Support for Silicon Graphics IRIX added */
+/* 06-Apr-92 Luke Brennan    Support for VMS and add extra signal calls */
+
+#if !defined(MSDOS) && (!defined(VMS) || defined(__DECC))
+#define TIMES
+#endif
+
+#include 
+
+#include 
+#include OPENSSL_UNISTD_IO
+OPENSSL_DECLARE_EXIT
+
+#include 
+#ifndef _IRIX
+#include 
+#endif
+#ifdef TIMES
+#include 
+#include 
+#endif
+
+/* Depending on the VMS version, the tms structure is perhaps defined.
+   The __TMS macro will show if it was.  If it wasn't defined, we should
+   undefine TIMES, since that tells the rest of the program how things
+   should be handled.				-- Richard Levitte */
+#if defined(VMS) && defined(__DECC) && !defined(__TMS)
+#undef TIMES
+#endif
+
+#ifndef TIMES
+#include 
+#endif
+
+#if defined(sun) || defined(__ultrix)
+#define _POSIX_SOURCE
+#include 
+#include 
+#endif
+
+#include 
+
+/* The following if from times(3) man page.  It may need to be changed */
+#ifndef HZ
+#ifndef CLK_TCK
+#define HZ	100.0
+#else /* CLK_TCK */
+#define HZ ((double)CLK_TCK)
+#endif
+#endif
+
+#define BUFSIZE	((long)1024)
+long run=0;
+
+double Time_F(int s);
+#ifdef SIGALRM
+#if defined(__STDC__) || defined(sgi) || defined(_AIX)
+#define SIGRETTYPE void
+#else
+#define SIGRETTYPE int
+#endif
+
+SIGRETTYPE sig_done(int sig);
+SIGRETTYPE sig_done(int sig)
+	{
+	signal(SIGALRM,sig_done);
+	run=0;
+#ifdef LINT
+	sig=sig;
+#endif
+	}
+#endif
+
+#define START	0
+#define STOP	1
+
+double Time_F(int s)
+	{
+	double ret;
+#ifdef TIMES
+	static struct tms tstart,tend;
+
+	if (s == START)
+		{
+		times(&tstart);
+		return(0);
+		}
+	else
+		{
+		times(&tend);
+		ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
+		return((ret == 0.0)?1e-6:ret);
+		}
+#else /* !times() */
+	static struct timeb tstart,tend;
+	long i;
+
+	if (s == START)
+		{
+		ftime(&tstart);
+		return(0);
+		}
+	else
+		{
+		ftime(&tend);
+		i=(long)tend.millitm-(long)tstart.millitm;
+		ret=((double)(tend.time-tstart.time))+((double)i)/1e3;
+		return((ret == 0.0)?1e-6:ret);
+		}
+#endif
+	}
+
+int main(int argc, char **argv)
+	{
+	long count;
+	static unsigned char buf[BUFSIZE];
+	static unsigned char key[] ={
+			0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
+			0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10,
+			};
+	CAST_KEY sch;
+	double a,b,c,d;
+#ifndef SIGALRM
+	long ca,cb,cc;
+#endif
+
+#ifndef TIMES
+	printf("To get the most acurate results, try to run this\n");
+	printf("program when this computer is idle.\n");
+#endif
+
+#ifndef SIGALRM
+	printf("First we calculate the approximate speed ...\n");
+	CAST_set_key(&sch,16,key);
+	count=10;
+	do	{
+		long i;
+		CAST_LONG data[2];
+
+		count*=2;
+		Time_F(START);
+		for (i=count; i; i--)
+			CAST_encrypt(data,&sch);
+		d=Time_F(STOP);
+		} while (d < 3.0);
+	ca=count/512;
+	cb=count;
+	cc=count*8/BUFSIZE+1;
+	printf("Doing CAST_set_key %ld times\n",ca);
+#define COND(d)	(count != (d))
+#define COUNT(d) (d)
+#else
+#define COND(c)	(run)
+#define COUNT(d) (count)
+	signal(SIGALRM,sig_done);
+	printf("Doing CAST_set_key for 10 seconds\n");
+	alarm(10);
+#endif
+
+	Time_F(START);
+	for (count=0,run=1; COND(ca); count+=4)
+		{
+		CAST_set_key(&sch,16,key);
+		CAST_set_key(&sch,16,key);
+		CAST_set_key(&sch,16,key);
+		CAST_set_key(&sch,16,key);
+		}
+	d=Time_F(STOP);
+	printf("%ld cast set_key's in %.2f seconds\n",count,d);
+	a=((double)COUNT(ca))/d;
+
+#ifdef SIGALRM
+	printf("Doing CAST_encrypt's for 10 seconds\n");
+	alarm(10);
+#else
+	printf("Doing CAST_encrypt %ld times\n",cb);
+#endif
+	Time_F(START);
+	for (count=0,run=1; COND(cb); count+=4)
+		{
+		CAST_LONG data[2];
+
+		CAST_encrypt(data,&sch);
+		CAST_encrypt(data,&sch);
+		CAST_encrypt(data,&sch);
+		CAST_encrypt(data,&sch);
+		}
+	d=Time_F(STOP);
+	printf("%ld CAST_encrypt's in %.2f second\n",count,d);
+	b=((double)COUNT(cb)*8)/d;
+
+#ifdef SIGALRM
+	printf("Doing CAST_cbc_encrypt on %ld byte blocks for 10 seconds\n",
+		BUFSIZE);
+	alarm(10);
+#else
+	printf("Doing CAST_cbc_encrypt %ld times on %ld byte blocks\n",cc,
+		BUFSIZE);
+#endif
+	Time_F(START);
+	for (count=0,run=1; COND(cc); count++)
+		CAST_cbc_encrypt(buf,buf,BUFSIZE,&sch,
+			&(key[0]),CAST_ENCRYPT);
+	d=Time_F(STOP);
+	printf("%ld CAST_cbc_encrypt's of %ld byte blocks in %.2f second\n",
+		count,BUFSIZE,d);
+	c=((double)COUNT(cc)*BUFSIZE)/d;
+
+	printf("CAST set_key       per sec = %12.2f (%9.3fuS)\n",a,1.0e6/a);
+	printf("CAST raw ecb bytes per sec = %12.2f (%9.3fuS)\n",b,8.0e6/b);
+	printf("CAST cbc     bytes per sec = %12.2f (%9.3fuS)\n",c,8.0e6/c);
+	exit(0);
+#if defined(LINT) || defined(MSDOS)
+	return(0);
+#endif
+	}
+
diff --git a/crypto/openssl/crypto/cast/castopts.c b/crypto/openssl/crypto/cast/castopts.c
new file mode 100644
index 000000000000..642e9725af6f
--- /dev/null
+++ b/crypto/openssl/crypto/cast/castopts.c
@@ -0,0 +1,339 @@
+/* crypto/cast/castopts.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* define PART1, PART2, PART3 or PART4 to build only with a few of the options.
+ * This is for machines with 64k code segment size restrictions. */
+
+#if !defined(MSDOS) && (!defined(VMS) || defined(__DECC))
+#define TIMES
+#endif
+
+#include 
+
+#include 
+#include OPENSSL_UNISTD_IO
+OPENSSL_DECLARE_EXIT
+
+#include 
+#ifndef _IRIX
+#include 
+#endif
+#ifdef TIMES
+#include 
+#include 
+#endif
+
+/* Depending on the VMS version, the tms structure is perhaps defined.
+   The __TMS macro will show if it was.  If it wasn't defined, we should
+   undefine TIMES, since that tells the rest of the program how things
+   should be handled.				-- Richard Levitte */
+#if defined(VMS) && defined(__DECC) && !defined(__TMS)
+#undef TIMES
+#endif
+
+#ifndef TIMES
+#include 
+#endif
+
+#if defined(sun) || defined(__ultrix)
+#define _POSIX_SOURCE
+#include 
+#include 
+#endif
+
+#include 
+
+#define CAST_DEFAULT_OPTIONS
+
+#undef E_CAST
+#define CAST_encrypt  CAST_encrypt_normal
+#define CAST_decrypt  CAST_decrypt_normal
+#define CAST_cbc_encrypt  CAST_cbc_encrypt_normal
+#undef HEADER_CAST_LOCL_H
+#include "c_enc.c"
+
+#define CAST_PTR
+#undef CAST_PTR2
+#undef E_CAST
+#undef CAST_encrypt
+#undef CAST_decrypt
+#undef CAST_cbc_encrypt
+#define CAST_encrypt  CAST_encrypt_ptr
+#define CAST_decrypt  CAST_decrypt_ptr
+#define CAST_cbc_encrypt  CAST_cbc_encrypt_ptr
+#undef HEADER_CAST_LOCL_H
+#include "c_enc.c"
+
+#undef CAST_PTR
+#define CAST_PTR2
+#undef E_CAST
+#undef CAST_encrypt
+#undef CAST_decrypt
+#undef CAST_cbc_encrypt
+#define CAST_encrypt  CAST_encrypt_ptr2
+#define CAST_decrypt  CAST_decrypt_ptr2
+#define CAST_cbc_encrypt  CAST_cbc_encrypt_ptr2
+#undef HEADER_CAST_LOCL_H
+#include "c_enc.c"
+
+/* The following if from times(3) man page.  It may need to be changed */
+#ifndef HZ
+# ifndef CLK_TCK
+#  ifndef _BSD_CLK_TCK_ /* FreeBSD fix */
+#   define HZ	100.0
+#  else /* _BSD_CLK_TCK_ */
+#   define HZ ((double)_BSD_CLK_TCK_)
+#  endif
+# else /* CLK_TCK */
+#  define HZ ((double)CLK_TCK)
+# endif
+#endif
+
+#define BUFSIZE	((long)1024)
+long run=0;
+
+double Time_F(int s);
+#ifdef SIGALRM
+#if defined(__STDC__) || defined(sgi)
+#define SIGRETTYPE void
+#else
+#define SIGRETTYPE int
+#endif
+
+SIGRETTYPE sig_done(int sig);
+SIGRETTYPE sig_done(int sig)
+	{
+	signal(SIGALRM,sig_done);
+	run=0;
+#ifdef LINT
+	sig=sig;
+#endif
+	}
+#endif
+
+#define START	0
+#define STOP	1
+
+double Time_F(int s)
+	{
+	double ret;
+#ifdef TIMES
+	static struct tms tstart,tend;
+
+	if (s == START)
+		{
+		times(&tstart);
+		return(0);
+		}
+	else
+		{
+		times(&tend);
+		ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
+		return((ret == 0.0)?1e-6:ret);
+		}
+#else /* !times() */
+	static struct timeb tstart,tend;
+	long i;
+
+	if (s == START)
+		{
+		ftime(&tstart);
+		return(0);
+		}
+	else
+		{
+		ftime(&tend);
+		i=(long)tend.millitm-(long)tstart.millitm;
+		ret=((double)(tend.time-tstart.time))+((double)i)/1000.0;
+		return((ret == 0.0)?1e-6:ret);
+		}
+#endif
+	}
+
+#ifdef SIGALRM
+#define print_name(name) fprintf(stderr,"Doing %s's for 10 seconds\n",name); alarm(10);
+#else
+#define print_name(name) fprintf(stderr,"Doing %s %ld times\n",name,cb);
+#endif
+	
+#define time_it(func,name,index) \
+	print_name(name); \
+	Time_F(START); \
+	for (count=0,run=1; COND(cb); count+=4) \
+		{ \
+		unsigned long d[2]; \
+		func(d,&sch); \
+		func(d,&sch); \
+		func(d,&sch); \
+		func(d,&sch); \
+		} \
+	tm[index]=Time_F(STOP); \
+	fprintf(stderr,"%ld %s's in %.2f second\n",count,name,tm[index]); \
+	tm[index]=((double)COUNT(cb))/tm[index];
+
+#define print_it(name,index) \
+	fprintf(stderr,"%s bytes per sec = %12.2f (%5.1fuS)\n",name, \
+		tm[index]*8,1.0e6/tm[index]);
+
+int main(int argc, char **argv)
+	{
+	long count;
+	static unsigned char buf[BUFSIZE];
+	static char key[16]={	0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
+				0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0};
+	CAST_KEY sch;
+	double d,tm[16],max=0;
+	int rank[16];
+	char *str[16];
+	int max_idx=0,i,num=0,j;
+#ifndef SIGALARM
+	long ca,cb,cc,cd,ce;
+#endif
+
+	for (i=0; i<12; i++)
+		{
+		tm[i]=0.0;
+		rank[i]=0;
+		}
+
+#ifndef TIMES
+	fprintf(stderr,"To get the most acurate results, try to run this\n");
+	fprintf(stderr,"program when this computer is idle.\n");
+#endif
+
+	CAST_set_key(&sch,16,key);
+
+#ifndef SIGALRM
+	fprintf(stderr,"First we calculate the approximate speed ...\n");
+	count=10;
+	do	{
+		long i;
+		unsigned long data[2];
+
+		count*=2;
+		Time_F(START);
+		for (i=count; i; i--)
+			CAST_encrypt(data,&sch);
+		d=Time_F(STOP);
+		} while (d < 3.0);
+	ca=count;
+	cb=count*3;
+	cc=count*3*8/BUFSIZE+1;
+	cd=count*8/BUFSIZE+1;
+
+	ce=count/20+1;
+#define COND(d) (count != (d))
+#define COUNT(d) (d)
+#else
+#define COND(c) (run)
+#define COUNT(d) (count)
+        signal(SIGALRM,sig_done);
+        alarm(10);
+#endif
+
+	time_it(CAST_encrypt_normal,	"CAST_encrypt_normal ", 0);
+	time_it(CAST_encrypt_ptr,	"CAST_encrypt_ptr    ", 1);
+	time_it(CAST_encrypt_ptr2,	"CAST_encrypt_ptr2   ", 2);
+	num+=3;
+
+	str[0]="";
+	print_it("CAST_encrypt_normal ",0);
+	max=tm[0];
+	max_idx=0;
+	str[1]="ptr      ";
+	print_it("CAST_encrypt_ptr ",1);
+	if (max < tm[1]) { max=tm[1]; max_idx=1; }
+	str[2]="ptr2     ";
+	print_it("CAST_encrypt_ptr2 ",2);
+	if (max < tm[2]) { max=tm[2]; max_idx=2; }
+
+	printf("options    CAST ecb/s\n");
+	printf("%s %12.2f 100.0%%\n",str[max_idx],tm[max_idx]);
+	d=tm[max_idx];
+	tm[max_idx]= -2.0;
+	max= -1.0;
+	for (;;)
+		{
+		for (i=0; i<3; i++)
+			{
+			if (max < tm[i]) { max=tm[i]; j=i; }
+			}
+		if (max < 0.0) break;
+		printf("%s %12.2f  %4.1f%%\n",str[j],tm[j],tm[j]/d*100.0);
+		tm[j]= -2.0;
+		max= -1.0;
+		}
+
+	switch (max_idx)
+		{
+	case 0:
+		printf("-DCAST_DEFAULT_OPTIONS\n");
+		break;
+	case 1:
+		printf("-DCAST_PTR\n");
+		break;
+	case 2:
+		printf("-DCAST_PTR2\n");
+		break;
+		}
+	exit(0);
+#if defined(LINT) || defined(MSDOS)
+	return(0);
+#endif
+	}
+
diff --git a/crypto/openssl/crypto/cast/casts.cpp b/crypto/openssl/crypto/cast/casts.cpp
new file mode 100644
index 000000000000..8d7bd468d229
--- /dev/null
+++ b/crypto/openssl/crypto/cast/casts.cpp
@@ -0,0 +1,70 @@
+//
+// gettsc.inl
+//
+// gives access to the Pentium's (secret) cycle counter
+//
+// This software was written by Leonard Janke (janke@unixg.ubc.ca)
+// in 1996-7 and is entered, by him, into the public domain.
+
+#if defined(__WATCOMC__)
+void GetTSC(unsigned long&);
+#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
+#elif defined(__GNUC__)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  asm volatile(".byte 15, 49\n\t"
+	       : "=eax" (tsc)
+	       :
+	       : "%edx", "%eax");
+}
+#elif defined(_MSC_VER)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  unsigned long a;
+  __asm _emit 0fh
+  __asm _emit 31h
+  __asm mov a, eax;
+  tsc=a;
+}
+#endif      
+
+#include 
+#include 
+#include 
+
+void main(int argc,char *argv[])
+	{
+	CAST_KEY key;
+	unsigned long s1,s2,e1,e2;
+	unsigned long data[2];
+	int i,j;
+	static unsigned char d[16]={0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF};
+
+	CAST_set_key(&key, 16,d);
+
+	for (j=0; j<6; j++)
+		{
+		for (i=0; i<1000; i++) /**/
+			{
+			CAST_encrypt(&data[0],&key);
+			GetTSC(s1);
+			CAST_encrypt(&data[0],&key);
+			CAST_encrypt(&data[0],&key);
+			CAST_encrypt(&data[0],&key);
+			GetTSC(e1);
+			GetTSC(s2);
+			CAST_encrypt(&data[0],&key);
+			CAST_encrypt(&data[0],&key);
+			CAST_encrypt(&data[0],&key);
+			CAST_encrypt(&data[0],&key);
+			GetTSC(e2);
+			CAST_encrypt(&data[0],&key);
+			}
+
+		printf("cast %d %d (%d)\n",
+			e1-s1,e2-s2,((e2-s2)-(e1-s1)));
+		}
+	}
+
diff --git a/crypto/openssl/crypto/cast/casttest.c b/crypto/openssl/crypto/cast/casttest.c
new file mode 100644
index 000000000000..3244b119e959
--- /dev/null
+++ b/crypto/openssl/crypto/cast/casttest.c
@@ -0,0 +1,230 @@
+/* crypto/cast/casttest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+
+#ifdef NO_CAST
+int main(int argc, char *argv[])
+{
+    printf("No CAST support\n");
+    return(0);
+}
+#else
+#include 
+
+#define FULL_TEST
+
+unsigned char k[16]={
+	0x01,0x23,0x45,0x67,0x12,0x34,0x56,0x78,
+	0x23,0x45,0x67,0x89,0x34,0x56,0x78,0x9A
+	};
+
+unsigned char in[8]={ 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF};
+
+int k_len[3]={16,10,5};
+unsigned char c[3][8]={
+	{0x23,0x8B,0x4F,0xE5,0x84,0x7E,0x44,0xB2},
+	{0xEB,0x6A,0x71,0x1A,0x2C,0x02,0x27,0x1B},
+	{0x7A,0xC8,0x16,0xD1,0x6E,0x9B,0x30,0x2E},
+	};
+unsigned char out[80];
+
+unsigned char in_a[16]={
+	0x01,0x23,0x45,0x67,0x12,0x34,0x56,0x78,
+	0x23,0x45,0x67,0x89,0x34,0x56,0x78,0x9A};
+unsigned char in_b[16]={
+	0x01,0x23,0x45,0x67,0x12,0x34,0x56,0x78,
+	0x23,0x45,0x67,0x89,0x34,0x56,0x78,0x9A};
+
+unsigned char c_a[16]={
+	0xEE,0xA9,0xD0,0xA2,0x49,0xFD,0x3B,0xA6,
+	0xB3,0x43,0x6F,0xB8,0x9D,0x6D,0xCA,0x92};
+unsigned char c_b[16]={
+	0xB2,0xC9,0x5E,0xB0,0x0C,0x31,0xAD,0x71,
+	0x80,0xAC,0x05,0xB8,0xE8,0x3D,0x69,0x6E};
+
+#if 0
+char *text="Hello to all people out there";
+
+static unsigned char cfb_key[16]={
+	0xe1,0xf0,0xc3,0xd2,0xa5,0xb4,0x87,0x96,
+	0x69,0x78,0x4b,0x5a,0x2d,0x3c,0x0f,0x1e,
+	};
+static unsigned char cfb_iv[80]={0x34,0x12,0x78,0x56,0xab,0x90,0xef,0xcd};
+static unsigned char cfb_buf1[40],cfb_buf2[40],cfb_tmp[8];
+#define CFB_TEST_SIZE 24
+static unsigned char plain[CFB_TEST_SIZE]=
+        {
+        0x4e,0x6f,0x77,0x20,0x69,0x73,
+        0x20,0x74,0x68,0x65,0x20,0x74,
+        0x69,0x6d,0x65,0x20,0x66,0x6f,
+        0x72,0x20,0x61,0x6c,0x6c,0x20
+        };
+static unsigned char cfb_cipher64[CFB_TEST_SIZE]={
+	0x59,0xD8,0xE2,0x65,0x00,0x58,0x6C,0x3F,
+	0x2C,0x17,0x25,0xD0,0x1A,0x38,0xB7,0x2A,
+	0x39,0x61,0x37,0xDC,0x79,0xFB,0x9F,0x45
+
+/*	0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38,
+	0x9A,0x44,0xD6,0x04,0x19,0x43,0xC4,0xD9,
+	0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/
+	}; 
+#endif
+
+int main(int argc, char *argv[])
+    {
+#ifdef FULL_TEST
+    long l;
+    CAST_KEY key_b;
+#endif
+    int i,z,err=0;
+    CAST_KEY key;
+
+    for (z=0; z<3; z++)
+	{
+	CAST_set_key(&key,k_len[z],k);
+
+	CAST_ecb_encrypt(in,out,&key,CAST_ENCRYPT);
+	if (memcmp(out,&(c[z][0]),8) != 0)
+	    {
+	    printf("ecb cast error encrypting for keysize %d\n",k_len[z]*8);
+	    printf("got     :");
+	    for (i=0; i<8; i++)
+		printf("%02X ",out[i]);
+	    printf("\n");
+	    printf("expected:");
+	    for (i=0; i<8; i++)
+		printf("%02X ",c[z][i]);
+	    err=20;
+	    printf("\n");
+	    }
+
+	CAST_ecb_encrypt(out,out,&key,CAST_DECRYPT);
+	if (memcmp(out,in,8) != 0)
+	    {
+	    printf("ecb cast error decrypting for keysize %d\n",k_len[z]*8);
+	    printf("got     :");
+	    for (i=0; i<8; i++)
+		printf("%02X ",out[i]);
+	    printf("\n");
+	    printf("expected:");
+	    for (i=0; i<8; i++)
+		printf("%02X ",in[i]);
+	    printf("\n");
+	    err=3;
+	    }
+	}
+    if (err == 0)
+	printf("ecb cast5 ok\n");
+
+#ifdef FULL_TEST
+      {
+      unsigned char out_a[16],out_b[16];
+      static char *hex="0123456789ABCDEF";
+      
+      printf("This test will take some time....");
+      fflush(stdout);
+      memcpy(out_a,in_a,sizeof(in_a));
+      memcpy(out_b,in_b,sizeof(in_b));
+      i=1;
+
+      for (l=0; l<1000000L; l++)
+	  {
+	  CAST_set_key(&key_b,16,out_b);
+	  CAST_ecb_encrypt(&(out_a[0]),&(out_a[0]),&key_b,CAST_ENCRYPT);
+	  CAST_ecb_encrypt(&(out_a[8]),&(out_a[8]),&key_b,CAST_ENCRYPT);
+	  CAST_set_key(&key,16,out_a);
+	  CAST_ecb_encrypt(&(out_b[0]),&(out_b[0]),&key,CAST_ENCRYPT);
+	  CAST_ecb_encrypt(&(out_b[8]),&(out_b[8]),&key,CAST_ENCRYPT);
+	  if ((l & 0xffff) == 0xffff)
+	      {
+	      printf("%c",hex[i&0x0f]);
+	      fflush(stdout);
+	      i++;
+	      }
+	  }
+
+      if (	(memcmp(out_a,c_a,sizeof(c_a)) != 0) ||
+		(memcmp(out_b,c_b,sizeof(c_b)) != 0))
+	  {
+	  printf("\n");
+	  printf("Error\n");
+
+	  printf("A out =");
+	  for (i=0; i<16; i++) printf("%02X ",out_a[i]);
+	  printf("\nactual=");
+	  for (i=0; i<16; i++) printf("%02X ",c_a[i]);
+	  printf("\n");
+
+	  printf("B out =");
+	  for (i=0; i<16; i++) printf("%02X ",out_b[i]);
+	  printf("\nactual=");
+	  for (i=0; i<16; i++) printf("%02X ",c_b[i]);
+	  printf("\n");
+	  }
+      else
+	  printf(" ok\n");
+      }
+#endif
+
+    exit(err);
+    return(err);
+    }
+#endif
diff --git a/crypto/openssl/crypto/comp/Makefile.ssl b/crypto/openssl/crypto/comp/Makefile.ssl
new file mode 100644
index 000000000000..d946bcbafa04
--- /dev/null
+++ b/crypto/openssl/crypto/comp/Makefile.ssl
@@ -0,0 +1,99 @@
+#
+# SSLeay/crypto/comp/Makefile
+#
+
+DIR=	comp
+TOP=	../..
+CC=	cc
+INCLUDES= -I.. -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=		make -f Makefile.ssl
+MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+MAKEFILE=	Makefile.ssl
+AR=		ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= comp_lib.c \
+	c_rle.c c_zlib.c
+
+LIBOBJ=	comp_lib.o \
+	c_rle.o c_zlib.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= comp.h
+HEADER=	$(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:	lib
+
+lib:	$(LIBOBJ)
+	$(AR) $(LIB) $(LIBOBJ)
+	$(RANLIB) $(LIB)
+	@touch lib
+
+files:
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+	@for i in $(EXHEADER) ; \
+	do  \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+	done;
+
+tags:
+	ctags $(SRC)
+
+tests:
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(LIBSRC)
+
+dclean:
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+c_rle.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+c_rle.o: ../../include/openssl/bn.h ../../include/openssl/comp.h
+c_rle.o: ../../include/openssl/crypto.h ../../include/openssl/objects.h
+c_rle.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+c_rle.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+c_zlib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+c_zlib.o: ../../include/openssl/bn.h ../../include/openssl/comp.h
+c_zlib.o: ../../include/openssl/crypto.h ../../include/openssl/objects.h
+c_zlib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+c_zlib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+comp_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+comp_lib.o: ../../include/openssl/bn.h ../../include/openssl/comp.h
+comp_lib.o: ../../include/openssl/crypto.h ../../include/openssl/objects.h
+comp_lib.o: ../../include/openssl/opensslconf.h
+comp_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+comp_lib.o: ../../include/openssl/stack.h
diff --git a/crypto/openssl/crypto/comp/c_rle.c b/crypto/openssl/crypto/comp/c_rle.c
new file mode 100644
index 000000000000..1a819e3737d9
--- /dev/null
+++ b/crypto/openssl/crypto/comp/c_rle.c
@@ -0,0 +1,61 @@
+#include 
+#include 
+#include 
+#include 
+#include 
+
+static int rle_compress_block(COMP_CTX *ctx, unsigned char *out,
+	unsigned int olen, unsigned char *in, unsigned int ilen);
+static int rle_expand_block(COMP_CTX *ctx, unsigned char *out,
+	unsigned int olen, unsigned char *in, unsigned int ilen);
+
+static COMP_METHOD rle_method={
+	NID_rle_compression,
+	LN_rle_compression,
+	NULL,
+	NULL,
+	rle_compress_block,
+	rle_expand_block,
+	NULL,
+	};
+
+COMP_METHOD *COMP_rle(void)
+	{
+	return(&rle_method);
+	}
+
+static int rle_compress_block(COMP_CTX *ctx, unsigned char *out,
+	     unsigned int olen, unsigned char *in, unsigned int ilen)
+	{
+	/* int i; */
+
+	if (olen < (ilen+1))
+		{
+		/* ZZZZZZZZZZZZZZZZZZZZZZ */
+		return(-1);
+		}
+
+	*(out++)=0;
+	memcpy(out,in,ilen);
+	return(ilen+1);
+	}
+
+static int rle_expand_block(COMP_CTX *ctx, unsigned char *out,
+	     unsigned int olen, unsigned char *in, unsigned int ilen)
+	{
+	int i;
+
+	if (olen < (ilen-1))
+		{
+		/* ZZZZZZZZZZZZZZZZZZZZZZ */
+		return(-1);
+		}
+
+	i= *(in++);
+	if (i == 0)
+		{
+		memcpy(out,in,ilen-1);
+		}
+	return(ilen-1);
+	}
+
diff --git a/crypto/openssl/crypto/comp/c_zlib.c b/crypto/openssl/crypto/comp/c_zlib.c
new file mode 100644
index 000000000000..6684ab4841f0
--- /dev/null
+++ b/crypto/openssl/crypto/comp/c_zlib.c
@@ -0,0 +1,133 @@
+#include 
+#include 
+#include 
+#include 
+#include 
+
+COMP_METHOD *COMP_zlib(void );
+
+#ifndef ZLIB
+
+static COMP_METHOD zlib_method={
+	NID_undef,
+	"(null)",
+	NULL,
+	NULL,
+	NULL,
+	NULL,
+	NULL,
+	};
+
+#else
+
+#include 
+
+static int zlib_compress_block(COMP_CTX *ctx, unsigned char *out,
+	unsigned int olen, unsigned char *in, unsigned int ilen);
+static int zlib_expand_block(COMP_CTX *ctx, unsigned char *out,
+	unsigned int olen, unsigned char *in, unsigned int ilen);
+
+static int zz_uncompress(Bytef *dest, uLongf *destLen, const Bytef *source,
+	uLong sourceLen);
+
+static COMP_METHOD zlib_method={
+	NID_zlib_compression,
+	LN_zlib_compression,
+	NULL,
+	NULL,
+	zlib_compress_block,
+	zlib_expand_block,
+	NULL,
+	};
+
+static int zlib_compress_block(COMP_CTX *ctx, unsigned char *out,
+	     unsigned int olen, unsigned char *in, unsigned int ilen)
+	{
+	unsigned long l;
+	int i;
+	int clear=1;
+
+	if (ilen > 128)
+		{
+		out[0]=1;
+		l=olen-1;
+		i=compress(&(out[1]),&l,in,(unsigned long)ilen);
+		if (i != Z_OK)
+			return(-1);
+		if (ilen > l)
+			{
+			clear=0;
+			l++;
+			}
+		}
+	if (clear)
+		{
+		out[0]=0;
+		memcpy(&(out[1]),in,ilen);
+		l=ilen+1;
+		}
+fprintf(stderr,"compress(%4d)->%4d %s\n",ilen,(int)l,(clear)?"clear":"zlib");
+	return((int)l);
+	}
+
+static int zlib_expand_block(COMP_CTX *ctx, unsigned char *out,
+	     unsigned int olen, unsigned char *in, unsigned int ilen)
+	{
+	unsigned long l;
+	int i;
+
+	if (in[0])
+		{
+		l=olen;
+		i=zz_uncompress(out,&l,&(in[1]),(unsigned long)ilen-1);
+		if (i != Z_OK)
+			return(-1);
+		}
+	else
+		{
+		memcpy(out,&(in[1]),ilen-1);
+		l=ilen-1;
+		}
+        fprintf(stderr,"expand  (%4d)->%4d %s\n",ilen,(int)l,in[0]?"zlib":"clear");
+	return((int)l);
+	}
+
+static int zz_uncompress (Bytef *dest, uLongf *destLen, const Bytef *source,
+	     uLong sourceLen)
+{
+    z_stream stream;
+    int err;
+
+    stream.next_in = (Bytef*)source;
+    stream.avail_in = (uInt)sourceLen;
+    /* Check for source > 64K on 16-bit machine: */
+    if ((uLong)stream.avail_in != sourceLen) return Z_BUF_ERROR;
+
+    stream.next_out = dest;
+    stream.avail_out = (uInt)*destLen;
+    if ((uLong)stream.avail_out != *destLen) return Z_BUF_ERROR;
+
+    stream.zalloc = (alloc_func)0;
+    stream.zfree = (free_func)0;
+
+    err = inflateInit(&stream);
+    if (err != Z_OK) return err;
+
+    err = inflate(&stream, Z_FINISH);
+    if (err != Z_STREAM_END) {
+        inflateEnd(&stream);
+        return err;
+    }
+    *destLen = stream.total_out;
+
+    err = inflateEnd(&stream);
+    return err;
+}
+
+#endif
+
+COMP_METHOD *COMP_zlib(void)
+	{
+	return(&zlib_method);
+	}
+
diff --git a/crypto/openssl/crypto/comp/comp.h b/crypto/openssl/crypto/comp/comp.h
new file mode 100644
index 000000000000..93bd9c34c80c
--- /dev/null
+++ b/crypto/openssl/crypto/comp/comp.h
@@ -0,0 +1,60 @@
+
+#ifndef HEADER_COMP_H
+#define HEADER_COMP_H
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#include 
+
+typedef struct comp_method_st
+	{
+	int type;		/* NID for compression library */
+	const char *name;	/* A text string to identify the library */
+	int (*init)();
+	void (*finish)();
+	int (*compress)();
+	int (*expand)();
+	long (*ctrl)();
+	} COMP_METHOD;
+
+typedef struct comp_ctx_st
+	{
+	COMP_METHOD *meth;
+	unsigned long compress_in;
+	unsigned long compress_out;
+	unsigned long expand_in;
+	unsigned long expand_out;
+
+	CRYPTO_EX_DATA	ex_data;
+	} COMP_CTX;
+
+
+COMP_CTX *COMP_CTX_new(COMP_METHOD *meth);
+void COMP_CTX_free(COMP_CTX *ctx);
+int COMP_compress_block(COMP_CTX *ctx, unsigned char *out, int olen,
+	unsigned char *in, int ilen);
+int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen,
+	unsigned char *in, int ilen);
+COMP_METHOD *COMP_rle(void );
+#ifdef ZLIB
+COMP_METHOD *COMP_zlib(void );
+#endif
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+
+/* Error codes for the COMP functions. */
+
+/* Function codes. */
+
+/* Reason codes. */
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
+
diff --git a/crypto/openssl/crypto/comp/comp_err.c b/crypto/openssl/crypto/comp/comp_err.c
new file mode 100644
index 000000000000..77a3f7070c51
--- /dev/null
+++ b/crypto/openssl/crypto/comp/comp_err.c
@@ -0,0 +1,91 @@
+/* crypto/comp/comp_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file.
+ */
+
+#include 
+#include 
+#include 
+
+/* BEGIN ERROR CODES */
+#ifndef NO_ERR
+static ERR_STRING_DATA COMP_str_functs[]=
+	{
+{0,NULL}
+	};
+
+static ERR_STRING_DATA COMP_str_reasons[]=
+	{
+{0,NULL}
+	};
+
+#endif
+
+void ERR_load_COMP_strings(void)
+	{
+	static int init=1;
+
+	if (init)
+		{
+		init=0;
+#ifndef NO_ERR
+		ERR_load_strings(ERR_LIB_COMP,COMP_str_functs);
+		ERR_load_strings(ERR_LIB_COMP,COMP_str_reasons);
+#endif
+
+		}
+	}
diff --git a/crypto/openssl/crypto/comp/comp_lib.c b/crypto/openssl/crypto/comp/comp_lib.c
new file mode 100644
index 000000000000..a67ef23bc0fd
--- /dev/null
+++ b/crypto/openssl/crypto/comp/comp_lib.c
@@ -0,0 +1,78 @@
+#include 
+#include 
+#include 
+#include 
+#include 
+
+COMP_CTX *COMP_CTX_new(COMP_METHOD *meth)
+	{
+	COMP_CTX *ret;
+
+	if ((ret=(COMP_CTX *)Malloc(sizeof(COMP_CTX))) == NULL)
+		{
+		/* ZZZZZZZZZZZZZZZZ */
+		return(NULL);
+		}
+	memset(ret,0,sizeof(COMP_CTX));
+	ret->meth=meth;
+	if ((ret->meth->init != NULL) && !ret->meth->init(ret))
+		{
+		Free(ret);
+		ret=NULL;
+		}
+#if 0
+	else
+		CRYPTO_new_ex_data(rsa_meth,(char *)ret,&ret->ex_data);
+#endif
+	return(ret);
+	}
+
+void COMP_CTX_free(COMP_CTX *ctx)
+	{
+	/* CRYPTO_free_ex_data(rsa_meth,(char *)ctx,&ctx->ex_data); */
+
+	if(ctx == NULL)
+	    return;
+
+	if (ctx->meth->finish != NULL)
+		ctx->meth->finish(ctx);
+
+	Free(ctx);
+	}
+
+int COMP_compress_block(COMP_CTX *ctx, unsigned char *out, int olen,
+	     unsigned char *in, int ilen)
+	{
+	int ret;
+	if (ctx->meth->compress == NULL)
+		{
+		/* ZZZZZZZZZZZZZZZZZ */
+		return(-1);
+		}
+	ret=ctx->meth->compress(ctx,out,olen,in,ilen);
+	if (ret > 0)
+		{
+		ctx->compress_in+=ilen;
+		ctx->compress_out+=ret;
+		}
+	return(ret);
+	}
+
+int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen,
+	     unsigned char *in, int ilen)
+	{
+	int ret;
+
+	if (ctx->meth->expand == NULL)
+		{
+		/* ZZZZZZZZZZZZZZZZZ */
+		return(-1);
+		}
+	ret=ctx->meth->expand(ctx,out,olen,in,ilen);
+	if (ret > 0)
+		{
+		ctx->expand_in+=ilen;
+		ctx->expand_out+=ret;
+		}
+	return(ret);
+	}
diff --git a/crypto/openssl/crypto/conf/Makefile.ssl b/crypto/openssl/crypto/conf/Makefile.ssl
new file mode 100644
index 000000000000..64b763f06881
--- /dev/null
+++ b/crypto/openssl/crypto/conf/Makefile.ssl
@@ -0,0 +1,92 @@
+#
+# SSLeay/crypto/conf/Makefile
+#
+
+DIR=	conf
+TOP=	../..
+CC=	cc
+INCLUDES= -I.. -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=		make -f Makefile.ssl
+MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+MAKEFILE=	Makefile.ssl
+AR=		ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= conf.c conf_err.c
+
+LIBOBJ=	conf.o conf_err.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= conf.h
+HEADER=	conf_lcl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:	lib
+
+lib:	$(LIBOBJ)
+	$(AR) $(LIB) $(LIBOBJ)
+	$(RANLIB) $(LIB)
+	@touch lib
+
+files:
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+	@for i in $(EXHEADER) ; \
+	do  \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+	done;
+
+tags:
+	ctags $(SRC)
+
+tests:
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(LIBSRC)
+
+dclean:
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+conf.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+conf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+conf.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+conf.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+conf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+conf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+conf.o: ../cryptlib.h conf_lcl.h
+conf_err.o: ../../include/openssl/bio.h ../../include/openssl/conf.h
+conf_err.o: ../../include/openssl/crypto.h ../../include/openssl/err.h
+conf_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslv.h
+conf_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
diff --git a/crypto/openssl/crypto/conf/cnf_save.c b/crypto/openssl/crypto/conf/cnf_save.c
new file mode 100644
index 000000000000..e907cc224276
--- /dev/null
+++ b/crypto/openssl/crypto/conf/cnf_save.c
@@ -0,0 +1,105 @@
+/* crypto/conf/cnf_save.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+
+void print_conf(CONF_VALUE *cv);
+
+main()
+	{
+	LHASH *conf;
+	long l;
+
+	conf=CONF_load(NULL,"../../apps/openssl.cnf",&l);
+	if (conf == NULL)
+		{
+		fprintf(stderr,"error loading config, line %ld\n",l);
+		exit(1);
+		}
+
+	lh_doall(conf,print_conf);
+	}
+
+
+void print_conf(CONF_VALUE *cv)
+	{
+	int i;
+	CONF_VALUE *v;
+	char *section;
+	char *name;
+	char *value;
+	STACK *s;
+
+	/* If it is a single entry, return */
+
+	if (cv->name != NULL) return;
+
+	printf("[ %s ]\n",cv->section);
+	s=(STACK *)cv->value;
+
+	for (i=0; isection == NULL)?"None":v->section;
+		name=(v->name == NULL)?"None":v->name;
+		value=(v->value == NULL)?"None":v->value;
+		printf("%s=%s\n",name,value);
+		}
+	printf("\n");
+	}
diff --git a/crypto/openssl/crypto/conf/conf.c b/crypto/openssl/crypto/conf/conf.c
new file mode 100644
index 000000000000..7d8b89168a2d
--- /dev/null
+++ b/crypto/openssl/crypto/conf/conf.c
@@ -0,0 +1,732 @@
+/* crypto/conf/conf.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#include "conf_lcl.h"
+
+static void value_free_hash(CONF_VALUE *a, LHASH *conf);
+static void value_free_stack(CONF_VALUE *a,LHASH *conf);
+static unsigned long hash(CONF_VALUE *v);
+static int cmp_conf(CONF_VALUE *a,CONF_VALUE *b);
+static char *eat_ws(char *p);
+static char *eat_alpha_numeric(char *p);
+static void clear_comments(char *p);
+static int str_copy(LHASH *conf,char *section,char **to, char *from);
+static char *scan_quote(char *p);
+static CONF_VALUE *new_section(LHASH *conf,char *section);
+static CONF_VALUE *get_section(LHASH *conf,char *section);
+#define scan_esc(p)	((((p)[1] == '\0')?(p++):(p+=2)),p)
+
+const char *CONF_version="CONF" OPENSSL_VERSION_PTEXT;
+
+
+LHASH *CONF_load(LHASH *h, const char *file, long *line)
+	{
+	LHASH *ltmp;
+	FILE *in=NULL;
+
+#ifdef VMS
+	in=fopen(file,"r");
+#else
+	in=fopen(file,"rb");
+#endif
+	if (in == NULL)
+		{
+		SYSerr(SYS_F_FOPEN,get_last_sys_error());
+		ERR_set_error_data(BUF_strdup(file),
+			ERR_TXT_MALLOCED|ERR_TXT_STRING);
+		CONFerr(CONF_F_CONF_LOAD,ERR_R_SYS_LIB);
+		return NULL;
+		}
+
+	ltmp = CONF_load_fp(h, in, line);
+	fclose(in);
+
+	return ltmp;
+}
+
+LHASH *CONF_load_fp(LHASH *h, FILE *in, long *line)
+{
+	BIO *btmp;
+	LHASH *ltmp;
+	if(!(btmp = BIO_new_fp(in, BIO_NOCLOSE))) {
+		CONFerr(CONF_F_CONF_LOAD_FP,ERR_R_BUF_LIB);
+		return NULL;
+	}
+	ltmp = CONF_load_bio(h, btmp, line);
+	BIO_free(btmp);
+	return ltmp;
+}
+
+LHASH *CONF_load_bio(LHASH *h, BIO *in, long *line)
+	{
+	LHASH *ret=NULL;
+#define BUFSIZE	512
+	char btmp[16];
+	int bufnum=0,i,ii;
+	BUF_MEM *buff=NULL;
+	char *s,*p,*end;
+	int again,n;
+	long eline=0;
+	CONF_VALUE *v=NULL,*vv,*tv;
+	CONF_VALUE *sv=NULL;
+	char *section=NULL,*buf;
+	STACK_OF(CONF_VALUE) *section_sk=NULL,*ts;
+	char *start,*psection,*pname;
+
+	if ((buff=BUF_MEM_new()) == NULL)
+		{
+		CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_BUF_LIB);
+		goto err;
+		}
+
+	section=(char *)Malloc(10);
+	if (section == NULL)
+		{
+		CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+	strcpy(section,"default");
+
+	if (h == NULL)
+		{
+		if ((ret=lh_new(hash,cmp_conf)) == NULL)
+			{
+			CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_MALLOC_FAILURE);
+			goto err;
+			}
+		}
+	else
+		ret=h;
+
+	sv=new_section(ret,section);
+	if (sv == NULL)
+		{
+		CONFerr(CONF_F_CONF_LOAD_BIO,
+					CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
+		goto err;
+		}
+	section_sk=(STACK_OF(CONF_VALUE) *)sv->value;
+
+	bufnum=0;
+	for (;;)
+		{
+		again=0;
+		if (!BUF_MEM_grow(buff,bufnum+BUFSIZE))
+			{
+			CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_BUF_LIB);
+			goto err;
+			}
+		p= &(buff->data[bufnum]);
+		*p='\0';
+		BIO_gets(in, p, BUFSIZE-1);
+		p[BUFSIZE-1]='\0';
+		ii=i=strlen(p);
+		if (i == 0) break;
+		while (i > 0)
+			{
+			if ((p[i-1] != '\r') && (p[i-1] != '\n'))
+				break;
+			else
+				i--;
+			}
+		/* we removed some trailing stuff so there is a new
+		 * line on the end. */
+		if (i == ii)
+			again=1; /* long line */
+		else
+			{
+			p[i]='\0';
+			eline++; /* another input line */
+			}
+
+		/* we now have a line with trailing \r\n removed */
+
+		/* i is the number of bytes */
+		bufnum+=i;
+
+		v=NULL;
+		/* check for line continuation */
+		if (bufnum >= 1)
+			{
+			/* If we have bytes and the last char '\\' and
+			 * second last char is not '\\' */
+			p= &(buff->data[bufnum-1]);
+			if (	IS_ESC(p[0]) &&
+				((bufnum <= 1) || !IS_ESC(p[-1])))
+				{
+				bufnum--;
+				again=1;
+				}
+			}
+		if (again) continue;
+		bufnum=0;
+		buf=buff->data;
+
+		clear_comments(buf);
+		n=strlen(buf);
+		s=eat_ws(buf);
+		if (IS_EOF(*s)) continue; /* blank line */
+		if (*s == '[')
+			{
+			char *ss;
+
+			s++;
+			start=eat_ws(s);
+			ss=start;
+again:
+			end=eat_alpha_numeric(ss);
+			p=eat_ws(end);
+			if (*p != ']')
+				{
+				if (*p != '\0')
+					{
+					ss=p;
+					goto again;
+					}
+				CONFerr(CONF_F_CONF_LOAD_BIO,
+					CONF_R_MISSING_CLOSE_SQUARE_BRACKET);
+				goto err;
+				}
+			*end='\0';
+			if (!str_copy(ret,NULL,§ion,start)) goto err;
+			if ((sv=get_section(ret,section)) == NULL)
+				sv=new_section(ret,section);
+			if (sv == NULL)
+				{
+				CONFerr(CONF_F_CONF_LOAD_BIO,
+					CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
+				goto err;
+				}
+			section_sk=(STACK_OF(CONF_VALUE) *)sv->value;
+			continue;
+			}
+		else
+			{
+			pname=s;
+			psection=NULL;
+			end=eat_alpha_numeric(s);
+			if ((end[0] == ':') && (end[1] == ':'))
+				{
+				*end='\0';
+				end+=2;
+				psection=pname;
+				pname=end;
+				end=eat_alpha_numeric(end);
+				}
+			p=eat_ws(end);
+			if (*p != '=')
+				{
+				CONFerr(CONF_F_CONF_LOAD_BIO,
+						CONF_R_MISSING_EQUAL_SIGN);
+				goto err;
+				}
+			*end='\0';
+			p++;
+			start=eat_ws(p);
+			while (!IS_EOF(*p))
+				p++;
+			p--;
+			while ((p != start) && (IS_WS(*p)))
+				p--;
+			p++;
+			*p='\0';
+
+			if (!(v=(CONF_VALUE *)Malloc(sizeof(CONF_VALUE))))
+				{
+				CONFerr(CONF_F_CONF_LOAD_BIO,
+							ERR_R_MALLOC_FAILURE);
+				goto err;
+				}
+			if (psection == NULL) psection=section;
+			v->name=(char *)Malloc(strlen(pname)+1);
+			v->value=NULL;
+			if (v->name == NULL)
+				{
+				CONFerr(CONF_F_CONF_LOAD_BIO,
+							ERR_R_MALLOC_FAILURE);
+				goto err;
+				}
+			strcpy(v->name,pname);
+			if (!str_copy(ret,psection,&(v->value),start)) goto err;
+
+			if (strcmp(psection,section) != 0)
+				{
+				if ((tv=get_section(ret,psection))
+					== NULL)
+					tv=new_section(ret,psection);
+				if (tv == NULL)
+					{
+					CONFerr(CONF_F_CONF_LOAD_BIO,
+					   CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
+					goto err;
+					}
+				ts=(STACK_OF(CONF_VALUE) *)tv->value;
+				}
+			else
+				{
+				tv=sv;
+				ts=section_sk;
+				}
+			v->section=tv->section;	
+			if (!sk_CONF_VALUE_push(ts,v))
+				{
+				CONFerr(CONF_F_CONF_LOAD_BIO,
+							ERR_R_MALLOC_FAILURE);
+				goto err;
+				}
+			vv=(CONF_VALUE *)lh_insert(ret,(char *)v);
+			if (vv != NULL)
+				{
+				sk_CONF_VALUE_delete_ptr(ts,vv);
+				Free(vv->name);
+				Free(vv->value);
+				Free(vv);
+				}
+			v=NULL;
+			}
+		}
+	if (buff != NULL) BUF_MEM_free(buff);
+	if (section != NULL) Free(section);
+	return(ret);
+err:
+	if (buff != NULL) BUF_MEM_free(buff);
+	if (section != NULL) Free(section);
+	if (line != NULL) *line=eline;
+	sprintf(btmp,"%ld",eline);
+	ERR_add_error_data(2,"line ",btmp);
+	if ((h != ret) && (ret != NULL)) CONF_free(ret);
+	if (v != NULL)
+		{
+		if (v->name != NULL) Free(v->name);
+		if (v->value != NULL) Free(v->value);
+		if (v != NULL) Free(v);
+		}
+	return(NULL);
+	}
+
+char *CONF_get_string(LHASH *conf, char *section, char *name)
+	{
+	CONF_VALUE *v,vv;
+	char *p;
+
+	if (name == NULL) return(NULL);
+	if (conf != NULL)
+		{
+		if (section != NULL)
+			{
+			vv.name=name;
+			vv.section=section;
+			v=(CONF_VALUE *)lh_retrieve(conf,(char *)&vv);
+			if (v != NULL) return(v->value);
+			if (strcmp(section,"ENV") == 0)
+				{
+				p=Getenv(name);
+				if (p != NULL) return(p);
+				}
+			}
+		vv.section="default";
+		vv.name=name;
+		v=(CONF_VALUE *)lh_retrieve(conf,(char *)&vv);
+		if (v != NULL)
+			return(v->value);
+		else
+			return(NULL);
+		}
+	else
+		return(Getenv(name));
+	}
+
+static CONF_VALUE *get_section(LHASH *conf, char *section)
+	{
+	CONF_VALUE *v,vv;
+
+	if ((conf == NULL) || (section == NULL)) return(NULL);
+	vv.name=NULL;
+	vv.section=section;
+	v=(CONF_VALUE *)lh_retrieve(conf,(char *)&vv);
+	return(v);
+	}
+
+STACK_OF(CONF_VALUE) *CONF_get_section(LHASH *conf, char *section)
+	{
+	CONF_VALUE *v;
+
+	v=get_section(conf,section);
+	if (v != NULL)
+		return((STACK_OF(CONF_VALUE) *)v->value);
+	else
+		return(NULL);
+	}
+
+long CONF_get_number(LHASH *conf, char *section, char *name)
+	{
+	char *str;
+	long ret=0;
+
+	str=CONF_get_string(conf,section,name);
+	if (str == NULL) return(0);
+	for (;;)
+		{
+		if (IS_NUMER(*str))
+			ret=ret*10+(*str -'0');
+		else
+			return(ret);
+		str++;
+		}
+	}
+
+void CONF_free(LHASH *conf)
+	{
+	if (conf == NULL) return;
+
+	conf->down_load=0; 	/* evil thing to make sure the 'Free()'
+				 * works as expected */
+	lh_doall_arg(conf,(void (*)())value_free_hash,(char *)conf);
+
+	/* We now have only 'section' entries in the hash table.
+	 * Due to problems with */
+
+	lh_doall_arg(conf,(void (*)())value_free_stack,(char *)conf);
+	lh_free(conf);
+	}
+
+static void value_free_hash(CONF_VALUE *a, LHASH *conf)
+	{
+	if (a->name != NULL)
+		{
+		a=(CONF_VALUE *)lh_delete(conf,(char *)a);
+		}
+	}
+
+static void value_free_stack(CONF_VALUE *a, LHASH *conf)
+	{
+	CONF_VALUE *vv;
+	STACK *sk;
+	int i;
+
+	if (a->name != NULL) return;
+
+	sk=(STACK *)a->value;
+	for (i=sk_num(sk)-1; i>=0; i--)
+		{
+		vv=(CONF_VALUE *)sk_value(sk,i);
+		Free(vv->value);
+		Free(vv->name);
+		Free(vv);
+		}
+	if (sk != NULL) sk_free(sk);
+	Free(a->section);
+	Free(a);
+	}
+
+static void clear_comments(char *p)
+	{
+	char *to;
+
+	to=p;
+	for (;;)
+		{
+		if (IS_COMMENT(*p))
+			{
+			*p='\0';
+			return;
+			}
+		if (IS_QUOTE(*p))
+			{
+			p=scan_quote(p);
+			continue;
+			}
+		if (IS_ESC(*p))
+			{
+			p=scan_esc(p);
+			continue;
+			}
+		if (IS_EOF(*p))
+			return;
+		else
+			p++;
+		}
+	}
+
+static int str_copy(LHASH *conf, char *section, char **pto, char *from)
+	{
+	int q,r,rr=0,to=0,len=0;
+	char *s,*e,*rp,*p,*rrp,*np,*cp,v;
+	BUF_MEM *buf;
+
+	if ((buf=BUF_MEM_new()) == NULL) return(0);
+
+	len=strlen(from)+1;
+	if (!BUF_MEM_grow(buf,len)) goto err;
+
+	for (;;)
+		{
+		if (IS_QUOTE(*from))
+			{
+			q= *from;
+			from++;
+			while ((*from != '\0') && (*from != q))
+				{
+				if (*from == '\\')
+					{
+					from++;
+					if (*from == '\0') break;
+					}
+				buf->data[to++]= *(from++);
+				}
+			}
+		else if (*from == '\\')
+			{
+			from++;
+			v= *(from++);
+			if (v == '\0') break;
+			else if (v == 'r') v='\r';
+			else if (v == 'n') v='\n';
+			else if (v == 'b') v='\b';
+			else if (v == 't') v='\t';
+			buf->data[to++]= v;
+			}
+		else if (*from == '\0')
+			break;
+		else if (*from == '$')
+			{
+			/* try to expand it */
+			rrp=NULL;
+			s= &(from[1]);
+			if (*s == '{')
+				q='}';
+			else if (*s == '(')
+				q=')';
+			else q=0;
+
+			if (q) s++;
+			cp=section;
+			e=np=s;
+			while (IS_ALPHA_NUMERIC(*e))
+				e++;
+			if ((e[0] == ':') && (e[1] == ':'))
+				{
+				cp=np;
+				rrp=e;
+				rr= *e;
+				*rrp='\0';
+				e+=2;
+				np=e;
+				while (IS_ALPHA_NUMERIC(*e))
+					e++;
+				}
+			r= *e;
+			*e='\0';
+			rp=e;
+			if (q)
+				{
+				if (r != q)
+					{
+					CONFerr(CONF_F_STR_COPY,CONF_R_NO_CLOSE_BRACE);
+					goto err;
+					}
+				e++;
+				}
+			/* So at this point we have
+			 * ns which is the start of the name string which is
+			 *   '\0' terminated. 
+			 * cs which is the start of the section string which is
+			 *   '\0' terminated.
+			 * e is the 'next point after'.
+			 * r and s are the chars replaced by the '\0'
+			 * rp and sp is where 'r' and 's' came from.
+			 */
+			p=CONF_get_string(conf,cp,np);
+			if (rrp != NULL) *rrp=rr;
+			*rp=r;
+			if (p == NULL)
+				{
+				CONFerr(CONF_F_STR_COPY,CONF_R_VARIABLE_HAS_NO_VALUE);
+				goto err;
+				}
+			BUF_MEM_grow(buf,(strlen(p)+len-(e-from)));
+			while (*p)
+				buf->data[to++]= *(p++);
+			from=e;
+			}
+		else
+			buf->data[to++]= *(from++);
+		}
+	buf->data[to]='\0';
+	if (*pto != NULL) Free(*pto);
+	*pto=buf->data;
+	Free(buf);
+	return(1);
+err:
+	if (buf != NULL) BUF_MEM_free(buf);
+	return(0);
+	}
+
+static char *eat_ws(char *p)
+	{
+	while (IS_WS(*p) && (!IS_EOF(*p)))
+		p++;
+	return(p);
+	}
+
+static char *eat_alpha_numeric(char *p)
+	{
+	for (;;)
+		{
+		if (IS_ESC(*p))
+			{
+			p=scan_esc(p);
+			continue;
+			}
+		if (!IS_ALPHA_NUMERIC_PUNCT(*p))
+			return(p);
+		p++;
+		}
+	}
+
+static unsigned long hash(CONF_VALUE *v)
+	{
+	return((lh_strhash(v->section)<<2)^lh_strhash(v->name));
+	}
+
+static int cmp_conf(CONF_VALUE *a, CONF_VALUE *b)
+	{
+	int i;
+
+	if (a->section != b->section)
+		{
+		i=strcmp(a->section,b->section);
+		if (i) return(i);
+		}
+
+	if ((a->name != NULL) && (b->name != NULL))
+		{
+		i=strcmp(a->name,b->name);
+		return(i);
+		}
+	else if (a->name == b->name)
+		return(0);
+	else
+		return((a->name == NULL)?-1:1);
+	}
+
+static char *scan_quote(char *p)
+	{
+	int q= *p;
+
+	p++;
+	while (!(IS_EOF(*p)) && (*p != q))
+		{
+		if (IS_ESC(*p))
+			{
+			p++;
+			if (IS_EOF(*p)) return(p);
+			}
+		p++;
+		}
+	if (*p == q) p++;
+	return(p);
+	}
+
+static CONF_VALUE *new_section(LHASH *conf, char *section)
+	{
+	STACK *sk=NULL;
+	int ok=0,i;
+	CONF_VALUE *v=NULL,*vv;
+
+	if ((sk=sk_new_null()) == NULL)
+		goto err;
+	if ((v=(CONF_VALUE *)Malloc(sizeof(CONF_VALUE))) == NULL)
+		goto err;
+	i=strlen(section)+1;
+	if ((v->section=(char *)Malloc(i)) == NULL)
+		goto err;
+
+	memcpy(v->section,section,i);
+	v->name=NULL;
+	v->value=(char *)sk;
+	
+	vv=(CONF_VALUE *)lh_insert(conf,(char *)v);
+	if (vv != NULL)
+		{
+#if !defined(NO_STDIO) && !defined(WIN16)
+		fprintf(stderr,"internal fault\n");
+#endif
+		abort();
+		}
+	ok=1;
+err:
+	if (!ok)
+		{
+		if (sk != NULL) sk_free(sk);
+		if (v != NULL) Free(v);
+		v=NULL;
+		}
+	return(v);
+	}
+
+IMPLEMENT_STACK_OF(CONF_VALUE)
diff --git a/crypto/openssl/crypto/conf/conf.h b/crypto/openssl/crypto/conf/conf.h
new file mode 100644
index 000000000000..e7c51500970c
--- /dev/null
+++ b/crypto/openssl/crypto/conf/conf.h
@@ -0,0 +1,114 @@
+/* crypto/conf/conf.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef  HEADER_CONF_H
+#define HEADER_CONF_H
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#include 
+#include 
+#include 
+#include 
+
+typedef struct
+	{
+	char *section;
+	char *name;
+	char *value;
+	} CONF_VALUE;
+
+DECLARE_STACK_OF(CONF_VALUE)
+
+LHASH *CONF_load(LHASH *conf,const char *file,long *eline);
+LHASH *CONF_load_fp(LHASH *conf, FILE *fp,long *eline);
+LHASH *CONF_load_bio(LHASH *conf, BIO *bp,long *eline);
+STACK_OF(CONF_VALUE) *CONF_get_section(LHASH *conf,char *section);
+char *CONF_get_string(LHASH *conf,char *group,char *name);
+long CONF_get_number(LHASH *conf,char *group,char *name);
+void CONF_free(LHASH *conf);
+void ERR_load_CONF_strings(void );
+
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+
+/* Error codes for the CONF functions. */
+
+/* Function codes. */
+#define CONF_F_CONF_LOAD				 100
+#define CONF_F_CONF_LOAD_BIO				 102
+#define CONF_F_CONF_LOAD_FP				 103
+#define CONF_F_STR_COPY					 101
+
+/* Reason codes. */
+#define CONF_R_MISSING_CLOSE_SQUARE_BRACKET		 100
+#define CONF_R_MISSING_EQUAL_SIGN			 101
+#define CONF_R_NO_CLOSE_BRACE				 102
+#define CONF_R_UNABLE_TO_CREATE_NEW_SECTION		 103
+#define CONF_R_VARIABLE_HAS_NO_VALUE			 104
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
+
diff --git a/crypto/openssl/crypto/conf/conf_err.c b/crypto/openssl/crypto/conf/conf_err.c
new file mode 100644
index 000000000000..eb4b3cfc7088
--- /dev/null
+++ b/crypto/openssl/crypto/conf/conf_err.c
@@ -0,0 +1,100 @@
+/* crypto/conf/conf_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file.
+ */
+
+#include 
+#include 
+#include 
+
+/* BEGIN ERROR CODES */
+#ifndef NO_ERR
+static ERR_STRING_DATA CONF_str_functs[]=
+	{
+{ERR_PACK(0,CONF_F_CONF_LOAD,0),	"CONF_load"},
+{ERR_PACK(0,CONF_F_CONF_LOAD_BIO,0),	"CONF_load_bio"},
+{ERR_PACK(0,CONF_F_CONF_LOAD_FP,0),	"CONF_load_fp"},
+{ERR_PACK(0,CONF_F_STR_COPY,0),	"STR_COPY"},
+{0,NULL}
+	};
+
+static ERR_STRING_DATA CONF_str_reasons[]=
+	{
+{CONF_R_MISSING_CLOSE_SQUARE_BRACKET     ,"missing close square bracket"},
+{CONF_R_MISSING_EQUAL_SIGN               ,"missing equal sign"},
+{CONF_R_NO_CLOSE_BRACE                   ,"no close brace"},
+{CONF_R_UNABLE_TO_CREATE_NEW_SECTION     ,"unable to create new section"},
+{CONF_R_VARIABLE_HAS_NO_VALUE            ,"variable has no value"},
+{0,NULL}
+	};
+
+#endif
+
+void ERR_load_CONF_strings(void)
+	{
+	static int init=1;
+
+	if (init)
+		{
+		init=0;
+#ifndef NO_ERR
+		ERR_load_strings(ERR_LIB_CONF,CONF_str_functs);
+		ERR_load_strings(ERR_LIB_CONF,CONF_str_reasons);
+#endif
+
+		}
+	}
diff --git a/crypto/openssl/crypto/conf/conf_lcl.h b/crypto/openssl/crypto/conf/conf_lcl.h
new file mode 100644
index 000000000000..f9a015df579e
--- /dev/null
+++ b/crypto/openssl/crypto/conf/conf_lcl.h
@@ -0,0 +1,116 @@
+/* crypto/conf/conf_lcl.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#define CONF_NUMBER		1
+#define CONF_UPPER		2
+#define CONF_LOWER		4
+#define CONF_UNDER		256
+#define CONF_PUNCTUATION	512
+#define CONF_WS			16
+#define CONF_ESC		32
+#define CONF_QUOTE		64
+#define CONF_COMMENT		128
+#define CONF_EOF		8
+#define CONF_ALPHA		(CONF_UPPER|CONF_LOWER)
+#define CONF_ALPHA_NUMERIC	(CONF_ALPHA|CONF_NUMBER|CONF_UNDER)
+#define CONF_ALPHA_NUMERIC_PUNCT (CONF_ALPHA|CONF_NUMBER|CONF_UNDER| \
+					CONF_PUNCTUATION)
+
+#ifndef CHARSET_EBCDIC
+#define IS_COMMENT(a)		(CONF_COMMENT&(CONF_type[(a)&0x7f]))
+#define IS_EOF(a)		((a) == '\0')
+#define IS_ESC(a)		((a) == '\\')
+#define IS_NUMER(a)		(CONF_type[(a)&0x7f]&CONF_NUMBER)
+#define IS_WS(a)		(CONF_type[(a)&0x7f]&CONF_WS)
+#define IS_ALPHA_NUMERIC(a)	(CONF_type[(a)&0x7f]&CONF_ALPHA_NUMERIC)
+#define IS_ALPHA_NUMERIC_PUNCT(a) \
+				(CONF_type[(a)&0x7f]&CONF_ALPHA_NUMERIC_PUNCT)
+#define IS_QUOTE(a)		(CONF_type[(a)&0x7f]&CONF_QUOTE)
+
+#else /*CHARSET_EBCDIC*/
+
+#define IS_COMMENT(a)		(CONF_COMMENT&(CONF_type[os_toascii[a]&0x7f]))
+#define IS_EOF(a)		(os_toascii[a] == '\0')
+#define IS_ESC(a)		(os_toascii[a] == '\\')
+#define IS_NUMER(a)		(CONF_type[os_toascii[a]&0x7f]&CONF_NUMBER)
+#define IS_WS(a)		(CONF_type[os_toascii[a]&0x7f]&CONF_WS)
+#define IS_ALPHA_NUMERIC(a)	(CONF_type[os_toascii[a]&0x7f]&CONF_ALPHA_NUMERIC)
+#define IS_ALPHA_NUMERIC_PUNCT(a) \
+				(CONF_type[os_toascii[a]&0x7f]&CONF_ALPHA_NUMERIC_PUNCT)
+#define IS_QUOTE(a)		(CONF_type[os_toascii[a]&0x7f]&CONF_QUOTE)
+#endif /*CHARSET_EBCDIC*/
+
+static unsigned short CONF_type[128]={
+	0x008,0x000,0x000,0x000,0x000,0x000,0x000,0x000,
+	0x000,0x010,0x010,0x000,0x000,0x010,0x000,0x000,
+	0x000,0x000,0x000,0x000,0x000,0x000,0x000,0x000,
+	0x000,0x000,0x000,0x000,0x000,0x000,0x000,0x000,
+	0x010,0x200,0x040,0x080,0x000,0x200,0x200,0x040,
+	0x000,0x000,0x200,0x200,0x200,0x200,0x200,0x200,
+	0x001,0x001,0x001,0x001,0x001,0x001,0x001,0x001,
+	0x001,0x001,0x000,0x200,0x000,0x000,0x000,0x200,
+	0x200,0x002,0x002,0x002,0x002,0x002,0x002,0x002,
+	0x002,0x002,0x002,0x002,0x002,0x002,0x002,0x002,
+	0x002,0x002,0x002,0x002,0x002,0x002,0x002,0x002,
+	0x002,0x002,0x002,0x000,0x020,0x000,0x200,0x100,
+	0x040,0x004,0x004,0x004,0x004,0x004,0x004,0x004,
+	0x004,0x004,0x004,0x004,0x004,0x004,0x004,0x004,
+	0x004,0x004,0x004,0x004,0x004,0x004,0x004,0x004,
+	0x004,0x004,0x004,0x000,0x200,0x000,0x200,0x000,
+	};
+
diff --git a/crypto/openssl/crypto/conf/keysets.pl b/crypto/openssl/crypto/conf/keysets.pl
new file mode 100644
index 000000000000..1aed0c80c4b9
--- /dev/null
+++ b/crypto/openssl/crypto/conf/keysets.pl
@@ -0,0 +1,61 @@
+#!/usr/local/bin/perl
+
+$NUMBER=0x01;
+$UPPER=0x02;
+$LOWER=0x04;
+$EOF=0x08;
+$WS=0x10;
+$ESC=0x20;
+$QUOTE=0x40;
+$COMMENT=0x80;
+$UNDER=0x100;
+
+foreach (0 .. 127)
+	{
+	$v=0;
+	$c=sprintf("%c",$_);
+	$v|=$NUMBER	if ($c =~ /[0-9]/);
+	$v|=$UPPER	if ($c =~ /[A-Z]/);
+	$v|=$LOWER	if ($c =~ /[a-z]/);
+	$v|=$UNDER	if ($c =~ /_/);
+	$v|=$WS		if ($c =~ / \t\r\n/);
+	$v|=$ESC	if ($c =~ /\\/);
+	$v|=$QUOTE	if ($c =~ /['`"]/);
+	$v|=$COMMENT	if ($c =~ /\#/);
+	$v|=$EOF	if ($c =~ /\0/);
+
+	push(@V,$v);
+	}
+
+print <<"EOF";
+#define CONF_NUMBER		$NUMBER
+#define CONF_UPPER		$UPPER
+#define CONF_LOWER		$LOWER
+#define CONF_EOF		$EOF
+#define CONF_WS			$WS
+#define CONF_ESC		$ESC
+#define CONF_QUOTE		$QUOTE
+#define CONF_COMMENT		$COMMENT
+#define CONF_ALPHA		(CONF_UPPER|CONF_LOWER)
+#define CONF_ALPHA_NUMERIC	(CONF_ALPHA|CONF_NUMBER|CONF_UNDER)
+#define CONF_UNDER		$UNDER
+
+#define IS_COMMENT(a)		(CONF_COMMENT&(CONF_type[(a)&0x7f]))
+#define IS_EOF(a)		((a) == '\\0')
+#define IS_ESC(a)		((a) == '\\\\')
+#define IS_NUMER(a)		(CONF_type[(a)&0x7f]&CONF_NUMBER)
+#define IS_WS(a)		(CONF_type[(a)&0x7f]&CONF_WS)
+#define IS_ALPHA_NUMERIC(a)	(CONF_type[(a)&0x7f]&CONF_ALPHA_NUMERIC)
+#define IS_QUOTE(a)		(CONF_type[(a)&0x7f]&CONF_QUOTE)
+
+EOF
+
+print "static unsigned short CONF_type[128]={";
+
+for ($i=0; $i<128; $i++)
+	{
+	print "\n\t" if ($i % 8) == 0;
+	printf "0x%03X,",$V[$i];
+	}
+
+print "\n\t};\n";
diff --git a/crypto/openssl/crypto/conf/ssleay.cnf b/crypto/openssl/crypto/conf/ssleay.cnf
new file mode 100644
index 000000000000..ed33af601e1e
--- /dev/null
+++ b/crypto/openssl/crypto/conf/ssleay.cnf
@@ -0,0 +1,78 @@
+#
+# This is a test configuration file for use in SSLeay etc...
+#
+
+init = 5
+in\#it1 =10
+init2='10'
+init3='10\''
+init4="10'"
+init5='='10\'' again'
+
+SSLeay::version = 0.5.0
+
+[genrsa]
+default_bits	= 512
+SSLEAY::version = 0.5.0
+
+[gendh]
+default_bits	= 512
+def_generator	= 2
+
+[s_client]
+cipher1		= DES_CBC_MD5:DES_CBC_SHA:DES_EDE_SHA:RC4_MD5\
+cipher2		= 'DES_CBC_MD5 DES_CBC_SHA DES_EDE_SHA RC4_MD5'
+cipher3		= "DES_CBC_MD5 DES_CBC_SHA DES_EDE_SHA RC4_MD5"
+cipher4		= DES_CBC_MD5 DES_CBC_SHA DES_EDE_SHA RC4_MD5
+
+[ default ]
+cert_dir	= $ENV::HOME/.ca_certs
+
+HOME		= /tmp/eay
+
+tmp_cert_dir	= $HOME/.ca_certs
+tmp2_cert_dir	= thisis$(HOME)stuff
+
+LOGNAME	= Eric Young (home=$HOME)
+
+[ special ]
+
+H=$HOME
+H=$default::HOME
+H=$ENV::HOME
+#
+# SSLeay example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+RANDFILE		= $HOME/.rand
+
+[ req ]
+default_bits		= 512
+default_keyfile 	= privkey.pem
+
+Attribute_type_1	= countryName
+Attribute_text_1	= Country Name (2 letter code)
+Attribute_default_1	= AU
+
+Attribute_type_2	= stateOrProvinceName
+Attribute_text_2	= State or Province Name (full name)
+Attribute_default_2	= Queensland
+
+Attribute_type_3	= localityName
+Attribute_text_3	= Locality Name (eg, city)
+
+Attribute_type_4	= organizationName
+Attribute_text_4	= Organization Name (eg, company)
+Attribute_default_4	= Mincom Pty Ltd
+
+Attribute_type_5	= organizationalUnitName
+Attribute_text_5	= Organizational Unit Name (eg, section)
+Attribute_default_5	= TR
+
+Attribute_type_6	= commonName
+Attribute_text_6	= Common Name (eg, YOUR name)
+
+Attribute_type_7	= emailAddress
+Attribute_text_7	= Email Address
+
diff --git a/crypto/openssl/crypto/conf/test.c b/crypto/openssl/crypto/conf/test.c
new file mode 100644
index 000000000000..9390a48bafe6
--- /dev/null
+++ b/crypto/openssl/crypto/conf/test.c
@@ -0,0 +1,92 @@
+/* crypto/conf/test.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+#include 
+
+main()
+	{
+	LHASH *conf;
+	long eline;
+	char *s,*s2;
+
+	conf=CONF_load(NULL,"openssl.conf",&eline);
+	if (conf == NULL)
+		{
+		ERR_load_crypto_strings();
+		printf("unable to load configuration, line %ld\n",eline);
+		ERR_print_errors_fp(stderr);
+		exit(1);
+		}
+	lh_stats(conf,stdout);
+	lh_node_stats(conf,stdout);
+	lh_node_usage_stats(conf,stdout);
+
+	s=CONF_get_string(conf,NULL,"init2");
+	printf("init2=%s\n",(s == NULL)?"NULL":s);
+
+	s=CONF_get_string(conf,NULL,"cipher1");
+	printf("cipher1=%s\n",(s == NULL)?"NULL":s);
+
+	s=CONF_get_string(conf,"s_client","cipher1");
+	printf("s_client:cipher1=%s\n",(s == NULL)?"NULL":s);
+
+	exit(0);
+	}
diff --git a/crypto/openssl/crypto/cpt_err.c b/crypto/openssl/crypto/cpt_err.c
new file mode 100644
index 000000000000..c2a2dd4af629
--- /dev/null
+++ b/crypto/openssl/crypto/cpt_err.c
@@ -0,0 +1,94 @@
+/* crypto/cpt_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file.
+ */
+
+#include 
+#include 
+#include 
+
+/* BEGIN ERROR CODES */
+#ifndef NO_ERR
+static ERR_STRING_DATA CRYPTO_str_functs[]=
+	{
+{ERR_PACK(0,CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX,0),	"CRYPTO_get_ex_new_index"},
+{ERR_PACK(0,CRYPTO_F_CRYPTO_GET_NEW_LOCKID,0),	"CRYPTO_get_new_lockid"},
+{ERR_PACK(0,CRYPTO_F_CRYPTO_SET_EX_DATA,0),	"CRYPTO_set_ex_data"},
+{0,NULL}
+	};
+
+static ERR_STRING_DATA CRYPTO_str_reasons[]=
+	{
+{0,NULL}
+	};
+
+#endif
+
+void ERR_load_CRYPTO_strings(void)
+	{
+	static int init=1;
+
+	if (init)
+		{
+		init=0;
+#ifndef NO_ERR
+		ERR_load_strings(ERR_LIB_CRYPTO,CRYPTO_str_functs);
+		ERR_load_strings(ERR_LIB_CRYPTO,CRYPTO_str_reasons);
+#endif
+
+		}
+	}
diff --git a/crypto/openssl/crypto/cryptlib.c b/crypto/openssl/crypto/cryptlib.c
new file mode 100644
index 000000000000..356c476a993d
--- /dev/null
+++ b/crypto/openssl/crypto/cryptlib.c
@@ -0,0 +1,300 @@
+/* crypto/cryptlib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include "cryptlib.h"
+#include 
+
+#if defined(WIN32) || defined(WIN16)
+static double SSLeay_MSVC5_hack=0.0; /* and for VC1.5 */
+#endif
+
+/* real #defines in crypto.h, keep these upto date */
+static const char* lock_names[CRYPTO_NUM_LOCKS] =
+	{
+	"<>",
+	"err",
+	"err_hash",
+	"x509",
+	"x509_info",
+	"x509_pkey",
+	"x509_crl",
+	"x509_req",
+	"dsa",
+	"rsa",
+	"evp_pkey",
+	"x509_store",
+	"ssl_ctx",
+	"ssl_cert",
+	"ssl_session",
+	"ssl_sess_cert",
+	"ssl",
+	"rand",
+	"debug_malloc",
+	"BIO",
+	"gethostbyname",
+	"getservbyname",
+	"readdir",
+	"RSA_blinding",
+#if CRYPTO_NUM_LOCKS != 24
+# error "Inconsistency between crypto.h and cryptlib.c"
+#endif
+	};
+
+static STACK *app_locks=NULL;
+
+static void (MS_FAR *locking_callback)(int mode,int type,
+	const char *file,int line)=NULL;
+static int (MS_FAR *add_lock_callback)(int *pointer,int amount,
+	int type,const char *file,int line)=NULL;
+static unsigned long (MS_FAR *id_callback)(void)=NULL;
+int CRYPTO_get_new_lockid(char *name)
+	{
+	char *str;
+	int i;
+
+	/* A hack to make Visual C++ 5.0 work correctly when linking as
+	 * a DLL using /MT. Without this, the application cannot use
+	 * and floating point printf's.
+	 * It also seems to be needed for Visual C 1.5 (win16) */
+#if defined(WIN32) || defined(WIN16)
+	SSLeay_MSVC5_hack=(double)name[0]*(double)name[1];
+#endif
+
+	if ((app_locks == NULL) && ((app_locks=sk_new_null()) == NULL))
+		{
+		CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_LOCKID,ERR_R_MALLOC_FAILURE);
+		return(0);
+		}
+	if ((str=BUF_strdup(name)) == NULL)
+		return(0);
+	i=sk_push(app_locks,str);
+	if (!i)
+		Free(str);
+	else
+		i+=CRYPTO_NUM_LOCKS; /* gap of one :-) */
+	return(i);
+	}
+
+int CRYPTO_num_locks(void)
+	{
+	return CRYPTO_NUM_LOCKS;
+	}
+
+void (*CRYPTO_get_locking_callback(void))(int mode,int type,const char *file,
+		int line)
+	{
+	return(locking_callback);
+	}
+
+int (*CRYPTO_get_add_lock_callback(void))(int *num,int mount,int type,
+					  const char *file,int line)
+	{
+	return(add_lock_callback);
+	}
+
+void CRYPTO_set_locking_callback(void (*func)(int mode,int type,
+					      const char *file,int line))
+	{
+	locking_callback=func;
+	}
+
+void CRYPTO_set_add_lock_callback(int (*func)(int *num,int mount,int type,
+					      const char *file,int line))
+	{
+	add_lock_callback=func;
+	}
+
+unsigned long (*CRYPTO_get_id_callback(void))(void)
+	{
+	return(id_callback);
+	}
+
+void CRYPTO_set_id_callback(unsigned long (*func)(void))
+	{
+	id_callback=func;
+	}
+
+unsigned long CRYPTO_thread_id(void)
+	{
+	unsigned long ret=0;
+
+	if (id_callback == NULL)
+		{
+#ifdef WIN16
+		ret=(unsigned long)GetCurrentTask();
+#elif defined(WIN32)
+		ret=(unsigned long)GetCurrentThreadId();
+#elif defined(MSDOS)
+		ret=1L;
+#else
+		ret=(unsigned long)getpid();
+#endif
+		}
+	else
+		ret=id_callback();
+	return(ret);
+	}
+
+void CRYPTO_lock(int mode, int type, const char *file, int line)
+	{
+#ifdef LOCK_DEBUG
+		{
+		char *rw_text,*operation_text;
+
+		if (mode & CRYPTO_LOCK)
+			operation_text="lock  ";
+		else if (mode & CRYPTO_UNLOCK)
+			operation_text="unlock";
+		else
+			operation_text="ERROR ";
+
+		if (mode & CRYPTO_READ)
+			rw_text="r";
+		else if (mode & CRYPTO_WRITE)
+			rw_text="w";
+		else
+			rw_text="ERROR";
+
+		fprintf(stderr,"lock:%08lx:(%s)%s %-18s %s:%d\n",
+			CRYPTO_thread_id(), rw_text, operation_text,
+			CRYPTO_get_lock_name(type), file, line);
+		}
+#endif
+	if (locking_callback != NULL)
+		locking_callback(mode,type,file,line);
+	}
+
+int CRYPTO_add_lock(int *pointer, int amount, int type, const char *file,
+	     int line)
+	{
+	int ret;
+
+	if (add_lock_callback != NULL)
+		{
+#ifdef LOCK_DEBUG
+		int before= *pointer;
+#endif
+
+		ret=add_lock_callback(pointer,amount,type,file,line);
+#ifdef LOCK_DEBUG
+		fprintf(stderr,"ladd:%08lx:%2d+%2d->%2d %-18s %s:%d\n",
+			CRYPTO_thread_id(),
+			before,amount,ret,
+			CRYPTO_get_lock_name(type),
+			file,line);
+#endif
+		*pointer=ret;
+		}
+	else
+		{
+		CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,file,line);
+
+		ret= *pointer+amount;
+#ifdef LOCK_DEBUG
+		fprintf(stderr,"ladd:%08lx:%2d+%2d->%2d %-18s %s:%d\n",
+			CRYPTO_thread_id(),
+			*pointer,amount,ret,
+			CRYPTO_get_lock_name(type),
+			file,line);
+#endif
+		*pointer=ret;
+		CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,file,line);
+		}
+	return(ret);
+	}
+
+const char *CRYPTO_get_lock_name(int type)
+	{
+	if (type < 0)
+		return("ERROR");
+	else if (type < CRYPTO_NUM_LOCKS)
+		return(lock_names[type]);
+	else if (type-CRYPTO_NUM_LOCKS >= sk_num(app_locks))
+		return("ERROR");
+	else
+		return(sk_value(app_locks,type-CRYPTO_NUM_LOCKS));
+	}
+
+#ifdef _DLL
+#ifdef WIN32
+
+/* All we really need to do is remove the 'error' state when a thread
+ * detaches */
+
+BOOL WINAPI DLLEntryPoint(HINSTANCE hinstDLL, DWORD fdwReason,
+	     LPVOID lpvReserved)
+	{
+	switch(fdwReason)
+		{
+	case DLL_PROCESS_ATTACH:
+		break;
+	case DLL_THREAD_ATTACH:
+		break;
+	case DLL_THREAD_DETACH:
+		ERR_remove_state(0);
+		break;
+	case DLL_PROCESS_DETACH:
+		break;
+		}
+	return(TRUE);
+	}
+#endif
+
+#endif
diff --git a/crypto/openssl/crypto/cryptlib.h b/crypto/openssl/crypto/cryptlib.h
new file mode 100644
index 000000000000..e3d38524ae9c
--- /dev/null
+++ b/crypto/openssl/crypto/cryptlib.h
@@ -0,0 +1,96 @@
+/* crypto/cryptlib.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_CRYPTLIB_H
+#define HEADER_CRYPTLIB_H
+
+#include 
+#include 
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#include "openssl/e_os.h"
+
+#include 
+#include  
+#include  
+#include 
+#include 
+
+#ifndef VMS
+#define X509_CERT_AREA		OPENSSLDIR
+#define X509_CERT_DIR		OPENSSLDIR "/certs"
+#define X509_CERT_FILE		OPENSSLDIR "/cert.pem"
+#define X509_PRIVATE_DIR	OPENSSLDIR "/private"
+#else
+#define X509_CERT_AREA		"SSLROOT:[000000]"
+#define X509_CERT_DIR		"SSLCERTS:"
+#define X509_CERT_FILE		"SSLCERTS:cert.pem"
+#define X509_PRIVATE_DIR        "SSLPRIVATE:"
+#endif
+
+#define X509_CERT_DIR_EVP        "SSL_CERT_DIR"
+#define X509_CERT_FILE_EVP       "SSL_CERT_FILE"
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
diff --git a/crypto/openssl/crypto/crypto.h b/crypto/openssl/crypto/crypto.h
new file mode 100644
index 000000000000..8ad8c25e5a4a
--- /dev/null
+++ b/crypto/openssl/crypto/crypto.h
@@ -0,0 +1,335 @@
+/* crypto/crypto.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_CRYPTO_H
+#define HEADER_CRYPTO_H
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#ifndef NO_FP_API
+#include 
+#endif
+
+#include 
+#include 
+
+#ifdef CHARSET_EBCDIC
+#include 
+#endif
+
+/* Backward compatibility to SSLeay */
+/* This is more to be used to check the correct DLL is being used
+ * in the MS world. */
+#define SSLEAY_VERSION_NUMBER	OPENSSL_VERSION_NUMBER
+#define SSLEAY_VERSION		0
+/* #define SSLEAY_OPTIONS	1 no longer supported */
+#define SSLEAY_CFLAGS		2
+#define SSLEAY_BUILT_ON		3
+#define SSLEAY_PLATFORM		4
+
+/* When changing the CRYPTO_LOCK_* list, be sure to maintin the text lock
+ * names in cryptlib.c
+ */
+
+#define	CRYPTO_LOCK_ERR			1
+#define	CRYPTO_LOCK_ERR_HASH		2
+#define	CRYPTO_LOCK_X509		3
+#define	CRYPTO_LOCK_X509_INFO		4
+#define	CRYPTO_LOCK_X509_PKEY		5
+#define CRYPTO_LOCK_X509_CRL		6
+#define CRYPTO_LOCK_X509_REQ		7
+#define CRYPTO_LOCK_DSA			8
+#define CRYPTO_LOCK_RSA			9
+#define CRYPTO_LOCK_EVP_PKEY		10
+#define	CRYPTO_LOCK_X509_STORE		11
+#define	CRYPTO_LOCK_SSL_CTX		12
+#define	CRYPTO_LOCK_SSL_CERT		13
+#define	CRYPTO_LOCK_SSL_SESSION		14
+#define	CRYPTO_LOCK_SSL_SESS_CERT	15
+#define	CRYPTO_LOCK_SSL			16
+#define	CRYPTO_LOCK_RAND		17
+#define	CRYPTO_LOCK_MALLOC		18
+#define	CRYPTO_LOCK_BIO			19
+#define	CRYPTO_LOCK_GETHOSTBYNAME	20
+#define	CRYPTO_LOCK_GETSERVBYNAME	21
+#define	CRYPTO_LOCK_READDIR		22
+#define	CRYPTO_LOCK_RSA_BLINDING	23
+#define	CRYPTO_NUM_LOCKS		24
+
+#define CRYPTO_LOCK		1
+#define CRYPTO_UNLOCK		2
+#define CRYPTO_READ		4
+#define CRYPTO_WRITE		8
+
+#ifndef NO_LOCKING
+#ifndef CRYPTO_w_lock
+#define CRYPTO_w_lock(type)	\
+	CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
+#define CRYPTO_w_unlock(type)	\
+	CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
+#define CRYPTO_r_lock(type)	\
+	CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__)
+#define CRYPTO_r_unlock(type)	\
+	CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__)
+#define CRYPTO_add(addr,amount,type)	\
+	CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__)
+#endif
+#else
+#define CRYPTO_w_lock(a)
+#define	CRYPTO_w_unlock(a)
+#define CRYPTO_r_lock(a)
+#define CRYPTO_r_unlock(a)
+#define CRYPTO_add(a,b,c)	((*(a))+=(b))
+#endif
+
+/* The following can be used to detect memory leaks in the SSLeay library.
+ * It used, it turns on malloc checking */
+
+#define CRYPTO_MEM_CHECK_OFF	0x0	/* an enume */
+#define CRYPTO_MEM_CHECK_ON	0x1	/* a bit */
+#define CRYPTO_MEM_CHECK_ENABLE	0x2	/* a bit */
+#define CRYPTO_MEM_CHECK_DISABLE 0x3	/* an enume */
+
+/*
+typedef struct crypto_mem_st
+	{
+	char *(*malloc_func)();
+	char *(*realloc_func)();
+	void (*free_func)();
+	} CRYPTO_MEM_FUNC;
+*/
+
+/* predec of the BIO type */
+typedef struct bio_st BIO_dummy;
+
+typedef struct crypto_ex_data_st
+	{
+	STACK *sk;
+	int dummy; /* gcc is screwing up this data structure :-( */
+	} CRYPTO_EX_DATA;
+
+/* This stuff is basically class callback functions
+ * The current classes are SSL_CTX, SSL, SSL_SESION, and a few more */
+typedef struct crypto_ex_data_func_st
+	{
+	long argl;	/* Arbitary long */
+	char *argp;	/* Arbitary char * */
+	/* Called when a new object is created */
+	int (*new_func)(/*char *obj,
+			char *item,int index,long argl,char *argp*/);
+	/* Called when this object is free()ed */
+	void (*free_func)(/*char *obj,
+			char *item,int index,long argl,char *argp*/);
+
+	/* Called when we need to dup this one */
+	int (*dup_func)(/*char *obj_to,char *obj_from,
+			char **new,int index,long argl,char *argp*/);
+	} CRYPTO_EX_DATA_FUNCS;
+
+/* Per class, we have a STACK of CRYPTO_EX_DATA_FUNCS for each CRYPTO_EX_DATA
+ * entry.
+ */
+
+#define CRYPTO_EX_INDEX_BIO		0
+#define CRYPTO_EX_INDEX_SSL		1
+#define CRYPTO_EX_INDEX_SSL_CTX		2
+#define CRYPTO_EX_INDEX_SSL_SESSION	3
+#define CRYPTO_EX_INDEX_X509_STORE	4
+#define CRYPTO_EX_INDEX_X509_STORE_CTX	5
+
+/* Use this for win32 DLL's */
+#define CRYPTO_malloc_init()	CRYPTO_set_mem_functions(\
+	(char *(*)())malloc,\
+	(char *(*)())realloc,\
+	(void (*)())free)
+
+#ifdef CRYPTO_MDEBUG_ALL
+# ifndef CRYPTO_MDEBUG_TIME
+#  define CRYPTO_MDEBUG_TIME
+# endif
+# ifndef CRYPTO_MDEBUG_THREAD
+#  define CRYPTO_MDEBUG_THREAD
+# endif
+#endif
+
+#if defined CRYPTO_MDEBUG_TIME || defined CRYPTO_MDEBUG_THREAD
+# ifndef CRYPTO_MDEBUG /* avoid duplicate #define */
+#  define CRYPTO_MDEBUG
+# endif
+#endif
+
+#ifdef CRYPTO_MDEBUG
+#define MemCheck_start() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON)
+#define MemCheck_stop()	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_OFF)
+#define MemCheck_on()	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE)
+#define MemCheck_off()	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE)
+#define Malloc(num)	CRYPTO_dbg_malloc((int)num,__FILE__,__LINE__)
+#define Realloc(addr,num) \
+	CRYPTO_dbg_realloc((char *)addr,(int)num,__FILE__,__LINE__)
+#define Remalloc(addr,num) \
+	CRYPTO_dbg_remalloc((char **)addr,(int)num,__FILE__,__LINE__)
+#define FreeFunc	CRYPTO_dbg_free
+#define Free(addr)	CRYPTO_dbg_free(addr)
+#define Malloc_locked(num) CRYPTO_malloc_locked((int)num)
+#define Free_locked(addr) CRYPTO_free_locked(addr)
+#else
+#define MemCheck_start()
+#define MemCheck_stop()
+#define MemCheck_on()
+#define MemCheck_off()
+#define Remalloc	CRYPTO_remalloc
+#if defined(WIN32) || defined(MFUNC)
+#define Malloc		CRYPTO_malloc
+#define Realloc(a,n)	CRYPTO_realloc(a,(n))
+#define FreeFunc	CRYPTO_free
+#define Free(addr)	CRYPTO_free(addr)
+#define Malloc_locked	CRYPTO_malloc_locked
+#define Free_locked(addr) CRYPTO_free_locked(addr)
+#else
+#define Malloc		malloc
+#define Realloc		realloc
+#define FreeFunc	free
+#define Free(addr)	free(addr)
+#define Malloc_locked	malloc
+#define Free_locked(addr) free(addr)
+#endif /* WIN32 || MFUNC */
+#endif /* MDEBUG */
+
+/* Case insensiteve linking causes problems.... */
+#if defined(WIN16) || defined(VMS)
+#define ERR_load_CRYPTO_strings	ERR_load_CRYPTOlib_strings
+#endif
+
+
+const char *SSLeay_version(int type);
+unsigned long SSLeay(void);
+
+int CRYPTO_get_ex_new_index(int idx,STACK **sk,long argl,char *argp,
+	int (*new_func)(),int (*dup_func)(),void (*free_func)());
+int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad,int idx,char *val);
+char *CRYPTO_get_ex_data(CRYPTO_EX_DATA *ad,int idx);
+int CRYPTO_dup_ex_data(STACK *meth,CRYPTO_EX_DATA *from,CRYPTO_EX_DATA *to);
+void CRYPTO_free_ex_data(STACK *meth,char *obj,CRYPTO_EX_DATA *ad);
+void CRYPTO_new_ex_data(STACK *meth, char *obj, CRYPTO_EX_DATA *ad);
+
+int CRYPTO_mem_ctrl(int mode);
+int CRYPTO_get_new_lockid(char *name);
+
+int CRYPTO_num_locks(void); /* return CRYPTO_NUM_LOCKS (shared libs!) */
+void CRYPTO_lock(int mode, int type,const char *file,int line);
+void CRYPTO_set_locking_callback(void (*func)(int mode,int type,
+					      const char *file,int line));
+void (*CRYPTO_get_locking_callback(void))(int mode,int type,const char *file,
+		int line);
+void CRYPTO_set_add_lock_callback(int (*func)(int *num,int mount,int type,
+					      const char *file, int line));
+int (*CRYPTO_get_add_lock_callback(void))(int *num,int mount,int type,
+					  const char *file,int line);
+void CRYPTO_set_id_callback(unsigned long (*func)(void));
+unsigned long (*CRYPTO_get_id_callback(void))(void);
+unsigned long CRYPTO_thread_id(void);
+const char *CRYPTO_get_lock_name(int type);
+int CRYPTO_add_lock(int *pointer,int amount,int type, const char *file,
+		    int line);
+
+void CRYPTO_set_mem_functions(char *(*m)(),char *(*r)(), void (*free_func)());
+void CRYPTO_get_mem_functions(char *(**m)(),char *(**r)(), void (**f)());
+void CRYPTO_set_locked_mem_functions(char *(*m)(), void (*free_func)());
+void CRYPTO_get_locked_mem_functions(char *(**m)(), void (**f)());
+
+void *CRYPTO_malloc_locked(int num);
+void CRYPTO_free_locked(void *);
+void *CRYPTO_malloc(int num);
+void CRYPTO_free(void *);
+void *CRYPTO_realloc(void *addr,int num);
+void *CRYPTO_remalloc(void *addr,int num);
+
+void *CRYPTO_dbg_malloc(int num,const char *file,int line);
+void *CRYPTO_dbg_realloc(void *addr,int num,const char *file,int line);
+void CRYPTO_dbg_free(void *);
+void *CRYPTO_dbg_remalloc(void *addr,int num,const char *file,int line);
+#ifndef NO_FP_API
+void CRYPTO_mem_leaks_fp(FILE *);
+#endif
+void CRYPTO_mem_leaks(struct bio_st *bio);
+/* unsigned long order, char *file, int line, int num_bytes, char *addr */
+void CRYPTO_mem_leaks_cb(void (*cb)());
+
+void ERR_load_CRYPTO_strings(void );
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+
+/* Error codes for the CRYPTO functions. */
+
+/* Function codes. */
+#define CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX		 100
+#define CRYPTO_F_CRYPTO_GET_NEW_LOCKID			 101
+#define CRYPTO_F_CRYPTO_SET_EX_DATA			 102
+
+/* Reason codes. */
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
+
diff --git a/crypto/openssl/crypto/cversion.c b/crypto/openssl/crypto/cversion.c
new file mode 100644
index 000000000000..297f8843f585
--- /dev/null
+++ b/crypto/openssl/crypto/cversion.c
@@ -0,0 +1,110 @@
+/* crypto/cversion.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include "cryptlib.h"
+#include 
+
+#include "buildinf.h"
+
+const char *SSLeay_version(int t)
+	{
+	if (t == SSLEAY_VERSION)
+		return OPENSSL_VERSION_TEXT;
+	if (t == SSLEAY_BUILT_ON)
+		{
+#ifdef DATE
+		static char buf[sizeof(DATE)+11];
+
+		sprintf(buf,"built on: %s",DATE);
+		return(buf);
+#else
+		return("built on: date not available");
+#endif
+		}
+	if (t == SSLEAY_CFLAGS)
+		{
+#ifdef CFLAGS
+		static char buf[sizeof(CFLAGS)+11];
+
+		sprintf(buf,"compiler: %s",CFLAGS);
+		return(buf);
+#else
+		return("compiler: information not available");
+#endif
+		}
+	if (t == SSLEAY_PLATFORM)
+		{
+#ifdef PLATFORM
+		static char buf[sizeof(PLATFORM)+11];
+
+		sprintf(buf,"platform: %s", PLATFORM);
+		return(buf);
+#else
+		return("platform: information not available");
+#endif
+		}
+	return("not available");
+	}
+
+unsigned long SSLeay(void)
+	{
+	return(SSLEAY_VERSION_NUMBER);
+	}
+
diff --git a/crypto/openssl/crypto/des/COPYRIGHT b/crypto/openssl/crypto/des/COPYRIGHT
new file mode 100644
index 000000000000..5469e1e46996
--- /dev/null
+++ b/crypto/openssl/crypto/des/COPYRIGHT
@@ -0,0 +1,50 @@
+Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+All rights reserved.
+
+This package is an DES implementation written by Eric Young (eay@cryptsoft.com).
+The implementation was written so as to conform with MIT's libdes.
+
+This library is free for commercial and non-commercial use as long as
+the following conditions are aheared to.  The following conditions
+apply to all code found in this distribution.
+
+Copyright remains Eric Young's, and as such any Copyright notices in
+the code are not to be removed.
+If this package is used in a product, Eric Young should be given attribution
+as the author of that the SSL library.  This can be in the form of a textual
+message at program startup or in documentation (online or textual) provided
+with the package.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+1. Redistributions of source code must retain the copyright
+   notice, this list of conditions and the following disclaimer.
+2. Redistributions in binary form must reproduce the above copyright
+   notice, this list of conditions and the following disclaimer in the
+   documentation and/or other materials provided with the distribution.
+3. All advertising materials mentioning features or use of this software
+   must display the following acknowledgement:
+   This product includes software developed by Eric Young (eay@cryptsoft.com)
+
+THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGE.
+
+The license and distribution terms for any publically available version or
+derivative of this code cannot be changed.  i.e. this code cannot simply be
+copied and put under another distrubution license
+[including the GNU Public License.]
+
+The reason behind this being stated in this direct manner is past
+experience in code simply being copied and the attribution removed
+from it and then being distributed as part of other packages. This
+implementation was a non-trivial and unpaid effort.
diff --git a/crypto/openssl/crypto/des/DES.pm b/crypto/openssl/crypto/des/DES.pm
new file mode 100644
index 000000000000..6a175b6ca4b0
--- /dev/null
+++ b/crypto/openssl/crypto/des/DES.pm
@@ -0,0 +1,19 @@
+package DES;
+
+require Exporter;
+require DynaLoader;
+@ISA = qw(Exporter DynaLoader);
+# Items to export into callers namespace by default
+# (move infrequently used names to @EXPORT_OK below)
+@EXPORT = qw(
+);
+# Other items we are prepared to export if requested
+@EXPORT_OK = qw(
+crypt
+);
+
+# Preloaded methods go here.  Autoload methods go after __END__, and are
+# processed by the autosplit program.
+bootstrap DES;
+1;
+__END__
diff --git a/crypto/openssl/crypto/des/DES.pod b/crypto/openssl/crypto/des/DES.pod
new file mode 100644
index 000000000000..8a739e7ca0d0
--- /dev/null
+++ b/crypto/openssl/crypto/des/DES.pod
@@ -0,0 +1,16 @@
+crypt	<= 	crypt(buf,salt)
+key	<=	set_odd_parity(key)
+int	<=	is_weak_key(key)
+keysched<=	set_key(key)
+key	<=	ecb_encrypt(string8,ks,enc)
+key	<=	ecb3_encrypt(input,ks1,ks2,enc)
+string	<=	cbc_encrypt(input,ks,ivec,enc)			=> ivec 
+string	<=	cbc3_encrypt(input,ks1,ks2,ivec1,ivec2,enc)	=> ivec1&ivec2 
+ck1,ck2	<=	cbc_cksum(input,ks,ivec)			=> ivec
+string	<=	pcbc_encrypt(input,ks,ivec,enc)			=> ivec 
+string	<=	ofb_encrypt(input,numbits,ks,ivec)		=> ivec
+string	<=	cfb_encrypt(input,numbits,ks,ivec,enc)		=> ivec
+key	<=	random_key()
+key	<=	string_to_key(string)
+key1,key2<=	string_to_2keys(string)
+
diff --git a/crypto/openssl/crypto/des/DES.xs b/crypto/openssl/crypto/des/DES.xs
new file mode 100644
index 000000000000..b8050b9edf8d
--- /dev/null
+++ b/crypto/openssl/crypto/des/DES.xs
@@ -0,0 +1,268 @@
+#include "EXTERN.h"
+#include "perl.h"
+#include "XSUB.h"
+#include "des.h"
+
+#define deschar	char
+static STRLEN len;
+
+static int
+not_here(s)
+char *s;
+{
+    croak("%s not implemented on this architecture", s);
+    return -1;
+}
+
+MODULE = DES	PACKAGE = DES	PREFIX = des_
+
+char *
+des_crypt(buf,salt)
+	char *	buf
+	char *	salt
+
+void
+des_set_odd_parity(key)
+	des_cblock *	key
+PPCODE:
+	{
+	SV *s;
+
+	s=sv_newmortal();
+	sv_setpvn(s,(char *)key,8);
+	des_set_odd_parity((des_cblock *)SvPV(s,na));
+	PUSHs(s);
+	}
+
+int
+des_is_weak_key(key)
+	des_cblock *	key
+
+des_key_schedule
+des_set_key(key)
+	des_cblock *	key
+CODE:
+	des_set_key(key,RETVAL);
+OUTPUT:
+RETVAL
+
+des_cblock
+des_ecb_encrypt(input,ks,encrypt)
+	des_cblock *	input
+	des_key_schedule *	ks
+	int	encrypt
+CODE:
+	des_ecb_encrypt(input,&RETVAL,*ks,encrypt);
+OUTPUT:
+RETVAL
+
+void
+des_cbc_encrypt(input,ks,ivec,encrypt)
+	char *	input
+	des_key_schedule *	ks
+	des_cblock *	ivec
+	int	encrypt
+PPCODE:
+	{
+	SV *s;
+	STRLEN len,l;
+	char *c;
+
+	l=SvCUR(ST(0));
+	len=((((unsigned long)l)+7)/8)*8;
+	s=sv_newmortal();
+	sv_setpvn(s,"",0);
+	SvGROW(s,len);
+	SvCUR_set(s,len);
+	c=(char *)SvPV(s,na);
+	des_cbc_encrypt((des_cblock *)input,(des_cblock *)c,
+		l,*ks,ivec,encrypt);
+	sv_setpvn(ST(2),(char *)c[len-8],8);
+	PUSHs(s);
+	}
+
+void
+des_cbc3_encrypt(input,ks1,ks2,ivec1,ivec2,encrypt)
+	char *	input
+	des_key_schedule *	ks1
+	des_key_schedule *	ks2
+	des_cblock *	ivec1
+	des_cblock *	ivec2
+	int	encrypt
+PPCODE:
+	{
+	SV *s;
+	STRLEN len,l;
+
+	l=SvCUR(ST(0));
+	len=((((unsigned long)l)+7)/8)*8;
+	s=sv_newmortal();
+	sv_setpvn(s,"",0);
+	SvGROW(s,len);
+	SvCUR_set(s,len);
+	des_3cbc_encrypt((des_cblock *)input,(des_cblock *)SvPV(s,na),
+		l,*ks1,*ks2,ivec1,ivec2,encrypt);
+	sv_setpvn(ST(3),(char *)ivec1,8);
+	sv_setpvn(ST(4),(char *)ivec2,8);
+	PUSHs(s);
+	}
+
+void
+des_cbc_cksum(input,ks,ivec)
+	char *	input
+	des_key_schedule *	ks
+	des_cblock *	ivec
+PPCODE:
+	{
+	SV *s1,*s2;
+	STRLEN len,l;
+	des_cblock c;
+	unsigned long i1,i2;
+
+	s1=sv_newmortal();
+	s2=sv_newmortal();
+	l=SvCUR(ST(0));
+	des_cbc_cksum((des_cblock *)input,(des_cblock *)c,
+		l,*ks,ivec);
+	i1=c[4]|(c[5]<<8)|(c[6]<<16)|(c[7]<<24);
+	i2=c[0]|(c[1]<<8)|(c[2]<<16)|(c[3]<<24);
+	sv_setiv(s1,i1);
+	sv_setiv(s2,i2);
+	sv_setpvn(ST(2),(char *)c,8);
+	PUSHs(s1);
+	PUSHs(s2);
+	}
+
+void
+des_cfb_encrypt(input,numbits,ks,ivec,encrypt)
+	char *	input
+	int	numbits
+	des_key_schedule *	ks
+	des_cblock *	ivec
+	int	encrypt
+PPCODE:
+	{
+	SV *s;
+	STRLEN len;
+	char *c;
+
+	len=SvCUR(ST(0));
+	s=sv_newmortal();
+	sv_setpvn(s,"",0);
+	SvGROW(s,len);
+	SvCUR_set(s,len);
+	c=(char *)SvPV(s,na);
+	des_cfb_encrypt((unsigned char *)input,(unsigned char *)c,
+		(int)numbits,(long)len,*ks,ivec,encrypt);
+	sv_setpvn(ST(3),(char *)ivec,8);
+	PUSHs(s);
+	}
+
+des_cblock *
+des_ecb3_encrypt(input,ks1,ks2,encrypt)
+	des_cblock *	input
+	des_key_schedule *	ks1
+	des_key_schedule *	ks2
+	int	encrypt
+CODE:
+	{
+	des_cblock c;
+
+	des_ecb3_encrypt((des_cblock *)input,(des_cblock *)&c,
+		*ks1,*ks2,encrypt);
+	RETVAL= &c;
+	}
+OUTPUT:
+RETVAL
+
+void
+des_ofb_encrypt(input,numbits,ks,ivec)
+	unsigned char *	input
+	int	numbits
+	des_key_schedule *	ks
+	des_cblock *	ivec
+PPCODE:
+	{
+	SV *s;
+	STRLEN len,l;
+	unsigned char *c;
+
+	len=SvCUR(ST(0));
+	s=sv_newmortal();
+	sv_setpvn(s,"",0);
+	SvGROW(s,len);
+	SvCUR_set(s,len);
+	c=(unsigned char *)SvPV(s,na);
+	des_ofb_encrypt((unsigned char *)input,(unsigned char *)c,
+		numbits,len,*ks,ivec);
+	sv_setpvn(ST(3),(char *)ivec,8);
+	PUSHs(s);
+	}
+
+void
+des_pcbc_encrypt(input,ks,ivec,encrypt)
+	char *	input
+	des_key_schedule *	ks
+	des_cblock *	ivec
+	int	encrypt
+PPCODE:
+	{
+	SV *s;
+	STRLEN len,l;
+	char *c;
+
+	l=SvCUR(ST(0));
+	len=((((unsigned long)l)+7)/8)*8;
+	s=sv_newmortal();
+	sv_setpvn(s,"",0);
+	SvGROW(s,len);
+	SvCUR_set(s,len);
+	c=(char *)SvPV(s,na);
+	des_pcbc_encrypt((des_cblock *)input,(des_cblock *)c,
+		l,*ks,ivec,encrypt);
+	sv_setpvn(ST(2),(char *)c[len-8],8);
+	PUSHs(s);
+	}
+
+des_cblock *
+des_random_key()
+CODE:
+	{
+	des_cblock c;
+
+	des_random_key(c);
+	RETVAL=&c;
+	}
+OUTPUT:
+RETVAL
+
+des_cblock *
+des_string_to_key(str)
+char *	str
+CODE:
+	{
+	des_cblock c;
+
+	des_string_to_key(str,&c);
+	RETVAL=&c;
+	}
+OUTPUT:
+RETVAL
+
+void
+des_string_to_2keys(str)
+char *	str
+PPCODE:
+	{
+	des_cblock c1,c2;
+	SV *s1,*s2;
+
+	des_string_to_2keys(str,&c1,&c2);
+	EXTEND(sp,2);
+	s1=sv_newmortal();
+	sv_setpvn(s1,(char *)c1,8);
+	s2=sv_newmortal();
+	sv_setpvn(s2,(char *)c2,8);
+	PUSHs(s1);
+	PUSHs(s2);
+	}
diff --git a/crypto/openssl/crypto/des/FILES b/crypto/openssl/crypto/des/FILES
new file mode 100644
index 000000000000..4c7ea2de7a06
--- /dev/null
+++ b/crypto/openssl/crypto/des/FILES
@@ -0,0 +1,96 @@
+/* General stuff */
+COPYRIGHT	- Copyright info.
+MODES.DES	- A description of the features of the different modes of DES.
+FILES		- This file.
+INSTALL		- How to make things compile.
+Imakefile	- For use with kerberos.
+README		- What this package is.
+VERSION		- Which version this is and what was changed.
+KERBEROS	- Kerberos version 4 notes.
+Makefile.PL	- An old makefile to build with perl5, not current.
+Makefile.ssl	- The SSLeay makefile
+Makefile.uni	- The normal unix makefile.
+GNUmakefile	- The makefile for use with glibc.
+makefile.bc	- A Borland C makefile
+times		- Some outputs from 'speed' on some machines.
+vms.com		- For use when compiling under VMS
+
+/* My SunOS des(1) replacement */
+des.c		- des(1) source code.
+des.man		- des(1) manual.
+
+/* Testing and timing programs. */
+destest.c	- Source for libdes.a test program.
+speed.c		- Source for libdes.a timing program.
+rpw.c		- Source for libdes.a testing password reading routines.
+
+/* libdes.a source code */
+des_crypt.man	- libdes.a manual page.
+des.h		- Public libdes.a header file.
+ecb_enc.c	- des_ecb_encrypt() source, this contains the basic DES code.
+ecb3_enc.c	- des_ecb3_encrypt() source.
+cbc_ckm.c	- des_cbc_cksum() source.
+cbc_enc.c	- des_cbc_encrypt() source.
+ncbc_enc.c	- des_cbc_encrypt() that is 'normal' in that it copies
+		  the new iv values back in the passed iv vector.
+ede_enc.c	- des_ede3_cbc_encrypt() cbc mode des using triple DES.
+cbc3_enc.c	- des_3cbc_encrypt() source, don't use this function.
+cfb_enc.c	- des_cfb_encrypt() source.
+cfb64enc.c	- des_cfb64_encrypt() cfb in 64 bit mode but setup to be
+		  used as a stream cipher.
+cfb64ede.c	- des_ede3_cfb64_encrypt() cfb in 64 bit mode but setup to be
+		  used as a stream cipher and using triple DES.
+ofb_enc.c	- des_cfb_encrypt() source.
+ofb64_enc.c	- des_ofb_encrypt() ofb in 64 bit mode but setup to be
+		  used as a stream cipher.
+ofb64ede.c	- des_ede3_ofb64_encrypt() ofb in 64 bit mode but setup to be
+		  used as a stream cipher and using triple DES.
+enc_read.c	- des_enc_read() source.
+enc_writ.c	- des_enc_write() source.
+pcbc_enc.c	- des_pcbc_encrypt() source.
+qud_cksm.c	- quad_cksum() source.
+rand_key.c	- des_random_key() source.
+read_pwd.c	- Source for des_read_password() plus related functions.
+set_key.c	- Source for des_set_key().
+str2key.c	- Covert a string of any length into a key.
+fcrypt.c	- A small, fast version of crypt(3).
+des_locl.h	- Internal libdes.a header file.
+podd.h		- Odd parity tables - used in des_set_key().
+sk.h		- Lookup tables used in des_set_key().
+spr.h		- What is left of the S tables - used in ecb_encrypt().
+des_ver.h	- header file for the external definition of the
+		  version string.
+des.doc		- SSLeay documentation for the library.
+
+/* The perl scripts - you can ignore these files they are only
+ * included for the curious */
+des.pl		- des in perl anyone? des_set_key and des_ecb_encrypt
+		  both done in a perl library.
+testdes.pl	- Testing program for des.pl
+doIP		- Perl script used to develop IP xor/shift code.
+doPC1		- Perl script used to develop PC1 xor/shift code.
+doPC2		- Generates sk.h.
+PC1		- Output of doPC1 should be the same as output from PC1.
+PC2		- used in development of doPC2.
+shifts.pl	- Perl library used by my perl scripts.
+
+/* I started making a perl5 dynamic library for libdes
+ * but did not fully finish, these files are part of that effort. */
+DES.pm
+DES.pod
+DES.xs
+t
+typemap
+
+/* The following are for use with sun RPC implementaions. */
+rpc_des.h
+rpc_enc.c
+
+/* The following are contibuted by Mark Murray .  They
+ * are not normally built into libdes due to machine specific routines
+ * contained in them.  They are for use in the most recent incarnation of
+ * export kerberos v 4 (eBones). */
+supp.c
+new_rkey.c
+
+
diff --git a/crypto/openssl/crypto/des/INSTALL b/crypto/openssl/crypto/des/INSTALL
new file mode 100644
index 000000000000..32457d775ca6
--- /dev/null
+++ b/crypto/openssl/crypto/des/INSTALL
@@ -0,0 +1,69 @@
+Check the CC and CFLAGS lines in the makefile
+
+If your C library does not support the times(3) function, change the
+#define TIMES to
+#undef TIMES in speed.c
+If it does, check the HZ value for the times(3) function.
+If your system does not define CLK_TCK it will be assumed to
+be 100.0.
+
+If possible use gcc v 2.7.?
+Turn on the maximum optimising (normally '-O3 -fomit-frame-pointer' for gcc)
+In recent times, some system compilers give better performace.
+
+type 'make'
+
+run './destest' to check things are ok.
+run './rpw' to check the tty code for reading passwords works.
+run './speed' to see how fast those optimisations make the library run :-)
+run './des_opts' to determin the best compile time options.
+
+The output from des_opts should be put in the makefile options and des_enc.c
+should be rebuilt.  For 64 bit computers, do not use the DES_PTR option.
+For the DEC Alpha, edit des.h and change DES_LONG to 'unsigned int'
+and then you can use the 'DES_PTR' option.
+
+The file options.txt has the options listed for best speed on quite a
+few systems.  Look and the options (UNROLL, PTR, RISC2 etc) and then
+turn on the relevent option in the Makefile
+
+There are some special Makefile targets that make life easier.
+make cc		- standard cc build
+make gcc	- standard gcc build
+make x86-elf	- x86 assembler (elf), linux-elf.
+make x86-out	- x86 assembler (a.out), FreeBSD
+make x86-solaris- x86 assembler
+make x86-bsdi	- x86 assembler (a.out with primative assembler).
+
+If at all possible use the assembler (for Windows NT/95, use
+asm/win32.obj to link with).  The x86 assembler is very very fast.
+
+A make install will by default install
+libdes.a      in /usr/local/lib/libdes.a
+des           in /usr/local/bin/des
+des_crypt.man in /usr/local/man/man3/des_crypt.3
+des.man       in /usr/local/man/man1/des.1
+des.h         in /usr/include/des.h
+
+des(1) should be compatible with sunOS's but I have been unable to
+test it.
+
+These routines should compile on MSDOS, most 32bit and 64bit version
+of Unix (BSD and SYSV) and VMS, without modification.
+The only problems should be #include files that are in the wrong places.
+
+These routines can be compiled under MSDOS.
+I have successfully encrypted files using des(1) under MSDOS and then
+decrypted the files on a SparcStation.
+I have been able to compile and test the routines with
+Microsoft C v 5.1 and Turbo C v 2.0.
+The code in this library is in no way optimised for the 16bit
+operation of MSDOS.
+
+When building for glibc, ignore all of the above and just unpack into
+glibc-1.??/des and then gmake as per normal.
+
+As a final note on performace.  Certain CPUs like sparcs and Alpha often give
+a %10 speed difference depending on the link order.  It is rather anoying
+when one program reports 'x' DES encrypts a second and another reports
+'x*0.9' the speed.
diff --git a/crypto/openssl/crypto/des/Imakefile b/crypto/openssl/crypto/des/Imakefile
new file mode 100644
index 000000000000..1b9b5629e15d
--- /dev/null
+++ b/crypto/openssl/crypto/des/Imakefile
@@ -0,0 +1,35 @@
+# This Imakefile has not been tested for a while but it should still
+# work when placed in the correct directory in the kerberos v 4 distribution
+
+SRCS=   cbc_cksm.c cbc_enc.c ecb_enc.c pcbc_enc.c \
+        qud_cksm.c rand_key.c read_pwd.c set_key.c str2key.c \
+        enc_read.c enc_writ.c fcrypt.c cfb_enc.c \
+	ecb3_enc.c ofb_enc.c ofb64enc.c
+
+OBJS=   cbc_cksm.o cbc_enc.o ecb_enc.o pcbc_enc.o \
+	qud_cksm.o rand_key.o read_pwd.o set_key.o str2key.o \
+	enc_read.o enc_writ.o fcrypt.o cfb_enc.o \
+	ecb3_enc.o ofb_enc.o ofb64enc.o
+
+GENERAL=COPYRIGHT FILES INSTALL Imakefile README VERSION makefile times \
+	vms.com KERBEROS
+DES=    des.c des.man
+TESTING=destest.c speed.c rpw.c
+LIBDES= des_crypt.man des.h des_locl.h podd.h sk.h spr.h
+
+PERL=   des.pl testdes.pl doIP doPC1 doPC2 PC1 PC2 shifts.pl
+
+CODE=    $(GENERAL) $(DES) $(TESTING) $(SRCS) $(LIBDES) $(PERL)
+
+SRCDIR=$(SRCTOP)/lib/des
+
+DBG= -O
+INCLUDE= -I$(SRCDIR)
+CC= cc
+
+library_obj_rule()
+
+install_library_target(des,$(OBJS),$(SRCS),)
+
+test(destest,libdes.a,)
+test(rpw,libdes.a,)
diff --git a/crypto/openssl/crypto/des/KERBEROS b/crypto/openssl/crypto/des/KERBEROS
new file mode 100644
index 000000000000..f401b10014ff
--- /dev/null
+++ b/crypto/openssl/crypto/des/KERBEROS
@@ -0,0 +1,41 @@
+ [ This is an old file, I don't know if it is true anymore
+   but I will leave the file here - eay 21/11/95 ]
+
+To use this library with Bones (kerberos without DES):
+1) Get my modified Bones - eBones.  It can be found on
+   gondwana.ecr.mu.oz.au (128.250.1.63) /pub/athena/eBones-p9.tar.Z
+   and
+   nic.funet.fi (128.214.6.100) /pub/unix/security/Kerberos/eBones-p9.tar.Z
+
+2) Unpack this library in src/lib/des, makeing sure it is version
+   3.00 or greater (libdes.tar.93-10-07.Z).  This versions differences
+   from the version in comp.sources.misc volume 29 patchlevel2.
+   The primarily difference is that it should compile under kerberos :-).
+   It can be found at.
+   ftp.psy.uq.oz.au (130.102.32.1) /pub/DES/libdes.tar.93-10-07.Z
+
+Now do a normal kerberos build and things should work.
+
+One problem I found when I was build on my local sun.
+---
+For sunOS 4.1.1 apply the following patch to src/util/ss/make_commands.c
+
+*** make_commands.c.orig	Fri Jul  3 04:18:35 1987
+--- make_commands.c	Wed May 20 08:47:42 1992
+***************
+*** 98,104 ****
+       if (!rename(o_file, z_file)) {
+  	  if (!vfork()) {
+  	       chdir("/tmp");
+! 	       execl("/bin/ld", "ld", "-o", o_file+5, "-s", "-r", "-n",
+  		     z_file+5, 0);
+  	       perror("/bin/ld");
+  	       _exit(1);
+--- 98,104 ----
+       if (!rename(o_file, z_file)) {
+  	  if (!vfork()) {
+  	       chdir("/tmp");
+! 	       execl("/bin/ld", "ld", "-o", o_file+5, "-s", "-r",
+  		     z_file+5, 0);
+  	       perror("/bin/ld");
+  	       _exit(1);
diff --git a/crypto/openssl/crypto/des/MODES.DES b/crypto/openssl/crypto/des/MODES.DES
new file mode 100644
index 000000000000..0cbc44f51d28
--- /dev/null
+++ b/crypto/openssl/crypto/des/MODES.DES
@@ -0,0 +1,84 @@
+Modes of DES
+Quite a bit of the following information has been taken from
+	AS 2805.5.2
+	Australian Standard
+	Electronic funds transfer - Requirements for interfaces,
+	Part 5.2: Modes of operation for an n-bit block cipher algorithm
+	Appendix A
+
+There are several different modes in which DES can be used, they are
+as follows.
+
+Electronic Codebook Mode (ECB) (des_ecb_encrypt())
+- 64 bits are enciphered at a time.
+- The order of the blocks can be rearranged without detection.
+- The same plaintext block always produces the same ciphertext block
+  (for the same key) making it vulnerable to a 'dictionary attack'.
+- An error will only affect one ciphertext block.
+
+Cipher Block Chaining Mode (CBC) (des_cbc_encrypt())
+- a multiple of 64 bits are enciphered at a time.
+- The CBC mode produces the same ciphertext whenever the same
+  plaintext is encrypted using the same key and starting variable.
+- The chaining operation makes the ciphertext blocks dependent on the
+  current and all preceding plaintext blocks and therefore blocks can not
+  be rearranged.
+- The use of different starting variables prevents the same plaintext
+  enciphering to the same ciphertext.
+- An error will affect the current and the following ciphertext blocks.
+
+Cipher Feedback Mode (CFB) (des_cfb_encrypt())
+- a number of bits (j) <= 64 are enciphered at a time.
+- The CFB mode produces the same ciphertext whenever the same
+  plaintext is encrypted using the same key and starting variable.
+- The chaining operation makes the ciphertext variables dependent on the
+  current and all preceding variables and therefore j-bit variables are
+  chained together and con not be rearranged.
+- The use of different starting variables prevents the same plaintext
+  enciphering to the same ciphertext.
+- The strength of the CFB mode depends on the size of k (maximal if
+  j == k).  In my implementation this is always the case.
+- Selection of a small value for j will require more cycles through
+  the encipherment algorithm per unit of plaintext and thus cause
+  greater processing overheads.
+- Only multiples of j bits can be enciphered.
+- An error will affect the current and the following ciphertext variables.
+
+Output Feedback Mode (OFB) (des_ofb_encrypt())
+- a number of bits (j) <= 64 are enciphered at a time.
+- The OFB mode produces the same ciphertext whenever the same
+  plaintext enciphered using the same key and starting variable.  More
+  over, in the OFB mode the same key stream is produced when the same
+  key and start variable are used.  Consequently, for security reasons
+  a specific start variable should be used only once for a given key.
+- The absence of chaining makes the OFB more vulnerable to specific attacks.
+- The use of different start variables values prevents the same
+  plaintext enciphering to the same ciphertext, by producing different
+  key streams.
+- Selection of a small value for j will require more cycles through
+  the encipherment algorithm per unit of plaintext and thus cause
+  greater processing overheads.
+- Only multiples of j bits can be enciphered.
+- OFB mode of operation does not extend ciphertext errors in the
+  resultant plaintext output.  Every bit error in the ciphertext causes
+  only one bit to be in error in the deciphered plaintext.
+- OFB mode is not self-synchronising.  If the two operation of
+  encipherment and decipherment get out of synchronism, the system needs
+  to be re-initialised.
+- Each re-initialisation should use a value of the start variable
+different from the start variable values used before with the same
+key.  The reason for this is that an identical bit stream would be
+produced each time from the same parameters.  This would be
+susceptible to a 'known plaintext' attack.
+
+Triple ECB Mode (des_ecb3_encrypt())
+- Encrypt with key1, decrypt with key2 and encrypt with key1 again.
+- As for ECB encryption but increases the effective key length to 112 bits.
+- If both keys are the same it is equivalent to encrypting once with
+  just one key.
+
+Triple CBC Mode (des_3cbc_encrypt())
+- Encrypt with key1, decrypt with key2 and encrypt with key1 again.
+- As for CBC encryption but increases the effective key length to 112 bits.
+- If both keys are the same it is equivalent to encrypting once with
+  just one key.
diff --git a/crypto/openssl/crypto/des/Makefile.PL b/crypto/openssl/crypto/des/Makefile.PL
new file mode 100644
index 000000000000..b54a24387cbc
--- /dev/null
+++ b/crypto/openssl/crypto/des/Makefile.PL
@@ -0,0 +1,14 @@
+use ExtUtils::MakeMaker;
+# See lib/ExtUtils/MakeMaker.pm for details of how to influence
+# the contents of the Makefile being created.
+&writeMakefile(
+	'potential_libs' => '',   # e.g., '-lm' 
+	'INC' => '',     # e.g., '-I/usr/include/other' 
+	'DISTNAME' => 'DES',
+	'VERSION' => '0.1',
+	'DEFINE' => '-DPERL5',
+	'OBJECT' => 'DES.o cbc_cksm.o cbc_enc.o ecb_enc.o pcbc_enc.o \
+	rand_key.o set_key.o str2key.o \
+	enc_read.o enc_writ.o fcrypt.o cfb_enc.o \
+	ecb3_enc.o ofb_enc.o cbc3_enc.o des_enc.o',
+	);
diff --git a/crypto/openssl/crypto/des/Makefile.lit b/crypto/openssl/crypto/des/Makefile.lit
new file mode 100644
index 000000000000..c09f6969da65
--- /dev/null
+++ b/crypto/openssl/crypto/des/Makefile.lit
@@ -0,0 +1,250 @@
+# You must select the correct terminal control system to be used to
+# turn character echo off when reading passwords.  There a 5 systems
+# SGTTY   - the old BSD system
+# TERMIO  - most system V boxes
+# TERMIOS - SGI (ala IRIX).
+# VMS     - the DEC operating system
+# MSDOS   - we all know what it is :-)
+# read_pwd.c makes a reasonable guess at what is correct.
+
+# Targets
+# make          - twidle the options yourself :-)
+# make cc       - standard cc options
+# make gcc      - standard gcc options
+# make x86-elf  - linux-elf etc
+# make x86-out  - linux-a.out, FreeBSD etc
+# make x86-solaris
+# make x86-bdsi
+
+# If you are on a DEC Alpha, edit des.h and change the DES_LONG
+# define to 'unsigned int'.  I have seen this give a %20 speedup.
+
+OPTS0= -DLIBDES_LIT -DRAND -DTERMIO #-DNOCONST
+
+# Version 1.94 has changed the strings_to_key function so that it is
+# now compatible with MITs when the string is longer than 8 characters.
+# If you wish to keep the old version, uncomment the following line.
+# This will affect the -E/-D options on des(1).
+#OPTS1= -DOLD_STR_TO_KEY
+
+# There are 4 possible performance options
+# -DDES_PTR
+# -DDES_RISC1
+# -DDES_RISC2 (only one of DES_RISC1 and DES_RISC2)
+# -DDES_UNROLL
+# after the initial build, run 'des_opts' to see which options are best
+# for your platform.  There are some listed in options.txt
+#OPTS2= -DDES_PTR 
+#OPTS3= -DDES_RISC1 # or DES_RISC2
+#OPTS4= -DDES_UNROLL
+
+OPTS= $(OPTS0) $(OPTS1) $(OPTS2) $(OPTS3) $(OPTS4)
+
+MAKE=make -f Makefile
+#CC=cc
+#CFLAG= -O
+
+CC=gcc
+#CFLAG= -O4 -funroll-loops -fomit-frame-pointer
+CFLAG= -O3 -fomit-frame-pointer
+
+CFLAGS=$(OPTS) $(CFLAG)
+CPP=$(CC) -E
+AS=as
+
+# Assember version of des_encrypt*().
+DES_ENC=des_enc.o fcrypt_b.o		# normal C version
+#DES_ENC=asm/dx86-elf.o	asm/yx86-elf.o	# elf format x86
+#DES_ENC=asm/dx86-out.o	asm/yx86-out.o	# a.out format x86
+#DES_ENC=asm/dx86-sol.o	asm/yx86-sol.o	# solaris format x86 
+#DES_ENC=asm/dx86bsdi.o	asm/yx86basi.o	# bsdi format x86 
+
+LIBDIR=/usr/local/lib
+BINDIR=/usr/local/bin
+INCDIR=/usr/local/include
+MANDIR=/usr/local/man
+MAN1=1
+MAN3=3
+SHELL=/bin/sh
+OBJ_LIT=cbc_enc.o ecb_enc.o $(DES_ENC) fcrypt.o set_key.o
+OBJ_FULL=cbc_cksm.o $(OBJ_LIT) pcbc_enc.o \
+	xcbc_enc.o qud_cksm.o \
+	cfb64ede.o cfb64enc.o cfb_enc.o ecb3_enc.o \
+	enc_read.o enc_writ.o ofb64ede.o ofb64enc.o ofb_enc.o  \
+	rand_key.o read_pwd.o read2pwd.o rpc_enc.o  str2key.o supp.o
+
+GENERAL_LIT=COPYRIGHT INSTALL README VERSION Makefile des_crypt.man \
+	des.doc options.txt asm
+GENERAL_FULL=$(GENERAL_LIT) FILES Imakefile times vms.com KERBEROS MODES.DES \
+	des.man DES.pm DES.pod DES.xs Makefile.PL dess.cpp des3s.cpp \
+	Makefile.uni typemap t Makefile.ssl makefile.bc Makefile.lit \
+	des.org des_locl.org
+TESTING_LIT=	destest speed des_opts
+TESTING_FULL=	rpw $(TESTING_LIT)
+TESTING_SRC_LIT=destest.c speed.c des_opts.c
+TESTING_SRC_FULL=rpw.c $(TESTING_SRC_LIT)
+HEADERS_LIT=des_ver.h des.h des_locl.h podd.h sk.h spr.h
+HEADERS_FULL= $(HEADERS_LIT) rpc_des.h
+LIBDES_LIT=cbc_enc.c ecb_enc.c fcrypt.c set_key.c des_enc.c fcrypt_b.c
+LIBDES_FULL= cbc_cksm.c pcbc_enc.c qud_cksm.c \
+	cfb64ede.c cfb64enc.c cfb_enc.c ecb3_enc.c \
+	enc_read.c enc_writ.c ofb64ede.c ofb64enc.c ofb_enc.c  \
+	rand_key.c rpc_enc.c  str2key.c  supp.c \
+	xcbc_enc.c $(LIBDES_LIT) read_pwd.c read2pwd.c
+
+PERL=	des.pl testdes.pl doIP doPC1 doPC2 PC1 PC2 shifts.pl
+
+OBJ=	$(OBJ_LIT)
+GENERAL=$(GENERAL_LIT)
+TESTING=$(TESTING_LIT)
+TESTING_SRC=$(TESTING_SRC_LIT)
+HEADERS=$(HEADERS_LIT)
+LIBDES=	$(LIBDES_LIT)
+
+ALL=	$(GENERAL) $(TESTING_SRC) $(LIBDES) $(PERL) $(HEADERS)
+
+DLIB=	libdes.a
+
+all: $(DLIB) $(TESTING)
+
+cc:
+	$(MAKE) CC=cc CFLAGS="-O $(OPTS) $(CFLAG)" all
+
+gcc:
+	$(MAKE) CC=gcc CFLAGS="-O3 -fomit-frame-pointer $(OPTS) $(CFLAG)" all
+
+x86-elf:
+	$(MAKE) DES_ENC='asm/dx86-elf.o asm/yx86-elf.o' CC=$(CC) CFLAGS="-DELF $(OPTS) $(CFLAG)" all
+
+x86-out:
+	$(MAKE) DES_ENC='asm/dx86-out.o asm/yx86-out.o' CC=$(CC) CFLAGS="-DOUT $(OPTS) $(CFLAG)" all
+
+x86-solaris:
+	$(MAKE) DES_ENC='asm/dx86-sol.o asm/yx86-sol.o' CC=$(CC) CFLAGS="-DSOL $(OPTS) $(CFLAG)" all
+
+x86-bsdi:
+	$(MAKE) DES_ENC='asm/dx86bsdi.o asm/yx86bsdi.o' CC=$(CC) CFLAGS="-DBSDI $(OPTS) $(CFLAG)" all
+
+# elf
+asm/dx86-elf.o: asm/dx86unix.cpp
+	$(CPP) -DELF asm/dx86unix.cpp | $(AS) -o asm/dx86-elf.o
+
+asm/yx86-elf.o: asm/yx86unix.cpp
+	$(CPP) -DELF asm/yx86unix.cpp | $(AS) -o asm/yx86-elf.o
+
+# solaris
+asm/dx86-sol.o: asm/dx86unix.cpp
+	$(CC) -E -DSOL asm/dx86unix.cpp | sed 's/^#.*//' > asm/dx86-sol.s
+	as -o asm/dx86-sol.o asm/dx86-sol.s
+	rm -f asm/dx86-sol.s
+
+asm/yx86-sol.o: asm/yx86unix.cpp
+	$(CC) -E -DSOL asm/yx86unix.cpp | sed 's/^#.*//' > asm/yx86-sol.s
+	as -o asm/yx86-sol.o asm/yx86-sol.s
+	rm -f asm/yx86-sol.s
+
+# a.out
+asm/dx86-out.o: asm/dx86unix.cpp
+	$(CPP) -DOUT asm/dx86unix.cpp | $(AS) -o asm/dx86-out.o
+
+asm/yx86-out.o: asm/yx86unix.cpp
+	$(CPP) -DOUT asm/yx86unix.cpp | $(AS) -o asm/yx86-out.o
+
+# bsdi
+asm/dx86bsdi.o: asm/dx86unix.cpp
+	$(CPP) -DBSDI asm/dx86unix.cpp | $(AS) -o asm/dx86bsdi.o
+
+asm/yx86bsdi.o: asm/yx86unix.cpp
+	$(CPP) -DBSDI asm/yx86unix.cpp | $(AS) -o asm/yx86bsdi.o
+
+asm/dx86unix.cpp:
+	(cd asm; perl des-586.pl cpp >dx86unix.cpp)
+
+asm/yx86unix.cpp:
+	(cd asm; perl crypt586.pl cpp >yx86unix.cpp)
+
+test:	all
+	./destest
+
+$(DLIB): $(OBJ)
+	/bin/rm -f $(DLIB)
+	ar cr $(DLIB) $(OBJ)
+	-if test -s /bin/ranlib; then /bin/ranlib $(DLIB); \
+	else if test -s /usr/bin/ranlib; then /usr/bin/ranlib $(DLIB); \
+	else exit 0; fi; fi
+
+des_opts: des_opts.o $(DLIB)
+	$(CC) $(CFLAGS) -o des_opts des_opts.o $(DLIB)
+
+destest: destest.o $(DLIB)
+	$(CC) $(CFLAGS) -o destest destest.o $(DLIB)
+
+rpw: rpw.o $(DLIB)
+	$(CC) $(CFLAGS) -o rpw rpw.o $(DLIB)
+
+speed: speed.o $(DLIB)
+	$(CC) $(CFLAGS) -o speed speed.o $(DLIB)
+
+des: des.o $(DLIB)
+	$(CC) $(CFLAGS) -o des des.o $(DLIB)
+
+tags:
+	ctags $(TESTING_SRC) $(LIBDES)
+
+tar_lit:
+	/bin/mv Makefile Makefile.tmp
+	/bin/cp Makefile.lit Makefile
+	tar chf libdes-l.tar $(LIBDES_LIT) $(HEADERS_LIT) \
+		$(GENERAL_LIT) $(TESTING_SRC_LIT)
+	/bin/rm -f Makefile
+	/bin/mv Makefile.tmp Makefile
+
+tar:
+	tar chf libdes.tar $(ALL)
+
+shar:
+	shar $(ALL) >libdes.shar
+
+depend:
+	makedepend $(LIBDES) $(TESTING_SRC)
+
+clean:
+	/bin/rm -f *.o tags core $(TESTING) $(DLIB) .nfs* *.old *.bak asm/*.o 
+
+dclean:
+	sed -e '/^# DO NOT DELETE THIS LINE/ q' Makefile >Makefile.new
+	mv -f Makefile.new Makefile
+
+# Eric is probably going to choke when he next looks at this --tjh
+install:
+	if test $(INSTALLTOP); then \
+	    echo SSL style install; \
+	    cp $(DLIB) $(INSTALLTOP)/lib; \
+	    if test -s /bin/ranlib; then \
+	        /bin/ranlib $(INSTALLTOP)/lib/$(DLIB); \
+	    else \
+		if test -s /usr/bin/ranlib; then \
+		/usr/bin/ranlib $(INSTALLTOP)/lib/$(DLIB); \
+	    fi; fi; \
+	    chmod 644 $(INSTALLTOP)/lib/$(DLIB); \
+	    cp des.h $(INSTALLTOP)/include; \
+	    chmod 644 $(INSTALLTOP)/include/des.h; \
+	else \
+	    echo Standalone install; \
+	    cp $(DLIB) $(LIBDIR)/$(DLIB); \
+	    if test -s /bin/ranlib; then \
+	      /bin/ranlib $(LIBDIR)/$(DLIB); \
+	    else \
+	      if test -s /usr/bin/ranlib; then \
+		/usr/bin/ranlib $(LIBDIR)/$(DLIB); \
+	      fi; \
+	    fi; \
+	    chmod 644 $(LIBDIR)/$(DLIB); \
+	    cp des_crypt.man $(MANDIR)/man$(MAN3)/des_crypt.$(MAN3); \
+	    chmod 644 $(MANDIR)/man$(MAN3)/des_crypt.$(MAN3); \
+	    cp des.man $(MANDIR)/man$(MAN1)/des.$(MAN1); \
+	    chmod 644 $(MANDIR)/man$(MAN1)/des.$(MAN1); \
+	    cp des.h $(INCDIR)/des.h; \
+	    chmod 644 $(INCDIR)/des.h; \
+	fi
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/openssl/crypto/des/Makefile.ssl b/crypto/openssl/crypto/des/Makefile.ssl
new file mode 100644
index 000000000000..09fdd07305e5
--- /dev/null
+++ b/crypto/openssl/crypto/des/Makefile.ssl
@@ -0,0 +1,208 @@
+#
+# SSLeay/crypto/des/Makefile
+#
+
+DIR=	des
+TOP=	../..
+CC=	cc
+CPP=	$(CC) -E
+INCLUDES=-I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=		make -f Makefile.ssl
+MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+MAKEFILE=	Makefile.ssl
+AR=		ar r
+DES_ENC=	des_enc.o fcrypt_b.o
+# or use
+#DES_ENC=	dx86-elf.o yx86-elf.o
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=destest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=	cbc_cksm.c cbc_enc.c  cfb64enc.c cfb_enc.c  \
+	ecb3_enc.c ecb_enc.c  enc_read.c enc_writ.c \
+	fcrypt.c ofb64enc.c ofb_enc.c  pcbc_enc.c \
+	qud_cksm.c rand_key.c read_pwd.c rpc_enc.c  set_key.c  \
+	des_enc.c fcrypt_b.c read2pwd.c \
+	fcrypt.c xcbc_enc.c \
+	str2key.c  cfb64ede.c ofb64ede.c supp.c ede_cbcm_enc.c
+
+LIBOBJ= set_key.o  ecb_enc.o  cbc_enc.o \
+	ecb3_enc.o cfb64enc.o cfb64ede.o cfb_enc.o  ofb64ede.o \
+	enc_read.o enc_writ.o ofb64enc.o \
+	ofb_enc.o  str2key.o  pcbc_enc.o qud_cksm.o rand_key.o \
+	${DES_ENC} read2pwd.o \
+	fcrypt.o xcbc_enc.o read_pwd.o rpc_enc.o  cbc_cksm.o supp.o \
+	ede_cbcm_enc.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= des.h
+HEADER=	des_locl.h rpc_des.h podd.h sk.h spr.h des_ver.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:	lib
+
+lib:	$(LIBOBJ)
+	$(AR) $(LIB) $(LIBOBJ)
+	$(RANLIB) $(LIB)
+	@touch lib
+
+des: des.o cbc3_enc.o lib
+	$(CC) $(CFLAGS) -o des des.o cbc3_enc.o $(LIB)
+
+# elf
+asm/dx86-elf.o: asm/dx86unix.cpp
+	$(CPP) -DELF asm/dx86unix.cpp | as -o asm/dx86-elf.o
+
+asm/yx86-elf.o: asm/yx86unix.cpp
+	$(CPP) -DELF asm/yx86unix.cpp | as -o asm/yx86-elf.o
+
+# solaris
+asm/dx86-sol.o: asm/dx86unix.cpp
+	$(CC) -E -DSOL asm/dx86unix.cpp | sed 's/^#.*//' > asm/dx86-sol.s
+	as -o asm/dx86-sol.o asm/dx86-sol.s
+	rm -f asm/dx86-sol.s
+
+asm/yx86-sol.o: asm/yx86unix.cpp
+	$(CC) -E -DSOL asm/yx86unix.cpp | sed 's/^#.*//' > asm/yx86-sol.s
+	as -o asm/yx86-sol.o asm/yx86-sol.s
+	rm -f asm/yx86-sol.s
+
+# a.out
+asm/dx86-out.o: asm/dx86unix.cpp
+	$(CPP) -DOUT asm/dx86unix.cpp | as -o asm/dx86-out.o
+
+asm/yx86-out.o: asm/yx86unix.cpp
+	$(CPP) -DOUT asm/yx86unix.cpp | as -o asm/yx86-out.o
+
+# bsdi
+asm/dx86bsdi.o: asm/dx86unix.cpp
+	$(CPP) -DBSDI asm/dx86unix.cpp | sed 's/ :/:/' | as -o asm/dx86bsdi.o
+
+asm/yx86bsdi.o: asm/yx86unix.cpp
+	$(CPP) -DBSDI asm/yx86unix.cpp | sed 's/ :/:/' | as -o asm/yx86bsdi.o
+
+asm/dx86unix.cpp: asm/des-586.pl
+	(cd asm; $(PERL) des-586.pl cpp >dx86unix.cpp)
+
+asm/yx86unix.cpp: asm/crypt586.pl
+	(cd asm; $(PERL) crypt586.pl cpp >yx86unix.cpp)
+
+files:
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(TOP)/util/point.sh ../../perlasm asm/perlasm
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install: installs
+
+installs:
+	@for i in $(EXHEADER) ; \
+	do  \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+	done;
+
+tags:
+	ctags $(SRC)
+
+tests:
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+
+dclean:
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	rm -f asm/dx86unix.cpp asm/yx86unix.cpp *.o asm/*.o *.obj des lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+cbc_cksm.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+cbc_cksm.o: ../../include/openssl/opensslconf.h des_locl.h
+cbc_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+cbc_enc.o: ../../include/openssl/opensslconf.h des_locl.h ncbc_enc.c
+cfb64ede.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+cfb64ede.o: ../../include/openssl/opensslconf.h des_locl.h
+cfb64enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+cfb64enc.o: ../../include/openssl/opensslconf.h des_locl.h
+cfb_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+cfb_enc.o: ../../include/openssl/opensslconf.h des_locl.h
+des_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+des_enc.o: ../../include/openssl/opensslconf.h des_locl.h des_locl.h ncbc_enc.c
+ecb3_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+ecb3_enc.o: ../../include/openssl/opensslconf.h des_locl.h
+ecb_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+ecb_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+ecb_enc.o: des_locl.h spr.h
+ede_cbcm_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+ede_cbcm_enc.o: ../../include/openssl/opensslconf.h des_locl.h
+enc_read.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+enc_read.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+enc_read.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+enc_read.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+enc_read.o: ../../include/openssl/opensslv.h ../../include/openssl/stack.h
+enc_read.o: ../cryptlib.h des_locl.h
+enc_writ.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+enc_writ.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+enc_writ.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+enc_writ.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+enc_writ.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+enc_writ.o: ../../include/openssl/stack.h ../cryptlib.h des_locl.h
+fcrypt.o: ../../include/openssl/des.h ../../include/openssl/des.h
+fcrypt.o: ../../include/openssl/e_os2.h ../../include/openssl/e_os2.h
+fcrypt.o: ../../include/openssl/opensslconf.h
+fcrypt.o: ../../include/openssl/opensslconf.h des_locl.h des_locl.h
+fcrypt_b.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+fcrypt_b.o: ../../include/openssl/opensslconf.h des_locl.h
+ofb64ede.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+ofb64ede.o: ../../include/openssl/opensslconf.h des_locl.h
+ofb64enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+ofb64enc.o: ../../include/openssl/opensslconf.h des_locl.h
+ofb_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+ofb_enc.o: ../../include/openssl/opensslconf.h des_locl.h
+pcbc_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+pcbc_enc.o: ../../include/openssl/opensslconf.h des_locl.h
+qud_cksm.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+qud_cksm.o: ../../include/openssl/opensslconf.h des_locl.h
+rand_key.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+rand_key.o: ../../include/openssl/opensslconf.h des_locl.h
+read2pwd.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+read2pwd.o: ../../include/openssl/opensslconf.h des_locl.h
+read_pwd.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+read_pwd.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+read_pwd.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+read_pwd.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+read_pwd.o: ../../include/openssl/opensslv.h ../../include/openssl/stack.h
+read_pwd.o: ../cryptlib.h des_locl.h
+rpc_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+rpc_enc.o: ../../include/openssl/opensslconf.h des_locl.h des_ver.h rpc_des.h
+set_key.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+set_key.o: ../../include/openssl/opensslconf.h des_locl.h podd.h sk.h
+str2key.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+str2key.o: ../../include/openssl/opensslconf.h des_locl.h
+supp.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+supp.o: ../../include/openssl/opensslconf.h des_locl.h
+xcbc_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+xcbc_enc.o: ../../include/openssl/opensslconf.h des_locl.h
diff --git a/crypto/openssl/crypto/des/Makefile.uni b/crypto/openssl/crypto/des/Makefile.uni
new file mode 100644
index 000000000000..ec19d75b81f4
--- /dev/null
+++ b/crypto/openssl/crypto/des/Makefile.uni
@@ -0,0 +1,251 @@
+# You must select the correct terminal control system to be used to
+# turn character echo off when reading passwords.  There a 5 systems
+# SGTTY   - the old BSD system
+# TERMIO  - most system V boxes
+# TERMIOS - SGI (ala IRIX).
+# VMS     - the DEC operating system
+# MSDOS   - we all know what it is :-)
+# read_pwd.c makes a reasonable guess at what is correct.
+
+# Targets
+# make          - twidle the options yourself :-)
+# make cc       - standard cc options
+# make gcc      - standard gcc options
+# make x86-elf  - linux-elf etc
+# make x86-out  - linux-a.out, FreeBSD etc
+# make x86-solaris
+# make x86-bdsi
+
+# If you are on a DEC Alpha, edit des.h and change the DES_LONG
+# define to 'unsigned int'.  I have seen this give a %20 speedup.
+
+OPTS0= -DRAND -DTERMIO #-DNOCONST
+
+# Version 1.94 has changed the strings_to_key function so that it is
+# now compatible with MITs when the string is longer than 8 characters.
+# If you wish to keep the old version, uncomment the following line.
+# This will affect the -E/-D options on des(1).
+#OPTS1= -DOLD_STR_TO_KEY
+
+# There are 4 possible performance options
+# -DDES_PTR
+# -DDES_RISC1
+# -DDES_RISC2 (only one of DES_RISC1 and DES_RISC2)
+# -DDES_UNROLL
+# after the initial build, run 'des_opts' to see which options are best
+# for your platform.  There are some listed in options.txt
+#OPTS2= -DDES_PTR 
+#OPTS3= -DDES_RISC1 # or DES_RISC2
+#OPTS4= -DDES_UNROLL
+
+OPTS= $(OPTS0) $(OPTS1) $(OPTS2) $(OPTS3) $(OPTS4)
+
+MAKE=make -f Makefile
+#CC=cc
+#CFLAG= -O
+
+CC=gcc
+#CFLAG= -O4 -funroll-loops -fomit-frame-pointer
+CFLAG= -O3 -fomit-frame-pointer
+
+CFLAGS=$(OPTS) $(CFLAG)
+CPP=$(CC) -E
+AS=as
+RANLIB=ranlib
+
+# Assember version of des_encrypt*().
+DES_ENC=des_enc.o fcrypt_b.o		# normal C version
+#DES_ENC=asm/dx86-elf.o	asm/yx86-elf.o	# elf format x86
+#DES_ENC=asm/dx86-out.o	asm/yx86-out.o	# a.out format x86
+#DES_ENC=asm/dx86-sol.o	asm/yx86-sol.o	# solaris format x86 
+#DES_ENC=asm/dx86bsdi.o	asm/yx86basi.o	# bsdi format x86 
+
+LIBDIR=/usr/local/lib
+BINDIR=/usr/local/bin
+INCDIR=/usr/local/include
+MANDIR=/usr/local/man
+MAN1=1
+MAN3=3
+SHELL=/bin/sh
+OBJ_LIT=cbc_enc.o ecb_enc.o $(DES_ENC) fcrypt.o set_key.o
+OBJ_FULL=cbc_cksm.o $(OBJ_LIT) pcbc_enc.o \
+	xcbc_enc.o qud_cksm.o cbc3_enc.o \
+	cfb64ede.o cfb64enc.o cfb_enc.o ecb3_enc.o \
+	enc_read.o enc_writ.o ofb64ede.o ofb64enc.o ofb_enc.o  \
+	rand_key.o read_pwd.o read2pwd.o rpc_enc.o  str2key.o supp.o
+
+GENERAL_LIT=COPYRIGHT INSTALL README VERSION Makefile des_crypt.man \
+	des.doc options.txt asm
+GENERAL_FULL=$(GENERAL_LIT) FILES Imakefile times vms.com KERBEROS MODES.DES \
+	des.man DES.pm DES.pod DES.xs Makefile.PL dess.cpp des3s.cpp \
+	Makefile.uni typemap t Makefile.ssl makefile.bc Makefile.lit \
+	des.org des_locl.org
+TESTING_LIT=	destest speed des_opts
+TESTING_FULL=	rpw des $(TESTING_LIT)
+TESTING_SRC_LIT=destest.c speed.c des_opts.c
+TESTING_SRC_FULL=rpw.c des.c $(TESTING_SRC_LIT)
+HEADERS_LIT=des_ver.h des.h des_locl.h podd.h sk.h spr.h
+HEADERS_FULL= $(HEADERS_LIT) rpc_des.h
+LIBDES_LIT=cbc_enc.c ecb_enc.c fcrypt.c set_key.c des_enc.c fcrypt_b.c
+LIBDES_FULL= cbc_cksm.c pcbc_enc.c qud_cksm.c cbc3_enc.c \
+	cfb64ede.c cfb64enc.c cfb_enc.c ecb3_enc.c \
+	enc_read.c enc_writ.c ofb64ede.c ofb64enc.c ofb_enc.c  \
+	rand_key.c rpc_enc.c  str2key.c  supp.c \
+	xcbc_enc.c $(LIBDES_LIT) read_pwd.c read2pwd.c
+
+PERL=	des.pl testdes.pl doIP doPC1 doPC2 PC1 PC2 shifts.pl
+
+OBJ=	$(OBJ_FULL)
+GENERAL=$(GENERAL_FULL)
+TESTING=$(TESTING_FULL)
+TESTING_SRC=$(TESTING_SRC_FULL)
+HEADERS=$(HEADERS_FULL)
+LIBDES=	$(LIBDES_FULL)
+
+ALL=	$(GENERAL) $(TESTING_SRC) $(LIBDES) $(PERL) $(HEADERS)
+
+DLIB=	libdes.a
+
+all: $(DLIB) $(TESTING)
+
+cc:
+	$(MAKE) CC=cc CFLAGS="-O $(OPTS) $(CFLAG)" all
+
+gcc:
+	$(MAKE) CC=gcc CFLAGS="-O3 -fomit-frame-pointer $(OPTS) $(CFLAG)" all
+
+x86-elf:
+	$(MAKE) DES_ENC='asm/dx86-elf.o asm/yx86-elf.o' CC=$(CC) CFLAGS="-DELF $(OPTS) $(CFLAG)" all
+
+x86-out:
+	$(MAKE) DES_ENC='asm/dx86-out.o asm/yx86-out.o' CC=$(CC) CFLAGS="-DOUT $(OPTS) $(CFLAG)" all
+
+x86-solaris:
+	$(MAKE) DES_ENC='asm/dx86-sol.o asm/yx86-sol.o' CC=$(CC) CFLAGS="-DSOL $(OPTS) $(CFLAG)" all
+
+x86-bsdi:
+	$(MAKE) DES_ENC='asm/dx86bsdi.o asm/yx86bsdi.o' CC=$(CC) CFLAGS="-DBSDI $(OPTS) $(CFLAG)" all
+
+# elf
+asm/dx86-elf.o: asm/dx86unix.cpp
+	$(CPP) -DELF asm/dx86unix.cpp | $(AS) -o asm/dx86-elf.o
+
+asm/yx86-elf.o: asm/yx86unix.cpp
+	$(CPP) -DELF asm/yx86unix.cpp | $(AS) -o asm/yx86-elf.o
+
+# solaris
+asm/dx86-sol.o: asm/dx86unix.cpp
+	$(CC) -E -DSOL asm/dx86unix.cpp | sed 's/^#.*//' > asm/dx86-sol.s
+	as -o asm/dx86-sol.o asm/dx86-sol.s
+	rm -f asm/dx86-sol.s
+
+asm/yx86-sol.o: asm/yx86unix.cpp
+	$(CC) -E -DSOL asm/yx86unix.cpp | sed 's/^#.*//' > asm/yx86-sol.s
+	as -o asm/yx86-sol.o asm/yx86-sol.s
+	rm -f asm/yx86-sol.s
+
+# a.out
+asm/dx86-out.o: asm/dx86unix.cpp
+	$(CPP) -DOUT asm/dx86unix.cpp | $(AS) -o asm/dx86-out.o
+
+asm/yx86-out.o: asm/yx86unix.cpp
+	$(CPP) -DOUT asm/yx86unix.cpp | $(AS) -o asm/yx86-out.o
+
+# bsdi
+asm/dx86bsdi.o: asm/dx86unix.cpp
+	$(CPP) -DBSDI asm/dx86unix.cpp | $(AS) -o asm/dx86bsdi.o
+
+asm/yx86bsdi.o: asm/yx86unix.cpp
+	$(CPP) -DBSDI asm/yx86unix.cpp | $(AS) -o asm/yx86bsdi.o
+
+asm/dx86unix.cpp:
+	(cd asm; perl des-586.pl cpp >dx86unix.cpp)
+
+asm/yx86unix.cpp:
+	(cd asm; perl crypt586.pl cpp >yx86unix.cpp)
+
+test:	all
+	./destest
+
+$(DLIB): $(OBJ)
+	/bin/rm -f $(DLIB)
+	ar cr $(DLIB) $(OBJ)
+	$(RANLIB) $(DLIB)
+
+des_opts: des_opts.o $(DLIB)
+	$(CC) $(CFLAGS) -o des_opts des_opts.o $(DLIB)
+
+destest: destest.o $(DLIB)
+	$(CC) $(CFLAGS) -o destest destest.o $(DLIB)
+
+rpw: rpw.o $(DLIB)
+	$(CC) $(CFLAGS) -o rpw rpw.o $(DLIB)
+
+speed: speed.o $(DLIB)
+	$(CC) $(CFLAGS) -o speed speed.o $(DLIB)
+
+des: des.o $(DLIB)
+	$(CC) $(CFLAGS) -o des des.o $(DLIB)
+
+tags:
+	ctags $(TESTING_SRC) $(LIBDES)
+
+tar_lit:
+	/bin/mv Makefile Makefile.tmp
+	/bin/cp Makefile.lit Makefile
+	for i in $(HEADERS_LIT) $(LIBDES_LIT) $(GENERAL_LIT) $(TESTING_SRC_LIT) ;\
+	do \
+		n="$$n des/$$i"; \
+	done; \
+	( cd .. ; tar chf - $$n )| gzip > libdes-l.tgz
+	/bin/rm -f Makefile
+	/bin/mv Makefile.tmp Makefile
+
+tar:
+	mv Makefile Makefile.tmp
+	/bin/cp Makefile.uni Makefile
+	for i in $(ALL) ;\
+	do \
+		n="$$n des/$$i"; \
+	done; \
+	( cd .. ; tar chf - $$n )| gzip > libdes.tgz
+	/bin/rm -f Makefile
+	/bin/mv Makefile.tmp Makefile
+
+shar:
+	shar $(ALL) >libdes.shar
+
+depend:
+	makedepend $(LIBDES) $(TESTING_SRC)
+
+clean:
+	/bin/rm -f *.o tags core $(TESTING) $(DLIB) .nfs* *.old *.bak asm/*.o 
+
+dclean:
+	sed -e '/^# DO NOT DELETE THIS LINE/ q' Makefile >Makefile.new
+	mv -f Makefile.new Makefile
+
+# Eric is probably going to choke when he next looks at this --tjh
+install: des
+	if test $(INSTALLTOP); then \
+	    echo SSL style install; \
+	    cp $(DLIB) $(INSTALLTOP)/lib; \
+		$(RANLIB) $(DLIB); \
+	    chmod 644 $(INSTALLTOP)/lib/$(DLIB); \
+	    cp des.h $(INSTALLTOP)/include; \
+	    chmod 644 $(INSTALLTOP)/include/des.h; \
+	else \
+	    echo Standalone install; \
+	    cp $(DLIB) $(LIBDIR)/$(DLIB); \
+		$(RANLIB) $(DLIB); \
+	    chmod 644 $(LIBDIR)/$(DLIB); \
+	    cp des $(BINDIR)/des; \
+	    chmod 711 $(BINDIR)/des; \
+	    cp des_crypt.man $(MANDIR)/man$(MAN3)/des_crypt.$(MAN3); \
+	    chmod 644 $(MANDIR)/man$(MAN3)/des_crypt.$(MAN3); \
+	    cp des.man $(MANDIR)/man$(MAN1)/des.$(MAN1); \
+	    chmod 644 $(MANDIR)/man$(MAN1)/des.$(MAN1); \
+	    cp des.h $(INCDIR)/des.h; \
+	    chmod 644 $(INCDIR)/des.h; \
+	fi
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/openssl/crypto/des/PC1 b/crypto/openssl/crypto/des/PC1
new file mode 100644
index 000000000000..efb8348b72d7
--- /dev/null
+++ b/crypto/openssl/crypto/des/PC1
@@ -0,0 +1,28 @@
+#!/usr/local/bin/perl
+
+@PC1=(  57,49,41,33,25,17, 9,
+	 1,58,50,42,34,26,18,
+	10, 2,59,51,43,35,27,
+	19,11, 3,60,52,44,36,
+	"-","-","-","-",
+	63,55,47,39,31,23,15,
+	 7,62,54,46,38,30,22,
+	14, 6,61,53,45,37,29,
+	21,13, 5,28,20,12, 4,
+	"-","-","-","-",
+	);
+
+foreach (@PC1)
+	{
+	if ($_ ne "-")
+		{
+		$_--;
+		$_=int($_/8)*8+7-($_%8);
+		printf "%2d  ",$_;
+		}
+	else
+		{ print "--  "; }
+	print "\n" if (((++$i) % 8) == 0);
+	print "\n" if ((($i) % 32) == 0);
+	}
+
diff --git a/crypto/openssl/crypto/des/PC2 b/crypto/openssl/crypto/des/PC2
new file mode 100644
index 000000000000..2d560270ecd8
--- /dev/null
+++ b/crypto/openssl/crypto/des/PC2
@@ -0,0 +1,57 @@
+#!/usr/local/bin/perl
+
+@PC2_C=(14,17,11,24, 1, 5,
+	 3,28,15, 6,21,10,
+	23,19,12, 4,26, 8,
+	16, 7,27,20,13, 2,
+	);
+
+@PC2_D=(41,52,31,37,47,55,
+	30,40,51,45,33,48,
+	44,49,39,56,34,53,
+	46,42,50,36,29,32,
+	);
+
+foreach (@PC2_C) {
+	if ($_ ne "-")
+		{
+		$_--;
+		printf "%2d  ",$_; }
+	else { print "--  "; }
+	$C{$_}=1;
+	print "\n" if (((++$i) % 8) == 0);
+	}
+$i=0;
+print "\n";
+foreach (@PC2_D) {
+	if ($_ ne "-")
+		{
+		$_-=29;
+		printf "%2d  ",$_; }
+	else { print "--  "; }
+	$D{$_}=1;
+	print "\n" if (((++$i) % 8) == 0); }
+
+print "\n";
+foreach $i (0 .. 27)
+	{
+	$_=$C{$i};
+	if ($_ ne "-") {printf "%2d ",$_;}
+	else { print "--  "; }
+	print "\n" if (((++$i) % 8) == 0);
+	}
+print "\n";
+
+print "\n";
+foreach $i (0 .. 27)
+	{
+	$_=$D{$i};
+	if ($_ ne "-") {printf "%2d  ",$_;}
+	else { print "--  "; }
+	print "\n" if (((++$i) % 8) == 0);
+	}
+print "\n";
+sub numsort
+	{
+	$a-$b;
+	}
diff --git a/crypto/openssl/crypto/des/README b/crypto/openssl/crypto/des/README
new file mode 100644
index 000000000000..621a5ab4676b
--- /dev/null
+++ b/crypto/openssl/crypto/des/README
@@ -0,0 +1,54 @@
+
+		libdes, Version 4.01 10-Jan-97
+
+		Copyright (c) 1997, Eric Young
+			  All rights reserved.
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms specified in COPYRIGHT.
+    
+--
+The primary ftp site for this library is
+ftp://ftp.psy.uq.oz.au/pub/Crypto/DES/libdes-x.xx.tar.gz
+libdes is now also shipped with SSLeay.  Primary ftp site of
+ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL/SSLeay-x.x.x.tar.gz
+
+The best way to build this library is to build it as part of SSLeay.
+
+This kit builds a DES encryption library and a DES encryption program.
+It supports ecb, cbc, ofb, cfb, triple ecb, triple cbc, triple ofb,
+triple cfb, desx, and MIT's pcbc encryption modes and also has a fast
+implementation of crypt(3).
+It contains support routines to read keys from a terminal,
+generate a random key, generate a key from an arbitrary length string,
+read/write encrypted data from/to a file descriptor.
+
+The implementation was written so as to conform with the manual entry
+for the des_crypt(3) library routines from MIT's project Athena.
+
+destest should be run after compilation to test the des routines.
+rpw should be run after compilation to test the read password routines.
+The des program is a replacement for the sun des command.  I believe it
+conforms to the sun version.
+
+The Imakefile is setup for use in the kerberos distribution.
+
+These routines are best compiled with gcc or any other good
+optimising compiler.
+Just turn you optimiser up to the highest settings and run destest
+after the build to make sure everything works.
+
+I believe these routines are close to the fastest and most portable DES
+routines that use small lookup tables (4.5k) that are publicly available.
+The fcrypt routine is faster than ufc's fcrypt (when compiling with
+gcc2 -O2) on the sparc 2 (1410 vs 1270) but is not so good on other machines
+(on a sun3/260 168 vs 336).  It is a function of CPU on chip cache size.
+[ 10-Jan-97 and a function of an incorrect speed testing program in
+  ufc which gave much better test figures that reality ].
+
+It is worth noting that on sparc and Alpha CPUs, performance of the DES
+library can vary by upto %10 due to the positioning of files after application
+linkage.
+
+Eric Young (eay@cryptsoft.com)
+
diff --git a/crypto/openssl/crypto/des/VERSION b/crypto/openssl/crypto/des/VERSION
new file mode 100644
index 000000000000..c7d01542bc73
--- /dev/null
+++ b/crypto/openssl/crypto/des/VERSION
@@ -0,0 +1,412 @@
+	Fixed the weak key values which were wrong :-(
+	Defining SIGACTION causes sigaction() to be used instead of signal().
+	SIGUSR1/SIGUSR2 are no longer mapped in the read tty stuff because it
+	can cause problems.  This should hopefully not affect normal
+	applications.
+
+Version 4.04
+	Fixed a few tests in destest.  Also added x86 assember for
+	des_ncbc_encrypt() which is the standard cbc mode function.
+	This makes a very very large performace difference.
+	Ariel Glenn ariel@columbia.edu reports that the terminal
+	'turn echo off' can return (errno == EINVAL) under solaris
+	when redirection is used.  So I now catch that as well as ENOTTY.
+
+
+Version 4.03
+	Left a static out of enc_write.c, which caused to buffer to be
+	continiously malloc()ed.  Does anyone use these functions?  I keep
+	on feeling like removing them since I only had these in there
+	for a version of kerberised login.  Anyway, this was pointed out
+	by Theo de Raadt 
+	The 'n' bit ofb code was wrong, it was not shifting the shift
+	register. It worked correctly for n == 64.  Thanks to
+	Gigi Ankeny  for pointing this one out.
+
+Version 4.02
+	I was doing 'if (memcmp(weak_keys[i],key,sizeof(key)) == 0)'
+	when checking for weak keys which is wrong :-(, pointed out by
+	Markus F.X.J. Oberhumer .
+
+Version 4.01
+	Even faster inner loop in the DES assembler for x86 and a modification
+	for IP/FP which is faster on x86.  Both of these changes are
+	from Svend Olaf Mikkelsen .  His
+	changes make the assembler run %40 faster on a pentium.  This is just
+	a case of getting the instruction sequence 'just right'.
+	All credit to 'Svend' :-)
+	Quite a few special x86 'make' targets.
+	A libdes-l (lite) distribution.
+
+Version 4.00
+	After a bit of a pause, I'll up the major version number since this
+	is mostly a performace release.  I've added x86 assembler and
+	added more options for performance.  A %28 speedup for gcc 
+	on a pentium and the assembler is a %50 speedup.
+	MIPS CPU's, sparc and Alpha are the main CPU's with speedups.
+	Run des_opts to work out which options should be used.
+	DES_RISC1/DES_RISC2 use alternative inner loops which use
+	more registers but should give speedups on any CPU that does
+	dual issue (pentium).  DES_UNROLL unrolls the inner loop,
+	which costs in code size.
+
+Version 3.26
+	I've finally removed one of the shifts in D_ENCRYPT.  This
+	meant I've changed the des_SPtrans table (spr.h), the set_key()
+	function and some things in des_enc.c.  This has definitly
+	made things faster :-).  I've known about this one for some
+	time but I've been too lazy to follow it up :-).
+	Noticed that in the D_ENCRYPT() macro, we can just do L^=(..)^(..)^..
+	instead of L^=((..)|(..)|(..)..  This should save a register at
+	least.
+	Assember for x86.  The file to replace is des_enc.c, which is replaced
+	by one of the assembler files found in asm.  Look at des/asm/readme
+	for more info.
+
+	/* Modification to fcrypt so it can be compiled to support
+	HPUX 10.x's long password format, define -DLONGCRYPT to use this.
+	Thanks to Jens Kupferschmidt . */
+
+	SIGWINCH case put in des_read_passwd() so the function does not
+	'exit' if this function is recieved.
+
+Version 3.25 17/07/96
+	Modified read_pwd.c so that stdin can be read if not a tty.
+	Thanks to Jeff Barber  for the patches.
+	des_init_random_number_generator() shortened due to VMS linker
+	limits.
+	Added RSA's DESX cbc mode.  It is a form of cbc encryption, with 2
+	8 byte quantites xored before and after encryption.
+	des_xcbc_encryption() - the name is funny to preserve the des_
+	prefix on all functions.
+
+Version 3.24 20/04/96
+	The DES_PTR macro option checked and used by SSLeay configuration
+
+Version 3.23 11/04/96
+	Added DES_LONG.  If defined to 'unsigned int' on the DEC Alpha,
+	it gives a %20 speedup :-)
+	Fixed the problem with des.pl under perl5.  The patches were
+	sent by Ed Kubaitis (ejk@uiuc.edu).
+	if fcrypt.c, changed values to handle illegal salt values the way
+	normal crypt() implementations do.  Some programs apparently use
+	them :-(. The patch was sent by Bjorn Gronvall 
+
+Version 3.22 29/11/95
+	Bug in des(1), an error with the uuencoding stuff when the
+	'data' is small, thanks to Geoff Keating 
+	for the patch.
+
+Version 3.21 22/11/95
+	After some emailing back and forth with 
+	Colin Plumb , I've tweaked a few things
+	and in a future version I will probably put in some of the
+	optimisation he suggested for use with the DES_USE_PTR option.
+	Extra routines from Mark Murray  for use in
+	freeBSD.  They mostly involve random number generation for use
+	with kerberos.  They involve evil machine specific system calls
+	etc so I would normally suggest pushing this stuff into the
+	application and/or using RAND_seed()/RAND_bytes() if you are
+	using this DES library as part of SSLeay.
+	Redone the read_pw() function so that it is cleaner and
+	supports termios, thanks to Sameer Parekh 
+	for the initial patches for this.
+	Renamed 3ecb_encrypt() to ecb3_encrypt().  This has been
+	 done just to make things more consistent.
+	I have also now added triple DES versions of cfb and ofb.
+
+Version 3.20
+	Damn, Damn, Damn, as pointed out by Mike_Spreitzer.PARC@xerox.com,
+	my des_random_seed() function was only copying 4 bytes of the
+	passed seed into the init structure.  It is now fixed to copy 8.
+	My own suggestion is to used something like MD5 :-)
+
+Version 3.19 
+	While looking at my code one day, I though, why do I keep on
+	calling des_encrypt(in,out,ks,enc) when every function that
+	calls it has in and out the same.  So I dropped the 'out'
+	parameter, people should not be using this function.
+
+Version 3.18 30/08/95
+	Fixed a few bit with the distribution and the filenames.
+	3.17 had been munged via a move to DOS and back again.
+	NO CODE CHANGES
+
+Version 3.17 14/07/95
+	Fixed ede3 cbc which I had broken in 3.16.  I have also
+	removed some unneeded variables in 7-8 of the routines.
+
+Version 3.16 26/06/95
+	Added des_encrypt2() which does not use IP/FP, used by triple
+	des routines.  Tweaked things a bit elsewhere. %13 speedup on
+	sparc and %6 on a R4400 for ede3 cbc mode.
+
+Version 3.15 06/06/95
+	Added des_ncbc_encrypt(), it is des_cbc mode except that it is
+	'normal' and copies the new iv value back over the top of the
+	passed parameter.
+	CHANGED des_ede3_cbc_encrypt() so that it too now overwrites
+	the iv.  THIS WILL BREAK EXISTING CODE, but since this function
+	only new, I feel I can change it, not so with des_cbc_encrypt :-(.
+	I need to update the documentation.
+
+Version 3.14 31/05/95
+	New release upon the world, as part of my SSL implementation.
+	New copyright and usage stuff.  Basically free for all to use
+	as long as you say it came from me :-)
+
+Version 3.13 31/05/95
+	A fix in speed.c, if HZ is not defined, I set it to 100.0
+	which is reasonable for most unixes except SunOS 4.x.
+	I now have a #ifdef sun but timing for SunOS 4.x looked very
+	good :-(.  At my last job where I used SunOS 4.x, it was
+	defined to be 60.0 (look at the old INSTALL documentation), at
+	the last release had it changed to 100.0 since I now work with
+	Solaris2 and SVR4 boxes.
+	Thanks to  Rory Chisholm  for pointing this
+	one out.
+
+Version 3.12 08/05/95
+	As pointed out by The Crypt Keeper ,
+	my D_ENCRYPT macro in crypt() had an un-necessary variable.
+	It has been removed.
+
+Version 3.11 03/05/95
+	Added des_ede3_cbc_encrypt() which is cbc mode des with 3 keys
+	and one iv.  It is a standard and I needed it for my SSL code.
+	It makes more sense to use this for triple DES than
+	3cbc_encrypt().  I have also added (or should I say tested :-)
+	cfb64_encrypt() which is cfb64 but it will encrypt a partial
+	number of bytes - 3 bytes in 3 bytes out.  Again this is for
+	my SSL library, as a form of encryption to use with SSL
+	telnet.
+
+Version 3.10 22/03/95
+	Fixed a bug in 3cbc_encrypt() :-(.  When making repeated calls
+	to cbc3_encrypt, the 2 iv values that were being returned to
+	be used in the next call were reversed :-(.
+	Many thanks to Bill Wade  for pointing out
+	this error.
+
+Version 3.09 01/02/95
+	Fixed des_random_key to far more random, it was rather feeble
+	with regards to picking the initial seed.  The problem was
+	pointed out by Olaf Kirch .
+
+Version 3.08 14/12/94
+	Added Makefile.PL so libdes can be built into perl5.
+	Changed des_locl.h so RAND is always defined.
+
+Version 3.07 05/12/94
+	Added GNUmake and stuff so the library can be build with
+	glibc.
+
+Version 3.06 30/08/94
+	Added rpc_enc.c which contains _des_crypt.  This is for use in
+	secure_rpc v 4.0
+	Finally fixed the cfb_enc problems.
+	Fixed a few parameter parsing bugs in des (-3 and -b), thanks
+	to Rob McMillan 
+
+Version 3.05 21/04/94
+	for unsigned long l; gcc does not produce ((l>>34) == 0)
+	This causes bugs in cfb_enc.
+	Thanks to Hadmut Danisch 
+
+Version 3.04 20/04/94
+	Added a version number to des.c and libdes.a
+
+Version 3.03 12/01/94
+	Fixed a bug in non zero iv in 3cbc_enc.
+
+Version 3.02 29/10/93
+	I now work in a place where there are 6+ architectures and 14+
+	OS versions :-).
+	Fixed TERMIO definition so the most sys V boxes will work :-)
+
+Release upon comp.sources.misc
+Version 3.01 08/10/93
+	Added des_3cbc_encrypt()
+
+Version 3.00 07/10/93
+	Fixed up documentation.
+	quad_cksum definitely compatible with MIT's now.
+
+Version 2.30 24/08/93
+	Triple DES now defaults to triple cbc but can do triple ecb
+	 with the -b flag.
+	Fixed some MSDOS uuen/uudecoding problems, thanks to
+	Added prototypes.
+	
+Version 2.22 29/06/93
+	Fixed a bug in des_is_weak_key() which stopped it working :-(
+	thanks to engineering@MorningStar.Com.
+
+Version 2.21 03/06/93
+	des(1) with no arguments gives quite a bit of help.
+	Added -c (generate ckecksum) flag to des(1).
+	Added -3 (triple DES) flag to des(1).
+	Added cfb and ofb routines to the library.
+
+Version 2.20 11/03/93
+	Added -u (uuencode) flag to des(1).
+	I have been playing with byte order in quad_cksum to make it
+	 compatible with MIT's version.  All I can say is avid this
+	 function if possible since MIT's output is endian dependent.
+
+Version 2.12 14/10/92
+	Added MSDOS specific macro in ecb_encrypt which gives a %70
+	 speed up when the code is compiled with turbo C.
+
+Version 2.11 12/10/92
+	Speedup in set_key (recoding of PC-1)
+	 I now do it in 47 simple operations, down from 60.
+	 Thanks to John Fletcher (john_fletcher@lccmail.ocf.llnl.gov)
+	 for motivating me to look for a faster system :-)
+	 The speedup is probably less that 1% but it is still 13
+	 instructions less :-).
+
+Version 2.10 06/10/92
+	The code now works on the 64bit ETA10 and CRAY without modifications or
+	 #defines.  I believe the code should work on any machine that
+	 defines long, int or short to be 8 bytes long.
+	Thanks to Shabbir J. Safdar (shabby@mentor.cc.purdue.edu)
+	 for helping me fix the code to run on 64bit machines (he had
+	 access to an ETA10).
+	Thanks also to John Fletcher 
+	 for testing the routines on a CRAY.
+	read_password.c has been renamed to read_passwd.c
+	string_to_key.c has been renamed to string2key.c
+
+Version 2.00 14/09/92
+	Made mods so that the library should work on 64bit CPU's.
+	Removed all my uchar and ulong defs.  To many different
+	 versions of unix define them in their header files in too many
+	 different combinations :-)
+	IRIX - Sillicon Graphics mods (mostly in read_password.c).
+	 Thanks to Andrew Daviel (advax@erich.triumf.ca)
+
+Version 1.99 26/08/92
+	Fixed a bug or 2 in enc_read.c
+	Fixed a bug in enc_write.c
+	Fixed a pseudo bug in fcrypt.c (very obscure).
+
+Version 1.98 31/07/92
+	Support for the ETA10.  This is a strange machine that defines
+	longs and ints as 8 bytes and shorts as 4 bytes.
+	Since I do evil things with long * that assume that they are 4
+	bytes.  Look in the Makefile for the option to compile for
+	this machine.  quad_cksum appears to have problems but I
+	will don't have the time to fix it right now, and this is not
+	a function that uses DES and so will not effect the main uses
+	of the library.
+
+Version 1.97 20/05/92 eay
+	Fixed the Imakefile and made some changes to des.h to fix some
+	problems when building this package with Kerberos v 4.
+
+Version 1.96 18/05/92 eay
+	Fixed a small bug in string_to_key() where problems could
+	occur if des_check_key was set to true and the string
+	generated a weak key.
+
+Patch2 posted to comp.sources.misc
+Version 1.95 13/05/92 eay
+	Added an alternative version of the D_ENCRYPT macro in
+	ecb_encrypt and fcrypt.  Depending on the compiler, one version or the
+	other will be faster.  This was inspired by 
+	Dana How , and her pointers about doing the
+	*(ulong *)((uchar *)ptr+(value&0xfc))
+	vs
+	ptr[value&0x3f]
+	to stop the C compiler doing a <<2 to convert the long array index.
+
+Version 1.94 05/05/92 eay
+	Fixed an incompatibility between my string_to_key and the MIT
+	 version.  When the key is longer than 8 chars, I was wrapping
+	 with a different method.  To use the old version, define
+	 OLD_STR_TO_KEY in the makefile.  Thanks to
+	 viktor@newsu.shearson.com (Viktor Dukhovni).
+
+Version 1.93 28/04/92 eay
+	Fixed the VMS mods so that echo is now turned off in
+	 read_password.  Thanks again to brennan@coco.cchs.su.oz.AU.
+	MSDOS support added.  The routines can be compiled with
+	 Turbo C (v2.0) and MSC (v5.1).  Make sure MSDOS is defined.
+
+Patch1 posted to comp.sources.misc
+Version 1.92 13/04/92 eay
+	Changed D_ENCRYPT so that the rotation of R occurs outside of
+	 the loop.  This required rotating all the longs in sp.h (now
+	 called spr.h). Thanks to Richard Outerbridge <71755.204@CompuServe.COM>
+	speed.c has been changed so it will work without SIGALRM.  If
+	 times(3) is not present it will try to use ftime() instead.
+
+Version 1.91 08/04/92 eay
+	Added -E/-D options to des(1) so it can use string_to_key.
+	Added SVR4 mods suggested by witr@rwwa.COM
+	Added VMS mods suggested by brennan@coco.cchs.su.oz.AU.  If
+	anyone knows how to turn of tty echo in VMS please tell me or
+	implement it yourself :-).
+	Changed FILE *IN/*OUT to *DES_IN/*DES_OUT since it appears VMS
+	does not like IN/OUT being used.
+
+Libdes posted to comp.sources.misc
+Version 1.9 24/03/92 eay
+	Now contains a fast small crypt replacement.
+	Added des(1) command.
+	Added des_rw_mode so people can use cbc encryption with
+	enc_read and enc_write.
+
+Version 1.8 15/10/91 eay
+	Bug in cbc_cksum.
+	Many thanks to Keith Reynolds (keithr@sco.COM) for pointing this
+	one out.
+
+Version 1.7 24/09/91 eay
+	Fixed set_key :-)
+	set_key is 4 times faster and takes less space.
+	There are a few minor changes that could be made.
+
+Version 1.6 19/09/1991 eay
+	Finally go IP and FP finished.
+	Now I need to fix set_key.
+	This version is quite a bit faster that 1.51
+
+Version 1.52 15/06/1991 eay
+	20% speedup in ecb_encrypt by changing the E bit selection
+	to use 2 32bit words.  This also required modification of the
+	sp table.  There is still a way to speedup the IP and IP-1
+	(hints from outer@sq.com) still working on this one :-(.
+
+Version 1.51 07/06/1991 eay
+	Faster des_encrypt by loop unrolling
+	Fixed bug in quad_cksum.c (thanks to hughes@logos.ucs.indiana.edu)
+
+Version 1.50 28/05/1991 eay
+	Optimised the code a bit more for the sparc.  I have improved the
+	speed of the inner des_encrypt by speeding up the initial and
+	final permutations.
+
+Version 1.40 23/10/1990 eay
+	Fixed des_random_key, it did not produce a random key :-(
+
+Version 1.30  2/10/1990 eay
+	Have made des_quad_cksum the same as MIT's, the full package
+	should be compatible with MIT's
+	Have tested on a DECstation 3100
+	Still need to fix des_set_key (make it faster).
+	Does des_cbc_encrypts at 70.5k/sec on a 3100.
+
+Version 1.20 18/09/1990 eay
+	Fixed byte order dependencies.
+	Fixed (I hope) all the word alignment problems.
+	Speedup in des_ecb_encrypt.
+
+Version 1.10 11/09/1990 eay
+	Added des_enc_read and des_enc_write.
+	Still need to fix des_quad_cksum.
+	Still need to document des_enc_read and des_enc_write.
+
+Version 1.00 27/08/1990 eay
+
diff --git a/crypto/openssl/crypto/des/asm/crypt586.pl b/crypto/openssl/crypto/des/asm/crypt586.pl
new file mode 100644
index 000000000000..197c413ea6f8
--- /dev/null
+++ b/crypto/openssl/crypto/des/asm/crypt586.pl
@@ -0,0 +1,204 @@
+#!/usr/local/bin/perl
+#
+# The inner loop instruction sequence and the IP/FP modifications are from
+# Svend Olaf Mikkelsen 
+# I've added the stuff needed for crypt() but I've not worried about making
+# things perfect.
+#
+
+push(@INC,"perlasm","../../perlasm");
+require "x86asm.pl";
+
+&asm_init($ARGV[0],"crypt586.pl");
+
+$L="edi";
+$R="esi";
+
+&external_label("des_SPtrans");
+&fcrypt_body("fcrypt_body");
+&asm_finish();
+
+sub fcrypt_body
+	{
+	local($name,$do_ip)=@_;
+
+	&function_begin($name,"EXTRN   _des_SPtrans:DWORD");
+
+	&comment("");
+	&comment("Load the 2 words");
+	$ks="ebp";
+
+	&xor(	$L,	$L);
+	&xor(	$R,	$R);
+	&mov($ks,&wparam(1));
+
+	&push(&DWC(25)); # add a variable
+
+	&set_label("start");
+	for ($i=0; $i<16; $i+=2)
+		{
+		&comment("");
+		&comment("Round $i");
+		&D_ENCRYPT($i,$L,$R,$i*2,$ks,"des_SPtrans","eax","ebx","ecx","edx");
+
+		&comment("");
+		&comment("Round ".sprintf("%d",$i+1));
+		&D_ENCRYPT($i+1,$R,$L,($i+1)*2,$ks,"des_SPtrans","eax","ebx","ecx","edx");
+		}
+	 &mov("ebx",	&swtmp(0));
+	&mov("eax",	$L);
+	 &dec("ebx");
+	&mov($L,	$R);
+	 &mov($R,	"eax");
+	&mov(&swtmp(0),	"ebx");
+	 &jnz(&label("start"));
+
+	&comment("");
+	&comment("FP");
+	&mov("edx",&wparam(0));
+
+	&FP_new($R,$L,"eax",3);
+	&mov(&DWP(0,"edx","",0),"eax");
+	&mov(&DWP(4,"edx","",0),$L);
+
+	&pop("ecx");	# remove variable
+
+	&function_end($name);
+	}
+
+sub D_ENCRYPT
+	{
+	local($r,$L,$R,$S,$ks,$desSP,$u,$tmp1,$tmp2,$t)=@_;
+
+	&mov(	$u,		&wparam(2));			# 2
+	&mov(	$t,		$R);
+	&shr(	$t,		16);				# 1
+	&mov(	$tmp2,		&wparam(3));			# 2
+	&xor(	$t,		$R);				# 1
+
+	&and(	$u,		$t);				# 2
+	&and(	$t,		$tmp2);				# 2
+
+	&mov(	$tmp1,		$u);
+	&shl(	$tmp1,		16); 				# 1
+	&mov(	$tmp2,		$t);
+	&shl(	$tmp2,		16); 				# 1
+	&xor(	$u,		$tmp1);				# 2
+	&xor(	$t,		$tmp2);				# 2
+	&mov(	$tmp1,		&DWP(&n2a($S*4),$ks,"",0));	# 2
+	&xor(	$u,		$tmp1);
+	&mov(	$tmp2,		&DWP(&n2a(($S+1)*4),$ks,"",0));	# 2
+	&xor(	$u,		$R);
+	&xor(	$t,		$R);
+	&xor(	$t,		$tmp2);
+
+	&and(	$u,		"0xfcfcfcfc"	);		# 2
+	&xor(	$tmp1,		$tmp1);				# 1
+	&and(	$t,		"0xcfcfcfcf"	);		# 2
+	&xor(	$tmp2,		$tmp2);	
+	&movb(	&LB($tmp1),	&LB($u)	);
+	&movb(	&LB($tmp2),	&HB($u)	);
+	&rotr(	$t,		4		);
+	&mov(	$ks,		&DWP("      $desSP",$tmp1,"",0));
+	&movb(	&LB($tmp1),	&LB($t)	);
+	&xor(	$L,		$ks);
+	&mov(	$ks,		&DWP("0x200+$desSP",$tmp2,"",0));
+	&xor(	$L,		$ks);
+	&movb(	&LB($tmp2),	&HB($t)	);
+	&shr(	$u,		16);
+	&mov(	$ks,		&DWP("0x100+$desSP",$tmp1,"",0));
+	&xor(	$L,		$ks); 
+	&movb(	&LB($tmp1),	&HB($u)	);
+	&shr(	$t,		16);
+	&mov(	$ks,		&DWP("0x300+$desSP",$tmp2,"",0));
+	&xor(	$L,		$ks);
+	&mov(	$ks,		&wparam(1));
+	&movb(	&LB($tmp2),	&HB($t)	);
+	&and(	$u,		"0xff"	);
+	&and(	$t,		"0xff"	);
+	&mov(	$tmp1,		&DWP("0x600+$desSP",$tmp1,"",0));
+	&xor(	$L,		$tmp1);
+	&mov(	$tmp1,		&DWP("0x700+$desSP",$tmp2,"",0));
+	&xor(	$L,		$tmp1);
+	&mov(	$tmp1,		&DWP("0x400+$desSP",$u,"",0));
+	&xor(	$L,		$tmp1);
+	&mov(	$tmp1,		&DWP("0x500+$desSP",$t,"",0));
+	&xor(	$L,		$tmp1);
+	}
+
+sub n2a
+	{
+	sprintf("%d",$_[0]);
+	}
+
+# now has a side affect of rotating $a by $shift
+sub R_PERM_OP
+	{
+	local($a,$b,$tt,$shift,$mask,$last)=@_;
+
+	&rotl(	$a,		$shift		) if ($shift != 0);
+	&mov(	$tt,		$a		);
+	&xor(	$a,		$b		);
+	&and(	$a,		$mask		);
+	if ($notlast eq $b)
+		{
+		&xor(	$b,		$a		);
+		&xor(	$tt,		$a		);
+		}
+	else
+		{
+		&xor(	$tt,		$a		);
+		&xor(	$b,		$a		);
+		}
+	&comment("");
+	}
+
+sub IP_new
+	{
+	local($l,$r,$tt,$lr)=@_;
+
+	&R_PERM_OP($l,$r,$tt, 4,"0xf0f0f0f0",$l);
+	&R_PERM_OP($r,$tt,$l,20,"0xfff0000f",$l);
+	&R_PERM_OP($l,$tt,$r,14,"0x33333333",$r);
+	&R_PERM_OP($tt,$r,$l,22,"0x03fc03fc",$r);
+	&R_PERM_OP($l,$r,$tt, 9,"0xaaaaaaaa",$r);
+	
+	if ($lr != 3)
+		{
+		if (($lr-3) < 0)
+			{ &rotr($tt,	3-$lr); }
+		else	{ &rotl($tt,	$lr-3); }
+		}
+	if ($lr != 2)
+		{
+		if (($lr-2) < 0)
+			{ &rotr($r,	2-$lr); }
+		else	{ &rotl($r,	$lr-2); }
+		}
+	}
+
+sub FP_new
+	{
+	local($l,$r,$tt,$lr)=@_;
+
+	if ($lr != 2)
+		{
+		if (($lr-2) < 0)
+			{ &rotl($r,	2-$lr); }
+		else	{ &rotr($r,	$lr-2); }
+		}
+	if ($lr != 3)
+		{
+		if (($lr-3) < 0)
+			{ &rotl($l,	3-$lr); }
+		else	{ &rotr($l,	$lr-3); }
+		}
+
+	&R_PERM_OP($l,$r,$tt, 0,"0xaaaaaaaa",$r);
+	&R_PERM_OP($tt,$r,$l,23,"0x03fc03fc",$r);
+	&R_PERM_OP($l,$r,$tt,10,"0x33333333",$l);
+	&R_PERM_OP($r,$tt,$l,18,"0xfff0000f",$l);
+	&R_PERM_OP($l,$tt,$r,12,"0xf0f0f0f0",$r);
+	&rotr($tt	, 4);
+	}
+
diff --git a/crypto/openssl/crypto/des/asm/des-586.pl b/crypto/openssl/crypto/des/asm/des-586.pl
new file mode 100644
index 000000000000..f05407107783
--- /dev/null
+++ b/crypto/openssl/crypto/des/asm/des-586.pl
@@ -0,0 +1,253 @@
+#!/usr/local/bin/perl
+#
+# The inner loop instruction sequence and the IP/FP modifications are from
+# Svend Olaf Mikkelsen 
+#
+
+push(@INC,"perlasm","../../perlasm");
+require "x86asm.pl";
+require "cbc.pl";
+require "desboth.pl";
+
+# base code is in microsft
+# op dest, source
+# format.
+#
+
+&asm_init($ARGV[0],"des-586.pl");
+
+$L="edi";
+$R="esi";
+
+&external_label("des_SPtrans");
+&des_encrypt("des_encrypt",1);
+&des_encrypt("des_encrypt2",0);
+&des_encrypt3("des_encrypt3",1);
+&des_encrypt3("des_decrypt3",0);
+&cbc("des_ncbc_encrypt","des_encrypt","des_encrypt",0,4,5,3,5,-1);
+&cbc("des_ede3_cbc_encrypt","des_encrypt3","des_decrypt3",0,6,7,3,4,5);
+
+&asm_finish();
+
+sub des_encrypt
+	{
+	local($name,$do_ip)=@_;
+
+	&function_begin_B($name,"EXTRN   _des_SPtrans:DWORD");
+
+	&push("esi");
+	&push("edi");
+
+	&comment("");
+	&comment("Load the 2 words");
+	$ks="ebp";
+
+	if ($do_ip)
+		{
+		&mov($R,&wparam(0));
+		 &xor(	"ecx",		"ecx"		);
+
+		&push("ebx");
+		&push("ebp");
+
+		&mov("eax",&DWP(0,$R,"",0));
+		 &mov("ebx",&wparam(2));	# get encrypt flag
+		&mov($L,&DWP(4,$R,"",0));
+		&comment("");
+		&comment("IP");
+		&IP_new("eax",$L,$R,3);
+		}
+	else
+		{
+		&mov("eax",&wparam(0));
+		 &xor(	"ecx",		"ecx"		);
+
+		&push("ebx");
+		&push("ebp");
+
+		&mov($R,&DWP(0,"eax","",0));
+		 &mov("ebx",&wparam(2));	# get encrypt flag
+		&rotl($R,3);
+		&mov($L,&DWP(4,"eax","",0));
+		&rotl($L,3);
+		}
+
+	&mov(	$ks,		&wparam(1)	);
+	&cmp("ebx","0");
+	&je(&label("start_decrypt"));
+
+	for ($i=0; $i<16; $i+=2)
+		{
+		&comment("");
+		&comment("Round $i");
+		&D_ENCRYPT($i,$L,$R,$i*2,$ks,"des_SPtrans","eax","ebx","ecx","edx");
+
+		&comment("");
+		&comment("Round ".sprintf("%d",$i+1));
+		&D_ENCRYPT($i+1,$R,$L,($i+1)*2,$ks,"des_SPtrans","eax","ebx","ecx","edx");
+		}
+	&jmp(&label("end"));
+
+	&set_label("start_decrypt");
+
+	for ($i=15; $i>0; $i-=2)
+		{
+		&comment("");
+		&comment("Round $i");
+		&D_ENCRYPT(15-$i,$L,$R,$i*2,$ks,"des_SPtrans","eax","ebx","ecx","edx");
+		&comment("");
+		&comment("Round ".sprintf("%d",$i-1));
+		&D_ENCRYPT(15-$i+1,$R,$L,($i-1)*2,$ks,"des_SPtrans","eax","ebx","ecx","edx");
+		}
+
+	&set_label("end");
+
+	if ($do_ip)
+		{
+		&comment("");
+		&comment("FP");
+		&mov("edx",&wparam(0));
+		&FP_new($L,$R,"eax",3);
+
+		&mov(&DWP(0,"edx","",0),"eax");
+		&mov(&DWP(4,"edx","",0),$R);
+		}
+	else
+		{
+		&comment("");
+		&comment("Fixup");
+		&rotr($L,3);		# r
+		 &mov("eax",&wparam(0));
+		&rotr($R,3);		# l
+		 &mov(&DWP(0,"eax","",0),$L);
+		 &mov(&DWP(4,"eax","",0),$R);
+		}
+
+	&pop("ebp");
+	&pop("ebx");
+	&pop("edi");
+	&pop("esi");
+	&ret();
+
+	&function_end_B($name);
+	}
+
+sub D_ENCRYPT
+	{
+	local($r,$L,$R,$S,$ks,$desSP,$u,$tmp1,$tmp2,$t)=@_;
+
+	 &mov(	$u,		&DWP(&n2a($S*4),$ks,"",0));
+	&xor(	$tmp1,		$tmp1);
+	 &mov(	$t,		&DWP(&n2a(($S+1)*4),$ks,"",0));
+	&xor(	$u,		$R);
+	 &xor(	$t,		$R);
+	&and(	$u,		"0xfcfcfcfc"	);
+	 &and(	$t,		"0xcfcfcfcf"	);
+	&movb(	&LB($tmp1),	&LB($u)	);
+	 &movb(	&LB($tmp2),	&HB($u)	);
+	&rotr(	$t,		4		);
+	&mov(	$ks,		&DWP("      $desSP",$tmp1,"",0));
+	 &movb(	&LB($tmp1),	&LB($t)	);
+	&xor(	$L,		$ks);
+	 &mov(	$ks,		&DWP("0x200+$desSP",$tmp2,"",0));
+	&xor(	$L,		$ks); ######
+	 &movb(	&LB($tmp2),	&HB($t)	);
+	&shr(	$u,		16);
+	 &mov(	$ks,		&DWP("0x100+$desSP",$tmp1,"",0));
+	&xor(	$L,		$ks); ######
+	 &movb(	&LB($tmp1),	&HB($u)	);
+	&shr(	$t,		16);
+	 &mov(	$ks,		&DWP("0x300+$desSP",$tmp2,"",0));
+	&xor(	$L,		$ks);
+	 &mov(	$ks,		&wparam(1)	);
+	&movb(	&LB($tmp2),	&HB($t)	);
+	 &and(	$u,		"0xff"	);
+	&and(	$t,		"0xff"	);
+	 &mov(	$tmp1,		&DWP("0x600+$desSP",$tmp1,"",0));
+	&xor(	$L,		$tmp1);
+	 &mov(	$tmp1,		&DWP("0x700+$desSP",$tmp2,"",0));
+	&xor(	$L,		$tmp1);
+	 &mov(	$tmp1,		&DWP("0x400+$desSP",$u,"",0));
+	&xor(	$L,		$tmp1);
+	 &mov(	$tmp1,		&DWP("0x500+$desSP",$t,"",0));
+	&xor(	$L,		$tmp1);
+	}
+
+sub n2a
+	{
+	sprintf("%d",$_[0]);
+	}
+
+# now has a side affect of rotating $a by $shift
+sub R_PERM_OP
+	{
+	local($a,$b,$tt,$shift,$mask,$last)=@_;
+
+	&rotl(	$a,		$shift		) if ($shift != 0);
+	&mov(	$tt,		$a		);
+	&xor(	$a,		$b		);
+	&and(	$a,		$mask		);
+	# This can never succeed, and besides it is difficult to see what the
+	# idea was - Ben 13 Feb 99
+	if (!$last eq $b)
+		{
+		&xor(	$b,		$a		);
+		&xor(	$tt,		$a		);
+		}
+	else
+		{
+		&xor(	$tt,		$a		);
+		&xor(	$b,		$a		);
+		}
+	&comment("");
+	}
+
+sub IP_new
+	{
+	local($l,$r,$tt,$lr)=@_;
+
+	&R_PERM_OP($l,$r,$tt, 4,"0xf0f0f0f0",$l);
+	&R_PERM_OP($r,$tt,$l,20,"0xfff0000f",$l);
+	&R_PERM_OP($l,$tt,$r,14,"0x33333333",$r);
+	&R_PERM_OP($tt,$r,$l,22,"0x03fc03fc",$r);
+	&R_PERM_OP($l,$r,$tt, 9,"0xaaaaaaaa",$r);
+	
+	if ($lr != 3)
+		{
+		if (($lr-3) < 0)
+			{ &rotr($tt,	3-$lr); }
+		else	{ &rotl($tt,	$lr-3); }
+		}
+	if ($lr != 2)
+		{
+		if (($lr-2) < 0)
+			{ &rotr($r,	2-$lr); }
+		else	{ &rotl($r,	$lr-2); }
+		}
+	}
+
+sub FP_new
+	{
+	local($l,$r,$tt,$lr)=@_;
+
+	if ($lr != 2)
+		{
+		if (($lr-2) < 0)
+			{ &rotl($r,	2-$lr); }
+		else	{ &rotr($r,	$lr-2); }
+		}
+	if ($lr != 3)
+		{
+		if (($lr-3) < 0)
+			{ &rotl($l,	3-$lr); }
+		else	{ &rotr($l,	$lr-3); }
+		}
+
+	&R_PERM_OP($l,$r,$tt, 0,"0xaaaaaaaa",$r);
+	&R_PERM_OP($tt,$r,$l,23,"0x03fc03fc",$r);
+	&R_PERM_OP($l,$r,$tt,10,"0x33333333",$l);
+	&R_PERM_OP($r,$tt,$l,18,"0xfff0000f",$l);
+	&R_PERM_OP($l,$tt,$r,12,"0xf0f0f0f0",$r);
+	&rotr($tt	, 4);
+	}
+
diff --git a/crypto/openssl/crypto/des/asm/des686.pl b/crypto/openssl/crypto/des/asm/des686.pl
new file mode 100644
index 000000000000..77dc5b51cdf9
--- /dev/null
+++ b/crypto/openssl/crypto/des/asm/des686.pl
@@ -0,0 +1,230 @@
+#!/usr/local/bin/perl
+
+$prog="des686.pl";
+
+# base code is in microsft
+# op dest, source
+# format.
+#
+
+# WILL NOT WORK ANYMORE WITH desboth.pl
+require "desboth.pl";
+
+if (	($ARGV[0] eq "elf"))
+	{ require "x86unix.pl"; }
+elsif (	($ARGV[0] eq "a.out"))
+	{ $aout=1; require "x86unix.pl"; }
+elsif (	($ARGV[0] eq "sol"))
+	{ $sol=1; require "x86unix.pl"; }
+elsif ( ($ARGV[0] eq "cpp"))
+	{ $cpp=1; require "x86unix.pl"; }
+elsif (	($ARGV[0] eq "win32"))
+	{ require "x86ms.pl"; }
+else
+	{
+	print STDERR <<"EOF";
+Pick one target type from
+	elf	- linux, FreeBSD etc
+	a.out	- old linux
+	sol	- x86 solaris
+	cpp	- format so x86unix.cpp can be used
+	win32	- Windows 95/Windows NT
+EOF
+	exit(1);
+	}
+
+&comment("Don't even think of reading this code");
+&comment("It was automatically generated by $prog");
+&comment("Which is a perl program used to generate the x86 assember for");
+&comment("any of elf, a.out, Win32, or Solaris");
+&comment("It can be found in SSLeay 0.6.5+ or in libdes 3.26+");
+&comment("eric ");
+&comment("");
+
+&file("dx86xxxx");
+
+$L="edi";
+$R="esi";
+
+&des_encrypt("des_encrypt",1);
+&des_encrypt("des_encrypt2",0);
+
+&des_encrypt3("des_encrypt3",1);
+&des_encrypt3("des_decrypt3",0);
+
+&file_end();
+
+sub des_encrypt
+	{
+	local($name,$do_ip)=@_;
+
+	&function_begin($name,"EXTRN   _des_SPtrans:DWORD");
+
+	&comment("");
+	&comment("Load the 2 words");
+	&mov("eax",&wparam(0));
+	&mov($L,&DWP(0,"eax","",0));
+	&mov($R,&DWP(4,"eax","",0));
+
+	$ksp=&wparam(1);
+
+	if ($do_ip)
+		{
+		&comment("");
+		&comment("IP");
+		&IP_new($L,$R,"eax");
+		}
+
+	&comment("");
+	&comment("fixup rotate");
+	&rotl($R,3);
+	&rotl($L,3);
+	&exch($L,$R);
+
+	&comment("");
+	&comment("load counter, key_schedule and enc flag");
+	&mov("eax",&wparam(2));	# get encrypt flag
+	&mov("ebp",&wparam(1));	# get ks
+	&cmp("eax","0");
+	&je(&label("start_decrypt"));
+
+	# encrypting part
+
+	for ($i=0; $i<16; $i+=2)
+		{
+		&comment("");
+		&comment("Round $i");
+		&D_ENCRYPT($L,$R,$i*2,"ebp","des_SPtrans","ecx","edx","eax","ebx");
+
+		&comment("");
+		&comment("Round ".sprintf("%d",$i+1));
+		&D_ENCRYPT($R,$L,($i+1)*2,"ebp","des_SPtrans","ecx","edx","eax","ebx");
+		}
+	&jmp(&label("end"));
+
+	&set_label("start_decrypt");
+
+	for ($i=15; $i>0; $i-=2)
+		{
+		&comment("");
+		&comment("Round $i");
+		&D_ENCRYPT($L,$R,$i*2,"ebp","des_SPtrans","ecx","edx","eax","ebx");
+		&comment("");
+		&comment("Round ".sprintf("%d",$i-1));
+		&D_ENCRYPT($R,$L,($i-1)*2,"ebp","des_SPtrans","ecx","edx","eax","ebx");
+		}
+
+	&set_label("end");
+
+	&comment("");
+	&comment("Fixup");
+	&rotr($L,3);		# r
+	&rotr($R,3);		# l
+
+	if ($do_ip)
+		{
+		&comment("");
+		&comment("FP");
+		&FP_new($R,$L,"eax");
+		}
+
+	&mov("eax",&wparam(0));
+	&mov(&DWP(0,"eax","",0),$L);
+	&mov(&DWP(4,"eax","",0),$R);
+
+	&function_end($name);
+	}
+
+
+# The logic is to load R into 2 registers and operate on both at the same time.
+# We also load the 2 R's into 2 more registers so we can do the 'move word down a byte'
+# while also masking the other copy and doing a lookup.  We then also accumulate the
+# L value in 2 registers then combine them at the end.
+sub D_ENCRYPT
+	{
+	local($L,$R,$S,$ks,$desSP,$u,$t,$tmp1,$tmp2,$tmp3)=@_;
+
+	&mov(	$u,		&DWP(&n2a($S*4),$ks,"",0));
+	&mov(	$t,		&DWP(&n2a(($S+1)*4),$ks,"",0));
+	&xor(	$u,		$R		);
+	&xor(	$t,		$R		);
+	&rotr(	$t,		4		);
+
+	# the numbers at the end of the line are origional instruction order
+	&mov(	$tmp2,		$u		);			# 1 2
+	&mov(	$tmp1,		$t		);			# 1 1
+	&and(	$tmp2,		"0xfc"		);			# 1 4
+	&and(	$tmp1,		"0xfc"		);			# 1 3
+	&shr(	$t,		8		);			# 1 5
+	&xor(	$L,		&DWP("0x100+$desSP",$tmp1,"",0));	# 1 7
+	&shr(	$u,		8		);			# 1 6
+	&mov(	$tmp1,		&DWP("      $desSP",$tmp2,"",0));	# 1 8
+
+	&mov(	$tmp2,		$u		);			# 2 2
+	&xor(	$L,		$tmp1		);			# 1 9
+	&and(	$tmp2,		"0xfc"		);			# 2 4
+	&mov(	$tmp1,		$t		);			# 2 1
+	&and(	$tmp1,		"0xfc"		);			# 2 3
+	&shr(	$t,		8		);			# 2 5
+	&xor(	$L,		&DWP("0x300+$desSP",$tmp1,"",0));	# 2 7
+	&shr(	$u,		8		);			# 2 6
+	&mov(	$tmp1,		&DWP("0x200+$desSP",$tmp2,"",0));	# 2 8
+	&mov(	$tmp2,		$u		);			# 3 2
+
+	&xor(	$L,		$tmp1		);			# 2 9
+	&and(	$tmp2,		"0xfc"		);			# 3 4
+
+	&mov(	$tmp1,		$t		);			# 3 1 
+	&shr(	$u,		8		);			# 3 6
+	&and(	$tmp1,		"0xfc"		);			# 3 3
+	&shr(	$t,		8		);			# 3 5
+	&xor(	$L,		&DWP("0x500+$desSP",$tmp1,"",0));	# 3 7
+	&mov(	$tmp1,		&DWP("0x400+$desSP",$tmp2,"",0));	# 3 8
+
+	&and(	$t,		"0xfc"		);			# 4 1
+	&xor(	$L,		$tmp1		);			# 3 9
+
+	&and(	$u,		"0xfc"		);			# 4 2
+	&xor(	$L,		&DWP("0x700+$desSP",$t,"",0));		# 4 3
+	&xor(	$L,		&DWP("0x600+$desSP",$u,"",0));		# 4 4
+	}
+
+sub PERM_OP
+	{
+	local($a,$b,$tt,$shift,$mask)=@_;
+
+	&mov(	$tt,		$a		);
+	&shr(	$tt,		$shift		);
+	&xor(	$tt,		$b		);
+	&and(	$tt,		$mask		);
+	&xor(	$b,		$tt		);
+	&shl(	$tt,		$shift		);
+	&xor(	$a,		$tt		);
+	}
+
+sub IP_new
+	{
+	local($l,$r,$tt)=@_;
+
+	&PERM_OP($r,$l,$tt, 4,"0x0f0f0f0f");
+	&PERM_OP($l,$r,$tt,16,"0x0000ffff");
+	&PERM_OP($r,$l,$tt, 2,"0x33333333");
+	&PERM_OP($l,$r,$tt, 8,"0x00ff00ff");
+	&PERM_OP($r,$l,$tt, 1,"0x55555555");
+	}
+
+sub FP_new
+	{
+	local($l,$r,$tt)=@_;
+
+	&PERM_OP($l,$r,$tt, 1,"0x55555555");
+        &PERM_OP($r,$l,$tt, 8,"0x00ff00ff");
+        &PERM_OP($l,$r,$tt, 2,"0x33333333");
+        &PERM_OP($r,$l,$tt,16,"0x0000ffff");
+        &PERM_OP($l,$r,$tt, 4,"0x0f0f0f0f");
+	}
+
+sub n2a
+	{
+	sprintf("%d",$_[0]);
+	}
diff --git a/crypto/openssl/crypto/des/asm/desboth.pl b/crypto/openssl/crypto/des/asm/desboth.pl
new file mode 100644
index 000000000000..d5106414dbf8
--- /dev/null
+++ b/crypto/openssl/crypto/des/asm/desboth.pl
@@ -0,0 +1,79 @@
+#!/usr/local/bin/perl
+
+$L="edi";
+$R="esi";
+
+sub des_encrypt3
+	{
+	local($name,$enc)=@_;
+
+	&function_begin_B($name,"");
+	&push("ebx");
+	&mov("ebx",&wparam(0));
+
+	&push("ebp");
+	&push("esi");
+
+	&push("edi");
+
+	&comment("");
+	&comment("Load the data words");
+	&mov($L,&DWP(0,"ebx","",0));
+	&mov($R,&DWP(4,"ebx","",0));
+	&stack_push(3);
+
+	&comment("");
+	&comment("IP");
+	&IP_new($L,$R,"edx",0);
+
+	# put them back
+	
+	if ($enc)
+		{
+		&mov(&DWP(4,"ebx","",0),$R);
+		 &mov("eax",&wparam(1));
+		&mov(&DWP(0,"ebx","",0),"edx");
+		 &mov("edi",&wparam(2));
+		 &mov("esi",&wparam(3));
+		}
+	else
+		{
+		&mov(&DWP(4,"ebx","",0),$R);
+		 &mov("esi",&wparam(1));
+		&mov(&DWP(0,"ebx","",0),"edx");
+		 &mov("edi",&wparam(2));
+		 &mov("eax",&wparam(3));
+		}
+	&mov(&swtmp(2),	(DWC(($enc)?"1":"0")));
+	&mov(&swtmp(1),	"eax");
+	&mov(&swtmp(0),	"ebx");
+	&call("des_encrypt2");
+	&mov(&swtmp(2),	(DWC(($enc)?"0":"1")));
+	&mov(&swtmp(1),	"edi");
+	&mov(&swtmp(0),	"ebx");
+	&call("des_encrypt2");
+	&mov(&swtmp(2),	(DWC(($enc)?"1":"0")));
+	&mov(&swtmp(1),	"esi");
+	&mov(&swtmp(0),	"ebx");
+	&call("des_encrypt2");
+
+	&stack_pop(3);
+	&mov($L,&DWP(0,"ebx","",0));
+	&mov($R,&DWP(4,"ebx","",0));
+
+	&comment("");
+	&comment("FP");
+	&FP_new($L,$R,"eax",0);
+
+	&mov(&DWP(0,"ebx","",0),"eax");
+	&mov(&DWP(4,"ebx","",0),$R);
+
+	&pop("edi");
+	&pop("esi");
+	&pop("ebp");
+	&pop("ebx");
+	&ret();
+	&function_end_B($name);
+	}
+
+
diff --git a/crypto/openssl/crypto/des/asm/readme b/crypto/openssl/crypto/des/asm/readme
new file mode 100644
index 000000000000..f8529d9307eb
--- /dev/null
+++ b/crypto/openssl/crypto/des/asm/readme
@@ -0,0 +1,131 @@
+First up, let me say I don't like writing in assembler.  It is not portable,
+dependant on the particular CPU architecture release and is generally a pig
+to debug and get right.  Having said that, the x86 architecture is probably
+the most important for speed due to number of boxes and since
+it appears to be the worst architecture to to get
+good C compilers for.  So due to this, I have lowered myself to do
+assembler for the inner DES routines in libdes :-).
+
+The file to implement in assembler is des_enc.c.  Replace the following
+4 functions
+des_encrypt(DES_LONG data[2],des_key_schedule ks, int encrypt);
+des_encrypt2(DES_LONG data[2],des_key_schedule ks, int encrypt);
+des_encrypt3(DES_LONG data[2],des_key_schedule ks1,ks2,ks3);
+des_decrypt3(DES_LONG data[2],des_key_schedule ks1,ks2,ks3);
+
+They encrypt/decrypt the 64 bits held in 'data' using
+the 'ks' key schedules.   The only difference between the 4 functions is that
+des_encrypt2() does not perform IP() or FP() on the data (this is an
+optimization for when doing triple DES and des_encrypt3() and des_decrypt3()
+perform triple des.  The triple DES routines are in here because it does
+make a big difference to have them located near the des_encrypt2 function
+at link time..
+
+Now as we all know, there are lots of different operating systems running on
+x86 boxes, and unfortunately they normally try to make sure their assembler
+formating is not the same as the other peoples.
+The 4 main formats I know of are
+Microsoft	Windows 95/Windows NT
+Elf		Includes Linux and FreeBSD(?).
+a.out		The older Linux.
+Solaris		Same as Elf but different comments :-(.
+
+Now I was not overly keen to write 4 different copies of the same code,
+so I wrote a few perl routines to output the correct assembler, given
+a target assembler type.  This code is ugly and is just a hack.
+The libraries are x86unix.pl and x86ms.pl.
+des586.pl, des686.pl and des-som[23].pl are the programs to actually
+generate the assembler.
+
+So to generate elf assembler
+perl des-som3.pl elf >dx86-elf.s
+For Windows 95/NT
+perl des-som2.pl win32 >win32.asm
+
+[ update 4 Jan 1996 ]
+I have added another way to do things.
+perl des-som3.pl cpp >dx86-cpp.s
+generates a file that will be included by dx86unix.cpp when it is compiled.
+To build for elf, a.out, solaris, bsdi etc,
+cc -E -DELF asm/dx86unix.cpp | as -o asm/dx86-elf.o
+cc -E -DSOL asm/dx86unix.cpp | as -o asm/dx86-sol.o
+cc -E -DOUT asm/dx86unix.cpp | as -o asm/dx86-out.o
+cc -E -DBSDI asm/dx86unix.cpp | as -o asm/dx86bsdi.o
+This was done to cut down the number of files in the distribution.
+
+Now the ugly part.  I acquired my copy of Intels
+"Optimization's For Intel's 32-Bit Processors" and found a few interesting
+things.  First, the aim of the exersize is to 'extract' one byte at a time
+from a word and do an array lookup.  This involves getting the byte from
+the 4 locations in the word and moving it to a new word and doing the lookup.
+The most obvious way to do this is
+xor	eax,	eax				# clear word
+movb	al,	cl				# get low byte
+xor	edi	DWORD PTR 0x100+des_SP[eax] 	# xor in word
+movb	al,	ch				# get next byte
+xor	edi	DWORD PTR 0x300+des_SP[eax] 	# xor in word
+shr	ecx	16
+which seems ok.  For the pentium, this system appears to be the best.
+One has to do instruction interleaving to keep both functional units
+operating, but it is basically very efficient.
+
+Now the crunch.  When a full register is used after a partial write, eg.
+mov	al,	cl
+xor	edi,	DWORD PTR 0x100+des_SP[eax]
+386	- 1 cycle stall
+486	- 1 cycle stall
+586	- 0 cycle stall
+686	- at least 7 cycle stall (page 22 of the above mentioned document).
+
+So the technique that produces the best results on a pentium, according to
+the documentation, will produce hideous results on a pentium pro.
+
+To get around this, des686.pl will generate code that is not as fast on
+a pentium, should be very good on a pentium pro.
+mov	eax,	ecx				# copy word 
+shr	ecx,	8				# line up next byte
+and	eax,	0fch				# mask byte
+xor	edi	DWORD PTR 0x100+des_SP[eax] 	# xor in array lookup
+mov	eax,	ecx				# get word
+shr	ecx	8				# line up next byte
+and	eax,	0fch				# mask byte
+xor	edi	DWORD PTR 0x300+des_SP[eax] 	# xor in array lookup
+
+Due to the execution units in the pentium, this actually works quite well.
+For a pentium pro it should be very good.  This is the type of output
+Visual C++ generates.
+
+There is a third option.  instead of using
+mov	al,	ch
+which is bad on the pentium pro, one may be able to use
+movzx	eax,	ch
+which may not incur the partial write penalty.  On the pentium,
+this instruction takes 4 cycles so is not worth using but on the
+pentium pro it appears it may be worth while.  I need access to one to
+experiment :-).
+
+eric (20 Oct 1996)
+
+22 Nov 1996 - I have asked people to run the 2 different version on pentium
+pros and it appears that the intel documentation is wrong.  The
+mov al,bh is still faster on a pentium pro, so just use the des586.pl
+install des686.pl
+
+3 Dec 1996 - I added des_encrypt3/des_decrypt3 because I have moved these
+functions into des_enc.c because it does make a massive performance
+difference on some boxes to have the functions code located close to
+the des_encrypt2() function.
+
+9 Jan 1997 - des-som2.pl is now the correct perl script to use for
+pentiums.  It contains an inner loop from
+Svend Olaf Mikkelsen  which does raw ecb DES calls at
+273,000 per second.  He had a previous version at 250,000 and the best
+I was able to get was 203,000.  The content has not changed, this is all
+due to instruction sequencing (and actual instructions choice) which is able
+to keep both functional units of the pentium going.
+We may have lost the ugly register usage restrictions when x86 went 32 bit
+but for the pentium it has been replaced by evil instruction ordering tricks.
+
+13 Jan 1997 - des-som3.pl, more optimizations from Svend Olaf.
+raw DES at 281,000 per second on a pentium 100.
+
diff --git a/crypto/openssl/crypto/des/cbc3_enc.c b/crypto/openssl/crypto/des/cbc3_enc.c
new file mode 100644
index 000000000000..3863a676d414
--- /dev/null
+++ b/crypto/openssl/crypto/des/cbc3_enc.c
@@ -0,0 +1,93 @@
+/* crypto/des/cbc3_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "des_locl.h"
+
+/* HAS BUGS? DON'T USE - this is only present for use in des.c */
+void des_3cbc_encrypt(des_cblock *input, des_cblock *output, long length,
+	     des_key_schedule ks1, des_key_schedule ks2, des_cblock *iv1,
+	     des_cblock *iv2, int enc)
+	{
+	int off=((int)length-1)/8;
+	long l8=((length+7)/8)*8;
+	des_cblock niv1,niv2;
+
+	if (enc == DES_ENCRYPT)
+		{
+		des_cbc_encrypt(input,output,length,ks1,iv1,enc);
+		if (length >= sizeof(des_cblock))
+			memcpy(niv1,output[off],sizeof(des_cblock));
+		des_cbc_encrypt(output,output,l8,ks2,iv1,!enc);
+		des_cbc_encrypt(output,output,l8,ks1,iv2, enc);
+		if (length >= sizeof(des_cblock))
+			memcpy(niv2,output[off],sizeof(des_cblock));
+		}
+	else
+		{
+		if (length >= sizeof(des_cblock))
+			memcpy(niv2,input[off],sizeof(des_cblock));
+		des_cbc_encrypt(input,output,l8,ks1,iv2,enc);
+		des_cbc_encrypt(output,output,l8,ks2,iv1,!enc);
+		if (length >= sizeof(des_cblock))
+			memcpy(niv1,output[off],sizeof(des_cblock));
+		des_cbc_encrypt(output,output,length,ks1,iv1, enc);
+		}
+	memcpy(*iv1,niv1,sizeof(des_cblock));
+	memcpy(*iv2,niv2,sizeof(des_cblock));
+	}
+
diff --git a/crypto/openssl/crypto/des/cbc_cksm.c b/crypto/openssl/crypto/des/cbc_cksm.c
new file mode 100644
index 000000000000..1e543cb2a19d
--- /dev/null
+++ b/crypto/openssl/crypto/des/cbc_cksm.c
@@ -0,0 +1,97 @@
+/* crypto/des/cbc_cksm.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "des_locl.h"
+
+DES_LONG des_cbc_cksum(const unsigned char *in, des_cblock *output,
+		long length,
+		des_key_schedule schedule, const_des_cblock *ivec)
+	{
+	register DES_LONG tout0,tout1,tin0,tin1;
+	register long l=length;
+	DES_LONG tin[2];
+	unsigned char *out = &(*output)[0];
+	const unsigned char *iv = &(*ivec)[0];
+
+	c2l(iv,tout0);
+	c2l(iv,tout1);
+	for (; l>0; l-=8)
+		{
+		if (l >= 8)
+			{
+			c2l(in,tin0);
+			c2l(in,tin1);
+			}
+		else
+			c2ln(in,tin0,tin1,l);
+			
+		tin0^=tout0; tin[0]=tin0;
+		tin1^=tout1; tin[1]=tin1;
+		des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT);
+		/* fix 15/10/91 eay - thanks to keithr@sco.COM */
+		tout0=tin[0];
+		tout1=tin[1];
+		}
+	if (out != NULL)
+		{
+		l2c(tout0,out);
+		l2c(tout1,out);
+		}
+	tout0=tin0=tin1=tin[0]=tin[1]=0;
+	return(tout1);
+	}
diff --git a/crypto/openssl/crypto/des/cbc_enc.c b/crypto/openssl/crypto/des/cbc_enc.c
new file mode 100644
index 000000000000..677903ae4e32
--- /dev/null
+++ b/crypto/openssl/crypto/des/cbc_enc.c
@@ -0,0 +1,61 @@
+/* crypto/des/cbc_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#define CBC_ENC_C__DONT_UPDATE_IV
+
+#include "ncbc_enc.c" /* des_cbc_encrypt */
diff --git a/crypto/openssl/crypto/des/cfb64ede.c b/crypto/openssl/crypto/des/cfb64ede.c
new file mode 100644
index 000000000000..5362a551bfec
--- /dev/null
+++ b/crypto/openssl/crypto/des/cfb64ede.c
@@ -0,0 +1,141 @@
+/* crypto/des/cfb64ede.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "des_locl.h"
+
+/* The input and output encrypted as though 64bit cfb mode is being
+ * used.  The extra state information to record how much of the
+ * 64bit block we have used is contained in *num;
+ */
+
+void des_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+	     long length, des_key_schedule ks1, des_key_schedule ks2,
+	     des_key_schedule ks3, des_cblock *ivec, int *num, int enc)
+	{
+	register DES_LONG v0,v1;
+	register long l=length;
+	register int n= *num;
+	DES_LONG ti[2];
+	unsigned char *iv,c,cc;
+
+	iv=&(*ivec)[0];
+	if (enc)
+		{
+		while (l--)
+			{
+			if (n == 0)
+				{
+				c2l(iv,v0);
+				c2l(iv,v1);
+
+				ti[0]=v0;
+				ti[1]=v1;
+				des_encrypt3(ti,ks1,ks2,ks3);
+				v0=ti[0];
+				v1=ti[1];
+
+				iv = &(*ivec)[0];
+				l2c(v0,iv);
+				l2c(v1,iv);
+				iv = &(*ivec)[0];
+				}
+			c= *(in++)^iv[n];
+			*(out++)=c;
+			iv[n]=c;
+			n=(n+1)&0x07;
+			}
+		}
+	else
+		{
+		while (l--)
+			{
+			if (n == 0)
+				{
+				c2l(iv,v0);
+				c2l(iv,v1);
+
+				ti[0]=v0;
+				ti[1]=v1;
+				des_encrypt3(ti,ks1,ks2,ks3);
+				v0=ti[0];
+				v1=ti[1];
+
+				iv = &(*ivec)[0];
+				l2c(v0,iv);
+				l2c(v1,iv);
+				iv = &(*ivec)[0];
+				}
+			cc= *(in++);
+			c=iv[n];
+			iv[n]=cc;
+			*(out++)=c^cc;
+			n=(n+1)&0x07;
+			}
+		}
+	v0=v1=ti[0]=ti[1]=c=cc=0;
+	*num=n;
+	}
+
+#ifdef undef /* MACRO */
+void des_ede2_cfb64_encrypt(unsigned char *in, unsigned char *out, long length,
+	     des_key_schedule ks1, des_key_schedule ks2, des_cblock (*ivec),
+	     int *num, int enc)
+	{
+	des_ede3_cfb64_encrypt(in,out,length,ks1,ks2,ks1,ivec,num,enc);
+	}
+#endif
diff --git a/crypto/openssl/crypto/des/cfb64enc.c b/crypto/openssl/crypto/des/cfb64enc.c
new file mode 100644
index 000000000000..389a232cb36b
--- /dev/null
+++ b/crypto/openssl/crypto/des/cfb64enc.c
@@ -0,0 +1,121 @@
+/* crypto/des/cfb64enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "des_locl.h"
+
+/* The input and output encrypted as though 64bit cfb mode is being
+ * used.  The extra state information to record how much of the
+ * 64bit block we have used is contained in *num;
+ */
+
+void des_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+	     long length, des_key_schedule schedule, des_cblock *ivec,
+	     int *num, int enc)
+	{
+	register DES_LONG v0,v1;
+	register long l=length;
+	register int n= *num;
+	DES_LONG ti[2];
+	unsigned char *iv,c,cc;
+
+	iv = &(*ivec)[0];
+	if (enc)
+		{
+		while (l--)
+			{
+			if (n == 0)
+				{
+				c2l(iv,v0); ti[0]=v0;
+				c2l(iv,v1); ti[1]=v1;
+				des_encrypt(ti,schedule,DES_ENCRYPT);
+				iv = &(*ivec)[0];
+				v0=ti[0]; l2c(v0,iv);
+				v0=ti[1]; l2c(v0,iv);
+				iv = &(*ivec)[0];
+				}
+			c= *(in++)^iv[n];
+			*(out++)=c;
+			iv[n]=c;
+			n=(n+1)&0x07;
+			}
+		}
+	else
+		{
+		while (l--)
+			{
+			if (n == 0)
+				{
+				c2l(iv,v0); ti[0]=v0;
+				c2l(iv,v1); ti[1]=v1;
+				des_encrypt(ti,schedule,DES_ENCRYPT);
+				iv = &(*ivec)[0];
+				v0=ti[0]; l2c(v0,iv);
+				v0=ti[1]; l2c(v0,iv);
+				iv = &(*ivec)[0];
+				}
+			cc= *(in++);
+			c=iv[n];
+			iv[n]=cc;
+			*(out++)=c^cc;
+			n=(n+1)&0x07;
+			}
+		}
+	v0=v1=ti[0]=ti[1]=c=cc=0;
+	*num=n;
+	}
+
diff --git a/crypto/openssl/crypto/des/cfb_enc.c b/crypto/openssl/crypto/des/cfb_enc.c
new file mode 100644
index 000000000000..cca34dd7c5ec
--- /dev/null
+++ b/crypto/openssl/crypto/des/cfb_enc.c
@@ -0,0 +1,165 @@
+/* crypto/des/cfb_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "des_locl.h"
+
+/* The input and output are loaded in multiples of 8 bits.
+ * What this means is that if you hame numbits=12 and length=2
+ * the first 12 bits will be retrieved from the first byte and half
+ * the second.  The second 12 bits will come from the 3rd and half the 4th
+ * byte.
+ */
+void des_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
+	     long length, des_key_schedule schedule, des_cblock *ivec, int enc)
+	{
+	register DES_LONG d0,d1,v0,v1,n=(numbits+7)/8;
+	register DES_LONG mask0,mask1;
+	register unsigned long l=length;
+	register int num=numbits;
+	DES_LONG ti[2];
+	unsigned char *iv;
+
+	if (num > 64) return;
+	if (num > 32)
+		{
+		mask0=0xffffffffL;
+		if (num == 64)
+			mask1=mask0;
+		else	mask1=(1L<<(num-32))-1;
+		}
+	else
+		{
+		if (num == 32)
+			mask0=0xffffffffL;
+		else	mask0=(1L<= n)
+			{
+			l-=n;
+			ti[0]=v0;
+			ti[1]=v1;
+			des_encrypt((DES_LONG *)ti,schedule,DES_ENCRYPT);
+			c2ln(in,d0,d1,n);
+			in+=n;
+			d0=(d0^ti[0])&mask0;
+			d1=(d1^ti[1])&mask1;
+			l2cn(d0,d1,out,n);
+			out+=n;
+			/* 30-08-94 - eay - changed because l>>32 and
+			 * l<<32 are bad under gcc :-( */
+			if (num == 32)
+				{ v0=v1; v1=d0; }
+			else if (num == 64)
+				{ v0=d0; v1=d1; }
+			else if (num > 32) /* && num != 64 */
+				{
+				v0=((v1>>(num-32))|(d0<<(64-num)))&0xffffffffL;
+				v1=((d0>>(num-32))|(d1<<(64-num)))&0xffffffffL;
+				}
+			else /* num < 32 */
+				{
+				v0=((v0>>num)|(v1<<(32-num)))&0xffffffffL;
+				v1=((v1>>num)|(d0<<(32-num)))&0xffffffffL;
+				}
+			}
+		}
+	else
+		{
+		while (l >= n)
+			{
+			l-=n;
+			ti[0]=v0;
+			ti[1]=v1;
+			des_encrypt((DES_LONG *)ti,schedule,DES_ENCRYPT);
+			c2ln(in,d0,d1,n);
+			in+=n;
+			/* 30-08-94 - eay - changed because l>>32 and
+			 * l<<32 are bad under gcc :-( */
+			if (num == 32)
+				{ v0=v1; v1=d0; }
+			else if (num == 64)
+				{ v0=d0; v1=d1; }
+			else if (num > 32) /* && num != 64 */
+				{
+				v0=((v1>>(num-32))|(d0<<(64-num)))&0xffffffffL;
+				v1=((d0>>(num-32))|(d1<<(64-num)))&0xffffffffL;
+				}
+			else /* num < 32 */
+				{
+				v0=((v0>>num)|(v1<<(32-num)))&0xffffffffL;
+				v1=((v1>>num)|(d0<<(32-num)))&0xffffffffL;
+				}
+			d0=(d0^ti[0])&mask0;
+			d1=(d1^ti[1])&mask1;
+			l2cn(d0,d1,out,n);
+			out+=n;
+			}
+		}
+	iv = &(*ivec)[0];
+	l2c(v0,iv);
+	l2c(v1,iv);
+	v0=v1=d0=d1=ti[0]=ti[1]=0;
+	}
+
diff --git a/crypto/openssl/crypto/des/des.c b/crypto/openssl/crypto/des/des.c
new file mode 100644
index 000000000000..b2d7f0da7833
--- /dev/null
+++ b/crypto/openssl/crypto/des/des.c
@@ -0,0 +1,931 @@
+/* crypto/des/des.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#ifndef MSDOS
+#ifndef VMS
+#include 
+#include OPENSSL_UNISTD
+#else /* VMS */
+#ifdef __DECC
+#include 
+#else /* not __DECC */
+#include 
+#endif /* __DECC */
+#endif /* VMS */
+#else
+#include 
+#endif
+
+#include 
+#include "des_ver.h"
+
+#ifdef VMS
+#include 
+#include 
+#else
+#ifndef _IRIX
+#include 
+#endif
+#include 
+#endif
+#include 
+#include 
+
+#if defined(__STDC__) || defined(VMS) || defined(M_XENIX) || defined(MSDOS)
+#include 
+#endif
+
+void usage(void);
+void doencryption(void);
+int uufwrite(unsigned char *data, int size, unsigned int num, FILE *fp);
+void uufwriteEnd(FILE *fp);
+int uufread(unsigned char *out,int size,unsigned int num,FILE *fp);
+int uuencode(unsigned char *in,int num,unsigned char *out);
+int uudecode(unsigned char *in,int num,unsigned char *out);
+void des_3cbc_encrypt(des_cblock *input,des_cblock *output,long length,
+	des_key_schedule sk1,des_key_schedule sk2,
+	des_cblock *ivec1,des_cblock *ivec2,int enc);
+#ifdef VMS
+#define EXIT(a) exit(a&0x10000000L)
+#else
+#define EXIT(a) exit(a)
+#endif
+
+#define BUFSIZE (8*1024)
+#define VERIFY  1
+#define KEYSIZ	8
+#define KEYSIZB 1024 /* should hit tty line limit first :-) */
+char key[KEYSIZB+1];
+int do_encrypt,longk=0;
+FILE *DES_IN,*DES_OUT,*CKSUM_OUT;
+char uuname[200];
+unsigned char uubuf[50];
+int uubufnum=0;
+#define INUUBUFN	(45*100)
+#define OUTUUBUF	(65*100)
+unsigned char b[OUTUUBUF];
+unsigned char bb[300];
+des_cblock cksum={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
+char cksumname[200]="";
+
+int vflag,cflag,eflag,dflag,kflag,bflag,fflag,sflag,uflag,flag3,hflag,error;
+
+int main(int argc, char **argv)
+	{
+	int i;
+	struct stat ins,outs;
+	char *p;
+	char *in=NULL,*out=NULL;
+
+	vflag=cflag=eflag=dflag=kflag=hflag=bflag=fflag=sflag=uflag=flag3=0;
+	error=0;
+	memset(key,0,sizeof(key));
+
+	for (i=1; i=0; j--)
+							argv[i][j]='\0';
+						}
+					break;
+				default:
+					fprintf(stderr,"'%c' unknown flag\n",p[-1]);
+					error=1;
+					break;
+					}
+				}
+			}
+		else
+			{
+			if (in == NULL)
+				in=argv[i];
+			else if (out == NULL)
+				out=argv[i];
+			else
+				error=1;
+			}
+		}
+	if (error) usage();
+	/* We either
+	 * do checksum or
+	 * do encrypt or
+	 * do decrypt or
+	 * do decrypt then ckecksum or
+	 * do checksum then encrypt
+	 */
+	if (((eflag+dflag) == 1) || cflag)
+		{
+		if (eflag) do_encrypt=DES_ENCRYPT;
+		if (dflag) do_encrypt=DES_DECRYPT;
+		}
+	else
+		{
+		if (vflag) 
+			{
+#ifndef _Windows			
+			fprintf(stderr,"des(1) built with %s\n",libdes_version);
+#endif			
+			EXIT(1);
+			}
+		else usage();
+		}
+
+#ifndef _Windows			
+	if (vflag) fprintf(stderr,"des(1) built with %s\n",libdes_version);
+#endif			
+	if (	(in != NULL) &&
+		(out != NULL) &&
+#ifndef MSDOS
+		(stat(in,&ins) != -1) &&
+		(stat(out,&outs) != -1) &&
+		(ins.st_dev == outs.st_dev) &&
+		(ins.st_ino == outs.st_ino))
+#else /* MSDOS */
+		(strcmp(in,out) == 0))
+#endif
+			{
+			fputs("input and output file are the same\n",stderr);
+			EXIT(3);
+			}
+
+	if (!kflag)
+		if (des_read_pw_string(key,KEYSIZB+1,"Enter key:",eflag?VERIFY:0))
+			{
+			fputs("password error\n",stderr);
+			EXIT(2);
+			}
+
+	if (in == NULL)
+		DES_IN=stdin;
+	else if ((DES_IN=fopen(in,"r")) == NULL)
+		{
+		perror("opening input file");
+		EXIT(4);
+		}
+
+	CKSUM_OUT=stdout;
+	if (out == NULL)
+		{
+		DES_OUT=stdout;
+		CKSUM_OUT=stderr;
+		}
+	else if ((DES_OUT=fopen(out,"w")) == NULL)
+		{
+		perror("opening output file");
+		EXIT(5);
+		}
+
+#ifdef MSDOS
+	/* This should set the file to binary mode. */
+	{
+#include 
+	if (!(uflag && dflag))
+		setmode(fileno(DES_IN),O_BINARY);
+	if (!(uflag && eflag))
+		setmode(fileno(DES_OUT),O_BINARY);
+	}
+#endif
+
+	doencryption();
+	fclose(DES_IN);
+	fclose(DES_OUT);
+	EXIT(0);
+	}
+
+void usage(void)
+	{
+	char **u;
+	static const char *Usage[]={
+"des  [input-file [output-file]]",
+"options:",
+"-v         : des(1) version number",
+"-e         : encrypt using sunOS compatible user key to DES key conversion.",
+"-E         : encrypt ",
+"-d         : decrypt using sunOS compatible user key to DES key conversion.",
+"-D         : decrypt ",
+"-c[ckname] : generate a cbc_cksum using sunOS compatible user key to",
+"             DES key conversion and output to ckname (stdout default,",
+"             stderr if data being output on stdout).  The checksum is",
+"             generated before encryption and after decryption if used",
+"             in conjunction with -[eEdD].",
+"-C[ckname] : generate a cbc_cksum as for -c but compatible with -[ED].",
+"-k key     : use key 'key'",
+"-h         : the key that is entered will be a hexidecimal number",
+"             that is used directly as the des key",
+"-u[uuname] : input file is uudecoded if -[dD] or output uuencoded data if -[eE]",
+"             (uuname is the filename to put in the uuencode header).",
+"-b         : encrypt using DES in ecb encryption mode, the defaut is cbc mode.",
+"-3         : encrypt using tripple DES encryption.  This uses 2 keys",
+"             generated from the input key.  If the input key is less",
+"             than 8 characters long, this is equivelent to normal",
+"             encryption.  Default is triple cbc, -b makes it triple ecb.",
+NULL
+};
+	for (u=(char **)Usage; *u; u++)
+		{
+		fputs(*u,stderr);
+		fputc('\n',stderr);
+		}
+
+	EXIT(1);
+	}
+
+void doencryption(void)
+	{
+#ifdef _LIBC
+	extern unsigned long time();
+#endif
+
+	register int i;
+	des_key_schedule ks,ks2;
+	des_cblock iv,iv2;
+	char *p;
+	int num=0,j,k,l,rem,ll,len,last,ex=0;
+	des_cblock kk,k2;
+	FILE *O;
+	int Exit=0;
+#ifndef MSDOS
+	static unsigned char buf[BUFSIZE+8],obuf[BUFSIZE+8];
+#else
+	static unsigned char *buf=NULL,*obuf=NULL;
+
+	if (buf == NULL)
+		{
+		if (    (( buf=Malloc(BUFSIZE+8)) == NULL) ||
+			((obuf=Malloc(BUFSIZE+8)) == NULL))
+			{
+			fputs("Not enough memory\n",stderr);
+			Exit=10;
+			goto problems;
+			}
+		}
+#endif
+
+	if (hflag)
+		{
+		j=(flag3?16:8);
+		p=key;
+		for (i=0; i= '0'))
+				k=(*p-'0')<<4;
+			else if ((*p <= 'f') && (*p >= 'a'))
+				k=(*p-'a'+10)<<4;
+			else if ((*p <= 'F') && (*p >= 'A'))
+				k=(*p-'A'+10)<<4;
+			else
+				{
+				fputs("Bad hex key\n",stderr);
+				Exit=9;
+				goto problems;
+				}
+			p++;
+			if ((*p <= '9') && (*p >= '0'))
+				k|=(*p-'0');
+			else if ((*p <= 'f') && (*p >= 'a'))
+				k|=(*p-'a'+10);
+			else if ((*p <= 'F') && (*p >= 'A'))
+				k|=(*p-'A'+10);
+			else
+				{
+				fputs("Bad hex key\n",stderr);
+				Exit=9;
+				goto problems;
+				}
+			p++;
+			if (i < 8)
+				kk[i]=k;
+			else
+				k2[i-8]=k;
+			}
+		des_set_key(&k2,ks2);
+		memset(k2,0,sizeof(k2));
+		}
+	else if (longk || flag3)
+		{
+		if (flag3)
+			{
+			des_string_to_2keys(key,&kk,&k2);
+			des_set_key(&k2,ks2);
+			memset(k2,0,sizeof(k2));
+			}
+		else
+			des_string_to_key(key,&kk);
+		}
+	else
+		for (i=0; i>=1;
+				}
+			if (l & 1)
+				kk[i]=key[i]&0x7f;
+			else
+				kk[i]=key[i]|0x80;
+			}
+
+	des_set_key(&kk,ks);
+	memset(key,0,sizeof(key));
+	memset(kk,0,sizeof(kk));
+	/* woops - A bug that does not showup under unix :-( */
+	memset(iv,0,sizeof(iv));
+	memset(iv2,0,sizeof(iv2));
+
+	l=1;
+	rem=0;
+	/* first read */
+	if (eflag || (!dflag && cflag))
+		{
+		for (;;)
+			{
+			num=l=fread(&(buf[rem]),1,BUFSIZE,DES_IN);
+			l+=rem;
+			num+=rem;
+			if (l < 0)
+				{
+				perror("read error");
+				Exit=6;
+				goto problems;
+				}
+
+			rem=l%8;
+			len=l-rem;
+			if (feof(DES_IN))
+				{
+				for (i=7-rem; i>0; i--)
+					RAND_bytes(buf + l++, 1);
+				buf[l++]=rem;
+				ex=1;
+				len+=rem;
+				}
+			else
+				l-=rem;
+
+			if (cflag)
+				{
+				des_cbc_cksum(buf,&cksum,
+					(long)len,ks,&cksum);
+				if (!eflag)
+					{
+					if (feof(DES_IN)) break;
+					else continue;
+					}
+				}
+
+			if (bflag && !flag3)
+				for (i=0; i= 8) memcpy(iv,&(obuf[l-8]),8);
+				}
+			if (rem) memcpy(buf,&(buf[l]),(unsigned int)rem);
+
+			i=0;
+			while (i < l)
+				{
+				if (uflag)
+					j=uufwrite(obuf,1,(unsigned int)l-i,
+						DES_OUT);
+				else
+					j=fwrite(obuf,1,(unsigned int)l-i,
+						DES_OUT);
+				if (j == -1)
+					{
+					perror("Write error");
+					Exit=7;
+					goto problems;
+					}
+				i+=j;
+				}
+			if (feof(DES_IN))
+				{
+				if (uflag) uufwriteEnd(DES_OUT);
+				break;
+				}
+			}
+		}
+	else /* decrypt */
+		{
+		ex=1;
+		for (;;)
+			{
+			if (ex) {
+				if (uflag)
+					l=uufread(buf,1,BUFSIZE,DES_IN);
+				else
+					l=fread(buf,1,BUFSIZE,DES_IN);
+				ex=0;
+				rem=l%8;
+				l-=rem;
+				}
+			if (l < 0)
+				{
+				perror("read error");
+				Exit=6;
+				goto problems;
+				}
+
+			if (bflag && !flag3)
+				for (i=0; i= 8) memcpy(iv,&(buf[l-8]),8);
+				}
+
+			if (uflag)
+				ll=uufread(&(buf[rem]),1,BUFSIZE,DES_IN);
+			else
+				ll=fread(&(buf[rem]),1,BUFSIZE,DES_IN);
+			ll+=rem;
+			rem=ll%8;
+			ll-=rem;
+			if (feof(DES_IN) && (ll == 0))
+				{
+				last=obuf[l-1];
+
+				if ((last > 7) || (last < 0))
+					{
+					fputs("The file was not decrypted correctly.\n",
+						stderr);
+					Exit=8;
+					last=0;
+					}
+				l=l-8+last;
+				}
+			i=0;
+			if (cflag) des_cbc_cksum(obuf,
+				(des_cblock *)cksum,(long)l/8*8,ks,
+				(des_cblock *)cksum);
+			while (i != l)
+				{
+				j=fwrite(obuf,1,(unsigned int)l-i,DES_OUT);
+				if (j == -1)
+					{
+					perror("Write error");
+					Exit=7;
+					goto problems;
+					}
+				i+=j;
+				}
+			l=ll;
+			if ((l == 0) && feof(DES_IN)) break;
+			}
+		}
+	if (cflag)
+		{
+		l=0;
+		if (cksumname[0] != '\0')
+			{
+			if ((O=fopen(cksumname,"w")) != NULL)
+				{
+				CKSUM_OUT=O;
+				l=1;
+				}
+			}
+		for (i=0; i<8; i++)
+			fprintf(CKSUM_OUT,"%02X",cksum[i]);
+		fprintf(CKSUM_OUT,"\n");
+		if (l) fclose(CKSUM_OUT);
+		}
+problems:
+	memset(buf,0,sizeof(buf));
+	memset(obuf,0,sizeof(obuf));
+	memset(ks,0,sizeof(ks));
+	memset(ks2,0,sizeof(ks2));
+	memset(iv,0,sizeof(iv));
+	memset(iv2,0,sizeof(iv2));
+	memset(kk,0,sizeof(kk));
+	memset(k2,0,sizeof(k2));
+	memset(uubuf,0,sizeof(uubuf));
+	memset(b,0,sizeof(b));
+	memset(bb,0,sizeof(bb));
+	memset(cksum,0,sizeof(cksum));
+	if (Exit) EXIT(Exit);
+	}
+
+/*    We ignore this parameter but it should be > ~50 I believe    */
+int uufwrite(unsigned char *data, int size, unsigned int num, FILE *fp)
+	{
+	int i,j,left,rem,ret=num;
+	static int start=1;
+
+	if (start)
+		{
+		fprintf(fp,"begin 600 %s\n",
+			(uuname[0] == '\0')?"text.d":uuname);
+		start=0;
+		}
+
+	if (uubufnum)
+		{
+		if (uubufnum+num < 45)
+			{
+			memcpy(&(uubuf[uubufnum]),data,(unsigned int)num);
+			uubufnum+=num;
+			return(num);
+			}
+		else
+			{
+			i=45-uubufnum;
+			memcpy(&(uubuf[uubufnum]),data,(unsigned int)i);
+			j=uuencode((unsigned char *)uubuf,45,b);
+			fwrite(b,1,(unsigned int)j,fp);
+			uubufnum=0;
+			data+=i;
+			num-=i;
+			}
+		}
+
+	for (i=0; i<(((int)num)-INUUBUFN); i+=INUUBUFN)
+		{
+		j=uuencode(&(data[i]),INUUBUFN,b);
+		fwrite(b,1,(unsigned int)j,fp);
+		}
+	rem=(num-i)%45;
+	left=(num-i-rem);
+	if (left)
+		{
+		j=uuencode(&(data[i]),left,b);
+		fwrite(b,1,(unsigned int)j,fp);
+		i+=left;
+		}
+	if (i != num)
+		{
+		memcpy(uubuf,&(data[i]),(unsigned int)rem);
+		uubufnum=rem;
+		}
+	return(ret);
+	}
+
+void uufwriteEnd(FILE *fp)
+	{
+	int j;
+	static const char *end=" \nend\n";
+
+	if (uubufnum != 0)
+		{
+		uubuf[uubufnum]='\0';
+		uubuf[uubufnum+1]='\0';
+		uubuf[uubufnum+2]='\0';
+		j=uuencode(uubuf,uubufnum,b);
+		fwrite(b,1,(unsigned int)j,fp);
+		}
+	fwrite(end,1,strlen(end),fp);
+	}
+
+/* int size:  should always be > ~ 60; I actually ignore this parameter :-)    */
+int uufread(unsigned char *out, int size, unsigned int num, FILE *fp)
+	{
+	int i,j,tot;
+	static int done=0;
+	static int valid=0;
+	static int start=1;
+
+	if (start)
+		{
+		for (;;)
+			{
+			b[0]='\0';
+			fgets((char *)b,300,fp);
+			if (b[0] == '\0')
+				{
+				fprintf(stderr,"no 'begin' found in uuencoded input\n");
+				return(-1);
+				}
+			if (strncmp((char *)b,"begin ",6) == 0) break;
+			}
+		start=0;
+		}
+	if (done) return(0);
+	tot=0;
+	if (valid)
+		{
+		memcpy(out,bb,(unsigned int)valid);
+		tot=valid;
+		valid=0;
+		}
+	for (;;)
+		{
+		b[0]='\0';
+		fgets((char *)b,300,fp);
+		if (b[0] == '\0') break;
+		i=strlen((char *)b);
+		if ((b[0] == 'e') && (b[1] == 'n') && (b[2] == 'd'))
+			{
+			done=1;
+			while (!feof(fp))
+				{
+				fgets((char *)b,300,fp);
+				}
+			break;
+			}
+		i=uudecode(b,i,bb);
+		if (i < 0) break;
+		if ((i+tot+8) > num)
+			{
+			/* num to copy to make it a multiple of 8 */
+			j=(num/8*8)-tot-8;
+			memcpy(&(out[tot]),bb,(unsigned int)j);
+			tot+=j;
+			memcpy(bb,&(bb[j]),(unsigned int)i-j);
+			valid=i-j;
+			break;
+			}
+		memcpy(&(out[tot]),bb,(unsigned int)i);
+		tot+=i;
+		}
+	return(tot);
+	}
+
+#define ccc2l(c,l)      (l =((DES_LONG)(*((c)++)))<<16, \
+			 l|=((DES_LONG)(*((c)++)))<< 8, \
+		 	 l|=((DES_LONG)(*((c)++))))
+
+#define l2ccc(l,c)      (*((c)++)=(unsigned char)(((l)>>16)&0xff), \
+                    *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
+                    *((c)++)=(unsigned char)(((l)    )&0xff))
+
+
+int uuencode(unsigned char *in, int num, unsigned char *out)
+	{
+	int j,i,n,tot=0;
+	DES_LONG l;
+	register unsigned char *p;
+	p=out;
+
+	for (j=0; j num)
+			i=(num-j);
+		else	i=45;
+		*(p++)=i+' ';
+		for (n=0; n>18)&0x3f)+' ';
+			*(p++)=((l>>12)&0x3f)+' ';
+			*(p++)=((l>> 6)&0x3f)+' ';
+			*(p++)=((l    )&0x3f)+' ';
+			tot+=4;
+			}
+		*(p++)='\n';
+		tot+=2;
+		}
+	*p='\0';
+	l=0;
+	return(tot);
+	}
+
+int uudecode(unsigned char *in, int num, unsigned char *out)
+	{
+	int j,i,k;
+	unsigned int n=0,space=0;
+	DES_LONG l;
+	DES_LONG w,x,y,z;
+	unsigned int blank=(unsigned int)'\n'-' ';
+
+	for (j=0; j 60)
+			{
+			fprintf(stderr,"uuencoded line length too long\n");
+			return(-1);
+			}
+		j++;
+
+		for (i=0; i 63) || (x > 63) || (y > 63) || (z > 63))
+				{
+				k=0;
+				if (w == blank) k=1;
+				if (x == blank) k=2;
+				if (y == blank) k=3;
+				if (z == blank) k=4;
+				space=1;
+				switch (k) {
+				case 1:	w=0; in--;
+				case 2: x=0; in--;
+				case 3: y=0; in--;
+				case 4: z=0; in--;
+					break;
+				case 0:
+					space=0;
+					fprintf(stderr,"bad uuencoded data values\n");
+					w=x=y=z=0;
+					return(-1);
+					break;
+					}
+				}
+			l=(w<<18)|(x<<12)|(y<< 6)|(z    );
+			l2ccc(l,out);
+			}
+		if (*(in++) != '\n')
+			{
+			fprintf(stderr,"missing nl in uuencoded line\n");
+			w=x=y=z=0;
+			return(-1);
+			}
+		j++;
+		}
+	*out='\0';
+	w=x=y=z=0;
+	return(n);
+	}
diff --git a/crypto/openssl/crypto/des/des.h b/crypto/openssl/crypto/des/des.h
new file mode 100644
index 000000000000..67f90aaf172f
--- /dev/null
+++ b/crypto/openssl/crypto/des/des.h
@@ -0,0 +1,249 @@
+/* crypto/des/des.h */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_DES_H
+#define HEADER_DES_H
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#ifdef NO_DES
+#error DES is disabled.
+#endif
+
+#ifdef _KERBEROS_DES_H
+#error  replaces .
+#endif
+
+#include 
+#include  /* DES_LONG */
+#include 	/* OPENSSL_EXTERN */
+
+typedef unsigned char des_cblock[8];
+typedef /* const */ unsigned char const_des_cblock[8];
+/* With "const", gcc 2.8.1 on Solaris thinks that des_cblock *
+ * and const_des_cblock * are incompatible pointer types.
+ * I haven't seen that warning on other systems ... I'll look
+ * what the standard says. */
+
+
+typedef struct des_ks_struct
+	{
+	union	{
+		des_cblock cblock;
+		/* make sure things are correct size on machines with
+		 * 8 byte longs */
+		DES_LONG deslong[2];
+		} ks;
+	int weak_key;
+	} des_key_schedule[16];
+
+#define DES_KEY_SZ 	(sizeof(des_cblock))
+#define DES_SCHEDULE_SZ (sizeof(des_key_schedule))
+
+#define DES_ENCRYPT	1
+#define DES_DECRYPT	0
+
+#define DES_CBC_MODE	0
+#define DES_PCBC_MODE	1
+
+#define des_ecb2_encrypt(i,o,k1,k2,e) \
+	des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e))
+
+#define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \
+	des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e))
+
+#define des_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \
+	des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e))
+
+#define des_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \
+	des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n))
+
+OPENSSL_EXTERN int des_check_key;	/* defaults to false */
+OPENSSL_EXTERN int des_rw_mode;		/* defaults to DES_PCBC_MODE */
+OPENSSL_EXTERN int des_set_weak_key_flag; /* set the weak key flag */
+
+const char *des_options(void);
+void des_ecb3_encrypt(const_des_cblock *input, des_cblock *output,
+		      des_key_schedule ks1,des_key_schedule ks2,
+		      des_key_schedule ks3, int enc);
+DES_LONG des_cbc_cksum(const unsigned char *input,des_cblock *output,
+		       long length,des_key_schedule schedule,
+		       const_des_cblock *ivec);
+/* des_cbc_encrypt does not update the IV!  Use des_ncbc_encrypt instead. */
+void des_cbc_encrypt(const unsigned char *input,unsigned char *output,
+		     long length,des_key_schedule schedule,des_cblock *ivec,
+		     int enc);
+void des_ncbc_encrypt(const unsigned char *input,unsigned char *output,
+		      long length,des_key_schedule schedule,des_cblock *ivec,
+		      int enc);
+void des_xcbc_encrypt(const unsigned char *input,unsigned char *output,
+		      long length,des_key_schedule schedule,des_cblock *ivec,
+		      const_des_cblock *inw,const_des_cblock *outw,int enc);
+void des_cfb_encrypt(const unsigned char *in,unsigned char *out,int numbits,
+		     long length,des_key_schedule schedule,des_cblock *ivec,
+		     int enc);
+void des_ecb_encrypt(const_des_cblock *input,des_cblock *output,
+		     des_key_schedule ks,int enc);
+void des_encrypt(DES_LONG *data,des_key_schedule ks, int enc);
+void des_encrypt2(DES_LONG *data,des_key_schedule ks, int enc);
+void des_encrypt3(DES_LONG *data, des_key_schedule ks1,
+	des_key_schedule ks2, des_key_schedule ks3);
+void des_decrypt3(DES_LONG *data, des_key_schedule ks1,
+	des_key_schedule ks2, des_key_schedule ks3);
+void des_ede3_cbc_encrypt(const unsigned char *input,unsigned char *output, 
+			  long length,
+			  des_key_schedule ks1,des_key_schedule ks2,
+			  des_key_schedule ks3,des_cblock *ivec,int enc);
+void des_ede3_cbcm_encrypt(const unsigned char *in,unsigned char *out,
+			   long length,
+			   des_key_schedule ks1,des_key_schedule ks2,
+			   des_key_schedule ks3,
+			   des_cblock *ivec1,des_cblock *ivec2,
+			   int enc);
+void des_ede3_cfb64_encrypt(const unsigned char *in,unsigned char *out,
+			    long length,des_key_schedule ks1,
+			    des_key_schedule ks2,des_key_schedule ks3,
+			    des_cblock *ivec,int *num,int enc);
+void des_ede3_ofb64_encrypt(const unsigned char *in,unsigned char *out,
+			    long length,des_key_schedule ks1,
+			    des_key_schedule ks2,des_key_schedule ks3,
+			    des_cblock *ivec,int *num);
+
+void des_xwhite_in2out(const_des_cblock *des_key,const_des_cblock *in_white,
+		       des_cblock *out_white);
+
+int des_enc_read(int fd,void *buf,int len,des_key_schedule sched,
+		 des_cblock *iv);
+int des_enc_write(int fd,const void *buf,int len,des_key_schedule sched,
+		  des_cblock *iv);
+char *des_fcrypt(const char *buf,const char *salt, char *ret);
+char *des_crypt(const char *buf,const char *salt);
+#if !defined(PERL5) && !defined(__FreeBSD__) && !defined(NeXT)
+char *crypt(const char *buf,const char *salt);
+#endif
+void des_ofb_encrypt(const unsigned char *in,unsigned char *out,int numbits,
+		     long length,des_key_schedule schedule,des_cblock *ivec);
+void des_pcbc_encrypt(const unsigned char *input,unsigned char *output,
+		      long length,des_key_schedule schedule,des_cblock *ivec,
+		      int enc);
+DES_LONG des_quad_cksum(const unsigned char *input,des_cblock output[],
+			long length,int out_count,des_cblock *seed);
+void des_random_seed(des_cblock *key);
+void des_random_key(des_cblock *ret);
+int des_read_password(des_cblock *key,const char *prompt,int verify);
+int des_read_2passwords(des_cblock *key1,des_cblock *key2,
+			const char *prompt,int verify);
+int des_read_pw_string(char *buf,int length,const char *prompt,int verify);
+void des_set_odd_parity(des_cblock *key);
+int des_is_weak_key(const_des_cblock *key);
+int des_set_key(const_des_cblock *key,des_key_schedule schedule);
+int des_key_sched(const_des_cblock *key,des_key_schedule schedule);
+void des_string_to_key(const char *str,des_cblock *key);
+void des_string_to_2keys(const char *str,des_cblock *key1,des_cblock *key2);
+void des_cfb64_encrypt(const unsigned char *in,unsigned char *out,long length,
+		       des_key_schedule schedule,des_cblock *ivec,int *num,
+		       int enc);
+void des_ofb64_encrypt(const unsigned char *in,unsigned char *out,long length,
+		       des_key_schedule schedule,des_cblock *ivec,int *num);
+int des_read_pw(char *buf,char *buff,int size,const char *prompt,int verify);
+
+/* Extra functions from Mark Murray  */
+void des_cblock_print_file(const_des_cblock *cb, FILE *fp);
+
+/* The following definitions provide compatibility with the MIT Kerberos
+ * library. The des_key_schedule structure is not binary compatible. */
+
+#define _KERBEROS_DES_H
+
+#define KRBDES_ENCRYPT DES_ENCRYPT
+#define KRBDES_DECRYPT DES_DECRYPT
+
+#ifdef KERBEROS
+#  define ENCRYPT DES_ENCRYPT
+#  define DECRYPT DES_DECRYPT
+#endif
+
+#ifndef NCOMPAT
+#  define C_Block des_cblock
+#  define Key_schedule des_key_schedule
+#  define KEY_SZ DES_KEY_SZ
+#  define string_to_key des_string_to_key
+#  define read_pw_string des_read_pw_string
+#  define random_key des_random_key
+#  define pcbc_encrypt des_pcbc_encrypt
+#  define set_key des_set_key
+#  define key_sched des_key_sched
+#  define ecb_encrypt des_ecb_encrypt
+#  define cbc_encrypt des_cbc_encrypt
+#  define ncbc_encrypt des_ncbc_encrypt
+#  define xcbc_encrypt des_xcbc_encrypt
+#  define cbc_cksum des_cbc_cksum
+#  define quad_cksum des_quad_cksum
+#endif
+
+typedef des_key_schedule bit_64;
+#define des_fixup_key_parity des_set_odd_parity
+#define des_check_key_parity check_parity
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
diff --git a/crypto/openssl/crypto/des/des.man b/crypto/openssl/crypto/des/des.man
new file mode 100644
index 000000000000..7e06a1851a0d
--- /dev/null
+++ b/crypto/openssl/crypto/des/des.man
@@ -0,0 +1,186 @@
+.TH DES 1 
+.SH NAME
+des - encrypt or decrypt data using Data Encryption Standard
+.SH SYNOPSIS
+.B des
+(
+.B \-e
+|
+.B \-E
+) | (
+.B \-d
+|
+.B \-D
+) | (
+.B \-\fR[\fPcC\fR][\fPckname\fR]\fP
+) |
+[
+.B \-b3hfs
+] [
+.B \-k
+.I key
+]
+] [
+.B \-u\fR[\fIuuname\fR]
+[
+.I input-file
+[
+.I output-file
+] ]
+.SH DESCRIPTION
+.B des
+encrypts and decrypts data using the
+Data Encryption Standard algorithm.
+One of
+.B \-e, \-E
+(for encrypt) or
+.B \-d, \-D
+(for decrypt) must be specified.
+It is also possible to use
+.B \-c
+or
+.B \-C
+in conjunction or instead of the a encrypt/decrypt option to generate
+a 16 character hexadecimal checksum, generated via the
+.I des_cbc_cksum.
+.LP
+Two standard encryption modes are supported by the
+.B des
+program, Cipher Block Chaining (the default) and Electronic Code Book
+(specified with
+.B \-b
+).
+.LP
+The key used for the DES
+algorithm is obtained by prompting the user unless the
+.B `\-k
+.I key'
+option is given.
+If the key is an argument to the
+.B des
+command, it is potentially visible to users executing
+.BR ps (1)
+or a derivative.  To minimise this possibility,
+.B des
+takes care to destroy the key argument immediately upon entry.
+If your shell keeps a history file be careful to make sure it is not
+world readable.
+.LP
+Since this program attempts to maintain compatability with sunOS's
+des(1) command, there are 2 different methods used to convert the user
+supplied key to a des key.
+Whenever and one or more of
+.B \-E, \-D, \-C
+or
+.B \-3
+options are used, the key conversion procedure will not be compatible
+with the sunOS des(1) version but will use all the user supplied
+character to generate the des key.
+.B des
+command reads from standard input unless
+.I input-file
+is specified and writes to standard output unless
+.I output-file
+is given.
+.SH OPTIONS
+.TP
+.B \-b
+Select ECB
+(eight bytes at a time) encryption mode.
+.TP
+.B \-3
+Encrypt using triple encryption.
+By default triple cbc encryption is used but if the
+.B \-b
+option is used then triple ecb encryption is performed.
+If the key is less than 8 characters long, the flag has no effect.
+.TP
+.B \-e
+Encrypt data using an 8 byte key in a manner compatible with sunOS
+des(1).
+.TP
+.B \-E
+Encrypt data using a key of nearly unlimited length (1024 bytes).
+This will product a more secure encryption.
+.TP
+.B \-d
+Decrypt data that was encrypted with the \-e option.
+.TP
+.B \-D
+Decrypt data that was encrypted with the \-E option.
+.TP
+.B \-c
+Generate a 16 character hexadecimal cbc checksum and output this to
+stderr.
+If a filename was specified after the
+.B \-c
+option, the checksum is output to that file.
+The checksum is generated using a key generated in a sunOS compatible
+manner.
+.TP
+.B \-C
+A cbc checksum is generated in the same manner as described for the
+.B \-c
+option but the DES key is generated in the same manner as used for the
+.B \-E
+and
+.B \-D
+options
+.TP
+.B \-f
+Does nothing - allowed for compatibility with sunOS des(1) command.
+.TP
+.B \-s
+Does nothing - allowed for compatibility with sunOS des(1) command.
+.TP
+.B "\-k \fIkey\fP"
+Use the encryption 
+.I key
+specified.
+.TP
+.B "\-h"
+The
+.I key
+is assumed to be a 16 character hexadecimal number.
+If the
+.B "\-3"
+option is used the key is assumed to be a 32 character hexadecimal
+number.
+.TP
+.B \-u
+This flag is used to read and write uuencoded files.  If decrypting,
+the input file is assumed to contain uuencoded, DES encrypted data.
+If encrypting, the characters following the -u are used as the name of
+the uuencoded file to embed in the begin line of the uuencoded
+output.  If there is no name specified after the -u, the name text.des
+will be embedded in the header.
+.SH SEE ALSO
+.B ps (1)
+.B des_crypt(3)
+.SH BUGS
+.LP
+The problem with using the
+.B -e
+option is the short key length.
+It would be better to use a real 56-bit key rather than an
+ASCII-based 56-bit pattern.  Knowing that the key was derived from ASCII
+radically reduces the time necessary for a brute-force cryptographic attack.
+My attempt to remove this problem is to add an alternative text-key to
+DES-key function.  This alternative function (accessed via
+.B -E, -D, -S
+and
+.B -3
+)
+uses DES to help generate the key.
+.LP
+Be carefully when using the -u option.  Doing des -ud  will
+not decrypt filename (the -u option will gobble the d option).
+.LP
+The VMS operating system operates in a world where files are always a
+multiple of 512 bytes.  This causes problems when encrypted data is
+send from unix to VMS since a 88 byte file will suddenly be padded
+with 424 null bytes.  To get around this problem, use the -u option
+to uuencode the data before it is send to the VMS system.
+.SH AUTHOR
+.LP
+Eric Young (eay@cryptsoft.com)
diff --git a/crypto/openssl/crypto/des/des.pl b/crypto/openssl/crypto/des/des.pl
new file mode 100644
index 000000000000..8a3f7e3ed63a
--- /dev/null
+++ b/crypto/openssl/crypto/des/des.pl
@@ -0,0 +1,552 @@
+#!/usr/local/bin/perl
+# des.pl - eric young 22/11/1991 eay@cryptsoft.com
+#
+# Copyright (C) 1993 Eric Young
+#
+# 11 April 1996 - patched to circumvent Perl 5 (through 5.002) problem
+#                 with sign-extension on right shift operations.
+#                 Ed Kubaitis - ejk@uiuc.edu
+#
+# eay - 92/08/31 - I think I have fixed all problems for 64bit
+# versions of perl but I could be wrong since I have not tested it yet :-).
+#
+# This is an implementation of DES in perl.
+# The two routines (des_set_key and des_ecb_encrypt)
+# take 8 byte objects as arguments.
+#
+# des_set_key takes an 8 byte string as a key and returns a key schedule
+# for use in calls to des_ecb_encrypt.
+# des_ecb_encrypt takes three arguments, the first is a key schedule
+# (make sure to pass it by reference with the *), the second is 1
+# to encrypt, 0 to decrypt.  The third argument is an 8 byte object
+# to encrypt.  The function returns an 8 byte object that has been
+# DES encrypted.
+#
+# example:
+# require 'des.pl'
+#
+# $key =pack("C8",0x12,0x23,0x45,0x67,0x89,0xab,0xcd,0xef);
+# @ks=  &des_set_key($key);
+#
+# $outbytes= &des_ecb_encrypt(*ks,1,$data);
+# @enc =unpack("C8",$outbytes);
+#
+                 
+package des;
+
+eval("use integer;") if (int($]) > 4);
+
+# The following 8 arrays are used in des_set_key
+@skb0=(
+# for C bits (numbered as per FIPS 46) 1 2 3 4 5 6 
+0x00000000,0x00000010,0x20000000,0x20000010,
+0x00010000,0x00010010,0x20010000,0x20010010,
+0x00000800,0x00000810,0x20000800,0x20000810,
+0x00010800,0x00010810,0x20010800,0x20010810,
+0x00000020,0x00000030,0x20000020,0x20000030,
+0x00010020,0x00010030,0x20010020,0x20010030,
+0x00000820,0x00000830,0x20000820,0x20000830,
+0x00010820,0x00010830,0x20010820,0x20010830,
+0x00080000,0x00080010,0x20080000,0x20080010,
+0x00090000,0x00090010,0x20090000,0x20090010,
+0x00080800,0x00080810,0x20080800,0x20080810,
+0x00090800,0x00090810,0x20090800,0x20090810,
+0x00080020,0x00080030,0x20080020,0x20080030,
+0x00090020,0x00090030,0x20090020,0x20090030,
+0x00080820,0x00080830,0x20080820,0x20080830,
+0x00090820,0x00090830,0x20090820,0x20090830,
+);
+@skb1=(
+# for C bits (numbered as per FIPS 46) 7 8 10 11 12 13 
+0x00000000,0x02000000,0x00002000,0x02002000,
+0x00200000,0x02200000,0x00202000,0x02202000,
+0x00000004,0x02000004,0x00002004,0x02002004,
+0x00200004,0x02200004,0x00202004,0x02202004,
+0x00000400,0x02000400,0x00002400,0x02002400,
+0x00200400,0x02200400,0x00202400,0x02202400,
+0x00000404,0x02000404,0x00002404,0x02002404,
+0x00200404,0x02200404,0x00202404,0x02202404,
+0x10000000,0x12000000,0x10002000,0x12002000,
+0x10200000,0x12200000,0x10202000,0x12202000,
+0x10000004,0x12000004,0x10002004,0x12002004,
+0x10200004,0x12200004,0x10202004,0x12202004,
+0x10000400,0x12000400,0x10002400,0x12002400,
+0x10200400,0x12200400,0x10202400,0x12202400,
+0x10000404,0x12000404,0x10002404,0x12002404,
+0x10200404,0x12200404,0x10202404,0x12202404,
+);
+@skb2=(
+# for C bits (numbered as per FIPS 46) 14 15 16 17 19 20 
+0x00000000,0x00000001,0x00040000,0x00040001,
+0x01000000,0x01000001,0x01040000,0x01040001,
+0x00000002,0x00000003,0x00040002,0x00040003,
+0x01000002,0x01000003,0x01040002,0x01040003,
+0x00000200,0x00000201,0x00040200,0x00040201,
+0x01000200,0x01000201,0x01040200,0x01040201,
+0x00000202,0x00000203,0x00040202,0x00040203,
+0x01000202,0x01000203,0x01040202,0x01040203,
+0x08000000,0x08000001,0x08040000,0x08040001,
+0x09000000,0x09000001,0x09040000,0x09040001,
+0x08000002,0x08000003,0x08040002,0x08040003,
+0x09000002,0x09000003,0x09040002,0x09040003,
+0x08000200,0x08000201,0x08040200,0x08040201,
+0x09000200,0x09000201,0x09040200,0x09040201,
+0x08000202,0x08000203,0x08040202,0x08040203,
+0x09000202,0x09000203,0x09040202,0x09040203,
+);
+@skb3=(
+# for C bits (numbered as per FIPS 46) 21 23 24 26 27 28 
+0x00000000,0x00100000,0x00000100,0x00100100,
+0x00000008,0x00100008,0x00000108,0x00100108,
+0x00001000,0x00101000,0x00001100,0x00101100,
+0x00001008,0x00101008,0x00001108,0x00101108,
+0x04000000,0x04100000,0x04000100,0x04100100,
+0x04000008,0x04100008,0x04000108,0x04100108,
+0x04001000,0x04101000,0x04001100,0x04101100,
+0x04001008,0x04101008,0x04001108,0x04101108,
+0x00020000,0x00120000,0x00020100,0x00120100,
+0x00020008,0x00120008,0x00020108,0x00120108,
+0x00021000,0x00121000,0x00021100,0x00121100,
+0x00021008,0x00121008,0x00021108,0x00121108,
+0x04020000,0x04120000,0x04020100,0x04120100,
+0x04020008,0x04120008,0x04020108,0x04120108,
+0x04021000,0x04121000,0x04021100,0x04121100,
+0x04021008,0x04121008,0x04021108,0x04121108,
+);
+@skb4=(
+# for D bits (numbered as per FIPS 46) 1 2 3 4 5 6 
+0x00000000,0x10000000,0x00010000,0x10010000,
+0x00000004,0x10000004,0x00010004,0x10010004,
+0x20000000,0x30000000,0x20010000,0x30010000,
+0x20000004,0x30000004,0x20010004,0x30010004,
+0x00100000,0x10100000,0x00110000,0x10110000,
+0x00100004,0x10100004,0x00110004,0x10110004,
+0x20100000,0x30100000,0x20110000,0x30110000,
+0x20100004,0x30100004,0x20110004,0x30110004,
+0x00001000,0x10001000,0x00011000,0x10011000,
+0x00001004,0x10001004,0x00011004,0x10011004,
+0x20001000,0x30001000,0x20011000,0x30011000,
+0x20001004,0x30001004,0x20011004,0x30011004,
+0x00101000,0x10101000,0x00111000,0x10111000,
+0x00101004,0x10101004,0x00111004,0x10111004,
+0x20101000,0x30101000,0x20111000,0x30111000,
+0x20101004,0x30101004,0x20111004,0x30111004,
+);
+@skb5=(
+# for D bits (numbered as per FIPS 46) 8 9 11 12 13 14 
+0x00000000,0x08000000,0x00000008,0x08000008,
+0x00000400,0x08000400,0x00000408,0x08000408,
+0x00020000,0x08020000,0x00020008,0x08020008,
+0x00020400,0x08020400,0x00020408,0x08020408,
+0x00000001,0x08000001,0x00000009,0x08000009,
+0x00000401,0x08000401,0x00000409,0x08000409,
+0x00020001,0x08020001,0x00020009,0x08020009,
+0x00020401,0x08020401,0x00020409,0x08020409,
+0x02000000,0x0A000000,0x02000008,0x0A000008,
+0x02000400,0x0A000400,0x02000408,0x0A000408,
+0x02020000,0x0A020000,0x02020008,0x0A020008,
+0x02020400,0x0A020400,0x02020408,0x0A020408,
+0x02000001,0x0A000001,0x02000009,0x0A000009,
+0x02000401,0x0A000401,0x02000409,0x0A000409,
+0x02020001,0x0A020001,0x02020009,0x0A020009,
+0x02020401,0x0A020401,0x02020409,0x0A020409,
+);
+@skb6=(
+# for D bits (numbered as per FIPS 46) 16 17 18 19 20 21 
+0x00000000,0x00000100,0x00080000,0x00080100,
+0x01000000,0x01000100,0x01080000,0x01080100,
+0x00000010,0x00000110,0x00080010,0x00080110,
+0x01000010,0x01000110,0x01080010,0x01080110,
+0x00200000,0x00200100,0x00280000,0x00280100,
+0x01200000,0x01200100,0x01280000,0x01280100,
+0x00200010,0x00200110,0x00280010,0x00280110,
+0x01200010,0x01200110,0x01280010,0x01280110,
+0x00000200,0x00000300,0x00080200,0x00080300,
+0x01000200,0x01000300,0x01080200,0x01080300,
+0x00000210,0x00000310,0x00080210,0x00080310,
+0x01000210,0x01000310,0x01080210,0x01080310,
+0x00200200,0x00200300,0x00280200,0x00280300,
+0x01200200,0x01200300,0x01280200,0x01280300,
+0x00200210,0x00200310,0x00280210,0x00280310,
+0x01200210,0x01200310,0x01280210,0x01280310,
+);
+@skb7=(
+# for D bits (numbered as per FIPS 46) 22 23 24 25 27 28 
+0x00000000,0x04000000,0x00040000,0x04040000,
+0x00000002,0x04000002,0x00040002,0x04040002,
+0x00002000,0x04002000,0x00042000,0x04042000,
+0x00002002,0x04002002,0x00042002,0x04042002,
+0x00000020,0x04000020,0x00040020,0x04040020,
+0x00000022,0x04000022,0x00040022,0x04040022,
+0x00002020,0x04002020,0x00042020,0x04042020,
+0x00002022,0x04002022,0x00042022,0x04042022,
+0x00000800,0x04000800,0x00040800,0x04040800,
+0x00000802,0x04000802,0x00040802,0x04040802,
+0x00002800,0x04002800,0x00042800,0x04042800,
+0x00002802,0x04002802,0x00042802,0x04042802,
+0x00000820,0x04000820,0x00040820,0x04040820,
+0x00000822,0x04000822,0x00040822,0x04040822,
+0x00002820,0x04002820,0x00042820,0x04042820,
+0x00002822,0x04002822,0x00042822,0x04042822,
+);
+
+@shifts2=(0,0,1,1,1,1,1,1,0,1,1,1,1,1,1,0);
+
+# used in ecb_encrypt
+@SP0=(
+0x00410100, 0x00010000, 0x40400000, 0x40410100,
+0x00400000, 0x40010100, 0x40010000, 0x40400000,
+0x40010100, 0x00410100, 0x00410000, 0x40000100,
+0x40400100, 0x00400000, 0x00000000, 0x40010000,
+0x00010000, 0x40000000, 0x00400100, 0x00010100,
+0x40410100, 0x00410000, 0x40000100, 0x00400100,
+0x40000000, 0x00000100, 0x00010100, 0x40410000,
+0x00000100, 0x40400100, 0x40410000, 0x00000000,
+0x00000000, 0x40410100, 0x00400100, 0x40010000,
+0x00410100, 0x00010000, 0x40000100, 0x00400100,
+0x40410000, 0x00000100, 0x00010100, 0x40400000,
+0x40010100, 0x40000000, 0x40400000, 0x00410000,
+0x40410100, 0x00010100, 0x00410000, 0x40400100,
+0x00400000, 0x40000100, 0x40010000, 0x00000000,
+0x00010000, 0x00400000, 0x40400100, 0x00410100,
+0x40000000, 0x40410000, 0x00000100, 0x40010100,
+);
+@SP1=(
+0x08021002, 0x00000000, 0x00021000, 0x08020000,
+0x08000002, 0x00001002, 0x08001000, 0x00021000,
+0x00001000, 0x08020002, 0x00000002, 0x08001000,
+0x00020002, 0x08021000, 0x08020000, 0x00000002,
+0x00020000, 0x08001002, 0x08020002, 0x00001000,
+0x00021002, 0x08000000, 0x00000000, 0x00020002,
+0x08001002, 0x00021002, 0x08021000, 0x08000002,
+0x08000000, 0x00020000, 0x00001002, 0x08021002,
+0x00020002, 0x08021000, 0x08001000, 0x00021002,
+0x08021002, 0x00020002, 0x08000002, 0x00000000,
+0x08000000, 0x00001002, 0x00020000, 0x08020002,
+0x00001000, 0x08000000, 0x00021002, 0x08001002,
+0x08021000, 0x00001000, 0x00000000, 0x08000002,
+0x00000002, 0x08021002, 0x00021000, 0x08020000,
+0x08020002, 0x00020000, 0x00001002, 0x08001000,
+0x08001002, 0x00000002, 0x08020000, 0x00021000,
+);
+@SP2=(
+0x20800000, 0x00808020, 0x00000020, 0x20800020,
+0x20008000, 0x00800000, 0x20800020, 0x00008020,
+0x00800020, 0x00008000, 0x00808000, 0x20000000,
+0x20808020, 0x20000020, 0x20000000, 0x20808000,
+0x00000000, 0x20008000, 0x00808020, 0x00000020,
+0x20000020, 0x20808020, 0x00008000, 0x20800000,
+0x20808000, 0x00800020, 0x20008020, 0x00808000,
+0x00008020, 0x00000000, 0x00800000, 0x20008020,
+0x00808020, 0x00000020, 0x20000000, 0x00008000,
+0x20000020, 0x20008000, 0x00808000, 0x20800020,
+0x00000000, 0x00808020, 0x00008020, 0x20808000,
+0x20008000, 0x00800000, 0x20808020, 0x20000000,
+0x20008020, 0x20800000, 0x00800000, 0x20808020,
+0x00008000, 0x00800020, 0x20800020, 0x00008020,
+0x00800020, 0x00000000, 0x20808000, 0x20000020,
+0x20800000, 0x20008020, 0x00000020, 0x00808000,
+);
+@SP3=(
+0x00080201, 0x02000200, 0x00000001, 0x02080201,
+0x00000000, 0x02080000, 0x02000201, 0x00080001,
+0x02080200, 0x02000001, 0x02000000, 0x00000201,
+0x02000001, 0x00080201, 0x00080000, 0x02000000,
+0x02080001, 0x00080200, 0x00000200, 0x00000001,
+0x00080200, 0x02000201, 0x02080000, 0x00000200,
+0x00000201, 0x00000000, 0x00080001, 0x02080200,
+0x02000200, 0x02080001, 0x02080201, 0x00080000,
+0x02080001, 0x00000201, 0x00080000, 0x02000001,
+0x00080200, 0x02000200, 0x00000001, 0x02080000,
+0x02000201, 0x00000000, 0x00000200, 0x00080001,
+0x00000000, 0x02080001, 0x02080200, 0x00000200,
+0x02000000, 0x02080201, 0x00080201, 0x00080000,
+0x02080201, 0x00000001, 0x02000200, 0x00080201,
+0x00080001, 0x00080200, 0x02080000, 0x02000201,
+0x00000201, 0x02000000, 0x02000001, 0x02080200,
+);
+@SP4=(
+0x01000000, 0x00002000, 0x00000080, 0x01002084,
+0x01002004, 0x01000080, 0x00002084, 0x01002000,
+0x00002000, 0x00000004, 0x01000004, 0x00002080,
+0x01000084, 0x01002004, 0x01002080, 0x00000000,
+0x00002080, 0x01000000, 0x00002004, 0x00000084,
+0x01000080, 0x00002084, 0x00000000, 0x01000004,
+0x00000004, 0x01000084, 0x01002084, 0x00002004,
+0x01002000, 0x00000080, 0x00000084, 0x01002080,
+0x01002080, 0x01000084, 0x00002004, 0x01002000,
+0x00002000, 0x00000004, 0x01000004, 0x01000080,
+0x01000000, 0x00002080, 0x01002084, 0x00000000,
+0x00002084, 0x01000000, 0x00000080, 0x00002004,
+0x01000084, 0x00000080, 0x00000000, 0x01002084,
+0x01002004, 0x01002080, 0x00000084, 0x00002000,
+0x00002080, 0x01002004, 0x01000080, 0x00000084,
+0x00000004, 0x00002084, 0x01002000, 0x01000004,
+);
+@SP5=(
+0x10000008, 0x00040008, 0x00000000, 0x10040400,
+0x00040008, 0x00000400, 0x10000408, 0x00040000,
+0x00000408, 0x10040408, 0x00040400, 0x10000000,
+0x10000400, 0x10000008, 0x10040000, 0x00040408,
+0x00040000, 0x10000408, 0x10040008, 0x00000000,
+0x00000400, 0x00000008, 0x10040400, 0x10040008,
+0x10040408, 0x10040000, 0x10000000, 0x00000408,
+0x00000008, 0x00040400, 0x00040408, 0x10000400,
+0x00000408, 0x10000000, 0x10000400, 0x00040408,
+0x10040400, 0x00040008, 0x00000000, 0x10000400,
+0x10000000, 0x00000400, 0x10040008, 0x00040000,
+0x00040008, 0x10040408, 0x00040400, 0x00000008,
+0x10040408, 0x00040400, 0x00040000, 0x10000408,
+0x10000008, 0x10040000, 0x00040408, 0x00000000,
+0x00000400, 0x10000008, 0x10000408, 0x10040400,
+0x10040000, 0x00000408, 0x00000008, 0x10040008,
+);
+@SP6=(
+0x00000800, 0x00000040, 0x00200040, 0x80200000,
+0x80200840, 0x80000800, 0x00000840, 0x00000000,
+0x00200000, 0x80200040, 0x80000040, 0x00200800,
+0x80000000, 0x00200840, 0x00200800, 0x80000040,
+0x80200040, 0x00000800, 0x80000800, 0x80200840,
+0x00000000, 0x00200040, 0x80200000, 0x00000840,
+0x80200800, 0x80000840, 0x00200840, 0x80000000,
+0x80000840, 0x80200800, 0x00000040, 0x00200000,
+0x80000840, 0x00200800, 0x80200800, 0x80000040,
+0x00000800, 0x00000040, 0x00200000, 0x80200800,
+0x80200040, 0x80000840, 0x00000840, 0x00000000,
+0x00000040, 0x80200000, 0x80000000, 0x00200040,
+0x00000000, 0x80200040, 0x00200040, 0x00000840,
+0x80000040, 0x00000800, 0x80200840, 0x00200000,
+0x00200840, 0x80000000, 0x80000800, 0x80200840,
+0x80200000, 0x00200840, 0x00200800, 0x80000800,
+);
+@SP7=(
+0x04100010, 0x04104000, 0x00004010, 0x00000000,
+0x04004000, 0x00100010, 0x04100000, 0x04104010,
+0x00000010, 0x04000000, 0x00104000, 0x00004010,
+0x00104010, 0x04004010, 0x04000010, 0x04100000,
+0x00004000, 0x00104010, 0x00100010, 0x04004000,
+0x04104010, 0x04000010, 0x00000000, 0x00104000,
+0x04000000, 0x00100000, 0x04004010, 0x04100010,
+0x00100000, 0x00004000, 0x04104000, 0x00000010,
+0x00100000, 0x00004000, 0x04000010, 0x04104010,
+0x00004010, 0x04000000, 0x00000000, 0x00104000,
+0x04100010, 0x04004010, 0x04004000, 0x00100010,
+0x04104000, 0x00000010, 0x00100010, 0x04004000,
+0x04104010, 0x00100000, 0x04100000, 0x04000010,
+0x00104000, 0x00004010, 0x04004010, 0x04100000,
+0x00000010, 0x04104000, 0x00104010, 0x00000000,
+0x04000000, 0x04100010, 0x00004000, 0x00104010,
+);
+
+sub main'des_set_key
+	{
+	local($param)=@_;
+	local(@key);
+	local($c,$d,$i,$s,$t);
+	local(@ks)=();
+
+	# Get the bytes in the order we want.
+	@key=unpack("C8",$param);
+
+	$c=	($key[0]    )|
+		($key[1]<< 8)|
+		($key[2]<<16)|
+		($key[3]<<24);
+	$d=	($key[4]    )|
+		($key[5]<< 8)|
+		($key[6]<<16)|
+		($key[7]<<24);
+
+	&doPC1(*c,*d);
+
+	for $i (@shifts2)
+		{
+		if ($i)
+			{
+			$c=($c>>2)|($c<<26);
+			$d=($d>>2)|($d<<26);
+			}
+		else
+			{
+			$c=($c>>1)|($c<<27);
+			$d=($d>>1)|($d<<27);
+			}
+		$c&=0x0fffffff;
+		$d&=0x0fffffff;
+		$s=	$skb0[ ($c    )&0x3f                 ]|
+			$skb1[(($c>> 6)&0x03)|(($c>> 7)&0x3c)]|
+			$skb2[(($c>>13)&0x0f)|(($c>>14)&0x30)]|
+			$skb3[(($c>>20)&0x01)|(($c>>21)&0x06) |
+					     (($c>>22)&0x38)];
+		$t=     $skb4[ ($d    )&0x3f                ]|
+			$skb5[(($d>> 7)&0x03)|(($d>> 8)&0x3c)]|
+			$skb6[ ($d>>15)&0x3f                 ]|
+			$skb7[(($d>>21)&0x0f)|(($d>>22)&0x30)];
+		push(@ks,(($t<<16)|($s&0x0000ffff))&0xffffffff);
+		$s=      (($s>>16)&0x0000ffff)|($t&0xffff0000) ;
+		push(@ks,(($s<<4)|(($s>>28)&0xf))&0xffffffff);
+		}
+	@ks;
+	}
+
+sub doPC1
+	{
+	local(*a,*b)=@_;
+	local($t);
+
+	$t=(($b>>4)^$a)&0x0f0f0f0f;
+	$b^=($t<<4); $a^=$t;
+	# do $a first 
+	$t=(($a<<18)^$a)&0xcccc0000;
+	$a=$a^$t^(($t>>18)&0x00003fff);
+	$t=(($a<<17)^$a)&0xaaaa0000;
+	$a=$a^$t^(($t>>17)&0x00007fff);
+	$t=(($a<< 8)^$a)&0x00ff0000;
+	$a=$a^$t^(($t>> 8)&0x00ffffff);
+	$t=(($a<<17)^$a)&0xaaaa0000;
+	$a=$a^$t^(($t>>17)&0x00007fff);
+
+	# now do $b
+	$t=(($b<<24)^$b)&0xff000000;
+	$b=$b^$t^(($t>>24)&0x000000ff);
+	$t=(($b<< 8)^$b)&0x00ff0000;
+	$b=$b^$t^(($t>> 8)&0x00ffffff);
+	$t=(($b<<14)^$b)&0x33330000;
+	$b=$b^$t^(($t>>14)&0x0003ffff);
+	$b=(($b&0x00aa00aa)<<7)|(($b&0x55005500)>>7)|($b&0xaa55aa55);
+	$b=(($b>>8)&0x00ffffff)|((($a&0xf0000000)>>4)&0x0fffffff);
+	$a&=0x0fffffff;
+	}
+
+sub doIP
+	{
+	local(*a,*b)=@_;
+	local($t);
+
+	$t=(($b>> 4)^$a)&0x0f0f0f0f;
+	$b^=($t<< 4); $a^=$t;
+	$t=(($a>>16)^$b)&0x0000ffff;
+	$a^=($t<<16); $b^=$t;
+	$t=(($b>> 2)^$a)&0x33333333;
+	$b^=($t<< 2); $a^=$t;
+	$t=(($a>> 8)^$b)&0x00ff00ff;
+	$a^=($t<< 8); $b^=$t;
+	$t=(($b>> 1)^$a)&0x55555555;
+	$b^=($t<< 1); $a^=$t;
+	$t=$a;
+	$a=$b&0xffffffff;
+	$b=$t&0xffffffff;
+	}
+
+sub doFP
+	{
+	local(*a,*b)=@_;
+	local($t);
+
+	$t=(($b>> 1)^$a)&0x55555555;
+	$b^=($t<< 1); $a^=$t;
+	$t=(($a>> 8)^$b)&0x00ff00ff;
+	$a^=($t<< 8); $b^=$t;
+	$t=(($b>> 2)^$a)&0x33333333;
+	$b^=($t<< 2); $a^=$t;
+	$t=(($a>>16)^$b)&0x0000ffff;
+	$a^=($t<<16); $b^=$t;
+	$t=(($b>> 4)^$a)&0x0f0f0f0f;
+	$b^=($t<< 4); $a^=$t;
+	$a&=0xffffffff;
+	$b&=0xffffffff;
+	}
+
+sub main'des_ecb_encrypt
+	{
+	local(*ks,$encrypt,$in)=@_;
+	local($l,$r,$i,$t,$u,@input);
+	
+	@input=unpack("C8",$in);
+	# Get the bytes in the order we want.
+	$l=	($input[0]    )|
+		($input[1]<< 8)|
+		($input[2]<<16)|
+		($input[3]<<24);
+	$r=	($input[4]    )|
+		($input[5]<< 8)|
+		($input[6]<<16)|
+		($input[7]<<24);
+
+	$l&=0xffffffff;
+	$r&=0xffffffff;
+	&doIP(*l,*r);
+	if ($encrypt)
+		{
+		for ($i=0; $i<32; $i+=4)
+			{
+			$t=((($r&0x7fffffff)<<1)|(($r>>31)&0x00000001));
+			$u=$t^$ks[$i  ];
+			$t=$t^$ks[$i+1];
+			$t2=(($t&0x0000000f)<<28);
+
+			$t=((($t>>4)&0x0fffffff)|(($t&0x0000000f)<<28));
+			$l^=	$SP1[ $t     &0x3f]|
+				$SP3[($t>> 8)&0x3f]|
+				$SP5[($t>>16)&0x3f]|
+				$SP7[($t>>24)&0x3f]|
+				$SP0[ $u     &0x3f]|
+				$SP2[($u>> 8)&0x3f]|
+				$SP4[($u>>16)&0x3f]|
+				$SP6[($u>>24)&0x3f];
+
+			$t=(($l<<1)|(($l>>31)&0x1))&0xffffffff;
+			$u=$t^$ks[$i+2];
+			$t=$t^$ks[$i+3];
+			$t=((($t>>4)&0x0fffffff)|($t<<28))&0xffffffff;
+			$r^=	$SP1[ $t     &0x3f]|
+				$SP3[($t>> 8)&0x3f]|
+				$SP5[($t>>16)&0x3f]|
+				$SP7[($t>>24)&0x3f]|
+				$SP0[ $u     &0x3f]|
+				$SP2[($u>> 8)&0x3f]|
+				$SP4[($u>>16)&0x3f]|
+				$SP6[($u>>24)&0x3f];
+			}
+		}
+	else	
+		{
+		for ($i=30; $i>0; $i-=4)
+			{
+			$t=(($r<<1)|(($r>>31)&0x1))&0xffffffff;
+			$u=$t^$ks[$i  ];
+			$t=$t^$ks[$i+1];
+			$t=((($t>>4)&0x0fffffff)|($t<<28))&0xffffffff;
+			$l^=	$SP1[ $t     &0x3f]|
+				$SP3[($t>> 8)&0x3f]|
+				$SP5[($t>>16)&0x3f]|
+				$SP7[($t>>24)&0x3f]|
+				$SP0[ $u     &0x3f]|
+				$SP2[($u>> 8)&0x3f]|
+				$SP4[($u>>16)&0x3f]|
+				$SP6[($u>>24)&0x3f];
+
+			$t=(($l<<1)|(($l>>31)&0x1))&0xffffffff;
+			$u=$t^$ks[$i-2];
+			$t=$t^$ks[$i-1];
+			$t=((($t>>4)&0x0fffffff)|($t<<28))&0xffffffff;
+			$r^=	$SP1[ $t     &0x3f]|
+				$SP3[($t>> 8)&0x3f]|
+				$SP5[($t>>16)&0x3f]|
+				$SP7[($t>>24)&0x3f]|
+				$SP0[ $u     &0x3f]|
+				$SP2[($u>> 8)&0x3f]|
+				$SP4[($u>>16)&0x3f]|
+				$SP6[($u>>24)&0x3f];
+			}
+		}
+	&doFP(*l,*r);
+	pack("C8",$l&0xff, 
+	          ($l>> 8)&0x00ffffff,
+	          ($l>>16)&0x0000ffff,
+		  ($l>>24)&0x000000ff,
+		  $r&0xff,
+	          ($r>> 8)&0x00ffffff,
+	          ($r>>16)&0x0000ffff,
+		  ($r>>24)&0x000000ff);
+	}
diff --git a/crypto/openssl/crypto/des/des3s.cpp b/crypto/openssl/crypto/des/des3s.cpp
new file mode 100644
index 000000000000..02d527c057c2
--- /dev/null
+++ b/crypto/openssl/crypto/des/des3s.cpp
@@ -0,0 +1,67 @@
+//
+// gettsc.inl
+//
+// gives access to the Pentium's (secret) cycle counter
+//
+// This software was written by Leonard Janke (janke@unixg.ubc.ca)
+// in 1996-7 and is entered, by him, into the public domain.
+
+#if defined(__WATCOMC__)
+void GetTSC(unsigned long&);
+#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
+#elif defined(__GNUC__)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  asm volatile(".byte 15, 49\n\t"
+	       : "=eax" (tsc)
+	       :
+	       : "%edx", "%eax");
+}
+#elif defined(_MSC_VER)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  unsigned long a;
+  __asm _emit 0fh
+  __asm _emit 31h
+  __asm mov a, eax;
+  tsc=a;
+}
+#endif      
+
+#include 
+#include 
+#include 
+
+void main(int argc,char *argv[])
+	{
+	des_key_schedule key1,key2,key3;
+	unsigned long s1,s2,e1,e2;
+	unsigned long data[2];
+	int i,j;
+
+	for (j=0; j<6; j++)
+		{
+		for (i=0; i<1000; i++) /**/
+			{
+			des_encrypt3(&data[0],key1,key2,key3);
+			GetTSC(s1);
+			des_encrypt3(&data[0],key1,key2,key3);
+			des_encrypt3(&data[0],key1,key2,key3);
+			des_encrypt3(&data[0],key1,key2,key3);
+			GetTSC(e1);
+			GetTSC(s2);
+			des_encrypt3(&data[0],key1,key2,key3);
+			des_encrypt3(&data[0],key1,key2,key3);
+			des_encrypt3(&data[0],key1,key2,key3);
+			des_encrypt3(&data[0],key1,key2,key3);
+			GetTSC(e2);
+			des_encrypt3(&data[0],key1,key2,key3);
+			}
+
+		printf("des %d %d (%d)\n",
+			e1-s1,e2-s2,((e2-s2)-(e1-s1)));
+		}
+	}
+
diff --git a/crypto/openssl/crypto/des/des_crypt.man b/crypto/openssl/crypto/des/des_crypt.man
new file mode 100644
index 000000000000..0ecc416877fe
--- /dev/null
+++ b/crypto/openssl/crypto/des/des_crypt.man
@@ -0,0 +1,508 @@
+.TH DES_CRYPT 3 
+.SH NAME
+des_read_password, des_read_2password,
+des_string_to_key, des_string_to_2key, des_read_pw_string,
+des_random_key, des_set_key,
+des_key_sched, des_ecb_encrypt, des_ecb3_encrypt, des_cbc_encrypt,
+des_3cbc_encrypt,
+des_pcbc_encrypt, des_cfb_encrypt, des_ofb_encrypt,
+des_cbc_cksum, des_quad_cksum,
+des_enc_read, des_enc_write, des_set_odd_parity,
+des_is_weak_key, crypt \- (non USA) DES encryption
+.SH SYNOPSIS
+.nf
+.nj
+.ft B
+#include 
+.PP
+.B int des_read_password(key,prompt,verify)
+des_cblock *key;
+char *prompt;
+int verify;
+.PP
+.B int des_read_2password(key1,key2,prompt,verify)
+des_cblock *key1,*key2;
+char *prompt;
+int verify;
+.PP
+.B int des_string_to_key(str,key)
+char *str;
+des_cblock *key;
+.PP
+.B int des_string_to_2keys(str,key1,key2)
+char *str;
+des_cblock *key1,*key2;
+.PP
+.B int des_read_pw_string(buf,length,prompt,verify)
+char *buf;
+int length;
+char *prompt;
+int verify;
+.PP
+.B int des_random_key(key)
+des_cblock *key;
+.PP
+.B int des_set_key(key,schedule)
+des_cblock *key;
+des_key_schedule schedule;
+.PP
+.B int des_key_sched(key,schedule)
+des_cblock *key;
+des_key_schedule schedule;
+.PP
+.B int des_ecb_encrypt(input,output,schedule,encrypt)
+des_cblock *input;
+des_cblock *output;
+des_key_schedule schedule;
+int encrypt;
+.PP
+.B int des_ecb3_encrypt(input,output,ks1,ks2,encrypt)
+des_cblock *input;
+des_cblock *output;
+des_key_schedule ks1,ks2;
+int encrypt;
+.PP
+.B int des_cbc_encrypt(input,output,length,schedule,ivec,encrypt)
+des_cblock *input;
+des_cblock *output;
+long length;
+des_key_schedule schedule;
+des_cblock *ivec;
+int encrypt;
+.PP
+.B int des_3cbc_encrypt(input,output,length,sk1,sk2,ivec1,ivec2,encrypt)
+des_cblock *input;
+des_cblock *output;
+long length;
+des_key_schedule sk1;
+des_key_schedule sk2;
+des_cblock *ivec1;
+des_cblock *ivec2;
+int encrypt;
+.PP
+.B int des_pcbc_encrypt(input,output,length,schedule,ivec,encrypt)
+des_cblock *input;
+des_cblock *output;
+long length;
+des_key_schedule schedule;
+des_cblock *ivec;
+int encrypt;
+.PP
+.B int des_cfb_encrypt(input,output,numbits,length,schedule,ivec,encrypt)
+unsigned char *input;
+unsigned char *output;
+int numbits;
+long length;
+des_key_schedule schedule;
+des_cblock *ivec;
+int encrypt;
+.PP
+.B int des_ofb_encrypt(input,output,numbits,length,schedule,ivec)
+unsigned char *input,*output;
+int numbits;
+long length;
+des_key_schedule schedule;
+des_cblock *ivec;
+.PP
+.B unsigned long des_cbc_cksum(input,output,length,schedule,ivec)
+des_cblock *input;
+des_cblock *output;
+long length;
+des_key_schedule schedule;
+des_cblock *ivec;
+.PP
+.B unsigned long des_quad_cksum(input,output,length,out_count,seed)
+des_cblock *input;
+des_cblock *output;
+long length;
+int out_count;
+des_cblock *seed;
+.PP
+.B int des_check_key;
+.PP
+.B int des_enc_read(fd,buf,len,sched,iv)
+int fd;
+char *buf;
+int len;
+des_key_schedule sched;
+des_cblock *iv;
+.PP
+.B int des_enc_write(fd,buf,len,sched,iv)
+int fd;
+char *buf;
+int len;
+des_key_schedule sched;
+des_cblock *iv;
+.PP
+.B extern int des_rw_mode;
+.PP
+.B void des_set_odd_parity(key)
+des_cblock *key;
+.PP
+.B int des_is_weak_key(key)
+des_cblock *key;
+.PP
+.B char *crypt(passwd,salt)
+char *passwd;
+char *salt;
+.PP
+.fi
+.SH DESCRIPTION
+This library contains a fast implementation of the DES encryption
+algorithm.
+.PP
+There are two phases to the use of DES encryption.
+The first is the generation of a
+.I des_key_schedule
+from a key,
+the second is the actual encryption.
+A des key is of type
+.I des_cblock.
+This type is made from 8 characters with odd parity.
+The least significant bit in the character is the parity bit.
+The key schedule is an expanded form of the key; it is used to speed the
+encryption process.
+.PP
+.I des_read_password
+writes the string specified by prompt to the standard output,
+turns off echo and reads an input string from standard input
+until terminated with a newline.
+If verify is non-zero, it prompts and reads the input again and verifies
+that both entered passwords are the same.
+The entered string is converted into a des key by using the
+.I des_string_to_key
+routine.
+The new key is placed in the
+.I des_cblock
+that was passed (by reference) to the routine.
+If there were no errors,
+.I des_read_password
+returns 0,
+-1 is returned if there was a terminal error and 1 is returned for
+any other error.
+.PP
+.I des_read_2password
+operates in the same way as
+.I des_read_password
+except that it generates 2 keys by using the
+.I des_string_to_2key
+function.
+.PP
+.I des_read_pw_string
+is called by
+.I des_read_password
+to read and verify a string from a terminal device.
+The string is returned in
+.I buf.
+The size of
+.I buf
+is passed to the routine via the
+.I length
+parameter.
+.PP
+.I des_string_to_key
+converts a string into a valid des key.
+.PP
+.I des_string_to_2key
+converts a string into 2 valid des keys.
+This routine is best suited for used to generate keys for use with
+.I des_ecb3_encrypt.
+.PP
+.I des_random_key
+returns a random key that is made of a combination of process id,
+time and an increasing counter.
+.PP
+Before a des key can be used it is converted into a
+.I des_key_schedule
+via the
+.I des_set_key
+routine.
+If the
+.I des_check_key
+flag is non-zero,
+.I des_set_key
+will check that the key passed is of odd parity and is not a week or
+semi-weak key.
+If the parity is wrong,
+then -1 is returned.
+If the key is a weak key,
+then -2 is returned.
+If an error is returned,
+the key schedule is not generated.
+.PP
+.I des_key_sched
+is another name for the
+.I des_set_key
+function.
+.PP
+The following routines mostly operate on an input and output stream of
+.I des_cblock's.
+.PP
+.I des_ecb_encrypt
+is the basic DES encryption routine that encrypts or decrypts a single 8-byte
+.I des_cblock
+in
+.I electronic code book
+mode.
+It always transforms the input data, pointed to by
+.I input,
+into the output data,
+pointed to by the
+.I output
+argument.
+If the
+.I encrypt
+argument is non-zero (DES_ENCRYPT),
+the
+.I input
+(cleartext) is encrypted in to the
+.I output
+(ciphertext) using the key_schedule specified by the
+.I schedule
+argument,
+previously set via
+.I des_set_key.
+If
+.I encrypt
+is zero (DES_DECRYPT),
+the
+.I input
+(now ciphertext)
+is decrypted into the
+.I output
+(now cleartext).
+Input and output may overlap.
+No meaningful value is returned.
+.PP
+.I des_ecb3_encrypt
+encrypts/decrypts the
+.I input
+block by using triple ecb DES encryption.
+This involves encrypting the input with 
+.I ks1,
+decryption with the key schedule
+.I ks2,
+and then encryption with the first again.
+This routine greatly reduces the chances of brute force breaking of
+DES and has the advantage of if
+.I ks1
+and
+.I ks2
+are the same, it is equivalent to just encryption using ecb mode and
+.I ks1
+as the key.
+.PP
+.I des_cbc_encrypt
+encrypts/decrypts using the
+.I cipher-block-chaining
+mode of DES.
+If the
+.I encrypt
+argument is non-zero,
+the routine cipher-block-chain encrypts the cleartext data pointed to by the
+.I input
+argument into the ciphertext pointed to by the
+.I output
+argument,
+using the key schedule provided by the
+.I schedule
+argument,
+and initialisation vector provided by the
+.I ivec
+argument.
+If the
+.I length
+argument is not an integral multiple of eight bytes, 
+the last block is copied to a temporary area and zero filled.
+The output is always
+an integral multiple of eight bytes.
+To make multiple cbc encrypt calls on a large amount of data appear to
+be one 
+.I des_cbc_encrypt
+call, the
+.I ivec
+of subsequent calls should be the last 8 bytes of the output.
+.PP
+.I des_3cbc_encrypt
+encrypts/decrypts the
+.I input
+block by using triple cbc DES encryption.
+This involves encrypting the input with key schedule
+.I ks1,
+decryption with the key schedule
+.I ks2,
+and then encryption with the first again.
+2 initialisation vectors are required,
+.I ivec1
+and
+.I ivec2.
+Unlike
+.I des_cbc_encrypt,
+these initialisation vectors are modified by the subroutine.
+This routine greatly reduces the chances of brute force breaking of
+DES and has the advantage of if
+.I ks1
+and
+.I ks2
+are the same, it is equivalent to just encryption using cbc mode and
+.I ks1
+as the key.
+.PP
+.I des_pcbc_encrypt
+encrypt/decrypts using a modified block chaining mode.
+It provides better error propagation characteristics than cbc
+encryption.
+.PP
+.I des_cfb_encrypt
+encrypt/decrypts using cipher feedback mode.  This method takes an
+array of characters as input and outputs and array of characters.  It
+does not require any padding to 8 character groups.  Note: the ivec
+variable is changed and the new changed value needs to be passed to
+the next call to this function.  Since this function runs a complete
+DES ecb encryption per numbits, this function is only suggested for
+use when sending small numbers of characters.
+.PP
+.I des_ofb_encrypt
+encrypt using output feedback mode.  This method takes an
+array of characters as input and outputs and array of characters.  It
+does not require any padding to 8 character groups.  Note: the ivec
+variable is changed and the new changed value needs to be passed to
+the next call to this function.  Since this function runs a complete
+DES ecb encryption per numbits, this function is only suggested for
+use when sending small numbers of characters.
+.PP
+.I des_cbc_cksum
+produces an 8 byte checksum based on the input stream (via cbc encryption).
+The last 4 bytes of the checksum is returned and the complete 8 bytes is
+placed in
+.I output.
+.PP
+.I des_quad_cksum
+returns a 4 byte checksum from the input bytes.
+The algorithm can be iterated over the input,
+depending on
+.I out_count,
+1, 2, 3 or 4 times.
+If
+.I output
+is non-NULL,
+the 8 bytes generated by each pass are written into
+.I output.
+.PP
+.I des_enc_write
+is used to write
+.I len
+bytes
+to file descriptor
+.I fd
+from buffer
+.I buf.
+The data is encrypted via
+.I pcbc_encrypt
+(default) using
+.I sched
+for the key and
+.I iv
+as a starting vector.
+The actual data send down
+.I fd
+consists of 4 bytes (in network byte order) containing the length of the
+following encrypted data.  The encrypted data then follows, padded with random
+data out to a multiple of 8 bytes.
+.PP
+.I des_enc_read
+is used to read
+.I len
+bytes
+from file descriptor
+.I fd
+into buffer
+.I buf.
+The data being read from
+.I fd
+is assumed to have come from
+.I des_enc_write
+and is decrypted using
+.I sched
+for the key schedule and
+.I iv
+for the initial vector.
+The
+.I des_enc_read/des_enc_write
+pair can be used to read/write to files, pipes and sockets.
+I have used them in implementing a version of rlogin in which all
+data is encrypted.
+.PP
+.I des_rw_mode
+is used to specify the encryption mode to use with 
+.I des_enc_read
+and 
+.I des_end_write.
+If set to
+.I DES_PCBC_MODE
+(the default), des_pcbc_encrypt is used.
+If set to
+.I DES_CBC_MODE
+des_cbc_encrypt is used.
+These two routines and the variable are not part of the normal MIT library.
+.PP
+.I des_set_odd_parity
+sets the parity of the passed
+.I key
+to odd.  This routine is not part of the standard MIT library.
+.PP
+.I des_is_weak_key
+returns 1 is the passed key is a weak key (pick again :-),
+0 if it is ok.
+This routine is not part of the standard MIT library.
+.PP
+.I crypt
+is a replacement for the normal system crypt.
+It is much faster than the system crypt.
+.PP
+.SH FILES
+/usr/include/des.h
+.br
+/usr/lib/libdes.a
+.PP
+The encryption routines have been tested on 16bit, 32bit and 64bit
+machines of various endian and even works under VMS.
+.PP
+.SH BUGS
+.PP
+If you think this manual is sparse,
+read the des_crypt(3) manual from the MIT kerberos (or bones outside
+of the USA) distribution.
+.PP
+.I des_cfb_encrypt
+and
+.I des_ofb_encrypt
+operates on input of 8 bits.  What this means is that if you set
+numbits to 12, and length to 2, the first 12 bits will come from the 1st
+input byte and the low half of the second input byte.  The second 12
+bits will have the low 8 bits taken from the 3rd input byte and the
+top 4 bits taken from the 4th input byte.  The same holds for output.
+This function has been implemented this way because most people will
+be using a multiple of 8 and because once you get into pulling bytes input
+bytes apart things get ugly!
+.PP
+.I des_read_pw_string
+is the most machine/OS dependent function and normally generates the
+most problems when porting this code.
+.PP
+.I des_string_to_key
+is probably different from the MIT version since there are lots
+of fun ways to implement one-way encryption of a text string.
+.PP
+The routines are optimised for 32 bit machines and so are not efficient
+on IBM PCs.
+.PP
+NOTE: extensive work has been done on this library since this document
+was origionally written.  Please try to read des.doc from the libdes
+distribution since it is far more upto date and documents more of the
+functions.  Libdes is now also being shipped as part of SSLeay, a
+general cryptographic library that amonst other things implements
+netscapes SSL protocoll.  The most recent version can be found in
+SSLeay distributions.
+.SH AUTHOR
+Eric Young (eay@cryptsoft.com)
diff --git a/crypto/openssl/crypto/des/des_enc.c b/crypto/openssl/crypto/des/des_enc.c
new file mode 100644
index 000000000000..8311e106281c
--- /dev/null
+++ b/crypto/openssl/crypto/des/des_enc.c
@@ -0,0 +1,406 @@
+/* crypto/des/des_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "des_locl.h"
+
+void des_encrypt(DES_LONG *data, des_key_schedule ks, int enc)
+	{
+	register DES_LONG l,r,t,u;
+#ifdef DES_PTR
+	register const unsigned char *des_SP=(const unsigned char *)des_SPtrans;
+#endif
+#ifndef DES_UNROLL
+	register int i;
+#endif
+	register DES_LONG *s;
+
+	r=data[0];
+	l=data[1];
+
+	IP(r,l);
+	/* Things have been modified so that the initial rotate is
+	 * done outside the loop.  This required the
+	 * des_SPtrans values in sp.h to be rotated 1 bit to the right.
+	 * One perl script later and things have a 5% speed up on a sparc2.
+	 * Thanks to Richard Outerbridge <71755.204@CompuServe.COM>
+	 * for pointing this out. */
+	/* clear the top bits on machines with 8byte longs */
+	/* shift left by 2 */
+	r=ROTATE(r,29)&0xffffffffL;
+	l=ROTATE(l,29)&0xffffffffL;
+
+	s=ks->ks.deslong;
+	/* I don't know if it is worth the effort of loop unrolling the
+	 * inner loop */
+	if (enc)
+		{
+#ifdef DES_UNROLL
+		D_ENCRYPT(l,r, 0); /*  1 */
+		D_ENCRYPT(r,l, 2); /*  2 */
+		D_ENCRYPT(l,r, 4); /*  3 */
+		D_ENCRYPT(r,l, 6); /*  4 */
+		D_ENCRYPT(l,r, 8); /*  5 */
+		D_ENCRYPT(r,l,10); /*  6 */
+		D_ENCRYPT(l,r,12); /*  7 */
+		D_ENCRYPT(r,l,14); /*  8 */
+		D_ENCRYPT(l,r,16); /*  9 */
+		D_ENCRYPT(r,l,18); /*  10 */
+		D_ENCRYPT(l,r,20); /*  11 */
+		D_ENCRYPT(r,l,22); /*  12 */
+		D_ENCRYPT(l,r,24); /*  13 */
+		D_ENCRYPT(r,l,26); /*  14 */
+		D_ENCRYPT(l,r,28); /*  15 */
+		D_ENCRYPT(r,l,30); /*  16 */
+#else
+		for (i=0; i<32; i+=8)
+			{
+			D_ENCRYPT(l,r,i+0); /*  1 */
+			D_ENCRYPT(r,l,i+2); /*  2 */
+			D_ENCRYPT(l,r,i+4); /*  3 */
+			D_ENCRYPT(r,l,i+6); /*  4 */
+			}
+#endif
+		}
+	else
+		{
+#ifdef DES_UNROLL
+		D_ENCRYPT(l,r,30); /* 16 */
+		D_ENCRYPT(r,l,28); /* 15 */
+		D_ENCRYPT(l,r,26); /* 14 */
+		D_ENCRYPT(r,l,24); /* 13 */
+		D_ENCRYPT(l,r,22); /* 12 */
+		D_ENCRYPT(r,l,20); /* 11 */
+		D_ENCRYPT(l,r,18); /* 10 */
+		D_ENCRYPT(r,l,16); /*  9 */
+		D_ENCRYPT(l,r,14); /*  8 */
+		D_ENCRYPT(r,l,12); /*  7 */
+		D_ENCRYPT(l,r,10); /*  6 */
+		D_ENCRYPT(r,l, 8); /*  5 */
+		D_ENCRYPT(l,r, 6); /*  4 */
+		D_ENCRYPT(r,l, 4); /*  3 */
+		D_ENCRYPT(l,r, 2); /*  2 */
+		D_ENCRYPT(r,l, 0); /*  1 */
+#else
+		for (i=30; i>0; i-=8)
+			{
+			D_ENCRYPT(l,r,i-0); /* 16 */
+			D_ENCRYPT(r,l,i-2); /* 15 */
+			D_ENCRYPT(l,r,i-4); /* 14 */
+			D_ENCRYPT(r,l,i-6); /* 13 */
+			}
+#endif
+		}
+
+	/* rotate and clear the top bits on machines with 8byte longs */
+	l=ROTATE(l,3)&0xffffffffL;
+	r=ROTATE(r,3)&0xffffffffL;
+
+	FP(r,l);
+	data[0]=l;
+	data[1]=r;
+	l=r=t=u=0;
+	}
+
+void des_encrypt2(DES_LONG *data, des_key_schedule ks, int enc)
+	{
+	register DES_LONG l,r,t,u;
+#ifdef DES_PTR
+	register const unsigned char *des_SP=(const unsigned char *)des_SPtrans;
+#endif
+#ifndef DES_UNROLL
+	register int i;
+#endif
+	register DES_LONG *s;
+
+	r=data[0];
+	l=data[1];
+
+	/* Things have been modified so that the initial rotate is
+	 * done outside the loop.  This required the
+	 * des_SPtrans values in sp.h to be rotated 1 bit to the right.
+	 * One perl script later and things have a 5% speed up on a sparc2.
+	 * Thanks to Richard Outerbridge <71755.204@CompuServe.COM>
+	 * for pointing this out. */
+	/* clear the top bits on machines with 8byte longs */
+	r=ROTATE(r,29)&0xffffffffL;
+	l=ROTATE(l,29)&0xffffffffL;
+
+	s=ks->ks.deslong;
+	/* I don't know if it is worth the effort of loop unrolling the
+	 * inner loop */
+	if (enc)
+		{
+#ifdef DES_UNROLL
+		D_ENCRYPT(l,r, 0); /*  1 */
+		D_ENCRYPT(r,l, 2); /*  2 */
+		D_ENCRYPT(l,r, 4); /*  3 */
+		D_ENCRYPT(r,l, 6); /*  4 */
+		D_ENCRYPT(l,r, 8); /*  5 */
+		D_ENCRYPT(r,l,10); /*  6 */
+		D_ENCRYPT(l,r,12); /*  7 */
+		D_ENCRYPT(r,l,14); /*  8 */
+		D_ENCRYPT(l,r,16); /*  9 */
+		D_ENCRYPT(r,l,18); /*  10 */
+		D_ENCRYPT(l,r,20); /*  11 */
+		D_ENCRYPT(r,l,22); /*  12 */
+		D_ENCRYPT(l,r,24); /*  13 */
+		D_ENCRYPT(r,l,26); /*  14 */
+		D_ENCRYPT(l,r,28); /*  15 */
+		D_ENCRYPT(r,l,30); /*  16 */
+#else
+		for (i=0; i<32; i+=8)
+			{
+			D_ENCRYPT(l,r,i+0); /*  1 */
+			D_ENCRYPT(r,l,i+2); /*  2 */
+			D_ENCRYPT(l,r,i+4); /*  3 */
+			D_ENCRYPT(r,l,i+6); /*  4 */
+			}
+#endif
+		}
+	else
+		{
+#ifdef DES_UNROLL
+		D_ENCRYPT(l,r,30); /* 16 */
+		D_ENCRYPT(r,l,28); /* 15 */
+		D_ENCRYPT(l,r,26); /* 14 */
+		D_ENCRYPT(r,l,24); /* 13 */
+		D_ENCRYPT(l,r,22); /* 12 */
+		D_ENCRYPT(r,l,20); /* 11 */
+		D_ENCRYPT(l,r,18); /* 10 */
+		D_ENCRYPT(r,l,16); /*  9 */
+		D_ENCRYPT(l,r,14); /*  8 */
+		D_ENCRYPT(r,l,12); /*  7 */
+		D_ENCRYPT(l,r,10); /*  6 */
+		D_ENCRYPT(r,l, 8); /*  5 */
+		D_ENCRYPT(l,r, 6); /*  4 */
+		D_ENCRYPT(r,l, 4); /*  3 */
+		D_ENCRYPT(l,r, 2); /*  2 */
+		D_ENCRYPT(r,l, 0); /*  1 */
+#else
+		for (i=30; i>0; i-=8)
+			{
+			D_ENCRYPT(l,r,i-0); /* 16 */
+			D_ENCRYPT(r,l,i-2); /* 15 */
+			D_ENCRYPT(l,r,i-4); /* 14 */
+			D_ENCRYPT(r,l,i-6); /* 13 */
+			}
+#endif
+		}
+	/* rotate and clear the top bits on machines with 8byte longs */
+	data[0]=ROTATE(l,3)&0xffffffffL;
+	data[1]=ROTATE(r,3)&0xffffffffL;
+	l=r=t=u=0;
+	}
+
+void des_encrypt3(DES_LONG *data, des_key_schedule ks1, des_key_schedule ks2,
+	     des_key_schedule ks3)
+	{
+	register DES_LONG l,r;
+
+	l=data[0];
+	r=data[1];
+	IP(l,r);
+	data[0]=l;
+	data[1]=r;
+	des_encrypt2((DES_LONG *)data,ks1,DES_ENCRYPT);
+	des_encrypt2((DES_LONG *)data,ks2,DES_DECRYPT);
+	des_encrypt2((DES_LONG *)data,ks3,DES_ENCRYPT);
+	l=data[0];
+	r=data[1];
+	FP(r,l);
+	data[0]=l;
+	data[1]=r;
+	}
+
+void des_decrypt3(DES_LONG *data, des_key_schedule ks1, des_key_schedule ks2,
+	     des_key_schedule ks3)
+	{
+	register DES_LONG l,r;
+
+	l=data[0];
+	r=data[1];
+	IP(l,r);
+	data[0]=l;
+	data[1]=r;
+	des_encrypt2((DES_LONG *)data,ks3,DES_DECRYPT);
+	des_encrypt2((DES_LONG *)data,ks2,DES_ENCRYPT);
+	des_encrypt2((DES_LONG *)data,ks1,DES_DECRYPT);
+	l=data[0];
+	r=data[1];
+	FP(r,l);
+	data[0]=l;
+	data[1]=r;
+	}
+
+#ifndef DES_DEFAULT_OPTIONS
+
+#undef CBC_ENC_C__DONT_UPDATE_IV
+#include "ncbc_enc.c" /* des_ncbc_encrypt */
+
+void des_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output,
+	     long length, des_key_schedule ks1, des_key_schedule ks2,
+	     des_key_schedule ks3, des_cblock *ivec, int enc)
+	{
+	register DES_LONG tin0,tin1;
+	register DES_LONG tout0,tout1,xor0,xor1;
+	register const unsigned char *in;
+	unsigned char *out;
+	register long l=length;
+	DES_LONG tin[2];
+	unsigned char *iv;
+
+	in=input;
+	out=output;
+	iv = &(*ivec)[0];
+
+	if (enc)
+		{
+		c2l(iv,tout0);
+		c2l(iv,tout1);
+		for (l-=8; l>=0; l-=8)
+			{
+			c2l(in,tin0);
+			c2l(in,tin1);
+			tin0^=tout0;
+			tin1^=tout1;
+
+			tin[0]=tin0;
+			tin[1]=tin1;
+			des_encrypt3((DES_LONG *)tin,ks1,ks2,ks3);
+			tout0=tin[0];
+			tout1=tin[1];
+
+			l2c(tout0,out);
+			l2c(tout1,out);
+			}
+		if (l != -8)
+			{
+			c2ln(in,tin0,tin1,l+8);
+			tin0^=tout0;
+			tin1^=tout1;
+
+			tin[0]=tin0;
+			tin[1]=tin1;
+			des_encrypt3((DES_LONG *)tin,ks1,ks2,ks3);
+			tout0=tin[0];
+			tout1=tin[1];
+
+			l2c(tout0,out);
+			l2c(tout1,out);
+			}
+		iv = &(*ivec)[0];
+		l2c(tout0,iv);
+		l2c(tout1,iv);
+		}
+	else
+		{
+		register DES_LONG t0,t1;
+
+		c2l(iv,xor0);
+		c2l(iv,xor1);
+		for (l-=8; l>=0; l-=8)
+			{
+			c2l(in,tin0);
+			c2l(in,tin1);
+
+			t0=tin0;
+			t1=tin1;
+
+			tin[0]=tin0;
+			tin[1]=tin1;
+			des_decrypt3((DES_LONG *)tin,ks1,ks2,ks3);
+			tout0=tin[0];
+			tout1=tin[1];
+
+			tout0^=xor0;
+			tout1^=xor1;
+			l2c(tout0,out);
+			l2c(tout1,out);
+			xor0=t0;
+			xor1=t1;
+			}
+		if (l != -8)
+			{
+			c2l(in,tin0);
+			c2l(in,tin1);
+			
+			t0=tin0;
+			t1=tin1;
+
+			tin[0]=tin0;
+			tin[1]=tin1;
+			des_decrypt3((DES_LONG *)tin,ks1,ks2,ks3);
+			tout0=tin[0];
+			tout1=tin[1];
+		
+			tout0^=xor0;
+			tout1^=xor1;
+			l2cn(tout0,tout1,out,l+8);
+			xor0=t0;
+			xor1=t1;
+			}
+
+		iv = &(*ivec)[0];
+		l2c(xor0,iv);
+		l2c(xor1,iv);
+		}
+	tin0=tin1=tout0=tout1=xor0=xor1=0;
+	tin[0]=tin[1]=0;
+	}
+
+#endif /* DES_DEFAULT_OPTIONS */
diff --git a/crypto/openssl/crypto/des/des_locl.h b/crypto/openssl/crypto/des/des_locl.h
new file mode 100644
index 000000000000..d6ea17cb6814
--- /dev/null
+++ b/crypto/openssl/crypto/des/des_locl.h
@@ -0,0 +1,408 @@
+/* crypto/des/des_locl.h */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_DES_LOCL_H
+#define HEADER_DES_LOCL_H
+
+#if defined(WIN32) || defined(WIN16)
+#ifndef MSDOS
+#define MSDOS
+#endif
+#endif
+
+#include 
+#include 
+
+#include 
+
+#ifndef MSDOS
+#if !defined(VMS) || defined(__DECC)
+#include OPENSSL_UNISTD
+#include 
+#endif
+#endif
+#include 
+
+#ifdef MSDOS		/* Visual C++ 2.1 (Windows NT/95) */
+#include 
+#include 
+#include 
+#include 
+#endif
+
+#if defined(__STDC__) || defined(VMS) || defined(M_XENIX) || defined(MSDOS)
+#include 
+#endif
+
+#define ITERATIONS 16
+#define HALF_ITERATIONS 8
+
+/* used in des_read and des_write */
+#define MAXWRITE	(1024*16)
+#define BSIZE		(MAXWRITE+4)
+
+#define c2l(c,l)	(l =((DES_LONG)(*((c)++)))    , \
+			 l|=((DES_LONG)(*((c)++)))<< 8L, \
+			 l|=((DES_LONG)(*((c)++)))<<16L, \
+			 l|=((DES_LONG)(*((c)++)))<<24L)
+
+/* NOTE - c is not incremented as per c2l */
+#define c2ln(c,l1,l2,n)	{ \
+			c+=n; \
+			l1=l2=0; \
+			switch (n) { \
+			case 8: l2 =((DES_LONG)(*(--(c))))<<24L; \
+			case 7: l2|=((DES_LONG)(*(--(c))))<<16L; \
+			case 6: l2|=((DES_LONG)(*(--(c))))<< 8L; \
+			case 5: l2|=((DES_LONG)(*(--(c))));     \
+			case 4: l1 =((DES_LONG)(*(--(c))))<<24L; \
+			case 3: l1|=((DES_LONG)(*(--(c))))<<16L; \
+			case 2: l1|=((DES_LONG)(*(--(c))))<< 8L; \
+			case 1: l1|=((DES_LONG)(*(--(c))));     \
+				} \
+			}
+
+#define l2c(l,c)	(*((c)++)=(unsigned char)(((l)     )&0xff), \
+			 *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+			 *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+			 *((c)++)=(unsigned char)(((l)>>24L)&0xff))
+
+/* replacements for htonl and ntohl since I have no idea what to do
+ * when faced with machines with 8 byte longs. */
+#define HDRSIZE 4
+
+#define n2l(c,l)	(l =((DES_LONG)(*((c)++)))<<24L, \
+			 l|=((DES_LONG)(*((c)++)))<<16L, \
+			 l|=((DES_LONG)(*((c)++)))<< 8L, \
+			 l|=((DES_LONG)(*((c)++))))
+
+#define l2n(l,c)	(*((c)++)=(unsigned char)(((l)>>24L)&0xff), \
+			 *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+			 *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+			 *((c)++)=(unsigned char)(((l)     )&0xff))
+
+/* NOTE - c is not incremented as per l2c */
+#define l2cn(l1,l2,c,n)	{ \
+			c+=n; \
+			switch (n) { \
+			case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \
+			case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \
+			case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \
+			case 5: *(--(c))=(unsigned char)(((l2)     )&0xff); \
+			case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \
+			case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \
+			case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \
+			case 1: *(--(c))=(unsigned char)(((l1)     )&0xff); \
+				} \
+			}
+
+#if defined(WIN32)
+#define	ROTATE(a,n)	(_lrotr(a,n))
+#else
+#define	ROTATE(a,n)	(((a)>>(n))+((a)<<(32-(n))))
+#endif
+
+/* Don't worry about the LOAD_DATA() stuff, that is used by
+ * fcrypt() to add it's little bit to the front */
+
+#ifdef DES_FCRYPT
+
+#define LOAD_DATA_tmp(R,S,u,t,E0,E1) \
+	{ DES_LONG tmp; LOAD_DATA(R,S,u,t,E0,E1,tmp); }
+
+#define LOAD_DATA(R,S,u,t,E0,E1,tmp) \
+	t=R^(R>>16L); \
+	u=t&E0; t&=E1; \
+	tmp=(u<<16); u^=R^s[S  ]; u^=tmp; \
+	tmp=(t<<16); t^=R^s[S+1]; t^=tmp
+#else
+#define LOAD_DATA_tmp(a,b,c,d,e,f) LOAD_DATA(a,b,c,d,e,f,g)
+#define LOAD_DATA(R,S,u,t,E0,E1,tmp) \
+	u=R^s[S  ]; \
+	t=R^s[S+1]
+#endif
+
+/* The changes to this macro may help or hinder, depending on the
+ * compiler and the achitecture.  gcc2 always seems to do well :-).
+ * Inspired by Dana How 
+ * DO NOT use the alternative version on machines with 8 byte longs.
+ * It does not seem to work on the Alpha, even when DES_LONG is 4
+ * bytes, probably an issue of accessing non-word aligned objects :-( */
+#ifdef DES_PTR
+
+/* It recently occured to me that 0^0^0^0^0^0^0 == 0, so there
+ * is no reason to not xor all the sub items together.  This potentially
+ * saves a register since things can be xored directly into L */
+
+#if defined(DES_RISC1) || defined(DES_RISC2)
+#ifdef DES_RISC1
+#define D_ENCRYPT(LL,R,S) { \
+	unsigned int u1,u2,u3; \
+	LOAD_DATA(R,S,u,t,E0,E1,u1); \
+	u2=(int)u>>8L; \
+	u1=(int)u&0xfc; \
+	u2&=0xfc; \
+	t=ROTATE(t,4); \
+	u>>=16L; \
+	LL^= *(const DES_LONG *)(des_SP      +u1); \
+	LL^= *(const DES_LONG *)(des_SP+0x200+u2); \
+	u3=(int)(u>>8L); \
+	u1=(int)u&0xfc; \
+	u3&=0xfc; \
+	LL^= *(const DES_LONG *)(des_SP+0x400+u1); \
+	LL^= *(const DES_LONG *)(des_SP+0x600+u3); \
+	u2=(int)t>>8L; \
+	u1=(int)t&0xfc; \
+	u2&=0xfc; \
+	t>>=16L; \
+	LL^= *(const DES_LONG *)(des_SP+0x100+u1); \
+	LL^= *(const DES_LONG *)(des_SP+0x300+u2); \
+	u3=(int)t>>8L; \
+	u1=(int)t&0xfc; \
+	u3&=0xfc; \
+	LL^= *(const DES_LONG *)(des_SP+0x500+u1); \
+	LL^= *(const DES_LONG *)(des_SP+0x700+u3); }
+#endif
+#ifdef DES_RISC2
+#define D_ENCRYPT(LL,R,S) { \
+	unsigned int u1,u2,s1,s2; \
+	LOAD_DATA(R,S,u,t,E0,E1,u1); \
+	u2=(int)u>>8L; \
+	u1=(int)u&0xfc; \
+	u2&=0xfc; \
+	t=ROTATE(t,4); \
+	LL^= *(const DES_LONG *)(des_SP      +u1); \
+	LL^= *(const DES_LONG *)(des_SP+0x200+u2); \
+	s1=(int)(u>>16L); \
+	s2=(int)(u>>24L); \
+	s1&=0xfc; \
+	s2&=0xfc; \
+	LL^= *(const DES_LONG *)(des_SP+0x400+s1); \
+	LL^= *(const DES_LONG *)(des_SP+0x600+s2); \
+	u2=(int)t>>8L; \
+	u1=(int)t&0xfc; \
+	u2&=0xfc; \
+	LL^= *(const DES_LONG *)(des_SP+0x100+u1); \
+	LL^= *(const DES_LONG *)(des_SP+0x300+u2); \
+	s1=(int)(t>>16L); \
+	s2=(int)(t>>24L); \
+	s1&=0xfc; \
+	s2&=0xfc; \
+	LL^= *(const DES_LONG *)(des_SP+0x500+s1); \
+	LL^= *(const DES_LONG *)(des_SP+0x700+s2); }
+#endif
+#else
+#define D_ENCRYPT(LL,R,S) { \
+	LOAD_DATA_tmp(R,S,u,t,E0,E1); \
+	t=ROTATE(t,4); \
+	LL^= \
+	*(const DES_LONG *)(des_SP      +((u     )&0xfc))^ \
+	*(const DES_LONG *)(des_SP+0x200+((u>> 8L)&0xfc))^ \
+	*(const DES_LONG *)(des_SP+0x400+((u>>16L)&0xfc))^ \
+	*(const DES_LONG *)(des_SP+0x600+((u>>24L)&0xfc))^ \
+	*(const DES_LONG *)(des_SP+0x100+((t     )&0xfc))^ \
+	*(const DES_LONG *)(des_SP+0x300+((t>> 8L)&0xfc))^ \
+	*(const DES_LONG *)(des_SP+0x500+((t>>16L)&0xfc))^ \
+	*(const DES_LONG *)(des_SP+0x700+((t>>24L)&0xfc)); }
+#endif
+
+#else /* original version */
+
+#if defined(DES_RISC1) || defined(DES_RISC2)
+#ifdef DES_RISC1
+#define D_ENCRYPT(LL,R,S) {\
+	unsigned int u1,u2,u3; \
+	LOAD_DATA(R,S,u,t,E0,E1,u1); \
+	u>>=2L; \
+	t=ROTATE(t,6); \
+	u2=(int)u>>8L; \
+	u1=(int)u&0x3f; \
+	u2&=0x3f; \
+	u>>=16L; \
+	LL^=des_SPtrans[0][u1]; \
+	LL^=des_SPtrans[2][u2]; \
+	u3=(int)u>>8L; \
+	u1=(int)u&0x3f; \
+	u3&=0x3f; \
+	LL^=des_SPtrans[4][u1]; \
+	LL^=des_SPtrans[6][u3]; \
+	u2=(int)t>>8L; \
+	u1=(int)t&0x3f; \
+	u2&=0x3f; \
+	t>>=16L; \
+	LL^=des_SPtrans[1][u1]; \
+	LL^=des_SPtrans[3][u2]; \
+	u3=(int)t>>8L; \
+	u1=(int)t&0x3f; \
+	u3&=0x3f; \
+	LL^=des_SPtrans[5][u1]; \
+	LL^=des_SPtrans[7][u3]; }
+#endif
+#ifdef DES_RISC2
+#define D_ENCRYPT(LL,R,S) {\
+	unsigned int u1,u2,s1,s2; \
+	LOAD_DATA(R,S,u,t,E0,E1,u1); \
+	u>>=2L; \
+	t=ROTATE(t,6); \
+	u2=(int)u>>8L; \
+	u1=(int)u&0x3f; \
+	u2&=0x3f; \
+	LL^=des_SPtrans[0][u1]; \
+	LL^=des_SPtrans[2][u2]; \
+	s1=(int)u>>16L; \
+	s2=(int)u>>24L; \
+	s1&=0x3f; \
+	s2&=0x3f; \
+	LL^=des_SPtrans[4][s1]; \
+	LL^=des_SPtrans[6][s2]; \
+	u2=(int)t>>8L; \
+	u1=(int)t&0x3f; \
+	u2&=0x3f; \
+	LL^=des_SPtrans[1][u1]; \
+	LL^=des_SPtrans[3][u2]; \
+	s1=(int)t>>16; \
+	s2=(int)t>>24L; \
+	s1&=0x3f; \
+	s2&=0x3f; \
+	LL^=des_SPtrans[5][s1]; \
+	LL^=des_SPtrans[7][s2]; }
+#endif
+
+#else
+
+#define D_ENCRYPT(LL,R,S) {\
+	LOAD_DATA_tmp(R,S,u,t,E0,E1); \
+	t=ROTATE(t,4); \
+	LL^=\
+		des_SPtrans[0][(u>> 2L)&0x3f]^ \
+		des_SPtrans[2][(u>>10L)&0x3f]^ \
+		des_SPtrans[4][(u>>18L)&0x3f]^ \
+		des_SPtrans[6][(u>>26L)&0x3f]^ \
+		des_SPtrans[1][(t>> 2L)&0x3f]^ \
+		des_SPtrans[3][(t>>10L)&0x3f]^ \
+		des_SPtrans[5][(t>>18L)&0x3f]^ \
+		des_SPtrans[7][(t>>26L)&0x3f]; }
+#endif
+#endif
+
+	/* IP and FP
+	 * The problem is more of a geometric problem that random bit fiddling.
+	 0  1  2  3  4  5  6  7      62 54 46 38 30 22 14  6
+	 8  9 10 11 12 13 14 15      60 52 44 36 28 20 12  4
+	16 17 18 19 20 21 22 23      58 50 42 34 26 18 10  2
+	24 25 26 27 28 29 30 31  to  56 48 40 32 24 16  8  0
+
+	32 33 34 35 36 37 38 39      63 55 47 39 31 23 15  7
+	40 41 42 43 44 45 46 47      61 53 45 37 29 21 13  5
+	48 49 50 51 52 53 54 55      59 51 43 35 27 19 11  3
+	56 57 58 59 60 61 62 63      57 49 41 33 25 17  9  1
+
+	The output has been subject to swaps of the form
+	0 1 -> 3 1 but the odd and even bits have been put into
+	2 3    2 0
+	different words.  The main trick is to remember that
+	t=((l>>size)^r)&(mask);
+	r^=t;
+	l^=(t<>(n))^(b))&(m)),\
+	(b)^=(t),\
+	(a)^=((t)<<(n)))
+
+#define IP(l,r) \
+	{ \
+	register DES_LONG tt; \
+	PERM_OP(r,l,tt, 4,0x0f0f0f0fL); \
+	PERM_OP(l,r,tt,16,0x0000ffffL); \
+	PERM_OP(r,l,tt, 2,0x33333333L); \
+	PERM_OP(l,r,tt, 8,0x00ff00ffL); \
+	PERM_OP(r,l,tt, 1,0x55555555L); \
+	}
+
+#define FP(l,r) \
+	{ \
+	register DES_LONG tt; \
+	PERM_OP(l,r,tt, 1,0x55555555L); \
+	PERM_OP(r,l,tt, 8,0x00ff00ffL); \
+	PERM_OP(l,r,tt, 2,0x33333333L); \
+	PERM_OP(r,l,tt,16,0x0000ffffL); \
+	PERM_OP(l,r,tt, 4,0x0f0f0f0fL); \
+	}
+
+OPENSSL_EXTERN const DES_LONG des_SPtrans[8][64];
+
+void fcrypt_body(DES_LONG *out,des_key_schedule ks,
+	DES_LONG Eswap0, DES_LONG Eswap1);
+#endif
diff --git a/crypto/openssl/crypto/des/des_opts.c b/crypto/openssl/crypto/des/des_opts.c
new file mode 100644
index 000000000000..746c456f8fab
--- /dev/null
+++ b/crypto/openssl/crypto/des/des_opts.c
@@ -0,0 +1,604 @@
+/* crypto/des/des_opts.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* define PART1, PART2, PART3 or PART4 to build only with a few of the options.
+ * This is for machines with 64k code segment size restrictions. */
+
+#if !defined(MSDOS) && (!defined(VMS) || defined(__DECC))
+#define TIMES
+#endif
+
+#include 
+#ifndef MSDOS
+#include 
+#include OPENSSL_UNISTD
+#else
+#include 
+extern void exit();
+#endif
+#include 
+#ifndef _IRIX
+#include 
+#endif
+#ifdef TIMES
+#include 
+#include 
+#endif
+
+/* Depending on the VMS version, the tms structure is perhaps defined.
+   The __TMS macro will show if it was.  If it wasn't defined, we should
+   undefine TIMES, since that tells the rest of the program how things
+   should be handled.				-- Richard Levitte */
+#if defined(VMS) && defined(__DECC) && !defined(__TMS)
+#undef TIMES
+#endif
+
+#ifndef TIMES
+#include 
+#endif
+
+
+#if defined(sun) || defined(__ultrix)
+#define _POSIX_SOURCE
+#include 
+#include 
+#endif
+
+#include 
+#include "spr.h"
+
+#define DES_DEFAULT_OPTIONS
+
+#if !defined(PART1) && !defined(PART2) && !defined(PART3) && !defined(PART4)
+#define PART1
+#define PART2
+#define PART3
+#define PART4
+#endif
+
+#ifdef PART1
+
+#undef DES_UNROLL
+#undef DES_RISC1
+#undef DES_RISC2
+#undef DES_PTR
+#undef D_ENCRYPT
+#define des_encrypt  des_encrypt_u4_cisc_idx
+#define des_encrypt2 des_encrypt2_u4_cisc_idx
+#define des_encrypt3 des_encrypt3_u4_cisc_idx
+#define des_decrypt3 des_decrypt3_u4_cisc_idx
+#undef HEADER_DES_LOCL_H
+#include "des_enc.c"
+
+#define DES_UNROLL
+#undef DES_RISC1
+#undef DES_RISC2
+#undef DES_PTR
+#undef D_ENCRYPT
+#undef des_encrypt
+#undef des_encrypt2
+#undef des_encrypt3
+#undef des_decrypt3
+#define des_encrypt  des_encrypt_u16_cisc_idx
+#define des_encrypt2 des_encrypt2_u16_cisc_idx
+#define des_encrypt3 des_encrypt3_u16_cisc_idx
+#define des_decrypt3 des_decrypt3_u16_cisc_idx
+#undef HEADER_DES_LOCL_H
+#include "des_enc.c"
+
+#undef DES_UNROLL
+#define DES_RISC1
+#undef DES_RISC2
+#undef DES_PTR
+#undef D_ENCRYPT
+#undef des_encrypt
+#undef des_encrypt2
+#undef des_encrypt3
+#undef des_decrypt3
+#define des_encrypt  des_encrypt_u4_risc1_idx
+#define des_encrypt2 des_encrypt2_u4_risc1_idx
+#define des_encrypt3 des_encrypt3_u4_risc1_idx
+#define des_decrypt3 des_decrypt3_u4_risc1_idx
+#undef HEADER_DES_LOCL_H
+#include "des_enc.c"
+
+#endif
+
+#ifdef PART2
+
+#undef DES_UNROLL
+#undef DES_RISC1
+#define DES_RISC2
+#undef DES_PTR
+#undef D_ENCRYPT
+#undef des_encrypt
+#undef des_encrypt2
+#undef des_encrypt3
+#undef des_decrypt3
+#define des_encrypt  des_encrypt_u4_risc2_idx
+#define des_encrypt2 des_encrypt2_u4_risc2_idx
+#define des_encrypt3 des_encrypt3_u4_risc2_idx
+#define des_decrypt3 des_decrypt3_u4_risc2_idx
+#undef HEADER_DES_LOCL_H
+#include "des_enc.c"
+
+#define DES_UNROLL
+#define DES_RISC1
+#undef DES_RISC2
+#undef DES_PTR
+#undef D_ENCRYPT
+#undef des_encrypt
+#undef des_encrypt2
+#undef des_encrypt3
+#undef des_decrypt3
+#define des_encrypt  des_encrypt_u16_risc1_idx
+#define des_encrypt2 des_encrypt2_u16_risc1_idx
+#define des_encrypt3 des_encrypt3_u16_risc1_idx
+#define des_decrypt3 des_decrypt3_u16_risc1_idx
+#undef HEADER_DES_LOCL_H
+#include "des_enc.c"
+
+#define DES_UNROLL
+#undef DES_RISC1
+#define DES_RISC2
+#undef DES_PTR
+#undef D_ENCRYPT
+#undef des_encrypt
+#undef des_encrypt2
+#undef des_encrypt3
+#undef des_decrypt3
+#define des_encrypt  des_encrypt_u16_risc2_idx
+#define des_encrypt2 des_encrypt2_u16_risc2_idx
+#define des_encrypt3 des_encrypt3_u16_risc2_idx
+#define des_decrypt3 des_decrypt3_u16_risc2_idx
+#undef HEADER_DES_LOCL_H
+#include "des_enc.c"
+
+#endif
+
+#ifdef PART3
+
+#undef DES_UNROLL
+#undef DES_RISC1
+#undef DES_RISC2
+#define DES_PTR
+#undef D_ENCRYPT
+#undef des_encrypt
+#undef des_encrypt2
+#undef des_encrypt3
+#undef des_decrypt3
+#define des_encrypt  des_encrypt_u4_cisc_ptr
+#define des_encrypt2 des_encrypt2_u4_cisc_ptr
+#define des_encrypt3 des_encrypt3_u4_cisc_ptr
+#define des_decrypt3 des_decrypt3_u4_cisc_ptr
+#undef HEADER_DES_LOCL_H
+#include "des_enc.c"
+
+#define DES_UNROLL
+#undef DES_RISC1
+#undef DES_RISC2
+#define DES_PTR
+#undef D_ENCRYPT
+#undef des_encrypt
+#undef des_encrypt2
+#undef des_encrypt3
+#undef des_decrypt3
+#define des_encrypt  des_encrypt_u16_cisc_ptr
+#define des_encrypt2 des_encrypt2_u16_cisc_ptr
+#define des_encrypt3 des_encrypt3_u16_cisc_ptr
+#define des_decrypt3 des_decrypt3_u16_cisc_ptr
+#undef HEADER_DES_LOCL_H
+#include "des_enc.c"
+
+#undef DES_UNROLL
+#define DES_RISC1
+#undef DES_RISC2
+#define DES_PTR
+#undef D_ENCRYPT
+#undef des_encrypt
+#undef des_encrypt2
+#undef des_encrypt3
+#undef des_decrypt3
+#define des_encrypt  des_encrypt_u4_risc1_ptr
+#define des_encrypt2 des_encrypt2_u4_risc1_ptr
+#define des_encrypt3 des_encrypt3_u4_risc1_ptr
+#define des_decrypt3 des_decrypt3_u4_risc1_ptr
+#undef HEADER_DES_LOCL_H
+#include "des_enc.c"
+
+#endif
+
+#ifdef PART4
+
+#undef DES_UNROLL
+#undef DES_RISC1
+#define DES_RISC2
+#define DES_PTR
+#undef D_ENCRYPT
+#undef des_encrypt
+#undef des_encrypt2
+#undef des_encrypt3
+#undef des_decrypt3
+#define des_encrypt  des_encrypt_u4_risc2_ptr
+#define des_encrypt2 des_encrypt2_u4_risc2_ptr
+#define des_encrypt3 des_encrypt3_u4_risc2_ptr
+#define des_decrypt3 des_decrypt3_u4_risc2_ptr
+#undef HEADER_DES_LOCL_H
+#include "des_enc.c"
+
+#define DES_UNROLL
+#define DES_RISC1
+#undef DES_RISC2
+#define DES_PTR
+#undef D_ENCRYPT
+#undef des_encrypt
+#undef des_encrypt2
+#undef des_encrypt3
+#undef des_decrypt3
+#define des_encrypt  des_encrypt_u16_risc1_ptr
+#define des_encrypt2 des_encrypt2_u16_risc1_ptr
+#define des_encrypt3 des_encrypt3_u16_risc1_ptr
+#define des_decrypt3 des_decrypt3_u16_risc1_ptr
+#undef HEADER_DES_LOCL_H
+#include "des_enc.c"
+
+#define DES_UNROLL
+#undef DES_RISC1
+#define DES_RISC2
+#define DES_PTR
+#undef D_ENCRYPT
+#undef des_encrypt
+#undef des_encrypt2
+#undef des_encrypt3
+#undef des_decrypt3
+#define des_encrypt  des_encrypt_u16_risc2_ptr
+#define des_encrypt2 des_encrypt2_u16_risc2_ptr
+#define des_encrypt3 des_encrypt3_u16_risc2_ptr
+#define des_decrypt3 des_decrypt3_u16_risc2_ptr
+#undef HEADER_DES_LOCL_H
+#include "des_enc.c"
+
+#endif
+
+/* The following if from times(3) man page.  It may need to be changed */
+#ifndef HZ
+# ifndef CLK_TCK
+#  ifndef _BSD_CLK_TCK_ /* FreeBSD fix */
+#   define HZ	100.0
+#  else /* _BSD_CLK_TCK_ */
+#   define HZ ((double)_BSD_CLK_TCK_)
+#  endif
+# else /* CLK_TCK */
+#  define HZ ((double)CLK_TCK)
+# endif
+#endif
+
+#define BUFSIZE	((long)1024)
+long run=0;
+
+double Time_F(int s);
+#ifdef SIGALRM
+#if defined(__STDC__) || defined(sgi)
+#define SIGRETTYPE void
+#else
+#define SIGRETTYPE int
+#endif
+
+SIGRETTYPE sig_done(int sig);
+SIGRETTYPE sig_done(int sig)
+	{
+	signal(SIGALRM,sig_done);
+	run=0;
+#ifdef LINT
+	sig=sig;
+#endif
+	}
+#endif
+
+#define START	0
+#define STOP	1
+
+double Time_F(int s)
+	{
+	double ret;
+#ifdef TIMES
+	static struct tms tstart,tend;
+
+	if (s == START)
+		{
+		times(&tstart);
+		return(0);
+		}
+	else
+		{
+		times(&tend);
+		ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
+		return((ret == 0.0)?1e-6:ret);
+		}
+#else /* !times() */
+	static struct timeb tstart,tend;
+	long i;
+
+	if (s == START)
+		{
+		ftime(&tstart);
+		return(0);
+		}
+	else
+		{
+		ftime(&tend);
+		i=(long)tend.millitm-(long)tstart.millitm;
+		ret=((double)(tend.time-tstart.time))+((double)i)/1000.0;
+		return((ret == 0.0)?1e-6:ret);
+		}
+#endif
+	}
+
+#ifdef SIGALRM
+#define print_name(name) fprintf(stderr,"Doing %s's for 10 seconds\n",name); alarm(10);
+#else
+#define print_name(name) fprintf(stderr,"Doing %s %ld times\n",name,cb);
+#endif
+	
+#define time_it(func,name,index) \
+	print_name(name); \
+	Time_F(START); \
+	for (count=0,run=1; COND(cb); count++) \
+		{ \
+		unsigned long d[2]; \
+		func(d,&(sch[0]),DES_ENCRYPT); \
+		} \
+	tm[index]=Time_F(STOP); \
+	fprintf(stderr,"%ld %s's in %.2f second\n",count,name,tm[index]); \
+	tm[index]=((double)COUNT(cb))/tm[index];
+
+#define print_it(name,index) \
+	fprintf(stderr,"%s bytes per sec = %12.2f (%5.1fuS)\n",name, \
+		tm[index]*8,1.0e6/tm[index]);
+
+int main(int argc, char **argv)
+	{
+	long count;
+	static unsigned char buf[BUFSIZE];
+	static des_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0};
+	static des_cblock key2={0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12};
+	static des_cblock key3={0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34};
+	des_key_schedule sch,sch2,sch3;
+	double d,tm[16],max=0;
+	int rank[16];
+	char *str[16];
+	int max_idx=0,i,num=0,j;
+#ifndef SIGALARM
+	long ca,cb,cc,cd,ce;
+#endif
+
+	for (i=0; i<12; i++)
+		{
+		tm[i]=0.0;
+		rank[i]=0;
+		}
+
+#ifndef TIMES
+	fprintf(stderr,"To get the most acurate results, try to run this\n");
+	fprintf(stderr,"program when this computer is idle.\n");
+#endif
+
+	des_set_key(&key,sch);
+	des_set_key(&key2,sch2);
+	des_set_key(&key3,sch3);
+
+#ifndef SIGALRM
+	fprintf(stderr,"First we calculate the approximate speed ...\n");
+	des_set_key(&key,sch);
+	count=10;
+	do	{
+		long i;
+		unsigned long data[2];
+
+		count*=2;
+		Time_F(START);
+		for (i=count; i; i--)
+			des_encrypt(data,&(sch[0]),DES_ENCRYPT);
+		d=Time_F(STOP);
+		} while (d < 3.0);
+	ca=count;
+	cb=count*3;
+	cc=count*3*8/BUFSIZE+1;
+	cd=count*8/BUFSIZE+1;
+
+	ce=count/20+1;
+#define COND(d) (count != (d))
+#define COUNT(d) (d)
+#else
+#define COND(c) (run)
+#define COUNT(d) (count)
+        signal(SIGALRM,sig_done);
+        alarm(10);
+#endif
+
+#ifdef PART1
+	time_it(des_encrypt_u4_cisc_idx,  "des_encrypt_u4_cisc_idx  ", 0);
+	time_it(des_encrypt_u16_cisc_idx, "des_encrypt_u16_cisc_idx ", 1);
+	time_it(des_encrypt_u4_risc1_idx, "des_encrypt_u4_risc1_idx ", 2);
+	num+=3;
+#endif
+#ifdef PART2
+	time_it(des_encrypt_u16_risc1_idx,"des_encrypt_u16_risc1_idx", 3);
+	time_it(des_encrypt_u4_risc2_idx, "des_encrypt_u4_risc2_idx ", 4);
+	time_it(des_encrypt_u16_risc2_idx,"des_encrypt_u16_risc2_idx", 5);
+	num+=3;
+#endif
+#ifdef PART3
+	time_it(des_encrypt_u4_cisc_ptr,  "des_encrypt_u4_cisc_ptr  ", 6);
+	time_it(des_encrypt_u16_cisc_ptr, "des_encrypt_u16_cisc_ptr ", 7);
+	time_it(des_encrypt_u4_risc1_ptr, "des_encrypt_u4_risc1_ptr ", 8);
+	num+=3;
+#endif
+#ifdef PART4
+	time_it(des_encrypt_u16_risc1_ptr,"des_encrypt_u16_risc1_ptr", 9);
+	time_it(des_encrypt_u4_risc2_ptr, "des_encrypt_u4_risc2_ptr ",10);
+	time_it(des_encrypt_u16_risc2_ptr,"des_encrypt_u16_risc2_ptr",11);
+	num+=3;
+#endif
+
+#ifdef PART1
+	str[0]=" 4  c i";
+	print_it("des_encrypt_u4_cisc_idx  ",0);
+	max=tm[0];
+	max_idx=0;
+	str[1]="16  c i";
+	print_it("des_encrypt_u16_cisc_idx ",1);
+	if (max < tm[1]) { max=tm[1]; max_idx=1; }
+	str[2]=" 4 r1 i";
+	print_it("des_encrypt_u4_risc1_idx ",2);
+	if (max < tm[2]) { max=tm[2]; max_idx=2; }
+#endif
+#ifdef PART2
+	str[3]="16 r1 i";
+	print_it("des_encrypt_u16_risc1_idx",3);
+	if (max < tm[3]) { max=tm[3]; max_idx=3; }
+	str[4]=" 4 r2 i";
+	print_it("des_encrypt_u4_risc2_idx ",4);
+	if (max < tm[4]) { max=tm[4]; max_idx=4; }
+	str[5]="16 r2 i";
+	print_it("des_encrypt_u16_risc2_idx",5);
+	if (max < tm[5]) { max=tm[5]; max_idx=5; }
+#endif
+#ifdef PART3
+	str[6]=" 4  c p";
+	print_it("des_encrypt_u4_cisc_ptr  ",6);
+	if (max < tm[6]) { max=tm[6]; max_idx=6; }
+	str[7]="16  c p";
+	print_it("des_encrypt_u16_cisc_ptr ",7);
+	if (max < tm[7]) { max=tm[7]; max_idx=7; }
+	str[8]=" 4 r1 p";
+	print_it("des_encrypt_u4_risc1_ptr ",8);
+	if (max < tm[8]) { max=tm[8]; max_idx=8; }
+#endif
+#ifdef PART4
+	str[9]="16 r1 p";
+	print_it("des_encrypt_u16_risc1_ptr",9);
+	if (max < tm[9]) { max=tm[9]; max_idx=9; }
+	str[10]=" 4 r2 p";
+	print_it("des_encrypt_u4_risc2_ptr ",10);
+	if (max < tm[10]) { max=tm[10]; max_idx=10; }
+	str[11]="16 r2 p";
+	print_it("des_encrypt_u16_risc2_ptr",11);
+	if (max < tm[11]) { max=tm[11]; max_idx=11; }
+#endif
+	printf("options    des ecb/s\n");
+	printf("%s %12.2f 100.0%%\n",str[max_idx],tm[max_idx]);
+	d=tm[max_idx];
+	tm[max_idx]= -2.0;
+	max= -1.0;
+	for (;;)
+		{
+		for (i=0; i<12; i++)
+			{
+			if (max < tm[i]) { max=tm[i]; j=i; }
+			}
+		if (max < 0.0) break;
+		printf("%s %12.2f  %4.1f%%\n",str[j],tm[j],tm[j]/d*100.0);
+		tm[j]= -2.0;
+		max= -1.0;
+		}
+
+	switch (max_idx)
+		{
+	case 0:
+		printf("-DDES_DEFAULT_OPTIONS\n");
+		break;
+	case 1:
+		printf("-DDES_UNROLL\n");
+		break;
+	case 2:
+		printf("-DDES_RISC1\n");
+		break;
+	case 3:
+		printf("-DDES_UNROLL -DDES_RISC1\n");
+		break;
+	case 4:
+		printf("-DDES_RISC2\n");
+		break;
+	case 5:
+		printf("-DDES_UNROLL -DDES_RISC2\n");
+		break;
+	case 6:
+		printf("-DDES_PTR\n");
+		break;
+	case 7:
+		printf("-DDES_UNROLL -DDES_PTR\n");
+		break;
+	case 8:
+		printf("-DDES_RISC1 -DDES_PTR\n");
+		break;
+	case 9:
+		printf("-DDES_UNROLL -DDES_RISC1 -DDES_PTR\n");
+		break;
+	case 10:
+		printf("-DDES_RISC2 -DDES_PTR\n");
+		break;
+	case 11:
+		printf("-DDES_UNROLL -DDES_RISC2 -DDES_PTR\n");
+		break;
+		}
+	exit(0);
+#if defined(LINT) || defined(MSDOS)
+	return(0);
+#endif
+	}
diff --git a/crypto/openssl/crypto/des/des_ver.h b/crypto/openssl/crypto/des/des_ver.h
new file mode 100644
index 000000000000..de3c02f110cf
--- /dev/null
+++ b/crypto/openssl/crypto/des/des_ver.h
@@ -0,0 +1,61 @@
+/* crypto/des/des_ver.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+OPENSSL_EXTERN char *DES_version;	/* SSLeay version string */
+OPENSSL_EXTERN char *libdes_version;	/* old libdes version string */
diff --git a/crypto/openssl/crypto/des/dess.cpp b/crypto/openssl/crypto/des/dess.cpp
new file mode 100644
index 000000000000..753e67ad9be2
--- /dev/null
+++ b/crypto/openssl/crypto/des/dess.cpp
@@ -0,0 +1,67 @@
+//
+// gettsc.inl
+//
+// gives access to the Pentium's (secret) cycle counter
+//
+// This software was written by Leonard Janke (janke@unixg.ubc.ca)
+// in 1996-7 and is entered, by him, into the public domain.
+
+#if defined(__WATCOMC__)
+void GetTSC(unsigned long&);
+#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
+#elif defined(__GNUC__)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  asm volatile(".byte 15, 49\n\t"
+	       : "=eax" (tsc)
+	       :
+	       : "%edx", "%eax");
+}
+#elif defined(_MSC_VER)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  unsigned long a;
+  __asm _emit 0fh
+  __asm _emit 31h
+  __asm mov a, eax;
+  tsc=a;
+}
+#endif      
+
+#include 
+#include 
+#include 
+
+void main(int argc,char *argv[])
+	{
+	des_key_schedule key;
+	unsigned long s1,s2,e1,e2;
+	unsigned long data[2];
+	int i,j;
+
+	for (j=0; j<6; j++)
+		{
+		for (i=0; i<1000; i++) /**/
+			{
+			des_encrypt(&data[0],key,1);
+			GetTSC(s1);
+			des_encrypt(&data[0],key,1);
+			des_encrypt(&data[0],key,1);
+			des_encrypt(&data[0],key,1);
+			GetTSC(e1);
+			GetTSC(s2);
+			des_encrypt(&data[0],key,1);
+			des_encrypt(&data[0],key,1);
+			des_encrypt(&data[0],key,1);
+			des_encrypt(&data[0],key,1);
+			GetTSC(e2);
+			des_encrypt(&data[0],key,1);
+			}
+
+		printf("des %d %d (%d)\n",
+			e1-s1,e2-s2,((e2-s2)-(e1-s1)));
+		}
+	}
+
diff --git a/crypto/openssl/crypto/des/destest.c b/crypto/openssl/crypto/des/destest.c
new file mode 100644
index 000000000000..5a04fc929838
--- /dev/null
+++ b/crypto/openssl/crypto/des/destest.c
@@ -0,0 +1,923 @@
+/* crypto/des/destest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#if defined(WIN32) || defined(WIN16) || defined(WINDOWS)
+#ifndef MSDOS
+#define MSDOS
+#endif
+#endif
+
+#include 
+#include 
+#ifndef MSDOS
+#if !defined(VMS) || defined(__DECC)
+#include 
+#include OPENSSL_UNISTD
+#endif /* VMS */
+#else
+#include 
+#endif
+#include 
+
+#ifdef NO_DES
+int main(int argc, char *argv[])
+{
+    printf("No DES support\n");
+    return(0);
+}
+#else
+#include 
+
+#if defined(PERL5) || defined(__FreeBSD__)
+#define crypt(c,s) (des_crypt((c),(s)))
+#endif
+
+/* tisk tisk - the test keys don't all have odd parity :-( */
+/* test data */
+#define NUM_TESTS 34
+static unsigned char key_data[NUM_TESTS][8]={
+	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+	{0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
+	{0x30,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+	{0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
+	{0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+	{0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
+	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+	{0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10},
+	{0x7C,0xA1,0x10,0x45,0x4A,0x1A,0x6E,0x57},
+	{0x01,0x31,0xD9,0x61,0x9D,0xC1,0x37,0x6E},
+	{0x07,0xA1,0x13,0x3E,0x4A,0x0B,0x26,0x86},
+	{0x38,0x49,0x67,0x4C,0x26,0x02,0x31,0x9E},
+	{0x04,0xB9,0x15,0xBA,0x43,0xFE,0xB5,0xB6},
+	{0x01,0x13,0xB9,0x70,0xFD,0x34,0xF2,0xCE},
+	{0x01,0x70,0xF1,0x75,0x46,0x8F,0xB5,0xE6},
+	{0x43,0x29,0x7F,0xAD,0x38,0xE3,0x73,0xFE},
+	{0x07,0xA7,0x13,0x70,0x45,0xDA,0x2A,0x16},
+	{0x04,0x68,0x91,0x04,0xC2,0xFD,0x3B,0x2F},
+	{0x37,0xD0,0x6B,0xB5,0x16,0xCB,0x75,0x46},
+	{0x1F,0x08,0x26,0x0D,0x1A,0xC2,0x46,0x5E},
+	{0x58,0x40,0x23,0x64,0x1A,0xBA,0x61,0x76},
+	{0x02,0x58,0x16,0x16,0x46,0x29,0xB0,0x07},
+	{0x49,0x79,0x3E,0xBC,0x79,0xB3,0x25,0x8F},
+	{0x4F,0xB0,0x5E,0x15,0x15,0xAB,0x73,0xA7},
+	{0x49,0xE9,0x5D,0x6D,0x4C,0xA2,0x29,0xBF},
+	{0x01,0x83,0x10,0xDC,0x40,0x9B,0x26,0xD6},
+	{0x1C,0x58,0x7F,0x1C,0x13,0x92,0x4F,0xEF},
+	{0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01},
+	{0x1F,0x1F,0x1F,0x1F,0x0E,0x0E,0x0E,0x0E},
+	{0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1,0xFE},
+	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+	{0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
+	{0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+	{0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10}};
+
+static unsigned char plain_data[NUM_TESTS][8]={
+	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+	{0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
+	{0x10,0x00,0x00,0x00,0x00,0x00,0x00,0x01},
+	{0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
+	{0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
+	{0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+	{0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+	{0x01,0xA1,0xD6,0xD0,0x39,0x77,0x67,0x42},
+	{0x5C,0xD5,0x4C,0xA8,0x3D,0xEF,0x57,0xDA},
+	{0x02,0x48,0xD4,0x38,0x06,0xF6,0x71,0x72},
+	{0x51,0x45,0x4B,0x58,0x2D,0xDF,0x44,0x0A},
+	{0x42,0xFD,0x44,0x30,0x59,0x57,0x7F,0xA2},
+	{0x05,0x9B,0x5E,0x08,0x51,0xCF,0x14,0x3A},
+	{0x07,0x56,0xD8,0xE0,0x77,0x47,0x61,0xD2},
+	{0x76,0x25,0x14,0xB8,0x29,0xBF,0x48,0x6A},
+	{0x3B,0xDD,0x11,0x90,0x49,0x37,0x28,0x02},
+	{0x26,0x95,0x5F,0x68,0x35,0xAF,0x60,0x9A},
+	{0x16,0x4D,0x5E,0x40,0x4F,0x27,0x52,0x32},
+	{0x6B,0x05,0x6E,0x18,0x75,0x9F,0x5C,0xCA},
+	{0x00,0x4B,0xD6,0xEF,0x09,0x17,0x60,0x62},
+	{0x48,0x0D,0x39,0x00,0x6E,0xE7,0x62,0xF2},
+	{0x43,0x75,0x40,0xC8,0x69,0x8F,0x3C,0xFA},
+	{0x07,0x2D,0x43,0xA0,0x77,0x07,0x52,0x92},
+	{0x02,0xFE,0x55,0x77,0x81,0x17,0xF1,0x2A},
+	{0x1D,0x9D,0x5C,0x50,0x18,0xF7,0x28,0xC2},
+	{0x30,0x55,0x32,0x28,0x6D,0x6F,0x29,0x5A},
+	{0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+	{0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+	{0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+	{0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
+	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+	{0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF}};
+
+static unsigned char cipher_data[NUM_TESTS][8]={
+	{0x8C,0xA6,0x4D,0xE9,0xC1,0xB1,0x23,0xA7},
+	{0x73,0x59,0xB2,0x16,0x3E,0x4E,0xDC,0x58},
+	{0x95,0x8E,0x6E,0x62,0x7A,0x05,0x55,0x7B},
+	{0xF4,0x03,0x79,0xAB,0x9E,0x0E,0xC5,0x33},
+	{0x17,0x66,0x8D,0xFC,0x72,0x92,0x53,0x2D},
+	{0x8A,0x5A,0xE1,0xF8,0x1A,0xB8,0xF2,0xDD},
+	{0x8C,0xA6,0x4D,0xE9,0xC1,0xB1,0x23,0xA7},
+	{0xED,0x39,0xD9,0x50,0xFA,0x74,0xBC,0xC4},
+	{0x69,0x0F,0x5B,0x0D,0x9A,0x26,0x93,0x9B},
+	{0x7A,0x38,0x9D,0x10,0x35,0x4B,0xD2,0x71},
+	{0x86,0x8E,0xBB,0x51,0xCA,0xB4,0x59,0x9A},
+	{0x71,0x78,0x87,0x6E,0x01,0xF1,0x9B,0x2A},
+	{0xAF,0x37,0xFB,0x42,0x1F,0x8C,0x40,0x95},
+	{0x86,0xA5,0x60,0xF1,0x0E,0xC6,0xD8,0x5B},
+	{0x0C,0xD3,0xDA,0x02,0x00,0x21,0xDC,0x09},
+	{0xEA,0x67,0x6B,0x2C,0xB7,0xDB,0x2B,0x7A},
+	{0xDF,0xD6,0x4A,0x81,0x5C,0xAF,0x1A,0x0F},
+	{0x5C,0x51,0x3C,0x9C,0x48,0x86,0xC0,0x88},
+	{0x0A,0x2A,0xEE,0xAE,0x3F,0xF4,0xAB,0x77},
+	{0xEF,0x1B,0xF0,0x3E,0x5D,0xFA,0x57,0x5A},
+	{0x88,0xBF,0x0D,0xB6,0xD7,0x0D,0xEE,0x56},
+	{0xA1,0xF9,0x91,0x55,0x41,0x02,0x0B,0x56},
+	{0x6F,0xBF,0x1C,0xAF,0xCF,0xFD,0x05,0x56},
+	{0x2F,0x22,0xE4,0x9B,0xAB,0x7C,0xA1,0xAC},
+	{0x5A,0x6B,0x61,0x2C,0xC2,0x6C,0xCE,0x4A},
+	{0x5F,0x4C,0x03,0x8E,0xD1,0x2B,0x2E,0x41},
+	{0x63,0xFA,0xC0,0xD0,0x34,0xD9,0xF7,0x93},
+	{0x61,0x7B,0x3A,0x0C,0xE8,0xF0,0x71,0x00},
+	{0xDB,0x95,0x86,0x05,0xF8,0xC8,0xC6,0x06},
+	{0xED,0xBF,0xD1,0xC6,0x6C,0x29,0xCC,0xC7},
+	{0x35,0x55,0x50,0xB2,0x15,0x0E,0x24,0x51},
+	{0xCA,0xAA,0xAF,0x4D,0xEA,0xF1,0xDB,0xAE},
+	{0xD5,0xD4,0x4F,0xF7,0x20,0x68,0x3D,0x0D},
+	{0x2A,0x2B,0xB0,0x08,0xDF,0x97,0xC2,0xF2}};
+
+static unsigned char cipher_ecb2[NUM_TESTS-1][8]={
+	{0x92,0x95,0xB5,0x9B,0xB3,0x84,0x73,0x6E},
+	{0x19,0x9E,0x9D,0x6D,0xF3,0x9A,0xA8,0x16},
+	{0x2A,0x4B,0x4D,0x24,0x52,0x43,0x84,0x27},
+	{0x35,0x84,0x3C,0x01,0x9D,0x18,0xC5,0xB6},
+	{0x4A,0x5B,0x2F,0x42,0xAA,0x77,0x19,0x25},
+	{0xA0,0x6B,0xA9,0xB8,0xCA,0x5B,0x17,0x8A},
+	{0xAB,0x9D,0xB7,0xFB,0xED,0x95,0xF2,0x74},
+	{0x3D,0x25,0x6C,0x23,0xA7,0x25,0x2F,0xD6},
+	{0xB7,0x6F,0xAB,0x4F,0xBD,0xBD,0xB7,0x67},
+	{0x8F,0x68,0x27,0xD6,0x9C,0xF4,0x1A,0x10},
+	{0x82,0x57,0xA1,0xD6,0x50,0x5E,0x81,0x85},
+	{0xA2,0x0F,0x0A,0xCD,0x80,0x89,0x7D,0xFA},
+	{0xCD,0x2A,0x53,0x3A,0xDB,0x0D,0x7E,0xF3},
+	{0xD2,0xC2,0xBE,0x27,0xE8,0x1B,0x68,0xE3},
+	{0xE9,0x24,0xCF,0x4F,0x89,0x3C,0x5B,0x0A},
+	{0xA7,0x18,0xC3,0x9F,0xFA,0x9F,0xD7,0x69},
+	{0x77,0x2C,0x79,0xB1,0xD2,0x31,0x7E,0xB1},
+	{0x49,0xAB,0x92,0x7F,0xD0,0x22,0x00,0xB7},
+	{0xCE,0x1C,0x6C,0x7D,0x85,0xE3,0x4A,0x6F},
+	{0xBE,0x91,0xD6,0xE1,0x27,0xB2,0xE9,0x87},
+	{0x70,0x28,0xAE,0x8F,0xD1,0xF5,0x74,0x1A},
+	{0xAA,0x37,0x80,0xBB,0xF3,0x22,0x1D,0xDE},
+	{0xA6,0xC4,0xD2,0x5E,0x28,0x93,0xAC,0xB3},
+	{0x22,0x07,0x81,0x5A,0xE4,0xB7,0x1A,0xAD},
+	{0xDC,0xCE,0x05,0xE7,0x07,0xBD,0xF5,0x84},
+	{0x26,0x1D,0x39,0x2C,0xB3,0xBA,0xA5,0x85},
+	{0xB4,0xF7,0x0F,0x72,0xFB,0x04,0xF0,0xDC},
+	{0x95,0xBA,0xA9,0x4E,0x87,0x36,0xF2,0x89},
+	{0xD4,0x07,0x3A,0xF1,0x5A,0x17,0x82,0x0E},
+	{0xEF,0x6F,0xAF,0xA7,0x66,0x1A,0x7E,0x89},
+	{0xC1,0x97,0xF5,0x58,0x74,0x8A,0x20,0xE7},
+	{0x43,0x34,0xCF,0xDA,0x22,0xC4,0x86,0xC8},
+	{0x08,0xD7,0xB4,0xFB,0x62,0x9D,0x08,0x85}};
+
+static unsigned char cbc_key [8]={0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef};
+static unsigned char cbc2_key[8]={0xf0,0xe1,0xd2,0xc3,0xb4,0xa5,0x96,0x87};
+static unsigned char cbc3_key[8]={0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10};
+static unsigned char cbc_iv  [8]={0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10};
+/* Changed the following text constant to binary so it will work on ebcdic
+ * machines :-) */
+/* static char cbc_data[40]="7654321 Now is the time for \0001"; */
+static unsigned char cbc_data[40]={
+	0x37,0x36,0x35,0x34,0x33,0x32,0x31,0x20,
+	0x4E,0x6F,0x77,0x20,0x69,0x73,0x20,0x74,
+	0x68,0x65,0x20,0x74,0x69,0x6D,0x65,0x20,
+	0x66,0x6F,0x72,0x20,0x00,0x31,0x00,0x00,
+	0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+	};
+
+static unsigned char cbc_ok[32]={
+	0xcc,0xd1,0x73,0xff,0xab,0x20,0x39,0xf4,
+	0xac,0xd8,0xae,0xfd,0xdf,0xd8,0xa1,0xeb,
+	0x46,0x8e,0x91,0x15,0x78,0x88,0xba,0x68,
+	0x1d,0x26,0x93,0x97,0xf7,0xfe,0x62,0xb4};
+
+static unsigned char xcbc_ok[32]={
+	0x86,0x74,0x81,0x0D,0x61,0xA4,0xA5,0x48,
+	0xB9,0x93,0x03,0xE1,0xB8,0xBB,0xBD,0xBD,
+	0x64,0x30,0x0B,0xB9,0x06,0x65,0x81,0x76,
+	0x04,0x1D,0x77,0x62,0x17,0xCA,0x2B,0xD2,
+	};
+
+static unsigned char cbc3_ok[32]={
+	0x3F,0xE3,0x01,0xC9,0x62,0xAC,0x01,0xD0,
+	0x22,0x13,0x76,0x3C,0x1C,0xBD,0x4C,0xDC,
+	0x79,0x96,0x57,0xC0,0x64,0xEC,0xF5,0xD4,
+	0x1C,0x67,0x38,0x12,0xCF,0xDE,0x96,0x75};
+
+static unsigned char pcbc_ok[32]={
+	0xcc,0xd1,0x73,0xff,0xab,0x20,0x39,0xf4,
+	0x6d,0xec,0xb4,0x70,0xa0,0xe5,0x6b,0x15,
+	0xae,0xa6,0xbf,0x61,0xed,0x7d,0x9c,0x9f,
+	0xf7,0x17,0x46,0x3b,0x8a,0xb3,0xcc,0x88};
+
+static unsigned char cfb_key[8]={0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef};
+static unsigned char cfb_iv[8]={0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef};
+static unsigned char cfb_buf1[40],cfb_buf2[40],cfb_tmp[8];
+static unsigned char plain[24]=
+	{
+	0x4e,0x6f,0x77,0x20,0x69,0x73,
+	0x20,0x74,0x68,0x65,0x20,0x74,
+	0x69,0x6d,0x65,0x20,0x66,0x6f,
+	0x72,0x20,0x61,0x6c,0x6c,0x20
+	};
+static unsigned char cfb_cipher8[24]= {
+	0xf3,0x1f,0xda,0x07,0x01,0x14, 0x62,0xee,0x18,0x7f,0x43,0xd8,
+	0x0a,0x7c,0xd9,0xb5,0xb0,0xd2, 0x90,0xda,0x6e,0x5b,0x9a,0x87 };
+static unsigned char cfb_cipher16[24]={
+	0xF3,0x09,0x87,0x87,0x7F,0x57, 0xF7,0x3C,0x36,0xB6,0xDB,0x70,
+	0xD8,0xD5,0x34,0x19,0xD3,0x86, 0xB2,0x23,0xB7,0xB2,0xAD,0x1B };
+static unsigned char cfb_cipher32[24]={
+	0xF3,0x09,0x62,0x49,0xA4,0xDF, 0xA4,0x9F,0x33,0xDC,0x7B,0xAD,
+	0x4C,0xC8,0x9F,0x64,0xE4,0x53, 0xE5,0xEC,0x67,0x20,0xDA,0xB6 };
+static unsigned char cfb_cipher48[24]={
+	0xF3,0x09,0x62,0x49,0xC7,0xF4, 0x30,0xB5,0x15,0xEC,0xBB,0x85,
+	0x97,0x5A,0x13,0x8C,0x68,0x60, 0xE2,0x38,0x34,0x3C,0xDC,0x1F };
+static unsigned char cfb_cipher64[24]={
+	0xF3,0x09,0x62,0x49,0xC7,0xF4, 0x6E,0x51,0xA6,0x9E,0x83,0x9B,
+	0x1A,0x92,0xF7,0x84,0x03,0x46, 0x71,0x33,0x89,0x8E,0xA6,0x22 };
+
+static unsigned char ofb_key[8]={0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef};
+static unsigned char ofb_iv[8]={0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef};
+static unsigned char ofb_buf1[24],ofb_buf2[24],ofb_tmp[8];
+static unsigned char ofb_cipher[24]=
+	{
+	0xf3,0x09,0x62,0x49,0xc7,0xf4,0x6e,0x51,
+	0x35,0xf2,0x4a,0x24,0x2e,0xeb,0x3d,0x3f,
+	0x3d,0x6d,0x5b,0xe3,0x25,0x5a,0xf8,0xc3
+	};
+
+DES_LONG cbc_cksum_ret=0xB462FEF7L;
+unsigned char cbc_cksum_data[8]={0x1D,0x26,0x93,0x97,0xf7,0xfe,0x62,0xb4};
+
+static char *pt(unsigned char *p);
+static int cfb_test(int bits, unsigned char *cfb_cipher);
+static int cfb64_test(unsigned char *cfb_cipher);
+static int ede_cfb64_test(unsigned char *cfb_cipher);
+int main(int argc, char *argv[])
+	{
+	int i,j,err=0;
+	des_cblock in,out,outin,iv3,iv2;
+	des_key_schedule ks,ks2,ks3;
+	unsigned char cbc_in[40];
+	unsigned char cbc_out[40];
+	DES_LONG cs;
+	unsigned char qret[4][4],cret[8];
+	DES_LONG lqret[4];
+	int num;
+	char *str;
+
+#ifndef NO_DESCBCM
+	printf("Doing cbcm\n");
+	if ((j=des_key_sched(&cbc_key,ks)) != 0)
+		{
+		printf("Key error %d\n",j);
+		err=1;
+		}
+	if ((j=des_key_sched(&cbc2_key,ks2)) != 0)
+		{
+		printf("Key error %d\n",j);
+		err=1;
+		}
+	if ((j=des_key_sched(&cbc3_key,ks3)) != 0)
+		{
+		printf("Key error %d\n",j);
+		err=1;
+		}
+	memset(cbc_out,0,40);
+	memset(cbc_in,0,40);
+	i=strlen((char *)cbc_data)+1;
+	/* i=((i+7)/8)*8; */
+	memcpy(iv3,cbc_iv,sizeof(cbc_iv));
+	memset(iv2,'\0',sizeof iv2);
+
+	des_ede3_cbcm_encrypt(cbc_data,cbc_out,16L,ks,ks2,ks3,&iv3,&iv2,
+			      DES_ENCRYPT);
+	des_ede3_cbcm_encrypt(&cbc_data[16],&cbc_out[16],i-16,ks,ks2,ks3,
+			      &iv3,&iv2,DES_ENCRYPT);
+	/*	if (memcmp(cbc_out,cbc3_ok,
+		(unsigned int)(strlen((char *)cbc_data)+1+7)/8*8) != 0)
+		{
+		printf("des_ede3_cbc_encrypt encrypt error\n");
+		err=1;
+		}
+	*/
+	memcpy(iv3,cbc_iv,sizeof(cbc_iv));
+	memset(iv2,'\0',sizeof iv2);
+	des_ede3_cbcm_encrypt(cbc_out,cbc_in,i,ks,ks2,ks3,&iv3,&iv2,DES_DECRYPT);
+	if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0)
+		{
+		int n;
+
+		printf("des_ede3_cbcm_encrypt decrypt error\n");
+		for(n=0 ; n < i ; ++n)
+		    printf(" %02x",cbc_data[n]);
+		printf("\n");
+		for(n=0 ; n < i ; ++n)
+		    printf(" %02x",cbc_in[n]);
+		printf("\n");
+		err=1;
+		}
+#endif
+
+	printf("Doing ecb\n");
+	for (i=0; i 0))
+			lqret[i]=lqret[i]>>(j*8); /* For Cray */
+		}
+
+	if (!c[0])
+		{
+		ll=lqret[0]^lqret[3];
+		lqret[0]^=ll;
+		lqret[3]^=ll;
+		ll=lqret[1]^lqret[2];
+		lqret[1]^=ll;
+		lqret[2]^=ll;
+		}
+	}
+	if (cs != 0x70d7a63aL)
+		{
+		printf("quad_cksum error, ret %08lx should be 70d7a63a\n",
+			(unsigned long)cs);
+		err=1;
+		}
+	if (lqret[0] != 0x327eba8dL)
+		{
+		printf("quad_cksum error, out[0] %08lx is not %08lx\n",
+			(unsigned long)lqret[0],0x327eba8dUL);
+		err=1;
+		}
+	if (lqret[1] != 0x201a49ccL)
+		{
+		printf("quad_cksum error, out[1] %08lx is not %08lx\n",
+			(unsigned long)lqret[1],0x201a49ccUL);
+		err=1;
+		}
+	if (lqret[2] != 0x70d7a63aL)
+		{
+		printf("quad_cksum error, out[2] %08lx is not %08lx\n",
+			(unsigned long)lqret[2],0x70d7a63aUL);
+		err=1;
+		}
+	if (lqret[3] != 0x501c2c26L)
+		{
+		printf("quad_cksum error, out[3] %08lx is not %08lx\n",
+			(unsigned long)lqret[3],0x501c2c26UL);
+		err=1;
+		}
+#endif
+
+	printf("input word alignment test");
+	for (i=0; i<4; i++)
+		{
+		printf(" %d",i);
+		des_ncbc_encrypt(&(cbc_out[i]),cbc_in,
+				 strlen((char *)cbc_data)+1,ks,
+				 &cbc_iv,DES_ENCRYPT);
+		}
+	printf("\noutput word alignment test");
+	for (i=0; i<4; i++)
+		{
+		printf(" %d",i);
+		des_ncbc_encrypt(cbc_out,&(cbc_in[i]),
+				 strlen((char *)cbc_data)+1,ks,
+				 &cbc_iv,DES_ENCRYPT);
+		}
+	printf("\n");
+	printf("fast crypt test ");
+	str=crypt("testing","ef");
+	if (strcmp("efGnQx2725bI2",str) != 0)
+		{
+		printf("fast crypt error, %s should be efGnQx2725bI2\n",str);
+		err=1;
+		}
+	str=crypt("bca76;23","yA");
+	if (strcmp("yA1Rp/1hZXIJk",str) != 0)
+		{
+		printf("fast crypt error, %s should be yA1Rp/1hZXIJk\n",str);
+		err=1;
+		}
+	printf("\n");
+	exit(err);
+	return(0);
+	}
+
+static char *pt(unsigned char *p)
+	{
+	static char bufs[10][20];
+	static int bnum=0;
+	char *ret;
+	int i;
+	static char *f="0123456789ABCDEF";
+
+	ret= &(bufs[bnum++][0]);
+	bnum%=10;
+	for (i=0; i<8; i++)
+		{
+		ret[i*2]=f[(p[i]>>4)&0xf];
+		ret[i*2+1]=f[p[i]&0xf];
+		}
+	ret[16]='\0';
+	return(ret);
+	}
+
+#ifndef LIBDES_LIT
+
+static int cfb_test(int bits, unsigned char *cfb_cipher)
+	{
+	des_key_schedule ks;
+	int i,err=0;
+
+	des_key_sched(&cfb_key,ks);
+	memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
+	des_cfb_encrypt(plain,cfb_buf1,bits,sizeof(plain),ks,&cfb_tmp,
+			DES_ENCRYPT);
+	if (memcmp(cfb_cipher,cfb_buf1,sizeof(plain)) != 0)
+		{
+		err=1;
+		printf("cfb_encrypt encrypt error\n");
+		for (i=0; i<24; i+=8)
+			printf("%s\n",pt(&(cfb_buf1[i])));
+		}
+	memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
+	des_cfb_encrypt(cfb_buf1,cfb_buf2,bits,sizeof(plain),ks,&cfb_tmp,
+			DES_DECRYPT);
+	if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0)
+		{
+		err=1;
+		printf("cfb_encrypt decrypt error\n");
+		for (i=0; i<24; i+=8)
+			printf("%s\n",pt(&(cfb_buf1[i])));
+		}
+	return(err);
+	}
+
+static int cfb64_test(unsigned char *cfb_cipher)
+	{
+	des_key_schedule ks;
+	int err=0,i,n;
+
+	des_key_sched(&cfb_key,ks);
+	memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
+	n=0;
+	des_cfb64_encrypt(plain,cfb_buf1,12,ks,&cfb_tmp,&n,DES_ENCRYPT);
+	des_cfb64_encrypt(&(plain[12]),&(cfb_buf1[12]),sizeof(plain)-12,ks,
+			  &cfb_tmp,&n,DES_ENCRYPT);
+	if (memcmp(cfb_cipher,cfb_buf1,sizeof(plain)) != 0)
+		{
+		err=1;
+		printf("cfb_encrypt encrypt error\n");
+		for (i=0; i<24; i+=8)
+			printf("%s\n",pt(&(cfb_buf1[i])));
+		}
+	memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
+	n=0;
+	des_cfb64_encrypt(cfb_buf1,cfb_buf2,17,ks,&cfb_tmp,&n,DES_DECRYPT);
+	des_cfb64_encrypt(&(cfb_buf1[17]),&(cfb_buf2[17]),
+			  sizeof(plain)-17,ks,&cfb_tmp,&n,DES_DECRYPT);
+	if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0)
+		{
+		err=1;
+		printf("cfb_encrypt decrypt error\n");
+		for (i=0; i<24; i+=8)
+			printf("%s\n",pt(&(cfb_buf2[i])));
+		}
+	return(err);
+	}
+
+static int ede_cfb64_test(unsigned char *cfb_cipher)
+	{
+	des_key_schedule ks;
+	int err=0,i,n;
+
+	des_key_sched(&cfb_key,ks);
+	memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
+	n=0;
+	des_ede3_cfb64_encrypt(plain,cfb_buf1,12,ks,ks,ks,&cfb_tmp,&n,
+			       DES_ENCRYPT);
+	des_ede3_cfb64_encrypt(&(plain[12]),&(cfb_buf1[12]),
+			       sizeof(plain)-12,ks,ks,ks,
+			       &cfb_tmp,&n,DES_ENCRYPT);
+	if (memcmp(cfb_cipher,cfb_buf1,sizeof(plain)) != 0)
+		{
+		err=1;
+		printf("ede_cfb_encrypt encrypt error\n");
+		for (i=0; i<24; i+=8)
+			printf("%s\n",pt(&(cfb_buf1[i])));
+		}
+	memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
+	n=0;
+	des_ede3_cfb64_encrypt(cfb_buf1,cfb_buf2,(long)17,ks,ks,ks,
+			       &cfb_tmp,&n,DES_DECRYPT);
+	des_ede3_cfb64_encrypt(&(cfb_buf1[17]),&(cfb_buf2[17]),
+			       sizeof(plain)-17,ks,ks,ks,
+			       &cfb_tmp,&n,DES_DECRYPT);
+	if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0)
+		{
+		err=1;
+		printf("ede_cfb_encrypt decrypt error\n");
+		for (i=0; i<24; i+=8)
+			printf("%s\n",pt(&(cfb_buf2[i])));
+		}
+	return(err);
+	}
+
+#endif
+#endif
diff --git a/crypto/openssl/crypto/des/doIP b/crypto/openssl/crypto/des/doIP
new file mode 100644
index 000000000000..18cf23130364
--- /dev/null
+++ b/crypto/openssl/crypto/des/doIP
@@ -0,0 +1,46 @@
+#!/usr/local/bin/perl
+
+@l=(
+	 0, 1, 2, 3, 4, 5, 6, 7,
+	 8, 9,10,11,12,13,14,15,
+	16,17,18,19,20,21,22,23,
+	24,25,26,27,28,29,30,31
+	);
+@r=(
+	32,33,34,35,36,37,38,39,
+	40,41,42,43,44,45,46,47,
+	48,49,50,51,52,53,54,55,
+	56,57,58,59,60,61,62,63
+	);
+
+require 'shifts.pl';
+
+sub PERM_OP
+	{
+	local(*a,*b,*t,$n,$m)=@_;
+
+	@z=&shift(*a,-$n);
+	@z=&xor(*b,*z);
+	@z=&and(*z,$m);
+	@b=&xor(*b,*z);
+	@z=&shift(*z,$n);
+	@a=&xor(*a,*z);
+	}
+
+
+@L=@l;
+@R=@r;
+&PERM_OP(*R,*L,*T,4,0x0f0f0f0f);
+&PERM_OP(*L,*R,*T,16,0x0000ffff);
+&PERM_OP(*R,*L,*T,2,0x33333333);
+&PERM_OP(*L,*R,*T,8,0x00ff00ff);
+&PERM_OP(*R,*L,*T,1,0x55555555);
+	&printit(@L);
+	&printit(@R);
+&PERM_OP(*R,*L,*T,1,0x55555555);
+&PERM_OP(*L,*R,*T,8,0x00ff00ff);
+&PERM_OP(*R,*L,*T,2,0x33333333);
+&PERM_OP(*L,*R,*T,16,0x0000ffff);
+&PERM_OP(*R,*L,*T,4,0x0f0f0f0f);
+	&printit(@L);
+	&printit(@R);
diff --git a/crypto/openssl/crypto/des/doPC1 b/crypto/openssl/crypto/des/doPC1
new file mode 100644
index 000000000000..096afd8c4614
--- /dev/null
+++ b/crypto/openssl/crypto/des/doPC1
@@ -0,0 +1,110 @@
+#!/usr/local/bin/perl
+
+@l=(
+	 0, 1, 2, 3, 4, 5, 6, 7,
+	 8, 9,10,11,12,13,14,15,
+	16,17,18,19,20,21,22,23,
+	24,25,26,27,28,29,30,31
+	);
+@r=(
+	32,33,34,35,36,37,38,39,
+	40,41,42,43,44,45,46,47,
+	48,49,50,51,52,53,54,55,
+	56,57,58,59,60,61,62,63
+	);
+
+require 'shifts.pl';
+
+sub PERM_OP
+	{
+	local(*a,*b,*t,$n,$m)=@_;
+
+	@z=&shift(*a,-$n);
+	@z=&xor(*b,*z);
+	@z=&and(*z,$m);
+	@b=&xor(*b,*z);
+	@z=&shift(*z,$n);
+	@a=&xor(*a,*z);
+	}
+
+sub HPERM_OP2
+	{
+	local(*a,*t,$n,$m)=@_;
+	local(@x,@y,$i);
+
+	@z=&shift(*a,16-$n);
+	@z=&xor(*a,*z);
+	@z=&and(*z,$m);
+	@a=&xor(*a,*z);
+	@z=&shift(*z,$n-16);
+	@a=&xor(*a,*z);
+	}
+
+sub HPERM_OP
+        {
+        local(*a,*t,$n,$m)=@_;
+        local(@x,@y,$i);
+
+        for ($i=0; $i<16; $i++)
+                {
+                $x[$i]=$a[$i];
+                $y[$i]=$a[16+$i];
+                }
+        @z=&shift(*x,-$n);
+        @z=&xor(*y,*z);
+        @z=&and(*z,$m);
+        @y=&xor(*y,*z);
+        @z=&shift(*z,$n);
+        @x=&xor(*x,*z);
+        for ($i=0; $i<16; $i++)
+                {
+                $a[$i]=$x[$i];
+                $a[16+$i]=$y[$i];
+                }
+        }
+
+@L=@l;
+@R=@r;
+
+	print "---\n"; &printit(@R);
+&PERM_OP(*R,*L,*T,4,0x0f0f0f0f);
+	print "---\n"; &printit(@R);
+&HPERM_OP2(*L,*T,-2,0xcccc0000);
+&HPERM_OP2(*R,*T,-2,0xcccc0000);
+	print "---\n"; &printit(@R);
+&PERM_OP(*R,*L,*T,1,0x55555555);
+	print "---\n"; &printit(@R);
+&PERM_OP(*L,*R,*T,8,0x00ff00ff);
+	print "---\n"; &printit(@R);
+&PERM_OP(*R,*L,*T,1,0x55555555);
+	print "---\n"; &printit(@R);
+#	&printit(@L);
+	&printit(@R);
+print <<"EOF";
+==============================
+63  55  47  39  31  23  15   7  
+62  54  46  38  30  22  14   6  
+61  53  45  37  29  21  13   5  
+60  52  44  36  --  --  --  --  
+
+57  49  41  33  25  17   9   1  
+58  50  42  34  26  18  10   2  
+59  51  43  35  27  19  11   3  
+28  20  12   4  --  --  --  --  
+EOF
+exit(1);
+@A=&and(*R,0x000000ff);
+@A=&shift(*A,16);
+@B=&and(*R,0x0000ff00);
+@C=&and(*R,0x00ff0000);
+@C=&shift(*C,-16);
+@D=&and(*L,0xf0000000);
+@D=&shift(*D,-4);
+@A=&or(*A,*B);
+@B=&or(*D,*C);
+@R=&or(*A,*B);
+@L=&and(*L,0x0fffffff);
+
+	&printit(@L);
+	&printit(@R);
+
diff --git a/crypto/openssl/crypto/des/doPC2 b/crypto/openssl/crypto/des/doPC2
new file mode 100644
index 000000000000..fa5cf74cf713
--- /dev/null
+++ b/crypto/openssl/crypto/des/doPC2
@@ -0,0 +1,94 @@
+#!/usr/local/bin/perl
+
+@PC2_C=(14,17,11,24, 1, 5,
+	 3,28,15, 6,21,10,
+	23,19,12, 4,26, 8,
+	16, 7,27,20,13, 2,
+	);
+
+@PC2_D=(41,52,31,37,47,55,
+	30,40,51,45,33,48,
+	44,49,39,56,34,53,
+	46,42,50,36,29,32,
+	);
+
+$i=0;
+foreach (@PC2_C) {
+	$_--;
+#	printf "%2d,",$_;
+	$C{$_}=$i;
+	++$i;
+#	print "\n" if ((($i) % 8) == 0);
+	}
+$i=0;
+#print "\n";
+foreach (@PC2_D) {
+	$_-=28;
+	$_--;
+#	printf "%2d,",$_;
+	$D{$_}=$i;
+	$i++;
+#	print "\n" if ((($i) % 8) == 0);
+	}
+
+#print "\n";
+foreach $i (0 .. 27)
+	{
+	$_=$C{$i};
+#	printf "%2d,",$_;
+	$i++;
+#	print "\n" if ((($i) % 8) == 0);
+	}
+#print "\n";
+
+#print "\n";
+foreach $i (0 .. 27)
+	{
+	$_=$D{$i};
+#	printf "%2d,",$_;
+	$i++;
+#	print "\n" if ((($i) % 8) == 0);
+	}
+#print "\n";
+
+print "static ulong skb[8][64]={\n";
+&doit("C",*C, 0, 1, 2, 3, 4, 5);
+&doit("C",*C, 6, 7, 9,10,11,12);
+&doit("C",*C,13,14,15,16,18,19);
+&doit("C",*C,20,22,23,25,26,27);
+
+&doit("D",*D, 0, 1, 2, 3, 4, 5);
+&doit("D",*D, 7, 8,10,11,12,13);
+&doit("D",*D,15,16,17,18,19,20);
+&doit("D",*D,21,22,23,24,26,27);
+print "};\n";
+
+sub doit
+	{
+	local($l,*A,@b)=@_;
+	local(@out);
+
+	printf("/* for $l bits (numbered as per FIPS 46) %d %d %d %d %d %d */\n",
+		$b[0]+1, $b[1]+1, $b[2]+1, $b[3]+1, $b[4]+1, $b[5]+1);
+	for ($i=0; $i<64; $i++)
+		{
+		$out[$i]=0;
+		$j=1;
+#print "\n";
+		for ($k=0; $k<6; $k++)
+			{
+			$l=$A{$b[$k]};
+#print"$l - ";
+			if ((1<<$k) & $i)
+				{
+				$ll=int($l/6)*8+($l%6);
+				$out[$i]|=1<<($ll);
+				}
+			}
+		$pp=$out[$i];
+		$pp=($pp&0xff0000ff)|   (($pp&0x00ff0000)>>8)|
+					(($pp&0x0000ff00)<<8);
+		printf("0x%08X,",$pp);
+		print "\n" if (($i+1) % 4 == 0);
+		}
+	}
diff --git a/crypto/openssl/crypto/des/ecb3_enc.c b/crypto/openssl/crypto/des/ecb3_enc.c
new file mode 100644
index 000000000000..fb28b97e1ab6
--- /dev/null
+++ b/crypto/openssl/crypto/des/ecb3_enc.c
@@ -0,0 +1,82 @@
+/* crypto/des/ecb3_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "des_locl.h"
+
+void des_ecb3_encrypt(const_des_cblock *input, des_cblock *output,
+	     des_key_schedule ks1, des_key_schedule ks2, des_key_schedule ks3,
+	     int enc)
+	{
+	register DES_LONG l0,l1;
+	DES_LONG ll[2];
+	const unsigned char *in = &(*input)[0];
+	unsigned char *out = &(*output)[0];
+
+	c2l(in,l0);
+	c2l(in,l1);
+	ll[0]=l0;
+	ll[1]=l1;
+	if (enc)
+		des_encrypt3(ll,ks1,ks2,ks3);
+	else
+		des_decrypt3(ll,ks1,ks2,ks3);
+	l0=ll[0];
+	l1=ll[1];
+	l2c(l0,out);
+	l2c(l1,out);
+	}
diff --git a/crypto/openssl/crypto/des/ecb_enc.c b/crypto/openssl/crypto/des/ecb_enc.c
new file mode 100644
index 000000000000..b261a8aad940
--- /dev/null
+++ b/crypto/openssl/crypto/des/ecb_enc.c
@@ -0,0 +1,122 @@
+/* crypto/des/ecb_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "des_locl.h"
+#include "spr.h"
+#include 
+
+OPENSSL_GLOBAL const char *libdes_version="libdes" OPENSSL_VERSION_PTEXT;
+OPENSSL_GLOBAL const char *DES_version="DES" OPENSSL_VERSION_PTEXT;
+
+const char *des_options(void)
+	{
+	static int init=1;
+	static char buf[32];
+
+	if (init)
+		{
+		const char *ptr,*unroll,*risc,*size;
+
+#ifdef DES_PTR
+		ptr="ptr";
+#else
+		ptr="idx";
+#endif
+#if defined(DES_RISC1) || defined(DES_RISC2)
+#ifdef DES_RISC1
+		risc="risc1";
+#endif
+#ifdef DES_RISC2
+		risc="risc2";
+#endif
+#else
+		risc="cisc";
+#endif
+#ifdef DES_UNROLL
+		unroll="16";
+#else
+		unroll="4";
+#endif
+		if (sizeof(DES_LONG) != sizeof(long))
+			size="int";
+		else
+			size="long";
+		sprintf(buf,"des(%s,%s,%s,%s)",ptr,risc,unroll,size);
+		init=0;
+		}
+	return(buf);
+	}
+		
+
+void des_ecb_encrypt(const_des_cblock *input, des_cblock *output,
+	     des_key_schedule ks,
+	     int enc)
+	{
+	register DES_LONG l;
+	DES_LONG ll[2];
+	const unsigned char *in = &(*input)[0];
+	unsigned char *out = &(*output)[0];
+
+	c2l(in,l); ll[0]=l;
+	c2l(in,l); ll[1]=l;
+	des_encrypt(ll,ks,enc);
+	l=ll[0]; l2c(l,out);
+	l=ll[1]; l2c(l,out);
+	l=ll[0]=ll[1]=0;
+	}
+
diff --git a/crypto/openssl/crypto/des/ede_cbcm_enc.c b/crypto/openssl/crypto/des/ede_cbcm_enc.c
new file mode 100644
index 000000000000..c53062481ddd
--- /dev/null
+++ b/crypto/openssl/crypto/des/ede_cbcm_enc.c
@@ -0,0 +1,197 @@
+/* ede_cbcm_enc.c */
+/* Written by Ben Laurie  for the OpenSSL
+ * project 13 Feb 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/*
+
+This is an implementation of Triple DES Cipher Block Chaining with Output
+Feedback Masking, by Coppersmith, Johnson and Matyas, (IBM and Certicom).
+
+Note that there is a known attack on this by Biham and Knudsen but it takes
+a lot of work:
+
+http://www.cs.technion.ac.il/users/wwwb/cgi-bin/tr-get.cgi/1998/CS/CS0928.ps.gz
+
+*/
+
+#ifndef NO_DESCBCM
+#include "des_locl.h"
+
+void des_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out,
+	     long length, des_key_schedule ks1, des_key_schedule ks2,
+	     des_key_schedule ks3, des_cblock *ivec1, des_cblock *ivec2,
+	     int enc)
+    {
+    register DES_LONG tin0,tin1;
+    register DES_LONG tout0,tout1,xor0,xor1,m0,m1;
+    register long l=length;
+    DES_LONG tin[2];
+    unsigned char *iv1,*iv2;
+
+    iv1 = &(*ivec1)[0];
+    iv2 = &(*ivec2)[0];
+
+    if (enc)
+	{
+	c2l(iv1,m0);
+	c2l(iv1,m1);
+	c2l(iv2,tout0);
+	c2l(iv2,tout1);
+	for (l-=8; l>=-7; l-=8)
+	    {
+	    tin[0]=m0;
+	    tin[1]=m1;
+	    des_encrypt(tin,ks3,1);
+	    m0=tin[0];
+	    m1=tin[1];
+
+	    if(l < 0)
+		{
+		c2ln(in,tin0,tin1,l+8);
+		}
+	    else
+		{
+		c2l(in,tin0);
+		c2l(in,tin1);
+		}
+	    tin0^=tout0;
+	    tin1^=tout1;
+
+	    tin[0]=tin0;
+	    tin[1]=tin1;
+	    des_encrypt(tin,ks1,1);
+	    tin[0]^=m0;
+	    tin[1]^=m1;
+	    des_encrypt(tin,ks2,0);
+	    tin[0]^=m0;
+	    tin[1]^=m1;
+	    des_encrypt(tin,ks1,1);
+	    tout0=tin[0];
+	    tout1=tin[1];
+
+	    l2c(tout0,out);
+	    l2c(tout1,out);
+	    }
+	iv1=&(*ivec1)[0];
+	l2c(m0,iv1);
+	l2c(m1,iv1);
+
+	iv2=&(*ivec2)[0];
+	l2c(tout0,iv2);
+	l2c(tout1,iv2);
+	}
+    else
+	{
+	register DES_LONG t0,t1;
+
+	c2l(iv1,m0);
+	c2l(iv1,m1);
+	c2l(iv2,xor0);
+	c2l(iv2,xor1);
+	for (l-=8; l>=-7; l-=8)
+	    {
+	    tin[0]=m0;
+	    tin[1]=m1;
+	    des_encrypt(tin,ks3,1);
+	    m0=tin[0];
+	    m1=tin[1];
+
+	    c2l(in,tin0);
+	    c2l(in,tin1);
+
+	    t0=tin0;
+	    t1=tin1;
+
+	    tin[0]=tin0;
+	    tin[1]=tin1;
+	    des_encrypt(tin,ks1,0);
+	    tin[0]^=m0;
+	    tin[1]^=m1;
+	    des_encrypt(tin,ks2,1);
+	    tin[0]^=m0;
+	    tin[1]^=m1;
+	    des_encrypt(tin,ks1,0);
+	    tout0=tin[0];
+	    tout1=tin[1];
+
+	    tout0^=xor0;
+	    tout1^=xor1;
+	    if(l < 0)
+		{
+		l2cn(tout0,tout1,out,l+8);
+		}
+	    else
+		{
+		l2c(tout0,out);
+		l2c(tout1,out);
+		}
+	    xor0=t0;
+	    xor1=t1;
+	    }
+
+	iv1=&(*ivec1)[0];
+	l2c(m0,iv1);
+	l2c(m1,iv1);
+
+	iv2=&(*ivec2)[0];
+	l2c(xor0,iv2);
+	l2c(xor1,iv2);
+	}
+    tin0=tin1=tout0=tout1=xor0=xor1=0;
+    tin[0]=tin[1]=0;
+    }
+#endif
diff --git a/crypto/openssl/crypto/des/enc_read.c b/crypto/openssl/crypto/des/enc_read.c
new file mode 100644
index 000000000000..694970ccd2a9
--- /dev/null
+++ b/crypto/openssl/crypto/des/enc_read.c
@@ -0,0 +1,228 @@
+/* crypto/des/enc_read.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include "cryptlib.h"
+#include "des_locl.h"
+
+/* This has some uglies in it but it works - even over sockets. */
+/*extern int errno;*/
+OPENSSL_GLOBAL int des_rw_mode=DES_PCBC_MODE;
+
+
+/*
+ * WARNINGS:
+ *
+ *  -  The data format used by des_enc_write() and des_enc_read()
+ *     has a cryptographic weakness: When asked to write more
+ *     than MAXWRITE bytes, des_enc_write will split the data
+ *     into several chunks that are all encrypted
+ *     using the same IV.  So don't use these functions unless you
+ *     are sure you know what you do (in which case you might
+ *     not want to use them anyway).
+ *
+ *  -  This code cannot handle non-blocking sockets.
+ *
+ *  -  This function uses an internal state and thus cannot be
+ *     used on multiple files.
+ */
+
+
+int des_enc_read(int fd, void *buf, int len, des_key_schedule sched,
+		 des_cblock *iv)
+	{
+	/* data to be unencrypted */
+	int net_num=0;
+	static unsigned char *net=NULL;
+	/* extra unencrypted data 
+	 * for when a block of 100 comes in but is des_read one byte at
+	 * a time. */
+	static unsigned char *unnet=NULL;
+	static int unnet_start=0;
+	static int unnet_left=0;
+	static unsigned char *tmpbuf=NULL;
+	int i;
+	long num=0,rnum;
+	unsigned char *p;
+
+	if (tmpbuf == NULL)
+		{
+		tmpbuf=Malloc(BSIZE);
+		if (tmpbuf == NULL) return(-1);
+		}
+	if (net == NULL)
+		{
+		net=Malloc(BSIZE);
+		if (net == NULL) return(-1);
+		}
+	if (unnet == NULL)
+		{
+		unnet=Malloc(BSIZE);
+		if (unnet == NULL) return(-1);
+		}
+	/* left over data from last decrypt */
+	if (unnet_left != 0)
+		{
+		if (unnet_left < len)
+			{
+			/* we still still need more data but will return
+			 * with the number of bytes we have - should always
+			 * check the return value */
+			memcpy(buf,&(unnet[unnet_start]),
+			       unnet_left);
+			/* eay 26/08/92 I had the next 2 lines
+			 * reversed :-( */
+			i=unnet_left;
+			unnet_start=unnet_left=0;
+			}
+		else
+			{
+			memcpy(buf,&(unnet[unnet_start]),len);
+			unnet_start+=len;
+			unnet_left-=len;
+			i=len;
+			}
+		return(i);
+		}
+
+	/* We need to get more data. */
+	if (len > MAXWRITE) len=MAXWRITE;
+
+	/* first - get the length */
+	while (net_num < HDRSIZE) 
+		{
+		i=read(fd,&(net[net_num]),HDRSIZE-net_num);
+#ifdef EINTR
+		if ((i == -1) && (errno == EINTR)) continue;
+#endif
+		if (i <= 0) return(0);
+		net_num+=i;
+		}
+
+	/* we now have at net_num bytes in net */
+	p=net;
+	/* num=0;  */
+	n2l(p,num);
+	/* num should be rounded up to the next group of eight
+	 * we make sure that we have read a multiple of 8 bytes from the net.
+	 */
+	if ((num > MAXWRITE) || (num < 0)) /* error */
+		return(-1);
+	rnum=(num < 8)?8:((num+7)/8*8);
+
+	net_num=0;
+	while (net_num < rnum)
+		{
+		i=read(fd,&(net[net_num]),rnum-net_num);
+#ifdef EINTR
+		if ((i == -1) && (errno == EINTR)) continue;
+#endif
+		if (i <= 0) return(0);
+		net_num+=i;
+		}
+
+	/* Check if there will be data left over. */
+	if (len < num)
+		{
+		if (des_rw_mode & DES_PCBC_MODE)
+			des_pcbc_encrypt(net,unnet,num,sched,iv,DES_DECRYPT);
+		else
+			des_cbc_encrypt(net,unnet,num,sched,iv,DES_DECRYPT);
+		memcpy(buf,unnet,len);
+		unnet_start=len;
+		unnet_left=num-len;
+
+		/* The following line is done because we return num
+		 * as the number of bytes read. */
+		num=len;
+		}
+	else
+		{
+		/* >output is a multiple of 8 byes, if len < rnum
+		 * >we must be careful.  The user must be aware that this
+		 * >routine will write more bytes than he asked for.
+		 * >The length of the buffer must be correct.
+		 * FIXED - Should be ok now 18-9-90 - eay */
+		if (len < rnum)
+			{
+
+			if (des_rw_mode & DES_PCBC_MODE)
+				des_pcbc_encrypt(net,tmpbuf,num,sched,iv,
+						 DES_DECRYPT);
+			else
+				des_cbc_encrypt(net,tmpbuf,num,sched,iv,
+						DES_DECRYPT);
+
+			/* eay 26/08/92 fix a bug that returned more
+			 * bytes than you asked for (returned len bytes :-( */
+			memcpy(buf,tmpbuf,num);
+			}
+		else
+			{
+			if (des_rw_mode & DES_PCBC_MODE)
+				des_pcbc_encrypt(net,buf,num,sched,iv,
+						 DES_DECRYPT);
+			else
+				des_cbc_encrypt(net,buf,num,sched,iv,
+						DES_DECRYPT);
+			}
+		}
+	return num;
+	}
+
diff --git a/crypto/openssl/crypto/des/enc_writ.c b/crypto/openssl/crypto/des/enc_writ.c
new file mode 100644
index 000000000000..ba3f0822ef03
--- /dev/null
+++ b/crypto/openssl/crypto/des/enc_writ.c
@@ -0,0 +1,168 @@
+/* crypto/des/enc_writ.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+#include "cryptlib.h"
+#include "des_locl.h"
+#include 
+
+/*
+ * WARNINGS:
+ *
+ *  -  The data format used by des_enc_write() and des_enc_read()
+ *     has a cryptographic weakness: When asked to write more
+ *     than MAXWRITE bytes, des_enc_write will split the data
+ *     into several chunks that are all encrypted
+ *     using the same IV.  So don't use these functions unless you
+ *     are sure you know what you do (in which case you might
+ *     not want to use them anyway).
+ *
+ *  -  This code cannot handle non-blocking sockets.
+ */
+
+int des_enc_write(int fd, const void *_buf, int len,
+		  des_key_schedule sched, des_cblock *iv)
+	{
+#ifdef _LIBC
+	extern unsigned long time();
+	extern int write();
+#endif
+	const unsigned char *buf=_buf;
+	long rnum;
+	int i,j,k,outnum;
+	static unsigned char *outbuf=NULL;
+	unsigned char shortbuf[8];
+	unsigned char *p;
+	const unsigned char *cp;
+	static int start=1;
+
+	if (outbuf == NULL)
+		{
+		outbuf=Malloc(BSIZE+HDRSIZE);
+		if (outbuf == NULL) return(-1);
+		}
+	/* If we are sending less than 8 bytes, the same char will look
+	 * the same if we don't pad it out with random bytes */
+	if (start)
+		{
+		start=0;
+		}
+
+	/* lets recurse if we want to send the data in small chunks */
+	if (len > MAXWRITE)
+		{
+		j=0;
+		for (i=0; i MAXWRITE)?MAXWRITE:(len-i),sched,iv);
+			if (k < 0)
+				return(k);
+			else
+				j+=k;
+			}
+		return(j);
+		}
+
+	/* write length first */
+	p=outbuf;
+	l2n(len,p);
+
+	/* pad short strings */
+	if (len < 8)
+		{
+		cp=shortbuf;
+		memcpy(shortbuf,buf,len);
+		RAND_bytes(shortbuf+len, 8-len);
+		rnum=8;
+		}
+	else
+		{
+		cp=(unsigned char*)buf;
+		rnum=((len+7)/8*8); /* round up to nearest eight */
+		}
+
+	if (des_rw_mode & DES_PCBC_MODE)
+		des_pcbc_encrypt(cp,&(outbuf[HDRSIZE]),(len<8)?8:len,sched,iv,
+				 DES_ENCRYPT); 
+	else
+		des_cbc_encrypt(cp,&(outbuf[HDRSIZE]),(len<8)?8:len,sched,iv,
+				DES_ENCRYPT); 
+
+	/* output */
+	outnum=rnum+HDRSIZE;
+
+	for (j=0; j
+#ifdef _OSD_POSIX
+#ifndef CHARSET_EBCDIC
+#define CHARSET_EBCDIC 1
+#endif
+#endif
+#ifdef CHARSET_EBCDIC
+#include 
+#endif
+
+/* This version of crypt has been developed from my MIT compatable
+ * DES library.
+ * The library is available at pub/Crypto/DES at ftp.psy.uq.oz.au
+ * Eric Young (eay@cryptsoft.com)
+ */
+
+/* Modification by Jens Kupferschmidt (Cu)
+ * I have included directive PARA for shared memory computers.
+ * I have included a directive LONGCRYPT to using this routine to cipher
+ * passwords with more then 8 bytes like HP-UX 10.x it used. The MAXPLEN
+ * definition is the maximum of lenght of password and can changed. I have
+ * defined 24.
+ */
+
+#include "des_locl.h"
+
+/* Added more values to handle illegal salt values the way normal
+ * crypt() implementations do.  The patch was sent by 
+ * Bjorn Gronvall 
+ */
+static unsigned const char con_salt[128]={
+0xD2,0xD3,0xD4,0xD5,0xD6,0xD7,0xD8,0xD9,
+0xDA,0xDB,0xDC,0xDD,0xDE,0xDF,0xE0,0xE1,
+0xE2,0xE3,0xE4,0xE5,0xE6,0xE7,0xE8,0xE9,
+0xEA,0xEB,0xEC,0xED,0xEE,0xEF,0xF0,0xF1,
+0xF2,0xF3,0xF4,0xF5,0xF6,0xF7,0xF8,0xF9,
+0xFA,0xFB,0xFC,0xFD,0xFE,0xFF,0x00,0x01,
+0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,
+0x0A,0x0B,0x05,0x06,0x07,0x08,0x09,0x0A,
+0x0B,0x0C,0x0D,0x0E,0x0F,0x10,0x11,0x12,
+0x13,0x14,0x15,0x16,0x17,0x18,0x19,0x1A,
+0x1B,0x1C,0x1D,0x1E,0x1F,0x20,0x21,0x22,
+0x23,0x24,0x25,0x20,0x21,0x22,0x23,0x24,
+0x25,0x26,0x27,0x28,0x29,0x2A,0x2B,0x2C,
+0x2D,0x2E,0x2F,0x30,0x31,0x32,0x33,0x34,
+0x35,0x36,0x37,0x38,0x39,0x3A,0x3B,0x3C,
+0x3D,0x3E,0x3F,0x40,0x41,0x42,0x43,0x44,
+};
+
+static unsigned const char cov_2char[64]={
+0x2E,0x2F,0x30,0x31,0x32,0x33,0x34,0x35,
+0x36,0x37,0x38,0x39,0x41,0x42,0x43,0x44,
+0x45,0x46,0x47,0x48,0x49,0x4A,0x4B,0x4C,
+0x4D,0x4E,0x4F,0x50,0x51,0x52,0x53,0x54,
+0x55,0x56,0x57,0x58,0x59,0x5A,0x61,0x62,
+0x63,0x64,0x65,0x66,0x67,0x68,0x69,0x6A,
+0x6B,0x6C,0x6D,0x6E,0x6F,0x70,0x71,0x72,
+0x73,0x74,0x75,0x76,0x77,0x78,0x79,0x7A
+};
+
+void fcrypt_body(DES_LONG *out,des_key_schedule ks,
+	DES_LONG Eswap0, DES_LONG Eswap1);
+
+#if !defined(PERL5) && !defined(__FreeBSD__) && !defined(NeXT)
+char *crypt(const char *buf, const char *salt)
+	{
+	return(des_crypt(buf, salt));
+	}
+#endif
+
+char *des_crypt(const char *buf, const char *salt)
+	{
+	static char buff[14];
+
+#ifndef CHARSET_EBCDIC
+	return(des_fcrypt(buf,salt,buff));
+#else
+	char e_salt[2+1];
+	char e_buf[32+1];	/* replace 32 by 8 ? */
+	char *ret;
+
+	/* Copy at most 2 chars of salt */
+	if ((e_salt[0] = salt[0]) != '\0')
+	    e_salt[1] = salt[1];
+
+	/* Copy at most 32 chars of password */
+	strncpy (e_buf, buf, sizeof(e_buf));
+
+	/* Make sure we have a delimiter */
+	e_salt[sizeof(e_salt)-1] = e_buf[sizeof(e_buf)-1] = '\0';
+
+	/* Convert the e_salt to ASCII, as that's what des_fcrypt works on */
+	ebcdic2ascii(e_salt, e_salt, sizeof e_salt);
+
+	/* Convert the cleartext password to ASCII */
+	ebcdic2ascii(e_buf, e_buf, sizeof e_buf);
+
+	/* Encrypt it (from/to ASCII) */
+	ret = des_fcrypt(e_buf,e_salt,buff);
+
+	/* Convert the result back to EBCDIC */
+	ascii2ebcdic(ret, ret, strlen(ret));
+	
+	return ret;
+#endif
+	}
+
+
+char *des_fcrypt(const char *buf, const char *salt, char *ret)
+	{
+	unsigned int i,j,x,y;
+	DES_LONG Eswap0,Eswap1;
+	DES_LONG out[2],ll;
+	des_cblock key;
+	des_key_schedule ks;
+	unsigned char bb[9];
+	unsigned char *b=bb;
+	unsigned char c,u;
+
+	/* eay 25/08/92
+	 * If you call crypt("pwd","*") as often happens when you
+	 * have * as the pwd field in /etc/passwd, the function
+	 * returns *\0XXXXXXXXX
+	 * The \0 makes the string look like * so the pwd "*" would
+	 * crypt to "*".  This was found when replacing the crypt in
+	 * our shared libraries.  People found that the disbled
+	 * accounts effectivly had no passwd :-(. */
+#ifndef CHARSET_EBCDIC
+	x=ret[0]=((salt[0] == '\0')?'A':salt[0]);
+	Eswap0=con_salt[x]<<2;
+	x=ret[1]=((salt[1] == '\0')?'A':salt[1]);
+	Eswap1=con_salt[x]<<6;
+#else
+	x=ret[0]=((salt[0] == '\0')?os_toascii['A']:salt[0]);
+	Eswap0=con_salt[x]<<2;
+	x=ret[1]=((salt[1] == '\0')?os_toascii['A']:salt[1]);
+	Eswap1=con_salt[x]<<6;
+#endif
+
+/* EAY
+r=strlen(buf);
+r=(r+7)/8;
+*/
+	for (i=0; i<8; i++)
+		{
+		c= *(buf++);
+		if (!c) break;
+		key[i]=(c<<1);
+		}
+	for (; i<8; i++)
+		key[i]=0;
+
+	des_set_key(&key,ks);
+	fcrypt_body(&(out[0]),ks,Eswap0,Eswap1);
+
+	ll=out[0]; l2c(ll,b);
+	ll=out[1]; l2c(ll,b);
+	y=0;
+	u=0x80;
+	bb[8]=0;
+	for (i=2; i<13; i++)
+		{
+		c=0;
+		for (j=0; j<6; j++)
+			{
+			c<<=1;
+			if (bb[y] & u) c|=1;
+			u>>=1;
+			if (!u)
+				{
+				y++;
+				u=0x80;
+				}
+			}
+		ret[i]=cov_2char[c];
+		}
+	ret[13]='\0';
+	return(ret);
+	}
+
diff --git a/crypto/openssl/crypto/des/fcrypt_b.c b/crypto/openssl/crypto/des/fcrypt_b.c
new file mode 100644
index 000000000000..9cbea97c1fcd
--- /dev/null
+++ b/crypto/openssl/crypto/des/fcrypt_b.c
@@ -0,0 +1,145 @@
+/* crypto/des/fcrypt_b.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+
+/* This version of crypt has been developed from my MIT compatable
+ * DES library.
+ * The library is available at pub/Crypto/DES at ftp.psy.uq.oz.au
+ * Eric Young (eay@cryptsoft.com)
+ */
+
+#define DES_FCRYPT
+#include "des_locl.h"
+#undef DES_FCRYPT
+
+#undef PERM_OP
+#define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\
+	(b)^=(t),\
+	(a)^=((t)<<(n)))
+
+#undef HPERM_OP
+#define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)),\
+	(a)=(a)^(t)^(t>>(16-(n))))\
+
+void fcrypt_body(DES_LONG *out, des_key_schedule ks, DES_LONG Eswap0,
+	     DES_LONG Eswap1)
+	{
+	register DES_LONG l,r,t,u;
+#ifdef DES_PTR
+	register const unsigned char *des_SP=(const unsigned char *)des_SPtrans;
+#endif
+	register DES_LONG *s;
+	register int j;
+	register DES_LONG E0,E1;
+
+	l=0;
+	r=0;
+
+	s=(DES_LONG *)ks;
+	E0=Eswap0;
+	E1=Eswap1;
+
+	for (j=0; j<25; j++)
+		{
+#ifdef DES_UNROLL
+		register int i;
+
+		for (i=0; i<32; i+=8)
+			{
+			D_ENCRYPT(l,r,i+0); /*  1 */
+			D_ENCRYPT(r,l,i+2); /*  2 */
+			D_ENCRYPT(l,r,i+4); /*  1 */
+			D_ENCRYPT(r,l,i+6); /*  2 */
+			}
+#else
+		D_ENCRYPT(l,r, 0); /*  1 */
+		D_ENCRYPT(r,l, 2); /*  2 */
+		D_ENCRYPT(l,r, 4); /*  3 */
+		D_ENCRYPT(r,l, 6); /*  4 */
+		D_ENCRYPT(l,r, 8); /*  5 */
+		D_ENCRYPT(r,l,10); /*  6 */
+		D_ENCRYPT(l,r,12); /*  7 */
+		D_ENCRYPT(r,l,14); /*  8 */
+		D_ENCRYPT(l,r,16); /*  9 */
+		D_ENCRYPT(r,l,18); /*  10 */
+		D_ENCRYPT(l,r,20); /*  11 */
+		D_ENCRYPT(r,l,22); /*  12 */
+		D_ENCRYPT(l,r,24); /*  13 */
+		D_ENCRYPT(r,l,26); /*  14 */
+		D_ENCRYPT(l,r,28); /*  15 */
+		D_ENCRYPT(r,l,30); /*  16 */
+#endif
+
+		t=l;
+		l=r;
+		r=t;
+		}
+	l=ROTATE(l,3)&0xffffffffL;
+	r=ROTATE(r,3)&0xffffffffL;
+
+	PERM_OP(l,r,t, 1,0x55555555L);
+	PERM_OP(r,l,t, 8,0x00ff00ffL);
+	PERM_OP(l,r,t, 2,0x33333333L);
+	PERM_OP(r,l,t,16,0x0000ffffL);
+	PERM_OP(l,r,t, 4,0x0f0f0f0fL);
+
+	out[0]=r;
+	out[1]=l;
+	}
+
diff --git a/crypto/openssl/crypto/des/makefile.bc b/crypto/openssl/crypto/des/makefile.bc
new file mode 100644
index 000000000000..1fe6d4915a91
--- /dev/null
+++ b/crypto/openssl/crypto/des/makefile.bc
@@ -0,0 +1,50 @@
+#
+# Origional BC Makefile from Teun 
+#
+#
+CC      = bcc
+TLIB    = tlib /0 /C
+# note: the -3 flag produces code for 386, 486, Pentium etc; omit it for 286s
+OPTIMIZE= -3 -O2
+#WINDOWS= -W
+CFLAGS  = -c -ml -d $(OPTIMIZE) $(WINDOWS) -DMSDOS
+LFLAGS  = -ml $(WINDOWS)
+
+.c.obj:
+	$(CC) $(CFLAGS) $*.c
+
+.obj.exe:
+	$(CC) $(LFLAGS) -e$*.exe $*.obj libdes.lib  
+
+all: $(LIB) destest.exe rpw.exe des.exe speed.exe
+
+# "make clean": use a directory containing only libdes .exe and .obj files...
+clean:
+	del *.exe
+	del *.obj
+	del libdes.lib
+	del libdes.rsp
+
+OBJS=   cbc_cksm.obj cbc_enc.obj  ecb_enc.obj  pcbc_enc.obj \
+	qud_cksm.obj rand_key.obj set_key.obj  str2key.obj \
+	enc_read.obj enc_writ.obj fcrypt.obj   cfb_enc.obj \
+	ecb3_enc.obj ofb_enc.obj  cbc3_enc.obj read_pwd.obj\
+	cfb64enc.obj ofb64enc.obj ede_enc.obj  cfb64ede.obj\
+	ofb64ede.obj supp.obj
+
+LIB=    libdes.lib
+
+$(LIB): $(OBJS)
+	del $(LIB)
+	makersp "+%s &\n" &&|
+	$(OBJS)
+|       >libdes.rsp
+	$(TLIB) libdes.lib @libdes.rsp,nul
+	del libdes.rsp
+
+destest.exe: destest.obj libdes.lib
+rpw.exe:     rpw.obj libdes.lib
+speed.exe:   speed.obj libdes.lib
+des.exe:     des.obj libdes.lib
+
+
diff --git a/crypto/openssl/crypto/des/ncbc_enc.c b/crypto/openssl/crypto/des/ncbc_enc.c
new file mode 100644
index 000000000000..e0e67a417d5f
--- /dev/null
+++ b/crypto/openssl/crypto/des/ncbc_enc.c
@@ -0,0 +1,143 @@
+/* crypto/des/ncbc_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "des_locl.h"
+
+#ifdef CBC_ENC_C__DONT_UPDATE_IV
+void des_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
+	     des_key_schedule schedule, des_cblock *ivec, int enc)
+#else
+void des_ncbc_encrypt(const unsigned char *in, unsigned char *out, long length,
+	     des_key_schedule schedule, des_cblock *ivec, int enc)
+#endif
+	{
+	register DES_LONG tin0,tin1;
+	register DES_LONG tout0,tout1,xor0,xor1;
+	register long l=length;
+	DES_LONG tin[2];
+	unsigned char *iv;
+
+	iv = &(*ivec)[0];
+
+	if (enc)
+		{
+		c2l(iv,tout0);
+		c2l(iv,tout1);
+		for (l-=8; l>=0; l-=8)
+			{
+			c2l(in,tin0);
+			c2l(in,tin1);
+			tin0^=tout0; tin[0]=tin0;
+			tin1^=tout1; tin[1]=tin1;
+			des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT);
+			tout0=tin[0]; l2c(tout0,out);
+			tout1=tin[1]; l2c(tout1,out);
+			}
+		if (l != -8)
+			{
+			c2ln(in,tin0,tin1,l+8);
+			tin0^=tout0; tin[0]=tin0;
+			tin1^=tout1; tin[1]=tin1;
+			des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT);
+			tout0=tin[0]; l2c(tout0,out);
+			tout1=tin[1]; l2c(tout1,out);
+			}
+#ifndef CBC_ENC_C__DONT_UPDATE_IV
+		iv = &(*ivec)[0];
+		l2c(tout0,iv);
+		l2c(tout1,iv);
+#endif
+		}
+	else
+		{
+		c2l(iv,xor0);
+		c2l(iv,xor1);
+		for (l-=8; l>=0; l-=8)
+			{
+			c2l(in,tin0); tin[0]=tin0;
+			c2l(in,tin1); tin[1]=tin1;
+			des_encrypt((DES_LONG *)tin,schedule,DES_DECRYPT);
+			tout0=tin[0]^xor0;
+			tout1=tin[1]^xor1;
+			l2c(tout0,out);
+			l2c(tout1,out);
+			xor0=tin0;
+			xor1=tin1;
+			}
+		if (l != -8)
+			{
+			c2l(in,tin0); tin[0]=tin0;
+			c2l(in,tin1); tin[1]=tin1;
+			des_encrypt((DES_LONG *)tin,schedule,DES_DECRYPT);
+			tout0=tin[0]^xor0;
+			tout1=tin[1]^xor1;
+			l2cn(tout0,tout1,out,l+8);
+#ifndef CBC_ENC_C__DONT_UPDATE_IV
+			xor0=tin0;
+			xor1=tin1;
+#endif
+			}
+#ifndef CBC_ENC_C__DONT_UPDATE_IV 
+		iv = &(*ivec)[0];
+		l2c(xor0,iv);
+		l2c(xor1,iv);
+#endif
+		}
+	tin0=tin1=tout0=tout1=xor0=xor1=0;
+	tin[0]=tin[1]=0;
+	}
diff --git a/crypto/openssl/crypto/des/ofb64ede.c b/crypto/openssl/crypto/des/ofb64ede.c
new file mode 100644
index 000000000000..6eafe908da58
--- /dev/null
+++ b/crypto/openssl/crypto/des/ofb64ede.c
@@ -0,0 +1,124 @@
+/* crypto/des/ofb64ede.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "des_locl.h"
+
+/* The input and output encrypted as though 64bit ofb mode is being
+ * used.  The extra state information to record how much of the
+ * 64bit block we have used is contained in *num;
+ */
+void des_ede3_ofb64_encrypt(register const unsigned char *in,
+	     register unsigned char *out, long length, des_key_schedule k1,
+	     des_key_schedule k2, des_key_schedule k3, des_cblock *ivec,
+	     int *num)
+	{
+	register DES_LONG v0,v1;
+	register int n= *num;
+	register long l=length;
+	des_cblock d;
+	register char *dp;
+	DES_LONG ti[2];
+	unsigned char *iv;
+	int save=0;
+
+	iv = &(*ivec)[0];
+	c2l(iv,v0);
+	c2l(iv,v1);
+	ti[0]=v0;
+	ti[1]=v1;
+	dp=(char *)d;
+	l2c(v0,dp);
+	l2c(v1,dp);
+	while (l--)
+		{
+		if (n == 0)
+			{
+			/* ti[0]=v0; */
+			/* ti[1]=v1; */
+			des_encrypt3(ti,k1,k2,k3);
+			v0=ti[0];
+			v1=ti[1];
+
+			dp=(char *)d;
+			l2c(v0,dp);
+			l2c(v1,dp);
+			save++;
+			}
+		*(out++)= *(in++)^d[n];
+		n=(n+1)&0x07;
+		}
+	if (save)
+		{
+/*		v0=ti[0];
+		v1=ti[1];*/
+		iv = &(*ivec)[0];
+		l2c(v0,iv);
+		l2c(v1,iv);
+		}
+	v0=v1=ti[0]=ti[1]=0;
+	*num=n;
+	}
+
+#ifdef undef /* MACRO */
+void des_ede2_ofb64_encrypt(register unsigned char *in,
+	     register unsigned char *out, long length, des_key_schedule k1,
+	     des_key_schedule k2, des_cblock (*ivec), int *num)
+	{
+	des_ede3_ofb64_encrypt(in, out, length, k1,k2,k1, ivec, num);
+	}
+#endif
diff --git a/crypto/openssl/crypto/des/ofb64enc.c b/crypto/openssl/crypto/des/ofb64enc.c
new file mode 100644
index 000000000000..64953959cab0
--- /dev/null
+++ b/crypto/openssl/crypto/des/ofb64enc.c
@@ -0,0 +1,110 @@
+/* crypto/des/ofb64enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "des_locl.h"
+
+/* The input and output encrypted as though 64bit ofb mode is being
+ * used.  The extra state information to record how much of the
+ * 64bit block we have used is contained in *num;
+ */
+void des_ofb64_encrypt(register const unsigned char *in,
+	     register unsigned char *out, long length, des_key_schedule schedule,
+	     des_cblock *ivec, int *num)
+	{
+	register DES_LONG v0,v1,t;
+	register int n= *num;
+	register long l=length;
+	des_cblock d;
+	register unsigned char *dp;
+	DES_LONG ti[2];
+	unsigned char *iv;
+	int save=0;
+
+	iv = &(*ivec)[0];
+	c2l(iv,v0);
+	c2l(iv,v1);
+	ti[0]=v0;
+	ti[1]=v1;
+	dp=d;
+	l2c(v0,dp);
+	l2c(v1,dp);
+	while (l--)
+		{
+		if (n == 0)
+			{
+			des_encrypt(ti,schedule,DES_ENCRYPT);
+			dp=d;
+			t=ti[0]; l2c(t,dp);
+			t=ti[1]; l2c(t,dp);
+			save++;
+			}
+		*(out++)= *(in++)^d[n];
+		n=(n+1)&0x07;
+		}
+	if (save)
+		{
+		v0=ti[0];
+		v1=ti[1];
+		iv = &(*ivec)[0];
+		l2c(v0,iv);
+		l2c(v1,iv);
+		}
+	t=v0=v1=ti[0]=ti[1]=0;
+	*num=n;
+	}
+
diff --git a/crypto/openssl/crypto/des/ofb_enc.c b/crypto/openssl/crypto/des/ofb_enc.c
new file mode 100644
index 000000000000..a8f425a575a1
--- /dev/null
+++ b/crypto/openssl/crypto/des/ofb_enc.c
@@ -0,0 +1,134 @@
+/* crypto/des/ofb_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "des_locl.h"
+
+/* The input and output are loaded in multiples of 8 bits.
+ * What this means is that if you hame numbits=12 and length=2
+ * the first 12 bits will be retrieved from the first byte and half
+ * the second.  The second 12 bits will come from the 3rd and half the 4th
+ * byte.
+ */
+void des_ofb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
+	     long length, des_key_schedule schedule, des_cblock *ivec)
+	{
+	register DES_LONG d0,d1,vv0,vv1,v0,v1,n=(numbits+7)/8;
+	register DES_LONG mask0,mask1;
+	register long l=length;
+	register int num=numbits;
+	DES_LONG ti[2];
+	unsigned char *iv;
+
+	if (num > 64) return;
+	if (num > 32)
+		{
+		mask0=0xffffffffL;
+		if (num >= 64)
+			mask1=mask0;
+		else
+			mask1=(1L<<(num-32))-1;
+		}
+	else
+		{
+		if (num == 32)
+			mask0=0xffffffffL;
+		else
+			mask0=(1L< 0)
+		{
+		ti[0]=v0;
+		ti[1]=v1;
+		des_encrypt((DES_LONG *)ti,schedule,DES_ENCRYPT);
+		vv0=ti[0];
+		vv1=ti[1];
+		c2ln(in,d0,d1,n);
+		in+=n;
+		d0=(d0^vv0)&mask0;
+		d1=(d1^vv1)&mask1;
+		l2cn(d0,d1,out,n);
+		out+=n;
+
+		if (num == 32)
+			{ v0=v1; v1=vv0; }
+		else if (num == 64)
+				{ v0=vv0; v1=vv1; }
+		else if (num > 32) /* && num != 64 */
+			{
+			v0=((v1>>(num-32))|(vv0<<(64-num)))&0xffffffffL;
+			v1=((vv0>>(num-32))|(vv1<<(64-num)))&0xffffffffL;
+			}
+		else /* num < 32 */
+			{
+			v0=((v0>>num)|(v1<<(32-num)))&0xffffffffL;
+			v1=((v1>>num)|(vv0<<(32-num)))&0xffffffffL;
+			}
+		}
+	iv = &(*ivec)[0];
+	l2c(v0,iv);
+	l2c(v1,iv);
+	v0=v1=d0=d1=ti[0]=ti[1]=vv0=vv1=0;
+	}
+
diff --git a/crypto/openssl/crypto/des/options.txt b/crypto/openssl/crypto/des/options.txt
new file mode 100644
index 000000000000..6e2b50f765e7
--- /dev/null
+++ b/crypto/openssl/crypto/des/options.txt
@@ -0,0 +1,39 @@
+Note that the UNROLL option makes the 'inner' des loop unroll all 16 rounds
+instead of the default 4.
+RISC1 and RISC2 are 2 alternatives for the inner loop and
+PTR means to use pointers arithmatic instead of arrays.
+
+FreeBSD - Pentium Pro 200mhz - gcc 2.7.2.2 - assembler		577,000 4620k/s
+IRIX 6.2 - R10000 195mhz - cc (-O3 -n32) - UNROLL RISC2 PTR	496,000 3968k/s
+solaris 2.5.1 usparc 167mhz?? - SC4.0 - UNROLL RISC1 PTR [1]	459,400 3672k/s
+FreeBSD - Pentium Pro 200mhz - gcc 2.7.2.2 - UNROLL RISC1	433,000 3468k/s
+solaris 2.5.1 usparc 167mhz?? - gcc 2.7.2 - UNROLL 		380,000 3041k/s
+linux - pentium 100mhz - gcc 2.7.0 - assembler			281,000 2250k/s
+NT 4.0 - pentium 100mhz - VC 4.2 - assembler			281,000 2250k/s
+AIX 4.1? - PPC604 100mhz - cc - UNROLL 				275,000 2200k/s
+IRIX 5.3 - R4400 200mhz - gcc 2.6.3 - UNROLL RISC2 PTR		235,300 1882k/s
+IRIX 5.3 - R4400 200mhz - cc - UNROLL RISC2 PTR			233,700 1869k/s
+NT 4.0 - pentium 100mhz - VC 4.2 - UNROLL RISC1 PTR		191,000 1528k/s
+DEC Alpha 165mhz??  - cc - RISC2 PTR [2]			181,000 1448k/s
+linux - pentium 100mhz - gcc 2.7.0 - UNROLL RISC1 PTR		158,500 1268k/s
+HPUX 10 - 9000/887 - cc - UNROLL [3]	 			148,000	1190k/s
+solaris 2.5.1 - sparc 10 50mhz - gcc 2.7.2 - UNROLL		123,600  989k/s
+IRIX 5.3 - R4000 100mhz - cc - UNROLL RISC2 PTR			101,000  808k/s
+DGUX - 88100 50mhz(?) - gcc 2.6.3 - UNROLL			 81,000  648k/s
+solaris 2.4 486 50mhz - gcc 2.6.3 - assembler			 65,000  522k/s
+HPUX 10 - 9000/887 - k&r cc (default compiler) - UNROLL PTR	 76,000	 608k/s
+solaris 2.4 486 50mhz - gcc 2.6.3 - UNROLL RISC2		 43,500  344k/s
+AIX - old slow one :-) - cc -					 39,000  312k/s
+
+Notes.
+[1] For the ultra sparc, SunC 4.0 
+    cc -xtarget=ultra -xarch=v8plus -Xa -xO5, running 'des_opts'
+    gives a speed of 344,000 des/s while 'speed' gives 459,000 des/s.
+    I'll record the higher since it is coming from the library but it
+    is all rather weird.
+[2] Similar to the ultra sparc ([1]), 181,000 for 'des_opts' vs 175,000.
+[3] I was unable to get access to this machine when it was not heavily loaded.
+    As such, my timing program was never able to get more that %30 of the CPU.
+    This would cause the program to give much lower speed numbers because
+    it would be 'fighting' to stay in the cache with the other CPU burning
+    processes.
diff --git a/crypto/openssl/crypto/des/pcbc_enc.c b/crypto/openssl/crypto/des/pcbc_enc.c
new file mode 100644
index 000000000000..dd69a26d4aab
--- /dev/null
+++ b/crypto/openssl/crypto/des/pcbc_enc.c
@@ -0,0 +1,122 @@
+/* crypto/des/pcbc_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "des_locl.h"
+
+void des_pcbc_encrypt(const unsigned char *input, unsigned char *output,
+	     long length, des_key_schedule schedule, des_cblock *ivec, int enc)
+	{
+	register DES_LONG sin0,sin1,xor0,xor1,tout0,tout1;
+	DES_LONG tin[2];
+	const unsigned char *in;
+	unsigned char *out,*iv;
+
+	in=input;
+	out=output;
+	iv = &(*ivec)[0];
+
+	if (enc)
+		{
+		c2l(iv,xor0);
+		c2l(iv,xor1);
+		for (; length>0; length-=8)
+			{
+			if (length >= 8)
+				{
+				c2l(in,sin0);
+				c2l(in,sin1);
+				}
+			else
+				c2ln(in,sin0,sin1,length);
+			tin[0]=sin0^xor0;
+			tin[1]=sin1^xor1;
+			des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT);
+			tout0=tin[0];
+			tout1=tin[1];
+			xor0=sin0^tout0;
+			xor1=sin1^tout1;
+			l2c(tout0,out);
+			l2c(tout1,out);
+			}
+		}
+	else
+		{
+		c2l(iv,xor0); c2l(iv,xor1);
+		for (; length>0; length-=8)
+			{
+			c2l(in,sin0);
+			c2l(in,sin1);
+			tin[0]=sin0;
+			tin[1]=sin1;
+			des_encrypt((DES_LONG *)tin,schedule,DES_DECRYPT);
+			tout0=tin[0]^xor0;
+			tout1=tin[1]^xor1;
+			if (length >= 8)
+				{
+				l2c(tout0,out);
+				l2c(tout1,out);
+				}
+			else
+				l2cn(tout0,tout1,out,length);
+			xor0=tout0^sin0;
+			xor1=tout1^sin1;
+			}
+		}
+	tin[0]=tin[1]=0;
+	sin0=sin1=xor0=xor1=tout0=tout1=0;
+	}
diff --git a/crypto/openssl/crypto/des/podd.h b/crypto/openssl/crypto/des/podd.h
new file mode 100644
index 000000000000..1b2bfe08432e
--- /dev/null
+++ b/crypto/openssl/crypto/des/podd.h
@@ -0,0 +1,75 @@
+/* crypto/des/podd.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+static const unsigned char odd_parity[256]={
+  1,  1,  2,  2,  4,  4,  7,  7,  8,  8, 11, 11, 13, 13, 14, 14,
+ 16, 16, 19, 19, 21, 21, 22, 22, 25, 25, 26, 26, 28, 28, 31, 31,
+ 32, 32, 35, 35, 37, 37, 38, 38, 41, 41, 42, 42, 44, 44, 47, 47,
+ 49, 49, 50, 50, 52, 52, 55, 55, 56, 56, 59, 59, 61, 61, 62, 62,
+ 64, 64, 67, 67, 69, 69, 70, 70, 73, 73, 74, 74, 76, 76, 79, 79,
+ 81, 81, 82, 82, 84, 84, 87, 87, 88, 88, 91, 91, 93, 93, 94, 94,
+ 97, 97, 98, 98,100,100,103,103,104,104,107,107,109,109,110,110,
+112,112,115,115,117,117,118,118,121,121,122,122,124,124,127,127,
+128,128,131,131,133,133,134,134,137,137,138,138,140,140,143,143,
+145,145,146,146,148,148,151,151,152,152,155,155,157,157,158,158,
+161,161,162,162,164,164,167,167,168,168,171,171,173,173,174,174,
+176,176,179,179,181,181,182,182,185,185,186,186,188,188,191,191,
+193,193,194,194,196,196,199,199,200,200,203,203,205,205,206,206,
+208,208,211,211,213,213,214,214,217,217,218,218,220,220,223,223,
+224,224,227,227,229,229,230,230,233,233,234,234,236,236,239,239,
+241,241,242,242,244,244,247,247,248,248,251,251,253,253,254,254};
diff --git a/crypto/openssl/crypto/des/qud_cksm.c b/crypto/openssl/crypto/des/qud_cksm.c
new file mode 100644
index 000000000000..6ce8c61b4262
--- /dev/null
+++ b/crypto/openssl/crypto/des/qud_cksm.c
@@ -0,0 +1,140 @@
+/* crypto/des/qud_cksm.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* From "Message Authentication"  R.R. Jueneman, S.M. Matyas, C.H. Meyer
+ * IEEE Communications Magazine Sept 1985 Vol. 23 No. 9 p 29-40
+ * This module in only based on the code in this paper and is
+ * almost definitely not the same as the MIT implementation.
+ */
+#include "des_locl.h"
+
+/* bug fix for dos - 7/6/91 - Larry hughes@logos.ucs.indiana.edu */
+#define Q_B0(a)	(((DES_LONG)(a)))
+#define Q_B1(a)	(((DES_LONG)(a))<<8)
+#define Q_B2(a)	(((DES_LONG)(a))<<16)
+#define Q_B3(a)	(((DES_LONG)(a))<<24)
+
+/* used to scramble things a bit */
+/* Got the value MIT uses via brute force :-) 2/10/90 eay */
+#define NOISE	((DES_LONG)83653421L)
+
+DES_LONG des_quad_cksum(const unsigned char *input, des_cblock output[],
+	     long length, int out_count, des_cblock *seed)
+	{
+	DES_LONG z0,z1,t0,t1;
+	int i;
+	long l;
+	const unsigned char *cp;
+	unsigned char *lp;
+
+	if (out_count < 1) out_count=1;
+	lp = &(output[0])[0];
+
+	z0=Q_B0((*seed)[0])|Q_B1((*seed)[1])|Q_B2((*seed)[2])|Q_B3((*seed)[3]);
+	z1=Q_B0((*seed)[4])|Q_B1((*seed)[5])|Q_B2((*seed)[6])|Q_B3((*seed)[7]);
+
+	for (i=0; ((i<4)&&(i 0)
+			{
+			if (l > 1)
+				{
+				t0= (DES_LONG)(*(cp++));
+				t0|=(DES_LONG)Q_B1(*(cp++));
+				l--;
+				}
+			else
+				t0= (DES_LONG)(*(cp++));
+			l--;
+			/* add */
+			t0+=z0;
+			t0&=0xffffffffL;
+			t1=z1;
+			/* square, well sort of square */
+			z0=((((t0*t0)&0xffffffffL)+((t1*t1)&0xffffffffL))
+				&0xffffffffL)%0x7fffffffL; 
+			z1=((t0*((t1+NOISE)&0xffffffffL))&0xffffffffL)%0x7fffffffL;
+			}
+		if (lp != NULL)
+			{
+			/* I believe I finally have things worked out.
+			 * The MIT library assumes that the checksum
+			 * is one huge number and it is returned in a
+			 * host dependant byte order.
+			 */
+			static DES_LONG ltmp=1;
+			static unsigned char *c=(unsigned char *)<mp;
+
+			if (c[0])
+				{
+				l2c(z0,lp);
+				l2c(z1,lp);
+				}
+			else
+				{
+				lp = &(output[out_count-i-1])[0];
+				l2n(z1,lp);
+				l2n(z0,lp);
+				}
+			}
+		}
+	return(z0);
+	}
+
diff --git a/crypto/openssl/crypto/des/rand_key.c b/crypto/openssl/crypto/des/rand_key.c
new file mode 100644
index 000000000000..fc11792cdaa2
--- /dev/null
+++ b/crypto/openssl/crypto/des/rand_key.c
@@ -0,0 +1,114 @@
+/* crypto/des/rand_key.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "des_locl.h"
+#include 
+
+static int seed=0;
+static des_cblock init;
+
+void des_random_seed(des_cblock *key)
+	{
+	memcpy(&init,key,sizeof(des_cblock));
+	seed=1;
+	}
+
+void des_random_key(des_cblock *ret)
+	{
+	des_key_schedule ks;
+	static DES_LONG c=0;
+	static unsigned short pid=0;
+	static des_cblock data={0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef};
+	des_cblock key;
+	unsigned char *p;
+	DES_LONG t;
+	int i;
+
+#ifdef MSDOS
+	pid=1;
+#else
+	if (!pid) pid=getpid();
+#endif
+	p=key;
+	if (seed)
+		{
+		for (i=0; i<8; i++)
+			{
+			data[i] ^= init[i];
+			init[i]=0;
+			}
+		seed=0;
+		}
+	t=(DES_LONG)time(NULL);
+	l2c(t,p);
+	t=(DES_LONG)((pid)|((c++)<<16));
+	l2c(t,p);
+
+	des_set_odd_parity(&data);
+	des_set_key(&data,ks);
+	des_cbc_cksum(key,&key,sizeof(key),ks,&data);
+
+	des_set_odd_parity(&key);
+	des_set_key(&key,ks);
+	des_cbc_cksum(key,&data,sizeof(key),ks,&key);
+
+	memcpy(ret,data,sizeof(key));
+	memset(key,0,sizeof(key));
+	memset(ks,0,sizeof(ks));
+	t=0;
+	}
diff --git a/crypto/openssl/crypto/des/read2pwd.c b/crypto/openssl/crypto/des/read2pwd.c
new file mode 100644
index 000000000000..a8ceaf088a90
--- /dev/null
+++ b/crypto/openssl/crypto/des/read2pwd.c
@@ -0,0 +1,84 @@
+/* crypto/des/read2pwd.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "des_locl.h"
+
+int des_read_password(des_cblock *key, const char *prompt, int verify)
+	{
+	int ok;
+	char buf[BUFSIZ],buff[BUFSIZ];
+
+	if ((ok=des_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0)
+		des_string_to_key(buf,key);
+	memset(buf,0,BUFSIZ);
+	memset(buff,0,BUFSIZ);
+	return(ok);
+	}
+
+int des_read_2passwords(des_cblock *key1, des_cblock *key2, const char *prompt,
+	     int verify)
+	{
+	int ok;
+	char buf[BUFSIZ],buff[BUFSIZ];
+
+	if ((ok=des_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0)
+		des_string_to_2keys(buf,key1,key2);
+	memset(buf,0,BUFSIZ);
+	memset(buff,0,BUFSIZ);
+	return(ok);
+	}
diff --git a/crypto/openssl/crypto/des/read_pwd.c b/crypto/openssl/crypto/des/read_pwd.c
new file mode 100644
index 000000000000..fed49652c0d8
--- /dev/null
+++ b/crypto/openssl/crypto/des/read_pwd.c
@@ -0,0 +1,484 @@
+/* crypto/des/read_pwd.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#if !defined(MSDOS) && !defined(VMS) && !defined(WIN32)
+#include 
+#include OPENSSL_UNISTD
+/* If unistd.h defines _POSIX_VERSION, we conclude that we
+ * are on a POSIX system and have sigaction and termios. */
+#if defined(_POSIX_VERSION)
+
+# define SIGACTION
+# if !defined(TERMIOS) && !defined(TERMIO) && !defined(SGTTY)
+# define TERMIOS
+# endif
+
+#endif
+#endif
+
+/* #define SIGACTION */ /* Define this if you have sigaction() */
+
+#ifdef WIN16TTY
+#undef WIN16
+#undef _WINDOWS
+#include 
+#endif
+
+/* 06-Apr-92 Luke Brennan    Support for VMS */
+#include "des_locl.h"
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#ifdef VMS			/* prototypes for sys$whatever */
+#include 
+#ifdef __DECC
+#pragma message disable DOLLARID
+#endif
+#endif
+
+#ifdef WIN_CONSOLE_BUG
+#include 
+#include 
+#endif
+
+
+/* There are 5 types of terminal interface supported,
+ * TERMIO, TERMIOS, VMS, MSDOS and SGTTY
+ */
+
+#if defined(__sgi) && !defined(TERMIOS)
+#define TERMIOS
+#undef  TERMIO
+#undef  SGTTY
+#endif
+
+#if defined(linux) && !defined(TERMIO)
+#undef  TERMIOS
+#define TERMIO
+#undef  SGTTY
+#endif
+
+#ifdef _LIBC
+#undef  TERMIOS
+#define TERMIO
+#undef  SGTTY
+#endif
+
+#if !defined(TERMIO) && !defined(TERMIOS) && !defined(VMS) && !defined(MSDOS)
+#undef  TERMIOS
+#undef  TERMIO
+#define SGTTY
+#endif
+
+#ifdef TERMIOS
+#include 
+#define TTY_STRUCT		struct termios
+#define TTY_FLAGS		c_lflag
+#define	TTY_get(tty,data)	tcgetattr(tty,data)
+#define TTY_set(tty,data)	tcsetattr(tty,TCSANOW,data)
+#endif
+
+#ifdef TERMIO
+#include 
+#define TTY_STRUCT		struct termio
+#define TTY_FLAGS		c_lflag
+#define TTY_get(tty,data)	ioctl(tty,TCGETA,data)
+#define TTY_set(tty,data)	ioctl(tty,TCSETA,data)
+#endif
+
+#ifdef SGTTY
+#include 
+#define TTY_STRUCT		struct sgttyb
+#define TTY_FLAGS		sg_flags
+#define TTY_get(tty,data)	ioctl(tty,TIOCGETP,data)
+#define TTY_set(tty,data)	ioctl(tty,TIOCSETP,data)
+#endif
+
+#if !defined(_LIBC) && !defined(MSDOS) && !defined(VMS)
+#include 
+#endif
+
+#ifdef MSDOS
+#include 
+#define fgets(a,b,c) noecho_fgets(a,b,c)
+#endif
+
+#ifdef VMS
+#include 
+#include 
+#include 
+#include 
+struct IOSB {
+	short iosb$w_value;
+	short iosb$w_count;
+	long  iosb$l_info;
+	};
+#endif
+
+#ifndef NX509_SIG
+#define NX509_SIG 32
+#endif
+
+static void read_till_nl(FILE *);
+static void recsig(int);
+static void pushsig(void);
+static void popsig(void);
+#if defined(MSDOS) && !defined(WIN16)
+static int noecho_fgets(char *buf, int size, FILE *tty);
+#endif
+#ifdef SIGACTION
+ static struct sigaction savsig[NX509_SIG];
+#else
+  static void (*savsig[NX509_SIG])(int );
+#endif
+static jmp_buf save;
+
+int des_read_pw_string(char *buf, int length, const char *prompt,
+	     int verify)
+	{
+	char buff[BUFSIZ];
+	int ret;
+
+	ret=des_read_pw(buf,buff,(length>BUFSIZ)?BUFSIZ:length,prompt,verify);
+	memset(buff,0,BUFSIZ);
+	return(ret);
+	}
+
+#ifndef WIN16
+
+static void read_till_nl(FILE *in)
+	{
+#define SIZE 4
+	char buf[SIZE+1];
+
+	do	{
+		fgets(buf,SIZE,in);
+		} while (strchr(buf,'\n') == NULL);
+	}
+
+
+/* return 0 if ok, 1 (or -1) otherwise */
+int des_read_pw(char *buf, char *buff, int size, const char *prompt,
+	     int verify)
+	{
+#ifdef VMS
+	struct IOSB iosb;
+	$DESCRIPTOR(terminal,"TT");
+	long tty_orig[3], tty_new[3];
+	long status;
+	unsigned short channel = 0;
+#else
+#ifndef MSDOS
+	TTY_STRUCT tty_orig,tty_new;
+#endif
+#endif
+	int number;
+	int ok;
+	/* statics are simply to avoid warnings about longjmp clobbering
+	   things */
+	static int ps;
+	int is_a_tty;
+	static FILE *tty;
+	char *p;
+
+	if (setjmp(save))
+		{
+		ok=0;
+		goto error;
+		}
+
+	number=5;
+	ok=0;
+	ps=0;
+	is_a_tty=1;
+	tty=NULL;
+
+#ifndef MSDOS
+	if ((tty=fopen("/dev/tty","r")) == NULL)
+		tty=stdin;
+#else /* MSDOS */
+	if ((tty=fopen("con","r")) == NULL)
+		tty=stdin;
+#endif /* MSDOS */
+
+#if defined(TTY_get) && !defined(VMS)
+	if (TTY_get(fileno(tty),&tty_orig) == -1)
+		{
+#ifdef ENOTTY
+		if (errno == ENOTTY)
+			is_a_tty=0;
+		else
+#endif
+#ifdef EINVAL
+		/* Ariel Glenn ariel@columbia.edu reports that solaris
+		 * can return EINVAL instead.  This should be ok */
+		if (errno == EINVAL)
+			is_a_tty=0;
+		else
+#endif
+			return(-1);
+		}
+	memcpy(&(tty_new),&(tty_orig),sizeof(tty_orig));
+#endif
+#ifdef VMS
+	status = sys$assign(&terminal,&channel,0,0);
+	if (status != SS$_NORMAL)
+		return(-1);
+	status=sys$qiow(0,channel,IO$_SENSEMODE,&iosb,0,0,tty_orig,12,0,0,0,0);
+	if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))
+		return(-1);
+#endif
+
+	pushsig();
+	ps=1;
+
+#ifdef TTY_FLAGS
+	tty_new.TTY_FLAGS &= ~ECHO;
+#endif
+
+#if defined(TTY_set) && !defined(VMS)
+	if (is_a_tty && (TTY_set(fileno(tty),&tty_new) == -1))
+		return(-1);
+#endif
+#ifdef VMS
+	tty_new[0] = tty_orig[0];
+	tty_new[1] = tty_orig[1] | TT$M_NOECHO;
+	tty_new[2] = tty_orig[2];
+	status = sys$qiow(0,channel,IO$_SETMODE,&iosb,0,0,tty_new,12,0,0,0,0);
+	if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))
+		return(-1);
+#endif
+	ps=2;
+
+	while ((!ok) && (number--))
+		{
+		fputs(prompt,stderr);
+		fflush(stderr);
+
+		buf[0]='\0';
+		fgets(buf,size,tty);
+		if (feof(tty)) goto error;
+		if (ferror(tty)) goto error;
+		if ((p=(char *)strchr(buf,'\n')) != NULL)
+			*p='\0';
+		else	read_till_nl(tty);
+		if (verify)
+			{
+			fprintf(stderr,"\nVerifying password - %s",prompt);
+			fflush(stderr);
+			buff[0]='\0';
+			fgets(buff,size,tty);
+			if (feof(tty)) goto error;
+			if ((p=(char *)strchr(buff,'\n')) != NULL)
+				*p='\0';
+			else	read_till_nl(tty);
+				
+			if (strcmp(buf,buff) != 0)
+				{
+				fprintf(stderr,"\nVerify failure");
+				fflush(stderr);
+				break;
+				/* continue; */
+				}
+			}
+		ok=1;
+		}
+
+error:
+	fprintf(stderr,"\n");
+#ifdef DEBUG
+	perror("fgets(tty)");
+#endif
+	/* What can we do if there is an error? */
+#if defined(TTY_set) && !defined(VMS)
+	if (ps >= 2) TTY_set(fileno(tty),&tty_orig);
+#endif
+#ifdef VMS
+	if (ps >= 2)
+		status = sys$qiow(0,channel,IO$_SETMODE,&iosb,0,0
+			,tty_orig,12,0,0,0,0);
+#endif
+	
+	if (ps >= 1) popsig();
+	if (stdin != tty) fclose(tty);
+#ifdef VMS
+	status = sys$dassgn(channel);
+#endif
+	return(!ok);
+	}
+
+#else /* WIN16 */
+
+int des_read_pw(char *buf, char *buff, int size, char *prompt, int verify)
+	{ 
+	memset(buf,0,size);
+	memset(buff,0,size);
+	return(0);
+	}
+
+#endif
+
+static void pushsig(void)
+	{
+	int i;
+#ifdef SIGACTION
+	struct sigaction sa;
+
+	memset(&sa,0,sizeof sa);
+	sa.sa_handler=recsig;
+#endif
+
+	for (i=1; ides_key,ks);
+	enc=(desp->des_dir == ENCRYPT)?DES_ENCRYPT:DES_DECRYPT;
+
+	if (desp->des_mode == CBC)
+		des_ecb_encrypt((const_des_cblock *)desp->UDES.UDES_buf,
+				(des_cblock *)desp->UDES.UDES_buf,ks,
+				enc);
+	else
+		{
+		des_ncbc_encrypt(desp->UDES.UDES_buf,desp->UDES.UDES_buf,
+				len,ks,&desp->des_ivec,enc);
+#ifdef undef
+		/* len will always be %8 if called from common_crypt
+		 * in secure_rpc.
+		 * Libdes's cbc encrypt does not copy back the iv,
+		 * so we have to do it here. */
+		/* It does now :-) eay 20/09/95 */
+
+		a=(char *)&(desp->UDES.UDES_buf[len-8]);
+		b=(char *)&(desp->des_ivec[0]);
+
+		*(a++)= *(b++); *(a++)= *(b++);
+		*(a++)= *(b++); *(a++)= *(b++);
+		*(a++)= *(b++); *(a++)= *(b++);
+		*(a++)= *(b++); *(a++)= *(b++);
+#endif
+		}
+	return(1);	
+	}
+
diff --git a/crypto/openssl/crypto/des/rpw.c b/crypto/openssl/crypto/des/rpw.c
new file mode 100644
index 000000000000..0b6b1519b074
--- /dev/null
+++ b/crypto/openssl/crypto/des/rpw.c
@@ -0,0 +1,99 @@
+/* crypto/des/rpw.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+
+int main(int argc, char *argv[])
+	{
+	des_cblock k,k1;
+	int i;
+
+	printf("read passwd\n");
+	if ((i=des_read_password(&k,"Enter password:",0)) == 0)
+		{
+		printf("password = ");
+		for (i=0; i<8; i++)
+			printf("%02x ",k[i]);
+		}
+	else
+		printf("error %d\n",i);
+	printf("\n");
+	printf("read 2passwds and verify\n");
+	if ((i=des_read_2passwords(&k,&k1,
+		"Enter verified password:",1)) == 0)
+		{
+		printf("password1 = ");
+		for (i=0; i<8; i++)
+			printf("%02x ",k[i]);
+		printf("\n");
+		printf("password2 = ");
+		for (i=0; i<8; i++)
+			printf("%02x ",k1[i]);
+		printf("\n");
+		exit(1);
+		}
+	else
+		{
+		printf("error %d\n",i);
+		exit(0);
+		}
+#ifdef LINT
+	return(0);
+#endif
+	}
diff --git a/crypto/openssl/crypto/des/set_key.c b/crypto/openssl/crypto/des/set_key.c
new file mode 100644
index 000000000000..52553a4c1665
--- /dev/null
+++ b/crypto/openssl/crypto/des/set_key.c
@@ -0,0 +1,234 @@
+/* crypto/des/set_key.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* set_key.c v 1.4 eay 24/9/91
+ * 1.4 Speed up by 400% :-)
+ * 1.3 added register declarations.
+ * 1.2 unrolled make_key_sched a bit more
+ * 1.1 added norm_expand_bits
+ * 1.0 First working version
+ */
+#include "des_locl.h"
+#include "podd.h"
+#include "sk.h"
+
+static int check_parity(const_des_cblock *key);
+OPENSSL_GLOBAL int des_check_key=0;
+
+void des_set_odd_parity(des_cblock *key)
+	{
+	int i;
+
+	for (i=0; i>(n))^(b))&(m)),\
+ * 	(b)^=(t),\
+ * 	(a)=((a)^((t)<<(n))))
+ */
+
+#define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)),\
+	(a)=(a)^(t)^(t>>(16-(n))))
+
+/* return 0 if key parity is odd (correct),
+ * return -1 if key parity error,
+ * return -2 if illegal weak key.
+ */
+int des_set_key(const_des_cblock *key, des_key_schedule schedule)
+	{
+	static int shifts2[16]={0,0,1,1,1,1,1,1,0,1,1,1,1,1,1,0};
+	register DES_LONG c,d,t,s,t2;
+	register const unsigned char *in;
+	register DES_LONG *k;
+	register int i;
+
+	if (des_check_key)
+		{
+		if (!check_parity(key))
+			return(-1);
+
+		if (des_is_weak_key(key))
+			return(-2);
+		}
+
+	k = &schedule->ks.deslong[0];
+	in = &(*key)[0];
+
+	c2l(in,c);
+	c2l(in,d);
+
+	/* do PC1 in 60 simple operations */ 
+/*	PERM_OP(d,c,t,4,0x0f0f0f0fL);
+	HPERM_OP(c,t,-2, 0xcccc0000L);
+	HPERM_OP(c,t,-1, 0xaaaa0000L);
+	HPERM_OP(c,t, 8, 0x00ff0000L);
+	HPERM_OP(c,t,-1, 0xaaaa0000L);
+	HPERM_OP(d,t,-8, 0xff000000L);
+	HPERM_OP(d,t, 8, 0x00ff0000L);
+	HPERM_OP(d,t, 2, 0x33330000L);
+	d=((d&0x00aa00aaL)<<7L)|((d&0x55005500L)>>7L)|(d&0xaa55aa55L);
+	d=(d>>8)|((c&0xf0000000L)>>4);
+	c&=0x0fffffffL; */
+
+	/* I now do it in 47 simple operations :-)
+	 * Thanks to John Fletcher (john_fletcher@lccmail.ocf.llnl.gov)
+	 * for the inspiration. :-) */
+	PERM_OP (d,c,t,4,0x0f0f0f0fL);
+	HPERM_OP(c,t,-2,0xcccc0000L);
+	HPERM_OP(d,t,-2,0xcccc0000L);
+	PERM_OP (d,c,t,1,0x55555555L);
+	PERM_OP (c,d,t,8,0x00ff00ffL);
+	PERM_OP (d,c,t,1,0x55555555L);
+	d=	(((d&0x000000ffL)<<16L)| (d&0x0000ff00L)     |
+		 ((d&0x00ff0000L)>>16L)|((c&0xf0000000L)>>4L));
+	c&=0x0fffffffL;
+
+	for (i=0; i>2L)|(c<<26L)); d=((d>>2L)|(d<<26L)); }
+		else
+			{ c=((c>>1L)|(c<<27L)); d=((d>>1L)|(d<<27L)); }
+		c&=0x0fffffffL;
+		d&=0x0fffffffL;
+		/* could be a few less shifts but I am to lazy at this
+		 * point in time to investigate */
+		s=	des_skb[0][ (c    )&0x3f                ]|
+			des_skb[1][((c>> 6)&0x03)|((c>> 7L)&0x3c)]|
+			des_skb[2][((c>>13)&0x0f)|((c>>14L)&0x30)]|
+			des_skb[3][((c>>20)&0x01)|((c>>21L)&0x06) |
+						  ((c>>22L)&0x38)];
+		t=	des_skb[4][ (d    )&0x3f                ]|
+			des_skb[5][((d>> 7L)&0x03)|((d>> 8L)&0x3c)]|
+			des_skb[6][ (d>>15L)&0x3f                ]|
+			des_skb[7][((d>>21L)&0x0f)|((d>>22L)&0x30)];
+
+		/* table contained 0213 4657 */
+		t2=((t<<16L)|(s&0x0000ffffL))&0xffffffffL;
+		*(k++)=ROTATE(t2,30)&0xffffffffL;
+
+		t2=((s>>16L)|(t&0xffff0000L));
+		*(k++)=ROTATE(t2,26)&0xffffffffL;
+		}
+	return(0);
+	}
+
+int des_key_sched(const_des_cblock *key, des_key_schedule schedule)
+	{
+	return(des_set_key(key,schedule));
+	}
diff --git a/crypto/openssl/crypto/des/shifts.pl b/crypto/openssl/crypto/des/shifts.pl
new file mode 100644
index 000000000000..ba686d8ef51a
--- /dev/null
+++ b/crypto/openssl/crypto/des/shifts.pl
@@ -0,0 +1,198 @@
+#!/usr/local/bin/perl
+
+sub lab_shift
+	{
+	local(*a,$n)=@_;
+	local(@r,$i,$j,$k,$d,@z);
+
+	@r=&shift(*a,$n);
+	foreach $i (0 .. 31)
+		{
+		@z=split(/\^/,$r[$i]);
+		for ($j=0; $j <= $#z; $j++)
+			{
+			($d)=($z[$j] =~ /^(..)/);
+			($k)=($z[$j] =~ /\[(.*)\]$/);
+			$k.=",$n" if ($k ne "");
+			$k="$n"	  if ($k eq "");
+			$d="$d[$k]";
+			$z[$j]=$d;
+			}
+		$r[$i]=join('^',@z);
+		}
+	return(@r);
+	}
+
+sub shift
+	{
+	local(*a,$n)=@_;
+	local(@f);
+
+	if ($n > 0)
+		{
+		@f=&shiftl(*a,$n);
+		}
+	else
+		{
+		@f=&shiftr(*a,-$n);
+		}
+	return(@f);
+	}
+
+sub rotate
+	{
+	local(*a,$n)=@_;
+	local(@f);
+
+	if ($n > 0)
+		{ @f=&rotatel(*a,$n); }
+	else
+		{ @f=&rotater(*a,-$n); }
+	return(@f);
+	}
+
+sub rotater
+	{
+	local(*a,$n)=@_;
+	local(@f,@g);
+
+	@f=&shiftr(*a,$n);
+	@g=&shiftl(*a,32-$n);
+	$#f=31;
+	$#g=31;
+	return(&or(*f,*g));
+	}
+
+sub rotatel
+	{
+	local(*a,$n)=@_;
+	local(@f,@g);
+
+	@f=&shiftl(*a,$n);
+	@g=&shiftr(*a,32-$n);
+	$#f=31;
+	$#g=31;
+	return(&or(*f,*g));
+	}
+
+sub shiftr
+	{
+	local(*a,$n)=@_;
+	local(@r,$i);
+
+	$#r=31;
+	foreach $i (0 .. 31)
+		{
+		if (($i+$n) > 31)
+			{
+			$r[$i]="--";
+			}
+		else
+			{
+			$r[$i]=$a[$i+$n];
+			}
+		}
+	return(@r);
+	}
+
+sub shiftl
+	{
+	local(*a,$n)=@_;
+	local(@r,$i);
+
+	$#r=31;
+	foreach $i (0 .. 31)
+		{
+		if ($i < $n)
+			{
+			$r[$i]="--";
+			}
+		else
+			{
+			$r[$i]=$a[$i-$n];
+			}
+		}
+	return(@r);
+	}
+
+sub printit
+	{
+	local(@a)=@_;
+	local($i);
+
+	foreach $i (0 .. 31)
+		{
+		printf "%2s  ",$a[$i];
+		print "\n" if (($i%8) == 7);
+		}
+	print "\n";
+	}
+
+sub xor
+	{
+	local(*a,*b)=@_;
+	local(@r,$i);
+
+	$#r=31;
+	foreach $i (0 .. 31)
+		{
+		$r[$i]=&compress($a[$i].'^'.$b[$i]);
+#		$r[$i]=$a[$i]."^".$b[$i];
+		}
+	return(@r);
+	}
+
+sub and
+	{
+	local(*a,$m)=@_;
+	local(@r,$i);
+
+	$#r=31;
+	foreach $i (0 .. 31)
+		{
+		$r[$i]=(($m & (1<<$i))?($a[$i]):('--'));
+		}
+	return(@r);
+	}
+
+sub or
+	{
+	local(*a,*b)=@_;
+	local(@r,$i);
+
+	$#r=31;
+	foreach $i (0 .. 31)
+		{
+		$r[$i]='--'   if (($a[$i] eq '--') && ($b[$i] eq '--'));
+		$r[$i]=$a[$i] if (($a[$i] ne '--') && ($b[$i] eq '--'));
+		$r[$i]=$b[$i] if (($a[$i] eq '--') && ($b[$i] ne '--'));
+		$r[$i]='++'   if (($a[$i] ne '--') && ($b[$i] ne '--'));
+		}
+	return(@r);
+	}
+
+sub compress
+	{
+	local($s)=@_;
+	local($_,$i,@a,%a,$r);
+
+	$s =~ s/\^\^/\^/g;
+	$s =~ s/^\^//;
+	$s =~ s/\^$//;
+	@a=split(/\^/,$s);
+
+	while ($#a >= 0)
+		{
+		$_=shift(@a);
+		next unless /\d/;
+		$a{$_}++;
+		}
+	foreach $i (sort keys %a)
+		{
+		next if ($a{$i}%2 == 0);
+		$r.="$i^";
+		}
+	chop($r);
+	return($r);
+	}
+1;
diff --git a/crypto/openssl/crypto/des/sk.h b/crypto/openssl/crypto/des/sk.h
new file mode 100644
index 000000000000..f2ade88c7caa
--- /dev/null
+++ b/crypto/openssl/crypto/des/sk.h
@@ -0,0 +1,204 @@
+/* crypto/des/sk.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+static const DES_LONG des_skb[8][64]={
+{
+/* for C bits (numbered as per FIPS 46) 1 2 3 4 5 6 */
+0x00000000L,0x00000010L,0x20000000L,0x20000010L,
+0x00010000L,0x00010010L,0x20010000L,0x20010010L,
+0x00000800L,0x00000810L,0x20000800L,0x20000810L,
+0x00010800L,0x00010810L,0x20010800L,0x20010810L,
+0x00000020L,0x00000030L,0x20000020L,0x20000030L,
+0x00010020L,0x00010030L,0x20010020L,0x20010030L,
+0x00000820L,0x00000830L,0x20000820L,0x20000830L,
+0x00010820L,0x00010830L,0x20010820L,0x20010830L,
+0x00080000L,0x00080010L,0x20080000L,0x20080010L,
+0x00090000L,0x00090010L,0x20090000L,0x20090010L,
+0x00080800L,0x00080810L,0x20080800L,0x20080810L,
+0x00090800L,0x00090810L,0x20090800L,0x20090810L,
+0x00080020L,0x00080030L,0x20080020L,0x20080030L,
+0x00090020L,0x00090030L,0x20090020L,0x20090030L,
+0x00080820L,0x00080830L,0x20080820L,0x20080830L,
+0x00090820L,0x00090830L,0x20090820L,0x20090830L,
+},{
+/* for C bits (numbered as per FIPS 46) 7 8 10 11 12 13 */
+0x00000000L,0x02000000L,0x00002000L,0x02002000L,
+0x00200000L,0x02200000L,0x00202000L,0x02202000L,
+0x00000004L,0x02000004L,0x00002004L,0x02002004L,
+0x00200004L,0x02200004L,0x00202004L,0x02202004L,
+0x00000400L,0x02000400L,0x00002400L,0x02002400L,
+0x00200400L,0x02200400L,0x00202400L,0x02202400L,
+0x00000404L,0x02000404L,0x00002404L,0x02002404L,
+0x00200404L,0x02200404L,0x00202404L,0x02202404L,
+0x10000000L,0x12000000L,0x10002000L,0x12002000L,
+0x10200000L,0x12200000L,0x10202000L,0x12202000L,
+0x10000004L,0x12000004L,0x10002004L,0x12002004L,
+0x10200004L,0x12200004L,0x10202004L,0x12202004L,
+0x10000400L,0x12000400L,0x10002400L,0x12002400L,
+0x10200400L,0x12200400L,0x10202400L,0x12202400L,
+0x10000404L,0x12000404L,0x10002404L,0x12002404L,
+0x10200404L,0x12200404L,0x10202404L,0x12202404L,
+},{
+/* for C bits (numbered as per FIPS 46) 14 15 16 17 19 20 */
+0x00000000L,0x00000001L,0x00040000L,0x00040001L,
+0x01000000L,0x01000001L,0x01040000L,0x01040001L,
+0x00000002L,0x00000003L,0x00040002L,0x00040003L,
+0x01000002L,0x01000003L,0x01040002L,0x01040003L,
+0x00000200L,0x00000201L,0x00040200L,0x00040201L,
+0x01000200L,0x01000201L,0x01040200L,0x01040201L,
+0x00000202L,0x00000203L,0x00040202L,0x00040203L,
+0x01000202L,0x01000203L,0x01040202L,0x01040203L,
+0x08000000L,0x08000001L,0x08040000L,0x08040001L,
+0x09000000L,0x09000001L,0x09040000L,0x09040001L,
+0x08000002L,0x08000003L,0x08040002L,0x08040003L,
+0x09000002L,0x09000003L,0x09040002L,0x09040003L,
+0x08000200L,0x08000201L,0x08040200L,0x08040201L,
+0x09000200L,0x09000201L,0x09040200L,0x09040201L,
+0x08000202L,0x08000203L,0x08040202L,0x08040203L,
+0x09000202L,0x09000203L,0x09040202L,0x09040203L,
+},{
+/* for C bits (numbered as per FIPS 46) 21 23 24 26 27 28 */
+0x00000000L,0x00100000L,0x00000100L,0x00100100L,
+0x00000008L,0x00100008L,0x00000108L,0x00100108L,
+0x00001000L,0x00101000L,0x00001100L,0x00101100L,
+0x00001008L,0x00101008L,0x00001108L,0x00101108L,
+0x04000000L,0x04100000L,0x04000100L,0x04100100L,
+0x04000008L,0x04100008L,0x04000108L,0x04100108L,
+0x04001000L,0x04101000L,0x04001100L,0x04101100L,
+0x04001008L,0x04101008L,0x04001108L,0x04101108L,
+0x00020000L,0x00120000L,0x00020100L,0x00120100L,
+0x00020008L,0x00120008L,0x00020108L,0x00120108L,
+0x00021000L,0x00121000L,0x00021100L,0x00121100L,
+0x00021008L,0x00121008L,0x00021108L,0x00121108L,
+0x04020000L,0x04120000L,0x04020100L,0x04120100L,
+0x04020008L,0x04120008L,0x04020108L,0x04120108L,
+0x04021000L,0x04121000L,0x04021100L,0x04121100L,
+0x04021008L,0x04121008L,0x04021108L,0x04121108L,
+},{
+/* for D bits (numbered as per FIPS 46) 1 2 3 4 5 6 */
+0x00000000L,0x10000000L,0x00010000L,0x10010000L,
+0x00000004L,0x10000004L,0x00010004L,0x10010004L,
+0x20000000L,0x30000000L,0x20010000L,0x30010000L,
+0x20000004L,0x30000004L,0x20010004L,0x30010004L,
+0x00100000L,0x10100000L,0x00110000L,0x10110000L,
+0x00100004L,0x10100004L,0x00110004L,0x10110004L,
+0x20100000L,0x30100000L,0x20110000L,0x30110000L,
+0x20100004L,0x30100004L,0x20110004L,0x30110004L,
+0x00001000L,0x10001000L,0x00011000L,0x10011000L,
+0x00001004L,0x10001004L,0x00011004L,0x10011004L,
+0x20001000L,0x30001000L,0x20011000L,0x30011000L,
+0x20001004L,0x30001004L,0x20011004L,0x30011004L,
+0x00101000L,0x10101000L,0x00111000L,0x10111000L,
+0x00101004L,0x10101004L,0x00111004L,0x10111004L,
+0x20101000L,0x30101000L,0x20111000L,0x30111000L,
+0x20101004L,0x30101004L,0x20111004L,0x30111004L,
+},{
+/* for D bits (numbered as per FIPS 46) 8 9 11 12 13 14 */
+0x00000000L,0x08000000L,0x00000008L,0x08000008L,
+0x00000400L,0x08000400L,0x00000408L,0x08000408L,
+0x00020000L,0x08020000L,0x00020008L,0x08020008L,
+0x00020400L,0x08020400L,0x00020408L,0x08020408L,
+0x00000001L,0x08000001L,0x00000009L,0x08000009L,
+0x00000401L,0x08000401L,0x00000409L,0x08000409L,
+0x00020001L,0x08020001L,0x00020009L,0x08020009L,
+0x00020401L,0x08020401L,0x00020409L,0x08020409L,
+0x02000000L,0x0A000000L,0x02000008L,0x0A000008L,
+0x02000400L,0x0A000400L,0x02000408L,0x0A000408L,
+0x02020000L,0x0A020000L,0x02020008L,0x0A020008L,
+0x02020400L,0x0A020400L,0x02020408L,0x0A020408L,
+0x02000001L,0x0A000001L,0x02000009L,0x0A000009L,
+0x02000401L,0x0A000401L,0x02000409L,0x0A000409L,
+0x02020001L,0x0A020001L,0x02020009L,0x0A020009L,
+0x02020401L,0x0A020401L,0x02020409L,0x0A020409L,
+},{
+/* for D bits (numbered as per FIPS 46) 16 17 18 19 20 21 */
+0x00000000L,0x00000100L,0x00080000L,0x00080100L,
+0x01000000L,0x01000100L,0x01080000L,0x01080100L,
+0x00000010L,0x00000110L,0x00080010L,0x00080110L,
+0x01000010L,0x01000110L,0x01080010L,0x01080110L,
+0x00200000L,0x00200100L,0x00280000L,0x00280100L,
+0x01200000L,0x01200100L,0x01280000L,0x01280100L,
+0x00200010L,0x00200110L,0x00280010L,0x00280110L,
+0x01200010L,0x01200110L,0x01280010L,0x01280110L,
+0x00000200L,0x00000300L,0x00080200L,0x00080300L,
+0x01000200L,0x01000300L,0x01080200L,0x01080300L,
+0x00000210L,0x00000310L,0x00080210L,0x00080310L,
+0x01000210L,0x01000310L,0x01080210L,0x01080310L,
+0x00200200L,0x00200300L,0x00280200L,0x00280300L,
+0x01200200L,0x01200300L,0x01280200L,0x01280300L,
+0x00200210L,0x00200310L,0x00280210L,0x00280310L,
+0x01200210L,0x01200310L,0x01280210L,0x01280310L,
+},{
+/* for D bits (numbered as per FIPS 46) 22 23 24 25 27 28 */
+0x00000000L,0x04000000L,0x00040000L,0x04040000L,
+0x00000002L,0x04000002L,0x00040002L,0x04040002L,
+0x00002000L,0x04002000L,0x00042000L,0x04042000L,
+0x00002002L,0x04002002L,0x00042002L,0x04042002L,
+0x00000020L,0x04000020L,0x00040020L,0x04040020L,
+0x00000022L,0x04000022L,0x00040022L,0x04040022L,
+0x00002020L,0x04002020L,0x00042020L,0x04042020L,
+0x00002022L,0x04002022L,0x00042022L,0x04042022L,
+0x00000800L,0x04000800L,0x00040800L,0x04040800L,
+0x00000802L,0x04000802L,0x00040802L,0x04040802L,
+0x00002800L,0x04002800L,0x00042800L,0x04042800L,
+0x00002802L,0x04002802L,0x00042802L,0x04042802L,
+0x00000820L,0x04000820L,0x00040820L,0x04040820L,
+0x00000822L,0x04000822L,0x00040822L,0x04040822L,
+0x00002820L,0x04002820L,0x00042820L,0x04042820L,
+0x00002822L,0x04002822L,0x00042822L,0x04042822L,
+}};
diff --git a/crypto/openssl/crypto/des/speed.c b/crypto/openssl/crypto/des/speed.c
new file mode 100644
index 000000000000..da41abcb03da
--- /dev/null
+++ b/crypto/openssl/crypto/des/speed.c
@@ -0,0 +1,310 @@
+/* crypto/des/speed.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* 11-Sep-92 Andrew Daviel   Support for Silicon Graphics IRIX added */
+/* 06-Apr-92 Luke Brennan    Support for VMS and add extra signal calls */
+
+#if !defined(MSDOS) && (!defined(VMS) || defined(__DECC))
+#define TIMES
+#endif
+
+#include 
+
+#include 
+#include OPENSSL_UNISTD_IO
+OPENSSL_DECLARE_EXIT
+
+#include 
+#ifndef _IRIX
+#include 
+#endif
+#ifdef TIMES
+#include 
+#include 
+#endif
+
+/* Depending on the VMS version, the tms structure is perhaps defined.
+   The __TMS macro will show if it was.  If it wasn't defined, we should
+   undefine TIMES, since that tells the rest of the program how things
+   should be handled.				-- Richard Levitte */
+#if defined(VMS) && defined(__DECC) && !defined(__TMS)
+#undef TIMES
+#endif
+
+#ifndef TIMES
+#include 
+#endif
+
+#if defined(sun) || defined(__ultrix)
+#define _POSIX_SOURCE
+#include 
+#include 
+#endif
+
+#include 
+
+/* The following if from times(3) man page.  It may need to be changed */
+#ifndef HZ
+# ifndef CLK_TCK
+#  ifndef _BSD_CLK_TCK_ /* FreeBSD fix */
+#   define HZ	100.0
+#  else /* _BSD_CLK_TCK_ */
+#   define HZ ((double)_BSD_CLK_TCK_)
+#  endif
+# else /* CLK_TCK */
+#  define HZ ((double)CLK_TCK)
+# endif
+#endif
+
+#define BUFSIZE	((long)1024)
+long run=0;
+
+double Time_F(int s);
+#ifdef SIGALRM
+#if defined(__STDC__) || defined(sgi) || defined(_AIX)
+#define SIGRETTYPE void
+#else
+#define SIGRETTYPE int
+#endif
+
+SIGRETTYPE sig_done(int sig);
+SIGRETTYPE sig_done(int sig)
+	{
+	signal(SIGALRM,sig_done);
+	run=0;
+#ifdef LINT
+	sig=sig;
+#endif
+	}
+#endif
+
+#define START	0
+#define STOP	1
+
+double Time_F(int s)
+	{
+	double ret;
+#ifdef TIMES
+	static struct tms tstart,tend;
+
+	if (s == START)
+		{
+		times(&tstart);
+		return(0);
+		}
+	else
+		{
+		times(&tend);
+		ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
+		return((ret == 0.0)?1e-6:ret);
+		}
+#else /* !times() */
+	static struct timeb tstart,tend;
+	long i;
+
+	if (s == START)
+		{
+		ftime(&tstart);
+		return(0);
+		}
+	else
+		{
+		ftime(&tend);
+		i=(long)tend.millitm-(long)tstart.millitm;
+		ret=((double)(tend.time-tstart.time))+((double)i)/1e3;
+		return((ret == 0.0)?1e-6:ret);
+		}
+#endif
+	}
+
+int main(int argc, char **argv)
+	{
+	long count;
+	static unsigned char buf[BUFSIZE];
+	static des_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0};
+	static des_cblock key2={0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12};
+	static des_cblock key3={0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34};
+	des_key_schedule sch,sch2,sch3;
+	double a,b,c,d,e;
+#ifndef SIGALRM
+	long ca,cb,cc,cd,ce;
+#endif
+
+#ifndef TIMES
+	printf("To get the most acurate results, try to run this\n");
+	printf("program when this computer is idle.\n");
+#endif
+
+	des_set_key(&key2,sch2);
+	des_set_key(&key3,sch3);
+
+#ifndef SIGALRM
+	printf("First we calculate the approximate speed ...\n");
+	des_set_key(&key,sch);
+	count=10;
+	do	{
+		long i;
+		DES_LONG data[2];
+
+		count*=2;
+		Time_F(START);
+		for (i=count; i; i--)
+			des_encrypt(data,&(sch[0]),DES_ENCRYPT);
+		d=Time_F(STOP);
+		} while (d < 3.0);
+	ca=count;
+	cb=count*3;
+	cc=count*3*8/BUFSIZE+1;
+	cd=count*8/BUFSIZE+1;
+	ce=count/20+1;
+	printf("Doing set_key %ld times\n",ca);
+#define COND(d)	(count != (d))
+#define COUNT(d) (d)
+#else
+#define COND(c)	(run)
+#define COUNT(d) (count)
+	signal(SIGALRM,sig_done);
+	printf("Doing set_key for 10 seconds\n");
+	alarm(10);
+#endif
+
+	Time_F(START);
+	for (count=0,run=1; COND(ca); count++)
+		des_set_key(&key,sch);
+	d=Time_F(STOP);
+	printf("%ld set_key's in %.2f seconds\n",count,d);
+	a=((double)COUNT(ca))/d;
+
+#ifdef SIGALRM
+	printf("Doing des_encrypt's for 10 seconds\n");
+	alarm(10);
+#else
+	printf("Doing des_encrypt %ld times\n",cb);
+#endif
+	Time_F(START);
+	for (count=0,run=1; COND(cb); count++)
+		{
+		DES_LONG data[2];
+
+		des_encrypt(data,&(sch[0]),DES_ENCRYPT);
+		}
+	d=Time_F(STOP);
+	printf("%ld des_encrypt's in %.2f second\n",count,d);
+	b=((double)COUNT(cb)*8)/d;
+
+#ifdef SIGALRM
+	printf("Doing des_cbc_encrypt on %ld byte blocks for 10 seconds\n",
+		BUFSIZE);
+	alarm(10);
+#else
+	printf("Doing des_cbc_encrypt %ld times on %ld byte blocks\n",cc,
+		BUFSIZE);
+#endif
+	Time_F(START);
+	for (count=0,run=1; COND(cc); count++)
+		des_ncbc_encrypt(buf,buf,BUFSIZE,&(sch[0]),
+			&key,DES_ENCRYPT);
+	d=Time_F(STOP);
+	printf("%ld des_cbc_encrypt's of %ld byte blocks in %.2f second\n",
+		count,BUFSIZE,d);
+	c=((double)COUNT(cc)*BUFSIZE)/d;
+
+#ifdef SIGALRM
+	printf("Doing des_ede_cbc_encrypt on %ld byte blocks for 10 seconds\n",
+		BUFSIZE);
+	alarm(10);
+#else
+	printf("Doing des_ede_cbc_encrypt %ld times on %ld byte blocks\n",cd,
+		BUFSIZE);
+#endif
+	Time_F(START);
+	for (count=0,run=1; COND(cd); count++)
+		des_ede3_cbc_encrypt(buf,buf,BUFSIZE,
+			&(sch[0]),
+			&(sch2[0]),
+			&(sch3[0]),
+			&key,
+			DES_ENCRYPT);
+	d=Time_F(STOP);
+	printf("%ld des_ede_cbc_encrypt's of %ld byte blocks in %.2f second\n",
+		count,BUFSIZE,d);
+	d=((double)COUNT(cd)*BUFSIZE)/d;
+
+#ifdef SIGALRM
+	printf("Doing crypt for 10 seconds\n");
+	alarm(10);
+#else
+	printf("Doing crypt %ld times\n",ce);
+#endif
+	Time_F(START);
+	for (count=0,run=1; COND(ce); count++)
+		crypt("testing1","ef");
+	e=Time_F(STOP);
+	printf("%ld crypts in %.2f second\n",count,e);
+	e=((double)COUNT(ce))/e;
+
+	printf("set_key            per sec = %12.2f (%9.3fuS)\n",a,1.0e6/a);
+	printf("DES raw ecb bytes  per sec = %12.2f (%9.3fuS)\n",b,8.0e6/b);
+	printf("DES cbc bytes      per sec = %12.2f (%9.3fuS)\n",c,8.0e6/c);
+	printf("DES ede cbc bytes  per sec = %12.2f (%9.3fuS)\n",d,8.0e6/d);
+	printf("crypt              per sec = %12.2f (%9.3fuS)\n",e,1.0e6/e);
+	exit(0);
+#if defined(LINT) || defined(MSDOS)
+	return(0);
+#endif
+	}
diff --git a/crypto/openssl/crypto/des/spr.h b/crypto/openssl/crypto/des/spr.h
new file mode 100644
index 000000000000..b8fbdcf8d322
--- /dev/null
+++ b/crypto/openssl/crypto/des/spr.h
@@ -0,0 +1,204 @@
+/* crypto/des/spr.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+OPENSSL_GLOBAL const DES_LONG des_SPtrans[8][64]={
+{
+/* nibble 0 */
+0x02080800L, 0x00080000L, 0x02000002L, 0x02080802L,
+0x02000000L, 0x00080802L, 0x00080002L, 0x02000002L,
+0x00080802L, 0x02080800L, 0x02080000L, 0x00000802L,
+0x02000802L, 0x02000000L, 0x00000000L, 0x00080002L,
+0x00080000L, 0x00000002L, 0x02000800L, 0x00080800L,
+0x02080802L, 0x02080000L, 0x00000802L, 0x02000800L,
+0x00000002L, 0x00000800L, 0x00080800L, 0x02080002L,
+0x00000800L, 0x02000802L, 0x02080002L, 0x00000000L,
+0x00000000L, 0x02080802L, 0x02000800L, 0x00080002L,
+0x02080800L, 0x00080000L, 0x00000802L, 0x02000800L,
+0x02080002L, 0x00000800L, 0x00080800L, 0x02000002L,
+0x00080802L, 0x00000002L, 0x02000002L, 0x02080000L,
+0x02080802L, 0x00080800L, 0x02080000L, 0x02000802L,
+0x02000000L, 0x00000802L, 0x00080002L, 0x00000000L,
+0x00080000L, 0x02000000L, 0x02000802L, 0x02080800L,
+0x00000002L, 0x02080002L, 0x00000800L, 0x00080802L,
+},{
+/* nibble 1 */
+0x40108010L, 0x00000000L, 0x00108000L, 0x40100000L,
+0x40000010L, 0x00008010L, 0x40008000L, 0x00108000L,
+0x00008000L, 0x40100010L, 0x00000010L, 0x40008000L,
+0x00100010L, 0x40108000L, 0x40100000L, 0x00000010L,
+0x00100000L, 0x40008010L, 0x40100010L, 0x00008000L,
+0x00108010L, 0x40000000L, 0x00000000L, 0x00100010L,
+0x40008010L, 0x00108010L, 0x40108000L, 0x40000010L,
+0x40000000L, 0x00100000L, 0x00008010L, 0x40108010L,
+0x00100010L, 0x40108000L, 0x40008000L, 0x00108010L,
+0x40108010L, 0x00100010L, 0x40000010L, 0x00000000L,
+0x40000000L, 0x00008010L, 0x00100000L, 0x40100010L,
+0x00008000L, 0x40000000L, 0x00108010L, 0x40008010L,
+0x40108000L, 0x00008000L, 0x00000000L, 0x40000010L,
+0x00000010L, 0x40108010L, 0x00108000L, 0x40100000L,
+0x40100010L, 0x00100000L, 0x00008010L, 0x40008000L,
+0x40008010L, 0x00000010L, 0x40100000L, 0x00108000L,
+},{
+/* nibble 2 */
+0x04000001L, 0x04040100L, 0x00000100L, 0x04000101L,
+0x00040001L, 0x04000000L, 0x04000101L, 0x00040100L,
+0x04000100L, 0x00040000L, 0x04040000L, 0x00000001L,
+0x04040101L, 0x00000101L, 0x00000001L, 0x04040001L,
+0x00000000L, 0x00040001L, 0x04040100L, 0x00000100L,
+0x00000101L, 0x04040101L, 0x00040000L, 0x04000001L,
+0x04040001L, 0x04000100L, 0x00040101L, 0x04040000L,
+0x00040100L, 0x00000000L, 0x04000000L, 0x00040101L,
+0x04040100L, 0x00000100L, 0x00000001L, 0x00040000L,
+0x00000101L, 0x00040001L, 0x04040000L, 0x04000101L,
+0x00000000L, 0x04040100L, 0x00040100L, 0x04040001L,
+0x00040001L, 0x04000000L, 0x04040101L, 0x00000001L,
+0x00040101L, 0x04000001L, 0x04000000L, 0x04040101L,
+0x00040000L, 0x04000100L, 0x04000101L, 0x00040100L,
+0x04000100L, 0x00000000L, 0x04040001L, 0x00000101L,
+0x04000001L, 0x00040101L, 0x00000100L, 0x04040000L,
+},{
+/* nibble 3 */
+0x00401008L, 0x10001000L, 0x00000008L, 0x10401008L,
+0x00000000L, 0x10400000L, 0x10001008L, 0x00400008L,
+0x10401000L, 0x10000008L, 0x10000000L, 0x00001008L,
+0x10000008L, 0x00401008L, 0x00400000L, 0x10000000L,
+0x10400008L, 0x00401000L, 0x00001000L, 0x00000008L,
+0x00401000L, 0x10001008L, 0x10400000L, 0x00001000L,
+0x00001008L, 0x00000000L, 0x00400008L, 0x10401000L,
+0x10001000L, 0x10400008L, 0x10401008L, 0x00400000L,
+0x10400008L, 0x00001008L, 0x00400000L, 0x10000008L,
+0x00401000L, 0x10001000L, 0x00000008L, 0x10400000L,
+0x10001008L, 0x00000000L, 0x00001000L, 0x00400008L,
+0x00000000L, 0x10400008L, 0x10401000L, 0x00001000L,
+0x10000000L, 0x10401008L, 0x00401008L, 0x00400000L,
+0x10401008L, 0x00000008L, 0x10001000L, 0x00401008L,
+0x00400008L, 0x00401000L, 0x10400000L, 0x10001008L,
+0x00001008L, 0x10000000L, 0x10000008L, 0x10401000L,
+},{
+/* nibble 4 */
+0x08000000L, 0x00010000L, 0x00000400L, 0x08010420L,
+0x08010020L, 0x08000400L, 0x00010420L, 0x08010000L,
+0x00010000L, 0x00000020L, 0x08000020L, 0x00010400L,
+0x08000420L, 0x08010020L, 0x08010400L, 0x00000000L,
+0x00010400L, 0x08000000L, 0x00010020L, 0x00000420L,
+0x08000400L, 0x00010420L, 0x00000000L, 0x08000020L,
+0x00000020L, 0x08000420L, 0x08010420L, 0x00010020L,
+0x08010000L, 0x00000400L, 0x00000420L, 0x08010400L,
+0x08010400L, 0x08000420L, 0x00010020L, 0x08010000L,
+0x00010000L, 0x00000020L, 0x08000020L, 0x08000400L,
+0x08000000L, 0x00010400L, 0x08010420L, 0x00000000L,
+0x00010420L, 0x08000000L, 0x00000400L, 0x00010020L,
+0x08000420L, 0x00000400L, 0x00000000L, 0x08010420L,
+0x08010020L, 0x08010400L, 0x00000420L, 0x00010000L,
+0x00010400L, 0x08010020L, 0x08000400L, 0x00000420L,
+0x00000020L, 0x00010420L, 0x08010000L, 0x08000020L,
+},{
+/* nibble 5 */
+0x80000040L, 0x00200040L, 0x00000000L, 0x80202000L,
+0x00200040L, 0x00002000L, 0x80002040L, 0x00200000L,
+0x00002040L, 0x80202040L, 0x00202000L, 0x80000000L,
+0x80002000L, 0x80000040L, 0x80200000L, 0x00202040L,
+0x00200000L, 0x80002040L, 0x80200040L, 0x00000000L,
+0x00002000L, 0x00000040L, 0x80202000L, 0x80200040L,
+0x80202040L, 0x80200000L, 0x80000000L, 0x00002040L,
+0x00000040L, 0x00202000L, 0x00202040L, 0x80002000L,
+0x00002040L, 0x80000000L, 0x80002000L, 0x00202040L,
+0x80202000L, 0x00200040L, 0x00000000L, 0x80002000L,
+0x80000000L, 0x00002000L, 0x80200040L, 0x00200000L,
+0x00200040L, 0x80202040L, 0x00202000L, 0x00000040L,
+0x80202040L, 0x00202000L, 0x00200000L, 0x80002040L,
+0x80000040L, 0x80200000L, 0x00202040L, 0x00000000L,
+0x00002000L, 0x80000040L, 0x80002040L, 0x80202000L,
+0x80200000L, 0x00002040L, 0x00000040L, 0x80200040L,
+},{
+/* nibble 6 */
+0x00004000L, 0x00000200L, 0x01000200L, 0x01000004L,
+0x01004204L, 0x00004004L, 0x00004200L, 0x00000000L,
+0x01000000L, 0x01000204L, 0x00000204L, 0x01004000L,
+0x00000004L, 0x01004200L, 0x01004000L, 0x00000204L,
+0x01000204L, 0x00004000L, 0x00004004L, 0x01004204L,
+0x00000000L, 0x01000200L, 0x01000004L, 0x00004200L,
+0x01004004L, 0x00004204L, 0x01004200L, 0x00000004L,
+0x00004204L, 0x01004004L, 0x00000200L, 0x01000000L,
+0x00004204L, 0x01004000L, 0x01004004L, 0x00000204L,
+0x00004000L, 0x00000200L, 0x01000000L, 0x01004004L,
+0x01000204L, 0x00004204L, 0x00004200L, 0x00000000L,
+0x00000200L, 0x01000004L, 0x00000004L, 0x01000200L,
+0x00000000L, 0x01000204L, 0x01000200L, 0x00004200L,
+0x00000204L, 0x00004000L, 0x01004204L, 0x01000000L,
+0x01004200L, 0x00000004L, 0x00004004L, 0x01004204L,
+0x01000004L, 0x01004200L, 0x01004000L, 0x00004004L,
+},{
+/* nibble 7 */
+0x20800080L, 0x20820000L, 0x00020080L, 0x00000000L,
+0x20020000L, 0x00800080L, 0x20800000L, 0x20820080L,
+0x00000080L, 0x20000000L, 0x00820000L, 0x00020080L,
+0x00820080L, 0x20020080L, 0x20000080L, 0x20800000L,
+0x00020000L, 0x00820080L, 0x00800080L, 0x20020000L,
+0x20820080L, 0x20000080L, 0x00000000L, 0x00820000L,
+0x20000000L, 0x00800000L, 0x20020080L, 0x20800080L,
+0x00800000L, 0x00020000L, 0x20820000L, 0x00000080L,
+0x00800000L, 0x00020000L, 0x20000080L, 0x20820080L,
+0x00020080L, 0x20000000L, 0x00000000L, 0x00820000L,
+0x20800080L, 0x20020080L, 0x20020000L, 0x00800080L,
+0x20820000L, 0x00000080L, 0x00800080L, 0x20020000L,
+0x20820080L, 0x00800000L, 0x20800000L, 0x20000080L,
+0x00820000L, 0x00020080L, 0x20020080L, 0x20800000L,
+0x00000080L, 0x20820000L, 0x00820080L, 0x00000000L,
+0x20000000L, 0x20800080L, 0x00020000L, 0x00820080L,
+}};
diff --git a/crypto/openssl/crypto/des/str2key.c b/crypto/openssl/crypto/des/str2key.c
new file mode 100644
index 000000000000..24841452f1fd
--- /dev/null
+++ b/crypto/openssl/crypto/des/str2key.c
@@ -0,0 +1,163 @@
+/* crypto/des/str2key.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "des_locl.h"
+
+OPENSSL_EXTERN int des_check_key;
+
+void des_string_to_key(const char *str, des_cblock *key)
+	{
+	des_key_schedule ks;
+	int i,length;
+	register unsigned char j;
+
+	memset(key,0,8);
+	length=strlen(str);
+#ifdef OLD_STR_TO_KEY
+	for (i=0; i>4)&0x0f);
+			j=((j<<2)&0xcc)|((j>>2)&0x33);
+			j=((j<<1)&0xaa)|((j>>1)&0x55);
+			(*key)[7-(i%8)]^=j;
+			}
+		}
+#endif
+	des_set_odd_parity(key);
+	i=des_check_key;
+	des_check_key=0;
+	des_set_key(key,ks);
+	des_check_key=i;
+	des_cbc_cksum((unsigned char*)str,key,length,ks,key);
+	memset(ks,0,sizeof(ks));
+	des_set_odd_parity(key);
+	}
+
+void des_string_to_2keys(const char *str, des_cblock *key1, des_cblock *key2)
+	{
+	des_key_schedule ks;
+	int i,length;
+	register unsigned char j;
+
+	memset(key1,0,8);
+	memset(key2,0,8);
+	length=strlen(str);
+#ifdef OLD_STR_TO_KEY
+	if (length <= 8)
+		{
+		for (i=0; i>4)&0x0f);
+			j=((j<<2)&0xcc)|((j>>2)&0x33);
+			j=((j<<1)&0xaa)|((j>>1)&0x55);
+			if ((i%16) < 8)
+				(*key1)[7-(i%8)]^=j;
+			else
+				(*key2)[7-(i%8)]^=j;
+			}
+		}
+	if (length <= 8) memcpy(key2,key1,8);
+#endif
+	des_set_odd_parity(key1);
+	des_set_odd_parity(key2);
+	i=des_check_key;
+	des_check_key=0;
+	des_set_key(key1,ks);
+	des_cbc_cksum((unsigned char*)str,key1,length,ks,key1);
+	des_set_key(key2,ks);
+	des_cbc_cksum((unsigned char*)str,key2,length,ks,key2);
+	des_check_key=i;
+	memset(ks,0,sizeof(ks));
+	des_set_odd_parity(key1);
+	des_set_odd_parity(key2);
+	}
diff --git a/crypto/openssl/crypto/des/supp.c b/crypto/openssl/crypto/des/supp.c
new file mode 100644
index 000000000000..e51b36c91630
--- /dev/null
+++ b/crypto/openssl/crypto/des/supp.c
@@ -0,0 +1,107 @@
+/* crypto/des/supp.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/*
+ * Copyright (c) 1995
+ *	Mark Murray.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by Mark Murray
+ * 4. Neither the name of the author nor the names of any co-contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY MARK MURRAY AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id: supp.c,v 1.5 1999/05/16 12:25:45 bodo Exp $
+ */
+
+#include 
+#include "des_locl.h"
+
+void des_cblock_print_file(const_des_cblock *cb, FILE *fp)
+{
+	int i;
+	const unsigned int *p = (const unsigned int *)cb;
+
+	fprintf(fp, " 0x { ");
+	for (i = 0; i < 8; i++) {
+		fprintf(fp, "%x", p[i]);
+		if (i != 7) fprintf(fp, ", ");
+	}
+	fprintf(fp, " }");
+}
diff --git a/crypto/openssl/crypto/des/t/test b/crypto/openssl/crypto/des/t/test
new file mode 100644
index 000000000000..97acd0552e43
--- /dev/null
+++ b/crypto/openssl/crypto/des/t/test
@@ -0,0 +1,27 @@
+#!./perl
+
+BEGIN { push(@INC, qw(../../../lib ../../lib ../lib lib)); }
+
+use DES;
+
+$key='00000000';
+$ks=DES::set_key($key);
+@a=split(//,$ks);
+foreach (@a) { printf "%02x-",ord($_); }
+print "\n";
+
+
+$key=DES::random_key();
+print "($_)\n";
+@a=split(//,$key);
+foreach (@a) { printf "%02x-",ord($_); }
+print "\n";
+$str="this is and again into the breach";
+($k1,$k2)=DES::string_to_2keys($str);
+@a=split(//,$k1);
+foreach (@a) { printf "%02x-",ord($_); }
+print "\n";
+@a=split(//,$k2);
+foreach (@a) { printf "%02x-",ord($_); }
+print "\n";
+
diff --git a/crypto/openssl/crypto/des/testdes.pl b/crypto/openssl/crypto/des/testdes.pl
new file mode 100644
index 000000000000..01a165a963d1
--- /dev/null
+++ b/crypto/openssl/crypto/des/testdes.pl
@@ -0,0 +1,167 @@
+#!/usr/local/bin/perl
+
+# des.pl tesing code
+
+require 'des.pl';
+
+$num_tests=34;
+@key_data=(
+	0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+	0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	0x30,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+	0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,
+	0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
+	0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,
+	0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+	0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10,
+	0x7C,0xA1,0x10,0x45,0x4A,0x1A,0x6E,0x57,
+	0x01,0x31,0xD9,0x61,0x9D,0xC1,0x37,0x6E,
+	0x07,0xA1,0x13,0x3E,0x4A,0x0B,0x26,0x86,
+	0x38,0x49,0x67,0x4C,0x26,0x02,0x31,0x9E,
+	0x04,0xB9,0x15,0xBA,0x43,0xFE,0xB5,0xB6,
+	0x01,0x13,0xB9,0x70,0xFD,0x34,0xF2,0xCE,
+	0x01,0x70,0xF1,0x75,0x46,0x8F,0xB5,0xE6,
+	0x43,0x29,0x7F,0xAD,0x38,0xE3,0x73,0xFE,
+	0x07,0xA7,0x13,0x70,0x45,0xDA,0x2A,0x16,
+	0x04,0x68,0x91,0x04,0xC2,0xFD,0x3B,0x2F,
+	0x37,0xD0,0x6B,0xB5,0x16,0xCB,0x75,0x46,
+	0x1F,0x08,0x26,0x0D,0x1A,0xC2,0x46,0x5E,
+	0x58,0x40,0x23,0x64,0x1A,0xBA,0x61,0x76,
+	0x02,0x58,0x16,0x16,0x46,0x29,0xB0,0x07,
+	0x49,0x79,0x3E,0xBC,0x79,0xB3,0x25,0x8F,
+	0x4F,0xB0,0x5E,0x15,0x15,0xAB,0x73,0xA7,
+	0x49,0xE9,0x5D,0x6D,0x4C,0xA2,0x29,0xBF,
+	0x01,0x83,0x10,0xDC,0x40,0x9B,0x26,0xD6,
+	0x1C,0x58,0x7F,0x1C,0x13,0x92,0x4F,0xEF,
+	0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
+	0x1F,0x1F,0x1F,0x1F,0x0E,0x0E,0x0E,0x0E,
+	0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1,0xFE,
+	0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+	0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
+	0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10,
+	);
+
+@plain_data=(
+	0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+	0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	0x10,0x00,0x00,0x00,0x00,0x00,0x00,0x01,
+	0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,
+	0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,
+	0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
+	0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+	0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
+	0x01,0xA1,0xD6,0xD0,0x39,0x77,0x67,0x42,
+	0x5C,0xD5,0x4C,0xA8,0x3D,0xEF,0x57,0xDA,
+	0x02,0x48,0xD4,0x38,0x06,0xF6,0x71,0x72,
+	0x51,0x45,0x4B,0x58,0x2D,0xDF,0x44,0x0A,
+	0x42,0xFD,0x44,0x30,0x59,0x57,0x7F,0xA2,
+	0x05,0x9B,0x5E,0x08,0x51,0xCF,0x14,0x3A,
+	0x07,0x56,0xD8,0xE0,0x77,0x47,0x61,0xD2,
+	0x76,0x25,0x14,0xB8,0x29,0xBF,0x48,0x6A,
+	0x3B,0xDD,0x11,0x90,0x49,0x37,0x28,0x02,
+	0x26,0x95,0x5F,0x68,0x35,0xAF,0x60,0x9A,
+	0x16,0x4D,0x5E,0x40,0x4F,0x27,0x52,0x32,
+	0x6B,0x05,0x6E,0x18,0x75,0x9F,0x5C,0xCA,
+	0x00,0x4B,0xD6,0xEF,0x09,0x17,0x60,0x62,
+	0x48,0x0D,0x39,0x00,0x6E,0xE7,0x62,0xF2,
+	0x43,0x75,0x40,0xC8,0x69,0x8F,0x3C,0xFA,
+	0x07,0x2D,0x43,0xA0,0x77,0x07,0x52,0x92,
+	0x02,0xFE,0x55,0x77,0x81,0x17,0xF1,0x2A,
+	0x1D,0x9D,0x5C,0x50,0x18,0xF7,0x28,0xC2,
+	0x30,0x55,0x32,0x28,0x6D,0x6F,0x29,0x5A,
+	0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
+	0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
+	0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
+	0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+	0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+	0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF);
+
+@cipher_data=(
+	0x8C,0xA6,0x4D,0xE9,0xC1,0xB1,0x23,0xA7,
+	0x73,0x59,0xB2,0x16,0x3E,0x4E,0xDC,0x58,
+	0x95,0x8E,0x6E,0x62,0x7A,0x05,0x55,0x7B,
+	0xF4,0x03,0x79,0xAB,0x9E,0x0E,0xC5,0x33,
+	0x17,0x66,0x8D,0xFC,0x72,0x92,0x53,0x2D,
+	0x8A,0x5A,0xE1,0xF8,0x1A,0xB8,0xF2,0xDD,
+	0x8C,0xA6,0x4D,0xE9,0xC1,0xB1,0x23,0xA7,
+	0xED,0x39,0xD9,0x50,0xFA,0x74,0xBC,0xC4,
+	0x69,0x0F,0x5B,0x0D,0x9A,0x26,0x93,0x9B,
+	0x7A,0x38,0x9D,0x10,0x35,0x4B,0xD2,0x71,
+	0x86,0x8E,0xBB,0x51,0xCA,0xB4,0x59,0x9A,
+	0x71,0x78,0x87,0x6E,0x01,0xF1,0x9B,0x2A,
+	0xAF,0x37,0xFB,0x42,0x1F,0x8C,0x40,0x95,
+	0x86,0xA5,0x60,0xF1,0x0E,0xC6,0xD8,0x5B,
+	0x0C,0xD3,0xDA,0x02,0x00,0x21,0xDC,0x09,
+	0xEA,0x67,0x6B,0x2C,0xB7,0xDB,0x2B,0x7A,
+	0xDF,0xD6,0x4A,0x81,0x5C,0xAF,0x1A,0x0F,
+	0x5C,0x51,0x3C,0x9C,0x48,0x86,0xC0,0x88,
+	0x0A,0x2A,0xEE,0xAE,0x3F,0xF4,0xAB,0x77,
+	0xEF,0x1B,0xF0,0x3E,0x5D,0xFA,0x57,0x5A,
+	0x88,0xBF,0x0D,0xB6,0xD7,0x0D,0xEE,0x56,
+	0xA1,0xF9,0x91,0x55,0x41,0x02,0x0B,0x56,
+	0x6F,0xBF,0x1C,0xAF,0xCF,0xFD,0x05,0x56,
+	0x2F,0x22,0xE4,0x9B,0xAB,0x7C,0xA1,0xAC,
+	0x5A,0x6B,0x61,0x2C,0xC2,0x6C,0xCE,0x4A,
+	0x5F,0x4C,0x03,0x8E,0xD1,0x2B,0x2E,0x41,
+	0x63,0xFA,0xC0,0xD0,0x34,0xD9,0xF7,0x93,
+	0x61,0x7B,0x3A,0x0C,0xE8,0xF0,0x71,0x00,
+	0xDB,0x95,0x86,0x05,0xF8,0xC8,0xC6,0x06,
+	0xED,0xBF,0xD1,0xC6,0x6C,0x29,0xCC,0xC7,
+	0x35,0x55,0x50,0xB2,0x15,0x0E,0x24,0x51,
+	0xCA,0xAA,0xAF,0x4D,0xEA,0xF1,0xDB,0xAE,
+	0xD5,0xD4,0x4F,0xF7,0x20,0x68,0x3D,0x0D,
+	0x2A,0x2B,0xB0,0x08,0xDF,0x97,0xC2,0xF2);
+
+print "Doing ecb tests\n";
+for ($i=0; $i<$num_tests; $i++)
+	{
+	printf "Doing test $i\n";
+	$key =pack("C8",splice(@key_data   ,0,8));
+	$data=pack("C8",splice(@plain_data ,0,8));
+	$res =pack("C8",splice(@cipher_data,0,8));
+
+	@ks=  &des_set_key($key);
+	$out1= &des_ecb_encrypt(*ks,1,$data);
+	$out2= &des_ecb_encrypt(*ks,0,$out1);
+	$out3= &des_ecb_encrypt(*ks,0,$res);
+	&eprint("encryption failure",$res,$out1)
+		if ($out1 ne $res);
+	&eprint("encryption/decryption failure",$data,$out2)
+		if ($out2 ne $data);
+	&eprint("decryption failure",$data,$out3)
+		if ($data ne $out3);
+	}
+print "Done\n";
+
+print "doing speed test over 30 seconds\n";
+$SIG{'ALRM'}='done';
+sub done {$done=1;}
+$done=0;
+
+$count=0;
+$d=pack("C8",0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef);
+@ks=  &des_set_key($d);
+alarm(30);
+$start=(times)[0];
+while (!$done)
+	{
+	$count++;
+	$d=&des_ecb_encrypt(*ks,1,$d);
+	}
+$end=(times)[0];
+$t=$end-$start;
+printf "$count DESs in %.2f seconds is %.2f DESs/sec or %.2f bytes/sec\n",
+	1.0*$t,1.0*$count/$t,$count*8.0/$t;
+
+sub eprint
+	{
+	local($s,$c,$e)=@_;
+	local(@k);
+
+	@k=unpack("C8",$c);
+	printf "%02x%02x%02x%02x %02x%02x%02x%02x - ",unpack("C8",$c);
+	printf "%02x%02x%02x%02x %02x%02x%02x%02x :",unpack("C8",$e);
+	print " $s\n";
+	}
diff --git a/crypto/openssl/crypto/des/times/486-50.sol b/crypto/openssl/crypto/des/times/486-50.sol
new file mode 100644
index 000000000000..0de62d6db31e
--- /dev/null
+++ b/crypto/openssl/crypto/des/times/486-50.sol
@@ -0,0 +1,16 @@
+Solaris 2.4, 486 50mhz, gcc 2.6.3
+options    des ecb/s
+16 r2 i     43552.51 100.0%
+16 r1 i     43487.45  99.9%
+16  c p     43003.23  98.7%
+16 r2 p     42339.00  97.2%
+16  c i     41900.91  96.2%
+16 r1 p     41360.64  95.0%
+ 4  c i     38728.48  88.9%
+ 4  c p     38225.63  87.8%
+ 4 r1 i     38085.79  87.4%
+ 4 r2 i     37825.64  86.9%
+ 4 r2 p     34611.00  79.5%
+ 4 r1 p     31802.00  73.0%
+-DDES_UNROLL -DDES_RISC2
+
diff --git a/crypto/openssl/crypto/des/times/586-100.lnx b/crypto/openssl/crypto/des/times/586-100.lnx
new file mode 100644
index 000000000000..4323914a11bb
--- /dev/null
+++ b/crypto/openssl/crypto/des/times/586-100.lnx
@@ -0,0 +1,20 @@
+Pentium 100
+Linux 2 kernel
+gcc 2.7.0 -O3 -fomit-frame-pointer
+No X server running, just a console, it makes the top speed jump from 151,000
+to 158,000 :-).
+options    des ecb/s
+assember   281000.00 177.1%
+16 r1 p    158667.40 100.0%
+16 r1 i    148471.70  93.6%
+16 r2 p    143961.80  90.7%
+16 r2 i    141689.20  89.3%
+ 4 r1 i    140100.00  88.3%
+ 4 r2 i    134049.40  84.5%
+16  c i    124145.20  78.2%
+16  c p    121584.20  76.6%
+ 4  c i    118116.00  74.4%
+ 4 r2 p    117977.90  74.4%
+ 4  c p    114971.40  72.5%
+ 4 r1 p    114578.40  72.2%
+-DDES_UNROLL -DDES_RISC1 -DDES_PTR
diff --git a/crypto/openssl/crypto/des/times/686-200.fre b/crypto/openssl/crypto/des/times/686-200.fre
new file mode 100644
index 000000000000..7d83f6adee15
--- /dev/null
+++ b/crypto/openssl/crypto/des/times/686-200.fre
@@ -0,0 +1,18 @@
+Pentium 100
+Free BSD 2.1.5 kernel
+gcc 2.7.2.2 -O3 -fomit-frame-pointer
+options    des ecb/s
+assember   578000.00 133.1%
+16 r2 i    434454.80 100.0%
+16 r1 i    433621.43  99.8%
+16 r2 p    431375.69  99.3%
+ 4 r1 i    423722.30  97.5%
+ 4 r2 i    422399.40  97.2%
+16 r1 p    421739.40  97.1%
+16  c i    399027.94  91.8%
+16  c p    372251.70  85.7%
+ 4  c i    365118.35  84.0%
+ 4  c p    352880.51  81.2%
+ 4 r2 p    255104.90  58.7%
+ 4 r1 p    251289.18  57.8%
+-DDES_UNROLL -DDES_RISC2
diff --git a/crypto/openssl/crypto/des/times/aix.cc b/crypto/openssl/crypto/des/times/aix.cc
new file mode 100644
index 000000000000..d96b74e2cedd
--- /dev/null
+++ b/crypto/openssl/crypto/des/times/aix.cc
@@ -0,0 +1,26 @@
+From: Paco Garcia 
+
+This machine is a Bull Estrella  Minitower Model MT604-100
+Processor        : PPC604 
+P.Speed          : 100Mhz 
+Data/Instr Cache :    16 K
+L2 Cache         :   256 K
+PCI BUS Speed    :    33 Mhz
+TransfRate PCI   :   132 MB/s
+Memory           :    96 MB
+
+options    des ecb/s       
+ 4  c p    275118.61 100.0%
+ 4  c i    273545.07  99.4%
+ 4 r2 p    270441.02  98.3%
+ 4 r1 p    253052.15  92.0%
+ 4 r2 i    240842.97  87.5%
+ 4 r1 i    240556.66  87.4%
+16  c i    224603.99  81.6%
+16  c p    224483.98  81.6%
+16 r2 p    215691.19  78.4%
+16 r1 p    208332.83  75.7%
+16 r1 i    199206.50  72.4%
+16 r2 i    198963.70  72.3%
+-DDES_PTR
+
diff --git a/crypto/openssl/crypto/des/times/alpha.cc b/crypto/openssl/crypto/des/times/alpha.cc
new file mode 100644
index 000000000000..95c17efae7e5
--- /dev/null
+++ b/crypto/openssl/crypto/des/times/alpha.cc
@@ -0,0 +1,18 @@
+cc -O2
+DES_LONG is 'unsigned int'
+
+options    des ecb/s
+ 4 r2 p    181146.14 100.0%
+16 r2 p    172102.94  95.0%
+ 4 r2 i    165424.11  91.3%
+16  c p    160468.64  88.6%
+ 4  c p    156653.59  86.5%
+ 4  c i    155245.18  85.7%
+ 4 r1 p    154729.68  85.4%
+16 r2 i    154137.69  85.1%
+16 r1 p    152357.96  84.1%
+16  c i    148743.91  82.1%
+ 4 r1 i    146695.59  81.0%
+16 r1 i    144961.00  80.0%
+-DDES_RISC2 -DDES_PTR
+
diff --git a/crypto/openssl/crypto/des/times/hpux.cc b/crypto/openssl/crypto/des/times/hpux.cc
new file mode 100644
index 000000000000..3de856ddac5a
--- /dev/null
+++ b/crypto/openssl/crypto/des/times/hpux.cc
@@ -0,0 +1,17 @@
+HPUX 10 - 9000/887 - cc -D_HPUX_SOURCE -Aa +ESlit +O2 -Wl,-a,archive
+
+options    des ecb/s
+16  c i    149448.90 100.0%
+ 4  c i    145861.79  97.6%
+16 r2 i    141710.96  94.8%
+16 r1 i    139455.33  93.3%
+ 4 r2 i    138800.00  92.9%
+ 4 r1 i    136692.65  91.5%
+16 r2 p    110228.17  73.8%
+16 r1 p    109397.07  73.2%
+16  c p    109209.89  73.1%
+ 4  c p    108014.71  72.3%
+ 4 r2 p    107873.88  72.2%
+ 4 r1 p    107685.83  72.1%
+-DDES_UNROLL
+
diff --git a/crypto/openssl/crypto/des/times/sparc.gcc b/crypto/openssl/crypto/des/times/sparc.gcc
new file mode 100644
index 000000000000..8eaa04210406
--- /dev/null
+++ b/crypto/openssl/crypto/des/times/sparc.gcc
@@ -0,0 +1,17 @@
+solaris 2.5.1 - sparc 10 50mhz - gcc 2.7.2
+
+options    des ecb/s
+16  c i    124382.70 100.0%
+ 4  c i    118884.68  95.6%
+16  c p    112261.20  90.3%
+16 r2 i    111777.10  89.9%
+16 r2 p    108896.30  87.5%
+16 r1 p    108791.59  87.5%
+ 4  c p    107290.10  86.3%
+ 4 r1 p    104583.80  84.1%
+16 r1 i    104206.20  83.8%
+ 4 r2 p    103709.80  83.4%
+ 4 r2 i     98306.43  79.0%
+ 4 r1 i     91525.80  73.6%
+-DDES_UNROLL
+      
diff --git a/crypto/openssl/crypto/des/times/usparc.cc b/crypto/openssl/crypto/des/times/usparc.cc
new file mode 100644
index 000000000000..f6ec8e8831d8
--- /dev/null
+++ b/crypto/openssl/crypto/des/times/usparc.cc
@@ -0,0 +1,31 @@
+solaris 2.5.1 usparc 167mhz?? - SC4.0 cc -fast -Xa -xO5
+
+For the ultra sparc, SunC 4.0 cc -fast -Xa -xO5, running 'des_opts'
+gives a speed of 475,000 des/s while 'speed' gives 417,000 des/s.
+I belive the difference is tied up in optimisation that the compiler
+is able to perform when the code is 'inlined'.  For 'speed', the DES
+routines are being linked from a library.  I'll record the higher
+speed since if performance is everything, you can always inline
+'des_enc.c'.
+
+[ 16-Jan-06 - I've been playing with the
+  '-xtarget=ultra -xarch=v8plus -Xa -xO5 -Xa'
+  and while it makes the des_opts numbers much slower, it makes the
+  actual 'speed' numbers look better which is a realistic version of
+  using the libraries. ]
+
+options    des ecb/s
+16 r1 p    475516.90 100.0%
+16 r2 p    439388.10  92.4%
+16  c i    427001.40  89.8%
+16  c p    419516.50  88.2%
+ 4 r2 p    409491.70  86.1%
+ 4 r1 p    404266.90  85.0%
+ 4  c p    398121.00  83.7%
+ 4  c i    370588.40  77.9%
+ 4 r1 i    362742.20  76.3%
+16 r2 i    331275.50  69.7%
+16 r1 i    324730.60  68.3%
+ 4 r2 i     63535.10  13.4%	<-- very very weird, must be cache problems.
+-DDES_UNROLL -DDES_RISC1 -DDES_PTR
+
diff --git a/crypto/openssl/crypto/des/typemap b/crypto/openssl/crypto/des/typemap
new file mode 100644
index 000000000000..a524f53634e7
--- /dev/null
+++ b/crypto/openssl/crypto/des/typemap
@@ -0,0 +1,34 @@
+#
+# DES SECTION
+#
+deschar *	T_DESCHARP
+des_cblock *	T_CBLOCK
+des_cblock	T_CBLOCK
+des_key_schedule	T_SCHEDULE
+des_key_schedule *	T_SCHEDULE
+
+INPUT
+T_CBLOCK
+	$var=(des_cblock *)SvPV($arg,len);
+	if (len < DES_KEY_SZ)
+		{
+		croak(\"$var needs to be at least %u bytes long\",DES_KEY_SZ);
+		}
+
+T_SCHEDULE
+	$var=(des_key_schedule *)SvPV($arg,len);
+	if (len < DES_SCHEDULE_SZ)
+		{
+		croak(\"$var needs to be at least %u bytes long\",
+			DES_SCHEDULE_SZ);
+		}
+
+OUTPUT
+T_CBLOCK
+	sv_setpvn($arg,(char *)$var,DES_KEY_SZ);
+
+T_SCHEDULE
+	sv_setpvn($arg,(char *)$var,DES_SCHEDULE_SZ);
+
+T_DESCHARP
+	sv_setpvn($arg,(char *)$var,len);
diff --git a/crypto/openssl/crypto/des/xcbc_enc.c b/crypto/openssl/crypto/des/xcbc_enc.c
new file mode 100644
index 000000000000..51e17e6b8a64
--- /dev/null
+++ b/crypto/openssl/crypto/des/xcbc_enc.c
@@ -0,0 +1,194 @@
+/* crypto/des/xcbc_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "des_locl.h"
+
+/* RSA's DESX */
+
+static unsigned char desx_white_in2out[256]={
+0xBD,0x56,0xEA,0xF2,0xA2,0xF1,0xAC,0x2A,0xB0,0x93,0xD1,0x9C,0x1B,0x33,0xFD,0xD0,
+0x30,0x04,0xB6,0xDC,0x7D,0xDF,0x32,0x4B,0xF7,0xCB,0x45,0x9B,0x31,0xBB,0x21,0x5A,
+0x41,0x9F,0xE1,0xD9,0x4A,0x4D,0x9E,0xDA,0xA0,0x68,0x2C,0xC3,0x27,0x5F,0x80,0x36,
+0x3E,0xEE,0xFB,0x95,0x1A,0xFE,0xCE,0xA8,0x34,0xA9,0x13,0xF0,0xA6,0x3F,0xD8,0x0C,
+0x78,0x24,0xAF,0x23,0x52,0xC1,0x67,0x17,0xF5,0x66,0x90,0xE7,0xE8,0x07,0xB8,0x60,
+0x48,0xE6,0x1E,0x53,0xF3,0x92,0xA4,0x72,0x8C,0x08,0x15,0x6E,0x86,0x00,0x84,0xFA,
+0xF4,0x7F,0x8A,0x42,0x19,0xF6,0xDB,0xCD,0x14,0x8D,0x50,0x12,0xBA,0x3C,0x06,0x4E,
+0xEC,0xB3,0x35,0x11,0xA1,0x88,0x8E,0x2B,0x94,0x99,0xB7,0x71,0x74,0xD3,0xE4,0xBF,
+0x3A,0xDE,0x96,0x0E,0xBC,0x0A,0xED,0x77,0xFC,0x37,0x6B,0x03,0x79,0x89,0x62,0xC6,
+0xD7,0xC0,0xD2,0x7C,0x6A,0x8B,0x22,0xA3,0x5B,0x05,0x5D,0x02,0x75,0xD5,0x61,0xE3,
+0x18,0x8F,0x55,0x51,0xAD,0x1F,0x0B,0x5E,0x85,0xE5,0xC2,0x57,0x63,0xCA,0x3D,0x6C,
+0xB4,0xC5,0xCC,0x70,0xB2,0x91,0x59,0x0D,0x47,0x20,0xC8,0x4F,0x58,0xE0,0x01,0xE2,
+0x16,0x38,0xC4,0x6F,0x3B,0x0F,0x65,0x46,0xBE,0x7E,0x2D,0x7B,0x82,0xF9,0x40,0xB5,
+0x1D,0x73,0xF8,0xEB,0x26,0xC7,0x87,0x97,0x25,0x54,0xB1,0x28,0xAA,0x98,0x9D,0xA5,
+0x64,0x6D,0x7A,0xD4,0x10,0x81,0x44,0xEF,0x49,0xD6,0xAE,0x2E,0xDD,0x76,0x5C,0x2F,
+0xA7,0x1C,0xC9,0x09,0x69,0x9A,0x83,0xCF,0x29,0x39,0xB9,0xE9,0x4C,0xFF,0x43,0xAB,
+	};
+
+void des_xwhite_in2out(const_des_cblock *des_key, const_des_cblock *in_white,
+	     des_cblock *out_white)
+	{
+	int out0,out1;
+	int i;
+	const unsigned char *key = &(*des_key)[0];
+	const unsigned char *in = &(*in_white)[0];
+	unsigned char *out = &(*out_white)[0];
+
+	out[0]=out[1]=out[2]=out[3]=out[4]=out[5]=out[6]=out[7]=0;
+	out0=out1=0;
+	for (i=0; i<8; i++)
+		{
+		out[i]=key[i]^desx_white_in2out[out0^out1];
+		out0=out1;
+		out1=(int)out[i&0x07];
+		}
+
+	out0=out[0];
+	out1=out[i];
+	for (i=0; i<8; i++)
+		{
+		out[i]=in[i]^desx_white_in2out[out0^out1];
+		out0=out1;
+		out1=(int)out[i&0x07];
+		}
+	}
+
+void des_xcbc_encrypt(const unsigned char *in, unsigned char *out,
+	    long length, des_key_schedule schedule, des_cblock *ivec,
+	    const_des_cblock *inw, const_des_cblock *outw, int enc)
+	{
+	register DES_LONG tin0,tin1;
+	register DES_LONG tout0,tout1,xor0,xor1;
+	register DES_LONG inW0,inW1,outW0,outW1;
+	register const unsigned char *in2;
+	register long l=length;
+	DES_LONG tin[2];
+	unsigned char *iv;
+
+	in2 = &(*inw)[0];
+	c2l(in2,inW0);
+	c2l(in2,inW1);
+	in2 = &(*outw)[0];
+	c2l(in2,outW0);
+	c2l(in2,outW1);
+
+	iv = &(*ivec)[0];
+
+	if (enc)
+		{
+		c2l(iv,tout0);
+		c2l(iv,tout1);
+		for (l-=8; l>=0; l-=8)
+			{
+			c2l(in,tin0);
+			c2l(in,tin1);
+			tin0^=tout0^inW0; tin[0]=tin0;
+			tin1^=tout1^inW1; tin[1]=tin1;
+			des_encrypt(tin,schedule,DES_ENCRYPT);
+			tout0=tin[0]^outW0; l2c(tout0,out);
+			tout1=tin[1]^outW1; l2c(tout1,out);
+			}
+		if (l != -8)
+			{
+			c2ln(in,tin0,tin1,l+8);
+			tin0^=tout0^inW0; tin[0]=tin0;
+			tin1^=tout1^inW1; tin[1]=tin1;
+			des_encrypt(tin,schedule,DES_ENCRYPT);
+			tout0=tin[0]^outW0; l2c(tout0,out);
+			tout1=tin[1]^outW1; l2c(tout1,out);
+			}
+		iv = &(*ivec)[0];
+		l2c(tout0,iv);
+		l2c(tout1,iv);
+		}
+	else
+		{
+		c2l(iv,xor0);
+		c2l(iv,xor1);
+		for (l-=8; l>0; l-=8)
+			{
+			c2l(in,tin0); tin[0]=tin0^outW0;
+			c2l(in,tin1); tin[1]=tin1^outW1;
+			des_encrypt(tin,schedule,DES_DECRYPT);
+			tout0=tin[0]^xor0^inW0;
+			tout1=tin[1]^xor1^inW1;
+			l2c(tout0,out);
+			l2c(tout1,out);
+			xor0=tin0;
+			xor1=tin1;
+			}
+		if (l != -8)
+			{
+			c2l(in,tin0); tin[0]=tin0^outW0;
+			c2l(in,tin1); tin[1]=tin1^outW1;
+			des_encrypt(tin,schedule,DES_DECRYPT);
+			tout0=tin[0]^xor0^inW0;
+			tout1=tin[1]^xor1^inW1;
+			l2cn(tout0,tout1,out,l+8);
+			xor0=tin0;
+			xor1=tin1;
+			}
+
+		iv = &(*ivec)[0];
+		l2c(xor0,iv);
+		l2c(xor1,iv);
+		}
+	tin0=tin1=tout0=tout1=xor0=xor1=0;
+	inW0=inW1=outW0=outW1=0;
+	tin[0]=tin[1]=0;
+	}
+
diff --git a/crypto/openssl/crypto/dh/Makefile.ssl b/crypto/openssl/crypto/dh/Makefile.ssl
new file mode 100644
index 000000000000..37e388d1b4a8
--- /dev/null
+++ b/crypto/openssl/crypto/dh/Makefile.ssl
@@ -0,0 +1,108 @@
+#
+# SSLeay/crypto/dh/Makefile
+#
+
+DIR=	dh
+TOP=	../..
+CC=	cc
+INCLUDES= -I.. -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=		make -f Makefile.ssl
+MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+MAKEFILE=	Makefile.ssl
+AR=		ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST= dhtest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= dh_gen.c dh_key.c dh_lib.c dh_check.c dh_err.c
+LIBOBJ= dh_gen.o dh_key.o dh_lib.o dh_check.o dh_err.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= dh.h
+HEADER=	$(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:	lib
+
+lib:	$(LIBOBJ)
+	$(AR) $(LIB) $(LIBOBJ)
+	$(RANLIB) $(LIB)
+	@touch lib
+
+files:
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+	@for i in $(EXHEADER) ; \
+	do  \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+	done;
+
+tags:
+	ctags $(SRC)
+
+tests:
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+
+dclean:
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+dh_check.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dh_check.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dh_check.o: ../../include/openssl/dh.h ../../include/openssl/e_os.h
+dh_check.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+dh_check.o: ../../include/openssl/opensslconf.h
+dh_check.o: ../../include/openssl/opensslv.h ../../include/openssl/stack.h
+dh_check.o: ../cryptlib.h
+dh_err.o: ../../include/openssl/bn.h ../../include/openssl/dh.h
+dh_err.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+dh_gen.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dh_gen.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dh_gen.o: ../../include/openssl/dh.h ../../include/openssl/e_os.h
+dh_gen.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+dh_gen.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dh_gen.o: ../../include/openssl/stack.h ../cryptlib.h
+dh_key.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dh_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dh_key.o: ../../include/openssl/dh.h ../../include/openssl/e_os.h
+dh_key.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+dh_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dh_key.o: ../../include/openssl/rand.h ../../include/openssl/stack.h
+dh_key.o: ../cryptlib.h
+dh_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dh_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dh_lib.o: ../../include/openssl/dh.h ../../include/openssl/e_os.h
+dh_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+dh_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dh_lib.o: ../../include/openssl/stack.h ../cryptlib.h
diff --git a/crypto/openssl/crypto/dh/dh.h b/crypto/openssl/crypto/dh/dh.h
new file mode 100644
index 000000000000..2cc3797a94e3
--- /dev/null
+++ b/crypto/openssl/crypto/dh/dh.h
@@ -0,0 +1,158 @@
+/* crypto/dh/dh.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_DH_H
+#define HEADER_DH_H
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#ifdef NO_DH
+#error DH is disabled.
+#endif
+
+#include 
+	
+#define DH_FLAG_CACHE_MONT_P	0x01
+
+typedef struct dh_st
+	{
+	/* This first argument is used to pick up errors when
+	 * a DH is passed instead of a EVP_PKEY */
+	int pad;
+	int version;
+	BIGNUM *p;
+	BIGNUM *g;
+	int length; /* optional */
+	BIGNUM *pub_key;	/* y */
+	BIGNUM *priv_key;	/* x */
+
+	int flags;
+	char *method_mont_p;
+	} DH;
+
+#define DH_GENERATOR_2		2
+/* #define DH_GENERATOR_3	3 */
+#define DH_GENERATOR_5		5
+
+/* DH_check error codes */
+#define DH_CHECK_P_NOT_PRIME		0x01
+#define DH_CHECK_P_NOT_STRONG_PRIME	0x02
+#define DH_UNABLE_TO_CHECK_GENERATOR	0x04
+#define DH_NOT_SUITABLE_GENERATOR	0x08
+
+#define DHparams_dup(x) (DH *)ASN1_dup((int (*)())i2d_DHparams, \
+		(char *(*)())d2i_DHparams,(char *)(x))
+#define d2i_DHparams_fp(fp,x) (DH *)ASN1_d2i_fp((char *(*)())DH_new, \
+		(char *(*)())d2i_DHparams,(fp),(unsigned char **)(x))
+#define i2d_DHparams_fp(fp,x) ASN1_i2d_fp(i2d_DHparams,(fp), \
+		(unsigned char *)(x))
+#define d2i_DHparams_bio(bp,x) (DH *)ASN1_d2i_bio((char *(*)())DH_new, \
+		(char *(*)())d2i_DHparams,(bp),(unsigned char **)(x))
+#ifdef  __cplusplus
+#define i2d_DHparams_bio(bp,x) ASN1_i2d_bio((int (*)())i2d_DHparams,(bp), \
+		(unsigned char *)(x))
+#else
+#define i2d_DHparams_bio(bp,x) ASN1_i2d_bio(i2d_DHparams,(bp), \
+		(unsigned char *)(x))
+#endif
+
+DH *	DH_new(void);
+void	DH_free(DH *dh);
+int	DH_size(DH *dh);
+DH *	DH_generate_parameters(int prime_len,int generator,
+		void (*callback)(int,int,void *),void *cb_arg);
+int	DH_check(DH *dh,int *codes);
+int	DH_generate_key(DH *dh);
+int	DH_compute_key(unsigned char *key,BIGNUM *pub_key,DH *dh);
+DH *	d2i_DHparams(DH **a,unsigned char **pp, long length);
+int	i2d_DHparams(DH *a,unsigned char **pp);
+#ifndef NO_FP_API
+int	DHparams_print_fp(FILE *fp, DH *x);
+#endif
+#ifdef HEADER_BIO_H
+int	DHparams_print(BIO *bp, DH *x);
+#else
+int	DHparams_print(char *bp, DH *x);
+#endif
+void	ERR_load_DH_strings(void );
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+
+/* Error codes for the DH functions. */
+
+/* Function codes. */
+#define DH_F_DHPARAMS_PRINT				 100
+#define DH_F_DHPARAMS_PRINT_FP				 101
+#define DH_F_DH_COMPUTE_KEY				 102
+#define DH_F_DH_GENERATE_KEY				 103
+#define DH_F_DH_GENERATE_PARAMETERS			 104
+#define DH_F_DH_NEW					 105
+
+/* Reason codes. */
+#define DH_R_NO_PRIVATE_VALUE				 100
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
+
diff --git a/crypto/openssl/crypto/dh/dh1024.pem b/crypto/openssl/crypto/dh/dh1024.pem
new file mode 100644
index 000000000000..81d43f6a3eae
--- /dev/null
+++ b/crypto/openssl/crypto/dh/dh1024.pem
@@ -0,0 +1,5 @@
+-----BEGIN DH PARAMETERS-----
+MIGHAoGBAJf2QmHKtQXdKCjhPx1ottPb0PMTBH9A6FbaWMsTuKG/K3g6TG1Z1fkq
+/Gz/PWk/eLI9TzFgqVAuPvr3q14a1aZeVUMTgo2oO5/y2UHe6VaJ+trqCTat3xlx
+/mNbIK9HA2RgPC3gWfVLZQrY+gz3ASHHR5nXWHEyvpuZm7m3h+irAgEC
+-----END DH PARAMETERS-----
diff --git a/crypto/openssl/crypto/dh/dh192.pem b/crypto/openssl/crypto/dh/dh192.pem
new file mode 100644
index 000000000000..521c07271d0d
--- /dev/null
+++ b/crypto/openssl/crypto/dh/dh192.pem
@@ -0,0 +1,3 @@
+-----BEGIN DH PARAMETERS-----
+MB4CGQDUoLoCULb9LsYm5+/WN992xxbiLQlEuIsCAQM=
+-----END DH PARAMETERS-----
diff --git a/crypto/openssl/crypto/dh/dh2048.pem b/crypto/openssl/crypto/dh/dh2048.pem
new file mode 100644
index 000000000000..295460f5081e
--- /dev/null
+++ b/crypto/openssl/crypto/dh/dh2048.pem
@@ -0,0 +1,16 @@
+-----BEGIN DH PARAMETERS-----
+MIIBCAKCAQEA7ZKJNYJFVcs7+6J2WmkEYb8h86tT0s0h2v94GRFS8Q7B4lW9aG9o
+AFO5Imov5Jo0H2XMWTKKvbHbSe3fpxJmw/0hBHAY8H/W91hRGXKCeyKpNBgdL8sh
+z22SrkO2qCnHJ6PLAMXy5fsKpFmFor2tRfCzrfnggTXu2YOzzK7q62bmqVdmufEo
+pT8igNcLpvZxk5uBDvhakObMym9mX3rAEBoe8PwttggMYiiw7NuJKO4MqD1llGkW
+aVM8U2ATsCun1IKHrRxynkE1/MJ86VHeYYX8GZt2YA8z+GuzylIOKcMH6JAWzMwA
+Gbatw6QwizOhr9iMjZ0B26TE3X8LvW84wwIBAg==
+-----END DH PARAMETERS-----
+-----BEGIN DH PARAMETERS-----
+MIIBCAKCAQEArtA3w73zP6Lu3EOQtwogiXt3AXXpuS6yD4BhzNS1pZFyPHk0/an5
+8ydEkPhQZHKDW+BZJxxPLANaTudWo2YT8TgtvUdN6KSgMiEi6McwqDw+SADuvW+F
+SKUYFxG6VFIxyEP6xBdf+vhJxEDbRG2EYsHDRRtJ76gp9cSKTHusf2R+4AAVGqnt
+gRAbNqtcOar/7FSj+Pl8G3v0Bty0LcCSpbqgYlnv6z+rErQmmC6PPvSz97TDMCok
+yKpCE9hFA1zkqK3TH4FmFvGeIaXJUIBZf4mArWuBTjWFW3nmhESRUn1VK3K3x42N
+a5k6c2+EhrMFiLjxuH6JZoqL0/E93FF9SwIBAg==
+-----END DH PARAMETERS-----
diff --git a/crypto/openssl/crypto/dh/dh4096.pem b/crypto/openssl/crypto/dh/dh4096.pem
new file mode 100644
index 000000000000..390943a21dc4
--- /dev/null
+++ b/crypto/openssl/crypto/dh/dh4096.pem
@@ -0,0 +1,14 @@
+-----BEGIN DH PARAMETERS-----
+MIICCAKCAgEA/urRnb6vkPYc/KEGXWnbCIOaKitq7ySIq9dTH7s+Ri59zs77zty7
+vfVlSe6VFTBWgYjD2XKUFmtqq6CqXMhVX5ElUDoYDpAyTH85xqNFLzFC7nKrff/H
+TFKNttp22cZE9V0IPpzedPfnQkE7aUdmF9JnDyv21Z/818O93u1B4r0szdnmEvEF
+bKuIxEHX+bp0ZR7RqE1AeifXGJX3d6tsd2PMAObxwwsv55RGkn50vHO4QxtTARr1
+rRUV5j3B3oPMgC7Offxx+98Xn45B1/G0Prp11anDsR1PGwtaCYipqsvMwQUSJtyE
+EOQWk+yFkeMe4vWv367eEi0Sd/wnC+TSXBE3pYvpYerJ8n1MceI5GQTdarJ77OW9
+bGTHmxRsLSCM1jpLdPja5jjb4siAa6EHc4qN9c/iFKS3PQPJEnX7pXKBRs5f7AF3
+W3RIGt+G9IVNZfXaS7Z/iCpgzgvKCs0VeqN38QsJGtC1aIkwOeyjPNy2G6jJ4yqH
+ovXYt/0mc00vCWeSNS1wren0pR2EiLxX0ypjjgsU1mk/Z3b/+zVf7fZSIB+nDLjb
+NPtUlJCVGnAeBK1J1nG3TQicqowOXoM6ISkdaXj5GPJdXHab2+S7cqhKGv5qC7rR
+jT6sx7RUr0CNTxzLI7muV2/a4tGmj0PSdXQdsZ7tw7gbXlaWT1+MM2MCAQI=
+-----END DH PARAMETERS-----
+
diff --git a/crypto/openssl/crypto/dh/dh512.pem b/crypto/openssl/crypto/dh/dh512.pem
new file mode 100644
index 000000000000..0a4d863ebe27
--- /dev/null
+++ b/crypto/openssl/crypto/dh/dh512.pem
@@ -0,0 +1,4 @@
+-----BEGIN DH PARAMETERS-----
+MEYCQQDaWDwW2YUiidDkr3VvTMqS3UvlM7gE+w/tlO+cikQD7VdGUNNpmdsp13Yn
+a6LT1BLiGPTdHghM9tgAPnxHdOgzAgEC
+-----END DH PARAMETERS-----
diff --git a/crypto/openssl/crypto/dh/dh_check.c b/crypto/openssl/crypto/dh/dh_check.c
new file mode 100644
index 000000000000..95ce9cfad012
--- /dev/null
+++ b/crypto/openssl/crypto/dh/dh_check.c
@@ -0,0 +1,118 @@
+/* crypto/dh/dh_check.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+
+/* Check that p is a strong prime and
+ * if g is 2, 3 or 5, check that is is a suitable generator
+ * where
+ * for 2, p mod 24 == 11
+ * for 3, p mod 12 == 5
+ * for 5, p mod 10 == 3 or 7
+ * should hold.
+ */
+
+int DH_check(DH *dh, int *ret)
+	{
+	int ok=0;
+	BN_CTX *ctx=NULL;
+	BN_ULONG l;
+	BIGNUM *q=NULL;
+
+	*ret=0;
+	ctx=BN_CTX_new();
+	if (ctx == NULL) goto err;
+	q=BN_new();
+	if (q == NULL) goto err;
+
+	if (BN_is_word(dh->g,DH_GENERATOR_2))
+		{
+		l=BN_mod_word(dh->p,24);
+		if (l != 11) *ret|=DH_NOT_SUITABLE_GENERATOR;
+		}
+/*	else if (BN_is_word(dh->g,DH_GENERATOR_3))
+		{
+		l=BN_mod_word(dh->p,12);
+		if (l != 5) *ret|=DH_NOT_SUITABLE_GENERATOR;
+		}*/
+	else if (BN_is_word(dh->g,DH_GENERATOR_5))
+		{
+		l=BN_mod_word(dh->p,10);
+		if ((l != 3) && (l != 7))
+			*ret|=DH_NOT_SUITABLE_GENERATOR;
+		}
+	else
+		*ret|=DH_UNABLE_TO_CHECK_GENERATOR;
+
+	if (!BN_is_prime(dh->p,BN_prime_checks,NULL,ctx,NULL))
+		*ret|=DH_CHECK_P_NOT_PRIME;
+	else
+		{
+		if (!BN_rshift1(q,dh->p)) goto err;
+		if (!BN_is_prime(q,BN_prime_checks,NULL,ctx,NULL))
+			*ret|=DH_CHECK_P_NOT_STRONG_PRIME;
+		}
+	ok=1;
+err:
+	if (ctx != NULL) BN_CTX_free(ctx);
+	if (q != NULL) BN_free(q);
+	return(ok);
+	}
diff --git a/crypto/openssl/crypto/dh/dh_err.c b/crypto/openssl/crypto/dh/dh_err.c
new file mode 100644
index 000000000000..0348bd24a2e6
--- /dev/null
+++ b/crypto/openssl/crypto/dh/dh_err.c
@@ -0,0 +1,98 @@
+/* crypto/dh/dh_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file.
+ */
+
+#include 
+#include 
+#include 
+
+/* BEGIN ERROR CODES */
+#ifndef NO_ERR
+static ERR_STRING_DATA DH_str_functs[]=
+	{
+{ERR_PACK(0,DH_F_DHPARAMS_PRINT,0),	"DHparams_print"},
+{ERR_PACK(0,DH_F_DHPARAMS_PRINT_FP,0),	"DHparams_print_fp"},
+{ERR_PACK(0,DH_F_DH_COMPUTE_KEY,0),	"DH_compute_key"},
+{ERR_PACK(0,DH_F_DH_GENERATE_KEY,0),	"DH_generate_key"},
+{ERR_PACK(0,DH_F_DH_GENERATE_PARAMETERS,0),	"DH_generate_parameters"},
+{ERR_PACK(0,DH_F_DH_NEW,0),	"DH_new"},
+{0,NULL}
+	};
+
+static ERR_STRING_DATA DH_str_reasons[]=
+	{
+{DH_R_NO_PRIVATE_VALUE                   ,"no private value"},
+{0,NULL}
+	};
+
+#endif
+
+void ERR_load_DH_strings(void)
+	{
+	static int init=1;
+
+	if (init)
+		{
+		init=0;
+#ifndef NO_ERR
+		ERR_load_strings(ERR_LIB_DH,DH_str_functs);
+		ERR_load_strings(ERR_LIB_DH,DH_str_reasons);
+#endif
+
+		}
+	}
diff --git a/crypto/openssl/crypto/dh/dh_gen.c b/crypto/openssl/crypto/dh/dh_gen.c
new file mode 100644
index 000000000000..b7bcd2c7a418
--- /dev/null
+++ b/crypto/openssl/crypto/dh/dh_gen.c
@@ -0,0 +1,148 @@
+/* crypto/dh/dh_gen.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+
+/* We generate DH parameters as follows
+ * find a prime q which is prime_len/2 bits long.
+ * p=(2*q)+1 or (p-1)/2 = q
+ * For this case, g is a generator if
+ * g^((p-1)/q) mod p != 1 for values of q which are the factors of p-1.
+ * Since the factors of p-1 are q and 2, we just need to check
+ * g^2 mod p != 1 and g^q mod p != 1.
+ *
+ * Having said all that,
+ * there is another special case method for the generators 2, 3 and 5.
+ * for 2, p mod 24 == 11
+ * for 3, p mod 12 == 5  <<<<< does not work for strong primes.
+ * for 5, p mod 10 == 3 or 7
+ *
+ * Thanks to Phil Karn  for the pointers about the
+ * special generators and for answering some of my questions.
+ *
+ * I've implemented the second simple method :-).
+ * Since DH should be using a strong prime (both p and q are prime),
+ * this generator function can take a very very long time to run.
+ */
+
+DH *DH_generate_parameters(int prime_len, int generator,
+	     void (*callback)(int,int,void *), void *cb_arg)
+	{
+	BIGNUM *p=NULL,*t1,*t2;
+	DH *ret=NULL;
+	int g,ok= -1;
+	BN_CTX *ctx=NULL;
+
+	ret=DH_new();
+	if (ret == NULL) goto err;
+	ctx=BN_CTX_new();
+	if (ctx == NULL) goto err;
+	t1= &(ctx->bn[0]);
+	t2= &(ctx->bn[1]);
+	ctx->tos=2;
+	
+	if (generator == DH_GENERATOR_2)
+		{
+		BN_set_word(t1,24);
+		BN_set_word(t2,11);
+		g=2;
+		}
+#ifdef undef  /* does not work for strong primes */
+	else if (generator == DH_GENERATOR_3)
+		{
+		BN_set_word(t1,12);
+		BN_set_word(t2,5);
+		g=3;
+		}
+#endif
+	else if (generator == DH_GENERATOR_5)
+		{
+		BN_set_word(t1,10);
+		BN_set_word(t2,3);
+		/* BN_set_word(t3,7); just have to miss
+		 * out on these ones :-( */
+		g=5;
+		}
+	else
+		g=generator;
+	
+	p=BN_generate_prime(NULL,prime_len,1,t1,t2,callback,cb_arg);
+	if (p == NULL) goto err;
+	if (callback != NULL) callback(3,0,cb_arg);
+	ret->p=p;
+	ret->g=BN_new();
+	if (!BN_set_word(ret->g,g)) goto err;
+	ok=1;
+err:
+	if (ok == -1)
+		{
+		DHerr(DH_F_DH_GENERATE_PARAMETERS,ERR_R_BN_LIB);
+		ok=0;
+		}
+
+	if (ctx != NULL) BN_CTX_free(ctx);
+	if (!ok && (ret != NULL))
+		{
+		DH_free(ret);
+		ret=NULL;
+		}
+	return(ret);
+	}
diff --git a/crypto/openssl/crypto/dh/dh_key.c b/crypto/openssl/crypto/dh/dh_key.c
new file mode 100644
index 000000000000..cede53bfc17f
--- /dev/null
+++ b/crypto/openssl/crypto/dh/dh_key.c
@@ -0,0 +1,154 @@
+/* crypto/dh/dh_key.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+
+int DH_generate_key(DH *dh)
+	{
+	int ok=0;
+	unsigned int i;
+	BN_CTX ctx;
+	BN_MONT_CTX *mont;
+	BIGNUM *pub_key=NULL,*priv_key=NULL;
+
+	BN_CTX_init(&ctx);
+
+	if (dh->priv_key == NULL)
+		{
+		i=dh->length;
+		if (i == 0)
+			{
+			/* Make the number p-1 bits long */
+			i=BN_num_bits(dh->p)-1;
+			}
+		priv_key=BN_new();
+		if (priv_key == NULL) goto err;
+		if (!BN_rand(priv_key,i,0,0)) goto err;
+		}
+	else
+		priv_key=dh->priv_key;
+
+	if (dh->pub_key == NULL)
+		{
+		pub_key=BN_new();
+		if (pub_key == NULL) goto err;
+		}
+	else
+		pub_key=dh->pub_key;
+
+	if ((dh->method_mont_p == NULL) && (dh->flags & DH_FLAG_CACHE_MONT_P))
+		{
+		if ((dh->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
+			if (!BN_MONT_CTX_set((BN_MONT_CTX *)dh->method_mont_p,
+				dh->p,&ctx)) goto err;
+		}
+	mont=(BN_MONT_CTX *)dh->method_mont_p;
+
+	if (!BN_mod_exp_mont(pub_key,dh->g,priv_key,dh->p,&ctx,mont)) goto err;
+		
+	dh->pub_key=pub_key;
+	dh->priv_key=priv_key;
+	ok=1;
+err:
+	if (ok != 1)
+		DHerr(DH_F_DH_GENERATE_KEY,ERR_R_BN_LIB);
+
+	if ((pub_key != NULL)  && (dh->pub_key == NULL))  BN_free(pub_key);
+	if ((priv_key != NULL) && (dh->priv_key == NULL)) BN_free(priv_key);
+	BN_CTX_free(&ctx);
+	return(ok);
+	}
+
+int DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh)
+	{
+	BN_CTX ctx;
+	BN_MONT_CTX *mont;
+	BIGNUM *tmp;
+	int ret= -1;
+
+	BN_CTX_init(&ctx);
+	tmp= &(ctx.bn[ctx.tos++]);
+	
+	if (dh->priv_key == NULL)
+		{
+		DHerr(DH_F_DH_COMPUTE_KEY,DH_R_NO_PRIVATE_VALUE);
+		goto err;
+		}
+	if ((dh->method_mont_p == NULL) && (dh->flags & DH_FLAG_CACHE_MONT_P))
+		{
+		if ((dh->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
+			if (!BN_MONT_CTX_set((BN_MONT_CTX *)dh->method_mont_p,
+				dh->p,&ctx)) goto err;
+		}
+
+	mont=(BN_MONT_CTX *)dh->method_mont_p;
+	if (!BN_mod_exp_mont(tmp,pub_key,dh->priv_key,dh->p,&ctx,mont))
+		{
+		DHerr(DH_F_DH_COMPUTE_KEY,ERR_R_BN_LIB);
+		goto err;
+		}
+
+	ret=BN_bn2bin(tmp,key);
+err:
+	BN_CTX_free(&ctx);
+	return(ret);
+	}
diff --git a/crypto/openssl/crypto/dh/dh_lib.c b/crypto/openssl/crypto/dh/dh_lib.c
new file mode 100644
index 000000000000..61e0720e8a79
--- /dev/null
+++ b/crypto/openssl/crypto/dh/dh_lib.c
@@ -0,0 +1,103 @@
+/* crypto/dh/dh_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+
+const char *DH_version="Diffie-Hellman" OPENSSL_VERSION_PTEXT;
+
+DH *DH_new(void)
+	{
+	DH *ret;
+
+	ret=(DH *)Malloc(sizeof(DH));
+	if (ret == NULL)
+		{
+		DHerr(DH_F_DH_NEW,ERR_R_MALLOC_FAILURE);
+		return(NULL);
+		}
+	ret->pad=0;
+	ret->version=0;
+	ret->p=NULL;
+	ret->g=NULL;
+	ret->length=0;
+	ret->pub_key=NULL;
+	ret->priv_key=NULL;
+	ret->flags=DH_FLAG_CACHE_MONT_P;
+	ret->method_mont_p=NULL;
+	return(ret);
+	}
+
+void DH_free(DH *r)
+	{
+	if(r == NULL) return;
+	if (r->p != NULL) BN_clear_free(r->p);
+	if (r->g != NULL) BN_clear_free(r->g);
+	if (r->pub_key != NULL) BN_clear_free(r->pub_key);
+	if (r->priv_key != NULL) BN_clear_free(r->priv_key);
+	if (r->method_mont_p != NULL)
+		BN_MONT_CTX_free((BN_MONT_CTX *)r->method_mont_p);
+	Free(r);
+	}
+
+int DH_size(DH *dh)
+	{
+	return(BN_num_bytes(dh->p));
+	}
diff --git a/crypto/openssl/crypto/dh/dhtest.c b/crypto/openssl/crypto/dh/dhtest.c
new file mode 100644
index 000000000000..770331971f2f
--- /dev/null
+++ b/crypto/openssl/crypto/dh/dhtest.c
@@ -0,0 +1,188 @@
+/* crypto/dh/dhtest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+#ifdef WINDOWS
+#include "../bio/bss_file.c" 
+#endif
+#include 
+#include 
+#include 
+
+#ifdef NO_DH
+int main(int argc, char *argv[])
+{
+    printf("No DH support\n");
+    return(0);
+}
+#else
+#include 
+
+#ifdef WIN16
+#define MS_CALLBACK	_far _loadds
+#else
+#define MS_CALLBACK
+#endif
+
+static void MS_CALLBACK cb(int p, int n, void *arg);
+#ifdef NO_STDIO
+#define APPS_WIN16
+#include "bss_file.c"
+#endif
+
+BIO *out=NULL;
+
+int main(int argc, char *argv[])
+	{
+	DH *a,*b;
+	char buf[12];
+	unsigned char *abuf=NULL,*bbuf=NULL;
+	int i,alen,blen,aout,bout,ret=1;
+
+#ifdef WIN32
+	CRYPTO_malloc_init();
+#endif
+
+	out=BIO_new(BIO_s_file());
+	if (out == NULL) exit(1);
+	BIO_set_fp(out,stdout,BIO_NOCLOSE);
+
+	a=DH_generate_parameters(64,DH_GENERATOR_5,cb,out);
+	if (a == NULL) goto err;
+
+	BIO_puts(out,"\np    =");
+	BN_print(out,a->p);
+	BIO_puts(out,"\ng    =");
+	BN_print(out,a->g);
+	BIO_puts(out,"\n");
+
+	b=DH_new();
+	if (b == NULL) goto err;
+
+	b->p=BN_dup(a->p);
+	b->g=BN_dup(a->g);
+	if ((b->p == NULL) || (b->g == NULL)) goto err;
+
+	if (!DH_generate_key(a)) goto err;
+	BIO_puts(out,"pri 1=");
+	BN_print(out,a->priv_key);
+	BIO_puts(out,"\npub 1=");
+	BN_print(out,a->pub_key);
+	BIO_puts(out,"\n");
+
+	if (!DH_generate_key(b)) goto err;
+	BIO_puts(out,"pri 2=");
+	BN_print(out,b->priv_key);
+	BIO_puts(out,"\npub 2=");
+	BN_print(out,b->pub_key);
+	BIO_puts(out,"\n");
+
+	alen=DH_size(a);
+	abuf=(unsigned char *)Malloc(alen);
+	aout=DH_compute_key(abuf,b->pub_key,a);
+
+	BIO_puts(out,"key1 =");
+	for (i=0; ipub_key,b);
+
+	BIO_puts(out,"key2 =");
+	for (i=0; i; Mon, 25 Sep 1995 17:52:47 -0700
+Received: (karn@localhost) by servo.qualcomm.com (8.6.12/QC-BSD-2.5.1) 
+          id RAA14732; Mon, 25 Sep 1995 17:50:51 -0700
+Date: Mon, 25 Sep 1995 17:50:51 -0700
+From: Phil Karn 
+Message-Id: <199509260050.RAA14732@servo.qualcomm.com>
+To: cypherpunks@toad.com, ipsec-dev@eit.com
+Subject: Primality verification needed
+Sender: owner-cypherpunks@toad.com
+Precedence: bulk
+Status: RO
+X-Status: 
+
+Hi. I've generated a 2047-bit "strong" prime number that I would like to
+use with Diffie-Hellman key exchange. I assert that not only is this number
+'p' prime, but so is (p-1)/2.
+
+I've used the mpz_probab_prime() function in the Gnu Math Package (GMP) version
+1.3.2 to test this number. This function uses the Miller-Rabin primality test.
+However, to increase my confidence that this number really is a strong prime,
+I'd like to ask others to confirm it with other tests. Here's the number in hex:
+
+72a925f760b2f954ed287f1b0953f3e6aef92e456172f9fe86fdd8822241b9c9788fbc289982743e
+fbcd2ccf062b242d7a567ba8bbb40d79bca7b8e0b6c05f835a5b938d985816bc648985adcff5402a
+a76756b36c845a840a1d059ce02707e19cf47af0b5a882f32315c19d1b86a56c5389c5e9bee16b65
+fde7b1a8d74a7675de9b707d4c5a4633c0290c95ff30a605aeb7ae864ff48370f13cf01d49adb9f2
+3d19a439f753ee7703cf342d87f431105c843c78ca4df639931f3458fae8a94d1687e99a76ed99d0
+ba87189f42fd31ad8262c54a8cf5914ae6c28c540d714a5f6087a171fb74f4814c6f968d72386ef3
+56a05180c3bec7ddd5ef6fe76b1f717b
+
+The generator, g, for this prime is 2.
+
+Thanks!
+
+Phil Karn
+
+
diff --git a/crypto/openssl/crypto/dh/generate b/crypto/openssl/crypto/dh/generate
new file mode 100644
index 000000000000..5d407231df5b
--- /dev/null
+++ b/crypto/openssl/crypto/dh/generate
@@ -0,0 +1,65 @@
+From: stewarts@ix.netcom.com (Bill Stewart)
+Newsgroups: sci.crypt
+Subject: Re: Diffie-Hellman key exchange
+Date: Wed, 11 Oct 1995 23:08:28 GMT
+Organization: Freelance Information Architect
+Lines: 32
+Message-ID: <45hir2$7l8@ixnews7.ix.netcom.com>
+References: <458rhn$76m$1@mhadf.production.compuserve.com>
+NNTP-Posting-Host: ix-pl4-16.ix.netcom.com
+X-NETCOM-Date: Wed Oct 11  4:09:22 PM PDT 1995
+X-Newsreader: Forte Free Agent 1.0.82
+
+Kent Briggs <72124.3234@CompuServe.COM> wrote:
+
+>I have a copy of the 1976 IEEE article describing the
+>Diffie-Hellman public key exchange algorithm: y=a^x mod q.  I'm
+>looking for sources that give examples of secure a,q pairs and
+>possible some source code that I could examine.
+
+q should be prime, and ideally should be a "strong prime",
+which means it's of the form 2n+1 where n is also prime.
+q also needs to be long enough to prevent the attacks LaMacchia and
+Odlyzko described (some variant on a factoring attack which generates
+a large pile of simultaneous equations and then solves them);
+long enough is about the same size as factoring, so 512 bits may not
+be secure enough for most applications.  (The 192 bits used by
+"secure NFS" was certainly not long enough.)
+
+a should be a generator for q, which means it needs to be
+relatively prime to q-1.   Usually a small prime like 2, 3 or 5 will
+work.  
+
+....
+
+Date: Tue, 26 Sep 1995 13:52:36 MST
+From: "Richard Schroeppel" 
+To: karn
+Cc: ho@cs.arizona.edu
+Subject: random large primes
+
+Since your prime is really random, proving it is hard.
+My personal limit on rigorously proved primes is ~350 digits.
+If you really want a proof, we should talk to Francois Morain,
+or the Australian group.
+
+If you want 2 to be a generator (mod P), then you need it
+to be a non-square.  If (P-1)/2 is also prime, then
+non-square == primitive-root for bases << P.
+
+In the case at hand, this means 2 is a generator iff P = 11 (mod 24).
+If you want this, you should restrict your sieve accordingly.
+
+3 is a generator iff P = 5 (mod 12).
+
+5 is a generator iff P = 3 or 7 (mod 10).
+
+2 is perfectly usable as a base even if it's a non-generator, since
+it still covers half the space of possible residues.  And an
+eavesdropper can always determine the low-bit of your exponent for
+a generator anyway.
+
+Rich  rcs@cs.arizona.edu
+
+
+
diff --git a/crypto/openssl/crypto/dh/p1024.c b/crypto/openssl/crypto/dh/p1024.c
new file mode 100644
index 000000000000..368ceca4eb06
--- /dev/null
+++ b/crypto/openssl/crypto/dh/p1024.c
@@ -0,0 +1,92 @@
+/* crypto/dh/p1024.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+#include 
+#include 
+
+unsigned char data[]={0x97,0xF6,0x42,0x61,0xCA,0xB5,0x05,0xDD,
+	0x28,0x28,0xE1,0x3F,0x1D,0x68,0xB6,0xD3,
+	0xDB,0xD0,0xF3,0x13,0x04,0x7F,0x40,0xE8,
+	0x56,0xDA,0x58,0xCB,0x13,0xB8,0xA1,0xBF,
+	0x2B,0x78,0x3A,0x4C,0x6D,0x59,0xD5,0xF9,
+	0x2A,0xFC,0x6C,0xFF,0x3D,0x69,0x3F,0x78,
+	0xB2,0x3D,0x4F,0x31,0x60,0xA9,0x50,0x2E,
+	0x3E,0xFA,0xF7,0xAB,0x5E,0x1A,0xD5,0xA6,
+	0x5E,0x55,0x43,0x13,0x82,0x8D,0xA8,0x3B,
+	0x9F,0xF2,0xD9,0x41,0xDE,0xE9,0x56,0x89,
+	0xFA,0xDA,0xEA,0x09,0x36,0xAD,0xDF,0x19,
+	0x71,0xFE,0x63,0x5B,0x20,0xAF,0x47,0x03,
+	0x64,0x60,0x3C,0x2D,0xE0,0x59,0xF5,0x4B,
+	0x65,0x0A,0xD8,0xFA,0x0C,0xF7,0x01,0x21,
+	0xC7,0x47,0x99,0xD7,0x58,0x71,0x32,0xBE,
+	0x9B,0x99,0x9B,0xB9,0xB7,0x87,0xE8,0xAB,
+	};
+
+main()
+	{
+	DH *dh;
+
+	dh=DH_new();
+	dh->p=BN_bin2bn(data,sizeof(data),NULL);
+	dh->g=BN_new();
+	BN_set_word(dh->g,2);
+	PEM_write_DHparams(stdout,dh);
+	}
diff --git a/crypto/openssl/crypto/dh/p192.c b/crypto/openssl/crypto/dh/p192.c
new file mode 100644
index 000000000000..7bdf40410eb0
--- /dev/null
+++ b/crypto/openssl/crypto/dh/p192.c
@@ -0,0 +1,80 @@
+/* crypto/dh/p192.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+#include 
+#include 
+
+unsigned char data[]={
+0xD4,0xA0,0xBA,0x02,0x50,0xB6,0xFD,0x2E,
+0xC6,0x26,0xE7,0xEF,0xD6,0x37,0xDF,0x76,
+0xC7,0x16,0xE2,0x2D,0x09,0x44,0xB8,0x8B,
+	};
+
+main()
+	{
+	DH *dh;
+
+	dh=DH_new();
+	dh->p=BN_bin2bn(data,sizeof(data),NULL);
+	dh->g=BN_new();
+	BN_set_word(dh->g,3);
+	PEM_write_DHparams(stdout,dh);
+	}
diff --git a/crypto/openssl/crypto/dh/p512.c b/crypto/openssl/crypto/dh/p512.c
new file mode 100644
index 000000000000..a9b6aa83f034
--- /dev/null
+++ b/crypto/openssl/crypto/dh/p512.c
@@ -0,0 +1,85 @@
+/* crypto/dh/p512.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+#include 
+#include 
+
+unsigned char data[]={
+0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,
+0xD0,0xE4,0xAF,0x75,0x6F,0x4C,0xCA,0x92,
+0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F,
+0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED,
+0x57,0x46,0x50,0xD3,0x69,0x99,0xDB,0x29,
+0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12,
+0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6,
+0xD8,0x00,0x3E,0x7C,0x47,0x74,0xE8,0x33,
+	};
+
+main()
+	{
+	DH *dh;
+
+	dh=DH_new();
+	dh->p=BN_bin2bn(data,sizeof(data),NULL);
+	dh->g=BN_new();
+	BN_set_word(dh->g,2);
+	PEM_write_DHparams(stdout,dh);
+	}
diff --git a/crypto/openssl/crypto/dsa/Makefile.ssl b/crypto/openssl/crypto/dsa/Makefile.ssl
new file mode 100644
index 000000000000..6d80ce77be83
--- /dev/null
+++ b/crypto/openssl/crypto/dsa/Makefile.ssl
@@ -0,0 +1,133 @@
+#
+# SSLeay/crypto/dsa/Makefile
+#
+
+DIR=	dsa
+TOP=	../..
+CC=	cc
+INCLUDES= -I.. -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=		make -f Makefile.ssl
+MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+MAKEFILE=	Makefile.ssl
+AR=		ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=dsatest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= dsa_gen.c dsa_key.c dsa_lib.c dsa_asn1.c dsa_vrf.c dsa_sign.c dsa_err.c
+LIBOBJ= dsa_gen.o dsa_key.o dsa_lib.o dsa_asn1.o dsa_vrf.o dsa_sign.o dsa_err.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= dsa.h
+HEADER=	$(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:	lib
+
+lib:	$(LIBOBJ)
+	$(AR) $(LIB) $(LIBOBJ)
+	$(RANLIB) $(LIB)
+	@touch lib
+
+files:
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+	@for i in $(EXHEADER) ; \
+	do  \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+	done;
+
+tags:
+	ctags $(SRC)
+
+tests:
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+
+dclean:
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+dsa_asn1.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+dsa_asn1.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dsa_asn1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dsa_asn1.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+dsa_asn1.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+dsa_asn1.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+dsa_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+dsa_asn1.o: ../../include/openssl/stack.h ../cryptlib.h
+dsa_err.o: ../../include/openssl/bn.h ../../include/openssl/dh.h
+dsa_err.o: ../../include/openssl/dsa.h ../../include/openssl/err.h
+dsa_err.o: ../../include/openssl/opensslconf.h
+dsa_gen.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dsa_gen.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dsa_gen.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+dsa_gen.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+dsa_gen.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+dsa_gen.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+dsa_gen.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+dsa_gen.o: ../cryptlib.h
+dsa_key.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dsa_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dsa_key.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+dsa_key.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+dsa_key.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+dsa_key.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+dsa_key.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+dsa_key.o: ../cryptlib.h
+dsa_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+dsa_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+dsa_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+dsa_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+dsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+dsa_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dsa_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dsa_lib.o: ../cryptlib.h
+dsa_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+dsa_sign.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+dsa_sign.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+dsa_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+dsa_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+dsa_sign.o: ../../include/openssl/opensslconf.h
+dsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+dsa_sign.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dsa_sign.o: ../cryptlib.h
+dsa_vrf.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+dsa_vrf.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dsa_vrf.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dsa_vrf.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+dsa_vrf.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+dsa_vrf.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+dsa_vrf.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+dsa_vrf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dsa_vrf.o: ../cryptlib.h
diff --git a/crypto/openssl/crypto/dsa/README b/crypto/openssl/crypto/dsa/README
new file mode 100644
index 000000000000..6a7e9c170add
--- /dev/null
+++ b/crypto/openssl/crypto/dsa/README
@@ -0,0 +1,4 @@
+The stuff in here is based on patches supplied to me by
+Steven Schoch  to do DSS.
+I have since modified a them a little but a debt of gratitude
+is due for doing the initial work.
diff --git a/crypto/openssl/crypto/dsa/dsa.h b/crypto/openssl/crypto/dsa/dsa.h
new file mode 100644
index 000000000000..20b3f8d90a0e
--- /dev/null
+++ b/crypto/openssl/crypto/dsa/dsa.h
@@ -0,0 +1,204 @@
+/* crypto/dsa/dsa.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/*
+ * The DSS routines are based on patches supplied by
+ * Steven Schoch .  He basically did the
+ * work and I have just tweaked them a little to fit into my
+ * stylistic vision for SSLeay :-) */
+
+#ifndef HEADER_DSA_H
+#define HEADER_DSA_H
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#ifdef NO_DSA
+#error DSA is disabled.
+#endif
+
+#include 
+#ifndef NO_DH
+# include 
+#endif
+
+#define DSA_FLAG_CACHE_MONT_P	0x01
+
+typedef struct dsa_st
+	{
+	/* This first variable is used to pick up errors where
+	 * a DSA is passed instead of of a EVP_PKEY */
+	int pad;
+	int version;
+	int write_params;
+	BIGNUM *p;
+	BIGNUM *q;	/* == 20 */
+	BIGNUM *g;
+
+	BIGNUM *pub_key;  /* y public key */
+	BIGNUM *priv_key; /* x private key */
+
+	BIGNUM *kinv;	/* Signing pre-calc */
+	BIGNUM *r;	/* Signing pre-calc */
+
+	int flags;
+	/* Normally used to cache montgomery values */
+	char *method_mont_p;
+
+	int references;
+	} DSA;
+
+typedef struct DSA_SIG_st
+	{
+	BIGNUM *r;
+	BIGNUM *s;
+	} DSA_SIG;
+
+#define DSAparams_dup(x) (DSA *)ASN1_dup((int (*)())i2d_DSAparams, \
+		(char *(*)())d2i_DSAparams,(char *)(x))
+#define d2i_DSAparams_fp(fp,x) (DSA *)ASN1_d2i_fp((char *(*)())DSA_new, \
+		(char *(*)())d2i_DSAparams,(fp),(unsigned char **)(x))
+#define i2d_DSAparams_fp(fp,x) ASN1_i2d_fp(i2d_DSAparams,(fp), \
+		(unsigned char *)(x))
+#define d2i_DSAparams_bio(bp,x) (DSA *)ASN1_d2i_bio((char *(*)())DSA_new, \
+		(char *(*)())d2i_DSAparams,(bp),(unsigned char **)(x))
+#define i2d_DSAparams_bio(bp,x) ASN1_i2d_bio(i2d_DSAparams,(bp), \
+		(unsigned char *)(x))
+
+
+DSA_SIG * DSA_SIG_new(void);
+void	DSA_SIG_free(DSA_SIG *a);
+int	i2d_DSA_SIG(DSA_SIG *a, unsigned char **pp);
+DSA_SIG * d2i_DSA_SIG(DSA_SIG **v, unsigned char **pp, long length);
+
+DSA_SIG * DSA_do_sign(const unsigned char *dgst,int dlen,DSA *dsa);
+int	DSA_do_verify(const unsigned char *dgst,int dgst_len,
+		      DSA_SIG *sig,DSA *dsa);
+
+DSA *	DSA_new(void);
+int	DSA_size(DSA *);
+	/* next 4 return -1 on error */
+int	DSA_sign_setup( DSA *dsa,BN_CTX *ctx_in,BIGNUM **kinvp,BIGNUM **rp);
+int	DSA_sign(int type,const unsigned char *dgst,int dlen,
+		unsigned char *sig, unsigned int *siglen, DSA *dsa);
+int	DSA_verify(int type,const unsigned char *dgst,int dgst_len,
+		unsigned char *sigbuf, int siglen, DSA *dsa);
+void	DSA_free (DSA *r);
+
+void	ERR_load_DSA_strings(void );
+
+DSA *	d2i_DSAPublicKey(DSA **a, unsigned char **pp, long length);
+DSA *	d2i_DSAPrivateKey(DSA **a, unsigned char **pp, long length);
+DSA * 	d2i_DSAparams(DSA **a, unsigned char **pp, long length);
+DSA *	DSA_generate_parameters(int bits, unsigned char *seed,int seed_len,
+		int *counter_ret, unsigned long *h_ret,void
+		(*callback)(),char *cb_arg);
+int	DSA_generate_key(DSA *a);
+int	i2d_DSAPublicKey(DSA *a, unsigned char **pp);
+int 	i2d_DSAPrivateKey(DSA *a, unsigned char **pp);
+int	i2d_DSAparams(DSA *a,unsigned char **pp);
+
+#ifdef HEADER_BIO_H
+int	DSAparams_print(BIO *bp, DSA *x);
+int	DSA_print(BIO *bp, DSA *x, int off);
+#endif
+#ifndef NO_FP_API
+int	DSAparams_print_fp(FILE *fp, DSA *x);
+int	DSA_print_fp(FILE *bp, DSA *x, int off);
+#endif
+
+int DSA_is_prime(BIGNUM *q,void (*callback)(),char *cb_arg);
+
+#ifndef NO_DH
+/* Convert DSA structure (key or just parameters) into DH structure
+ * (be careful to avoid small subgroup attacks when using this!) */
+DH *DSA_dup_DH(DSA *r);
+#endif
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+
+/* Error codes for the DSA functions. */
+
+/* Function codes. */
+#define DSA_F_D2I_DSA_SIG				 110
+#define DSA_F_DSAPARAMS_PRINT				 100
+#define DSA_F_DSAPARAMS_PRINT_FP			 101
+#define DSA_F_DSA_DO_SIGN				 112
+#define DSA_F_DSA_DO_VERIFY				 113
+#define DSA_F_DSA_IS_PRIME				 102
+#define DSA_F_DSA_NEW					 103
+#define DSA_F_DSA_PRINT					 104
+#define DSA_F_DSA_PRINT_FP				 105
+#define DSA_F_DSA_SIGN					 106
+#define DSA_F_DSA_SIGN_SETUP				 107
+#define DSA_F_DSA_SIG_NEW				 109
+#define DSA_F_DSA_VERIFY				 108
+#define DSA_F_I2D_DSA_SIG				 111
+
+/* Reason codes. */
+#define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE		 100
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
+
diff --git a/crypto/openssl/crypto/dsa/dsa_asn1.c b/crypto/openssl/crypto/dsa/dsa_asn1.c
new file mode 100644
index 000000000000..7523b21654d7
--- /dev/null
+++ b/crypto/openssl/crypto/dsa/dsa_asn1.c
@@ -0,0 +1,96 @@
+/* crypto/dsa/dsa_asn1.c */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+
+DSA_SIG *DSA_SIG_new(void)
+{
+	DSA_SIG *ret;
+
+	ret = Malloc(sizeof(DSA_SIG));
+	if (ret == NULL)
+		{
+		DSAerr(DSA_F_DSA_SIG_NEW,ERR_R_MALLOC_FAILURE);
+		return(NULL);
+		}
+	ret->r = NULL;
+	ret->s = NULL;
+	return(ret);
+}
+
+void DSA_SIG_free(DSA_SIG *r)
+{
+	if (r == NULL) return;
+	if (r->r) BN_clear_free(r->r);
+	if (r->s) BN_clear_free(r->s);
+	Free(r);
+}
+
+int i2d_DSA_SIG(DSA_SIG *v, unsigned char **pp)
+{
+	int t=0,len;
+	ASN1_INTEGER rbs,sbs;
+	unsigned char *p;
+
+	rbs.data=Malloc(BN_num_bits(v->r)/8+1);
+	if (rbs.data == NULL)
+		{
+		DSAerr(DSA_F_I2D_DSA_SIG, ERR_R_MALLOC_FAILURE);
+		return(0);
+		}
+	rbs.type=V_ASN1_INTEGER;
+	rbs.length=BN_bn2bin(v->r,rbs.data);
+	sbs.data=Malloc(BN_num_bits(v->s)/8+1);
+	if (sbs.data == NULL)
+		{
+		Free(rbs.data);
+		DSAerr(DSA_F_I2D_DSA_SIG, ERR_R_MALLOC_FAILURE);
+		return(0);
+		}
+	sbs.type=V_ASN1_INTEGER;
+	sbs.length=BN_bn2bin(v->s,sbs.data);
+
+	len=i2d_ASN1_INTEGER(&rbs,NULL);
+	len+=i2d_ASN1_INTEGER(&sbs,NULL);
+
+	if (pp)
+		{
+		p=*pp;
+		ASN1_put_object(&p,1,len,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
+		i2d_ASN1_INTEGER(&rbs,&p);
+		i2d_ASN1_INTEGER(&sbs,&p);
+		}
+	t=ASN1_object_size(1,len,V_ASN1_SEQUENCE);
+	Free(rbs.data);
+	Free(sbs.data);
+	return(t);
+}
+
+DSA_SIG *d2i_DSA_SIG(DSA_SIG **a, unsigned char **pp, long length)
+{
+	int i=ERR_R_NESTED_ASN1_ERROR;
+	ASN1_INTEGER *bs=NULL;
+	M_ASN1_D2I_vars(a,DSA_SIG *,DSA_SIG_new);
+
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
+	if ((ret->r=BN_bin2bn(bs->data,bs->length,ret->r)) == NULL)
+		goto err_bn;
+	M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
+	if ((ret->s=BN_bin2bn(bs->data,bs->length,ret->s)) == NULL)
+		goto err_bn;
+	ASN1_BIT_STRING_free(bs);
+	M_ASN1_D2I_Finish_2(a);
+
+err_bn:
+	i=ERR_R_BN_LIB;
+err:
+	DSAerr(DSA_F_D2I_DSA_SIG,i);
+	if ((ret != NULL) && ((a == NULL) || (*a != ret))) DSA_SIG_free(ret);
+	if (bs != NULL) ASN1_BIT_STRING_free(bs);
+	return(NULL);
+}
diff --git a/crypto/openssl/crypto/dsa/dsa_err.c b/crypto/openssl/crypto/dsa/dsa_err.c
new file mode 100644
index 000000000000..33a8270afded
--- /dev/null
+++ b/crypto/openssl/crypto/dsa/dsa_err.c
@@ -0,0 +1,106 @@
+/* crypto/dsa/dsa_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file.
+ */
+
+#include 
+#include 
+#include 
+
+/* BEGIN ERROR CODES */
+#ifndef NO_ERR
+static ERR_STRING_DATA DSA_str_functs[]=
+	{
+{ERR_PACK(0,DSA_F_D2I_DSA_SIG,0),	"d2i_DSA_SIG"},
+{ERR_PACK(0,DSA_F_DSAPARAMS_PRINT,0),	"DSAparams_print"},
+{ERR_PACK(0,DSA_F_DSAPARAMS_PRINT_FP,0),	"DSAparams_print_fp"},
+{ERR_PACK(0,DSA_F_DSA_DO_SIGN,0),	"DSA_do_sign"},
+{ERR_PACK(0,DSA_F_DSA_DO_VERIFY,0),	"DSA_do_verify"},
+{ERR_PACK(0,DSA_F_DSA_IS_PRIME,0),	"DSA_is_prime"},
+{ERR_PACK(0,DSA_F_DSA_NEW,0),	"DSA_new"},
+{ERR_PACK(0,DSA_F_DSA_PRINT,0),	"DSA_print"},
+{ERR_PACK(0,DSA_F_DSA_PRINT_FP,0),	"DSA_print_fp"},
+{ERR_PACK(0,DSA_F_DSA_SIGN,0),	"DSA_sign"},
+{ERR_PACK(0,DSA_F_DSA_SIGN_SETUP,0),	"DSA_sign_setup"},
+{ERR_PACK(0,DSA_F_DSA_SIG_NEW,0),	"DSA_SIG_new"},
+{ERR_PACK(0,DSA_F_DSA_VERIFY,0),	"DSA_verify"},
+{ERR_PACK(0,DSA_F_I2D_DSA_SIG,0),	"i2d_DSA_SIG"},
+{0,NULL}
+	};
+
+static ERR_STRING_DATA DSA_str_reasons[]=
+	{
+{DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE       ,"data too large for key size"},
+{0,NULL}
+	};
+
+#endif
+
+void ERR_load_DSA_strings(void)
+	{
+	static int init=1;
+
+	if (init)
+		{
+		init=0;
+#ifndef NO_ERR
+		ERR_load_strings(ERR_LIB_DSA,DSA_str_functs);
+		ERR_load_strings(ERR_LIB_DSA,DSA_str_reasons);
+#endif
+
+		}
+	}
diff --git a/crypto/openssl/crypto/dsa/dsa_gen.c b/crypto/openssl/crypto/dsa/dsa_gen.c
new file mode 100644
index 000000000000..b5e5ec06e5e4
--- /dev/null
+++ b/crypto/openssl/crypto/dsa/dsa_gen.c
@@ -0,0 +1,333 @@
+/* crypto/dsa/dsa_gen.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#undef GENUINE_DSA
+
+#ifdef GENUINE_DSA
+#define HASH    SHA
+#else
+#define HASH    SHA1
+#endif 
+
+#ifndef NO_SHA
+#include 
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+#include 
+
+DSA *DSA_generate_parameters(int bits, unsigned char *seed_in, int seed_len,
+	     int *counter_ret, unsigned long *h_ret, void (*callback)(),
+	     char *cb_arg)
+	{
+	int ok=0;
+	unsigned char seed[SHA_DIGEST_LENGTH];
+	unsigned char md[SHA_DIGEST_LENGTH];
+	unsigned char buf[SHA_DIGEST_LENGTH],buf2[SHA_DIGEST_LENGTH];
+	BIGNUM *r0,*W,*X,*c,*test;
+	BIGNUM *g=NULL,*q=NULL,*p=NULL;
+	BN_MONT_CTX *mont=NULL;
+	int k,n=0,i,b,m=0;
+	int counter=0;
+	BN_CTX *ctx=NULL,*ctx2=NULL;
+	unsigned int h=2;
+	DSA *ret=NULL;
+
+	if (bits < 512) bits=512;
+	bits=(bits+63)/64*64;
+
+	if ((seed_in != NULL) && (seed_len == 20))
+		memcpy(seed,seed_in,seed_len);
+
+	if ((ctx=BN_CTX_new()) == NULL) goto err;
+	if ((ctx2=BN_CTX_new()) == NULL) goto err;
+	if ((ret=DSA_new()) == NULL) goto err;
+
+	if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
+
+	r0= &(ctx2->bn[0]);
+	g= &(ctx2->bn[1]);
+	W= &(ctx2->bn[2]);
+	q= &(ctx2->bn[3]);
+	X= &(ctx2->bn[4]);
+	c= &(ctx2->bn[5]);
+	p= &(ctx2->bn[6]);
+	test= &(ctx2->bn[7]);
+
+	BN_lshift(test,BN_value_one(),bits-1);
+
+	for (;;)
+		{
+		for (;;)
+			{
+			/* step 1 */
+			if (callback != NULL) callback(0,m++,cb_arg);
+
+			if (!seed_len)
+				RAND_bytes(seed,SHA_DIGEST_LENGTH);
+			else
+				seed_len=0;
+
+			memcpy(buf,seed,SHA_DIGEST_LENGTH);
+			memcpy(buf2,seed,SHA_DIGEST_LENGTH);
+			for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--)
+				{
+				buf[i]++;
+				if (buf[i] != 0) break;
+				}
+
+			/* step 2 */
+			HASH(seed,SHA_DIGEST_LENGTH,md);
+			HASH(buf,SHA_DIGEST_LENGTH,buf2);
+			for (i=0; i 0) break;
+			/* do a callback call */
+			/* step 5 */
+			}
+
+		if (callback != NULL) callback(2,0,cb_arg);
+		if (callback != NULL) callback(3,0,cb_arg);
+
+		/* step 6 */
+		counter=0;
+
+		n=(bits-1)/160;
+		b=(bits-1)-n*160;
+
+		for (;;)
+			{
+			/* step 7 */
+			BN_zero(W);
+			for (k=0; k<=n; k++)
+				{
+				for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--)
+					{
+					buf[i]++;
+					if (buf[i] != 0) break;
+					}
+
+				HASH(buf,SHA_DIGEST_LENGTH,md);
+
+				/* step 8 */
+				if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,r0)) abort();
+				BN_lshift(r0,r0,160*k);
+				BN_add(W,W,r0);
+				}
+
+			/* more of step 8 */
+			BN_mask_bits(W,bits-1);
+			BN_copy(X,W); /* this should be ok */
+			BN_add(X,X,test); /* this should be ok */
+
+			/* step 9 */
+			BN_lshift1(r0,q);
+			BN_mod(c,X,r0,ctx);
+			BN_sub(r0,c,BN_value_one());
+			BN_sub(p,X,r0);
+
+			/* step 10 */
+			if (BN_cmp(p,test) >= 0)
+				{
+				/* step 11 */
+				if (DSA_is_prime(p,callback,cb_arg) > 0)
+					goto end;
+				}
+
+			/* step 13 */
+			counter++;
+
+			/* step 14 */
+			if (counter >= 4096) break;
+
+			if (callback != NULL) callback(0,counter,cb_arg);
+			}
+		}
+end:
+	if (callback != NULL) callback(2,1,cb_arg);
+
+	/* We now need to gernerate g */
+	/* Set r0=(p-1)/q */
+	BN_sub(test,p,BN_value_one());
+	BN_div(r0,NULL,test,q,ctx);
+
+	BN_set_word(test,h);
+	BN_MONT_CTX_set(mont,p,ctx);
+
+	for (;;)
+		{
+		/* g=test^r0%p */
+		BN_mod_exp_mont(g,test,r0,p,ctx,mont);
+		if (!BN_is_one(g)) break;
+		BN_add(test,test,BN_value_one());
+		h++;
+		}
+
+	if (callback != NULL) callback(3,1,cb_arg);
+
+	ok=1;
+err:
+	if (!ok)
+		{
+		if (ret != NULL) DSA_free(ret);
+		}
+	else
+		{
+		ret->p=BN_dup(p);
+		ret->q=BN_dup(q);
+		ret->g=BN_dup(g);
+		if ((m > 1) && (seed_in != NULL)) memcpy(seed_in,seed,20);
+		if (counter_ret != NULL) *counter_ret=counter;
+		if (h_ret != NULL) *h_ret=h;
+		}
+	if (ctx != NULL) BN_CTX_free(ctx);
+	if (ctx != NULL) BN_CTX_free(ctx2);
+	if (mont != NULL) BN_MONT_CTX_free(mont);
+	return(ok?ret:NULL);
+	}
+
+int DSA_is_prime(BIGNUM *w, void (*callback)(), char *cb_arg)
+	{
+	int ok= -1,j,i,n;
+	BN_CTX *ctx=NULL,*ctx2=NULL;
+	BIGNUM *w_1,*b,*m,*z,*tmp,*mont_1;
+	int a;
+	BN_MONT_CTX *mont=NULL;
+
+	if (!BN_is_bit_set(w,0)) return(0);
+
+	if ((ctx=BN_CTX_new()) == NULL) goto err;
+	if ((ctx2=BN_CTX_new()) == NULL) goto err;
+	if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
+
+	m=   &(ctx2->bn[2]);
+	b=   &(ctx2->bn[3]);
+	z=   &(ctx2->bn[4]);
+	w_1= &(ctx2->bn[5]);
+	tmp= &(ctx2->bn[6]);
+	mont_1= &(ctx2->bn[7]);
+
+	/* step 1 */
+	n=50;
+
+	/* step 2 */
+	if (!BN_sub(w_1,w,BN_value_one())) goto err;
+	for (a=1; !BN_is_bit_set(w_1,a); a++)
+		;
+	if (!BN_rshift(m,w_1,a)) goto err;
+
+	BN_MONT_CTX_set(mont,w,ctx);
+	BN_to_montgomery(mont_1,BN_value_one(),mont,ctx);
+	BN_to_montgomery(w_1,w_1,mont,ctx);
+	for (i=1; i < n; i++)
+		{
+		/* step 3 */
+		BN_rand(b,BN_num_bits(w)-2/*-1*/,0,0);
+		/* BN_set_word(b,0x10001L); */
+
+		/* step 4 */
+		j=0;
+		if (!BN_mod_exp_mont(z,b,m,w,ctx,mont)) goto err;
+
+		if (!BN_to_montgomery(z,z,mont,ctx)) goto err;
+
+		/* step 5 */
+		for (;;)
+			{
+			if (((j == 0) && (BN_cmp(z,mont_1) == 0)) ||
+				(BN_cmp(z,w_1) == 0))
+				break;
+
+			/* step 6 */
+			if ((j > 0) && (BN_cmp(z,mont_1) == 0))
+				{
+				ok=0;
+				goto err;
+				}
+
+			j++;
+			if (j >= a)
+				{
+				ok=0;
+				goto err;
+				}
+
+			if (!BN_mod_mul_montgomery(z,z,z,mont,ctx)) goto err;
+			if (callback != NULL) callback(1,j,cb_arg);
+			}
+		}
+
+	ok=1;
+err:
+	if (ok == -1) DSAerr(DSA_F_DSA_IS_PRIME,ERR_R_BN_LIB);
+	BN_CTX_free(ctx);
+	BN_CTX_free(ctx2);
+	BN_MONT_CTX_free(mont);
+	
+	return(ok);
+	}
+#endif
diff --git a/crypto/openssl/crypto/dsa/dsa_key.c b/crypto/openssl/crypto/dsa/dsa_key.c
new file mode 100644
index 000000000000..ab7f38fc7c6c
--- /dev/null
+++ b/crypto/openssl/crypto/dsa/dsa_key.c
@@ -0,0 +1,112 @@
+/* crypto/dsa/dsa_key.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef NO_SHA
+#include 
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+#include 
+
+int DSA_generate_key(DSA *dsa)
+	{
+	int ok=0;
+	unsigned int i;
+	BN_CTX *ctx=NULL;
+	BIGNUM *pub_key=NULL,*priv_key=NULL;
+
+	if ((ctx=BN_CTX_new()) == NULL) goto err;
+
+	if (dsa->priv_key == NULL)
+		{
+		if ((priv_key=BN_new()) == NULL) goto err;
+		}
+	else
+		priv_key=dsa->priv_key;
+
+	i=BN_num_bits(dsa->q);
+	for (;;)
+		{
+		BN_rand(priv_key,i,1,0);
+		if (BN_cmp(priv_key,dsa->q) >= 0)
+			BN_sub(priv_key,priv_key,dsa->q);
+		if (!BN_is_zero(priv_key)) break;
+		}
+
+	if (dsa->pub_key == NULL)
+		{
+		if ((pub_key=BN_new()) == NULL) goto err;
+		}
+	else
+		pub_key=dsa->pub_key;
+
+	if (!BN_mod_exp(pub_key,dsa->g,priv_key,dsa->p,ctx)) goto err;
+
+	dsa->priv_key=priv_key;
+	dsa->pub_key=pub_key;
+	ok=1;
+
+err:
+	if ((pub_key != NULL) && (dsa->pub_key == NULL)) BN_free(pub_key);
+	if ((priv_key != NULL) && (dsa->priv_key == NULL)) BN_free(priv_key);
+	if (ctx != NULL) BN_CTX_free(ctx);
+	return(ok);
+	}
+#endif
diff --git a/crypto/openssl/crypto/dsa/dsa_lib.c b/crypto/openssl/crypto/dsa/dsa_lib.c
new file mode 100644
index 000000000000..ce8e204f7e6f
--- /dev/null
+++ b/crypto/openssl/crypto/dsa/dsa_lib.c
@@ -0,0 +1,184 @@
+/* crypto/dsa/dsa_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* Original version from Steven Schoch  */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+
+const char *DSA_version="DSA" OPENSSL_VERSION_PTEXT;
+
+DSA *DSA_new(void)
+	{
+	DSA *ret;
+
+	ret=(DSA *)Malloc(sizeof(DSA));
+	if (ret == NULL)
+		{
+		DSAerr(DSA_F_DSA_NEW,ERR_R_MALLOC_FAILURE);
+		return(NULL);
+		}
+	ret->pad=0;
+	ret->version=0;
+	ret->write_params=1;
+	ret->p=NULL;
+	ret->q=NULL;
+	ret->g=NULL;
+	ret->flags=DSA_FLAG_CACHE_MONT_P;
+
+	ret->pub_key=NULL;
+	ret->priv_key=NULL;
+
+	ret->kinv=NULL;
+	ret->r=NULL;
+	ret->method_mont_p=NULL;
+
+	ret->references=1;
+	return(ret);
+	}
+
+void DSA_free(DSA *r)
+	{
+	int i;
+
+	if (r == NULL) return;
+
+	i=CRYPTO_add(&r->references,-1,CRYPTO_LOCK_DSA);
+#ifdef REF_PRINT
+	REF_PRINT("DSA",r);
+#endif
+	if (i > 0) return;
+#ifdef REF_CHECK
+	if (i < 0)
+		{
+		fprintf(stderr,"DSA_free, bad reference count\n");
+		abort();
+		}
+#endif
+
+	if (r->p != NULL) BN_clear_free(r->p);
+	if (r->q != NULL) BN_clear_free(r->q);
+	if (r->g != NULL) BN_clear_free(r->g);
+	if (r->pub_key != NULL) BN_clear_free(r->pub_key);
+	if (r->priv_key != NULL) BN_clear_free(r->priv_key);
+	if (r->kinv != NULL) BN_clear_free(r->kinv);
+	if (r->r != NULL) BN_clear_free(r->r);
+	if (r->method_mont_p != NULL)
+		BN_MONT_CTX_free((BN_MONT_CTX *)r->method_mont_p);
+	Free(r);
+	}
+
+int DSA_size(DSA *r)
+	{
+	int ret,i;
+	ASN1_INTEGER bs;
+	unsigned char buf[4];
+
+	i=BN_num_bits(r->q);
+	bs.length=(i+7)/8;
+	bs.data=buf;
+	bs.type=V_ASN1_INTEGER;
+	/* If the top bit is set the asn1 encoding is 1 larger. */
+	buf[0]=0xff;	
+
+	i=i2d_ASN1_INTEGER(&bs,NULL);
+	i+=i; /* r and s */
+	ret=ASN1_object_size(1,i,V_ASN1_SEQUENCE);
+	return(ret);
+	}
+
+#ifndef NO_DH
+DH *DSA_dup_DH(DSA *r)
+	{
+	/* DSA has p, q, g, optional pub_key, optional priv_key.
+	 * DH has p, optional length, g, optional pub_key, optional priv_key.
+	 */ 
+
+	DH *ret = NULL;
+
+	if (r == NULL)
+		goto err;
+	ret = DH_new();
+	if (ret == NULL)
+		goto err;
+	if (r->p != NULL) 
+		if ((ret->p = BN_dup(r->p)) == NULL)
+			goto err;
+	if (r->q != NULL)
+		ret->length = BN_num_bits(r->q);
+	if (r->g != NULL)
+		if ((ret->g = BN_dup(r->g)) == NULL)
+			goto err;
+	if (r->pub_key != NULL)
+		if ((ret->pub_key = BN_dup(r->pub_key)) == NULL)
+			goto err;
+	if (r->priv_key != NULL)
+		if ((ret->priv_key = BN_dup(r->priv_key)) == NULL)
+			goto err;
+
+	return ret;
+
+ err:
+	if (ret != NULL)
+		DH_free(ret);
+	return NULL;
+	}
+#endif
diff --git a/crypto/openssl/crypto/dsa/dsa_sign.c b/crypto/openssl/crypto/dsa/dsa_sign.c
new file mode 100644
index 000000000000..774c16196431
--- /dev/null
+++ b/crypto/openssl/crypto/dsa/dsa_sign.c
@@ -0,0 +1,211 @@
+/* crypto/dsa/dsa_sign.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* Original version from Steven Schoch  */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+#include 
+
+DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
+	{
+	BIGNUM *kinv=NULL,*r=NULL,*s=NULL;
+	BIGNUM m;
+	BIGNUM xr;
+	BN_CTX *ctx=NULL;
+	int i,reason=ERR_R_BN_LIB;
+	DSA_SIG *ret=NULL;
+
+	BN_init(&m);
+	BN_init(&xr);
+	s=BN_new();
+	if (s == NULL) goto err;
+
+	i=BN_num_bytes(dsa->q); /* should be 20 */
+	if ((dlen > i) || (dlen > 50))
+		{
+		reason=DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE;
+		goto err;
+		}
+
+	ctx=BN_CTX_new();
+	if (ctx == NULL) goto err;
+
+	if ((dsa->kinv == NULL) || (dsa->r == NULL))
+		{
+		if (!DSA_sign_setup(dsa,ctx,&kinv,&r)) goto err;
+		}
+	else
+		{
+		kinv=dsa->kinv;
+		dsa->kinv=NULL;
+		r=dsa->r;
+		dsa->r=NULL;
+		}
+
+	if (BN_bin2bn(dgst,dlen,&m) == NULL) goto err;
+
+	/* Compute  s = inv(k) (m + xr) mod q */
+	if (!BN_mod_mul(&xr,dsa->priv_key,r,dsa->q,ctx)) goto err;/* s = xr */
+	if (!BN_add(s, &xr, &m)) goto err;		/* s = m + xr */
+	if (BN_cmp(s,dsa->q) > 0)
+		BN_sub(s,s,dsa->q);
+	if (!BN_mod_mul(s,s,kinv,dsa->q,ctx)) goto err;
+
+	ret=DSA_SIG_new();
+	if (ret == NULL) goto err;
+	ret->r = r;
+	ret->s = s;
+	
+err:
+	if (!ret)
+		{
+		DSAerr(DSA_F_DSA_DO_SIGN,reason);
+		BN_free(r);
+		BN_free(s);
+		}
+	if (ctx != NULL) BN_CTX_free(ctx);
+	BN_clear_free(&m);
+	BN_clear_free(&xr);
+	if (kinv != NULL) /* dsa->kinv is NULL now if we used it */
+	    BN_clear_free(kinv);
+	return(ret);
+	}
+
+/* data has already been hashed (probably with SHA or SHA-1). */
+
+/* unsigned char *sig:  out    */
+/* unsigned int *siglen:  out    */
+int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
+	     unsigned int *siglen, DSA *dsa)
+	{
+	DSA_SIG *s;
+	s=DSA_do_sign(dgst,dlen,dsa);
+	if (s == NULL)
+		{
+		*siglen=0;
+		return(0);
+		}
+	*siglen=i2d_DSA_SIG(s,&sig);
+	DSA_SIG_free(s);
+	return(1);
+	}
+
+int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
+	{
+	BN_CTX *ctx;
+	BIGNUM k,*kinv=NULL,*r=NULL;
+	int ret=0;
+
+	if (ctx_in == NULL)
+		{
+		if ((ctx=BN_CTX_new()) == NULL) goto err;
+		}
+	else
+		ctx=ctx_in;
+
+	BN_init(&k);
+	if ((r=BN_new()) == NULL) goto err;
+	kinv=NULL;
+
+	/* Get random k */
+	for (;;)
+		{
+		if (!BN_rand(&k, BN_num_bits(dsa->q), 1, 0)) goto err;
+		if (BN_cmp(&k,dsa->q) >= 0)
+			BN_sub(&k,&k,dsa->q);
+		if (!BN_is_zero(&k)) break;
+		}
+
+	if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P))
+		{
+		if ((dsa->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
+			if (!BN_MONT_CTX_set((BN_MONT_CTX *)dsa->method_mont_p,
+				dsa->p,ctx)) goto err;
+		}
+
+	/* Compute r = (g^k mod p) mod q */
+	if (!BN_mod_exp_mont(r,dsa->g,&k,dsa->p,ctx,
+		(BN_MONT_CTX *)dsa->method_mont_p)) goto err;
+	if (!BN_mod(r,r,dsa->q,ctx)) goto err;
+
+	/* Compute  part of 's = inv(k) (m + xr) mod q' */
+	if ((kinv=BN_mod_inverse(NULL,&k,dsa->q,ctx)) == NULL) goto err;
+
+	if (*kinvp != NULL) BN_clear_free(*kinvp);
+	*kinvp=kinv;
+	kinv=NULL;
+	if (*rp != NULL) BN_clear_free(*rp);
+	*rp=r;
+	ret=1;
+err:
+	if (!ret)
+		{
+		DSAerr(DSA_F_DSA_SIGN_SETUP,ERR_R_BN_LIB);
+		if (kinv != NULL) BN_clear_free(kinv);
+		if (r != NULL) BN_clear_free(r);
+		}
+	if (ctx_in == NULL) BN_CTX_free(ctx);
+	if (kinv != NULL) BN_clear_free(kinv);
+	BN_clear_free(&k);
+	return(ret);
+	}
+
diff --git a/crypto/openssl/crypto/dsa/dsa_vrf.c b/crypto/openssl/crypto/dsa/dsa_vrf.c
new file mode 100644
index 000000000000..ff552208aa23
--- /dev/null
+++ b/crypto/openssl/crypto/dsa/dsa_vrf.c
@@ -0,0 +1,160 @@
+/* crypto/dsa/dsa_vrf.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* Original version from Steven Schoch  */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+#include 
+#include 
+
+int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
+		  DSA *dsa)
+	{
+	BN_CTX *ctx;
+	BIGNUM u1,u2,t1;
+	BN_MONT_CTX *mont=NULL;
+	int ret = -1;
+
+	if ((ctx=BN_CTX_new()) == NULL) goto err;
+	BN_init(&u1);
+	BN_init(&u2);
+	BN_init(&t1);
+
+	/* Calculate W = inv(S) mod Q
+	 * save W in u2 */
+	if ((BN_mod_inverse(&u2,sig->s,dsa->q,ctx)) == NULL) goto err;
+
+	/* save M in u1 */
+	if (BN_bin2bn(dgst,dgst_len,&u1) == NULL) goto err;
+
+	/* u1 = M * w mod q */
+	if (!BN_mod_mul(&u1,&u1,&u2,dsa->q,ctx)) goto err;
+
+	/* u2 = r * w mod q */
+	if (!BN_mod_mul(&u2,sig->r,&u2,dsa->q,ctx)) goto err;
+
+	if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P))
+		{
+		if ((dsa->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
+			if (!BN_MONT_CTX_set((BN_MONT_CTX *)dsa->method_mont_p,
+				dsa->p,ctx)) goto err;
+		}
+	mont=(BN_MONT_CTX *)dsa->method_mont_p;
+
+#if 0
+	{
+	BIGNUM t2;
+
+	BN_init(&t2);
+	/* v = ( g^u1 * y^u2 mod p ) mod q */
+	/* let t1 = g ^ u1 mod p */
+	if (!BN_mod_exp_mont(&t1,dsa->g,&u1,dsa->p,ctx,mont)) goto err;
+	/* let t2 = y ^ u2 mod p */
+	if (!BN_mod_exp_mont(&t2,dsa->pub_key,&u2,dsa->p,ctx,mont)) goto err;
+	/* let u1 = t1 * t2 mod p */
+	if (!BN_mod_mul(&u1,&t1,&t2,dsa->p,ctx)) goto err_bn;
+	BN_free(&t2);
+	}
+	/* let u1 = u1 mod q */
+	if (!BN_mod(&u1,&u1,dsa->q,ctx)) goto err;
+#else
+	{
+	if (!BN_mod_exp2_mont(&t1,dsa->g,&u1,dsa->pub_key,&u2,dsa->p,ctx,mont))
+		goto err;
+	/* BN_copy(&u1,&t1); */
+	/* let u1 = u1 mod q */
+	if (!BN_mod(&u1,&t1,dsa->q,ctx)) goto err;
+	}
+#endif
+	/* V is now in u1.  If the signature is correct, it will be
+	 * equal to R. */
+	ret=(BN_ucmp(&u1, sig->r) == 0);
+
+	err:
+	if (ret != 1) DSAerr(DSA_F_DSA_DO_VERIFY,ERR_R_BN_LIB);
+	if (ctx != NULL) BN_CTX_free(ctx);
+	BN_free(&u1);
+	BN_free(&u2);
+	BN_free(&t1);
+	return(ret);
+	}
+
+/* data has already been hashed (probably with SHA or SHA-1). */
+/* returns
+ *      1: correct signature
+ *      0: incorrect signature
+ *     -1: error
+ */
+int DSA_verify(int type, const unsigned char *dgst, int dgst_len,
+	     unsigned char *sigbuf, int siglen, DSA *dsa)
+	{
+	DSA_SIG *s;
+	int ret=-1;
+
+	s = DSA_SIG_new();
+	if (s == NULL) return(ret);
+	if (d2i_DSA_SIG(&s,&sigbuf,siglen) == NULL) goto err;
+	ret=DSA_do_verify(dgst,dgst_len,s,dsa);
+err:
+	DSA_SIG_free(s);
+	return(ret);
+	}
diff --git a/crypto/openssl/crypto/dsa/dsagen.c b/crypto/openssl/crypto/dsa/dsagen.c
new file mode 100644
index 000000000000..a0b097664086
--- /dev/null
+++ b/crypto/openssl/crypto/dsa/dsagen.c
@@ -0,0 +1,111 @@
+/* crypto/dsa/dsagen.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+
+#define TEST
+#define GENUINE_DSA
+
+#ifdef GENUINE_DSA
+#define LAST_VALUE 0xbd
+#else
+#define LAST_VALUE 0xd3
+#endif
+
+#ifdef TEST
+unsigned char seed[20]={
+	0xd5,0x01,0x4e,0x4b,
+	0x60,0xef,0x2b,0xa8,
+	0xb6,0x21,0x1b,0x40,
+	0x62,0xba,0x32,0x24,
+	0xe0,0x42,0x7d,LAST_VALUE};
+#endif
+
+int cb(int p, int n)
+	{
+	char c='*';
+
+	if (p == 0) c='.';
+	if (p == 1) c='+';
+	if (p == 2) c='*';
+	if (p == 3) c='\n';
+	printf("%c",c);
+	fflush(stdout);
+	}
+
+main()
+	{
+	int i;
+	BIGNUM *n;
+	BN_CTX *ctx;
+	unsigned char seed_buf[20];
+	DSA *dsa;
+	int counter,h;
+	BIO *bio_err=NULL;
+
+	if (bio_err == NULL)
+		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+
+	memcpy(seed_buf,seed,20);
+	dsa=DSA_generate_parameters(1024,seed,20,&counter,&h,cb);
+
+	if (dsa == NULL)
+		DSA_print(bio_err,dsa,0);
+	}
+
diff --git a/crypto/openssl/crypto/dsa/dsatest.c b/crypto/openssl/crypto/dsa/dsatest.c
new file mode 100644
index 000000000000..fc25c9a1b797
--- /dev/null
+++ b/crypto/openssl/crypto/dsa/dsatest.c
@@ -0,0 +1,220 @@
+/* crypto/dsa/dsatest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#ifdef WINDOWS
+#include "../bio/bss_file.c"
+#endif
+
+#ifdef NO_DSA
+int main(int argc, char *argv[])
+{
+    printf("No DSA support\n");
+    return(0);
+}
+#else
+#include 
+
+#ifdef WIN16
+#define MS_CALLBACK     _far _loadds
+#else
+#define MS_CALLBACK
+#endif
+
+static void MS_CALLBACK dsa_cb(int p, int n, char *arg);
+static unsigned char seed[20]={
+	0xd5,0x01,0x4e,0x4b,0x60,0xef,0x2b,0xa8,0xb6,0x21,0x1b,0x40,
+	0x62,0xba,0x32,0x24,0xe0,0x42,0x7d,0xd3,
+	};
+
+static unsigned char out_p[]={
+	0x8d,0xf2,0xa4,0x94,0x49,0x22,0x76,0xaa,
+	0x3d,0x25,0x75,0x9b,0xb0,0x68,0x69,0xcb,
+	0xea,0xc0,0xd8,0x3a,0xfb,0x8d,0x0c,0xf7,
+	0xcb,0xb8,0x32,0x4f,0x0d,0x78,0x82,0xe5,
+	0xd0,0x76,0x2f,0xc5,0xb7,0x21,0x0e,0xaf,
+	0xc2,0xe9,0xad,0xac,0x32,0xab,0x7a,0xac,
+	0x49,0x69,0x3d,0xfb,0xf8,0x37,0x24,0xc2,
+	0xec,0x07,0x36,0xee,0x31,0xc8,0x02,0x91,
+	};
+
+static unsigned char out_q[]={
+	0xc7,0x73,0x21,0x8c,0x73,0x7e,0xc8,0xee,
+	0x99,0x3b,0x4f,0x2d,0xed,0x30,0xf4,0x8e,
+	0xda,0xce,0x91,0x5f,
+	};
+
+static unsigned char out_g[]={
+	0x62,0x6d,0x02,0x78,0x39,0xea,0x0a,0x13,
+	0x41,0x31,0x63,0xa5,0x5b,0x4c,0xb5,0x00,
+	0x29,0x9d,0x55,0x22,0x95,0x6c,0xef,0xcb,
+	0x3b,0xff,0x10,0xf3,0x99,0xce,0x2c,0x2e,
+	0x71,0xcb,0x9d,0xe5,0xfa,0x24,0xba,0xbf,
+	0x58,0xe5,0xb7,0x95,0x21,0x92,0x5c,0x9c,
+	0xc4,0x2e,0x9f,0x6f,0x46,0x4b,0x08,0x8c,
+	0xc5,0x72,0xaf,0x53,0xe6,0xd7,0x88,0x02,
+	};
+
+static const unsigned char str1[]="12345678901234567890";
+
+static BIO *bio_err=NULL;
+
+int main(int argc, char **argv)
+	{
+	DSA *dsa=NULL;
+	int counter,ret=0,i,j;
+	unsigned char buf[256];
+	unsigned long h;
+	unsigned char sig[256];
+	unsigned int siglen;
+
+	if (bio_err == NULL)
+		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+
+	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+	BIO_printf(bio_err,"test generation of DSA parameters\n");
+	BIO_printf(bio_err,"expect '.*' followed by 5 lines of '.'s and '+'s\n");
+	dsa=DSA_generate_parameters(512,seed,20,&counter,&h,dsa_cb,
+		(char *)bio_err);
+
+	BIO_printf(bio_err,"seed\n");
+	for (i=0; i<20; i+=4)
+		{
+		BIO_printf(bio_err,"%02X%02X%02X%02X ",
+			seed[i],seed[i+1],seed[i+2],seed[i+3]);
+		}
+	BIO_printf(bio_err,"\ncounter=%d h=%d\n",counter,h);
+		
+	if (dsa == NULL) goto end;
+	DSA_print(bio_err,dsa,0);
+	if (counter != 105) 
+		{
+		BIO_printf(bio_err,"counter should be 105\n");
+		goto end;
+		}
+	if (h != 2)
+		{
+		BIO_printf(bio_err,"h should be 2\n");
+		goto end;
+		}
+
+	i=BN_bn2bin(dsa->q,buf);
+	j=sizeof(out_q);
+	if ((i != j) || (memcmp(buf,out_q,i) != 0))
+		{
+		BIO_printf(bio_err,"q value is wrong\n");
+		goto end;
+		}
+
+	i=BN_bn2bin(dsa->p,buf);
+	j=sizeof(out_p);
+	if ((i != j) || (memcmp(buf,out_p,i) != 0))
+		{
+		BIO_printf(bio_err,"p value is wrong\n");
+		goto end;
+		}
+
+	i=BN_bn2bin(dsa->g,buf);
+	j=sizeof(out_g);
+	if ((i != j) || (memcmp(buf,out_g,i) != 0))
+		{
+		BIO_printf(bio_err,"g value is wrong\n");
+		goto end;
+		}
+	DSA_generate_key(dsa);
+	DSA_sign(0, str1, 20, sig, &siglen, dsa);
+	if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1)
+		ret=1;
+end:
+	if (!ret)
+		ERR_print_errors(bio_err);
+	if (dsa != NULL) DSA_free(dsa);
+	CRYPTO_mem_leaks(bio_err);
+	if (bio_err != NULL) BIO_free(bio_err);
+	exit(!ret);
+	return(0);
+	}
+
+static void MS_CALLBACK dsa_cb(int p, int n, char *arg)
+	{
+	char c='*';
+	static int ok=0,num=0;
+
+	if (p == 0) { c='.'; num++; };
+	if (p == 1) c='+';
+	if (p == 2) { c='*'; ok++; }
+	if (p == 3) c='\n';
+	BIO_write((BIO *)arg,&c,1);
+	(void)BIO_flush((BIO *)arg);
+
+	if (!ok && (p == 0) && (num > 1))
+		{
+		BIO_printf((BIO *)arg,"error in dsatest\n");
+		exit(1);
+		}
+	}
+#endif
diff --git a/crypto/openssl/crypto/dsa/fips186a.txt b/crypto/openssl/crypto/dsa/fips186a.txt
new file mode 100644
index 000000000000..3a2e0a0d51a2
--- /dev/null
+++ b/crypto/openssl/crypto/dsa/fips186a.txt
@@ -0,0 +1,122 @@
+The origional FIPE 180 used SHA-0 (FIPS 180) for its appendix 5
+examples.  This is an updated version that uses SHA-1 (FIPS 180-1)
+supplied to me by Wei Dai
+--
+		     APPENDIX 5. EXAMPLE OF THE DSA
+
+
+This appendix is for informational purposes only and is not required to meet
+the standard.
+
+Let L = 512 (size of p).  The values in this example are expressed in
+hexadecimal notation.  The p and q given here were generated by the prime
+generation standard described in appendix 2 using the 160-bit SEED:
+
+          d5014e4b 60ef2ba8 b6211b40 62ba3224 e0427dd3
+
+With this SEED, the algorithm found p and q when the counter was at 105.
+
+x was generated by the algorithm described in appendix 3, section 3.1, using
+the SHA to construct G (as in appendix 3, section 3.3) and a 160-bit XSEED:
+
+XSEED =   
+
+	bd029bbe 7f51960b cf9edb2b 61f06f0f eb5a38b6
+
+t =
+	67452301 EFCDAB89 98BADCFE 10325476 C3D2E1F0
+
+x = G(t,XSEED) mod q
+
+k was generated by the algorithm described in appendix 3, section 3.2, using
+the SHA to construct G (as in appendix 3, section 3.3) and a 160-bit KSEED:
+
+KSEED =
+
+	687a66d9 0648f993 867e121f 4ddf9ddb 01205584
+
+t =
+	EFCDAB89 98BADCFE 10325476 C3D2E1F0 67452301
+
+k = G(t,KSEED) mod q
+
+Finally:
+
+h = 2
+
+p =
+	8df2a494 492276aa 3d25759b b06869cb eac0d83a fb8d0cf7
+	cbb8324f 0d7882e5 d0762fc5 b7210eaf c2e9adac 32ab7aac
+	49693dfb f83724c2 ec0736ee 31c80291
+
+
+q =
+	c773218c 737ec8ee 993b4f2d ed30f48e dace915f
+
+
+g =
+	626d0278 39ea0a13 413163a5 5b4cb500 299d5522 956cefcb
+	3bff10f3 99ce2c2e 71cb9de5 fa24babf 58e5b795 21925c9c
+	c42e9f6f 464b088c c572af53 e6d78802
+
+
+x =
+	2070b322 3dba372f de1c0ffc 7b2e3b49 8b260614
+
+
+k =
+	358dad57 1462710f 50e254cf 1a376b2b deaadfbf
+
+
+kinv = 
+
+	0d516729 8202e49b 4116ac10 4fc3f415 ae52f917
+
+M = ASCII form of "abc" (See FIPS PUB 180-1, Appendix A)
+
+SHA(M) =  
+
+	a9993e36 4706816a ba3e2571 7850c26c 9cd0d89d
+
+
+y =
+
+	19131871 d75b1612 a819f29d 78d1b0d7 346f7aa7 7bb62a85 
+	9bfd6c56 75da9d21 2d3a36ef 1672ef66 0b8c7c25 5cc0ec74
+	858fba33 f44c0669 9630a76b 030ee333
+
+
+r =
+	8bac1ab6 6410435c b7181f95 b16ab97c 92b341c0
+
+s =
+	41e2345f 1f56df24 58f426d1 55b4ba2d b6dcd8c8
+
+
+w =
+	9df4ece5 826be95f ed406d41 b43edc0b 1c18841b
+
+
+u1 =
+	bf655bd0 46f0b35e c791b004 804afcbb 8ef7d69d
+
+
+u2 =
+	821a9263 12e97ade abcc8d08 2b527897 8a2df4b0
+
+
+gu1 mod p =
+
+	51b1bf86 7888e5f3 af6fb476 9dd016bc fe667a65 aafc2753
+	9063bd3d 2b138b4c e02cc0c0 2ec62bb6 7306c63e 4db95bbf
+	6f96662a 1987a21b e4ec1071 010b6069
+
+
+yu2 mod p =
+
+	8b510071 2957e950 50d6b8fd 376a668e 4b0d633c 1e46e665
+	5c611a72 e2b28483 be52c74d 4b30de61 a668966e dc307a67 
+	c19441f4 22bf3c34 08aeba1f 0a4dbec7
+
+v =
+	8bac1ab6 6410435c b7181f95 b16ab97c 92b341c0
diff --git a/crypto/openssl/crypto/ebcdic.h b/crypto/openssl/crypto/ebcdic.h
new file mode 100644
index 000000000000..d3b4e98b120c
--- /dev/null
+++ b/crypto/openssl/crypto/ebcdic.h
@@ -0,0 +1,17 @@
+#ifndef HEADER_EBCDIC_H
+#define HEADER_EBCDIC_H
+
+#include 
+
+/* Avoid name clashes with other applications */
+#define os_toascii   _eay2000_os_toascii
+#define os_toebcdic  _eay2000_os_toebcdic
+#define ebcdic2ascii _eay2000_ebcdic2ascii
+#define ascii2ebcdic _eay2000_ascii2ebcdic
+
+extern const unsigned char os_toascii[256];
+extern const unsigned char os_toebcdic[256];
+void ebcdic2ascii(unsigned char *dest, const unsigned char *srce, size_t count);
+void ascii2ebcdic(unsigned char *dest, const unsigned char *srce, size_t count);
+
+#endif
diff --git a/crypto/openssl/crypto/err/Makefile.ssl b/crypto/openssl/crypto/err/Makefile.ssl
new file mode 100644
index 000000000000..e0f5128f438c
--- /dev/null
+++ b/crypto/openssl/crypto/err/Makefile.ssl
@@ -0,0 +1,110 @@
+#
+# SSLeay/crypto/err/Makefile
+#
+
+DIR=	err
+TOP=	../..
+CC=	cc
+INCLUDES= -I.. -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=		make -f Makefile.ssl
+MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+MAKEFILE=	Makefile.ssl
+AR=		ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=err.c err_all.c err_prn.c
+LIBOBJ=err.o err_all.o err_prn.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= err.h
+HEADER=	$(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:	lib
+
+lib:	$(LIBOBJ)
+	$(AR) $(LIB) $(LIBOBJ)
+	$(RANLIB) $(LIB)
+	@touch lib
+
+files:
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+	@for i in $(EXHEADER) ; \
+	do  \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+	done;
+
+tags:
+	ctags $(SRC)
+
+tests:
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+
+dclean:
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+err.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+err.o: ../../include/openssl/opensslv.h ../../include/openssl/stack.h
+err.o: ../cryptlib.h
+err_all.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+err_all.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+err_all.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+err_all.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+err_all.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+err_all.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+err_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+err_all.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+err_all.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+err_all.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+err_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+err_all.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs12.h
+err_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+err_all.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+err_all.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+err_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+err_all.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+err_all.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+err_prn.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+err_prn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+err_prn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+err_prn.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+err_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/stack.h
+err_prn.o: ../cryptlib.h
diff --git a/crypto/openssl/crypto/err/err.c b/crypto/openssl/crypto/err/err.c
new file mode 100644
index 000000000000..8810d838c64f
--- /dev/null
+++ b/crypto/openssl/crypto/err/err.c
@@ -0,0 +1,643 @@
+/* crypto/err/err.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+
+
+static LHASH *error_hash=NULL;
+static LHASH *thread_hash=NULL;
+
+static unsigned long err_hash(ERR_STRING_DATA *a);
+static int err_cmp(ERR_STRING_DATA *a, ERR_STRING_DATA *b);
+static unsigned long pid_hash(ERR_STATE *pid);
+static int pid_cmp(ERR_STATE *a,ERR_STATE *pid);
+static unsigned long get_error_values(int inc,const char **file,int *line,
+				      const char **data,int *flags);
+static void ERR_STATE_free(ERR_STATE *s);
+#ifndef NO_ERR
+static ERR_STRING_DATA ERR_str_libraries[]=
+	{
+{ERR_PACK(ERR_LIB_NONE,0,0)		,"unknown library"},
+{ERR_PACK(ERR_LIB_SYS,0,0)		,"system library"},
+{ERR_PACK(ERR_LIB_BN,0,0)		,"bignum routines"},
+{ERR_PACK(ERR_LIB_RSA,0,0)		,"rsa routines"},
+{ERR_PACK(ERR_LIB_DH,0,0)		,"Diffie-Hellman routines"},
+{ERR_PACK(ERR_LIB_EVP,0,0)		,"digital envelope routines"},
+{ERR_PACK(ERR_LIB_BUF,0,0)		,"memory buffer routines"},
+{ERR_PACK(ERR_LIB_BIO,0,0)		,"BIO routines"},
+{ERR_PACK(ERR_LIB_OBJ,0,0)		,"object identifier routines"},
+{ERR_PACK(ERR_LIB_PEM,0,0)		,"PEM routines"},
+{ERR_PACK(ERR_LIB_ASN1,0,0)		,"asn1 encoding routines"},
+{ERR_PACK(ERR_LIB_X509,0,0)		,"x509 certificate routines"},
+{ERR_PACK(ERR_LIB_CONF,0,0)		,"configuation file routines"},
+{ERR_PACK(ERR_LIB_METH,0,0)		,"X509 lookup 'method' routines"},
+{ERR_PACK(ERR_LIB_SSL,0,0)		,"SSL routines"},
+{ERR_PACK(ERR_LIB_RSAREF,0,0)		,"RSAref routines"},
+{ERR_PACK(ERR_LIB_PROXY,0,0)		,"Proxy routines"},
+{ERR_PACK(ERR_LIB_BIO,0,0)		,"BIO routines"},
+{ERR_PACK(ERR_LIB_PKCS7,0,0)		,"PKCS7 routines"},
+{ERR_PACK(ERR_LIB_X509V3,0,0)		,"X509 V3 routines"},
+{ERR_PACK(ERR_LIB_PKCS12,0,0)		,"PKCS12 routines"},
+{0,NULL},
+	};
+
+static ERR_STRING_DATA ERR_str_functs[]=
+	{
+	{ERR_PACK(0,SYS_F_FOPEN,0),     	"fopen"},
+	{ERR_PACK(0,SYS_F_CONNECT,0),		"connect"},
+	{ERR_PACK(0,SYS_F_GETSERVBYNAME,0),	"getservbyname"},
+	{ERR_PACK(0,SYS_F_SOCKET,0),		"socket"}, 
+	{ERR_PACK(0,SYS_F_IOCTLSOCKET,0),	"ioctlsocket"},
+	{ERR_PACK(0,SYS_F_BIND,0),		"bind"},
+	{ERR_PACK(0,SYS_F_LISTEN,0),		"listen"},
+	{ERR_PACK(0,SYS_F_ACCEPT,0),		"accept"},
+#ifdef WINDOWS
+	{ERR_PACK(0,SYS_F_WSASTARTUP,0),	"WSAstartup"},
+#endif
+	{ERR_PACK(0,SYS_F_OPENDIR,0),		"opendir"},
+	{0,NULL},
+	};
+
+static ERR_STRING_DATA ERR_str_reasons[]=
+	{
+{ERR_R_FATAL                             ,"fatal"},
+{ERR_R_SYS_LIB				,"system lib"},
+{ERR_R_BN_LIB				,"BN lib"},
+{ERR_R_RSA_LIB				,"RSA lib"},
+{ERR_R_DH_LIB				,"DH lib"},
+{ERR_R_EVP_LIB				,"EVP lib"},
+{ERR_R_BUF_LIB				,"BUF lib"},
+{ERR_R_BIO_LIB				,"BIO lib"},
+{ERR_R_OBJ_LIB				,"OBJ lib"},
+{ERR_R_PEM_LIB				,"PEM lib"},
+{ERR_R_X509_LIB				,"X509 lib"},
+{ERR_R_METH_LIB				,"METH lib"},
+{ERR_R_ASN1_LIB				,"ASN1 lib"},
+{ERR_R_CONF_LIB				,"CONF lib"},
+{ERR_R_SSL_LIB				,"SSL lib"},
+{ERR_R_PROXY_LIB			,"PROXY lib"},
+{ERR_R_BIO_LIB				,"BIO lib"},
+{ERR_R_PKCS7_LIB			,"PKCS7 lib"},
+{ERR_R_PKCS12_LIB			,"PKCS12 lib"},
+{ERR_R_MALLOC_FAILURE			,"Malloc failure"},
+{ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED	,"called a function you should not call"},
+{ERR_R_PASSED_NULL_PARAMETER		,"passed a null parameter"},
+{ERR_R_NESTED_ASN1_ERROR		,"nested asn1 error"},
+{ERR_R_BAD_ASN1_OBJECT_HEADER		,"bad asn1 object header"},
+{ERR_R_BAD_GET_ASN1_OBJECT_CALL		,"bad get asn1 object call"},
+{ERR_R_EXPECTING_AN_ASN1_SEQUENCE	,"expecting an asn1 sequence"},
+{ERR_R_ASN1_LENGTH_MISMATCH		,"asn1 length mismatch"},
+{ERR_R_MISSING_ASN1_EOS			,"missing asn1 eos"},
+
+{0,NULL},
+	};
+#endif
+
+#define err_clear_data(p,i) \
+	if (((p)->err_data[i] != NULL) && \
+		(p)->err_data_flags[i] & ERR_TXT_MALLOCED) \
+		{  \
+		Free((p)->err_data[i]); \
+		(p)->err_data[i]=NULL; \
+		} \
+	(p)->err_data_flags[i]=0;
+
+static void ERR_STATE_free(ERR_STATE *s)
+	{
+	int i;
+
+	if(s == NULL)
+	    return;
+
+	for (i=0; ierror)
+		{
+		str->error|=ERR_PACK(lib,0,0);
+		lh_insert(error_hash,(char *)str);
+		str++;
+		}
+	CRYPTO_w_unlock(CRYPTO_LOCK_ERR_HASH);
+	}
+
+void ERR_free_strings(void)
+	{
+	CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+
+	if (error_hash != NULL)
+		{
+		lh_free(error_hash);
+		error_hash=NULL;
+		}
+
+	CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+	}
+
+/********************************************************/
+
+void ERR_put_error(int lib, int func, int reason, const char *file,
+	     int line)
+	{
+	ERR_STATE *es;
+
+#ifdef _OSD_POSIX
+	/* In the BS2000-OSD POSIX subsystem, the compiler generates
+	 * path names in the form "*POSIX(/etc/passwd)".
+	 * This dirty hack strips them to something sensible.
+	 * @@@ We shouldn't modify a const string, though.
+	 */
+	if (strncmp(file,"*POSIX(", sizeof("*POSIX(")-1) == 0) {
+		char *end;
+
+		/* Skip the "*POSIX(" prefix */
+		file += sizeof("*POSIX(")-1;
+		end = &file[strlen(file)-1];
+		if (*end == ')')
+			*end = '\0';
+		/* Optional: use the basename of the path only. */
+		if ((end = strrchr(file, '/')) != NULL)
+			file = &end[1];
+	}
+#endif
+	es=ERR_get_state();
+
+	es->top=(es->top+1)%ERR_NUM_ERRORS;
+	if (es->top == es->bottom)
+		es->bottom=(es->bottom+1)%ERR_NUM_ERRORS;
+	es->err_buffer[es->top]=ERR_PACK(lib,func,reason);
+	es->err_file[es->top]=file;
+	es->err_line[es->top]=line;
+	err_clear_data(es,es->top);
+	}
+
+void ERR_clear_error(void)
+	{
+	ERR_STATE *es;
+
+	es=ERR_get_state();
+
+#if 0
+	/* hmm... is this needed */
+	for (i=0; ierr_buffer[i]=0;
+		es->err_file[i]=NULL;
+		es->err_line[i]= -1;
+		err_clear_data(es,i);
+		}
+#endif
+	es->top=es->bottom=0;
+	}
+
+
+unsigned long ERR_get_error(void)
+	{ return(get_error_values(1,NULL,NULL,NULL,NULL)); }
+
+unsigned long ERR_get_error_line(const char **file,
+	     int *line)
+	{ return(get_error_values(1,file,line,NULL,NULL)); }
+
+unsigned long ERR_get_error_line_data(const char **file, int *line,
+	     const char **data, int *flags)
+	{ return(get_error_values(1,file,line,
+	     data,flags)); }
+
+unsigned long ERR_peek_error(void)
+	{ return(get_error_values(0,NULL,NULL,NULL,NULL)); }
+
+unsigned long ERR_peek_error_line(const char **file,
+	     int *line)
+	{ return(get_error_values(0,file,line,NULL,NULL)); }
+
+unsigned long ERR_peek_error_line_data(const char **file, int *line,
+	     const char **data, int *flags)
+	{ return(get_error_values(0,file,line,
+	     data,flags)); }
+
+static unsigned long get_error_values(int inc, const char **file, int *line,
+	     const char **data, int *flags)
+	{	
+	int i=0;
+	ERR_STATE *es;
+	unsigned long ret;
+
+	es=ERR_get_state();
+
+	if (es->bottom == es->top) return(0);
+	i=(es->bottom+1)%ERR_NUM_ERRORS;
+
+	ret=es->err_buffer[i];
+	if (inc)
+		{
+		es->bottom=i;
+		es->err_buffer[i]=0;
+		}
+
+	if ((file != NULL) && (line != NULL))
+		{
+		if (es->err_file[i] == NULL)
+			{
+			*file="NA";
+			if (line != NULL) *line=0;
+			}
+		else
+			{
+			*file=es->err_file[i];
+			if (line != NULL) *line=es->err_line[i];
+			}
+		}
+
+	if (data != NULL)
+		{
+		if (es->err_data[i] == NULL)
+			{
+			*data="";
+			if (flags != NULL) *flags=0;
+			}
+		else
+			{
+			*data=es->err_data[i];
+			if (flags != NULL) *flags=es->err_data_flags[i];
+			}
+		}
+	return(ret);
+	}
+
+/* BAD for multi-threaded, uses a local buffer if ret == NULL */
+char *ERR_error_string(unsigned long e, char *ret)
+	{
+	static char buf[256];
+	const char *ls,*fs,*rs;
+	unsigned long l,f,r;
+	int i;
+
+	l=ERR_GET_LIB(e);
+	f=ERR_GET_FUNC(e);
+	r=ERR_GET_REASON(e);
+
+	ls=ERR_lib_error_string(e);
+	fs=ERR_func_error_string(e);
+	rs=ERR_reason_error_string(e);
+
+	if (ret == NULL) ret=buf;
+
+	sprintf(&(ret[0]),"error:%08lX:",e);
+	i=strlen(ret);
+	if (ls == NULL)
+		sprintf(&(ret[i]),":lib(%lu) ",l);
+	else	sprintf(&(ret[i]),"%s",ls);
+	i=strlen(ret);
+	if (fs == NULL)
+		sprintf(&(ret[i]),":func(%lu) ",f);
+	else	sprintf(&(ret[i]),":%s",fs);
+	i=strlen(ret);
+	if (rs == NULL)
+		sprintf(&(ret[i]),":reason(%lu)",r);
+	else	sprintf(&(ret[i]),":%s",rs);
+
+	return(ret);
+	}
+
+LHASH *ERR_get_string_table(void)
+	{
+	return(error_hash);
+	}
+
+LHASH *ERR_get_err_state_table(void)
+	{
+	return(thread_hash);
+	}
+
+const char *ERR_lib_error_string(unsigned long e)
+	{
+	ERR_STRING_DATA d,*p=NULL;
+	unsigned long l;
+
+	l=ERR_GET_LIB(e);
+
+	CRYPTO_r_lock(CRYPTO_LOCK_ERR_HASH);
+
+	if (error_hash != NULL)
+		{
+		d.error=ERR_PACK(l,0,0);
+		p=(ERR_STRING_DATA *)lh_retrieve(error_hash,(char *)&d);
+		}
+
+	CRYPTO_r_unlock(CRYPTO_LOCK_ERR_HASH);
+
+	return((p == NULL)?NULL:p->string);
+	}
+
+const char *ERR_func_error_string(unsigned long e)
+	{
+	ERR_STRING_DATA d,*p=NULL;
+	unsigned long l,f;
+
+	l=ERR_GET_LIB(e);
+	f=ERR_GET_FUNC(e);
+
+	CRYPTO_r_lock(CRYPTO_LOCK_ERR_HASH);
+
+	if (error_hash != NULL)
+		{
+		d.error=ERR_PACK(l,f,0);
+		p=(ERR_STRING_DATA *)lh_retrieve(error_hash,(char *)&d);
+		}
+
+	CRYPTO_r_unlock(CRYPTO_LOCK_ERR_HASH);
+
+	return((p == NULL)?NULL:p->string);
+	}
+
+const char *ERR_reason_error_string(unsigned long e)
+	{
+	ERR_STRING_DATA d,*p=NULL;
+	unsigned long l,r;
+
+	l=ERR_GET_LIB(e);
+	r=ERR_GET_REASON(e);
+
+	CRYPTO_r_lock(CRYPTO_LOCK_ERR_HASH);
+
+	if (error_hash != NULL)
+		{
+		d.error=ERR_PACK(l,0,r);
+		p=(ERR_STRING_DATA *)lh_retrieve(error_hash,(char *)&d);
+		if (p == NULL)
+			{
+			d.error=ERR_PACK(0,0,r);
+			p=(ERR_STRING_DATA *)lh_retrieve(error_hash,
+				(char *)&d);
+			}
+		}
+
+	CRYPTO_r_unlock(CRYPTO_LOCK_ERR_HASH);
+
+	return((p == NULL)?NULL:p->string);
+	}
+
+static unsigned long err_hash(ERR_STRING_DATA *a)
+	{
+	unsigned long ret,l;
+
+	l=a->error;
+	ret=l^ERR_GET_LIB(l)^ERR_GET_FUNC(l);
+	return(ret^ret%19*13);
+	}
+
+static int err_cmp(ERR_STRING_DATA *a, ERR_STRING_DATA *b)
+	{
+	return((int)(a->error-b->error));
+	}
+
+static unsigned long pid_hash(ERR_STATE *a)
+	{
+	return(a->pid*13);
+	}
+
+static int pid_cmp(ERR_STATE *a, ERR_STATE *b)
+	{
+	return((int)((long)a->pid - (long)b->pid));
+	}
+
+void ERR_remove_state(unsigned long pid)
+	{
+	ERR_STATE *p,tmp;
+
+	if (thread_hash == NULL)
+		return;
+	if (pid == 0)
+		pid=(unsigned long)CRYPTO_thread_id();
+	tmp.pid=pid;
+	CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+	p=(ERR_STATE *)lh_delete(thread_hash,(char *)&tmp);
+	CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+
+	if (p != NULL) ERR_STATE_free(p);
+	}
+
+ERR_STATE *ERR_get_state(void)
+	{
+	static ERR_STATE fallback;
+	ERR_STATE *ret=NULL,tmp,*tmpp;
+	int i;
+	unsigned long pid;
+
+	pid=(unsigned long)CRYPTO_thread_id();
+
+	CRYPTO_r_lock(CRYPTO_LOCK_ERR);
+	if (thread_hash == NULL)
+		{
+		CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
+		CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+		if (thread_hash == NULL)
+			{
+			MemCheck_off();
+			thread_hash=lh_new(pid_hash,pid_cmp);
+			MemCheck_on();
+			CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+			if (thread_hash == NULL) return(&fallback);
+			}
+		else
+			CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+		}
+	else
+		{
+		tmp.pid=pid;
+		ret=(ERR_STATE *)lh_retrieve(thread_hash,(char *)&tmp);
+		CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
+		}
+
+	/* ret == the error state, if NULL, make a new one */
+	if (ret == NULL)
+		{
+		ret=(ERR_STATE *)Malloc(sizeof(ERR_STATE));
+		if (ret == NULL) return(&fallback);
+		ret->pid=pid;
+		ret->top=0;
+		ret->bottom=0;
+		for (i=0; ierr_data[i]=NULL;
+			ret->err_data_flags[i]=0;
+			}
+		CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+		tmpp=(ERR_STATE *)lh_insert(thread_hash,(char *)ret);
+		CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+		if (tmpp != NULL) /* old entry - should not happen */
+			{
+			ERR_STATE_free(tmpp);
+			}
+		}
+	return(ret);
+	}
+
+int ERR_get_next_error_library(void)
+	{
+	static int value=ERR_LIB_USER;
+
+	return(value++);
+	}
+
+void ERR_set_error_data(char *data, int flags)
+	{
+	ERR_STATE *es;
+	int i;
+
+	es=ERR_get_state();
+
+	i=es->top;
+	if (i == 0)
+		i=ERR_NUM_ERRORS-1;
+
+	es->err_data[i]=data;
+	es->err_data_flags[es->top]=flags;
+	}
+
+void ERR_add_error_data(int num, ...)
+	{
+	va_list args;
+	int i,n,s;
+	char *str,*p,*a;
+
+	s=64;
+	str=Malloc(s+1);
+	if (str == NULL) return;
+	str[0]='\0';
+
+	va_start(args, num);
+	n=0;
+	for (i=0; i */
+		if (a != NULL)
+			{
+			n+=strlen(a);
+			if (n > s)
+				{
+				s=n+20;
+				p=Realloc(str,s+1);
+				if (p == NULL)
+					{
+					Free(str);
+					return;
+					}
+				else
+					str=p;
+				}
+			strcat(str,a);
+			}
+		}
+	ERR_set_error_data(str,ERR_TXT_MALLOCED|ERR_TXT_STRING);
+
+	va_end(args);
+	}
+
diff --git a/crypto/openssl/crypto/err/err.h b/crypto/openssl/crypto/err/err.h
new file mode 100644
index 000000000000..9411fb3568e5
--- /dev/null
+++ b/crypto/openssl/crypto/err/err.h
@@ -0,0 +1,263 @@
+/* crypto/err/err.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_ERR_H
+#define HEADER_ERR_H
+
+#ifdef	__cplusplus
+extern "C" {
+#endif
+
+#ifndef NO_FP_API
+#include 
+#endif
+
+/* The following is a bit of a trick to help the object files only contain
+ * the 'name of the file' string once.  Since 'err.h' is protected by the
+ * HEADER_ERR_H stuff, this should be included only once per file. */
+
+#define ERR_file_name	__FILE__
+
+#ifndef NO_ERR
+#define ERR_PUT_error(a,b,c,d,e)	ERR_put_error(a,b,c,d,e)
+#else
+#define ERR_PUT_error(a,b,c,d,e)	ERR_put_error(a,b,c,NULL,0)
+#endif
+
+#include 
+
+#define ERR_TXT_MALLOCED	0x01
+#define ERR_TXT_STRING		0x02
+
+#define ERR_NUM_ERRORS	16
+typedef struct err_state_st
+	{
+	unsigned long pid;
+	unsigned long err_buffer[ERR_NUM_ERRORS];
+	char *err_data[ERR_NUM_ERRORS];
+	int err_data_flags[ERR_NUM_ERRORS];
+	const char *err_file[ERR_NUM_ERRORS];
+	int err_line[ERR_NUM_ERRORS];
+	int top,bottom;
+	} ERR_STATE;
+
+/* library */
+#define ERR_LIB_NONE		1
+#define ERR_LIB_SYS		2
+#define ERR_LIB_BN		3
+#define ERR_LIB_RSA		4
+#define ERR_LIB_DH		5
+#define ERR_LIB_EVP		6
+#define ERR_LIB_BUF		7
+#define ERR_LIB_OBJ		8
+#define ERR_LIB_PEM		9
+#define ERR_LIB_DSA		10
+#define ERR_LIB_X509		11
+#define ERR_LIB_METH		12
+#define ERR_LIB_ASN1		13
+#define ERR_LIB_CONF		14
+#define ERR_LIB_CRYPTO		15
+#define ERR_LIB_SSL		20
+#define ERR_LIB_SSL23		21
+#define ERR_LIB_SSL2		22
+#define ERR_LIB_SSL3		23
+#define ERR_LIB_RSAREF		30
+#define ERR_LIB_PROXY		31
+#define ERR_LIB_BIO		32
+#define ERR_LIB_PKCS7		33
+#define ERR_LIB_X509V3		34
+#define ERR_LIB_PKCS12		35
+
+#define ERR_LIB_USER		128
+
+#define SYSerr(f,r)  ERR_PUT_error(ERR_LIB_SYS,(f),(r),ERR_file_name,__LINE__)
+#define BNerr(f,r)   ERR_PUT_error(ERR_LIB_BN,(f),(r),ERR_file_name,__LINE__)
+#define RSAerr(f,r)  ERR_PUT_error(ERR_LIB_RSA,(f),(r),ERR_file_name,__LINE__)
+#define DHerr(f,r)   ERR_PUT_error(ERR_LIB_DH,(f),(r),ERR_file_name,__LINE__)
+#define EVPerr(f,r)  ERR_PUT_error(ERR_LIB_EVP,(f),(r),ERR_file_name,__LINE__)
+#define BUFerr(f,r)  ERR_PUT_error(ERR_LIB_BUF,(f),(r),ERR_file_name,__LINE__)
+#define BIOerr(f,r)  ERR_PUT_error(ERR_LIB_BIO,(f),(r),ERR_file_name,__LINE__)
+#define OBJerr(f,r)  ERR_PUT_error(ERR_LIB_OBJ,(f),(r),ERR_file_name,__LINE__)
+#define PEMerr(f,r)  ERR_PUT_error(ERR_LIB_PEM,(f),(r),ERR_file_name,__LINE__)
+#define DSAerr(f,r)  ERR_PUT_error(ERR_LIB_DSA,(f),(r),ERR_file_name,__LINE__)
+#define X509err(f,r) ERR_PUT_error(ERR_LIB_X509,(f),(r),ERR_file_name,__LINE__)
+#define METHerr(f,r) ERR_PUT_error(ERR_LIB_METH,(f),(r),ERR_file_name,__LINE__)
+#define ASN1err(f,r) ERR_PUT_error(ERR_LIB_ASN1,(f),(r),ERR_file_name,__LINE__)
+#define CONFerr(f,r) ERR_PUT_error(ERR_LIB_CONF,(f),(r),ERR_file_name,__LINE__)
+#define CRYPTOerr(f,r) ERR_PUT_error(ERR_LIB_CRYPTO,(f),(r),ERR_file_name,__LINE__)
+#define SSLerr(f,r)  ERR_PUT_error(ERR_LIB_SSL,(f),(r),ERR_file_name,__LINE__)
+#define SSL23err(f,r) ERR_PUT_error(ERR_LIB_SSL23,(f),(r),ERR_file_name,__LINE__)
+#define SSL2err(f,r) ERR_PUT_error(ERR_LIB_SSL2,(f),(r),ERR_file_name,__LINE__)
+#define SSL3err(f,r) ERR_PUT_error(ERR_LIB_SSL3,(f),(r),ERR_file_name,__LINE__)
+#define RSAREFerr(f,r) ERR_PUT_error(ERR_LIB_RSAREF,(f),(r),ERR_file_name,__LINE__)
+#define PROXYerr(f,r) ERR_PUT_error(ERR_LIB_PROXY,(f),(r),ERR_file_name,__LINE__)
+#define PKCS7err(f,r) ERR_PUT_error(ERR_LIB_PKCS7,(f),(r),ERR_file_name,__LINE__)
+#define X509V3err(f,r) ERR_PUT_error(ERR_LIB_X509V3,(f),(r),ERR_file_name,__LINE__)
+#define PKCS12err(f,r) ERR_PUT_error(ERR_LIB_PKCS12,(f),(r),ERR_file_name,__LINE__)
+
+/* Borland C seems too stupid to be able to shift and do longs in
+ * the pre-processor :-( */
+#define ERR_PACK(l,f,r)		(((((unsigned long)l)&0xffL)*0x1000000)| \
+				((((unsigned long)f)&0xfffL)*0x1000)| \
+				((((unsigned long)r)&0xfffL)))
+#define ERR_GET_LIB(l)		(int)((((unsigned long)l)>>24L)&0xffL)
+#define ERR_GET_FUNC(l)		(int)((((unsigned long)l)>>12L)&0xfffL)
+#define ERR_GET_REASON(l)	(int)((l)&0xfffL)
+#define ERR_FATAL_ERROR(l)	(int)((l)&ERR_R_FATAL)
+
+/* OS fuctions */
+#define SYS_F_FOPEN		1
+#define SYS_F_CONNECT		2
+#define SYS_F_GETSERVBYNAME	3
+#define SYS_F_SOCKET		4
+#define SYS_F_IOCTLSOCKET	5
+#define SYS_F_BIND		6
+#define SYS_F_LISTEN		7
+#define SYS_F_ACCEPT		8
+#define SYS_F_WSASTARTUP	9 /* Winsock stuff */
+#define SYS_F_OPENDIR		10
+
+#define ERR_R_FATAL		32	
+/* reasons */
+#define ERR_R_SYS_LIB	ERR_LIB_SYS
+#define ERR_R_BN_LIB	ERR_LIB_BN
+#define ERR_R_RSA_LIB	ERR_LIB_RSA
+#define ERR_R_DSA_LIB	ERR_LIB_DSA
+#define ERR_R_DH_LIB	ERR_LIB_DH
+#define ERR_R_EVP_LIB	ERR_LIB_EVP
+#define ERR_R_BUF_LIB	ERR_LIB_BUF
+#define ERR_R_BIO_LIB	ERR_LIB_BIO
+#define ERR_R_OBJ_LIB	ERR_LIB_OBJ
+#define ERR_R_PEM_LIB	ERR_LIB_PEM
+#define ERR_R_X509_LIB	ERR_LIB_X509
+#define ERR_R_METH_LIB	ERR_LIB_METH
+#define ERR_R_ASN1_LIB	ERR_LIB_ASN1
+#define ERR_R_CONF_LIB	ERR_LIB_CONF
+#define ERR_R_CRYPTO_LIB ERR_LIB_CRYPTO
+#define ERR_R_SSL_LIB	ERR_LIB_SSL
+#define ERR_R_SSL23_LIB	ERR_LIB_SSL23
+#define ERR_R_SSL2_LIB	ERR_LIB_SSL2
+#define ERR_R_SSL3_LIB	ERR_LIB_SSL3
+#define ERR_R_PROXY_LIB	ERR_LIB_PROXY
+#define ERR_R_BIO_LIB	ERR_LIB_BIO
+#define ERR_R_PKCS7_LIB	ERR_LIB_PKCS7
+#define ERR_R_PKCS12_LIB ERR_LIB_PKCS12
+
+/* fatal error */
+#define	ERR_R_MALLOC_FAILURE			(1|ERR_R_FATAL)
+#define	ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED	(2|ERR_R_FATAL)
+#define	ERR_R_PASSED_NULL_PARAMETER		(3|ERR_R_FATAL)
+#define ERR_R_NESTED_ASN1_ERROR			(4)
+#define ERR_R_BAD_ASN1_OBJECT_HEADER		(5)
+#define ERR_R_BAD_GET_ASN1_OBJECT_CALL		(6)
+#define ERR_R_EXPECTING_AN_ASN1_SEQUENCE	(7)
+#define ERR_R_ASN1_LENGTH_MISMATCH		(8)
+#define ERR_R_MISSING_ASN1_EOS			(9)
+
+typedef struct ERR_string_data_st
+	{
+	unsigned long error;
+	const char *string;
+	} ERR_STRING_DATA;
+
+void ERR_put_error(int lib, int func,int reason,const char *file,int line);
+void ERR_set_error_data(char *data,int flags);
+
+unsigned long ERR_get_error(void );
+unsigned long ERR_get_error_line(const char **file,int *line);
+unsigned long ERR_get_error_line_data(const char **file,int *line,
+				      const char **data, int *flags);
+unsigned long ERR_peek_error(void );
+unsigned long ERR_peek_error_line(const char **file,int *line);
+unsigned long ERR_peek_error_line_data(const char **file,int *line,
+				       const char **data,int *flags);
+void ERR_clear_error(void );
+char *ERR_error_string(unsigned long e,char *buf);
+const char *ERR_lib_error_string(unsigned long e);
+const char *ERR_func_error_string(unsigned long e);
+const char *ERR_reason_error_string(unsigned long e);
+#ifndef NO_FP_API
+void ERR_print_errors_fp(FILE *fp);
+#endif
+#ifdef HEADER_BIO_H
+void ERR_print_errors(BIO *bp);
+void ERR_add_error_data(int num, ...);
+#endif
+void ERR_load_strings(int lib,ERR_STRING_DATA str[]);
+void ERR_load_ERR_strings(void );
+void ERR_load_crypto_strings(void );
+void ERR_free_strings(void );
+
+void ERR_remove_state(unsigned long pid); /* if zero we look it up */
+ERR_STATE *ERR_get_state(void);
+
+#ifdef HEADER_LHASH_H
+LHASH *ERR_get_string_table(void );
+LHASH *ERR_get_err_state_table(void );
+#else
+char *ERR_get_string_table(void );
+char *ERR_get_err_state_table(void );
+#endif
+
+int ERR_get_next_error_library(void );
+
+#ifdef	__cplusplus
+}
+#endif
+
+#endif
diff --git a/crypto/openssl/crypto/err/err_all.c b/crypto/openssl/crypto/err/err_all.c
new file mode 100644
index 000000000000..ad820227d246
--- /dev/null
+++ b/crypto/openssl/crypto/err/err_all.c
@@ -0,0 +1,120 @@
+/* crypto/err/err_all.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#ifndef NO_RSA
+#include 
+#endif
+#ifdef RSAref
+#include 
+#endif
+#ifndef NO_DH
+#include 
+#endif
+#ifndef NO_DSA
+#include 
+#endif
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+void ERR_load_crypto_strings(void)
+	{
+	static int done=0;
+
+	if (done) return;
+	done=1;
+#ifndef NO_ERR
+	ERR_load_ASN1_strings();
+	ERR_load_BN_strings();
+	ERR_load_BUF_strings();
+	ERR_load_BIO_strings();
+	ERR_load_CONF_strings();
+#ifndef NO_RSA
+#ifdef RSAref
+	ERR_load_RSAREF_strings();
+#else
+	ERR_load_RSA_strings();
+#endif
+#endif
+#ifndef NO_DH
+	ERR_load_DH_strings();
+#endif
+#ifndef NO_DSA
+	ERR_load_DSA_strings();
+#endif
+	ERR_load_ERR_strings();
+	ERR_load_EVP_strings();
+	ERR_load_OBJ_strings();
+	ERR_load_PEM_strings();
+	ERR_load_X509_strings();
+	ERR_load_X509V3_strings();
+	ERR_load_CRYPTO_strings();
+	ERR_load_PKCS7_strings();
+	ERR_load_PKCS12_strings();
+#endif
+	}
diff --git a/crypto/openssl/crypto/err/err_prn.c b/crypto/openssl/crypto/err/err_prn.c
new file mode 100644
index 000000000000..0999ff214bf6
--- /dev/null
+++ b/crypto/openssl/crypto/err/err_prn.c
@@ -0,0 +1,105 @@
+/* crypto/err/err_prn.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+
+#ifndef NO_FP_API
+void ERR_print_errors_fp(FILE *fp)
+	{
+	unsigned long l;
+	char buf[200];
+	const char *file,*data;
+	int line,flags;
+	unsigned long es;
+
+	es=CRYPTO_thread_id();
+	while ((l=ERR_get_error_line_data(&file,&line,&data,&flags)) != 0)
+		{
+		fprintf(fp,"%lu:%s:%s:%d:%s\n",es,ERR_error_string(l,buf),
+			file,line,(flags&ERR_TXT_STRING)?data:"");
+		}
+	}
+#endif
+
+void ERR_print_errors(BIO *bp)
+	{
+	unsigned long l;
+	char buf[256];
+	char buf2[256];
+	const char *file,*data;
+	int line,flags;
+	unsigned long es;
+
+	es=CRYPTO_thread_id();
+	while ((l=ERR_get_error_line_data(&file,&line,&data,&flags)) != 0)
+		{
+		sprintf(buf2,"%lu:%s:%s:%d:",es,ERR_error_string(l,buf),
+			file,line);
+		BIO_write(bp,buf2,strlen(buf2));
+		if (flags & ERR_TXT_STRING)
+			BIO_write(bp,data,strlen(data));
+		BIO_write(bp,"\n",1);
+		}
+	}
+
diff --git a/crypto/openssl/crypto/err/openssl.ec b/crypto/openssl/crypto/err/openssl.ec
new file mode 100644
index 000000000000..c2a8acff0c1e
--- /dev/null
+++ b/crypto/openssl/crypto/err/openssl.ec
@@ -0,0 +1,71 @@
+L ERR		NONE				NONE
+L CRYPTO	crypto/crypto.h			crypto/cpt_err.c
+L BN		crypto/bn/bn.h			crypto/bn/bn_err.c
+L RSA		crypto/rsa/rsa.h		crypto/rsa/rsa_err.c
+L DSA		crypto/dsa/dsa.h		crypto/dsa/dsa_err.c
+L DH		crypto/dh/dh.h			crypto/dh/dh_err.c
+L EVP		crypto/evp/evp.h		crypto/evp/evp_err.c
+L BUF		crypto/buffer/buffer.h		crypto/buffer/buf_err.c
+L BIO		crypto/bio/bio.h		crypto/bio/bio_err.c
+L OBJ		crypto/objects/objects.h	crypto/objects/obj_err.c
+L PEM		crypto/pem/pem.h		crypto/pem/pem_err.c
+L X509		crypto/x509/x509.h		crypto/x509/x509_err.c
+L NONE		crypto/x509/x509_vfy.h		NONE
+L X509V3	crypto/x509v3/x509v3.h		crypto/x509v3/v3err.c
+#L METH		crypto/meth/meth.h		crypto/meth/meth_err.c
+L ASN1		crypto/asn1/asn1.h		crypto/asn1/asn1_err.c
+L CONF		crypto/conf/conf.h		crypto/conf/conf_err.c
+#L PROXY		crypto/proxy/proxy.h		crypto/proxy/proxy_err.c
+L PKCS7		crypto/pkcs7/pkcs7.h		crypto/pkcs7/pkcs7err.c
+L PKCS12	crypto/pkcs12/pkcs12.h		crypto/pkcs12/pk12err.c
+L RSAREF	rsaref/rsaref.h			rsaref/rsar_err.c
+L SSL		ssl/ssl.h			ssl/ssl_err.c
+L COMP		crypto/comp/comp.h		crypto/comp/comp_err.c
+
+
+F RSAREF_F_RSA_BN2BIN
+F RSAREF_F_RSA_PRIVATE_DECRYPT
+F RSAREF_F_RSA_PRIVATE_ENCRYPT
+F RSAREF_F_RSA_PUBLIC_DECRYPT
+F RSAREF_F_RSA_PUBLIC_ENCRYPT
+#F SSL_F_CLIENT_CERTIFICATE
+
+R SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE		1010
+R SSL_R_SSLV3_ALERT_BAD_RECORD_MAC		1020
+R SSL_R_TLSV1_ALERT_DECRYPTION_FAILED		1021
+R SSL_R_TLSV1_ALERT_RECORD_OVERFLOW		1022
+R SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE	1030
+R SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE		1040
+R SSL_R_SSLV3_ALERT_NO_CERTIFICATE		1041
+R SSL_R_SSLV3_ALERT_BAD_CERTIFICATE		1042
+R SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE	1043
+R SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED		1044
+R SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED		1045
+R SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN		1046
+R SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER		1047
+R SSL_R_TLSV1_ALERT_UNKNOWN_CA			1048
+R SSL_R_TLSV1_ALERT_ACCESS_DENIED		1049
+R SSL_R_TLSV1_ALERT_DECODE_ERROR		1050
+R SSL_R_TLSV1_ALERT_DECRYPT_ERROR		1051
+R SSL_R_TLSV1_ALERT_EXPORT_RESTRICION		1060
+R SSL_R_TLSV1_ALERT_PROTOCOL_VERSION		1070
+R SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY	1071
+R SSL_R_TLSV1_ALERT_INTERNAL_ERROR		1080
+R SSL_R_TLSV1_ALERT_USER_CANCLED		1090
+R SSL_R_TLSV1_ALERT_NO_RENEGOTIATION		1100
+
+R RSAREF_R_CONTENT_ENCODING			0x0400
+R RSAREF_R_DATA					0x0401
+R RSAREF_R_DIGEST_ALGORITHM			0x0402
+R RSAREF_R_ENCODING				0x0403
+R RSAREF_R_KEY					0x0404
+R RSAREF_R_KEY_ENCODING				0x0405
+R RSAREF_R_LEN					0x0406
+R RSAREF_R_MODULUS_LEN				0x0407
+R RSAREF_R_NEED_RANDOM				0x0408
+R RSAREF_R_PRIVATE_KEY				0x0409
+R RSAREF_R_PUBLIC_KEY				0x040a
+R RSAREF_R_SIGNATURE				0x040b
+R RSAREF_R_SIGNATURE_ENCODING			0x040c
+R RSAREF_R_ENCRYPTION_ALGORITHM			0x040d
+
diff --git a/crypto/openssl/crypto/evp/Makefile.ssl b/crypto/openssl/crypto/evp/Makefile.ssl
new file mode 100644
index 000000000000..dda2586ed1d8
--- /dev/null
+++ b/crypto/openssl/crypto/evp/Makefile.ssl
@@ -0,0 +1,1099 @@
+#
+# SSLeay/crypto/evp/Makefile
+#
+
+DIR=	evp
+TOP=	../..
+CC=	cc
+INCLUDES= -I.. -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=		make -f Makefile.ssl
+MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+MAKEFILE=	Makefile.ssl
+AR=		ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= encode.c digest.c evp_enc.c evp_key.c \
+	e_ecb_d.c e_cbc_d.c e_cfb_d.c e_ofb_d.c \
+	e_ecb_i.c e_cbc_i.c e_cfb_i.c e_ofb_i.c \
+	e_ecb_3d.c e_cbc_3d.c e_rc4.c names.c \
+	e_cfb_3d.c e_ofb_3d.c e_xcbc_d.c \
+	e_ecb_r2.c e_cbc_r2.c e_cfb_r2.c e_ofb_r2.c \
+	e_ecb_bf.c e_cbc_bf.c e_cfb_bf.c e_ofb_bf.c \
+	e_ecb_c.c e_cbc_c.c e_cfb_c.c e_ofb_c.c \
+	e_ecb_r5.c e_cbc_r5.c e_cfb_r5.c e_ofb_r5.c \
+	m_null.c m_md2.c m_md5.c m_sha.c m_sha1.c m_dss.c m_dss1.c m_mdc2.c \
+	m_ripemd.c \
+	p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c \
+	bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \
+	c_all.c evp_lib.c bio_ok.c evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c
+
+LIBOBJ=	encode.o digest.o evp_enc.o evp_key.o \
+	e_ecb_d.o e_cbc_d.o e_cfb_d.o e_ofb_d.o \
+	e_ecb_i.o e_cbc_i.o e_cfb_i.o e_ofb_i.o \
+	e_ecb_3d.o e_cbc_3d.o e_rc4.o names.o \
+	e_cfb_3d.o e_ofb_3d.o e_xcbc_d.o \
+	e_ecb_r2.o e_cbc_r2.o e_cfb_r2.o e_ofb_r2.o \
+	e_ecb_bf.o e_cbc_bf.o e_cfb_bf.o e_ofb_bf.o \
+	e_ecb_c.o e_cbc_c.o e_cfb_c.o e_ofb_c.o \
+	e_ecb_r5.o e_cbc_r5.o e_cfb_r5.o e_ofb_r5.o \
+	m_null.o m_md2.o m_md5.o m_sha.o m_sha1.o m_dss.o m_dss1.o m_mdc2.o \
+	m_ripemd.o \
+	p_open.o p_seal.o p_sign.o p_verify.o p_lib.o p_enc.o p_dec.o \
+	bio_md.o bio_b64.o bio_enc.o evp_err.o e_null.o \
+	c_all.o evp_lib.o bio_ok.o evp_pkey.o evp_pbe.o p5_crpt.o p5_crpt2.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= evp.h
+HEADER=	$(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:	lib
+
+lib:	$(LIBOBJ)
+	$(AR) $(LIB) $(LIBOBJ)
+	$(RANLIB) $(LIB)
+	@touch lib
+
+files:
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+	@for i in $(EXHEADER) ; \
+	do  \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+	done;
+
+tags:
+	ctags $(SRC)
+
+tests:
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(LIBSRC)
+
+dclean:
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+bio_b64.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+bio_b64.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+bio_b64.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+bio_b64.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+bio_b64.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+bio_b64.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+bio_b64.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+bio_b64.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+bio_b64.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+bio_b64.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+bio_b64.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+bio_b64.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+bio_b64.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+bio_b64.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+bio_b64.o: ../../include/openssl/stack.h ../cryptlib.h
+bio_enc.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+bio_enc.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+bio_enc.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+bio_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+bio_enc.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+bio_enc.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+bio_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+bio_enc.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+bio_enc.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+bio_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+bio_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+bio_enc.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+bio_enc.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+bio_enc.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+bio_enc.o: ../../include/openssl/stack.h ../cryptlib.h
+bio_md.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+bio_md.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+bio_md.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+bio_md.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+bio_md.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+bio_md.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+bio_md.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+bio_md.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+bio_md.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+bio_md.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+bio_md.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+bio_md.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+bio_md.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+bio_md.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+bio_md.o: ../../include/openssl/stack.h ../cryptlib.h
+bio_ok.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+bio_ok.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+bio_ok.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+bio_ok.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+bio_ok.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+bio_ok.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+bio_ok.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+bio_ok.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+bio_ok.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+bio_ok.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+bio_ok.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+bio_ok.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+bio_ok.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+bio_ok.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+bio_ok.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+bio_ok.o: ../cryptlib.h
+c_all.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+c_all.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+c_all.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+c_all.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+c_all.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+c_all.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+c_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+c_all.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+c_all.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+c_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+c_all.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs12.h
+c_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+c_all.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+c_all.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+c_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+c_all.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+c_all.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+digest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+digest.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+digest.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+digest.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+digest.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+digest.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+digest.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+digest.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+digest.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+digest.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+digest.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+digest.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+digest.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+digest.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+digest.o: ../../include/openssl/stack.h ../cryptlib.h
+e_cbc_3d.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_cbc_3d.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+e_cbc_3d.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+e_cbc_3d.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_cbc_3d.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_cbc_3d.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+e_cbc_3d.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_cbc_3d.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+e_cbc_3d.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+e_cbc_3d.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_cbc_3d.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+e_cbc_3d.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+e_cbc_3d.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+e_cbc_3d.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+e_cbc_3d.o: ../../include/openssl/stack.h ../cryptlib.h
+e_cbc_bf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_cbc_bf.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+e_cbc_bf.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+e_cbc_bf.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_cbc_bf.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_cbc_bf.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+e_cbc_bf.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_cbc_bf.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+e_cbc_bf.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+e_cbc_bf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_cbc_bf.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+e_cbc_bf.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+e_cbc_bf.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+e_cbc_bf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+e_cbc_bf.o: ../../include/openssl/stack.h ../cryptlib.h
+e_cbc_c.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_cbc_c.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+e_cbc_c.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+e_cbc_c.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_cbc_c.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_cbc_c.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+e_cbc_c.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_cbc_c.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+e_cbc_c.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+e_cbc_c.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_cbc_c.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+e_cbc_c.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+e_cbc_c.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+e_cbc_c.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+e_cbc_c.o: ../../include/openssl/stack.h ../cryptlib.h
+e_cbc_d.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_cbc_d.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+e_cbc_d.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+e_cbc_d.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_cbc_d.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_cbc_d.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+e_cbc_d.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_cbc_d.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+e_cbc_d.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+e_cbc_d.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_cbc_d.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+e_cbc_d.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+e_cbc_d.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+e_cbc_d.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+e_cbc_d.o: ../../include/openssl/stack.h ../cryptlib.h
+e_cbc_i.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_cbc_i.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+e_cbc_i.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+e_cbc_i.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_cbc_i.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_cbc_i.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+e_cbc_i.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_cbc_i.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+e_cbc_i.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+e_cbc_i.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_cbc_i.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+e_cbc_i.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+e_cbc_i.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+e_cbc_i.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+e_cbc_i.o: ../../include/openssl/stack.h ../cryptlib.h
+e_cbc_r2.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_cbc_r2.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+e_cbc_r2.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+e_cbc_r2.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_cbc_r2.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_cbc_r2.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+e_cbc_r2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_cbc_r2.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+e_cbc_r2.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+e_cbc_r2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_cbc_r2.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+e_cbc_r2.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+e_cbc_r2.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+e_cbc_r2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+e_cbc_r2.o: ../../include/openssl/stack.h ../cryptlib.h
+e_cbc_r5.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_cbc_r5.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+e_cbc_r5.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+e_cbc_r5.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_cbc_r5.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_cbc_r5.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+e_cbc_r5.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_cbc_r5.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+e_cbc_r5.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+e_cbc_r5.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_cbc_r5.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+e_cbc_r5.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+e_cbc_r5.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+e_cbc_r5.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+e_cbc_r5.o: ../../include/openssl/stack.h ../cryptlib.h
+e_cfb_3d.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_cfb_3d.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+e_cfb_3d.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+e_cfb_3d.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_cfb_3d.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_cfb_3d.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+e_cfb_3d.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_cfb_3d.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+e_cfb_3d.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+e_cfb_3d.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_cfb_3d.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+e_cfb_3d.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+e_cfb_3d.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+e_cfb_3d.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+e_cfb_3d.o: ../../include/openssl/stack.h ../cryptlib.h
+e_cfb_bf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_cfb_bf.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+e_cfb_bf.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+e_cfb_bf.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_cfb_bf.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_cfb_bf.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+e_cfb_bf.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_cfb_bf.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+e_cfb_bf.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+e_cfb_bf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_cfb_bf.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+e_cfb_bf.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+e_cfb_bf.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+e_cfb_bf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+e_cfb_bf.o: ../../include/openssl/stack.h ../cryptlib.h
+e_cfb_c.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_cfb_c.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+e_cfb_c.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+e_cfb_c.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_cfb_c.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_cfb_c.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+e_cfb_c.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_cfb_c.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+e_cfb_c.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+e_cfb_c.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_cfb_c.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+e_cfb_c.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+e_cfb_c.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+e_cfb_c.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+e_cfb_c.o: ../../include/openssl/stack.h ../cryptlib.h
+e_cfb_d.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_cfb_d.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+e_cfb_d.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+e_cfb_d.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_cfb_d.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_cfb_d.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+e_cfb_d.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_cfb_d.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+e_cfb_d.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+e_cfb_d.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_cfb_d.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+e_cfb_d.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+e_cfb_d.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+e_cfb_d.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+e_cfb_d.o: ../../include/openssl/stack.h ../cryptlib.h
+e_cfb_i.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_cfb_i.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+e_cfb_i.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+e_cfb_i.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_cfb_i.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_cfb_i.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+e_cfb_i.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_cfb_i.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+e_cfb_i.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+e_cfb_i.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_cfb_i.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+e_cfb_i.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+e_cfb_i.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+e_cfb_i.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+e_cfb_i.o: ../../include/openssl/stack.h ../cryptlib.h
+e_cfb_r2.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_cfb_r2.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+e_cfb_r2.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+e_cfb_r2.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_cfb_r2.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_cfb_r2.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+e_cfb_r2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_cfb_r2.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+e_cfb_r2.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+e_cfb_r2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_cfb_r2.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+e_cfb_r2.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+e_cfb_r2.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+e_cfb_r2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+e_cfb_r2.o: ../../include/openssl/stack.h ../cryptlib.h
+e_cfb_r5.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_cfb_r5.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+e_cfb_r5.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+e_cfb_r5.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_cfb_r5.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_cfb_r5.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+e_cfb_r5.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_cfb_r5.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+e_cfb_r5.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+e_cfb_r5.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_cfb_r5.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+e_cfb_r5.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+e_cfb_r5.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+e_cfb_r5.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+e_cfb_r5.o: ../../include/openssl/stack.h ../cryptlib.h
+e_ecb_3d.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_ecb_3d.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+e_ecb_3d.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+e_ecb_3d.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_ecb_3d.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_ecb_3d.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+e_ecb_3d.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_ecb_3d.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+e_ecb_3d.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+e_ecb_3d.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_ecb_3d.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+e_ecb_3d.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+e_ecb_3d.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+e_ecb_3d.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+e_ecb_3d.o: ../../include/openssl/stack.h ../cryptlib.h
+e_ecb_bf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_ecb_bf.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+e_ecb_bf.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+e_ecb_bf.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_ecb_bf.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_ecb_bf.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+e_ecb_bf.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_ecb_bf.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+e_ecb_bf.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+e_ecb_bf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_ecb_bf.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+e_ecb_bf.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+e_ecb_bf.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+e_ecb_bf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+e_ecb_bf.o: ../../include/openssl/stack.h ../cryptlib.h
+e_ecb_c.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_ecb_c.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+e_ecb_c.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+e_ecb_c.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_ecb_c.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_ecb_c.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+e_ecb_c.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_ecb_c.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+e_ecb_c.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+e_ecb_c.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_ecb_c.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+e_ecb_c.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+e_ecb_c.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+e_ecb_c.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+e_ecb_c.o: ../../include/openssl/stack.h ../cryptlib.h
+e_ecb_d.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_ecb_d.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+e_ecb_d.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+e_ecb_d.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_ecb_d.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_ecb_d.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+e_ecb_d.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_ecb_d.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+e_ecb_d.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+e_ecb_d.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_ecb_d.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+e_ecb_d.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+e_ecb_d.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+e_ecb_d.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+e_ecb_d.o: ../../include/openssl/stack.h ../cryptlib.h
+e_ecb_i.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_ecb_i.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+e_ecb_i.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+e_ecb_i.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_ecb_i.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_ecb_i.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+e_ecb_i.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_ecb_i.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+e_ecb_i.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+e_ecb_i.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_ecb_i.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+e_ecb_i.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+e_ecb_i.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+e_ecb_i.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+e_ecb_i.o: ../../include/openssl/stack.h ../cryptlib.h
+e_ecb_r2.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_ecb_r2.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+e_ecb_r2.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+e_ecb_r2.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_ecb_r2.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_ecb_r2.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+e_ecb_r2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_ecb_r2.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+e_ecb_r2.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+e_ecb_r2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_ecb_r2.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+e_ecb_r2.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+e_ecb_r2.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+e_ecb_r2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+e_ecb_r2.o: ../../include/openssl/stack.h ../cryptlib.h
+e_ecb_r5.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_ecb_r5.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+e_ecb_r5.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+e_ecb_r5.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_ecb_r5.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_ecb_r5.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+e_ecb_r5.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_ecb_r5.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+e_ecb_r5.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+e_ecb_r5.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_ecb_r5.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+e_ecb_r5.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+e_ecb_r5.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+e_ecb_r5.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+e_ecb_r5.o: ../../include/openssl/stack.h ../cryptlib.h
+e_null.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_null.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+e_null.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+e_null.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_null.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_null.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+e_null.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_null.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+e_null.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+e_null.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_null.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+e_null.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+e_null.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+e_null.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+e_null.o: ../../include/openssl/stack.h ../cryptlib.h
+e_ofb_3d.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_ofb_3d.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+e_ofb_3d.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+e_ofb_3d.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_ofb_3d.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_ofb_3d.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+e_ofb_3d.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_ofb_3d.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+e_ofb_3d.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+e_ofb_3d.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_ofb_3d.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+e_ofb_3d.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+e_ofb_3d.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+e_ofb_3d.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+e_ofb_3d.o: ../../include/openssl/stack.h ../cryptlib.h
+e_ofb_bf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_ofb_bf.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+e_ofb_bf.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+e_ofb_bf.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_ofb_bf.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_ofb_bf.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+e_ofb_bf.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_ofb_bf.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+e_ofb_bf.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+e_ofb_bf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_ofb_bf.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+e_ofb_bf.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+e_ofb_bf.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+e_ofb_bf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+e_ofb_bf.o: ../../include/openssl/stack.h ../cryptlib.h
+e_ofb_c.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_ofb_c.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+e_ofb_c.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+e_ofb_c.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_ofb_c.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_ofb_c.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+e_ofb_c.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_ofb_c.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+e_ofb_c.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+e_ofb_c.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_ofb_c.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+e_ofb_c.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+e_ofb_c.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+e_ofb_c.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+e_ofb_c.o: ../../include/openssl/stack.h ../cryptlib.h
+e_ofb_d.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_ofb_d.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+e_ofb_d.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+e_ofb_d.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_ofb_d.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_ofb_d.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+e_ofb_d.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_ofb_d.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+e_ofb_d.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+e_ofb_d.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_ofb_d.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+e_ofb_d.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+e_ofb_d.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+e_ofb_d.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+e_ofb_d.o: ../../include/openssl/stack.h ../cryptlib.h
+e_ofb_i.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_ofb_i.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+e_ofb_i.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+e_ofb_i.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_ofb_i.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_ofb_i.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+e_ofb_i.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_ofb_i.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+e_ofb_i.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+e_ofb_i.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_ofb_i.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+e_ofb_i.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+e_ofb_i.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+e_ofb_i.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+e_ofb_i.o: ../../include/openssl/stack.h ../cryptlib.h
+e_ofb_r2.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_ofb_r2.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+e_ofb_r2.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+e_ofb_r2.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_ofb_r2.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_ofb_r2.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+e_ofb_r2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_ofb_r2.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+e_ofb_r2.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+e_ofb_r2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_ofb_r2.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+e_ofb_r2.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+e_ofb_r2.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+e_ofb_r2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+e_ofb_r2.o: ../../include/openssl/stack.h ../cryptlib.h
+e_ofb_r5.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_ofb_r5.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+e_ofb_r5.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+e_ofb_r5.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_ofb_r5.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_ofb_r5.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+e_ofb_r5.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_ofb_r5.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+e_ofb_r5.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+e_ofb_r5.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_ofb_r5.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+e_ofb_r5.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+e_ofb_r5.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+e_ofb_r5.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+e_ofb_r5.o: ../../include/openssl/stack.h ../cryptlib.h
+e_rc4.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_rc4.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+e_rc4.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+e_rc4.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_rc4.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_rc4.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+e_rc4.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_rc4.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+e_rc4.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+e_rc4.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_rc4.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+e_rc4.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+e_rc4.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+e_rc4.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+e_rc4.o: ../../include/openssl/stack.h ../cryptlib.h
+e_xcbc_d.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_xcbc_d.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+e_xcbc_d.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+e_xcbc_d.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_xcbc_d.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_xcbc_d.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+e_xcbc_d.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_xcbc_d.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+e_xcbc_d.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+e_xcbc_d.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_xcbc_d.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+e_xcbc_d.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+e_xcbc_d.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+e_xcbc_d.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+e_xcbc_d.o: ../../include/openssl/stack.h ../cryptlib.h
+encode.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+encode.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+encode.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+encode.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+encode.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+encode.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+encode.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+encode.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+encode.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+encode.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+encode.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+encode.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+encode.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+encode.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+encode.o: ../../include/openssl/stack.h ../cryptlib.h
+evp_enc.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+evp_enc.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+evp_enc.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+evp_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+evp_enc.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+evp_enc.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+evp_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+evp_enc.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+evp_enc.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+evp_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+evp_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+evp_enc.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+evp_enc.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+evp_enc.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+evp_enc.o: ../../include/openssl/stack.h ../cryptlib.h
+evp_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+evp_err.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+evp_err.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+evp_err.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+evp_err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+evp_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+evp_err.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+evp_err.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+evp_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+evp_err.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+evp_err.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+evp_err.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+evp_err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+evp_err.o: ../../include/openssl/stack.h
+evp_key.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+evp_key.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+evp_key.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+evp_key.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+evp_key.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+evp_key.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+evp_key.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+evp_key.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+evp_key.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+evp_key.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+evp_key.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+evp_key.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+evp_key.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+evp_key.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+evp_key.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+evp_key.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+evp_key.o: ../cryptlib.h
+evp_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+evp_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+evp_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+evp_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+evp_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+evp_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+evp_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+evp_lib.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+evp_lib.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+evp_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+evp_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+evp_lib.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+evp_lib.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+evp_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+evp_lib.o: ../../include/openssl/stack.h ../cryptlib.h
+evp_pbe.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+evp_pbe.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+evp_pbe.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+evp_pbe.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+evp_pbe.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+evp_pbe.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+evp_pbe.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+evp_pbe.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+evp_pbe.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+evp_pbe.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+evp_pbe.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+evp_pbe.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+evp_pbe.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+evp_pbe.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+evp_pbe.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+evp_pbe.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+evp_pbe.o: ../cryptlib.h
+evp_pkey.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+evp_pkey.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+evp_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+evp_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+evp_pkey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+evp_pkey.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+evp_pkey.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+evp_pkey.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+evp_pkey.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+evp_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+evp_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+evp_pkey.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+evp_pkey.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+evp_pkey.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+evp_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+evp_pkey.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+evp_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+m_dss.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+m_dss.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+m_dss.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+m_dss.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+m_dss.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+m_dss.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+m_dss.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+m_dss.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+m_dss.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+m_dss.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_dss.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+m_dss.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+m_dss.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+m_dss.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+m_dss.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+m_dss.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+m_dss.o: ../cryptlib.h
+m_dss1.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+m_dss1.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+m_dss1.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+m_dss1.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+m_dss1.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+m_dss1.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+m_dss1.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+m_dss1.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+m_dss1.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+m_dss1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_dss1.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+m_dss1.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+m_dss1.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+m_dss1.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+m_dss1.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+m_dss1.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+m_dss1.o: ../cryptlib.h
+m_md2.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+m_md2.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+m_md2.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+m_md2.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+m_md2.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+m_md2.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+m_md2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+m_md2.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+m_md2.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+m_md2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_md2.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+m_md2.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+m_md2.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+m_md2.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+m_md2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+m_md2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+m_md2.o: ../cryptlib.h
+m_md5.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+m_md5.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+m_md5.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+m_md5.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+m_md5.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+m_md5.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+m_md5.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+m_md5.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+m_md5.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+m_md5.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_md5.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+m_md5.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+m_md5.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+m_md5.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+m_md5.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+m_md5.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+m_md5.o: ../cryptlib.h
+m_mdc2.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+m_mdc2.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+m_mdc2.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+m_mdc2.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+m_mdc2.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+m_mdc2.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+m_mdc2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+m_mdc2.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+m_mdc2.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+m_mdc2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_mdc2.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+m_mdc2.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+m_mdc2.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+m_mdc2.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+m_mdc2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+m_mdc2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+m_mdc2.o: ../cryptlib.h
+m_null.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+m_null.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+m_null.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+m_null.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+m_null.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+m_null.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+m_null.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+m_null.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+m_null.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+m_null.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_null.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+m_null.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+m_null.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+m_null.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+m_null.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+m_null.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+m_null.o: ../cryptlib.h
+m_ripemd.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+m_ripemd.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+m_ripemd.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+m_ripemd.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+m_ripemd.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+m_ripemd.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+m_ripemd.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+m_ripemd.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+m_ripemd.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+m_ripemd.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_ripemd.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+m_ripemd.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+m_ripemd.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+m_ripemd.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+m_ripemd.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+m_ripemd.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+m_ripemd.o: ../cryptlib.h
+m_sha.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+m_sha.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+m_sha.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+m_sha.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+m_sha.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+m_sha.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+m_sha.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+m_sha.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+m_sha.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+m_sha.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_sha.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+m_sha.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+m_sha.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+m_sha.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+m_sha.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+m_sha.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+m_sha.o: ../cryptlib.h
+m_sha1.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+m_sha1.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+m_sha1.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+m_sha1.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+m_sha1.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+m_sha1.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+m_sha1.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+m_sha1.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+m_sha1.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+m_sha1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_sha1.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+m_sha1.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+m_sha1.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+m_sha1.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+m_sha1.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+m_sha1.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+m_sha1.o: ../cryptlib.h
+names.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+names.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+names.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+names.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+names.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+names.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+names.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+names.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+names.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+names.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+names.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+names.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+names.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+names.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+names.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+names.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+names.o: ../cryptlib.h
+p5_crpt.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p5_crpt.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p5_crpt.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p5_crpt.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p5_crpt.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+p5_crpt.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+p5_crpt.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p5_crpt.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+p5_crpt.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+p5_crpt.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p5_crpt.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+p5_crpt.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p5_crpt.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p5_crpt.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p5_crpt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p5_crpt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p5_crpt.o: ../cryptlib.h
+p5_crpt2.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p5_crpt2.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p5_crpt2.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p5_crpt2.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p5_crpt2.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+p5_crpt2.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+p5_crpt2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p5_crpt2.o: ../../include/openssl/hmac.h ../../include/openssl/idea.h
+p5_crpt2.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+p5_crpt2.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+p5_crpt2.o: ../../include/openssl/opensslconf.h
+p5_crpt2.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+p5_crpt2.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p5_crpt2.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p5_crpt2.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p5_crpt2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p5_crpt2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p5_crpt2.o: ../cryptlib.h
+p_dec.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p_dec.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p_dec.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p_dec.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p_dec.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+p_dec.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+p_dec.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p_dec.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+p_dec.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+p_dec.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p_dec.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+p_dec.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+p_dec.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p_dec.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p_dec.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p_dec.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+p_dec.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+p_enc.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p_enc.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p_enc.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p_enc.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+p_enc.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+p_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p_enc.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+p_enc.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+p_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+p_enc.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+p_enc.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p_enc.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p_enc.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p_enc.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+p_enc.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+p_lib.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+p_lib.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+p_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+p_lib.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+p_lib.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+p_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+p_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+p_lib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+p_lib.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+p_lib.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+p_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+p_lib.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p_lib.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p_lib.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+p_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+p_open.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p_open.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p_open.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p_open.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p_open.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+p_open.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+p_open.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p_open.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+p_open.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+p_open.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p_open.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+p_open.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p_open.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p_open.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p_open.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p_open.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p_open.o: ../cryptlib.h
+p_seal.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p_seal.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p_seal.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p_seal.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p_seal.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+p_seal.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+p_seal.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p_seal.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+p_seal.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+p_seal.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p_seal.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+p_seal.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+p_seal.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p_seal.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p_seal.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p_seal.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+p_seal.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+p_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p_sign.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p_sign.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p_sign.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p_sign.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+p_sign.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+p_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p_sign.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+p_sign.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+p_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+p_sign.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p_sign.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p_sign.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p_sign.o: ../cryptlib.h
+p_verify.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p_verify.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p_verify.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p_verify.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p_verify.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+p_verify.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+p_verify.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p_verify.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+p_verify.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+p_verify.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p_verify.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+p_verify.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p_verify.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p_verify.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p_verify.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p_verify.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p_verify.o: ../cryptlib.h
diff --git a/crypto/openssl/crypto/evp/bio_b64.c b/crypto/openssl/crypto/evp/bio_b64.c
new file mode 100644
index 000000000000..84729119df24
--- /dev/null
+++ b/crypto/openssl/crypto/evp/bio_b64.c
@@ -0,0 +1,524 @@
+/* crypto/evp/bio_b64.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+
+static int b64_write(BIO *h,char *buf,int num);
+static int b64_read(BIO *h,char *buf,int size);
+/*static int b64_puts(BIO *h,char *str); */
+/*static int b64_gets(BIO *h,char *str,int size); */
+static long b64_ctrl(BIO *h,int cmd,long arg1,char *arg2);
+static int b64_new(BIO *h);
+static int b64_free(BIO *data);
+#define B64_BLOCK_SIZE	1024
+#define B64_BLOCK_SIZE2	768
+#define B64_NONE	0
+#define B64_ENCODE	1
+#define B64_DECODE	2
+
+typedef struct b64_struct
+	{
+	/*BIO *bio; moved to the BIO structure */
+	int buf_len;
+	int buf_off;
+	int tmp_len;		/* used to find the start when decoding */
+	int tmp_nl;		/* If true, scan until '\n' */
+	int encode;
+	int start;		/* have we started decoding yet? */
+	int cont;		/* <= 0 when finished */
+	EVP_ENCODE_CTX base64;
+	char buf[EVP_ENCODE_LENGTH(B64_BLOCK_SIZE)+10];
+	char tmp[B64_BLOCK_SIZE];
+	} BIO_B64_CTX;
+
+static BIO_METHOD methods_b64=
+	{
+	BIO_TYPE_BASE64,"base64 encoding",
+	b64_write,
+	b64_read,
+	NULL, /* b64_puts, */
+	NULL, /* b64_gets, */
+	b64_ctrl,
+	b64_new,
+	b64_free,
+	};
+
+BIO_METHOD *BIO_f_base64(void)
+	{
+	return(&methods_b64);
+	}
+
+static int b64_new(BIO *bi)
+	{
+	BIO_B64_CTX *ctx;
+
+	ctx=(BIO_B64_CTX *)Malloc(sizeof(BIO_B64_CTX));
+	if (ctx == NULL) return(0);
+
+	ctx->buf_len=0;
+	ctx->tmp_len=0;
+	ctx->tmp_nl=0;
+	ctx->buf_off=0;
+	ctx->cont=1;
+	ctx->start=1;
+	ctx->encode=0;
+
+	bi->init=1;
+	bi->ptr=(char *)ctx;
+	bi->flags=0;
+	return(1);
+	}
+
+static int b64_free(BIO *a)
+	{
+	if (a == NULL) return(0);
+	Free(a->ptr);
+	a->ptr=NULL;
+	a->init=0;
+	a->flags=0;
+	return(1);
+	}
+	
+static int b64_read(BIO *b, char *out, int outl)
+	{
+	int ret=0,i,ii,j,k,x,n,num,ret_code=0;
+	BIO_B64_CTX *ctx;
+	unsigned char *p,*q;
+
+	if (out == NULL) return(0);
+	ctx=(BIO_B64_CTX *)b->ptr;
+
+	if ((ctx == NULL) || (b->next_bio == NULL)) return(0);
+
+	if (ctx->encode != B64_DECODE)
+		{
+		ctx->encode=B64_DECODE;
+		ctx->buf_len=0;
+		ctx->buf_off=0;
+		ctx->tmp_len=0;
+		EVP_DecodeInit(&(ctx->base64));
+		}
+
+	/* First check if there are bytes decoded/encoded */
+	if (ctx->buf_len > 0)
+		{
+		i=ctx->buf_len-ctx->buf_off;
+		if (i > outl) i=outl;
+		memcpy(out,&(ctx->buf[ctx->buf_off]),i);
+		ret=i;
+		out+=i;
+		outl-=i;
+		ctx->buf_off+=i;
+		if (ctx->buf_len == ctx->buf_off)
+			{
+			ctx->buf_len=0;
+			ctx->buf_off=0;
+			}
+		}
+
+	/* At this point, we have room of outl bytes and an empty
+	 * buffer, so we should read in some more. */
+
+	ret_code=0;
+	while (outl > 0)
+		{
+		if (ctx->cont <= 0) break;
+
+		i=BIO_read(b->next_bio,&(ctx->tmp[ctx->tmp_len]),
+			B64_BLOCK_SIZE-ctx->tmp_len);
+
+		if (i <= 0)
+			{
+			ret_code=i;
+
+			/* Should be continue next time we are called? */
+			if (!BIO_should_retry(b->next_bio))
+				ctx->cont=i;
+			/* else we should continue when called again */
+			break;
+			}
+		i+=ctx->tmp_len;
+
+		/* We need to scan, a line at a time until we
+		 * have a valid line if we are starting. */
+		if (ctx->start && (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL))
+			{
+			/* ctx->start=1; */
+			ctx->tmp_len=0;
+			}
+		else if (ctx->start)
+			{
+			q=p=(unsigned char *)ctx->tmp;
+			for (j=0; jtmp_nl)
+					{
+					p=q;
+					ctx->tmp_nl=0;
+					continue;
+					}
+
+				k=EVP_DecodeUpdate(&(ctx->base64),
+					(unsigned char *)ctx->buf,
+					&num,p,q-p);
+				if ((k <= 0) && (num == 0) && (ctx->start))
+					EVP_DecodeInit(&ctx->base64);
+				else 
+					{
+					if (p != (unsigned char *)
+						&(ctx->tmp[0]))
+						{
+						i-=(p- (unsigned char *)
+							&(ctx->tmp[0]));
+						for (x=0; x < i; x++)
+							ctx->tmp[x]=p[x];
+						EVP_DecodeInit(&ctx->base64);
+						}
+					ctx->start=0;
+					break;
+					}
+				p=q;
+				}
+
+			/* we fell off the end without starting */
+			if (j == i)
+				{
+				/* Is this is one long chunk?, if so, keep on
+				 * reading until a new line. */
+				if (p == (unsigned char *)&(ctx->tmp[0]))
+					{
+					ctx->tmp_nl=1;
+					ctx->tmp_len=0;
+					}
+				else if (p != q) /* finished on a '\n' */
+					{
+					n=q-p;
+					for (ii=0; iitmp[ii]=p[ii];
+					ctx->tmp_len=n;
+					}
+				/* else finished on a '\n' */
+				continue;
+				}
+			else
+				ctx->tmp_len=0;
+			}
+
+		if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL)
+			{
+			int z,jj;
+
+			jj=(i>>2)<<2;
+			z=EVP_DecodeBlock((unsigned char *)ctx->buf,
+				(unsigned char *)ctx->tmp,jj);
+			if (jj > 2)
+				{
+				if (ctx->tmp[jj-1] == '=')
+					{
+					z--;
+					if (ctx->tmp[jj-2] == '=')
+						z--;
+					}
+				}
+			/* z is now number of output bytes and jj is the
+			 * number consumed */
+			if (jj != i)
+				{
+				memcpy((unsigned char *)ctx->tmp,
+					(unsigned char *)&(ctx->tmp[jj]),i-jj);
+				ctx->tmp_len=i-jj;
+				}
+			ctx->buf_len=0;
+			if (z > 0)
+				{
+				ctx->buf_len=z;
+				i=1;
+				}
+			else
+				i=z;
+			}
+		else
+			{
+			i=EVP_DecodeUpdate(&(ctx->base64),
+				(unsigned char *)ctx->buf,&ctx->buf_len,
+				(unsigned char *)ctx->tmp,i);
+			}
+		ctx->cont=i;
+		ctx->buf_off=0;
+		if (i < 0)
+			{
+			ret_code=0;
+			ctx->buf_len=0;
+			break;
+			}
+
+		if (ctx->buf_len <= outl)
+			i=ctx->buf_len;
+		else
+			i=outl;
+
+		memcpy(out,ctx->buf,i);
+		ret+=i;
+		ctx->buf_off=i;
+		if (ctx->buf_off == ctx->buf_len)
+			{
+			ctx->buf_len=0;
+			ctx->buf_off=0;
+			}
+		outl-=i;
+		out+=i;
+		}
+	BIO_clear_retry_flags(b);
+	BIO_copy_next_retry(b);
+	return((ret == 0)?ret_code:ret);
+	}
+
+static int b64_write(BIO *b, char *in, int inl)
+	{
+	int ret=inl,n,i;
+	BIO_B64_CTX *ctx;
+
+	ctx=(BIO_B64_CTX *)b->ptr;
+	BIO_clear_retry_flags(b);
+
+	if (ctx->encode != B64_ENCODE)
+		{
+		ctx->encode=B64_ENCODE;
+		ctx->buf_len=0;
+		ctx->buf_off=0;
+		ctx->tmp_len=0;
+		EVP_EncodeInit(&(ctx->base64));
+		}
+
+	n=ctx->buf_len-ctx->buf_off;
+	while (n > 0)
+		{
+		i=BIO_write(b->next_bio,&(ctx->buf[ctx->buf_off]),n);
+		if (i <= 0)
+			{
+			BIO_copy_next_retry(b);
+			return(i);
+			}
+		ctx->buf_off+=i;
+		n-=i;
+		}
+	/* at this point all pending data has been written */
+
+	if ((in == NULL) || (inl <= 0)) return(0);
+
+	ctx->buf_off=0;
+	while (inl > 0)
+		{
+		n=(inl > B64_BLOCK_SIZE)?B64_BLOCK_SIZE:inl;
+
+		if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL)
+			{
+			if (ctx->tmp_len > 0)
+				{
+				n=3-ctx->tmp_len;
+				memcpy(&(ctx->tmp[ctx->tmp_len]),in,n);
+				ctx->tmp_len+=n;
+				n=ctx->tmp_len;
+				if (n < 3)
+					break;
+				ctx->buf_len=EVP_EncodeBlock(
+					(unsigned char *)ctx->buf,
+					(unsigned char *)ctx->tmp,n);
+				}
+			else
+				{
+				if (n < 3)
+					{
+					memcpy(&(ctx->tmp[0]),in,n);
+					ctx->tmp_len=n;
+					break;
+					}
+				n-=n%3;
+				ctx->buf_len=EVP_EncodeBlock(
+					(unsigned char *)ctx->buf,
+					(unsigned char *)in,n);
+				}
+			}
+		else
+			{
+			EVP_EncodeUpdate(&(ctx->base64),
+				(unsigned char *)ctx->buf,&ctx->buf_len,
+				(unsigned char *)in,n);
+			}
+		inl-=n;
+		in+=n;
+
+		ctx->buf_off=0;
+		n=ctx->buf_len;
+		while (n > 0)
+			{
+			i=BIO_write(b->next_bio,&(ctx->buf[ctx->buf_off]),n);
+			if (i <= 0)
+				{
+				BIO_copy_next_retry(b);
+				return((ret == 0)?i:ret);
+				}
+			n-=i;
+			ctx->buf_off+=i;
+			}
+		ctx->buf_len=0;
+		ctx->buf_off=0;
+		}
+	return(ret);
+	}
+
+static long b64_ctrl(BIO *b, int cmd, long num, char *ptr)
+	{
+	BIO_B64_CTX *ctx;
+	long ret=1;
+	int i;
+
+	ctx=(BIO_B64_CTX *)b->ptr;
+
+	switch (cmd)
+		{
+	case BIO_CTRL_RESET:
+		ctx->cont=1;
+		ctx->start=1;
+		ctx->encode=B64_NONE;
+		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+		break;
+	case BIO_CTRL_EOF:	/* More to read */
+		if (ctx->cont <= 0)
+			ret=1;
+		else
+			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+		break;
+	case BIO_CTRL_WPENDING: /* More to write in buffer */
+		ret=ctx->buf_len-ctx->buf_off;
+		if ((ret == 0) && (ctx->base64.num != 0))
+			ret=1;
+		else if (ret <= 0)
+			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+		break;
+	case BIO_CTRL_PENDING: /* More to read in buffer */
+		ret=ctx->buf_len-ctx->buf_off;
+		if (ret <= 0)
+			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+		break;
+	case BIO_CTRL_FLUSH:
+		/* do a final write */
+again:
+		while (ctx->buf_len != ctx->buf_off)
+			{
+			i=b64_write(b,NULL,0);
+			if (i < 0)
+				{
+				ret=i;
+				break;
+				}
+			}
+		if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL)
+			{
+			if (ctx->tmp_len != 0)
+				{
+				ctx->buf_len=EVP_EncodeBlock(
+					(unsigned char *)ctx->buf,
+					(unsigned char *)ctx->tmp,
+					ctx->tmp_len);
+				ctx->buf_off=0;
+				ctx->tmp_len=0;
+				goto again;
+				}
+			}
+		else if (ctx->base64.num != 0)
+			{
+			ctx->buf_off=0;
+			EVP_EncodeFinal(&(ctx->base64),
+				(unsigned char *)ctx->buf,
+				&(ctx->buf_len));
+			/* push out the bytes */
+			goto again;
+			}
+		/* Finally flush the underlying BIO */
+		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+		break;
+
+	case BIO_C_DO_STATE_MACHINE:
+		BIO_clear_retry_flags(b);
+		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+		BIO_copy_next_retry(b);
+		break;
+
+	case BIO_CTRL_DUP:
+		break;
+	case BIO_CTRL_INFO:
+	case BIO_CTRL_GET:
+	case BIO_CTRL_SET:
+	default:
+		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+		break;
+		}
+	return(ret);
+	}
+
diff --git a/crypto/openssl/crypto/evp/bio_enc.c b/crypto/openssl/crypto/evp/bio_enc.c
new file mode 100644
index 000000000000..0a7b1ecf07cb
--- /dev/null
+++ b/crypto/openssl/crypto/evp/bio_enc.c
@@ -0,0 +1,401 @@
+/* crypto/evp/bio_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+
+static int enc_write(BIO *h,char *buf,int num);
+static int enc_read(BIO *h,char *buf,int size);
+/*static int enc_puts(BIO *h,char *str); */
+/*static int enc_gets(BIO *h,char *str,int size); */
+static long enc_ctrl(BIO *h,int cmd,long arg1,char *arg2);
+static int enc_new(BIO *h);
+static int enc_free(BIO *data);
+#define ENC_BLOCK_SIZE	(1024*4)
+
+typedef struct enc_struct
+	{
+	int buf_len;
+	int buf_off;
+	int cont;		/* <= 0 when finished */
+	int finished;
+	int ok;			/* bad decrypt */
+	EVP_CIPHER_CTX cipher;
+	char buf[ENC_BLOCK_SIZE+10];
+	} BIO_ENC_CTX;
+
+static BIO_METHOD methods_enc=
+	{
+	BIO_TYPE_CIPHER,"cipher",
+	enc_write,
+	enc_read,
+	NULL, /* enc_puts, */
+	NULL, /* enc_gets, */
+	enc_ctrl,
+	enc_new,
+	enc_free,
+	};
+
+BIO_METHOD *BIO_f_cipher(void)
+	{
+	return(&methods_enc);
+	}
+
+static int enc_new(BIO *bi)
+	{
+	BIO_ENC_CTX *ctx;
+
+	ctx=(BIO_ENC_CTX *)Malloc(sizeof(BIO_ENC_CTX));
+	EVP_CIPHER_CTX_init(&ctx->cipher);
+	if (ctx == NULL) return(0);
+
+	ctx->buf_len=0;
+	ctx->buf_off=0;
+	ctx->cont=1;
+	ctx->finished=0;
+	ctx->ok=1;
+
+	bi->init=0;
+	bi->ptr=(char *)ctx;
+	bi->flags=0;
+	return(1);
+	}
+
+static int enc_free(BIO *a)
+	{
+	BIO_ENC_CTX *b;
+
+	if (a == NULL) return(0);
+	b=(BIO_ENC_CTX *)a->ptr;
+	EVP_CIPHER_CTX_cleanup(&(b->cipher));
+	memset(a->ptr,0,sizeof(BIO_ENC_CTX));
+	Free(a->ptr);
+	a->ptr=NULL;
+	a->init=0;
+	a->flags=0;
+	return(1);
+	}
+	
+static int enc_read(BIO *b, char *out, int outl)
+	{
+	int ret=0,i;
+	BIO_ENC_CTX *ctx;
+
+	if (out == NULL) return(0);
+	ctx=(BIO_ENC_CTX *)b->ptr;
+
+	if ((ctx == NULL) || (b->next_bio == NULL)) return(0);
+
+	/* First check if there are bytes decoded/encoded */
+	if (ctx->buf_len > 0)
+		{
+		i=ctx->buf_len-ctx->buf_off;
+		if (i > outl) i=outl;
+		memcpy(out,&(ctx->buf[ctx->buf_off]),i);
+		ret=i;
+		out+=i;
+		outl-=i;
+		ctx->buf_off+=i;
+		if (ctx->buf_len == ctx->buf_off)
+			{
+			ctx->buf_len=0;
+			ctx->buf_off=0;
+			}
+		}
+
+	/* At this point, we have room of outl bytes and an empty
+	 * buffer, so we should read in some more. */
+
+	while (outl > 0)
+		{
+		if (ctx->cont <= 0) break;
+
+		/* read in at offset 8, read the EVP_Cipher
+		 * documentation about why */
+		i=BIO_read(b->next_bio,&(ctx->buf[8]),ENC_BLOCK_SIZE);
+
+		if (i <= 0)
+			{
+			/* Should be continue next time we are called? */
+			if (!BIO_should_retry(b->next_bio))
+				{
+				ctx->cont=i;
+				i=EVP_CipherFinal(&(ctx->cipher),
+					(unsigned char *)ctx->buf,
+					&(ctx->buf_len));
+				ctx->ok=i;
+				ctx->buf_off=0;
+				}
+			else
+				ret=(ret == 0)?i:ret;
+			break;
+			}
+		else
+			{
+			EVP_CipherUpdate(&(ctx->cipher),
+				(unsigned char *)ctx->buf,&ctx->buf_len,
+				(unsigned char *)&(ctx->buf[8]),i);
+			ctx->cont=1;
+			}
+
+		if (ctx->buf_len <= outl)
+			i=ctx->buf_len;
+		else
+			i=outl;
+
+		if (i <= 0) break;
+		memcpy(out,ctx->buf,i);
+		ret+=i;
+		ctx->buf_off=i;
+		outl-=i;
+		out+=i;
+		}
+
+	BIO_clear_retry_flags(b);
+	BIO_copy_next_retry(b);
+	return((ret == 0)?ctx->cont:ret);
+	}
+
+static int enc_write(BIO *b, char *in, int inl)
+	{
+	int ret=0,n,i;
+	BIO_ENC_CTX *ctx;
+
+	ctx=(BIO_ENC_CTX *)b->ptr;
+	ret=inl;
+
+	BIO_clear_retry_flags(b);
+	n=ctx->buf_len-ctx->buf_off;
+	while (n > 0)
+		{
+		i=BIO_write(b->next_bio,&(ctx->buf[ctx->buf_off]),n);
+		if (i <= 0)
+			{
+			BIO_copy_next_retry(b);
+			return(i);
+			}
+		ctx->buf_off+=i;
+		n-=i;
+		}
+	/* at this point all pending data has been written */
+
+	if ((in == NULL) || (inl <= 0)) return(0);
+
+	ctx->buf_off=0;
+	while (inl > 0)
+		{
+		n=(inl > ENC_BLOCK_SIZE)?ENC_BLOCK_SIZE:inl;
+		EVP_CipherUpdate(&(ctx->cipher),
+			(unsigned char *)ctx->buf,&ctx->buf_len,
+			(unsigned char *)in,n);
+		inl-=n;
+		in+=n;
+
+		ctx->buf_off=0;
+		n=ctx->buf_len;
+		while (n > 0)
+			{
+			i=BIO_write(b->next_bio,&(ctx->buf[ctx->buf_off]),n);
+			if (i <= 0)
+				{
+				BIO_copy_next_retry(b);
+				return(i);
+				}
+			n-=i;
+			ctx->buf_off+=i;
+			}
+		ctx->buf_len=0;
+		ctx->buf_off=0;
+		}
+	BIO_copy_next_retry(b);
+	return(ret);
+	}
+
+static long enc_ctrl(BIO *b, int cmd, long num, char *ptr)
+	{
+	BIO *dbio;
+	BIO_ENC_CTX *ctx,*dctx;
+	long ret=1;
+	int i;
+	EVP_CIPHER_CTX **c_ctx;
+
+	ctx=(BIO_ENC_CTX *)b->ptr;
+
+	switch (cmd)
+		{
+	case BIO_CTRL_RESET:
+		ctx->ok=1;
+		ctx->finished=0;
+		EVP_CipherInit(&(ctx->cipher),NULL,NULL,NULL,
+			ctx->cipher.encrypt);
+		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+		break;
+	case BIO_CTRL_EOF:	/* More to read */
+		if (ctx->cont <= 0)
+			ret=1;
+		else
+			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+		break;
+	case BIO_CTRL_WPENDING:
+		ret=ctx->buf_len-ctx->buf_off;
+		if (ret <= 0)
+			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+		break;
+	case BIO_CTRL_PENDING: /* More to read in buffer */
+		ret=ctx->buf_len-ctx->buf_off;
+		if (ret <= 0)
+			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+		break;
+	case BIO_CTRL_FLUSH:
+		/* do a final write */
+again:
+		while (ctx->buf_len != ctx->buf_off)
+			{
+			i=enc_write(b,NULL,0);
+			if (i < 0)
+				{
+				ret=i;
+				break;
+				}
+			}
+
+		if (!ctx->finished)
+			{
+			ctx->finished=1;
+			ctx->buf_off=0;
+			ret=EVP_CipherFinal(&(ctx->cipher),
+				(unsigned char *)ctx->buf,
+				&(ctx->buf_len));
+			ctx->ok=(int)ret;
+			if (ret <= 0) break;
+
+			/* push out the bytes */
+			goto again;
+			}
+		
+		/* Finally flush the underlying BIO */
+		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+		break;
+	case BIO_C_GET_CIPHER_STATUS:
+		ret=(long)ctx->ok;
+		break;
+	case BIO_C_DO_STATE_MACHINE:
+		BIO_clear_retry_flags(b);
+		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+		BIO_copy_next_retry(b);
+		break;
+	case BIO_C_GET_CIPHER_CTX:
+		c_ctx=(EVP_CIPHER_CTX **)ptr;
+		(*c_ctx)= &(ctx->cipher);
+		b->init=1;
+		break;
+	case BIO_CTRL_DUP:
+		dbio=(BIO *)ptr;
+		dctx=(BIO_ENC_CTX *)dbio->ptr;
+		memcpy(&(dctx->cipher),&(ctx->cipher),sizeof(ctx->cipher));
+		dbio->init=1;
+		break;
+	default:
+		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+		break;
+		}
+	return(ret);
+	}
+
+/*
+void BIO_set_cipher_ctx(b,c)
+BIO *b;
+EVP_CIPHER_ctx *c;
+	{
+	if (b == NULL) return;
+
+	if ((b->callback != NULL) &&
+		(b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,0L) <= 0))
+		return;
+
+	b->init=1;
+	ctx=(BIO_ENC_CTX *)b->ptr;
+	memcpy(ctx->cipher,c,sizeof(EVP_CIPHER_CTX));
+	
+	if (b->callback != NULL)
+		b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,1L);
+	}
+*/
+
+void BIO_set_cipher(BIO *b, const EVP_CIPHER *c, unsigned char *k,
+	     unsigned char *i, int e)
+	{
+	BIO_ENC_CTX *ctx;
+
+	if (b == NULL) return;
+
+	if ((b->callback != NULL) &&
+		(b->callback(b,BIO_CB_CTRL,(const char *)c,BIO_CTRL_SET,e,0L) <= 0))
+		return;
+
+	b->init=1;
+	ctx=(BIO_ENC_CTX *)b->ptr;
+	EVP_CipherInit(&(ctx->cipher),c,k,i,e);
+	
+	if (b->callback != NULL)
+		b->callback(b,BIO_CB_CTRL,(const char *)c,BIO_CTRL_SET,e,1L);
+	}
+
diff --git a/crypto/openssl/crypto/evp/bio_md.c b/crypto/openssl/crypto/evp/bio_md.c
new file mode 100644
index 000000000000..317167f9c46d
--- /dev/null
+++ b/crypto/openssl/crypto/evp/bio_md.c
@@ -0,0 +1,244 @@
+/* crypto/evp/bio_md.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+
+/* BIO_put and BIO_get both add to the digest,
+ * BIO_gets returns the digest */
+
+static int md_write(BIO *h,char *buf,int num);
+static int md_read(BIO *h,char *buf,int size);
+/*static int md_puts(BIO *h,char *str); */
+static int md_gets(BIO *h,char *str,int size);
+static long md_ctrl(BIO *h,int cmd,long arg1,char *arg2);
+static int md_new(BIO *h);
+static int md_free(BIO *data);
+static BIO_METHOD methods_md=
+	{
+	BIO_TYPE_MD,"message digest",
+	md_write,
+	md_read,
+	NULL, /* md_puts, */
+	md_gets,
+	md_ctrl,
+	md_new,
+	md_free,
+	};
+
+BIO_METHOD *BIO_f_md(void)
+	{
+	return(&methods_md);
+	}
+
+static int md_new(BIO *bi)
+	{
+	EVP_MD_CTX *ctx;
+
+	ctx=(EVP_MD_CTX *)Malloc(sizeof(EVP_MD_CTX));
+	if (ctx == NULL) return(0);
+
+	bi->init=0;
+	bi->ptr=(char *)ctx;
+	bi->flags=0;
+	return(1);
+	}
+
+static int md_free(BIO *a)
+	{
+	if (a == NULL) return(0);
+	Free(a->ptr);
+	a->ptr=NULL;
+	a->init=0;
+	a->flags=0;
+	return(1);
+	}
+	
+static int md_read(BIO *b, char *out, int outl)
+	{
+	int ret=0;
+	EVP_MD_CTX *ctx;
+
+	if (out == NULL) return(0);
+	ctx=(EVP_MD_CTX *)b->ptr;
+
+	if ((ctx == NULL) || (b->next_bio == NULL)) return(0);
+
+	ret=BIO_read(b->next_bio,out,outl);
+	if (b->init)
+		{
+		if (ret > 0)
+			{
+			EVP_DigestUpdate(ctx,(unsigned char *)out,
+				(unsigned int)ret);
+			}
+		}
+	BIO_clear_retry_flags(b);
+	BIO_copy_next_retry(b);
+	return(ret);
+	}
+
+static int md_write(BIO *b, char *in, int inl)
+	{
+	int ret=0;
+	EVP_MD_CTX *ctx;
+
+	if ((in == NULL) || (inl <= 0)) return(0);
+	ctx=(EVP_MD_CTX *)b->ptr;
+
+	if ((ctx != NULL) && (b->next_bio != NULL))
+		ret=BIO_write(b->next_bio,in,inl);
+	if (b->init)
+		{
+		if (ret > 0)
+			{
+			EVP_DigestUpdate(ctx,(unsigned char *)in,
+				(unsigned int)ret);
+			}
+		}
+	BIO_clear_retry_flags(b);
+	BIO_copy_next_retry(b);
+	return(ret);
+	}
+
+static long md_ctrl(BIO *b, int cmd, long num, char *ptr)
+	{
+	EVP_MD_CTX *ctx,*dctx,**pctx;
+	const EVP_MD **ppmd;
+	EVP_MD *md;
+	long ret=1;
+	BIO *dbio;
+
+	ctx=(EVP_MD_CTX *)b->ptr;
+
+	switch (cmd)
+		{
+	case BIO_CTRL_RESET:
+		if (b->init)
+			EVP_DigestInit(ctx,ctx->digest);
+		else
+			ret=0;
+		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+		break;
+	case BIO_C_GET_MD:
+		if (b->init)
+			{
+			ppmd=(const EVP_MD **)ptr;
+			*ppmd=ctx->digest;
+			}
+		else
+			ret=0;
+		break;
+	case BIO_C_GET_MD_CTX:
+		if (b->init)
+			{
+			pctx=(EVP_MD_CTX **)ptr;
+			*pctx=ctx;
+			}
+		else
+			ret=0;
+		break;
+	case BIO_C_DO_STATE_MACHINE:
+		BIO_clear_retry_flags(b);
+		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+		BIO_copy_next_retry(b);
+		break;
+
+	case BIO_C_SET_MD:
+		md=(EVP_MD *)ptr;
+		EVP_DigestInit(ctx,md);
+		b->init=1;
+		break;
+	case BIO_CTRL_DUP:
+		dbio=(BIO *)ptr;
+		dctx=(EVP_MD_CTX *)dbio->ptr;
+		memcpy(dctx,ctx,sizeof(ctx));
+		b->init=1;
+		break;
+	default:
+		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+		break;
+		}
+	return(ret);
+	}
+
+static int md_gets(BIO *bp, char *buf, int size)
+	{
+	EVP_MD_CTX *ctx;
+	unsigned int ret;
+
+
+	ctx=(EVP_MD_CTX *)bp->ptr;
+	if (size < ctx->digest->md_size)
+		return(0);
+	EVP_DigestFinal(ctx,(unsigned char *)buf,&ret);
+	return((int)ret);
+	}
+
+/*
+static int md_puts(bp,str)
+BIO *bp;
+char *str;
+	{
+	return(-1);
+	}
+*/
+
diff --git a/crypto/openssl/crypto/evp/bio_ok.c b/crypto/openssl/crypto/evp/bio_ok.c
new file mode 100644
index 000000000000..101275d64870
--- /dev/null
+++ b/crypto/openssl/crypto/evp/bio_ok.c
@@ -0,0 +1,552 @@
+/* crypto/evp/bio_ok.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/*
+	From: Arne Ansper 
+
+	Why BIO_f_reliable?
+
+	I wrote function which took BIO* as argument, read data from it
+	and processed it. Then I wanted to store the input file in 
+	encrypted form. OK I pushed BIO_f_cipher to the BIO stack
+	and everything was OK. BUT if user types wrong password 
+	BIO_f_cipher outputs only garbage and my function crashes. Yes
+	I can and I should fix my function, but BIO_f_cipher is 
+	easy way to add encryption support to many exisiting applications
+	and it's hard to debug and fix them all. 
+
+	So I wanted another BIO which would catch the incorrect passwords and
+	file damages which cause garbage on BIO_f_cipher's output. 
+
+	The easy way is to push the BIO_f_md and save the checksum at 
+	the end of the file. However there are several problems with this
+	approach:
+
+	1) you must somehow separate checksum from actual data. 
+	2) you need lot's of memory when reading the file, because you 
+	must read to the end of the file and verify the checksum before
+	leting the application to read the data. 
+	
+	BIO_f_reliable tries to solve both problems, so that you can 
+	read and write arbitraly long streams using only fixed amount
+	of memory.
+
+	BIO_f_reliable splits data stream into blocks. Each block is prefixed
+	with it's length and suffixed with it's digest. So you need only 
+	several Kbytes of memory to buffer single block before verifying 
+	it's digest. 
+
+	BIO_f_reliable goes futher and adds several important capabilities:
+
+	1) the digest of the block is computed over the whole stream 
+	-- so nobody can rearrange the blocks or remove or replace them.
+
+	2) to detect invalid passwords right at the start BIO_f_reliable 
+	adds special prefix to the stream. In order to avoid known plain-text
+	attacks this prefix is generated as follows:
+
+		*) digest is initialized with random seed instead of 
+		standardized one.
+		*) same seed is written to ouput
+		*) well-known text is then hashed and the output 
+		of the digest is also written to output.
+
+	reader can now read the seed from stream, hash the same string
+	and then compare the digest output.
+
+	Bad things: BIO_f_reliable knows what's going on in EVP_Digest. I 
+	initialy wrote and tested this code on x86 machine and wrote the
+	digests out in machine-dependent order :( There are people using
+	this code and I cannot change this easily without making existing
+	data files unreadable.
+
+*/
+
+#include 
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+#include 
+
+static int ok_write(BIO *h,char *buf,int num);
+static int ok_read(BIO *h,char *buf,int size);
+static long ok_ctrl(BIO *h,int cmd,long arg1,char *arg2);
+static int ok_new(BIO *h);
+static int ok_free(BIO *data);
+static void sig_out(BIO* b);
+static void sig_in(BIO* b);
+static void block_out(BIO* b);
+static void block_in(BIO* b);
+#define OK_BLOCK_SIZE	(1024*4)
+#define OK_BLOCK_BLOCK	4
+#define IOBS		(OK_BLOCK_SIZE+ OK_BLOCK_BLOCK+ 3*EVP_MAX_MD_SIZE)
+#define WELLKNOWN "The quick brown fox jumped over the lazy dog's back."
+
+#ifndef L_ENDIAN
+#define swapem(x) \
+	((unsigned long int)((((unsigned long int)(x) & 0x000000ffU) << 24) | \
+			     (((unsigned long int)(x) & 0x0000ff00U) <<  8) | \
+			     (((unsigned long int)(x) & 0x00ff0000U) >>  8) | \
+			     (((unsigned long int)(x) & 0xff000000U) >> 24)))
+#else
+#define swapem(x) (x)
+#endif
+
+typedef struct ok_struct
+	{
+	int buf_len;
+	int buf_off;
+	int buf_len_save;
+	int buf_off_save;
+	int cont;		/* <= 0 when finished */
+	int finished;
+	EVP_MD_CTX md;
+	int blockout;		/* output block is ready */ 
+	int sigio;		/* must process signature */
+	char buf[IOBS];
+	} BIO_OK_CTX;
+
+static BIO_METHOD methods_ok=
+	{
+	BIO_TYPE_CIPHER,"reliable",
+	ok_write,
+	ok_read,
+	NULL, /* ok_puts, */
+	NULL, /* ok_gets, */
+	ok_ctrl,
+	ok_new,
+	ok_free,
+	};
+
+BIO_METHOD *BIO_f_reliable(void)
+	{
+	return(&methods_ok);
+	}
+
+static int ok_new(BIO *bi)
+	{
+	BIO_OK_CTX *ctx;
+
+	ctx=(BIO_OK_CTX *)Malloc(sizeof(BIO_OK_CTX));
+	if (ctx == NULL) return(0);
+
+	ctx->buf_len=0;
+	ctx->buf_off=0;
+	ctx->buf_len_save=0;
+	ctx->buf_off_save=0;
+	ctx->cont=1;
+	ctx->finished=0;
+	ctx->blockout= 0;
+	ctx->sigio=1;
+
+	bi->init=0;
+	bi->ptr=(char *)ctx;
+	bi->flags=0;
+	return(1);
+	}
+
+static int ok_free(BIO *a)
+	{
+	if (a == NULL) return(0);
+	memset(a->ptr,0,sizeof(BIO_OK_CTX));
+	Free(a->ptr);
+	a->ptr=NULL;
+	a->init=0;
+	a->flags=0;
+	return(1);
+	}
+	
+static int ok_read(BIO *b, char *out, int outl)
+	{
+	int ret=0,i,n;
+	BIO_OK_CTX *ctx;
+
+	if (out == NULL) return(0);
+	ctx=(BIO_OK_CTX *)b->ptr;
+
+	if ((ctx == NULL) || (b->next_bio == NULL) || (b->init == 0)) return(0);
+
+	while(outl > 0)
+		{
+
+		/* copy clean bytes to output buffer */
+		if (ctx->blockout)
+			{
+			i=ctx->buf_len-ctx->buf_off;
+			if (i > outl) i=outl;
+			memcpy(out,&(ctx->buf[ctx->buf_off]),i);
+			ret+=i;
+			out+=i;
+			outl-=i;
+			ctx->buf_off+=i;
+
+			/* all clean bytes are out */
+			if (ctx->buf_len == ctx->buf_off)
+				{
+				ctx->buf_off=0;
+
+				/* copy start of the next block into proper place */
+				if(ctx->buf_len_save- ctx->buf_off_save > 0)
+					{
+					ctx->buf_len= ctx->buf_len_save- ctx->buf_off_save;
+					memmove(ctx->buf, &(ctx->buf[ctx->buf_off_save]),
+							ctx->buf_len);
+					}
+				else
+					{
+					ctx->buf_len=0;
+					}
+				ctx->blockout= 0;
+				}
+			}
+	
+		/* output buffer full -- cancel */
+		if (outl == 0) break;
+
+		/* no clean bytes in buffer -- fill it */
+		n=IOBS- ctx->buf_len;
+		i=BIO_read(b->next_bio,&(ctx->buf[ctx->buf_len]),n);
+
+		if (i <= 0) break;	/* nothing new */
+
+		ctx->buf_len+= i;
+
+		/* no signature yet -- check if we got one */
+		if (ctx->sigio == 1) sig_in(b);
+
+		/* signature ok -- check if we got block */
+		if (ctx->sigio == 0) block_in(b);
+
+		/* invalid block -- cancel */
+		if (ctx->cont <= 0) break;
+
+		}
+
+	BIO_clear_retry_flags(b);
+	BIO_copy_next_retry(b);
+	return(ret);
+	}
+
+static int ok_write(BIO *b, char *in, int inl)
+	{
+	int ret=0,n,i;
+	BIO_OK_CTX *ctx;
+
+	ctx=(BIO_OK_CTX *)b->ptr;
+	ret=inl;
+
+	if ((ctx == NULL) || (b->next_bio == NULL) || (b->init == 0)) return(0);
+
+	if(ctx->sigio) sig_out(b);
+
+	do{
+		BIO_clear_retry_flags(b);
+		n=ctx->buf_len-ctx->buf_off;
+		while (ctx->blockout && n > 0)
+			{
+			i=BIO_write(b->next_bio,&(ctx->buf[ctx->buf_off]),n);
+			if (i <= 0)
+				{
+				BIO_copy_next_retry(b);
+				if(!BIO_should_retry(b))
+					ctx->cont= 0;
+				return(i);
+				}
+			ctx->buf_off+=i;
+			n-=i;
+			}
+
+		/* at this point all pending data has been written */
+		ctx->blockout= 0;
+		if (ctx->buf_len == ctx->buf_off)
+			{
+			ctx->buf_len=OK_BLOCK_BLOCK;
+			ctx->buf_off=0;
+			}
+	
+		if ((in == NULL) || (inl <= 0)) return(0);
+
+		n= (inl+ ctx->buf_len > OK_BLOCK_SIZE+ OK_BLOCK_BLOCK) ? 
+				OK_BLOCK_SIZE+ OK_BLOCK_BLOCK- ctx->buf_len : inl;
+
+		memcpy((unsigned char *)(&(ctx->buf[ctx->buf_len])),(unsigned char *)in,n);
+		ctx->buf_len+= n;
+		inl-=n;
+		in+=n;
+
+		if(ctx->buf_len >= OK_BLOCK_SIZE+ OK_BLOCK_BLOCK)
+			{
+			block_out(b);
+			}
+	}while(inl > 0);
+
+	BIO_clear_retry_flags(b);
+	BIO_copy_next_retry(b);
+	return(ret);
+	}
+
+static long ok_ctrl(BIO *b, int cmd, long num, char *ptr)
+	{
+	BIO_OK_CTX *ctx;
+	EVP_MD *md;
+	const EVP_MD **ppmd;
+	long ret=1;
+	int i;
+
+	ctx=(BIO_OK_CTX *)b->ptr;
+
+	switch (cmd)
+		{
+	case BIO_CTRL_RESET:
+		ctx->buf_len=0;
+		ctx->buf_off=0;
+		ctx->buf_len_save=0;
+		ctx->buf_off_save=0;
+		ctx->cont=1;
+		ctx->finished=0;
+		ctx->blockout= 0;
+		ctx->sigio=1;
+		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+		break;
+	case BIO_CTRL_EOF:	/* More to read */
+		if (ctx->cont <= 0)
+			ret=1;
+		else
+			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+		break;
+	case BIO_CTRL_PENDING: /* More to read in buffer */
+	case BIO_CTRL_WPENDING: /* More to read in buffer */
+		ret=ctx->blockout ? ctx->buf_len-ctx->buf_off : 0;
+		if (ret <= 0)
+			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+		break;
+	case BIO_CTRL_FLUSH:
+		/* do a final write */
+		if(ctx->blockout == 0)
+			block_out(b);
+
+		while (ctx->blockout)
+			{
+			i=ok_write(b,NULL,0);
+			if (i < 0)
+				{
+				ret=i;
+				break;
+				}
+			}
+
+		ctx->finished=1;
+		ctx->buf_off=ctx->buf_len=0;
+		ctx->cont=(int)ret;
+		
+		/* Finally flush the underlying BIO */
+		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+		break;
+	case BIO_C_DO_STATE_MACHINE:
+		BIO_clear_retry_flags(b);
+		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+		BIO_copy_next_retry(b);
+		break;
+	case BIO_CTRL_INFO:
+		ret=(long)ctx->cont;
+		break;
+	case BIO_C_SET_MD:
+		md=(EVP_MD *)ptr;
+		EVP_DigestInit(&(ctx->md),md);
+		b->init=1;
+		break;
+	case BIO_C_GET_MD:
+		if (b->init)
+			{
+			ppmd=(const EVP_MD **)ptr;
+			*ppmd=ctx->md.digest;
+			}
+		else
+			ret=0;
+		break;
+	default:
+		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+		break;
+		}
+	return(ret);
+	}
+
+static void longswap(void *_ptr, int len)
+{
+#ifndef L_ENDIAN
+	int i;
+	char *ptr=_ptr;
+
+	for(i= 0;i < len;i+= 4){
+		*((unsigned long *)&(ptr[i]))= swapem(*((unsigned long *)&(ptr[i])));
+	}
+#endif
+}
+
+static void sig_out(BIO* b)
+	{
+	BIO_OK_CTX *ctx;
+	EVP_MD_CTX *md;
+
+	ctx=(BIO_OK_CTX *)b->ptr;
+	md= &(ctx->md);
+
+	if(ctx->buf_len+ 2* md->digest->md_size > OK_BLOCK_SIZE) return;
+
+	EVP_DigestInit(md, md->digest);
+	RAND_bytes(&(md->md.base[0]), md->digest->md_size);
+	memcpy(&(ctx->buf[ctx->buf_len]), &(md->md.base[0]), md->digest->md_size);
+	longswap(&(ctx->buf[ctx->buf_len]), md->digest->md_size);
+	ctx->buf_len+= md->digest->md_size;
+
+	EVP_DigestUpdate(md, (unsigned char*)WELLKNOWN, strlen(WELLKNOWN));
+	md->digest->final(&(ctx->buf[ctx->buf_len]), &(md->md.base[0]));
+	ctx->buf_len+= md->digest->md_size;
+	ctx->blockout= 1;
+	ctx->sigio= 0;
+	}
+
+static void sig_in(BIO* b)
+	{
+	BIO_OK_CTX *ctx;
+	EVP_MD_CTX *md;
+	unsigned char tmp[EVP_MAX_MD_SIZE];
+	int ret= 0;
+
+	ctx=(BIO_OK_CTX *)b->ptr;
+	md= &(ctx->md);
+
+	if(ctx->buf_len- ctx->buf_off < 2* md->digest->md_size) return;
+
+	EVP_DigestInit(md, md->digest);
+	memcpy(&(md->md.base[0]), &(ctx->buf[ctx->buf_off]), md->digest->md_size);
+	longswap(&(md->md.base[0]), md->digest->md_size);
+	ctx->buf_off+= md->digest->md_size;
+
+	EVP_DigestUpdate(md, (unsigned char*)WELLKNOWN, strlen(WELLKNOWN));
+	md->digest->final(tmp, &(md->md.base[0]));
+	ret= memcmp(&(ctx->buf[ctx->buf_off]), tmp, md->digest->md_size) == 0;
+	ctx->buf_off+= md->digest->md_size;
+	if(ret == 1)
+		{
+		ctx->sigio= 0;
+		if(ctx->buf_len != ctx->buf_off)
+			{
+			memmove(ctx->buf, &(ctx->buf[ctx->buf_off]), ctx->buf_len- ctx->buf_off);
+			}
+		ctx->buf_len-= ctx->buf_off;
+		ctx->buf_off= 0;
+		}
+	else
+		{
+		ctx->cont= 0;
+		}
+	}
+
+static void block_out(BIO* b)
+	{
+	BIO_OK_CTX *ctx;
+	EVP_MD_CTX *md;
+	unsigned long tl;
+
+	ctx=(BIO_OK_CTX *)b->ptr;
+	md= &(ctx->md);
+
+	tl= ctx->buf_len- OK_BLOCK_BLOCK;
+	tl= swapem(tl);
+	memcpy(ctx->buf, &tl, OK_BLOCK_BLOCK);
+	tl= swapem(tl);
+	EVP_DigestUpdate(md, (unsigned char*) &(ctx->buf[OK_BLOCK_BLOCK]), tl);
+	md->digest->final(&(ctx->buf[ctx->buf_len]), &(md->md.base[0]));
+	ctx->buf_len+= md->digest->md_size;
+	ctx->blockout= 1;
+	}
+
+static void block_in(BIO* b)
+	{
+	BIO_OK_CTX *ctx;
+	EVP_MD_CTX *md;
+	long tl= 0;
+	unsigned char tmp[EVP_MAX_MD_SIZE];
+
+	ctx=(BIO_OK_CTX *)b->ptr;
+	md= &(ctx->md);
+
+	memcpy(&tl, ctx->buf, OK_BLOCK_BLOCK);
+	tl= swapem(tl);
+	if (ctx->buf_len < tl+ OK_BLOCK_BLOCK+ md->digest->md_size) return;
+ 
+	EVP_DigestUpdate(md, (unsigned char*) &(ctx->buf[OK_BLOCK_BLOCK]), tl);
+	md->digest->final(tmp, &(md->md.base[0]));
+	if(memcmp(&(ctx->buf[tl+ OK_BLOCK_BLOCK]), tmp, md->digest->md_size) == 0)
+		{
+		/* there might be parts from next block lurking around ! */
+		ctx->buf_off_save= tl+ OK_BLOCK_BLOCK+ md->digest->md_size;
+		ctx->buf_len_save= ctx->buf_len;
+		ctx->buf_off= OK_BLOCK_BLOCK;
+		ctx->buf_len= tl+ OK_BLOCK_BLOCK;
+		ctx->blockout= 1;
+		}
+	else
+		{
+		ctx->cont= 0;
+		}
+	}
+
diff --git a/crypto/openssl/crypto/evp/c_all.c b/crypto/openssl/crypto/evp/c_all.c
new file mode 100644
index 000000000000..a4d3b43fb9d4
--- /dev/null
+++ b/crypto/openssl/crypto/evp/c_all.c
@@ -0,0 +1,193 @@
+/* crypto/evp/c_all.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+
+void SSLeay_add_all_algorithms(void)
+	{
+	SSLeay_add_all_ciphers();
+	SSLeay_add_all_digests();
+	}
+
+void SSLeay_add_all_ciphers(void)
+	{
+#ifndef NO_DES
+	EVP_add_cipher(EVP_des_cfb());
+	EVP_add_cipher(EVP_des_ede_cfb());
+	EVP_add_cipher(EVP_des_ede3_cfb());
+
+	EVP_add_cipher(EVP_des_ofb());
+	EVP_add_cipher(EVP_des_ede_ofb());
+	EVP_add_cipher(EVP_des_ede3_ofb());
+
+	EVP_add_cipher(EVP_desx_cbc());
+	EVP_add_cipher_alias(SN_desx_cbc,"DESX");
+	EVP_add_cipher_alias(SN_desx_cbc,"desx");
+
+	EVP_add_cipher(EVP_des_cbc());
+	EVP_add_cipher_alias(SN_des_cbc,"DES");
+	EVP_add_cipher_alias(SN_des_cbc,"des");
+	EVP_add_cipher(EVP_des_ede_cbc());
+	EVP_add_cipher(EVP_des_ede3_cbc());
+	EVP_add_cipher_alias(SN_des_ede3_cbc,"DES3");
+	EVP_add_cipher_alias(SN_des_ede3_cbc,"des3");
+
+	EVP_add_cipher(EVP_des_ecb());
+	EVP_add_cipher(EVP_des_ede());
+	EVP_add_cipher(EVP_des_ede3());
+#endif
+
+#ifndef NO_RC4
+	EVP_add_cipher(EVP_rc4());
+	EVP_add_cipher(EVP_rc4_40());
+#endif
+
+#ifndef NO_IDEA
+	EVP_add_cipher(EVP_idea_ecb());
+	EVP_add_cipher(EVP_idea_cfb());
+	EVP_add_cipher(EVP_idea_ofb());
+	EVP_add_cipher(EVP_idea_cbc());
+	EVP_add_cipher_alias(SN_idea_cbc,"IDEA");
+	EVP_add_cipher_alias(SN_idea_cbc,"idea");
+#endif
+
+#ifndef NO_RC2
+	EVP_add_cipher(EVP_rc2_ecb());
+	EVP_add_cipher(EVP_rc2_cfb());
+	EVP_add_cipher(EVP_rc2_ofb());
+	EVP_add_cipher(EVP_rc2_cbc());
+	EVP_add_cipher(EVP_rc2_40_cbc());
+	EVP_add_cipher(EVP_rc2_64_cbc());
+	EVP_add_cipher_alias(SN_rc2_cbc,"RC2");
+	EVP_add_cipher_alias(SN_rc2_cbc,"rc2");
+#endif
+
+#ifndef NO_BF
+	EVP_add_cipher(EVP_bf_ecb());
+	EVP_add_cipher(EVP_bf_cfb());
+	EVP_add_cipher(EVP_bf_ofb());
+	EVP_add_cipher(EVP_bf_cbc());
+	EVP_add_cipher_alias(SN_bf_cbc,"BF");
+	EVP_add_cipher_alias(SN_bf_cbc,"bf");
+	EVP_add_cipher_alias(SN_bf_cbc,"blowfish");
+#endif
+
+#ifndef NO_CAST
+	EVP_add_cipher(EVP_cast5_ecb());
+	EVP_add_cipher(EVP_cast5_cfb());
+	EVP_add_cipher(EVP_cast5_ofb());
+	EVP_add_cipher(EVP_cast5_cbc());
+	EVP_add_cipher_alias(SN_cast5_cbc,"CAST");
+	EVP_add_cipher_alias(SN_cast5_cbc,"cast");
+	EVP_add_cipher_alias(SN_cast5_cbc,"CAST-cbc");
+	EVP_add_cipher_alias(SN_cast5_cbc,"cast-cbc");
+#endif
+
+#ifndef NO_RC5
+	EVP_add_cipher(EVP_rc5_32_12_16_ecb());
+	EVP_add_cipher(EVP_rc5_32_12_16_cfb());
+	EVP_add_cipher(EVP_rc5_32_12_16_ofb());
+	EVP_add_cipher(EVP_rc5_32_12_16_cbc());
+	EVP_add_cipher_alias(SN_rc5_cbc,"rc5");
+	EVP_add_cipher_alias(SN_rc5_cbc,"RC5");
+#endif
+	}
+
+
+void SSLeay_add_all_digests(void)
+	{
+#ifndef NO_MD2
+	EVP_add_digest(EVP_md2());
+#endif
+#ifndef NO_MD5
+	EVP_add_digest(EVP_md5());
+	EVP_add_digest_alias(SN_md5,"ssl2-md5");
+	EVP_add_digest_alias(SN_md5,"ssl3-md5");
+#endif
+#ifndef NO_SHA
+	EVP_add_digest(EVP_sha());
+#ifndef NO_DSA
+	EVP_add_digest(EVP_dss());
+#endif
+#endif
+#ifndef NO_SHA
+	EVP_add_digest(EVP_sha1());
+	EVP_add_digest_alias(SN_sha1,"ssl3-sha1");
+	EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA);
+#ifndef NO_DSA
+	EVP_add_digest(EVP_dss1());
+	EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2);
+	EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1");
+	EVP_add_digest_alias(SN_dsaWithSHA1,"dss1");
+#endif
+#endif
+#if !defined(NO_MDC2) && !defined(NO_DES)
+	EVP_add_digest(EVP_mdc2());
+#endif
+#ifndef NO_RIPEMD
+	EVP_add_digest(EVP_ripemd160());
+	EVP_add_digest_alias(SN_ripemd160,"ripemd");
+	EVP_add_digest_alias(SN_ripemd160,"rmd160");
+#endif
+	PKCS12_PBE_add();
+	PKCS5_PBE_add();
+	}
diff --git a/crypto/openssl/crypto/evp/digest.c b/crypto/openssl/crypto/evp/digest.c
new file mode 100644
index 000000000000..c560733568c7
--- /dev/null
+++ b/crypto/openssl/crypto/evp/digest.c
@@ -0,0 +1,92 @@
+/* crypto/evp/digest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+
+void EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type)
+	{
+	ctx->digest=type;
+	type->init(&(ctx->md));
+	}
+
+void EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data,
+	     unsigned int count)
+	{
+	ctx->digest->update(&(ctx->md.base[0]),data,(unsigned long)count);
+	}
+
+void EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
+	{
+	ctx->digest->final(md,&(ctx->md.base[0]));
+	if (size != NULL)
+		*size=ctx->digest->md_size;
+	memset(&(ctx->md),0,sizeof(ctx->md));
+	}
+
+int EVP_MD_CTX_copy(EVP_MD_CTX *out, EVP_MD_CTX *in)
+{
+    if ((in == NULL) || (in->digest == NULL)) {
+        EVPerr(EVP_F_EVP_MD_CTX_COPY,EVP_R_INPUT_NOT_INITIALIZED);
+	return 0;
+    }
+    memcpy((char *)out,(char *)in,in->digest->ctx_size);
+    return 1;
+}    
diff --git a/crypto/openssl/crypto/evp/e_cbc_3d.c b/crypto/openssl/crypto/evp/e_cbc_3d.c
new file mode 100644
index 000000000000..02ccc6dc907a
--- /dev/null
+++ b/crypto/openssl/crypto/evp/e_cbc_3d.c
@@ -0,0 +1,151 @@
+/* crypto/evp/e_cbc_3d.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef NO_DES
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+
+static void des_cbc_ede_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	unsigned char *iv,int enc);
+static void des_cbc_ede3_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	unsigned char *iv,int enc);
+static void des_cbc_ede_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	unsigned char *in, unsigned int inl);
+static EVP_CIPHER d_cbc_ede_cipher2=
+	{
+	NID_des_ede_cbc,
+	8,16,8,
+	des_cbc_ede_init_key,
+	des_cbc_ede_cipher,
+	NULL,
+	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+		sizeof((((EVP_CIPHER_CTX *)NULL)->c.des_ede)),
+	EVP_CIPHER_set_asn1_iv,
+	EVP_CIPHER_get_asn1_iv,
+	};
+
+static EVP_CIPHER d_cbc_ede_cipher3=
+	{
+	NID_des_ede3_cbc,
+	8,24,8,
+	des_cbc_ede3_init_key,
+	des_cbc_ede_cipher,
+	NULL,
+	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+		sizeof((((EVP_CIPHER_CTX *)NULL)->c.des_ede)),
+	EVP_CIPHER_set_asn1_iv,
+	EVP_CIPHER_get_asn1_iv,
+	};
+
+EVP_CIPHER *EVP_des_ede_cbc(void)
+	{
+	return(&d_cbc_ede_cipher2);
+	}
+
+EVP_CIPHER *EVP_des_ede3_cbc(void)
+	{
+	return(&d_cbc_ede_cipher3);
+	}
+	
+static void des_cbc_ede_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	     unsigned char *iv, int enc)
+	{
+	des_cblock *deskey = (des_cblock *)key;
+
+	if (iv != NULL)
+		memcpy(&(ctx->oiv[0]),iv,8);
+	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
+
+	if (deskey != NULL)
+		{
+		des_set_key(&deskey[0],ctx->c.des_ede.ks1);
+		des_set_key(&deskey[1],ctx->c.des_ede.ks2);
+		memcpy( (char *)ctx->c.des_ede.ks3,
+			(char *)ctx->c.des_ede.ks1,
+			sizeof(ctx->c.des_ede.ks1));
+		}
+	}
+
+static void des_cbc_ede3_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	     unsigned char *iv, int enc)
+	{
+	des_cblock *deskey = (des_cblock *)key;
+
+	if (iv != NULL)
+		memcpy(&(ctx->oiv[0]),iv,8);
+	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
+
+	if (deskey != NULL)
+		{
+		des_set_key(&deskey[0],ctx->c.des_ede.ks1);
+		des_set_key(&deskey[1],ctx->c.des_ede.ks2);
+		des_set_key(&deskey[2],ctx->c.des_ede.ks3);
+		}
+	}
+
+static void des_cbc_ede_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	     unsigned char *in, unsigned int inl)
+	{
+	des_ede3_cbc_encrypt(in,out,inl, ctx->c.des_ede.ks1,
+		ctx->c.des_ede.ks2,ctx->c.des_ede.ks3,
+		(des_cblock *) &(ctx->iv[0]),
+		ctx->encrypt);
+	}
+#endif
diff --git a/crypto/openssl/crypto/evp/e_cbc_bf.c b/crypto/openssl/crypto/evp/e_cbc_bf.c
new file mode 100644
index 000000000000..9bcba3c516bb
--- /dev/null
+++ b/crypto/openssl/crypto/evp/e_cbc_bf.c
@@ -0,0 +1,106 @@
+/* crypto/evp/e_cbc_bf.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef NO_BF
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+
+static void bf_cbc_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	unsigned char *iv,int enc);
+static void bf_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	unsigned char *in, unsigned int inl);
+static EVP_CIPHER bfish_cbc_cipher=
+	{
+	NID_bf_cbc,
+	8,EVP_BLOWFISH_KEY_SIZE,8,
+	bf_cbc_init_key,
+	bf_cbc_cipher,
+	NULL,
+	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+		sizeof((((EVP_CIPHER_CTX *)NULL)->c.bf_ks)),
+	EVP_CIPHER_set_asn1_iv,
+	EVP_CIPHER_get_asn1_iv,
+	};
+
+EVP_CIPHER *EVP_bf_cbc(void)
+	{
+	return(&bfish_cbc_cipher);
+	}
+	
+static void bf_cbc_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	     unsigned char *iv, int enc)
+	{
+	if (iv != NULL)
+		memcpy(&(ctx->oiv[0]),iv,8);
+	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
+	if (key != NULL)
+		BF_set_key(&(ctx->c.bf_ks),EVP_BLOWFISH_KEY_SIZE,key);
+	}
+
+static void bf_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	     unsigned char *in, unsigned int inl)
+	{
+	BF_cbc_encrypt(
+		in,out,(long)inl,
+		&(ctx->c.bf_ks),&(ctx->iv[0]),
+		ctx->encrypt);
+	}
+
+#endif
diff --git a/crypto/openssl/crypto/evp/e_cbc_c.c b/crypto/openssl/crypto/evp/e_cbc_c.c
new file mode 100644
index 000000000000..6845b0b44c91
--- /dev/null
+++ b/crypto/openssl/crypto/evp/e_cbc_c.c
@@ -0,0 +1,107 @@
+/* crypto/evp/e_cbc_c.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef NO_CAST
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+
+static void cast_cbc_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	unsigned char *iv,int enc);
+static void cast_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	unsigned char *in, unsigned int inl);
+static EVP_CIPHER cast5_cbc_cipher=
+	{
+	NID_cast5_cbc,
+	8,EVP_CAST5_KEY_SIZE,8,
+	cast_cbc_init_key,
+	cast_cbc_cipher,
+	NULL,
+	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+		sizeof((((EVP_CIPHER_CTX *)NULL)->c.cast_ks)),
+	EVP_CIPHER_set_asn1_iv,
+	EVP_CIPHER_get_asn1_iv,
+	};
+
+EVP_CIPHER *EVP_cast5_cbc(void)
+	{
+	return(&cast5_cbc_cipher);
+	}
+	
+static void cast_cbc_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	     unsigned char *iv, int enc)
+	{
+	if (iv != NULL)
+		memcpy(&(ctx->oiv[0]),iv,8);
+	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
+	if (key != NULL)
+		CAST_set_key(&(ctx->c.cast_ks),EVP_CAST5_KEY_SIZE,key);
+	}
+
+static void cast_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	     unsigned char *in, unsigned int inl)
+	{
+	CAST_cbc_encrypt(
+		in,out,(long)inl,
+		&(ctx->c.cast_ks),&(ctx->iv[0]),
+		ctx->encrypt);
+	}
+
+#endif
diff --git a/crypto/openssl/crypto/evp/e_cbc_d.c b/crypto/openssl/crypto/evp/e_cbc_d.c
new file mode 100644
index 000000000000..9203f3f52d9d
--- /dev/null
+++ b/crypto/openssl/crypto/evp/e_cbc_d.c
@@ -0,0 +1,106 @@
+/* crypto/evp/e_cbc_d.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef NO_DES
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+
+static void des_cbc_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	unsigned char *iv,int enc);
+static void des_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	unsigned char *in, unsigned int inl);
+static EVP_CIPHER d_cbc_cipher=
+	{
+	NID_des_cbc,
+	8,8,8,
+	des_cbc_init_key,
+	des_cbc_cipher,
+	NULL,
+	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+		sizeof((((EVP_CIPHER_CTX *)NULL)->c.des_ks)),
+	EVP_CIPHER_set_asn1_iv,
+	EVP_CIPHER_get_asn1_iv,
+	};
+
+EVP_CIPHER *EVP_des_cbc(void)
+	{
+	return(&d_cbc_cipher);
+	}
+	
+static void des_cbc_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	     unsigned char *iv, int enc)
+	{
+	des_cblock *deskey = (des_cblock *)key;
+
+	if (iv != NULL)
+		memcpy(&(ctx->oiv[0]),iv,8);
+	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
+	if (deskey != NULL)
+		des_set_key(deskey,ctx->c.des_ks);
+	}
+
+static void des_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	     unsigned char *in, unsigned int inl)
+	{
+	des_ncbc_encrypt(in,out,inl,ctx->c.des_ks,
+		(des_cblock *)&(ctx->iv[0]),
+		ctx->encrypt);
+	}
+#endif
diff --git a/crypto/openssl/crypto/evp/e_cbc_i.c b/crypto/openssl/crypto/evp/e_cbc_i.c
new file mode 100644
index 000000000000..34b44aa21f1b
--- /dev/null
+++ b/crypto/openssl/crypto/evp/e_cbc_i.c
@@ -0,0 +1,119 @@
+/* crypto/evp/e_cbc_i.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef NO_IDEA
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+
+static void idea_cbc_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	unsigned char *iv,int enc);
+static void idea_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	unsigned char *in, unsigned int inl);
+static EVP_CIPHER i_cbc_cipher=
+	{
+	NID_idea_cbc,
+	8,16,8,
+	idea_cbc_init_key,
+	idea_cbc_cipher,
+	NULL,
+	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+		sizeof((((EVP_CIPHER_CTX *)NULL)->c.idea_ks)),
+	EVP_CIPHER_set_asn1_iv,
+	EVP_CIPHER_get_asn1_iv,
+	};
+
+EVP_CIPHER *EVP_idea_cbc(void)
+	{
+	return(&i_cbc_cipher);
+	}
+	
+static void idea_cbc_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	     unsigned char *iv, int enc)
+	{
+	if (iv != NULL)
+		memcpy(&(ctx->oiv[0]),iv,8);
+	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
+	if (key != NULL)
+		{
+		if (enc)
+			idea_set_encrypt_key(key,&(ctx->c.idea_ks));
+		else
+			{
+			IDEA_KEY_SCHEDULE tmp;
+
+			idea_set_encrypt_key(key,&tmp);
+			idea_set_decrypt_key(&tmp,&(ctx->c.idea_ks));
+			memset((unsigned char *)&tmp,0,
+				sizeof(IDEA_KEY_SCHEDULE));
+			}
+		}
+	}
+
+static void idea_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	     unsigned char *in, unsigned int inl)
+	{
+	idea_cbc_encrypt(
+		in,out,(long)inl,
+		&(ctx->c.idea_ks),&(ctx->iv[0]),
+		ctx->encrypt);
+	}
+
+#endif
diff --git a/crypto/openssl/crypto/evp/e_cbc_r2.c b/crypto/openssl/crypto/evp/e_cbc_r2.c
new file mode 100644
index 000000000000..9dfada4ea642
--- /dev/null
+++ b/crypto/openssl/crypto/evp/e_cbc_r2.c
@@ -0,0 +1,216 @@
+/* crypto/evp/e_cbc_r2.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef NO_RC2
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+
+static void rc2_cbc_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	unsigned char *iv,int enc);
+static void rc2_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	unsigned char *in, unsigned int inl);
+static int rc2_meth_to_magic(const EVP_CIPHER *e);
+static EVP_CIPHER *rc2_magic_to_meth(int i);
+static int rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
+static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
+
+#define RC2_40_MAGIC	0xa0
+#define RC2_64_MAGIC	0x78
+#define RC2_128_MAGIC	0x3a
+
+static EVP_CIPHER r2_cbc_cipher=
+	{
+	NID_rc2_cbc,
+	8,EVP_RC2_KEY_SIZE,8,
+	rc2_cbc_init_key,
+	rc2_cbc_cipher,
+	NULL,
+	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+		sizeof((((EVP_CIPHER_CTX *)NULL)->c.rc2_ks)),
+	rc2_set_asn1_type_and_iv,
+	rc2_get_asn1_type_and_iv,
+	};
+
+static EVP_CIPHER r2_64_cbc_cipher=
+	{
+	NID_rc2_64_cbc,
+	8,8 /* 64 bit */,8,
+	rc2_cbc_init_key,
+	rc2_cbc_cipher,
+	NULL,
+	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+		sizeof((((EVP_CIPHER_CTX *)NULL)->c.rc2_ks)),
+	rc2_set_asn1_type_and_iv,
+	rc2_get_asn1_type_and_iv,
+	};
+
+static EVP_CIPHER r2_40_cbc_cipher=
+	{
+	NID_rc2_40_cbc,
+	8,5 /* 40 bit */,8,
+	rc2_cbc_init_key,
+	rc2_cbc_cipher,
+	NULL,
+	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+		sizeof((((EVP_CIPHER_CTX *)NULL)->c.rc2_ks)),
+	rc2_set_asn1_type_and_iv,
+	rc2_get_asn1_type_and_iv,
+	};
+
+EVP_CIPHER *EVP_rc2_cbc(void)
+	{
+	return(&r2_cbc_cipher);
+	}
+
+EVP_CIPHER *EVP_rc2_64_cbc(void)
+	{
+	return(&r2_64_cbc_cipher);
+	}
+
+EVP_CIPHER *EVP_rc2_40_cbc(void)
+	{
+	return(&r2_40_cbc_cipher);
+	}
+	
+static void rc2_cbc_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	     unsigned char *iv, int enc)
+	{
+	if (iv != NULL)
+		memcpy(&(ctx->oiv[0]),iv,8);
+	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
+	if (key != NULL)
+		RC2_set_key(&(ctx->c.rc2_ks),EVP_CIPHER_CTX_key_length(ctx),
+			key,EVP_CIPHER_CTX_key_length(ctx)*8);
+	}
+
+static void rc2_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	     unsigned char *in, unsigned int inl)
+	{
+	RC2_cbc_encrypt(
+		in,out,(long)inl,
+		&(ctx->c.rc2_ks),&(ctx->iv[0]),
+		ctx->encrypt);
+	}
+
+static int rc2_meth_to_magic(const EVP_CIPHER *e)
+	{
+	int i;
+
+	i=EVP_CIPHER_key_length(e);
+	if 	(i == 16) return(RC2_128_MAGIC);
+	else if (i == 8)  return(RC2_64_MAGIC);
+	else if (i == 5)  return(RC2_40_MAGIC);
+	else return(0);
+	}
+
+static EVP_CIPHER *rc2_magic_to_meth(int i)
+	{
+	if      (i == RC2_128_MAGIC) return(EVP_rc2_cbc());
+	else if (i == RC2_64_MAGIC)  return(EVP_rc2_64_cbc());
+	else if (i == RC2_40_MAGIC)  return(EVP_rc2_40_cbc());
+	else
+		{
+		EVPerr(EVP_F_RC2_MAGIC_TO_METH,EVP_R_UNSUPPORTED_KEY_SIZE);
+		return(NULL);
+		}
+	}
+
+static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
+	{
+	long num=0;
+	int i=0,l;
+	EVP_CIPHER *e;
+
+	if (type != NULL)
+		{
+		l=EVP_CIPHER_CTX_iv_length(c);
+		i=ASN1_TYPE_get_int_octetstring(type,&num,c->oiv,l);
+		if (i != l)
+			return(-1);
+		else if (i > 0)
+			memcpy(c->iv,c->oiv,l);
+		e=rc2_magic_to_meth((int)num);
+		if (e == NULL)
+			return(-1);
+		if (e != EVP_CIPHER_CTX_cipher(c))
+			{
+			EVP_CIPHER_CTX_cipher(c)=e;
+			rc2_cbc_init_key(c,NULL,NULL,1);
+			}
+		}
+	return(i);
+	}
+
+static int rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
+	{
+	long num;
+	int i=0,j;
+
+	if (type != NULL)
+		{
+		num=rc2_meth_to_magic(EVP_CIPHER_CTX_cipher(c));
+		j=EVP_CIPHER_CTX_iv_length(c);
+		i=ASN1_TYPE_set_int_octetstring(type,num,c->oiv,j);
+		}
+	return(i);
+	}
+
+#endif
diff --git a/crypto/openssl/crypto/evp/e_cbc_r5.c b/crypto/openssl/crypto/evp/e_cbc_r5.c
new file mode 100644
index 000000000000..cea3fe333ad3
--- /dev/null
+++ b/crypto/openssl/crypto/evp/e_cbc_r5.c
@@ -0,0 +1,108 @@
+/* crypto/evp/e_cbc_r5.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef NO_RC5
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+
+static void r_32_12_16_cbc_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	unsigned char *iv,int enc);
+static void r_32_12_16_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	unsigned char *in, unsigned int inl);
+static EVP_CIPHER rc5_32_12_16_cbc_cipher=
+	{
+	NID_rc5_cbc,
+	8,EVP_RC5_32_12_16_KEY_SIZE,8,
+	r_32_12_16_cbc_init_key,
+	r_32_12_16_cbc_cipher,
+	NULL,
+	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+		sizeof((((EVP_CIPHER_CTX *)NULL)->c.rc5_ks)),
+	NULL,
+	NULL,
+	};
+
+EVP_CIPHER *EVP_rc5_32_12_16_cbc(void)
+	{
+	return(&rc5_32_12_16_cbc_cipher);
+	}
+	
+static void r_32_12_16_cbc_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	     unsigned char *iv, int enc)
+	{
+	if (iv != NULL)
+		memcpy(&(ctx->oiv[0]),iv,8);
+	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
+	if (key != NULL)
+		RC5_32_set_key(&(ctx->c.rc5_ks),EVP_RC5_32_12_16_KEY_SIZE,
+			key,RC5_12_ROUNDS);
+	}
+
+static void r_32_12_16_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	     unsigned char *in, unsigned int inl)
+	{
+	RC5_32_cbc_encrypt(
+		in,out,(long)inl,
+		&(ctx->c.rc5_ks),&(ctx->iv[0]),
+		ctx->encrypt);
+	}
+
+#endif
diff --git a/crypto/openssl/crypto/evp/e_cfb_3d.c b/crypto/openssl/crypto/evp/e_cfb_3d.c
new file mode 100644
index 000000000000..bd32b072e2bc
--- /dev/null
+++ b/crypto/openssl/crypto/evp/e_cfb_3d.c
@@ -0,0 +1,155 @@
+/* crypto/evp/e_cfb_3d.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef NO_DES
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+
+static void des_ede_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	unsigned char *iv,int enc);
+static void des_ede3_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	unsigned char *iv,int enc);
+static void des_ede_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	unsigned char *in, unsigned int inl);
+static EVP_CIPHER d_ede_cfb_cipher2=
+	{
+	NID_des_ede_cfb64,
+	1,16,8,
+	des_ede_cfb_init_key,
+	des_ede_cfb_cipher,
+	NULL,
+	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+		sizeof((((EVP_CIPHER_CTX *)NULL)->c.des_ede)),
+	EVP_CIPHER_set_asn1_iv,
+	EVP_CIPHER_get_asn1_iv,
+	};
+
+static EVP_CIPHER d_ede3_cfb_cipher3=
+	{
+	NID_des_ede3_cfb64,
+	1,24,8,
+	des_ede3_cfb_init_key,
+	des_ede_cfb_cipher,
+	NULL,
+	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+		sizeof((((EVP_CIPHER_CTX *)NULL)->c.des_ede)),
+	EVP_CIPHER_set_asn1_iv,
+	EVP_CIPHER_get_asn1_iv,
+	};
+
+EVP_CIPHER *EVP_des_ede_cfb(void)
+	{
+	return(&d_ede_cfb_cipher2);
+	}
+
+EVP_CIPHER *EVP_des_ede3_cfb(void)
+	{
+	return(&d_ede3_cfb_cipher3);
+	}
+	
+static void des_ede_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	     unsigned char *iv, int enc)
+	{
+	des_cblock *deskey = (des_cblock *)key;
+
+	ctx->num=0;
+
+	if (iv != NULL)
+		memcpy(&(ctx->oiv[0]),iv,8);
+	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
+	if (deskey != NULL)
+		{
+		des_set_key(&deskey[0],ctx->c.des_ede.ks1);
+		des_set_key(&deskey[1],ctx->c.des_ede.ks2);
+		memcpy( (char *)ctx->c.des_ede.ks3,
+			(char *)ctx->c.des_ede.ks1,
+			sizeof(ctx->c.des_ede.ks1));
+		}
+	}
+
+static void des_ede3_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	     unsigned char *iv, int enc)
+	{
+	des_cblock *deskey = (des_cblock *)key;
+
+	ctx->num=0;
+
+	if (iv != NULL)
+		memcpy(&(ctx->oiv[0]),iv,8);
+	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
+	if (deskey != NULL)
+		{
+		des_set_key(&deskey[0],ctx->c.des_ede.ks1);
+		des_set_key(&deskey[1],ctx->c.des_ede.ks2);
+		des_set_key(&deskey[2],ctx->c.des_ede.ks3);
+		}
+	}
+
+static void des_ede_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	     unsigned char *in, unsigned int inl)
+	{
+	des_ede3_cfb64_encrypt(in,out,(long)inl,
+			       ctx->c.des_ede.ks1,
+			       ctx->c.des_ede.ks2,
+			       ctx->c.des_ede.ks3,
+			       (des_cblock*)&(ctx->iv[0]),
+			       &ctx->num,ctx->encrypt);
+	}
+#endif
diff --git a/crypto/openssl/crypto/evp/e_cfb_bf.c b/crypto/openssl/crypto/evp/e_cfb_bf.c
new file mode 100644
index 000000000000..63e1e624ea20
--- /dev/null
+++ b/crypto/openssl/crypto/evp/e_cfb_bf.c
@@ -0,0 +1,108 @@
+/* crypto/evp/e_cfb_bf.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef NO_BF
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+
+static void bf_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	unsigned char *iv,int enc);
+static void bf_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	unsigned char *in, unsigned int inl);
+static EVP_CIPHER bfish_cfb_cipher=
+	{
+	NID_bf_cfb64,
+	1,EVP_BLOWFISH_KEY_SIZE,8,
+	bf_cfb_init_key,
+	bf_cfb_cipher,
+	NULL,
+	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+		sizeof((((EVP_CIPHER_CTX *)NULL)->c.bf_ks)),
+	EVP_CIPHER_set_asn1_iv,
+	EVP_CIPHER_get_asn1_iv,
+	};
+
+EVP_CIPHER *EVP_bf_cfb(void)
+	{
+	return(&bfish_cfb_cipher);
+	}
+	
+static void bf_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	     unsigned char *iv, int enc)
+	{
+	ctx->num=0;
+
+	if (iv != NULL)
+		memcpy(&(ctx->oiv[0]),iv,8);
+	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
+	if (key != NULL)
+		BF_set_key(&(ctx->c.bf_ks),EVP_BLOWFISH_KEY_SIZE,key);
+	}
+
+static void bf_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	     unsigned char *in, unsigned int inl)
+	{
+	BF_cfb64_encrypt(
+		in,out,
+		(long)inl, &(ctx->c.bf_ks),
+		&(ctx->iv[0]),
+		&ctx->num,ctx->encrypt);
+	}
+#endif
diff --git a/crypto/openssl/crypto/evp/e_cfb_c.c b/crypto/openssl/crypto/evp/e_cfb_c.c
new file mode 100644
index 000000000000..f04bac034b31
--- /dev/null
+++ b/crypto/openssl/crypto/evp/e_cfb_c.c
@@ -0,0 +1,109 @@
+/* crypto/evp/e_cfb_c.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef NO_CAST
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+
+static void cast_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	unsigned char *iv,int enc);
+static void cast_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	unsigned char *in, unsigned int inl);
+static EVP_CIPHER cast5_cfb_cipher=
+	{
+	NID_cast5_cfb64,
+	1,EVP_CAST5_KEY_SIZE,8,
+	cast_cfb_init_key,
+	cast_cfb_cipher,
+	NULL,
+	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+		sizeof((((EVP_CIPHER_CTX *)NULL)->c.cast_ks)),
+	EVP_CIPHER_set_asn1_iv,
+	EVP_CIPHER_get_asn1_iv,
+	};
+
+EVP_CIPHER *EVP_cast5_cfb(void)
+	{
+	return(&cast5_cfb_cipher);
+	}
+	
+static void cast_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	     unsigned char *iv, int enc)
+	{
+	ctx->num=0;
+
+	if (iv != NULL)
+		memcpy(&(ctx->oiv[0]),iv,8);
+	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
+	if (key != NULL)
+		CAST_set_key(&(ctx->c.cast_ks),EVP_CAST5_KEY_SIZE,key);
+	}
+
+static void cast_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	     unsigned char *in, unsigned int inl)
+	{
+	CAST_cfb64_encrypt(
+		in,out,
+		(long)inl, &(ctx->c.cast_ks),
+		&(ctx->iv[0]),
+		&ctx->num,ctx->encrypt);
+	}
+#endif
diff --git a/crypto/openssl/crypto/evp/e_cfb_d.c b/crypto/openssl/crypto/evp/e_cfb_d.c
new file mode 100644
index 000000000000..6bdf20b6460f
--- /dev/null
+++ b/crypto/openssl/crypto/evp/e_cfb_d.c
@@ -0,0 +1,110 @@
+/* crypto/evp/e_cfb_d.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+
+#ifndef NO_DES
+static void des_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	unsigned char *iv,int enc);
+static void des_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	unsigned char *in, unsigned int inl);
+static EVP_CIPHER d_cfb_cipher=
+	{
+	NID_des_cfb64,
+	1,8,8,
+	des_cfb_init_key,
+	des_cfb_cipher,
+	NULL,
+	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+		sizeof((((EVP_CIPHER_CTX *)NULL)->c.des_ks)),
+	EVP_CIPHER_set_asn1_iv,
+	EVP_CIPHER_get_asn1_iv,
+	};
+
+EVP_CIPHER *EVP_des_cfb(void)
+	{
+	return(&d_cfb_cipher);
+	}
+	
+static void des_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	     unsigned char *iv, int enc)
+	{
+	des_cblock *deskey = (des_cblock *)key;
+
+	ctx->num=0;
+
+	if (iv != NULL)
+		memcpy(&(ctx->oiv[0]),iv,8);
+	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
+	if (deskey != NULL)
+		des_set_key(deskey,ctx->c.des_ks);
+	}
+
+static void des_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	     unsigned char *in, unsigned int inl)
+	{
+	des_cfb64_encrypt(
+		in,out,
+		(long)inl, ctx->c.des_ks,
+		(des_cblock *)&(ctx->iv[0]),
+		&ctx->num,ctx->encrypt);
+	}
+#endif
diff --git a/crypto/openssl/crypto/evp/e_cfb_i.c b/crypto/openssl/crypto/evp/e_cfb_i.c
new file mode 100644
index 000000000000..31c76c6dac08
--- /dev/null
+++ b/crypto/openssl/crypto/evp/e_cfb_i.c
@@ -0,0 +1,109 @@
+/* crypto/evp/e_cfb_i.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef NO_IDEA
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+
+static void idea_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	unsigned char *iv,int enc);
+static void idea_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	unsigned char *in, unsigned int inl);
+static EVP_CIPHER i_cfb_cipher=
+	{
+	NID_idea_cfb64,
+	1,IDEA_KEY_LENGTH,IDEA_BLOCK,
+	idea_cfb_init_key,
+	idea_cfb_cipher,
+	NULL,
+	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+		sizeof((((EVP_CIPHER_CTX *)NULL)->c.idea_ks)),
+	EVP_CIPHER_set_asn1_iv,
+	EVP_CIPHER_get_asn1_iv,
+	};
+
+EVP_CIPHER *EVP_idea_cfb(void)
+	{
+	return(&i_cfb_cipher);
+	}
+
+static void idea_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	     unsigned char *iv, int enc)
+	{
+	ctx->num=0;
+
+	if (iv != NULL)
+		memcpy(&(ctx->oiv[0]),iv,8);
+	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
+	if (key != NULL)
+		idea_set_encrypt_key(key,&(ctx->c.idea_ks));
+	}
+
+static void idea_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	     unsigned char *in, unsigned int inl)
+	{
+	idea_cfb64_encrypt(
+		in,out,(long)inl,
+		&(ctx->c.idea_ks),&(ctx->iv[0]),
+		&ctx->num,ctx->encrypt);
+	}
+
+#endif
diff --git a/crypto/openssl/crypto/evp/e_cfb_r2.c b/crypto/openssl/crypto/evp/e_cfb_r2.c
new file mode 100644
index 000000000000..32dd77eb7cc3
--- /dev/null
+++ b/crypto/openssl/crypto/evp/e_cfb_r2.c
@@ -0,0 +1,110 @@
+/* crypto/evp/e_cfb_r2.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef NO_RC2
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+
+static void rc2_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	unsigned char *iv,int enc);
+static void rc2_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	unsigned char *in, unsigned int inl);
+static EVP_CIPHER r2_cfb_cipher=
+	{
+	NID_rc2_cfb64,
+	1,EVP_RC2_KEY_SIZE,8,
+	rc2_cfb_init_key,
+	rc2_cfb_cipher,
+	NULL,
+	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+		sizeof((((EVP_CIPHER_CTX *)NULL)->c.rc2_ks)),
+	EVP_CIPHER_set_asn1_iv,
+	EVP_CIPHER_get_asn1_iv,
+	};
+
+EVP_CIPHER *EVP_rc2_cfb(void)
+	{
+	return(&r2_cfb_cipher);
+	}
+	
+static void rc2_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	     unsigned char *iv, int enc)
+	{
+	ctx->num=0;
+
+	if (iv != NULL)
+		memcpy(&(ctx->oiv[0]),iv,8);
+	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
+	if (key != NULL)
+		RC2_set_key(&(ctx->c.rc2_ks),EVP_CIPHER_CTX_key_length(ctx),
+			key,EVP_CIPHER_CTX_key_length(ctx)*8);
+	}
+
+static void rc2_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	     unsigned char *in, unsigned int inl)
+	{
+	RC2_cfb64_encrypt(
+		in,out,
+		(long)inl, &(ctx->c.rc2_ks),
+		&(ctx->iv[0]),
+		&ctx->num,ctx->encrypt);
+	}
+#endif
diff --git a/crypto/openssl/crypto/evp/e_cfb_r5.c b/crypto/openssl/crypto/evp/e_cfb_r5.c
new file mode 100644
index 000000000000..8e797289467a
--- /dev/null
+++ b/crypto/openssl/crypto/evp/e_cfb_r5.c
@@ -0,0 +1,110 @@
+/* crypto/evp/e_cfb_r5.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef NO_RC5
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+
+static void rc5_32_12_16_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	unsigned char *iv,int enc);
+static void rc5_32_12_16_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	unsigned char *in, unsigned int inl);
+static EVP_CIPHER rc5_cfb_cipher=
+	{
+	NID_rc5_cfb64,
+	1,EVP_RC5_32_12_16_KEY_SIZE,8,
+	rc5_32_12_16_cfb_init_key,
+	rc5_32_12_16_cfb_cipher,
+	NULL,
+	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+		sizeof((((EVP_CIPHER_CTX *)NULL)->c.rc5_ks)),
+	EVP_CIPHER_set_asn1_iv,
+	EVP_CIPHER_get_asn1_iv,
+	};
+
+EVP_CIPHER *EVP_rc5_32_12_16_cfb(void)
+	{
+	return(&rc5_cfb_cipher);
+	}
+	
+static void rc5_32_12_16_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	     unsigned char *iv, int enc)
+	{
+	ctx->num=0;
+
+	if (iv != NULL)
+		memcpy(&(ctx->oiv[0]),iv,8);
+	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
+	if (key != NULL)
+		RC5_32_set_key(&(ctx->c.rc5_ks),EVP_RC5_32_12_16_KEY_SIZE,key,
+			RC5_12_ROUNDS);
+	}
+
+static void rc5_32_12_16_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	     unsigned char *in, unsigned int inl)
+	{
+	RC5_32_cfb64_encrypt(
+		in,out,
+		(long)inl, &(ctx->c.rc5_ks),
+		&(ctx->iv[0]),
+		&ctx->num,ctx->encrypt);
+	}
+#endif
diff --git a/crypto/openssl/crypto/evp/e_dsa.c b/crypto/openssl/crypto/evp/e_dsa.c
new file mode 100644
index 000000000000..b96f2738b3ee
--- /dev/null
+++ b/crypto/openssl/crypto/evp/e_dsa.c
@@ -0,0 +1,71 @@
+/* crypto/evp/e_dsa.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+
+static EVP_PKEY_METHOD dss_method=
+	{
+	DSA_sign,
+	DSA_verify,
+	{EVP_PKEY_DSA,EVP_PKEY_DSA2,EVP_PKEY_DSA3,NULL},
+	};
+
diff --git a/crypto/openssl/crypto/evp/e_ecb_3d.c b/crypto/openssl/crypto/evp/e_ecb_3d.c
new file mode 100644
index 000000000000..354a8b79a797
--- /dev/null
+++ b/crypto/openssl/crypto/evp/e_ecb_3d.c
@@ -0,0 +1,158 @@
+/* crypto/evp/e_ecb_3d.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef NO_DES
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+
+static void des_ede_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	unsigned char *iv,int enc);
+static void des_ede3_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	unsigned char *iv,int enc);
+static void des_ede_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	unsigned char *in, unsigned int inl);
+static EVP_CIPHER d_ede_cipher2=
+	{
+	NID_des_ede,
+	8,16,0,
+	des_ede_init_key,
+	des_ede_cipher,
+	NULL,
+	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+		sizeof((((EVP_CIPHER_CTX *)NULL)->c.des_ede)),
+	NULL,
+	NULL,
+	};
+
+static EVP_CIPHER d_ede3_cipher3=
+	{
+	NID_des_ede3,
+	8,24,0,
+	des_ede3_init_key,
+	des_ede_cipher,
+	NULL,
+	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+		sizeof((((EVP_CIPHER_CTX *)NULL)->c.des_ede)),
+	NULL,
+	};
+
+EVP_CIPHER *EVP_des_ede(void)
+	{
+	return(&d_ede_cipher2);
+	}
+
+EVP_CIPHER *EVP_des_ede3(void)
+	{
+	return(&d_ede3_cipher3);
+	}
+
+static void des_ede_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	     unsigned char *iv, int enc)
+	{
+	des_cblock *deskey = (des_cblock *)key;
+
+	if (deskey != NULL)
+		{
+		des_set_key(&deskey[0],ctx->c.des_ede.ks1);
+		des_set_key(&deskey[1],ctx->c.des_ede.ks2);
+		memcpy( (char *)ctx->c.des_ede.ks3,
+			(char *)ctx->c.des_ede.ks1,
+			sizeof(ctx->c.des_ede.ks1));
+		}
+	}
+
+static void des_ede3_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	     unsigned char *iv, int enc)
+	{
+	des_cblock *deskey = (des_cblock *)key;
+
+	if (deskey != NULL)
+		{
+		des_set_key(&deskey[0],ctx->c.des_ede.ks1);
+		des_set_key(&deskey[1],ctx->c.des_ede.ks2);
+		des_set_key(&deskey[2],ctx->c.des_ede.ks3);
+		}
+	}
+
+static void des_ede_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	     unsigned char *in, unsigned int inl)
+	{
+	unsigned int i;
+	des_cblock *output   /* = (des_cblock *)out */;
+	des_cblock *input    /* = (des_cblock *)in */;
+
+	if (inl < 8) return;
+	inl-=8;
+	for (i=0; i<=inl; i+=8)
+		{
+		output = (des_cblock *)(out + i);
+		input = (des_cblock *)(in + i);
+
+		des_ecb3_encrypt(input,output,
+			ctx->c.des_ede.ks1,
+			ctx->c.des_ede.ks2,
+			ctx->c.des_ede.ks3,
+			ctx->encrypt);
+
+		/* output++; */
+		/* input++; */
+		}
+	}
+#endif
diff --git a/crypto/openssl/crypto/evp/e_ecb_bf.c b/crypto/openssl/crypto/evp/e_ecb_bf.c
new file mode 100644
index 000000000000..334736d253bb
--- /dev/null
+++ b/crypto/openssl/crypto/evp/e_ecb_bf.c
@@ -0,0 +1,109 @@
+/* crypto/evp/e_ecb_bf.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef NO_BF
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+
+static void bf_ecb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	unsigned char *iv,int enc);
+static void bf_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	unsigned char *in, unsigned int inl);
+static EVP_CIPHER bfish_ecb_cipher=
+	{
+	NID_bf_ecb,
+	8,EVP_BLOWFISH_KEY_SIZE,0,
+	bf_ecb_init_key,
+	bf_ecb_cipher,
+	NULL,
+	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+		sizeof((((EVP_CIPHER_CTX *)NULL)->c.bf_ks)),
+	NULL,
+	NULL,
+	};
+
+EVP_CIPHER *EVP_bf_ecb(void)
+	{
+	return(&bfish_ecb_cipher);
+	}
+	
+static void bf_ecb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	     unsigned char *iv, int enc)
+	{
+	if (key != NULL)
+		BF_set_key(&(ctx->c.bf_ks),EVP_BLOWFISH_KEY_SIZE,key);
+	}
+
+static void bf_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	     unsigned char *in, unsigned int inl)
+	{
+	unsigned int i;
+
+	if (inl < 8) return;
+	inl-=8;
+	for (i=0; i<=inl; i+=8)
+		{
+		BF_ecb_encrypt(
+			&(in[i]),&(out[i]),
+			&(ctx->c.bf_ks),ctx->encrypt);
+		}
+	}
+
+#endif
diff --git a/crypto/openssl/crypto/evp/e_ecb_c.c b/crypto/openssl/crypto/evp/e_ecb_c.c
new file mode 100644
index 000000000000..ad14e203cbc5
--- /dev/null
+++ b/crypto/openssl/crypto/evp/e_ecb_c.c
@@ -0,0 +1,110 @@
+/* crypto/evp/e_ecb_c.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef NO_CAST
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+
+static void cast_ecb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	unsigned char *iv,int enc);
+static void cast_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	unsigned char *in, unsigned int inl);
+static EVP_CIPHER cast5_ecb_cipher=
+	{
+	NID_cast5_ecb,
+	8,EVP_CAST5_KEY_SIZE,0,
+	cast_ecb_init_key,
+	cast_ecb_cipher,
+	NULL,
+	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+		sizeof((((EVP_CIPHER_CTX *)NULL)->c.cast_ks)),
+	NULL,
+	NULL,
+	};
+
+EVP_CIPHER *EVP_cast5_ecb(void)
+	{
+	return(&cast5_ecb_cipher);
+	}
+	
+static void cast_ecb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	     unsigned char *iv, int enc)
+	{
+	if (key != NULL)
+		CAST_set_key(&(ctx->c.cast_ks),EVP_CAST5_KEY_SIZE,key);
+	}
+
+static void cast_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	     unsigned char *in, unsigned int inl)
+	{
+	unsigned int i;
+
+	if (inl < 8) return;
+	inl-=8;
+	for (i=0; i<=inl; i+=8)
+		{
+		CAST_ecb_encrypt(
+			&(in[i]),&(out[i]),
+			&(ctx->c.cast_ks),ctx->encrypt);
+		}
+	}
+
+#endif
diff --git a/crypto/openssl/crypto/evp/e_ecb_d.c b/crypto/openssl/crypto/evp/e_ecb_d.c
new file mode 100644
index 000000000000..5fb4e64b1cad
--- /dev/null
+++ b/crypto/openssl/crypto/evp/e_ecb_d.c
@@ -0,0 +1,118 @@
+/* crypto/evp/e_ecb_d.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef NO_DES
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+
+static void des_ecb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	unsigned char *iv,int enc);
+static void des_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	unsigned char *in, unsigned int inl);
+static EVP_CIPHER d_ecb_cipher=
+	{
+	NID_des_ecb,
+	8,8,0,
+	des_ecb_init_key,
+	des_ecb_cipher,
+	NULL,
+	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+		sizeof((((EVP_CIPHER_CTX *)NULL)->c.des_ks)),
+	NULL,
+	NULL,
+	};
+
+EVP_CIPHER *EVP_des_ecb(void)
+	{
+	return(&d_ecb_cipher);
+	}
+	
+static void des_ecb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	     unsigned char *iv, int enc)
+	{
+	des_cblock *deskey = (des_cblock *)key;
+
+	if (deskey != NULL)
+		des_set_key(deskey,ctx->c.des_ks);
+	}
+
+static void des_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	     unsigned char *in, unsigned int inl)
+	{
+	unsigned int i;
+	des_cblock *output  /* = (des_cblock *)out */;
+	des_cblock *input   /* = (des_cblock *)in */; 
+
+	if (inl < 8) return;
+	inl-=8;
+	for (i=0; i<=inl; i+=8)
+		{
+		/* Either this ... */
+		output = (des_cblock *)(out + i);
+		input = (des_cblock *)(in + i);
+
+		des_ecb_encrypt(input,output,ctx->c.des_ks,ctx->encrypt);
+
+		/* ... or this. */
+		/* output++; */
+		/* input++; */
+		}
+	}
+#endif
diff --git a/crypto/openssl/crypto/evp/e_ecb_i.c b/crypto/openssl/crypto/evp/e_ecb_i.c
new file mode 100644
index 000000000000..50a3da1bbaae
--- /dev/null
+++ b/crypto/openssl/crypto/evp/e_ecb_i.c
@@ -0,0 +1,121 @@
+/* crypto/evp/e_ecb_i.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef NO_IDEA
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+
+static void idea_ecb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	unsigned char *iv,int enc);
+static void idea_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	unsigned char *in, unsigned int inl);
+static EVP_CIPHER i_ecb_cipher=
+	{
+	NID_idea_ecb,
+	8,16,0,
+	idea_ecb_init_key,
+	idea_ecb_cipher,
+	NULL,
+	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+		sizeof((((EVP_CIPHER_CTX *)NULL)->c.idea_ks)),
+	NULL,
+	NULL,
+	};
+
+EVP_CIPHER *EVP_idea_ecb(void)
+	{
+	return(&i_ecb_cipher);
+	}
+	
+static void idea_ecb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	     unsigned char *iv, int enc)
+	{
+	if (key != NULL)
+		{
+		if (enc)
+			idea_set_encrypt_key(key,&(ctx->c.idea_ks));
+		else
+			{
+			IDEA_KEY_SCHEDULE tmp;
+
+			idea_set_encrypt_key(key,&tmp);
+			idea_set_decrypt_key(&tmp, &(ctx->c.idea_ks));
+			memset((unsigned char *)&tmp,0,
+				sizeof(IDEA_KEY_SCHEDULE));
+			}
+		}
+	}
+
+static void idea_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	     unsigned char *in, unsigned int inl)
+	{
+	unsigned int i;
+
+	if (inl < 8) return;
+	inl-=8;
+	for (i=0; i<=inl; i+=8)
+		{
+		idea_ecb_encrypt(
+			&(in[i]),&(out[i]),&(ctx->c.idea_ks));
+		}
+	}
+
+#endif
diff --git a/crypto/openssl/crypto/evp/e_ecb_r2.c b/crypto/openssl/crypto/evp/e_ecb_r2.c
new file mode 100644
index 000000000000..3c2330130d39
--- /dev/null
+++ b/crypto/openssl/crypto/evp/e_ecb_r2.c
@@ -0,0 +1,111 @@
+/* crypto/evp/e_ecb_r2.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef NO_RC2
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+
+static void rc2_ecb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	unsigned char *iv,int enc);
+static void rc2_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	unsigned char *in, unsigned int inl);
+static EVP_CIPHER r2_ecb_cipher=
+	{
+	NID_rc2_ecb,
+	8,EVP_RC2_KEY_SIZE,0,
+	rc2_ecb_init_key,
+	rc2_ecb_cipher,
+	NULL,
+	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+		sizeof((((EVP_CIPHER_CTX *)NULL)->c.rc2_ks)),
+	NULL,
+	NULL,
+	};
+
+EVP_CIPHER *EVP_rc2_ecb(void)
+	{
+	return(&r2_ecb_cipher);
+	}
+	
+static void rc2_ecb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	     unsigned char *iv, int enc)
+	{
+	if (key != NULL)
+		RC2_set_key(&(ctx->c.rc2_ks),EVP_CIPHER_CTX_key_length(ctx),
+			key,EVP_CIPHER_CTX_key_length(ctx)*8);
+	}
+
+static void rc2_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	     unsigned char *in, unsigned int inl)
+	{
+	unsigned int i;
+
+	if (inl < 8) return;
+	inl-=8;
+	for (i=0; i<=inl; i+=8)
+		{
+		RC2_ecb_encrypt(
+			&(in[i]),&(out[i]),
+			&(ctx->c.rc2_ks),ctx->encrypt);
+		}
+	}
+
+#endif
diff --git a/crypto/openssl/crypto/evp/e_ecb_r5.c b/crypto/openssl/crypto/evp/e_ecb_r5.c
new file mode 100644
index 000000000000..ef43ce34bf9a
--- /dev/null
+++ b/crypto/openssl/crypto/evp/e_ecb_r5.c
@@ -0,0 +1,111 @@
+/* crypto/evp/e_ecb_r5.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef NO_RC5
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+
+static void rc5_32_12_16_ecb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	unsigned char *iv,int enc);
+static void rc5_32_12_16_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	unsigned char *in, unsigned int inl);
+static EVP_CIPHER rc5_ecb_cipher=
+	{
+	NID_rc5_ecb,
+	8,EVP_RC5_32_12_16_KEY_SIZE,0,
+	rc5_32_12_16_ecb_init_key,
+	rc5_32_12_16_ecb_cipher,
+	NULL,
+	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+		sizeof((((EVP_CIPHER_CTX *)NULL)->c.rc5_ks)),
+	NULL,
+	NULL,
+	};
+
+EVP_CIPHER *EVP_rc5_32_12_16_ecb(void)
+	{
+	return(&rc5_ecb_cipher);
+	}
+	
+static void rc5_32_12_16_ecb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	     unsigned char *iv, int enc)
+	{
+	if (key != NULL)
+		RC5_32_set_key(&(ctx->c.rc5_ks),EVP_RC5_32_12_16_KEY_SIZE,key,
+			RC5_12_ROUNDS);
+	}
+
+static void rc5_32_12_16_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	     unsigned char *in, unsigned int inl)
+	{
+	unsigned int i;
+
+	if (inl < 8) return;
+	inl-=8;
+	for (i=0; i<=inl; i+=8)
+		{
+		RC5_32_ecb_encrypt(
+			&(in[i]),&(out[i]),
+			&(ctx->c.rc5_ks),ctx->encrypt);
+		}
+	}
+
+#endif
diff --git a/crypto/openssl/crypto/evp/e_null.c b/crypto/openssl/crypto/evp/e_null.c
new file mode 100644
index 000000000000..0a62c10aa932
--- /dev/null
+++ b/crypto/openssl/crypto/evp/e_null.c
@@ -0,0 +1,97 @@
+/* crypto/evp/e_null.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+
+static void null_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	unsigned char *iv,int enc);
+static void null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	unsigned char *in, unsigned int inl);
+static EVP_CIPHER n_cipher=
+	{
+	NID_undef,
+	1,0,0,
+	null_init_key,
+	null_cipher,
+	NULL,
+	0,
+	NULL,
+	NULL,
+	};
+
+EVP_CIPHER *EVP_enc_null(void)
+	{
+	return(&n_cipher);
+	}
+
+static void null_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	     unsigned char *iv, int enc)
+	{
+	memset(&(ctx->c),0,sizeof(ctx->c));
+	}
+
+static void null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	     unsigned char *in, unsigned int inl)
+	{
+	if (in != out)
+		memcpy((char *)out,(char *)in,(int)inl);
+	}
+
diff --git a/crypto/openssl/crypto/evp/e_ofb_3d.c b/crypto/openssl/crypto/evp/e_ofb_3d.c
new file mode 100644
index 000000000000..5233567c0cc0
--- /dev/null
+++ b/crypto/openssl/crypto/evp/e_ofb_3d.c
@@ -0,0 +1,152 @@
+/* crypto/evp/e_ofb_3d.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef NO_DES
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+
+static void des_ede_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	unsigned char *iv,int enc);
+static void des_ede3_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	unsigned char *iv,int enc);
+static void des_ede_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	unsigned char *in, unsigned int inl);
+static EVP_CIPHER d_ede_ofb_cipher2=
+	{
+	NID_des_ede_ofb64,
+	1,16,8,
+	des_ede_ofb_init_key,
+	des_ede_ofb_cipher,
+	NULL,
+	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+		sizeof((((EVP_CIPHER_CTX *)NULL)->c.des_ede)),
+	EVP_CIPHER_set_asn1_iv,
+	EVP_CIPHER_get_asn1_iv,
+	};
+
+static EVP_CIPHER d_ede3_ofb_cipher3=
+	{
+	NID_des_ede3_ofb64,
+	1,24,8,
+	des_ede3_ofb_init_key,
+	des_ede_ofb_cipher,
+	NULL,
+	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+		sizeof((((EVP_CIPHER_CTX *)NULL)->c.des_ede)),
+	EVP_CIPHER_set_asn1_iv,
+        EVP_CIPHER_get_asn1_iv,
+	};
+
+EVP_CIPHER *EVP_des_ede_ofb(void)
+	{
+	return(&d_ede_ofb_cipher2);
+	}
+
+EVP_CIPHER *EVP_des_ede3_ofb(void)
+	{
+	return(&d_ede3_ofb_cipher3);
+	}
+	
+static void des_ede_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	     unsigned char *iv, int enc)
+	{
+	des_cblock *deskey = (des_cblock *)key;
+
+	ctx->num=0;
+
+	if (iv != NULL)
+		memcpy(&(ctx->oiv[0]),iv,8);
+	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
+	if (deskey != NULL)
+		{
+		des_set_key(&deskey[0],ctx->c.des_ede.ks1);
+		des_set_key(&deskey[1],ctx->c.des_ede.ks2);
+		memcpy( (char *)ctx->c.des_ede.ks3,
+			(char *)ctx->c.des_ede.ks1,
+			sizeof(ctx->c.des_ede.ks1));
+		}
+	}
+
+static void des_ede3_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	     unsigned char *iv, int enc)
+	{
+	des_cblock *deskey = (des_cblock *)key;
+
+	ctx->num=0;
+
+	if (iv != NULL)
+		memcpy(&(ctx->oiv[0]),iv,8);
+	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
+	if (deskey != NULL)
+		{
+		des_set_key(&deskey[0],ctx->c.des_ede.ks1);
+		des_set_key(&deskey[1],ctx->c.des_ede.ks2);
+		des_set_key(&deskey[2],ctx->c.des_ede.ks3);
+		}
+	}
+
+static void des_ede_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	     unsigned char *in, unsigned int inl)
+	{
+	des_ede3_ofb64_encrypt(in,out,inl,ctx->c.des_ede.ks1,
+			       ctx->c.des_ede.ks2, ctx->c.des_ede.ks3,
+			       (des_cblock *)&(ctx->iv[0]),&ctx->num);
+	}
+#endif
diff --git a/crypto/openssl/crypto/evp/e_ofb_bf.c b/crypto/openssl/crypto/evp/e_ofb_bf.c
new file mode 100644
index 000000000000..c82154b54908
--- /dev/null
+++ b/crypto/openssl/crypto/evp/e_ofb_bf.c
@@ -0,0 +1,109 @@
+/* crypto/evp/e_ofb_bf.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef NO_BF
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+
+static void bf_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	unsigned char *iv,int enc);
+static void bf_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	unsigned char *in, unsigned int inl);
+static EVP_CIPHER bfish_ofb_cipher=
+	{
+	NID_bf_ofb64,
+	1,EVP_BLOWFISH_KEY_SIZE,8,
+	bf_ofb_init_key,
+	bf_ofb_cipher,
+	NULL,
+	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+		sizeof((((EVP_CIPHER_CTX *)NULL)->c.bf_ks)),
+	EVP_CIPHER_set_asn1_iv,
+	EVP_CIPHER_get_asn1_iv,
+	};
+
+EVP_CIPHER *EVP_bf_ofb(void)
+	{
+	return(&bfish_ofb_cipher);
+	}
+	
+static void bf_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	     unsigned char *iv, int enc)
+	{
+	ctx->num=0;
+
+	if (iv != NULL)
+		memcpy(&(ctx->oiv[0]),iv,8);
+	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
+	if (key != NULL)
+		BF_set_key(&(ctx->c.bf_ks),EVP_BLOWFISH_KEY_SIZE,key);
+	}
+
+static void bf_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	     unsigned char *in, unsigned int inl)
+	{
+	BF_ofb64_encrypt(
+		in,out,
+		(long)inl, &(ctx->c.bf_ks),
+		&(ctx->iv[0]),
+		&ctx->num);
+	}
+
+#endif
diff --git a/crypto/openssl/crypto/evp/e_ofb_c.c b/crypto/openssl/crypto/evp/e_ofb_c.c
new file mode 100644
index 000000000000..971043de4c46
--- /dev/null
+++ b/crypto/openssl/crypto/evp/e_ofb_c.c
@@ -0,0 +1,110 @@
+/* crypto/evp/e_ofb_c.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef NO_CAST
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+
+static void cast_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	unsigned char *iv,int enc);
+static void cast_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	unsigned char *in, unsigned int inl);
+static EVP_CIPHER cast5_ofb_cipher=
+	{
+	NID_cast5_ofb64,
+	1,EVP_CAST5_KEY_SIZE,8,
+	cast_ofb_init_key,
+	cast_ofb_cipher,
+	NULL,
+	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+		sizeof((((EVP_CIPHER_CTX *)NULL)->c.cast_ks)),
+	EVP_CIPHER_set_asn1_iv,
+	EVP_CIPHER_get_asn1_iv,
+	};
+
+EVP_CIPHER *EVP_cast5_ofb(void)
+	{
+	return(&cast5_ofb_cipher);
+	}
+	
+static void cast_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	     unsigned char *iv, int enc)
+	{
+	ctx->num=0;
+
+	if (iv != NULL)
+		memcpy(&(ctx->oiv[0]),iv,8);
+	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
+	if (key != NULL)
+		CAST_set_key(&(ctx->c.cast_ks),EVP_CAST5_KEY_SIZE,key);
+	}
+
+static void cast_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	     unsigned char *in, unsigned int inl)
+	{
+	CAST_ofb64_encrypt(
+		in,out,
+		(long)inl, &(ctx->c.cast_ks),
+		&(ctx->iv[0]),
+		&ctx->num);
+	}
+
+#endif
diff --git a/crypto/openssl/crypto/evp/e_ofb_d.c b/crypto/openssl/crypto/evp/e_ofb_d.c
new file mode 100644
index 000000000000..398b3a002ea1
--- /dev/null
+++ b/crypto/openssl/crypto/evp/e_ofb_d.c
@@ -0,0 +1,107 @@
+/* crypto/evp/e_ofb_d.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef NO_DES
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+
+static void des_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	unsigned char *iv,int enc);
+static void des_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	unsigned char *in, unsigned int inl);
+static EVP_CIPHER d_ofb_cipher=
+	{
+	NID_des_ofb64,
+	1,8,8,
+	des_ofb_init_key,
+	des_ofb_cipher,
+	NULL,
+	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+		sizeof((((EVP_CIPHER_CTX *)NULL)->c.des_ks)),
+	EVP_CIPHER_set_asn1_iv,
+	EVP_CIPHER_get_asn1_iv,
+	};
+
+EVP_CIPHER *EVP_des_ofb(void)
+	{
+	return(&d_ofb_cipher);
+	}
+	
+static void des_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	     unsigned char *iv, int enc)
+	{
+	des_cblock *deskey = (des_cblock *)key;
+
+	ctx->num=0;
+
+	if (iv != NULL)
+		memcpy(&(ctx->oiv[0]),iv,8);
+	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
+	if (deskey != NULL)
+		des_set_key(deskey,ctx->c.des_ks);
+	}
+
+static void des_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	     unsigned char *in, unsigned int inl)
+	{
+	des_ofb64_encrypt(in,out,inl,ctx->c.des_ks,
+		(des_cblock *)&(ctx->iv[0]),&ctx->num);
+	}
+#endif
diff --git a/crypto/openssl/crypto/evp/e_ofb_i.c b/crypto/openssl/crypto/evp/e_ofb_i.c
new file mode 100644
index 000000000000..389206ef3611
--- /dev/null
+++ b/crypto/openssl/crypto/evp/e_ofb_i.c
@@ -0,0 +1,109 @@
+/* crypto/evp/e_ofb_i.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef NO_IDEA
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+
+static void idea_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	unsigned char *iv,int enc);
+static void idea_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	unsigned char *in, unsigned int inl);
+static EVP_CIPHER i_ofb_cipher=
+	{
+	NID_idea_ofb64,
+	1,IDEA_KEY_LENGTH,IDEA_BLOCK,
+	idea_ofb_init_key,
+	idea_ofb_cipher,
+	NULL,
+	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+		sizeof((((EVP_CIPHER_CTX *)NULL)->c.idea_ks)),
+	EVP_CIPHER_set_asn1_iv,
+	EVP_CIPHER_get_asn1_iv,
+	};
+
+EVP_CIPHER *EVP_idea_ofb(void)
+	{
+	return(&i_ofb_cipher);
+	}
+	
+static void idea_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	     unsigned char *iv, int enc)
+	{
+	ctx->num=0;
+
+	if (iv != NULL)
+		memcpy(&(ctx->oiv[0]),iv,8);
+	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
+	if (key != NULL)
+		idea_set_encrypt_key(key,&(ctx->c.idea_ks));
+	}
+
+static void idea_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	     unsigned char *in, unsigned int inl)
+	{
+	idea_ofb64_encrypt(
+		in,out,(long)inl,
+		&(ctx->c.idea_ks),&(ctx->iv[0]),
+		&ctx->num);
+	}
+
+#endif
diff --git a/crypto/openssl/crypto/evp/e_ofb_r2.c b/crypto/openssl/crypto/evp/e_ofb_r2.c
new file mode 100644
index 000000000000..60ae3d4507a4
--- /dev/null
+++ b/crypto/openssl/crypto/evp/e_ofb_r2.c
@@ -0,0 +1,111 @@
+/* crypto/evp/e_ofb_r2.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef NO_RC2
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+
+static void rc2_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	unsigned char *iv,int enc);
+static void rc2_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	unsigned char *in, unsigned int inl);
+static EVP_CIPHER r2_ofb_cipher=
+	{
+	NID_rc2_ofb64,
+	1,EVP_RC2_KEY_SIZE,8,
+	rc2_ofb_init_key,
+	rc2_ofb_cipher,
+	NULL,
+	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+		sizeof((((EVP_CIPHER_CTX *)NULL)->c.rc2_ks)),
+	EVP_CIPHER_set_asn1_iv,
+	EVP_CIPHER_get_asn1_iv,
+	};
+
+EVP_CIPHER *EVP_rc2_ofb(void)
+	{
+	return(&r2_ofb_cipher);
+	}
+	
+static void rc2_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	     unsigned char *iv, int enc)
+	{
+	ctx->num=0;
+
+	if (iv != NULL)
+		memcpy(&(ctx->oiv[0]),iv,8);
+	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
+	if (key != NULL)
+		RC2_set_key(&(ctx->c.rc2_ks),EVP_CIPHER_CTX_key_length(ctx),
+			key,EVP_CIPHER_CTX_key_length(ctx)*8);
+	}
+
+static void rc2_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	     unsigned char *in, unsigned int inl)
+	{
+	RC2_ofb64_encrypt(
+		in,out,
+		(long)inl, &(ctx->c.rc2_ks),
+		&(ctx->iv[0]),
+		&ctx->num);
+	}
+
+#endif
diff --git a/crypto/openssl/crypto/evp/e_ofb_r5.c b/crypto/openssl/crypto/evp/e_ofb_r5.c
new file mode 100644
index 000000000000..30136824eb7d
--- /dev/null
+++ b/crypto/openssl/crypto/evp/e_ofb_r5.c
@@ -0,0 +1,111 @@
+/* crypto/evp/e_ofb_r5.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef NO_RC5
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+
+static void rc5_32_12_16_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	unsigned char *iv,int enc);
+static void rc5_32_12_16_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	unsigned char *in, unsigned int inl);
+static EVP_CIPHER rc5_ofb_cipher=
+	{
+	NID_rc5_ofb64,
+	1,EVP_RC5_32_12_16_KEY_SIZE,8,
+	rc5_32_12_16_ofb_init_key,
+	rc5_32_12_16_ofb_cipher,
+	NULL,
+	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+		sizeof((((EVP_CIPHER_CTX *)NULL)->c.rc5_ks)),
+	EVP_CIPHER_set_asn1_iv,
+	EVP_CIPHER_get_asn1_iv,
+	};
+
+EVP_CIPHER *EVP_rc5_32_12_16_ofb(void)
+	{
+	return(&rc5_ofb_cipher);
+	}
+	
+static void rc5_32_12_16_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	     unsigned char *iv, int enc)
+	{
+	ctx->num=0;
+
+	if (iv != NULL)
+		memcpy(&(ctx->oiv[0]),iv,8);
+	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
+	if (key != NULL)
+		RC5_32_set_key(&(ctx->c.rc5_ks),EVP_RC5_32_12_16_KEY_SIZE,key,
+			RC5_12_ROUNDS);
+	}
+
+static void rc5_32_12_16_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	     unsigned char *in, unsigned int inl)
+	{
+	RC5_32_ofb64_encrypt(
+		in,out,
+		(long)inl, &(ctx->c.rc5_ks),
+		&(ctx->iv[0]),
+		&ctx->num);
+	}
+
+#endif
diff --git a/crypto/openssl/crypto/evp/e_rc4.c b/crypto/openssl/crypto/evp/e_rc4.c
new file mode 100644
index 000000000000..c7e58a75ccba
--- /dev/null
+++ b/crypto/openssl/crypto/evp/e_rc4.c
@@ -0,0 +1,115 @@
+/* crypto/evp/e_rc4.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef NO_RC4
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+
+static void rc4_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	unsigned char *iv,int enc);
+static void rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	unsigned char *in, unsigned int inl);
+static EVP_CIPHER r4_cipher=
+	{
+	NID_rc4,
+	1,EVP_RC4_KEY_SIZE,0,
+	rc4_init_key,
+	rc4_cipher,
+	NULL,
+	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+		sizeof((((EVP_CIPHER_CTX *)NULL)->c.rc4)),
+	NULL,
+	NULL,
+	};
+
+static EVP_CIPHER r4_40_cipher=
+	{
+	NID_rc4_40,
+	1,5 /* 40 bit */,0,
+	rc4_init_key,
+	rc4_cipher,
+	};
+
+EVP_CIPHER *EVP_rc4(void)
+	{
+	return(&r4_cipher);
+	}
+
+EVP_CIPHER *EVP_rc4_40(void)
+	{
+	return(&r4_40_cipher);
+	}
+
+static void rc4_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	     unsigned char *iv, int enc)
+	{
+	if (key != NULL)
+		memcpy(&(ctx->c.rc4.key[0]),key,EVP_CIPHER_CTX_key_length(ctx));
+	RC4_set_key(&(ctx->c.rc4.ks),EVP_CIPHER_CTX_key_length(ctx),
+		ctx->c.rc4.key);
+	}
+
+static void rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	     unsigned char *in, unsigned int inl)
+	{
+	RC4(&(ctx->c.rc4.ks),inl,in,out);
+	}
+#endif
diff --git a/crypto/openssl/crypto/evp/e_xcbc_d.c b/crypto/openssl/crypto/evp/e_xcbc_d.c
new file mode 100644
index 000000000000..3a6628a75c9a
--- /dev/null
+++ b/crypto/openssl/crypto/evp/e_xcbc_d.c
@@ -0,0 +1,112 @@
+/* crypto/evp/e_xcbc_d.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef NO_DES
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+
+static void desx_cbc_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	unsigned char *iv,int enc);
+static void desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	unsigned char *in, unsigned int inl);
+static EVP_CIPHER d_xcbc_cipher=
+	{
+	NID_desx_cbc,
+	8,24,8,
+	desx_cbc_init_key,
+	desx_cbc_cipher,
+	NULL,
+	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+		sizeof((((EVP_CIPHER_CTX *)NULL)->c.desx_cbc)),
+	EVP_CIPHER_set_asn1_iv,
+	EVP_CIPHER_get_asn1_iv,
+	};
+
+EVP_CIPHER *EVP_desx_cbc(void)
+	{
+	return(&d_xcbc_cipher);
+	}
+	
+static void desx_cbc_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	     unsigned char *iv, int enc)
+	{
+	des_cblock *deskey = (des_cblock *)key;
+
+	if (iv != NULL)
+		memcpy(&(ctx->oiv[0]),iv,8);
+	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
+	if (deskey != NULL)
+		{
+		des_set_key(deskey,ctx->c.desx_cbc.ks);
+		memcpy(&(ctx->c.desx_cbc.inw[0]),&(key[8]),8);
+		memcpy(&(ctx->c.desx_cbc.outw[0]),&(key[16]),8);
+		}
+	}
+
+static void desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	     unsigned char *in, unsigned int inl)
+	{
+	des_xcbc_encrypt(in,out,inl,ctx->c.desx_cbc.ks,
+		(des_cblock *)&(ctx->iv[0]),
+		&ctx->c.desx_cbc.inw,
+		&ctx->c.desx_cbc.outw,
+		ctx->encrypt);
+	}
+#endif
diff --git a/crypto/openssl/crypto/evp/encode.c b/crypto/openssl/crypto/evp/encode.c
new file mode 100644
index 000000000000..0152624a7691
--- /dev/null
+++ b/crypto/openssl/crypto/evp/encode.c
@@ -0,0 +1,427 @@
+/* crypto/evp/encode.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+
+#ifndef CHARSET_EBCDIC
+#define conv_bin2ascii(a)	(data_bin2ascii[(a)&0x3f])
+#define conv_ascii2bin(a)	(data_ascii2bin[(a)&0x7f])
+#else
+/* We assume that PEM encoded files are EBCDIC files
+ * (i.e., printable text files). Convert them here while decoding.
+ * When encoding, output is EBCDIC (text) format again.
+ * (No need for conversion in the conv_bin2ascii macro, as the
+ * underlying textstring data_bin2ascii[] is already EBCDIC)
+ */
+#define conv_bin2ascii(a)	(data_bin2ascii[(a)&0x3f])
+#define conv_ascii2bin(a)	(data_ascii2bin[os_toascii[a]&0x7f])
+#endif
+
+/* 64 char lines
+ * pad input with 0
+ * left over chars are set to =
+ * 1 byte  => xx==
+ * 2 bytes => xxx=
+ * 3 bytes => xxxx
+ */
+#define BIN_PER_LINE    (64/4*3)
+#define CHUNKS_PER_LINE (64/4)
+#define CHAR_PER_LINE   (64+1)
+
+static unsigned char data_bin2ascii[65]="ABCDEFGHIJKLMNOPQRSTUVWXYZ\
+abcdefghijklmnopqrstuvwxyz0123456789+/";
+
+/* 0xF0 is a EOLN
+ * 0xF1 is ignore but next needs to be 0xF0 (for \r\n processing).
+ * 0xF2 is EOF
+ * 0xE0 is ignore at start of line.
+ * 0xFF is error
+ */
+
+#define B64_EOLN		0xF0
+#define B64_CR			0xF1
+#define B64_EOF			0xF2
+#define B64_WS			0xE0
+#define B64_ERROR       	0xFF
+#define B64_NOT_BASE64(a)	(((a)|0x13) == 0xF3)
+
+static unsigned char data_ascii2bin[128]={
+	0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	0xFF,0xE0,0xF0,0xFF,0xFF,0xF1,0xFF,0xFF,
+	0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	0xE0,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	0xFF,0xFF,0xFF,0x3E,0xFF,0xF2,0xFF,0x3F,
+	0x34,0x35,0x36,0x37,0x38,0x39,0x3A,0x3B,
+	0x3C,0x3D,0xFF,0xFF,0xFF,0x00,0xFF,0xFF,
+	0xFF,0x00,0x01,0x02,0x03,0x04,0x05,0x06,
+	0x07,0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,
+	0x0F,0x10,0x11,0x12,0x13,0x14,0x15,0x16,
+	0x17,0x18,0x19,0xFF,0xFF,0xFF,0xFF,0xFF,
+	0xFF,0x1A,0x1B,0x1C,0x1D,0x1E,0x1F,0x20,
+	0x21,0x22,0x23,0x24,0x25,0x26,0x27,0x28,
+	0x29,0x2A,0x2B,0x2C,0x2D,0x2E,0x2F,0x30,
+	0x31,0x32,0x33,0xFF,0xFF,0xFF,0xFF,0xFF,
+	};
+
+void EVP_EncodeInit(EVP_ENCODE_CTX *ctx)
+	{
+	ctx->length=48;
+	ctx->num=0;
+	ctx->line_num=0;
+	}
+
+void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
+	     unsigned char *in, int inl)
+	{
+	int i,j;
+	unsigned int total=0;
+
+	*outl=0;
+	if (inl == 0) return;
+	if ((ctx->num+inl) < ctx->length)
+		{
+		memcpy(&(ctx->enc_data[ctx->num]),in,inl);
+		ctx->num+=inl;
+		return;
+		}
+	if (ctx->num != 0)
+		{
+		i=ctx->length-ctx->num;
+		memcpy(&(ctx->enc_data[ctx->num]),in,i);
+		in+=i;
+		inl-=i;
+		j=EVP_EncodeBlock(out,ctx->enc_data,ctx->length);
+		ctx->num=0;
+		out+=j;
+		*(out++)='\n';
+		*out='\0';
+		total=j+1;
+		}
+	while (inl >= ctx->length)
+		{
+		j=EVP_EncodeBlock(out,in,ctx->length);
+		in+=ctx->length;
+		inl-=ctx->length;
+		out+=j;
+		*(out++)='\n';
+		*out='\0';
+		total+=j+1;
+		}
+	if (inl != 0)
+		memcpy(&(ctx->enc_data[0]),in,inl);
+	ctx->num=inl;
+	*outl=total;
+	}
+
+void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl)
+	{
+	unsigned int ret=0;
+
+	if (ctx->num != 0)
+		{
+		ret=EVP_EncodeBlock(out,ctx->enc_data,ctx->num);
+		out[ret++]='\n';
+		out[ret]='\0';
+		ctx->num=0;
+		}
+	*outl=ret;
+	}
+
+int EVP_EncodeBlock(unsigned char *t, unsigned char *f, int dlen)
+	{
+	int i,ret=0;
+	unsigned long l;
+
+	for (i=dlen; i > 0; i-=3)
+		{
+		if (i >= 3)
+			{
+			l=	(((unsigned long)f[0])<<16L)|
+				(((unsigned long)f[1])<< 8L)|f[2];
+			*(t++)=conv_bin2ascii(l>>18L);
+			*(t++)=conv_bin2ascii(l>>12L);
+			*(t++)=conv_bin2ascii(l>> 6L);
+			*(t++)=conv_bin2ascii(l     );
+			}
+		else
+			{
+			l=((unsigned long)f[0])<<16L;
+			if (i == 2) l|=((unsigned long)f[1]<<8L);
+
+			*(t++)=conv_bin2ascii(l>>18L);
+			*(t++)=conv_bin2ascii(l>>12L);
+			*(t++)=(i == 1)?'=':conv_bin2ascii(l>> 6L);
+			*(t++)='=';
+			}
+		ret+=4;
+		f+=3;
+		}
+
+	*t='\0';
+	return(ret);
+	}
+
+void EVP_DecodeInit(EVP_ENCODE_CTX *ctx)
+	{
+	ctx->length=30;
+	ctx->num=0;
+	ctx->line_num=0;
+	ctx->expect_nl=0;
+	}
+
+/* -1 for error
+ *  0 for last line
+ *  1 for full line
+ */
+int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
+	     unsigned char *in, int inl)
+	{
+	int seof= -1,eof=0,rv= -1,ret=0,i,v,tmp,n,ln,tmp2,exp_nl;
+	unsigned char *d;
+
+	n=ctx->num;
+	d=ctx->enc_data;
+	ln=ctx->line_num;
+	exp_nl=ctx->expect_nl;
+
+	/* last line of input. */
+	if ((inl == 0) || ((n == 0) && (conv_ascii2bin(in[0]) == B64_EOF)))
+		{ rv=0; goto end; }
+		
+	/* We parse the input data */
+	for (i=0; i 80 characters, scream alot */
+		if (ln >= 80) { rv= -1; goto end; }
+
+		/* Get char and put it into the buffer */
+		tmp= *(in++);
+		v=conv_ascii2bin(tmp);
+		/* only save the good data :-) */
+		if (!B64_NOT_BASE64(v))
+			{
+			d[n++]=tmp;
+			ln++;
+			}
+		else if (v == B64_ERROR)
+			{
+			rv= -1;
+			goto end;
+			}
+
+		/* have we seen a '=' which is 'definitly' the last
+		 * input line.  seof will point to the character that
+		 * holds it. and eof will hold how many characters to
+		 * chop off. */
+		if (tmp == '=')
+			{
+			if (seof == -1) seof=n;
+			eof++;
+			}
+
+		/* eoln */
+		if (v == B64_EOLN)
+			{
+			ln=0;
+			if (exp_nl)
+				{
+				exp_nl=0;
+				continue;
+				}
+			}
+		exp_nl=0;
+
+		/* If we are at the end of input and it looks like a
+		 * line, process it. */
+		if (((i+1) == inl) && (((n&3) == 0) || eof))
+			v=B64_EOF;
+
+		if ((v == B64_EOF) || (n >= 64))
+			{
+			/* This is needed to work correctly on 64 byte input
+			 * lines.  We process the line and then need to
+			 * accept the '\n' */
+			if ((v != B64_EOF) && (n >= 64)) exp_nl=1;
+			tmp2=v;
+			if (n > 0)
+				{
+				v=EVP_DecodeBlock(out,d,n);
+				if (v < 0) { rv=0; goto end; }
+				n=0;
+				ret+=(v-eof);
+				}
+			else
+				{
+				eof=1;
+				v=0;
+				}
+
+			/* This is the case where we have had a short
+			 * but valid input line */
+			if ((v < ctx->length) && eof)
+				{
+				rv=0;
+				goto end;
+				}
+			else
+				ctx->length=v;
+
+			if (seof >= 0) { rv=0; goto end; }
+			out+=v;
+			}
+		}
+	rv=1;
+end:
+	*outl=ret;
+	ctx->num=n;
+	ctx->line_num=ln;
+	ctx->expect_nl=exp_nl;
+	return(rv);
+	}
+
+int EVP_DecodeBlock(unsigned char *t, unsigned char *f, int n)
+	{
+	int i,ret=0,a,b,c,d;
+	unsigned long l;
+
+	/* trim white space from the start of the line. */
+	while ((conv_ascii2bin(*f) == B64_WS) && (n > 0))
+		{
+		f++;
+		n--;
+		}
+
+	/* strip off stuff at the end of the line
+	 * ascii2bin values B64_WS, B64_EOLN, B64_EOLN and B64_EOF */
+	while ((n > 3) && (B64_NOT_BASE64(conv_ascii2bin(f[n-1]))))
+		n--;
+
+	if (n%4 != 0) return(-1);
+
+	for (i=0; i>16L)&0xff;
+		*(t++)=(unsigned char)(l>> 8L)&0xff;
+		*(t++)=(unsigned char)(l     )&0xff;
+		ret+=3;
+		}
+	return(ret);
+	}
+
+int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl)
+	{
+	int i;
+
+	*outl=0;
+	if (ctx->num != 0)
+		{
+		i=EVP_DecodeBlock(out,ctx->enc_data,ctx->num);
+		if (i < 0) return(-1);
+		ctx->num=0;
+		*outl=i;
+		return(1);
+		}
+	else
+		return(1);
+	}
+
+#ifdef undef
+int EVP_DecodeValid(unsigned char *buf, int len)
+	{
+	int i,num=0,bad=0;
+
+	if (len == 0) return(-1);
+	while (conv_ascii2bin(*buf) == B64_WS)
+		{
+		buf++;
+		len--;
+		if (len == 0) return(-1);
+		}
+
+	for (i=len; i >= 4; i-=4)
+		{
+		if (	(conv_ascii2bin(buf[0]) >= 0x40) ||
+			(conv_ascii2bin(buf[1]) >= 0x40) ||
+			(conv_ascii2bin(buf[2]) >= 0x40) ||
+			(conv_ascii2bin(buf[3]) >= 0x40))
+			return(-1);
+		buf+=4;
+		num+=1+(buf[2] != '=')+(buf[3] != '=');
+		}
+	if ((i == 1) && (conv_ascii2bin(buf[0]) == B64_EOLN))
+		return(num);
+	if ((i == 2) && (conv_ascii2bin(buf[0]) == B64_EOLN) &&
+		(conv_ascii2bin(buf[0]) == B64_EOLN))
+		return(num);
+	return(1);
+	}
+#endif
diff --git a/crypto/openssl/crypto/evp/evp.h b/crypto/openssl/crypto/evp/evp.h
new file mode 100644
index 000000000000..570fe27d39b5
--- /dev/null
+++ b/crypto/openssl/crypto/evp/evp.h
@@ -0,0 +1,720 @@
+/* crypto/evp/evp.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_ENVELOPE_H
+#define HEADER_ENVELOPE_H
+
+#ifdef	__cplusplus
+extern "C" {
+#endif
+
+#ifndef NO_MD2
+#include 
+#endif
+#ifndef NO_MD5
+#include 
+#endif
+#ifndef NO_SHA
+#include 
+#endif
+#ifndef NO_RIPEMD
+#include 
+#endif
+#ifndef NO_DES
+#include 
+#endif
+#ifndef NO_RC4
+#include 
+#endif
+#ifndef NO_RC2
+#include 
+#endif
+#ifndef NO_RC5
+#include 
+#endif
+#ifndef NO_BF
+#include 
+#endif
+#ifndef NO_CAST
+#include 
+#endif
+#ifndef NO_IDEA
+#include 
+#endif
+#ifndef NO_MDC2
+#include 
+#endif
+
+#define EVP_RC2_KEY_SIZE		16
+#define EVP_RC4_KEY_SIZE		16
+#define EVP_BLOWFISH_KEY_SIZE		16
+#define EVP_CAST5_KEY_SIZE		16
+#define EVP_RC5_32_12_16_KEY_SIZE	16
+#define EVP_MAX_MD_SIZE			(16+20) /* The SSLv3 md5+sha1 type */
+#define EVP_MAX_KEY_LENGTH		24
+#define EVP_MAX_IV_LENGTH		8
+
+#define PKCS5_SALT_LEN			8
+/* Default PKCS#5 iteration count */
+#define PKCS5_DEFAULT_ITER		2048
+
+#ifndef NO_RSA
+#include 
+#endif
+
+#ifndef NO_DSA
+#include 
+#endif
+
+#ifndef NO_DH
+#include 
+#endif
+
+#include 
+
+#define EVP_PK_RSA	0x0001
+#define EVP_PK_DSA	0x0002
+#define EVP_PK_DH	0x0004
+#define EVP_PKT_SIGN	0x0010
+#define EVP_PKT_ENC	0x0020
+#define EVP_PKT_EXCH	0x0040
+#define EVP_PKS_RSA	0x0100
+#define EVP_PKS_DSA	0x0200
+#define EVP_PKT_EXP	0x1000 /* <= 512 bit key */
+
+#define EVP_PKEY_NONE	NID_undef
+#define EVP_PKEY_RSA	NID_rsaEncryption
+#define EVP_PKEY_RSA2	NID_rsa
+#define EVP_PKEY_DSA	NID_dsa
+#define EVP_PKEY_DSA1	NID_dsa_2
+#define EVP_PKEY_DSA2	NID_dsaWithSHA
+#define EVP_PKEY_DSA3	NID_dsaWithSHA1
+#define EVP_PKEY_DSA4	NID_dsaWithSHA1_2
+#define EVP_PKEY_DH	NID_dhKeyAgreement
+
+/* Type needs to be a bit field
+ * Sub-type needs to be for variations on the method, as in, can it do
+ * arbitary encryption.... */
+typedef struct evp_pkey_st
+	{
+	int type;
+	int save_type;
+	int references;
+	union	{
+		char *ptr;
+#ifndef NO_RSA
+		struct rsa_st *rsa;	/* RSA */
+#endif
+#ifndef NO_DSA
+		struct dsa_st *dsa;	/* DSA */
+#endif
+#ifndef NO_DH
+		struct dh_st *dh;	/* DH */
+#endif
+		} pkey;
+	int save_parameters;
+	STACK /*X509_ATTRIBUTE*/ *attributes; /* [ 0 ] */
+	} EVP_PKEY;
+
+#define EVP_PKEY_MO_SIGN	0x0001
+#define EVP_PKEY_MO_VERIFY	0x0002
+#define EVP_PKEY_MO_ENCRYPT	0x0004
+#define EVP_PKEY_MO_DECRYPT	0x0008
+
+#if 0
+/* This structure is required to tie the message digest and signing together.
+ * The lookup can be done by md/pkey_method, oid, oid/pkey_method, or
+ * oid, md and pkey.
+ * This is required because for various smart-card perform the digest and
+ * signing/verification on-board.  To handle this case, the specific
+ * EVP_MD and EVP_PKEY_METHODs need to be closely associated.
+ * When a PKEY is created, it will have a EVP_PKEY_METHOD associated with it.
+ * This can either be software or a token to provide the required low level
+ * routines.
+ */
+typedef struct evp_pkey_md_st
+	{
+	int oid;
+	EVP_MD *md;
+	EVP_PKEY_METHOD *pkey;
+	} EVP_PKEY_MD;
+
+#define EVP_rsa_md2() \
+		EVP_PKEY_MD_add(NID_md2WithRSAEncryption,\
+			EVP_rsa_pkcs1(),EVP_md2())
+#define EVP_rsa_md5() \
+		EVP_PKEY_MD_add(NID_md5WithRSAEncryption,\
+			EVP_rsa_pkcs1(),EVP_md5())
+#define EVP_rsa_sha0() \
+		EVP_PKEY_MD_add(NID_shaWithRSAEncryption,\
+			EVP_rsa_pkcs1(),EVP_sha())
+#define EVP_rsa_sha1() \
+		EVP_PKEY_MD_add(NID_sha1WithRSAEncryption,\
+			EVP_rsa_pkcs1(),EVP_sha1())
+#define EVP_rsa_ripemd160() \
+		EVP_PKEY_MD_add(NID_ripemd160WithRSA,\
+			EVP_rsa_pkcs1(),EVP_ripemd160())
+#define EVP_rsa_mdc2() \
+		EVP_PKEY_MD_add(NID_mdc2WithRSA,\
+			EVP_rsa_octet_string(),EVP_mdc2())
+#define EVP_dsa_sha() \
+		EVP_PKEY_MD_add(NID_dsaWithSHA,\
+			EVP_dsa(),EVP_mdc2())
+#define EVP_dsa_sha1() \
+		EVP_PKEY_MD_add(NID_dsaWithSHA1,\
+			EVP_dsa(),EVP_sha1())
+
+typedef struct evp_pkey_method_st
+	{
+	char *name;
+	int flags;
+	int type;		/* RSA, DSA, an SSLeay specific constant */
+	int oid;		/* For the pub-key type */
+	int encrypt_oid;	/* pub/priv key encryption */
+
+	int (*sign)();
+	int (*verify)();
+	struct	{
+		int
+		int (*set)();	/* get and/or set the underlying type */
+		int (*get)();
+		int (*encrypt)();
+		int (*decrypt)();
+		int (*i2d)();
+		int (*d2i)();
+		int (*dup)();
+		} pub,priv;
+	int (*set_asn1_parameters)();
+	int (*get_asn1_parameters)();
+	} EVP_PKEY_METHOD;
+#endif
+
+#ifndef EVP_MD
+typedef struct env_md_st
+	{
+	int type;
+	int pkey_type;
+	int md_size;
+	void (*init)();
+	void (*update)();
+	void (*final)();
+
+	int (*sign)();
+	int (*verify)();
+	int required_pkey_type[5]; /*EVP_PKEY_xxx */
+	int block_size;
+	int ctx_size; /* how big does the ctx need to be */
+	} EVP_MD;
+
+
+
+#define EVP_PKEY_NULL_method	NULL,NULL,{0,0,0,0}
+
+#ifndef NO_DSA
+#define EVP_PKEY_DSA_method	DSA_sign,DSA_verify, \
+				{EVP_PKEY_DSA,EVP_PKEY_DSA2,EVP_PKEY_DSA3, \
+					EVP_PKEY_DSA4,0}
+#else
+#define EVP_PKEY_DSA_method	EVP_PKEY_NULL_method
+#endif
+
+#ifndef NO_RSA
+#define EVP_PKEY_RSA_method	RSA_sign,RSA_verify, \
+				{EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0}
+#define EVP_PKEY_RSA_ASN1_OCTET_STRING_method \
+				RSA_sign_ASN1_OCTET_STRING, \
+				RSA_verify_ASN1_OCTET_STRING, \
+				{EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0}
+#else
+#define EVP_PKEY_RSA_method	EVP_PKEY_NULL_method
+#define EVP_PKEY_RSA_ASN1_OCTET_STRING_method EVP_PKEY_NULL_method
+#endif
+
+#endif /* !EVP_MD */
+
+typedef struct env_md_ctx_st
+	{
+	const EVP_MD *digest;
+	union	{
+		unsigned char base[4];
+#ifndef NO_MD2
+		MD2_CTX md2;
+#endif
+#ifndef NO_MD5
+		MD5_CTX md5;
+#endif
+#ifndef NO_RIPEMD
+		RIPEMD160_CTX ripemd160;
+#endif
+#ifndef NO_SHA
+		SHA_CTX sha;
+#endif
+#ifndef NO_MDC2
+		MDC2_CTX mdc2;
+#endif
+		} md;
+	} EVP_MD_CTX;
+
+typedef struct evp_cipher_st
+	{
+	int nid;
+	int block_size;
+	int key_len;
+	int iv_len;
+	void (*init)();		/* init for encryption */
+	void (*do_cipher)();	/* encrypt data */
+	void (*cleanup)();	/* used by cipher method */ 
+	int ctx_size;		/* how big the ctx needs to be */
+	/* int set_asn1_parameters(EVP_CIPHER_CTX,ASN1_TYPE *); */
+	int (*set_asn1_parameters)(); /* Populate a ASN1_TYPE with parameters */
+	/* int get_asn1_parameters(EVP_CIPHER_CTX,ASN1_TYPE *); */
+	int (*get_asn1_parameters)(); /* Get parameters from a ASN1_TYPE */
+	} EVP_CIPHER;
+
+typedef struct evp_cipher_info_st
+	{
+	const EVP_CIPHER *cipher;
+	unsigned char iv[EVP_MAX_IV_LENGTH];
+	} EVP_CIPHER_INFO;
+
+typedef struct evp_cipher_ctx_st
+	{
+	const EVP_CIPHER *cipher;
+	int encrypt;		/* encrypt or decrypt */
+	int buf_len;		/* number we have left */
+
+	unsigned char  oiv[EVP_MAX_IV_LENGTH];	/* original iv */
+	unsigned char  iv[EVP_MAX_IV_LENGTH];	/* working iv */
+	unsigned char buf[EVP_MAX_IV_LENGTH];	/* saved partial block */
+	int num;				/* used by cfb/ofb mode */
+
+	char *app_data;		/* aplication stuff */
+	union	{
+#ifndef NO_RC4
+		struct
+			{
+			unsigned char key[EVP_RC4_KEY_SIZE];
+			RC4_KEY ks;	/* working key */
+			} rc4;
+#endif
+#ifndef NO_DES
+		des_key_schedule des_ks;/* key schedule */
+		struct
+			{
+			des_key_schedule ks;/* key schedule */
+			des_cblock inw;
+			des_cblock outw;
+			} desx_cbc;
+		struct
+			{
+			des_key_schedule ks1;/* key schedule */
+			des_key_schedule ks2;/* key schedule (for ede) */
+			des_key_schedule ks3;/* key schedule (for ede3) */
+			} des_ede;
+#endif
+#ifndef NO_IDEA
+		IDEA_KEY_SCHEDULE idea_ks;/* key schedule */
+#endif
+#ifndef NO_RC2
+		RC2_KEY rc2_ks;/* key schedule */
+#endif
+#ifndef NO_RC5
+		RC5_32_KEY rc5_ks;/* key schedule */
+#endif
+#ifndef NO_BF
+		BF_KEY bf_ks;/* key schedule */
+#endif
+#ifndef NO_CAST
+		CAST_KEY cast_ks;/* key schedule */
+#endif
+		} c;
+	} EVP_CIPHER_CTX;
+
+typedef struct evp_Encode_Ctx_st
+	{
+	int num;	/* number saved in a partial encode/decode */
+	int length;	/* The length is either the output line length
+			 * (in input bytes) or the shortest input line
+			 * length that is ok.  Once decoding begins,
+			 * the length is adjusted up each time a longer
+			 * line is decoded */
+	unsigned char enc_data[80];	/* data to encode */
+	int line_num;	/* number read on current line */
+	int expect_nl;
+	} EVP_ENCODE_CTX;
+
+/* Password based encryption function */
+typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
+		ASN1_TYPE *param, EVP_CIPHER *cipher,
+                EVP_MD *md, int en_de);
+
+#define EVP_PKEY_assign_RSA(pkey,rsa) EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\
+					(char *)(rsa))
+#define EVP_PKEY_assign_DSA(pkey,dsa) EVP_PKEY_assign((pkey),EVP_PKEY_DSA,\
+					(char *)(dsa))
+#define EVP_PKEY_assign_DH(pkey,dh) EVP_PKEY_assign((pkey),EVP_PKEY_DH,\
+					(char *)(dh))
+
+/* Add some extra combinations */
+#define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a))
+#define EVP_get_digestbyobj(a) EVP_get_digestbynid(OBJ_obj2nid(a))
+#define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a))
+#define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a))
+
+#define EVP_MD_type(e)			((e)->type)
+#define EVP_MD_pkey_type(e)		((e)->pkey_type)
+#define EVP_MD_size(e)			((e)->md_size)
+#define EVP_MD_block_size(e)		((e)->block_size)
+
+#define EVP_MD_CTX_size(e)		EVP_MD_size((e)->digest)
+#define EVP_MD_CTX_block_size(e)	EVP_MD_block_size((e)->digest)
+#define EVP_MD_CTX_type(e)		((e)->digest)
+
+#define EVP_CIPHER_nid(e)		((e)->nid)
+#define EVP_CIPHER_block_size(e)	((e)->block_size)
+#define EVP_CIPHER_key_length(e)	((e)->key_len)
+#define EVP_CIPHER_iv_length(e)		((e)->iv_len)
+
+#define EVP_CIPHER_CTX_cipher(e)	((e)->cipher)
+#define EVP_CIPHER_CTX_nid(e)		((e)->cipher->nid)
+#define EVP_CIPHER_CTX_block_size(e)	((e)->cipher->block_size)
+#define EVP_CIPHER_CTX_key_length(e)	((e)->cipher->key_len)
+#define EVP_CIPHER_CTX_iv_length(e)	((e)->cipher->iv_len)
+#define EVP_CIPHER_CTX_get_app_data(e)	((e)->app_data)
+#define EVP_CIPHER_CTX_set_app_data(e,d) ((e)->app_data=(char *)(d))
+#define EVP_CIPHER_CTX_type(c)         EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c))
+
+#define EVP_ENCODE_LENGTH(l)	(((l+2)/3*4)+(l/48+1)*2+80)
+#define EVP_DECODE_LENGTH(l)	((l+3)/4*3+80)
+
+#define EVP_SignInit(a,b)		EVP_DigestInit(a,b)
+#define EVP_SignUpdate(a,b,c)		EVP_DigestUpdate(a,b,c)
+#define	EVP_VerifyInit(a,b)		EVP_DigestInit(a,b)
+#define	EVP_VerifyUpdate(a,b,c)		EVP_DigestUpdate(a,b,c)
+#define EVP_OpenUpdate(a,b,c,d,e)	EVP_DecryptUpdate(a,b,c,d,e)
+#define EVP_SealUpdate(a,b,c,d,e)	EVP_EncryptUpdate(a,b,c,d,e)	
+
+#ifdef CONST_STRICT
+void BIO_set_md(BIO *,const EVP_MD *md);
+#else
+# define BIO_set_md(b,md)		BIO_ctrl(b,BIO_C_SET_MD,0,(char *)md)
+#endif
+#define BIO_get_md(b,mdp)		BIO_ctrl(b,BIO_C_GET_MD,0,(char *)mdp)
+#define BIO_get_md_ctx(b,mdcp)     BIO_ctrl(b,BIO_C_GET_MD_CTX,0,(char *)mdcp)
+#define BIO_get_cipher_status(b)	BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL)
+#define BIO_get_cipher_ctx(b,c_pp)	BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(char *)c_pp)
+
+#define	EVP_Cipher(c,o,i,l)	(c)->cipher->do_cipher((c),(o),(i),(l))
+
+#define EVP_add_cipher_alias(n,alias) \
+	OBJ_NAME_add((alias),OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS,(n))
+#define EVP_add_digest_alias(n,alias) \
+	OBJ_NAME_add((alias),OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS,(n))
+#define EVP_delete_cipher_alias(alias) \
+	OBJ_NAME_remove(alias,OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS);
+#define EVP_delete_digest_alias(alias) \
+	OBJ_NAME_remove(alias,OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS);
+
+
+int     EVP_MD_CTX_copy(EVP_MD_CTX *out,EVP_MD_CTX *in);  
+void	EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
+void	EVP_DigestUpdate(EVP_MD_CTX *ctx,const void *d,
+			 unsigned int cnt);
+void	EVP_DigestFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s);
+
+int	EVP_read_pw_string(char *buf,int length,const char *prompt,int verify);
+void	EVP_set_pw_prompt(char *prompt);
+char *	EVP_get_pw_prompt(void);
+
+int	EVP_BytesToKey(const EVP_CIPHER *type,EVP_MD *md,unsigned char *salt,
+		unsigned char *data, int datal, int count,
+		unsigned char *key,unsigned char *iv);
+
+void	EVP_EncryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type,
+		unsigned char *key, unsigned char *iv);
+void	EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+		int *outl, unsigned char *in, int inl);
+void	EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
+
+void	EVP_DecryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type,
+		unsigned char *key, unsigned char *iv);
+void	EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+		int *outl, unsigned char *in, int inl);
+int	EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
+
+void	EVP_CipherInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type,
+		       unsigned char *key,unsigned char *iv,int enc);
+void	EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+		int *outl, unsigned char *in, int inl);
+int	EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
+
+int	EVP_SignFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s,
+		EVP_PKEY *pkey);
+
+int	EVP_VerifyFinal(EVP_MD_CTX *ctx,unsigned char *sigbuf,
+		unsigned int siglen,EVP_PKEY *pkey);
+
+int	EVP_OpenInit(EVP_CIPHER_CTX *ctx,EVP_CIPHER *type,unsigned char *ek,
+		int ekl,unsigned char *iv,EVP_PKEY *priv);
+int	EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
+
+int	EVP_SealInit(EVP_CIPHER_CTX *ctx, EVP_CIPHER *type, unsigned char **ek,
+		int *ekl, unsigned char *iv,EVP_PKEY **pubk, int npubk);
+void	EVP_SealFinal(EVP_CIPHER_CTX *ctx,unsigned char *out,int *outl);
+
+void	EVP_EncodeInit(EVP_ENCODE_CTX *ctx);
+void	EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out,
+		int *outl,unsigned char *in,int inl);
+void	EVP_EncodeFinal(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl);
+int	EVP_EncodeBlock(unsigned char *t, unsigned char *f, int n);
+
+void	EVP_DecodeInit(EVP_ENCODE_CTX *ctx);
+int	EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl,
+		unsigned char *in, int inl);
+int	EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned
+		char *out, int *outl);
+int	EVP_DecodeBlock(unsigned char *t, unsigned
+		char *f, int n);
+
+void	ERR_load_EVP_strings(void );
+
+void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a);
+void EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a);
+
+#ifdef HEADER_BIO_H
+BIO_METHOD *BIO_f_md(void);
+BIO_METHOD *BIO_f_base64(void);
+BIO_METHOD *BIO_f_cipher(void);
+BIO_METHOD *BIO_f_reliable(void);
+void BIO_set_cipher(BIO *b,const EVP_CIPHER *c,unsigned char *k,
+	unsigned char *i, int enc);
+#endif
+
+EVP_MD *EVP_md_null(void);
+EVP_MD *EVP_md2(void);
+EVP_MD *EVP_md5(void);
+EVP_MD *EVP_sha(void);
+EVP_MD *EVP_sha1(void);
+EVP_MD *EVP_dss(void);
+EVP_MD *EVP_dss1(void);
+EVP_MD *EVP_mdc2(void);
+EVP_MD *EVP_ripemd160(void);
+
+EVP_CIPHER *EVP_enc_null(void);		/* does nothing :-) */
+EVP_CIPHER *EVP_des_ecb(void);
+EVP_CIPHER *EVP_des_ede(void);
+EVP_CIPHER *EVP_des_ede3(void);
+EVP_CIPHER *EVP_des_cfb(void);
+EVP_CIPHER *EVP_des_ede_cfb(void);
+EVP_CIPHER *EVP_des_ede3_cfb(void);
+EVP_CIPHER *EVP_des_ofb(void);
+EVP_CIPHER *EVP_des_ede_ofb(void);
+EVP_CIPHER *EVP_des_ede3_ofb(void);
+EVP_CIPHER *EVP_des_cbc(void);
+EVP_CIPHER *EVP_des_ede_cbc(void);
+EVP_CIPHER *EVP_des_ede3_cbc(void);
+EVP_CIPHER *EVP_desx_cbc(void);
+EVP_CIPHER *EVP_rc4(void);
+EVP_CIPHER *EVP_rc4_40(void);
+EVP_CIPHER *EVP_idea_ecb(void);
+EVP_CIPHER *EVP_idea_cfb(void);
+EVP_CIPHER *EVP_idea_ofb(void);
+EVP_CIPHER *EVP_idea_cbc(void);
+EVP_CIPHER *EVP_rc2_ecb(void);
+EVP_CIPHER *EVP_rc2_cbc(void);
+EVP_CIPHER *EVP_rc2_40_cbc(void);
+EVP_CIPHER *EVP_rc2_64_cbc(void);
+EVP_CIPHER *EVP_rc2_cfb(void);
+EVP_CIPHER *EVP_rc2_ofb(void);
+EVP_CIPHER *EVP_bf_ecb(void);
+EVP_CIPHER *EVP_bf_cbc(void);
+EVP_CIPHER *EVP_bf_cfb(void);
+EVP_CIPHER *EVP_bf_ofb(void);
+EVP_CIPHER *EVP_cast5_ecb(void);
+EVP_CIPHER *EVP_cast5_cbc(void);
+EVP_CIPHER *EVP_cast5_cfb(void);
+EVP_CIPHER *EVP_cast5_ofb(void);
+EVP_CIPHER *EVP_rc5_32_12_16_cbc(void);
+EVP_CIPHER *EVP_rc5_32_12_16_ecb(void);
+EVP_CIPHER *EVP_rc5_32_12_16_cfb(void);
+EVP_CIPHER *EVP_rc5_32_12_16_ofb(void);
+
+void SSLeay_add_all_algorithms(void);
+void SSLeay_add_all_ciphers(void);
+void SSLeay_add_all_digests(void);
+
+int EVP_add_cipher(EVP_CIPHER *cipher);
+int EVP_add_digest(EVP_MD *digest);
+
+const EVP_CIPHER *EVP_get_cipherbyname(const char *name);
+const EVP_MD *EVP_get_digestbyname(const char *name);
+void EVP_cleanup(void);
+
+int		EVP_PKEY_decrypt(unsigned char *dec_key,unsigned char *enc_key,
+			int enc_key_len,EVP_PKEY *private_key);
+int		EVP_PKEY_encrypt(unsigned char *enc_key,
+			unsigned char *key,int key_len,EVP_PKEY *pub_key);
+int		EVP_PKEY_type(int type);
+int		EVP_PKEY_bits(EVP_PKEY *pkey);
+int		EVP_PKEY_size(EVP_PKEY *pkey);
+int 		EVP_PKEY_assign(EVP_PKEY *pkey,int type,char *key);
+EVP_PKEY *	EVP_PKEY_new(void);
+void		EVP_PKEY_free(EVP_PKEY *pkey);
+EVP_PKEY *	d2i_PublicKey(int type,EVP_PKEY **a, unsigned char **pp,
+			long length);
+int		i2d_PublicKey(EVP_PKEY *a, unsigned char **pp);
+
+EVP_PKEY *	d2i_PrivateKey(int type,EVP_PKEY **a, unsigned char **pp,
+			long length);
+int		i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp);
+
+int EVP_PKEY_copy_parameters(EVP_PKEY *to,EVP_PKEY *from);
+int EVP_PKEY_missing_parameters(EVP_PKEY *pkey);
+int EVP_PKEY_save_parameters(EVP_PKEY *pkey,int mode);
+int EVP_PKEY_cmp_parameters(EVP_PKEY *a,EVP_PKEY *b);
+
+int EVP_CIPHER_type(const EVP_CIPHER *ctx);
+
+/* calls methods */
+int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
+int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
+
+/* These are used by EVP_CIPHER methods */
+int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c,ASN1_TYPE *type);
+int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c,ASN1_TYPE *type);
+
+/* PKCS5 password based encryption */
+int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
+			 ASN1_TYPE *param, EVP_CIPHER *cipher, EVP_MD *md,
+			 int en_de);
+int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
+			   unsigned char *salt, int saltlen, int iter,
+			   int keylen, unsigned char *out);
+int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
+			 ASN1_TYPE *param, EVP_CIPHER *cipher, EVP_MD *md,
+			 int en_de);
+
+void PKCS5_PBE_add(void);
+
+int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
+	     ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de);
+int EVP_PBE_alg_add(int nid, EVP_CIPHER *cipher, EVP_MD *md,
+		    EVP_PBE_KEYGEN *keygen);
+void EVP_PBE_cleanup(void);
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+
+/* Error codes for the EVP functions. */
+
+/* Function codes. */
+#define EVP_F_D2I_PKEY					 100
+#define EVP_F_EVP_DECRYPTFINAL				 101
+#define EVP_F_EVP_MD_CTX_COPY				 110
+#define EVP_F_EVP_OPENINIT				 102
+#define EVP_F_EVP_PBE_ALG_ADD				 115
+#define EVP_F_EVP_PBE_CIPHERINIT			 116
+#define EVP_F_EVP_PKCS82PKEY				 111
+#define EVP_F_EVP_PKCS8_SET_BROKEN			 112
+#define EVP_F_EVP_PKEY2PKCS8				 113
+#define EVP_F_EVP_PKEY_COPY_PARAMETERS			 103
+#define EVP_F_EVP_PKEY_DECRYPT				 104
+#define EVP_F_EVP_PKEY_ENCRYPT				 105
+#define EVP_F_EVP_PKEY_NEW				 106
+#define EVP_F_EVP_SIGNFINAL				 107
+#define EVP_F_EVP_VERIFYFINAL				 108
+#define EVP_F_PKCS5_PBE_KEYIVGEN			 117
+#define EVP_F_PKCS5_V2_PBE_KEYIVGEN			 118
+#define EVP_F_RC2_MAGIC_TO_METH				 109
+
+/* Reason codes. */
+#define EVP_R_BAD_DECRYPT				 100
+#define EVP_R_BN_DECODE_ERROR				 112
+#define EVP_R_BN_PUBKEY_ERROR				 113
+#define EVP_R_CIPHER_PARAMETER_ERROR			 122
+#define EVP_R_DECODE_ERROR				 114
+#define EVP_R_DIFFERENT_KEY_TYPES			 101
+#define EVP_R_ENCODE_ERROR				 115
+#define EVP_R_EVP_PBE_CIPHERINIT_ERROR			 119
+#define EVP_R_INPUT_NOT_INITIALIZED			 111
+#define EVP_R_IV_TOO_LARGE				 102
+#define EVP_R_KEYGEN_FAILURE				 120
+#define EVP_R_MISSING_PARMATERS				 103
+#define EVP_R_NO_DSA_PARAMETERS				 116
+#define EVP_R_NO_SIGN_FUNCTION_CONFIGURED		 104
+#define EVP_R_NO_VERIFY_FUNCTION_CONFIGURED		 105
+#define EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE			 117
+#define EVP_R_PUBLIC_KEY_NOT_RSA			 106
+#define EVP_R_UNKNOWN_PBE_ALGORITHM			 121
+#define EVP_R_UNSUPPORTED_CIPHER			 107
+#define EVP_R_UNSUPPORTED_KEYLENGTH			 123
+#define EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION	 124
+#define EVP_R_UNSUPPORTED_KEY_SIZE			 108
+#define EVP_R_UNSUPPORTED_PRF				 125
+#define EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM		 118
+#define EVP_R_UNSUPPORTED_SALT_TYPE			 126
+#define EVP_R_WRONG_FINAL_BLOCK_LENGTH			 109
+#define EVP_R_WRONG_PUBLIC_KEY_TYPE			 110
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
+
diff --git a/crypto/openssl/crypto/evp/evp_enc.c b/crypto/openssl/crypto/evp/evp_enc.c
new file mode 100644
index 000000000000..5299a65b6af3
--- /dev/null
+++ b/crypto/openssl/crypto/evp/evp_enc.c
@@ -0,0 +1,270 @@
+/* crypto/evp/evp_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+
+const char *EVP_version="EVP" OPENSSL_VERSION_PTEXT;
+
+void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx)
+	{
+	memset(ctx,0,sizeof(EVP_CIPHER_CTX));
+	/* ctx->cipher=NULL; */
+	}
+
+void EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *data,
+	     unsigned char *key, unsigned char *iv, int enc)
+	{
+	if (enc)
+		EVP_EncryptInit(ctx,data,key,iv);
+	else	
+		EVP_DecryptInit(ctx,data,key,iv);
+	}
+
+void EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
+	     unsigned char *in, int inl)
+	{
+	if (ctx->encrypt)
+		EVP_EncryptUpdate(ctx,out,outl,in,inl);
+	else	EVP_DecryptUpdate(ctx,out,outl,in,inl);
+	}
+
+int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+	{
+	if (ctx->encrypt)
+		{
+		EVP_EncryptFinal(ctx,out,outl);
+		return(1);
+		}
+	else	return(EVP_DecryptFinal(ctx,out,outl));
+	}
+
+void EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
+	     unsigned char *key, unsigned char *iv)
+	{
+	if (cipher != NULL)
+		ctx->cipher=cipher;
+	ctx->cipher->init(ctx,key,iv,1);
+	ctx->encrypt=1;
+	ctx->buf_len=0;
+	}
+
+void EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
+	     unsigned char *key, unsigned char *iv)
+	{
+	if (cipher != NULL)
+		ctx->cipher=cipher;
+	ctx->cipher->init(ctx,key,iv,0);
+	ctx->encrypt=0;
+	ctx->buf_len=0;
+	}
+
+
+void EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
+	     unsigned char *in, int inl)
+	{
+	int i,j,bl;
+
+	i=ctx->buf_len;
+	bl=ctx->cipher->block_size;
+	*outl=0;
+	if ((inl == 0) && (i != bl)) return;
+	if (i != 0)
+		{
+		if (i+inl < bl)
+			{
+			memcpy(&(ctx->buf[i]),in,inl);
+			ctx->buf_len+=inl;
+			return;
+			}
+		else
+			{
+			j=bl-i;
+			if (j != 0) memcpy(&(ctx->buf[i]),in,j);
+			ctx->cipher->do_cipher(ctx,out,ctx->buf,bl);
+			inl-=j;
+			in+=j;
+			out+=bl;
+			*outl+=bl;
+			}
+		}
+	i=inl%bl; /* how much is left */
+	inl-=i;
+	if (inl > 0)
+		{
+		ctx->cipher->do_cipher(ctx,out,in,inl);
+		*outl+=inl;
+		}
+
+	if (i != 0)
+		memcpy(ctx->buf,&(in[inl]),i);
+	ctx->buf_len=i;
+	}
+
+void EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+	{
+	int i,n,b,bl;
+
+	b=ctx->cipher->block_size;
+	if (b == 1)
+		{
+		*outl=0;
+		return;
+		}
+	bl=ctx->buf_len;
+	n=b-bl;
+	for (i=bl; ibuf[i]=n;
+	ctx->cipher->do_cipher(ctx,out,ctx->buf,b);
+	*outl=b;
+	}
+
+void EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
+	     unsigned char *in, int inl)
+	{
+	int b,bl,n;
+	int keep_last=0;
+
+	*outl=0;
+	if (inl == 0) return;
+
+	b=ctx->cipher->block_size;
+	if (b > 1)
+		{
+		/* Is the input a multiple of the block size? */
+		bl=ctx->buf_len;
+		n=inl+bl;
+		if (n%b == 0)
+			{
+			if (inl < b) /* must be 'just one' buff */
+				{
+				memcpy(&(ctx->buf[bl]),in,inl);
+				ctx->buf_len=b;
+				*outl=0;
+				return;
+				}
+			keep_last=1;
+			inl-=b; /* don't do the last block */
+			}
+		}
+	EVP_EncryptUpdate(ctx,out,outl,in,inl);
+
+	/* if we have 'decrypted' a multiple of block size, make sure
+	 * we have a copy of this last block */
+	if (keep_last)
+		{
+		memcpy(&(ctx->buf[0]),&(in[inl]),b);
+#ifdef DEBUG
+		if (ctx->buf_len != 0)
+			{
+			abort();
+			}
+#endif
+		ctx->buf_len=b;
+		}
+	}
+
+int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+	{
+	int i,b;
+	int n;
+
+	*outl=0;
+	b=ctx->cipher->block_size;
+	if (b > 1)
+		{
+		if (ctx->buf_len != b)
+			{
+			EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_WRONG_FINAL_BLOCK_LENGTH);
+			return(0);
+			}
+		EVP_EncryptUpdate(ctx,ctx->buf,&n,ctx->buf,0);
+		if (n != b)
+			return(0);
+		n=ctx->buf[b-1];
+		if (n > b)
+			{
+			EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_BAD_DECRYPT);
+			return(0);
+			}
+		for (i=0; ibuf[--b] != n)
+				{
+				EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_BAD_DECRYPT);
+				return(0);
+				}
+			}
+		n=ctx->cipher->block_size-n;
+		for (i=0; ibuf[i];
+		*outl=n;
+		}
+	else
+		*outl=0;
+	return(1);
+	}
+
+void EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
+	{
+	if ((c->cipher != NULL) && (c->cipher->cleanup != NULL))
+		c->cipher->cleanup(c);
+	memset(c,0,sizeof(EVP_CIPHER_CTX));
+	}
+
diff --git a/crypto/openssl/crypto/evp/evp_err.c b/crypto/openssl/crypto/evp/evp_err.c
new file mode 100644
index 000000000000..c61cc922e837
--- /dev/null
+++ b/crypto/openssl/crypto/evp/evp_err.c
@@ -0,0 +1,136 @@
+/* crypto/evp/evp_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file.
+ */
+
+#include 
+#include 
+#include 
+
+/* BEGIN ERROR CODES */
+#ifndef NO_ERR
+static ERR_STRING_DATA EVP_str_functs[]=
+	{
+{ERR_PACK(0,EVP_F_D2I_PKEY,0),	"D2I_PKEY"},
+{ERR_PACK(0,EVP_F_EVP_DECRYPTFINAL,0),	"EVP_DecryptFinal"},
+{ERR_PACK(0,EVP_F_EVP_MD_CTX_COPY,0),	"EVP_MD_CTX_copy"},
+{ERR_PACK(0,EVP_F_EVP_OPENINIT,0),	"EVP_OpenInit"},
+{ERR_PACK(0,EVP_F_EVP_PBE_ALG_ADD,0),	"EVP_PBE_alg_add"},
+{ERR_PACK(0,EVP_F_EVP_PBE_CIPHERINIT,0),	"EVP_PBE_CipherInit"},
+{ERR_PACK(0,EVP_F_EVP_PKCS82PKEY,0),	"EVP_PKCS82PKEY"},
+{ERR_PACK(0,EVP_F_EVP_PKCS8_SET_BROKEN,0),	"EVP_PKCS8_SET_BROKEN"},
+{ERR_PACK(0,EVP_F_EVP_PKEY2PKCS8,0),	"EVP_PKEY2PKCS8"},
+{ERR_PACK(0,EVP_F_EVP_PKEY_COPY_PARAMETERS,0),	"EVP_PKEY_copy_parameters"},
+{ERR_PACK(0,EVP_F_EVP_PKEY_DECRYPT,0),	"EVP_PKEY_decrypt"},
+{ERR_PACK(0,EVP_F_EVP_PKEY_ENCRYPT,0),	"EVP_PKEY_encrypt"},
+{ERR_PACK(0,EVP_F_EVP_PKEY_NEW,0),	"EVP_PKEY_new"},
+{ERR_PACK(0,EVP_F_EVP_SIGNFINAL,0),	"EVP_SignFinal"},
+{ERR_PACK(0,EVP_F_EVP_VERIFYFINAL,0),	"EVP_VerifyFinal"},
+{ERR_PACK(0,EVP_F_PKCS5_PBE_KEYIVGEN,0),	"PKCS5_PBE_keyivgen"},
+{ERR_PACK(0,EVP_F_PKCS5_V2_PBE_KEYIVGEN,0),	"PKCS5_v2_PBE_keyivgen"},
+{ERR_PACK(0,EVP_F_RC2_MAGIC_TO_METH,0),	"RC2_MAGIC_TO_METH"},
+{0,NULL}
+	};
+
+static ERR_STRING_DATA EVP_str_reasons[]=
+	{
+{EVP_R_BAD_DECRYPT                       ,"bad decrypt"},
+{EVP_R_BN_DECODE_ERROR                   ,"bn decode error"},
+{EVP_R_BN_PUBKEY_ERROR                   ,"bn pubkey error"},
+{EVP_R_CIPHER_PARAMETER_ERROR            ,"cipher parameter error"},
+{EVP_R_DECODE_ERROR                      ,"decode error"},
+{EVP_R_DIFFERENT_KEY_TYPES               ,"different key types"},
+{EVP_R_ENCODE_ERROR                      ,"encode error"},
+{EVP_R_EVP_PBE_CIPHERINIT_ERROR          ,"evp pbe cipherinit error"},
+{EVP_R_INPUT_NOT_INITIALIZED             ,"input not initialized"},
+{EVP_R_IV_TOO_LARGE                      ,"iv too large"},
+{EVP_R_KEYGEN_FAILURE                    ,"keygen failure"},
+{EVP_R_MISSING_PARMATERS                 ,"missing parmaters"},
+{EVP_R_NO_DSA_PARAMETERS                 ,"no dsa parameters"},
+{EVP_R_NO_SIGN_FUNCTION_CONFIGURED       ,"no sign function configured"},
+{EVP_R_NO_VERIFY_FUNCTION_CONFIGURED     ,"no verify function configured"},
+{EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE         ,"pkcs8 unknown broken type"},
+{EVP_R_PUBLIC_KEY_NOT_RSA                ,"public key not rsa"},
+{EVP_R_UNKNOWN_PBE_ALGORITHM             ,"unknown pbe algorithm"},
+{EVP_R_UNSUPPORTED_CIPHER                ,"unsupported cipher"},
+{EVP_R_UNSUPPORTED_KEYLENGTH             ,"unsupported keylength"},
+{EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION,"unsupported key derivation function"},
+{EVP_R_UNSUPPORTED_KEY_SIZE              ,"unsupported key size"},
+{EVP_R_UNSUPPORTED_PRF                   ,"unsupported prf"},
+{EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM ,"unsupported private key algorithm"},
+{EVP_R_UNSUPPORTED_SALT_TYPE             ,"unsupported salt type"},
+{EVP_R_WRONG_FINAL_BLOCK_LENGTH          ,"wrong final block length"},
+{EVP_R_WRONG_PUBLIC_KEY_TYPE             ,"wrong public key type"},
+{0,NULL}
+	};
+
+#endif
+
+void ERR_load_EVP_strings(void)
+	{
+	static int init=1;
+
+	if (init)
+		{
+		init=0;
+#ifndef NO_ERR
+		ERR_load_strings(ERR_LIB_EVP,EVP_str_functs);
+		ERR_load_strings(ERR_LIB_EVP,EVP_str_reasons);
+#endif
+
+		}
+	}
diff --git a/crypto/openssl/crypto/evp/evp_key.c b/crypto/openssl/crypto/evp/evp_key.c
new file mode 100644
index 000000000000..21eda418bc9d
--- /dev/null
+++ b/crypto/openssl/crypto/evp/evp_key.c
@@ -0,0 +1,156 @@
+/* crypto/evp/evp_key.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+
+/* should be init to zeros. */
+static char prompt_string[80];
+
+void EVP_set_pw_prompt(char *prompt)
+	{
+	if (prompt == NULL)
+		prompt_string[0]='\0';
+	else
+		strncpy(prompt_string,prompt,79);
+	}
+
+char *EVP_get_pw_prompt(void)
+	{
+	if (prompt_string[0] == '\0')
+		return(NULL);
+	else
+		return(prompt_string);
+	}
+
+#ifdef NO_DES
+int des_read_pw_string(char *buf,int len,const char *prompt,int verify);
+#endif
+
+int EVP_read_pw_string(char *buf, int len, const char *prompt, int verify)
+	{
+	if ((prompt == NULL) && (prompt_string[0] != '\0'))
+		prompt=prompt_string;
+	return(des_read_pw_string(buf,len,prompt,verify));
+	}
+
+int EVP_BytesToKey(const EVP_CIPHER *type, EVP_MD *md, unsigned char *salt,
+	     unsigned char *data, int datal, int count, unsigned char *key,
+	     unsigned char *iv)
+	{
+	EVP_MD_CTX c;
+	unsigned char md_buf[EVP_MAX_MD_SIZE];
+	int niv,nkey,addmd=0;
+	unsigned int mds=0,i;
+
+	nkey=type->key_len;
+	niv=type->iv_len;
+
+	if (data == NULL) return(nkey);
+
+	for (;;)
+		{
+		EVP_DigestInit(&c,md);
+		if (addmd++)
+			EVP_DigestUpdate(&c,&(md_buf[0]),mds);
+		EVP_DigestUpdate(&c,data,datal);
+		if (salt != NULL)
+			EVP_DigestUpdate(&c,salt,8);
+		EVP_DigestFinal(&c,&(md_buf[0]),&mds);
+
+		for (i=1; i<(unsigned int)count; i++)
+			{
+			EVP_DigestInit(&c,md);
+			EVP_DigestUpdate(&c,&(md_buf[0]),mds);
+			EVP_DigestFinal(&c,&(md_buf[0]),&mds);
+			}
+		i=0;
+		if (nkey)
+			{
+			for (;;)
+				{
+				if (nkey == 0) break;
+				if (i == mds) break;
+				if (key != NULL)
+					*(key++)=md_buf[i];
+				nkey--;
+				i++;
+				}
+			}
+		if (niv && (i != mds))
+			{
+			for (;;)
+				{
+				if (niv == 0) break;
+				if (i == mds) break;
+				if (iv != NULL)
+					*(iv++)=md_buf[i];
+				niv--;
+				i++;
+				}
+			}
+		if ((nkey == 0) && (niv == 0)) break;
+		}
+	memset(&c,0,sizeof(c));
+	memset(&(md_buf[0]),0,EVP_MAX_MD_SIZE);
+	return(type->key_len);
+	}
+
diff --git a/crypto/openssl/crypto/evp/evp_lib.c b/crypto/openssl/crypto/evp/evp_lib.c
new file mode 100644
index 000000000000..3f9bf55828aa
--- /dev/null
+++ b/crypto/openssl/crypto/evp/evp_lib.c
@@ -0,0 +1,138 @@
+/* crypto/evp/evp_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+
+int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
+	{
+	int ret;
+
+	if (c->cipher->set_asn1_parameters != NULL)
+		ret=c->cipher->set_asn1_parameters(c,type);
+	else
+		ret=1;
+	return(ret);
+	}
+
+int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
+	{
+	int ret;
+
+	if (c->cipher->get_asn1_parameters != NULL)
+		ret=c->cipher->get_asn1_parameters(c,type);
+	else
+		ret=1;
+	return(ret);
+	}
+
+int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
+	{
+	int i=0,l;
+
+	if (type != NULL) 
+		{
+		l=EVP_CIPHER_CTX_iv_length(c);
+		i=ASN1_TYPE_get_octetstring(type,c->oiv,l);
+		if (i != l)
+			return(-1);
+		else if (i > 0)
+			memcpy(c->iv,c->oiv,l);
+		}
+	return(i);
+	}
+
+int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
+	{
+	int i=0,j;
+
+	if (type != NULL)
+		{
+		j=EVP_CIPHER_CTX_iv_length(c);
+		i=ASN1_TYPE_set_octetstring(type,c->oiv,j);
+		}
+	return(i);
+	}
+
+/* Convert the various cipher NIDs and dummies to a proper OID NID */
+int EVP_CIPHER_type(const EVP_CIPHER *ctx)
+{
+	int nid;
+	nid = EVP_CIPHER_nid(ctx);
+
+	switch(nid) {
+
+		case NID_rc2_cbc:
+		case NID_rc2_64_cbc:
+		case NID_rc2_40_cbc:
+
+		return NID_rc2_cbc;
+
+		case NID_rc4:
+		case NID_rc4_40:
+
+		return NID_rc4;
+
+		default:
+
+		return nid;
+	}
+}
+
diff --git a/crypto/openssl/crypto/evp/evp_pbe.c b/crypto/openssl/crypto/evp/evp_pbe.c
new file mode 100644
index 000000000000..353c3ad667fc
--- /dev/null
+++ b/crypto/openssl/crypto/evp/evp_pbe.c
@@ -0,0 +1,134 @@
+/* evp_pbe.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include 
+#include 
+#include 
+#include "cryptlib.h"
+
+/* Password based encryption (PBE) functions */
+
+static STACK *pbe_algs;
+
+/* Setup a cipher context from a PBE algorithm */
+
+typedef struct {
+int pbe_nid;
+EVP_CIPHER *cipher;
+EVP_MD *md;
+EVP_PBE_KEYGEN *keygen;
+} EVP_PBE_CTL;
+
+int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
+	     ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de)
+{
+
+	EVP_PBE_CTL *pbetmp, pbelu;
+	int i;
+	pbelu.pbe_nid = OBJ_obj2nid(pbe_obj);
+	if (pbelu.pbe_nid != NID_undef) i = sk_find(pbe_algs, (char *)&pbelu);
+	else i = -1;
+
+	if (i == -1) {
+		char obj_tmp[80];
+		EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_UNKNOWN_PBE_ALGORITHM);
+		if (!pbe_obj) strcpy (obj_tmp, "NULL");
+		else i2t_ASN1_OBJECT(obj_tmp, 80, pbe_obj);
+		ERR_add_error_data(2, "TYPE=", obj_tmp);
+		return 0;
+	}
+	if (passlen == -1) passlen = strlen(pass);
+	pbetmp = (EVP_PBE_CTL *)sk_value (pbe_algs, i);
+	i = (*pbetmp->keygen)(ctx, pass, passlen, param, pbetmp->cipher,
+						 pbetmp->md, en_de);
+	if (!i) {
+		EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_KEYGEN_FAILURE);
+		return 0;
+	}
+	return 1;	
+}
+
+static int pbe_cmp (EVP_PBE_CTL **pbe1, EVP_PBE_CTL **pbe2)
+{
+	return ((*pbe1)->pbe_nid - (*pbe2)->pbe_nid);
+}
+
+/* Add a PBE algorithm */
+
+int EVP_PBE_alg_add (int nid, EVP_CIPHER *cipher, EVP_MD *md,
+	     EVP_PBE_KEYGEN *keygen)
+{
+	EVP_PBE_CTL *pbe_tmp;
+	if (!pbe_algs) pbe_algs = sk_new (pbe_cmp);
+	if (!(pbe_tmp = (EVP_PBE_CTL*) Malloc (sizeof(EVP_PBE_CTL)))) {
+		EVPerr(EVP_F_EVP_PBE_ALG_ADD,ERR_R_MALLOC_FAILURE);
+		return 0;
+	}
+	pbe_tmp->pbe_nid = nid;
+	pbe_tmp->cipher = cipher;
+	pbe_tmp->md = md;
+	pbe_tmp->keygen = keygen;
+	sk_push (pbe_algs, (char *)pbe_tmp);
+	return 1;
+}
+
+void EVP_PBE_cleanup(void)
+{
+	sk_pop_free(pbe_algs, FreeFunc);
+	pbe_algs = NULL;
+}
diff --git a/crypto/openssl/crypto/evp/evp_pkey.c b/crypto/openssl/crypto/evp/evp_pkey.c
new file mode 100644
index 000000000000..421e452db11f
--- /dev/null
+++ b/crypto/openssl/crypto/evp/evp_pkey.c
@@ -0,0 +1,298 @@
+/* evp_pkey.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include 
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+
+/* Extract a private key from a PKCS8 structure */
+
+EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8)
+{
+	EVP_PKEY *pkey;
+#ifndef NO_RSA
+	RSA *rsa;
+#endif
+#ifndef NO_DSA
+	DSA *dsa;
+	ASN1_INTEGER *dsapriv;
+	STACK *ndsa;
+	BN_CTX *ctx;
+	int plen;
+#endif
+	X509_ALGOR *a;
+	unsigned char *p;
+	int pkeylen;
+	char obj_tmp[80];
+
+	switch (p8->broken) {
+		case PKCS8_OK:
+		p = p8->pkey->value.octet_string->data;
+		pkeylen = p8->pkey->value.octet_string->length;
+		break;
+
+		case PKCS8_NO_OCTET:
+		p = p8->pkey->value.sequence->data;
+		pkeylen = p8->pkey->value.sequence->length;
+		break;
+
+		default:
+		EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE);
+		return NULL;
+		break;
+	}
+	if (!(pkey = EVP_PKEY_new())) {
+		EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+	a = p8->pkeyalg;
+	switch (OBJ_obj2nid(a->algorithm))
+	{
+#ifndef NO_RSA
+		case NID_rsaEncryption:
+		if (!(rsa = d2i_RSAPrivateKey (NULL, &p, pkeylen))) {
+			EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
+			return NULL;
+		}
+		EVP_PKEY_assign_RSA (pkey, rsa);
+		break;
+#endif
+#ifndef NO_DSA
+		case NID_dsa:
+		/* PKCS#8 DSA is weird: you just get a private key integer
+	         * and parameters in the AlgorithmIdentifier the pubkey must
+		 * be recalculated.
+		 */
+	
+		/* Check for broken Netscape Database DSA PKCS#8, UGH! */
+		if(*p == (V_ASN1_SEQUENCE|V_ASN1_CONSTRUCTED)) {
+		    if(!(ndsa = ASN1_seq_unpack(p, pkeylen, 
+					(char *(*)())d2i_ASN1_INTEGER,
+							 ASN1_STRING_free))) {
+			EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
+			return NULL;
+		    }
+		    if(sk_num(ndsa) != 2 ) {
+			EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
+			sk_pop_free(ndsa, ASN1_STRING_free);
+			return NULL;
+		    }
+		    dsapriv = (ASN1_INTEGER *) sk_pop(ndsa);
+		    sk_pop_free(ndsa, ASN1_STRING_free);
+		} else if (!(dsapriv=d2i_ASN1_INTEGER (NULL, &p, pkeylen))) {
+			EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
+			return NULL;
+		}
+		/* Retrieve parameters */
+		if (a->parameter->type != V_ASN1_SEQUENCE) {
+			EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_NO_DSA_PARAMETERS);
+			return NULL;
+		}
+		p = a->parameter->value.sequence->data;
+		plen = a->parameter->value.sequence->length;
+		if (!(dsa = d2i_DSAparams (NULL, &p, plen))) {
+			EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
+			return NULL;
+		}
+		/* We have parameters now set private key */
+		if (!(dsa->priv_key = ASN1_INTEGER_to_BN(dsapriv, NULL))) {
+			EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_DECODE_ERROR);
+			DSA_free (dsa);
+			return NULL;
+		}
+		/* Calculate public key (ouch!) */
+		if (!(dsa->pub_key = BN_new())) {
+			EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);
+			DSA_free (dsa);
+			return NULL;
+		}
+		if (!(ctx = BN_CTX_new())) {
+			EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);
+			DSA_free (dsa);
+			return NULL;
+		}
+			
+		if (!BN_mod_exp(dsa->pub_key, dsa->g,
+						 dsa->priv_key, dsa->p, ctx)) {
+			
+			EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_PUBKEY_ERROR);
+			BN_CTX_free (ctx);
+			DSA_free (dsa);
+			return NULL;
+		}
+
+		EVP_PKEY_assign_DSA (pkey, dsa);
+		BN_CTX_free (ctx);
+		break;
+#endif
+		default:
+		EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
+		if (!a->algorithm) strcpy (obj_tmp, "NULL");
+		else i2t_ASN1_OBJECT(obj_tmp, 80, a->algorithm);
+		ERR_add_error_data(2, "TYPE=", obj_tmp);
+		EVP_PKEY_free (pkey);
+		return NULL;
+	}
+	return pkey;
+}
+
+/* Turn a private key into a PKCS8 structure */
+
+PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey)
+{
+	PKCS8_PRIV_KEY_INFO *p8;
+#ifndef NO_DSA
+	ASN1_INTEGER *dpkey;
+	unsigned char *p, *q;
+	int len;
+#endif
+	if (!(p8 = PKCS8_PRIV_KEY_INFO_new())) {	
+		EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+	ASN1_INTEGER_set (p8->version, 0);
+	if (!(p8->pkeyalg->parameter = ASN1_TYPE_new ())) {
+		EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+		PKCS8_PRIV_KEY_INFO_free (p8);
+		return NULL;
+	}
+	switch (EVP_PKEY_type(pkey->type)) {
+#ifndef NO_RSA
+		case EVP_PKEY_RSA:
+
+		p8->pkeyalg->algorithm = OBJ_nid2obj(NID_rsaEncryption);
+		p8->pkeyalg->parameter->type = V_ASN1_NULL;
+		if (!ASN1_pack_string ((char *)pkey, i2d_PrivateKey,
+					 &p8->pkey->value.octet_string)) {
+			EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+			PKCS8_PRIV_KEY_INFO_free (p8);
+			return NULL;
+		}
+		break;
+#endif
+#ifndef NO_DSA
+		case EVP_PKEY_DSA:
+		p8->pkeyalg->algorithm = OBJ_nid2obj(NID_dsa);
+
+		/* get paramaters and place in AlgorithmIdentifier */
+		len = i2d_DSAparams (pkey->pkey.dsa, NULL);
+		if (!(p = Malloc(len))) {
+			EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+			PKCS8_PRIV_KEY_INFO_free (p8);
+			return NULL;
+		}
+		q = p;
+		i2d_DSAparams (pkey->pkey.dsa, &q);
+		p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
+		p8->pkeyalg->parameter->value.sequence = ASN1_STRING_new();
+		ASN1_STRING_set(p8->pkeyalg->parameter->value.sequence, p, len);
+		Free(p);
+		/* Get private key into an integer and pack */
+		if (!(dpkey = BN_to_ASN1_INTEGER (pkey->pkey.dsa->priv_key, NULL))) {
+			EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
+			PKCS8_PRIV_KEY_INFO_free (p8);
+			return NULL;
+		}
+		
+		if (!ASN1_pack_string((char *)dpkey, i2d_ASN1_INTEGER,
+					 &p8->pkey->value.octet_string)) {
+			EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+			ASN1_INTEGER_free (dpkey);
+			PKCS8_PRIV_KEY_INFO_free (p8);
+			return NULL;
+		}
+		ASN1_INTEGER_free (dpkey);
+		break;
+#endif
+		default:
+		EVPerr(EVP_F_EVP_PKEY2PKCS8, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
+		PKCS8_PRIV_KEY_INFO_free (p8);
+		return NULL;
+	}
+	p8->pkey->type = V_ASN1_OCTET_STRING;
+	RAND_seed (p8->pkey->value.octet_string->data,
+					 p8->pkey->value.octet_string->length);
+	return p8;
+}
+
+PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken)
+{
+	switch (broken) {
+
+		case PKCS8_OK:
+		p8->broken = PKCS8_OK;
+		return p8;
+		break;
+
+		case PKCS8_NO_OCTET:
+		p8->broken = PKCS8_NO_OCTET;
+		p8->pkey->type = V_ASN1_SEQUENCE;
+		return p8;
+		break;
+
+		default:
+		EVPerr(EVP_F_EVP_PKCS8_SET_BROKEN,EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE);
+		return NULL;
+		break;
+		
+	}
+}
+
+
diff --git a/crypto/openssl/crypto/evp/m_dss.c b/crypto/openssl/crypto/evp/m_dss.c
new file mode 100644
index 000000000000..8ea826868eab
--- /dev/null
+++ b/crypto/openssl/crypto/evp/m_dss.c
@@ -0,0 +1,83 @@
+/* crypto/evp/m_dss.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+
+#ifndef NO_SHA
+static EVP_MD dsa_md=
+	{
+	NID_dsaWithSHA,
+	NID_dsaWithSHA,
+	SHA_DIGEST_LENGTH,
+	SHA1_Init,
+	SHA1_Update,
+	SHA1_Final,
+	EVP_PKEY_DSA_method,
+	SHA_CBLOCK,
+	sizeof(EVP_MD *)+sizeof(SHA_CTX),
+	};
+
+EVP_MD *EVP_dss(void)
+	{
+	return(&dsa_md);
+	}
+#endif
diff --git a/crypto/openssl/crypto/evp/m_dss1.c b/crypto/openssl/crypto/evp/m_dss1.c
new file mode 100644
index 000000000000..9d8d1ce23e3e
--- /dev/null
+++ b/crypto/openssl/crypto/evp/m_dss1.c
@@ -0,0 +1,83 @@
+/* crypto/evp/m_dss1.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef NO_SHA
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+
+static EVP_MD dss1_md=
+	{
+	NID_dsa,
+	NID_dsaWithSHA1,
+	SHA_DIGEST_LENGTH,
+	SHA1_Init,
+	SHA1_Update,
+	SHA1_Final,
+	EVP_PKEY_DSA_method,
+	SHA_CBLOCK,
+	sizeof(EVP_MD *)+sizeof(SHA_CTX),
+	};
+
+EVP_MD *EVP_dss1(void)
+	{
+	return(&dss1_md);
+	}
+#endif
diff --git a/crypto/openssl/crypto/evp/m_md2.c b/crypto/openssl/crypto/evp/m_md2.c
new file mode 100644
index 000000000000..3281e91809f4
--- /dev/null
+++ b/crypto/openssl/crypto/evp/m_md2.c
@@ -0,0 +1,83 @@
+/* crypto/evp/m_md2.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef NO_MD2
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+
+static EVP_MD md2_md=
+	{
+	NID_md2,
+	NID_md2WithRSAEncryption,
+	MD2_DIGEST_LENGTH,
+	MD2_Init,
+	MD2_Update,
+	MD2_Final,
+	EVP_PKEY_RSA_method,
+	MD2_BLOCK,
+	sizeof(EVP_MD *)+sizeof(MD2_CTX),
+	};
+
+EVP_MD *EVP_md2(void)
+	{
+	return(&md2_md);
+	}
+#endif
diff --git a/crypto/openssl/crypto/evp/m_md5.c b/crypto/openssl/crypto/evp/m_md5.c
new file mode 100644
index 000000000000..9fc953012740
--- /dev/null
+++ b/crypto/openssl/crypto/evp/m_md5.c
@@ -0,0 +1,83 @@
+/* crypto/evp/m_md5.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef NO_MD5
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+
+static EVP_MD md5_md=
+	{
+	NID_md5,
+	NID_md5WithRSAEncryption,
+	MD5_DIGEST_LENGTH,
+	MD5_Init,
+	MD5_Update,
+	MD5_Final,
+	EVP_PKEY_RSA_method,
+	MD5_CBLOCK,
+	sizeof(EVP_MD *)+sizeof(MD5_CTX),
+	};
+
+EVP_MD *EVP_md5(void)
+	{
+	return(&md5_md);
+	}
+#endif
diff --git a/crypto/openssl/crypto/evp/m_mdc2.c b/crypto/openssl/crypto/evp/m_mdc2.c
new file mode 100644
index 000000000000..2c7f1ae515a8
--- /dev/null
+++ b/crypto/openssl/crypto/evp/m_mdc2.c
@@ -0,0 +1,83 @@
+/* crypto/evp/m_mdc2.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef NO_MDC2
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+
+static EVP_MD mdc2_md=
+	{
+	NID_mdc2,
+	NID_mdc2WithRSA,
+	MDC2_DIGEST_LENGTH,
+	MDC2_Init,
+	MDC2_Update,
+	MDC2_Final,
+	EVP_PKEY_RSA_ASN1_OCTET_STRING_method,
+	MDC2_BLOCK,
+	sizeof(EVP_MD *)+sizeof(MDC2_CTX),
+	};
+
+EVP_MD *EVP_mdc2(void)
+	{
+	return(&mdc2_md);
+	}
+#endif
diff --git a/crypto/openssl/crypto/evp/m_null.c b/crypto/openssl/crypto/evp/m_null.c
new file mode 100644
index 000000000000..e2dadf3dabc1
--- /dev/null
+++ b/crypto/openssl/crypto/evp/m_null.c
@@ -0,0 +1,88 @@
+/* crypto/evp/m_null.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+
+static void function(void)
+	{
+	}
+
+static EVP_MD null_md=
+	{
+	NID_undef,
+	NID_undef,
+	0,
+	function,
+	function,
+	function,
+	
+	EVP_PKEY_NULL_method,
+	0,
+	sizeof(EVP_MD *),
+	};
+
+EVP_MD *EVP_md_null(void)
+	{
+	return(&null_md);
+	}
+
+
diff --git a/crypto/openssl/crypto/evp/m_ripemd.c b/crypto/openssl/crypto/evp/m_ripemd.c
new file mode 100644
index 000000000000..3d781a4e8df6
--- /dev/null
+++ b/crypto/openssl/crypto/evp/m_ripemd.c
@@ -0,0 +1,84 @@
+/* crypto/evp/m_ripemd.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef NO_RIPEMD
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+#include 
+
+static EVP_MD ripemd160_md=
+	{
+	NID_ripemd160,
+	NID_ripemd160WithRSA,
+	RIPEMD160_DIGEST_LENGTH,
+	RIPEMD160_Init,
+	RIPEMD160_Update,
+	RIPEMD160_Final,
+	EVP_PKEY_RSA_method,
+	RIPEMD160_CBLOCK,
+	sizeof(EVP_MD *)+sizeof(RIPEMD160_CTX),
+	};
+
+EVP_MD *EVP_ripemd160(void)
+	{
+	return(&ripemd160_md);
+	}
+#endif
diff --git a/crypto/openssl/crypto/evp/m_sha.c b/crypto/openssl/crypto/evp/m_sha.c
new file mode 100644
index 000000000000..6d35b71b8506
--- /dev/null
+++ b/crypto/openssl/crypto/evp/m_sha.c
@@ -0,0 +1,83 @@
+/* crypto/evp/m_sha.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef NO_SHA
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+
+static EVP_MD sha_md=
+	{
+	NID_sha,
+	NID_shaWithRSAEncryption,
+	SHA_DIGEST_LENGTH,
+	SHA_Init,
+	SHA_Update,
+	SHA_Final,
+	EVP_PKEY_RSA_method,
+	SHA_CBLOCK,
+	sizeof(EVP_MD *)+sizeof(SHA_CTX),
+	};
+
+EVP_MD *EVP_sha(void)
+	{
+	return(&sha_md);
+	}
+#endif
diff --git a/crypto/openssl/crypto/evp/m_sha1.c b/crypto/openssl/crypto/evp/m_sha1.c
new file mode 100644
index 000000000000..57a1ab0cceca
--- /dev/null
+++ b/crypto/openssl/crypto/evp/m_sha1.c
@@ -0,0 +1,83 @@
+/* crypto/evp/m_sha1.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef NO_SHA
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+
+static EVP_MD sha1_md=
+	{
+	NID_sha1,
+	NID_sha1WithRSAEncryption,
+	SHA_DIGEST_LENGTH,
+	SHA1_Init,
+	SHA1_Update,
+	SHA1_Final,
+	EVP_PKEY_RSA_method,
+	SHA_CBLOCK,
+	sizeof(EVP_MD *)+sizeof(SHA_CTX),
+	};
+
+EVP_MD *EVP_sha1(void)
+	{
+	return(&sha1_md);
+	}
+#endif
diff --git a/crypto/openssl/crypto/evp/names.c b/crypto/openssl/crypto/evp/names.c
new file mode 100644
index 000000000000..3e8f46032851
--- /dev/null
+++ b/crypto/openssl/crypto/evp/names.c
@@ -0,0 +1,118 @@
+/* crypto/evp/names.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+
+int EVP_add_cipher(EVP_CIPHER *c)
+	{
+	int r;
+
+	r=OBJ_NAME_add(OBJ_nid2sn(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(char *)c);
+	if (r == 0) return(0);
+	r=OBJ_NAME_add(OBJ_nid2ln(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(char *)c);
+	return(r);
+	}
+
+int EVP_add_digest(EVP_MD *md)
+	{
+	int r;
+	const char *name;
+
+	name=OBJ_nid2sn(md->type);
+	r=OBJ_NAME_add(name,OBJ_NAME_TYPE_MD_METH,(char *)md);
+	if (r == 0) return(0);
+	r=OBJ_NAME_add(OBJ_nid2ln(md->type),OBJ_NAME_TYPE_MD_METH,(char *)md);
+	if (r == 0) return(0);
+
+	if (md->type != md->pkey_type)
+		{
+		r=OBJ_NAME_add(OBJ_nid2sn(md->pkey_type),
+			OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS,name);
+		if (r == 0) return(0);
+		r=OBJ_NAME_add(OBJ_nid2ln(md->pkey_type),
+			OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS,name);
+		}
+	return(r);
+	}
+
+const EVP_CIPHER *EVP_get_cipherbyname(const char *name)
+	{
+	const EVP_CIPHER *cp;
+
+	cp=(const EVP_CIPHER *)OBJ_NAME_get(name,OBJ_NAME_TYPE_CIPHER_METH);
+	return(cp);
+	}
+
+const EVP_MD *EVP_get_digestbyname(const char *name)
+	{
+	const EVP_MD *cp;
+
+	cp=(const EVP_MD *)OBJ_NAME_get(name,OBJ_NAME_TYPE_MD_METH);
+	return(cp);
+	}
+
+void EVP_cleanup(void)
+	{
+	OBJ_NAME_cleanup(OBJ_NAME_TYPE_CIPHER_METH);
+	OBJ_NAME_cleanup(OBJ_NAME_TYPE_MD_METH);
+	EVP_PBE_cleanup();
+	}
diff --git a/crypto/openssl/crypto/evp/p5_crpt.c b/crypto/openssl/crypto/evp/p5_crpt.c
new file mode 100644
index 000000000000..e3dae52d4dea
--- /dev/null
+++ b/crypto/openssl/crypto/evp/p5_crpt.c
@@ -0,0 +1,146 @@
+/* p5_crpt.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include 
+#include 
+#include 
+#include 
+#include "cryptlib.h"
+
+/* PKCS#5 v1.5 compatible PBE functions: see PKCS#5 v2.0 for more info.
+ */
+
+void PKCS5_PBE_add(void)
+{
+#ifndef NO_DES
+#  ifndef NO_MD5
+EVP_PBE_alg_add(NID_pbeWithMD5AndDES_CBC, EVP_des_cbc(), EVP_md5(),
+							 PKCS5_PBE_keyivgen);
+#  endif
+#  ifndef NO_MD2
+EVP_PBE_alg_add(NID_pbeWithMD2AndDES_CBC, EVP_des_cbc(), EVP_md2(),
+							 PKCS5_PBE_keyivgen);
+#  endif
+#  ifndef NO_SHA
+EVP_PBE_alg_add(NID_pbeWithSHA1AndDES_CBC, EVP_des_cbc(), EVP_sha1(),
+							 PKCS5_PBE_keyivgen);
+#  endif
+#endif
+#ifndef NO_RC2
+#  ifndef NO_MD5
+EVP_PBE_alg_add(NID_pbeWithMD5AndRC2_CBC, EVP_rc2_64_cbc(), EVP_md5(),
+							 PKCS5_PBE_keyivgen);
+#  endif
+#  ifndef NO_MD2
+EVP_PBE_alg_add(NID_pbeWithMD2AndRC2_CBC, EVP_rc2_64_cbc(), EVP_md2(),
+							 PKCS5_PBE_keyivgen);
+#  endif
+#  ifndef NO_SHA
+EVP_PBE_alg_add(NID_pbeWithSHA1AndRC2_CBC, EVP_rc2_64_cbc(), EVP_sha1(),
+							 PKCS5_PBE_keyivgen);
+#  endif
+#endif
+#ifndef NO_HMAC
+EVP_PBE_alg_add(NID_pbes2, NULL, NULL, PKCS5_v2_PBE_keyivgen);
+#endif
+}
+
+int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
+			 ASN1_TYPE *param, EVP_CIPHER *cipher, EVP_MD *md,
+			 int en_de)
+{
+	EVP_MD_CTX ctx;
+	unsigned char md_tmp[EVP_MAX_MD_SIZE];
+	unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
+	int i;
+	PBEPARAM *pbe;
+	int saltlen, iter;
+	unsigned char *salt, *pbuf;
+
+	/* Extract useful info from parameter */
+	pbuf = param->value.sequence->data;
+	if (!param || (param->type != V_ASN1_SEQUENCE) ||
+	   !(pbe = d2i_PBEPARAM (NULL, &pbuf, param->value.sequence->length))) {
+		EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
+		return 0;
+	}
+
+	if (!pbe->iter) iter = 1;
+	else iter = ASN1_INTEGER_get (pbe->iter);
+	salt = pbe->salt->data;
+	saltlen = pbe->salt->length;
+
+	EVP_DigestInit (&ctx, md);
+	EVP_DigestUpdate (&ctx, pass, passlen);
+	EVP_DigestUpdate (&ctx, salt, saltlen);
+	PBEPARAM_free(pbe);
+	EVP_DigestFinal (&ctx, md_tmp, NULL);
+	for (i = 1; i < iter; i++) {
+		EVP_DigestInit(&ctx, md);
+		EVP_DigestUpdate(&ctx, md_tmp, EVP_MD_size(md));
+		EVP_DigestFinal (&ctx, md_tmp, NULL);
+	}
+	memcpy (key, md_tmp, EVP_CIPHER_key_length(cipher));
+	memcpy (iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)),
+						 EVP_CIPHER_iv_length(cipher));
+	EVP_CipherInit(cctx, cipher, key, iv, en_de);
+	memset(md_tmp, 0, EVP_MAX_MD_SIZE);
+	memset(key, 0, EVP_MAX_KEY_LENGTH);
+	memset(iv, 0, EVP_MAX_IV_LENGTH);
+	return 1;
+}
diff --git a/crypto/openssl/crypto/evp/p5_crpt2.c b/crypto/openssl/crypto/evp/p5_crpt2.c
new file mode 100644
index 000000000000..27a2c518bedd
--- /dev/null
+++ b/crypto/openssl/crypto/evp/p5_crpt2.c
@@ -0,0 +1,247 @@
+/* p5_crpt2.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#if !defined(NO_HMAC) && !defined(NO_SHA)
+#include 
+#include 
+#include 
+#include 
+#include 
+#include "cryptlib.h"
+
+/* set this to print out info about the keygen algorithm */
+/* #define DEBUG_PKCS5V2 */
+
+#ifdef DEBUG_PKCS5V2
+	static void h__dump (const unsigned char *p, int len);
+#endif
+
+/* This is an implementation of PKCS#5 v2.0 password based encryption key
+ * derivation function PBKDF2 using the only currently defined function HMAC
+ * with SHA1. Verified against test vectors posted by Peter Gutmann
+ *  to the PKCS-TNG  mailing list.
+ */
+
+int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
+			   unsigned char *salt, int saltlen, int iter,
+			   int keylen, unsigned char *out)
+{
+	unsigned char digtmp[SHA_DIGEST_LENGTH], *p, itmp[4];
+	int cplen, j, k, tkeylen;
+	unsigned long i = 1;
+	HMAC_CTX hctx;
+	p = out;
+	tkeylen = keylen;
+	if(passlen == -1) passlen = strlen(pass);
+	while(tkeylen) {
+		if(tkeylen > SHA_DIGEST_LENGTH) cplen = SHA_DIGEST_LENGTH;
+		else cplen = tkeylen;
+		/* We are unlikely to ever use more than 256 blocks (5120 bits!)
+		 * but just in case...
+		 */
+		itmp[0] = (unsigned char)((i >> 24) & 0xff);
+		itmp[1] = (unsigned char)((i >> 16) & 0xff);
+		itmp[2] = (unsigned char)((i >> 8) & 0xff);
+		itmp[3] = (unsigned char)(i & 0xff);
+		HMAC_Init(&hctx, pass, passlen, EVP_sha1());
+		HMAC_Update(&hctx, salt, saltlen);
+		HMAC_Update(&hctx, itmp, 4);
+		HMAC_Final(&hctx, digtmp, NULL);
+		memcpy(p, digtmp, cplen);
+		for(j = 1; j < iter; j++) {
+			HMAC(EVP_sha1(), pass, passlen,
+				 digtmp, SHA_DIGEST_LENGTH, digtmp, NULL);
+			for(k = 0; k < cplen; k++) p[k] ^= digtmp[k];
+		}
+		tkeylen-= cplen;
+		i++;
+		p+= cplen;
+	}
+	HMAC_cleanup(&hctx);
+#ifdef DEBUG_PKCS5V2
+	fprintf(stderr, "Password:\n");
+	h__dump (pass, passlen);
+	fprintf(stderr, "Salt:\n");
+	h__dump (salt, saltlen);
+	fprintf(stderr, "Iteration count %d\n", iter);
+	fprintf(stderr, "Key:\n");
+	h__dump (out, keylen);
+#endif
+	return 1;
+}
+
+#ifdef DO_TEST
+main()
+{
+	unsigned char out[4];
+	unsigned char salt[] = {0x12, 0x34, 0x56, 0x78};
+	PKCS5_PBKDF2_HMAC_SHA1("password", -1, salt, 4, 5, 4, out);
+	fprintf(stderr, "Out %02X %02X %02X %02X\n",
+					 out[0], out[1], out[2], out[3]);
+}
+
+#endif
+
+/* Now the key derivation function itself. This is a bit evil because
+ * it has to check the ASN1 parameters are valid: and there are quite a
+ * few of them...
+ */
+
+int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
+                         ASN1_TYPE *param, EVP_CIPHER *c, EVP_MD *md,
+                         int en_de)
+{
+	unsigned char *pbuf, *salt, key[EVP_MAX_KEY_LENGTH];
+	int saltlen, keylen, iter, plen;
+	PBE2PARAM *pbe2 = NULL;
+	const EVP_CIPHER *cipher;
+	PBKDF2PARAM *kdf = NULL;
+
+	pbuf = param->value.sequence->data;
+	plen = param->value.sequence->length;
+	if(!param || (param->type != V_ASN1_SEQUENCE) ||
+				   !(pbe2 = d2i_PBE2PARAM(NULL, &pbuf, plen))) {
+		EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
+		return 0;
+	}
+
+	/* See if we recognise the key derivation function */
+
+	if(OBJ_obj2nid(pbe2->keyfunc->algorithm) != NID_id_pbkdf2) {
+		EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,
+				EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION);
+		goto err;
+	}
+
+	/* lets see if we recognise the encryption algorithm.
+	 */
+
+	cipher = EVP_get_cipherbyname(
+			OBJ_nid2sn(OBJ_obj2nid(pbe2->encryption->algorithm)));
+
+	if(!cipher) {
+		EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,
+						EVP_R_UNSUPPORTED_CIPHER);
+		goto err;
+	}
+
+	/* Fixup cipher based on AlgorithmIdentifier */
+	EVP_CipherInit(ctx, cipher, NULL, NULL, en_de);
+	if(EVP_CIPHER_asn1_to_param(ctx, pbe2->encryption->parameter) < 0) {
+		EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,
+					EVP_R_CIPHER_PARAMETER_ERROR);
+		goto err;
+	}
+	keylen = EVP_CIPHER_CTX_key_length(ctx);
+
+	/* Now decode key derivation function */
+
+	pbuf = pbe2->keyfunc->parameter->value.sequence->data;
+	plen = pbe2->keyfunc->parameter->value.sequence->length;
+	if(!pbe2->keyfunc->parameter ||
+		 (pbe2->keyfunc->parameter->type != V_ASN1_SEQUENCE) ||
+				!(kdf = d2i_PBKDF2PARAM(NULL, &pbuf, plen)) ) {
+		EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
+		goto err;
+	}
+
+	PBE2PARAM_free(pbe2);
+	pbe2 = NULL;
+
+	/* Now check the parameters of the kdf */
+
+	if(kdf->keylength && (ASN1_INTEGER_get(kdf->keylength) != keylen)){
+		EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,
+						EVP_R_UNSUPPORTED_KEYLENGTH);
+		goto err;
+	}
+
+	if(kdf->prf && (OBJ_obj2nid(kdf->prf->algorithm) != NID_hmacWithSHA1)) {
+		EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_UNSUPPORTED_PRF);
+		goto err;
+	}
+
+	if(kdf->salt->type != V_ASN1_OCTET_STRING) {
+		EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,
+						EVP_R_UNSUPPORTED_SALT_TYPE);
+		goto err;
+	}
+
+	/* it seems that its all OK */
+	salt = kdf->salt->value.octet_string->data;
+	saltlen = kdf->salt->value.octet_string->length;
+	iter = ASN1_INTEGER_get(kdf->iter);
+	PKCS5_PBKDF2_HMAC_SHA1(pass, passlen, salt, saltlen, iter, keylen, key);
+	EVP_CipherInit(ctx, NULL, key, NULL, en_de);
+	memset(key, 0, keylen);
+	PBKDF2PARAM_free(kdf);
+	return 1;
+
+	err:
+	PBE2PARAM_free(pbe2);
+	PBKDF2PARAM_free(kdf);
+	return 0;
+}
+
+#ifdef DEBUG_PKCS5V2
+static void h__dump (const unsigned char *p, int len)
+{
+        for (; len --; p++) fprintf(stderr, "%02X ", *p);
+        fprintf(stderr, "\n");
+}
+#endif
+#endif
diff --git a/crypto/openssl/crypto/evp/p_dec.c b/crypto/openssl/crypto/evp/p_dec.c
new file mode 100644
index 000000000000..57b5daa4538e
--- /dev/null
+++ b/crypto/openssl/crypto/evp/p_dec.c
@@ -0,0 +1,87 @@
+/* crypto/evp/p_dec.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#ifndef NO_RSA
+#include 
+#endif
+#include 
+#include 
+#include 
+
+int EVP_PKEY_decrypt(unsigned char *key, unsigned char *ek, int ekl,
+	     EVP_PKEY *priv)
+	{
+	int ret= -1;
+	
+#ifndef NO_RSA
+	if (priv->type != EVP_PKEY_RSA)
+		{
+#endif
+		EVPerr(EVP_F_EVP_PKEY_DECRYPT,EVP_R_PUBLIC_KEY_NOT_RSA);
+#ifndef NO_RSA
+		goto err;
+                }
+
+	ret=RSA_private_decrypt(ekl,ek,key,priv->pkey.rsa,RSA_PKCS1_PADDING);
+err:
+#endif
+	return(ret);
+	}
diff --git a/crypto/openssl/crypto/evp/p_enc.c b/crypto/openssl/crypto/evp/p_enc.c
new file mode 100644
index 000000000000..4cf6acaf5db9
--- /dev/null
+++ b/crypto/openssl/crypto/evp/p_enc.c
@@ -0,0 +1,86 @@
+/* crypto/evp/p_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#ifndef NO_RSA
+#include 
+#endif
+#include 
+#include 
+#include 
+
+int EVP_PKEY_encrypt(unsigned char *ek, unsigned char *key, int key_len,
+	     EVP_PKEY *pubk)
+	{
+	int ret=0;
+	
+#ifndef NO_RSA
+	if (pubk->type != EVP_PKEY_RSA)
+		{
+#endif
+		EVPerr(EVP_F_EVP_PKEY_ENCRYPT,EVP_R_PUBLIC_KEY_NOT_RSA);
+#ifndef NO_RSA
+		goto err;
+		}
+	ret=RSA_public_encrypt(key_len,key,ek,pubk->pkey.rsa,RSA_PKCS1_PADDING);
+err:
+#endif
+	return(ret);
+	}
diff --git a/crypto/openssl/crypto/evp/p_lib.c b/crypto/openssl/crypto/evp/p_lib.c
new file mode 100644
index 000000000000..3422b77de6e3
--- /dev/null
+++ b/crypto/openssl/crypto/evp/p_lib.c
@@ -0,0 +1,275 @@
+/* crypto/evp/p_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+#include 
+
+static void EVP_PKEY_free_it(EVP_PKEY *x);
+int EVP_PKEY_bits(EVP_PKEY *pkey)
+	{
+#ifndef NO_RSA
+	if (pkey->type == EVP_PKEY_RSA)
+		return(BN_num_bits(pkey->pkey.rsa->n));
+	else
+#endif
+#ifndef NO_DSA
+		if (pkey->type == EVP_PKEY_DSA)
+		return(BN_num_bits(pkey->pkey.dsa->p));
+#endif
+	return(0);
+	}
+
+int EVP_PKEY_size(EVP_PKEY *pkey)
+	{
+	if (pkey == NULL)
+		return(0);
+#ifndef NO_RSA
+	if (pkey->type == EVP_PKEY_RSA)
+		return(RSA_size(pkey->pkey.rsa));
+	else
+#endif
+#ifndef NO_DSA
+		if (pkey->type == EVP_PKEY_DSA)
+		return(DSA_size(pkey->pkey.dsa));
+#endif
+	return(0);
+	}
+
+int EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode)
+	{
+#ifndef NO_DSA
+	if (pkey->type == EVP_PKEY_DSA)
+		{
+		int ret=pkey->save_parameters=mode;
+
+		if (mode >= 0)
+			pkey->save_parameters=mode;
+		return(ret);
+		}
+#endif
+	return(0);
+	}
+
+int EVP_PKEY_copy_parameters(EVP_PKEY *to, EVP_PKEY *from)
+	{
+	if (to->type != from->type)
+		{
+		EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS,EVP_R_DIFFERENT_KEY_TYPES);
+		goto err;
+		}
+
+	if (EVP_PKEY_missing_parameters(from))
+		{
+		EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS,EVP_R_MISSING_PARMATERS);
+		goto err;
+		}
+#ifndef NO_DSA
+	if (to->type == EVP_PKEY_DSA)
+		{
+		BIGNUM *a;
+
+		if ((a=BN_dup(from->pkey.dsa->p)) == NULL) goto err;
+		if (to->pkey.dsa->p != NULL) BN_free(to->pkey.dsa->p);
+		to->pkey.dsa->p=a;
+
+		if ((a=BN_dup(from->pkey.dsa->q)) == NULL) goto err;
+		if (to->pkey.dsa->q != NULL) BN_free(to->pkey.dsa->q);
+		to->pkey.dsa->q=a;
+
+		if ((a=BN_dup(from->pkey.dsa->g)) == NULL) goto err;
+		if (to->pkey.dsa->g != NULL) BN_free(to->pkey.dsa->g);
+		to->pkey.dsa->g=a;
+		}
+#endif
+	return(1);
+err:
+	return(0);
+	}
+
+int EVP_PKEY_missing_parameters(EVP_PKEY *pkey)
+	{
+#ifndef NO_DSA
+	if (pkey->type == EVP_PKEY_DSA)
+		{
+		DSA *dsa;
+
+		dsa=pkey->pkey.dsa;
+		if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))
+			return(1);
+		}
+#endif
+	return(0);
+	}
+
+int EVP_PKEY_cmp_parameters(EVP_PKEY *a, EVP_PKEY *b)
+	{
+#ifndef NO_DSA
+	if ((a->type == EVP_PKEY_DSA) && (b->type == EVP_PKEY_DSA))
+		{
+		if (	BN_cmp(a->pkey.dsa->p,b->pkey.dsa->p) ||
+			BN_cmp(a->pkey.dsa->q,b->pkey.dsa->q) ||
+			BN_cmp(a->pkey.dsa->g,b->pkey.dsa->g))
+			return(0);
+		else
+			return(1);
+		}
+#endif
+	return(-1);
+	}
+
+EVP_PKEY *EVP_PKEY_new(void)
+	{
+	EVP_PKEY *ret;
+
+	ret=(EVP_PKEY *)Malloc(sizeof(EVP_PKEY));
+	if (ret == NULL)
+		{
+		EVPerr(EVP_F_EVP_PKEY_NEW,ERR_R_MALLOC_FAILURE);
+		return(NULL);
+		}
+	ret->type=EVP_PKEY_NONE;
+	ret->references=1;
+	ret->pkey.ptr=NULL;
+	ret->attributes=NULL;
+	ret->save_parameters=1;
+	return(ret);
+	}
+
+int EVP_PKEY_assign(EVP_PKEY *pkey, int type, char *key)
+	{
+	if (pkey == NULL) return(0);
+	if (pkey->pkey.ptr != NULL)
+		EVP_PKEY_free_it(pkey);
+	pkey->type=EVP_PKEY_type(type);
+	pkey->save_type=type;
+	pkey->pkey.ptr=key;
+	return(1);
+	}
+
+int EVP_PKEY_type(int type)
+	{
+	switch (type)
+		{
+	case EVP_PKEY_RSA:
+	case EVP_PKEY_RSA2:
+		return(EVP_PKEY_RSA);
+	case EVP_PKEY_DSA:
+	case EVP_PKEY_DSA1:
+	case EVP_PKEY_DSA2:
+	case EVP_PKEY_DSA3:
+	case EVP_PKEY_DSA4:
+		return(EVP_PKEY_DSA);
+	case EVP_PKEY_DH:
+		return(EVP_PKEY_DH);
+	default:
+		return(NID_undef);
+		}
+	}
+
+void EVP_PKEY_free(EVP_PKEY *x)
+	{
+	int i;
+
+	if (x == NULL) return;
+
+	i=CRYPTO_add(&x->references,-1,CRYPTO_LOCK_EVP_PKEY);
+#ifdef REF_PRINT
+	REF_PRINT("EVP_PKEY",x);
+#endif
+	if (i > 0) return;
+#ifdef REF_CHECK
+	if (i < 0)
+		{
+		fprintf(stderr,"EVP_PKEY_free, bad reference count\n");
+		abort();
+		}
+#endif
+	EVP_PKEY_free_it(x);
+	Free((char *)x);
+	}
+
+static void EVP_PKEY_free_it(EVP_PKEY *x)
+	{
+	switch (x->type)
+		{
+#ifndef NO_RSA
+	case EVP_PKEY_RSA:
+	case EVP_PKEY_RSA2:
+		RSA_free(x->pkey.rsa);
+		break;
+#endif
+#ifndef NO_DSA
+	case EVP_PKEY_DSA:
+	case EVP_PKEY_DSA2:
+	case EVP_PKEY_DSA3:
+	case EVP_PKEY_DSA4:
+		DSA_free(x->pkey.dsa);
+		break;
+#endif
+#ifndef NO_DH
+	case EVP_PKEY_DH:
+		DH_free(x->pkey.dh);
+		break;
+#endif
+		}
+	}
+
diff --git a/crypto/openssl/crypto/evp/p_open.c b/crypto/openssl/crypto/evp/p_open.c
new file mode 100644
index 000000000000..ddb9fd6942d4
--- /dev/null
+++ b/crypto/openssl/crypto/evp/p_open.c
@@ -0,0 +1,113 @@
+/* crypto/evp/p_open.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef NO_RSA
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+
+int EVP_OpenInit(EVP_CIPHER_CTX *ctx, EVP_CIPHER *type, unsigned char *ek,
+	     int ekl, unsigned char *iv, EVP_PKEY *priv)
+	{
+	unsigned char *key=NULL;
+	int i,size=0,ret=0;
+	
+	if (priv->type != EVP_PKEY_RSA)
+		{
+		EVPerr(EVP_F_EVP_OPENINIT,EVP_R_PUBLIC_KEY_NOT_RSA);
+		ret= -1;
+		goto err;
+                }
+
+	size=RSA_size(priv->pkey.rsa);
+	key=(unsigned char *)Malloc(size+2);
+	if (key == NULL)
+		{
+		/* ERROR */
+		EVPerr(EVP_F_EVP_OPENINIT,ERR_R_MALLOC_FAILURE);
+		ret= -1;
+		goto err;
+		}
+
+	i=EVP_PKEY_decrypt(key,ek,ekl,priv);
+	if (i != type->key_len)
+		{
+		/* ERROR */
+		goto err;
+		}
+
+	EVP_CIPHER_CTX_init(ctx);
+	EVP_DecryptInit(ctx,type,key,iv);
+	ret=1;
+err:
+	if (key != NULL) memset(key,0,size);
+	Free(key);
+	return(ret);
+	}
+
+int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+	{
+	int i;
+
+	i=EVP_DecryptFinal(ctx,out,outl);
+	EVP_DecryptInit(ctx,NULL,NULL,NULL);
+	return(i);
+	}
+#endif
diff --git a/crypto/openssl/crypto/evp/p_seal.c b/crypto/openssl/crypto/evp/p_seal.c
new file mode 100644
index 000000000000..09b46f4b0e10
--- /dev/null
+++ b/crypto/openssl/crypto/evp/p_seal.c
@@ -0,0 +1,108 @@
+/* crypto/evp/p_seal.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#ifndef NO_RSA
+#include 
+#endif
+#include 
+#include 
+#include 
+
+int EVP_SealInit(EVP_CIPHER_CTX *ctx, EVP_CIPHER *type, unsigned char **ek,
+	     int *ekl, unsigned char *iv, EVP_PKEY **pubk, int npubk)
+	{
+	unsigned char key[EVP_MAX_KEY_LENGTH];
+	int i;
+	
+	if (npubk <= 0) return(0);
+	RAND_bytes(key,EVP_MAX_KEY_LENGTH);
+	if (type->iv_len > 0)
+		RAND_bytes(iv,type->iv_len);
+
+	EVP_CIPHER_CTX_init(ctx);
+	EVP_EncryptInit(ctx,type,key,iv);
+
+	for (i=0; i
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+
+#ifdef undef
+void EVP_SignInit(EVP_MD_CTX *ctx, EVP_MD *type)
+	{
+	EVP_DigestInit(ctx,type);
+	}
+
+void EVP_SignUpdate(EVP_MD_CTX *ctx, unsigned char *data,
+	     unsigned int count)
+	{
+	EVP_DigestUpdate(ctx,data,count);
+	}
+#endif
+
+int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen,
+	     EVP_PKEY *pkey)
+	{
+	unsigned char m[EVP_MAX_MD_SIZE];
+	unsigned int m_len;
+	int i,ok=0,v;
+	MS_STATIC EVP_MD_CTX tmp_ctx;
+
+	*siglen=0;
+	EVP_MD_CTX_copy(&tmp_ctx,ctx);   
+	EVP_DigestFinal(&tmp_ctx,&(m[0]),&m_len);
+	for (i=0; i<4; i++)
+		{
+		v=ctx->digest->required_pkey_type[i];
+		if (v == 0) break;
+		if (pkey->type == v)
+			{
+			ok=1;
+			break;
+			}
+		}
+	if (!ok)
+		{
+		EVPerr(EVP_F_EVP_SIGNFINAL,EVP_R_WRONG_PUBLIC_KEY_TYPE);
+		return(0);
+		}
+	if (ctx->digest->sign == NULL)
+		{
+		EVPerr(EVP_F_EVP_SIGNFINAL,EVP_R_NO_SIGN_FUNCTION_CONFIGURED);
+		return(0);
+		}
+	return(ctx->digest->sign(ctx->digest->type,m,m_len,sigret,siglen,
+		pkey->pkey.ptr));
+	}
+
diff --git a/crypto/openssl/crypto/evp/p_verify.c b/crypto/openssl/crypto/evp/p_verify.c
new file mode 100644
index 000000000000..dcb54f3abb84
--- /dev/null
+++ b/crypto/openssl/crypto/evp/p_verify.c
@@ -0,0 +1,99 @@
+/* crypto/evp/p_verify.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+
+int EVP_VerifyFinal(EVP_MD_CTX *ctx, unsigned char *sigbuf,
+	     unsigned int siglen, EVP_PKEY *pkey)
+	{
+	unsigned char m[EVP_MAX_MD_SIZE];
+	unsigned int m_len;
+	int i,ok=0,v;
+	MS_STATIC EVP_MD_CTX tmp_ctx;
+
+	for (i=0; i<4; i++)
+		{
+		v=ctx->digest->required_pkey_type[i];
+		if (v == 0) break;
+		if (pkey->type == v)
+			{
+			ok=1;
+			break;
+			}
+		}
+	if (!ok)
+		{
+		EVPerr(EVP_F_EVP_VERIFYFINAL,EVP_R_WRONG_PUBLIC_KEY_TYPE);
+		return(-1);
+		}
+	EVP_MD_CTX_copy(&tmp_ctx,ctx);     
+	EVP_DigestFinal(&tmp_ctx,&(m[0]),&m_len);
+        if (ctx->digest->verify == NULL)
+                {
+		EVPerr(EVP_F_EVP_VERIFYFINAL,EVP_R_NO_VERIFY_FUNCTION_CONFIGURED);
+		return(0);
+		}
+
+	return(ctx->digest->verify(ctx->digest->type,m,m_len,
+		sigbuf,siglen,pkey->pkey.ptr));
+	}
+
diff --git a/crypto/openssl/crypto/ex_data.c b/crypto/openssl/crypto/ex_data.c
new file mode 100644
index 000000000000..176574766b83
--- /dev/null
+++ b/crypto/openssl/crypto/ex_data.c
@@ -0,0 +1,223 @@
+/* crypto/ex_data.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include "cryptlib.h"
+
+int CRYPTO_get_ex_new_index(int idx, STACK **skp, long argl, char *argp,
+	     int (*new_func)(), int (*dup_func)(), void (*free_func)())
+	{
+	int ret= -1;
+	CRYPTO_EX_DATA_FUNCS *a;
+
+	MemCheck_off();
+	if (*skp == NULL)
+		*skp=sk_new_null();
+	if (*skp == NULL)
+		{
+		CRYPTOerr(CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX,ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+	a=(CRYPTO_EX_DATA_FUNCS *)Malloc(sizeof(CRYPTO_EX_DATA_FUNCS));
+	if (a == NULL)
+		{
+		CRYPTOerr(CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX,ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+	a->argl=argl;
+	a->argp=argp;
+	a->new_func=new_func;
+	a->dup_func=dup_func;
+	a->free_func=free_func;
+	while (sk_num(*skp) <= idx)
+		{
+		if (!sk_push(*skp,NULL))
+			{
+			CRYPTOerr(CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX,ERR_R_MALLOC_FAILURE);
+			Free(a);
+			goto err;
+			}
+		}
+	sk_set(*skp,idx, (char *)a);
+	ret=idx;
+err:
+	MemCheck_on();
+	return(idx);
+	}
+
+int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, char *val)
+	{
+	int i;
+
+	if (ad->sk == NULL)
+		{
+		if ((ad->sk=sk_new_null()) == NULL)
+			{
+			CRYPTOerr(CRYPTO_F_CRYPTO_SET_EX_DATA,ERR_R_MALLOC_FAILURE);
+			return(0);
+			}
+		}
+	i=sk_num(ad->sk);
+
+	while (i <= idx)
+		{
+		if (!sk_push(ad->sk,NULL))
+			{
+			CRYPTOerr(CRYPTO_F_CRYPTO_SET_EX_DATA,ERR_R_MALLOC_FAILURE);
+			return(0);
+			}
+		i++;
+		}
+	sk_set(ad->sk,idx,val);
+	return(1);
+	}
+
+char *CRYPTO_get_ex_data(CRYPTO_EX_DATA *ad, int idx)
+	{
+	if (ad->sk == NULL)
+		return(0);
+	else if (idx >= sk_num(ad->sk))
+		return(0);
+	else
+		return(sk_value(ad->sk,idx));
+	}
+
+/* The callback is called with the 'object', which is the original data object
+ * being duplicated, a pointer to the
+ * 'new' object to be inserted, the index, and the argi/argp
+ */
+int CRYPTO_dup_ex_data(STACK *meth, CRYPTO_EX_DATA *to,
+	     CRYPTO_EX_DATA *from)
+	{
+	int i,j,m,r;
+	CRYPTO_EX_DATA_FUNCS *mm;
+	char *from_d;
+
+	if (meth == NULL) return(1);
+	if (from->sk == NULL) return(1);
+	m=sk_num(meth);
+	j=sk_num(from->sk);
+	for (i=0; idup_func != NULL)
+				r=mm->dup_func(to,from,(char **)&from_d,i,
+					mm->argl,mm->argp);
+			}
+		CRYPTO_set_ex_data(to,i,from_d);
+		}
+	return(1);
+	}
+
+/* Call each free callback */
+void CRYPTO_free_ex_data(STACK *meth, char *obj, CRYPTO_EX_DATA *ad)
+	{
+	CRYPTO_EX_DATA_FUNCS *m;
+	char *ptr;
+	int i,max;
+
+	if (meth != NULL)
+		{
+		max=sk_num(meth);
+		for (i=0; ifree_func != NULL))
+				{
+				ptr=CRYPTO_get_ex_data(ad,i);
+				m->free_func(obj,ptr,ad,i,m->argl,m->argp);
+				}
+			}
+		}
+	if (ad->sk != NULL)
+		{
+		sk_free(ad->sk);
+		ad->sk=NULL;
+		}
+	}
+
+void CRYPTO_new_ex_data(STACK *meth, char *obj, CRYPTO_EX_DATA *ad)
+	{
+	CRYPTO_EX_DATA_FUNCS *m;
+	char *ptr;
+	int i,max;
+
+	ad->sk=NULL;
+	if (meth != NULL)
+		{
+		max=sk_num(meth);
+		for (i=0; inew_func != NULL))
+				{
+				ptr=CRYPTO_get_ex_data(ad,i);
+				m->new_func(obj,ptr,ad,i,m->argl,m->argp);
+				}
+			}
+		}
+	}
+
+
diff --git a/crypto/openssl/crypto/hmac/Makefile.ssl b/crypto/openssl/crypto/hmac/Makefile.ssl
new file mode 100644
index 000000000000..4f5512877e57
--- /dev/null
+++ b/crypto/openssl/crypto/hmac/Makefile.ssl
@@ -0,0 +1,94 @@
+#
+# SSLeay/crypto/md/Makefile
+#
+
+DIR=	hmac
+TOP=	../..
+CC=	cc
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=		make -f Makefile.ssl
+MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+MAKEFILE=	Makefile.ssl
+AR=		ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=hmactest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=hmac.c
+LIBOBJ=hmac.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= hmac.h
+HEADER=	$(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:	lib
+
+lib:	$(LIBOBJ)
+	$(AR) $(LIB) $(LIBOBJ)
+	$(RANLIB) $(LIB)
+	@touch lib
+
+files:
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+	@for i in $(EXHEADER) ; \
+	do  \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+	done;
+
+tags:
+	ctags $(SRC)
+
+tests:
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+
+dclean:
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+hmac.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+hmac.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+hmac.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+hmac.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+hmac.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+hmac.o: ../../include/openssl/evp.h ../../include/openssl/hmac.h
+hmac.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+hmac.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+hmac.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+hmac.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+hmac.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+hmac.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+hmac.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+hmac.o: ../../include/openssl/stack.h
diff --git a/crypto/openssl/crypto/hmac/hmac.c b/crypto/openssl/crypto/hmac/hmac.c
new file mode 100644
index 000000000000..5c349bbb56e4
--- /dev/null
+++ b/crypto/openssl/crypto/hmac/hmac.c
@@ -0,0 +1,150 @@
+/* crypto/hmac/hmac.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include 
+#include 
+#include 
+#include 
+
+void HMAC_Init(HMAC_CTX *ctx, const void *key, int len,
+	       const EVP_MD *md)
+	{
+	int i,j,reset=0;
+	unsigned char pad[HMAC_MAX_MD_CBLOCK];
+
+	if (md != NULL)
+		{
+		reset=1;
+		ctx->md=md;
+		}
+	else
+		md=ctx->md;
+
+	if (key != NULL)
+		{
+		reset=1;
+		j=EVP_MD_block_size(md);
+		if (j < len)
+			{
+			EVP_DigestInit(&ctx->md_ctx,md);
+			EVP_DigestUpdate(&ctx->md_ctx,key,len);
+			EVP_DigestFinal(&(ctx->md_ctx),ctx->key,
+				&ctx->key_length);
+			}
+		else
+			{
+			memcpy(ctx->key,key,len);
+			memset(&(ctx->key[len]),0,sizeof(ctx->key)-len);
+			ctx->key_length=len;
+			}
+		}
+
+	if (reset)	
+		{
+		for (i=0; ikey[i];
+		EVP_DigestInit(&ctx->i_ctx,md);
+		EVP_DigestUpdate(&ctx->i_ctx,pad,EVP_MD_block_size(md));
+
+		for (i=0; ikey[i];
+		EVP_DigestInit(&ctx->o_ctx,md);
+		EVP_DigestUpdate(&ctx->o_ctx,pad,EVP_MD_block_size(md));
+		}
+
+	memcpy(&ctx->md_ctx,&ctx->i_ctx,sizeof(ctx->i_ctx));
+	}
+
+void HMAC_Update(HMAC_CTX *ctx, unsigned char *data, int len)
+	{
+	EVP_DigestUpdate(&(ctx->md_ctx),data,len);
+	}
+
+void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len)
+	{
+	int j;
+	unsigned int i;
+	unsigned char buf[EVP_MAX_MD_SIZE];
+
+	j=EVP_MD_block_size(ctx->md);
+
+	EVP_DigestFinal(&(ctx->md_ctx),buf,&i);
+	memcpy(&(ctx->md_ctx),&(ctx->o_ctx),sizeof(ctx->o_ctx));
+	EVP_DigestUpdate(&(ctx->md_ctx),buf,i);
+	EVP_DigestFinal(&(ctx->md_ctx),md,len);
+	}
+
+void HMAC_cleanup(HMAC_CTX *ctx)
+	{
+	memset(ctx,0,sizeof(HMAC_CTX));
+	}
+
+unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
+		    unsigned char *d, int n, unsigned char *md,
+		    unsigned int *md_len)
+	{
+	HMAC_CTX c;
+	static unsigned char m[EVP_MAX_MD_SIZE];
+
+	if (md == NULL) md=m;
+	HMAC_Init(&c,key,key_len,evp_md);
+	HMAC_Update(&c,d,n);
+	HMAC_Final(&c,md,md_len);
+	HMAC_cleanup(&c);
+	return(md);
+	}
+
diff --git a/crypto/openssl/crypto/hmac/hmac.h b/crypto/openssl/crypto/hmac/hmac.h
new file mode 100644
index 000000000000..f928975fcdc6
--- /dev/null
+++ b/crypto/openssl/crypto/hmac/hmac.h
@@ -0,0 +1,100 @@
+/* crypto/hmac/hmac.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#ifndef HEADER_HMAC_H
+#define HEADER_HMAC_H
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#ifdef NO_HMAC
+#error HMAC is disabled.
+#endif
+
+#include 
+
+#define HMAC_MAX_MD_CBLOCK	64
+
+typedef struct hmac_ctx_st
+	{
+	const EVP_MD *md;
+	EVP_MD_CTX md_ctx;
+	EVP_MD_CTX i_ctx;
+	EVP_MD_CTX o_ctx;
+	unsigned int key_length;
+	unsigned char key[HMAC_MAX_MD_CBLOCK];
+	} HMAC_CTX;
+
+#define HMAC_size(e)	(EVP_MD_size((e)->md))
+
+
+void HMAC_Init(HMAC_CTX *ctx, const void *key, int len,
+	       const EVP_MD *md);
+void HMAC_Update(HMAC_CTX *ctx,unsigned char *key, int len);
+void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len);
+void HMAC_cleanup(HMAC_CTX *ctx);
+unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
+		    unsigned char *d, int n, unsigned char *md,
+		    unsigned int *md_len);
+
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
diff --git a/crypto/openssl/crypto/hmac/hmactest.c b/crypto/openssl/crypto/hmac/hmactest.c
new file mode 100644
index 000000000000..9a67dff36a20
--- /dev/null
+++ b/crypto/openssl/crypto/hmac/hmactest.c
@@ -0,0 +1,159 @@
+/* crypto/hmac/hmactest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+
+#ifdef NO_HMAC
+int main(int argc, char *argv[])
+{
+    printf("No HMAC support\n");
+    return(0);
+}
+#else
+#include 
+
+#ifdef CHARSET_EBCDIC
+#include 
+#endif
+
+struct test_st
+	{
+	unsigned char key[16];
+	int key_len;
+	unsigned char data[64];
+	int data_len;
+	unsigned char *digest;
+	} test[4]={
+	{	"",
+		0,
+		"More text test vectors to stuff up EBCDIC machines :-)",
+		54,
+		(unsigned char *)"e9139d1e6ee064ef8cf514fc7dc83e86",
+	},{	{0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,
+		 0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,},
+		16,
+		"Hi There",
+		8,
+		(unsigned char *)"9294727a3638bb1c13f48ef8158bfc9d",
+	},{	"Jefe",
+		4,
+		"what do ya want for nothing?",
+		28,
+		(unsigned char *)"750c783e6ab0b503eaa86e310a5db738",
+	},{
+		{0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,
+		 0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,},
+		16,
+		{0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,
+		 0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,
+		 0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,
+		 0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,
+		 0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,
+		 0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,
+		 0xdd,0xdd},
+		50,
+		(unsigned char *)"56be34521d144c88dbb8c733f0e8b3f6",
+	},
+	};
+
+
+static char *pt(unsigned char *md);
+int main(int argc, char *argv[])
+	{
+	int i,err=0;
+	char *p;
+
+#ifdef CHARSET_EBCDIC
+	ebcdic2ascii(test[0].data, test[0].data, test[0].data_len);
+	ebcdic2ascii(test[1].data, test[1].data, test[1].data_len);
+	ebcdic2ascii(test[2].key,  test[2].key,  test[2].key_len);
+	ebcdic2ascii(test[2].data, test[2].data, test[2].data_len);
+#endif
+
+	for (i=0; i<4; i++)
+		{
+		p=pt(HMAC(EVP_md5(),
+			test[i].key, test[i].key_len,
+			test[i].data, test[i].data_len,
+			NULL,NULL));
+
+		if (strcmp(p,(char *)test[i].digest) != 0)
+			{
+			printf("error calculating HMAC on %d entry'\n",i);
+			printf("got %s instead of %s\n",p,test[i].digest);
+			err++;
+			}
+		else
+			printf("test %d ok\n",i);
+		}
+	exit(err);
+	return(0);
+	}
+
+static char *pt(unsigned char *md)
+	{
+	int i;
+	static char buf[80];
+
+	for (i=0; i> $(TOP)/MINFO
+
+links:
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+	@for i in $(EXHEADER) ; \
+	do  \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+	done;
+
+tags:
+	ctags $(SRC)
+
+tests:
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+
+dclean:
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+lh_stats.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+lh_stats.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+lh_stats.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+lh_stats.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+lh_stats.o: ../../include/openssl/opensslv.h ../../include/openssl/stack.h
+lh_stats.o: ../cryptlib.h
+lhash.o: ../../include/openssl/crypto.h ../../include/openssl/lhash.h
+lhash.o: ../../include/openssl/opensslv.h ../../include/openssl/stack.h
diff --git a/crypto/openssl/crypto/lhash/lh_stats.c b/crypto/openssl/crypto/lhash/lh_stats.c
new file mode 100644
index 000000000000..80b931c12b76
--- /dev/null
+++ b/crypto/openssl/crypto/lhash/lh_stats.c
@@ -0,0 +1,271 @@
+/* crypto/lhash/lh_stats.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+/* If you wish to build this outside of SSLeay, remove the following lines
+ * and things should work as expected */
+#include "cryptlib.h"
+
+#include 
+
+#ifndef HEADER_BIO_H
+
+void lh_stats(LHASH *lh, FILE *out)
+	{
+	fprintf(out,"num_items             = %lu\n",lh->num_items);
+	fprintf(out,"num_nodes             = %u\n",lh->num_nodes);
+	fprintf(out,"num_alloc_nodes       = %u\n",lh->num_alloc_nodes);
+	fprintf(out,"num_expands           = %lu\n",lh->num_expands);
+	fprintf(out,"num_expand_reallocs   = %lu\n",lh->num_expand_reallocs);
+	fprintf(out,"num_contracts         = %lu\n",lh->num_contracts);
+	fprintf(out,"num_contract_reallocs = %lu\n",lh->num_contract_reallocs);
+	fprintf(out,"num_hash_calls        = %lu\n",lh->num_hash_calls);
+	fprintf(out,"num_comp_calls        = %lu\n",lh->num_comp_calls);
+	fprintf(out,"num_insert            = %lu\n",lh->num_insert);
+	fprintf(out,"num_replace           = %lu\n",lh->num_replace);
+	fprintf(out,"num_delete            = %lu\n",lh->num_delete);
+	fprintf(out,"num_no_delete         = %lu\n",lh->num_no_delete);
+	fprintf(out,"num_retrieve          = %lu\n",lh->num_retrieve);
+	fprintf(out,"num_retrieve_miss     = %lu\n",lh->num_retrieve_miss);
+	fprintf(out,"num_hash_comps        = %lu\n",lh->num_hash_comps);
+#ifdef DEBUG
+	fprintf(out,"p                     = %u\n",lh->p);
+	fprintf(out,"pmax                  = %u\n",lh->pmax);
+	fprintf(out,"up_load               = %lu\n",lh->up_load);
+	fprintf(out,"down_load             = %lu\n",lh->down_load);
+#endif
+	}
+
+void lh_node_stats(LHASH *lh, FILE *out)
+	{
+	LHASH_NODE *n;
+	unsigned int i,num;
+
+	for (i=0; inum_nodes; i++)
+		{
+		for (n=lh->b[i],num=0; n != NULL; n=n->next)
+			num++;
+		fprintf(out,"node %6u -> %3u\n",i,num);
+		}
+	}
+
+void lh_node_usage_stats(LHASH *lh, FILE *out)
+	{
+	LHASH_NODE *n;
+	unsigned long num;
+	unsigned int i;
+	unsigned long total=0,n_used=0;
+
+	for (i=0; inum_nodes; i++)
+		{
+		for (n=lh->b[i],num=0; n != NULL; n=n->next)
+			num++;
+		if (num != 0)
+			{
+			n_used++;
+			total+=num;
+			}
+		}
+	fprintf(out,"%lu nodes used out of %u\n",n_used,lh->num_nodes);
+	fprintf(out,"%lu items\n",total);
+	if (n_used == 0) return;
+	fprintf(out,"load %d.%02d  actual load %d.%02d\n",
+		(int)(total/lh->num_nodes),
+		(int)((total%lh->num_nodes)*100/lh->num_nodes),
+		(int)(total/n_used),
+		(int)((total%n_used)*100/n_used));
+	}
+
+#else
+
+#ifndef NO_FP_API
+void lh_stats(LHASH *lh, FILE *fp)
+	{
+	BIO *bp;
+
+	bp=BIO_new(BIO_s_file());
+	if (bp == NULL) goto end;
+	BIO_set_fp(bp,fp,BIO_NOCLOSE);
+	lh_stats_bio(lh,bp);
+	BIO_free(bp);
+end:;
+	}
+
+void lh_node_stats(LHASH *lh, FILE *fp)
+	{
+	BIO *bp;
+
+	bp=BIO_new(BIO_s_file());
+	if (bp == NULL) goto end;
+	BIO_set_fp(bp,fp,BIO_NOCLOSE);
+	lh_node_stats_bio(lh,bp);
+	BIO_free(bp);
+end:;
+	}
+
+void lh_node_usage_stats(LHASH *lh, FILE *fp)
+	{
+	BIO *bp;
+
+	bp=BIO_new(BIO_s_file());
+	if (bp == NULL) goto end;
+	BIO_set_fp(bp,fp,BIO_NOCLOSE);
+	lh_node_usage_stats_bio(lh,bp);
+	BIO_free(bp);
+end:;
+	}
+
+#endif
+
+void lh_stats_bio(LHASH *lh, BIO *out)
+	{
+	char buf[128];
+
+	sprintf(buf,"num_items             = %lu\n",lh->num_items);
+	BIO_puts(out,buf);
+	sprintf(buf,"num_nodes             = %u\n",lh->num_nodes);
+	BIO_puts(out,buf);
+	sprintf(buf,"num_alloc_nodes       = %u\n",lh->num_alloc_nodes);
+	BIO_puts(out,buf);
+	sprintf(buf,"num_expands           = %lu\n",lh->num_expands);
+	BIO_puts(out,buf);
+	sprintf(buf,"num_expand_reallocs   = %lu\n",lh->num_expand_reallocs);
+	BIO_puts(out,buf);
+	sprintf(buf,"num_contracts         = %lu\n",lh->num_contracts);
+	BIO_puts(out,buf);
+	sprintf(buf,"num_contract_reallocs = %lu\n",lh->num_contract_reallocs);
+	BIO_puts(out,buf);
+	sprintf(buf,"num_hash_calls        = %lu\n",lh->num_hash_calls);
+	BIO_puts(out,buf);
+	sprintf(buf,"num_comp_calls        = %lu\n",lh->num_comp_calls);
+	BIO_puts(out,buf);
+	sprintf(buf,"num_insert            = %lu\n",lh->num_insert);
+	BIO_puts(out,buf);
+	sprintf(buf,"num_replace           = %lu\n",lh->num_replace);
+	BIO_puts(out,buf);
+	sprintf(buf,"num_delete            = %lu\n",lh->num_delete);
+	BIO_puts(out,buf);
+	sprintf(buf,"num_no_delete         = %lu\n",lh->num_no_delete);
+	BIO_puts(out,buf);
+	sprintf(buf,"num_retrieve          = %lu\n",lh->num_retrieve);
+	BIO_puts(out,buf);
+	sprintf(buf,"num_retrieve_miss     = %lu\n",lh->num_retrieve_miss);
+	BIO_puts(out,buf);
+	sprintf(buf,"num_hash_comps        = %lu\n",lh->num_hash_comps);
+	BIO_puts(out,buf);
+#ifdef DEBUG
+	sprintf(buf,"p                     = %u\n",lh->p);
+	BIO_puts(out,buf);
+	sprintf(buf,"pmax                  = %u\n",lh->pmax);
+	BIO_puts(out,buf);
+	sprintf(buf,"up_load               = %lu\n",lh->up_load);
+	BIO_puts(out,buf);
+	sprintf(buf,"down_load             = %lu\n",lh->down_load);
+	BIO_puts(out,buf);
+#endif
+	}
+
+void lh_node_stats_bio(LHASH *lh, BIO *out)
+	{
+	LHASH_NODE *n;
+	unsigned int i,num;
+	char buf[128];
+
+	for (i=0; inum_nodes; i++)
+		{
+		for (n=lh->b[i],num=0; n != NULL; n=n->next)
+			num++;
+		sprintf(buf,"node %6u -> %3u\n",i,num);
+		BIO_puts(out,buf);
+		}
+	}
+
+void lh_node_usage_stats_bio(LHASH *lh, BIO *out)
+	{
+	LHASH_NODE *n;
+	unsigned long num;
+	unsigned int i;
+	unsigned long total=0,n_used=0;
+	char buf[128];
+
+	for (i=0; inum_nodes; i++)
+		{
+		for (n=lh->b[i],num=0; n != NULL; n=n->next)
+			num++;
+		if (num != 0)
+			{
+			n_used++;
+			total+=num;
+			}
+		}
+	sprintf(buf,"%lu nodes used out of %u\n",n_used,lh->num_nodes);
+	BIO_puts(out,buf);
+	sprintf(buf,"%lu items\n",total);
+	BIO_puts(out,buf);
+	if (n_used == 0) return;
+	sprintf(buf,"load %d.%02d  actual load %d.%02d\n",
+		(int)(total/lh->num_nodes),
+		(int)((total%lh->num_nodes)*100/lh->num_nodes),
+		(int)(total/n_used),
+		(int)((total%n_used)*100/n_used));
+	BIO_puts(out,buf);
+	}
+
+#endif
diff --git a/crypto/openssl/crypto/lhash/lh_test.c b/crypto/openssl/crypto/lhash/lh_test.c
new file mode 100644
index 000000000000..08138b52c313
--- /dev/null
+++ b/crypto/openssl/crypto/lhash/lh_test.c
@@ -0,0 +1,89 @@
+/* crypto/lhash/lh_test.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+#include 
+
+main()
+	{
+	LHASH *conf;
+	char buf[256];
+	int i;
+
+	conf=lh_new(lh_strhash,strcmp);
+	for (;;)
+		{
+		char *p;
+
+		buf[0]='\0';
+		fgets(buf,256,stdin);
+		if (buf[0] == '\0') break;
+		buf[256]='\0';
+		i=strlen(buf);
+		p=Malloc(i+1);
+		memcpy(p,buf,i+1);
+		lh_insert(conf,p);
+		}
+
+	lh_node_stats(conf,stdout);
+	lh_stats(conf,stdout);
+	lh_node_usage_stats(conf,stdout);
+	exit(0);
+	}
diff --git a/crypto/openssl/crypto/lhash/lhash.c b/crypto/openssl/crypto/lhash/lhash.c
new file mode 100644
index 000000000000..801322beb640
--- /dev/null
+++ b/crypto/openssl/crypto/lhash/lhash.c
@@ -0,0 +1,476 @@
+/* crypto/lhash/lhash.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* Code for dynamic hash table routines
+ * Author - Eric Young v 2.0
+ *
+ * 2.2 eay - added #include "crypto.h" so the memory leak checking code is
+ *	     present. eay 18-Jun-98
+ *
+ * 2.1 eay - Added an 'error in last operation' flag. eay 6-May-98
+ *
+ * 2.0 eay - Fixed a bug that occured when using lh_delete
+ *	     from inside lh_doall().  As entries were deleted,
+ *	     the 'table' was 'contract()ed', making some entries
+ *	     jump from the end of the table to the start, there by
+ *	     skiping the lh_doall() processing. eay - 4/12/95
+ *
+ * 1.9 eay - Fixed a memory leak in lh_free, the LHASH_NODEs
+ *	     were not being free()ed. 21/11/95
+ *
+ * 1.8 eay - Put the stats routines into a separate file, lh_stats.c
+ *	     19/09/95
+ *
+ * 1.7 eay - Removed the fputs() for realloc failures - the code
+ *           should silently tolerate them.  I have also fixed things
+ *           lint complained about 04/05/95
+ *
+ * 1.6 eay - Fixed an invalid pointers in contract/expand 27/07/92
+ *
+ * 1.5 eay - Fixed a misuse of realloc in expand 02/03/1992
+ *
+ * 1.4 eay - Fixed lh_doall so the function can call lh_delete 28/05/91
+ *
+ * 1.3 eay - Fixed a few lint problems 19/3/1991
+ *
+ * 1.2 eay - Fixed lh_doall problem 13/3/1991
+ *
+ * 1.1 eay - Added lh_doall
+ *
+ * 1.0 eay - First version
+ */
+#include 
+#include 
+#include 
+#include 
+#include 
+
+const char *lh_version="lhash" OPENSSL_VERSION_PTEXT;
+
+#undef MIN_NODES 
+#define MIN_NODES	16
+#define UP_LOAD		(2*LH_LOAD_MULT) /* load times 256  (default 2) */
+#define DOWN_LOAD	(LH_LOAD_MULT)   /* load times 256  (default 1) */
+
+
+#define P_CP	char *
+#define P_CPP	char *,char *
+static void expand(LHASH *lh);
+static void contract(LHASH *lh);
+static LHASH_NODE **getrn(LHASH *lh, char *data, unsigned long *rhash);
+
+LHASH *lh_new(unsigned long (*h)(), int (*c)())
+	{
+	LHASH *ret;
+	int i;
+
+	if ((ret=(LHASH *)Malloc(sizeof(LHASH))) == NULL)
+		goto err0;
+	if ((ret->b=(LHASH_NODE **)Malloc(sizeof(LHASH_NODE *)*MIN_NODES)) == NULL)
+		goto err1;
+	for (i=0; ib[i]=NULL;
+	ret->comp=((c == NULL)?(int (*)())strcmp:c);
+	ret->hash=((h == NULL)?(unsigned long (*)())lh_strhash:h);
+	ret->num_nodes=MIN_NODES/2;
+	ret->num_alloc_nodes=MIN_NODES;
+	ret->p=0;
+	ret->pmax=MIN_NODES/2;
+	ret->up_load=UP_LOAD;
+	ret->down_load=DOWN_LOAD;
+	ret->num_items=0;
+
+	ret->num_expands=0;
+	ret->num_expand_reallocs=0;
+	ret->num_contracts=0;
+	ret->num_contract_reallocs=0;
+	ret->num_hash_calls=0;
+	ret->num_comp_calls=0;
+	ret->num_insert=0;
+	ret->num_replace=0;
+	ret->num_delete=0;
+	ret->num_no_delete=0;
+	ret->num_retrieve=0;
+	ret->num_retrieve_miss=0;
+	ret->num_hash_comps=0;
+
+	ret->error=0;
+	return(ret);
+err1:
+	Free((char *)ret);
+err0:
+	return(NULL);
+	}
+
+void lh_free(LHASH *lh)
+	{
+	unsigned int i;
+	LHASH_NODE *n,*nn;
+
+	if(lh == NULL)
+	    return;
+
+	for (i=0; inum_nodes; i++)
+		{
+		n=lh->b[i];
+		while (n != NULL)
+			{
+			nn=n->next;
+			Free(n);
+			n=nn;
+			}
+		}
+	Free((char *)lh->b);
+	Free((char *)lh);
+	}
+
+char *lh_insert(LHASH *lh, char *data)
+	{
+	unsigned long hash;
+	LHASH_NODE *nn,**rn;
+	char *ret;
+
+	lh->error=0;
+	if (lh->up_load <= (lh->num_items*LH_LOAD_MULT/lh->num_nodes))
+		expand(lh);
+
+	rn=getrn(lh,data,&hash);
+
+	if (*rn == NULL)
+		{
+		if ((nn=(LHASH_NODE *)Malloc(sizeof(LHASH_NODE))) == NULL)
+			{
+			lh->error++;
+			return(NULL);
+			}
+		nn->data=data;
+		nn->next=NULL;
+#ifndef NO_HASH_COMP
+		nn->hash=hash;
+#endif
+		*rn=nn;
+		ret=NULL;
+		lh->num_insert++;
+		lh->num_items++;
+		}
+	else /* replace same key */
+		{
+		ret= (*rn)->data;
+		(*rn)->data=data;
+		lh->num_replace++;
+		}
+	return(ret);
+	}
+
+char *lh_delete(LHASH *lh, char *data)
+	{
+	unsigned long hash;
+	LHASH_NODE *nn,**rn;
+	char *ret;
+
+	lh->error=0;
+	rn=getrn(lh,data,&hash);
+
+	if (*rn == NULL)
+		{
+		lh->num_no_delete++;
+		return(NULL);
+		}
+	else
+		{
+		nn= *rn;
+		*rn=nn->next;
+		ret=nn->data;
+		Free((char *)nn);
+		lh->num_delete++;
+		}
+
+	lh->num_items--;
+	if ((lh->num_nodes > MIN_NODES) &&
+		(lh->down_load >= (lh->num_items*LH_LOAD_MULT/lh->num_nodes)))
+		contract(lh);
+
+	return(ret);
+	}
+
+char *lh_retrieve(LHASH *lh, char *data)
+	{
+	unsigned long hash;
+	LHASH_NODE **rn;
+	char *ret;
+
+	lh->error=0;
+	rn=getrn(lh,data,&hash);
+
+	if (*rn == NULL)
+		{
+		lh->num_retrieve_miss++;
+		return(NULL);
+		}
+	else
+		{
+		ret= (*rn)->data;
+		lh->num_retrieve++;
+		}
+	return(ret);
+	}
+
+void lh_doall(LHASH *lh, void (*func)())
+	{
+	lh_doall_arg(lh,func,NULL);
+	}
+
+void lh_doall_arg(LHASH *lh, void (*func)(), char *arg)
+	{
+	int i;
+	LHASH_NODE *a,*n;
+
+	/* reverse the order so we search from 'top to bottom'
+	 * We were having memory leaks otherwise */
+	for (i=lh->num_nodes-1; i>=0; i--)
+		{
+		a=lh->b[i];
+		while (a != NULL)
+			{
+			/* 28/05/91 - eay - n added so items can be deleted
+			 * via lh_doall */
+			n=a->next;
+			func(a->data,arg);
+			a=n;
+			}
+		}
+	}
+
+static void expand(LHASH *lh)
+	{
+	LHASH_NODE **n,**n1,**n2,*np;
+	unsigned int p,i,j;
+	unsigned long hash,nni;
+
+	lh->num_nodes++;
+	lh->num_expands++;
+	p=(int)lh->p++;
+	n1= &(lh->b[p]);
+	n2= &(lh->b[p+(int)lh->pmax]);
+	*n2=NULL;        /* 27/07/92 - eay - undefined pointer bug */
+	nni=lh->num_alloc_nodes;
+	
+	for (np= *n1; np != NULL; )
+		{
+#ifndef NO_HASH_COMP
+		hash=np->hash;
+#else
+		hash=(*(lh->hash))(np->data);
+		lh->num_hash_calls++;
+#endif
+		if ((hash%nni) != p)
+			{ /* move it */
+			*n1= (*n1)->next;
+			np->next= *n2;
+			*n2=np;
+			}
+		else
+			n1= &((*n1)->next);
+		np= *n1;
+		}
+
+	if ((lh->p) >= lh->pmax)
+		{
+		j=(int)lh->num_alloc_nodes*2;
+		n=(LHASH_NODE **)Realloc((char *)lh->b,
+			(unsigned int)sizeof(LHASH_NODE *)*j);
+		if (n == NULL)
+			{
+/*			fputs("realloc error in lhash",stderr); */
+			lh->error++;
+			lh->p=0;
+			return;
+			}
+		/* else */
+		for (i=(int)lh->num_alloc_nodes; ipmax=lh->num_alloc_nodes;
+		lh->num_alloc_nodes=j;
+		lh->num_expand_reallocs++;
+		lh->p=0;
+		lh->b=n;
+		}
+	}
+
+static void contract(LHASH *lh)
+	{
+	LHASH_NODE **n,*n1,*np;
+
+	np=lh->b[lh->p+lh->pmax-1];
+	lh->b[lh->p+lh->pmax-1]=NULL; /* 24/07-92 - eay - weird but :-( */
+	if (lh->p == 0)
+		{
+		n=(LHASH_NODE **)Realloc((char *)lh->b,
+			(unsigned int)(sizeof(LHASH_NODE *)*lh->pmax));
+		if (n == NULL)
+			{
+/*			fputs("realloc error in lhash",stderr); */
+			lh->error++;
+			return;
+			}
+		lh->num_contract_reallocs++;
+		lh->num_alloc_nodes/=2;
+		lh->pmax/=2;
+		lh->p=lh->pmax-1;
+		lh->b=n;
+		}
+	else
+		lh->p--;
+
+	lh->num_nodes--;
+	lh->num_contracts++;
+
+	n1=lh->b[(int)lh->p];
+	if (n1 == NULL)
+		lh->b[(int)lh->p]=np;
+	else
+		{
+		while (n1->next != NULL)
+			n1=n1->next;
+		n1->next=np;
+		}
+	}
+
+static LHASH_NODE **getrn(LHASH *lh, char *data, unsigned long *rhash)
+	{
+	LHASH_NODE **ret,*n1;
+	unsigned long hash,nn;
+	int (*cf)();
+
+	hash=(*(lh->hash))(data);
+	lh->num_hash_calls++;
+	*rhash=hash;
+
+	nn=hash%lh->pmax;
+	if (nn < lh->p)
+		nn=hash%lh->num_alloc_nodes;
+
+	cf=lh->comp;
+	ret= &(lh->b[(int)nn]);
+	for (n1= *ret; n1 != NULL; n1=n1->next)
+		{
+#ifndef NO_HASH_COMP
+		lh->num_hash_comps++;
+		if (n1->hash != hash)
+			{
+			ret= &(n1->next);
+			continue;
+			}
+#endif
+		lh->num_comp_calls++;
+		if ((*cf)(n1->data,data) == 0)
+			break;
+		ret= &(n1->next);
+		}
+	return(ret);
+	}
+
+/*
+static unsigned long lh_strhash(str)
+char *str;
+	{
+	int i,l;
+	unsigned long ret=0;
+	unsigned short *s;
+
+	if (str == NULL) return(0);
+	l=(strlen(str)+1)/2;
+	s=(unsigned short *)str;
+	for (i=0; i>2)^v)&0x0f;
+		ret=(ret<>(32-r));
+		ret&=0xFFFFFFFFL;
+		ret^=v*v;
+		c++;
+		}
+	return((ret>>16)^ret);
+	}
+
diff --git a/crypto/openssl/crypto/lhash/lhash.h b/crypto/openssl/crypto/lhash/lhash.h
new file mode 100644
index 000000000000..6e5a1fe70852
--- /dev/null
+++ b/crypto/openssl/crypto/lhash/lhash.h
@@ -0,0 +1,144 @@
+/* crypto/lhash/lhash.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* Header for dynamic hash table routines
+ * Author - Eric Young
+ */
+
+#ifndef HEADER_LHASH_H
+#define HEADER_LHASH_H
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#ifndef NO_FP_API
+#include 
+#endif
+
+typedef struct lhash_node_st
+	{
+	char *data;
+	struct lhash_node_st *next;
+#ifndef NO_HASH_COMP
+	unsigned long hash;
+#endif
+	} LHASH_NODE;
+
+typedef struct lhash_st
+	{
+	LHASH_NODE **b;
+	int (*comp)();
+	unsigned long (*hash)();
+	unsigned int num_nodes;
+	unsigned int num_alloc_nodes;
+	unsigned int p;
+	unsigned int pmax;
+	unsigned long up_load; /* load times 256 */
+	unsigned long down_load; /* load times 256 */
+	unsigned long num_items;
+
+	unsigned long num_expands;
+	unsigned long num_expand_reallocs;
+	unsigned long num_contracts;
+	unsigned long num_contract_reallocs;
+	unsigned long num_hash_calls;
+	unsigned long num_comp_calls;
+	unsigned long num_insert;
+	unsigned long num_replace;
+	unsigned long num_delete;
+	unsigned long num_no_delete;
+	unsigned long num_retrieve;
+	unsigned long num_retrieve_miss;
+	unsigned long num_hash_comps;
+
+	int error;
+	} LHASH;
+
+#define LH_LOAD_MULT	256
+
+/* Indicates a malloc() error in the last call, this is only bad
+ * in lh_insert(). */
+#define lh_error(lh)	((lh)->error)
+
+LHASH *lh_new(unsigned long (*h)(), int (*c)());
+void lh_free(LHASH *lh);
+char *lh_insert(LHASH *lh, char *data);
+char *lh_delete(LHASH *lh, char *data);
+char *lh_retrieve(LHASH *lh, char *data);
+void lh_doall(LHASH *lh, void (*func)(/* char *b */));
+void lh_doall_arg(LHASH *lh, void (*func)(/*char *a,char *b*/),char *arg);
+unsigned long lh_strhash(const char *c);
+
+#ifndef NO_FP_API
+void lh_stats(LHASH *lh, FILE *out);
+void lh_node_stats(LHASH *lh, FILE *out);
+void lh_node_usage_stats(LHASH *lh, FILE *out);
+#endif
+
+#ifdef HEADER_BIO_H
+void lh_stats_bio(LHASH *lh, BIO *out);
+void lh_node_stats_bio(LHASH *lh, BIO *out);
+void lh_node_usage_stats_bio(LHASH *lh, BIO *out);
+#endif
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
+
diff --git a/crypto/openssl/crypto/lhash/num.pl b/crypto/openssl/crypto/lhash/num.pl
new file mode 100644
index 000000000000..30fedf9cd5ad
--- /dev/null
+++ b/crypto/openssl/crypto/lhash/num.pl
@@ -0,0 +1,17 @@
+#!/usr/local/bin/perl
+
+#node     10 ->   4
+
+while (<>)
+	{
+	next unless /^node/;
+	chop;
+	@a=split;
+	$num{$a[3]}++;
+	}
+
+@a=sort {$a <=> $b } keys %num;
+foreach (0 .. $a[$#a])
+	{
+	printf "%4d:%4d\n",$_,$num{$_};
+	}
diff --git a/crypto/openssl/crypto/md2/Makefile.ssl b/crypto/openssl/crypto/md2/Makefile.ssl
new file mode 100644
index 000000000000..67ce450788c4
--- /dev/null
+++ b/crypto/openssl/crypto/md2/Makefile.ssl
@@ -0,0 +1,88 @@
+#
+# SSLeay/crypto/md/Makefile
+#
+
+DIR=	md
+TOP=	../..
+CC=	cc
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=		make -f Makefile.ssl
+MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+MAKEFILE=	Makefile.ssl
+AR=		ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=md2test.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=md2_dgst.c md2_one.c
+LIBOBJ=md2_dgst.o md2_one.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= md2.h
+HEADER=	$(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:	lib
+
+lib:	$(LIBOBJ)
+	$(AR) $(LIB) $(LIBOBJ)
+	$(RANLIB) $(LIB)
+	@touch lib
+
+files:
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+	@for i in $(EXHEADER) ; \
+	do  \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+	done;
+
+tags:
+	ctags $(SRC)
+
+tests:
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+
+dclean:
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+md2_dgst.o: ../../include/openssl/md2.h ../../include/openssl/opensslconf.h
+md2_dgst.o: ../../include/openssl/opensslv.h
+md2_one.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+md2_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+md2_one.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+md2_one.o: ../../include/openssl/md2.h ../../include/openssl/opensslconf.h
+md2_one.o: ../../include/openssl/opensslv.h ../../include/openssl/stack.h
+md2_one.o: ../cryptlib.h
diff --git a/crypto/openssl/crypto/md2/md2.c b/crypto/openssl/crypto/md2/md2.c
new file mode 100644
index 000000000000..f4d6f62264b3
--- /dev/null
+++ b/crypto/openssl/crypto/md2/md2.c
@@ -0,0 +1,124 @@
+/* crypto/md2/md2.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+
+#define BUFSIZE	1024*16
+
+void do_fp(FILE *f);
+void pt(unsigned char *md);
+int read(int, void *, unsigned int);
+void exit(int);
+int main(int argc, char *argv[])
+	{
+	int i,err=0;
+	FILE *IN;
+
+	if (argc == 1)
+		{
+		do_fp(stdin);
+		}
+	else
+		{
+		for (i=1; i /* MD2_INT */
+
+typedef struct MD2state_st
+	{
+	int num;
+	unsigned char data[MD2_BLOCK];
+	MD2_INT cksm[MD2_BLOCK];
+	MD2_INT state[MD2_BLOCK];
+	} MD2_CTX;
+
+const char *MD2_options(void);
+void MD2_Init(MD2_CTX *c);
+void MD2_Update(MD2_CTX *c, register unsigned char *data, unsigned long len);
+void MD2_Final(unsigned char *md, MD2_CTX *c);
+unsigned char *MD2(unsigned char *d, unsigned long n,unsigned char *md);
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
diff --git a/crypto/openssl/crypto/md2/md2_dgst.c b/crypto/openssl/crypto/md2/md2_dgst.c
new file mode 100644
index 000000000000..c7d8d6aef578
--- /dev/null
+++ b/crypto/openssl/crypto/md2/md2_dgst.c
@@ -0,0 +1,223 @@
+/* crypto/md2/md2_dgst.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+#include 
+#include 
+
+const char *MD2_version="MD2" OPENSSL_VERSION_PTEXT;
+
+/* Implemented from RFC1319 The MD2 Message-Digest Algorithm
+ */
+
+#define UCHAR	unsigned char
+
+static void md2_block(MD2_CTX *c, unsigned char *d);
+/* The magic S table - I have converted it to hex since it is
+ * basicaly just a random byte string. */
+static MD2_INT S[256]={
+	0x29, 0x2E, 0x43, 0xC9, 0xA2, 0xD8, 0x7C, 0x01,
+	0x3D, 0x36, 0x54, 0xA1, 0xEC, 0xF0, 0x06, 0x13,
+	0x62, 0xA7, 0x05, 0xF3, 0xC0, 0xC7, 0x73, 0x8C,
+	0x98, 0x93, 0x2B, 0xD9, 0xBC, 0x4C, 0x82, 0xCA,
+	0x1E, 0x9B, 0x57, 0x3C, 0xFD, 0xD4, 0xE0, 0x16,
+	0x67, 0x42, 0x6F, 0x18, 0x8A, 0x17, 0xE5, 0x12,
+	0xBE, 0x4E, 0xC4, 0xD6, 0xDA, 0x9E, 0xDE, 0x49,
+	0xA0, 0xFB, 0xF5, 0x8E, 0xBB, 0x2F, 0xEE, 0x7A,
+	0xA9, 0x68, 0x79, 0x91, 0x15, 0xB2, 0x07, 0x3F,
+	0x94, 0xC2, 0x10, 0x89, 0x0B, 0x22, 0x5F, 0x21,
+	0x80, 0x7F, 0x5D, 0x9A, 0x5A, 0x90, 0x32, 0x27,
+	0x35, 0x3E, 0xCC, 0xE7, 0xBF, 0xF7, 0x97, 0x03,
+	0xFF, 0x19, 0x30, 0xB3, 0x48, 0xA5, 0xB5, 0xD1,
+	0xD7, 0x5E, 0x92, 0x2A, 0xAC, 0x56, 0xAA, 0xC6,
+	0x4F, 0xB8, 0x38, 0xD2, 0x96, 0xA4, 0x7D, 0xB6,
+	0x76, 0xFC, 0x6B, 0xE2, 0x9C, 0x74, 0x04, 0xF1,
+	0x45, 0x9D, 0x70, 0x59, 0x64, 0x71, 0x87, 0x20,
+	0x86, 0x5B, 0xCF, 0x65, 0xE6, 0x2D, 0xA8, 0x02,
+	0x1B, 0x60, 0x25, 0xAD, 0xAE, 0xB0, 0xB9, 0xF6,
+	0x1C, 0x46, 0x61, 0x69, 0x34, 0x40, 0x7E, 0x0F,
+	0x55, 0x47, 0xA3, 0x23, 0xDD, 0x51, 0xAF, 0x3A,
+	0xC3, 0x5C, 0xF9, 0xCE, 0xBA, 0xC5, 0xEA, 0x26,
+	0x2C, 0x53, 0x0D, 0x6E, 0x85, 0x28, 0x84, 0x09,
+	0xD3, 0xDF, 0xCD, 0xF4, 0x41, 0x81, 0x4D, 0x52,
+	0x6A, 0xDC, 0x37, 0xC8, 0x6C, 0xC1, 0xAB, 0xFA,
+	0x24, 0xE1, 0x7B, 0x08, 0x0C, 0xBD, 0xB1, 0x4A,
+	0x78, 0x88, 0x95, 0x8B, 0xE3, 0x63, 0xE8, 0x6D,
+	0xE9, 0xCB, 0xD5, 0xFE, 0x3B, 0x00, 0x1D, 0x39,
+	0xF2, 0xEF, 0xB7, 0x0E, 0x66, 0x58, 0xD0, 0xE4,
+	0xA6, 0x77, 0x72, 0xF8, 0xEB, 0x75, 0x4B, 0x0A,
+	0x31, 0x44, 0x50, 0xB4, 0x8F, 0xED, 0x1F, 0x1A,
+	0xDB, 0x99, 0x8D, 0x33, 0x9F, 0x11, 0x83, 0x14,
+	};
+
+const char *MD2_options(void)
+	{
+	if (sizeof(MD2_INT) == 1)
+		return("md2(char)");
+	else
+		return("md2(int)");
+	}
+
+void MD2_Init(MD2_CTX *c)
+	{
+	c->num=0;
+	memset(c->state,0,MD2_BLOCK*sizeof(MD2_INT));
+	memset(c->cksm,0,MD2_BLOCK*sizeof(MD2_INT));
+	memset(c->data,0,MD2_BLOCK);
+	}
+
+void MD2_Update(MD2_CTX *c, register unsigned char *data, unsigned long len)
+	{
+	register UCHAR *p;
+
+	if (len == 0) return;
+
+	p=c->data;
+	if (c->num != 0)
+		{
+		if ((c->num+len) >= MD2_BLOCK)
+			{
+			memcpy(&(p[c->num]),data,MD2_BLOCK-c->num);
+			md2_block(c,c->data);
+			data+=(MD2_BLOCK - c->num);
+			len-=(MD2_BLOCK - c->num);
+			c->num=0;
+			/* drop through and do the rest */
+			}
+		else
+			{
+			memcpy(&(p[c->num]),data,(int)len);
+			/* data+=len; */
+			c->num+=(int)len;
+			return;
+			}
+		}
+	/* we now can process the input data in blocks of MD2_BLOCK
+	 * chars and save the leftovers to c->data. */
+	while (len >= MD2_BLOCK)
+		{
+		md2_block(c,data);
+		data+=MD2_BLOCK;
+		len-=MD2_BLOCK;
+		}
+	memcpy(p,data,(int)len);
+	c->num=(int)len;
+	}
+
+static void md2_block(MD2_CTX *c, unsigned char *d)
+	{
+	register MD2_INT t,*sp1,*sp2;
+	register int i,j;
+	MD2_INT state[48];
+
+	sp1=c->state;
+	sp2=c->cksm;
+	j=sp2[MD2_BLOCK-1];
+	for (i=0; i<16; i++)
+		{
+		state[i]=sp1[i];
+		state[i+16]=t=d[i];
+		state[i+32]=(t^sp1[i]);
+		j=sp2[i]^=S[t^j];
+		}
+	t=0;
+	for (i=0; i<18; i++)
+		{
+		for (j=0; j<48; j+=8)
+			{
+			t= state[j+ 0]^=S[t];
+			t= state[j+ 1]^=S[t];
+			t= state[j+ 2]^=S[t];
+			t= state[j+ 3]^=S[t];
+			t= state[j+ 4]^=S[t];
+			t= state[j+ 5]^=S[t];
+			t= state[j+ 6]^=S[t];
+			t= state[j+ 7]^=S[t];
+			}
+		t=(t+i)&0xff;
+		}
+	memcpy(sp1,state,16*sizeof(MD2_INT));
+	memset(state,0,48*sizeof(MD2_INT));
+	}
+
+void MD2_Final(unsigned char *md, MD2_CTX *c)
+	{
+	int i,v;
+	register UCHAR *cp;
+	register MD2_INT *p1,*p2;
+
+	cp=c->data;
+	p1=c->state;
+	p2=c->cksm;
+	v=MD2_BLOCK-c->num;
+	for (i=c->num; i
+#include "cryptlib.h"
+#include 
+
+/* This is a separate file so that #defines in cryptlib.h can
+ * map my MD functions to different names */
+
+unsigned char *MD2(unsigned char *d, unsigned long n, unsigned char *md)
+	{
+	MD2_CTX c;
+	static unsigned char m[MD2_DIGEST_LENGTH];
+
+	if (md == NULL) md=m;
+	MD2_Init(&c);
+#ifndef CHARSET_EBCDIC
+	MD2_Update(&c,d,n);
+#else
+	{
+		char temp[1024];
+		unsigned long chunk;
+
+		while (n > 0)
+		{
+			chunk = (n > sizeof(temp)) ? sizeof(temp) : n;
+			ebcdic2ascii(temp, d, chunk);
+			MD2_Update(&c,temp,chunk);
+			n -= chunk;
+			d += chunk;
+		}
+	}
+#endif
+	MD2_Final(md,&c);
+	memset(&c,0,sizeof(c));	/* Security consideration */
+	return(md);
+	}
diff --git a/crypto/openssl/crypto/md2/md2test.c b/crypto/openssl/crypto/md2/md2test.c
new file mode 100644
index 000000000000..461d124957f7
--- /dev/null
+++ b/crypto/openssl/crypto/md2/md2test.c
@@ -0,0 +1,135 @@
+/* crypto/md2/md2test.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+
+#ifdef NO_MD2
+int main(int argc, char *argv[])
+{
+    printf("No MD2 support\n");
+    return(0);
+}
+#else
+#include 
+
+#ifdef CHARSET_EBCDIC
+#include 
+#endif
+
+char *test[]={
+	"",
+	"a",
+	"abc",
+	"message digest",
+	"abcdefghijklmnopqrstuvwxyz",
+	"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
+	"12345678901234567890123456789012345678901234567890123456789012345678901234567890",
+	NULL,
+	};
+
+char *ret[]={
+	"8350e5a3e24c153df2275c9f80692773",
+	"32ec01ec4a6dac72c0ab96fb34c0b5d1",
+	"da853b0d3f88d99b30283a69e6ded6bb",
+	"ab4f496bfb2a530b219ff33031fe06b0",
+	"4e8ddff3650292ab5a4108c3aa47940b",
+	"da33def2a42df13975352846c30338cd",
+	"d5976f79d83d3a0dc9806c3c66f3efd8",
+	};
+
+static char *pt(unsigned char *md);
+int main(int argc, char *argv[])
+	{
+	int i,err=0;
+	char **P,**R;
+	char *p;
+
+	P=test;
+	R=ret;
+	i=1;
+	while (*P != NULL)
+		{
+		p=pt(MD2((unsigned char *)*P,(unsigned long)strlen(*P),NULL));
+		if (strcmp(p,*R) != 0)
+			{
+			printf("error calculating MD2 on '%s'\n",*P);
+			printf("got %s instead of %s\n",p,*R);
+			err++;
+			}
+		else
+			printf("test %d ok\n",i);
+		i++;
+		R++;
+		P++;
+		}
+	exit(err);
+	return(0);
+	}
+
+static char *pt(unsigned char *md)
+	{
+	int i;
+	static char buf[80];
+
+	for (i=0; i
+ */
+
+#if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN)
+#error "DATA_ORDER must be defined!"
+#endif
+
+#ifndef HASH_CBLOCK
+#error "HASH_CBLOCK must be defined!"
+#endif
+#ifndef HASH_LONG
+#error "HASH_LONG must be defined!"
+#endif
+#ifndef HASH_CTX
+#error "HASH_CTX must be defined!"
+#endif
+
+#ifndef HASH_UPDATE
+#error "HASH_UPDATE must be defined!"
+#endif
+#ifndef HASH_TRANSFORM
+#error "HASH_TRANSFORM must be defined!"
+#endif
+#ifndef HASH_FINAL
+#error "HASH_FINAL must be defined!"
+#endif
+
+#ifndef HASH_BLOCK_HOST_ORDER
+#error "HASH_BLOCK_HOST_ORDER must be defined!"
+#endif
+
+#if 0
+/*
+ * Moved below as it's required only if HASH_BLOCK_DATA_ORDER_ALIGNED
+ * isn't defined.
+ */
+#ifndef HASH_BLOCK_DATA_ORDER
+#error "HASH_BLOCK_DATA_ORDER must be defined!"
+#endif
+#endif
+
+#ifndef HASH_LBLOCK
+#define HASH_LBLOCK	(HASH_CBLOCK/4)
+#endif
+
+#ifndef HASH_LONG_LOG2
+#define HASH_LONG_LOG2	2
+#endif
+
+/*
+ * Engage compiler specific rotate intrinsic function if available.
+ */
+#undef ROTATE
+#ifndef PEDANTIC
+# if defined(_MSC_VER)
+#  define ROTATE(a,n)     _lrotl(a,n)
+# elif defined(__GNUC__) && __GNUC__>=2 && !defined(NO_ASM)
+  /*
+   * Some GNU C inline assembler templates. Note that these are
+   * rotates by *constant* number of bits! But that's exactly
+   * what we need here...
+   *
+   * 					
+   */
+#  if defined(__i386)
+#   define ROTATE(a,n)	({ register unsigned int ret;	\
+				asm volatile (		\
+				"roll %1,%0"		\
+				: "=r"(ret)		\
+				: "I"(n), "0"(a)	\
+				: "cc");		\
+			   ret;				\
+			})
+#  elif defined(__powerpc)
+#   define ROTATE(a,n)	({ register unsigned int ret;	\
+				asm volatile (		\
+				"rlwinm %0,%1,%2,0,31"	\
+				: "=r"(ret)		\
+				: "r"(a), "I"(n));	\
+			   ret;				\
+			})
+#  endif
+# endif
+
+/*
+ * Engage compiler specific "fetch in reverse byte order"
+ * intrinsic function if available.
+ */
+# if defined(__GNUC__) && __GNUC__>=2 && !defined(NO_ASM)
+  /* some GNU C inline assembler templates by  */
+#  if defined(__i386) && !defined(I386_ONLY)
+#   define BE_FETCH32(a)	({ register unsigned int l=(a);\
+				asm volatile (		\
+				"bswapl %0"		\
+				: "=r"(l) : "0"(l));	\
+			  l;				\
+			})
+#  elif defined(__powerpc)
+#   define LE_FETCH32(a)	({ register unsigned int l;	\
+				asm volatile (		\
+				"lwbrx %0,0,%1"		\
+				: "=r"(l)		\
+				: "r"(a));		\
+			   l;				\
+			})
+
+#  elif defined(__sparc) && defined(ULTRASPARC)
+#  define LE_FETCH32(a)	({ register unsigned int l;		\
+				asm volatile (			\
+				"lda [%1]#ASI_PRIMARY_LITTLE,%0"\
+				: "=r"(l)			\
+				: "r"(a));			\
+			   l;					\
+			})
+#  endif
+# endif
+#endif /* PEDANTIC */
+
+#if HASH_LONG_LOG2==2	/* Engage only if sizeof(HASH_LONG)== 4 */
+/* A nice byte order reversal from Wei Dai  */
+#ifdef ROTATE
+/* 5 instructions with rotate instruction, else 9 */
+#define REVERSE_FETCH32(a,l)	(					\
+		l=*(const HASH_LONG *)(a),				\
+		((ROTATE(l,8)&0x00FF00FF)|(ROTATE((l&0x00FF00FF),24)))	\
+				)
+#else
+/* 6 instructions with rotate instruction, else 8 */
+#define REVERSE_FETCH32(a,l)	(				\
+		l=*(const HASH_LONG *)(a),			\
+		l=(((l>>8)&0x00FF00FF)|((l&0x00FF00FF)<<8)),	\
+		ROTATE(l,16)					\
+				)
+/*
+ * Originally the middle line started with l=(((l&0xFF00FF00)>>8)|...
+ * It's rewritten as above for two reasons:
+ *	- RISCs aren't good at long constants and have to explicitely
+ *	  compose 'em with several (well, usually 2) instructions in a
+ *	  register before performing the actual operation and (as you
+ *	  already realized:-) having same constant should inspire the
+ *	  compiler to permanently allocate the only register for it;
+ *	- most modern CPUs have two ALUs, but usually only one has
+ *	  circuitry for shifts:-( this minor tweak inspires compiler
+ *	  to schedule shift instructions in a better way...
+ *
+ *				
+ */
+#endif
+#endif
+
+#ifndef ROTATE
+#define ROTATE(a,n)     (((a)<<(n))|(((a)&0xffffffff)>>(32-(n))))
+#endif
+
+/*
+ * Make some obvious choices. E.g., HASH_BLOCK_DATA_ORDER_ALIGNED
+ * and HASH_BLOCK_HOST_ORDER ought to be the same if input data
+ * and host are of the same "endianess". It's possible to mask
+ * this with blank #define HASH_BLOCK_DATA_ORDER though...
+ *
+ *				
+ */
+#if defined(B_ENDIAN)
+#  if defined(DATA_ORDER_IS_BIG_ENDIAN)
+#    if !defined(HASH_BLOCK_DATA_ORDER_ALIGNED) && HASH_LONG_LOG2==2
+#      define HASH_BLOCK_DATA_ORDER_ALIGNED	HASH_BLOCK_HOST_ORDER
+#    endif
+#  elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
+#    ifndef HOST_FETCH32
+#      ifdef LE_FETCH32
+#        define HOST_FETCH32(p,l)	LE_FETCH32(p)
+#      elif defined(REVERSE_FETCH32)
+#        define HOST_FETCH32(p,l)	REVERSE_FETCH32(p,l)
+#      endif
+#    endif
+#  endif
+#elif defined(L_ENDIAN)
+#  if defined(DATA_ORDER_IS_LITTLE_ENDIAN)
+#    if !defined(HASH_BLOCK_DATA_ORDER_ALIGNED) && HASH_LONG_LOG2==2
+#      define HASH_BLOCK_DATA_ORDER_ALIGNED	HASH_BLOCK_HOST_ORDER
+#    endif
+#  elif defined(DATA_ORDER_IS_BIG_ENDIAN)
+#    ifndef HOST_FETCH32
+#      ifdef BE_FETCH32
+#        define HOST_FETCH32(p,l)	BE_FETCH32(p)
+#      elif defined(REVERSE_FETCH32)
+#        define HOST_FETCH32(p,l)	REVERSE_FETCH32(p,l)
+#      endif
+#    endif
+#  endif
+#endif
+
+#if !defined(HASH_BLOCK_DATA_ORDER_ALIGNED)
+#ifndef HASH_BLOCK_DATA_ORDER
+#error "HASH_BLOCK_DATA_ORDER must be defined!"
+#endif
+#endif
+
+#if defined(DATA_ORDER_IS_BIG_ENDIAN)
+
+#define HOST_c2l(c,l)	(l =(((unsigned long)(*((c)++)))<<24),		\
+			 l|=(((unsigned long)(*((c)++)))<<16),		\
+			 l|=(((unsigned long)(*((c)++)))<< 8),		\
+			 l|=(((unsigned long)(*((c)++)))    ),		\
+			 l)
+#define HOST_p_c2l(c,l,n)	{					\
+			switch (n) {					\
+			case 0: l =((unsigned long)(*((c)++)))<<24;	\
+			case 1: l|=((unsigned long)(*((c)++)))<<16;	\
+			case 2: l|=((unsigned long)(*((c)++)))<< 8;	\
+			case 3: l|=((unsigned long)(*((c)++)));		\
+				} }
+#define HOST_p_c2l_p(c,l,sc,len) {					\
+			switch (sc) {					\
+			case 0: l =((unsigned long)(*((c)++)))<<24;	\
+				if (--len == 0) break;			\
+			case 1: l|=((unsigned long)(*((c)++)))<<16;	\
+				if (--len == 0) break;			\
+			case 2: l|=((unsigned long)(*((c)++)))<< 8;	\
+				} }
+/* NOTE the pointer is not incremented at the end of this */
+#define HOST_c2l_p(c,l,n)	{					\
+			l=0; (c)+=n;					\
+			switch (n) {					\
+			case 3: l =((unsigned long)(*(--(c))))<< 8;	\
+			case 2: l|=((unsigned long)(*(--(c))))<<16;	\
+			case 1: l|=((unsigned long)(*(--(c))))<<24;	\
+				} }
+#define HOST_l2c(l,c)	(*((c)++)=(unsigned char)(((l)>>24)&0xff),	\
+			 *((c)++)=(unsigned char)(((l)>>16)&0xff),	\
+			 *((c)++)=(unsigned char)(((l)>> 8)&0xff),	\
+			 *((c)++)=(unsigned char)(((l)    )&0xff),	\
+			 l)
+
+#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
+
+#define HOST_c2l(c,l)	(l =(((unsigned long)(*((c)++)))    ),		\
+			 l|=(((unsigned long)(*((c)++)))<< 8),		\
+			 l|=(((unsigned long)(*((c)++)))<<16),		\
+			 l|=(((unsigned long)(*((c)++)))<<24),		\
+			 l)
+#define HOST_p_c2l(c,l,n)	{					\
+			switch (n) {					\
+			case 0: l =((unsigned long)(*((c)++)));		\
+			case 1: l|=((unsigned long)(*((c)++)))<< 8;	\
+			case 2: l|=((unsigned long)(*((c)++)))<<16;	\
+			case 3: l|=((unsigned long)(*((c)++)))<<24;	\
+				} }
+#define HOST_p_c2l_p(c,l,sc,len) {					\
+			switch (sc) {					\
+			case 0: l =((unsigned long)(*((c)++)));		\
+				if (--len == 0) break;			\
+			case 1: l|=((unsigned long)(*((c)++)))<< 8;	\
+				if (--len == 0) break;			\
+			case 2: l|=((unsigned long)(*((c)++)))<<16;	\
+				} }
+/* NOTE the pointer is not incremented at the end of this */
+#define HOST_c2l_p(c,l,n)	{					\
+			l=0; (c)+=n;					\
+			switch (n) {					\
+			case 3: l =((unsigned long)(*(--(c))))<<16;	\
+			case 2: l|=((unsigned long)(*(--(c))))<< 8;	\
+			case 1: l|=((unsigned long)(*(--(c))));		\
+				} }
+#define HOST_l2c(l,c)	(*((c)++)=(unsigned char)(((l)    )&0xff),	\
+			 *((c)++)=(unsigned char)(((l)>> 8)&0xff),	\
+			 *((c)++)=(unsigned char)(((l)>>16)&0xff),	\
+			 *((c)++)=(unsigned char)(((l)>>24)&0xff),	\
+			 l)
+
+#endif
+
+/*
+ * Time for some action:-)
+ */
+
+void HASH_UPDATE (HASH_CTX *c, const unsigned char *data, unsigned long len)
+	{
+	register HASH_LONG * p;
+	register unsigned long l;
+	int sw,sc,ew,ec;
+
+	if (len==0) return;
+
+	l=(c->Nl+(len<<3))&0xffffffffL;
+	/* 95-05-24 eay Fixed a bug with the overflow handling, thanks to
+	 * Wei Dai  for pointing it out. */
+	if (l < c->Nl) /* overflow */
+		c->Nh++;
+	c->Nh+=(len>>29);
+	c->Nl=l;
+
+	if (c->num != 0)
+		{
+		p=c->data;
+		sw=c->num>>2;
+		sc=c->num&0x03;
+
+		if ((c->num+len) >= HASH_CBLOCK)
+			{
+			l=p[sw]; HOST_p_c2l(data,l,sc); p[sw++]=l;
+			for (; swnum);
+			c->num=0;
+			/* drop through and do the rest */
+			}
+		else
+			{
+			c->num+=len;
+			if ((sc+len) < 4) /* ugly, add char's to a word */
+				{
+				l=p[sw]; HOST_p_c2l_p(data,l,sc,len); p[sw]=l;
+				}
+			else
+				{
+				ew=(c->num>>2);
+				ec=(c->num&0x03);
+				l=p[sw]; HOST_p_c2l(data,l,sc); p[sw++]=l;
+				for (; sw < ew; sw++)
+					{
+					HOST_c2l(data,l); p[sw]=l;
+					}
+				if (ec)
+					{
+					HOST_c2l_p(data,l,ec); p[sw]=l;
+					}
+				}
+			return;
+			}
+		}
+
+	sw=len/HASH_CBLOCK;
+	if (sw > 0)
+		{
+#if defined(HASH_BLOCK_DATA_ORDER_ALIGNED)
+		/*
+		 * Note that HASH_BLOCK_DATA_ORDER_ALIGNED gets defined
+		 * only if sizeof(HASH_LONG)==4.
+		 */
+		if ((((unsigned long)data)%4) == 0)
+			{
+			/* data is properly aligned so that we can cast it: */
+			HASH_BLOCK_DATA_ORDER_ALIGNED (c,(HASH_LONG *)data,sw);
+			sw*=HASH_CBLOCK;
+			data+=sw;
+			len-=sw;
+			}
+		else
+#if !defined(HASH_BLOCK_DATA_ORDER)
+			while (sw--)
+				{
+				memcpy (p=c->data,data,HASH_CBLOCK);
+				HASH_BLOCK_DATA_ORDER_ALIGNED(c,p,1);
+				data+=HASH_CBLOCK;
+				len-=HASH_CBLOCK;
+				}
+#endif
+#endif
+#if defined(HASH_BLOCK_DATA_ORDER)
+			{
+			HASH_BLOCK_DATA_ORDER(c,data,sw);
+			sw*=HASH_CBLOCK;
+			data+=sw;
+			len-=sw;
+			}
+#endif
+		}
+
+	if (len!=0)
+		{
+		p = c->data;
+		c->num = len;
+		ew=len>>2;	/* words to copy */
+		ec=len&0x03;
+		for (; ew; ew--,p++)
+			{
+			HOST_c2l(data,l); *p=l;
+			}
+		HOST_c2l_p(data,l,ec);
+		*p=l;
+		}
+	}
+
+
+void HASH_TRANSFORM (HASH_CTX *c, const unsigned char *data)
+	{
+#if defined(HASH_BLOCK_DATA_ORDER_ALIGNED)
+	if ((((unsigned long)data)%4) == 0)
+		/* data is properly aligned so that we can cast it: */
+		HASH_BLOCK_DATA_ORDER_ALIGNED (c,(HASH_LONG *)data,1);
+	else
+#if !defined(HASH_BLOCK_DATA_ORDER)
+		{
+		memcpy (c->data,data,HASH_CBLOCK);
+		HASH_BLOCK_DATA_ORDER_ALIGNED (c,c->data,1);
+		}
+#endif
+#endif
+#if defined(HASH_BLOCK_DATA_ORDER)
+	HASH_BLOCK_DATA_ORDER (c,data,1);
+#endif
+	}
+
+
+void HASH_FINAL (unsigned char *md, HASH_CTX *c)
+	{
+	register HASH_LONG *p;
+	register unsigned long l;
+	register int i,j;
+	static const unsigned char end[4]={0x80,0x00,0x00,0x00};
+	const unsigned char *cp=end;
+
+	/* c->num should definitly have room for at least one more byte. */
+	p=c->data;
+	i=c->num>>2;
+	j=c->num&0x03;
+
+#if 0
+	/* purify often complains about the following line as an
+	 * Uninitialized Memory Read.  While this can be true, the
+	 * following p_c2l macro will reset l when that case is true.
+	 * This is because j&0x03 contains the number of 'valid' bytes
+	 * already in p[i].  If and only if j&0x03 == 0, the UMR will
+	 * occur but this is also the only time p_c2l will do
+	 * l= *(cp++) instead of l|= *(cp++)
+	 * Many thanks to Alex Tang  for pickup this
+	 * 'potential bug' */
+#ifdef PURIFY
+	if (j==0) p[i]=0; /* Yeah, but that's not the way to fix it:-) */
+#endif
+	l=p[i];
+#else
+	l = (j==0) ? 0 : p[i];
+#endif
+	HOST_p_c2l(cp,l,j); p[i++]=l; /* i is the next 'undefined word' */
+
+	if (i>(HASH_LBLOCK-2)) /* save room for Nl and Nh */
+		{
+		if (iNh;
+	p[HASH_LBLOCK-1]=c->Nl;
+#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
+	p[HASH_LBLOCK-2]=c->Nl;
+	p[HASH_LBLOCK-1]=c->Nh;
+#endif
+	HASH_BLOCK_HOST_ORDER (c,p,1);
+
+	l=c->A; HOST_l2c(l,md);
+	l=c->B; HOST_l2c(l,md);
+	l=c->C; HOST_l2c(l,md);
+	l=c->D; HOST_l2c(l,md);
+
+	c->num=0;
+	/* clear stuff, HASH_BLOCK may be leaving some stuff on the stack
+	 * but I'm not worried :-)
+	memset((void *)c,0,sizeof(HASH_CTX));
+	 */
+	}
diff --git a/crypto/openssl/crypto/md5/Makefile.ssl b/crypto/openssl/crypto/md5/Makefile.ssl
new file mode 100644
index 000000000000..29ae1b745867
--- /dev/null
+++ b/crypto/openssl/crypto/md5/Makefile.ssl
@@ -0,0 +1,126 @@
+#
+# SSLeay/crypto/md5/Makefile
+#
+
+DIR=    md5
+TOP=    ../..
+CC=     cc
+CPP=    $(CC) -E
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+MD5_ASM_OBJ=
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+ASFLAGS=$(CFLAGS)
+
+GENERAL=Makefile
+TEST=md5test.c
+APPS=md5.c
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=md5_dgst.c md5_one.c
+LIBOBJ=md5_dgst.o md5_one.o $(MD5_ASM_OBJ)
+
+SRC= $(LIBSRC)
+
+EXHEADER= md5.h
+HEADER= md5_locl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+	$(AR) $(LIB) $(LIBOBJ)
+	$(RANLIB) $(LIB)
+	@touch lib
+
+# elf
+asm/mx86-elf.o: asm/mx86unix.cpp
+	$(CPP) -DELF asm/mx86unix.cpp | as -o asm/mx86-elf.o
+
+# solaris
+asm/mx86-sol.o: asm/mx86unix.cpp
+	$(CC) -E -DSOL asm/mx86unix.cpp | sed 's/^#.*//' > asm/mx86-sol.s
+	as -o asm/mx86-sol.o asm/mx86-sol.s
+	rm -f asm/mx86-sol.s
+
+# a.out
+asm/mx86-out.o: asm/mx86unix.cpp
+	$(CPP) -DOUT asm/mx86unix.cpp | as -o asm/mx86-out.o
+
+# bsdi
+asm/mx86bsdi.o: asm/mx86unix.cpp
+	$(CPP) -DBSDI asm/mx86unix.cpp | sed 's/ :/:/' | as -o asm/mx86bsdi.o
+
+asm/mx86unix.cpp: asm/md5-586.pl
+	(cd asm; $(PERL) md5-586.pl cpp >mx86unix.cpp)
+
+asm/md5-sparcv8plus.o: asm/md5-sparcv9.S
+	$(CC) $(ASFLAGS) -DMD5_BLOCK_DATA_ORDER -c \
+		-o asm/md5-sparcv8plus.o asm/md5-sparcv9.S
+
+# Old GNU assembler doesn't understand V9 instructions, so we
+# hire /usr/ccs/bin/as to do the job. Note that option is called
+# *-gcc27, but even gcc 2>=8 users may experience similar problem
+# if they didn't bother to upgrade GNU assembler. Such users should
+# not choose this option, but be adviced to *remove* GNU assembler
+# or upgrade it.
+sm/md5-sparcv8plus-gcc27.o: asm/md5-sparcv9.S
+	$(CC) $(ASFLAGS) -DMD5_BLOCK_DATA_ORDER -E asm/md5-sparcv9.S | \
+		/usr/ccs/bin/as -xarch=v8plus - -o asm/md5-sparcv8plus-gcc27.o
+
+asm/md5-sparcv9.o: asm/md5-sparcv9.S
+	$(CC) $(ASFLAGS) -DMD5_BLOCK_DATA_ORDER -c \
+		-o asm/md5-sparcv9.o asm/md5-sparcv9.S
+
+files:
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+	@for i in $(EXHEADER) ; \
+	do  \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+	done;
+
+tags:
+	ctags $(SRC)
+
+tests:
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+
+dclean:
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	rm -f asm/mx86unix.cpp *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+md5_dgst.o: ../../include/openssl/md5.h ../../include/openssl/opensslconf.h
+md5_dgst.o: ../../include/openssl/opensslv.h ../md32_common.h md5_locl.h
+md5_one.o: ../../include/openssl/md5.h
diff --git a/crypto/openssl/crypto/md5/Makefile.uni b/crypto/openssl/crypto/md5/Makefile.uni
new file mode 100644
index 000000000000..d21c72f3ea0d
--- /dev/null
+++ b/crypto/openssl/crypto/md5/Makefile.uni
@@ -0,0 +1,110 @@
+# Targets
+# make          - twidle the options yourself :-)
+# make cc       - standard cc options
+# make gcc      - standard gcc options
+# make x86-elf  - linux-elf etc
+# make x86-out  - linux-a.out, FreeBSD etc
+# make x86-solaris
+# make x86-bdsi
+
+DIR=    md5
+TOP=    .
+CC=     gcc
+CFLAG=	-O3 -fomit-frame-pointer
+
+CPP=    $(CC) -E
+INCLUDES=
+INSTALLTOP=/usr/local/lib
+MAKE=           make
+MAKEDEPEND=     makedepend
+MAKEFILE=       Makefile.uni
+AR=             ar r
+RANLIB=         ranlib
+
+MD5_ASM_OBJ=
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=md5test
+APPS=md5
+
+LIB=libmd5.a
+LIBSRC=md5_dgst.c md5_one.c
+LIBOBJ=md5_dgst.o md5_one.o $(MD5_ASM_OBJ)
+
+SRC= $(LIBSRC)
+
+EXHEADER= md5.h
+HEADER= md5_locl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+all:    $(LIB) $(TEST) $(APPS)
+
+$(LIB):    $(LIBOBJ)
+	$(AR) $(LIB) $(LIBOBJ)
+	$(RANLIB) $(LIB)
+
+# elf
+asm/mx86-elf.o: asm/mx86unix.cpp
+	$(CPP) -DELF asm/mx86unix.cpp | as -o asm/mx86-elf.o
+
+# solaris
+asm/mx86-sol.o: asm/mx86unix.cpp
+	$(CC) -E -DSOL asm/mx86unix.cpp | sed 's/^#.*//' > asm/mx86-sol.s
+	as -o asm/mx86-sol.o asm/mx86-sol.s
+	rm -f asm/mx86-sol.s
+
+# a.out
+asm/mx86-out.o: asm/mx86unix.cpp
+	$(CPP) -DOUT asm/mx86unix.cpp | as -o asm/mx86-out.o
+
+# bsdi
+asm/mx86bsdi.o: asm/mx86unix.cpp
+	$(CPP) -DBSDI asm/mx86unix.cpp | as -o asm/mx86bsdi.o
+
+asm/mx86unix.cpp:
+	(cd asm; perl md5-586.pl cpp >mx86unix.cpp)
+
+test:	$(TEST)
+	./$(TEST)
+
+$(TEST): $(TEST).c $(LIB)
+	$(CC) -o $(TEST) $(CFLAGS) $(TEST).c $(LIB)
+
+$(APPS): $(APPS).c $(LIB)
+	$(CC) -o $(APPS) $(CFLAGS) $(APPS).c $(LIB)
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+
+dclean:
+	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	/bin/rm -f $(LIB) $(TEST) $(APPS) *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+cc:
+	$(MAKE) MD5_ASM_OBJ="" CC="cc" CFLAG="-O" all
+
+gcc:
+	$(MAKE) MD5_ASM_OBJ="" CC="gcc" CFLAGS="-O3 -fomit-frame-pointer" all
+
+x86-elf:
+	$(MAKE) MD5_ASM_OBJ="asm/mx86-elf.o" CFLAG="-DELF -DMD5_ASM -DL_ENDIAN $(CFLAGS)" all
+
+x86-out:
+	$(MAKE) MD5_ASM_OBJ="asm/mx86-out.o" CFLAG="-DOUT -DMD5_ASM -DL_ENDIAN $(CFLAGS)" all
+
+x86-solaris:
+	$(MAKE) MD5_ASM_OBJ="asm/mx86-sol.o" CFLAG="-DSOL -DMD5_ASM -DL_ENDIAN $(CFLAGS)" all
+
+x86-bdsi:
+	$(MAKE) MD5_ASM_OBJ="asm/mx86-bdsi.o" CFLAG="-DBDSI -DMD5_ASM -DL_ENDIAN $(CFLAGS)" all
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/openssl/crypto/md5/asm/md5-586.pl b/crypto/openssl/crypto/md5/asm/md5-586.pl
new file mode 100644
index 000000000000..5fc6a205ce00
--- /dev/null
+++ b/crypto/openssl/crypto/md5/asm/md5-586.pl
@@ -0,0 +1,306 @@
+#!/usr/local/bin/perl
+
+# Normal is the
+# md5_block_x86(MD5_CTX *c, ULONG *X);
+# version, non-normal is the
+# md5_block_x86(MD5_CTX *c, ULONG *X,int blocks);
+
+$normal=0;
+
+push(@INC,"perlasm","../../perlasm");
+require "x86asm.pl";
+
+&asm_init($ARGV[0],$0);
+
+$A="eax";
+$B="ebx";
+$C="ecx";
+$D="edx";
+$tmp1="edi";
+$tmp2="ebp";
+$X="esi";
+
+# What we need to load into $tmp for the next round
+%Ltmp1=("R0",&Np($C), "R1",&Np($C), "R2",&Np($C), "R3",&Np($D));
+@xo=(
+ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15,	# R0
+ 1, 6, 11, 0, 5, 10, 15, 4, 9, 14, 3, 8, 13, 2, 7, 12,	# R1
+ 5, 8, 11, 14, 1, 4, 7, 10, 13, 0, 3, 6, 9, 12, 15, 2,	# R2
+ 0, 7, 14, 5, 12, 3, 10, 1, 8, 15, 6, 13, 4, 11, 2, 9,	# R3
+ );
+
+&md5_block("md5_block_asm_host_order");
+&asm_finish();
+
+sub Np
+	{
+	local($p)=@_;
+	local(%n)=($A,$D,$B,$A,$C,$B,$D,$C);
+	return($n{$p});
+	}
+
+sub R0
+	{
+	local($pos,$a,$b,$c,$d,$K,$ki,$s,$t)=@_;
+
+	&mov($tmp1,$C)  if $pos < 0;
+	&mov($tmp2,&DWP($xo[$ki]*4,$K,"",0)) if $pos < 0; # very first one 
+
+	# body proper
+
+	&comment("R0 $ki");
+	&xor($tmp1,$d); # F function - part 2
+
+	&and($tmp1,$b); # F function - part 3
+	&lea($a,&DWP($t,$a,$tmp2,1));
+
+	&xor($tmp1,$d); # F function - part 4
+
+	&add($a,$tmp1);
+	&mov($tmp1,&Np($c)) if $pos < 1;	# next tmp1 for R0
+	&mov($tmp1,&Np($c)) if $pos == 1;	# next tmp1 for R1
+
+	&rotl($a,$s);
+
+	&mov($tmp2,&DWP($xo[$ki+1]*4,$K,"",0)) if ($pos != 2);
+
+	&add($a,$b);
+	}
+
+sub R1
+	{
+	local($pos,$a,$b,$c,$d,$K,$ki,$s,$t)=@_;
+
+	&comment("R1 $ki");
+
+	&lea($a,&DWP($t,$a,$tmp2,1));
+
+	&xor($tmp1,$b); # G function - part 2
+	&and($tmp1,$d); # G function - part 3
+
+	&mov($tmp2,&DWP($xo[$ki+1]*4,$K,"",0)) if ($pos != 2);
+	&xor($tmp1,$c);			# G function - part 4
+
+	&add($a,$tmp1);
+	&mov($tmp1,&Np($c)) if $pos < 1;	# G function - part 1
+	&mov($tmp1,&Np($c)) if $pos == 1;	# G function - part 1
+
+	&rotl($a,$s);
+
+	&add($a,$b);
+	}
+
+sub R2
+	{
+	local($n,$pos,$a,$b,$c,$d,$K,$ki,$s,$t)=@_;
+	# This one is different, only 3 logical operations
+
+if (($n & 1) == 0)
+	{
+	&comment("R2 $ki");
+	# make sure to do 'D' first, not 'B', else we clash with
+	# the last add from the previous round.
+
+	&xor($tmp1,$d); # H function - part 2
+
+	&xor($tmp1,$b); # H function - part 3
+	&lea($a,&DWP($t,$a,$tmp2,1));
+
+	&add($a,$tmp1);
+
+	&rotl($a,$s);
+
+	&mov($tmp2,&DWP($xo[$ki+1]*4,$K,"",0));
+	&mov($tmp1,&Np($c));
+	}
+else
+	{
+	&comment("R2 $ki");
+	# make sure to do 'D' first, not 'B', else we clash with
+	# the last add from the previous round.
+
+	&lea($a,&DWP($t,$a,$tmp2,1));
+
+	&add($b,$c);			# MOVED FORWARD
+	&xor($tmp1,$d); # H function - part 2
+
+	&xor($tmp1,$b); # H function - part 3
+	&mov($tmp2,&DWP($xo[$ki+1]*4,$K,"",0)) if ($pos != 2);
+
+	&add($a,$tmp1);
+	&mov($tmp1,&Np($c)) if $pos < 1;	# H function - part 1
+	&mov($tmp1,-1) if $pos == 1;		# I function - part 1
+
+	&rotl($a,$s);
+
+	&add($a,$b);
+	}
+	}
+
+sub R3
+	{
+	local($pos,$a,$b,$c,$d,$K,$ki,$s,$t)=@_;
+
+	&comment("R3 $ki");
+
+	# ¬($tmp1)
+	&xor($tmp1,$d) if $pos < 0; 	# I function - part 2
+
+	&or($tmp1,$b);				# I function - part 3
+	&lea($a,&DWP($t,$a,$tmp2,1));
+
+	&xor($tmp1,$c); 			# I function - part 4
+	&mov($tmp2,&DWP($xo[$ki+1]*4,$K,"",0))	if $pos != 2; # load X/k value
+	&mov($tmp2,&wparam(0)) if $pos == 2;
+
+	&add($a,$tmp1);
+	&mov($tmp1,-1) if $pos < 1;	# H function - part 1
+	&add($K,64) if $pos >=1 && !$normal;
+
+	&rotl($a,$s);
+
+	&xor($tmp1,&Np($d)) if $pos <= 0; 	# I function - part = first time
+	&mov($tmp1,&DWP( 0,$tmp2,"",0)) if $pos > 0;
+	&add($a,$b);
+	}
+
+
+sub md5_block
+	{
+	local($name)=@_;
+
+	&function_begin_B($name,"",3);
+
+	# parameter 1 is the MD5_CTX structure.
+	# A	0
+	# B	4
+	# C	8
+	# D 	12
+
+	&push("esi");
+	 &push("edi");
+	&mov($tmp1,	&wparam(0)); # edi
+	 &mov($X,	&wparam(1)); # esi
+	&mov($C,	&wparam(2));
+	 &push("ebp");
+	&shl($C,	6);
+	&push("ebx");
+	 &add($C,	$X); # offset we end at
+	&sub($C,	64);
+	 &mov($A,	&DWP( 0,$tmp1,"",0));
+	&push($C);	# Put on the TOS
+	 &mov($B,	&DWP( 4,$tmp1,"",0));
+	&mov($C,	&DWP( 8,$tmp1,"",0));
+	 &mov($D,	&DWP(12,$tmp1,"",0));
+
+	&set_label("start") unless $normal;
+	&comment("");
+	&comment("R0 section");
+
+	&R0(-2,$A,$B,$C,$D,$X, 0, 7,0xd76aa478);
+	&R0( 0,$D,$A,$B,$C,$X, 1,12,0xe8c7b756);
+	&R0( 0,$C,$D,$A,$B,$X, 2,17,0x242070db);
+	&R0( 0,$B,$C,$D,$A,$X, 3,22,0xc1bdceee);
+	&R0( 0,$A,$B,$C,$D,$X, 4, 7,0xf57c0faf);
+	&R0( 0,$D,$A,$B,$C,$X, 5,12,0x4787c62a);
+	&R0( 0,$C,$D,$A,$B,$X, 6,17,0xa8304613);
+	&R0( 0,$B,$C,$D,$A,$X, 7,22,0xfd469501);
+	&R0( 0,$A,$B,$C,$D,$X, 8, 7,0x698098d8);
+	&R0( 0,$D,$A,$B,$C,$X, 9,12,0x8b44f7af);
+	&R0( 0,$C,$D,$A,$B,$X,10,17,0xffff5bb1);
+	&R0( 0,$B,$C,$D,$A,$X,11,22,0x895cd7be);
+	&R0( 0,$A,$B,$C,$D,$X,12, 7,0x6b901122);
+	&R0( 0,$D,$A,$B,$C,$X,13,12,0xfd987193);
+	&R0( 0,$C,$D,$A,$B,$X,14,17,0xa679438e);
+	&R0( 1,$B,$C,$D,$A,$X,15,22,0x49b40821);
+
+	&comment("");
+	&comment("R1 section");
+	&R1(-1,$A,$B,$C,$D,$X,16, 5,0xf61e2562);
+	&R1( 0,$D,$A,$B,$C,$X,17, 9,0xc040b340);
+	&R1( 0,$C,$D,$A,$B,$X,18,14,0x265e5a51);
+	&R1( 0,$B,$C,$D,$A,$X,19,20,0xe9b6c7aa);
+	&R1( 0,$A,$B,$C,$D,$X,20, 5,0xd62f105d);
+	&R1( 0,$D,$A,$B,$C,$X,21, 9,0x02441453);
+	&R1( 0,$C,$D,$A,$B,$X,22,14,0xd8a1e681);
+	&R1( 0,$B,$C,$D,$A,$X,23,20,0xe7d3fbc8);
+	&R1( 0,$A,$B,$C,$D,$X,24, 5,0x21e1cde6);
+	&R1( 0,$D,$A,$B,$C,$X,25, 9,0xc33707d6);
+	&R1( 0,$C,$D,$A,$B,$X,26,14,0xf4d50d87);
+	&R1( 0,$B,$C,$D,$A,$X,27,20,0x455a14ed);
+	&R1( 0,$A,$B,$C,$D,$X,28, 5,0xa9e3e905);
+	&R1( 0,$D,$A,$B,$C,$X,29, 9,0xfcefa3f8);
+	&R1( 0,$C,$D,$A,$B,$X,30,14,0x676f02d9);
+	&R1( 1,$B,$C,$D,$A,$X,31,20,0x8d2a4c8a);
+
+	&comment("");
+	&comment("R2 section");
+	&R2( 0,-1,$A,$B,$C,$D,$X,32, 4,0xfffa3942);
+	&R2( 1, 0,$D,$A,$B,$C,$X,33,11,0x8771f681);
+	&R2( 2, 0,$C,$D,$A,$B,$X,34,16,0x6d9d6122);
+	&R2( 3, 0,$B,$C,$D,$A,$X,35,23,0xfde5380c);
+	&R2( 4, 0,$A,$B,$C,$D,$X,36, 4,0xa4beea44);
+	&R2( 5, 0,$D,$A,$B,$C,$X,37,11,0x4bdecfa9);
+	&R2( 6, 0,$C,$D,$A,$B,$X,38,16,0xf6bb4b60);
+	&R2( 7, 0,$B,$C,$D,$A,$X,39,23,0xbebfbc70);
+	&R2( 8, 0,$A,$B,$C,$D,$X,40, 4,0x289b7ec6);
+	&R2( 9, 0,$D,$A,$B,$C,$X,41,11,0xeaa127fa);
+	&R2(10, 0,$C,$D,$A,$B,$X,42,16,0xd4ef3085);
+	&R2(11, 0,$B,$C,$D,$A,$X,43,23,0x04881d05);
+	&R2(12, 0,$A,$B,$C,$D,$X,44, 4,0xd9d4d039);
+	&R2(13, 0,$D,$A,$B,$C,$X,45,11,0xe6db99e5);
+	&R2(14, 0,$C,$D,$A,$B,$X,46,16,0x1fa27cf8);
+	&R2(15, 1,$B,$C,$D,$A,$X,47,23,0xc4ac5665);
+
+	&comment("");
+	&comment("R3 section");
+	&R3(-1,$A,$B,$C,$D,$X,48, 6,0xf4292244);
+	&R3( 0,$D,$A,$B,$C,$X,49,10,0x432aff97);
+	&R3( 0,$C,$D,$A,$B,$X,50,15,0xab9423a7);
+	&R3( 0,$B,$C,$D,$A,$X,51,21,0xfc93a039);
+	&R3( 0,$A,$B,$C,$D,$X,52, 6,0x655b59c3);
+	&R3( 0,$D,$A,$B,$C,$X,53,10,0x8f0ccc92);
+	&R3( 0,$C,$D,$A,$B,$X,54,15,0xffeff47d);
+	&R3( 0,$B,$C,$D,$A,$X,55,21,0x85845dd1);
+	&R3( 0,$A,$B,$C,$D,$X,56, 6,0x6fa87e4f);
+	&R3( 0,$D,$A,$B,$C,$X,57,10,0xfe2ce6e0);
+	&R3( 0,$C,$D,$A,$B,$X,58,15,0xa3014314);
+	&R3( 0,$B,$C,$D,$A,$X,59,21,0x4e0811a1);
+	&R3( 0,$A,$B,$C,$D,$X,60, 6,0xf7537e82);
+	&R3( 0,$D,$A,$B,$C,$X,61,10,0xbd3af235);
+	&R3( 0,$C,$D,$A,$B,$X,62,15,0x2ad7d2bb);
+	&R3( 2,$B,$C,$D,$A,$X,63,21,0xeb86d391);
+
+	# &mov($tmp2,&wparam(0));	# done in the last R3
+	# &mov($tmp1,	&DWP( 0,$tmp2,"",0)); # done is the last R3
+
+	&add($A,$tmp1);
+	 &mov($tmp1,	&DWP( 4,$tmp2,"",0));
+
+	&add($B,$tmp1);
+	&mov($tmp1,	&DWP( 8,$tmp2,"",0));
+
+	&add($C,$tmp1);
+	&mov($tmp1,	&DWP(12,$tmp2,"",0));
+
+	&add($D,$tmp1);
+	&mov(&DWP( 0,$tmp2,"",0),$A);
+
+	&mov(&DWP( 4,$tmp2,"",0),$B);
+	&mov($tmp1,&swtmp(0)) unless $normal;
+
+	&mov(&DWP( 8,$tmp2,"",0),$C);
+	 &mov(&DWP(12,$tmp2,"",0),$D);
+
+	&cmp($tmp1,$X) unless $normal;			# check count
+	 &jge(&label("start")) unless $normal;
+
+	&pop("eax"); # pop the temp variable off the stack
+	 &pop("ebx");
+	&pop("ebp");
+	 &pop("edi");
+	&pop("esi");
+	 &ret();
+	&function_end_B($name);
+	}
+
diff --git a/crypto/openssl/crypto/md5/asm/md5-sparcv9.S b/crypto/openssl/crypto/md5/asm/md5-sparcv9.S
new file mode 100644
index 000000000000..ca4257f13412
--- /dev/null
+++ b/crypto/openssl/crypto/md5/asm/md5-sparcv9.S
@@ -0,0 +1,1029 @@
+.ident	"md5-sparcv9.S, Version 1.0"
+.ident	"SPARC V9 ISA artwork by Andy Polyakov "
+.file	"md5-sparcv9.S"
+
+/*
+ * ====================================================================
+ * Copyright (c) 1999 Andy Polyakov .
+ *
+ * Rights for redistribution and usage in source and binary forms are
+ * granted as long as above copyright notices are retained. Warranty
+ * of any kind is (of course:-) disclaimed.
+ * ====================================================================
+ */
+
+/*
+ * This is my modest contribution to OpenSSL project (see
+ * http://www.openssl.org/ for more information about it) and is an
+ * assembler implementation of MD5 block hash function. I've hand-coded
+ * this for the sole reason to reach UltraSPARC-specific "load in
+ * little-endian byte order" instruction. This gives up to 15%
+ * performance improvement for cases when input message is aligned at
+ * 32 bits boundary. The module was tested under both 32 *and* 64 bit
+ * kernels. For updates see http://fy.chalmers.se/~appro/hpe/.
+ *
+ * To compile with SC4.x/SC5.x:
+ *
+ *	cc -xarch=v[9|8plus] -DULTRASPARC -DMD5_BLOCK_DATA_ORDER \
+ *		-c md5-sparcv9.S
+ *
+ * and with gcc:
+ *
+ *	gcc -mcpu=ultrasparc -DULTRASPARC -DMD5_BLOCK_DATA_ORDER \
+ *		-c md5-sparcv9.S
+ *
+ * or if above fails (it does if you have gas):
+ *
+ *	gcc -E -DULTRASPARC -DMD5_BLOCK_DATA_ORDER md5_block.sparc.S | \
+ *		as -xarch=v8plus /dev/fd/0 -o md5-sparcv9.o
+ */
+
+#define	A	%o0
+#define B	%o1
+#define	C	%o2
+#define	D	%o3
+#define	T1	%o4
+#define	T2	%o5
+
+#define	R0	%l0
+#define	R1	%l1
+#define	R2	%l2
+#define	R3	%l3
+#define	R4	%l4
+#define	R5	%l5
+#define	R6	%l6
+#define	R7	%l7
+#define	R8	%i3
+#define	R9	%i4
+#define	R10	%i5
+#define	R11	%g1
+#define R12	%g2
+#define	R13	%g3
+#define RX	%g4
+
+#define Aptr	%i0+0
+#define Bptr	%i0+4
+#define Cptr	%i0+8
+#define Dptr	%i0+12
+
+#define Aval	R5	/* those not used at the end of the last round */
+#define Bval	R6
+#define Cval	R7
+#define Dval	R8
+
+#if defined(MD5_BLOCK_DATA_ORDER)
+# if defined(ULTRASPARC)
+#  define	LOAD			lda
+#  define	X(i)			[%i1+i*4]%asi
+#  define	md5_block		md5_block_asm_data_order_aligned
+#  define	ASI_PRIMARY_LITTLE	0x88
+# else
+#  error "MD5_BLOCK_DATA_ORDER is supported only on UltraSPARC!"
+# endif
+#else
+# define	LOAD			ld
+# define	X(i)			[%i1+i*4]
+# define	md5_block		md5_block_asm_host_order
+#endif
+
+.section        ".text",#alloc,#execinstr
+
+#if defined(__SUNPRO_C) && defined(__sparcv9)
+  /* They've said -xarch=v9 at command line */
+  .register	%g2,#scratch
+  .register	%g3,#scratch
+# define	FRAME	-192
+#elif defined(__GNUC__) && defined(__arch64__)
+  /* They've said -m64 at command line */
+  .register     %g2,#scratch
+  .register     %g3,#scratch
+# define        FRAME   -192
+#else
+# define	FRAME	-96
+#endif
+
+.align  32
+
+.global md5_block
+md5_block:
+	save	%sp,FRAME,%sp
+
+	ld	[Dptr],D
+	ld	[Cptr],C
+	ld	[Bptr],B
+	ld	[Aptr],A
+#ifdef ASI_PRIMARY_LITTLE
+	rd	%asi,%o7	! How dare I? Well, I just do:-)
+	wr	%g0,ASI_PRIMARY_LITTLE,%asi
+#endif
+	LOAD	X(0),R0
+
+.Lmd5_block_loop:
+
+!!!!!!!!Round 0
+
+	xor	C,D,T1
+	sethi	%hi(0xd76aa478),T2
+	and	T1,B,T1
+	or	T2,%lo(0xd76aa478),T2	!=
+	xor	T1,D,T1
+	add	T1,R0,T1
+	LOAD	X(1),R1
+	add	T1,T2,T1		!=
+	add	A,T1,A
+	sll	A,7,T2
+	srl	A,32-7,A
+	or	A,T2,A			!=
+	 xor	 B,C,T1
+	add	A,B,A
+
+	sethi	%hi(0xe8c7b756),T2
+	and	T1,A,T1			!=
+	or	T2,%lo(0xe8c7b756),T2
+	xor	T1,C,T1
+	LOAD	X(2),R2
+	add	T1,R1,T1		!=
+	add	T1,T2,T1
+	add	D,T1,D
+	sll	D,12,T2
+	srl	D,32-12,D		!=
+	or	D,T2,D
+	 xor	 A,B,T1
+	add	D,A,D
+
+	sethi	%hi(0x242070db),T2	!=
+	and	T1,D,T1
+	or	T2,%lo(0x242070db),T2
+	xor	T1,B,T1
+	add	T1,R2,T1		!=
+	LOAD	X(3),R3
+	add	T1,T2,T1
+	add	C,T1,C
+	sll	C,17,T2			!=
+	srl	C,32-17,C
+	or	C,T2,C
+	 xor	 D,A,T1
+	add	C,D,C			!=
+
+	sethi	%hi(0xc1bdceee),T2
+	and	T1,C,T1
+	or	T2,%lo(0xc1bdceee),T2
+	xor	T1,A,T1			!=
+	add	T1,R3,T1
+	LOAD	X(4),R4
+	add	T1,T2,T1
+	add	B,T1,B			!=
+	sll	B,22,T2
+	srl	B,32-22,B
+	or	B,T2,B
+	 xor	 C,D,T1			!=
+	add	B,C,B
+
+	sethi	%hi(0xf57c0faf),T2
+	and	T1,B,T1
+	or	T2,%lo(0xf57c0faf),T2	!=
+	xor	T1,D,T1
+	add	T1,R4,T1
+	LOAD	X(5),R5
+	add	T1,T2,T1		!=
+	add	A,T1,A
+	sll	A,7,T2
+	srl	A,32-7,A
+	or	A,T2,A			!=
+	 xor	 B,C,T1
+	add	A,B,A
+
+	sethi	%hi(0x4787c62a),T2
+	and	T1,A,T1			!=
+	or	T2,%lo(0x4787c62a),T2
+	xor	T1,C,T1
+	LOAD	X(6),R6
+	add	T1,R5,T1		!=
+	add	T1,T2,T1
+	add	D,T1,D
+	sll	D,12,T2
+	srl	D,32-12,D		!=
+	or	D,T2,D
+	 xor	 A,B,T1
+	add	D,A,D
+
+	sethi	%hi(0xa8304613),T2	!=
+	and	T1,D,T1
+	or	T2,%lo(0xa8304613),T2
+	xor	T1,B,T1
+	add	T1,R6,T1		!=
+	LOAD	X(7),R7
+	add	T1,T2,T1
+	add	C,T1,C
+	sll	C,17,T2			!=
+	srl	C,32-17,C
+	or	C,T2,C
+	 xor	 D,A,T1
+	add	C,D,C			!=
+
+	sethi	%hi(0xfd469501),T2
+	and	T1,C,T1
+	or	T2,%lo(0xfd469501),T2
+	xor	T1,A,T1			!=
+	add	T1,R7,T1
+	LOAD	X(8),R8
+	add	T1,T2,T1
+	add	B,T1,B			!=
+	sll	B,22,T2
+	srl	B,32-22,B
+	or	B,T2,B
+	 xor	 C,D,T1			!=
+	add	B,C,B
+
+	sethi	%hi(0x698098d8),T2
+	and	T1,B,T1
+	or	T2,%lo(0x698098d8),T2	!=
+	xor	T1,D,T1
+	add	T1,R8,T1
+	LOAD	X(9),R9
+	add	T1,T2,T1		!=
+	add	A,T1,A
+	sll	A,7,T2
+	srl	A,32-7,A
+	or	A,T2,A			!=
+	 xor	 B,C,T1
+	add	A,B,A
+
+	sethi	%hi(0x8b44f7af),T2
+	and	T1,A,T1			!=
+	or	T2,%lo(0x8b44f7af),T2
+	xor	T1,C,T1
+	LOAD	X(10),R10
+	add	T1,R9,T1		!=
+	add	T1,T2,T1
+	add	D,T1,D
+	sll	D,12,T2
+	srl	D,32-12,D		!=
+	or	D,T2,D
+	 xor	 A,B,T1
+	add	D,A,D
+
+	sethi	%hi(0xffff5bb1),T2	!=
+	and	T1,D,T1
+	or	T2,%lo(0xffff5bb1),T2
+	xor	T1,B,T1
+	add	T1,R10,T1		!=
+	LOAD	X(11),R11
+	add	T1,T2,T1
+	add	C,T1,C
+	sll	C,17,T2			!=
+	srl	C,32-17,C
+	or	C,T2,C
+	 xor	 D,A,T1
+	add	C,D,C			!=
+
+	sethi	%hi(0x895cd7be),T2
+	and	T1,C,T1
+	or	T2,%lo(0x895cd7be),T2
+	xor	T1,A,T1			!=
+	add	T1,R11,T1
+	LOAD	X(12),R12
+	add	T1,T2,T1
+	add	B,T1,B			!=
+	sll	B,22,T2
+	srl	B,32-22,B
+	or	B,T2,B
+	 xor	 C,D,T1			!=
+	add	B,C,B
+
+	sethi	%hi(0x6b901122),T2
+	and	T1,B,T1
+	or	T2,%lo(0x6b901122),T2	!=
+	xor	T1,D,T1
+	add	T1,R12,T1
+	LOAD	X(13),R13
+	add	T1,T2,T1		!=
+	add	A,T1,A
+	sll	A,7,T2
+	srl	A,32-7,A
+	or	A,T2,A			!=
+	 xor	 B,C,T1
+	add	A,B,A
+
+	sethi	%hi(0xfd987193),T2
+	and	T1,A,T1			!=
+	or	T2,%lo(0xfd987193),T2
+	xor	T1,C,T1
+	LOAD	X(14),RX
+	add	T1,R13,T1		!=
+	add	T1,T2,T1
+	add	D,T1,D
+	sll	D,12,T2
+	srl	D,32-12,D		!=
+	or	D,T2,D
+	 xor	 A,B,T1
+	add	D,A,D
+
+	sethi	%hi(0xa679438e),T2	!=
+	and	T1,D,T1
+	or	T2,%lo(0xa679438e),T2
+	xor	T1,B,T1
+	add	T1,RX,T1		!=
+	LOAD	X(15),RX
+	add	T1,T2,T1
+	add	C,T1,C
+	sll	C,17,T2			!=
+	srl	C,32-17,C
+	or	C,T2,C
+	 xor	 D,A,T1
+	add	C,D,C			!=
+
+	sethi	%hi(0x49b40821),T2
+	and	T1,C,T1
+	or	T2,%lo(0x49b40821),T2
+	xor	T1,A,T1			!=
+	add	T1,RX,T1
+	!pre-LOADed	X(1),R1
+	add	T1,T2,T1
+	add	B,T1,B
+	sll	B,22,T2			!=
+	srl	B,32-22,B
+	or	B,T2,B
+	add	B,C,B
+
+!!!!!!!!Round 1
+
+	xor	B,C,T1			!=
+	sethi	%hi(0xf61e2562),T2
+	and	T1,D,T1
+	or	T2,%lo(0xf61e2562),T2
+	xor	T1,C,T1			!=
+	add	T1,R1,T1
+	!pre-LOADed	X(6),R6
+	add	T1,T2,T1
+	add	A,T1,A
+	sll	A,5,T2			!=
+	srl	A,32-5,A
+	or	A,T2,A
+	add	A,B,A
+
+	xor	A,B,T1			!=
+	sethi	%hi(0xc040b340),T2
+	and	T1,C,T1
+	or	T2,%lo(0xc040b340),T2
+	xor	T1,B,T1			!=
+	add	T1,R6,T1
+	!pre-LOADed	X(11),R11
+	add	T1,T2,T1
+	add	D,T1,D
+	sll	D,9,T2			!=
+	srl	D,32-9,D
+	or	D,T2,D
+	add	D,A,D
+
+	xor	D,A,T1			!=
+	sethi	%hi(0x265e5a51),T2
+	and	T1,B,T1
+	or	T2,%lo(0x265e5a51),T2
+	xor	T1,A,T1			!=
+	add	T1,R11,T1
+	!pre-LOADed	X(0),R0
+	add	T1,T2,T1
+	add	C,T1,C
+	sll	C,14,T2			!=
+	srl	C,32-14,C
+	or	C,T2,C
+	add	C,D,C
+
+	xor	C,D,T1			!=
+	sethi	%hi(0xe9b6c7aa),T2
+	and	T1,A,T1
+	or	T2,%lo(0xe9b6c7aa),T2
+	xor	T1,D,T1			!=
+	add	T1,R0,T1
+	!pre-LOADed	X(5),R5
+	add	T1,T2,T1
+	add	B,T1,B
+	sll	B,20,T2			!=
+	srl	B,32-20,B
+	or	B,T2,B
+	add	B,C,B
+
+	xor	B,C,T1			!=
+	sethi	%hi(0xd62f105d),T2
+	and	T1,D,T1
+	or	T2,%lo(0xd62f105d),T2
+	xor	T1,C,T1			!=
+	add	T1,R5,T1
+	!pre-LOADed	X(10),R10
+	add	T1,T2,T1
+	add	A,T1,A
+	sll	A,5,T2			!=
+	srl	A,32-5,A
+	or	A,T2,A
+	add	A,B,A
+
+	xor	A,B,T1			!=
+	sethi	%hi(0x02441453),T2
+	and	T1,C,T1
+	or	T2,%lo(0x02441453),T2
+	xor	T1,B,T1			!=
+	add	T1,R10,T1
+	LOAD	X(15),RX
+	add	T1,T2,T1
+	add	D,T1,D			!=
+	sll	D,9,T2
+	srl	D,32-9,D
+	or	D,T2,D
+	add	D,A,D			!=
+
+	xor	D,A,T1
+	sethi	%hi(0xd8a1e681),T2
+	and	T1,B,T1
+	or	T2,%lo(0xd8a1e681),T2	!=
+	xor	T1,A,T1
+	add	T1,RX,T1
+	!pre-LOADed	X(4),R4
+	add	T1,T2,T1
+	add	C,T1,C			!=
+	sll	C,14,T2
+	srl	C,32-14,C
+	or	C,T2,C
+	add	C,D,C			!=
+
+	xor	C,D,T1
+	sethi	%hi(0xe7d3fbc8),T2
+	and	T1,A,T1
+	or	T2,%lo(0xe7d3fbc8),T2	!=
+	xor	T1,D,T1
+	add	T1,R4,T1
+	!pre-LOADed	X(9),R9
+	add	T1,T2,T1
+	add	B,T1,B			!=
+	sll	B,20,T2
+	srl	B,32-20,B
+	or	B,T2,B
+	add	B,C,B			!=
+
+	xor	B,C,T1
+	sethi	%hi(0x21e1cde6),T2
+	and	T1,D,T1
+	or	T2,%lo(0x21e1cde6),T2	!=
+	xor	T1,C,T1
+	add	T1,R9,T1
+	LOAD	X(14),RX
+	add	T1,T2,T1		!=
+	add	A,T1,A
+	sll	A,5,T2
+	srl	A,32-5,A
+	or	A,T2,A			!=
+	add	A,B,A
+
+	xor	A,B,T1
+	sethi	%hi(0xc33707d6),T2
+	and	T1,C,T1			!=
+	or	T2,%lo(0xc33707d6),T2
+	xor	T1,B,T1
+	add	T1,RX,T1
+	!pre-LOADed	X(3),R3
+	add	T1,T2,T1		!=
+	add	D,T1,D
+	sll	D,9,T2
+	srl	D,32-9,D
+	or	D,T2,D			!=
+	add	D,A,D
+
+	xor	D,A,T1
+	sethi	%hi(0xf4d50d87),T2
+	and	T1,B,T1			!=
+	or	T2,%lo(0xf4d50d87),T2
+	xor	T1,A,T1
+	add	T1,R3,T1
+	!pre-LOADed	X(8),R8
+	add	T1,T2,T1		!=
+	add	C,T1,C
+	sll	C,14,T2
+	srl	C,32-14,C
+	or	C,T2,C			!=
+	add	C,D,C
+
+	xor	C,D,T1
+	sethi	%hi(0x455a14ed),T2
+	and	T1,A,T1			!=
+	or	T2,%lo(0x455a14ed),T2
+	xor	T1,D,T1
+	add	T1,R8,T1
+	!pre-LOADed	X(13),R13
+	add	T1,T2,T1		!=
+	add	B,T1,B
+	sll	B,20,T2
+	srl	B,32-20,B
+	or	B,T2,B			!=
+	add	B,C,B
+
+	xor	B,C,T1
+	sethi	%hi(0xa9e3e905),T2
+	and	T1,D,T1			!=
+	or	T2,%lo(0xa9e3e905),T2
+	xor	T1,C,T1
+	add	T1,R13,T1
+	!pre-LOADed	X(2),R2
+	add	T1,T2,T1		!=
+	add	A,T1,A
+	sll	A,5,T2
+	srl	A,32-5,A
+	or	A,T2,A			!=
+	add	A,B,A
+
+	xor	A,B,T1
+	sethi	%hi(0xfcefa3f8),T2
+	and	T1,C,T1			!=
+	or	T2,%lo(0xfcefa3f8),T2
+	xor	T1,B,T1
+	add	T1,R2,T1
+	!pre-LOADed	X(7),R7
+	add	T1,T2,T1		!=
+	add	D,T1,D
+	sll	D,9,T2
+	srl	D,32-9,D
+	or	D,T2,D			!=
+	add	D,A,D
+
+	xor	D,A,T1
+	sethi	%hi(0x676f02d9),T2
+	and	T1,B,T1			!=
+	or	T2,%lo(0x676f02d9),T2
+	xor	T1,A,T1
+	add	T1,R7,T1
+	!pre-LOADed	X(12),R12
+	add	T1,T2,T1		!=
+	add	C,T1,C
+	sll	C,14,T2
+	srl	C,32-14,C
+	or	C,T2,C			!=
+	add	C,D,C
+
+	xor	C,D,T1
+	sethi	%hi(0x8d2a4c8a),T2
+	and	T1,A,T1			!=
+	or	T2,%lo(0x8d2a4c8a),T2
+	xor	T1,D,T1
+	add	T1,R12,T1
+	!pre-LOADed	X(5),R5
+	add	T1,T2,T1		!=
+	add	B,T1,B
+	sll	B,20,T2
+	srl	B,32-20,B
+	or	B,T2,B			!=
+	add	B,C,B
+
+!!!!!!!!Round 2
+
+	xor	B,C,T1
+	sethi	%hi(0xfffa3942),T2
+	xor	T1,D,T1			!=
+	or	T2,%lo(0xfffa3942),T2
+	add	T1,R5,T1
+	!pre-LOADed	X(8),R8
+	add	T1,T2,T1
+	add	A,T1,A			!=
+	sll	A,4,T2
+	srl	A,32-4,A
+	or	A,T2,A
+	add	A,B,A			!=
+
+	xor	A,B,T1
+	sethi	%hi(0x8771f681),T2
+	xor	T1,C,T1
+	or	T2,%lo(0x8771f681),T2	!=
+	add	T1,R8,T1
+	!pre-LOADed	X(11),R11
+	add	T1,T2,T1
+	add	D,T1,D
+	sll	D,11,T2			!=
+	srl	D,32-11,D
+	or	D,T2,D
+	add	D,A,D
+
+	xor	D,A,T1			!=
+	sethi	%hi(0x6d9d6122),T2
+	xor	T1,B,T1
+	or	T2,%lo(0x6d9d6122),T2
+	add	T1,R11,T1		!=
+	LOAD	X(14),RX
+	add	T1,T2,T1
+	add	C,T1,C
+	sll	C,16,T2			!=
+	srl	C,32-16,C
+	or	C,T2,C
+	add	C,D,C
+
+	xor	C,D,T1			!=
+	sethi	%hi(0xfde5380c),T2
+	xor	T1,A,T1
+	or	T2,%lo(0xfde5380c),T2
+	add	T1,RX,T1		!=
+	!pre-LOADed	X(1),R1
+	add	T1,T2,T1
+	add	B,T1,B
+	sll	B,23,T2
+	srl	B,32-23,B		!=
+	or	B,T2,B
+	add	B,C,B
+
+	xor	B,C,T1
+	sethi	%hi(0xa4beea44),T2	!=
+	xor	T1,D,T1
+	or	T2,%lo(0xa4beea44),T2
+	add	T1,R1,T1
+	!pre-LOADed	X(4),R4
+	add	T1,T2,T1		!=
+	add	A,T1,A
+	sll	A,4,T2
+	srl	A,32-4,A
+	or	A,T2,A			!=
+	add	A,B,A
+
+	xor	A,B,T1
+	sethi	%hi(0x4bdecfa9),T2
+	xor	T1,C,T1			!=
+	or	T2,%lo(0x4bdecfa9),T2
+	add	T1,R4,T1
+	!pre-LOADed	X(7),R7
+	add	T1,T2,T1
+	add	D,T1,D			!=
+	sll	D,11,T2
+	srl	D,32-11,D
+	or	D,T2,D
+	add	D,A,D			!=
+
+	xor	D,A,T1
+	sethi	%hi(0xf6bb4b60),T2
+	xor	T1,B,T1
+	or	T2,%lo(0xf6bb4b60),T2	!=
+	add	T1,R7,T1
+	!pre-LOADed	X(10),R10
+	add	T1,T2,T1
+	add	C,T1,C
+	sll	C,16,T2			!=
+	srl	C,32-16,C
+	or	C,T2,C
+	add	C,D,C
+
+	xor	C,D,T1			!=
+	sethi	%hi(0xbebfbc70),T2
+	xor	T1,A,T1
+	or	T2,%lo(0xbebfbc70),T2
+	add	T1,R10,T1		!=
+	!pre-LOADed	X(13),R13
+	add	T1,T2,T1
+	add	B,T1,B
+	sll	B,23,T2
+	srl	B,32-23,B		!=
+	or	B,T2,B
+	add	B,C,B
+
+	xor	B,C,T1
+	sethi	%hi(0x289b7ec6),T2	!=
+	xor	T1,D,T1
+	or	T2,%lo(0x289b7ec6),T2
+	add	T1,R13,T1
+	!pre-LOADed	X(0),R0
+	add	T1,T2,T1		!=
+	add	A,T1,A
+	sll	A,4,T2
+	srl	A,32-4,A
+	or	A,T2,A			!=
+	add	A,B,A
+
+	xor	A,B,T1
+	sethi	%hi(0xeaa127fa),T2
+	xor	T1,C,T1			!=
+	or	T2,%lo(0xeaa127fa),T2
+	add	T1,R0,T1
+	!pre-LOADed	X(3),R3
+	add	T1,T2,T1
+	add	D,T1,D			!=
+	sll	D,11,T2
+	srl	D,32-11,D
+	or	D,T2,D
+	add	D,A,D			!=
+
+	xor	D,A,T1
+	sethi	%hi(0xd4ef3085),T2
+	xor	T1,B,T1
+	or	T2,%lo(0xd4ef3085),T2	!=
+	add	T1,R3,T1
+	!pre-LOADed	X(6),R6
+	add	T1,T2,T1
+	add	C,T1,C
+	sll	C,16,T2			!=
+	srl	C,32-16,C
+	or	C,T2,C
+	add	C,D,C
+
+	xor	C,D,T1			!=
+	sethi	%hi(0x04881d05),T2
+	xor	T1,A,T1
+	or	T2,%lo(0x04881d05),T2
+	add	T1,R6,T1		!=
+	!pre-LOADed	X(9),R9
+	add	T1,T2,T1
+	add	B,T1,B
+	sll	B,23,T2
+	srl	B,32-23,B		!=
+	or	B,T2,B
+	add	B,C,B
+
+	xor	B,C,T1
+	sethi	%hi(0xd9d4d039),T2	!=
+	xor	T1,D,T1
+	or	T2,%lo(0xd9d4d039),T2
+	add	T1,R9,T1
+	!pre-LOADed	X(12),R12
+	add	T1,T2,T1		!=
+	add	A,T1,A
+	sll	A,4,T2
+	srl	A,32-4,A
+	or	A,T2,A			!=
+	add	A,B,A
+
+	xor	A,B,T1
+	sethi	%hi(0xe6db99e5),T2
+	xor	T1,C,T1			!=
+	or	T2,%lo(0xe6db99e5),T2
+	add	T1,R12,T1
+	LOAD	X(15),RX
+	add	T1,T2,T1		!=
+	add	D,T1,D
+	sll	D,11,T2
+	srl	D,32-11,D
+	or	D,T2,D			!=
+	add	D,A,D
+
+	xor	D,A,T1
+	sethi	%hi(0x1fa27cf8),T2
+	xor	T1,B,T1			!=
+	or	T2,%lo(0x1fa27cf8),T2
+	add	T1,RX,T1
+	!pre-LOADed	X(2),R2
+	add	T1,T2,T1
+	add	C,T1,C			!=
+	sll	C,16,T2
+	srl	C,32-16,C
+	or	C,T2,C
+	add	C,D,C			!=
+
+	xor	C,D,T1
+	sethi	%hi(0xc4ac5665),T2
+	xor	T1,A,T1
+	or	T2,%lo(0xc4ac5665),T2	!=
+	add	T1,R2,T1
+	!pre-LOADed	X(0),R0
+	add	T1,T2,T1
+	add	B,T1,B
+	sll	B,23,T2			!=
+	srl	B,32-23,B
+	or	B,T2,B
+	add	B,C,B
+
+!!!!!!!!Round 3
+
+	orn	B,D,T1			!=
+	sethi	%hi(0xf4292244),T2
+	xor	T1,C,T1
+	or	T2,%lo(0xf4292244),T2
+	add	T1,R0,T1		!=
+	!pre-LOADed	X(7),R7
+	add	T1,T2,T1
+	add	A,T1,A
+	sll	A,6,T2
+	srl	A,32-6,A		!=
+	or	A,T2,A
+	add	A,B,A
+
+	orn	A,C,T1
+	sethi	%hi(0x432aff97),T2	!=
+	xor	T1,B,T1
+	or	T2,%lo(0x432aff97),T2
+	LOAD	X(14),RX
+	add	T1,R7,T1		!=
+	add	T1,T2,T1
+	add	D,T1,D
+	sll	D,10,T2
+	srl	D,32-10,D		!=
+	or	D,T2,D
+	add	D,A,D
+
+	orn	D,B,T1
+	sethi	%hi(0xab9423a7),T2	!=
+	xor	T1,A,T1
+	or	T2,%lo(0xab9423a7),T2
+	add	T1,RX,T1
+	!pre-LOADed	X(5),R5
+	add	T1,T2,T1		!=
+	add	C,T1,C
+	sll	C,15,T2
+	srl	C,32-15,C
+	or	C,T2,C			!=
+	add	C,D,C
+
+	orn	C,A,T1
+	sethi	%hi(0xfc93a039),T2
+	xor	T1,D,T1			!=
+	or	T2,%lo(0xfc93a039),T2
+	add	T1,R5,T1
+	!pre-LOADed	X(12),R12
+	add	T1,T2,T1
+	add	B,T1,B			!=
+	sll	B,21,T2
+	srl	B,32-21,B
+	or	B,T2,B
+	add	B,C,B			!=
+
+	orn	B,D,T1
+	sethi	%hi(0x655b59c3),T2
+	xor	T1,C,T1
+	or	T2,%lo(0x655b59c3),T2	!=
+	add	T1,R12,T1
+	!pre-LOADed	X(3),R3
+	add	T1,T2,T1
+	add	A,T1,A
+	sll	A,6,T2			!=
+	srl	A,32-6,A
+	or	A,T2,A
+	add	A,B,A
+
+	orn	A,C,T1			!=
+	sethi	%hi(0x8f0ccc92),T2
+	xor	T1,B,T1
+	or	T2,%lo(0x8f0ccc92),T2
+	add	T1,R3,T1		!=
+	!pre-LOADed	X(10),R10
+	add	T1,T2,T1
+	add	D,T1,D
+	sll	D,10,T2
+	srl	D,32-10,D		!=
+	or	D,T2,D
+	add	D,A,D
+
+	orn	D,B,T1
+	sethi	%hi(0xffeff47d),T2	!=
+	xor	T1,A,T1
+	or	T2,%lo(0xffeff47d),T2
+	add	T1,R10,T1
+	!pre-LOADed	X(1),R1
+	add	T1,T2,T1		!=
+	add	C,T1,C
+	sll	C,15,T2
+	srl	C,32-15,C
+	or	C,T2,C			!=
+	add	C,D,C
+
+	orn	C,A,T1
+	sethi	%hi(0x85845dd1),T2
+	xor	T1,D,T1			!=
+	or	T2,%lo(0x85845dd1),T2
+	add	T1,R1,T1
+	!pre-LOADed	X(8),R8
+	add	T1,T2,T1
+	add	B,T1,B			!=
+	sll	B,21,T2
+	srl	B,32-21,B
+	or	B,T2,B
+	add	B,C,B			!=
+
+	orn	B,D,T1
+	sethi	%hi(0x6fa87e4f),T2
+	xor	T1,C,T1
+	or	T2,%lo(0x6fa87e4f),T2	!=
+	add	T1,R8,T1
+	LOAD	X(15),RX
+	add	T1,T2,T1
+	add	A,T1,A			!=
+	sll	A,6,T2
+	srl	A,32-6,A
+	or	A,T2,A
+	add	A,B,A			!=
+
+	orn	A,C,T1
+	sethi	%hi(0xfe2ce6e0),T2
+	xor	T1,B,T1
+	or	T2,%lo(0xfe2ce6e0),T2	!=
+	add	T1,RX,T1
+	!pre-LOADed	X(6),R6
+	add	T1,T2,T1
+	add	D,T1,D
+	sll	D,10,T2			!=
+	srl	D,32-10,D
+	or	D,T2,D
+	add	D,A,D
+
+	orn	D,B,T1			!=
+	sethi	%hi(0xa3014314),T2
+	xor	T1,A,T1
+	or	T2,%lo(0xa3014314),T2
+	add	T1,R6,T1		!=
+	!pre-LOADed	X(13),R13
+	add	T1,T2,T1
+	add	C,T1,C
+	sll	C,15,T2
+	srl	C,32-15,C		!=
+	or	C,T2,C
+	add	C,D,C
+
+	orn	C,A,T1
+	sethi	%hi(0x4e0811a1),T2	!=
+	xor	T1,D,T1
+	or	T2,%lo(0x4e0811a1),T2
+	!pre-LOADed	X(4),R4
+	 ld	 [Aptr],Aval
+	add	T1,R13,T1		!=
+	add	T1,T2,T1
+	add	B,T1,B
+	sll	B,21,T2
+	srl	B,32-21,B		!=
+	or	B,T2,B
+	add	B,C,B
+
+	orn	B,D,T1
+	sethi	%hi(0xf7537e82),T2	!=
+	xor	T1,C,T1
+	or	T2,%lo(0xf7537e82),T2
+	!pre-LOADed	X(11),R11
+	 ld	 [Dptr],Dval
+	add	T1,R4,T1		!=
+	add	T1,T2,T1
+	add	A,T1,A
+	sll	A,6,T2
+	srl	A,32-6,A		!=
+	or	A,T2,A
+	add	A,B,A
+
+	orn	A,C,T1
+	sethi	%hi(0xbd3af235),T2	!=
+	xor	T1,B,T1
+	or	T2,%lo(0xbd3af235),T2
+	!pre-LOADed	X(2),R2
+	 ld	 [Cptr],Cval
+	add	T1,R11,T1		!=
+	add	T1,T2,T1
+	add	D,T1,D
+	sll	D,10,T2
+	srl	D,32-10,D		!=
+	or	D,T2,D
+	add	D,A,D
+
+	orn	D,B,T1
+	sethi	%hi(0x2ad7d2bb),T2	!=
+	xor	T1,A,T1
+	or	T2,%lo(0x2ad7d2bb),T2
+	!pre-LOADed	X(9),R9
+	 ld	 [Bptr],Bval
+	add	T1,R2,T1		!=
+	 add	 Aval,A,Aval
+	add	T1,T2,T1
+	 st	 Aval,[Aptr]
+	add	C,T1,C			!=
+	sll	C,15,T2
+	 add	 Dval,D,Dval
+	srl	C,32-15,C
+	or	C,T2,C			!=
+	 st	 Dval,[Dptr]
+	add	C,D,C
+
+	orn	C,A,T1
+	sethi	%hi(0xeb86d391),T2	!=
+	xor	T1,D,T1
+	or	T2,%lo(0xeb86d391),T2
+	add	T1,R9,T1
+	!pre-LOADed	X(0),R0
+	 mov	 Aval,A			!=
+	add	T1,T2,T1
+	 mov	 Dval,D
+	add	B,T1,B
+	sll	B,21,T2			!=
+	 add	 Cval,C,Cval
+	srl	B,32-21,B
+	 st	 Cval,[Cptr]
+	or	B,T2,B			!=
+	add	B,C,B
+
+	deccc	%i2
+	mov	Cval,C
+	add	B,Bval,B		!=
+	inc	64,%i1
+	nop
+	st	B,[Bptr]
+	nop				!=
+
+#ifdef	ULTRASPARC
+	bg,a,pt	%icc,.Lmd5_block_loop
+#else
+	bg,a	.Lmd5_block_loop
+#endif
+	LOAD	X(0),R0
+
+#ifdef ASI_PRIMARY_LITTLE
+	wr	%g0,%o7,%asi
+#endif
+	ret
+	restore	%g0,0,%o0
+
+.type	md5_block,#function
+.size	md5_block,(.-md5_block)
diff --git a/crypto/openssl/crypto/md5/md5.c b/crypto/openssl/crypto/md5/md5.c
new file mode 100644
index 000000000000..7ed0024ae195
--- /dev/null
+++ b/crypto/openssl/crypto/md5/md5.c
@@ -0,0 +1,127 @@
+/* crypto/md5/md5.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+
+#define BUFSIZE	1024*16
+
+void do_fp(FILE *f);
+void pt(unsigned char *md);
+#ifndef _OSD_POSIX
+int read(int, void *, unsigned int);
+#endif
+
+int main(int argc, char **argv)
+	{
+	int i,err=0;
+	FILE *IN;
+
+	if (argc == 1)
+		{
+		do_fp(stdin);
+		}
+	else
+		{
+		for (i=1; i
+ */
+#else
+#define MD5_LONG unsigned int
+#endif
+
+#define MD5_CBLOCK	64
+#define MD5_LBLOCK	(MD5_CBLOCK/4)
+#define MD5_DIGEST_LENGTH 16
+
+typedef struct MD5state_st
+	{
+	MD5_LONG A,B,C,D;
+	MD5_LONG Nl,Nh;
+	MD5_LONG data[MD5_LBLOCK];
+	int num;
+	} MD5_CTX;
+
+void MD5_Init(MD5_CTX *c);
+void MD5_Update(MD5_CTX *c, const unsigned char *data, unsigned long len);
+void MD5_Final(unsigned char *md, MD5_CTX *c);
+unsigned char *MD5(unsigned char *d, unsigned long n, unsigned char *md);
+void MD5_Transform(MD5_CTX *c, const unsigned char *b);
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
diff --git a/crypto/openssl/crypto/md5/md5_dgst.c b/crypto/openssl/crypto/md5/md5_dgst.c
new file mode 100644
index 000000000000..ba0115ae7939
--- /dev/null
+++ b/crypto/openssl/crypto/md5/md5_dgst.c
@@ -0,0 +1,317 @@
+/* crypto/md5/md5_dgst.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "md5_locl.h"
+#include 
+
+char *MD5_version="MD5" OPENSSL_VERSION_PTEXT;
+
+/* Implemented from RFC1321 The MD5 Message-Digest Algorithm
+ */
+
+#define INIT_DATA_A (unsigned long)0x67452301L
+#define INIT_DATA_B (unsigned long)0xefcdab89L
+#define INIT_DATA_C (unsigned long)0x98badcfeL
+#define INIT_DATA_D (unsigned long)0x10325476L
+
+void MD5_Init(MD5_CTX *c)
+	{
+	c->A=INIT_DATA_A;
+	c->B=INIT_DATA_B;
+	c->C=INIT_DATA_C;
+	c->D=INIT_DATA_D;
+	c->Nl=0;
+	c->Nh=0;
+	c->num=0;
+	}
+
+#ifndef md5_block_host_order
+void md5_block_host_order (MD5_CTX *c, const void *data, int num)
+	{
+	const MD5_LONG *X=data;
+	register unsigned long A,B,C,D;
+	/*
+	 * In case you wonder why A-D are declared as long and not
+	 * as MD5_LONG. Doing so results in slight performance
+	 * boost on LP64 architectures. The catch is we don't
+	 * really care if 32 MSBs of a 64-bit register get polluted
+	 * with eventual overflows as we *save* only 32 LSBs in
+	 * *either* case. Now declaring 'em long excuses the compiler
+	 * from keeping 32 MSBs zeroed resulting in 13% performance
+	 * improvement under SPARC Solaris7/64 and 5% under AlphaLinux.
+	 * Well, to be honest it should say that this *prevents* 
+	 * performance degradation.
+	 *
+	 *				
+	 */
+
+	A=c->A;
+	B=c->B;
+	C=c->C;
+	D=c->D;
+
+	for (;num--;X+=HASH_LBLOCK)
+		{
+	/* Round 0 */
+	R0(A,B,C,D,X[ 0], 7,0xd76aa478L);
+	R0(D,A,B,C,X[ 1],12,0xe8c7b756L);
+	R0(C,D,A,B,X[ 2],17,0x242070dbL);
+	R0(B,C,D,A,X[ 3],22,0xc1bdceeeL);
+	R0(A,B,C,D,X[ 4], 7,0xf57c0fafL);
+	R0(D,A,B,C,X[ 5],12,0x4787c62aL);
+	R0(C,D,A,B,X[ 6],17,0xa8304613L);
+	R0(B,C,D,A,X[ 7],22,0xfd469501L);
+	R0(A,B,C,D,X[ 8], 7,0x698098d8L);
+	R0(D,A,B,C,X[ 9],12,0x8b44f7afL);
+	R0(C,D,A,B,X[10],17,0xffff5bb1L);
+	R0(B,C,D,A,X[11],22,0x895cd7beL);
+	R0(A,B,C,D,X[12], 7,0x6b901122L);
+	R0(D,A,B,C,X[13],12,0xfd987193L);
+	R0(C,D,A,B,X[14],17,0xa679438eL);
+	R0(B,C,D,A,X[15],22,0x49b40821L);
+	/* Round 1 */
+	R1(A,B,C,D,X[ 1], 5,0xf61e2562L);
+	R1(D,A,B,C,X[ 6], 9,0xc040b340L);
+	R1(C,D,A,B,X[11],14,0x265e5a51L);
+	R1(B,C,D,A,X[ 0],20,0xe9b6c7aaL);
+	R1(A,B,C,D,X[ 5], 5,0xd62f105dL);
+	R1(D,A,B,C,X[10], 9,0x02441453L);
+	R1(C,D,A,B,X[15],14,0xd8a1e681L);
+	R1(B,C,D,A,X[ 4],20,0xe7d3fbc8L);
+	R1(A,B,C,D,X[ 9], 5,0x21e1cde6L);
+	R1(D,A,B,C,X[14], 9,0xc33707d6L);
+	R1(C,D,A,B,X[ 3],14,0xf4d50d87L);
+	R1(B,C,D,A,X[ 8],20,0x455a14edL);
+	R1(A,B,C,D,X[13], 5,0xa9e3e905L);
+	R1(D,A,B,C,X[ 2], 9,0xfcefa3f8L);
+	R1(C,D,A,B,X[ 7],14,0x676f02d9L);
+	R1(B,C,D,A,X[12],20,0x8d2a4c8aL);
+	/* Round 2 */
+	R2(A,B,C,D,X[ 5], 4,0xfffa3942L);
+	R2(D,A,B,C,X[ 8],11,0x8771f681L);
+	R2(C,D,A,B,X[11],16,0x6d9d6122L);
+	R2(B,C,D,A,X[14],23,0xfde5380cL);
+	R2(A,B,C,D,X[ 1], 4,0xa4beea44L);
+	R2(D,A,B,C,X[ 4],11,0x4bdecfa9L);
+	R2(C,D,A,B,X[ 7],16,0xf6bb4b60L);
+	R2(B,C,D,A,X[10],23,0xbebfbc70L);
+	R2(A,B,C,D,X[13], 4,0x289b7ec6L);
+	R2(D,A,B,C,X[ 0],11,0xeaa127faL);
+	R2(C,D,A,B,X[ 3],16,0xd4ef3085L);
+	R2(B,C,D,A,X[ 6],23,0x04881d05L);
+	R2(A,B,C,D,X[ 9], 4,0xd9d4d039L);
+	R2(D,A,B,C,X[12],11,0xe6db99e5L);
+	R2(C,D,A,B,X[15],16,0x1fa27cf8L);
+	R2(B,C,D,A,X[ 2],23,0xc4ac5665L);
+	/* Round 3 */
+	R3(A,B,C,D,X[ 0], 6,0xf4292244L);
+	R3(D,A,B,C,X[ 7],10,0x432aff97L);
+	R3(C,D,A,B,X[14],15,0xab9423a7L);
+	R3(B,C,D,A,X[ 5],21,0xfc93a039L);
+	R3(A,B,C,D,X[12], 6,0x655b59c3L);
+	R3(D,A,B,C,X[ 3],10,0x8f0ccc92L);
+	R3(C,D,A,B,X[10],15,0xffeff47dL);
+	R3(B,C,D,A,X[ 1],21,0x85845dd1L);
+	R3(A,B,C,D,X[ 8], 6,0x6fa87e4fL);
+	R3(D,A,B,C,X[15],10,0xfe2ce6e0L);
+	R3(C,D,A,B,X[ 6],15,0xa3014314L);
+	R3(B,C,D,A,X[13],21,0x4e0811a1L);
+	R3(A,B,C,D,X[ 4], 6,0xf7537e82L);
+	R3(D,A,B,C,X[11],10,0xbd3af235L);
+	R3(C,D,A,B,X[ 2],15,0x2ad7d2bbL);
+	R3(B,C,D,A,X[ 9],21,0xeb86d391L);
+
+	A = c->A += A;
+	B = c->B += B;
+	C = c->C += C;
+	D = c->D += D;
+		}
+	}
+#endif
+
+#ifndef md5_block_data_order
+void md5_block_data_order (MD5_CTX *c, const void *data_, int num)
+	{
+	const unsigned char *data=data_;
+	register unsigned long A,B,C,D,l;
+	/*
+	 * In case you wonder why A-D are declared as long and not
+	 * as MD5_LONG. Doing so results in slight performance
+	 * boost on LP64 architectures. The catch is we don't
+	 * really care if 32 MSBs of a 64-bit register get polluted
+	 * with eventual overflows as we *save* only 32 LSBs in
+	 * *either* case. Now declaring 'em long excuses the compiler
+	 * from keeping 32 MSBs zeroed resulting in 13% performance
+	 * improvement under SPARC Solaris7/64 and 5% under AlphaLinux.
+	 * Well, to be honest it should say that this *prevents* 
+	 * performance degradation.
+	 *
+	 *				
+	 */
+	MD5_LONG X[MD5_LBLOCK];
+	/*
+	 * In case you wonder why don't I use c->data for this.
+	 * RISCs usually have a handful of registers and if X is
+	 * declared as automatic array good optimizing compiler
+	 * shall accomodate at least part of it in register bank
+	 * instead of memory.
+	 *
+	 *				
+	 */
+
+	A=c->A;
+	B=c->B;
+	C=c->C;
+	D=c->D;
+
+	for (;num--;)
+		{
+	HOST_c2l(data,l); X[ 0]=l;		HOST_c2l(data,l); X[ 1]=l;
+	/* Round 0 */
+	R0(A,B,C,D,X[ 0], 7,0xd76aa478L);	HOST_c2l(data,l); X[ 2]=l;
+	R0(D,A,B,C,X[ 1],12,0xe8c7b756L);	HOST_c2l(data,l); X[ 3]=l;
+	R0(C,D,A,B,X[ 2],17,0x242070dbL);	HOST_c2l(data,l); X[ 4]=l;
+	R0(B,C,D,A,X[ 3],22,0xc1bdceeeL);	HOST_c2l(data,l); X[ 5]=l;
+	R0(A,B,C,D,X[ 4], 7,0xf57c0fafL);	HOST_c2l(data,l); X[ 6]=l;
+	R0(D,A,B,C,X[ 5],12,0x4787c62aL);	HOST_c2l(data,l); X[ 7]=l;
+	R0(C,D,A,B,X[ 6],17,0xa8304613L);	HOST_c2l(data,l); X[ 8]=l;
+	R0(B,C,D,A,X[ 7],22,0xfd469501L);	HOST_c2l(data,l); X[ 9]=l;
+	R0(A,B,C,D,X[ 8], 7,0x698098d8L);	HOST_c2l(data,l); X[10]=l;
+	R0(D,A,B,C,X[ 9],12,0x8b44f7afL);	HOST_c2l(data,l); X[11]=l;
+	R0(C,D,A,B,X[10],17,0xffff5bb1L);	HOST_c2l(data,l); X[12]=l;
+	R0(B,C,D,A,X[11],22,0x895cd7beL);	HOST_c2l(data,l); X[13]=l;
+	R0(A,B,C,D,X[12], 7,0x6b901122L);	HOST_c2l(data,l); X[14]=l;
+	R0(D,A,B,C,X[13],12,0xfd987193L);	HOST_c2l(data,l); X[15]=l;
+	R0(C,D,A,B,X[14],17,0xa679438eL);
+	R0(B,C,D,A,X[15],22,0x49b40821L);
+	/* Round 1 */
+	R1(A,B,C,D,X[ 1], 5,0xf61e2562L);
+	R1(D,A,B,C,X[ 6], 9,0xc040b340L);
+	R1(C,D,A,B,X[11],14,0x265e5a51L);
+	R1(B,C,D,A,X[ 0],20,0xe9b6c7aaL);
+	R1(A,B,C,D,X[ 5], 5,0xd62f105dL);
+	R1(D,A,B,C,X[10], 9,0x02441453L);
+	R1(C,D,A,B,X[15],14,0xd8a1e681L);
+	R1(B,C,D,A,X[ 4],20,0xe7d3fbc8L);
+	R1(A,B,C,D,X[ 9], 5,0x21e1cde6L);
+	R1(D,A,B,C,X[14], 9,0xc33707d6L);
+	R1(C,D,A,B,X[ 3],14,0xf4d50d87L);
+	R1(B,C,D,A,X[ 8],20,0x455a14edL);
+	R1(A,B,C,D,X[13], 5,0xa9e3e905L);
+	R1(D,A,B,C,X[ 2], 9,0xfcefa3f8L);
+	R1(C,D,A,B,X[ 7],14,0x676f02d9L);
+	R1(B,C,D,A,X[12],20,0x8d2a4c8aL);
+	/* Round 2 */
+	R2(A,B,C,D,X[ 5], 4,0xfffa3942L);
+	R2(D,A,B,C,X[ 8],11,0x8771f681L);
+	R2(C,D,A,B,X[11],16,0x6d9d6122L);
+	R2(B,C,D,A,X[14],23,0xfde5380cL);
+	R2(A,B,C,D,X[ 1], 4,0xa4beea44L);
+	R2(D,A,B,C,X[ 4],11,0x4bdecfa9L);
+	R2(C,D,A,B,X[ 7],16,0xf6bb4b60L);
+	R2(B,C,D,A,X[10],23,0xbebfbc70L);
+	R2(A,B,C,D,X[13], 4,0x289b7ec6L);
+	R2(D,A,B,C,X[ 0],11,0xeaa127faL);
+	R2(C,D,A,B,X[ 3],16,0xd4ef3085L);
+	R2(B,C,D,A,X[ 6],23,0x04881d05L);
+	R2(A,B,C,D,X[ 9], 4,0xd9d4d039L);
+	R2(D,A,B,C,X[12],11,0xe6db99e5L);
+	R2(C,D,A,B,X[15],16,0x1fa27cf8L);
+	R2(B,C,D,A,X[ 2],23,0xc4ac5665L);
+	/* Round 3 */
+	R3(A,B,C,D,X[ 0], 6,0xf4292244L);
+	R3(D,A,B,C,X[ 7],10,0x432aff97L);
+	R3(C,D,A,B,X[14],15,0xab9423a7L);
+	R3(B,C,D,A,X[ 5],21,0xfc93a039L);
+	R3(A,B,C,D,X[12], 6,0x655b59c3L);
+	R3(D,A,B,C,X[ 3],10,0x8f0ccc92L);
+	R3(C,D,A,B,X[10],15,0xffeff47dL);
+	R3(B,C,D,A,X[ 1],21,0x85845dd1L);
+	R3(A,B,C,D,X[ 8], 6,0x6fa87e4fL);
+	R3(D,A,B,C,X[15],10,0xfe2ce6e0L);
+	R3(C,D,A,B,X[ 6],15,0xa3014314L);
+	R3(B,C,D,A,X[13],21,0x4e0811a1L);
+	R3(A,B,C,D,X[ 4], 6,0xf7537e82L);
+	R3(D,A,B,C,X[11],10,0xbd3af235L);
+	R3(C,D,A,B,X[ 2],15,0x2ad7d2bbL);
+	R3(B,C,D,A,X[ 9],21,0xeb86d391L);
+
+	A = c->A += A;
+	B = c->B += B;
+	C = c->C += C;
+	D = c->D += D;
+		}
+	}
+#endif
+
+#ifdef undef
+int printit(unsigned long *l)
+	{
+	int i,ii;
+
+	for (i=0; i<2; i++)
+		{
+		for (ii=0; ii<8; ii++)
+			{
+			fprintf(stderr,"%08lx ",l[i*8+ii]);
+			}
+		fprintf(stderr,"\n");
+		}
+	}
+#endif
diff --git a/crypto/openssl/crypto/md5/md5_locl.h b/crypto/openssl/crypto/md5/md5_locl.h
new file mode 100644
index 000000000000..9d04696dbde2
--- /dev/null
+++ b/crypto/openssl/crypto/md5/md5_locl.h
@@ -0,0 +1,169 @@
+/* crypto/md5/md5_locl.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+#include 
+
+#ifndef MD5_LONG_LOG2
+#define MD5_LONG_LOG2 2 /* default to 32 bits */
+#endif
+
+#ifdef MD5_ASM
+# if defined(__i386) || defined(_M_IX86)
+#  define md5_block_host_order md5_block_asm_host_order
+# elif defined(__sparc) && defined(ULTRASPARC)
+   void md5_block_asm_data_order_aligned (MD5_CTX *c, const MD5_LONG *p,int num);
+#  define HASH_BLOCK_DATA_ORDER_ALIGNED md5_block_asm_data_order_aligned
+# endif
+#endif
+
+void md5_block_host_order (MD5_CTX *c, const void *p,int num);
+void md5_block_data_order (MD5_CTX *c, const void *p,int num);
+
+#if defined(__i386) || defined(_M_IX86)
+/*
+ * *_block_host_order is expected to handle aligned data while
+ * *_block_data_order - unaligned. As algorithm and host (x86)
+ * are in this case of the same "endianess" these two are
+ * otherwise indistinguishable. But normally you don't want to
+ * call the same function because unaligned access in places
+ * where alignment is expected is usually a "Bad Thing". Indeed,
+ * on RISCs you get punished with BUS ERROR signal or *severe*
+ * performance degradation. Intel CPUs are in turn perfectly
+ * capable of loading unaligned data without such drastic side
+ * effect. Yes, they say it's slower than aligned load, but no
+ * exception is generated and therefore performance degradation
+ * is *incomparable* with RISCs. What we should weight here is
+ * costs of unaligned access against costs of aligning data.
+ * According to my measurements allowing unaligned access results
+ * in ~9% performance improvement on Pentium II operating at
+ * 266MHz. I won't be surprised if the difference will be higher
+ * on faster systems:-)
+ *
+ *				
+ */
+#define md5_block_data_order md5_block_host_order
+#endif
+
+#define DATA_ORDER_IS_LITTLE_ENDIAN
+
+#define HASH_LONG		MD5_LONG
+#define HASH_LONG_LOG2		MD5_LONG_LOG2
+#define HASH_CTX		MD5_CTX
+#define HASH_CBLOCK		MD5_CBLOCK
+#define HASH_LBLOCK		MD5_LBLOCK
+#define HASH_UPDATE		MD5_Update
+#define HASH_TRANSFORM		MD5_Transform
+#define HASH_FINAL		MD5_Final
+#define HASH_BLOCK_HOST_ORDER	md5_block_host_order
+#if !defined(L_ENDIAN) || defined(md5_block_data_order)
+#define	HASH_BLOCK_DATA_ORDER	md5_block_data_order
+/*
+ * Little-endians (Intel and Alpha) feel better without this.
+ * It looks like memcpy does better job than generic
+ * md5_block_data_order on copying-n-aligning input data.
+ * But franlky speaking I didn't expect such result on Alpha.
+ * On the other hand I've got this with egcs-1.0.2 and if
+ * program is compiled with another (better?) compiler it
+ * might turn out other way around.
+ *
+ *				
+ */
+#endif
+
+#ifndef FLAT_INC
+#include "../md32_common.h"
+#else
+#include "md32_common.h"
+#endif
+
+/*
+#define	F(x,y,z)	(((x) & (y))  |  ((~(x)) & (z)))
+#define	G(x,y,z)	(((x) & (z))  |  ((y) & (~(z))))
+*/
+
+/* As pointed out by Wei Dai , the above can be
+ * simplified to the code below.  Wei attributes these optimisations
+ * to Peter Gutmann's SHS code, and he attributes it to Rich Schroeppel.
+ */
+#define	F(b,c,d)	((((c) ^ (d)) & (b)) ^ (d))
+#define	G(b,c,d)	((((b) ^ (c)) & (d)) ^ (c))
+#define	H(b,c,d)	((b) ^ (c) ^ (d))
+#define	I(b,c,d)	(((~(d)) | (b)) ^ (c))
+
+#define R0(a,b,c,d,k,s,t) { \
+	a+=((k)+(t)+F((b),(c),(d))); \
+	a=ROTATE(a,s); \
+	a+=b; };\
+
+#define R1(a,b,c,d,k,s,t) { \
+	a+=((k)+(t)+G((b),(c),(d))); \
+	a=ROTATE(a,s); \
+	a+=b; };
+
+#define R2(a,b,c,d,k,s,t) { \
+	a+=((k)+(t)+H((b),(c),(d))); \
+	a=ROTATE(a,s); \
+	a+=b; };
+
+#define R3(a,b,c,d,k,s,t) { \
+	a+=((k)+(t)+I((b),(c),(d))); \
+	a=ROTATE(a,s); \
+	a+=b; };
diff --git a/crypto/openssl/crypto/md5/md5_one.c b/crypto/openssl/crypto/md5/md5_one.c
new file mode 100644
index 000000000000..4b10e7f9402a
--- /dev/null
+++ b/crypto/openssl/crypto/md5/md5_one.c
@@ -0,0 +1,95 @@
+/* crypto/md5/md5_one.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+
+#ifdef CHARSET_EBCDIC
+#include 
+#endif
+
+unsigned char *MD5(unsigned char *d, unsigned long n, unsigned char *md)
+	{
+	MD5_CTX c;
+	static unsigned char m[MD5_DIGEST_LENGTH];
+
+	if (md == NULL) md=m;
+	MD5_Init(&c);
+#ifndef CHARSET_EBCDIC
+	MD5_Update(&c,d,n);
+#else
+	{
+		char temp[1024];
+		unsigned long chunk;
+
+		while (n > 0)
+		{
+			chunk = (n > sizeof(temp)) ? sizeof(temp) : n;
+			ebcdic2ascii(temp, d, chunk);
+			MD5_Update(&c,temp,chunk);
+			n -= chunk;
+			d += chunk;
+		}
+	}
+#endif
+	MD5_Final(md,&c);
+	memset(&c,0,sizeof(c)); /* security consideration */
+	return(md);
+	}
+
diff --git a/crypto/openssl/crypto/md5/md5s.cpp b/crypto/openssl/crypto/md5/md5s.cpp
new file mode 100644
index 000000000000..dd343fd4e6ed
--- /dev/null
+++ b/crypto/openssl/crypto/md5/md5s.cpp
@@ -0,0 +1,78 @@
+//
+// gettsc.inl
+//
+// gives access to the Pentium's (secret) cycle counter
+//
+// This software was written by Leonard Janke (janke@unixg.ubc.ca)
+// in 1996-7 and is entered, by him, into the public domain.
+
+#if defined(__WATCOMC__)
+void GetTSC(unsigned long&);
+#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
+#elif defined(__GNUC__)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  asm volatile(".byte 15, 49\n\t"
+	       : "=eax" (tsc)
+	       :
+	       : "%edx", "%eax");
+}
+#elif defined(_MSC_VER)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  unsigned long a;
+  __asm _emit 0fh
+  __asm _emit 31h
+  __asm mov a, eax;
+  tsc=a;
+}
+#endif      
+
+#include 
+#include 
+#include 
+
+extern "C" {
+void md5_block_x86(MD5_CTX *ctx, unsigned char *buffer,int num);
+}
+
+void main(int argc,char *argv[])
+	{
+	unsigned char buffer[64*256];
+	MD5_CTX ctx;
+	unsigned long s1,s2,e1,e2;
+	unsigned char k[16];
+	unsigned long data[2];
+	unsigned char iv[8];
+	int i,num=0,numm;
+	int j=0;
+
+	if (argc >= 2)
+		num=atoi(argv[1]);
+
+	if (num == 0) num=16;
+	if (num > 250) num=16;
+	numm=num+2;
+	num*=64;
+	numm*=64;
+
+	for (j=0; j<6; j++)
+		{
+		for (i=0; i<10; i++) /**/
+			{
+			md5_block_x86(&ctx,buffer,numm);
+			GetTSC(s1);
+			md5_block_x86(&ctx,buffer,numm);
+			GetTSC(e1);
+			GetTSC(s2);
+			md5_block_x86(&ctx,buffer,num);
+			GetTSC(e2);
+			md5_block_x86(&ctx,buffer,num);
+			}
+		printf("md5 (%d bytes) %d %d (%.2f)\n",num,
+			e1-s1,e2-s2,(double)((e1-s1)-(e2-s2))/2);
+		}
+	}
+
diff --git a/crypto/openssl/crypto/md5/md5test.c b/crypto/openssl/crypto/md5/md5test.c
new file mode 100644
index 000000000000..a192a62bb30e
--- /dev/null
+++ b/crypto/openssl/crypto/md5/md5test.c
@@ -0,0 +1,131 @@
+/* crypto/md5/md5test.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+
+#ifdef NO_MD5
+int main(int argc, char *argv[])
+{
+    printf("No MD5 support\n");
+    return(0);
+}
+#else
+#include 
+
+char *test[]={
+	"",
+	"a",
+	"abc",
+	"message digest",
+	"abcdefghijklmnopqrstuvwxyz",
+	"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
+	"12345678901234567890123456789012345678901234567890123456789012345678901234567890",
+	NULL,
+	};
+
+char *ret[]={
+	"d41d8cd98f00b204e9800998ecf8427e",
+	"0cc175b9c0f1b6a831c399e269772661",
+	"900150983cd24fb0d6963f7d28e17f72",
+	"f96b697d7cb7938d525a2f31aaf161d0",
+	"c3fcd3d76192e4007dfb496cca67e13b",
+	"d174ab98d277d9f5a5611c2c9f419d9f",
+	"57edf4a22be3c955ac49da2e2107b67a",
+	};
+
+static char *pt(unsigned char *md);
+int main(int argc, char *argv[])
+	{
+	int i,err=0;
+	unsigned char **P,**R;
+	char *p;
+
+	P=(unsigned char **)test;
+	R=(unsigned char **)ret;
+	i=1;
+	while (*P != NULL)
+		{
+		p=pt(MD5(&(P[0][0]),(unsigned long)strlen((char *)*P),NULL));
+		if (strcmp(p,(char *)*R) != 0)
+			{
+			printf("error calculating MD5 on '%s'\n",*P);
+			printf("got %s instead of %s\n",p,*R);
+			err++;
+			}
+		else
+			printf("test %d ok\n",i);
+		i++;
+		R++;
+		P++;
+		}
+	exit(err);
+	return(0);
+	}
+
+static char *pt(unsigned char *md)
+	{
+	int i;
+	static char buf[80];
+
+	for (i=0; i> $(TOP)/MINFO
+
+links:
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+	@for i in $(EXHEADER) ; \
+	do  \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+	done;
+
+tags:
+	ctags $(SRC)
+
+tests:
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+
+dclean:
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+mdc2_one.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+mdc2_one.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+mdc2_one.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+mdc2_one.o: ../../include/openssl/err.h ../../include/openssl/mdc2.h
+mdc2_one.o: ../../include/openssl/opensslconf.h
+mdc2_one.o: ../../include/openssl/opensslv.h ../../include/openssl/stack.h
+mdc2_one.o: ../cryptlib.h
+mdc2dgst.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+mdc2dgst.o: ../../include/openssl/mdc2.h ../../include/openssl/opensslconf.h
diff --git a/crypto/openssl/crypto/mdc2/mdc2.h b/crypto/openssl/crypto/mdc2/mdc2.h
new file mode 100644
index 000000000000..ec8e159fc924
--- /dev/null
+++ b/crypto/openssl/crypto/mdc2/mdc2.h
@@ -0,0 +1,94 @@
+/* crypto/mdc2/mdc2.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_MDC2_H
+#define HEADER_MDC2_H
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#include 
+
+#ifdef NO_MDC2
+#error MDC2 is disabled.
+#endif
+
+#define MDC2_BLOCK              8
+#define MDC2_DIGEST_LENGTH      16
+ 
+typedef struct mdc2_ctx_st
+	{
+	int num;
+	unsigned char data[MDC2_BLOCK];
+	des_cblock h,hh;
+	int pad_type; /* either 1 or 2, default 1 */
+	} MDC2_CTX;
+
+
+void MDC2_Init(MDC2_CTX *c);
+void MDC2_Update(MDC2_CTX *c, unsigned char *data, unsigned long len);
+void MDC2_Final(unsigned char *md, MDC2_CTX *c);
+unsigned char *MDC2(unsigned char *d, unsigned long n, unsigned char *md);
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
+
diff --git a/crypto/openssl/crypto/mdc2/mdc2_one.c b/crypto/openssl/crypto/mdc2/mdc2_one.c
new file mode 100644
index 000000000000..1c3a093c3913
--- /dev/null
+++ b/crypto/openssl/crypto/mdc2/mdc2_one.c
@@ -0,0 +1,75 @@
+/* crypto/mdc2/mdc2_one.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+
+unsigned char *MDC2(unsigned char *d, unsigned long n, unsigned char *md)
+	{
+	MDC2_CTX c;
+	static unsigned char m[MDC2_DIGEST_LENGTH];
+
+	if (md == NULL) md=m;
+	MDC2_Init(&c);
+	MDC2_Update(&c,d,n);
+        MDC2_Final(md,&c);
+	memset(&c,0,sizeof(c)); /* security consideration */
+	return(md);
+	}
+
diff --git a/crypto/openssl/crypto/mdc2/mdc2dgst.c b/crypto/openssl/crypto/mdc2/mdc2dgst.c
new file mode 100644
index 000000000000..4fc39ed86cfd
--- /dev/null
+++ b/crypto/openssl/crypto/mdc2/mdc2dgst.c
@@ -0,0 +1,195 @@
+/* crypto/mdc2/mdc2dgst.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#undef c2l
+#define c2l(c,l)	(l =((DES_LONG)(*((c)++)))    , \
+			 l|=((DES_LONG)(*((c)++)))<< 8L, \
+			 l|=((DES_LONG)(*((c)++)))<<16L, \
+			 l|=((DES_LONG)(*((c)++)))<<24L)
+
+#undef l2c
+#define l2c(l,c)	(*((c)++)=(unsigned char)(((l)     )&0xff), \
+			*((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+			*((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+			*((c)++)=(unsigned char)(((l)>>24L)&0xff))
+
+static void mdc2_body(MDC2_CTX *c, unsigned char *in, unsigned int len);
+void MDC2_Init(MDC2_CTX *c)
+	{
+	c->num=0;
+	c->pad_type=1;
+	memset(&(c->h[0]),0x52,MDC2_BLOCK);
+	memset(&(c->hh[0]),0x25,MDC2_BLOCK);
+	}
+
+void MDC2_Update(MDC2_CTX *c, register unsigned char *in, unsigned long len)
+	{
+	int i,j;
+
+	i=c->num;
+	if (i != 0)
+		{
+		if (i+len < MDC2_BLOCK)
+			{
+			/* partial block */
+			memcpy(&(c->data[i]),in,(int)len);
+			c->num+=(int)len;
+			return;
+			}
+		else
+			{
+			/* filled one */
+			j=MDC2_BLOCK-i;
+			memcpy(&(c->data[i]),in,j);
+			len-=j;
+			in+=j;
+			c->num=0;
+			mdc2_body(c,&(c->data[0]),MDC2_BLOCK);
+			}
+		}
+	i=(int)(len&(unsigned long)~(MDC2_BLOCK-1));
+	if (i > 0) mdc2_body(c,in,i);
+	j=(int)len-i;
+	if (j > 0)
+		{
+		memcpy(&(c->data[0]),&(in[i]),j);
+		c->num=j;
+		}
+	}
+
+static void mdc2_body(MDC2_CTX *c, unsigned char *in, unsigned int len)
+	{
+	register DES_LONG tin0,tin1;
+	register DES_LONG ttin0,ttin1;
+	DES_LONG d[2],dd[2];
+	des_key_schedule k;
+	unsigned char *p;
+	unsigned int i;
+
+	for (i=0; ih[0]=(c->h[0]&0x9f)|0x40;
+		c->hh[0]=(c->hh[0]&0x9f)|0x20;
+
+		des_set_odd_parity(&c->h);
+		des_set_key(&c->h,k);
+		des_encrypt(d,k,1);
+
+		des_set_odd_parity(&c->hh);
+		des_set_key(&c->hh,k);
+		des_encrypt(dd,k,1);
+
+		ttin0=tin0^dd[0];
+		ttin1=tin1^dd[1];
+		tin0^=d[0];
+		tin1^=d[1];
+
+		p=c->h;
+		l2c(tin0,p);
+		l2c(ttin1,p);
+		p=c->hh;
+		l2c(ttin0,p);
+		l2c(tin1,p);
+		}
+	}
+
+void MDC2_Final(unsigned char *md, MDC2_CTX *c)
+	{
+	int i,j;
+
+	i=c->num;
+	j=c->pad_type;
+	if ((i > 0) || (j == 2))
+		{
+		if (j == 2)
+			c->data[i++]=0x80;
+		memset(&(c->data[i]),0,MDC2_BLOCK-i);
+		mdc2_body(c,c->data,MDC2_BLOCK);
+		}
+	memcpy(md,(char *)c->h,MDC2_BLOCK);
+	memcpy(&(md[MDC2_BLOCK]),(char *)c->hh,MDC2_BLOCK);
+	}
+
+#undef TEST
+
+#ifdef TEST
+main()
+	{
+	unsigned char md[MDC2_DIGEST_LENGTH];
+	int i;
+	MDC2_CTX c;
+	static char *text="Now is the time for all ";
+
+	MDC2_Init(&c);
+	MDC2_Update(&c,text,strlen(text));
+	MDC2_Final(&(md[0]),&c);
+
+	for (i=0; i
+#include 
+#include 
+
+#ifdef NO_DES
+#define NO_MDC2
+#endif
+
+#ifdef NO_MDC2
+int main(int argc, char *argv[])
+{
+    printf("No MDC2 support\n");
+    return(0);
+}
+#else
+#include 
+
+#ifdef CHARSET_EBCDIC
+#include 
+#endif
+
+static unsigned char pad1[16]={
+	0x42,0xE5,0x0C,0xD2,0x24,0xBA,0xCE,0xBA,
+	0x76,0x0B,0xDD,0x2B,0xD4,0x09,0x28,0x1A
+	};
+
+static unsigned char pad2[16]={
+	0x2E,0x46,0x79,0xB5,0xAD,0xD9,0xCA,0x75,
+	0x35,0xD8,0x7A,0xFE,0xAB,0x33,0xBE,0xE2
+	};
+
+int main(int argc, char *argv[])
+	{
+	int ret=0;
+	unsigned char md[MDC2_DIGEST_LENGTH];
+	int i;
+	MDC2_CTX c;
+	static char *text="Now is the time for all ";
+
+#ifdef CHARSET_EBCDIC
+	ebcdic2ascii(text,text,strlen(text));
+#endif
+
+	MDC2_Init(&c);
+	MDC2_Update(&c,(unsigned char *)text,strlen(text));
+	MDC2_Final(&(md[0]),&c);
+
+	if (memcmp(md,pad1,MDC2_DIGEST_LENGTH) != 0)
+		{
+		for (i=0; i
+#include 
+#include 
+#ifdef CRYPTO_MDEBUG_TIME
+# include 	
+#endif
+#include 
+#include 
+#include 
+#include "cryptlib.h"
+
+/* #ifdef CRYPTO_MDEBUG */
+/* static int mh_mode=CRYPTO_MEM_CHECK_ON; */
+/* #else */
+static int mh_mode=CRYPTO_MEM_CHECK_OFF;
+/* #endif */
+/* State CRYPTO_MEM_CHECK_ON exists only temporarily when the library
+ * thinks that certain allocations should not be checked (e.g. the data
+ * structures used for memory checking).  It is not suitable as an initial
+ * state: the library will unexpectedly enable memory checking when it
+ * executes one of those sections that want to disable checking
+ * temporarily.
+ *
+ * State CRYPTO_MEM_CHECK_ENABLE without ..._ON makes no sense whatsoever.
+ */
+
+static unsigned long order=0;
+
+static LHASH *mh=NULL;
+
+typedef struct mem_st
+	{
+	char *addr;
+	int num;
+	const char *file;
+	int line;
+#ifdef CRYPTO_MDEBUG_THREAD
+	unsigned long thread;
+#endif
+	unsigned long order;
+#ifdef CRYPTO_MDEBUG_TIME
+	time_t time;
+#endif
+	} MEM;
+
+int CRYPTO_mem_ctrl(int mode)
+	{
+	int ret=mh_mode;
+
+	CRYPTO_w_lock(CRYPTO_LOCK_MALLOC);
+	switch (mode)
+		{
+	/* for applications: */
+	case CRYPTO_MEM_CHECK_ON: /* aka MemCheck_start() */
+		mh_mode = CRYPTO_MEM_CHECK_ON|CRYPTO_MEM_CHECK_ENABLE;
+		break;
+	case CRYPTO_MEM_CHECK_OFF: /* aka MemCheck_stop() */
+		mh_mode = 0;
+		break;
+
+	/* switch off temporarily (for library-internal use): */
+	case CRYPTO_MEM_CHECK_DISABLE: /* aka MemCheck_off() */
+		mh_mode&= ~CRYPTO_MEM_CHECK_ENABLE;
+		break;
+	case CRYPTO_MEM_CHECK_ENABLE: /* aka MemCheck_on() */
+		if (mh_mode&CRYPTO_MEM_CHECK_ON)
+			mh_mode|=CRYPTO_MEM_CHECK_ENABLE;
+		break;
+
+	default:
+		break;
+		}
+	CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC);
+	return(ret);
+	}
+
+static int mem_cmp(MEM *a, MEM *b)
+	{
+	return(a->addr - b->addr);
+	}
+
+static unsigned long mem_hash(MEM *a)
+	{
+	unsigned long ret;
+
+	ret=(unsigned long)a->addr;
+
+	ret=ret*17851+(ret>>14)*7+(ret>>4)*251;
+	return(ret);
+	}
+
+static char *(*malloc_locked_func)()=(char *(*)())malloc;
+static void (*free_locked_func)()=(void (*)())free;
+static char *(*malloc_func)()=	(char *(*)())malloc;
+static char *(*realloc_func)()=	(char *(*)())realloc;
+static void (*free_func)()=	(void (*)())free;
+
+void CRYPTO_set_mem_functions(char *(*m)(), char *(*r)(), void (*f)())
+	{
+	if ((m == NULL) || (r == NULL) || (f == NULL)) return;
+	malloc_func=m;
+	realloc_func=r;
+	free_func=f;
+	malloc_locked_func=m;
+	free_locked_func=f;
+	}
+
+void CRYPTO_set_locked_mem_functions(char *(*m)(), void (*f)())
+	{
+	if ((m == NULL) || (f == NULL)) return;
+	malloc_locked_func=m;
+	free_locked_func=f;
+	}
+
+void CRYPTO_get_mem_functions(char *(**m)(), char *(**r)(), void (**f)())
+	{
+	if (m != NULL) *m=malloc_func;
+	if (r != NULL) *r=realloc_func;
+	if (f != NULL) *f=free_func;
+	}
+
+void CRYPTO_get_locked_mem_functions(char *(**m)(), void (**f)())
+	{
+	if (m != NULL) *m=malloc_locked_func;
+	if (f != NULL) *f=free_locked_func;
+	}
+
+void *CRYPTO_malloc_locked(int num)
+	{
+	return(malloc_locked_func(num));
+	}
+
+void CRYPTO_free_locked(void *str)
+	{
+	free_locked_func(str);
+	}
+
+void *CRYPTO_malloc(int num)
+	{
+	return(malloc_func(num));
+	}
+
+void *CRYPTO_realloc(void *str, int num)
+	{
+	return(realloc_func(str,num));
+	}
+
+void CRYPTO_free(void *str)
+	{
+	free_func(str);
+	}
+
+static unsigned long break_order_num=0;
+void *CRYPTO_dbg_malloc(int num, const char *file, int line)
+	{
+	char *ret;
+	MEM *m,*mm;
+
+	if ((ret=malloc_func(num)) == NULL)
+		return(NULL);
+
+	if (mh_mode & CRYPTO_MEM_CHECK_ENABLE)
+		{
+		MemCheck_off();
+		if ((m=(MEM *)Malloc(sizeof(MEM))) == NULL)
+			{
+			Free(ret);
+			MemCheck_on();
+			return(NULL);
+			}
+		CRYPTO_w_lock(CRYPTO_LOCK_MALLOC);
+		if (mh == NULL)
+			{
+			if ((mh=lh_new(mem_hash,mem_cmp)) == NULL)
+				{
+				Free(ret);
+				Free(m);
+				ret=NULL;
+				goto err;
+				}
+			}
+
+		m->addr=ret;
+		m->file=file;
+		m->line=line;
+		m->num=num;
+#ifdef CRYPTO_MDEBUG_THREAD
+		m->thread=CRYPTO_thread_id();
+#endif
+		if (order == break_order_num)
+			{
+			/* BREAK HERE */
+			m->order=order;
+			}
+		m->order=order++;
+#ifdef CRYPTO_MDEBUG_TIME
+		m->time=time(NULL);
+#endif
+		if ((mm=(MEM *)lh_insert(mh,(char *)m)) != NULL)
+			{
+			/* Not good, but don't sweat it */
+			Free(mm);
+			}
+err:
+		CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC);
+		MemCheck_on();
+		}
+	return(ret);
+	}
+
+void CRYPTO_dbg_free(void *addr)
+	{
+	MEM m,*mp;
+
+	if ((mh_mode & CRYPTO_MEM_CHECK_ENABLE) && (mh != NULL))
+		{
+		MemCheck_off();
+		CRYPTO_w_lock(CRYPTO_LOCK_MALLOC);
+		m.addr=addr;
+		mp=(MEM *)lh_delete(mh,(char *)&m);
+		if (mp != NULL)
+			Free(mp);
+		CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC);
+		MemCheck_on();
+		}
+	free_func(addr);
+	}
+
+void *CRYPTO_dbg_realloc(void *addr, int num, const char *file, int line)
+	{
+	char *ret;
+	MEM m,*mp;
+
+	ret=realloc_func(addr,num);
+	if (ret == addr) return(ret);
+
+	if (mh_mode & CRYPTO_MEM_CHECK_ENABLE)
+		{
+		MemCheck_off();
+		if (ret == NULL) return(NULL);
+		m.addr=addr;
+		CRYPTO_w_lock(CRYPTO_LOCK_MALLOC);
+		mp=(MEM *)lh_delete(mh,(char *)&m);
+		if (mp != NULL)
+			{
+			mp->addr=ret;
+			lh_insert(mh,(char *)mp);
+			}
+		CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC);
+		MemCheck_on();
+		}
+	return(ret);
+	}
+
+void *CRYPTO_remalloc(void *a, int n)
+	{
+	if (a != NULL) Free(a);
+	a=(char *)Malloc(n);
+	return(a);
+	}
+
+void *CRYPTO_dbg_remalloc(void *a, int n, const char *file, int line)
+	{
+	if (a != NULL) CRYPTO_dbg_free(a);
+	a=(char *)CRYPTO_dbg_malloc(n,file,line);
+	return(a);
+	}
+
+
+typedef struct mem_leak_st
+	{
+	BIO *bio;
+	int chunks;
+	long bytes;
+	} MEM_LEAK;
+
+static void print_leak(MEM *m, MEM_LEAK *l)
+	{
+	char buf[128];
+#ifdef CRYPTO_MDEBUG_TIME
+	struct tm *lcl;
+#endif
+
+	if(m->addr == (char *)l->bio)
+	    return;
+
+#ifdef CRYPTO_MDEBUG_TIME
+	lcl = localtime(&m->time);
+#endif
+
+	sprintf(buf,
+#ifdef CRYPTO_MDEBUG_TIME
+		"[%02d:%02d:%02d] "
+#endif
+		"%5lu file=%s, line=%d, "
+#ifdef CRYPTO_MDEBUG_THREAD
+		"thread=%lu, "
+#endif
+		"number=%d, address=%08lX\n",
+#ifdef CRYPTO_MDEBUG_TIME
+		lcl->tm_hour,lcl->tm_min,lcl->tm_sec,
+#endif
+		m->order,m->file,m->line,
+#ifdef CRYPTO_MDEBUG_THREAD
+		m->thread,
+#endif
+		m->num,(unsigned long)m->addr);
+
+	BIO_puts(l->bio,buf);
+	l->chunks++;
+	l->bytes+=m->num;
+	}
+
+void CRYPTO_mem_leaks(BIO *b)
+	{
+	MEM_LEAK ml;
+	char buf[80];
+
+	if (mh == NULL) return;
+	ml.bio=b;
+	ml.bytes=0;
+	ml.chunks=0;
+	CRYPTO_w_lock(CRYPTO_LOCK_MALLOC);
+	lh_doall_arg(mh,(void (*)())print_leak,(char *)&ml);
+	CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC);
+	if (ml.chunks != 0)
+		{
+		sprintf(buf,"%ld bytes leaked in %d chunks\n",
+			ml.bytes,ml.chunks);
+		BIO_puts(b,buf);
+		}
+
+#if 0
+	lh_stats_bio(mh,b);
+	lh_node_stats_bio(mh,b);
+	lh_node_usage_stats_bio(mh,b);
+#endif
+	}
+
+static void (*mem_cb)()=NULL;
+
+static void cb_leak(MEM *m, char *cb)
+	{
+	void (*mem_callback)()=(void (*)())cb;
+	mem_callback(m->order,m->file,m->line,m->num,m->addr);
+	}
+
+void CRYPTO_mem_leaks_cb(void (*cb)())
+	{
+	if (mh == NULL) return;
+	CRYPTO_w_lock(CRYPTO_LOCK_MALLOC);
+	mem_cb=cb;
+	lh_doall_arg(mh,(void (*)())cb_leak,(char *)mem_cb);
+	mem_cb=NULL;
+	CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC);
+	}
+
+#ifndef NO_FP_API
+void CRYPTO_mem_leaks_fp(FILE *fp)
+	{
+	BIO *b;
+
+	if (mh == NULL) return;
+	if ((b=BIO_new(BIO_s_file())) == NULL)
+		return;
+	BIO_set_fp(b,fp,BIO_NOCLOSE);
+	CRYPTO_mem_leaks(b);
+	BIO_free(b);
+	}
+#endif
+
diff --git a/crypto/openssl/crypto/objects/Makefile.ssl b/crypto/openssl/crypto/objects/Makefile.ssl
new file mode 100644
index 000000000000..a3a15c13c1f7
--- /dev/null
+++ b/crypto/openssl/crypto/objects/Makefile.ssl
@@ -0,0 +1,109 @@
+#
+# SSLeay/crypto/objects/Makefile
+#
+
+DIR=	objects
+TOP=	../..
+CC=	cc
+INCLUDES= -I.. -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=		make -f Makefile.ssl
+MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+MAKEFILE=	Makefile.ssl
+AR=		ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile README
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=	o_names.c obj_dat.c obj_lib.c obj_err.c
+LIBOBJ= o_names.o obj_dat.o obj_lib.o obj_err.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= objects.h
+HEADER=	$(EXHEADER) obj_dat.h
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:	obj_dat.h lib
+
+obj_dat.h: objects.h obj_dat.pl
+	$(PERL) ./obj_dat.pl < objects.h > obj_dat.h
+
+lib:	$(LIBOBJ)
+	$(AR) $(LIB) $(LIBOBJ)
+	$(RANLIB) $(LIB)
+	@touch lib
+
+files:
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+	@for i in $(EXHEADER) ; \
+	do  \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+	done;
+
+tags:
+	ctags $(SRC)
+
+tests:
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+
+dclean:
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+o_names.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+o_names.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+o_names.o: ../../include/openssl/lhash.h ../../include/openssl/objects.h
+o_names.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+o_names.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+obj_dat.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+obj_dat.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+obj_dat.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+obj_dat.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+obj_dat.o: ../../include/openssl/lhash.h ../../include/openssl/objects.h
+obj_dat.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+obj_dat.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+obj_dat.o: ../cryptlib.h obj_dat.h
+obj_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+obj_err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+obj_err.o: ../../include/openssl/err.h ../../include/openssl/objects.h
+obj_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+obj_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+obj_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+obj_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+obj_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+obj_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+obj_lib.o: ../../include/openssl/lhash.h ../../include/openssl/objects.h
+obj_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+obj_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+obj_lib.o: ../cryptlib.h
diff --git a/crypto/openssl/crypto/objects/o_names.c b/crypto/openssl/crypto/objects/o_names.c
new file mode 100644
index 000000000000..4da5e45b9c54
--- /dev/null
+++ b/crypto/openssl/crypto/objects/o_names.c
@@ -0,0 +1,243 @@
+#include 
+#include 
+#include 
+
+#include 
+#include 
+
+/* I use the ex_data stuff to manage the identifiers for the obj_name_types
+ * that applications may define.  I only really use the free function field.
+ */
+static LHASH *names_lh=NULL;
+static int names_type_num=OBJ_NAME_TYPE_NUM;
+static STACK *names_cmp=NULL;
+static STACK *names_hash=NULL;
+static STACK *names_free=NULL;
+
+static unsigned long obj_name_hash(OBJ_NAME *a);
+static int obj_name_cmp(OBJ_NAME *a,OBJ_NAME *b);
+
+int OBJ_NAME_init(void)
+	{
+	if (names_lh != NULL) return(1);
+	MemCheck_off();
+	names_lh=lh_new(obj_name_hash,obj_name_cmp);
+	MemCheck_on();
+	return(names_lh != NULL);
+	}
+
+int OBJ_NAME_new_index(unsigned long (*hash_func)(), int (*cmp_func)(),
+	     void (*free_func)())
+	{
+	int ret;
+	int i;
+
+	if (names_free == NULL)
+		{
+		MemCheck_off();
+		names_hash=sk_new_null();
+		names_cmp=sk_new_null();
+		names_free=sk_new_null();
+		MemCheck_on();
+		}
+	if ((names_free == NULL) || (names_hash == NULL) || (names_cmp == NULL))
+		{
+		/* ERROR */
+		return(0);
+		}
+	ret=names_type_num;
+	names_type_num++;
+	for (i=sk_num(names_free); itype-b->type;
+	if (ret == 0)
+		{
+		if ((names_cmp != NULL) && (sk_num(names_cmp) > a->type))
+			{
+			cmp=(int (*)())sk_value(names_cmp,a->type);
+			ret=cmp(a->name,b->name);
+			}
+		else
+			ret=strcmp(a->name,b->name);
+		}
+	return(ret);
+	}
+
+static unsigned long obj_name_hash(OBJ_NAME *a)
+	{
+	unsigned long ret;
+	unsigned long (*hash)();
+
+	if ((names_hash != NULL) && (sk_num(names_hash) > a->type))
+		{
+		hash=(unsigned long (*)())sk_value(names_hash,a->type);
+		ret=hash(a->name);
+		}
+	else
+		{
+		ret=lh_strhash(a->name);
+		}
+	ret^=a->type;
+	return(ret);
+	}
+
+const char *OBJ_NAME_get(const char *name, int type)
+	{
+	OBJ_NAME on,*ret;
+	int num=0,alias;
+
+	if (name == NULL) return(NULL);
+	if ((names_lh == NULL) && !OBJ_NAME_init()) return(NULL);
+
+	alias=type&OBJ_NAME_ALIAS;
+	type&= ~OBJ_NAME_ALIAS;
+
+	on.name=name;
+	on.type=type;
+
+	for (;;)
+		{
+		ret=(OBJ_NAME *)lh_retrieve(names_lh,(char *)&on);
+		if (ret == NULL) return(NULL);
+		if ((ret->alias) && !alias)
+			{
+			if (++num > 10) return(NULL);
+			on.name=ret->data;
+			}
+		else
+			{
+			return(ret->data);
+			}
+		}
+	}
+
+int OBJ_NAME_add(const char *name, int type, const char *data)
+	{
+	void (*f)();
+	OBJ_NAME *onp,*ret;
+	int alias;
+
+	if ((names_lh == NULL) && !OBJ_NAME_init()) return(0);
+
+	alias=type&OBJ_NAME_ALIAS;
+	type&= ~OBJ_NAME_ALIAS;
+
+	onp=(OBJ_NAME *)Malloc(sizeof(OBJ_NAME));
+	if (onp == NULL)
+		{
+		/* ERROR */
+		return(0);
+		}
+
+	onp->name=name;
+	onp->alias=alias;
+	onp->type=type;
+	onp->data=data;
+
+	ret=(OBJ_NAME *)lh_insert(names_lh,(char *)onp);
+	if (ret != NULL)
+		{
+		/* free things */
+		if ((names_free != NULL) && (sk_num(names_free) > ret->type))
+			{
+			f=(void (*)())sk_value(names_free,ret->type);
+			f(ret->name,ret->type,ret->data);
+			}
+		Free((char *)ret);
+		}
+	else
+		{
+		if (lh_error(names_lh))
+			{
+			/* ERROR */
+			return(0);
+			}
+		}
+	return(1);
+	}
+
+int OBJ_NAME_remove(const char *name, int type)
+	{
+	OBJ_NAME on,*ret;
+	void (*f)();
+
+	if (names_lh == NULL) return(0);
+
+	type&= ~OBJ_NAME_ALIAS;
+	on.name=name;
+	on.type=type;
+	ret=(OBJ_NAME *)lh_delete(names_lh,(char *)&on);
+	if (ret != NULL)
+		{
+		/* free things */
+		if ((names_free != NULL) && (sk_num(names_free) > type))
+			{
+			f=(void (*)())sk_value(names_free,type);
+			f(ret->name,ret->type,ret->data);
+			}
+		Free((char *)ret);
+		return(1);
+		}
+	else
+		return(0);
+	}
+
+static int free_type;
+
+static void names_lh_free(OBJ_NAME *onp, int type)
+{
+	if(onp == NULL)
+	    return;
+
+	if ((free_type < 0) || (free_type == onp->type))
+		{
+		OBJ_NAME_remove(onp->name,onp->type);
+		}
+	}
+
+void OBJ_NAME_cleanup(int type)
+	{
+	unsigned long down_load;
+
+	if (names_lh == NULL) return;
+
+	free_type=type;
+	down_load=names_lh->down_load;
+	names_lh->down_load=0;
+
+	lh_doall(names_lh,names_lh_free);
+	if (type < 0)
+		{
+		lh_free(names_lh);
+		sk_free(names_hash);
+		sk_free(names_cmp);
+		sk_free(names_free);
+		names_lh=NULL;
+		names_hash=NULL;
+		names_cmp=NULL;
+		names_free=NULL;
+		}
+	else
+		names_lh->down_load=down_load;
+	}
+
diff --git a/crypto/openssl/crypto/objects/obj_dat.c b/crypto/openssl/crypto/objects/obj_dat.c
new file mode 100644
index 000000000000..d47b874399c7
--- /dev/null
+++ b/crypto/openssl/crypto/objects/obj_dat.c
@@ -0,0 +1,653 @@
+/* crypto/objects/obj_dat.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+
+/* obj_dat.h is generated from objects.h by obj_dat.pl */
+#ifndef NO_OBJECT
+#include "obj_dat.h"
+#else
+/* You will have to load all the objects needed manually in the application */
+#define NUM_NID 0
+#define NUM_SN 0
+#define NUM_LN 0
+#define NUM_OBJ 0
+static unsigned char lvalues[1];
+static ASN1_OBJECT nid_objs[1];
+static ASN1_OBJECT *sn_objs[1];
+static ASN1_OBJECT *ln_objs[1];
+static ASN1_OBJECT *obj_objs[1];
+#endif
+
+static int sn_cmp(ASN1_OBJECT **a, ASN1_OBJECT **b);
+static int ln_cmp(ASN1_OBJECT **a, ASN1_OBJECT **b);
+static int obj_cmp(ASN1_OBJECT **a, ASN1_OBJECT **b);
+#define ADDED_DATA	0
+#define ADDED_SNAME	1
+#define ADDED_LNAME	2
+#define ADDED_NID	3
+
+typedef struct added_obj_st
+	{
+	int type;
+	ASN1_OBJECT *obj;
+	} ADDED_OBJ;
+
+static int new_nid=NUM_NID;
+static LHASH *added=NULL;
+
+static int sn_cmp(ASN1_OBJECT **ap, ASN1_OBJECT **bp)
+	{ return(strcmp((*ap)->sn,(*bp)->sn)); }
+
+static int ln_cmp(ASN1_OBJECT **ap, ASN1_OBJECT **bp)
+	{ return(strcmp((*ap)->ln,(*bp)->ln)); }
+
+static unsigned long add_hash(ADDED_OBJ *ca)
+	{
+	ASN1_OBJECT *a;
+	int i;
+	unsigned long ret=0;
+	unsigned char *p;
+
+	a=ca->obj;
+	switch (ca->type)
+		{
+	case ADDED_DATA:
+		ret=a->length<<20L;
+		p=(unsigned char *)a->data;
+		for (i=0; ilength; i++)
+			ret^=p[i]<<((i*3)%24);
+		break;
+	case ADDED_SNAME:
+		ret=lh_strhash(a->sn);
+		break;
+	case ADDED_LNAME:
+		ret=lh_strhash(a->ln);
+		break;
+	case ADDED_NID:
+		ret=a->nid;
+		break;
+	default:
+		abort();
+		}
+	ret&=0x3fffffffL;
+	ret|=ca->type<<30L;
+	return(ret);
+	}
+
+static int add_cmp(ADDED_OBJ *ca, ADDED_OBJ *cb)
+	{
+	ASN1_OBJECT *a,*b;
+	int i;
+
+	i=ca->type-cb->type;
+	if (i) return(i);
+	a=ca->obj;
+	b=cb->obj;
+	switch (ca->type)
+		{
+	case ADDED_DATA:
+		i=(a->length - b->length);
+		if (i) return(i);
+		return(memcmp(a->data,b->data,a->length));
+	case ADDED_SNAME:
+		if (a->sn == NULL) return(-1);
+		else if (b->sn == NULL) return(1);
+		else return(strcmp(a->sn,b->sn));
+	case ADDED_LNAME:
+		if (a->ln == NULL) return(-1);
+		else if (b->ln == NULL) return(1);
+		else return(strcmp(a->ln,b->ln));
+	case ADDED_NID:
+		return(a->nid-b->nid);
+	default:
+		abort();
+		}
+	return(1); /* should not get here */
+	}
+
+static int init_added(void)
+	{
+	if (added != NULL) return(1);
+	added=lh_new(add_hash,add_cmp);
+	return(added != NULL);
+	}
+
+static void cleanup1(ADDED_OBJ *a)
+	{
+	a->obj->nid=0;
+	a->obj->flags|=ASN1_OBJECT_FLAG_DYNAMIC|
+	                ASN1_OBJECT_FLAG_DYNAMIC_STRINGS|
+			ASN1_OBJECT_FLAG_DYNAMIC_DATA;
+	}
+
+static void cleanup2(ADDED_OBJ *a)
+	{ a->obj->nid++; }
+
+static void cleanup3(ADDED_OBJ *a)
+	{
+	if (--a->obj->nid == 0)
+		ASN1_OBJECT_free(a->obj);
+	Free(a);
+	}
+
+void OBJ_cleanup(void)
+	{
+	if (added == NULL) return;
+	added->down_load=0;
+	lh_doall(added,cleanup1); /* zero counters */
+	lh_doall(added,cleanup2); /* set counters */
+	lh_doall(added,cleanup3); /* free objects */
+	lh_free(added);
+	added=NULL;
+	}
+
+int OBJ_new_nid(int num)
+	{
+	int i;
+
+	i=new_nid;
+	new_nid+=num;
+	return(i);
+	}
+
+int OBJ_add_object(ASN1_OBJECT *obj)
+	{
+	ASN1_OBJECT *o;
+	ADDED_OBJ *ao[4],*aop;
+	int i;
+
+	if (added == NULL)
+		if (!init_added()) return(0);
+	if ((o=OBJ_dup(obj)) == NULL) goto err;
+	ao[ADDED_DATA]=NULL;
+	ao[ADDED_SNAME]=NULL;
+	ao[ADDED_LNAME]=NULL;
+	ao[ADDED_NID]=NULL;
+	ao[ADDED_NID]=(ADDED_OBJ *)Malloc(sizeof(ADDED_OBJ));
+	if ((o->length != 0) && (obj->data != NULL))
+		ao[ADDED_DATA]=(ADDED_OBJ *)Malloc(sizeof(ADDED_OBJ));
+	if (o->sn != NULL)
+		ao[ADDED_SNAME]=(ADDED_OBJ *)Malloc(sizeof(ADDED_OBJ));
+	if (o->ln != NULL)
+		ao[ADDED_LNAME]=(ADDED_OBJ *)Malloc(sizeof(ADDED_OBJ));
+
+	for (i=ADDED_DATA; i<=ADDED_NID; i++)
+		{
+		if (ao[i] != NULL)
+			{
+			ao[i]->type=i;
+			ao[i]->obj=o;
+			aop=(ADDED_OBJ *)lh_insert(added,(char *)ao[i]);
+			/* memory leak, buit should not normally matter */
+			if (aop != NULL)
+				Free(aop);
+			}
+		}
+	o->flags&= ~(ASN1_OBJECT_FLAG_DYNAMIC|ASN1_OBJECT_FLAG_DYNAMIC_STRINGS|
+			ASN1_OBJECT_FLAG_DYNAMIC_DATA);
+
+	return(o->nid);
+err:
+	for (i=ADDED_DATA; i<=ADDED_NID; i++)
+		if (ao[i] != NULL) Free(ao[i]);
+	if (o != NULL) Free(o);
+	return(NID_undef);
+	}
+
+ASN1_OBJECT *OBJ_nid2obj(int n)
+	{
+	ADDED_OBJ ad,*adp;
+	ASN1_OBJECT ob;
+
+	if ((n >= 0) && (n < NUM_NID))
+		{
+		if ((n != NID_undef) && (nid_objs[n].nid == NID_undef))
+			{
+			OBJerr(OBJ_F_OBJ_NID2OBJ,OBJ_R_UNKNOWN_NID);
+			return(NULL);
+			}
+		return((ASN1_OBJECT *)&(nid_objs[n]));
+		}
+	else if (added == NULL)
+		return(NULL);
+	else
+		{
+		ad.type=ADDED_NID;
+		ad.obj= &ob;
+		ob.nid=n;
+		adp=(ADDED_OBJ *)lh_retrieve(added,(char *)&ad);
+		if (adp != NULL)
+			return(adp->obj);
+		else
+			{
+			OBJerr(OBJ_F_OBJ_NID2OBJ,OBJ_R_UNKNOWN_NID);
+			return(NULL);
+			}
+		}
+	}
+
+const char *OBJ_nid2sn(int n)
+	{
+	ADDED_OBJ ad,*adp;
+	ASN1_OBJECT ob;
+
+	if ((n >= 0) && (n < NUM_NID))
+		{
+		if ((n != NID_undef) && (nid_objs[n].nid == NID_undef))
+			{
+			OBJerr(OBJ_F_OBJ_NID2SN,OBJ_R_UNKNOWN_NID);
+			return(NULL);
+			}
+		return(nid_objs[n].sn);
+		}
+	else if (added == NULL)
+		return(NULL);
+	else
+		{
+		ad.type=ADDED_NID;
+		ad.obj= &ob;
+		ob.nid=n;
+		adp=(ADDED_OBJ *)lh_retrieve(added,(char *)&ad);
+		if (adp != NULL)
+			return(adp->obj->sn);
+		else
+			{
+			OBJerr(OBJ_F_OBJ_NID2SN,OBJ_R_UNKNOWN_NID);
+			return(NULL);
+			}
+		}
+	}
+
+const char *OBJ_nid2ln(int n)
+	{
+	ADDED_OBJ ad,*adp;
+	ASN1_OBJECT ob;
+
+	if ((n >= 0) && (n < NUM_NID))
+		{
+		if ((n != NID_undef) && (nid_objs[n].nid == NID_undef))
+			{
+			OBJerr(OBJ_F_OBJ_NID2LN,OBJ_R_UNKNOWN_NID);
+			return(NULL);
+			}
+		return(nid_objs[n].ln);
+		}
+	else if (added == NULL)
+		return(NULL);
+	else
+		{
+		ad.type=ADDED_NID;
+		ad.obj= &ob;
+		ob.nid=n;
+		adp=(ADDED_OBJ *)lh_retrieve(added,(char *)&ad);
+		if (adp != NULL)
+			return(adp->obj->ln);
+		else
+			{
+			OBJerr(OBJ_F_OBJ_NID2LN,OBJ_R_UNKNOWN_NID);
+			return(NULL);
+			}
+		}
+	}
+
+int OBJ_obj2nid(ASN1_OBJECT *a)
+	{
+	ASN1_OBJECT **op;
+	ADDED_OBJ ad,*adp;
+
+	if (a == NULL)
+		return(NID_undef);
+	if (a->nid != 0)
+		return(a->nid);
+
+	if (added != NULL)
+		{
+		ad.type=ADDED_DATA;
+		ad.obj=a;
+		adp=(ADDED_OBJ *)lh_retrieve(added,(char *)&ad);
+		if (adp != NULL) return (adp->obj->nid);
+		}
+	op=(ASN1_OBJECT **)OBJ_bsearch((char *)&a,(char *)obj_objs,NUM_OBJ,
+		sizeof(ASN1_OBJECT *),(int (*)())obj_cmp);
+	if (op == NULL)
+		return(NID_undef);
+	return((*op)->nid);
+	}
+
+/* Convert an object name into an ASN1_OBJECT
+ * if "noname" is not set then search for short and long names first.
+ * This will convert the "dotted" form into an object: unlike OBJ_txt2nid
+ * it can be used with any objects, not just registered ones.
+ */
+
+ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name)
+	{
+	int nid = NID_undef;
+	ASN1_OBJECT *op=NULL;
+	unsigned char *buf,*p;
+	int i, j;
+
+	if(!no_name) {
+		if( ((nid = OBJ_sn2nid(s)) != NID_undef) ||
+			((nid = OBJ_ln2nid(s)) != NID_undef) ) 
+					return OBJ_nid2obj(nid);
+	}
+
+	/* Work out size of content octets */
+	i=a2d_ASN1_OBJECT(NULL,0,s,-1);
+	if (i <= 0) {
+		/* Clear the error */
+		ERR_get_error();
+		return NULL;
+	}
+	/* Work out total size */
+	j = ASN1_object_size(0,i,V_ASN1_OBJECT);
+
+	if((buf=(unsigned char *)Malloc(j)) == NULL) return NULL;
+
+	p = buf;
+	/* Write out tag+length */
+	ASN1_put_object(&p,0,i,V_ASN1_OBJECT,V_ASN1_UNIVERSAL);
+	/* Write out contents */
+	a2d_ASN1_OBJECT(p,i,s,-1);
+	
+	p=buf;
+	op=d2i_ASN1_OBJECT(NULL,&p,i);
+	Free(buf);
+	return op;
+	}
+
+int OBJ_obj2txt(char *buf, int buf_len, ASN1_OBJECT *a, int no_name)
+{
+	int i,idx=0,n=0,len,nid;
+	unsigned long l;
+	unsigned char *p;
+	const char *s;
+	char tbuf[32];
+
+	if (buf_len <= 0) return(0);
+
+	if ((a == NULL) || (a->data == NULL)) {
+		buf[0]='\0';
+		return(0);
+	}
+
+	nid=OBJ_obj2nid(a);
+	if ((nid == NID_undef) || no_name) {
+		len=a->length;
+		p=a->data;
+
+		idx=0;
+		l=0;
+		while (idx < a->length) {
+			l|=(p[idx]&0x7f);
+			if (!(p[idx] & 0x80)) break;
+			l<<=7L;
+			idx++;
+		}
+		idx++;
+		i=(int)(l/40);
+		if (i > 2) i=2;
+		l-=(long)(i*40);
+
+		sprintf(tbuf,"%d.%lu",i,l);
+		i=strlen(tbuf);
+		strncpy(buf,tbuf,buf_len);
+		buf_len-=i;
+		buf+=i;
+		n+=i;
+
+		l=0;
+		for (; idx 0)
+					strncpy(buf,tbuf,buf_len);
+				buf_len-=i;
+				buf+=i;
+				n+=i;
+				l=0;
+			}
+			l<<=7L;
+		}
+	} else {
+		s=OBJ_nid2ln(nid);
+		if (s == NULL)
+			s=OBJ_nid2sn(nid);
+		strncpy(buf,s,buf_len);
+		n=strlen(s);
+	}
+	buf[buf_len-1]='\0';
+	return(n);
+}
+
+int OBJ_txt2nid(char *s)
+{
+	ASN1_OBJECT *obj;
+	int nid;
+	obj = OBJ_txt2obj(s, 0);
+	nid = OBJ_obj2nid(obj);
+	ASN1_OBJECT_free(obj);
+	return nid;
+}
+
+int OBJ_ln2nid(const char *s)
+	{
+	ASN1_OBJECT o,*oo= &o,**op;
+	ADDED_OBJ ad,*adp;
+
+	o.ln=s;
+	if (added != NULL)
+		{
+		ad.type=ADDED_LNAME;
+		ad.obj= &o;
+		adp=(ADDED_OBJ *)lh_retrieve(added,(char *)&ad);
+		if (adp != NULL) return (adp->obj->nid);
+		}
+	op=(ASN1_OBJECT **)OBJ_bsearch((char *)&oo,(char *)ln_objs,NUM_LN,
+		sizeof(ASN1_OBJECT *),(int (*)())ln_cmp);
+	if (op == NULL) return(NID_undef);
+	return((*op)->nid);
+	}
+
+int OBJ_sn2nid(const char *s)
+	{
+	ASN1_OBJECT o,*oo= &o,**op;
+	ADDED_OBJ ad,*adp;
+
+	o.sn=s;
+	if (added != NULL)
+		{
+		ad.type=ADDED_SNAME;
+		ad.obj= &o;
+		adp=(ADDED_OBJ *)lh_retrieve(added,(char *)&ad);
+		if (adp != NULL) return (adp->obj->nid);
+		}
+	op=(ASN1_OBJECT **)OBJ_bsearch((char *)&oo,(char *)sn_objs,NUM_SN,
+		sizeof(ASN1_OBJECT *),(int (*)())sn_cmp);
+	if (op == NULL) return(NID_undef);
+	return((*op)->nid);
+	}
+
+static int obj_cmp(ASN1_OBJECT **ap, ASN1_OBJECT **bp)
+	{
+	int j;
+	ASN1_OBJECT *a= *ap;
+	ASN1_OBJECT *b= *bp;
+
+	j=(a->length - b->length);
+        if (j) return(j);
+	return(memcmp(a->data,b->data,a->length));
+        }
+
+char *OBJ_bsearch(char *key, char *base, int num, int size, int (*cmp)())
+	{
+	int l,h,i,c;
+	char *p;
+
+	if (num == 0) return(NULL);
+	l=0;
+	h=num;
+	while (l < h)
+		{
+		i=(l+h)/2;
+		p= &(base[i*size]);
+		c=(*cmp)(key,p);
+		if (c < 0)
+			h=i;
+		else if (c > 0)
+			l=i+1;
+		else
+			return(p);
+		}
+#ifdef CHARSET_EBCDIC
+/* THIS IS A KLUDGE - Because the *_obj is sorted in ASCII order, and
+ * I don't have perl (yet), we revert to a *LINEAR* search
+ * when the object wasn't found in the binary search.
+ */
+	for (i=0; i)
+	{
+	next unless /^\#define\s+(\S+)\s+(.*)$/;
+	$v=$1;
+	$d=$2;
+	if ($v =~ /^SN_(.*)$/)
+		{ $sn{$1}=$d; }
+	elsif ($v =~ /^LN_(.*)$/)
+		{ $ln{$1}=$d; }
+	elsif ($v =~ /^NID_(.*)$/)
+		{ $nid{$d}=$1; }
+	elsif ($v =~ /^OBJ_(.*)$/)
+		{
+		$obj{$1}=$v;
+		$objd{$v}=$d;
+		}
+	}
+
+%ob=&expand_obj(*objd);
+
+@a=sort { $a <=> $b } keys %nid;
+$n=$a[$#a]+1;
+
+@lvalues=();
+$lvalues=0;
+
+for ($i=0; $i<$n; $i++)
+	{
+	if (!defined($nid{$i}))
+		{
+		push(@out,"{NULL,NULL,NID_undef,0,NULL},\n");
+		}
+	else
+		{
+		$sn=defined($sn{$nid{$i}})?"$sn{$nid{$i}}":"NULL";
+		$ln=defined($ln{$nid{$i}})?"$ln{$nid{$i}}":"NULL";
+		$sn=$ln if ($sn eq "NULL");
+		$ln=$sn if ($ln eq "NULL");
+		$out ="{";
+		$out.=$sn;
+		$out.=",".$ln;
+		$out.=",NID_$nid{$i},";
+		if (defined($obj{$nid{$i}}))
+			{
+			$v=$objd{$obj{$nid{$i}}};
+			$v =~ s/L//g;
+			$v =~ s/,/ /g;
+			$r=&der_it($v);
+			$z="";
+			$length=0;
+			foreach (unpack("C*",$r))
+				{
+				$z.=sprintf("0x%02X,",$_);
+				$length++;
+				}
+			$obj_der{$obj{$nid{$i}}}=$z;
+			$obj_len{$obj{$nid{$i}}}=$length;
+
+			push(@lvalues,sprintf("%-45s/* [%3d] %s */\n",
+				$z,$lvalues,$obj{$nid{$i}}));
+			$out.="$length,&(lvalues[$lvalues]),0";
+			$lvalues+=$length;
+			}
+		else
+			{
+			$out.="0,NULL";
+			}
+		$out.="},\n";
+		push(@out,$out);
+		}
+	}
+
+@a=grep(defined($sn{$nid{$_}}),0 .. $n);
+foreach (sort { $sn{$nid{$a}} cmp $sn{$nid{$b}} } @a)
+	{
+	push(@sn,sprintf("&(nid_objs[%2d]),/* $sn{$nid{$_}} */\n",$_));
+	}
+
+@a=grep(defined($ln{$nid{$_}}),0 .. $n);
+foreach (sort { $ln{$nid{$a}} cmp $ln{$nid{$b}} } @a)
+	{
+	push(@ln,sprintf("&(nid_objs[%2d]),/* $ln{$nid{$_}} */\n",$_));
+	}
+
+@a=grep(defined($obj{$nid{$_}}),0 .. $n);
+foreach (sort obj_cmp @a)
+	{
+	$m=$obj{$nid{$_}};
+	$v=$objd{$m};
+	$v =~ s/L//g;
+	$v =~ s/,/ /g;
+	push(@ob,sprintf("&(nid_objs[%2d]),/* %-32s %s */\n",$_,$m,$v));
+	}
+
+print <<'EOF';
+/* lib/obj/obj_dat.h */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* THIS FILE IS GENERATED FROM Objects.h by obj_dat.pl via the
+ * following command:
+ * perl obj_dat.pl < objects.h > obj_dat.h
+ */
+
+EOF
+
+printf "#define NUM_NID %d\n",$n;
+printf "#define NUM_SN %d\n",$#sn+1;
+printf "#define NUM_LN %d\n",$#ln+1;
+printf "#define NUM_OBJ %d\n\n",$#ob+1;
+
+printf "static unsigned char lvalues[%d]={\n",$lvalues+1;
+print @lvalues;
+print "};\n\n";
+
+printf "static ASN1_OBJECT nid_objs[NUM_NID]={\n";
+foreach (@out)
+	{
+	if (length($_) > 75)
+		{
+		$out="";
+		foreach (split(/,/))
+			{
+			$t=$out.$_.",";
+			if (length($t) > 70)
+				{
+				print "$out\n";
+				$t="\t$_,";
+				}
+			$out=$t;
+			}
+		chop $out;
+		print "$out";
+		}
+	else
+		{ print $_; }
+	}
+print  "};\n\n";
+
+printf "static ASN1_OBJECT *sn_objs[NUM_SN]={\n";
+print  @sn;
+print  "};\n\n";
+
+printf "static ASN1_OBJECT *ln_objs[NUM_LN]={\n";
+print  @ln;
+print  "};\n\n";
+
+printf "static ASN1_OBJECT *obj_objs[NUM_OBJ]={\n";
+print  @ob;
+print  "};\n\n";
+
+sub der_it
+	{
+	local($v)=@_;
+	local(@a,$i,$ret,@r);
+
+	@a=split(/\s+/,$v);
+	$ret.=pack("C*",$a[0]*40+$a[1]);
+	shift @a;
+	shift @a;
+	foreach (@a)
+		{
+		@r=();
+		$t=0;
+		while ($_ >= 128)
+			{
+			$x=$_%128;
+			$_/=128;
+			push(@r,((($t++)?0x80:0)|$x));
+			}
+		push(@r,((($t++)?0x80:0)|$_));
+		$ret.=pack("C*",reverse(@r));
+		}
+	return($ret);
+	}
diff --git a/crypto/openssl/crypto/objects/obj_err.c b/crypto/openssl/crypto/objects/obj_err.c
new file mode 100644
index 000000000000..cef401db2771
--- /dev/null
+++ b/crypto/openssl/crypto/objects/obj_err.c
@@ -0,0 +1,98 @@
+/* crypto/objects/obj_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file.
+ */
+
+#include 
+#include 
+#include 
+
+/* BEGIN ERROR CODES */
+#ifndef NO_ERR
+static ERR_STRING_DATA OBJ_str_functs[]=
+	{
+{ERR_PACK(0,OBJ_F_OBJ_CREATE,0),	"OBJ_create"},
+{ERR_PACK(0,OBJ_F_OBJ_DUP,0),	"OBJ_dup"},
+{ERR_PACK(0,OBJ_F_OBJ_NID2LN,0),	"OBJ_nid2ln"},
+{ERR_PACK(0,OBJ_F_OBJ_NID2OBJ,0),	"OBJ_nid2obj"},
+{ERR_PACK(0,OBJ_F_OBJ_NID2SN,0),	"OBJ_nid2sn"},
+{0,NULL}
+	};
+
+static ERR_STRING_DATA OBJ_str_reasons[]=
+	{
+{OBJ_R_MALLOC_FAILURE                    ,"malloc failure"},
+{OBJ_R_UNKNOWN_NID                       ,"unknown nid"},
+{0,NULL}
+	};
+
+#endif
+
+void ERR_load_OBJ_strings(void)
+	{
+	static int init=1;
+
+	if (init)
+		{
+		init=0;
+#ifndef NO_ERR
+		ERR_load_strings(ERR_LIB_OBJ,OBJ_str_functs);
+		ERR_load_strings(ERR_LIB_OBJ,OBJ_str_reasons);
+#endif
+
+		}
+	}
diff --git a/crypto/openssl/crypto/objects/obj_lib.c b/crypto/openssl/crypto/objects/obj_lib.c
new file mode 100644
index 000000000000..1a1ba0fc063c
--- /dev/null
+++ b/crypto/openssl/crypto/objects/obj_lib.c
@@ -0,0 +1,126 @@
+/* crypto/objects/obj_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+
+ASN1_OBJECT *OBJ_dup(ASN1_OBJECT *o)
+	{
+	ASN1_OBJECT *r;
+	int i;
+	char *ln=NULL;
+
+	if (o == NULL) return(NULL);
+	if (!(o->flags & ASN1_OBJECT_FLAG_DYNAMIC))
+		return(o);
+
+	r=ASN1_OBJECT_new();
+	if (r == NULL)
+		{
+		OBJerr(OBJ_F_OBJ_DUP,ERR_R_ASN1_LIB);
+		return(NULL);
+		}
+	r->data=Malloc(o->length);
+	if (r->data == NULL)
+		goto err;
+	memcpy(r->data,o->data,o->length);
+	r->length=o->length;
+	r->nid=o->nid;
+	r->ln=r->sn=NULL;
+	if (o->ln != NULL)
+		{
+		i=strlen(o->ln)+1;
+		r->ln=ln=Malloc(i);
+		if (r->ln == NULL) goto err;
+		memcpy(ln,o->ln,i);
+		}
+
+	if (o->sn != NULL)
+		{
+		char *s;
+
+		i=strlen(o->sn)+1;
+		r->sn=s=Malloc(i);
+		if (r->sn == NULL) goto err;
+		memcpy(s,o->sn,i);
+		}
+	r->flags=o->flags|(ASN1_OBJECT_FLAG_DYNAMIC|
+		ASN1_OBJECT_FLAG_DYNAMIC_STRINGS|ASN1_OBJECT_FLAG_DYNAMIC_DATA);
+	return(r);
+err:
+	OBJerr(OBJ_F_OBJ_DUP,ERR_R_MALLOC_FAILURE);
+	if (r != NULL)
+		{
+		if (ln != NULL) Free(ln);
+		if (r->data != NULL) Free(r->data);
+		Free(r);
+		}
+	return(NULL);
+	}
+
+int OBJ_cmp(ASN1_OBJECT *a, ASN1_OBJECT *b)
+	{
+	int ret;
+
+	ret=(a->length-b->length);
+	if (ret) return(ret);
+	return(memcmp(a->data,b->data,a->length));
+	}
diff --git a/crypto/openssl/crypto/objects/objects.h b/crypto/openssl/crypto/objects/objects.h
new file mode 100644
index 000000000000..d03748e0228a
--- /dev/null
+++ b/crypto/openssl/crypto/objects/objects.h
@@ -0,0 +1,968 @@
+/* crypto/objects/objects.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_OBJECTS_H
+#define HEADER_OBJECTS_H
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#define SN_undef			"UNDEF"
+#define LN_undef			"undefined"
+#define NID_undef			0
+#define OBJ_undef			0L
+
+#define SN_Algorithm			"Algorithm"
+#define LN_algorithm			"algorithm"
+#define NID_algorithm			38
+#define OBJ_algorithm			1L,3L,14L,3L,2L
+
+#define LN_rsadsi			"rsadsi"
+#define NID_rsadsi			1
+#define OBJ_rsadsi			1L,2L,840L,113549L
+
+#define LN_pkcs				"pkcs"
+#define NID_pkcs			2
+#define OBJ_pkcs			OBJ_rsadsi,1L
+
+#define SN_md2				"MD2"
+#define LN_md2				"md2"
+#define NID_md2				3
+#define OBJ_md2				OBJ_rsadsi,2L,2L
+
+#define SN_md5				"MD5"
+#define LN_md5				"md5"
+#define NID_md5				4
+#define OBJ_md5				OBJ_rsadsi,2L,5L
+
+#define SN_rc4				"RC4"
+#define LN_rc4				"rc4"
+#define NID_rc4				5
+#define OBJ_rc4				OBJ_rsadsi,3L,4L
+
+#define LN_rsaEncryption		"rsaEncryption"
+#define NID_rsaEncryption		6
+#define OBJ_rsaEncryption		OBJ_pkcs,1L,1L
+
+#define SN_md2WithRSAEncryption		"RSA-MD2"
+#define LN_md2WithRSAEncryption		"md2WithRSAEncryption"
+#define NID_md2WithRSAEncryption	7
+#define OBJ_md2WithRSAEncryption	OBJ_pkcs,1L,2L
+
+#define SN_md5WithRSAEncryption		"RSA-MD5"
+#define LN_md5WithRSAEncryption		"md5WithRSAEncryption"
+#define NID_md5WithRSAEncryption	8
+#define OBJ_md5WithRSAEncryption	OBJ_pkcs,1L,4L
+
+#define LN_pbeWithMD2AndDES_CBC		"pbeWithMD2AndDES-CBC"
+#define NID_pbeWithMD2AndDES_CBC	9
+#define OBJ_pbeWithMD2AndDES_CBC	OBJ_pkcs,5L,1L
+
+#define LN_pbeWithMD5AndDES_CBC		"pbeWithMD5AndDES-CBC"
+#define NID_pbeWithMD5AndDES_CBC	10
+#define OBJ_pbeWithMD5AndDES_CBC	OBJ_pkcs,5L,3L
+
+#define LN_X500				"X500"
+#define NID_X500			11
+#define OBJ_X500			2L,5L
+
+#define LN_X509				"X509"
+#define NID_X509			12
+#define OBJ_X509			OBJ_X500,4L
+
+#define SN_commonName			"CN"
+#define LN_commonName			"commonName"
+#define NID_commonName			13
+#define OBJ_commonName			OBJ_X509,3L
+
+#define SN_countryName			"C"
+#define LN_countryName			"countryName"
+#define NID_countryName			14
+#define OBJ_countryName			OBJ_X509,6L
+
+#define SN_localityName			"L"
+#define LN_localityName			"localityName"
+#define NID_localityName		15
+#define OBJ_localityName		OBJ_X509,7L
+
+/* Postal Address? PA */
+
+/* should be "ST" (rfc1327) but MS uses 'S' */
+#define SN_stateOrProvinceName		"ST"
+#define LN_stateOrProvinceName		"stateOrProvinceName"
+#define NID_stateOrProvinceName		16
+#define OBJ_stateOrProvinceName		OBJ_X509,8L
+
+#define SN_organizationName		"O"
+#define LN_organizationName		"organizationName"
+#define NID_organizationName		17
+#define OBJ_organizationName		OBJ_X509,10L
+
+#define SN_organizationalUnitName	"OU"
+#define LN_organizationalUnitName	"organizationalUnitName"
+#define NID_organizationalUnitName	18
+#define OBJ_organizationalUnitName	OBJ_X509,11L
+
+#define SN_rsa				"RSA"
+#define LN_rsa				"rsa"
+#define NID_rsa				19
+#define OBJ_rsa				OBJ_X500,8L,1L,1L
+
+#define LN_pkcs7			"pkcs7"
+#define NID_pkcs7			20
+#define OBJ_pkcs7			OBJ_pkcs,7L
+
+#define LN_pkcs7_data			"pkcs7-data"
+#define NID_pkcs7_data			21
+#define OBJ_pkcs7_data			OBJ_pkcs7,1L
+
+#define LN_pkcs7_signed			"pkcs7-signedData"
+#define NID_pkcs7_signed		22
+#define OBJ_pkcs7_signed		OBJ_pkcs7,2L
+
+#define LN_pkcs7_enveloped		"pkcs7-envelopedData"
+#define NID_pkcs7_enveloped		23
+#define OBJ_pkcs7_enveloped		OBJ_pkcs7,3L
+
+#define LN_pkcs7_signedAndEnveloped	"pkcs7-signedAndEnvelopedData"
+#define NID_pkcs7_signedAndEnveloped	24
+#define OBJ_pkcs7_signedAndEnveloped	OBJ_pkcs7,4L
+
+#define LN_pkcs7_digest			"pkcs7-digestData"
+#define NID_pkcs7_digest		25
+#define OBJ_pkcs7_digest		OBJ_pkcs7,5L
+
+#define LN_pkcs7_encrypted		"pkcs7-encryptedData"
+#define NID_pkcs7_encrypted		26
+#define OBJ_pkcs7_encrypted		OBJ_pkcs7,6L
+
+#define LN_pkcs3			"pkcs3"
+#define NID_pkcs3			27
+#define OBJ_pkcs3			OBJ_pkcs,3L
+
+#define LN_dhKeyAgreement		"dhKeyAgreement"
+#define NID_dhKeyAgreement		28
+#define OBJ_dhKeyAgreement		OBJ_pkcs3,1L
+
+#define SN_des_ecb			"DES-ECB"
+#define LN_des_ecb			"des-ecb"
+#define NID_des_ecb			29
+#define OBJ_des_ecb			OBJ_algorithm,6L
+
+#define SN_des_cfb64			"DES-CFB"
+#define LN_des_cfb64			"des-cfb"
+#define NID_des_cfb64			30
+/* IV + num */
+#define OBJ_des_cfb64			OBJ_algorithm,9L
+
+#define SN_des_cbc			"DES-CBC"
+#define LN_des_cbc			"des-cbc"
+#define NID_des_cbc			31
+/* IV */
+#define OBJ_des_cbc			OBJ_algorithm,7L
+
+#define SN_des_ede			"DES-EDE"
+#define LN_des_ede			"des-ede"
+#define NID_des_ede			32
+/* ?? */
+#define OBJ_des_ede			OBJ_algorithm,17L
+
+#define SN_des_ede3			"DES-EDE3"
+#define LN_des_ede3			"des-ede3"
+#define NID_des_ede3			33
+
+#define SN_idea_cbc			"IDEA-CBC"
+#define LN_idea_cbc			"idea-cbc"
+#define NID_idea_cbc			34
+
+#define SN_idea_cfb64			"IDEA-CFB"
+#define LN_idea_cfb64			"idea-cfb"
+#define NID_idea_cfb64			35
+
+#define SN_idea_ecb			"IDEA-ECB"
+#define LN_idea_ecb			"idea-ecb"
+#define NID_idea_ecb			36
+
+#define SN_rc2_cbc			"RC2-CBC"
+#define LN_rc2_cbc			"rc2-cbc"
+#define NID_rc2_cbc			37
+#define OBJ_rc2_cbc			OBJ_rsadsi,3L,2L
+
+#define SN_rc2_ecb			"RC2-ECB"
+#define LN_rc2_ecb			"rc2-ecb"
+#define NID_rc2_ecb			38
+
+#define SN_rc2_cfb64			"RC2-CFB"
+#define LN_rc2_cfb64			"rc2-cfb"
+#define NID_rc2_cfb64			39
+
+#define SN_rc2_ofb64			"RC2-OFB"
+#define LN_rc2_ofb64			"rc2-ofb"
+#define NID_rc2_ofb64			40
+
+#define SN_sha				"SHA"
+#define LN_sha				"sha"
+#define NID_sha				41
+#define OBJ_sha				OBJ_algorithm,18L
+
+#define SN_shaWithRSAEncryption		"RSA-SHA"
+#define LN_shaWithRSAEncryption		"shaWithRSAEncryption"
+#define NID_shaWithRSAEncryption	42
+#define OBJ_shaWithRSAEncryption	OBJ_algorithm,15L
+
+#define SN_des_ede_cbc			"DES-EDE-CBC"
+#define LN_des_ede_cbc			"des-ede-cbc"
+#define NID_des_ede_cbc			43
+
+#define SN_des_ede3_cbc			"DES-EDE3-CBC"
+#define LN_des_ede3_cbc			"des-ede3-cbc"
+#define NID_des_ede3_cbc		44
+#define OBJ_des_ede3_cbc		OBJ_rsadsi,3L,7L
+
+#define SN_des_ofb64			"DES-OFB"
+#define LN_des_ofb64			"des-ofb"
+#define NID_des_ofb64			45
+#define OBJ_des_ofb64			OBJ_algorithm,8L
+
+#define SN_idea_ofb64			"IDEA-OFB"
+#define LN_idea_ofb64			"idea-ofb"
+#define NID_idea_ofb64			46
+
+#define LN_pkcs9			"pkcs9"
+#define NID_pkcs9			47
+#define OBJ_pkcs9			OBJ_pkcs,9L
+
+#define SN_pkcs9_emailAddress		"Email"
+#define LN_pkcs9_emailAddress		"emailAddress"
+#define NID_pkcs9_emailAddress		48
+#define OBJ_pkcs9_emailAddress		OBJ_pkcs9,1L
+
+#define LN_pkcs9_unstructuredName	"unstructuredName"
+#define NID_pkcs9_unstructuredName	49
+#define OBJ_pkcs9_unstructuredName	OBJ_pkcs9,2L
+
+#define LN_pkcs9_contentType		"contentType"
+#define NID_pkcs9_contentType		50
+#define OBJ_pkcs9_contentType		OBJ_pkcs9,3L
+
+#define LN_pkcs9_messageDigest		"messageDigest"
+#define NID_pkcs9_messageDigest		51
+#define OBJ_pkcs9_messageDigest		OBJ_pkcs9,4L
+
+#define LN_pkcs9_signingTime		"signingTime"
+#define NID_pkcs9_signingTime		52
+#define OBJ_pkcs9_signingTime		OBJ_pkcs9,5L
+
+#define LN_pkcs9_countersignature	"countersignature"
+#define NID_pkcs9_countersignature	53
+#define OBJ_pkcs9_countersignature	OBJ_pkcs9,6L
+
+#define LN_pkcs9_challengePassword	"challengePassword"
+#define NID_pkcs9_challengePassword	54
+#define OBJ_pkcs9_challengePassword	OBJ_pkcs9,7L
+
+#define LN_pkcs9_unstructuredAddress	"unstructuredAddress"
+#define NID_pkcs9_unstructuredAddress	55
+#define OBJ_pkcs9_unstructuredAddress	OBJ_pkcs9,8L
+
+#define LN_pkcs9_extCertAttributes	"extendedCertificateAttributes"
+#define NID_pkcs9_extCertAttributes	56
+#define OBJ_pkcs9_extCertAttributes	OBJ_pkcs9,9L
+
+#define SN_netscape			"Netscape"
+#define LN_netscape			"Netscape Communications Corp."
+#define NID_netscape			57
+#define OBJ_netscape			2L,16L,840L,1L,113730L
+
+#define SN_netscape_cert_extension	"nsCertExt"
+#define LN_netscape_cert_extension	"Netscape Certificate Extension"
+#define NID_netscape_cert_extension	58
+#define OBJ_netscape_cert_extension	OBJ_netscape,1L
+
+#define SN_netscape_data_type		"nsDataType"
+#define LN_netscape_data_type		"Netscape Data Type"
+#define NID_netscape_data_type		59
+#define OBJ_netscape_data_type		OBJ_netscape,2L
+
+#define SN_des_ede_cfb64		"DES-EDE-CFB"
+#define LN_des_ede_cfb64		"des-ede-cfb"
+#define NID_des_ede_cfb64		60
+
+#define SN_des_ede3_cfb64		"DES-EDE3-CFB"
+#define LN_des_ede3_cfb64		"des-ede3-cfb"
+#define NID_des_ede3_cfb64		61
+
+#define SN_des_ede_ofb64		"DES-EDE-OFB"
+#define LN_des_ede_ofb64		"des-ede-ofb"
+#define NID_des_ede_ofb64		62
+
+#define SN_des_ede3_ofb64		"DES-EDE3-OFB"
+#define LN_des_ede3_ofb64		"des-ede3-ofb"
+#define NID_des_ede3_ofb64		63
+
+/* I'm not sure about the object ID */
+#define SN_sha1				"SHA1"
+#define LN_sha1				"sha1"
+#define NID_sha1			64
+#define OBJ_sha1			OBJ_algorithm,26L
+/* 28 Jun 1996 - eay */
+/* #define OBJ_sha1			1L,3L,14L,2L,26L,05L <- wrong */
+
+#define SN_sha1WithRSAEncryption	"RSA-SHA1"
+#define LN_sha1WithRSAEncryption	"sha1WithRSAEncryption"
+#define NID_sha1WithRSAEncryption	65
+#define OBJ_sha1WithRSAEncryption	OBJ_pkcs,1L,5L
+
+#define SN_dsaWithSHA			"DSA-SHA"
+#define LN_dsaWithSHA			"dsaWithSHA"
+#define NID_dsaWithSHA			66
+#define OBJ_dsaWithSHA			OBJ_algorithm,13L
+
+#define SN_dsa_2			"DSA-old"
+#define LN_dsa_2			"dsaEncryption-old"
+#define NID_dsa_2			67
+#define OBJ_dsa_2			OBJ_algorithm,12L
+
+/* proposed by microsoft to RSA */
+#define LN_pbeWithSHA1AndRC2_CBC	"pbeWithSHA1AndRC2-CBC"
+#define NID_pbeWithSHA1AndRC2_CBC	68
+#define OBJ_pbeWithSHA1AndRC2_CBC	OBJ_pkcs,5L,11L 
+
+/* proposed by microsoft to RSA as pbeWithSHA1AndRC4: it is now
+ * defined explicitly in PKCS#5 v2.0 as id-PBKDF2 which is something
+ * completely different.
+ */
+#define LN_id_pbkdf2			"PBKDF2"
+#define NID_id_pbkdf2			69
+#define OBJ_id_pbkdf2			OBJ_pkcs,5L,12L 
+
+#define SN_dsaWithSHA1_2		"DSA-SHA1-old"
+#define LN_dsaWithSHA1_2		"dsaWithSHA1-old"
+#define NID_dsaWithSHA1_2		70
+/* Got this one from 'sdn706r20.pdf' which is actually an NSA document :-) */
+#define OBJ_dsaWithSHA1_2		OBJ_algorithm,27L
+
+#define SN_netscape_cert_type		"nsCertType"
+#define LN_netscape_cert_type		"Netscape Cert Type"
+#define NID_netscape_cert_type		71
+#define OBJ_netscape_cert_type		OBJ_netscape_cert_extension,1L
+
+#define SN_netscape_base_url		"nsBaseUrl"
+#define LN_netscape_base_url		"Netscape Base Url"
+#define NID_netscape_base_url		72
+#define OBJ_netscape_base_url		OBJ_netscape_cert_extension,2L
+
+#define SN_netscape_revocation_url	"nsRevocationUrl"
+#define LN_netscape_revocation_url	"Netscape Revocation Url"
+#define NID_netscape_revocation_url	73
+#define OBJ_netscape_revocation_url	OBJ_netscape_cert_extension,3L
+
+#define SN_netscape_ca_revocation_url	"nsCaRevocationUrl"
+#define LN_netscape_ca_revocation_url	"Netscape CA Revocation Url"
+#define NID_netscape_ca_revocation_url	74
+#define OBJ_netscape_ca_revocation_url	OBJ_netscape_cert_extension,4L
+
+#define SN_netscape_renewal_url		"nsRenewalUrl"
+#define LN_netscape_renewal_url		"Netscape Renewal Url"
+#define NID_netscape_renewal_url	75
+#define OBJ_netscape_renewal_url	OBJ_netscape_cert_extension,7L
+
+#define SN_netscape_ca_policy_url	"nsCaPolicyUrl"
+#define LN_netscape_ca_policy_url	"Netscape CA Policy Url"
+#define NID_netscape_ca_policy_url	76
+#define OBJ_netscape_ca_policy_url	OBJ_netscape_cert_extension,8L
+
+#define SN_netscape_ssl_server_name	"nsSslServerName"
+#define LN_netscape_ssl_server_name	"Netscape SSL Server Name"
+#define NID_netscape_ssl_server_name	77
+#define OBJ_netscape_ssl_server_name	OBJ_netscape_cert_extension,12L
+
+#define SN_netscape_comment		"nsComment"
+#define LN_netscape_comment		"Netscape Comment"
+#define NID_netscape_comment		78
+#define OBJ_netscape_comment		OBJ_netscape_cert_extension,13L
+
+#define SN_netscape_cert_sequence	"nsCertSequence"
+#define LN_netscape_cert_sequence	"Netscape Certificate Sequence"
+#define NID_netscape_cert_sequence	79
+#define OBJ_netscape_cert_sequence	OBJ_netscape_data_type,5L
+
+#define SN_desx_cbc			"DESX-CBC"
+#define LN_desx_cbc			"desx-cbc"
+#define NID_desx_cbc			80
+
+#define SN_ld_ce			"ld-ce"
+#define NID_ld_ce			81
+#define OBJ_ld_ce			2L,5L,29L
+
+#define SN_subject_key_identifier	"subjectKeyIdentifier"
+#define LN_subject_key_identifier	"X509v3 Subject Key Identifier"
+#define NID_subject_key_identifier	82
+#define OBJ_subject_key_identifier	OBJ_ld_ce,14L
+
+#define SN_key_usage			"keyUsage"
+#define LN_key_usage			"X509v3 Key Usage"
+#define NID_key_usage			83
+#define OBJ_key_usage			OBJ_ld_ce,15L
+
+#define SN_private_key_usage_period	"privateKeyUsagePeriod"
+#define LN_private_key_usage_period	"X509v3 Private Key Usage Period"
+#define NID_private_key_usage_period	84
+#define OBJ_private_key_usage_period	OBJ_ld_ce,16L
+
+#define SN_subject_alt_name		"subjectAltName"
+#define LN_subject_alt_name		"X509v3 Subject Alternative Name"
+#define NID_subject_alt_name		85
+#define OBJ_subject_alt_name		OBJ_ld_ce,17L
+
+#define SN_issuer_alt_name		"issuerAltName"
+#define LN_issuer_alt_name		"X509v3 Issuer Alternative Name"
+#define NID_issuer_alt_name		86
+#define OBJ_issuer_alt_name		OBJ_ld_ce,18L
+
+#define SN_basic_constraints		"basicConstraints"
+#define LN_basic_constraints		"X509v3 Basic Constraints"
+#define NID_basic_constraints		87
+#define OBJ_basic_constraints		OBJ_ld_ce,19L
+
+#define SN_crl_number			"crlNumber"
+#define LN_crl_number			"X509v3 CRL Number"
+#define NID_crl_number			88
+#define OBJ_crl_number			OBJ_ld_ce,20L
+
+#define SN_certificate_policies		"certificatePolicies"
+#define LN_certificate_policies		"X509v3 Certificate Policies"
+#define NID_certificate_policies	89
+#define OBJ_certificate_policies	OBJ_ld_ce,32L
+
+#define SN_authority_key_identifier	"authorityKeyIdentifier"
+#define LN_authority_key_identifier	"X509v3 Authority Key Identifier"
+#define NID_authority_key_identifier	90
+#define OBJ_authority_key_identifier	OBJ_ld_ce,35L
+
+#define SN_bf_cbc			"BF-CBC"
+#define LN_bf_cbc			"bf-cbc"
+#define NID_bf_cbc			91
+
+#define SN_bf_ecb			"BF-ECB"
+#define LN_bf_ecb			"bf-ecb"
+#define NID_bf_ecb			92
+
+#define SN_bf_cfb64			"BF-CFB"
+#define LN_bf_cfb64			"bf-cfb"
+#define NID_bf_cfb64			93
+
+#define SN_bf_ofb64			"BF-OFB"
+#define LN_bf_ofb64			"bf-ofb"
+#define NID_bf_ofb64			94
+
+#define SN_mdc2				"MDC2"
+#define LN_mdc2				"mdc2"
+#define NID_mdc2			95
+#define OBJ_mdc2			2L,5L,8L,3L,101L
+/* An alternative?			1L,3L,14L,3L,2L,19L */
+
+#define SN_mdc2WithRSA			"RSA-MDC2"
+#define LN_mdc2WithRSA			"mdc2withRSA"
+#define NID_mdc2WithRSA			96
+#define OBJ_mdc2WithRSA			2L,5L,8L,3L,100L
+
+#define SN_rc4_40			"RC4-40"
+#define LN_rc4_40			"rc4-40"
+#define NID_rc4_40			97
+
+#define SN_rc2_40_cbc			"RC2-40-CBC"
+#define LN_rc2_40_cbc			"rc2-40-cbc"
+#define NID_rc2_40_cbc			98
+
+#define SN_givenName			"G"
+#define LN_givenName			"givenName"
+#define NID_givenName			99
+#define OBJ_givenName			OBJ_X509,42L
+
+#define SN_surname			"S"
+#define LN_surname			"surname"
+#define NID_surname			100
+#define OBJ_surname			OBJ_X509,4L
+
+#define SN_initials			"I"
+#define LN_initials			"initials"
+#define NID_initials			101
+#define OBJ_initials			OBJ_X509,43L
+
+#define SN_uniqueIdentifier		"UID"
+#define LN_uniqueIdentifier		"uniqueIdentifier"
+#define NID_uniqueIdentifier		102
+#define OBJ_uniqueIdentifier		OBJ_X509,45L
+
+#define SN_crl_distribution_points	"crlDistributionPoints"
+#define LN_crl_distribution_points	"X509v3 CRL Distribution Points"
+#define NID_crl_distribution_points	103
+#define OBJ_crl_distribution_points	OBJ_ld_ce,31L
+
+#define SN_md5WithRSA			"RSA-NP-MD5"
+#define LN_md5WithRSA			"md5WithRSA"
+#define NID_md5WithRSA			104
+#define OBJ_md5WithRSA			OBJ_algorithm,3L
+
+#define SN_serialNumber			"SN"
+#define LN_serialNumber			"serialNumber"
+#define NID_serialNumber		105
+#define OBJ_serialNumber		OBJ_X509,5L
+
+#define SN_title			"T"
+#define LN_title			"title"
+#define NID_title			106
+#define OBJ_title			OBJ_X509,12L
+
+#define SN_description			"D"
+#define LN_description			"description"
+#define NID_description			107
+#define OBJ_description			OBJ_X509,13L
+
+/* CAST5 is CAST-128, I'm just sticking with the documentation */
+#define SN_cast5_cbc			"CAST5-CBC"
+#define LN_cast5_cbc			"cast5-cbc"
+#define NID_cast5_cbc			108
+#define OBJ_cast5_cbc			1L,2L,840L,113533L,7L,66L,10L
+
+#define SN_cast5_ecb			"CAST5-ECB"
+#define LN_cast5_ecb			"cast5-ecb"
+#define NID_cast5_ecb			109
+
+#define SN_cast5_cfb64			"CAST5-CFB"
+#define LN_cast5_cfb64			"cast5-cfb"
+#define NID_cast5_cfb64			110
+
+#define SN_cast5_ofb64			"CAST5-OFB"
+#define LN_cast5_ofb64			"cast5-ofb"
+#define NID_cast5_ofb64			111
+
+#define LN_pbeWithMD5AndCast5_CBC	"pbeWithMD5AndCast5CBC"
+#define NID_pbeWithMD5AndCast5_CBC	112
+#define OBJ_pbeWithMD5AndCast5_CBC	1L,2L,840L,113533L,7L,66L,12L
+
+/* This is one sun will soon be using :-(
+ * id-dsa-with-sha1 ID  ::= {
+ *   iso(1) member-body(2) us(840) x9-57 (10040) x9cm(4) 3 }
+ */
+#define SN_dsaWithSHA1			"DSA-SHA1"
+#define LN_dsaWithSHA1			"dsaWithSHA1"
+#define NID_dsaWithSHA1			113
+#define OBJ_dsaWithSHA1			1L,2L,840L,10040L,4L,3L
+
+#define NID_md5_sha1			114
+#define SN_md5_sha1			"MD5-SHA1"
+#define LN_md5_sha1			"md5-sha1"
+
+#define SN_sha1WithRSA			"RSA-SHA1-2"
+#define LN_sha1WithRSA			"sha1WithRSA"
+#define NID_sha1WithRSA			115
+#define OBJ_sha1WithRSA			OBJ_algorithm,29L
+
+#define SN_dsa				"DSA"
+#define LN_dsa				"dsaEncryption"
+#define NID_dsa				116
+#define OBJ_dsa				1L,2L,840L,10040L,4L,1L
+
+#define SN_ripemd160			"RIPEMD160"
+#define LN_ripemd160			"ripemd160"
+#define NID_ripemd160			117
+#define OBJ_ripemd160			1L,3L,36L,3L,2L,1L
+
+/* The name should actually be rsaSignatureWithripemd160, but I'm going
+ * to contiune using the convention I'm using with the other ciphers */
+#define SN_ripemd160WithRSA		"RSA-RIPEMD160"
+#define LN_ripemd160WithRSA		"ripemd160WithRSA"
+#define NID_ripemd160WithRSA		119
+#define OBJ_ripemd160WithRSA		1L,3L,36L,3L,3L,1L,2L
+
+/* Taken from rfc2040
+ *  RC5_CBC_Parameters ::= SEQUENCE {
+ *	version           INTEGER (v1_0(16)),
+ *	rounds            INTEGER (8..127),
+ *	blockSizeInBits   INTEGER (64, 128),
+ *	iv                OCTET STRING OPTIONAL
+ *	}
+ */
+#define SN_rc5_cbc			"RC5-CBC"
+#define LN_rc5_cbc			"rc5-cbc"
+#define NID_rc5_cbc			120
+#define OBJ_rc5_cbc			OBJ_rsadsi,3L,8L
+
+#define SN_rc5_ecb			"RC5-ECB"
+#define LN_rc5_ecb			"rc5-ecb"
+#define NID_rc5_ecb			121
+
+#define SN_rc5_cfb64			"RC5-CFB"
+#define LN_rc5_cfb64			"rc5-cfb"
+#define NID_rc5_cfb64			122
+
+#define SN_rc5_ofb64			"RC5-OFB"
+#define LN_rc5_ofb64			"rc5-ofb"
+#define NID_rc5_ofb64			123
+
+#define SN_rle_compression		"RLE"
+#define LN_rle_compression		"run length compression"
+#define NID_rle_compression		124
+#define OBJ_rle_compression		1L,1L,1L,1L,666L.1L
+
+#define SN_zlib_compression		"ZLIB"
+#define LN_zlib_compression		"zlib compression"
+#define NID_zlib_compression		125
+#define OBJ_zlib_compression		1L,1L,1L,1L,666L.2L
+
+#define SN_ext_key_usage		"extendedKeyUsage"
+#define LN_ext_key_usage		"X509v3 Extended Key Usage"
+#define NID_ext_key_usage		126
+#define OBJ_ext_key_usage		OBJ_ld_ce,37
+
+#define SN_id_pkix			"PKIX"
+#define NID_id_pkix			127
+#define OBJ_id_pkix			1L,3L,6L,1L,5L,5L,7L
+
+#define SN_id_kp			"id-kp"
+#define NID_id_kp			128
+#define OBJ_id_kp			OBJ_id_pkix,3L
+
+/* PKIX extended key usage OIDs */
+
+#define SN_server_auth			"serverAuth"
+#define LN_server_auth			"TLS Web Server Authentication"
+#define NID_server_auth			129
+#define OBJ_server_auth			OBJ_id_kp,1L
+
+#define SN_client_auth			"clientAuth"
+#define LN_client_auth			"TLS Web Client Authentication"
+#define NID_client_auth			130
+#define OBJ_client_auth			OBJ_id_kp,2L
+
+#define SN_code_sign			"codeSigning"
+#define LN_code_sign			"Code Signing"
+#define NID_code_sign			131
+#define OBJ_code_sign			OBJ_id_kp,3L
+
+#define SN_email_protect		"emailProtection"
+#define LN_email_protect		"E-mail Protection"
+#define NID_email_protect		132
+#define OBJ_email_protect		OBJ_id_kp,4L
+
+#define SN_time_stamp			"timeStamping"
+#define LN_time_stamp			"Time Stamping"
+#define NID_time_stamp			133
+#define OBJ_time_stamp			OBJ_id_kp,8L
+
+/* Additional extended key usage OIDs: Microsoft */
+
+#define SN_ms_code_ind			"msCodeInd"
+#define LN_ms_code_ind			"Microsoft Individual Code Signing"
+#define NID_ms_code_ind			134
+#define OBJ_ms_code_ind			1L,3L,6L,1L,4L,1L,311L,2L,1L,21L
+
+#define SN_ms_code_com			"msCodeCom"
+#define LN_ms_code_com			"Microsoft Commercial Code Signing"
+#define NID_ms_code_com			135
+#define OBJ_ms_code_com			1L,3L,6L,1L,4L,1L,311L,2L,1L,22L
+
+#define SN_ms_ctl_sign			"msCTLSign"
+#define LN_ms_ctl_sign			"Microsoft Trust List Signing"
+#define NID_ms_ctl_sign			136
+#define OBJ_ms_ctl_sign			1L,3L,6L,1L,4L,1L,311L,10L,3L,1L
+
+#define SN_ms_sgc			"msSGC"
+#define LN_ms_sgc			"Microsoft Server Gated Crypto"
+#define NID_ms_sgc			137
+#define OBJ_ms_sgc			1L,3L,6L,1L,4L,1L,311L,10L,3L,3L
+
+#define SN_ms_efs			"msEFS"
+#define LN_ms_efs			"Microsoft Encrypted File System"
+#define NID_ms_efs			138
+#define OBJ_ms_efs			1L,3L,6L,1L,4L,1L,311L,10L,3L,4L
+
+/* Addidional usage: Netscape */
+
+#define SN_ns_sgc			"nsSGC"
+#define LN_ns_sgc			"Netscape Server Gated Crypto"
+#define NID_ns_sgc			139
+#define OBJ_ns_sgc			OBJ_netscape,4L,1L
+
+#define SN_delta_crl			"deltaCRL"
+#define LN_delta_crl			"X509v3 Delta CRL Indicator"
+#define NID_delta_crl			140
+#define OBJ_delta_crl			OBJ_ld_ce,27L
+
+#define SN_crl_reason			"CRLReason"
+#define LN_crl_reason			"CRL Reason Code"
+#define NID_crl_reason			141
+#define OBJ_crl_reason			OBJ_ld_ce,21L
+
+#define SN_invalidity_date		"invalidityDate"
+#define LN_invalidity_date		"Invalidity Date"
+#define NID_invalidity_date		142
+#define OBJ_invalidity_date		OBJ_ld_ce,24L
+
+#define SN_sxnet			"SXNetID"
+#define LN_sxnet			"Strong Extranet ID"
+#define NID_sxnet			143
+#define OBJ_sxnet			1L,3L,101L,1L,4L,1L
+
+/* PKCS12 and related OBJECT IDENTIFIERS */
+
+#define OBJ_pkcs12			OBJ_pkcs,12L
+#define OBJ_pkcs12_pbeids		OBJ_pkcs12, 1
+
+#define LN_pbe_WithSHA1And128BitRC4	"pbeWithSHA1And128BitRC4"
+#define NID_pbe_WithSHA1And128BitRC4	144
+#define OBJ_pbe_WithSHA1And128BitRC4	OBJ_pkcs12_pbeids, 1L
+
+#define LN_pbe_WithSHA1And40BitRC4	"pbeWithSHA1And40BitRC4"
+#define NID_pbe_WithSHA1And40BitRC4	145
+#define OBJ_pbe_WithSHA1And40BitRC4	OBJ_pkcs12_pbeids, 2L
+
+#define LN_pbe_WithSHA1And3_Key_TripleDES_CBC	"pbeWithSHA1And3-KeyTripleDES-CBC"
+#define NID_pbe_WithSHA1And3_Key_TripleDES_CBC	146
+#define OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC	OBJ_pkcs12_pbeids, 3L
+
+#define LN_pbe_WithSHA1And2_Key_TripleDES_CBC	"pbeWithSHA1And2-KeyTripleDES-CBC"
+#define NID_pbe_WithSHA1And2_Key_TripleDES_CBC	147
+#define OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC	OBJ_pkcs12_pbeids, 4L
+
+#define LN_pbe_WithSHA1And128BitRC2_CBC		"pbeWithSHA1And128BitRC2-CBC"
+#define NID_pbe_WithSHA1And128BitRC2_CBC	148
+#define OBJ_pbe_WithSHA1And128BitRC2_CBC	OBJ_pkcs12_pbeids, 5L
+
+#define LN_pbe_WithSHA1And40BitRC2_CBC	"pbeWithSHA1And40BitRC2-CBC"
+#define NID_pbe_WithSHA1And40BitRC2_CBC	149
+#define OBJ_pbe_WithSHA1And40BitRC2_CBC	OBJ_pkcs12_pbeids, 6L
+
+#define OBJ_pkcs12_Version1	OBJ_pkcs12, 10L
+
+#define OBJ_pkcs12_BagIds	OBJ_pkcs12_Version1, 1L
+
+#define LN_keyBag		"keyBag"
+#define NID_keyBag		150
+#define OBJ_keyBag		OBJ_pkcs12_BagIds, 1L
+
+#define LN_pkcs8ShroudedKeyBag	"pkcs8ShroudedKeyBag"
+#define NID_pkcs8ShroudedKeyBag	151
+#define OBJ_pkcs8ShroudedKeyBag	OBJ_pkcs12_BagIds, 2L
+
+#define LN_certBag		"certBag"
+#define NID_certBag		152
+#define OBJ_certBag		OBJ_pkcs12_BagIds, 3L
+
+#define LN_crlBag		"crlBag"
+#define NID_crlBag		153
+#define OBJ_crlBag		OBJ_pkcs12_BagIds, 4L
+
+#define LN_secretBag		"secretBag"
+#define NID_secretBag		154
+#define OBJ_secretBag		OBJ_pkcs12_BagIds, 5L
+
+#define LN_safeContentsBag	"safeContentsBag"
+#define NID_safeContentsBag	155
+#define OBJ_safeContentsBag	OBJ_pkcs12_BagIds, 6L
+
+#define LN_friendlyName		"friendlyName"
+#define	NID_friendlyName	156
+#define OBJ_friendlyName	OBJ_pkcs9, 20L
+
+#define LN_localKeyID		"localKeyID"
+#define	NID_localKeyID		157
+#define OBJ_localKeyID		OBJ_pkcs9, 21L
+
+#define OBJ_certTypes		OBJ_pkcs9, 22L
+
+#define LN_x509Certificate	"x509Certificate"
+#define	NID_x509Certificate	158
+#define OBJ_x509Certificate	OBJ_certTypes, 1L
+
+#define LN_sdsiCertificate	"sdsiCertificate"
+#define	NID_sdsiCertificate	159
+#define OBJ_sdsiCertificate	OBJ_certTypes, 2L
+
+#define OBJ_crlTypes		OBJ_pkcs9, 23L
+
+#define LN_x509Crl		"x509Crl"
+#define	NID_x509Crl		160
+#define OBJ_x509Crl		OBJ_crlTypes, 1L
+
+/* PKCS#5 v2 OIDs */
+
+#define LN_pbes2		"PBES2"
+#define NID_pbes2		161
+#define OBJ_pbes2		OBJ_pkcs,5L,13L
+
+#define LN_pbmac1		"PBMAC1"
+#define NID_pbmac1		162
+#define OBJ_pbmac1		OBJ_pkcs,5L,14L
+
+#define LN_hmacWithSHA1		"hmacWithSHA1"
+#define NID_hmacWithSHA1	163
+#define OBJ_hmacWithSHA1	OBJ_rsadsi,2L,7L
+
+/* Policy Qualifier Ids */
+
+#define LN_id_qt_cps		"Policy Qualifier CPS"
+#define SN_id_qt_cps		"id-qt-cps"
+#define NID_id_qt_cps		164
+#define OBJ_id_qt_cps		OBJ_id_pkix,2L,1L
+
+#define LN_id_qt_unotice	"Policy Qualifier User Notice"
+#define SN_id_qt_unotice	"id-qt-unotice"
+#define NID_id_qt_unotice	165
+#define OBJ_id_qt_unotice	OBJ_id_pkix,2L,2L
+
+#define SN_rc2_64_cbc			"RC2-64-CBC"
+#define LN_rc2_64_cbc			"rc2-64-cbc"
+#define NID_rc2_64_cbc			166
+
+#define SN_SMIMECapabilities		"SMIME-CAPS"
+#define LN_SMIMECapabilities		"S/MIME Capabilities"
+#define NID_SMIMECapabilities		167
+#define OBJ_SMIMECapabilities		OBJ_id_pkcs9,15L
+
+#define LN_pbeWithMD2AndRC2_CBC		"pbeWithMD2AndRC2-CBC"
+#define NID_pbeWithMD2AndRC2_CBC	168
+#define OBJ_pbeWithMD2AndRC2_CBC	OBJ_pkcs,5L,4L
+
+#define LN_pbeWithMD5AndRC2_CBC		"pbeWithMD5AndRC2-CBC"
+#define NID_pbeWithMD5AndRC2_CBC	169
+#define OBJ_pbeWithMD5AndRC2_CBC	OBJ_pkcs,5L,6L
+
+#define LN_pbeWithSHA1AndDES_CBC	"pbeWithSHA1AndDES-CBC"
+#define NID_pbeWithSHA1AndDES_CBC	170
+#define OBJ_pbeWithSHA1AndDES_CBC	OBJ_pkcs,5L,10L
+
+#include 
+#include 
+
+#define	OBJ_NAME_TYPE_UNDEF		0x00
+#define	OBJ_NAME_TYPE_MD_METH		0x01
+#define	OBJ_NAME_TYPE_CIPHER_METH	0x02
+#define	OBJ_NAME_TYPE_PKEY_METH		0x03
+#define	OBJ_NAME_TYPE_COMP_METH		0x04
+#define	OBJ_NAME_TYPE_NUM		0x05
+
+#define	OBJ_NAME_ALIAS		0x8000
+
+
+typedef struct obj_name_st
+	{
+	int type;
+	int alias;
+	const char *name;
+	const char *data;
+	} OBJ_NAME;
+
+#define		OBJ_create_and_add_object(a,b,c) OBJ_create(a,b,c)
+
+
+int OBJ_NAME_init(void);
+int OBJ_NAME_new_index(unsigned long (*hash_func)(),int (*cmp_func)(),
+	void (*free_func)());
+const char *OBJ_NAME_get(const char *name,int type);
+int OBJ_NAME_add(const char *name,int type,const char *data);
+int OBJ_NAME_remove(const char *name,int type);
+void OBJ_NAME_cleanup(int type); /* -1 for everything */
+
+ASN1_OBJECT *	OBJ_dup(ASN1_OBJECT *o);
+ASN1_OBJECT *	OBJ_nid2obj(int n);
+const char *	OBJ_nid2ln(int n);
+const char *	OBJ_nid2sn(int n);
+int		OBJ_obj2nid(ASN1_OBJECT *o);
+ASN1_OBJECT *	OBJ_txt2obj(const char *s, int no_name);
+int	OBJ_obj2txt(char *buf, int buf_len, ASN1_OBJECT *a, int no_name);
+int		OBJ_txt2nid(char *s);
+int		OBJ_ln2nid(const char *s);
+int		OBJ_sn2nid(const char *s);
+int		OBJ_cmp(ASN1_OBJECT *a,ASN1_OBJECT *b);
+char *		OBJ_bsearch(char *key,char *base,int num,int size,int (*cmp)());
+
+void		ERR_load_OBJ_strings(void );
+
+int		OBJ_new_nid(int num);
+int		OBJ_add_object(ASN1_OBJECT *obj);
+int		OBJ_create(char *oid,char *sn,char *ln);
+void		OBJ_cleanup(void );
+int		OBJ_create_objects(BIO *in);
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+
+/* Error codes for the OBJ functions. */
+
+/* Function codes. */
+#define OBJ_F_OBJ_CREATE				 100
+#define OBJ_F_OBJ_DUP					 101
+#define OBJ_F_OBJ_NID2LN				 102
+#define OBJ_F_OBJ_NID2OBJ				 103
+#define OBJ_F_OBJ_NID2SN				 104
+
+/* Reason codes. */
+#define OBJ_R_MALLOC_FAILURE				 100
+#define OBJ_R_UNKNOWN_NID				 101
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
+
diff --git a/crypto/openssl/crypto/objects/objects.txt b/crypto/openssl/crypto/objects/objects.txt
new file mode 100644
index 000000000000..cb276e90e980
--- /dev/null
+++ b/crypto/openssl/crypto/objects/objects.txt
@@ -0,0 +1,40 @@
+1 2			: ISO member bodies
+1 2 840			: US (ANSI)
+1 2 840 113549		: rsadsi	: RSA Data Security, Inc.
+1 2 840 113549 1	: pkcs		: RSA Data Security, Inc. PKCS
+1 2 840 113549 1 1 1	: rsaEncryption
+1 2 840 113549 1 1 2	: md2withRSAEncryption
+1 2 840 113549 1 1 4	: md5withRSAEncryption
+1 2 840 113549 1 7	: pkcs-7
+1 2 840 113549 1 7 1	: pkcs-7-data
+1 2 840 113549 1 7 2	: pkcs-7-signedData
+1 2 840 113549 1 7 3	: pkcs-7-envelopedData
+1 2 840 113549 1 7 4	: pkcs-7-signedAndEnvelopedData
+1 2 840 113549 1 7 5	: pkcs-7-digestData
+1 2 840 113549 1 7 6	: pkcs-7-encryptedData
+1 2 840 113549 2 2	: md2
+1 2 840 113549 2 4	: md4
+1 2 840 113549 2 5	: md5
+1 2 840 113549 3 4	: rc4
+1 2 840 113549 5 1	: pbeWithMD2AndDES_CBC
+1 2 840 113549 5 3	: pbeWithMD5AndDES_CBC
+2 5			: X500		: directory services (X.500)
+2 5 4			: X509
+2 5 4 3			: commonName
+2 5 4 6			: countryName
+2 5 4 7			: localityName
+2 5 4 8			: stateOrProvinceName
+2 5 4 10		: organizationName
+2 5 4 11		: organizationalUnitName
+2 5 8			: directory services - algorithms
+2 5 8 1 1		: rsa
+
+algorithm 18		: sha
+encryptionAlgorithm 1	: rsa
+algorithm 11		: rsaSignature
+
+algorithm 6		: desECB
+algorithm 7		: desCBC
+algorithm 8		: desOFB
+algorithm 9		: desCFB
+algorithm 17		: desEDE2
diff --git a/crypto/openssl/crypto/opensslconf.h b/crypto/openssl/crypto/opensslconf.h
new file mode 100644
index 000000000000..e4a8f8ad5490
--- /dev/null
+++ b/crypto/openssl/crypto/opensslconf.h
@@ -0,0 +1,142 @@
+/* crypto/opensslconf.h */
+/* WARNING: This file is autogenerated by Configure */
+
+/* Generate 80386 code? */
+#undef I386_ONLY
+
+#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
+#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
+#define OPENSSLDIR "/usr/local/ssl"
+#endif
+#endif
+
+#define OPENSSL_UNISTD 
+
+#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
+#define IDEA_INT unsigned int
+#endif
+
+#if defined(HEADER_MD2_H) && !defined(MD2_INT)
+#define MD2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC2_H) && !defined(RC2_INT)
+/* I need to put in a mod for the alpha - eay */
+#define RC2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC4_H) && !defined(RC4_INT)
+/* using int types make the structure larger but make the code faster
+ * on most boxes I have tested - up to %20 faster. */
+#define RC4_INT unsigned int
+#endif
+
+#if defined(HEADER_DES_H) && !defined(DES_LONG)
+/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
+ * %20 speed up (longs are 8 bytes, int's are 4). */
+#ifndef DES_LONG
+#define DES_LONG unsigned long
+#endif
+#endif
+
+#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
+#define CONFIG_HEADER_BN_H
+#undef BN_LLONG
+
+/* Should we define BN_DIV2W here? */
+
+/* Only one for the following should be defined */
+/* The prime number generation stuff may not work when
+ * EIGHT_BIT but I don't care since I've only used this mode
+ * for debuging the bignum libraries */
+#undef SIXTY_FOUR_BIT_LONG
+#undef SIXTY_FOUR_BIT
+#define THIRTY_TWO_BIT
+#undef SIXTEEN_BIT
+#undef EIGHT_BIT
+#endif
+
+#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
+#define CONFIG_HEADER_RC4_LOCL_H
+/* if this is defined data[i] is used instead of *data, this is a %20
+ * speedup on x86 */
+#undef RC4_INDEX
+#endif
+
+#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
+#define CONFIG_HEADER_BF_LOCL_H
+#undef BF_PTR
+#endif /* HEADER_BF_LOCL_H */
+
+#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
+#define CONFIG_HEADER_DES_LOCL_H
+#ifndef DES_DEFAULT_OPTIONS
+/* the following is tweaked from a config script, that is why it is a
+ * protected undef/define */
+#ifndef DES_PTR
+#undef DES_PTR
+#endif
+
+/* This helps C compiler generate the correct code for multiple functional
+ * units.  It reduces register dependancies at the expense of 2 more
+ * registers */
+#ifndef DES_RISC1
+#undef DES_RISC1
+#endif
+
+#ifndef DES_RISC2
+#undef DES_RISC2
+#endif
+
+#if defined(DES_RISC1) && defined(DES_RISC2)
+YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
+#endif
+
+/* Unroll the inner loop, this sometimes helps, sometimes hinders.
+ * Very mucy CPU dependant */
+#ifndef DES_UNROLL
+#undef DES_UNROLL
+#endif
+
+/* These default values were supplied by
+ * Peter Gutman 
+ * They are only used if nothing else has been defined */
+#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
+/* Special defines which change the way the code is built depending on the
+   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
+   even newer MIPS CPU's, but at the moment one size fits all for
+   optimization options.  Older Sparc's work better with only UNROLL, but
+   there's no way to tell at compile time what it is you're running on */
+ 
+#if defined( sun )		/* Newer Sparc's */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#elif defined( __ultrix )	/* Older MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined( __osf1__ )	/* Alpha */
+#  define DES_PTR
+#  define DES_RISC2
+#elif defined ( _AIX )		/* RS6000 */
+  /* Unknown */
+#elif defined( __hpux )		/* HP-PA */
+  /* Unknown */
+#elif defined( __aux )		/* 68K */
+  /* Unknown */
+#elif defined( __dgux )		/* 88K (but P6 in latest boxes) */
+#  define DES_UNROLL
+#elif defined( __sgi )		/* Newer MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined( i386 )		/* x86 boxes, should be gcc */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#endif /* Systems-specific speed defines */
+#endif
+
+#endif /* DES_DEFAULT_OPTIONS */
+#endif /* HEADER_DES_LOCL_H */
diff --git a/crypto/openssl/crypto/opensslconf.h.in b/crypto/openssl/crypto/opensslconf.h.in
new file mode 100644
index 000000000000..e4a8f8ad5490
--- /dev/null
+++ b/crypto/openssl/crypto/opensslconf.h.in
@@ -0,0 +1,142 @@
+/* crypto/opensslconf.h */
+/* WARNING: This file is autogenerated by Configure */
+
+/* Generate 80386 code? */
+#undef I386_ONLY
+
+#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
+#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
+#define OPENSSLDIR "/usr/local/ssl"
+#endif
+#endif
+
+#define OPENSSL_UNISTD 
+
+#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
+#define IDEA_INT unsigned int
+#endif
+
+#if defined(HEADER_MD2_H) && !defined(MD2_INT)
+#define MD2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC2_H) && !defined(RC2_INT)
+/* I need to put in a mod for the alpha - eay */
+#define RC2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC4_H) && !defined(RC4_INT)
+/* using int types make the structure larger but make the code faster
+ * on most boxes I have tested - up to %20 faster. */
+#define RC4_INT unsigned int
+#endif
+
+#if defined(HEADER_DES_H) && !defined(DES_LONG)
+/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
+ * %20 speed up (longs are 8 bytes, int's are 4). */
+#ifndef DES_LONG
+#define DES_LONG unsigned long
+#endif
+#endif
+
+#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
+#define CONFIG_HEADER_BN_H
+#undef BN_LLONG
+
+/* Should we define BN_DIV2W here? */
+
+/* Only one for the following should be defined */
+/* The prime number generation stuff may not work when
+ * EIGHT_BIT but I don't care since I've only used this mode
+ * for debuging the bignum libraries */
+#undef SIXTY_FOUR_BIT_LONG
+#undef SIXTY_FOUR_BIT
+#define THIRTY_TWO_BIT
+#undef SIXTEEN_BIT
+#undef EIGHT_BIT
+#endif
+
+#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
+#define CONFIG_HEADER_RC4_LOCL_H
+/* if this is defined data[i] is used instead of *data, this is a %20
+ * speedup on x86 */
+#undef RC4_INDEX
+#endif
+
+#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
+#define CONFIG_HEADER_BF_LOCL_H
+#undef BF_PTR
+#endif /* HEADER_BF_LOCL_H */
+
+#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
+#define CONFIG_HEADER_DES_LOCL_H
+#ifndef DES_DEFAULT_OPTIONS
+/* the following is tweaked from a config script, that is why it is a
+ * protected undef/define */
+#ifndef DES_PTR
+#undef DES_PTR
+#endif
+
+/* This helps C compiler generate the correct code for multiple functional
+ * units.  It reduces register dependancies at the expense of 2 more
+ * registers */
+#ifndef DES_RISC1
+#undef DES_RISC1
+#endif
+
+#ifndef DES_RISC2
+#undef DES_RISC2
+#endif
+
+#if defined(DES_RISC1) && defined(DES_RISC2)
+YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
+#endif
+
+/* Unroll the inner loop, this sometimes helps, sometimes hinders.
+ * Very mucy CPU dependant */
+#ifndef DES_UNROLL
+#undef DES_UNROLL
+#endif
+
+/* These default values were supplied by
+ * Peter Gutman 
+ * They are only used if nothing else has been defined */
+#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
+/* Special defines which change the way the code is built depending on the
+   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
+   even newer MIPS CPU's, but at the moment one size fits all for
+   optimization options.  Older Sparc's work better with only UNROLL, but
+   there's no way to tell at compile time what it is you're running on */
+ 
+#if defined( sun )		/* Newer Sparc's */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#elif defined( __ultrix )	/* Older MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined( __osf1__ )	/* Alpha */
+#  define DES_PTR
+#  define DES_RISC2
+#elif defined ( _AIX )		/* RS6000 */
+  /* Unknown */
+#elif defined( __hpux )		/* HP-PA */
+  /* Unknown */
+#elif defined( __aux )		/* 68K */
+  /* Unknown */
+#elif defined( __dgux )		/* 88K (but P6 in latest boxes) */
+#  define DES_UNROLL
+#elif defined( __sgi )		/* Newer MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined( i386 )		/* x86 boxes, should be gcc */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#endif /* Systems-specific speed defines */
+#endif
+
+#endif /* DES_DEFAULT_OPTIONS */
+#endif /* HEADER_DES_LOCL_H */
diff --git a/crypto/openssl/crypto/opensslv.h b/crypto/openssl/crypto/opensslv.h
new file mode 100644
index 000000000000..b841347f05e8
--- /dev/null
+++ b/crypto/openssl/crypto/opensslv.h
@@ -0,0 +1,21 @@
+#ifndef HEADER_OPENSSLV_H
+#define HEADER_OPENSSLV_H
+
+/* Numeric release version identifier:
+ * MMNNFFRBB: major minor fix final beta/patch
+ * For example:
+ * 0.9.3-dev	  0x00903000
+ * 0.9.3beta1	  0x00903001
+ * 0.9.3beta2-dev 0x00903002
+ * 0.9.3beta2     0x00903002
+ * 0.9.3	  0x00903100
+ * 0.9.3a	  0x00903101
+ * 0.9.4 	  0x00904100
+ * 1.2.3z	  0x1020311a
+ * (Prior to 0.9.3-dev a different scheme was used: 0.9.2b is 0x0922.)
+ */
+#define OPENSSL_VERSION_NUMBER	0x00904100L
+#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.4 09 Aug 1999"
+#define OPENSSL_VERSION_PTEXT	" part of " OPENSSL_VERSION_TEXT
+
+#endif /* HEADER_OPENSSLV_H */
diff --git a/crypto/openssl/crypto/pem/Makefile.ssl b/crypto/openssl/crypto/pem/Makefile.ssl
new file mode 100644
index 000000000000..b4e7524ea2d1
--- /dev/null
+++ b/crypto/openssl/crypto/pem/Makefile.ssl
@@ -0,0 +1,188 @@
+#
+# SSLeay/crypto/pem/Makefile
+#
+
+DIR=	pem
+TOP=	../..
+CC=	cc
+INCLUDES= -I.. -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=		make -f Makefile.ssl
+MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+MAKEFILE=	Makefile.ssl
+AR=		ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= pem_sign.c pem_seal.c pem_info.c pem_lib.c pem_all.c pem_err.c
+
+LIBOBJ=	pem_sign.o pem_seal.o pem_info.o pem_lib.o pem_all.o pem_err.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= pem.h pem2.h
+HEADER=	$(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:	lib
+
+lib:	$(LIBOBJ)
+	$(AR) $(LIB) $(LIBOBJ)
+	$(RANLIB) $(LIB)
+	@touch lib
+
+files:
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links: $(EXHEADER)
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+	@for i in $(EXHEADER) ; \
+	do  \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+	done;
+
+tags:
+	ctags $(SRC)
+
+tests:
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(LIBSRC)
+
+dclean:
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+pem_all.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pem_all.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+pem_all.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+pem_all.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+pem_all.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+pem_all.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+pem_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pem_all.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+pem_all.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+pem_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pem_all.o: ../../include/openssl/opensslv.h ../../include/openssl/pem.h
+pem_all.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+pem_all.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+pem_all.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+pem_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+pem_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pem_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pem_all.o: ../cryptlib.h
+pem_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pem_err.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+pem_err.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+pem_err.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+pem_err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+pem_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pem_err.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+pem_err.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+pem_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pem_err.o: ../../include/openssl/opensslv.h ../../include/openssl/pem.h
+pem_err.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+pem_err.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+pem_err.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+pem_err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+pem_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pem_err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pem_info.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pem_info.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+pem_info.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+pem_info.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+pem_info.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+pem_info.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+pem_info.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pem_info.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+pem_info.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+pem_info.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pem_info.o: ../../include/openssl/opensslv.h ../../include/openssl/pem.h
+pem_info.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+pem_info.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+pem_info.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+pem_info.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+pem_info.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pem_info.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pem_info.o: ../cryptlib.h
+pem_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pem_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+pem_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+pem_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+pem_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+pem_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+pem_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pem_lib.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+pem_lib.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+pem_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pem_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/pem.h
+pem_lib.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs12.h
+pem_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+pem_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+pem_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+pem_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+pem_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pem_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pem_lib.o: ../cryptlib.h
+pem_seal.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pem_seal.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+pem_seal.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+pem_seal.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+pem_seal.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+pem_seal.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+pem_seal.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pem_seal.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+pem_seal.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+pem_seal.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pem_seal.o: ../../include/openssl/opensslv.h ../../include/openssl/pem.h
+pem_seal.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+pem_seal.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+pem_seal.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+pem_seal.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+pem_seal.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pem_seal.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+pem_seal.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+pem_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pem_sign.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+pem_sign.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+pem_sign.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+pem_sign.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+pem_sign.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+pem_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pem_sign.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+pem_sign.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+pem_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pem_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/pem.h
+pem_sign.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+pem_sign.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+pem_sign.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+pem_sign.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+pem_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pem_sign.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+pem_sign.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
diff --git a/crypto/openssl/crypto/pem/message b/crypto/openssl/crypto/pem/message
new file mode 100644
index 000000000000..e8bf9d759296
--- /dev/null
+++ b/crypto/openssl/crypto/pem/message
@@ -0,0 +1,16 @@
+-----BEGIN PRIVACY-ENHANCED MESSAGE-----
+Proc-Type: 4,ENCRYPTED
+Proc-Type: 4,MIC-ONLY
+Proc-Type: 4,MIC-CLEAR
+Content-Domain: RFC822
+DEK-Info: DES-CBC,0123456789abcdef
+Originator-Certificate
+ xxxx
+Issuer-Certificate
+ xxxx
+MIC-Info: RSA-MD5,RSA,
+ xxxx
+
+
+-----END PRIVACY-ENHANCED MESSAGE-----
+
diff --git a/crypto/openssl/crypto/pem/pem.h b/crypto/openssl/crypto/pem/pem.h
new file mode 100644
index 000000000000..fc333e42c8ae
--- /dev/null
+++ b/crypto/openssl/crypto/pem/pem.h
@@ -0,0 +1,625 @@
+/* crypto/pem/pem.h */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_PEM_H
+#define HEADER_PEM_H
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#include 
+#include 
+#include 
+
+#define PEM_BUFSIZE		1024
+
+#define PEM_OBJ_UNDEF		0
+#define PEM_OBJ_X509		1
+#define PEM_OBJ_X509_REQ	2
+#define PEM_OBJ_CRL		3
+#define PEM_OBJ_SSL_SESSION	4
+#define PEM_OBJ_PRIV_KEY	10
+#define PEM_OBJ_PRIV_RSA	11
+#define PEM_OBJ_PRIV_DSA	12
+#define PEM_OBJ_PRIV_DH		13
+#define PEM_OBJ_PUB_RSA		14
+#define PEM_OBJ_PUB_DSA		15
+#define PEM_OBJ_PUB_DH		16
+#define PEM_OBJ_DHPARAMS	17
+#define PEM_OBJ_DSAPARAMS	18
+#define PEM_OBJ_PRIV_RSA_PUBLIC	19
+
+#define PEM_ERROR		30
+#define PEM_DEK_DES_CBC         40
+#define PEM_DEK_IDEA_CBC        45
+#define PEM_DEK_DES_EDE         50
+#define PEM_DEK_DES_ECB         60
+#define PEM_DEK_RSA             70
+#define PEM_DEK_RSA_MD2         80
+#define PEM_DEK_RSA_MD5         90
+
+#define PEM_MD_MD2		NID_md2
+#define PEM_MD_MD5		NID_md5
+#define PEM_MD_SHA		NID_sha
+#define PEM_MD_MD2_RSA		NID_md2WithRSAEncryption
+#define PEM_MD_MD5_RSA		NID_md5WithRSAEncryption
+#define PEM_MD_SHA_RSA		NID_sha1WithRSAEncryption
+
+#define PEM_STRING_X509_OLD	"X509 CERTIFICATE"
+#define PEM_STRING_X509		"CERTIFICATE"
+#define PEM_STRING_X509_REQ_OLD	"NEW CERTIFICATE REQUEST"
+#define PEM_STRING_X509_REQ	"CERTIFICATE REQUEST"
+#define PEM_STRING_X509_CRL	"X509 CRL"
+#define PEM_STRING_EVP_PKEY	"ANY PRIVATE KEY"
+#define PEM_STRING_RSA		"RSA PRIVATE KEY"
+#define PEM_STRING_RSA_PUBLIC	"RSA PUBLIC KEY"
+#define PEM_STRING_DSA		"DSA PRIVATE KEY"
+#define PEM_STRING_PKCS7	"PKCS7"
+#define PEM_STRING_PKCS8	"ENCRYPTED PRIVATE KEY"
+#define PEM_STRING_PKCS8INF	"PRIVATE KEY"
+#define PEM_STRING_DHPARAMS	"DH PARAMETERS"
+#define PEM_STRING_SSL_SESSION	"SSL SESSION PARAMETERS"
+#define PEM_STRING_DSAPARAMS	"DSA PARAMETERS"
+
+
+typedef struct PEM_Encode_Seal_st
+	{
+	EVP_ENCODE_CTX encode;
+	EVP_MD_CTX md;
+	EVP_CIPHER_CTX cipher;
+	} PEM_ENCODE_SEAL_CTX;
+
+/* enc_type is one off */
+#define PEM_TYPE_ENCRYPTED      10
+#define PEM_TYPE_MIC_ONLY       20
+#define PEM_TYPE_MIC_CLEAR      30
+#define PEM_TYPE_CLEAR		40
+
+typedef struct pem_recip_st
+	{
+	char *name;
+	X509_NAME *dn;
+
+	int cipher;
+	int key_enc;
+	char iv[8];
+	} PEM_USER;
+
+typedef struct pem_ctx_st
+	{
+	int type;		/* what type of object */
+
+	struct	{
+		int version;	
+		int mode;		
+		} proc_type;
+
+	char *domain;
+
+	struct	{
+		int cipher;
+		unsigned char iv[8];
+		} DEK_info;
+		
+	PEM_USER *originator;
+
+	int num_recipient;
+	PEM_USER **recipient;
+
+#ifdef HEADER_STACK_H
+	STACK *x509_chain;	/* certificate chain */
+#else
+	char *x509_chain;	/* certificate chain */
+#endif
+	EVP_MD *md;		/* signature type */
+
+	int md_enc;		/* is the md encrypted or not? */
+	int md_len;		/* length of md_data */
+	char *md_data;		/* message digest, could be pkey encrypted */
+
+	EVP_CIPHER *dec;	/* date encryption cipher */
+	int key_len;		/* key length */
+	unsigned char *key;	/* key */
+	unsigned char iv[8];	/* the iv */
+
+	
+	int  data_enc;		/* is the data encrypted */
+	int data_len;
+	unsigned char *data;
+	} PEM_CTX;
+
+/* These macros make the PEM_read/PEM_write functions easier to maintain and
+ * write. Now they are all implemented with either:
+ * IMPLEMENT_PEM_rw(...) or IMPLEMENT_PEM_rw_cb(...)
+ */
+
+#ifdef NO_FP_API
+
+#define IMPLEMENT_PEM_read_fp(name, type, str, asn1) /**/
+#define IMPLEMENT_PEM_write_fp(name, type, str, asn1) /**/
+#define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) /**/
+
+#else
+
+#define IMPLEMENT_PEM_read_fp(name, type, str, asn1) \
+type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u)\
+{ \
+return((type *)PEM_ASN1_read((char *(*)())d2i_##asn1, str,fp,(char **)x,\
+	cb,u)); \
+} \
+
+#define IMPLEMENT_PEM_write_fp(name, type, str, asn1) \
+int PEM_write_##name(FILE *fp, type *x) \
+{ \
+return(PEM_ASN1_write((int (*)())i2d_##asn1,str,fp, (char *)x, \
+							 NULL,NULL,0,NULL,NULL)); \
+} 
+
+#define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) \
+int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \
+	     unsigned char *kstr, int klen, pem_password_cb *cb, \
+		  void *u) \
+	{ \
+	return(PEM_ASN1_write((int (*)())i2d_##asn1,str,fp, \
+		(char *)x,enc,kstr,klen,cb,u)); \
+	}
+
+#endif
+
+#define IMPLEMENT_PEM_read_bio(name, type, str, asn1) \
+type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u)\
+{ \
+return((type *)PEM_ASN1_read_bio((char *(*)())d2i_##asn1, str,bp,\
+							(char **)x,cb,u)); \
+}
+
+#define IMPLEMENT_PEM_write_bio(name, type, str, asn1) \
+int PEM_write_bio_##name(BIO *bp, type *x) \
+{ \
+return(PEM_ASN1_write_bio((int (*)())i2d_##asn1,str,bp, (char *)x, \
+							 NULL,NULL,0,NULL,NULL)); \
+}
+
+#define IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \
+int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
+	     unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \
+	{ \
+	return(PEM_ASN1_write_bio((int (*)())i2d_##asn1,str,bp, \
+		(char *)x,enc,kstr,klen,cb,u)); \
+	}
+
+#define IMPLEMENT_PEM_write(name, type, str, asn1) \
+	IMPLEMENT_PEM_write_bio(name, type, str, asn1) \
+	IMPLEMENT_PEM_write_fp(name, type, str, asn1) 
+
+#define IMPLEMENT_PEM_write_cb(name, type, str, asn1) \
+	IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \
+	IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) 
+
+#define IMPLEMENT_PEM_read(name, type, str, asn1) \
+	IMPLEMENT_PEM_read_bio(name, type, str, asn1) \
+	IMPLEMENT_PEM_read_fp(name, type, str, asn1) 
+
+#define IMPLEMENT_PEM_rw(name, type, str, asn1) \
+	IMPLEMENT_PEM_read(name, type, str, asn1) \
+	IMPLEMENT_PEM_write(name, type, str, asn1)
+
+#define IMPLEMENT_PEM_rw_cb(name, type, str, asn1) \
+	IMPLEMENT_PEM_read(name, type, str, asn1) \
+	IMPLEMENT_PEM_write_cb(name, type, str, asn1)
+
+/* These are the same except they are for the declarations */
+
+#if defined(WIN16) || defined(NO_FP_API)
+
+#define DECLARE_PEM_read_fp(name, type) /**/
+#define DECLARE_PEM_write_fp(name, type) /**/
+#define DECLARE_PEM_write_cb_fp(name, type) /**/
+
+#else
+
+#define DECLARE_PEM_read_fp(name, type) \
+	type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u);
+
+#define DECLARE_PEM_write_fp(name, type) \
+	int PEM_write_##name(FILE *fp, type *x);
+
+#define DECLARE_PEM_write_cb_fp(name, type) \
+	int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \
+	     unsigned char *kstr, int klen, pem_password_cb *cb, void *u);
+
+#endif
+
+#ifdef HEADER_BIO_H
+#define DECLARE_PEM_read_bio(name, type) \
+	type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u);
+
+#define DECLARE_PEM_write_bio(name, type) \
+	int PEM_write_bio_##name(BIO *bp, type *x);
+
+#define DECLARE_PEM_write_cb_bio(name, type) \
+	int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
+	     unsigned char *kstr, int klen, pem_password_cb *cb, void *u);
+
+#else
+
+#define DECLARE_PEM_read_bio(name, type) /**/
+#define DECLARE_PEM_write_bio(name, type) /**/
+#define DECLARE_PEM_write_cb_bio(name, type) /**/
+
+#endif
+
+#define DECLARE_PEM_write(name, type) \
+	DECLARE_PEM_write_bio(name, type) \
+	DECLARE_PEM_write_fp(name, type) 
+
+#define DECLARE_PEM_write_cb(name, type) \
+	DECLARE_PEM_write_cb_bio(name, type) \
+	DECLARE_PEM_write_cb_fp(name, type) 
+
+#define DECLARE_PEM_read(name, type) \
+	DECLARE_PEM_read_bio(name, type) \
+	DECLARE_PEM_read_fp(name, type)
+
+#define DECLARE_PEM_rw(name, type) \
+	DECLARE_PEM_read(name, type) \
+	DECLARE_PEM_write(name, type)
+
+#define DECLARE_PEM_rw_cb(name, type) \
+	DECLARE_PEM_read(name, type) \
+	DECLARE_PEM_write_cb(name, type)
+
+#ifdef SSLEAY_MACROS
+
+#define PEM_write_SSL_SESSION(fp,x) \
+		PEM_ASN1_write((int (*)())i2d_SSL_SESSION, \
+			PEM_STRING_SSL_SESSION,fp, (char *)x, NULL,NULL,0,NULL,NULL)
+#define PEM_write_X509(fp,x) \
+		PEM_ASN1_write((int (*)())i2d_X509,PEM_STRING_X509,fp, \
+			(char *)x, NULL,NULL,0,NULL,NULL)
+#define PEM_write_X509_REQ(fp,x) PEM_ASN1_write( \
+		(int (*)())i2d_X509_REQ,PEM_STRING_X509_REQ,fp,(char *)x, \
+			NULL,NULL,0,NULL,NULL)
+#define PEM_write_X509_CRL(fp,x) \
+		PEM_ASN1_write((int (*)())i2d_X509_CRL,PEM_STRING_X509_CRL, \
+			fp,(char *)x, NULL,NULL,0,NULL,NULL)
+#define	PEM_write_RSAPrivateKey(fp,x,enc,kstr,klen,cb,u) \
+		PEM_ASN1_write((int (*)())i2d_RSAPrivateKey,PEM_STRING_RSA,fp,\
+			(char *)x,enc,kstr,klen,cb,u)
+#define	PEM_write_RSAPublicKey(fp,x) \
+		PEM_ASN1_write((int (*)())i2d_RSAPublicKey,\
+			PEM_STRING_RSA_PUBLIC,fp,(char *)x,NULL,NULL,0,NULL,NULL)
+#define	PEM_write_DSAPrivateKey(fp,x,enc,kstr,klen,cb,u) \
+		PEM_ASN1_write((int (*)())i2d_DSAPrivateKey,PEM_STRING_DSA,fp,\
+			(char *)x,enc,kstr,klen,cb,u)
+#define	PEM_write_PrivateKey(bp,x,enc,kstr,klen,cb,u) \
+		PEM_ASN1_write((int (*)())i2d_PrivateKey,\
+		(((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),\
+			bp,(char *)x,enc,kstr,klen,cb,u)
+#define PEM_write_PKCS7(fp,x) \
+		PEM_ASN1_write((int (*)())i2d_PKCS7,PEM_STRING_PKCS7,fp, \
+			(char *)x, NULL,NULL,0,NULL,NULL)
+#define PEM_write_DHparams(fp,x) \
+		PEM_ASN1_write((int (*)())i2d_DHparams,PEM_STRING_DHPARAMS,fp,\
+			(char *)x,NULL,NULL,0,NULL,NULL)
+
+#define PEM_write_NETSCAPE_CERT_SEQUENCE(fp,x) \
+                PEM_ASN1_write((int (*)())i2d_NETSCAPE_CERT_SEQUENCE, \
+			PEM_STRING_X509,fp, \
+                        (char *)x, NULL,NULL,0,NULL,NULL)
+
+#define	PEM_read_SSL_SESSION(fp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read( \
+	(char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,fp,(char **)x,cb,u)
+#define	PEM_read_X509(fp,x,cb,u) (X509 *)PEM_ASN1_read( \
+	(char *(*)())d2i_X509,PEM_STRING_X509,fp,(char **)x,cb,u)
+#define	PEM_read_X509_REQ(fp,x,cb,u) (X509_REQ *)PEM_ASN1_read( \
+	(char *(*)())d2i_X509_REQ,PEM_STRING_X509_REQ,fp,(char **)x,cb,u)
+#define	PEM_read_X509_CRL(fp,x,cb,u) (X509_CRL *)PEM_ASN1_read( \
+	(char *(*)())d2i_X509_CRL,PEM_STRING_X509_CRL,fp,(char **)x,cb,u)
+#define	PEM_read_RSAPrivateKey(fp,x,cb,u) (RSA *)PEM_ASN1_read( \
+	(char *(*)())d2i_RSAPrivateKey,PEM_STRING_RSA,fp,(char **)x,cb,u)
+#define	PEM_read_RSAPublicKey(fp,x,cb,u) (RSA *)PEM_ASN1_read( \
+	(char *(*)())d2i_RSAPublicKey,PEM_STRING_RSA_PUBLIC,fp,(char **)x,cb,u)
+#define	PEM_read_DSAPrivateKey(fp,x,cb,u) (DSA *)PEM_ASN1_read( \
+	(char *(*)())d2i_DSAPrivateKey,PEM_STRING_DSA,fp,(char **)x,cb,u)
+#define	PEM_read_PrivateKey(fp,x,cb,u) (EVP_PKEY *)PEM_ASN1_read( \
+	(char *(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,fp,(char **)x,cb,u)
+#define	PEM_read_PKCS7(fp,x,cb,u) (PKCS7 *)PEM_ASN1_read( \
+	(char *(*)())d2i_PKCS7,PEM_STRING_PKCS7,fp,(char **)x,cb,u)
+#define	PEM_read_DHparams(fp,x,cb,u) (DH *)PEM_ASN1_read( \
+	(char *(*)())d2i_DHparams,PEM_STRING_DHPARAMS,fp,(char **)x,cb,u)
+
+#define PEM_read_NETSCAPE_CERT_SEQUENCE(fp,x,cb,u) \
+		(NETSCAPE_CERT_SEQUENCE *)PEM_ASN1_read( \
+        (char *(*)())d2i_NETSCAPE_CERT_SEQUENCE,PEM_STRING_X509,fp,\
+							(char **)x,cb,u)
+
+#define PEM_write_bio_SSL_SESSION(bp,x) \
+		PEM_ASN1_write_bio((int (*)())i2d_SSL_SESSION, \
+			PEM_STRING_SSL_SESSION,bp, (char *)x, NULL,NULL,0,NULL,NULL)
+#define PEM_write_bio_X509(bp,x) \
+		PEM_ASN1_write_bio((int (*)())i2d_X509,PEM_STRING_X509,bp, \
+			(char *)x, NULL,NULL,0,NULL,NULL)
+#define PEM_write_bio_X509_REQ(bp,x) PEM_ASN1_write_bio( \
+		(int (*)())i2d_X509_REQ,PEM_STRING_X509_REQ,bp,(char *)x, \
+			NULL,NULL,0,NULL,NULL)
+#define PEM_write_bio_X509_CRL(bp,x) \
+		PEM_ASN1_write_bio((int (*)())i2d_X509_CRL,PEM_STRING_X509_CRL,\
+			bp,(char *)x, NULL,NULL,0,NULL,NULL)
+#define	PEM_write_bio_RSAPrivateKey(bp,x,enc,kstr,klen,cb,u) \
+		PEM_ASN1_write_bio((int (*)())i2d_RSAPrivateKey,PEM_STRING_RSA,\
+			bp,(char *)x,enc,kstr,klen,cb,u)
+#define	PEM_write_bio_RSAPublicKey(bp,x) \
+		PEM_ASN1_write_bio((int (*)())i2d_RSAPublicKey, \
+			PEM_STRING_RSA_PUBLIC,\
+			bp,(char *)x,NULL,NULL,0,NULL,NULL)
+#define	PEM_write_bio_DSAPrivateKey(bp,x,enc,kstr,klen,cb,u) \
+		PEM_ASN1_write_bio((int (*)())i2d_DSAPrivateKey,PEM_STRING_DSA,\
+			bp,(char *)x,enc,kstr,klen,cb,u)
+#define	PEM_write_bio_PrivateKey(bp,x,enc,kstr,klen,cb,u) \
+		PEM_ASN1_write_bio((int (*)())i2d_PrivateKey,\
+		(((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),\
+			bp,(char *)x,enc,kstr,klen,cb,u)
+#define PEM_write_bio_PKCS7(bp,x) \
+		PEM_ASN1_write_bio((int (*)())i2d_PKCS7,PEM_STRING_PKCS7,bp, \
+			(char *)x, NULL,NULL,0,NULL,NULL)
+#define PEM_write_bio_DHparams(bp,x) \
+		PEM_ASN1_write_bio((int (*)())i2d_DHparams,PEM_STRING_DHPARAMS,\
+			bp,(char *)x,NULL,NULL,0,NULL,NULL)
+#define PEM_write_bio_DSAparams(bp,x) \
+		PEM_ASN1_write_bio((int (*)())i2d_DSAparams, \
+			PEM_STRING_DSAPARAMS,bp,(char *)x,NULL,NULL,0,NULL,NULL)
+
+#define PEM_write_bio_NETSCAPE_CERT_SEQUENCE(bp,x) \
+                PEM_ASN1_write_bio((int (*)())i2d_NETSCAPE_CERT_SEQUENCE, \
+			PEM_STRING_X509,bp, \
+                        (char *)x, NULL,NULL,0,NULL,NULL)
+
+#define	PEM_read_bio_SSL_SESSION(bp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read_bio( \
+	(char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,(char **)x,cb,u)
+#define	PEM_read_bio_X509(bp,x,cb,u) (X509 *)PEM_ASN1_read_bio( \
+	(char *(*)())d2i_X509,PEM_STRING_X509,bp,(char **)x,cb,u)
+#define	PEM_read_bio_X509_REQ(bp,x,cb,u) (X509_REQ *)PEM_ASN1_read_bio( \
+	(char *(*)())d2i_X509_REQ,PEM_STRING_X509_REQ,bp,(char **)x,cb,u)
+#define	PEM_read_bio_X509_CRL(bp,x,cb,u) (X509_CRL *)PEM_ASN1_read_bio( \
+	(char *(*)())d2i_X509_CRL,PEM_STRING_X509_CRL,bp,(char **)x,cb,u)
+#define	PEM_read_bio_RSAPrivateKey(bp,x,cb,u) (RSA *)PEM_ASN1_read_bio( \
+	(char *(*)())d2i_RSAPrivateKey,PEM_STRING_RSA,bp,(char **)x,cb,u)
+#define	PEM_read_bio_RSAPublicKey(bp,x,cb,u) (RSA *)PEM_ASN1_read_bio( \
+	(char *(*)())d2i_RSAPublicKey,PEM_STRING_RSA_PUBLIC,bp,(char **)x,cb,u)
+#define	PEM_read_bio_DSAPrivateKey(bp,x,cb,u) (DSA *)PEM_ASN1_read_bio( \
+	(char *(*)())d2i_DSAPrivateKey,PEM_STRING_DSA,bp,(char **)x,cb,u)
+#define	PEM_read_bio_PrivateKey(bp,x,cb,u) (EVP_PKEY *)PEM_ASN1_read_bio( \
+	(char *(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,bp,(char **)x,cb,u)
+
+#define	PEM_read_bio_PKCS7(bp,x,cb,u) (PKCS7 *)PEM_ASN1_read_bio( \
+	(char *(*)())d2i_PKCS7,PEM_STRING_PKCS7,bp,(char **)x,cb,u)
+#define	PEM_read_bio_DHparams(bp,x,cb,u) (DH *)PEM_ASN1_read_bio( \
+	(char *(*)())d2i_DHparams,PEM_STRING_DHPARAMS,bp,(char **)x,cb,u)
+#define	PEM_read_bio_DSAparams(bp,x,cb,u) (DSA *)PEM_ASN1_read_bio( \
+	(char *(*)())d2i_DSAparams,PEM_STRING_DSAPARAMS,bp,(char **)x,cb,u)
+
+#define PEM_read_bio_NETSCAPE_CERT_SEQUENCE(bp,x,cb,u) \
+		(NETSCAPE_CERT_SEQUENCE *)PEM_ASN1_read_bio( \
+        (char *(*)())d2i_NETSCAPE_CERT_SEQUENCE,PEM_STRING_X509,bp,\
+							(char **)x,cb,u)
+
+#endif
+
+#if 1
+/* "userdata": new with OpenSSL 0.9.4 */
+typedef int pem_password_cb(char *buf, int size, int rwflag, void *userdata);
+#else
+/* OpenSSL 0.9.3, 0.9.3a */
+typedef int pem_password_cb(char *buf, int size, int rwflag);
+#endif
+
+int	PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher);
+int	PEM_do_header (EVP_CIPHER_INFO *cipher, unsigned char *data,long *len,
+	pem_password_cb *callback,void *u);
+
+#ifdef HEADER_BIO_H
+int	PEM_read_bio(BIO *bp, char **name, char **header,
+		unsigned char **data,long *len);
+int	PEM_write_bio(BIO *bp,const char *name,char *hdr,unsigned char *data,
+		long len);
+char *	PEM_ASN1_read_bio(char *(*d2i)(),const char *name,BIO *bp,char **x,
+		pem_password_cb *cb, void *u);
+int	PEM_ASN1_write_bio(int (*i2d)(),const char *name,BIO *bp,char *x,
+			   const EVP_CIPHER *enc,unsigned char *kstr,int klen,
+			   pem_password_cb *cb, void *u);
+STACK_OF(X509_INFO) *	PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u);
+int	PEM_X509_INFO_write_bio(BIO *bp,X509_INFO *xi, EVP_CIPHER *enc,
+		unsigned char *kstr, int klen, pem_password_cb *cd, void *u);
+#endif
+
+#ifndef WIN16
+int	PEM_read(FILE *fp, char **name, char **header,
+		unsigned char **data,long *len);
+int	PEM_write(FILE *fp,char *name,char *hdr,unsigned char *data,long len);
+char *	PEM_ASN1_read(char *(*d2i)(),const char *name,FILE *fp,char **x,
+	pem_password_cb *cb, void *u);
+int	PEM_ASN1_write(int (*i2d)(),const char *name,FILE *fp,char *x,
+		       const EVP_CIPHER *enc,unsigned char *kstr,int klen,
+		       pem_password_cb *callback, void *u);
+STACK_OF(X509_INFO) *	PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk,
+	pem_password_cb *cb, void *u);
+#endif
+
+int	PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type,
+		EVP_MD *md_type, unsigned char **ek, int *ekl,
+		unsigned char *iv, EVP_PKEY **pubk, int npubk);
+void	PEM_SealUpdate(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *out, int *outl,
+		unsigned char *in, int inl);
+int	PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig,int *sigl,
+		unsigned char *out, int *outl, EVP_PKEY *priv);
+
+void    PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type);
+void    PEM_SignUpdate(EVP_MD_CTX *ctx,unsigned char *d,unsigned int cnt);
+int	PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
+		unsigned int *siglen, EVP_PKEY *pkey);
+
+void	ERR_load_PEM_strings(void);
+
+void	PEM_proc_type(char *buf, int type);
+void	PEM_dek_info(char *buf, const char *type, int len, char *str);
+
+#ifndef SSLEAY_MACROS
+
+#ifdef VMS
+#include 
+#endif
+
+DECLARE_PEM_rw(X509, X509)
+
+DECLARE_PEM_rw(X509_REQ, X509_REQ)
+
+DECLARE_PEM_rw(X509_CRL, X509_CRL)
+
+DECLARE_PEM_rw(PKCS7, PKCS7)
+
+DECLARE_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE)
+
+DECLARE_PEM_rw(PKCS8, X509_SIG)
+
+DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO)
+
+#ifndef NO_RSA
+
+DECLARE_PEM_rw_cb(RSAPrivateKey, RSA)
+
+DECLARE_PEM_rw(RSAPublicKey, RSA)
+
+#endif
+
+#ifndef NO_DSA
+
+DECLARE_PEM_rw_cb(DSAPrivateKey, DSA)
+
+DECLARE_PEM_rw(DSAparams, DSA)
+
+#endif
+
+#ifndef NO_DH
+
+DECLARE_PEM_rw(DHparams, DH)
+
+#endif
+
+DECLARE_PEM_rw_cb(PrivateKey, EVP_PKEY)
+
+int PEM_write_bio_PKCS8PrivateKey(BIO *, EVP_PKEY *, const EVP_CIPHER *,
+                                  char *, int, pem_password_cb *, void *);
+int PEM_write_PKCS8PrivateKey(FILE *fp,EVP_PKEY *x,const EVP_CIPHER *enc,
+			      char *kstr,int klen, pem_password_cb *cd, void *u);
+#endif /* SSLEAY_MACROS */
+
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+
+/* Error codes for the PEM functions. */
+
+/* Function codes. */
+#define PEM_F_DEF_CALLBACK				 100
+#define PEM_F_LOAD_IV					 101
+#define PEM_F_PEM_ASN1_READ				 102
+#define PEM_F_PEM_ASN1_READ_BIO				 103
+#define PEM_F_PEM_ASN1_WRITE				 104
+#define PEM_F_PEM_ASN1_WRITE_BIO			 105
+#define PEM_F_PEM_DO_HEADER				 106
+#define PEM_F_PEM_F_PEM_WRITE_PKCS8PRIVATEKEY		 118
+#define PEM_F_PEM_GET_EVP_CIPHER_INFO			 107
+#define PEM_F_PEM_READ					 108
+#define PEM_F_PEM_READ_BIO				 109
+#define PEM_F_PEM_SEALFINAL				 110
+#define PEM_F_PEM_SEALINIT				 111
+#define PEM_F_PEM_SIGNFINAL				 112
+#define PEM_F_PEM_WRITE					 113
+#define PEM_F_PEM_WRITE_BIO				 114
+#define PEM_F_PEM_WRITE_BIO_PKCS8PRIVATEKEY		 119
+#define PEM_F_PEM_X509_INFO_READ			 115
+#define PEM_F_PEM_X509_INFO_READ_BIO			 116
+#define PEM_F_PEM_X509_INFO_WRITE_BIO			 117
+
+/* Reason codes. */
+#define PEM_R_BAD_BASE64_DECODE				 100
+#define PEM_R_BAD_DECRYPT				 101
+#define PEM_R_BAD_END_LINE				 102
+#define PEM_R_BAD_IV_CHARS				 103
+#define PEM_R_BAD_PASSWORD_READ				 104
+#define PEM_R_ERROR_CONVERTING_PRIVATE_KEY		 115
+#define PEM_R_NOT_DEK_INFO				 105
+#define PEM_R_NOT_ENCRYPTED				 106
+#define PEM_R_NOT_PROC_TYPE				 107
+#define PEM_R_NO_START_LINE				 108
+#define PEM_R_PROBLEMS_GETTING_PASSWORD			 109
+#define PEM_R_PUBLIC_KEY_NO_RSA				 110
+#define PEM_R_READ_KEY					 111
+#define PEM_R_SHORT_HEADER				 112
+#define PEM_R_UNSUPPORTED_CIPHER			 113
+#define PEM_R_UNSUPPORTED_ENCRYPTION			 114
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
+
diff --git a/crypto/openssl/crypto/pem/pem2.h b/crypto/openssl/crypto/pem/pem2.h
new file mode 100644
index 000000000000..4a016aacd2a3
--- /dev/null
+++ b/crypto/openssl/crypto/pem/pem2.h
@@ -0,0 +1,60 @@
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/*
+ * This header only exists to break a circular dependency between pem and err
+ * Ben 30 Jan 1999.
+ */
+
+void ERR_load_PEM_strings(void);
diff --git a/crypto/openssl/crypto/pem/pem_all.c b/crypto/openssl/crypto/pem/pem_all.c
new file mode 100644
index 000000000000..bc473f3cff4a
--- /dev/null
+++ b/crypto/openssl/crypto/pem/pem_all.c
@@ -0,0 +1,113 @@
+/* crypto/pem/pem_all.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#undef SSLEAY_MACROS
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+#include 
+#include 
+
+IMPLEMENT_PEM_rw(X509, X509, PEM_STRING_X509, X509)
+
+IMPLEMENT_PEM_rw(X509_REQ, X509_REQ, PEM_STRING_X509_REQ, X509_REQ)
+
+IMPLEMENT_PEM_rw(X509_CRL, X509_CRL, PEM_STRING_X509_CRL, X509_CRL)
+
+IMPLEMENT_PEM_rw(PKCS7, PKCS7, PEM_STRING_PKCS7, PKCS7)
+
+IMPLEMENT_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE,
+					PEM_STRING_X509, NETSCAPE_CERT_SEQUENCE)
+
+IMPLEMENT_PEM_rw(PKCS8, X509_SIG, PEM_STRING_PKCS8, X509_SIG)
+IMPLEMENT_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO, PEM_STRING_PKCS8INF,
+							 PKCS8_PRIV_KEY_INFO)
+
+#ifndef NO_RSA
+
+IMPLEMENT_PEM_rw_cb(RSAPrivateKey, RSA, PEM_STRING_RSA, RSAPrivateKey)
+
+IMPLEMENT_PEM_rw(RSAPublicKey, RSA, PEM_STRING_RSA_PUBLIC, RSAPublicKey)
+
+#endif
+
+#ifndef NO_DSA
+
+IMPLEMENT_PEM_rw_cb(DSAPrivateKey, DSA, PEM_STRING_DSA, DSAPrivateKey)
+
+IMPLEMENT_PEM_rw(DSAparams, DSA, PEM_STRING_DSAPARAMS, DSAparams)
+
+#endif
+
+#ifndef NO_DH
+
+IMPLEMENT_PEM_rw(DHparams, DH, PEM_STRING_DHPARAMS, DHparams)
+
+#endif
+
+
+/* The PrivateKey case is not that straightforward.
+ *   IMPLEMENT_PEM_rw_cb(PrivateKey, EVP_PKEY, PEM_STRING_EVP_PKEY, PrivateKey)
+ * does not work, RSA and DSA keys have specific strings.
+ * (When reading, parameter PEM_STRING_EVP_PKEY is a wildcard for anything
+ * appropriate.)
+ */
+IMPLEMENT_PEM_read(PrivateKey, EVP_PKEY, PEM_STRING_EVP_PKEY, PrivateKey)
+IMPLEMENT_PEM_write_cb(PrivateKey, EVP_PKEY, ((x->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA), PrivateKey)
diff --git a/crypto/openssl/crypto/pem/pem_err.c b/crypto/openssl/crypto/pem/pem_err.c
new file mode 100644
index 000000000000..fa70f6099860
--- /dev/null
+++ b/crypto/openssl/crypto/pem/pem_err.c
@@ -0,0 +1,127 @@
+/* crypto/pem/pem_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file.
+ */
+
+#include 
+#include 
+#include 
+
+/* BEGIN ERROR CODES */
+#ifndef NO_ERR
+static ERR_STRING_DATA PEM_str_functs[]=
+	{
+{ERR_PACK(0,PEM_F_DEF_CALLBACK,0),	"DEF_CALLBACK"},
+{ERR_PACK(0,PEM_F_LOAD_IV,0),	"LOAD_IV"},
+{ERR_PACK(0,PEM_F_PEM_ASN1_READ,0),	"PEM_ASN1_read"},
+{ERR_PACK(0,PEM_F_PEM_ASN1_READ_BIO,0),	"PEM_ASN1_read_bio"},
+{ERR_PACK(0,PEM_F_PEM_ASN1_WRITE,0),	"PEM_ASN1_write"},
+{ERR_PACK(0,PEM_F_PEM_ASN1_WRITE_BIO,0),	"PEM_ASN1_write_bio"},
+{ERR_PACK(0,PEM_F_PEM_DO_HEADER,0),	"PEM_do_header"},
+{ERR_PACK(0,PEM_F_PEM_F_PEM_WRITE_PKCS8PRIVATEKEY,0),	"PEM_F_PEM_WRITE_PKCS8PRIVATEKEY"},
+{ERR_PACK(0,PEM_F_PEM_GET_EVP_CIPHER_INFO,0),	"PEM_get_EVP_CIPHER_INFO"},
+{ERR_PACK(0,PEM_F_PEM_READ,0),	"PEM_read"},
+{ERR_PACK(0,PEM_F_PEM_READ_BIO,0),	"PEM_read_bio"},
+{ERR_PACK(0,PEM_F_PEM_SEALFINAL,0),	"PEM_SealFinal"},
+{ERR_PACK(0,PEM_F_PEM_SEALINIT,0),	"PEM_SealInit"},
+{ERR_PACK(0,PEM_F_PEM_SIGNFINAL,0),	"PEM_SignFinal"},
+{ERR_PACK(0,PEM_F_PEM_WRITE,0),	"PEM_write"},
+{ERR_PACK(0,PEM_F_PEM_WRITE_BIO,0),	"PEM_write_bio"},
+{ERR_PACK(0,PEM_F_PEM_WRITE_BIO_PKCS8PRIVATEKEY,0),	"PEM_write_bio_PKCS8PrivateKey"},
+{ERR_PACK(0,PEM_F_PEM_X509_INFO_READ,0),	"PEM_X509_INFO_read"},
+{ERR_PACK(0,PEM_F_PEM_X509_INFO_READ_BIO,0),	"PEM_X509_INFO_read_bio"},
+{ERR_PACK(0,PEM_F_PEM_X509_INFO_WRITE_BIO,0),	"PEM_X509_INFO_write_bio"},
+{0,NULL}
+	};
+
+static ERR_STRING_DATA PEM_str_reasons[]=
+	{
+{PEM_R_BAD_BASE64_DECODE                 ,"bad base64 decode"},
+{PEM_R_BAD_DECRYPT                       ,"bad decrypt"},
+{PEM_R_BAD_END_LINE                      ,"bad end line"},
+{PEM_R_BAD_IV_CHARS                      ,"bad iv chars"},
+{PEM_R_BAD_PASSWORD_READ                 ,"bad password read"},
+{PEM_R_ERROR_CONVERTING_PRIVATE_KEY      ,"error converting private key"},
+{PEM_R_NOT_DEK_INFO                      ,"not dek info"},
+{PEM_R_NOT_ENCRYPTED                     ,"not encrypted"},
+{PEM_R_NOT_PROC_TYPE                     ,"not proc type"},
+{PEM_R_NO_START_LINE                     ,"no start line"},
+{PEM_R_PROBLEMS_GETTING_PASSWORD         ,"problems getting password"},
+{PEM_R_PUBLIC_KEY_NO_RSA                 ,"public key no rsa"},
+{PEM_R_READ_KEY                          ,"read key"},
+{PEM_R_SHORT_HEADER                      ,"short header"},
+{PEM_R_UNSUPPORTED_CIPHER                ,"unsupported cipher"},
+{PEM_R_UNSUPPORTED_ENCRYPTION            ,"unsupported encryption"},
+{0,NULL}
+	};
+
+#endif
+
+void ERR_load_PEM_strings(void)
+	{
+	static int init=1;
+
+	if (init)
+		{
+		init=0;
+#ifndef NO_ERR
+		ERR_load_strings(ERR_LIB_PEM,PEM_str_functs);
+		ERR_load_strings(ERR_LIB_PEM,PEM_str_reasons);
+#endif
+
+		}
+	}
diff --git a/crypto/openssl/crypto/pem/pem_info.c b/crypto/openssl/crypto/pem/pem_info.c
new file mode 100644
index 000000000000..fec18a4c2ed6
--- /dev/null
+++ b/crypto/openssl/crypto/pem/pem_info.c
@@ -0,0 +1,353 @@
+/* crypto/pem/pem_info.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#ifndef NO_FP_API
+STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u)
+	{
+        BIO *b;
+        STACK_OF(X509_INFO) *ret;
+
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+		{
+		PEMerr(PEM_F_PEM_X509_INFO_READ,ERR_R_BUF_LIB);
+                return(0);
+		}
+        BIO_set_fp(b,fp,BIO_NOCLOSE);
+        ret=PEM_X509_INFO_read_bio(b,sk,cb,u);
+        BIO_free(b);
+        return(ret);
+	}
+#endif
+
+STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u)
+	{
+	X509_INFO *xi=NULL;
+	char *name=NULL,*header=NULL,**pp;
+	unsigned char *data=NULL,*p;
+	long len,error=0;
+	int ok=0;
+	STACK_OF(X509_INFO) *ret=NULL;
+	unsigned int i,raw;
+	char *(*d2i)();
+
+	if (sk == NULL)
+		{
+		if ((ret=sk_X509_INFO_new_null()) == NULL)
+			{
+			PEMerr(PEM_F_PEM_X509_INFO_READ_BIO,ERR_R_MALLOC_FAILURE);
+			goto err;
+			}
+		}
+	else
+		ret=sk;
+
+	if ((xi=X509_INFO_new()) == NULL) goto err;
+	for (;;)
+		{
+		raw=0;
+		i=PEM_read_bio(bp,&name,&header,&data,&len);
+		if (i == 0)
+			{
+			error=ERR_GET_REASON(ERR_peek_error());
+			if (error == PEM_R_NO_START_LINE)
+				{
+				ERR_clear_error();
+				break;
+				}
+			goto err;
+			}
+start:
+		if (	(strcmp(name,PEM_STRING_X509) == 0) ||
+			(strcmp(name,PEM_STRING_X509_OLD) == 0))
+			{
+			d2i=(char *(*)())d2i_X509;
+			if (xi->x509 != NULL)
+				{
+				if (!sk_X509_INFO_push(ret,xi)) goto err;
+				if ((xi=X509_INFO_new()) == NULL) goto err;
+				goto start;
+				}
+			pp=(char **)&(xi->x509);
+			}
+		else if (strcmp(name,PEM_STRING_X509_CRL) == 0)
+			{
+			d2i=(char *(*)())d2i_X509_CRL;
+			if (xi->crl != NULL)
+				{
+				if (!sk_X509_INFO_push(ret,xi)) goto err;
+				if ((xi=X509_INFO_new()) == NULL) goto err;
+				goto start;
+				}
+			pp=(char **)&(xi->crl);
+			}
+		else
+#ifndef NO_RSA
+			if (strcmp(name,PEM_STRING_RSA) == 0)
+			{
+			d2i=(char *(*)())d2i_RSAPrivateKey;
+			if (xi->x_pkey != NULL) 
+				{
+				if (!sk_X509_INFO_push(ret,xi)) goto err;
+				if ((xi=X509_INFO_new()) == NULL) goto err;
+				goto start;
+				}
+
+			xi->enc_data=NULL;
+			xi->enc_len=0;
+
+			xi->x_pkey=X509_PKEY_new();
+			if ((xi->x_pkey->dec_pkey=EVP_PKEY_new()) == NULL)
+				goto err;
+			xi->x_pkey->dec_pkey->type=EVP_PKEY_RSA;
+			pp=(char **)&(xi->x_pkey->dec_pkey->pkey.rsa);
+			if ((int)strlen(header) > 10) /* assume encrypted */
+				raw=1;
+			}
+		else
+#endif
+#ifndef NO_DSA
+			if (strcmp(name,PEM_STRING_DSA) == 0)
+			{
+			d2i=(char *(*)())d2i_DSAPrivateKey;
+			if (xi->x_pkey != NULL) 
+				{
+				if (!sk_X509_INFO_push(ret,xi)) goto err;
+				if ((xi=X509_INFO_new()) == NULL) goto err;
+				goto start;
+				}
+
+			xi->enc_data=NULL;
+			xi->enc_len=0;
+
+			xi->x_pkey=X509_PKEY_new();
+			if ((xi->x_pkey->dec_pkey=EVP_PKEY_new()) == NULL)
+				goto err;
+			xi->x_pkey->dec_pkey->type=EVP_PKEY_DSA;
+			pp=(char **)&(xi->x_pkey->dec_pkey->pkey.dsa);
+			if ((int)strlen(header) > 10) /* assume encrypted */
+				raw=1;
+			}
+		else
+#endif
+			{
+			d2i=NULL;
+			pp=NULL;
+			}
+
+		if (d2i != NULL)
+			{
+			if (!raw)
+				{
+				EVP_CIPHER_INFO cipher;
+
+				if (!PEM_get_EVP_CIPHER_INFO(header,&cipher))
+					goto err;
+				if (!PEM_do_header(&cipher,data,&len,cb,u))
+					goto err;
+				p=data;
+				if (d2i(pp,&p,len) == NULL)
+					{
+					PEMerr(PEM_F_PEM_X509_INFO_READ_BIO,ERR_R_ASN1_LIB);
+					goto err;
+					}
+				}
+			else
+				{ /* encrypted RSA data */
+				if (!PEM_get_EVP_CIPHER_INFO(header,
+					&xi->enc_cipher)) goto err;
+				xi->enc_data=(char *)data;
+				xi->enc_len=(int)len;
+				data=NULL;
+				}
+			}
+		else	{
+			/* unknown */
+			}
+		if (name != NULL) Free(name);
+		if (header != NULL) Free(header);
+		if (data != NULL) Free(data);
+		name=NULL;
+		header=NULL;
+		data=NULL;
+		}
+
+	/* if the last one hasn't been pushed yet and there is anything
+	 * in it then add it to the stack ... 
+	 */
+	if ((xi->x509 != NULL) || (xi->crl != NULL) ||
+		(xi->x_pkey != NULL) || (xi->enc_data != NULL))
+		{
+		if (!sk_X509_INFO_push(ret,xi)) goto err;
+		xi=NULL;
+		}
+	ok=1;
+err:
+	if (xi != NULL) X509_INFO_free(xi);
+	if (!ok)
+		{
+		for (i=0; ((int)i)x_pkey!=NULL)
+		{
+		if ( (xi->enc_data!=NULL) && (xi->enc_len>0) )
+			{
+			/* copy from wierdo names into more normal things */
+			iv=xi->enc_cipher.iv;
+			data=(unsigned char *)xi->enc_data;
+			i=xi->enc_len;
+
+			/* we take the encryption data from the
+			 * internal stuff rather than what the
+			 * user has passed us ... as we have to 
+			 * match exactly for some strange reason
+			 */
+			objstr=OBJ_nid2sn(
+				EVP_CIPHER_nid(xi->enc_cipher.cipher));
+			if (objstr == NULL)
+				{
+				PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO,PEM_R_UNSUPPORTED_CIPHER);
+				goto err;
+				}
+
+			/* create the right magic header stuff */
+			buf[0]='\0';
+			PEM_proc_type(buf,PEM_TYPE_ENCRYPTED);
+			PEM_dek_info(buf,objstr,8,(char *)iv);
+
+			/* use the normal code to write things out */
+			i=PEM_write_bio(bp,PEM_STRING_RSA,buf,data,i);
+			if (i <= 0) goto err;
+			}
+		else
+			{
+			/* Add DSA/DH */
+#ifndef NO_RSA
+			/* normal optionally encrypted stuff */
+			if (PEM_write_bio_RSAPrivateKey(bp,
+				xi->x_pkey->dec_pkey->pkey.rsa,
+				enc,kstr,klen,cb,u)<=0)
+				goto err;
+#endif
+			}
+		}
+
+	/* if we have a certificate then write it out now */
+	if ((xi->x509 != NULL) || (PEM_write_bio_X509(bp,xi->x509) <= 0))
+		goto err;
+
+	/* we are ignoring anything else that is loaded into the X509_INFO
+	 * structure for the moment ... as I don't need it so I'm not
+	 * coding it here and Eric can do it when this makes it into the
+	 * base library --tjh
+	 */
+
+	ret=1;
+
+err:
+	memset((char *)&ctx,0,sizeof(ctx));
+	memset(buf,0,PEM_BUFSIZE);
+	return(ret);
+	}
diff --git a/crypto/openssl/crypto/pem/pem_lib.c b/crypto/openssl/crypto/pem/pem_lib.c
new file mode 100644
index 000000000000..90f02011bad0
--- /dev/null
+++ b/crypto/openssl/crypto/pem/pem_lib.c
@@ -0,0 +1,803 @@
+/* crypto/pem/pem_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#ifndef NO_DES
+#include 
+#endif
+
+const char *PEM_version="PEM" OPENSSL_VERSION_PTEXT;
+
+#define MIN_LENGTH	4
+
+static int def_callback(char *buf, int num, int w, void *userdata);
+static int load_iv(unsigned char **fromp,unsigned char *to, int num);
+
+static int def_callback(char *buf, int num, int w, void *userdata)
+	{
+#ifdef NO_FP_API
+	/* We should not ever call the default callback routine from
+	 * windows. */
+	PEMerr(PEM_F_DEF_CALLBACK,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+	return(-1);
+#else
+	int i,j;
+	const char *prompt;
+
+	prompt=EVP_get_pw_prompt();
+	if (prompt == NULL)
+		prompt="Enter PEM pass phrase:";
+
+	for (;;)
+		{
+		i=EVP_read_pw_string(buf,num,prompt,w);
+		if (i != 0)
+			{
+			PEMerr(PEM_F_DEF_CALLBACK,PEM_R_PROBLEMS_GETTING_PASSWORD);
+			memset(buf,0,(unsigned int)num);
+			return(-1);
+			}
+		j=strlen(buf);
+		if (j < MIN_LENGTH)
+			{
+			fprintf(stderr,"phrase is too short, needs to be at least %d chars\n",MIN_LENGTH);
+			}
+		else
+			break;
+		}
+	return(j);
+#endif
+	}
+
+void PEM_proc_type(char *buf, int type)
+	{
+	const char *str;
+
+	if (type == PEM_TYPE_ENCRYPTED)
+		str="ENCRYPTED";
+	else if (type == PEM_TYPE_MIC_CLEAR)
+		str="MIC-CLEAR";
+	else if (type == PEM_TYPE_MIC_ONLY)
+		str="MIC-ONLY";
+	else
+		str="BAD-TYPE";
+		
+	strcat(buf,"Proc-Type: 4,");
+	strcat(buf,str);
+	strcat(buf,"\n");
+	}
+
+void PEM_dek_info(char *buf, const char *type, int len, char *str)
+	{
+	static unsigned char map[17]="0123456789ABCDEF";
+	long i;
+	int j;
+
+	strcat(buf,"DEK-Info: ");
+	strcat(buf,type);
+	strcat(buf,",");
+	j=strlen(buf);
+	for (i=0; i>4)&0x0f];
+		buf[j+i*2+1]=map[(str[i]   )&0x0f];
+		}
+	buf[j+i*2]='\n';
+	buf[j+i*2+1]='\0';
+	}
+
+#ifndef NO_FP_API
+char *PEM_ASN1_read(char *(*d2i)(), const char *name, FILE *fp, char **x,
+	     pem_password_cb *cb, void *u)
+	{
+        BIO *b;
+        char *ret;
+
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+		{
+		PEMerr(PEM_F_PEM_ASN1_READ,ERR_R_BUF_LIB);
+                return(0);
+		}
+        BIO_set_fp(b,fp,BIO_NOCLOSE);
+        ret=PEM_ASN1_read_bio(d2i,name,b,x,cb,u);
+        BIO_free(b);
+        return(ret);
+	}
+#endif
+
+char *PEM_ASN1_read_bio(char *(*d2i)(), const char *name, BIO *bp, char **x,
+	     pem_password_cb *cb, void *u)
+	{
+	EVP_CIPHER_INFO cipher;
+	char *nm=NULL,*header=NULL;
+	unsigned char *p=NULL,*data=NULL;
+	long len;
+	char *ret=NULL;
+
+	for (;;)
+		{
+		if (!PEM_read_bio(bp,&nm,&header,&data,&len)) return(NULL);
+		if (	(strcmp(nm,name) == 0) ||
+			((strcmp(nm,PEM_STRING_RSA) == 0) &&
+			 (strcmp(name,PEM_STRING_EVP_PKEY) == 0)) ||
+			((strcmp(nm,PEM_STRING_DSA) == 0) &&
+			 (strcmp(name,PEM_STRING_EVP_PKEY) == 0)) ||
+			((strcmp(nm,PEM_STRING_PKCS8) == 0) &&
+			 (strcmp(name,PEM_STRING_EVP_PKEY) == 0)) ||
+			((strcmp(nm,PEM_STRING_PKCS8INF) == 0) &&
+			 (strcmp(name,PEM_STRING_EVP_PKEY) == 0)) ||
+			((strcmp(nm,PEM_STRING_X509_OLD) == 0) &&
+			 (strcmp(name,PEM_STRING_X509) == 0)) ||
+			((strcmp(nm,PEM_STRING_X509_REQ_OLD) == 0) &&
+			 (strcmp(name,PEM_STRING_X509_REQ) == 0)) 
+			)
+			break;
+		Free(nm);
+		Free(header);
+		Free(data);
+		}
+	if (!PEM_get_EVP_CIPHER_INFO(header,&cipher)) goto err;
+	if (!PEM_do_header(&cipher,data,&len,cb,u)) goto err;
+	p=data;
+	if (strcmp(name,PEM_STRING_EVP_PKEY) == 0) {
+		if (strcmp(nm,PEM_STRING_RSA) == 0)
+			ret=d2i(EVP_PKEY_RSA,x,&p,len);
+		else if (strcmp(nm,PEM_STRING_DSA) == 0)
+			ret=d2i(EVP_PKEY_DSA,x,&p,len);
+		else if (strcmp(nm,PEM_STRING_PKCS8INF) == 0) {
+			PKCS8_PRIV_KEY_INFO *p8inf;
+			p8inf=d2i_PKCS8_PRIV_KEY_INFO(
+					(PKCS8_PRIV_KEY_INFO **) x, &p, len);
+			ret = (char *)EVP_PKCS82PKEY(p8inf);
+			PKCS8_PRIV_KEY_INFO_free(p8inf);
+		} else if (strcmp(nm,PEM_STRING_PKCS8) == 0) {
+			PKCS8_PRIV_KEY_INFO *p8inf;
+			X509_SIG *p8;
+			int klen;
+			char psbuf[PEM_BUFSIZE];
+			p8 = d2i_X509_SIG((X509_SIG **)x, &p, len);
+			if(!p8) goto p8err;
+			if (cb) klen=cb(psbuf,PEM_BUFSIZE,0,u);
+			else klen=def_callback(psbuf,PEM_BUFSIZE,0,u);
+			if (klen <= 0) {
+				PEMerr(PEM_F_PEM_ASN1_READ_BIO,
+						PEM_R_BAD_PASSWORD_READ);
+				goto err;
+			}
+			p8inf = M_PKCS8_decrypt(p8, psbuf, klen);
+			X509_SIG_free(p8);
+			if(!p8inf) goto p8err;
+			ret = (char *)EVP_PKCS82PKEY(p8inf);
+			PKCS8_PRIV_KEY_INFO_free(p8inf);
+		}
+	} else	ret=d2i(x,&p,len);
+p8err:
+	if (ret == NULL)
+		PEMerr(PEM_F_PEM_ASN1_READ_BIO,ERR_R_ASN1_LIB);
+err:
+	Free(nm);
+	Free(header);
+	Free(data);
+	return(ret);
+	}
+
+#ifndef NO_FP_API
+int PEM_ASN1_write(int (*i2d)(), const char *name, FILE *fp, char *x,
+	     const EVP_CIPHER *enc, unsigned char *kstr, int klen,
+	     pem_password_cb *callback, void *u)
+        {
+        BIO *b;
+        int ret;
+
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+		{
+		PEMerr(PEM_F_PEM_ASN1_WRITE,ERR_R_BUF_LIB);
+                return(0);
+		}
+        BIO_set_fp(b,fp,BIO_NOCLOSE);
+        ret=PEM_ASN1_write_bio(i2d,name,b,x,enc,kstr,klen,callback,u);
+        BIO_free(b);
+        return(ret);
+        }
+#endif
+
+int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x,
+	     const EVP_CIPHER *enc, unsigned char *kstr, int klen,
+	     pem_password_cb *callback, void *u)
+	{
+	EVP_CIPHER_CTX ctx;
+	int dsize=0,i,j,ret=0;
+	unsigned char *p,*data=NULL;
+	const char *objstr=NULL;
+	char buf[PEM_BUFSIZE];
+	unsigned char key[EVP_MAX_KEY_LENGTH];
+	unsigned char iv[EVP_MAX_IV_LENGTH];
+	
+	if (enc != NULL)
+		{
+		objstr=OBJ_nid2sn(EVP_CIPHER_nid(enc));
+		if (objstr == NULL)
+			{
+			PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,PEM_R_UNSUPPORTED_CIPHER);
+			goto err;
+			}
+		}
+
+	if ((dsize=i2d(x,NULL)) < 0)
+		{
+		PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,ERR_R_MALLOC_FAILURE);
+		dsize=0;
+		goto err;
+		}
+	/* dzise + 8 bytes are needed */
+	data=(unsigned char *)Malloc((unsigned int)dsize+20);
+	if (data == NULL)
+		{
+		PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+	p=data;
+	i=i2d(x,&p);
+
+	if (enc != NULL)
+		{
+		if (kstr == NULL)
+			{
+			if (callback == NULL)
+				klen=def_callback(buf,PEM_BUFSIZE,1,u);
+			else
+				klen=(*callback)(buf,PEM_BUFSIZE,1,u);
+			if (klen <= 0)
+				{
+				PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,PEM_R_READ_KEY);
+				goto err;
+				}
+#ifdef CHARSET_EBCDIC
+			/* Convert the pass phrase from EBCDIC */
+			ebcdic2ascii(buf, buf, klen);
+#endif
+			kstr=(unsigned char *)buf;
+			}
+		RAND_seed(data,i);/* put in the RSA key. */
+		RAND_bytes(iv,8);	/* Generate a salt */
+		/* The 'iv' is used as the iv and as a salt.  It is
+		 * NOT taken from the BytesToKey function */
+		EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL);
+
+		if (kstr == (unsigned char *)buf) memset(buf,0,PEM_BUFSIZE);
+
+		buf[0]='\0';
+		PEM_proc_type(buf,PEM_TYPE_ENCRYPTED);
+		PEM_dek_info(buf,objstr,8,(char *)iv);
+		/* k=strlen(buf); */
+	
+		EVP_EncryptInit(&ctx,enc,key,iv);
+		EVP_EncryptUpdate(&ctx,data,&j,data,i);
+		EVP_EncryptFinal(&ctx,&(data[j]),&i);
+		i+=j;
+		ret=1;
+		}
+	else
+		{
+		ret=1;
+		buf[0]='\0';
+		}
+	i=PEM_write_bio(bp,name,buf,data,i);
+	if (i <= 0) ret=0;
+err:
+	memset(key,0,sizeof(key));
+	memset(iv,0,sizeof(iv));
+	memset((char *)&ctx,0,sizeof(ctx));
+	memset(buf,0,PEM_BUFSIZE);
+	memset(data,0,(unsigned int)dsize);
+	Free(data);
+	return(ret);
+	}
+
+int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen,
+	     pem_password_cb *callback,void *u)
+	{
+	int i,j,o,klen;
+	long len;
+	EVP_CIPHER_CTX ctx;
+	unsigned char key[EVP_MAX_KEY_LENGTH];
+	char buf[PEM_BUFSIZE];
+
+	len= *plen;
+
+	if (cipher->cipher == NULL) return(1);
+	if (callback == NULL)
+		klen=def_callback(buf,PEM_BUFSIZE,0,u);
+	else
+		klen=callback(buf,PEM_BUFSIZE,0,u);
+	if (klen <= 0)
+		{
+		PEMerr(PEM_F_PEM_DO_HEADER,PEM_R_BAD_PASSWORD_READ);
+		return(0);
+		}
+#ifdef CHARSET_EBCDIC
+	/* Convert the pass phrase from EBCDIC */
+	ebcdic2ascii(buf, buf, klen);
+#endif
+
+	EVP_BytesToKey(cipher->cipher,EVP_md5(),&(cipher->iv[0]),
+		(unsigned char *)buf,klen,1,key,NULL);
+
+	j=(int)len;
+	EVP_DecryptInit(&ctx,cipher->cipher,key,&(cipher->iv[0]));
+	EVP_DecryptUpdate(&ctx,data,&i,data,j);
+	o=EVP_DecryptFinal(&ctx,&(data[i]),&j);
+	EVP_CIPHER_CTX_cleanup(&ctx);
+	memset((char *)buf,0,sizeof(buf));
+	memset((char *)key,0,sizeof(key));
+	j+=i;
+	if (!o)
+		{
+		PEMerr(PEM_F_PEM_DO_HEADER,PEM_R_BAD_DECRYPT);
+		return(0);
+		}
+	*plen=j;
+	return(1);
+	}
+
+int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher)
+	{
+	int o;
+	const EVP_CIPHER *enc=NULL;
+	char *p,c;
+
+	cipher->cipher=NULL;
+	if ((header == NULL) || (*header == '\0') || (*header == '\n'))
+		return(1);
+	if (strncmp(header,"Proc-Type: ",11) != 0)
+		{ PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_NOT_PROC_TYPE); return(0); }
+	header+=11;
+	if (*header != '4') return(0); header++;
+	if (*header != ',') return(0); header++;
+	if (strncmp(header,"ENCRYPTED",9) != 0)
+		{ PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_NOT_ENCRYPTED); return(0); }
+	for (; (*header != '\n') && (*header != '\0'); header++)
+		;
+	if (*header == '\0')
+		{ PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_SHORT_HEADER); return(0); }
+	header++;
+	if (strncmp(header,"DEK-Info: ",10) != 0)
+		{ PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_NOT_DEK_INFO); return(0); }
+	header+=10;
+
+	p=header;
+	for (;;)
+		{
+		c= *header;
+#ifndef CHARSET_EBCDIC
+		if (!(	((c >= 'A') && (c <= 'Z')) || (c == '-') ||
+			((c >= '0') && (c <= '9'))))
+			break;
+#else
+		if (!(	isupper(c) || (c == '-') ||
+			isdigit(c)))
+			break;
+#endif
+		header++;
+		}
+	*header='\0';
+	o=OBJ_sn2nid(p);
+	cipher->cipher=enc=EVP_get_cipherbyname(p);
+	*header=c;
+	header++;
+
+	if (enc == NULL)
+		{
+		PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_UNSUPPORTED_ENCRYPTION);
+		return(0);
+		}
+	if (!load_iv((unsigned char **)&header,&(cipher->iv[0]),8)) return(0);
+
+	return(1);
+	}
+
+static int load_iv(unsigned char **fromp, unsigned char *to, int num)
+	{
+	int v,i;
+	unsigned char *from;
+
+	from= *fromp;
+	for (i=0; i= '0') && (*from <= '9'))
+			v= *from-'0';
+		else if ((*from >= 'A') && (*from <= 'F'))
+			v= *from-'A'+10;
+		else if ((*from >= 'a') && (*from <= 'f'))
+			v= *from-'a'+10;
+		else
+			{
+			PEMerr(PEM_F_LOAD_IV,PEM_R_BAD_IV_CHARS);
+			return(0);
+			}
+		from++;
+		to[i/2]|=v<<(long)((!(i&1))*4);
+		}
+
+	*fromp=from;
+	return(1);
+	}
+
+#ifndef NO_FP_API
+int PEM_write(FILE *fp, char *name, char *header, unsigned char *data,
+	     long len)
+        {
+        BIO *b;
+        int ret;
+
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+		{
+		PEMerr(PEM_F_PEM_WRITE,ERR_R_BUF_LIB);
+                return(0);
+		}
+        BIO_set_fp(b,fp,BIO_NOCLOSE);
+        ret=PEM_write_bio(b, name, header, data,len);
+        BIO_free(b);
+        return(ret);
+        }
+#endif
+
+int PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data,
+	     long len)
+	{
+	int nlen,n,i,j,outl;
+	unsigned char *buf;
+	EVP_ENCODE_CTX ctx;
+	int reason=ERR_R_BUF_LIB;
+	
+	EVP_EncodeInit(&ctx);
+	nlen=strlen(name);
+
+	if (	(BIO_write(bp,"-----BEGIN ",11) != 11) ||
+		(BIO_write(bp,name,nlen) != nlen) ||
+		(BIO_write(bp,"-----\n",6) != 6))
+		goto err;
+		
+	i=strlen(header);
+	if (i > 0)
+		{
+		if (	(BIO_write(bp,header,i) != i) ||
+			(BIO_write(bp,"\n",1) != 1))
+			goto err;
+		}
+
+	buf=(unsigned char *)Malloc(PEM_BUFSIZE*8);
+	if (buf == NULL)
+		{
+		reason=ERR_R_MALLOC_FAILURE;
+		goto err;
+		}
+
+	i=j=0;
+	while (len > 0)
+		{
+		n=(int)((len>(PEM_BUFSIZE*5))?(PEM_BUFSIZE*5):len);
+		EVP_EncodeUpdate(&ctx,buf,&outl,&(data[j]),n);
+		if ((outl) && (BIO_write(bp,(char *)buf,outl) != outl))
+			goto err;
+		i+=outl;
+		len-=n;
+		j+=n;
+		}
+	EVP_EncodeFinal(&ctx,buf,&outl);
+	if ((outl > 0) && (BIO_write(bp,(char *)buf,outl) != outl)) goto err;
+	Free(buf);
+	if (	(BIO_write(bp,"-----END ",9) != 9) ||
+		(BIO_write(bp,name,nlen) != nlen) ||
+		(BIO_write(bp,"-----\n",6) != 6))
+		goto err;
+	return(i+outl);
+err:
+	PEMerr(PEM_F_PEM_WRITE_BIO,reason);
+	return(0);
+	}
+
+#ifndef NO_FP_API
+int PEM_read(FILE *fp, char **name, char **header, unsigned char **data,
+	     long *len)
+        {
+        BIO *b;
+        int ret;
+
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+		{
+		PEMerr(PEM_F_PEM_READ,ERR_R_BUF_LIB);
+                return(0);
+		}
+        BIO_set_fp(b,fp,BIO_NOCLOSE);
+        ret=PEM_read_bio(b, name, header, data,len);
+        BIO_free(b);
+        return(ret);
+        }
+#endif
+
+int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data,
+	     long *len)
+	{
+	EVP_ENCODE_CTX ctx;
+	int end=0,i,k,bl=0,hl=0,nohead=0;
+	char buf[256];
+	BUF_MEM *nameB;
+	BUF_MEM *headerB;
+	BUF_MEM *dataB,*tmpB;
+	
+	nameB=BUF_MEM_new();
+	headerB=BUF_MEM_new();
+	dataB=BUF_MEM_new();
+	if ((nameB == NULL) || (headerB == NULL) || (dataB == NULL))
+		{
+		PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE);
+		return(0);
+		}
+
+	buf[254]='\0';
+	for (;;)
+		{
+		i=BIO_gets(bp,buf,254);
+
+		if (i <= 0)
+			{
+			PEMerr(PEM_F_PEM_READ_BIO,PEM_R_NO_START_LINE);
+			goto err;
+			}
+
+		while ((i >= 0) && (buf[i] <= ' ')) i--;
+		buf[++i]='\n'; buf[++i]='\0';
+
+		if (strncmp(buf,"-----BEGIN ",11) == 0)
+			{
+			i=strlen(&(buf[11]));
+
+			if (strncmp(&(buf[11+i-6]),"-----\n",6) != 0)
+				continue;
+			if (!BUF_MEM_grow(nameB,i+9))
+				{
+				PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE);
+				goto err;
+				}
+			memcpy(nameB->data,&(buf[11]),i-6);
+			nameB->data[i-6]='\0';
+			break;
+			}
+		}
+	hl=0;
+	if (!BUF_MEM_grow(headerB,256))
+		{ PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); goto err; }
+	headerB->data[0]='\0';
+	for (;;)
+		{
+		i=BIO_gets(bp,buf,254);
+		if (i <= 0) break;
+
+		while ((i >= 0) && (buf[i] <= ' ')) i--;
+		buf[++i]='\n'; buf[++i]='\0';
+
+		if (buf[0] == '\n') break;
+		if (!BUF_MEM_grow(headerB,hl+i+9))
+			{ PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); goto err; }
+		if (strncmp(buf,"-----END ",9) == 0)
+			{
+			nohead=1;
+			break;
+			}
+		memcpy(&(headerB->data[hl]),buf,i);
+		headerB->data[hl+i]='\0';
+		hl+=i;
+		}
+
+	bl=0;
+	if (!BUF_MEM_grow(dataB,1024))
+		{ PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); goto err; }
+	dataB->data[0]='\0';
+	if (!nohead)
+		{
+		for (;;)
+			{
+			i=BIO_gets(bp,buf,254);
+			if (i <= 0) break;
+
+			while ((i >= 0) && (buf[i] <= ' ')) i--;
+			buf[++i]='\n'; buf[++i]='\0';
+
+			if (i != 65) end=1;
+			if (strncmp(buf,"-----END ",9) == 0)
+				break;
+			if (i > 65) break;
+			if (!BUF_MEM_grow(dataB,i+bl+9))
+				{
+				PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE);
+				goto err;
+				}
+			memcpy(&(dataB->data[bl]),buf,i);
+			dataB->data[bl+i]='\0';
+			bl+=i;
+			if (end)
+				{
+				buf[0]='\0';
+				i=BIO_gets(bp,buf,254);
+				if (i <= 0) break;
+
+				while ((i >= 0) && (buf[i] <= ' ')) i--;
+				buf[++i]='\n'; buf[++i]='\0';
+
+				break;
+				}
+			}
+		}
+	else
+		{
+		tmpB=headerB;
+		headerB=dataB;
+		dataB=tmpB;
+		bl=hl;
+		}
+	i=strlen(nameB->data);
+	if (	(strncmp(buf,"-----END ",9) != 0) ||
+		(strncmp(nameB->data,&(buf[9]),i) != 0) ||
+		(strncmp(&(buf[9+i]),"-----\n",6) != 0))
+		{
+		PEMerr(PEM_F_PEM_READ_BIO,PEM_R_BAD_END_LINE);
+		goto err;
+		}
+
+	EVP_DecodeInit(&ctx);
+	i=EVP_DecodeUpdate(&ctx,
+		(unsigned char *)dataB->data,&bl,
+		(unsigned char *)dataB->data,bl);
+	if (i < 0)
+		{
+		PEMerr(PEM_F_PEM_READ_BIO,PEM_R_BAD_BASE64_DECODE);
+		goto err;
+		}
+	i=EVP_DecodeFinal(&ctx,(unsigned char *)&(dataB->data[bl]),&k);
+	if (i < 0)
+		{
+		PEMerr(PEM_F_PEM_READ_BIO,PEM_R_BAD_BASE64_DECODE);
+		goto err;
+		}
+	bl+=k;
+
+	if (bl == 0) goto err;
+	*name=nameB->data;
+	*header=headerB->data;
+	*data=(unsigned char *)dataB->data;
+	*len=bl;
+	Free(nameB);
+	Free(headerB);
+	Free(dataB);
+	return(1);
+err:
+	BUF_MEM_free(nameB);
+	BUF_MEM_free(headerB);
+	BUF_MEM_free(dataB);
+	return(0);
+	}
+
+/* This function writes a private key in PKCS#8 format: it is a "drop in"
+ * replacement for PEM_write_bio_PrivateKey(). As usual if 'enc' is NULL then
+ * it uses the unencrypted private key form. It uses PKCS#5 v2.0 password based
+ * encryption algorithms.
+ */
+
+int PEM_write_bio_PKCS8PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
+				  char *kstr, int klen,
+				  pem_password_cb *cb, void *u)
+{
+	X509_SIG *p8;
+	PKCS8_PRIV_KEY_INFO *p8inf;
+	char buf[PEM_BUFSIZE];
+	int ret;
+	if(!(p8inf = EVP_PKEY2PKCS8(x))) {
+		PEMerr(PEM_F_PEM_WRITE_BIO_PKCS8PRIVATEKEY,
+					PEM_R_ERROR_CONVERTING_PRIVATE_KEY);
+		return 0;
+	}
+	if(enc) {
+		if(!kstr) {
+			if(!cb) klen = def_callback(buf, PEM_BUFSIZE, 1, u);
+			else klen = cb(buf, PEM_BUFSIZE, 1, u);
+			if(klen <= 0) {
+				PEMerr(PEM_F_PEM_WRITE_BIO_PKCS8PRIVATEKEY,
+								PEM_R_READ_KEY);
+				PKCS8_PRIV_KEY_INFO_free(p8inf);
+				return 0;
+			}
+				
+			kstr = buf;
+		}
+		p8 = PKCS8_encrypt(-1, enc, kstr, klen, NULL, 0, 0, p8inf);
+		if(kstr == buf) memset(buf, 0, klen);
+		PKCS8_PRIV_KEY_INFO_free(p8inf);
+		ret = PEM_write_bio_PKCS8(bp, p8);
+		X509_SIG_free(p8);
+		return ret;
+	} else {
+		ret = PEM_write_bio_PKCS8_PRIV_KEY_INFO(bp, p8inf);
+		PKCS8_PRIV_KEY_INFO_free(p8inf);
+		return ret;
+	}
+}
+
+int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
+			      char *kstr, int klen, pem_password_cb *cb, void *u)
+{
+	BIO *bp;
+	int ret;
+	if(!(bp = BIO_new_fp(fp, BIO_NOCLOSE))) {
+		PEMerr(PEM_F_PEM_F_PEM_WRITE_PKCS8PRIVATEKEY,ERR_R_BUF_LIB);
+                return(0);
+	}
+	ret = PEM_write_bio_PKCS8PrivateKey(bp, x, enc, kstr, klen, cb, u);
+	BIO_free(bp);
+	return ret;
+}
diff --git a/crypto/openssl/crypto/pem/pem_seal.c b/crypto/openssl/crypto/pem/pem_seal.c
new file mode 100644
index 000000000000..23f95beb1e22
--- /dev/null
+++ b/crypto/openssl/crypto/pem/pem_seal.c
@@ -0,0 +1,178 @@
+/* crypto/pem/pem_seal.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef NO_RSA
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+#include 
+#include 
+
+int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type,
+	     unsigned char **ek, int *ekl, unsigned char *iv, EVP_PKEY **pubk,
+	     int npubk)
+	{
+	unsigned char key[EVP_MAX_KEY_LENGTH];
+	int ret= -1;
+	int i,j,max=0;
+	char *s=NULL;
+
+	for (i=0; itype != EVP_PKEY_RSA)
+			{
+			PEMerr(PEM_F_PEM_SEALINIT,PEM_R_PUBLIC_KEY_NO_RSA);
+			goto err;
+			}
+		j=RSA_size(pubk[i]->pkey.rsa);
+		if (j > max) max=j;
+		}
+	s=(char *)Malloc(max*2);
+	if (s == NULL)
+		{
+		PEMerr(PEM_F_PEM_SEALINIT,ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+
+	EVP_EncodeInit(&(ctx->encode));
+	EVP_SignInit(&(ctx->md),md_type);
+
+	ret=EVP_SealInit(&(ctx->cipher),type,ek,ekl,iv,pubk,npubk);
+	if (!ret) goto err;
+
+	/* base64 encode the keys */
+	for (i=0; ipkey.rsa));
+		ekl[i]=j;
+		memcpy(ek[i],s,j+1);
+		}
+
+	ret=npubk;
+err:
+	if (s != NULL) Free(s);
+	memset(key,0,EVP_MAX_KEY_LENGTH);
+	return(ret);
+	}
+
+void PEM_SealUpdate(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *out, int *outl,
+	     unsigned char *in, int inl)
+	{
+	unsigned char buffer[1600];
+	int i,j;
+
+	*outl=0;
+	EVP_SignUpdate(&(ctx->md),in,inl);
+	for (;;)
+		{
+		if (inl <= 0) break;
+		if (inl > 1200)
+			i=1200;
+		else
+			i=inl;
+		EVP_EncryptUpdate(&(ctx->cipher),buffer,&j,in,i);
+		EVP_EncodeUpdate(&(ctx->encode),out,&j,buffer,j);
+		*outl+=j;
+		out+=j;
+		in+=i;
+		inl-=i;
+		}
+	}
+
+int PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig, int *sigl,
+	     unsigned char *out, int *outl, EVP_PKEY *priv)
+	{
+	unsigned char *s=NULL;
+	int ret=0,j;
+	unsigned int i;
+
+	if (priv->type != EVP_PKEY_RSA)
+		{
+		PEMerr(PEM_F_PEM_SEALFINAL,PEM_R_PUBLIC_KEY_NO_RSA);
+		goto err;
+		}
+	i=RSA_size(priv->pkey.rsa);
+	if (i < 100) i=100;
+	s=(unsigned char *)Malloc(i*2);
+	if (s == NULL)
+		{
+		PEMerr(PEM_F_PEM_SEALFINAL,ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+
+	EVP_EncryptFinal(&(ctx->cipher),s,(int *)&i);
+	EVP_EncodeUpdate(&(ctx->encode),out,&j,s,i);
+	*outl=j;
+	out+=j;
+	EVP_EncodeFinal(&(ctx->encode),out,&j);
+	*outl+=j;
+
+	if (!EVP_SignFinal(&(ctx->md),s,&i,priv)) goto err;
+	*sigl=EVP_EncodeBlock(sig,s,i);
+
+	ret=1;
+err:
+	memset((char *)&(ctx->md),0,sizeof(ctx->md));
+	memset((char *)&(ctx->cipher),0,sizeof(ctx->cipher));
+	if (s != NULL) Free(s);
+	return(ret);
+	}
+#endif
diff --git a/crypto/openssl/crypto/pem/pem_sign.c b/crypto/openssl/crypto/pem/pem_sign.c
new file mode 100644
index 000000000000..aabafb702df0
--- /dev/null
+++ b/crypto/openssl/crypto/pem/pem_sign.c
@@ -0,0 +1,102 @@
+/* crypto/pem/pem_sign.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+#include 
+#include 
+
+void PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type)
+	{
+	EVP_DigestInit(ctx,type);
+	}
+
+void PEM_SignUpdate(EVP_MD_CTX *ctx, unsigned char *data,
+	     unsigned int count)
+	{
+	EVP_DigestUpdate(ctx,data,count);
+	}
+
+int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen,
+	     EVP_PKEY *pkey)
+	{
+	unsigned char *m;
+	int i,ret=0;
+	unsigned int m_len;
+
+	m=(unsigned char *)Malloc(EVP_PKEY_size(pkey)+2);
+	if (m == NULL)
+		{
+		PEMerr(PEM_F_PEM_SIGNFINAL,ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+
+	if (EVP_SignFinal(ctx,m,&m_len,pkey) <= 0) goto err;
+
+	i=EVP_EncodeBlock(sigret,m,m_len);
+	*siglen=i;
+	ret=1;
+err:
+	/* ctx has been zeroed by EVP_SignFinal() */
+	if (m != NULL) Free(m);
+	return(ret);
+	}
+
diff --git a/crypto/openssl/crypto/pem/pkcs7.lis b/crypto/openssl/crypto/pem/pkcs7.lis
new file mode 100644
index 000000000000..be90c5d87f5b
--- /dev/null
+++ b/crypto/openssl/crypto/pem/pkcs7.lis
@@ -0,0 +1,22 @@
+21     0:d=0 hl=2 l=  0 cons: univ: SEQUENCE          
+ 00     2:d=0 hl=2 l=  9 prim: univ: OBJECT_IDENTIFIER :pkcs-7-signedData
+ 21    13:d=0 hl=2 l=  0 cons: cont: 00			# explicit tag
+  21    15:d=0 hl=2 l=  0 cons: univ: SEQUENCE          
+   00    17:d=0 hl=2 l=  1 prim: univ: INTEGER          # version 
+   20    20:d=0 hl=2 l=  0 cons: univ: SET               
+   21    22:d=0 hl=2 l=  0 cons: univ: SEQUENCE          
+    00    24:d=0 hl=2 l=  9 prim: univ: OBJECT_IDENTIFIER :pkcs-7-data
+    00    35:d=0 hl=2 l=  0 prim: univ: EOC               
+   21    37:d=0 hl=2 l=  0 cons: cont: 00               # cert tag
+    20    39:d=0 hl=4 l=545 cons: univ: SEQUENCE          
+    20   588:d=0 hl=4 l=524 cons: univ: SEQUENCE          
+    00  1116:d=0 hl=2 l=  0 prim: univ: EOC               
+   21  1118:d=0 hl=2 l=  0 cons: cont: 01		# crl tag
+    20  1120:d=0 hl=4 l=653 cons: univ: SEQUENCE          
+    20  1777:d=0 hl=4 l=285 cons: univ: SEQUENCE          
+    00  2066:d=0 hl=2 l=  0 prim: univ: EOC               
+   21  2068:d=0 hl=2 l=  0 cons: univ: SET              # signers 
+    00  2070:d=0 hl=2 l=  0 prim: univ: EOC               
+  00  2072:d=0 hl=2 l=  0 prim: univ: EOC               
+ 00  2074:d=0 hl=2 l=  0 prim: univ: EOC               
+00  2076:d=0 hl=2 l=  0 prim: univ: EOC               
diff --git a/crypto/openssl/crypto/perlasm/alpha.pl b/crypto/openssl/crypto/perlasm/alpha.pl
new file mode 100644
index 000000000000..3dac571743c4
--- /dev/null
+++ b/crypto/openssl/crypto/perlasm/alpha.pl
@@ -0,0 +1,434 @@
+#!/usr/local/bin/perl
+
+package alpha;
+use Carp qw(croak cluck);
+
+$label="100";
+
+$n_debug=0;
+$smear_regs=1;
+$reg_alloc=1;
+
+$align="3";
+$com_start="#";
+
+sub main'asm_init_output { @out=(); }
+sub main'asm_get_output { return(@out); }
+sub main'get_labels { return(@labels); }
+sub main'external_label { push(@labels,@_); }
+
+# General registers
+
+%regs=(	'r0',	'$0',
+	'r1',	'$1',
+	'r2',	'$2',
+	'r3',	'$3',
+	'r4',	'$4',
+	'r5',	'$5',
+	'r6',	'$6',
+	'r7',	'$7',
+	'r8',	'$8',
+	'r9',	'$22',
+	'r10',	'$23',
+	'r11',	'$24',
+	'r12',	'$25',
+	'r13',	'$27',
+	'r14',	'$28',
+	'r15',	'$21', # argc == 5
+	'r16',	'$20', # argc == 4
+	'r17',	'$19', # argc == 3
+	'r18',	'$18', # argc == 2
+	'r19',	'$17', # argc == 1
+	'r20',	'$16', # argc == 0
+	'r21',	'$9',  # save 0
+	'r22',	'$10', # save 1
+	'r23',	'$11', # save 2
+	'r24',	'$12', # save 3
+	'r25',	'$13', # save 4
+	'r26',	'$14', # save 5
+
+	'a0',	'$16',
+	'a1',	'$17',
+	'a2',	'$18',
+	'a3',	'$19',
+	'a4',	'$20',
+	'a5',	'$21',
+
+	's0',	'$9',
+	's1',	'$10',
+	's2',	'$11',
+	's3',	'$12',
+	's4',	'$13',
+	's5',	'$14',
+	'zero',	'$31',
+	'sp',	'$30',
+	);
+
+$main'reg_s0="r21";
+$main'reg_s1="r22";
+$main'reg_s2="r23";
+$main'reg_s3="r24";
+$main'reg_s4="r25";
+$main'reg_s5="r26";
+
+@reg=(  '$0', '$1' ,'$2' ,'$3' ,'$4' ,'$5' ,'$6' ,'$7' ,'$8',
+	'$22','$23','$24','$25','$20','$21','$27','$28');
+
+
+sub main'sub	{ &out3("subq",@_); }
+sub main'add	{ &out3("addq",@_); }
+sub main'mov	{ &out3("bis",$_[0],$_[0],$_[1]); }
+sub main'or	{ &out3("bis",@_); }
+sub main'bis	{ &out3("bis",@_); }
+sub main'br	{ &out1("br",@_); }
+sub main'ld	{ &out2("ldq",@_); }
+sub main'st	{ &out2("stq",@_); }
+sub main'cmpult	{ &out3("cmpult",@_); }
+sub main'cmplt	{ &out3("cmplt",@_); }
+sub main'bgt	{ &out2("bgt",@_); }
+sub main'ble	{ &out2("ble",@_); }
+sub main'blt	{ &out2("blt",@_); }
+sub main'mul	{ &out3("mulq",@_); }
+sub main'muh	{ &out3("umulh",@_); }
+
+$main'QWS=8;
+
+sub main'asm_add
+	{
+	push(@out,@_);
+	}
+
+sub main'asm_finish
+	{
+	&main'file_end();
+	print &main'asm_get_output();
+	}
+
+sub main'asm_init
+	{
+	($type,$fn)=@_;
+	$filename=$fn;
+
+	&main'asm_init_output();
+	&main'comment("Don't even think of reading this code");
+	&main'comment("It was automatically generated by $filename");
+	&main'comment("Which is a perl program used to generate the alpha assember.");
+	&main'comment("eric ");
+	&main'comment("");
+
+	$filename =~ s/\.pl$//;
+	&main'file($filename);
+	}
+
+sub conv
+	{
+	local($r)=@_;
+	local($v);
+
+	return($regs{$r}) if defined($regs{$r});
+	return($r);
+	}
+
+sub main'QWPw
+	{
+	local($off,$reg)=@_;
+
+	return(&main'QWP($off*8,$reg));
+	}
+
+sub main'QWP
+	{
+	local($off,$reg)=@_;
+
+	$ret="$off(".&conv($reg).")";
+	return($ret);
+	}
+
+sub out3
+	{
+	local($name,$p1,$p2,$p3)=@_;
+
+	$p1=&conv($p1);
+	$p2=&conv($p2);
+	$p3=&conv($p3);
+	push(@out,"\t$name\t");
+	$l=length($p1)+1;
+	push(@out,$p1.",");
+	$ll=3-($l+9)/8;
+	$tmp1=sprintf("\t" x $ll);
+	push(@out,$tmp1);
+
+	$l=length($p2)+1;
+	push(@out,$p2.",");
+	$ll=3-($l+9)/8;
+	$tmp1=sprintf("\t" x $ll);
+	push(@out,$tmp1);
+
+	push(@out,&conv($p3)."\n");
+	}
+
+sub out2
+	{
+	local($name,$p1,$p2,$p3)=@_;
+
+	$p1=&conv($p1);
+	$p2=&conv($p2);
+	push(@out,"\t$name\t");
+	$l=length($p1)+1;
+	push(@out,$p1.",");
+	$ll=3-($l+9)/8;
+	$tmp1=sprintf("\t" x $ll);
+	push(@out,$tmp1);
+
+	push(@out,&conv($p2)."\n");
+	}
+
+sub out1
+	{
+	local($name,$p1)=@_;
+
+	$p1=&conv($p1);
+	push(@out,"\t$name\t".$p1."\n");
+	}
+
+sub out0
+	{
+	push(@out,"\t$_[0]\n");
+	}
+
+sub main'file
+	{
+	local($file)=@_;
+
+	local($tmp)=<<"EOF";
+ # DEC Alpha assember
+ # Generated from perl scripts contains in SSLeay
+	.file	1 "$file.s"
+	.set noat
+EOF
+	push(@out,$tmp);
+	}
+
+sub main'function_begin
+	{
+	local($func)=@_;
+
+print STDERR "$func\n";
+	local($tmp)=<<"EOF";
+	.text
+	.align $align
+	.globl $func
+	.ent $func
+${func}:
+${func}..ng:
+	.frame \$30,0,\$26,0
+	.prologue 0
+EOF
+	push(@out,$tmp);
+	$stack=0;
+	}
+
+sub main'function_end
+	{
+	local($func)=@_;
+
+	local($tmp)=<<"EOF";
+	ret	\$31,(\$26),1
+	.end $func
+EOF
+	push(@out,$tmp);
+	$stack=0;
+	%label=();
+	}
+
+sub main'function_end_A
+	{
+	local($func)=@_;
+
+	local($tmp)=<<"EOF";
+	ret	\$31,(\$26),1
+EOF
+	push(@out,$tmp);
+	}
+
+sub main'function_end_B
+	{
+	local($func)=@_;
+
+	$func=$under.$func;
+
+	push(@out,"\t.end $func\n");
+	$stack=0;
+	%label=();
+	}
+
+sub main'wparam
+	{
+	local($num)=@_;
+
+	if ($num < 6)
+		{
+		$num=20-$num;
+		return("r$num");
+		}
+	else
+		{ return(&main'QWP($stack+$num*8,"sp")); }
+	}
+
+sub main'stack_push
+	{
+	local($num)=@_;
+	$stack+=$num*8;
+	&main'sub("sp",$num*8,"sp");
+	}
+
+sub main'stack_pop
+	{
+	local($num)=@_;
+	$stack-=$num*8;
+	&main'add("sp",$num*8,"sp");
+	}
+
+sub main'swtmp
+	{
+	return(&main'QWP(($_[0])*8,"sp"));
+	}
+
+# Should use swtmp, which is above sp.  Linix can trash the stack above esp
+#sub main'wtmp
+#	{
+#	local($num)=@_;
+#
+#	return(&main'QWP(-($num+1)*4,"esp","",0));
+#	}
+
+sub main'comment
+	{
+	foreach (@_)
+		{
+		if (/^\s*$/)
+			{ push(@out,"\n"); }
+		else
+			{ push(@out,"\t$com_start $_ $com_end\n"); }
+		}
+	}
+
+sub main'label
+	{
+	if (!defined($label{$_[0]}))
+		{
+		$label{$_[0]}=$label;
+		$label++;
+		}
+	return('$'.$label{$_[0]});
+	}
+
+sub main'set_label
+	{
+	if (!defined($label{$_[0]}))
+		{
+		$label{$_[0]}=$label;
+		$label++;
+		}
+#	push(@out,".align $align\n") if ($_[1] != 0);
+	push(@out,'$'."$label{$_[0]}:\n");
+	}
+
+sub main'file_end
+	{
+	}
+
+sub main'data_word
+	{
+	push(@out,"\t.long $_[0]\n");
+	}
+
+@pool_free=();
+@pool_taken=();
+$curr_num=0;
+$max=0;
+
+sub main'init_pool
+	{
+	local($args)=@_;
+	local($i);
+
+	@pool_free=();
+	for ($i=(14+(6-$args)); $i >= 0; $i--)
+		{
+		push(@pool_free,"r$i");
+		}
+	print STDERR "START :register pool:@pool_free\n";
+	$curr_num=$max=0;
+	}
+
+sub main'fin_pool
+	{
+	printf STDERR "END %2d:register pool:@pool_free\n",$max;
+	}
+
+sub main'GR
+	{
+	local($r)=@_;
+	local($i,@n,$_);
+
+	foreach (@pool_free)
+		{
+		if ($r ne $_)
+			{ push(@n,$_); }
+		else
+			{
+			$curr_num++;
+			$max=$curr_num if ($curr_num > $max);
+			}
+		}
+	@pool_free=@n;
+print STDERR "GR:@pool_free\n" if $reg_alloc;
+	return(@_);
+	}
+
+sub main'NR
+	{
+	local($num)=@_;
+	local(@ret);
+
+	$num=1 if $num == 0;
+	($#pool_free >= ($num-1)) || croak "out of registers: want $num, have @pool_free";
+	while ($num > 0)
+		{
+		push(@ret,pop @pool_free);
+		$curr_num++;
+		$max=$curr_num if ($curr_num > $max);
+		$num--
+		}
+	print STDERR "nr @ret\n" if $n_debug;
+print STDERR "NR:@pool_free\n" if $reg_alloc;
+	return(@ret);
+
+	}
+
+sub main'FR
+	{
+	local(@r)=@_;
+	local(@a,$v,$w);
+
+	print STDERR "fr @r\n" if $n_debug;
+#	cluck "fr @r";
+	for $w (@pool_free)
+		{
+		foreach $v (@r)
+			{
+			croak "double register free of $v (@pool_free)" if $w eq $v;
+			}
+		}
+	foreach $v (@r)
+		{
+		croak "bad argument to FR" if ($v !~ /^r\d+$/);
+		if ($smear_regs)
+			{ unshift(@pool_free,$v); }
+		else	{ push(@pool_free,$v); }
+		$curr_num--;
+		}
+print STDERR "FR:@pool_free\n" if $reg_alloc;
+	}
+1;
diff --git a/crypto/openssl/crypto/perlasm/cbc.pl b/crypto/openssl/crypto/perlasm/cbc.pl
new file mode 100644
index 000000000000..0145c4f0cc6e
--- /dev/null
+++ b/crypto/openssl/crypto/perlasm/cbc.pl
@@ -0,0 +1,342 @@
+#!/usr/local/bin/perl
+
+# void des_ncbc_encrypt(input, output, length, schedule, ivec, enc)
+# des_cblock (*input);
+# des_cblock (*output);
+# long length;
+# des_key_schedule schedule;
+# des_cblock (*ivec);
+# int enc;
+#
+# calls 
+# des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT);
+#
+
+#&cbc("des_ncbc_encrypt","des_encrypt",0);
+#&cbc("BF_cbc_encrypt","BF_encrypt","BF_encrypt",
+#	1,4,5,3,5,-1);
+#&cbc("des_ncbc_encrypt","des_encrypt","des_encrypt",
+#	0,4,5,3,5,-1);
+#&cbc("des_ede3_cbc_encrypt","des_encrypt3","des_decrypt3",
+#	0,6,7,3,4,5);
+#
+# When doing a cipher that needs bigendian order,
+# for encrypt, the iv is kept in bigendian form,
+# while for decrypt, it is kept in little endian.
+sub cbc
+	{
+	local($name,$enc_func,$dec_func,$swap,$iv_off,$enc_off,$p1,$p2,$p3)=@_;
+	# name is the function name
+	# enc_func and dec_func and the functions to call for encrypt/decrypt
+	# swap is true if byte order needs to be reversed
+	# iv_off is parameter number for the iv 
+	# enc_off is parameter number for the encrypt/decrypt flag
+	# p1,p2,p3 are the offsets for parameters to be passed to the
+	# underlying calls.
+
+	&function_begin_B($name,"");
+	&comment("");
+
+	$in="esi";
+	$out="edi";
+	$count="ebp";
+
+	&push("ebp");
+	&push("ebx");
+	&push("esi");
+	&push("edi");
+
+	$data_off=4;
+	$data_off+=4 if ($p1 > 0);
+	$data_off+=4 if ($p2 > 0);
+	$data_off+=4 if ($p3 > 0);
+
+	&mov($count,	&wparam(2));	# length
+
+	&comment("getting iv ptr from parameter $iv_off");
+	&mov("ebx",	&wparam($iv_off));	# Get iv ptr
+
+	&mov($in,	&DWP(0,"ebx","",0));#	iv[0]
+	&mov($out,	&DWP(4,"ebx","",0));#	iv[1]
+
+	&push($out);
+	&push($in);
+	&push($out);	# used in decrypt for iv[1]
+	&push($in);	# used in decrypt for iv[0]
+
+	&mov("ebx",	"esp");		# This is the address of tin[2]
+
+	&mov($in,	&wparam(0));	# in
+	&mov($out,	&wparam(1));	# out
+
+	# We have loaded them all, how lets push things
+	&comment("getting encrypt flag from parameter $enc_off");
+	&mov("ecx",	&wparam($enc_off));	# Get enc flag
+	if ($p3 > 0)
+		{
+		&comment("get and push parameter $p3");
+		if ($enc_off != $p3)
+			{ &mov("eax",	&wparam($p3)); &push("eax"); }
+		else	{ &push("ecx"); }
+		}
+	if ($p2 > 0)
+		{
+		&comment("get and push parameter $p2");
+		if ($enc_off != $p2)
+			{ &mov("eax",	&wparam($p2)); &push("eax"); }
+		else	{ &push("ecx"); }
+		}
+	if ($p1 > 0)
+		{
+		&comment("get and push parameter $p1");
+		if ($enc_off != $p1)
+			{ &mov("eax",	&wparam($p1)); &push("eax"); }
+		else	{ &push("ecx"); }
+		}
+	&push("ebx");		# push data/iv
+
+	&cmp("ecx",0);
+	&jz(&label("decrypt"));
+
+	&and($count,0xfffffff8);
+	&mov("eax",	&DWP($data_off,"esp","",0));	# load iv[0]
+	&mov("ebx",	&DWP($data_off+4,"esp","",0));	# load iv[1]
+
+	&jz(&label("encrypt_finish"));
+
+	#############################################################
+
+	&set_label("encrypt_loop");
+	# encrypt start 
+	# "eax" and "ebx" hold iv (or the last cipher text)
+
+	&mov("ecx",	&DWP(0,$in,"",0));	# load first 4 bytes
+	&mov("edx",	&DWP(4,$in,"",0));	# second 4 bytes
+
+	&xor("eax",	"ecx");
+	&xor("ebx",	"edx");
+
+	&bswap("eax")	if $swap;
+	&bswap("ebx")	if $swap;
+
+	&mov(&DWP($data_off,"esp","",0),	"eax");	# put in array for call
+	&mov(&DWP($data_off+4,"esp","",0),	"ebx");	#
+
+	&call($enc_func);
+
+	&mov("eax",	&DWP($data_off,"esp","",0));
+	&mov("ebx",	&DWP($data_off+4,"esp","",0));
+
+	&bswap("eax")	if $swap;
+	&bswap("ebx")	if $swap;
+
+	&mov(&DWP(0,$out,"",0),"eax");
+	&mov(&DWP(4,$out,"",0),"ebx");
+
+	# eax and ebx are the next iv.
+
+	&add($in,	8);
+	&add($out,	8);
+
+	&sub($count,	8);
+	&jnz(&label("encrypt_loop"));
+
+###################################################################3
+	&set_label("encrypt_finish");
+	&mov($count,	&wparam(2));	# length
+	&and($count,	7);
+	&jz(&label("finish"));
+	&xor("ecx","ecx");
+	&xor("edx","edx");
+	&mov($count,&DWP(&label("cbc_enc_jmp_table"),"",$count,4));
+	&jmp_ptr($count);
+
+&set_label("ej7");
+	&xor("edx",		"edx") if $ppro; # ppro friendly
+	&movb(&HB("edx"),	&BP(6,$in,"",0));
+	&shl("edx",8);
+&set_label("ej6");
+	&movb(&HB("edx"),	&BP(5,$in,"",0));
+&set_label("ej5");
+	&movb(&LB("edx"),	&BP(4,$in,"",0));
+&set_label("ej4");
+	&mov("ecx",		&DWP(0,$in,"",0));
+	&jmp(&label("ejend"));
+&set_label("ej3");
+	&movb(&HB("ecx"),	&BP(2,$in,"",0));
+	&xor("ecx",		"ecx") if $ppro; # ppro friendly
+	&shl("ecx",8);
+&set_label("ej2");
+	&movb(&HB("ecx"),	&BP(1,$in,"",0));
+&set_label("ej1");
+	&movb(&LB("ecx"),	&BP(0,$in,"",0));
+&set_label("ejend");
+
+	&xor("eax",	"ecx");
+	&xor("ebx",	"edx");
+
+	&bswap("eax")	if $swap;
+	&bswap("ebx")	if $swap;
+
+	&mov(&DWP($data_off,"esp","",0),	"eax");	# put in array for call
+	&mov(&DWP($data_off+4,"esp","",0),	"ebx");	#
+
+	&call($enc_func);
+
+	&mov("eax",	&DWP($data_off,"esp","",0));
+	&mov("ebx",	&DWP($data_off+4,"esp","",0));
+
+	&bswap("eax")	if $swap;
+	&bswap("ebx")	if $swap;
+
+	&mov(&DWP(0,$out,"",0),"eax");
+	&mov(&DWP(4,$out,"",0),"ebx");
+
+	&jmp(&label("finish"));
+
+	#############################################################
+	#############################################################
+	&set_label("decrypt",1);
+	# decrypt start 
+	&and($count,0xfffffff8);
+	# The next 2 instructions are only for if the jz is taken
+	&mov("eax",	&DWP($data_off+8,"esp","",0));	# get iv[0]
+	&mov("ebx",	&DWP($data_off+12,"esp","",0));	# get iv[1]
+	&jz(&label("decrypt_finish"));
+
+	&set_label("decrypt_loop");
+	&mov("eax",	&DWP(0,$in,"",0));	# load first 4 bytes
+	&mov("ebx",	&DWP(4,$in,"",0));	# second 4 bytes
+
+	&bswap("eax")	if $swap;
+	&bswap("ebx")	if $swap;
+
+	&mov(&DWP($data_off,"esp","",0),	"eax");	# put back
+	&mov(&DWP($data_off+4,"esp","",0),	"ebx");	#
+
+	&call($dec_func);
+
+	&mov("eax",	&DWP($data_off,"esp","",0));	# get return
+	&mov("ebx",	&DWP($data_off+4,"esp","",0));	#
+
+	&bswap("eax")	if $swap;
+	&bswap("ebx")	if $swap;
+
+	&mov("ecx",	&DWP($data_off+8,"esp","",0));	# get iv[0]
+	&mov("edx",	&DWP($data_off+12,"esp","",0));	# get iv[1]
+
+	&xor("ecx",	"eax");
+	&xor("edx",	"ebx");
+
+	&mov("eax",	&DWP(0,$in,"",0));	# get old cipher text,
+	&mov("ebx",	&DWP(4,$in,"",0));	# next iv actually
+
+	&mov(&DWP(0,$out,"",0),"ecx");
+	&mov(&DWP(4,$out,"",0),"edx");
+
+	&mov(&DWP($data_off+8,"esp","",0),	"eax");	# save iv
+	&mov(&DWP($data_off+12,"esp","",0),	"ebx");	#
+
+	&add($in,	8);
+	&add($out,	8);
+
+	&sub($count,	8);
+	&jnz(&label("decrypt_loop"));
+############################ ENDIT #######################3
+	&set_label("decrypt_finish");
+	&mov($count,	&wparam(2));	# length
+	&and($count,	7);
+	&jz(&label("finish"));
+
+	&mov("eax",	&DWP(0,$in,"",0));	# load first 4 bytes
+	&mov("ebx",	&DWP(4,$in,"",0));	# second 4 bytes
+
+	&bswap("eax")	if $swap;
+	&bswap("ebx")	if $swap;
+
+	&mov(&DWP($data_off,"esp","",0),	"eax");	# put back
+	&mov(&DWP($data_off+4,"esp","",0),	"ebx");	#
+
+	&call($dec_func);
+
+	&mov("eax",	&DWP($data_off,"esp","",0));	# get return
+	&mov("ebx",	&DWP($data_off+4,"esp","",0));	#
+
+	&bswap("eax")	if $swap;
+	&bswap("ebx")	if $swap;
+
+	&mov("ecx",	&DWP($data_off+8,"esp","",0));	# get iv[0]
+	&mov("edx",	&DWP($data_off+12,"esp","",0));	# get iv[1]
+
+	&xor("ecx",	"eax");
+	&xor("edx",	"ebx");
+
+	# this is for when we exit
+	&mov("eax",	&DWP(0,$in,"",0));	# get old cipher text,
+	&mov("ebx",	&DWP(4,$in,"",0));	# next iv actually
+
+&set_label("dj7");
+	&rotr("edx",	16);
+	&movb(&BP(6,$out,"",0),	&LB("edx"));
+	&shr("edx",16);
+&set_label("dj6");
+	&movb(&BP(5,$out,"",0),	&HB("edx"));
+&set_label("dj5");
+	&movb(&BP(4,$out,"",0),	&LB("edx"));
+&set_label("dj4");
+	&mov(&DWP(0,$out,"",0),	"ecx");
+	&jmp(&label("djend"));
+&set_label("dj3");
+	&rotr("ecx",	16);
+	&movb(&BP(2,$out,"",0),	&LB("ecx"));
+	&shl("ecx",16);
+&set_label("dj2");
+	&movb(&BP(1,$in,"",0),	&HB("ecx"));
+&set_label("dj1");
+	&movb(&BP(0,$in,"",0),	&LB("ecx"));
+&set_label("djend");
+
+	# final iv is still in eax:ebx
+	&jmp(&label("finish"));
+
+
+############################ FINISH #######################3
+	&set_label("finish",1);
+	&mov("ecx",	&wparam($iv_off));	# Get iv ptr
+
+	#################################################
+	$total=16+4;
+	$total+=4 if ($p1 > 0);
+	$total+=4 if ($p2 > 0);
+	$total+=4 if ($p3 > 0);
+	&add("esp",$total);
+
+	&mov(&DWP(0,"ecx","",0),	"eax");	# save iv
+	&mov(&DWP(4,"ecx","",0),	"ebx");	# save iv
+
+	&function_end_A($name);
+
+	&set_label("cbc_enc_jmp_table",1);
+	&data_word("0");
+	&data_word(&label("ej1"));
+	&data_word(&label("ej2"));
+	&data_word(&label("ej3"));
+	&data_word(&label("ej4"));
+	&data_word(&label("ej5"));
+	&data_word(&label("ej6"));
+	&data_word(&label("ej7"));
+	&set_label("cbc_dec_jmp_table",1);
+	&data_word("0");
+	&data_word(&label("dj1"));
+	&data_word(&label("dj2"));
+	&data_word(&label("dj3"));
+	&data_word(&label("dj4"));
+	&data_word(&label("dj5"));
+	&data_word(&label("dj6"));
+	&data_word(&label("dj7"));
+
+	&function_end_B($name);
+	
+	}
+
+1;
diff --git a/crypto/openssl/crypto/perlasm/readme b/crypto/openssl/crypto/perlasm/readme
new file mode 100644
index 000000000000..f02bbee75a1b
--- /dev/null
+++ b/crypto/openssl/crypto/perlasm/readme
@@ -0,0 +1,124 @@
+The perl scripts in this directory are my 'hack' to generate
+multiple different assembler formats via the one origional script.
+
+The way to use this library is to start with adding the path to this directory
+and then include it.
+
+push(@INC,"perlasm","../../perlasm");
+require "x86asm.pl";
+
+The first thing we do is setup the file and type of assember
+
+&asm_init($ARGV[0],$0);
+
+The first argument is the 'type'.  Currently
+'cpp', 'sol', 'a.out', 'elf' or 'win32'.
+Argument 2 is the file name.
+
+The reciprocal function is
+&asm_finish() which should be called at the end.
+
+There are 2 main 'packages'. x86ms.pl, which is the microsoft assembler,
+and x86unix.pl which is the unix (gas) version.
+
+Functions of interest are:
+&external_label("des_SPtrans");	declare and external variable
+&LB(reg);			Low byte for a register
+&HB(reg);			High byte for a register
+&BP(off,base,index,scale)	Byte pointer addressing
+&DWP(off,base,index,scale)	Word pointer addressing
+&stack_push(num)		Basically a 'sub esp, num*4' with extra
+&stack_pop(num)			inverse of stack_push
+&function_begin(name,extra)	Start a function with pushing of
+				edi, esi, ebx and ebp.  extra is extra win32
+				external info that may be required.
+&function_begin_B(name,extra)	Same as norma function_begin but no pushing.
+&function_end(name)		Call at end of function.
+&function_end_A(name)		Standard pop and ret, for use inside functions
+&function_end_B(name)		Call at end but with poping or 'ret'.
+&swtmp(num)			Address on stack temp word.
+&wparam(num)			Parameter number num, that was push
+				in C convention.  This all works over pushes
+				and pops.
+&comment("hello there")		Put in a comment.
+&label("loop")			Refer to a label, normally a jmp target.
+&set_label("loop")		Set a label at this point.
+&data_word(word)		Put in a word of data.
+
+So how does this all hold together?  Given
+
+int calc(int len, int *data)
+	{
+	int i,j=0;
+
+	for (i=0; i");
+&comment("");
+
+	$filename =~ s/\.pl$//;
+	&file($filename);
+	}
+
+sub asm_finish_cpp
+	{
+	return unless $cpp;
+
+	local($tmp,$i);
+	foreach $i (&get_labels())
+		{
+		$tmp.="#define $i _$i\n";
+		}
+	print <<"EOF";
+/* Run the C pre-processor over this file with one of the following defined
+ * ELF - elf object files,
+ * OUT - a.out object files,
+ * BSDI - BSDI style a.out object files
+ * SOL - Solaris style elf
+ */
+
+#define TYPE(a,b)       .type   a,b
+#define SIZE(a,b)       .size   a,b
+
+#if defined(OUT) || (defined(BSDI) && !defined(ELF))
+$tmp
+#endif
+
+#ifdef OUT
+#define OK	1
+#define ALIGN	4
+#endif
+
+#if defined(BSDI) && !defined(ELF)
+#define OK              1
+#define ALIGN           4
+#undef SIZE
+#undef TYPE
+#define SIZE(a,b)
+#define TYPE(a,b)
+#endif
+
+#if defined(ELF) || defined(SOL)
+#define OK              1
+#define ALIGN           16
+#endif
+
+#ifndef OK
+You need to define one of
+ELF - elf systems - linux-elf, NetBSD and DG-UX
+OUT - a.out systems - linux-a.out and FreeBSD
+SOL - solaris systems, which are elf with strange comment lines
+BSDI - a.out with a very primative version of as.
+#endif
+
+/* Let the Assembler begin :-) */
+EOF
+	}
+
+1;
diff --git a/crypto/openssl/crypto/perlasm/x86ms.pl b/crypto/openssl/crypto/perlasm/x86ms.pl
new file mode 100644
index 000000000000..51dcce067fab
--- /dev/null
+++ b/crypto/openssl/crypto/perlasm/x86ms.pl
@@ -0,0 +1,358 @@
+#!/usr/local/bin/perl
+
+package x86ms;
+
+$label="L000";
+
+%lb=(	'eax',	'al',
+	'ebx',	'bl',
+	'ecx',	'cl',
+	'edx',	'dl',
+	'ax',	'al',
+	'bx',	'bl',
+	'cx',	'cl',
+	'dx',	'dl',
+	);
+
+%hb=(	'eax',	'ah',
+	'ebx',	'bh',
+	'ecx',	'ch',
+	'edx',	'dh',
+	'ax',	'ah',
+	'bx',	'bh',
+	'cx',	'ch',
+	'dx',	'dh',
+	);
+
+sub main'asm_init_output { @out=(); }
+sub main'asm_get_output { return(@out); }
+sub main'get_labels { return(@labels); }
+sub main'external_label { push(@labels,@_); }
+
+sub main'LB
+	{
+	(defined($lb{$_[0]})) || die "$_[0] does not have a 'low byte'\n";
+	return($lb{$_[0]});
+	}
+
+sub main'HB
+	{
+	(defined($hb{$_[0]})) || die "$_[0] does not have a 'high byte'\n";
+	return($hb{$_[0]});
+	}
+
+sub main'BP
+	{
+	&get_mem("BYTE",@_);
+	}
+
+sub main'DWP
+	{
+	&get_mem("DWORD",@_);
+	}
+
+sub main'BC
+	{
+	return @_;
+	}
+
+sub main'DWC
+	{
+	return @_;
+	}
+
+sub main'stack_push
+	{
+	local($num)=@_;
+	$stack+=$num*4;
+	&main'sub("esp",$num*4);
+	}
+
+sub main'stack_pop
+	{
+	local($num)=@_;
+	$stack-=$num*4;
+	&main'add("esp",$num*4);
+	}
+
+sub get_mem
+	{
+	local($size,$addr,$reg1,$reg2,$idx)=@_;
+	local($t,$post);
+	local($ret)="$size PTR ";
+
+	$addr =~ s/^\s+//;
+	if ($addr =~ /^(.+)\+(.+)$/)
+		{
+		$reg2=&conv($1);
+		$addr="_$2";
+		}
+	elsif ($addr =~ /^[_a-zA-Z]/)
+		{
+		$addr="_$addr";
+		}
+
+	$reg1="$regs{$reg1}" if defined($regs{$reg1});
+	$reg2="$regs{$reg2}" if defined($regs{$reg2});
+	if (($addr ne "") && ($addr ne 0))
+		{
+		if ($addr !~ /^-/)
+			{ $ret.=$addr; }
+		else	{ $post=$addr; }
+		}
+	if ($reg2 ne "")
+		{
+		$t="";
+		$t="*$idx" if ($idx != 0);
+		$reg1="+".$reg1 if ("$reg1$post" ne "");
+		$ret.="[$reg2$t$reg1$post]";
+		}
+	else
+		{
+		$ret.="[$reg1$post]"
+		}
+	return($ret);
+	}
+
+sub main'mov	{ &out2("mov",@_); }
+sub main'movb	{ &out2("mov",@_); }
+sub main'and	{ &out2("and",@_); }
+sub main'or	{ &out2("or",@_); }
+sub main'shl	{ &out2("shl",@_); }
+sub main'shr	{ &out2("shr",@_); }
+sub main'xor	{ &out2("xor",@_); }
+sub main'xorb	{ &out2("xor",@_); }
+sub main'add	{ &out2("add",@_); }
+sub main'adc	{ &out2("adc",@_); }
+sub main'sub	{ &out2("sub",@_); }
+sub main'rotl	{ &out2("rol",@_); }
+sub main'rotr	{ &out2("ror",@_); }
+sub main'exch	{ &out2("xchg",@_); }
+sub main'cmp	{ &out2("cmp",@_); }
+sub main'lea	{ &out2("lea",@_); }
+sub main'mul	{ &out1("mul",@_); }
+sub main'div	{ &out1("div",@_); }
+sub main'dec	{ &out1("dec",@_); }
+sub main'inc	{ &out1("inc",@_); }
+sub main'jmp	{ &out1("jmp",@_); }
+sub main'jmp_ptr { &out1p("jmp",@_); }
+sub main'je	{ &out1("je",@_); }
+sub main'jle	{ &out1("jle",@_); }
+sub main'jz	{ &out1("jz",@_); }
+sub main'jge	{ &out1("jge",@_); }
+sub main'jl	{ &out1("jl",@_); }
+sub main'jb	{ &out1("jb",@_); }
+sub main'jc	{ &out1("jc",@_); }
+sub main'jnc	{ &out1("jnc",@_); }
+sub main'jnz	{ &out1("jnz",@_); }
+sub main'jne	{ &out1("jne",@_); }
+sub main'jno	{ &out1("jno",@_); }
+sub main'push	{ &out1("push",@_); $stack+=4; }
+sub main'pop	{ &out1("pop",@_); $stack-=4; }
+sub main'bswap	{ &out1("bswap",@_); &using486(); }
+sub main'not	{ &out1("not",@_); }
+sub main'call	{ &out1("call",'_'.$_[0]); }
+sub main'ret	{ &out0("ret"); }
+sub main'nop	{ &out0("nop"); }
+
+sub out2
+	{
+	local($name,$p1,$p2)=@_;
+	local($l,$t);
+
+	push(@out,"\t$name\t");
+	$t=&conv($p1).",";
+	$l=length($t);
+	push(@out,$t);
+	$l=4-($l+9)/8;
+	push(@out,"\t" x $l);
+	push(@out,&conv($p2));
+	push(@out,"\n");
+	}
+
+sub out0
+	{
+	local($name)=@_;
+
+	push(@out,"\t$name\n");
+	}
+
+sub out1
+	{
+	local($name,$p1)=@_;
+	local($l,$t);
+
+	push(@out,"\t$name\t".&conv($p1)."\n");
+	}
+
+sub conv
+	{
+	local($p)=@_;
+
+	$p =~ s/0x([0-9A-Fa-f]+)/0$1h/;
+	return $p;
+	}
+
+sub using486
+	{
+	return if $using486;
+	$using486++;
+	grep(s/\.386/\.486/,@out);
+	}
+
+sub main'file
+	{
+	local($file)=@_;
+
+	local($tmp)=<<"EOF";
+	TITLE	$file.asm
+        .386
+.model FLAT
+EOF
+	push(@out,$tmp);
+	}
+
+sub main'function_begin
+	{
+	local($func,$extra)=@_;
+
+	push(@labels,$func);
+
+	local($tmp)=<<"EOF";
+_TEXT	SEGMENT
+PUBLIC	_$func
+$extra
+_$func PROC NEAR
+	push	ebp
+	push	ebx
+	push	esi
+	push	edi
+EOF
+	push(@out,$tmp);
+	$stack=20;
+	}
+
+sub main'function_begin_B
+	{
+	local($func,$extra)=@_;
+
+	local($tmp)=<<"EOF";
+_TEXT	SEGMENT
+PUBLIC	_$func
+$extra
+_$func PROC NEAR
+EOF
+	push(@out,$tmp);
+	$stack=4;
+	}
+
+sub main'function_end
+	{
+	local($func)=@_;
+
+	local($tmp)=<<"EOF";
+	pop	edi
+	pop	esi
+	pop	ebx
+	pop	ebp
+	ret
+_$func ENDP
+_TEXT	ENDS
+EOF
+	push(@out,$tmp);
+	$stack=0;
+	%label=();
+	}
+
+sub main'function_end_B
+	{
+	local($func)=@_;
+
+	local($tmp)=<<"EOF";
+_$func ENDP
+_TEXT	ENDS
+EOF
+	push(@out,$tmp);
+	$stack=0;
+	%label=();
+	}
+
+sub main'function_end_A
+	{
+	local($func)=@_;
+
+	local($tmp)=<<"EOF";
+	pop	edi
+	pop	esi
+	pop	ebx
+	pop	ebp
+	ret
+EOF
+	push(@out,$tmp);
+	}
+
+sub main'file_end
+	{
+	push(@out,"END\n");
+	}
+
+sub main'wparam
+	{
+	local($num)=@_;
+
+	return(&main'DWP($stack+$num*4,"esp","",0));
+	}
+
+sub main'swtmp
+	{
+	return(&main'DWP($_[0]*4,"esp","",0));
+	}
+
+# Should use swtmp, which is above esp.  Linix can trash the stack above esp
+#sub main'wtmp
+#	{
+#	local($num)=@_;
+#
+#	return(&main'DWP(-(($num+1)*4),"esp","",0));
+#	}
+
+sub main'comment
+	{
+	foreach (@_)
+		{
+		push(@out,"\t; $_\n");
+		}
+	}
+
+sub main'label
+	{
+	if (!defined($label{$_[0]}))
+		{
+		$label{$_[0]}="\$${label}${_[0]}";
+		$label++;
+		}
+	return($label{$_[0]});
+	}
+
+sub main'set_label
+	{
+	if (!defined($label{$_[0]}))
+		{
+		$label{$_[0]}="${label}${_[0]}";
+		$label++;
+		}
+	push(@out,"$label{$_[0]}:\n");
+	}
+
+sub main'data_word
+	{
+	push(@out,"\tDD\t$_[0]\n");
+	}
+
+sub out1p
+	{
+	local($name,$p1)=@_;
+	local($l,$t);
+
+	push(@out,"\t$name\t ".&conv($p1)."\n");
+	}
diff --git a/crypto/openssl/crypto/perlasm/x86nasm.pl b/crypto/openssl/crypto/perlasm/x86nasm.pl
new file mode 100644
index 000000000000..b4da364bbfd5
--- /dev/null
+++ b/crypto/openssl/crypto/perlasm/x86nasm.pl
@@ -0,0 +1,342 @@
+#!/usr/local/bin/perl
+
+package x86nasm;
+
+$label="L000";
+
+%lb=(	'eax',	'al',
+	'ebx',	'bl',
+	'ecx',	'cl',
+	'edx',	'dl',
+	'ax',	'al',
+	'bx',	'bl',
+	'cx',	'cl',
+	'dx',	'dl',
+	);
+
+%hb=(	'eax',	'ah',
+	'ebx',	'bh',
+	'ecx',	'ch',
+	'edx',	'dh',
+	'ax',	'ah',
+	'bx',	'bh',
+	'cx',	'ch',
+	'dx',	'dh',
+	);
+
+sub main'asm_init_output { @out=(); }
+sub main'asm_get_output { return(@out); }
+sub main'get_labels { return(@labels); }
+
+sub main'external_label
+{
+	push(@labels,@_);
+	foreach (@_) {
+		push(@out, "extern\t_$_\n");
+	}
+}
+
+sub main'LB
+	{
+	(defined($lb{$_[0]})) || die "$_[0] does not have a 'low byte'\n";
+	return($lb{$_[0]});
+	}
+
+sub main'HB
+	{
+	(defined($hb{$_[0]})) || die "$_[0] does not have a 'high byte'\n";
+	return($hb{$_[0]});
+	}
+
+sub main'BP
+	{
+	&get_mem("BYTE",@_);
+	}
+
+sub main'DWP
+	{
+	&get_mem("DWORD",@_);
+	}
+
+sub main'BC
+	{
+	return "BYTE @_";
+	}
+
+sub main'DWC
+	{
+	return "DWORD @_";
+	}
+
+sub main'stack_push
+	{
+	my($num)=@_;
+	$stack+=$num*4;
+	&main'sub("esp",$num*4);
+	}
+
+sub main'stack_pop
+	{
+	my($num)=@_;
+	$stack-=$num*4;
+	&main'add("esp",$num*4);
+	}
+
+sub get_mem
+	{
+	my($size,$addr,$reg1,$reg2,$idx)=@_;
+	my($t,$post);
+	my($ret)="[";
+	$addr =~ s/^\s+//;
+	if ($addr =~ /^(.+)\+(.+)$/)
+		{
+		$reg2=&conv($1);
+		$addr="_$2";
+		}
+	elsif ($addr =~ /^[_a-zA-Z]/)
+		{
+		$addr="_$addr";
+		}
+
+	$reg1="$regs{$reg1}" if defined($regs{$reg1});
+	$reg2="$regs{$reg2}" if defined($regs{$reg2});
+	if (($addr ne "") && ($addr ne 0))
+		{
+		if ($addr !~ /^-/)
+			{ $ret.="${addr}+"; }
+		else	{ $post=$addr; }
+		}
+	if ($reg2 ne "")
+		{
+		$t="";
+		$t="*$idx" if ($idx != 0);
+		$reg1="+".$reg1 if ("$reg1$post" ne "");
+		$ret.="$reg2$t$reg1$post]";
+		}
+	else
+		{
+		$ret.="$reg1$post]"
+		}
+	return($ret);
+	}
+
+sub main'mov	{ &out2("mov",@_); }
+sub main'movb	{ &out2("mov",@_); }
+sub main'and	{ &out2("and",@_); }
+sub main'or	{ &out2("or",@_); }
+sub main'shl	{ &out2("shl",@_); }
+sub main'shr	{ &out2("shr",@_); }
+sub main'xor	{ &out2("xor",@_); }
+sub main'xorb	{ &out2("xor",@_); }
+sub main'add	{ &out2("add",@_); }
+sub main'adc	{ &out2("adc",@_); }
+sub main'sub	{ &out2("sub",@_); }
+sub main'rotl	{ &out2("rol",@_); }
+sub main'rotr	{ &out2("ror",@_); }
+sub main'exch	{ &out2("xchg",@_); }
+sub main'cmp	{ &out2("cmp",@_); }
+sub main'lea	{ &out2("lea",@_); }
+sub main'mul	{ &out1("mul",@_); }
+sub main'div	{ &out1("div",@_); }
+sub main'dec	{ &out1("dec",@_); }
+sub main'inc	{ &out1("inc",@_); }
+sub main'jmp	{ &out1("jmp",@_); }
+sub main'jmp_ptr { &out1p("jmp",@_); }
+
+# This is a bit of a kludge: declare all branches as NEAR.
+sub main'je	{ &out1("je NEAR",@_); }
+sub main'jle	{ &out1("jle NEAR",@_); }
+sub main'jz	{ &out1("jz NEAR",@_); }
+sub main'jge	{ &out1("jge NEAR",@_); }
+sub main'jl	{ &out1("jl NEAR",@_); }
+sub main'jb	{ &out1("jb NEAR",@_); }
+sub main'jc	{ &out1("jc NEAR",@_); }
+sub main'jnc	{ &out1("jnc NEAR",@_); }
+sub main'jnz	{ &out1("jnz NEAR",@_); }
+sub main'jne	{ &out1("jne NEAR",@_); }
+sub main'jno	{ &out1("jno NEAR",@_); }
+
+sub main'push	{ &out1("push",@_); $stack+=4; }
+sub main'pop	{ &out1("pop",@_); $stack-=4; }
+sub main'bswap	{ &out1("bswap",@_); &using486(); }
+sub main'not	{ &out1("not",@_); }
+sub main'call	{ &out1("call",'_'.$_[0]); }
+sub main'ret	{ &out0("ret"); }
+sub main'nop	{ &out0("nop"); }
+
+sub out2
+	{
+	my($name,$p1,$p2)=@_;
+	my($l,$t);
+
+	push(@out,"\t$name\t");
+	$t=&conv($p1).",";
+	$l=length($t);
+	push(@out,$t);
+	$l=4-($l+9)/8;
+	push(@out,"\t" x $l);
+	push(@out,&conv($p2));
+	push(@out,"\n");
+	}
+
+sub out0
+	{
+	my($name)=@_;
+
+	push(@out,"\t$name\n");
+	}
+
+sub out1
+	{
+	my($name,$p1)=@_;
+	my($l,$t);
+	push(@out,"\t$name\t".&conv($p1)."\n");
+	}
+
+sub conv
+	{
+	my($p)=@_;
+	$p =~ s/0x([0-9A-Fa-f]+)/0$1h/;
+	return $p;
+	}
+
+sub using486
+	{
+	return if $using486;
+	$using486++;
+	grep(s/\.386/\.486/,@out);
+	}
+
+sub main'file
+	{
+	push(@out, "segment .text\n");
+	}
+
+sub main'function_begin
+	{
+	my($func,$extra)=@_;
+
+	push(@labels,$func);
+	my($tmp)=<<"EOF";
+global	_$func
+_$func:
+	push	ebp
+	push	ebx
+	push	esi
+	push	edi
+EOF
+	push(@out,$tmp);
+	$stack=20;
+	}
+
+sub main'function_begin_B
+	{
+	my($func,$extra)=@_;
+	my($tmp)=<<"EOF";
+global	_$func
+_$func:
+EOF
+	push(@out,$tmp);
+	$stack=4;
+	}
+
+sub main'function_end
+	{
+	my($func)=@_;
+
+	my($tmp)=<<"EOF";
+	pop	edi
+	pop	esi
+	pop	ebx
+	pop	ebp
+	ret
+EOF
+	push(@out,$tmp);
+	$stack=0;
+	%label=();
+	}
+
+sub main'function_end_B
+	{
+	$stack=0;
+	%label=();
+	}
+
+sub main'function_end_A
+	{
+	my($func)=@_;
+
+	my($tmp)=<<"EOF";
+	pop	edi
+	pop	esi
+	pop	ebx
+	pop	ebp
+	ret
+EOF
+	push(@out,$tmp);
+	}
+
+sub main'file_end
+	{
+	}
+
+sub main'wparam
+	{
+	my($num)=@_;
+
+	return(&main'DWP($stack+$num*4,"esp","",0));
+	}
+
+sub main'swtmp
+	{
+	return(&main'DWP($_[0]*4,"esp","",0));
+	}
+
+# Should use swtmp, which is above esp.  Linix can trash the stack above esp
+#sub main'wtmp
+#	{
+#	my($num)=@_;
+#
+#	return(&main'DWP(-(($num+1)*4),"esp","",0));
+#	}
+
+sub main'comment
+	{
+	foreach (@_)
+		{
+		push(@out,"\t; $_\n");
+		}
+	}
+
+sub main'label
+	{
+	if (!defined($label{$_[0]}))
+		{
+		$label{$_[0]}="\$${label}${_[0]}";
+		$label++;
+		}
+	return($label{$_[0]});
+	}
+
+sub main'set_label
+	{
+	if (!defined($label{$_[0]}))
+		{
+		$label{$_[0]}="${label}${_[0]}";
+		$label++;
+		}
+	push(@out,"$label{$_[0]}:\n");
+	}
+
+sub main'data_word
+	{
+	push(@out,"\tDD\t$_[0]\n");
+	}
+
+sub out1p
+	{
+	my($name,$p1)=@_;
+	my($l,$t);
+
+	push(@out,"\t$name\t ".&conv($p1)."\n");
+	}
diff --git a/crypto/openssl/crypto/perlasm/x86unix.pl b/crypto/openssl/crypto/perlasm/x86unix.pl
new file mode 100644
index 000000000000..8c456b14aff4
--- /dev/null
+++ b/crypto/openssl/crypto/perlasm/x86unix.pl
@@ -0,0 +1,453 @@
+#!/usr/local/bin/perl
+
+package x86unix;
+
+$label="L000";
+
+$align=($main'aout)?"4":"16";
+$under=($main'aout)?"_":"";
+$com_start=($main'sol)?"/":"#";
+
+sub main'asm_init_output { @out=(); }
+sub main'asm_get_output { return(@out); }
+sub main'get_labels { return(@labels); }
+sub main'external_label { push(@labels,@_); }
+
+if ($main'cpp)
+	{
+	$align="ALIGN";
+	$under="";
+	$com_start='/*';
+	$com_end='*/';
+	}
+
+%lb=(	'eax',	'%al',
+	'ebx',	'%bl',
+	'ecx',	'%cl',
+	'edx',	'%dl',
+	'ax',	'%al',
+	'bx',	'%bl',
+	'cx',	'%cl',
+	'dx',	'%dl',
+	);
+
+%hb=(	'eax',	'%ah',
+	'ebx',	'%bh',
+	'ecx',	'%ch',
+	'edx',	'%dh',
+	'ax',	'%ah',
+	'bx',	'%bh',
+	'cx',	'%ch',
+	'dx',	'%dh',
+	);
+
+%regs=(	'eax',	'%eax',
+	'ebx',	'%ebx',
+	'ecx',	'%ecx',
+	'edx',	'%edx',
+	'esi',	'%esi',
+	'edi',	'%edi',
+	'ebp',	'%ebp',
+	'esp',	'%esp',
+	);
+
+%reg_val=(
+	'eax',	0x00,
+	'ebx',	0x03,
+	'ecx',	0x01,
+	'edx',	0x02,
+	'esi',	0x06,
+	'edi',	0x07,
+	'ebp',	0x05,
+	'esp',	0x04,
+	);
+
+sub main'LB
+	{
+	(defined($lb{$_[0]})) || die "$_[0] does not have a 'low byte'\n";
+	return($lb{$_[0]});
+	}
+
+sub main'HB
+	{
+	(defined($hb{$_[0]})) || die "$_[0] does not have a 'high byte'\n";
+	return($hb{$_[0]});
+	}
+
+sub main'DWP
+	{
+	local($addr,$reg1,$reg2,$idx)=@_;
+
+	$ret="";
+	$addr =~ s/(^|[+ \t])([A-Za-z_]+)($|[+ \t])/$1$under$2$3/;
+	$reg1="$regs{$reg1}" if defined($regs{$reg1});
+	$reg2="$regs{$reg2}" if defined($regs{$reg2});
+	$ret.=$addr if ($addr ne "") && ($addr ne 0);
+	if ($reg2 ne "")
+		{
+		if($idx ne "")
+		    { $ret.="($reg1,$reg2,$idx)"; }
+		else
+		    { $ret.="($reg1,$reg2)"; }
+	        }
+	else
+		{ $ret.="($reg1)" }
+	return($ret);
+	}
+
+sub main'BP
+	{
+	return(&main'DWP(@_));
+	}
+
+sub main'BC
+	{
+	return @_;
+	}
+
+sub main'DWC
+	{
+	return @_;
+	}
+
+#sub main'BP
+#	{
+#	local($addr,$reg1,$reg2,$idx)=@_;
+#
+#	$ret="";
+#
+#	$addr =~ s/(^|[+ \t])([A-Za-z_]+)($|[+ \t])/$1$under$2$3/;
+#	$reg1="$regs{$reg1}" if defined($regs{$reg1});
+#	$reg2="$regs{$reg2}" if defined($regs{$reg2});
+#	$ret.=$addr if ($addr ne "") && ($addr ne 0);
+#	if ($reg2 ne "")
+#		{ $ret.="($reg1,$reg2,$idx)"; }
+#	else
+#		{ $ret.="($reg1)" }
+#	return($ret);
+#	}
+
+sub main'mov	{ &out2("movl",@_); }
+sub main'movb	{ &out2("movb",@_); }
+sub main'and	{ &out2("andl",@_); }
+sub main'or	{ &out2("orl",@_); }
+sub main'shl	{ &out2("sall",@_); }
+sub main'shr	{ &out2("shrl",@_); }
+sub main'xor	{ &out2("xorl",@_); }
+sub main'xorb	{ &out2("xorb",@_); }
+sub main'add	{ &out2("addl",@_); }
+sub main'adc	{ &out2("adcl",@_); }
+sub main'sub	{ &out2("subl",@_); }
+sub main'rotl	{ &out2("roll",@_); }
+sub main'rotr	{ &out2("rorl",@_); }
+sub main'exch	{ &out2("xchg",@_); }
+sub main'cmp	{ &out2("cmpl",@_); }
+sub main'lea	{ &out2("leal",@_); }
+sub main'mul	{ &out1("mull",@_); }
+sub main'div	{ &out1("divl",@_); }
+sub main'jmp	{ &out1("jmp",@_); }
+sub main'jmp_ptr { &out1p("jmp",@_); }
+sub main'je	{ &out1("je",@_); }
+sub main'jle	{ &out1("jle",@_); }
+sub main'jne	{ &out1("jne",@_); }
+sub main'jnz	{ &out1("jnz",@_); }
+sub main'jz	{ &out1("jz",@_); }
+sub main'jge	{ &out1("jge",@_); }
+sub main'jl	{ &out1("jl",@_); }
+sub main'jb	{ &out1("jb",@_); }
+sub main'jc	{ &out1("jc",@_); }
+sub main'jnc	{ &out1("jnc",@_); }
+sub main'jno	{ &out1("jno",@_); }
+sub main'dec	{ &out1("decl",@_); }
+sub main'inc	{ &out1("incl",@_); }
+sub main'push	{ &out1("pushl",@_); $stack+=4; }
+sub main'pop	{ &out1("popl",@_); $stack-=4; }
+sub main'not	{ &out1("notl",@_); }
+sub main'call	{ &out1("call",$under.$_[0]); }
+sub main'ret	{ &out0("ret"); }
+sub main'nop	{ &out0("nop"); }
+
+# The bswapl instruction is new for the 486. Emulate if i386.
+sub main'bswap
+	{
+	if ($main'i386)
+		{
+		&main'comment("bswapl @_");
+		&main'exch(main'HB(@_),main'LB(@_));
+		&main'rotr(@_,16);
+		&main'exch(main'HB(@_),main'LB(@_));
+		}
+	else
+		{
+		&out1("bswapl",@_);
+		}
+	}
+
+sub out2
+	{
+	local($name,$p1,$p2)=@_;
+	local($l,$ll,$t);
+	local(%special)=(	"roll",0xD1C0,"rorl",0xD1C8,
+				"rcll",0xD1D0,"rcrl",0xD1D8,
+				"shll",0xD1E0,"shrl",0xD1E8,
+				"sarl",0xD1F8);
+	
+	if ((defined($special{$name})) && defined($regs{$p1}) && ($p2 == 1))
+		{
+		$op=$special{$name}|$reg_val{$p1};
+		$tmp1=sprintf(".byte %d\n",($op>>8)&0xff);
+		$tmp2=sprintf(".byte %d\t",$op     &0xff);
+		push(@out,$tmp1);
+		push(@out,$tmp2);
+
+		$p2=&conv($p2);
+		$p1=&conv($p1);
+		&main'comment("$name $p2 $p1");
+		return;
+		}
+
+	push(@out,"\t$name\t");
+	$t=&conv($p2).",";
+	$l=length($t);
+	push(@out,$t);
+	$ll=4-($l+9)/8;
+	$tmp1=sprintf("\t" x $ll);
+	push(@out,$tmp1);
+	push(@out,&conv($p1)."\n");
+	}
+
+sub out1
+	{
+	local($name,$p1)=@_;
+	local($l,$t);
+	local(%special)=("bswapl",0x0FC8);
+
+	if ((defined($special{$name})) && defined($regs{$p1}))
+		{
+		$op=$special{$name}|$reg_val{$p1};
+		$tmp1=sprintf(".byte %d\n",($op>>8)&0xff);
+		$tmp2=sprintf(".byte %d\t",$op     &0xff);
+		push(@out,$tmp1);
+		push(@out,$tmp2);
+
+		$p2=&conv($p2);
+		$p1=&conv($p1);
+		&main'comment("$name $p2 $p1");
+		return;
+		}
+
+	push(@out,"\t$name\t".&conv($p1)."\n");
+	}
+
+sub out1p
+	{
+	local($name,$p1)=@_;
+	local($l,$t);
+
+	push(@out,"\t$name\t*".&conv($p1)."\n");
+	}
+
+sub out0
+	{
+	push(@out,"\t$_[0]\n");
+	}
+
+sub conv
+	{
+	local($p)=@_;
+
+#	$p =~ s/0x([0-9A-Fa-f]+)/0$1h/;
+
+	$p=$regs{$p} if (defined($regs{$p}));
+
+	$p =~ s/^(-{0,1}[0-9A-Fa-f]+)$/\$$1/;
+	$p =~ s/^(0x[0-9A-Fa-f]+)$/\$$1/;
+	return $p;
+	}
+
+sub main'file
+	{
+	local($file)=@_;
+
+	local($tmp)=<<"EOF";
+	.file	"$file.s"
+	.version	"01.01"
+gcc2_compiled.:
+EOF
+	push(@out,$tmp);
+	}
+
+sub main'function_begin
+	{
+	local($func)=@_;
+
+	&main'external_label($func);
+	$func=$under.$func;
+
+	local($tmp)=<<"EOF";
+.text
+	.align $align
+.globl $func
+EOF
+	push(@out,$tmp);
+	if ($main'cpp)
+		{ $tmp=push(@out,"\tTYPE($func,\@function)\n"); }
+	else	{ $tmp=push(@out,"\t.type\t$func,\@function\n"); }
+	push(@out,"$func:\n");
+	$tmp=<<"EOF";
+	pushl	%ebp
+	pushl	%ebx
+	pushl	%esi
+	pushl	%edi
+
+EOF
+	push(@out,$tmp);
+	$stack=20;
+	}
+
+sub main'function_begin_B
+	{
+	local($func,$extra)=@_;
+
+	&main'external_label($func);
+	$func=$under.$func;
+
+	local($tmp)=<<"EOF";
+.text
+	.align $align
+.globl $func
+EOF
+	push(@out,$tmp);
+	if ($main'cpp)
+		{ push(@out,"\tTYPE($func,\@function)\n"); }
+	else	{ push(@out,"\t.type	$func,\@function\n"); }
+	push(@out,"$func:\n");
+	$stack=4;
+	}
+
+sub main'function_end
+	{
+	local($func)=@_;
+
+	$func=$under.$func;
+
+	local($tmp)=<<"EOF";
+	popl	%edi
+	popl	%esi
+	popl	%ebx
+	popl	%ebp
+	ret
+.${func}_end:
+EOF
+	push(@out,$tmp);
+	if ($main'cpp)
+		{ push(@out,"\tSIZE($func,.${func}_end-$func)\n"); }
+	else	{ push(@out,"\t.size\t$func,.${func}_end-$func\n"); }
+	push(@out,".ident	\"$func\"\n");
+	$stack=0;
+	%label=();
+	}
+
+sub main'function_end_A
+	{
+	local($func)=@_;
+
+	local($tmp)=<<"EOF";
+	popl	%edi
+	popl	%esi
+	popl	%ebx
+	popl	%ebp
+	ret
+EOF
+	push(@out,$tmp);
+	}
+
+sub main'function_end_B
+	{
+	local($func)=@_;
+
+	$func=$under.$func;
+
+	push(@out,".${func}_end:\n");
+	if ($main'cpp)
+		{ push(@out,"\tSIZE($func,.${func}_end-$func)\n"); }
+	else	{ push(@out,"\t.size\t$func,.${func}_end-$func\n"); }
+	push(@out,".ident	\"desasm.pl\"\n");
+	$stack=0;
+	%label=();
+	}
+
+sub main'wparam
+	{
+	local($num)=@_;
+
+	return(&main'DWP($stack+$num*4,"esp","",0));
+	}
+
+sub main'stack_push
+	{
+	local($num)=@_;
+	$stack+=$num*4;
+	&main'sub("esp",$num*4);
+	}
+
+sub main'stack_pop
+	{
+	local($num)=@_;
+	$stack-=$num*4;
+	&main'add("esp",$num*4);
+	}
+
+sub main'swtmp
+	{
+	return(&main'DWP($_[0]*4,"esp","",0));
+	}
+
+# Should use swtmp, which is above esp.  Linix can trash the stack above esp
+#sub main'wtmp
+#	{
+#	local($num)=@_;
+#
+#	return(&main'DWP(-($num+1)*4,"esp","",0));
+#	}
+
+sub main'comment
+	{
+	foreach (@_)
+		{
+		if (/^\s*$/)
+			{ push(@out,"\n"); }
+		else
+			{ push(@out,"\t$com_start $_ $com_end\n"); }
+		}
+	}
+
+sub main'label
+	{
+	if (!defined($label{$_[0]}))
+		{
+		$label{$_[0]}=".${label}${_[0]}";
+		$label++;
+		}
+	return($label{$_[0]});
+	}
+
+sub main'set_label
+	{
+	if (!defined($label{$_[0]}))
+		{
+		$label{$_[0]}=".${label}${_[0]}";
+		$label++;
+		}
+	push(@out,".align $align\n") if ($_[1] != 0);
+	push(@out,"$label{$_[0]}:\n");
+	}
+
+sub main'file_end
+	{
+	}
+
+sub main'data_word
+	{
+	push(@out,"\t.long $_[0]\n");
+	}
diff --git a/crypto/openssl/crypto/pkcs12/Makefile.ssl b/crypto/openssl/crypto/pkcs12/Makefile.ssl
new file mode 100644
index 000000000000..ebffab657ce0
--- /dev/null
+++ b/crypto/openssl/crypto/pkcs12/Makefile.ssl
@@ -0,0 +1,346 @@
+#
+# SSLeay/crypto/asn1/Makefile
+#
+
+DIR=	pkcs12
+TOP=	../..
+CC=	cc
+INCLUDES= -I.. -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=		make -f Makefile.ssl
+MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+MAKEFILE=	Makefile.ssl
+AR=		ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= p12_add.c p12_attr.c p12_bags.c p12_crpt.c p12_crt.c p12_decr.c \
+	p12_init.c p12_key.c p12_kiss.c p12_lib.c p12_mac.c p12_mutl.c\
+	p12_sbag.c p12_utl.c pk12err.c
+LIBOBJ= p12_add.o p12_attr.o p12_bags.o p12_crpt.o p12_crt.o p12_decr.o \
+	p12_init.o p12_key.o p12_kiss.o p12_lib.o p12_mac.o p12_mutl.o\
+	p12_sbag.o p12_utl.o pk12err.o
+
+SRC= $(LIBSRC)
+
+EXHEADER=  pkcs12.h
+HEADER=	$(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+test:
+
+all:	lib
+
+lib:	$(LIBOBJ)
+	$(AR) $(LIB) $(LIBOBJ)
+	$(RANLIB) $(LIB)
+	@touch lib
+
+files:
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+	@for i in $(EXHEADER) ; \
+	do  \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+	done;
+
+tags:
+	ctags $(SRC)
+
+tests:
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+
+dclean:
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+p12_add.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p12_add.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p12_add.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p12_add.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p12_add.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+p12_add.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+p12_add.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p12_add.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+p12_add.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+p12_add.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p12_add.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs12.h
+p12_add.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+p12_add.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p12_add.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p12_add.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p12_add.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+p12_add.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+p12_attr.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p12_attr.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p12_attr.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p12_attr.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p12_attr.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+p12_attr.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+p12_attr.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p12_attr.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+p12_attr.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+p12_attr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p12_attr.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs12.h
+p12_attr.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+p12_attr.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p12_attr.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p12_attr.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p12_attr.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+p12_attr.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+p12_bags.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+p12_bags.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+p12_bags.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+p12_bags.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+p12_bags.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+p12_bags.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+p12_bags.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+p12_bags.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+p12_bags.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+p12_bags.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+p12_bags.o: ../../include/openssl/opensslconf.h
+p12_bags.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs12.h
+p12_bags.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+p12_bags.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p12_bags.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p12_bags.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p12_bags.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+p12_bags.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+p12_crpt.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p12_crpt.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p12_crpt.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p12_crpt.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p12_crpt.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+p12_crpt.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+p12_crpt.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p12_crpt.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+p12_crpt.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+p12_crpt.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p12_crpt.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs12.h
+p12_crpt.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+p12_crpt.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p12_crpt.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p12_crpt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p12_crpt.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+p12_crpt.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+p12_crt.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p12_crt.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p12_crt.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p12_crt.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p12_crt.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+p12_crt.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+p12_crt.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p12_crt.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+p12_crt.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+p12_crt.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p12_crt.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs12.h
+p12_crt.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+p12_crt.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p12_crt.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p12_crt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p12_crt.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+p12_crt.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+p12_decr.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p12_decr.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p12_decr.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p12_decr.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p12_decr.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+p12_decr.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+p12_decr.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p12_decr.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+p12_decr.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+p12_decr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p12_decr.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs12.h
+p12_decr.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+p12_decr.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p12_decr.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p12_decr.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p12_decr.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+p12_decr.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+p12_init.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p12_init.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p12_init.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p12_init.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p12_init.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+p12_init.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+p12_init.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p12_init.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+p12_init.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+p12_init.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p12_init.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs12.h
+p12_init.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+p12_init.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p12_init.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p12_init.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p12_init.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+p12_init.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+p12_key.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p12_key.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p12_key.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p12_key.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p12_key.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+p12_key.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+p12_key.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p12_key.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+p12_key.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+p12_key.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p12_key.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs12.h
+p12_key.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+p12_key.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p12_key.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p12_key.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p12_key.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+p12_key.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+p12_kiss.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p12_kiss.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p12_kiss.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p12_kiss.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p12_kiss.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+p12_kiss.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+p12_kiss.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p12_kiss.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+p12_kiss.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+p12_kiss.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p12_kiss.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs12.h
+p12_kiss.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+p12_kiss.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p12_kiss.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p12_kiss.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p12_kiss.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+p12_kiss.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+p12_lib.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+p12_lib.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+p12_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+p12_lib.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+p12_lib.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+p12_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+p12_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+p12_lib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+p12_lib.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+p12_lib.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+p12_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p12_lib.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p12_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p12_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p12_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p12_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p12_lib.o: ../cryptlib.h
+p12_mac.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+p12_mac.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+p12_mac.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+p12_mac.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+p12_mac.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+p12_mac.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+p12_mac.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+p12_mac.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+p12_mac.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+p12_mac.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+p12_mac.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p12_mac.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_mac.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p12_mac.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p12_mac.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p12_mac.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p12_mac.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p12_mac.o: ../cryptlib.h
+p12_mutl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p12_mutl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p12_mutl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p12_mutl.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p12_mutl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+p12_mutl.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+p12_mutl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p12_mutl.o: ../../include/openssl/hmac.h ../../include/openssl/idea.h
+p12_mutl.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+p12_mutl.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+p12_mutl.o: ../../include/openssl/opensslconf.h
+p12_mutl.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs12.h
+p12_mutl.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+p12_mutl.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p12_mutl.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p12_mutl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p12_mutl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p12_mutl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p12_mutl.o: ../cryptlib.h
+p12_sbag.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+p12_sbag.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+p12_sbag.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+p12_sbag.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+p12_sbag.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+p12_sbag.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+p12_sbag.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+p12_sbag.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+p12_sbag.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+p12_sbag.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+p12_sbag.o: ../../include/openssl/opensslconf.h
+p12_sbag.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs12.h
+p12_sbag.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+p12_sbag.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p12_sbag.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p12_sbag.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p12_sbag.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+p12_sbag.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+p12_utl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p12_utl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p12_utl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p12_utl.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p12_utl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+p12_utl.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+p12_utl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p12_utl.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+p12_utl.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+p12_utl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p12_utl.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs12.h
+p12_utl.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+p12_utl.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p12_utl.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p12_utl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p12_utl.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+p12_utl.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+pk12err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pk12err.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+pk12err.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+pk12err.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+pk12err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+pk12err.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pk12err.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+pk12err.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+pk12err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pk12err.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs12.h
+pk12err.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+pk12err.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+pk12err.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+pk12err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pk12err.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+pk12err.o: ../../include/openssl/x509_vfy.h
diff --git a/crypto/openssl/crypto/pkcs12/p12_add.c b/crypto/openssl/crypto/pkcs12/p12_add.c
new file mode 100644
index 000000000000..ae3d9de3b4a9
--- /dev/null
+++ b/crypto/openssl/crypto/pkcs12/p12_add.c
@@ -0,0 +1,214 @@
+/* p12_add.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+
+/* Pack an object into an OCTET STRING and turn into a safebag */
+
+PKCS12_SAFEBAG *PKCS12_pack_safebag (char *obj, int (*i2d)(), int nid1,
+	     int nid2)
+{
+	PKCS12_BAGS *bag;
+	PKCS12_SAFEBAG *safebag;
+	if (!(bag = PKCS12_BAGS_new ())) {
+		PKCS12err(PKCS12_F_PKCS12_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+	bag->type = OBJ_nid2obj(nid1);
+	if (!ASN1_pack_string(obj, i2d, &bag->value.octet)) {
+		PKCS12err(PKCS12_F_PKCS12_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+	if (!(safebag = PKCS12_SAFEBAG_new ())) {
+		PKCS12err(PKCS12_F_PKCS12_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+	safebag->value.bag = bag;
+	safebag->type = OBJ_nid2obj(nid2);
+	return safebag;
+}
+
+/* Turn PKCS8 object into a keybag */
+
+PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG (PKCS8_PRIV_KEY_INFO *p8)
+{
+	PKCS12_SAFEBAG *bag;
+	if (!(bag = PKCS12_SAFEBAG_new())) {
+		PKCS12err(PKCS12_F_PKCS12_MAKE_KEYBAG,ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+	bag->type = OBJ_nid2obj(NID_keyBag);
+	bag->value.keybag = p8;
+	return bag;
+}
+
+/* Turn PKCS8 object into a shrouded keybag */
+
+PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG (int pbe_nid, const char *pass,
+	     int passlen, unsigned char *salt, int saltlen, int iter,
+	     PKCS8_PRIV_KEY_INFO *p8)
+{
+	PKCS12_SAFEBAG *bag;
+
+	/* Set up the safe bag */
+	if (!(bag = PKCS12_SAFEBAG_new ())) {
+		PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+
+	bag->type = OBJ_nid2obj(NID_pkcs8ShroudedKeyBag);
+	if (!(bag->value.shkeybag = 
+	  PKCS8_encrypt(pbe_nid, NULL, pass, passlen, salt, saltlen, iter,
+									 p8))) {
+		PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+
+	return bag;
+}
+
+/* Turn a stack of SAFEBAGS into a PKCS#7 data Contentinfo */
+PKCS7 *PKCS12_pack_p7data (STACK *sk)
+{
+	PKCS7 *p7;
+	if (!(p7 = PKCS7_new())) {
+		PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+	p7->type = OBJ_nid2obj(NID_pkcs7_data);
+	if (!(p7->d.data = ASN1_OCTET_STRING_new())) {
+		PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+	
+	if (!ASN1_seq_pack(sk, i2d_PKCS12_SAFEBAG, &p7->d.data->data,
+					&p7->d.data->length)) {
+		PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, PKCS12_R_CANT_PACK_STRUCTURE);
+		return NULL;
+	}
+	return p7;
+}
+
+/* Turn a stack of SAFEBAGS into a PKCS#7 encrypted data ContentInfo */
+
+PKCS7 *PKCS12_pack_p7encdata (int pbe_nid, const char *pass, int passlen,
+	     unsigned char *salt, int saltlen, int iter, STACK *bags)
+{
+	PKCS7 *p7;
+	X509_ALGOR *pbe;
+	if (!(p7 = PKCS7_new())) {
+		PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+	p7->type = OBJ_nid2obj(NID_pkcs7_encrypted);
+	if (!(p7->d.encrypted = PKCS7_ENCRYPT_new ())) {
+		PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+	ASN1_INTEGER_set (p7->d.encrypted->version, 0);
+	p7->d.encrypted->enc_data->content_type = OBJ_nid2obj(NID_pkcs7_data);
+	if (!(pbe = PKCS5_pbe_set (pbe_nid, iter, salt, saltlen))) {
+		PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+	X509_ALGOR_free(p7->d.encrypted->enc_data->algorithm);
+	p7->d.encrypted->enc_data->algorithm = pbe;
+	ASN1_OCTET_STRING_free(p7->d.encrypted->enc_data->enc_data);
+	if (!(p7->d.encrypted->enc_data->enc_data =
+	PKCS12_i2d_encrypt (pbe, i2d_PKCS12_SAFEBAG, pass, passlen,
+				 (char *)bags, 1))) {
+		PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, PKCS12_R_ENCRYPT_ERROR);
+		return NULL;
+	}
+
+	return p7;
+}
+
+X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher,
+			 const char *pass, int passlen,
+			 unsigned char *salt, int saltlen, int iter,
+						PKCS8_PRIV_KEY_INFO *p8inf)
+{
+	X509_SIG *p8;
+	X509_ALGOR *pbe;
+
+	if (!(p8 = X509_SIG_new())) {
+		PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+
+	if(pbe_nid == -1) pbe = PKCS5_pbe2_set(cipher, iter, salt, saltlen);
+	else pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen);
+	if(!pbe) {
+		PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+	X509_ALGOR_free(p8->algor);
+	p8->algor = pbe;
+	ASN1_OCTET_STRING_free(p8->digest);
+	if (!(p8->digest = 
+	PKCS12_i2d_encrypt (pbe, i2d_PKCS8_PRIV_KEY_INFO, pass, passlen,
+						 (char *)p8inf, 0))) {
+		PKCS12err(PKCS12_F_PKCS8_ENCRYPT, PKCS12_R_ENCRYPT_ERROR);
+		return NULL;
+	}
+
+	return p8;
+}
diff --git a/crypto/openssl/crypto/pkcs12/p12_attr.c b/crypto/openssl/crypto/pkcs12/p12_attr.c
new file mode 100644
index 000000000000..31c9782b7756
--- /dev/null
+++ b/crypto/openssl/crypto/pkcs12/p12_attr.c
@@ -0,0 +1,238 @@
+/* p12_attr.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+
+/* Add a local keyid to a safebag */
+
+int PKCS12_add_localkeyid (PKCS12_SAFEBAG *bag, unsigned char *name,
+	     int namelen)
+{
+	X509_ATTRIBUTE *attrib;
+	ASN1_BMPSTRING *oct;
+	ASN1_TYPE *keyid;
+	if (!(keyid = ASN1_TYPE_new ())) {
+		PKCS12err(PKCS12_F_PKCS12_ADD_LOCALKEYID, ERR_R_MALLOC_FAILURE);
+		return 0;
+	}
+	keyid->type = V_ASN1_OCTET_STRING;
+	if (!(oct = ASN1_OCTET_STRING_new())) {
+		PKCS12err(PKCS12_F_PKCS12_ADD_LOCALKEYID, ERR_R_MALLOC_FAILURE);
+		return 0;
+	}
+	if (!ASN1_OCTET_STRING_set(oct, name, namelen)) {
+		PKCS12err(PKCS12_F_PKCS12_ADD_LOCALKEYID, ERR_R_MALLOC_FAILURE);
+		return 0;
+	}
+	keyid->value.octet_string = oct;
+	if (!(attrib = X509_ATTRIBUTE_new ())) {
+		PKCS12err(PKCS12_F_PKCS12_ADD_LOCALKEYID, ERR_R_MALLOC_FAILURE);
+		return 0;
+	}
+	attrib->object = OBJ_nid2obj(NID_localKeyID);
+	if (!(attrib->value.set = sk_ASN1_TYPE_new(NULL))) {
+		PKCS12err(PKCS12_F_PKCS12_ADD_LOCALKEYID, ERR_R_MALLOC_FAILURE);
+		return 0;
+	}
+	sk_ASN1_TYPE_push (attrib->value.set,keyid);
+	attrib->set = 1;
+	if (!bag->attrib && !(bag->attrib = sk_X509_ATTRIBUTE_new (NULL))) {
+		PKCS12err(PKCS12_F_PKCS12_ADD_LOCALKEYID, ERR_R_MALLOC_FAILURE);
+		return 0;
+	}
+	sk_X509_ATTRIBUTE_push (bag->attrib, attrib);
+	return 1;
+}
+
+/* Add key usage to PKCS#8 structure */
+
+int PKCS8_add_keyusage (PKCS8_PRIV_KEY_INFO *p8, int usage)
+{
+	X509_ATTRIBUTE *attrib;
+	ASN1_BIT_STRING *bstr;
+	ASN1_TYPE *keyid;
+	unsigned char us_val;
+	us_val = (unsigned char) usage;
+	if (!(keyid = ASN1_TYPE_new ())) {
+		PKCS12err(PKCS12_F_PKCS8_ADD_KEYUSAGE, ERR_R_MALLOC_FAILURE);
+		return 0;
+	}
+	keyid->type = V_ASN1_BIT_STRING;
+	if (!(bstr = ASN1_BIT_STRING_new())) {
+		PKCS12err(PKCS12_F_PKCS8_ADD_KEYUSAGE, ERR_R_MALLOC_FAILURE);
+		return 0;
+	}
+	if (!ASN1_BIT_STRING_set(bstr, &us_val, 1)) {
+		PKCS12err(PKCS12_F_PKCS8_ADD_KEYUSAGE, ERR_R_MALLOC_FAILURE);
+		return 0;
+	}
+	keyid->value.bit_string = bstr;
+	if (!(attrib = X509_ATTRIBUTE_new ())) {
+		PKCS12err(PKCS12_F_PKCS8_ADD_KEYUSAGE, ERR_R_MALLOC_FAILURE);
+		return 0;
+	}
+	attrib->object = OBJ_nid2obj(NID_key_usage);
+	if (!(attrib->value.set = sk_ASN1_TYPE_new(NULL))) {
+		PKCS12err(PKCS12_F_PKCS8_ADD_KEYUSAGE, ERR_R_MALLOC_FAILURE);
+		return 0;
+	}
+	sk_ASN1_TYPE_push (attrib->value.set,keyid);
+	attrib->set = 1;
+	if (!p8->attributes
+	    && !(p8->attributes = sk_X509_ATTRIBUTE_new (NULL))) {
+		PKCS12err(PKCS12_F_PKCS8_ADD_KEYUSAGE, ERR_R_MALLOC_FAILURE);
+		return 0;
+	}
+	sk_X509_ATTRIBUTE_push (p8->attributes, attrib);
+	return 1;
+}
+
+/* Add a friendlyname to a safebag */
+
+int PKCS12_add_friendlyname_asc (PKCS12_SAFEBAG *bag, const char *name,
+				 int namelen)
+{
+	unsigned char *uniname;
+	int ret, unilen;
+	if (!asc2uni(name, &uniname, &unilen)) {
+		PKCS12err(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC,
+							ERR_R_MALLOC_FAILURE);
+		return 0;
+	}
+	ret = PKCS12_add_friendlyname_uni (bag, uniname, unilen);
+	Free(uniname);
+	return ret;
+}
+	
+
+int PKCS12_add_friendlyname_uni (PKCS12_SAFEBAG *bag,
+				 const unsigned char *name, int namelen)
+{
+	X509_ATTRIBUTE *attrib;
+	ASN1_BMPSTRING *bmp;
+	ASN1_TYPE *fname;
+	/* Zap ending double null if included */
+	if(!name[namelen - 1] && !name[namelen - 2]) namelen -= 2;
+	if (!(fname = ASN1_TYPE_new ())) {
+		PKCS12err(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI,
+							ERR_R_MALLOC_FAILURE);
+		return 0;
+	}
+	fname->type = V_ASN1_BMPSTRING;
+	if (!(bmp = ASN1_BMPSTRING_new())) {
+		PKCS12err(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI,
+							ERR_R_MALLOC_FAILURE);
+		return 0;
+	}
+	if (!(bmp->data = Malloc (namelen))) {
+		PKCS12err(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI,
+							ERR_R_MALLOC_FAILURE);
+		return 0;
+	}
+	memcpy (bmp->data, name, namelen);
+	bmp->length = namelen;
+	fname->value.bmpstring = bmp;
+	if (!(attrib = X509_ATTRIBUTE_new ())) {
+		PKCS12err(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI,
+							ERR_R_MALLOC_FAILURE);
+		return 0;
+	}
+	attrib->object = OBJ_nid2obj(NID_friendlyName);
+	if (!(attrib->value.set = sk_ASN1_TYPE_new(NULL))) {
+		PKCS12err(PKCS12_F_PKCS12_ADD_FRIENDLYNAME,
+							ERR_R_MALLOC_FAILURE);
+		return 0;
+	}
+	sk_ASN1_TYPE_push (attrib->value.set,fname);
+	attrib->set = 1;
+	if (!bag->attrib && !(bag->attrib = sk_X509_ATTRIBUTE_new (NULL))) {
+		PKCS12err(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI,
+							ERR_R_MALLOC_FAILURE);
+		return 0;
+	}
+	sk_X509_ATTRIBUTE_push (bag->attrib, attrib);
+	return PKCS12_OK;
+}
+
+ASN1_TYPE *PKCS12_get_attr_gen (STACK_OF(X509_ATTRIBUTE) *attrs, int attr_nid)
+{
+	X509_ATTRIBUTE *attrib;
+	int i;
+	if (!attrs) return NULL;
+	for (i = 0; i < sk_X509_ATTRIBUTE_num (attrs); i++) {
+		attrib = sk_X509_ATTRIBUTE_value (attrs, i);
+		if (OBJ_obj2nid (attrib->object) == attr_nid) {
+			if (sk_ASN1_TYPE_num (attrib->value.set))
+			    return sk_ASN1_TYPE_value(attrib->value.set, 0);
+			else return NULL;
+		}
+	}
+	return NULL;
+}
+
+char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag)
+{
+	ASN1_TYPE *atype;
+	if (!(atype = PKCS12_get_attr(bag, NID_friendlyName))) return NULL;
+	if (atype->type != V_ASN1_BMPSTRING) return NULL;
+	return uni2asc(atype->value.bmpstring->data,
+				 atype->value.bmpstring->length);
+}
+
diff --git a/crypto/openssl/crypto/pkcs12/p12_bags.c b/crypto/openssl/crypto/pkcs12/p12_bags.c
new file mode 100644
index 000000000000..d6eab92c8330
--- /dev/null
+++ b/crypto/openssl/crypto/pkcs12/p12_bags.c
@@ -0,0 +1,192 @@
+/* p12_bags.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+
+int i2d_PKCS12_BAGS(PKCS12_BAGS *a, unsigned char **pp)
+{
+	int bagnid, v = 0;
+	M_ASN1_I2D_vars(a);
+	bagnid = OBJ_obj2nid (a->type);
+	M_ASN1_I2D_len (a->type, i2d_ASN1_OBJECT);
+	
+	switch (bagnid) {
+
+		case NID_x509Certificate:
+			M_ASN1_I2D_len_EXP_opt (a->value.x509cert,
+						 i2d_ASN1_OCTET_STRING, 0, v);
+		break;
+
+		case NID_x509Crl:
+			M_ASN1_I2D_len_EXP_opt (a->value.x509crl,
+						 i2d_ASN1_OCTET_STRING, 0, v);
+		break;
+
+		case NID_sdsiCertificate:
+			M_ASN1_I2D_len_EXP_opt (a->value.sdsicert,
+						 i2d_ASN1_IA5STRING, 0, v);
+		break;
+
+		default:
+			M_ASN1_I2D_len_EXP_opt (a->value.other,
+						 i2d_ASN1_TYPE, 0, v);
+		break;
+	}
+
+	M_ASN1_I2D_seq_total ();
+	
+	M_ASN1_I2D_put (a->type, i2d_ASN1_OBJECT);
+	
+	switch (bagnid) {
+
+		case NID_x509Certificate:
+			M_ASN1_I2D_put_EXP_opt (a->value.x509cert,
+						 i2d_ASN1_OCTET_STRING, 0, v);
+		break;
+
+		case NID_x509Crl:
+			M_ASN1_I2D_put_EXP_opt (a->value.x509crl,
+						 i2d_ASN1_OCTET_STRING, 0, v);
+		break;
+
+		case NID_sdsiCertificate:
+			M_ASN1_I2D_put_EXP_opt (a->value.sdsicert,
+						 i2d_ASN1_IA5STRING, 0, v);
+		break;
+
+		default:
+		M_ASN1_I2D_put_EXP_opt (a->value.other, i2d_ASN1_TYPE, 0, v);
+		break;
+	}
+	M_ASN1_I2D_finish();
+}
+
+PKCS12_BAGS *PKCS12_BAGS_new(void)
+{
+	PKCS12_BAGS *ret=NULL;
+	ASN1_CTX c;
+	M_ASN1_New_Malloc(ret, PKCS12_BAGS);
+	ret->type=NULL;
+	ret->value.other=NULL;
+	return (ret);
+	M_ASN1_New_Error(ASN1_F_PKCS12_BAGS_NEW);
+}
+
+PKCS12_BAGS *d2i_PKCS12_BAGS(PKCS12_BAGS **a, unsigned char **pp,
+	     long length)
+{
+	int bagnid;
+	M_ASN1_D2I_vars(a,PKCS12_BAGS *,PKCS12_BAGS_new);
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get (ret->type, d2i_ASN1_OBJECT);
+	bagnid = OBJ_obj2nid (ret->type);
+	switch (bagnid) {
+
+		case NID_x509Certificate:
+			M_ASN1_D2I_get_EXP_opt (ret->value.x509cert,
+						 d2i_ASN1_OCTET_STRING, 0);
+		break;
+
+		case NID_x509Crl:
+			M_ASN1_D2I_get_EXP_opt (ret->value.x509crl,
+						 d2i_ASN1_OCTET_STRING, 0);
+		break;
+
+		case NID_sdsiCertificate:
+			M_ASN1_D2I_get_EXP_opt (ret->value.sdsicert,
+						 d2i_ASN1_IA5STRING, 0);
+		break;
+
+		default:
+			M_ASN1_D2I_get_EXP_opt (ret->value.other,
+							 d2i_ASN1_TYPE, 0);
+		break;
+	}
+
+	M_ASN1_D2I_Finish(a, PKCS12_BAGS_free, ASN1_F_D2I_PKCS12_BAGS);
+}
+
+void PKCS12_BAGS_free (PKCS12_BAGS *a)
+{
+	if (a == NULL) return;
+	switch (OBJ_obj2nid(a->type)) {
+
+		case NID_x509Certificate:
+			ASN1_OCTET_STRING_free (a->value.x509cert);
+		break;
+
+		case NID_x509Crl:
+			ASN1_OCTET_STRING_free (a->value.x509crl);
+		break;
+
+		case NID_sdsiCertificate:
+			ASN1_IA5STRING_free (a->value.sdsicert);
+		break;
+
+		default:
+			ASN1_TYPE_free (a->value.other);
+		break;
+	}
+
+	ASN1_OBJECT_free (a->type);
+	Free ((char *)a);
+}
diff --git a/crypto/openssl/crypto/pkcs12/p12_crpt.c b/crypto/openssl/crypto/pkcs12/p12_crpt.c
new file mode 100644
index 000000000000..6de6f8128f24
--- /dev/null
+++ b/crypto/openssl/crypto/pkcs12/p12_crpt.c
@@ -0,0 +1,122 @@
+/* p12_crpt.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+
+/* PKCS#12 specific PBE functions */
+
+void PKCS12_PBE_add(void)
+{
+#ifndef NO_RC4
+EVP_PBE_alg_add(NID_pbe_WithSHA1And128BitRC4, EVP_rc4(), EVP_sha1(),
+							 PKCS12_PBE_keyivgen);
+EVP_PBE_alg_add(NID_pbe_WithSHA1And40BitRC4, EVP_rc4_40(), EVP_sha1(),
+							 PKCS12_PBE_keyivgen);
+#endif
+EVP_PBE_alg_add(NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
+		 	EVP_des_ede3_cbc(), EVP_sha1(), PKCS12_PBE_keyivgen);
+EVP_PBE_alg_add(NID_pbe_WithSHA1And2_Key_TripleDES_CBC, 
+			EVP_des_ede_cbc(), EVP_sha1(), PKCS12_PBE_keyivgen);
+#ifndef NO_RC2
+EVP_PBE_alg_add(NID_pbe_WithSHA1And128BitRC2_CBC, EVP_rc2_cbc(),
+					EVP_sha1(), PKCS12_PBE_keyivgen);
+EVP_PBE_alg_add(NID_pbe_WithSHA1And40BitRC2_CBC, EVP_rc2_40_cbc(),
+					EVP_sha1(), PKCS12_PBE_keyivgen);
+#endif
+}
+
+int PKCS12_PBE_keyivgen (EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
+		ASN1_TYPE *param, EVP_CIPHER *cipher, EVP_MD *md, int en_de)
+{
+	PBEPARAM *pbe;
+	int saltlen, iter;
+	unsigned char *salt, *pbuf;
+	unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
+
+	/* Extract useful info from parameter */
+	pbuf = param->value.sequence->data;
+	if (!param || (param->type != V_ASN1_SEQUENCE) ||
+	   !(pbe = d2i_PBEPARAM (NULL, &pbuf, param->value.sequence->length))) {
+		EVPerr(PKCS12_F_PKCS12_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
+		return 0;
+	}
+
+	if (!pbe->iter) iter = 1;
+	else iter = ASN1_INTEGER_get (pbe->iter);
+	salt = pbe->salt->data;
+	saltlen = pbe->salt->length;
+	if (!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_KEY_ID,
+			     iter, EVP_CIPHER_key_length(cipher), key, md)) {
+		PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN,PKCS12_R_KEY_GEN_ERROR);
+		PBEPARAM_free(pbe);
+		return 0;
+	}
+	if (!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_IV_ID,
+				iter, EVP_CIPHER_iv_length(cipher), iv, md)) {
+		PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN,PKCS12_R_IV_GEN_ERROR);
+		PBEPARAM_free(pbe);
+		return 0;
+	}
+	PBEPARAM_free(pbe);
+	EVP_CipherInit(ctx, cipher, key, iv, en_de);
+	memset(key, 0, EVP_MAX_KEY_LENGTH);
+	memset(iv, 0, EVP_MAX_IV_LENGTH);
+	return 1;
+}
diff --git a/crypto/openssl/crypto/pkcs12/p12_crt.c b/crypto/openssl/crypto/pkcs12/p12_crt.c
new file mode 100644
index 000000000000..56d88b07596c
--- /dev/null
+++ b/crypto/openssl/crypto/pkcs12/p12_crt.c
@@ -0,0 +1,159 @@
+/* p12_crt.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+
+PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
+	     STACK *ca, int nid_key, int nid_cert, int iter, int mac_iter,
+	     int keytype)
+{
+	PKCS12 *p12;
+	STACK *bags, *safes;
+	PKCS12_SAFEBAG *bag;
+	PKCS8_PRIV_KEY_INFO *p8;
+	PKCS7 *authsafe;
+	X509 *tcert;
+	int i;
+	unsigned char keyid[EVP_MAX_MD_SIZE];
+	unsigned int keyidlen;
+
+	/* Set defaults */
+	if(!nid_cert) nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC;
+	if(!nid_key) nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+	if(!iter) iter = PKCS12_DEFAULT_ITER;
+	if(!mac_iter) mac_iter = 1;
+
+	if(!pkey || !cert) {
+		PKCS12err(PKCS12_F_PKCS12_CREATE,PKCS12_R_INVALID_NULL_ARGUMENT);
+		return NULL;
+	}
+
+	if(!(bags = sk_new (NULL))) {
+		PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+
+	/* Add user certificate */
+	if(!(bag = M_PKCS12_x5092certbag(cert))) return NULL;
+	if(name && !PKCS12_add_friendlyname(bag, name, -1)) return NULL;
+	X509_digest(cert, EVP_sha1(), keyid, &keyidlen);
+	if(!PKCS12_add_localkeyid(bag, keyid, keyidlen)) return NULL;
+
+	if(!sk_push(bags, (char *)bag)) {
+		PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+	
+	/* Add all other certificates */
+	if(ca) {
+		for(i = 0; i < sk_num(ca); i++) {
+			tcert = (X509 *)sk_value(ca, i);
+			if(!(bag = M_PKCS12_x5092certbag(tcert))) return NULL;
+			if(!sk_push(bags, (char *)bag)) {
+				PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
+				return NULL;
+			}
+		}
+	}
+
+	/* Turn certbags into encrypted authsafe */
+	authsafe = PKCS12_pack_p7encdata (nid_cert, pass, -1, NULL, 0,
+					  iter, bags);
+	sk_pop_free(bags, PKCS12_SAFEBAG_free);
+
+	if (!authsafe) return NULL;
+
+	if(!(safes = sk_new (NULL)) || !sk_push(safes, (char *)authsafe)) {
+		PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+
+	/* Make a shrouded key bag */
+	if(!(p8 = EVP_PKEY2PKCS8 (pkey))) return NULL;
+	if(keytype && !PKCS8_add_keyusage(p8, keytype)) return NULL;
+	bag = PKCS12_MAKE_SHKEYBAG (nid_key, pass, -1, NULL, 0, iter, p8);
+	if(!bag) return NULL;
+	PKCS8_PRIV_KEY_INFO_free(p8);
+        if (name && !PKCS12_add_friendlyname (bag, name, -1)) return NULL;
+	if(!PKCS12_add_localkeyid (bag, keyid, keyidlen)) return NULL;
+	if(!(bags = sk_new(NULL)) || !sk_push (bags, (char *)bag)) {
+		PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+	/* Turn it into unencrypted safe bag */
+	if(!(authsafe = PKCS12_pack_p7data (bags))) return NULL;
+	sk_pop_free(bags, PKCS12_SAFEBAG_free);
+	if(!sk_push(safes, (char *)authsafe)) {
+		PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+
+	if(!(p12 = PKCS12_init (NID_pkcs7_data))) return NULL;
+
+	if(!M_PKCS12_pack_authsafes (p12, safes)) return NULL;
+
+	sk_pop_free(safes, PKCS7_free);
+
+	if(!PKCS12_set_mac (p12, pass, -1, NULL, 0, mac_iter, NULL))
+	    return NULL;
+
+	return p12;
+
+}
diff --git a/crypto/openssl/crypto/pkcs12/p12_decr.c b/crypto/openssl/crypto/pkcs12/p12_decr.c
new file mode 100644
index 000000000000..d3d288e1874e
--- /dev/null
+++ b/crypto/openssl/crypto/pkcs12/p12_decr.c
@@ -0,0 +1,185 @@
+/* p12_decr.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+
+/* Define this to dump decrypted output to files called DERnnn */
+/*#define DEBUG_DECRYPT*/
+
+
+/* Encrypt/Decrypt a buffer based on password and algor, result in a
+ * Malloc'ed buffer
+ */
+
+unsigned char * PKCS12_pbe_crypt (X509_ALGOR *algor, const char *pass,
+	     int passlen, unsigned char *in, int inlen, unsigned char **data,
+	     int *datalen, int en_de)
+{
+	unsigned char *out;
+	int outlen, i;
+	EVP_CIPHER_CTX ctx;
+
+	/* Decrypt data */
+        if (!EVP_PBE_CipherInit (algor->algorithm, pass, passlen,
+					 algor->parameter, &ctx, en_de)) {
+		PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR);
+		return NULL;
+	}
+
+	if(!(out = Malloc (inlen + EVP_CIPHER_CTX_block_size(&ctx)))) {
+		PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+
+	EVP_CipherUpdate (&ctx, out, &i, in, inlen);
+	outlen = i;
+	if(!EVP_CipherFinal (&ctx, out + i, &i)) {
+		Free (out);
+		PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,PKCS12_R_PKCS12_CIPHERFINAL_ERROR);
+		return NULL;
+	}
+	outlen += i;
+	if (datalen) *datalen = outlen;
+	if (data) *data = out;
+	return out;
+
+}
+
+/* Decrypt an OCTET STRING and decode ASN1 structure 
+ * if seq & 1 'obj' is a stack of structures to be encoded
+ * if seq & 2 zero buffer after use
+ * as a sequence.
+ */
+
+char * PKCS12_decrypt_d2i (X509_ALGOR *algor, char * (*d2i)(),
+	     void (*free_func)(), const char *pass, int passlen,
+	     ASN1_OCTET_STRING *oct, int seq)
+{
+	unsigned char *out, *p;
+	char *ret;
+	int outlen;
+
+	if (!PKCS12_pbe_crypt (algor, pass, passlen, oct->data, oct->length,
+			       &out, &outlen, 0)) {
+		PKCS12err(PKCS12_F_PKCS12_DECRYPT_D2I,PKCS12_R_PKCS12_PBE_CRYPT_ERROR);
+		return NULL;
+	}
+	p = out;
+#ifdef DEBUG_DECRYPT
+	{
+		FILE *op;
+
+		char fname[30];
+		static int fnm = 1;
+		sprintf(fname, "DER%d", fnm++);
+		op = fopen(fname, "wb");
+		fwrite (p, 1, outlen, op);
+		fclose(op);
+	}
+#endif
+	if (seq & 1) ret = (char *) d2i_ASN1_SET(NULL, &p, outlen, d2i,
+				free_func, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
+	else ret = d2i(NULL, &p, outlen);
+	if (seq & 2) memset(out, 0, outlen);
+	if(!ret) PKCS12err(PKCS12_F_PKCS12_DECRYPT_D2I,PKCS12_R_DECODE_ERROR);
+	Free (out);
+	return ret;
+}
+
+/* Encode ASN1 structure and encrypt, return OCTET STRING 
+ * if 'seq' is non-zero 'obj' is a stack of structures to be encoded
+ * as a sequence
+ */
+
+ASN1_OCTET_STRING *PKCS12_i2d_encrypt (X509_ALGOR *algor, int (*i2d)(),
+				       const char *pass, int passlen,
+				       char *obj, int seq)
+{
+	ASN1_OCTET_STRING *oct;
+	unsigned char *in, *p;
+	int inlen;
+	if (!(oct = ASN1_OCTET_STRING_new ())) {
+		PKCS12err(PKCS12_F_PKCS12_I2D_ENCRYPT,ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+	if (seq) inlen = i2d_ASN1_SET((STACK *)obj, NULL, i2d, V_ASN1_SEQUENCE,
+						 V_ASN1_UNIVERSAL, IS_SEQUENCE);
+	else inlen = i2d (obj, NULL);
+	if (!inlen) {
+		PKCS12err(PKCS12_F_PKCS12_I2D_ENCRYPT,PKCS12_R_ENCODE_ERROR);
+		return NULL;
+	}
+	if (!(in = Malloc (inlen))) {
+		PKCS12err(PKCS12_F_PKCS12_I2D_ENCRYPT,ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+	p = in;
+	if (seq) i2d_ASN1_SET((STACK *)obj, &p, i2d, V_ASN1_SEQUENCE,
+						 V_ASN1_UNIVERSAL, IS_SEQUENCE);
+	else i2d (obj, &p);
+	if (!PKCS12_pbe_crypt (algor, pass, passlen, in, inlen, &oct->data,
+				 &oct->length, 1)) {
+		PKCS12err(PKCS12_F_PKCS12_I2D_ENCRYPT,PKCS12_R_ENCRYPT_ERROR);
+		Free(in);
+		return NULL;
+	}
+	Free (in);
+	return oct;
+}
diff --git a/crypto/openssl/crypto/pkcs12/p12_init.c b/crypto/openssl/crypto/pkcs12/p12_init.c
new file mode 100644
index 000000000000..dc6ab41db88a
--- /dev/null
+++ b/crypto/openssl/crypto/pkcs12/p12_init.c
@@ -0,0 +1,98 @@
+/* p12_init.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+
+/* Initialise a PKCS12 structure to take data */
+
+PKCS12 *PKCS12_init (int mode)
+{
+	PKCS12 *pkcs12;
+	if (!(pkcs12 = PKCS12_new())) {
+		PKCS12err(PKCS12_F_PKCS12_INIT,ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+	if (!(pkcs12->version = ASN1_INTEGER_new ())) {
+		PKCS12err(PKCS12_F_PKCS12_INIT,ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+	ASN1_INTEGER_set (pkcs12->version, 3);
+	if (!(pkcs12->authsafes = PKCS7_new())) {
+		PKCS12err(PKCS12_F_PKCS12_INIT,ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+	pkcs12->authsafes->type = OBJ_nid2obj(mode);
+	switch (mode) {
+		case NID_pkcs7_data:
+			if (!(pkcs12->authsafes->d.data =
+				 ASN1_OCTET_STRING_new())) {
+			PKCS12err(PKCS12_F_PKCS12_INIT,ERR_R_MALLOC_FAILURE);
+			return NULL;
+		}
+		break;
+		default:
+			PKCS12err(PKCS12_F_PKCS12_INIT,PKCS12_R_UNSUPPORTED_PKCS12_MODE);
+			PKCS12_free(pkcs12);
+			return NULL;
+		break;
+	}
+		
+	return pkcs12;
+}
diff --git a/crypto/openssl/crypto/pkcs12/p12_key.c b/crypto/openssl/crypto/pkcs12/p12_key.c
new file mode 100644
index 000000000000..25d8cdae5758
--- /dev/null
+++ b/crypto/openssl/crypto/pkcs12/p12_key.c
@@ -0,0 +1,182 @@
+/* p12_key.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+
+
+/* Uncomment out this line to get debugging info about key generation */
+/*#define DEBUG_KEYGEN*/
+#ifdef DEBUG_KEYGEN
+#include 
+extern BIO *bio_err;
+void h__dump (unsigned char *p, int len);
+#endif
+
+/* PKCS12 compatible key/IV generation */
+#ifndef min
+#define min(a,b) ((a) < (b) ? (a) : (b))
+#endif
+
+int PKCS12_key_gen_asc (const char *pass, int passlen, unsigned char *salt,
+	     int saltlen, int id, int iter, int n, unsigned char *out,
+	     const EVP_MD *md_type)
+{
+	int ret;
+	unsigned char *unipass;
+	int uniplen;
+	if (!asc2uni (pass, &unipass, &uniplen)) {
+		PKCS12err(PKCS12_F_PKCS12_KEY_GEN_ASC,ERR_R_MALLOC_FAILURE);
+		return 0;
+	}
+	ret = PKCS12_key_gen_uni (unipass, uniplen, salt, saltlen,
+						 id, iter, n, out, md_type);
+	memset(unipass, 0, uniplen);	/* Clear password from memory */
+	Free(unipass);
+	return ret;
+}
+
+int PKCS12_key_gen_uni (unsigned char *pass, int passlen, unsigned char *salt,
+	     int saltlen, int id, int iter, int n, unsigned char *out,
+	     const EVP_MD *md_type)
+{
+	unsigned char *B, *D, *I, *p, *Ai;
+	int Slen, Plen, Ilen;
+	int i, j, u, v;
+	BIGNUM *Ij, *Bpl1;	/* These hold Ij and B + 1 */
+	EVP_MD_CTX ctx;
+#ifdef  DEBUG_KEYGEN
+	unsigned char *tmpout = out;
+	int tmpn = n;
+	BIO_printf (bio_err, "KEYGEN DEBUG\n");
+	BIO_printf (bio_err, "ID %d, ITER %d\n", id, iter);
+	BIO_printf (bio_err, "Password (length %d):\n", passlen);
+	h__dump (pass, passlen);
+	BIO_printf (bio_err, "Salt (length %d):\n", saltlen);
+	h__dump (salt, saltlen);
+	BIO_printf (bio_err, "ID %d, ITER %d\n\n", id, iter);
+#endif
+	v = EVP_MD_block_size (md_type);
+	u = EVP_MD_size (md_type);
+	D = Malloc (v);
+	Ai = Malloc (u);
+	B = Malloc (v + 1);
+	Slen = v * ((saltlen+v-1)/v);
+	Plen = v * ((passlen+v-1)/v);
+	Ilen = Slen + Plen;
+	I = Malloc (Ilen);
+	Ij = BN_new();
+	Bpl1 = BN_new();
+	if (!D || !Ai || !B || !I || !Ij || !Bpl1) {
+		PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI,ERR_R_MALLOC_FAILURE);
+		return 0;
+	}
+	for (i = 0; i < v; i++) D[i] = id;
+	p = I;
+	for (i = 0; i < Slen; i++) *p++ = salt[i % saltlen];
+	for (i = 0; i < Plen; i++) *p++ = pass[i % passlen];
+	for (;;) {
+		EVP_DigestInit (&ctx, md_type);
+		EVP_DigestUpdate (&ctx, D, v);
+		EVP_DigestUpdate (&ctx, I, Ilen);
+		EVP_DigestFinal (&ctx, Ai, NULL);
+		for (j = 1; j < iter; j++) {
+			EVP_DigestInit (&ctx, md_type);
+			EVP_DigestUpdate (&ctx, Ai, u);
+			EVP_DigestFinal (&ctx, Ai, NULL);
+		}
+		memcpy (out, Ai, min (n, u));
+		if (u >= n) {
+			Free (Ai);
+			Free (B);
+			Free (D);
+			Free (I);
+			BN_free (Ij);
+			BN_free (Bpl1);
+#ifdef DEBUG_KEYGEN
+			BIO_printf (bio_err, "Output KEY (length %d)\n", tmpn);
+			h__dump (tmpout, tmpn);
+#endif
+			return 1;	
+		}
+		n -= u;
+		out += u;
+		for (j = 0; j < v; j++) B[j] = Ai[j % u];
+		/* Work out B + 1 first then can use B as tmp space */
+		BN_bin2bn (B, v, Bpl1);
+		BN_add_word (Bpl1, 1);
+		for (j = 0; j < Ilen ; j+=v) {
+			BN_bin2bn (I + j, v, Ij);
+			BN_add (Ij, Ij, Bpl1);
+			BN_bn2bin (Ij, B);
+			/* If more than 2^(v*8) - 1 cut off MSB */
+			if (BN_num_bytes (Ij) > v) {
+				BN_bn2bin (Ij, B);
+				memcpy (I + j, B + 1, v);
+			} else BN_bn2bin (Ij, I + j);
+		}
+	}
+}
+#ifdef DEBUG_KEYGEN
+void h__dump (unsigned char *p, int len)
+{
+	for (; len --; p++) BIO_printf (bio_err, "%02X", *p);
+	BIO_printf (bio_err, "\n");	
+}
+#endif
diff --git a/crypto/openssl/crypto/pkcs12/p12_kiss.c b/crypto/openssl/crypto/pkcs12/p12_kiss.c
new file mode 100644
index 000000000000..767e1303da90
--- /dev/null
+++ b/crypto/openssl/crypto/pkcs12/p12_kiss.c
@@ -0,0 +1,238 @@
+/* p12_kiss.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+
+/* Simplified PKCS#12 routines */
+
+static int parse_pk12( PKCS12 *p12, const char *pass, int passlen, EVP_PKEY **pkey, X509 **cert, STACK **ca);
+static int parse_bags( STACK *bags, const char *pass, int passlen, EVP_PKEY **pkey, X509 **cert, STACK **ca, ASN1_OCTET_STRING **keyid, char *keymatch);
+static int parse_bag( PKCS12_SAFEBAG *bag, const char *pass, int passlen, EVP_PKEY **pkey, X509 **cert, STACK **ca, ASN1_OCTET_STRING **keyid, char *keymatch);
+/* Parse and decrypt a PKCS#12 structure returning user key, user cert
+ * and other (CA) certs. Note either ca should be NULL, *ca should be NULL,
+ * or it should point to a valid STACK structure. pkey and cert can be
+ * passed unitialised.
+ */
+
+int PKCS12_parse (PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
+	     STACK **ca)
+{
+
+/* Check for NULL PKCS12 structure */
+
+if(!p12) {
+	PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_INVALID_NULL_PKCS12_POINTER);
+	return 0;
+}
+
+/* Allocate stack for ca certificates if needed */
+if ((ca != NULL) && (*ca == NULL)) {
+	if (!(*ca = sk_new(NULL))) {
+		PKCS12err(PKCS12_F_PKCS12_PARSE,ERR_R_MALLOC_FAILURE);
+		return 0;
+	}
+}
+
+if(pkey) *pkey = NULL;
+if(cert) *cert = NULL;
+
+/* Check the mac */
+
+if (!PKCS12_verify_mac (p12, pass, -1)) {
+	PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_MAC_VERIFY_FAILURE);
+	goto err;
+}
+
+if (!parse_pk12 (p12, pass, -1, pkey, cert, ca)) {
+	PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_PARSE_ERROR);
+	goto err;
+}
+
+return 1;
+
+err:
+
+if (pkey && *pkey) EVP_PKEY_free (*pkey);
+if (cert && *cert) X509_free (*cert);
+if (ca) sk_pop_free (*ca, X509_free);
+return 0;
+
+}
+
+/* Parse the outer PKCS#12 structure */
+
+static int parse_pk12 (PKCS12 *p12, const char *pass, int passlen,
+	     EVP_PKEY **pkey, X509 **cert, STACK **ca)
+{
+	STACK *asafes, *bags;
+	int i, bagnid;
+	PKCS7 *p7;
+	ASN1_OCTET_STRING *keyid = NULL;
+	char keymatch = 0;
+	if (!( asafes = M_PKCS12_unpack_authsafes (p12))) return 0;
+	for (i = 0; i < sk_num (asafes); i++) {
+		p7 = (PKCS7 *) sk_value (asafes, i);
+		bagnid = OBJ_obj2nid (p7->type);
+		if (bagnid == NID_pkcs7_data) {
+			bags = M_PKCS12_unpack_p7data (p7);
+		} else if (bagnid == NID_pkcs7_encrypted) {
+			bags = M_PKCS12_unpack_p7encdata (p7, pass, passlen);
+		} else continue;
+		if (!bags) {
+			sk_pop_free (asafes, PKCS7_free);
+			return 0;
+		}
+	    	if (!parse_bags (bags, pass, passlen, pkey, cert, ca,
+							 &keyid, &keymatch)) {
+			sk_pop_free (bags, PKCS12_SAFEBAG_free);
+			sk_pop_free (asafes, PKCS7_free);
+			return 0;
+		}
+		sk_pop_free (bags, PKCS12_SAFEBAG_free);
+	}
+	sk_pop_free (asafes, PKCS7_free);
+	if (keyid) ASN1_OCTET_STRING_free (keyid);
+	return 1;
+}
+
+
+static int parse_bags (STACK *bags, const char *pass, int passlen,
+		       EVP_PKEY **pkey, X509 **cert, STACK **ca,
+		       ASN1_OCTET_STRING **keyid, char *keymatch)
+{
+	int i;
+	for (i = 0; i < sk_num (bags); i++) {
+		if (!parse_bag ((PKCS12_SAFEBAG *)sk_value (bags, i),
+			 pass, passlen, pkey, cert, ca, keyid,
+							 keymatch)) return 0;
+	}
+	return 1;
+}
+
+#define MATCH_KEY  0x1
+#define MATCH_CERT 0x2
+#define MATCH_ALL  0x3
+
+static int parse_bag (PKCS12_SAFEBAG *bag, const char *pass, int passlen,
+		      EVP_PKEY **pkey, X509 **cert, STACK **ca,
+		      ASN1_OCTET_STRING **keyid,
+	     char *keymatch)
+{
+	PKCS8_PRIV_KEY_INFO *p8;
+	X509 *x509;
+	ASN1_OCTET_STRING *lkey = NULL;
+	ASN1_TYPE *attrib;
+
+
+	if ((attrib = PKCS12_get_attr (bag, NID_localKeyID)))
+		    			    lkey = attrib->value.octet_string;
+
+	/* Check for any local key id matching (if needed) */
+	if (lkey && ((*keymatch & MATCH_ALL) != MATCH_ALL)) {
+		if (*keyid) {
+			if (ASN1_OCTET_STRING_cmp (*keyid, lkey)) lkey = NULL;
+		} else {
+			if (!(*keyid = ASN1_OCTET_STRING_dup (lkey))) {
+				PKCS12err(PKCS12_F_PARSE_BAGS,ERR_R_MALLOC_FAILURE);
+				return 0;
+		    }
+		}
+	}
+	
+	switch (M_PKCS12_bag_type(bag))
+	{
+	case NID_keyBag:
+		if (!lkey || !pkey) return 1;	
+		if (!(*pkey = EVP_PKCS82PKEY (bag->value.keybag))) return 0;
+		*keymatch |= MATCH_KEY;
+	break;
+
+	case NID_pkcs8ShroudedKeyBag:
+		if (!lkey || !pkey) return 1;	
+		if (!(p8 = M_PKCS12_decrypt_skey (bag, pass, passlen)))
+				return 0;
+		*pkey = EVP_PKCS82PKEY (p8);
+		PKCS8_PRIV_KEY_INFO_free (p8);
+		if (!(*pkey)) return 0;
+		*keymatch |= MATCH_KEY;
+	break;
+
+	case NID_certBag:
+		if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate )
+								 return 1;
+		if (!(x509 = M_PKCS12_certbag2x509(bag))) return 0;
+		if (lkey) {
+			*keymatch |= MATCH_CERT;
+			if (cert) *cert = x509;
+		} else if (ca) sk_push (*ca, (char *)x509);
+	break;
+
+	case NID_safeContentsBag:
+		return parse_bags(bag->value.safes, pass, passlen,
+			 		pkey, cert, ca, keyid, keymatch);
+	break;
+
+	default:
+		return 1;
+	break;
+	}
+	return 1;
+}
+
diff --git a/crypto/openssl/crypto/pkcs12/p12_lib.c b/crypto/openssl/crypto/pkcs12/p12_lib.c
new file mode 100644
index 000000000000..00a6695d9b71
--- /dev/null
+++ b/crypto/openssl/crypto/pkcs12/p12_lib.c
@@ -0,0 +1,111 @@
+/* p12_lib.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+
+int i2d_PKCS12(PKCS12 *a, unsigned char **pp)
+{
+	M_ASN1_I2D_vars(a);
+
+	M_ASN1_I2D_len (a->version, i2d_ASN1_INTEGER);
+	M_ASN1_I2D_len (a->authsafes, i2d_PKCS7);
+	M_ASN1_I2D_len (a->mac, i2d_PKCS12_MAC_DATA);
+
+	M_ASN1_I2D_seq_total();
+
+	M_ASN1_I2D_put (a->version, i2d_ASN1_INTEGER);
+	M_ASN1_I2D_put (a->authsafes, i2d_PKCS7);
+	M_ASN1_I2D_put (a->mac, i2d_PKCS12_MAC_DATA);
+
+	M_ASN1_I2D_finish();
+}
+
+PKCS12 *d2i_PKCS12(PKCS12 **a, unsigned char **pp, long length)
+{
+	M_ASN1_D2I_vars(a,PKCS12 *,PKCS12_new);
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get (ret->version, d2i_ASN1_INTEGER);
+	M_ASN1_D2I_get (ret->authsafes, d2i_PKCS7);
+	M_ASN1_D2I_get_opt (ret->mac, d2i_PKCS12_MAC_DATA, V_ASN1_SEQUENCE);
+	M_ASN1_D2I_Finish(a, PKCS12_free, ASN1_F_D2I_PKCS12);
+}
+
+PKCS12 *PKCS12_new(void)
+{
+	PKCS12 *ret=NULL;
+	ASN1_CTX c;
+	M_ASN1_New_Malloc(ret, PKCS12);
+	ret->version=NULL;
+	ret->mac=NULL;
+	ret->authsafes=NULL;
+	return (ret);
+	M_ASN1_New_Error(ASN1_F_PKCS12_NEW);
+}
+
+void PKCS12_free (PKCS12 *a)
+{
+	if (a == NULL) return;
+	ASN1_INTEGER_free (a->version);
+	PKCS12_MAC_DATA_free (a->mac);
+	PKCS7_free (a->authsafes);
+	Free ((char *)a);
+}
diff --git a/crypto/openssl/crypto/pkcs12/p12_mac.c b/crypto/openssl/crypto/pkcs12/p12_mac.c
new file mode 100644
index 000000000000..f163d4cfaa85
--- /dev/null
+++ b/crypto/openssl/crypto/pkcs12/p12_mac.c
@@ -0,0 +1,110 @@
+/* p12_mac.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+
+int i2d_PKCS12_MAC_DATA(PKCS12_MAC_DATA *a, unsigned char **pp)
+{
+	M_ASN1_I2D_vars(a);
+	M_ASN1_I2D_len (a->dinfo, i2d_X509_SIG);
+	M_ASN1_I2D_len (a->salt, i2d_ASN1_OCTET_STRING);
+	M_ASN1_I2D_len (a->iter, i2d_ASN1_INTEGER);
+
+	M_ASN1_I2D_seq_total();
+
+	M_ASN1_I2D_put (a->dinfo, i2d_X509_SIG);
+	M_ASN1_I2D_put (a->salt, i2d_ASN1_OCTET_STRING);
+	M_ASN1_I2D_put (a->iter, i2d_ASN1_INTEGER);
+	M_ASN1_I2D_finish();
+}
+
+PKCS12_MAC_DATA *PKCS12_MAC_DATA_new(void)
+{
+	PKCS12_MAC_DATA *ret=NULL;
+	ASN1_CTX c;
+	M_ASN1_New_Malloc(ret, PKCS12_MAC_DATA);
+	ret->dinfo = X509_SIG_new();
+	ret->salt = ASN1_OCTET_STRING_new();
+	ret->iter = NULL;
+	return (ret);
+	M_ASN1_New_Error(ASN1_F_PKCS12_MAC_DATA_NEW);
+}
+
+PKCS12_MAC_DATA *d2i_PKCS12_MAC_DATA(PKCS12_MAC_DATA **a, unsigned char **pp,
+	     long length)
+{
+	M_ASN1_D2I_vars(a,PKCS12_MAC_DATA *,PKCS12_MAC_DATA_new);
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get (ret->dinfo, d2i_X509_SIG);
+	M_ASN1_D2I_get (ret->salt, d2i_ASN1_OCTET_STRING);
+	M_ASN1_D2I_get_opt (ret->iter, d2i_ASN1_INTEGER, V_ASN1_INTEGER);
+	M_ASN1_D2I_Finish(a, PKCS12_MAC_DATA_free, ASN1_F_D2I_PKCS12_MAC_DATA);
+}
+
+void PKCS12_MAC_DATA_free (PKCS12_MAC_DATA *a)
+{
+	if (a == NULL) return;
+	X509_SIG_free (a->dinfo);
+	ASN1_OCTET_STRING_free (a->salt);
+	ASN1_INTEGER_free (a->iter);
+	Free ((char *)a);
+}
diff --git a/crypto/openssl/crypto/pkcs12/p12_mutl.c b/crypto/openssl/crypto/pkcs12/p12_mutl.c
new file mode 100644
index 000000000000..bac558d6b9a4
--- /dev/null
+++ b/crypto/openssl/crypto/pkcs12/p12_mutl.c
@@ -0,0 +1,170 @@
+/* p12_mutl.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef NO_HMAC
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+
+/* Generate a MAC */
+int PKCS12_gen_mac (PKCS12 *p12, const char *pass, int passlen,
+		    unsigned char *mac, unsigned int *maclen)
+{
+	const EVP_MD *md_type;
+	HMAC_CTX hmac;
+	unsigned char key[PKCS12_MAC_KEY_LENGTH], *salt;
+	int saltlen, iter;
+	salt = p12->mac->salt->data;
+	saltlen = p12->mac->salt->length;
+	if (!p12->mac->iter) iter = 1;
+	else iter = ASN1_INTEGER_get (p12->mac->iter);
+    	if(!(md_type =
+		 EVP_get_digestbyobj (p12->mac->dinfo->algor->algorithm))) {
+		PKCS12err(PKCS12_F_PKCS12_GEN_MAC,PKCS12_R_UNKNOWN_DIGEST_ALGORITHM);
+		return 0;
+	}
+	if(!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_MAC_ID, iter,
+				 PKCS12_MAC_KEY_LENGTH, key, md_type)) {
+		PKCS12err(PKCS12_F_PKCS12_GEN_MAC,PKCS12_R_KEY_GEN_ERROR);
+		return 0;
+	}
+	HMAC_Init (&hmac, key, PKCS12_MAC_KEY_LENGTH, md_type);
+    	HMAC_Update (&hmac, p12->authsafes->d.data->data,
+					 p12->authsafes->d.data->length);
+    	HMAC_Final (&hmac, mac, maclen);
+	return 1;
+}
+
+/* Verify the mac */
+int PKCS12_verify_mac (PKCS12 *p12, const char *pass, int passlen)
+{
+	unsigned char mac[EVP_MAX_MD_SIZE];
+	unsigned int maclen;
+	if(p12->mac == NULL) {
+		PKCS12err(PKCS12_F_VERIFY_MAC,PKCS12_R_MAC_ABSENT);
+		return 0;
+	}
+	if (!PKCS12_gen_mac (p12, pass, passlen, mac, &maclen)) {
+		PKCS12err(PKCS12_F_VERIFY_MAC,PKCS12_R_MAC_GENERATION_ERROR);
+		return 0;
+	}
+	if ((maclen != (unsigned int)p12->mac->dinfo->digest->length)
+	|| memcmp (mac, p12->mac->dinfo->digest->data, maclen)) {
+		PKCS12err(PKCS12_F_VERIFY_MAC,PKCS12_R_MAC_VERIFY_ERROR);
+		return 0;
+	}
+	return 1;
+}
+
+/* Set a mac */
+
+int PKCS12_set_mac (PKCS12 *p12, const char *pass, int passlen,
+	     unsigned char *salt, int saltlen, int iter, EVP_MD *md_type)
+{
+	unsigned char mac[EVP_MAX_MD_SIZE];
+	unsigned int maclen;
+
+	if (!md_type) md_type = EVP_sha1();
+	if (PKCS12_setup_mac (p12, iter, salt, saltlen, md_type) ==
+				 	PKCS12_ERROR) {
+		PKCS12err(PKCS12_F_PKCS12_SET_MAC,PKCS12_R_MAC_SETUP_ERROR);
+		return 0;
+	}
+	if (!PKCS12_gen_mac (p12, pass, passlen, mac, &maclen)) {
+		PKCS12err(PKCS12_F_PKCS12_SET_MAC,PKCS12_R_MAC_GENERATION_ERROR);
+		return 0;
+	}
+	if (!(ASN1_OCTET_STRING_set (p12->mac->dinfo->digest, mac, maclen))) {
+		PKCS12err(PKCS12_F_PKCS12_SET_MAC,PKCS12_R_MAC_STRING_SET_ERROR);
+						return 0;
+	}
+	return 1;
+}
+
+/* Set up a mac structure */
+int PKCS12_setup_mac (PKCS12 *p12, int iter, unsigned char *salt, int saltlen,
+	     EVP_MD *md_type)
+{
+	if (!(p12->mac = PKCS12_MAC_DATA_new ())) return PKCS12_ERROR;
+	if (iter > 1) {
+		if(!(p12->mac->iter = ASN1_INTEGER_new())) {
+			PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
+			return 0;
+		}
+		ASN1_INTEGER_set (p12->mac->iter, iter);
+	}
+	if (!saltlen) saltlen = PKCS12_SALT_LEN;
+	p12->mac->salt->length = saltlen;
+	if (!(p12->mac->salt->data = Malloc (saltlen))) {
+		PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
+		return 0;
+	}
+	if (!salt) RAND_bytes (p12->mac->salt->data, saltlen);
+	else memcpy (p12->mac->salt->data, salt, saltlen);
+	p12->mac->dinfo->algor->algorithm = OBJ_nid2obj(EVP_MD_type(md_type));
+	if (!(p12->mac->dinfo->algor->parameter = ASN1_TYPE_new())) {
+		PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
+		return 0;
+	}
+	p12->mac->dinfo->algor->parameter->type = V_ASN1_NULL;
+	
+	return 1;
+}
+#endif
diff --git a/crypto/openssl/crypto/pkcs12/p12_sbag.c b/crypto/openssl/crypto/pkcs12/p12_sbag.c
new file mode 100644
index 000000000000..1b3addece19a
--- /dev/null
+++ b/crypto/openssl/crypto/pkcs12/p12_sbag.c
@@ -0,0 +1,227 @@
+/* p12_sbag.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+
+int i2d_PKCS12_SAFEBAG(PKCS12_SAFEBAG *a, unsigned char **pp)
+{
+	int bagnid, v = 0;
+	M_ASN1_I2D_vars(a);
+	bagnid = OBJ_obj2nid (a->type);
+	M_ASN1_I2D_len (a->type, i2d_ASN1_OBJECT);
+	
+	switch (bagnid) {
+
+		case NID_keyBag:
+			M_ASN1_I2D_len_EXP_opt (a->value.keybag,
+						 i2d_PKCS8_PRIV_KEY_INFO, 0, v);
+		break;
+
+		case NID_pkcs8ShroudedKeyBag:
+			M_ASN1_I2D_len_EXP_opt (a->value.shkeybag,
+						 i2d_X509_SIG, 0, v);
+		break;
+
+		case NID_safeContentsBag:
+			M_ASN1_I2D_len_EXP_SEQUENCE_opt (a->value.safes,
+				 i2d_PKCS12_SAFEBAG, 0, V_ASN1_SEQUENCE, v);
+		break;
+
+		case NID_certBag:
+		case NID_crlBag:
+		case NID_secretBag:
+			M_ASN1_I2D_len_EXP_opt (a->value.bag,
+						 i2d_PKCS12_BAGS, 0, v);
+		break;
+
+		default:
+			M_ASN1_I2D_len_EXP_opt (a->value.other,
+						 i2d_ASN1_TYPE, 0, v);
+		break;
+	}
+
+	M_ASN1_I2D_len_SET_type (X509_ATTRIBUTE,a->attrib, i2d_X509_ATTRIBUTE);
+
+	M_ASN1_I2D_seq_total ();
+	
+	M_ASN1_I2D_put (a->type, i2d_ASN1_OBJECT);
+
+	switch (bagnid) {
+
+		case NID_keyBag:
+			M_ASN1_I2D_put_EXP_opt (a->value.keybag,
+						 i2d_PKCS8_PRIV_KEY_INFO, 0, v);
+		break;
+
+		case NID_pkcs8ShroudedKeyBag:
+			M_ASN1_I2D_put_EXP_opt (a->value.shkeybag,
+						 i2d_X509_SIG, 0, v);
+		break;
+
+		case NID_safeContentsBag:
+			M_ASN1_I2D_put_EXP_SEQUENCE_opt (a->value.safes,
+				 i2d_PKCS12_SAFEBAG, 0, V_ASN1_SEQUENCE, v);
+		break;
+
+		case NID_certBag:
+		case NID_crlBag:
+		case NID_secretBag:
+			M_ASN1_I2D_put_EXP_opt (a->value.bag,
+						 i2d_PKCS12_BAGS, 0, v);
+		break;
+
+		default:
+			M_ASN1_I2D_put_EXP_opt (a->value.other,
+						 i2d_ASN1_TYPE, 0, v);
+		break;
+	}
+
+	M_ASN1_I2D_put_SET_type (X509_ATTRIBUTE, a->attrib, i2d_X509_ATTRIBUTE);
+
+	M_ASN1_I2D_finish();
+}
+
+PKCS12_SAFEBAG *PKCS12_SAFEBAG_new(void)
+{
+	PKCS12_SAFEBAG *ret=NULL;
+	ASN1_CTX c;
+	M_ASN1_New_Malloc(ret, PKCS12_SAFEBAG);
+	ret->type=NULL;
+	ret->value.other=NULL;
+	M_ASN1_New(ret->attrib, sk_X509_ATTRIBUTE_new_null);
+	ret->rest=NULL;
+	return (ret);
+	M_ASN1_New_Error(ASN1_F_PKCS12_SAFEBAG_NEW);
+}
+
+PKCS12_SAFEBAG *d2i_PKCS12_SAFEBAG(PKCS12_SAFEBAG **a, unsigned char **pp,
+	     long length)
+{
+	int bagnid;
+	M_ASN1_D2I_vars(a,PKCS12_SAFEBAG *,PKCS12_SAFEBAG_new);
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get (ret->type, d2i_ASN1_OBJECT);
+	bagnid = OBJ_obj2nid (ret->type);
+
+	switch (bagnid) {
+
+		case NID_keyBag:
+			M_ASN1_D2I_get_EXP_opt (ret->value.keybag,
+						 d2i_PKCS8_PRIV_KEY_INFO, 0);
+		break;
+
+		case NID_pkcs8ShroudedKeyBag:
+			M_ASN1_D2I_get_EXP_opt (ret->value.shkeybag,
+						 	d2i_X509_SIG, 0);
+		break;
+
+		case NID_safeContentsBag:
+			M_ASN1_D2I_get_EXP_set_opt(ret->value.safes,
+				d2i_PKCS12_SAFEBAG, PKCS12_SAFEBAG_free,
+							 0, V_ASN1_SEQUENCE);
+		break;
+
+		case NID_certBag:
+		case NID_crlBag:
+		case NID_secretBag:
+			M_ASN1_D2I_get_EXP_opt (ret->value.bag,
+							 d2i_PKCS12_BAGS, 0);
+		break;
+
+		default:
+			M_ASN1_D2I_get_EXP_opt (ret->value.other,
+							 d2i_ASN1_TYPE, 0);
+		break;
+	}
+	M_ASN1_D2I_get_set_opt_type(X509_ATTRIBUTE,ret->attrib,
+				    d2i_X509_ATTRIBUTE,X509_ATTRIBUTE_free);
+	M_ASN1_D2I_Finish(a, PKCS12_SAFEBAG_free, ASN1_F_D2I_PKCS12_SAFEBAG);
+}
+
+void PKCS12_SAFEBAG_free (PKCS12_SAFEBAG *a)
+{
+	if (a == NULL) return;
+	switch (OBJ_obj2nid(a->type)) {
+
+		case NID_keyBag:
+			PKCS8_PRIV_KEY_INFO_free (a->value.keybag);
+		break;
+
+		case NID_pkcs8ShroudedKeyBag:
+			X509_SIG_free (a->value.shkeybag);
+		break;
+
+		case NID_certBag:
+		case NID_crlBag:
+		case NID_secretBag:
+			PKCS12_BAGS_free (a->value.bag);
+		break;
+
+		default:
+			ASN1_TYPE_free (a->value.other);
+		break;
+	}
+
+	ASN1_OBJECT_free (a->type);
+	sk_X509_ATTRIBUTE_pop_free (a->attrib, X509_ATTRIBUTE_free);
+	Free (a);
+}
diff --git a/crypto/openssl/crypto/pkcs12/p12_utl.c b/crypto/openssl/crypto/pkcs12/p12_utl.c
new file mode 100644
index 000000000000..2adcbc95e1a8
--- /dev/null
+++ b/crypto/openssl/crypto/pkcs12/p12_utl.c
@@ -0,0 +1,118 @@
+/* p12_utl.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+
+/* Cheap and nasty Unicode stuff */
+
+unsigned char *asc2uni (const char *asc, unsigned char **uni, int *unilen)
+{
+	int ulen, i;
+	unsigned char *unitmp;
+	ulen = strlen(asc)*2  + 2;
+	if (!(unitmp = Malloc (ulen))) return NULL;
+	for (i = 0; i < ulen; i+=2) {
+		unitmp[i] = 0;
+		unitmp[i + 1] = asc[i>>1];
+	}
+	if (unilen) *unilen = ulen;
+	if (uni) *uni = unitmp;
+	return unitmp;
+}
+
+char *uni2asc (unsigned char *uni, int unilen)
+{
+	int asclen, i;
+	char *asctmp;
+	asclen = unilen / 2;
+	/* If no terminating zero allow for one */
+	if (uni[unilen - 1]) asclen++;
+	uni++;
+	if (!(asctmp = Malloc (asclen))) return NULL;
+	for (i = 0; i < unilen; i+=2) asctmp[i>>1] = uni[i];
+	asctmp[asclen - 1] = 0;
+	return asctmp;
+}
+
+int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12)
+{
+	return ASN1_i2d_bio((int(*)())i2d_PKCS12, bp, (unsigned char *)p12);
+}
+
+#ifndef NO_FP_API
+int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12)
+{
+	return ASN1_i2d_fp((int(*)())i2d_PKCS12, fp, (unsigned char *)p12);
+}
+#endif
+
+PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12)
+{
+	return (PKCS12 *)ASN1_d2i_bio((char *(*)())PKCS12_new,
+         (char *(*)())d2i_PKCS12, bp, (unsigned char **)p12);
+}
+#ifndef NO_FP_API
+PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12)
+{
+        return (PKCS12 *)ASN1_d2i_fp((char *(*)())PKCS12_new, 
+         (char *(*)())d2i_PKCS12, fp, (unsigned char **)(p12));
+}
+#endif
+
diff --git a/crypto/openssl/crypto/pkcs12/pk12err.c b/crypto/openssl/crypto/pkcs12/pk12err.c
new file mode 100644
index 000000000000..38d7be7675a4
--- /dev/null
+++ b/crypto/openssl/crypto/pkcs12/pk12err.c
@@ -0,0 +1,136 @@
+/* crypto/pkcs12/pk12err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file.
+ */
+
+#include 
+#include 
+#include 
+
+/* BEGIN ERROR CODES */
+#ifndef NO_ERR
+static ERR_STRING_DATA PKCS12_str_functs[]=
+	{
+{ERR_PACK(0,PKCS12_F_PARSE_BAGS,0),	"PARSE_BAGS"},
+{ERR_PACK(0,PKCS12_F_PKCS12_ADD_FRIENDLYNAME,0),	"PKCS12_ADD_FRIENDLYNAME"},
+{ERR_PACK(0,PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC,0),	"PKCS12_add_friendlyname_asc"},
+{ERR_PACK(0,PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI,0),	"PKCS12_add_friendlyname_uni"},
+{ERR_PACK(0,PKCS12_F_PKCS12_ADD_LOCALKEYID,0),	"PKCS12_add_localkeyid"},
+{ERR_PACK(0,PKCS12_F_PKCS12_CREATE,0),	"PKCS12_create"},
+{ERR_PACK(0,PKCS12_F_PKCS12_DECRYPT_D2I,0),	"PKCS12_decrypt_d2i"},
+{ERR_PACK(0,PKCS12_F_PKCS12_GEN_MAC,0),	"PKCS12_gen_mac"},
+{ERR_PACK(0,PKCS12_F_PKCS12_I2D_ENCRYPT,0),	"PKCS12_i2d_encrypt"},
+{ERR_PACK(0,PKCS12_F_PKCS12_INIT,0),	"PKCS12_init"},
+{ERR_PACK(0,PKCS12_F_PKCS12_KEY_GEN_ASC,0),	"PKCS12_key_gen_asc"},
+{ERR_PACK(0,PKCS12_F_PKCS12_KEY_GEN_UNI,0),	"PKCS12_key_gen_uni"},
+{ERR_PACK(0,PKCS12_F_PKCS12_MAKE_KEYBAG,0),	"PKCS12_MAKE_KEYBAG"},
+{ERR_PACK(0,PKCS12_F_PKCS12_MAKE_SHKEYBAG,0),	"PKCS12_MAKE_SHKEYBAG"},
+{ERR_PACK(0,PKCS12_F_PKCS12_PACK_P7DATA,0),	"PKCS12_pack_p7data"},
+{ERR_PACK(0,PKCS12_F_PKCS12_PACK_P7ENCDATA,0),	"PKCS12_pack_p7encdata"},
+{ERR_PACK(0,PKCS12_F_PKCS12_PACK_SAFEBAG,0),	"PKCS12_pack_safebag"},
+{ERR_PACK(0,PKCS12_F_PKCS12_PARSE,0),	"PKCS12_parse"},
+{ERR_PACK(0,PKCS12_F_PKCS12_PBE_CRYPT,0),	"PKCS12_pbe_crypt"},
+{ERR_PACK(0,PKCS12_F_PKCS12_PBE_KEYIVGEN,0),	"PKCS12_PBE_keyivgen"},
+{ERR_PACK(0,PKCS12_F_PKCS12_SETUP_MAC,0),	"PKCS12_setup_mac"},
+{ERR_PACK(0,PKCS12_F_PKCS12_SET_MAC,0),	"PKCS12_set_mac"},
+{ERR_PACK(0,PKCS12_F_PKCS8_ADD_KEYUSAGE,0),	"PKCS8_add_keyusage"},
+{ERR_PACK(0,PKCS12_F_PKCS8_ENCRYPT,0),	"PKCS8_encrypt"},
+{ERR_PACK(0,PKCS12_F_VERIFY_MAC,0),	"VERIFY_MAC"},
+{0,NULL}
+	};
+
+static ERR_STRING_DATA PKCS12_str_reasons[]=
+	{
+{PKCS12_R_CANT_PACK_STRUCTURE            ,"cant pack structure"},
+{PKCS12_R_DECODE_ERROR                   ,"decode error"},
+{PKCS12_R_ENCODE_ERROR                   ,"encode error"},
+{PKCS12_R_ENCRYPT_ERROR                  ,"encrypt error"},
+{PKCS12_R_INVALID_NULL_ARGUMENT          ,"invalid null argument"},
+{PKCS12_R_INVALID_NULL_PKCS12_POINTER    ,"invalid null pkcs12 pointer"},
+{PKCS12_R_IV_GEN_ERROR                   ,"iv gen error"},
+{PKCS12_R_KEY_GEN_ERROR                  ,"key gen error"},
+{PKCS12_R_MAC_ABSENT                     ,"mac absent"},
+{PKCS12_R_MAC_GENERATION_ERROR           ,"mac generation error"},
+{PKCS12_R_MAC_SETUP_ERROR                ,"mac setup error"},
+{PKCS12_R_MAC_STRING_SET_ERROR           ,"mac string set error"},
+{PKCS12_R_MAC_VERIFY_ERROR               ,"mac verify error"},
+{PKCS12_R_MAC_VERIFY_FAILURE             ,"mac verify failure"},
+{PKCS12_R_PARSE_ERROR                    ,"parse error"},
+{PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR  ,"pkcs12 algor cipherinit error"},
+{PKCS12_R_PKCS12_CIPHERFINAL_ERROR       ,"pkcs12 cipherfinal error"},
+{PKCS12_R_PKCS12_PBE_CRYPT_ERROR         ,"pkcs12 pbe crypt error"},
+{PKCS12_R_UNKNOWN_DIGEST_ALGORITHM       ,"unknown digest algorithm"},
+{PKCS12_R_UNSUPPORTED_PKCS12_MODE        ,"unsupported pkcs12 mode"},
+{0,NULL}
+	};
+
+#endif
+
+void ERR_load_PKCS12_strings(void)
+	{
+	static int init=1;
+
+	if (init)
+		{
+		init=0;
+#ifndef NO_ERR
+		ERR_load_strings(ERR_LIB_PKCS12,PKCS12_str_functs);
+		ERR_load_strings(ERR_LIB_PKCS12,PKCS12_str_reasons);
+#endif
+
+		}
+	}
diff --git a/crypto/openssl/crypto/pkcs12/pkcs12.h b/crypto/openssl/crypto/pkcs12/pkcs12.h
new file mode 100644
index 000000000000..4cfba5e6c61d
--- /dev/null
+++ b/crypto/openssl/crypto/pkcs12/pkcs12.h
@@ -0,0 +1,337 @@
+/* pkcs12.h */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_PKCS12_H
+#define HEADER_PKCS12_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include 
+#include 
+
+#define PKCS12_KEY_ID	1
+#define PKCS12_IV_ID	2
+#define PKCS12_MAC_ID	3
+
+/* Default iteration count */
+#ifndef PKCS12_DEFAULT_ITER
+#define PKCS12_DEFAULT_ITER	PKCS5_DEFAULT_ITER
+#endif
+
+#define PKCS12_MAC_KEY_LENGTH 20
+
+#define PKCS12_SALT_LEN	8
+
+/* Uncomment out next line for unicode password and names, otherwise ASCII */
+
+/*#define PBE_UNICODE*/
+
+#ifdef PBE_UNICODE
+#define PKCS12_key_gen PKCS12_key_gen_uni
+#define PKCS12_add_friendlyname PKCS12_add_friendlyname_uni
+#else
+#define PKCS12_key_gen PKCS12_key_gen_asc
+#define PKCS12_add_friendlyname PKCS12_add_friendlyname_asc
+#endif
+
+/* MS key usage constants */
+
+#define KEY_EX	0x10
+#define KEY_SIG 0x80
+
+typedef struct {
+X509_SIG *dinfo;
+ASN1_OCTET_STRING *salt;
+ASN1_INTEGER *iter;	/* defaults to 1 */
+} PKCS12_MAC_DATA;
+
+typedef struct {
+ASN1_INTEGER *version;
+PKCS12_MAC_DATA *mac;
+PKCS7 *authsafes;
+} PKCS12;
+
+typedef struct {
+ASN1_OBJECT *type;
+union {
+	struct pkcs12_bag_st *bag; /* secret, crl and certbag */
+	struct pkcs8_priv_key_info_st	*keybag; /* keybag */
+	X509_SIG *shkeybag; /* shrouded key bag */
+	STACK /* PKCS12_SAFEBAG */ *safes;
+	ASN1_TYPE *other;
+}value;
+STACK_OF(X509_ATTRIBUTE) *attrib;
+ASN1_TYPE *rest;
+} PKCS12_SAFEBAG;
+
+typedef struct pkcs12_bag_st {
+ASN1_OBJECT *type;
+union {
+	ASN1_OCTET_STRING *x509cert;
+	ASN1_OCTET_STRING *x509crl;
+	ASN1_OCTET_STRING *octet;
+	ASN1_IA5STRING *sdsicert;
+	ASN1_TYPE *other; /* Secret or other bag */
+}value;
+} PKCS12_BAGS;
+
+#define PKCS12_ERROR	0
+#define PKCS12_OK	1
+
+#define M_PKCS12_bag_type(bag) OBJ_obj2nid(bag->type)
+#define M_PKCS12_cert_bag_type(bag) OBJ_obj2nid(bag->value.bag->type)
+#define M_PKCS12_crl_bag_type M_PKCS12_cert_bag_type
+
+#define M_PKCS12_x5092certbag(x509) \
+PKCS12_pack_safebag ((char *)(x509), i2d_X509, NID_x509Certificate, NID_certBag)
+
+#define M_PKCS12_x509crl2certbag(crl) \
+PKCS12_pack_safebag ((char *)(crl), i2d_X509CRL, NID_x509Crl, NID_crlBag)
+
+#define M_PKCS12_certbag2x509(bg) \
+(X509 *) ASN1_unpack_string ((bg)->value.bag->value.octet, \
+(char *(*)())d2i_X509)
+
+#define M_PKCS12_certbag2x509crl(bg) \
+(X509CRL *) ASN1_unpack_string ((bg)->value.bag->value.octet, \
+(char *(*)())d2i_X509CRL)
+
+/*#define M_PKCS12_pkcs82rsa(p8) \
+(RSA *) ASN1_unpack_string ((p8)->pkey, (char *(*)())d2i_RSAPrivateKey)*/
+
+#define M_PKCS12_unpack_p7data(p7) \
+ASN1_seq_unpack ((p7)->d.data->data, p7->d.data->length, \
+			 (char *(*)())d2i_PKCS12_SAFEBAG, PKCS12_SAFEBAG_free)
+
+#define M_PKCS12_pack_authsafes(p12, safes) \
+ASN1_seq_pack((safes), (int (*)())i2d_PKCS7,\
+	&(p12)->authsafes->d.data->data, &(p12)->authsafes->d.data->length)
+
+#define M_PKCS12_unpack_authsafes(p12) \
+ASN1_seq_unpack((p12)->authsafes->d.data->data, \
+		(p12)->authsafes->d.data->length, (char *(*)())d2i_PKCS7, \
+							PKCS7_free)
+
+#define M_PKCS12_unpack_p7encdata(p7, pass, passlen) \
+(STACK *) PKCS12_decrypt_d2i ((p7)->d.encrypted->enc_data->algorithm,\
+			 (char *(*)())d2i_PKCS12_SAFEBAG, PKCS12_SAFEBAG_free, \
+							(pass), (passlen), \
+			(p7)->d.encrypted->enc_data->enc_data, 3)
+
+#define M_PKCS12_decrypt_skey(bag, pass, passlen) \
+(PKCS8_PRIV_KEY_INFO *) PKCS12_decrypt_d2i ((bag)->value.shkeybag->algor, \
+(char *(*)())d2i_PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_free, \
+						(pass), (passlen), \
+			 (bag)->value.shkeybag->digest, 2)
+
+#define M_PKCS8_decrypt(p8, pass, passlen) \
+(PKCS8_PRIV_KEY_INFO *) PKCS12_decrypt_d2i ((p8)->algor, \
+(char *(*)())d2i_PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_free,\
+			 (pass), (passlen), (p8)->digest, 2)
+
+#define PKCS12_get_attr(bag, attr_nid) \
+			 PKCS12_get_attr_gen(bag->attrib, attr_nid)
+
+#define PKCS8_get_attr(p8, attr_nid) \
+		PKCS12_get_attr_gen(p8->attributes, attr_nid)
+
+#define PKCS12_mac_present(p12) ((p12)->mac ? 1 : 0)
+
+
+PKCS12_SAFEBAG *PKCS12_pack_safebag(char *obj, int (*i2d)(), int nid1, int nid2);
+PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8);
+X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, 
+			const char *pass, int passlen,
+			unsigned char *salt, int saltlen, int iter,
+			PKCS8_PRIV_KEY_INFO *p8);
+PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass,
+				     int passlen, unsigned char *salt,
+				     int saltlen, int iter,
+				     PKCS8_PRIV_KEY_INFO *p8);
+PKCS7 *PKCS12_pack_p7data(STACK *sk);
+PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
+			     unsigned char *salt, int saltlen, int iter,
+			     STACK *bags);
+int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, int namelen);
+int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name,
+				int namelen);
+int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag, const unsigned char *name,
+				int namelen);
+int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage);
+ASN1_TYPE *PKCS12_get_attr_gen(STACK_OF(X509_ATTRIBUTE) *attrs, int attr_nid);
+char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag);
+unsigned char *PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass,
+				int passlen, unsigned char *in, int inlen,
+				unsigned char **data, int *datalen, int en_de);
+char *PKCS12_decrypt_d2i(X509_ALGOR *algor, char *(*d2i)(),
+			 void (*free_func)(), const char *pass, int passlen,
+			 ASN1_STRING *oct, int seq);
+ASN1_STRING *PKCS12_i2d_encrypt(X509_ALGOR *algor, int (*i2d)(),
+				const char *pass, int passlen, char *obj,
+				int seq);
+PKCS12 *PKCS12_init(int mode);
+int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,
+		       int saltlen, int id, int iter, int n,
+		       unsigned char *out, const EVP_MD *md_type);
+int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int id, int iter, int n, unsigned char *out, const EVP_MD *md_type);
+int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
+			 ASN1_TYPE *param, EVP_CIPHER *cipher, EVP_MD *md_type,
+			 int en_de);
+int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
+			 unsigned char *mac, unsigned int *maclen);
+int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen);
+int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen,
+		   unsigned char *salt, int saltlen, int iter,
+		   EVP_MD *md_type);
+int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt,
+					 int saltlen, EVP_MD *md_type);
+unsigned char *asc2uni(const char *asc, unsigned char **uni, int *unilen);
+char *uni2asc(unsigned char *uni, int unilen);
+int i2d_PKCS12_BAGS(PKCS12_BAGS *a, unsigned char **pp);
+PKCS12_BAGS *PKCS12_BAGS_new(void);
+PKCS12_BAGS *d2i_PKCS12_BAGS(PKCS12_BAGS **a, unsigned char **pp, long length);
+void PKCS12_BAGS_free(PKCS12_BAGS *a);
+int i2d_PKCS12(PKCS12 *a, unsigned char **pp);
+PKCS12 *d2i_PKCS12(PKCS12 **a, unsigned char **pp, long length);
+PKCS12 *PKCS12_new(void);
+void PKCS12_free(PKCS12 *a);
+int i2d_PKCS12_MAC_DATA(PKCS12_MAC_DATA *a, unsigned char **pp);
+PKCS12_MAC_DATA *PKCS12_MAC_DATA_new(void);
+PKCS12_MAC_DATA *d2i_PKCS12_MAC_DATA(PKCS12_MAC_DATA **a, unsigned char **pp,
+								 long length);
+void PKCS12_MAC_DATA_free(PKCS12_MAC_DATA *a);
+int i2d_PKCS12_SAFEBAG(PKCS12_SAFEBAG *a, unsigned char **pp);
+PKCS12_SAFEBAG *PKCS12_SAFEBAG_new(void);
+PKCS12_SAFEBAG *d2i_PKCS12_SAFEBAG(PKCS12_SAFEBAG **a, unsigned char **pp,
+								 long length);
+void PKCS12_SAFEBAG_free(PKCS12_SAFEBAG *a);
+void ERR_load_PKCS12_strings(void);
+void PKCS12_PBE_add(void);
+int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
+		 STACK **ca);
+PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
+			 STACK *ca, int nid_key, int nid_cert, int iter,
+						 int mac_iter, int keytype);
+int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12);
+int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12);
+PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12);
+PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12);
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+
+/* Error codes for the PKCS12 functions. */
+
+/* Function codes. */
+#define PKCS12_F_PARSE_BAGS				 103
+#define PKCS12_F_PKCS12_ADD_FRIENDLYNAME		 100
+#define PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC		 127
+#define PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI		 102
+#define PKCS12_F_PKCS12_ADD_LOCALKEYID			 104
+#define PKCS12_F_PKCS12_CREATE				 105
+#define PKCS12_F_PKCS12_DECRYPT_D2I			 106
+#define PKCS12_F_PKCS12_GEN_MAC				 107
+#define PKCS12_F_PKCS12_I2D_ENCRYPT			 108
+#define PKCS12_F_PKCS12_INIT				 109
+#define PKCS12_F_PKCS12_KEY_GEN_ASC			 110
+#define PKCS12_F_PKCS12_KEY_GEN_UNI			 111
+#define PKCS12_F_PKCS12_MAKE_KEYBAG			 112
+#define PKCS12_F_PKCS12_MAKE_SHKEYBAG			 113
+#define PKCS12_F_PKCS12_PACK_P7DATA			 114
+#define PKCS12_F_PKCS12_PACK_P7ENCDATA			 115
+#define PKCS12_F_PKCS12_PACK_SAFEBAG			 117
+#define PKCS12_F_PKCS12_PARSE				 118
+#define PKCS12_F_PKCS12_PBE_CRYPT			 119
+#define PKCS12_F_PKCS12_PBE_KEYIVGEN			 120
+#define PKCS12_F_PKCS12_SETUP_MAC			 122
+#define PKCS12_F_PKCS12_SET_MAC				 123
+#define PKCS12_F_PKCS8_ADD_KEYUSAGE			 124
+#define PKCS12_F_PKCS8_ENCRYPT				 125
+#define PKCS12_F_VERIFY_MAC				 126
+
+/* Reason codes. */
+#define PKCS12_R_CANT_PACK_STRUCTURE			 100
+#define PKCS12_R_DECODE_ERROR				 101
+#define PKCS12_R_ENCODE_ERROR				 102
+#define PKCS12_R_ENCRYPT_ERROR				 103
+#define PKCS12_R_INVALID_NULL_ARGUMENT			 104
+#define PKCS12_R_INVALID_NULL_PKCS12_POINTER		 105
+#define PKCS12_R_IV_GEN_ERROR				 106
+#define PKCS12_R_KEY_GEN_ERROR				 107
+#define PKCS12_R_MAC_ABSENT				 108
+#define PKCS12_R_MAC_GENERATION_ERROR			 109
+#define PKCS12_R_MAC_SETUP_ERROR			 110
+#define PKCS12_R_MAC_STRING_SET_ERROR			 111
+#define PKCS12_R_MAC_VERIFY_ERROR			 112
+#define PKCS12_R_MAC_VERIFY_FAILURE			 113
+#define PKCS12_R_PARSE_ERROR				 114
+#define PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR		 115
+#define PKCS12_R_PKCS12_CIPHERFINAL_ERROR		 116
+#define PKCS12_R_PKCS12_PBE_CRYPT_ERROR			 117
+#define PKCS12_R_UNKNOWN_DIGEST_ALGORITHM		 118
+#define PKCS12_R_UNSUPPORTED_PKCS12_MODE		 119
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
+
diff --git a/crypto/openssl/crypto/pkcs7/Makefile.ssl b/crypto/openssl/crypto/pkcs7/Makefile.ssl
new file mode 100644
index 000000000000..436442a7a1f0
--- /dev/null
+++ b/crypto/openssl/crypto/pkcs7/Makefile.ssl
@@ -0,0 +1,145 @@
+#
+# SSLeay/crypto/asn1/Makefile
+#
+
+DIR=	pkcs7
+TOP=	../..
+CC=	cc
+INCLUDES= -I.. -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=		make -f Makefile.ssl
+MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+MAKEFILE=	Makefile.ssl
+AR=		ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile README
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=	pk7_lib.c pkcs7err.c pk7_doit.c
+LIBOBJ= pk7_lib.o pkcs7err.o pk7_doit.o
+
+SRC= $(LIBSRC)
+
+EXHEADER=  pkcs7.h
+HEADER=	$(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+test:
+
+all:	lib
+
+testapps: enc dec sign verify
+
+enc: enc.o lib
+	$(CC) $(CFLAGS) -o enc enc.o $(LIB)
+
+dec: dec.o lib
+	$(CC) $(CFLAGS) -o dec dec.o $(LIB)
+
+sign: sign.o lib
+	$(CC) $(CFLAGS) -o sign sign.o $(LIB)
+
+verify: verify.o example.o lib
+	$(CC) $(CFLAGS) -o verify verify.o example.o $(LIB)
+
+lib:	$(LIBOBJ)
+	$(AR) $(LIB) $(LIBOBJ)
+	$(RANLIB) $(LIB)
+	@touch lib
+
+files:
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+	@for i in $(EXHEADER) ; \
+	do  \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+	done;
+
+tags:
+	ctags $(SRC)
+
+tests:
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+
+dclean:
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+pk7_doit.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pk7_doit.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+pk7_doit.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+pk7_doit.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+pk7_doit.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+pk7_doit.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+pk7_doit.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pk7_doit.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+pk7_doit.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+pk7_doit.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pk7_doit.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+pk7_doit.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+pk7_doit.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+pk7_doit.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+pk7_doit.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pk7_doit.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+pk7_doit.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+pk7_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pk7_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+pk7_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+pk7_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+pk7_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+pk7_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+pk7_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pk7_lib.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+pk7_lib.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+pk7_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pk7_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+pk7_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+pk7_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+pk7_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+pk7_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pk7_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pk7_lib.o: ../cryptlib.h
+pkcs7err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pkcs7err.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+pkcs7err.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+pkcs7err.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+pkcs7err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+pkcs7err.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pkcs7err.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+pkcs7err.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+pkcs7err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pkcs7err.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+pkcs7err.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+pkcs7err.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+pkcs7err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+pkcs7err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pkcs7err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
diff --git a/crypto/openssl/crypto/pkcs7/README b/crypto/openssl/crypto/pkcs7/README
new file mode 100644
index 000000000000..27001c69707c
--- /dev/null
+++ b/crypto/openssl/crypto/pkcs7/README
@@ -0,0 +1,5 @@
+WARNING
+
+Everything in this directory is experimental and is subject to change.
+
+Do not rely on the stuff in here not changing in the next release
diff --git a/crypto/openssl/crypto/pkcs7/bio_ber.c b/crypto/openssl/crypto/pkcs7/bio_ber.c
new file mode 100644
index 000000000000..2f17723e984c
--- /dev/null
+++ b/crypto/openssl/crypto/pkcs7/bio_ber.c
@@ -0,0 +1,450 @@
+/* crypto/evp/bio_ber.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+
+static int ber_write(BIO *h,char *buf,int num);
+static int ber_read(BIO *h,char *buf,int size);
+/*static int ber_puts(BIO *h,char *str); */
+/*static int ber_gets(BIO *h,char *str,int size); */
+static long ber_ctrl(BIO *h,int cmd,long arg1,char *arg2);
+static int ber_new(BIO *h);
+static int ber_free(BIO *data);
+#define BER_BUF_SIZE	(32)
+
+/* This is used to hold the state of the BER objects being read. */
+typedef struct ber_struct
+	{
+	int tag;
+	int class;
+	long length;
+	int inf;
+	int num_left;
+	int depth;
+	} BER_CTX;
+
+typedef struct bio_ber_struct
+	{
+	int tag;
+	int class;
+	long length;
+	int inf;
+
+	/* most of the following are used when doing non-blocking IO */
+	/* reading */
+	long num_left;	/* number of bytes still to read/write in block */
+	int depth;	/* used with idefinite encoding. */
+	int finished;	/* No more read data */
+
+	/* writting */ 
+	char *w_addr;
+	int w_offset;
+	int w_left;
+
+	int buf_len;
+	int buf_off;
+	unsigned char buf[BER_BUF_SIZE];
+	} BIO_BER_CTX;
+
+static BIO_METHOD methods_ber=
+	{
+	BIO_TYPE_CIPHER,"cipher",
+	ber_write,
+	ber_read,
+	NULL, /* ber_puts, */
+	NULL, /* ber_gets, */
+	ber_ctrl,
+	ber_new,
+	ber_free,
+	};
+
+BIO_METHOD *BIO_f_ber(void)
+	{
+	return(&methods_ber);
+	}
+
+static int ber_new(BIO *bi)
+	{
+	BIO_BER_CTX *ctx;
+
+	ctx=(BIO_BER_CTX *)Malloc(sizeof(BIO_BER_CTX));
+	if (ctx == NULL) return(0);
+
+	memset((char *)ctx,0,sizeof(BIO_BER_CTX));
+
+	bi->init=0;
+	bi->ptr=(char *)ctx;
+	bi->flags=0;
+	return(1);
+	}
+
+static int ber_free(BIO *a)
+	{
+	BIO_BER_CTX *b;
+
+	if (a == NULL) return(0);
+	b=(BIO_BER_CTX *)a->ptr;
+	memset(a->ptr,0,sizeof(BIO_BER_CTX));
+	Free(a->ptr);
+	a->ptr=NULL;
+	a->init=0;
+	a->flags=0;
+	return(1);
+	}
+
+int bio_ber_get_header(BIO *bio, BIO_BER_CTX *ctx)
+	{
+	char buf[64];
+	int i,j,n;
+	int ret;
+	unsigned char *p;
+	unsigned long length
+	int tag;
+	int class;
+	long max;
+
+	BIO_clear_retry_flags(b);
+
+	/* Pack the buffer down if there is a hole at the front */
+	if (ctx->buf_off != 0)
+		{
+		p=ctx->buf;
+		j=ctx->buf_off;
+		n=ctx->buf_len-j;
+		for (i=0; ibuf_len-j;
+		ctx->buf_off=0;
+		}
+
+	/* If there is more room, read some more data */
+	i=BER_BUF_SIZE-ctx->buf_len;
+	if (i)
+		{
+		i=BIO_read(bio->next_bio,&(ctx->buf[ctx->buf_len]),i);
+		if (i <= 0)
+			{
+			BIO_copy_next_retry(b);
+			return(i);
+			}
+		else
+			ctx->buf_len+=i;
+		}
+
+	max=ctx->buf_len;
+	p=ctx->buf;
+	ret=ASN1_get_object(&p,&length,&tag,&class,max);
+
+	if (ret & 0x80)
+		{
+		if ((ctx->buf_len < BER_BUF_SIZE) &&
+			(ERR_GET_REASON(ERR_peek_error()) == ASN1_R_TOO_LONG))
+			{
+			ERR_get_error(); /* clear the error */
+			BIO_set_retry_read(b);
+			}
+		return(-1);
+		}
+
+	/* We have no error, we have a header, so make use of it */
+
+	if ((ctx->tag  >= 0) && (ctx->tag != tag))
+		{
+		BIOerr(BIO_F_BIO_BER_GET_HEADER,BIO_R_TAG_MISMATCH);
+		sprintf(buf,"tag=%d, got %d",ctx->tag,tag);
+		ERR_add_error_data(1,buf);
+		return(-1);
+		}
+	if (ret & 0x01)
+	if (ret & V_ASN1_CONSTRUCTED)
+	}
+	
+static int ber_read(BIO *b, char *out, int outl)
+	{
+	int ret=0,i,n;
+	BIO_BER_CTX *ctx;
+
+	BIO_clear_retry_flags(b);
+
+	if (out == NULL) return(0);
+	ctx=(BIO_BER_CTX *)b->ptr;
+
+	if ((ctx == NULL) || (b->next_bio == NULL)) return(0);
+
+	if (ctx->finished) return(0);
+
+again:
+	/* First see if we are half way through reading a block */
+	if (ctx->num_left > 0)
+		{
+		if (ctx->num_left < outl)
+			n=ctx->num_left;
+		else
+			n=outl;
+		i=BIO_read(b->next_bio,out,n);
+		if (i <= 0)
+			{
+			BIO_copy_next_retry(b);
+			return(i);
+			}
+		ctx->num_left-=i;
+		outl-=i;
+		ret+=i;
+		if (ctx->num_left <= 0)
+			{
+			ctx->depth--;
+			if (ctx->depth <= 0)
+				ctx->finished=1;
+			}
+		if (outl <= 0)
+			return(ret);
+		else
+			goto again;
+		}
+	else	/* we need to read another BER header */
+		{
+		}
+	}
+
+static int ber_write(BIO *b, char *in, int inl)
+	{
+	int ret=0,n,i;
+	BIO_ENC_CTX *ctx;
+
+	ctx=(BIO_ENC_CTX *)b->ptr;
+	ret=inl;
+
+	BIO_clear_retry_flags(b);
+	n=ctx->buf_len-ctx->buf_off;
+	while (n > 0)
+		{
+		i=BIO_write(b->next_bio,&(ctx->buf[ctx->buf_off]),n);
+		if (i <= 0)
+			{
+			BIO_copy_next_retry(b);
+			return(i);
+			}
+		ctx->buf_off+=i;
+		n-=i;
+		}
+	/* at this point all pending data has been written */
+
+	if ((in == NULL) || (inl <= 0)) return(0);
+
+	ctx->buf_off=0;
+	while (inl > 0)
+		{
+		n=(inl > ENC_BLOCK_SIZE)?ENC_BLOCK_SIZE:inl;
+		EVP_CipherUpdate(&(ctx->cipher),
+			(unsigned char *)ctx->buf,&ctx->buf_len,
+			(unsigned char *)in,n);
+		inl-=n;
+		in+=n;
+
+		ctx->buf_off=0;
+		n=ctx->buf_len;
+		while (n > 0)
+			{
+			i=BIO_write(b->next_bio,&(ctx->buf[ctx->buf_off]),n);
+			if (i <= 0)
+				{
+				BIO_copy_next_retry(b);
+				return(i);
+				}
+			n-=i;
+			ctx->buf_off+=i;
+			}
+		ctx->buf_len=0;
+		ctx->buf_off=0;
+		}
+	BIO_copy_next_retry(b);
+	return(ret);
+	}
+
+static long ber_ctrl(BIO *b, int cmd, long num, char *ptr)
+	{
+	BIO *dbio;
+	BIO_ENC_CTX *ctx,*dctx;
+	long ret=1;
+	int i;
+
+	ctx=(BIO_ENC_CTX *)b->ptr;
+
+	switch (cmd)
+		{
+	case BIO_CTRL_RESET:
+		ctx->ok=1;
+		ctx->finished=0;
+		EVP_CipherInit(&(ctx->cipher),NULL,NULL,NULL,
+			ctx->cipher.berrypt);
+		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+		break;
+	case BIO_CTRL_EOF:	/* More to read */
+		if (ctx->cont <= 0)
+			ret=1;
+		else
+			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+		break;
+	case BIO_CTRL_WPENDING:
+		ret=ctx->buf_len-ctx->buf_off;
+		if (ret <= 0)
+			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+		break;
+	case BIO_CTRL_PENDING: /* More to read in buffer */
+		ret=ctx->buf_len-ctx->buf_off;
+		if (ret <= 0)
+			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+		break;
+	case BIO_CTRL_FLUSH:
+		/* do a final write */
+again:
+		while (ctx->buf_len != ctx->buf_off)
+			{
+			i=ber_write(b,NULL,0);
+			if (i < 0)
+				{
+				ret=i;
+				break;
+				}
+			}
+
+		if (!ctx->finished)
+			{
+			ctx->finished=1;
+			ctx->buf_off=0;
+			ret=EVP_CipherFinal(&(ctx->cipher),
+				(unsigned char *)ctx->buf,
+				&(ctx->buf_len));
+			ctx->ok=(int)ret;
+			if (ret <= 0) break;
+
+			/* push out the bytes */
+			goto again;
+			}
+		
+		/* Finally flush the underlying BIO */
+		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+		break;
+	case BIO_C_GET_CIPHER_STATUS:
+		ret=(long)ctx->ok;
+		break;
+	case BIO_C_DO_STATE_MACHINE:
+		BIO_clear_retry_flags(b);
+		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+		BIO_copy_next_retry(b);
+		break;
+
+	case BIO_CTRL_DUP:
+		dbio=(BIO *)ptr;
+		dctx=(BIO_ENC_CTX *)dbio->ptr;
+		memcpy(&(dctx->cipher),&(ctx->cipher),sizeof(ctx->cipher));
+		dbio->init=1;
+		break;
+	default:
+		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+		break;
+		}
+	return(ret);
+	}
+
+/*
+void BIO_set_cipher_ctx(b,c)
+BIO *b;
+EVP_CIPHER_ctx *c;
+	{
+	if (b == NULL) return;
+
+	if ((b->callback != NULL) &&
+		(b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,0L) <= 0))
+		return;
+
+	b->init=1;
+	ctx=(BIO_ENC_CTX *)b->ptr;
+	memcpy(ctx->cipher,c,sizeof(EVP_CIPHER_CTX));
+	
+	if (b->callback != NULL)
+		b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,1L);
+	}
+*/
+
+void BIO_set_cipher(BIO *b, EVP_CIPHER *c, unsigned char *k, unsigned char *i,
+	     int e)
+	{
+	BIO_ENC_CTX *ctx;
+
+	if (b == NULL) return;
+
+	if ((b->callback != NULL) &&
+		(b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,0L) <= 0))
+		return;
+
+	b->init=1;
+	ctx=(BIO_ENC_CTX *)b->ptr;
+	EVP_CipherInit(&(ctx->cipher),c,k,i,e);
+	
+	if (b->callback != NULL)
+		b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,1L);
+	}
+
diff --git a/crypto/openssl/crypto/pkcs7/dec.c b/crypto/openssl/crypto/pkcs7/dec.c
new file mode 100644
index 000000000000..b3661f28d368
--- /dev/null
+++ b/crypto/openssl/crypto/pkcs7/dec.c
@@ -0,0 +1,246 @@
+/* crypto/pkcs7/verify.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+int verify_callback(int ok, X509_STORE_CTX *ctx);
+
+BIO *bio_err=NULL;
+
+int main(argc,argv)
+int argc;
+char *argv[];
+	{
+	char *keyfile=NULL;
+	BIO *in;
+	EVP_PKEY *pkey;
+	X509 *x509;
+	PKCS7 *p7;
+	PKCS7_SIGNER_INFO *si;
+	X509_STORE_CTX cert_ctx;
+	X509_STORE *cert_store=NULL;
+	BIO *data,*detached=NULL,*p7bio=NULL;
+	char buf[1024*4];
+	unsigned char *pp;
+	int i,printit=0;
+	STACK_OF(PKCS7_SIGNER_INFO) *sk;
+
+	SSLeay_add_all_algorithms();
+	bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+
+	data=BIO_new(BIO_s_file());
+	pp=NULL;
+	while (argc > 1)
+		{
+		argc--;
+		argv++;
+		if (strcmp(argv[0],"-p") == 0)
+			{
+			printit=1;
+			}
+		else if ((strcmp(argv[0],"-k") == 0) && (argc >= 2)) {
+			keyfile = argv[1];
+			argc-=1;
+			argv+=1;
+		} else if ((strcmp(argv[0],"-d") == 0) && (argc >= 2))
+			{
+			detached=BIO_new(BIO_s_file());
+			if (!BIO_read_filename(detached,argv[1]))
+				goto err;
+			argc-=1;
+			argv+=1;
+			}
+		else break;
+		}
+
+	 if (!BIO_read_filename(data,argv[0])) goto err; 
+
+	if(!keyfile) {
+		fprintf(stderr, "No private key file specified\n");
+		goto err;
+	}
+
+        if ((in=BIO_new_file(keyfile,"r")) == NULL) goto err;
+        if ((x509=PEM_read_bio_X509(in,NULL,NULL)) == NULL) goto err;
+        BIO_reset(in);
+        if ((pkey=PEM_read_bio_PrivateKey(in,NULL,NULL)) == NULL) goto err;
+        BIO_free(in);
+
+	if (pp == NULL)
+		BIO_set_fp(data,stdin,BIO_NOCLOSE);
+
+
+	/* Load the PKCS7 object from a file */
+	if ((p7=PEM_read_bio_PKCS7(data,NULL,NULL)) == NULL) goto err;
+
+
+
+	/* This stuff is being setup for certificate verification.
+	 * When using SSL, it could be replaced with a 
+	 * cert_stre=SSL_CTX_get_cert_store(ssl_ctx); */
+	cert_store=X509_STORE_new();
+	X509_STORE_set_default_paths(cert_store);
+	X509_STORE_load_locations(cert_store,NULL,"../../certs");
+	X509_STORE_set_verify_cb_func(cert_store,verify_callback);
+
+	ERR_clear_error();
+
+	/* We need to process the data */
+	/* We cannot support detached encryption */
+	p7bio=PKCS7_dataDecode(p7,pkey,detached,x509);
+	
+	if (p7bio == NULL)
+		{
+		printf("problems decoding\n");
+		goto err;
+		}
+
+	/* We now have to 'read' from p7bio to calculate digests etc. */
+	for (;;)
+		{
+		i=BIO_read(p7bio,buf,sizeof(buf));
+		/* print it? */
+		if (i <= 0) break;
+		fwrite(buf,1, i, stdout);
+		}
+
+	/* We can now verify signatures */
+	sk=PKCS7_get_signer_info(p7);
+	if (sk == NULL)
+		{
+		fprintf(stderr, "there are no signatures on this data\n");
+		}
+	else
+		{
+		/* Ok, first we need to, for each subject entry,
+		 * see if we can verify */
+		ERR_clear_error();
+		for (i=0; ierror)
+		{
+	case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
+		X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),buf,256);
+		BIO_printf(bio_err,"issuer= %s\n",buf);
+		break;
+	case X509_V_ERR_CERT_NOT_YET_VALID:
+	case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
+		BIO_printf(bio_err,"notBefore=");
+		ASN1_UTCTIME_print(bio_err,X509_get_notBefore(ctx->current_cert));
+		BIO_printf(bio_err,"\n");
+		break;
+	case X509_V_ERR_CERT_HAS_EXPIRED:
+	case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
+		BIO_printf(bio_err,"notAfter=");
+		ASN1_UTCTIME_print(bio_err,X509_get_notAfter(ctx->current_cert));
+		BIO_printf(bio_err,"\n");
+		break;
+		}
+	BIO_printf(bio_err,"verify return:%d\n",ok);
+	return(ok);
+	}
diff --git a/crypto/openssl/crypto/pkcs7/des.pem b/crypto/openssl/crypto/pkcs7/des.pem
new file mode 100644
index 000000000000..62d1657e3e79
--- /dev/null
+++ b/crypto/openssl/crypto/pkcs7/des.pem
@@ -0,0 +1,15 @@
+
+MIAGCSqGSIb3DQEHA6CAMIACAQAxggHmMIHwAgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEG
+A1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m
+dCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNUUkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQD
+ExJERU1PIFpFUk8gVkFMVUUgQ0ECAgR+MA0GCSqGSIb3DQEBAQUABEC2vXI1xQDW6lUHM3zQ
+/9uBEBOO5A3TtkrklAXq7v01gsIC21t52qSk36REXY+slhNZ0OQ349tgkTsoETHFLoEwMIHw
+AgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMI
+QnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29mdCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNU
+UkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQDExJERU1PIFpFUk8gVkFMVUUgQ0ECAgR9MA0G
+CSqGSIb3DQEBAQUABEB8ujxbabxXUYJhopuDm3oDq4JNqX6Io4p3ro+ShqfIndsXTZ1v5a2N
+WtLLCWlHn/habjBwZ/DgQgcKASbZ7QxNMIAGCSqGSIb3DQEHATAaBggqhkiG9w0DAjAOAgIA
+oAQIbsL5v1wX98KggAQoAaJ4WHm68fXY1WE5OIjfVBIDpO1K+i8dmKhjnAjrjoyZ9Bwc8rDL
+lgQg4CXb805h5xl+GfvSwUaHJayte1m2mcOhs3J2YyqbQ+MEIMIiJQccmhO3oDKm36CFvYR8
+5PjpclVcZyX2ngbwPFMnBAgy0clOAE6UKAAAAAAAAAAAAAA=
+
diff --git a/crypto/openssl/crypto/pkcs7/doc b/crypto/openssl/crypto/pkcs7/doc
new file mode 100644
index 000000000000..d2e8b7b2a3df
--- /dev/null
+++ b/crypto/openssl/crypto/pkcs7/doc
@@ -0,0 +1,24 @@
+int PKCS7_set_content_type(PKCS7 *p7, int type);
+Call to set the type of PKCS7 object we are working on
+
+int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
+	EVP_MD *dgst);
+Use this to setup a signer info
+There will also be functions to add signed and unsigned attributes.
+
+int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i);
+Add a signer info to the content.
+
+int PKCS7_add_certificae(PKCS7 *p7, X509 *x509);
+int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509);
+
+----
+
+p7=PKCS7_new();
+PKCS7_set_content_type(p7,NID_pkcs7_signed);
+
+signer=PKCS7_SINGNER_INFO_new();
+PKCS7_SIGNER_INFO_set(signer,x509,pkey,EVP_md5());
+PKCS7_add_signer(py,signer);
+
+we are now setup.
diff --git a/crypto/openssl/crypto/pkcs7/enc.c b/crypto/openssl/crypto/pkcs7/enc.c
new file mode 100644
index 000000000000..43bfd10a2380
--- /dev/null
+++ b/crypto/openssl/crypto/pkcs7/enc.c
@@ -0,0 +1,165 @@
+/* crypto/pkcs7/enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include 
+#include 
+#include 
+#include 
+#include 
+
+int main(argc,argv)
+int argc;
+char *argv[];
+	{
+	X509 *x509;
+	PKCS7 *p7;
+	BIO *in;
+	BIO *data,*p7bio;
+	char buf[1024*4];
+	int i;
+	int nodetach=1;
+	char *keyfile = NULL;
+	const EVP_CIPHER *cipher=NULL;
+	STACK_OF(X509) *recips=NULL;
+
+	SSLeay_add_all_algorithms();
+
+	data=BIO_new(BIO_s_file());
+	while(argc > 1)
+		{
+		if (strcmp(argv[1],"-nd") == 0)
+			{
+			nodetach=1;
+			argv++; argc--;
+			}
+		else if ((strcmp(argv[1],"-c") == 0) && (argc >= 2)) {
+			if(!(cipher = EVP_get_cipherbyname(argv[2]))) {
+				fprintf(stderr, "Unknown cipher %s\n", argv[2]);
+				goto err;
+			}
+			argc-=2;
+			argv+=2;
+		} else if ((strcmp(argv[1],"-k") == 0) && (argc >= 2)) {
+			keyfile = argv[2];
+			argc-=2;
+			argv+=2;
+			if (!(in=BIO_new_file(keyfile,"r"))) goto err;
+			if (!(x509=PEM_read_bio_X509(in,NULL,NULL))) goto err;
+			if(!recips) recips = sk_X509_new_null();
+			sk_X509_push(recips, x509);
+			BIO_free(in);
+		} else break;
+	}
+
+	if(!recips) {
+		fprintf(stderr, "No recipients\n");
+		goto err;
+	}
+
+	if (!BIO_read_filename(data,argv[1])) goto err;
+
+	p7=PKCS7_new();
+#if 0
+	BIO_reset(in);
+	if ((pkey=PEM_read_bio_PrivateKey(in,NULL,NULL)) == NULL) goto err;
+	BIO_free(in);
+	PKCS7_set_type(p7,NID_pkcs7_signedAndEnveloped);
+	 
+	if (PKCS7_add_signature(p7,x509,pkey,EVP_sha1()) == NULL) goto err;
+	/* we may want to add more */
+	PKCS7_add_certificate(p7,x509);
+#else
+	PKCS7_set_type(p7,NID_pkcs7_enveloped);
+#endif
+	if(!cipher) cipher = EVP_des_ede3_cbc();
+
+	if (!PKCS7_set_cipher(p7,cipher)) goto err;
+	for(i = 0; i < sk_X509_num(recips); i++) {
+		if (!PKCS7_add_recipient(p7,sk_X509_value(recips, i))) goto err;
+	}
+	sk_X509_pop_free(recips, X509_free);
+
+	/* Set the content of the signed to 'data' */
+	/* PKCS7_content_new(p7,NID_pkcs7_data); not used in envelope */
+
+	/* could be used, but not in this version :-)
+	if (!nodetach) PKCS7_set_detached(p7,1);
+	*/
+
+	if ((p7bio=PKCS7_dataInit(p7,NULL)) == NULL) goto err;
+
+	for (;;)
+		{
+		i=BIO_read(data,buf,sizeof(buf));
+		if (i <= 0) break;
+		BIO_write(p7bio,buf,i);
+		}
+	BIO_flush(p7bio);
+
+	if (!PKCS7_dataFinal(p7,p7bio)) goto err;
+	BIO_free(p7bio);
+
+	PEM_write_PKCS7(stdout,p7);
+	PKCS7_free(p7);
+
+	exit(0);
+err:
+	ERR_load_crypto_strings();
+	ERR_print_errors_fp(stderr);
+	exit(1);
+	}
+
diff --git a/crypto/openssl/crypto/pkcs7/es1.pem b/crypto/openssl/crypto/pkcs7/es1.pem
new file mode 100644
index 000000000000..47112a238fd2
--- /dev/null
+++ b/crypto/openssl/crypto/pkcs7/es1.pem
@@ -0,0 +1,66 @@
+-----BEGIN PKCS7-----
+MIAGCSqGSIb3DQEHA6CAMIACAQAxggHmMIHwAgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEG
+A1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m
+dCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNUUkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQD
+ExJERU1PIFpFUk8gVkFMVUUgQ0ECAgRuMA0GCSqGSIb3DQEBAQUABEDWak0y/5XZJhQJeCLo
+KECcHXkTEbjzYkYNHIinbiPmRK4QbNfs9z2mA3z/c2ykQ4eAqFR2jyNrUMN/+I5XEiv6MIHw
+AgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMI
+QnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29mdCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNU
+UkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQDExJERU1PIFpFUk8gVkFMVUUgQ0ECAgR9MA0G
+CSqGSIb3DQEBAQUABEAWg9+KgtCjc77Jdj1Ve4wGgHjVHbbSYEA1ZqKFDoi15vSr9hfpHmC4
+ycZzcRo16JkTfolefiHZzmyjVz94vSN6MIAGCSqGSIb3DQEHATAaBggqhkiG9w0DAjAOAgIA
+oAQI7X4Tk4mcbV6ggASBsHl1mCaJ3RhXWlNPCgCRU53d7M5x6TDZRkvwdtdvW96m1lupT03F
+XtonkBqk7oMkH7kGfs5/REQOPjx0QE2Ixmgt1W3szum82EZwA7pZNppcraK7W/odw/7bYZO+
+II3HPmRklE2N9qiu1LPaPUsnYogkO6SennyeL5tZ382vBweL/8pnG0qsbT1OBb65v+llnsjT
+pa1T/p+fIx/iJJGE6K9fYFokC6gXLQ6ozXRdOu5oBDB8mPCYYvAqKycidM/MrGGUkpEtS4f0
+lS31PwQi5YTim8Ig3/TOwVpPX32i46FTuEIEIMHkD/OvpfwCCzXUHHJnKnKUAUvIsSY3vGBs
+8ezpUDfBBBj9LHDy32hZ2tQilkDefP5VM2LLdrWgamYEgfiyITQvn08Ul5lQOQxbFKBheFq5
+otCCN4MR+w5eq12xQu6y+f9z0159ag2ru87D0lLtUtXXtCELbO1nUkT2sJ0k/iDs9TOXr6Cx
+go1XKYho83hlkXYiCteVizdAbgVGNsNRD4wtIdajsorET/LuJECgp11YeL9w1dlDB0HLEZfi
+XCsUphH4jGagba3hDeUSibnjSiJlN0ukfuQurBBbI2UkBAujiEAubKPn7C1FZJRSw6CPPX5t
+KEpmcqT1JNk6LO8Js6/1sCmmBh1VGCy1+EuTI9J1p7Dagf4nQ8cHitoCRpHuKZlFHnZyv7tw
+Rn/KOhHaYP2VzAh40gQIvKMAAWh9oFsEEIMwIoOmLwLH5wf+8QdbDhoECH8HwZt9a12dBAjL
+r4j2zlvtfgQIt7nmEM3wz1EECKlc3EIy1irCBBCAKINcermK3A+jI6ISN2RzBFA3dsh/xwMu
+l61aWMBBZzEz/SF92k6n35KZhCC0d6fIVC/1WMv0fnCwQ8oEDynSre216VEFiYKBaQLJe5o/
+mTAxC7Ht3goXnuc+i1FItOkLrgRI/wyvTICEn2WsNZiMADnGaee2bqPnUopo+VMGexJEtCPk
+l0ZNlDJGquPDkpUwaEtecVZzCNyVPYyyF4J/l8rmGDhDdYUIC8IKBEg/ip/E0BuubBLWVbv+
+HRl4QrnGpyCyeXRXXK603QP3sT1Zbbm1v5pI/loOhVHi724LmtXHSyp5qv9MDcxE1PoX10LY
+gBRtlwwESPeCF8bK5jk4xIQMhK5NMHj1Y1KQWTZ9NGITBL4hjRq2qp4Qk5GIpGgOVPopAuCo
+TIyPikpqBRNtLSPRSsDs6QPUPzWBh6JgxwRQblnDKKUkxUcnJiD4i9QtGa/ZabMn4KxtNOBL
+5JSh1nJkaLXCZY070131WWPAByLcd5TiXq8x84pmzV5NNk4tiMpoXhJNsx8e4rskQQlKd6ME
+SCe2eYDHKcKPX3WJbUzhrJSQ92/aWnI2iUY8WQ+kSNyiZ2QUjyuUg9Z66g/0d2STlvPOBHT/
+y5ODP2CwbcWX4QmCbUc9TT66fQRIrRVuwvtOfnUueyGgYhJ3HpAJfVaB/7kap5bj7Fi/azW4
+9JDfd1bC/W9h0Kyk7RO2gxvE0hIHc26mZJHTm9MNP5D328MnM2MdBEjKjQBtgrp+lFIii7MP
+nGHFTKUkG4WAIZJCf/CsT+p6/SW0qG71Me/YcSw5STB24j+a+HgMV8RVIeUlkP4z0IWWrSoB
+Gh4d/Z0EUMCVHs/HZ/bWgiyhtHpvuVAzidm8D81p1LJ5BQX5/5f/m+q5+fS/npL27dTEbNqs
+LSB6ij3MZAi7LwHWpTn9zWnDajCMEj9vlaV7mcKtHK5iBEg85agFi1h3MvicqLtoFe5hVv9T
+tG0j6CRkjkixPzivltlrf44KHv14gLM0XJxCGyq7vd3l8QYr3+9at0zNnX/yqTiBnsnE5dUE
+SIgrYuz87M2gi/ER9PcDoTtONH3+CkcqVy03q/Sj8cVWD/b1KgEhqnNOfc8Ak9PctyR/ItcR
+8Me5XVn1GJKkQJk4O29fxvgNoAQIrIESvUWGshAEQByXiFoFTDUByjTlgjcy77H1lrH+y3P/
+wAInJjJAut9kCNyGJV0PA4kdPB5USWltuO6t8gk4Pd2YBMl09zqUWkAEUCjFrtZ3mapjcGZI
+uQTASKR5LSjXoWxTT5gae/+64MerF/oCEeO3ehRTpjnPrsiRDo0rWIQTaj9+Nro8Z2xtWstw
+RnfoAHIxV1lEamPwjsceBEi2SD9hiifFeO5ECiVoaE1FdXUXhU+jwYAMx6jHWO9hMkYzS9pM
+Y3IyWR5ybtOjiQgkUdvRJPUPGf5DVVMPnymGX25aDh5PYpIESPbsM9akCpOOVuscywcUswmU
+o7dXvlB48WWCfg/al3BQKAZbn5ZXtWNwpUZkrEdHsrxAVv3rxRcdkT3Z1fzUbIuYkLJN200o
+WgRIJvn6RO8KEj7/HOg2sYuuM8nz1kR0TSgwX7/0y/7JfjBa0JIlP7o75sNJscE8oyoIMzuy
+Dvn6/U9g3BCDXn83A/s+ke60qn9gBFC6NAeLOlXal1YVWYhMQNOqCyUfAjiXBTawaysQb1Mk
+YgeNlF8xuEFcUQWIP+vNG7FJ5JPMaMRL4YEoaQ3sVFhYOERJR1cSb+8xt4QCYtBKQgRIUOmJ
+CHW5o1hXJWJiTkZK2qWFcEMzTINSj5EpYFySr8aVBjkRnI7vxegRT/+XZZXoYedQ3UNsnGI3
+DdkWii5VzX0PNF6C60pfBEiVpausYuX7Wjb3Lfm8cBj7GgN69i6Pm2gxtobVcmpo2nS4D714
+ePyhlX9n8kJ6QAcqWMRj22smDPrHVGNTizfzHBh5zNllK9gESJizILOWI327og3ZWp+qUht5
+kNDJCzMK7Z09UAy+h+vq0VTQuEo3FgLzVdqkJujjSL4Nx97lXg51AovrEn3nd4evydwcjKLX
+1wRIo72NaeWuUEQ+rt1SlCsOJ7k1ioJSqhrPOfvwcaFcb4beVet1JWiy4yvowTjLDGbUje2s
+xjrlVt4BJWI/uA6jbQsrxSe89ADZBAi5YAlR4qszeAQIXD3VSBVKbRUECNTtyvw9vvqXBAhb
+IZNn4H4cxgQI+XW7GkfL+ekECCCCg2reMyGDBAh1PYqkg3lw3gQQkNlggEPU+BH8eh7Gm7n7
+7AQIjC5EWbkil5cEEKcpuqwTWww/X89KnQAg8TcECJPomqHvrlZFBBiRSuIiHpmN+PaujXpv
+qZV2VhjkB2j09GEECOIdv8AVOJgKBAjlHgIqAD9jZQQIXHbs44+wogcEIGGqTACRJxrhMcMG
+X8drNjksIPt+snxTXUBIkTVpZWoABAh6unXPTyIr8QQgBF8xKoX27MWk7iTNmkSNZggZXa2a
+DWCGHSYLngbSOHIECD9XmO6VsvTgBAjfqB70CEW4WwQIVIBkbCocznUEEHB/zFXy/sR4OYHe
+UfbNPnIEEDWBB/NTCLMGE+o8BfyujcAECFik7GQnnF9VBBAhLXExQeWAofZNc6NtN7qZBCC1
+gVIS3ruTwKltmcrgx3heT3M8ZJhCfWa+6KzchnmKygQQ+1NL5sSzR4m/fdrqxHFyUAQYCT2x
+PamQr3wK3h0lyZER+4H0zPM86AhFBBC3CkmvL2vjflMfujnzPBVpBBge9rMbI5+0q9DLrTiT
+5F3AIgXLpD8PQWAECHkHVo6RomV3BAgMbi8E271UeAQIqtS8wnI3XngECG3TWmOMb3/iBEha
+y+mvCS6I3n3JfL8e1B5P4qX9/czJRaERLuKpGNjLiL4A+zxN0LZ0UHd0qfmJjwOTxAx3iJAC
+lGXX4nB9ATYPUT5EU+o1Y4sECN01pP6vWNIdBDAsiE0Ts8/9ltJlqX2B3AoOM4qOt9EaCjXf
+lB+aEmrhtjUwuZ6GqS5Ke7P6XnakTk4ECCLIMatNdootAAAAAAAAAAAAAA==
+-----END PKCS7-----
diff --git a/crypto/openssl/crypto/pkcs7/example.c b/crypto/openssl/crypto/pkcs7/example.c
new file mode 100644
index 000000000000..73548900841a
--- /dev/null
+++ b/crypto/openssl/crypto/pkcs7/example.c
@@ -0,0 +1,327 @@
+#include 
+#include 
+#include 
+#include 
+
+int add_signed_time(PKCS7_SIGNER_INFO *si)
+	{
+	ASN1_UTCTIME *sign_time;
+
+	/* The last parameter is the amount to add/subtract from the current
+	 * time (in seconds) */
+	sign_time=X509_gmtime_adj(NULL,0);
+	PKCS7_add_signed_attribute(si,NID_pkcs9_signingTime,
+		V_ASN1_UTCTIME,(char *)sign_time);
+	return(1);
+	}
+
+ASN1_UTCTIME *get_signed_time(PKCS7_SIGNER_INFO *si)
+	{
+	ASN1_TYPE *so;
+
+	so=PKCS7_get_signed_attribute(si,NID_pkcs9_signingTime);
+	if (so->type == V_ASN1_UTCTIME)
+	    return so->value.utctime;
+	return NULL;
+	}
+	
+static int signed_string_nid= -1;
+
+void add_signed_string(PKCS7_SIGNER_INFO *si, char *str)
+	{
+	ASN1_OCTET_STRING *os;
+
+	/* To a an object of OID 1.2.3.4.5, which is an octet string */
+	if (signed_string_nid == -1)
+		signed_string_nid=
+			OBJ_create("1.2.3.4.5","OID_example","Our example OID");
+	os=ASN1_OCTET_STRING_new();
+	ASN1_OCTET_STRING_set(os,str,strlen(str));
+	/* When we add, we do not free */
+	PKCS7_add_signed_attribute(si,signed_string_nid,
+		V_ASN1_OCTET_STRING,(char *)os);
+	}
+
+int get_signed_string(PKCS7_SIGNER_INFO *si, char *buf, int len)
+	{
+	ASN1_TYPE *so;
+	ASN1_OCTET_STRING *os;
+	int i;
+
+	if (signed_string_nid == -1)
+		signed_string_nid=
+			OBJ_create("1.2.3.4.5","OID_example","Our example OID");
+	/* To retrieve */
+	so=PKCS7_get_signed_attribute(si,signed_string_nid);
+	if (so != NULL)
+		{
+		if (so->type == V_ASN1_OCTET_STRING)
+			{
+			os=so->value.octet_string;
+			i=os->length;
+			if ((i+1) > len)
+				i=len-1;
+			memcpy(buf,os->data,i);
+			return(i);
+			}
+		}
+	return(0);
+	}
+
+static signed_seq2string_nid= -1;
+/* ########################################### */
+int add_signed_seq2string(PKCS7_SIGNER_INFO *si, char *str1, char *str2)
+	{
+	/* To add an object of OID 1.9.999, which is a sequence containing
+	 * 2 octet strings */
+	unsigned char *p;
+	ASN1_OCTET_STRING *os1,*os2;
+	ASN1_STRING *seq;
+	unsigned char *data;
+	int i,total;
+
+	if (signed_seq2string_nid == -1)
+		signed_seq2string_nid=
+			OBJ_create("1.9.9999","OID_example","Our example OID");
+
+	os1=ASN1_OCTET_STRING_new();
+	os2=ASN1_OCTET_STRING_new();
+	ASN1_OCTET_STRING_set(os1,str1,strlen(str1));
+	ASN1_OCTET_STRING_set(os2,str1,strlen(str1));
+	i =i2d_ASN1_OCTET_STRING(os1,NULL);
+	i+=i2d_ASN1_OCTET_STRING(os2,NULL);
+	total=ASN1_object_size(1,i,V_ASN1_SEQUENCE);
+
+	data=malloc(total);
+	p=data;
+	ASN1_put_object(&p,1,i,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
+	i2d_ASN1_OCTET_STRING(os1,&p);
+	i2d_ASN1_OCTET_STRING(os2,&p);
+
+	seq=ASN1_STRING_new();
+	ASN1_STRING_set(seq,data,total);
+	free(data);
+	ASN1_OCTET_STRING_free(os1);
+	ASN1_OCTET_STRING_free(os2);
+
+	PKCS7_add_signed_attribute(si,signed_seq2string_nid,
+		V_ASN1_SEQUENCE,(char *)seq);
+	return(1);
+	}
+
+/* For this case, I will malloc the return strings */
+int get_signed_seq2string(PKCS7_SIGNER_INFO *si, char **str1, char **str2)
+	{
+	ASN1_TYPE *so;
+
+	if (signed_seq2string_nid == -1)
+		signed_seq2string_nid=
+			OBJ_create("1.9.9999","OID_example","Our example OID");
+	/* To retrieve */
+	so=PKCS7_get_signed_attribute(si,signed_seq2string_nid);
+	if (so && (so->type == V_ASN1_SEQUENCE))
+		{
+		ASN1_CTX c;
+		ASN1_STRING *s;
+		long length;
+		ASN1_OCTET_STRING *os1,*os2;
+
+		s=so->value.sequence;
+		c.p=ASN1_STRING_data(s);
+		c.max=c.p+ASN1_STRING_length(s);
+		if (!asn1_GetSequence(&c,&length)) goto err;
+		/* Length is the length of the seqence */
+
+		c.q=c.p;
+		if ((os1=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL) 
+			goto err;
+		c.slen-=(c.p-c.q);
+
+		c.q=c.p;
+		if ((os2=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL) 
+			goto err;
+		c.slen-=(c.p-c.q);
+
+		if (!asn1_Finish(&c)) goto err;
+		*str1=malloc(os1->length+1);
+		*str2=malloc(os2->length+1);
+		memcpy(*str1,os1->data,os1->length);
+		memcpy(*str2,os2->data,os2->length);
+		(*str1)[os1->length]='\0';
+		(*str2)[os2->length]='\0';
+		ASN1_OCTET_STRING_free(os1);
+		ASN1_OCTET_STRING_free(os2);
+		return(1);
+		}
+err:
+	return(0);
+	}
+
+
+/* #######################################
+ * THE OTHER WAY TO DO THINGS
+ * #######################################
+ */
+X509_ATTRIBUTE *create_time(void)
+	{
+	ASN1_UTCTIME *sign_time;
+	X509_ATTRIBUTE *ret;
+
+	/* The last parameter is the amount to add/subtract from the current
+	 * time (in seconds) */
+	sign_time=X509_gmtime_adj(NULL,0);
+	ret=X509_ATTRIBUTE_create(NID_pkcs9_signingTime,
+		V_ASN1_UTCTIME,(char *)sign_time);
+	return(ret);
+	}
+
+ASN1_UTCTIME *sk_get_time(STACK_OF(X509_ATTRIBUTE) *sk)
+	{
+	ASN1_TYPE *so;
+	PKCS7_SIGNER_INFO si;
+
+	si.auth_attr=sk;
+	so=PKCS7_get_signed_attribute(&si,NID_pkcs9_signingTime);
+	if (so->type == V_ASN1_UTCTIME)
+	    return so->value.utctime;
+	return NULL;
+	}
+	
+X509_ATTRIBUTE *create_string(char *str)
+	{
+	ASN1_OCTET_STRING *os;
+	X509_ATTRIBUTE *ret;
+
+	/* To a an object of OID 1.2.3.4.5, which is an octet string */
+	if (signed_string_nid == -1)
+		signed_string_nid=
+			OBJ_create("1.2.3.4.5","OID_example","Our example OID");
+	os=ASN1_OCTET_STRING_new();
+	ASN1_OCTET_STRING_set(os,str,strlen(str));
+	/* When we add, we do not free */
+	ret=X509_ATTRIBUTE_create(signed_string_nid,
+		V_ASN1_OCTET_STRING,(char *)os);
+	return(ret);
+	}
+
+int sk_get_string(STACK_OF(X509_ATTRIBUTE) *sk, char *buf, int len)
+	{
+	ASN1_TYPE *so;
+	ASN1_OCTET_STRING *os;
+	int i;
+	PKCS7_SIGNER_INFO si;
+
+	si.auth_attr=sk;
+
+	if (signed_string_nid == -1)
+		signed_string_nid=
+			OBJ_create("1.2.3.4.5","OID_example","Our example OID");
+	/* To retrieve */
+	so=PKCS7_get_signed_attribute(&si,signed_string_nid);
+	if (so != NULL)
+		{
+		if (so->type == V_ASN1_OCTET_STRING)
+			{
+			os=so->value.octet_string;
+			i=os->length;
+			if ((i+1) > len)
+				i=len-1;
+			memcpy(buf,os->data,i);
+			return(i);
+			}
+		}
+	return(0);
+	}
+
+X509_ATTRIBUTE *add_seq2string(PKCS7_SIGNER_INFO *si, char *str1, char *str2)
+	{
+	/* To add an object of OID 1.9.999, which is a sequence containing
+	 * 2 octet strings */
+	unsigned char *p;
+	ASN1_OCTET_STRING *os1,*os2;
+	ASN1_STRING *seq;
+	X509_ATTRIBUTE *ret;
+	unsigned char *data;
+	int i,total;
+
+	if (signed_seq2string_nid == -1)
+		signed_seq2string_nid=
+			OBJ_create("1.9.9999","OID_example","Our example OID");
+
+	os1=ASN1_OCTET_STRING_new();
+	os2=ASN1_OCTET_STRING_new();
+	ASN1_OCTET_STRING_set(os1,str1,strlen(str1));
+	ASN1_OCTET_STRING_set(os2,str1,strlen(str1));
+	i =i2d_ASN1_OCTET_STRING(os1,NULL);
+	i+=i2d_ASN1_OCTET_STRING(os2,NULL);
+	total=ASN1_object_size(1,i,V_ASN1_SEQUENCE);
+
+	data=malloc(total);
+	p=data;
+	ASN1_put_object(&p,1,i,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
+	i2d_ASN1_OCTET_STRING(os1,&p);
+	i2d_ASN1_OCTET_STRING(os2,&p);
+
+	seq=ASN1_STRING_new();
+	ASN1_STRING_set(seq,data,total);
+	free(data);
+	ASN1_OCTET_STRING_free(os1);
+	ASN1_OCTET_STRING_free(os2);
+
+	ret=X509_ATTRIBUTE_create(signed_seq2string_nid,
+		V_ASN1_SEQUENCE,(char *)seq);
+	return(ret);
+	}
+
+/* For this case, I will malloc the return strings */
+int sk_get_seq2string(STACK_OF(X509_ATTRIBUTE) *sk, char **str1, char **str2)
+	{
+	ASN1_TYPE *so;
+	PKCS7_SIGNER_INFO si;
+
+	if (signed_seq2string_nid == -1)
+		signed_seq2string_nid=
+			OBJ_create("1.9.9999","OID_example","Our example OID");
+
+	si.auth_attr=sk;
+	/* To retrieve */
+	so=PKCS7_get_signed_attribute(&si,signed_seq2string_nid);
+	if (so->type == V_ASN1_SEQUENCE)
+		{
+		ASN1_CTX c;
+		ASN1_STRING *s;
+		long length;
+		ASN1_OCTET_STRING *os1,*os2;
+
+		s=so->value.sequence;
+		c.p=ASN1_STRING_data(s);
+		c.max=c.p+ASN1_STRING_length(s);
+		if (!asn1_GetSequence(&c,&length)) goto err;
+		/* Length is the length of the seqence */
+
+		c.q=c.p;
+		if ((os1=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL) 
+			goto err;
+		c.slen-=(c.p-c.q);
+
+		c.q=c.p;
+		if ((os2=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL) 
+			goto err;
+		c.slen-=(c.p-c.q);
+
+		if (!asn1_Finish(&c)) goto err;
+		*str1=malloc(os1->length+1);
+		*str2=malloc(os2->length+1);
+		memcpy(*str1,os1->data,os1->length);
+		memcpy(*str2,os2->data,os2->length);
+		(*str1)[os1->length]='\0';
+		(*str2)[os2->length]='\0';
+		ASN1_OCTET_STRING_free(os1);
+		ASN1_OCTET_STRING_free(os2);
+		return(1);
+		}
+err:
+	return(0);
+	}
+
+
diff --git a/crypto/openssl/crypto/pkcs7/example.h b/crypto/openssl/crypto/pkcs7/example.h
new file mode 100644
index 000000000000..96167de188d6
--- /dev/null
+++ b/crypto/openssl/crypto/pkcs7/example.h
@@ -0,0 +1,57 @@
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+int add_signed_time(PKCS7_SIGNER_INFO *si);
+ASN1_UTCTIME *get_signed_time(PKCS7_SIGNER_INFO *si);
+int get_signed_seq2string(PKCS7_SIGNER_INFO *si, char **str1, char **str2);
diff --git a/crypto/openssl/crypto/pkcs7/info.pem b/crypto/openssl/crypto/pkcs7/info.pem
new file mode 100644
index 000000000000..989baf87096a
--- /dev/null
+++ b/crypto/openssl/crypto/pkcs7/info.pem
@@ -0,0 +1,57 @@
+issuer :/C=AU/SP=Queensland/L=Brisbane/O=Cryptsoft Pty Ltd/OU=DEMONSTRATION AND TESTING/CN=DEMO ZERO VALUE CA
+subject:/C=AU/SP=Queensland/L=Brisbane/O=Cryptsoft Pty Ltd/OU=SMIME 003/CN=Information/Email=info@cryptsoft.com
+serial :047D
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1149 (0x47d)
+        Signature Algorithm: md5withRSAEncryption
+        Issuer: C=AU, SP=Queensland, L=Brisbane, O=Cryptsoft Pty Ltd, OU=DEMONSTRATION AND TESTING, CN=DEMO ZERO VALUE CA
+        Validity
+            Not Before: May 13 05:40:58 1998 GMT
+            Not After : May 12 05:40:58 2000 GMT
+        Subject: C=AU, SP=Queensland, L=Brisbane, O=Cryptsoft Pty Ltd, OU=SMIME 003, CN=Information/Email=info@cryptsoft.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Modulus:
+                    00:ad:e7:23:89:ee:0d:87:b7:9c:32:44:4b:95:81:
+                    73:dd:22:80:4b:2d:c5:60:b8:fe:1e:18:63:ef:dc:
+                    89:89:22:df:95:3c:7a:db:3d:9a:06:a8:08:d6:29:
+                    fd:ef:41:09:91:ed:bc:ad:98:f9:f6:28:90:62:6f:
+                    e7:e7:0c:4d:0b
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            Netscape Comment: 
+                Generated with SSLeay
+    Signature Algorithm: md5withRSAEncryption
+        52:15:ea:88:f4:f0:f9:0b:ef:ce:d5:f8:83:40:61:16:5e:55:
+        f9:ce:2d:d1:8b:31:5c:03:c6:2d:10:7c:61:d5:5c:0a:42:97:
+        d1:fd:65:b6:b6:84:a5:39:ec:46:ec:fc:e0:0d:d9:22:da:1b:
+        50:74:ad:92:cb:4e:90:e5:fa:7d
+
+-----BEGIN CERTIFICATE-----
+MIICTDCCAfagAwIBAgICBH0wDQYJKoZIhvcNAQEEBQAwgZIxCzAJBgNVBAYTAkFV
+MRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UE
+ChMRQ3J5cHRzb2Z0IFB0eSBMdGQxIjAgBgNVBAsTGURFTU9OU1RSQVRJT04gQU5E
+IFRFU1RJTkcxGzAZBgNVBAMTEkRFTU8gWkVSTyBWQUxVRSBDQTAeFw05ODA1MTMw
+NTQwNThaFw0wMDA1MTIwNTQwNThaMIGeMQswCQYDVQQGEwJBVTETMBEGA1UECBMK
+UXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m
+dCBQdHkgTHRkMRIwEAYDVQQLEwlTTUlNRSAwMDMxFDASBgNVBAMTC0luZm9ybWF0
+aW9uMSEwHwYJKoZIhvcNAQkBFhJpbmZvQGNyeXB0c29mdC5jb20wXDANBgkqhkiG
+9w0BAQEFAANLADBIAkEArecjie4Nh7ecMkRLlYFz3SKASy3FYLj+Hhhj79yJiSLf
+lTx62z2aBqgI1in970EJke28rZj59iiQYm/n5wxNCwIDAQABoygwJjAkBglghkgB
+hvhCAQ0EFxYVR2VuZXJhdGVkIHdpdGggU1NMZWF5MA0GCSqGSIb3DQEBBAUAA0EA
+UhXqiPTw+QvvztX4g0BhFl5V+c4t0YsxXAPGLRB8YdVcCkKX0f1ltraEpTnsRuz8
+4A3ZItobUHStkstOkOX6fQ==
+-----END CERTIFICATE-----
+
+-----BEGIN RSA PRIVATE KEY-----
+MIIBOgIBAAJBAK3nI4nuDYe3nDJES5WBc90igEstxWC4/h4YY+/ciYki35U8ets9
+mgaoCNYp/e9BCZHtvK2Y+fYokGJv5+cMTQsCAwEAAQJBAIHpvXvqEcOEoDRRHuIG
+fkcB4jPHcr9KE9TpxabH6xs9beN6OJnkePXAHwaz5MnUgSnbpOKq+cw8miKjXwe/
+zVECIQDVLwncT2lRmXarEYHzb+q/0uaSvKhWKKt3kJasLNTrAwIhANDUc/ghut29
+p3jJYjurzUKuG774/5eLjPLsxPPIZzNZAiA/10hSq41UnGqHLEUIS9m2/EeEZe7b
+bm567dfRU9OnVQIgDo8ROrZXSchEGbaog5J5r/Fle83uO8l93R3GqVxKXZkCIFfk
+IPD5PIYQAyyod3hyKKza7ZP4CGY4oOfZetbkSGGG
+-----END RSA PRIVATE KEY-----
diff --git a/crypto/openssl/crypto/pkcs7/infokey.pem b/crypto/openssl/crypto/pkcs7/infokey.pem
new file mode 100644
index 000000000000..1e2acc954d2a
--- /dev/null
+++ b/crypto/openssl/crypto/pkcs7/infokey.pem
@@ -0,0 +1,9 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIBOgIBAAJBAK3nI4nuDYe3nDJES5WBc90igEstxWC4/h4YY+/ciYki35U8ets9
+mgaoCNYp/e9BCZHtvK2Y+fYokGJv5+cMTQsCAwEAAQJBAIHpvXvqEcOEoDRRHuIG
+fkcB4jPHcr9KE9TpxabH6xs9beN6OJnkePXAHwaz5MnUgSnbpOKq+cw8miKjXwe/
+zVECIQDVLwncT2lRmXarEYHzb+q/0uaSvKhWKKt3kJasLNTrAwIhANDUc/ghut29
+p3jJYjurzUKuG774/5eLjPLsxPPIZzNZAiA/10hSq41UnGqHLEUIS9m2/EeEZe7b
+bm567dfRU9OnVQIgDo8ROrZXSchEGbaog5J5r/Fle83uO8l93R3GqVxKXZkCIFfk
+IPD5PIYQAyyod3hyKKza7ZP4CGY4oOfZetbkSGGG
+-----END RSA PRIVATE KEY-----
diff --git a/crypto/openssl/crypto/pkcs7/p7/a1 b/crypto/openssl/crypto/pkcs7/p7/a1
new file mode 100644
index 000000000000..56ca94376265
--- /dev/null
+++ b/crypto/openssl/crypto/pkcs7/p7/a1
@@ -0,0 +1,2 @@
+j,H>_æá_­DôzEîLœ	VJ³ß觬¤””E3ûáYäx%_Àk
+3ê)DLScñ8%ôM
\ No newline at end of file
diff --git a/crypto/openssl/crypto/pkcs7/p7/a2 b/crypto/openssl/crypto/pkcs7/p7/a2
new file mode 100644
index 000000000000..23d8fb5e93b9
--- /dev/null
+++ b/crypto/openssl/crypto/pkcs7/p7/a2
@@ -0,0 +1 @@
+k~@a”,NâM͹¼	­×U¿o_½BqrmÎ?Ù t?t÷ÏéId2‰Š
\ No newline at end of file
diff --git a/crypto/openssl/crypto/pkcs7/p7/cert.p7c b/crypto/openssl/crypto/pkcs7/p7/cert.p7c
new file mode 100644
index 0000000000000000000000000000000000000000..2b75ec05f7d8d5299a2ef1160ab0eab825e63d7d
GIT binary patch
literal 1728
zcmcgseNYr-7~kDH4$kvbID|5xHOE1|mUs8|gRMb9Kp}A?0TsV;cW)Oq&pX;%z$;7c
ztb>}g@%xj|^1B&`bP}<#%tq}T^CMA5hQ?86OhZkY;X?;)kMopr`m^4@_I;jrpLw3&
z^ZWfkjlr1Y%k%ZX;mEccP=mlQ4uMe642Q!Iq{Y4ZDB#t-yG@6{2r^<}=0@+YyW5Q|
z9iOf?FFfQ2<|jqWFsu)Q0FOt4;RaoaKHL(K?@&d>A*y&R7#Ro+u?(9jDsqur=14*F
z9Rh}vfCwZ^mgGJrKce3
zEW@-|IValDS)95^cHk(84=vIN$3!j;W-|o>)3C?5N-%HmlHf2%Hx&YTNEWoSWb^qG
zz1EH^8-HM_DSO9m*<{S@|MMbTK=0TQb+xmYsJ@+Xv+oADD93d#UE85voWQhL*rw>s
zNxv0WO*WoGbT9;e;f3dGke33ZHb$I9j{pdGngZXb-m@EMyfT;;`to33Z?48DSPP6d
zL?j#Fu&{6hju~C9suiwR)6$*;Q9};!PhTQnCKws>5BdO&lJKaE5OoqZ3V;9b>-9+Q2j5>QeT8VN<&NHdyuPb{(x~0jrB18s
z!rIhj-iGMvPo|!`Kk-`0K@0FAZf)h)o>;<+m#Mg}iua-9BmUA_eH%NNZHQ(GZ{nr_
za_9{fq@?KI&42+^PzhMb0}3m7yDXrEioBRp+-SC_sInvroGLpVXjY|K?o?#e9q^JV|ov(9}75?2c=Q+l22
zFJbjnQzM({6|;Ui)<61q>!bLHR;z#A?IYLco;K_`=#I-ty5s6f4jZ16fEF6$?b;#()I0j12e~=RA6a>P
z>(B?u)zfQpV_&;|{^*tAv)Pr6>o)1O@7bRI$h~<@tZ9RfJ>f4WrNbxca=T9s4ZC|}
z!?=4_FF0;2tFM~(^Lwq)pEsHs9+u6`+gUcQ=|x*zw{kf#VILFqR`d9#gyk=Y_7!(B
gKb!XBl0Cl8TPcO#?dmhPf3@p%2*PWEl7*nZ0J-umrT_o{

literal 0
HcmV?d00001

diff --git a/crypto/openssl/crypto/pkcs7/p7/smime.p7m b/crypto/openssl/crypto/pkcs7/p7/smime.p7m
new file mode 100644
index 0000000000000000000000000000000000000000..2b6e6f82ba3fbebace757322e748eb09836ef623
GIT binary patch
literal 4894
zcmd5+Wmgo8)@A5&=&lh#8irK5g&{^lkOpCf4rwWY8B#zRh7^Vrr9)CckP?s-7`i*9
z^WNuO@4dg_o=4*^nk
ze&gv05(X(Nf&~68f;sp&z`Wl$gY>qO#6rm|QR94kl2y|H_|gC0
z^aua|;9=n^IP&AF%TZd=Y%G&omaCllQ{a=S9%y9~8EVunZk2o`FHB)cQ5C&eHYQwq
z$H{2f;Y2LD!=s|5Z*%;dfs^!9`+w^jr}qkPQuv`O+W0gqLrtwj0GXHEAWfb0?b5tL
z%^JD#DO!VeH_JA10Irg|hs&`1OrDp#*G1^>&}|3|PbB&S_&=6C0uTVejQE8A=ieh7
zY%mZT8!Hc&aP>`>TuaP&eqIPJ0vD?)t;ea4{G)y4S+-h`f0>4YO`*wNDux1yOOOd}
zPk9Y~wMHMjc_{FNa@V)HEM7T9fu@lPlF@kk)q`Z~c&DwVvw-ot?e56_O1Zvz{TF{~
zetm-^)8mAz1iLGDJvVQx=Nxw5e9`AtF(e%IgS($OSZtsBH2+RH6J&$AH9_RdH>m5e
z)$+uCUynJk)R#`2*$}o2kk;Md_9YibwD#7MVhLc@cQMMzKa(}Dtorooncc$o2D|Iu
zQ;F!WPowOA;V6h1UWPdq&i{Z<2ocLbj~}YCM7?VnN#+X}R7Mc_ccxdU8vP5AzmS71J=l@}MXMI;xEp{O)_|F4
z*QNGZls!k}*5@?F17c5mB1rlVsW1ng<*%DZghWcHw?-GUt%{d+7Qc;E?ji@rk<*h)
z8(YmgJ|=SJkqS|=ap_BHzTJO(zluxd*qR$;&Ai018-d^q2Ia@-kEnSjk6_k*pHPO>`
z1&6EcHzOXUz_AC)4Jl|_p
zXjnQOlru-U1`P7}svXbmaa-hZa8I+j=tRnH>C?L-X{gw`>2x|I#5PUr*|`cWUcM~@
zNvxH@4`KCWmlhOnC4Df1+ksz406*_ggp+xyu~w#R@9K0tAWDQ0{TVlm-lVuY9HX0F
zUL>$S{X7n`yQCs`HAkjF3m}w;Hk3!EW775uW&eK1_P+OhVSIR|1F0$%p-@&1z*KysLk%uS&`YG*4Fzij2
zKjlR%OfFBB^PK*U_VjIystZqR{Mxu%V^SrsQ2RiMKxBRJ
z_e=BCkT&vnT--D+HB%a3FET|X(N$N<^=QKd4EBS#EzT`Kh2>>m@l-Cm@oC0i_02SG
zTA%*Sj|OEK+!Iy9uKSAQ$l?SGy)2xIjarLby^Iax&W$Re7gMjFbx1}q)X1Rg{f1Mz
zr2dJ294*Y~_8muy3e&VQuV7Z$tNb~_ys&BIUup^=X4N|)G7Q@a4fyQRcyEfP321m?
zqO~&pG9GS%I2*`im8|UPy~13kIi|6^JSQQlnb1|Pr`N0AY$_a^5~)ykJe~v;FAJc-
z>A-M;cjNg6b`uc5&F}y&TX0_*?9yVQ#EX6*9^dKNpVPC7)DPegDj4QW-7YGf-Vy4(
zTc3we5e*Mq%_mpgLg0ttRXwsKH4IxmO|nPNt-rtd>)p(~(y3d2^alLBoOH_-%#_JE
zVKdZXgF`8MuI|C_VjzE+AI_H18Yp|NBD_QdLolLy#(mo*C0B?G1S;83SzJ9L8R(vb
zXJ{U246n;VnrKz*ORq32z6OpqmvvrCM%Gc~h5=G%`OdH?D^4AvxS=4bCP
z$uYA6McJq~r0-4KKQ*vessuR=Uw>_u>(A1>o_X|bgDPuUtUsgVG4{MC8$L?Ob2Bwo
zmby`Odt|8*>us6ZRdVt&6|}Gd@zU+mJ>r&4#y@vmEa0l}>+O#>f#s83jklC8h)VT?
zPh8qEuLw*SqB`UoF4Wr5q=}rb>uKx9&ZTTRe0OL`N4^yoLNmtBum^{1@A6VMhvz(~
zPl0V>(QTvtHTsSjPZtlTWEX;!X^-6xd}}h9Z<-(dGPQ_k#0)mieg46YD++EvG10G%;f;A;qi{#ORFc+at9u@o`M3+TMd~*|
zMnPB`*~w&qJmD37JlyX$D{#<+D4Z%|w1tAnpVpxtBi!n5Ga~+0ywb_;DSWD0
z_uB7g9W4v_89$Q5B=U#Nt+xf&1EB3A)%+{lAMAB~*c9ONz
z;)cDxQZOtETB}D#HdsAjB+G&1CB_}lh~J5kJ7Zha;6G-7?v-2@G4bC(e$a^dlfCY;
zVI0w*VD2UI`8O85AJdVy1^`l9KBSV?@f;tW5#
z6ypOwmnl+l>nwjHqzVW<9irj5DOS=RIQvC46r*LmjlXm3TP=OG34u9bWoi*Y==ns@Np
zz9YOH=04&$YRl3$1qo-)c`PZ>JTqY6SEG4KIkFxhbhs7aq;S4??wX2{ZD~pFGMsU2
zGMUpGM?9j_$cTq#wAhVpA@%`2dfPF?M_94m!S3=<)m&g
zl6x3aHy~o585S_S1VzL)fL9Xq=HUdF-?k=rXT3t6ng)zx`6rMWjI{8LeDtOvhMLox
zmK%E=!n(#wrFSRGLY2B*-2g3!u1`>zHUpYyyE3^zhChNOCp=8ZUasl4unW72Ii^pa
z2&u@Fsl;-(F3cnLmip
zC%-t1RNC@8Dr`y&DJB>)pv8vcyT#BZ4|&et*$m1*z`79=Z>~Cpa(E&noOHe=mV}0yaOp9!zeY%a(Pt3U_(toj45D
zD(B*-G=KS@Zeuy(Q!Zfy-k1E#VLib0I!J(*as$l8!d1%eSz3}VDaF0u?lq>ehcB%r
zF12E}|EF(-rNpF*!EJy=p5B+dOkw;q8Wy&(HLFQho8lNAUAAT=RI1qBg_a}E%U=zb
zJk?pMPlO$jmIcf=JV4f~iD^AKzEKKp|5^@4b78VJkJkq~aOjKR+Yf#NC-qioKL{mU
zf&P1p4r@qdJd$c*MWR44|K3RSK!#
zEn|nWFmpV5AOS6RsQ2w)yl=L3QQgCRKE>{RsGWvV?-ifzNhbYfS#TVkIK4&_ID{~{
z+&6UlhDyMh{-YB#g}s*24(FRL#D28kiO0v5r+FXOdk((w>!Et-0v<)TDZ>VL~#;O>7}VRd@m^TJGul!7!&zTn(ae-
zso>QRX8o*r8cFe$jpgm^8Hw~pPoHeA297+%ex~Ydt8jB}ux9w2k=%sCy+bhnV2qiy
zNPaAKYV#k(P_8QM^>#v{Ptoru!u+FV$zHFw-2{?ff591F+*z#>EeNdcpAyb8!~D7D
z1!q|YOv!(C?bHF~+;M2rY-Z#oQblXOf&`zc1Uo8WKCxe6!VnnuKkQC3_j24k&lzcr
zwN{0`pUPS1KvA7bmhnrUZ=O-C
zwzG?c$Wh{eb+|LP#Cff|xR`A*T}Ln}DOpQF)?wgvqj&Q3)i+QV&Laif+opdPT
zIsntUz@`30RYaiN4Nek0RGsC(vsJTFZG3k()SFX`)-AUU#(kE{ytX(j5zez4{`=F8
z8SQ}T4=7)nCa#X@COu?2uuhg#gqaq8M_cO?S+m86e$<)rspimHIap@469NbaM6
z`&<&@X$jf|4NdQwD~XsaUXd1^L5n
z!O~E9^l^AocUJqBlzhQWI{T_Iis;y_seQcs){foyX#!>scamB^lWxY2;6o@C=+koV
z3p3O`zl}p)*rrO^Y&k!(;Fph1L9);+$H)4_MfjnMxr)tx!p73Gh9NH?#ysaxEUIl&
zj&w;aD+irfEhsy1D*;P_Pb!4t)4B1B=)Qq@22U4MMu@DJJh0qWn!x#BN+9zVur?|5
z`igh)Mw1Rce6Zs5*5t0}3p#Y8sdJt81#OfYE3q|-c!MeOG@SgeLUuU^FD
zpTzm0hRT(7FZ=`IxCPUFrlPSJa}^xn8%0wL3R6P!r53;6B$OtE?839b*kxR9x1;63
zaz?t;MGv7P6-Jc69Uz1
z*_Eo6FzocmjEauj7qv{jUxbqj<-AK5X(hY-`)KX#t=k}}H2e3s
zxIhyCE&>2H-zVOquIjf@rW)wd$1?H`8}ufBQzU{r{awRGJGYWHg9{;}ItR5y1U@C)
zTG^*a83Y^g6w=qdEnWf4wUp6|(g48P*EWIY$A^BSZNn2lGDHi5=*kglk3kXHL9};G
zC#O&$+9;}X5q-_otu%Hg>Lt+I8Fl#=9Po4u>xp8&60hQp=1-&R)PksXh}t33uwZY`
z%e!T*q7@^^vswa=zBgMj0oy2R&21MA{;qVgD6fv7FaBe4j2DC{QOt-1E@Z4NS&~5P
zunvXLhto)IZdl{vS$r}MpVqh8!*A!bWQ=c2?rWE5@3HVBn%?>(zObgvN9l&8nKPBH
z+725QqT;g25L$UCU9xggcYT4AT}t9tsuLtPc={E_qB~7EI_QfK+xR
zX&dOCVh;+4SPH&VT6wIjAnwsxtq;1aXp68=)I+sym8!*a0&1x{0Rz^a-T&C+Kq!INtw9683?XMslXxf5
zEVG8mFf2wA3|cu#0;SU-mdInW)g}{yBC1?XHlsyUEVD_?79cS+Yi9I}R&8dC24rcj
zIn&58<^nJ;fFb~jQDA&*2=KxHKmmyyqmL5
zZrYcmmhFmv(~)uYSm~YCk8DNL%Df+i2Q@A$vEDS<>vq4KHvgZr!Lz9=>7ALy)xzCA
zdra3_)>B!AQ;r$kc6(&KpRg4DbZZmd^8ubwBI@+_9sGS<5;K1@T-5i?^0MIL#072Y
z7uS1a#as5YVoh5>dq@~se|KL-Uq8%;c+hkC;B&`X5vxzn)ZM6>^Pq|SuHwDIfh|WW
zJ`0rh_Ri{(;Spz5)jqcO>my&a3w|P3SDgO$h5pWAoA6BYocq=i5WOuxHCOjm+mc-g
z=AA!%3dcOI^h^>2c@`EH*SvhF_dXW<_x;z>_9lKI#q80JxPwQDW7kj8#E#D|_hfx@
zHRZ})zTZVAyB%d}ZKp&R=+;CpuD!1>MwhCw}o694Cmt$Vq}I3UH>2
zAPwpZraRemmv|%?%rtAD&HtNY9AFb1hq?eqTtLSxMPwZ8Iwp_N<*KuhHMts-mSr?F
z3;qv8NBs|8T-oL3)!VV4%UItMyj{C(@u;z~M_!Y+!nc_yO}=n?Z0_0ipXYhBD>^D}
zpZIoTr_kP75EvWsgK4;V_1l>~Il8i*C0P$g(rWx;b{lraRaur_l6^UFob5@Be6xNq
zYIrU659!^Dg+uNAk=Y?fq|G+JnuZ;CcUyPY$dZr8DcYytYRVaeK#9Nu2qEYRClWyH
zoR}^UaCsC0U!f@777y7*qao<&)GwvLiQcJ4Bk--{4&U6fA9_9t&0kd<7x3!0mrwOg
zUr%josMy8dW8V}0b3yfv0P#*6b*>{5*B?Ju66ZMY>2~+T&Y*kOzc$?1T9cRhuRpi@
z?`;s*KF-(}e;^~Mah9&c!S)6(tS9~c)V!#1;oCFm?9v~iK3aKZv)wlI{bJS0gAcv>
zn-0DXtO7q^N*gvF@VIK|q?=ExCE0kWFb
z%NHjmERB{Yu8m!!4W5EN#%zNH(L^$dPQb
zPL4RkP9m;Fyz%j?Qgkl@7MpOI>)=AZV6!w&hZ9Onqazf04B#ZdD2xgx35Ax@VS0>I
z0)o<#To2XII#dIcluk`5HCkMwrAUC1IH^-BwWJ%gy(xGD%rTzpSPG!+YYfPQwi*K-?1L
ztMME8gX+$^f2)K?-}$UB<#$+jvHH~QCzZov(X$V&(hn(2Uzf|aT5J9D-(PX*$H>8T
ztrFAwiYPkRa

literal 0
HcmV?d00001

diff --git a/crypto/openssl/crypto/pkcs7/pk7_dgst.c b/crypto/openssl/crypto/pkcs7/pk7_dgst.c
new file mode 100644
index 000000000000..90edfa5001fd
--- /dev/null
+++ b/crypto/openssl/crypto/pkcs7/pk7_dgst.c
@@ -0,0 +1,66 @@
+/* crypto/pkcs7/pk7_dgst.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+#include 
+#include 
+
diff --git a/crypto/openssl/crypto/pkcs7/pk7_doit.c b/crypto/openssl/crypto/pkcs7/pk7_doit.c
new file mode 100644
index 000000000000..dee81b547add
--- /dev/null
+++ b/crypto/openssl/crypto/pkcs7/pk7_doit.c
@@ -0,0 +1,922 @@
+/* crypto/pkcs7/pk7_doit.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+
+static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,
+			 void *value);
+static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid);
+
+BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
+	{
+	int i,j;
+	BIO *out=NULL,*btmp=NULL;
+	X509_ALGOR *xa;
+	const EVP_MD *evp_md;
+	const EVP_CIPHER *evp_cipher=NULL;
+	STACK_OF(X509_ALGOR) *md_sk=NULL;
+	STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL;
+	X509_ALGOR *xalg=NULL;
+	PKCS7_RECIP_INFO *ri=NULL;
+	EVP_PKEY *pkey;
+
+	i=OBJ_obj2nid(p7->type);
+	p7->state=PKCS7_S_HEADER;
+
+	switch (i)
+		{
+	case NID_pkcs7_signed:
+		md_sk=p7->d.sign->md_algs;
+		break;
+	case NID_pkcs7_signedAndEnveloped:
+		rsk=p7->d.signed_and_enveloped->recipientinfo;
+		md_sk=p7->d.signed_and_enveloped->md_algs;
+		xalg=p7->d.signed_and_enveloped->enc_data->algorithm;
+		evp_cipher=p7->d.signed_and_enveloped->enc_data->cipher;
+		if (evp_cipher == NULL)
+			{
+			PKCS7err(PKCS7_F_PKCS7_DATAINIT,
+						PKCS7_R_CIPHER_NOT_INITIALIZED);
+			goto err;
+			}
+		break;
+	case NID_pkcs7_enveloped:
+		rsk=p7->d.enveloped->recipientinfo;
+		xalg=p7->d.enveloped->enc_data->algorithm;
+		evp_cipher=p7->d.enveloped->enc_data->cipher;
+		if (evp_cipher == NULL)
+			{
+			PKCS7err(PKCS7_F_PKCS7_DATAINIT,
+						PKCS7_R_CIPHER_NOT_INITIALIZED);
+			goto err;
+			}
+		break;
+	default:
+		PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
+	        goto err;
+		}
+
+	if (md_sk != NULL)
+		{
+		for (i=0; ialgorithm);
+			evp_md=EVP_get_digestbyname(OBJ_nid2sn(j));
+			if (evp_md == NULL)
+				{
+				PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNKNOWN_DIGEST_TYPE);
+				goto err;
+				}
+
+			BIO_set_md(btmp,evp_md);
+			if (out == NULL)
+				out=btmp;
+			else
+				BIO_push(out,btmp);
+			btmp=NULL;
+			}
+		}
+
+	if (evp_cipher != NULL)
+		{
+		unsigned char key[EVP_MAX_KEY_LENGTH];
+		unsigned char iv[EVP_MAX_IV_LENGTH];
+		int keylen,ivlen;
+		int jj,max;
+		unsigned char *tmp;
+		EVP_CIPHER_CTX *ctx;
+
+		if ((btmp=BIO_new(BIO_f_cipher())) == NULL)
+			{
+			PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_BIO_LIB);
+			goto err;
+			}
+		BIO_get_cipher_ctx(btmp, &ctx);
+		keylen=EVP_CIPHER_key_length(evp_cipher);
+		ivlen=EVP_CIPHER_iv_length(evp_cipher);
+		RAND_bytes(key,keylen);
+		xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher));
+		if (ivlen > 0) RAND_bytes(iv,ivlen);
+		EVP_CipherInit(ctx, evp_cipher, key, iv, 1);
+
+		if (ivlen > 0) {
+			if (xalg->parameter == NULL) 
+						xalg->parameter=ASN1_TYPE_new();
+			if(EVP_CIPHER_param_to_asn1(ctx, xalg->parameter) < 0)
+								       goto err;
+		}
+
+		/* Lets do the pub key stuff :-) */
+		max=0;
+		for (i=0; icert == NULL)
+				{
+				PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_MISSING_CERIPEND_INFO);
+				goto err;
+				}
+			pkey=X509_get_pubkey(ri->cert);
+			jj=EVP_PKEY_size(pkey);
+			EVP_PKEY_free(pkey);
+			if (max < jj) max=jj;
+			}
+		if ((tmp=(unsigned char *)Malloc(max)) == NULL)
+			{
+			PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_MALLOC_FAILURE);
+			goto err;
+			}
+		for (i=0; icert);
+			jj=EVP_PKEY_encrypt(tmp,key,keylen,pkey);
+			EVP_PKEY_free(pkey);
+			if (jj <= 0)
+				{
+				PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_EVP_LIB);
+				Free(tmp);
+				goto err;
+				}
+			ASN1_OCTET_STRING_set(ri->enc_key,tmp,jj);
+			}
+		Free(tmp);
+		memset(key, 0, keylen);
+
+		if (out == NULL)
+			out=btmp;
+		else
+			BIO_push(out,btmp);
+		btmp=NULL;
+		}
+
+	if (bio == NULL) /* ??????????? */
+		{
+		if (p7->detached)
+			bio=BIO_new(BIO_s_null());
+		else
+			{
+			bio=BIO_new(BIO_s_mem());
+			/* We need to set this so that when we have read all
+			 * the data, the encrypt BIO, if present, will read
+			 * EOF and encode the last few bytes */
+			BIO_set_mem_eof_return(bio,0);
+
+			if (PKCS7_type_is_signed(p7) &&
+				PKCS7_type_is_data(p7->d.sign->contents))
+				{
+				ASN1_OCTET_STRING *os;
+
+				os=p7->d.sign->contents->d.data;
+				if (os->length > 0)
+					BIO_write(bio,(char *)os->data,
+						os->length);
+				}
+			}
+		}
+	BIO_push(out,bio);
+	bio=NULL;
+	if (0)
+		{
+err:
+		if (out != NULL)
+			BIO_free_all(out);
+		if (btmp != NULL)
+			BIO_free_all(btmp);
+		out=NULL;
+		}
+	return(out);
+	}
+
+/* int */
+BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
+	{
+	int i,j;
+	BIO *out=NULL,*btmp=NULL,*etmp=NULL,*bio=NULL;
+	char *tmp=NULL;
+	X509_ALGOR *xa;
+	ASN1_OCTET_STRING *data_body=NULL;
+	const EVP_MD *evp_md;
+	const EVP_CIPHER *evp_cipher=NULL;
+	EVP_CIPHER_CTX *evp_ctx=NULL;
+	X509_ALGOR *enc_alg=NULL;
+	STACK_OF(X509_ALGOR) *md_sk=NULL;
+	STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL;
+	X509_ALGOR *xalg=NULL;
+	PKCS7_RECIP_INFO *ri=NULL;
+/*	EVP_PKEY *pkey; */
+#if 0
+	X509_STORE_CTX s_ctx;
+#endif
+
+	i=OBJ_obj2nid(p7->type);
+	p7->state=PKCS7_S_HEADER;
+
+	switch (i)
+		{
+	case NID_pkcs7_signed:
+		data_body=p7->d.sign->contents->d.data;
+		md_sk=p7->d.sign->md_algs;
+		break;
+	case NID_pkcs7_signedAndEnveloped:
+		rsk=p7->d.signed_and_enveloped->recipientinfo;
+		md_sk=p7->d.signed_and_enveloped->md_algs;
+		data_body=p7->d.signed_and_enveloped->enc_data->enc_data;
+		enc_alg=p7->d.signed_and_enveloped->enc_data->algorithm;
+		evp_cipher=EVP_get_cipherbyname(OBJ_nid2sn(OBJ_obj2nid(enc_alg->algorithm)));
+		if (evp_cipher == NULL)
+			{
+			PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
+			goto err;
+			}
+		xalg=p7->d.signed_and_enveloped->enc_data->algorithm;
+		break;
+	case NID_pkcs7_enveloped:
+		rsk=p7->d.enveloped->recipientinfo;
+		enc_alg=p7->d.enveloped->enc_data->algorithm;
+		data_body=p7->d.enveloped->enc_data->enc_data;
+		evp_cipher=EVP_get_cipherbyname(OBJ_nid2sn(OBJ_obj2nid(enc_alg->algorithm)));
+		if (evp_cipher == NULL)
+			{
+			PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
+			goto err;
+			}
+		xalg=p7->d.enveloped->enc_data->algorithm;
+		break;
+	default:
+		PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
+	        goto err;
+		}
+
+	/* We will be checking the signature */
+	if (md_sk != NULL)
+		{
+		for (i=0; ialgorithm);
+			evp_md=EVP_get_digestbyname(OBJ_nid2sn(j));
+			if (evp_md == NULL)
+				{
+				PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNKNOWN_DIGEST_TYPE);
+				goto err;
+				}
+
+			BIO_set_md(btmp,evp_md);
+			if (out == NULL)
+				out=btmp;
+			else
+				BIO_push(out,btmp);
+			btmp=NULL;
+			}
+		}
+
+	if (evp_cipher != NULL)
+		{
+#if 0
+		unsigned char key[EVP_MAX_KEY_LENGTH];
+		unsigned char iv[EVP_MAX_IV_LENGTH];
+		unsigned char *p;
+		int keylen,ivlen;
+		int max;
+		X509_OBJECT ret;
+#endif
+		int jj;
+
+		if ((etmp=BIO_new(BIO_f_cipher())) == NULL)
+			{
+			PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_BIO_LIB);
+			goto err;
+			}
+
+		/* It was encrypted, we need to decrypt the secret key
+		 * with the private key */
+
+		/* Find the recipientInfo which matches the passed certificate
+		 * (if any)
+		 */
+
+		for (i=0; iissuer_and_serial->issuer,
+					pcert->cert_info->issuer) &&
+			     !ASN1_INTEGER_cmp(pcert->cert_info->serialNumber,
+					ri->issuer_and_serial->serial)) break;
+			ri=NULL;
+		}
+		if (ri == NULL) {
+			PKCS7err(PKCS7_F_PKCS7_DATADECODE,
+				 PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE);
+			return(NULL);
+		}
+
+		jj=EVP_PKEY_size(pkey);
+		tmp=Malloc(jj+10);
+		if (tmp == NULL)
+			{
+			PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_MALLOC_FAILURE);
+			goto err;
+			}
+
+		jj=EVP_PKEY_decrypt((unsigned char *)tmp,
+			ASN1_STRING_data(ri->enc_key),
+			ASN1_STRING_length(ri->enc_key),
+			pkey);
+		if (jj <= 0)
+			{
+			PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_EVP_LIB);
+			goto err;
+			}
+
+		evp_ctx=NULL;
+		BIO_get_cipher_ctx(etmp,&evp_ctx);
+		EVP_CipherInit(evp_ctx,evp_cipher,NULL,NULL,0);
+		if (EVP_CIPHER_asn1_to_param(evp_ctx,enc_alg->parameter) < 0)
+			return(NULL);
+
+		if (jj != EVP_CIPHER_CTX_key_length(evp_ctx))
+			{
+			PKCS7err(PKCS7_F_PKCS7_DATADECODE,
+					PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH);
+			goto err;
+			}
+		EVP_CipherInit(evp_ctx,NULL,(unsigned char *)tmp,NULL,0);
+
+		memset(tmp,0,jj);
+
+		if (out == NULL)
+			out=etmp;
+		else
+			BIO_push(out,etmp);
+		etmp=NULL;
+		}
+
+#if 1
+	if (p7->detached || (in_bio != NULL))
+		{
+		bio=in_bio;
+		}
+	else 
+		{
+		bio=BIO_new(BIO_s_mem());
+		/* We need to set this so that when we have read all
+		 * the data, the encrypt BIO, if present, will read
+		 * EOF and encode the last few bytes */
+		BIO_set_mem_eof_return(bio,0);
+
+		if (data_body->length > 0)
+			BIO_write(bio,(char *)data_body->data,data_body->length);
+		}
+	BIO_push(out,bio);
+	bio=NULL;
+#endif
+	if (0)
+		{
+err:
+		if (out != NULL) BIO_free_all(out);
+		if (btmp != NULL) BIO_free_all(btmp);
+		if (etmp != NULL) BIO_free_all(etmp);
+		if (bio != NULL) BIO_free_all(bio);
+		out=NULL;
+		}
+	if (tmp != NULL)
+		Free(tmp);
+	return(out);
+	}
+
+int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
+	{
+	int ret=0;
+	int i,j;
+	BIO *btmp;
+	BUF_MEM *buf_mem=NULL;
+	BUF_MEM *buf=NULL;
+	PKCS7_SIGNER_INFO *si;
+	EVP_MD_CTX *mdc,ctx_tmp;
+	STACK_OF(X509_ATTRIBUTE) *sk;
+	STACK_OF(PKCS7_SIGNER_INFO) *si_sk=NULL;
+	unsigned char *p,*pp=NULL;
+	int x;
+	ASN1_OCTET_STRING *os=NULL;
+
+	i=OBJ_obj2nid(p7->type);
+	p7->state=PKCS7_S_HEADER;
+
+	switch (i)
+		{
+	case NID_pkcs7_signedAndEnveloped:
+		/* XXXXXXXXXXXXXXXX */
+		si_sk=p7->d.signed_and_enveloped->signer_info;
+		os=ASN1_OCTET_STRING_new();
+		p7->d.signed_and_enveloped->enc_data->enc_data=os;
+		break;
+	case NID_pkcs7_enveloped:
+		/* XXXXXXXXXXXXXXXX */
+		os=ASN1_OCTET_STRING_new();
+		p7->d.enveloped->enc_data->enc_data=os;
+		break;
+	case NID_pkcs7_signed:
+		si_sk=p7->d.sign->signer_info;
+		os=p7->d.sign->contents->d.data;
+		/* If detached data then the content is excluded */
+		if(p7->detached) {
+			ASN1_OCTET_STRING_free(os);
+			p7->d.sign->contents->d.data = NULL;
+		}
+		break;
+		}
+
+	if (si_sk != NULL)
+		{
+		if ((buf=BUF_MEM_new()) == NULL)
+			{
+			PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_BIO_LIB);
+			goto err;
+			}
+		for (i=0; ipkey == NULL) continue;
+
+			j=OBJ_obj2nid(si->digest_alg->algorithm);
+
+			btmp=bio;
+			for (;;)
+				{
+				if ((btmp=BIO_find_type(btmp,BIO_TYPE_MD)) 
+					== NULL)
+					{
+					PKCS7err(PKCS7_F_PKCS7_DATASIGN,PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
+					goto err;
+					}
+				BIO_get_md_ctx(btmp,&mdc);
+				if (mdc == NULL)
+					{
+					PKCS7err(PKCS7_F_PKCS7_DATASIGN,PKCS7_R_INTERNAL_ERROR);
+					goto err;
+					}
+				if (EVP_MD_type(EVP_MD_CTX_type(mdc)) == j)
+					break;
+				else
+					btmp=btmp->next_bio;
+				}
+			
+			/* We now have the EVP_MD_CTX, lets do the
+			 * signing. */
+			memcpy(&ctx_tmp,mdc,sizeof(ctx_tmp));
+			if (!BUF_MEM_grow(buf,EVP_PKEY_size(si->pkey)))
+				{
+				PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_BIO_LIB);
+				goto err;
+				}
+
+			sk=si->auth_attr;
+
+			/* If there are attributes, we add the digest
+			 * attribute and only sign the attributes */
+			if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0))
+				{
+				unsigned char md_data[EVP_MAX_MD_SIZE];
+				unsigned int md_len;
+				ASN1_OCTET_STRING *digest;
+				ASN1_UTCTIME *sign_time;
+				const EVP_MD *md_tmp;
+
+				/* Add signing time */
+				sign_time=X509_gmtime_adj(NULL,0);
+				PKCS7_add_signed_attribute(si,
+					NID_pkcs9_signingTime,
+					V_ASN1_UTCTIME,sign_time);
+
+				/* Add digest */
+				md_tmp=EVP_MD_CTX_type(&ctx_tmp);
+				EVP_DigestFinal(&ctx_tmp,md_data,&md_len);
+				digest=ASN1_OCTET_STRING_new();
+				ASN1_OCTET_STRING_set(digest,md_data,md_len);
+				PKCS7_add_signed_attribute(si,
+					NID_pkcs9_messageDigest,
+					V_ASN1_OCTET_STRING,digest);
+
+				/* Now sign the mess */
+				EVP_SignInit(&ctx_tmp,md_tmp);
+				x=i2d_ASN1_SET_OF_X509_ATTRIBUTE(sk,NULL,
+					   i2d_X509_ATTRIBUTE,
+					   V_ASN1_SET,V_ASN1_UNIVERSAL,IS_SET);
+				pp=(unsigned char *)Malloc(x);
+				p=pp;
+				i2d_ASN1_SET_OF_X509_ATTRIBUTE(sk,&p,
+				           i2d_X509_ATTRIBUTE,
+					   V_ASN1_SET,V_ASN1_UNIVERSAL,IS_SET);
+				EVP_SignUpdate(&ctx_tmp,pp,x);
+				Free(pp);
+				pp=NULL;
+				}
+
+			if (si->pkey->type == EVP_PKEY_DSA)
+				ctx_tmp.digest=EVP_dss1();
+
+			if (!EVP_SignFinal(&ctx_tmp,(unsigned char *)buf->data,
+				(unsigned int *)&buf->length,si->pkey))
+				{
+				PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_EVP_LIB);
+				goto err;
+				}
+			if (!ASN1_STRING_set(si->enc_digest,
+				(unsigned char *)buf->data,buf->length))
+				{
+				PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_ASN1_LIB);
+				goto err;
+				}
+			}
+		}
+
+	if (!p7->detached)
+		{
+		btmp=BIO_find_type(bio,BIO_TYPE_MEM);
+		if (btmp == NULL)
+			{
+			PKCS7err(PKCS7_F_PKCS7_DATASIGN,PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
+			goto err;
+			}
+		BIO_get_mem_ptr(btmp,&buf_mem);
+		ASN1_OCTET_STRING_set(os,
+			(unsigned char *)buf_mem->data,buf_mem->length);
+		}
+	if (pp != NULL) Free(pp);
+	pp=NULL;
+
+	ret=1;
+err:
+	if (buf != NULL) BUF_MEM_free(buf);
+	return(ret);
+	}
+
+int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, BIO *bio,
+	     PKCS7 *p7, PKCS7_SIGNER_INFO *si)
+	{
+	PKCS7_ISSUER_AND_SERIAL *ias;
+	int ret=0,i;
+	STACK_OF(X509) *cert;
+	X509 *x509;
+
+	if (PKCS7_type_is_signed(p7))
+		{
+		cert=p7->d.sign->cert;
+		}
+	else if (PKCS7_type_is_signedAndEnveloped(p7))
+		{
+		cert=p7->d.signed_and_enveloped->cert;
+		}
+	else
+		{
+		PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,PKCS7_R_WRONG_PKCS7_TYPE);
+		goto err;
+		}
+	/* XXXXXXXXXXXXXXXXXXXXXXX */
+	ias=si->issuer_and_serial;
+
+	x509=X509_find_by_issuer_and_serial(cert,ias->issuer,ias->serial);
+
+	/* were we able to find the cert in passed to us */
+	if (x509 == NULL)
+		{
+		PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,PKCS7_R_UNABLE_TO_FIND_CERTIFICATE);
+		goto err;
+		}
+
+	/* Lets verify */
+	X509_STORE_CTX_init(ctx,cert_store,x509,cert);
+	i=X509_verify_cert(ctx);
+	if (i <= 0) 
+		{
+		PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,ERR_R_X509_LIB);
+		goto err;
+		}
+	X509_STORE_CTX_cleanup(ctx);
+
+	return PKCS7_signatureVerify(bio, p7, si, x509);
+	err:
+	return ret;
+	}
+
+int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
+								X509 *x509)
+	{
+	ASN1_OCTET_STRING *os;
+	EVP_MD_CTX mdc_tmp,*mdc;
+	unsigned char *pp,*p;
+	int ret=0,i;
+	int md_type;
+	STACK_OF(X509_ATTRIBUTE) *sk;
+	BIO *btmp;
+	EVP_PKEY *pkey;
+
+	if (!PKCS7_type_is_signed(p7) && 
+				!PKCS7_type_is_signedAndEnveloped(p7)) {
+		PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
+						PKCS7_R_WRONG_PKCS7_TYPE);
+		goto err;
+	}
+
+	md_type=OBJ_obj2nid(si->digest_alg->algorithm);
+
+	btmp=bio;
+	for (;;)
+		{
+		if ((btmp == NULL) ||
+			((btmp=BIO_find_type(btmp,BIO_TYPE_MD)) == NULL))
+			{
+			PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
+					PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
+			goto err;
+			}
+		BIO_get_md_ctx(btmp,&mdc);
+		if (mdc == NULL)
+			{
+			PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
+							PKCS7_R_INTERNAL_ERROR);
+			goto err;
+			}
+		if (EVP_MD_type(EVP_MD_CTX_type(mdc)) == md_type)
+			break;
+		btmp=btmp->next_bio;	
+		}
+
+	/* mdc is the digest ctx that we want, unless there are attributes,
+	 * in which case the digest is the signed attributes */
+	memcpy(&mdc_tmp,mdc,sizeof(mdc_tmp));
+
+	sk=si->auth_attr;
+	if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0))
+		{
+		unsigned char md_dat[EVP_MAX_MD_SIZE];
+                unsigned int md_len;
+		ASN1_OCTET_STRING *message_digest;
+
+		EVP_DigestFinal(&mdc_tmp,md_dat,&md_len);
+		message_digest=PKCS7_digest_from_attributes(sk);
+		if (!message_digest)
+			{
+			PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
+					PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
+			goto err;
+			}
+		if ((message_digest->length != (int)md_len) ||
+			(memcmp(message_digest->data,md_dat,md_len)))
+			{
+#if 0
+{
+int ii;
+for (ii=0; iilength; ii++)
+	printf("%02X",message_digest->data[ii]); printf(" sent\n");
+for (ii=0; iienc_digest;
+	pkey = X509_get_pubkey(x509);
+	if(pkey->type == EVP_PKEY_DSA) mdc_tmp.digest=EVP_dss1();
+
+	i=EVP_VerifyFinal(&mdc_tmp,os->data,os->length, pkey);
+	EVP_PKEY_free(pkey);
+	if (i <= 0)
+		{
+		PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
+						PKCS7_R_SIGNATURE_FAILURE);
+		ret= -1;
+		goto err;
+		}
+	else
+		ret=1;
+err:
+	return(ret);
+	}
+
+PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx)
+	{
+	STACK_OF(PKCS7_RECIP_INFO) *rsk;
+	PKCS7_RECIP_INFO *ri;
+	int i;
+
+	i=OBJ_obj2nid(p7->type);
+	if (i != NID_pkcs7_signedAndEnveloped) return(NULL);
+	rsk=p7->d.signed_and_enveloped->recipientinfo;
+	ri=sk_PKCS7_RECIP_INFO_value(rsk,0);
+	if (sk_PKCS7_RECIP_INFO_num(rsk) <= idx) return(NULL);
+	ri=sk_PKCS7_RECIP_INFO_value(rsk,idx);
+	return(ri->issuer_and_serial);
+	}
+
+ASN1_TYPE *PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid)
+	{
+	return(get_attribute(si->auth_attr,nid));
+	}
+
+ASN1_TYPE *PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid)
+	{
+	return(get_attribute(si->unauth_attr,nid));
+	}
+
+static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid)
+	{
+	int i;
+	X509_ATTRIBUTE *xa;
+	ASN1_OBJECT *o;
+
+	o=OBJ_nid2obj(nid);
+	if (!o || !sk) return(NULL);
+	for (i=0; iobject,o) == 0)
+			{
+			if (xa->set && sk_ASN1_TYPE_num(xa->value.set))
+				return(sk_ASN1_TYPE_value(xa->value.set,0));
+			else
+				return(NULL);
+			}
+		}
+	return(NULL);
+	}
+
+ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk)
+{
+	ASN1_TYPE *astype;
+	if(!(astype = get_attribute(sk, NID_pkcs9_messageDigest))) return NULL;
+	return astype->value.octet_string;
+}
+
+int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si,
+				STACK_OF(X509_ATTRIBUTE) *sk)
+	{
+	int i;
+
+	if (p7si->auth_attr != NULL)
+		sk_X509_ATTRIBUTE_pop_free(p7si->auth_attr,X509_ATTRIBUTE_free);
+	p7si->auth_attr=sk_X509_ATTRIBUTE_dup(sk);
+	for (i=0; iauth_attr,i,
+			X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value(sk,i))))
+		    == NULL)
+			return(0);
+		}
+	return(1);
+	}
+
+int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si, STACK_OF(X509_ATTRIBUTE) *sk)
+	{
+	int i;
+
+	if (p7si->unauth_attr != NULL)
+		sk_X509_ATTRIBUTE_pop_free(p7si->unauth_attr,
+					   X509_ATTRIBUTE_free);
+	p7si->unauth_attr=sk_X509_ATTRIBUTE_dup(sk);
+	for (i=0; iunauth_attr,i,
+                        X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value(sk,i))))
+		    == NULL)
+			return(0);
+		}
+	return(1);
+	}
+
+int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,
+	     void *value)
+	{
+	return(add_attribute(&(p7si->auth_attr),nid,atrtype,value));
+	}
+
+int PKCS7_add_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,
+	     void *value)
+	{
+	return(add_attribute(&(p7si->unauth_attr),nid,atrtype,value));
+	}
+
+static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,
+			 void *value)
+	{
+	X509_ATTRIBUTE *attr=NULL;
+
+	if (*sk == NULL)
+		{
+		*sk = sk_X509_ATTRIBUTE_new(NULL);
+new_attrib:
+		attr=X509_ATTRIBUTE_create(nid,atrtype,value);
+		sk_X509_ATTRIBUTE_push(*sk,attr);
+		}
+	else
+		{
+		int i;
+
+		for (i=0; iobject) == nid)
+				{
+				X509_ATTRIBUTE_free(attr);
+				attr=X509_ATTRIBUTE_create(nid,atrtype,value);
+				sk_X509_ATTRIBUTE_set(*sk,i,attr);
+				goto end;
+				}
+			}
+		goto new_attrib;
+		}
+end:
+	return(1);
+	}
+
diff --git a/crypto/openssl/crypto/pkcs7/pk7_enc.c b/crypto/openssl/crypto/pkcs7/pk7_enc.c
new file mode 100644
index 000000000000..acbb189c59af
--- /dev/null
+++ b/crypto/openssl/crypto/pkcs7/pk7_enc.c
@@ -0,0 +1,76 @@
+/* crypto/pkcs7/pk7_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+#include 
+#include 
+
+PKCS7_in_bio(PKCS7 *p7,BIO *in);
+PKCS7_out_bio(PKCS7 *p7,BIO *out);
+
+PKCS7_add_signer(PKCS7 *p7,X509 *cert,EVP_PKEY *key);
+PKCS7_cipher(PKCS7 *p7,EVP_CIPHER *cipher);
+
+PKCS7_Init(PKCS7 *p7);
+PKCS7_Update(PKCS7 *p7);
+PKCS7_Finish(PKCS7 *p7);
+
diff --git a/crypto/openssl/crypto/pkcs7/pk7_lib.c b/crypto/openssl/crypto/pkcs7/pk7_lib.c
new file mode 100644
index 000000000000..8b863d05583e
--- /dev/null
+++ b/crypto/openssl/crypto/pkcs7/pk7_lib.c
@@ -0,0 +1,449 @@
+/* crypto/pkcs7/pk7_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+
+long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg)
+	{
+	int nid;
+	long ret;
+
+	nid=OBJ_obj2nid(p7->type);
+
+	switch (cmd)
+		{
+	case PKCS7_OP_SET_DETACHED_SIGNATURE:
+		if (nid == NID_pkcs7_signed)
+			{
+			ret=p7->detached=(int)larg;
+			}
+		else
+			{
+			PKCS7err(PKCS7_F_PKCS7_CTRL,PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE);
+			ret=0;
+			}
+		break;
+	case PKCS7_OP_GET_DETACHED_SIGNATURE:
+		if (nid == NID_pkcs7_signed)
+			{
+			ret=p7->detached;
+			}
+		else
+			{
+			PKCS7err(PKCS7_F_PKCS7_CTRL,PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE);
+			ret=0;
+			}
+			
+		break;
+	default:
+		PKCS7err(PKCS7_F_PKCS7_CTRL,PKCS7_R_UNKNOWN_OPERATION);
+		ret=0;
+		}
+	return(ret);
+	}
+
+int PKCS7_content_new(PKCS7 *p7, int type)
+	{
+	PKCS7 *ret=NULL;
+
+	if ((ret=PKCS7_new()) == NULL) goto err;
+	if (!PKCS7_set_type(ret,type)) goto err;
+	if (!PKCS7_set_content(p7,ret)) goto err;
+
+	return(1);
+err:
+	if (ret != NULL) PKCS7_free(ret);
+	return(0);
+	}
+
+int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data)
+	{
+	int i;
+
+	i=OBJ_obj2nid(p7->type);
+	switch (i)
+		{
+	case NID_pkcs7_signed:
+		if (p7->d.sign->contents != NULL)
+			PKCS7_content_free(p7->d.sign->contents);
+		p7->d.sign->contents=p7_data;
+		break;
+	case NID_pkcs7_digest:
+	case NID_pkcs7_data:
+	case NID_pkcs7_enveloped:
+	case NID_pkcs7_signedAndEnveloped:
+	case NID_pkcs7_encrypted:
+	default:
+		PKCS7err(PKCS7_F_PKCS7_SET_CONTENT,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
+		goto err;
+		}
+	return(1);
+err:
+	return(0);
+	}
+
+int PKCS7_set_type(PKCS7 *p7, int type)
+	{
+	ASN1_OBJECT *obj;
+
+	PKCS7_content_free(p7);
+	obj=OBJ_nid2obj(type); /* will not fail */
+
+	switch (type)
+		{
+	case NID_pkcs7_signed:
+		p7->type=obj;
+		if ((p7->d.sign=PKCS7_SIGNED_new()) == NULL)
+			goto err;
+		ASN1_INTEGER_set(p7->d.sign->version,1);
+		break;
+	case NID_pkcs7_data:
+		p7->type=obj;
+		if ((p7->d.data=ASN1_OCTET_STRING_new()) == NULL)
+			goto err;
+		break;
+	case NID_pkcs7_signedAndEnveloped:
+		p7->type=obj;
+		if ((p7->d.signed_and_enveloped=PKCS7_SIGN_ENVELOPE_new())
+			== NULL) goto err;
+		ASN1_INTEGER_set(p7->d.signed_and_enveloped->version,1);
+/*		p7->d.signed_and_enveloped->enc_data->content_type=
+			OBJ_nid2obj(NID_pkcs7_encrypted);*/
+			
+		break;
+	case NID_pkcs7_enveloped:
+		p7->type=obj;
+		if ((p7->d.enveloped=PKCS7_ENVELOPE_new())
+			== NULL) goto err;
+		ASN1_INTEGER_set(p7->d.enveloped->version,0);
+		break;
+	case NID_pkcs7_digest:
+	case NID_pkcs7_encrypted:
+	default:
+		PKCS7err(PKCS7_F_PKCS7_SET_TYPE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
+		goto err;
+		}
+	return(1);
+err:
+	return(0);
+	}
+
+int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *psi)
+	{
+	int i,j,nid;
+	X509_ALGOR *alg;
+	STACK_OF(PKCS7_SIGNER_INFO) *signer_sk;
+	STACK_OF(X509_ALGOR) *md_sk;
+
+	i=OBJ_obj2nid(p7->type);
+	switch (i)
+		{
+	case NID_pkcs7_signed:
+		signer_sk=	p7->d.sign->signer_info;
+		md_sk=		p7->d.sign->md_algs;
+		break;
+	case NID_pkcs7_signedAndEnveloped:
+		signer_sk=	p7->d.signed_and_enveloped->signer_info;
+		md_sk=		p7->d.signed_and_enveloped->md_algs;
+		break;
+	default:
+		PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER,PKCS7_R_WRONG_CONTENT_TYPE);
+		return(0);
+		}
+
+	nid=OBJ_obj2nid(psi->digest_alg->algorithm);
+
+	/* If the digest is not currently listed, add it */
+	j=0;
+	for (i=0; ialgorithm) == nid)
+			{
+			j=1;
+			break;
+			}
+		}
+	if (!j) /* we need to add another algorithm */
+		{
+		alg=X509_ALGOR_new();
+		alg->algorithm=OBJ_nid2obj(nid);
+		sk_X509_ALGOR_push(md_sk,alg);
+		}
+
+	sk_PKCS7_SIGNER_INFO_push(signer_sk,psi);
+	return(1);
+	}
+
+int PKCS7_add_certificate(PKCS7 *p7, X509 *x509)
+	{
+	int i;
+	STACK_OF(X509) **sk;
+
+	i=OBJ_obj2nid(p7->type);
+	switch (i)
+		{
+	case NID_pkcs7_signed:
+		sk= &(p7->d.sign->cert);
+		break;
+	case NID_pkcs7_signedAndEnveloped:
+		sk= &(p7->d.signed_and_enveloped->cert);
+		break;
+	default:
+		PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE,PKCS7_R_WRONG_CONTENT_TYPE);
+		return(0);
+		}
+
+	if (*sk == NULL)
+		*sk=sk_X509_new_null();
+	CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509);
+	sk_X509_push(*sk,x509);
+	return(1);
+	}
+
+int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl)
+	{
+	int i;
+	STACK_OF(X509_CRL) **sk;
+
+	i=OBJ_obj2nid(p7->type);
+	switch (i)
+		{
+	case NID_pkcs7_signed:
+		sk= &(p7->d.sign->crl);
+		break;
+	case NID_pkcs7_signedAndEnveloped:
+		sk= &(p7->d.signed_and_enveloped->crl);
+		break;
+	default:
+		PKCS7err(PKCS7_F_PKCS7_ADD_CRL,PKCS7_R_WRONG_CONTENT_TYPE);
+		return(0);
+		}
+
+	if (*sk == NULL)
+		*sk=sk_X509_CRL_new_null();
+
+	CRYPTO_add(&crl->references,1,CRYPTO_LOCK_X509_CRL);
+	sk_X509_CRL_push(*sk,crl);
+	return(1);
+	}
+
+int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
+	     EVP_MD *dgst)
+	{
+	/* We now need to add another PKCS7_SIGNER_INFO entry */
+	ASN1_INTEGER_set(p7i->version,1);
+	X509_NAME_set(&p7i->issuer_and_serial->issuer,
+		X509_get_issuer_name(x509));
+
+	/* because ASN1_INTEGER_set is used to set a 'long' we will do
+	 * things the ugly way. */
+	ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
+	p7i->issuer_and_serial->serial=
+		ASN1_INTEGER_dup(X509_get_serialNumber(x509));
+
+	/* lets keep the pkey around for a while */
+	CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
+	p7i->pkey=pkey;
+
+	/* Set the algorithms */
+	if (pkey->type == EVP_PKEY_DSA)
+		p7i->digest_alg->algorithm=OBJ_nid2obj(NID_sha1);
+	else	
+		p7i->digest_alg->algorithm=OBJ_nid2obj(EVP_MD_type(dgst));
+
+	if (p7i->digest_alg->parameter != NULL)
+		ASN1_TYPE_free(p7i->digest_alg->parameter);
+	if ((p7i->digest_alg->parameter=ASN1_TYPE_new()) == NULL)
+		goto err;
+	p7i->digest_alg->parameter->type=V_ASN1_NULL;
+
+	p7i->digest_enc_alg->algorithm=OBJ_nid2obj(EVP_PKEY_type(pkey->type));
+
+	if (p7i->digest_enc_alg->parameter != NULL)
+		ASN1_TYPE_free(p7i->digest_enc_alg->parameter);
+	if ((p7i->digest_enc_alg->parameter=ASN1_TYPE_new()) == NULL)
+		goto err;
+	p7i->digest_enc_alg->parameter->type=V_ASN1_NULL;
+
+	return(1);
+err:
+	return(0);
+	}
+
+PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, EVP_PKEY *pkey,
+	     EVP_MD *dgst)
+	{
+	PKCS7_SIGNER_INFO *si;
+
+	if ((si=PKCS7_SIGNER_INFO_new()) == NULL) goto err;
+	if (!PKCS7_SIGNER_INFO_set(si,x509,pkey,dgst)) goto err;
+	if (!PKCS7_add_signer(p7,si)) goto err;
+	return(si);
+err:
+	return(NULL);
+	}
+
+STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7)
+	{
+	if (PKCS7_type_is_signed(p7))
+		{
+		return(p7->d.sign->signer_info);
+		}
+	else if (PKCS7_type_is_signedAndEnveloped(p7))
+		{
+		return(p7->d.signed_and_enveloped->signer_info);
+		}
+	else
+		return(NULL);
+	}
+
+PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509)
+	{
+	PKCS7_RECIP_INFO *ri;
+
+	if ((ri=PKCS7_RECIP_INFO_new()) == NULL) goto err;
+	if (!PKCS7_RECIP_INFO_set(ri,x509)) goto err;
+	if (!PKCS7_add_recipient_info(p7,ri)) goto err;
+	return(ri);
+err:
+	return(NULL);
+	}
+
+int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri)
+	{
+	int i;
+	STACK_OF(PKCS7_RECIP_INFO) *sk;
+
+	i=OBJ_obj2nid(p7->type);
+	switch (i)
+		{
+	case NID_pkcs7_signedAndEnveloped:
+		sk=	p7->d.signed_and_enveloped->recipientinfo;
+		break;
+	case NID_pkcs7_enveloped:
+		sk=	p7->d.enveloped->recipientinfo;
+		break;
+	default:
+		PKCS7err(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO,PKCS7_R_WRONG_CONTENT_TYPE);
+		return(0);
+		}
+
+	sk_PKCS7_RECIP_INFO_push(sk,ri);
+	return(1);
+	}
+
+int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509)
+	{
+	ASN1_INTEGER_set(p7i->version,0);
+	X509_NAME_set(&p7i->issuer_and_serial->issuer,
+		X509_get_issuer_name(x509));
+
+	ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
+	p7i->issuer_and_serial->serial=
+		ASN1_INTEGER_dup(X509_get_serialNumber(x509));
+
+	X509_ALGOR_free(p7i->key_enc_algor);
+	p7i->key_enc_algor=(X509_ALGOR *)ASN1_dup(i2d_X509_ALGOR,
+		(char *(*)())d2i_X509_ALGOR,
+		(char *)x509->cert_info->key->algor);
+
+	CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509);
+	p7i->cert=x509;
+
+	return(1);
+	}
+
+X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si)
+	{
+	if (PKCS7_type_is_signed(p7))
+		return(X509_find_by_issuer_and_serial(p7->d.sign->cert,
+			si->issuer_and_serial->issuer,
+			si->issuer_and_serial->serial));
+	else
+		return(NULL);
+	}
+
+int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher)
+	{
+	int i;
+	PKCS7_ENC_CONTENT *ec;
+
+	i=OBJ_obj2nid(p7->type);
+	switch (i)
+		{
+	case NID_pkcs7_signedAndEnveloped:
+		ec=p7->d.signed_and_enveloped->enc_data;
+		break;
+	case NID_pkcs7_enveloped:
+		ec=p7->d.enveloped->enc_data;
+		break;
+	default:
+		PKCS7err(PKCS7_F_PKCS7_SET_CIPHER,PKCS7_R_WRONG_CONTENT_TYPE);
+		return(0);
+		}
+
+	/* Setup cipher OID */
+
+	ec->cipher = cipher;
+	return 1;
+	}
+
diff --git a/crypto/openssl/crypto/pkcs7/pkcs7.h b/crypto/openssl/crypto/pkcs7/pkcs7.h
new file mode 100644
index 000000000000..c42bd6d391fe
--- /dev/null
+++ b/crypto/openssl/crypto/pkcs7/pkcs7.h
@@ -0,0 +1,417 @@
+/* crypto/pkcs7/pkcs7.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_PKCS7_H
+#define HEADER_PKCS7_H
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#include 
+#include 
+
+#ifdef VMS
+#include 
+#endif
+
+#ifdef WIN32
+/* Under Win32 this is defined in wincrypt.h */
+#undef PKCS7_ISSUER_AND_SERIAL
+#endif
+
+/*
+Encryption_ID		DES-CBC
+Digest_ID		MD5
+Digest_Encryption_ID	rsaEncryption
+Key_Encryption_ID	rsaEncryption
+*/
+
+typedef struct pkcs7_issuer_and_serial_st
+	{
+	X509_NAME *issuer;
+	ASN1_INTEGER *serial;
+	} PKCS7_ISSUER_AND_SERIAL;
+
+typedef struct pkcs7_signer_info_st
+	{
+	ASN1_INTEGER 			*version;	/* version 1 */
+	PKCS7_ISSUER_AND_SERIAL		*issuer_and_serial;
+	X509_ALGOR			*digest_alg;
+	STACK_OF(X509_ATTRIBUTE)	*auth_attr;	/* [ 0 ] */
+	X509_ALGOR			*digest_enc_alg;
+	ASN1_OCTET_STRING		*enc_digest;
+	STACK_OF(X509_ATTRIBUTE)	*unauth_attr;	/* [ 1 ] */
+
+	/* The private key to sign with */
+	EVP_PKEY			*pkey;
+	} PKCS7_SIGNER_INFO;
+
+DECLARE_STACK_OF(PKCS7_SIGNER_INFO)
+DECLARE_ASN1_SET_OF(PKCS7_SIGNER_INFO)
+
+typedef struct pkcs7_recip_info_st
+	{
+	ASN1_INTEGER			*version;	/* version 0 */
+	PKCS7_ISSUER_AND_SERIAL		*issuer_and_serial;
+	X509_ALGOR			*key_enc_algor;
+	ASN1_OCTET_STRING		*enc_key;
+	X509				*cert; /* get the pub-key from this */
+	} PKCS7_RECIP_INFO;
+
+DECLARE_STACK_OF(PKCS7_RECIP_INFO)
+DECLARE_ASN1_SET_OF(PKCS7_RECIP_INFO)
+
+typedef struct pkcs7_signed_st
+	{
+	ASN1_INTEGER			*version;	/* version 1 */
+	STACK_OF(X509_ALGOR)		*md_algs;	/* md used */
+	STACK_OF(X509)			*cert;		/* [ 0 ] */
+	STACK_OF(X509_CRL)		*crl;		/* [ 1 ] */
+	STACK_OF(PKCS7_SIGNER_INFO)	*signer_info;
+
+	struct pkcs7_st			*contents;
+	} PKCS7_SIGNED;
+/* The above structure is very very similar to PKCS7_SIGN_ENVELOPE.
+ * How about merging the two */
+
+typedef struct pkcs7_enc_content_st
+	{
+	ASN1_OBJECT			*content_type;
+	X509_ALGOR			*algorithm;
+	ASN1_OCTET_STRING		*enc_data;	/* [ 0 ] */
+	const EVP_CIPHER		*cipher;
+	} PKCS7_ENC_CONTENT;
+
+typedef struct pkcs7_enveloped_st
+	{
+	ASN1_INTEGER			*version;	/* version 0 */
+	STACK_OF(PKCS7_RECIP_INFO)	*recipientinfo;
+	PKCS7_ENC_CONTENT		*enc_data;
+	} PKCS7_ENVELOPE;
+
+typedef struct pkcs7_signedandenveloped_st
+	{
+	ASN1_INTEGER			*version;	/* version 1 */
+	STACK_OF(X509_ALGOR)		*md_algs;	/* md used */
+	STACK_OF(X509)			*cert;		/* [ 0 ] */
+	STACK_OF(X509_CRL)		*crl;		/* [ 1 ] */
+	STACK_OF(PKCS7_SIGNER_INFO)	*signer_info;
+
+	PKCS7_ENC_CONTENT		*enc_data;
+	STACK_OF(PKCS7_RECIP_INFO)	*recipientinfo;
+	} PKCS7_SIGN_ENVELOPE;
+
+typedef struct pkcs7_digest_st
+	{
+	ASN1_INTEGER			*version;	/* version 0 */
+	X509_ALGOR			*md;		/* md used */
+	struct pkcs7_st 		*contents;
+	ASN1_OCTET_STRING		*digest;
+	} PKCS7_DIGEST;
+
+typedef struct pkcs7_encrypted_st
+	{
+	ASN1_INTEGER			*version;	/* version 0 */
+	PKCS7_ENC_CONTENT		*enc_data;
+	} PKCS7_ENCRYPT;
+
+typedef struct pkcs7_st
+	{
+	/* The following is non NULL if it contains ASN1 encoding of
+	 * this structure */
+	unsigned char *asn1;
+	long length;
+
+#define PKCS7_S_HEADER	0
+#define PKCS7_S_BODY	1
+#define PKCS7_S_TAIL	2
+	int state; /* used during processing */
+
+	int detached;
+
+	ASN1_OBJECT *type;
+	/* content as defined by the type */
+	/* all encryption/message digests are applied to the 'contents',
+	 * leaving out the 'type' field. */
+	union	{
+		char *ptr;
+
+		/* NID_pkcs7_data */
+		ASN1_OCTET_STRING *data;
+
+		/* NID_pkcs7_signed */
+		PKCS7_SIGNED *sign;
+
+		/* NID_pkcs7_enveloped */
+		PKCS7_ENVELOPE *enveloped;
+
+		/* NID_pkcs7_signedAndEnveloped */
+		PKCS7_SIGN_ENVELOPE *signed_and_enveloped;
+
+		/* NID_pkcs7_digest */
+		PKCS7_DIGEST *digest;
+
+		/* NID_pkcs7_encrypted */
+		PKCS7_ENCRYPT *encrypted;
+		} d;
+	} PKCS7;
+
+#define PKCS7_OP_SET_DETACHED_SIGNATURE	1
+#define PKCS7_OP_GET_DETACHED_SIGNATURE	2
+
+#define PKCS7_get_signed_attributes(si)	((si)->auth_attr)
+#define PKCS7_get_attributes(si)	((si)->unauth_attr)
+
+#define PKCS7_type_is_signed(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_signed)
+#define PKCS7_type_is_signedAndEnveloped(a) \
+		(OBJ_obj2nid((a)->type) == NID_pkcs7_signedAndEnveloped)
+#define PKCS7_type_is_data(a)   (OBJ_obj2nid((a)->type) == NID_pkcs7_data)
+
+#define PKCS7_set_detached(p,v) \
+		PKCS7_ctrl(p,PKCS7_OP_SET_DETACHED_SIGNATURE,v,NULL)
+#define PKCS7_get_detached(p) \
+		PKCS7_ctrl(p,PKCS7_OP_GET_DETACHED_SIGNATURE,0,NULL)
+
+#ifdef SSLEAY_MACROS
+#ifndef PKCS7_ISSUER_AND_SERIAL_digest
+#define PKCS7_ISSUER_AND_SERIAL_digest(data,type,md,len) \
+        ASN1_digest((int (*)())i2d_PKCS7_ISSUER_AND_SERIAL,type,\
+	                (char *)data,md,len)
+#endif
+#endif
+
+
+PKCS7_ISSUER_AND_SERIAL *PKCS7_ISSUER_AND_SERIAL_new(void );
+void			PKCS7_ISSUER_AND_SERIAL_free(
+				PKCS7_ISSUER_AND_SERIAL *a);
+int 			i2d_PKCS7_ISSUER_AND_SERIAL(
+				PKCS7_ISSUER_AND_SERIAL *a,unsigned char **pp);
+PKCS7_ISSUER_AND_SERIAL *d2i_PKCS7_ISSUER_AND_SERIAL(
+				PKCS7_ISSUER_AND_SERIAL **a,
+				unsigned char **pp, long length);
+
+#ifndef SSLEAY_MACROS
+int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data,EVP_MD *type,
+	unsigned char *md,unsigned int *len);
+#ifndef NO_FP_API
+PKCS7 *d2i_PKCS7_fp(FILE *fp,PKCS7 **p7);
+int i2d_PKCS7_fp(FILE *fp,PKCS7 *p7);
+#endif
+PKCS7 *PKCS7_dup(PKCS7 *p7);
+PKCS7 *d2i_PKCS7_bio(BIO *bp,PKCS7 **p7);
+int i2d_PKCS7_bio(BIO *bp,PKCS7 *p7);
+#endif
+
+PKCS7_SIGNER_INFO	*PKCS7_SIGNER_INFO_new(void);
+void			PKCS7_SIGNER_INFO_free(PKCS7_SIGNER_INFO *a);
+int 			i2d_PKCS7_SIGNER_INFO(PKCS7_SIGNER_INFO *a,
+				unsigned char **pp);
+PKCS7_SIGNER_INFO	*d2i_PKCS7_SIGNER_INFO(PKCS7_SIGNER_INFO **a,
+				unsigned char **pp,long length);
+
+PKCS7_RECIP_INFO	*PKCS7_RECIP_INFO_new(void);
+void			PKCS7_RECIP_INFO_free(PKCS7_RECIP_INFO *a);
+int 			i2d_PKCS7_RECIP_INFO(PKCS7_RECIP_INFO *a,
+				unsigned char **pp);
+PKCS7_RECIP_INFO	*d2i_PKCS7_RECIP_INFO(PKCS7_RECIP_INFO **a,
+				unsigned char **pp,long length);
+
+PKCS7_SIGNED		*PKCS7_SIGNED_new(void);
+void			PKCS7_SIGNED_free(PKCS7_SIGNED *a);
+int 			i2d_PKCS7_SIGNED(PKCS7_SIGNED *a,
+				unsigned char **pp);
+PKCS7_SIGNED		*d2i_PKCS7_SIGNED(PKCS7_SIGNED **a,
+				unsigned char **pp,long length);
+
+PKCS7_ENC_CONTENT	*PKCS7_ENC_CONTENT_new(void);
+void			PKCS7_ENC_CONTENT_free(PKCS7_ENC_CONTENT *a);
+int 			i2d_PKCS7_ENC_CONTENT(PKCS7_ENC_CONTENT *a,
+				unsigned char **pp);
+PKCS7_ENC_CONTENT	*d2i_PKCS7_ENC_CONTENT(PKCS7_ENC_CONTENT **a,
+				unsigned char **pp,long length);
+
+PKCS7_ENVELOPE		*PKCS7_ENVELOPE_new(void);
+void			PKCS7_ENVELOPE_free(PKCS7_ENVELOPE *a);
+int 			i2d_PKCS7_ENVELOPE(PKCS7_ENVELOPE *a,
+				unsigned char **pp);
+PKCS7_ENVELOPE		*d2i_PKCS7_ENVELOPE(PKCS7_ENVELOPE **a,
+				unsigned char **pp,long length);
+
+PKCS7_SIGN_ENVELOPE	*PKCS7_SIGN_ENVELOPE_new(void);
+void			PKCS7_SIGN_ENVELOPE_free(PKCS7_SIGN_ENVELOPE *a);
+int 			i2d_PKCS7_SIGN_ENVELOPE(PKCS7_SIGN_ENVELOPE *a,
+				unsigned char **pp);
+PKCS7_SIGN_ENVELOPE	*d2i_PKCS7_SIGN_ENVELOPE(PKCS7_SIGN_ENVELOPE **a,
+				unsigned char **pp,long length);
+
+PKCS7_DIGEST		*PKCS7_DIGEST_new(void);
+void			PKCS7_DIGEST_free(PKCS7_DIGEST *a);
+int 			i2d_PKCS7_DIGEST(PKCS7_DIGEST *a,
+				unsigned char **pp);
+PKCS7_DIGEST		*d2i_PKCS7_DIGEST(PKCS7_DIGEST **a,
+				unsigned char **pp,long length);
+
+PKCS7_ENCRYPT		*PKCS7_ENCRYPT_new(void);
+void			PKCS7_ENCRYPT_free(PKCS7_ENCRYPT *a);
+int 			i2d_PKCS7_ENCRYPT(PKCS7_ENCRYPT *a,
+				unsigned char **pp);
+PKCS7_ENCRYPT		*d2i_PKCS7_ENCRYPT(PKCS7_ENCRYPT **a,
+				unsigned char **pp,long length);
+
+PKCS7			*PKCS7_new(void);
+void			PKCS7_free(PKCS7 *a);
+void			PKCS7_content_free(PKCS7 *a);
+int 			i2d_PKCS7(PKCS7 *a,
+				unsigned char **pp);
+PKCS7			*d2i_PKCS7(PKCS7 **a,
+				unsigned char **pp,long length);
+
+void ERR_load_PKCS7_strings(void);
+
+
+long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg);
+
+int PKCS7_set_type(PKCS7 *p7, int type);
+int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data);
+int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
+	EVP_MD *dgst);
+int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i);
+int PKCS7_add_certificate(PKCS7 *p7, X509 *x509);
+int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509);
+int PKCS7_content_new(PKCS7 *p7, int nid);
+int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx,
+	BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si); 
+int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
+								X509 *x509);
+
+BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio);
+int PKCS7_dataFinal(PKCS7 *p7, BIO *bio);
+BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert);
+
+
+PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509,
+	EVP_PKEY *pkey, EVP_MD *dgst);
+X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si);
+STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7);
+
+PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509);
+int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri);
+int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509);
+int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher);
+
+PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx);
+ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk);
+int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si,int nid,int type,
+	void *data);
+int PKCS7_add_attribute (PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,
+	void *value);
+ASN1_TYPE *PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid);
+ASN1_TYPE *PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid);
+int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si,
+				STACK_OF(X509_ATTRIBUTE) *sk);
+int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si,STACK_OF(X509_ATTRIBUTE) *sk);
+
+
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+
+/* Error codes for the PKCS7 functions. */
+
+/* Function codes. */
+#define PKCS7_F_PKCS7_ADD_CERTIFICATE			 100
+#define PKCS7_F_PKCS7_ADD_CRL				 101
+#define PKCS7_F_PKCS7_ADD_RECIPIENT_INFO		 102
+#define PKCS7_F_PKCS7_ADD_SIGNER			 103
+#define PKCS7_F_PKCS7_CTRL				 104
+#define PKCS7_F_PKCS7_DATADECODE			 112
+#define PKCS7_F_PKCS7_DATAINIT				 105
+#define PKCS7_F_PKCS7_DATASIGN				 106
+#define PKCS7_F_PKCS7_DATAVERIFY			 107
+#define PKCS7_F_PKCS7_SET_CIPHER			 108
+#define PKCS7_F_PKCS7_SET_CONTENT			 109
+#define PKCS7_F_PKCS7_SET_TYPE				 110
+#define PKCS7_F_PKCS7_SIGNATUREVERIFY			 113
+
+/* Reason codes. */
+#define PKCS7_R_CIPHER_NOT_INITIALIZED			 116
+#define PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH		 100
+#define PKCS7_R_DIGEST_FAILURE				 101
+#define PKCS7_R_INTERNAL_ERROR				 102
+#define PKCS7_R_MISSING_CERIPEND_INFO			 103
+#define PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE	 115
+#define PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE	 104
+#define PKCS7_R_SIGNATURE_FAILURE			 105
+#define PKCS7_R_UNABLE_TO_FIND_CERTIFICATE		 106
+#define PKCS7_R_UNABLE_TO_FIND_MEM_BIO			 107
+#define PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST		 108
+#define PKCS7_R_UNKNOWN_DIGEST_TYPE			 109
+#define PKCS7_R_UNKNOWN_OPERATION			 110
+#define PKCS7_R_UNSUPPORTED_CIPHER_TYPE			 111
+#define PKCS7_R_UNSUPPORTED_CONTENT_TYPE		 112
+#define PKCS7_R_WRONG_CONTENT_TYPE			 113
+#define PKCS7_R_WRONG_PKCS7_TYPE			 114
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
+
diff --git a/crypto/openssl/crypto/pkcs7/pkcs7err.c b/crypto/openssl/crypto/pkcs7/pkcs7err.c
new file mode 100644
index 000000000000..82be3c2ca1e7
--- /dev/null
+++ b/crypto/openssl/crypto/pkcs7/pkcs7err.c
@@ -0,0 +1,121 @@
+/* crypto/pkcs7/pkcs7err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file.
+ */
+
+#include 
+#include 
+#include 
+
+/* BEGIN ERROR CODES */
+#ifndef NO_ERR
+static ERR_STRING_DATA PKCS7_str_functs[]=
+	{
+{ERR_PACK(0,PKCS7_F_PKCS7_ADD_CERTIFICATE,0),	"PKCS7_add_certificate"},
+{ERR_PACK(0,PKCS7_F_PKCS7_ADD_CRL,0),	"PKCS7_add_crl"},
+{ERR_PACK(0,PKCS7_F_PKCS7_ADD_RECIPIENT_INFO,0),	"PKCS7_add_recipient_info"},
+{ERR_PACK(0,PKCS7_F_PKCS7_ADD_SIGNER,0),	"PKCS7_add_signer"},
+{ERR_PACK(0,PKCS7_F_PKCS7_CTRL,0),	"PKCS7_ctrl"},
+{ERR_PACK(0,PKCS7_F_PKCS7_DATADECODE,0),	"PKCS7_dataDecode"},
+{ERR_PACK(0,PKCS7_F_PKCS7_DATAINIT,0),	"PKCS7_dataInit"},
+{ERR_PACK(0,PKCS7_F_PKCS7_DATASIGN,0),	"PKCS7_DATASIGN"},
+{ERR_PACK(0,PKCS7_F_PKCS7_DATAVERIFY,0),	"PKCS7_dataVerify"},
+{ERR_PACK(0,PKCS7_F_PKCS7_SET_CIPHER,0),	"PKCS7_set_cipher"},
+{ERR_PACK(0,PKCS7_F_PKCS7_SET_CONTENT,0),	"PKCS7_set_content"},
+{ERR_PACK(0,PKCS7_F_PKCS7_SET_TYPE,0),	"PKCS7_set_type"},
+{ERR_PACK(0,PKCS7_F_PKCS7_SIGNATUREVERIFY,0),	"PKCS7_signatureVerify"},
+{0,NULL}
+	};
+
+static ERR_STRING_DATA PKCS7_str_reasons[]=
+	{
+{PKCS7_R_CIPHER_NOT_INITIALIZED          ,"cipher not initialized"},
+{PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH   ,"decrypted key is wrong length"},
+{PKCS7_R_DIGEST_FAILURE                  ,"digest failure"},
+{PKCS7_R_INTERNAL_ERROR                  ,"internal error"},
+{PKCS7_R_MISSING_CERIPEND_INFO           ,"missing ceripend info"},
+{PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE,"no recipient matches certificate"},
+{PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE,"operation not supported on this type"},
+{PKCS7_R_SIGNATURE_FAILURE               ,"signature failure"},
+{PKCS7_R_UNABLE_TO_FIND_CERTIFICATE      ,"unable to find certificate"},
+{PKCS7_R_UNABLE_TO_FIND_MEM_BIO          ,"unable to find mem bio"},
+{PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST   ,"unable to find message digest"},
+{PKCS7_R_UNKNOWN_DIGEST_TYPE             ,"unknown digest type"},
+{PKCS7_R_UNKNOWN_OPERATION               ,"unknown operation"},
+{PKCS7_R_UNSUPPORTED_CIPHER_TYPE         ,"unsupported cipher type"},
+{PKCS7_R_UNSUPPORTED_CONTENT_TYPE        ,"unsupported content type"},
+{PKCS7_R_WRONG_CONTENT_TYPE              ,"wrong content type"},
+{PKCS7_R_WRONG_PKCS7_TYPE                ,"wrong pkcs7 type"},
+{0,NULL}
+	};
+
+#endif
+
+void ERR_load_PKCS7_strings(void)
+	{
+	static int init=1;
+
+	if (init)
+		{
+		init=0;
+#ifndef NO_ERR
+		ERR_load_strings(ERR_LIB_PKCS7,PKCS7_str_functs);
+		ERR_load_strings(ERR_LIB_PKCS7,PKCS7_str_reasons);
+#endif
+
+		}
+	}
diff --git a/crypto/openssl/crypto/pkcs7/server.pem b/crypto/openssl/crypto/pkcs7/server.pem
new file mode 100644
index 000000000000..750aac209468
--- /dev/null
+++ b/crypto/openssl/crypto/pkcs7/server.pem
@@ -0,0 +1,24 @@
+issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
+subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Server test cert (512 bit)
+-----BEGIN CERTIFICATE-----
+MIIB6TCCAVICAQAwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV
+BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD
+VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNOTcwNjA5MTM1NzQ2WhcNOTgwNjA5
+MTM1NzQ2WjBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG
+A1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxIzAhBgNVBAMTGlNlcnZlciB0ZXN0IGNl
+cnQgKDUxMiBiaXQpMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ+zw4Qnlf8SMVIP
+Fe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVDTGiXav6ooKXfX3j/7tdkuD8Ey2//
+Kv7+ue0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQB4TMR2CvacKE9wAsu9jyCX8YiW
+mgCM+YoP6kt4Zkj2z5IRfm7WrycKsnpnOR+tGeqAjkCeZ6/36o9l91RvPnN1VJ/i
+xQv2df0KFeMr00IkDdTNAdIWqFkSsZTAY2QAdgenb7MB1joejquYzO2DQIO7+wpH
+irObpESxAZLySCmPPg==
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIIBPAIBAAJBAJ+zw4Qnlf8SMVIPFe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVD
+TGiXav6ooKXfX3j/7tdkuD8Ey2//Kv7+ue0CAwEAAQJAN6W31vDEP2DjdqhzCDDu
+OA4NACqoiFqyblo7yc2tM4h4xMbC3Yx5UKMN9ZkCtX0gzrz6DyF47bdKcWBzNWCj
+gQIhANEoojVt7hq+SQ6MCN6FTAysGgQf56Q3TYoJMoWvdiXVAiEAw3e3rc+VJpOz
+rHuDo6bgpjUAAXM+v3fcpsfZSNO6V7kCIQCtbVjanpUwvZkMI9by02oUk9taki3b
+PzPfAfNPYAbCJQIhAJXNQDWyqwn/lGmR11cqY2y9nZ1+5w3yHGatLrcDnQHxAiEA
+vnlEGo8K85u+KwIOimM48ZG8oTk7iFdkqLJR1utT3aU=
+-----END RSA PRIVATE KEY-----
diff --git a/crypto/openssl/crypto/pkcs7/sign.c b/crypto/openssl/crypto/pkcs7/sign.c
new file mode 100644
index 000000000000..d5f11540064c
--- /dev/null
+++ b/crypto/openssl/crypto/pkcs7/sign.c
@@ -0,0 +1,145 @@
+/* crypto/pkcs7/sign.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include 
+#include 
+#include 
+#include 
+#include 
+
+int main(argc,argv)
+int argc;
+char *argv[];
+	{
+	X509 *x509;
+	EVP_PKEY *pkey;
+	PKCS7 *p7;
+	PKCS7_SIGNER_INFO *si;
+	BIO *in;
+	BIO *data,*p7bio;
+	char buf[1024*4];
+	int i;
+	int nodetach=0;
+
+	EVP_add_digest(EVP_md2());
+	EVP_add_digest(EVP_md5());
+	EVP_add_digest(EVP_sha1());
+	EVP_add_digest(EVP_mdc2());
+
+	data=BIO_new(BIO_s_file());
+again:
+	if (argc > 1)
+		{
+		if (strcmp(argv[1],"-nd") == 0)
+			{
+			nodetach=1;
+			argv++; argc--;
+			goto again;
+			}
+		if (!BIO_read_filename(data,argv[1]))
+			goto err;
+		}
+	else
+		BIO_set_fp(data,stdin,BIO_NOCLOSE);
+
+	if ((in=BIO_new_file("server.pem","r")) == NULL) goto err;
+	if ((x509=PEM_read_bio_X509(in,NULL,NULL)) == NULL) goto err;
+	BIO_reset(in);
+	if ((pkey=PEM_read_bio_PrivateKey(in,NULL,NULL)) == NULL) goto err;
+	BIO_free(in);
+
+	p7=PKCS7_new();
+	PKCS7_set_type(p7,NID_pkcs7_signed);
+	 
+	si=PKCS7_add_signature(p7,x509,pkey,EVP_sha1());
+	if (si == NULL) goto err;
+
+	/* If you do this then you get signing time automatically added */
+	PKCS7_add_signed_attribute(si, NID_pkcs9_contentType, V_ASN1_OBJECT,
+						OBJ_nid2obj(NID_pkcs7_data));
+
+	/* we may want to add more */
+	PKCS7_add_certificate(p7,x509);
+
+	/* Set the content of the signed to 'data' */
+	PKCS7_content_new(p7,NID_pkcs7_data);
+
+	if (!nodetach)
+		PKCS7_set_detached(p7,1);
+
+	if ((p7bio=PKCS7_dataInit(p7,NULL)) == NULL) goto err;
+
+	for (;;)
+		{
+		i=BIO_read(data,buf,sizeof(buf));
+		if (i <= 0) break;
+		BIO_write(p7bio,buf,i);
+		}
+
+	if (!PKCS7_dataFinal(p7,p7bio)) goto err;
+	BIO_free(p7bio);
+
+	PEM_write_PKCS7(stdout,p7);
+	PKCS7_free(p7);
+
+	exit(0);
+err:
+	ERR_load_crypto_strings();
+	ERR_print_errors_fp(stderr);
+	exit(1);
+	}
+
diff --git a/crypto/openssl/crypto/pkcs7/t/3des.pem b/crypto/openssl/crypto/pkcs7/t/3des.pem
new file mode 100644
index 000000000000..b2b5081a10ec
--- /dev/null
+++ b/crypto/openssl/crypto/pkcs7/t/3des.pem
@@ -0,0 +1,16 @@
+-----BEGIN PKCS7-----
+MIAGCSqGSIb3DQEHA6CAMIACAQAxggHmMIHwAgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEG
+A1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m
+dCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNUUkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQD
+ExJERU1PIFpFUk8gVkFMVUUgQ0ECAgR+MA0GCSqGSIb3DQEBAQUABEC2vXI1xQDW6lUHM3zQ
+/9uBEBOO5A3TtkrklAXq7v01gsIC21t52qSk36REXY+slhNZ0OQ349tgkTsoETHFLoEwMIHw
+AgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMI
+QnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29mdCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNU
+UkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQDExJERU1PIFpFUk8gVkFMVUUgQ0ECAgR9MA0G
+CSqGSIb3DQEBAQUABEB8ujxbabxXUYJhopuDm3oDq4JNqX6Io4p3ro+ShqfIndsXTZ1v5a2N
+WtLLCWlHn/habjBwZ/DgQgcKASbZ7QxNMIAGCSqGSIb3DQEHATAaBggqhkiG9w0DAjAOAgIA
+oAQIbsL5v1wX98KggAQoAaJ4WHm68fXY1WE5OIjfVBIDpO1K+i8dmKhjnAjrjoyZ9Bwc8rDL
+lgQg4CXb805h5xl+GfvSwUaHJayte1m2mcOhs3J2YyqbQ+MEIMIiJQccmhO3oDKm36CFvYR8
+5PjpclVcZyX2ngbwPFMnBAgy0clOAE6UKAAAAAAAAAAAAAA=
+-----END PKCS7-----
+
diff --git a/crypto/openssl/crypto/pkcs7/t/3dess.pem b/crypto/openssl/crypto/pkcs7/t/3dess.pem
new file mode 100644
index 000000000000..23f013516a51
--- /dev/null
+++ b/crypto/openssl/crypto/pkcs7/t/3dess.pem
@@ -0,0 +1,32 @@
+-----BEGIN PKCS7-----
+MIIGHgYJKoZIhvcNAQcCoIIGDzCCBgsCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC
+BGswggJTMIIB/aADAgECAgIEfjANBgkqhkiG9w0BAQQFADCBkjELMAkGA1UEBhMCQVUxEzAR
+BgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5lMRowGAYDVQQKExFDcnlwdHNv
+ZnQgUHR5IEx0ZDEiMCAGA1UECxMZREVNT05TVFJBVElPTiBBTkQgVEVTVElORzEbMBkGA1UE
+AxMSREVNTyBaRVJPIFZBTFVFIENBMB4XDTk4MDUxMzA2MjY1NloXDTAwMDUxMjA2MjY1Nlow
+gaUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFu
+ZTEaMBgGA1UEChMRQ3J5cHRzb2Z0IFB0eSBMdGQxEjAQBgNVBAsTCVNNSU1FIDAwMzEZMBcG
+A1UEAxMQQW5nZWxhIHZhbiBMZWVudDEjMCEGCSqGSIb3DQEJARYUYW5nZWxhQGNyeXB0c29m
+dC5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEAuC3+7dAb2LhuO7gt2cTM8vsNjhG5JfDh
+hX1Vl/wVGbKEEj0MA6vWEolvefQlxB+EzwCtR0YZ7eEC/T/4JoCyeQIDAQABoygwJjAkBglg
+hkgBhvhCAQ0EFxYVR2VuZXJhdGVkIHdpdGggU1NMZWF5MA0GCSqGSIb3DQEBBAUAA0EAUnSP
+igs6TMFISTjw8cBtJYb98czgAVkVFjKyJQwYMH8FbDnCyx6NocM555nsyDstaw8fKR11Khds
+syd3ikkrhDCCAhAwggG6AgEDMA0GCSqGSIb3DQEBBAUAMIGSMQswCQYDVQQGEwJBVTETMBEG
+A1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m
+dCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNUUkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQD
+ExJERU1PIFpFUk8gVkFMVUUgQ0EwHhcNOTgwMzAzMDc0MTMyWhcNMDgwMjI5MDc0MTMyWjCB
+kjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5l
+MRowGAYDVQQKExFDcnlwdHNvZnQgUHR5IEx0ZDEiMCAGA1UECxMZREVNT05TVFJBVElPTiBB
+TkQgVEVTVElORzEbMBkGA1UEAxMSREVNTyBaRVJPIFZBTFVFIENBMFwwDQYJKoZIhvcNAQEB
+BQADSwAwSAJBAL+0E2fLej3FSCwe2A2iRnMuC3z12qHIp6Ky1wo2zZcxft7AI+RfkrWrSGtf
+mfzBEuPrLdfulncC5Y1pNcM8RTUCAwEAATANBgkqhkiG9w0BAQQFAANBAGSbLMphL6F5pp3s
+8o0Xyh86FHFdpVOwYx09ELLkuG17V/P9pgIc0Eo/gDMbN+KT3IdgECf8S//pCRA6RrNjcXIx
+ggF7MIIBdwIBATCBmTCBkjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxETAP
+BgNVBAcTCEJyaXNiYW5lMRowGAYDVQQKExFDcnlwdHNvZnQgUHR5IEx0ZDEiMCAGA1UECxMZ
+REVNT05TVFJBVElPTiBBTkQgVEVTVElORzEbMBkGA1UEAxMSREVNTyBaRVJPIFZBTFVFIENB
+AgIEfjAJBgUrDgMCGgUAoHowGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAbBgkqhkiG9w0B
+CQ8xDjAMMAoGCCqGSIb3DQMHMBwGCSqGSIb3DQEJBTEPFw05ODA1MTQwMzM5MzdaMCMGCSqG
+SIb3DQEJBDEWBBQstNMnSV26ba8PapQEDhO21yNFrjANBgkqhkiG9w0BAQEFAARAW9Xb9YXv
+BfcNkutgFX9Gr8iXhBVsNtGEVrjrpkQwpKa7jHI8SjAlLhk/4RFwDHf+ISB9Np3Z1WDWnLcA
+9CWR6g==
+-----END PKCS7-----
diff --git a/crypto/openssl/crypto/pkcs7/t/c.pem b/crypto/openssl/crypto/pkcs7/t/c.pem
new file mode 100644
index 000000000000..a4b55e321a5c
--- /dev/null
+++ b/crypto/openssl/crypto/pkcs7/t/c.pem
@@ -0,0 +1,48 @@
+issuer :/C=AU/SP=Queensland/L=Brisbane/O=Cryptsoft Pty Ltd/OU=DEMONSTRATION AND TESTING/CN=DEMO ZERO VALUE CA
+subject:/C=AU/SP=Queensland/L=Brisbane/O=Cryptsoft Pty Ltd/OU=SMIME 003/CN=Information/Email=info@cryptsoft.com
+serial :047D
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1149 (0x47d)
+        Signature Algorithm: md5withRSAEncryption
+        Issuer: C=AU, SP=Queensland, L=Brisbane, O=Cryptsoft Pty Ltd, OU=DEMONSTRATION AND TESTING, CN=DEMO ZERO VALUE CA
+        Validity
+            Not Before: May 13 05:40:58 1998 GMT
+            Not After : May 12 05:40:58 2000 GMT
+        Subject: C=AU, SP=Queensland, L=Brisbane, O=Cryptsoft Pty Ltd, OU=SMIME 003, CN=Information/Email=info@cryptsoft.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Modulus:
+                    00:ad:e7:23:89:ee:0d:87:b7:9c:32:44:4b:95:81:
+                    73:dd:22:80:4b:2d:c5:60:b8:fe:1e:18:63:ef:dc:
+                    89:89:22:df:95:3c:7a:db:3d:9a:06:a8:08:d6:29:
+                    fd:ef:41:09:91:ed:bc:ad:98:f9:f6:28:90:62:6f:
+                    e7:e7:0c:4d:0b
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            Netscape Comment: 
+                Generated with SSLeay
+    Signature Algorithm: md5withRSAEncryption
+        52:15:ea:88:f4:f0:f9:0b:ef:ce:d5:f8:83:40:61:16:5e:55:
+        f9:ce:2d:d1:8b:31:5c:03:c6:2d:10:7c:61:d5:5c:0a:42:97:
+        d1:fd:65:b6:b6:84:a5:39:ec:46:ec:fc:e0:0d:d9:22:da:1b:
+        50:74:ad:92:cb:4e:90:e5:fa:7d
+
+-----BEGIN CERTIFICATE-----
+MIICTDCCAfagAwIBAgICBH0wDQYJKoZIhvcNAQEEBQAwgZIxCzAJBgNVBAYTAkFV
+MRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UE
+ChMRQ3J5cHRzb2Z0IFB0eSBMdGQxIjAgBgNVBAsTGURFTU9OU1RSQVRJT04gQU5E
+IFRFU1RJTkcxGzAZBgNVBAMTEkRFTU8gWkVSTyBWQUxVRSBDQTAeFw05ODA1MTMw
+NTQwNThaFw0wMDA1MTIwNTQwNThaMIGeMQswCQYDVQQGEwJBVTETMBEGA1UECBMK
+UXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m
+dCBQdHkgTHRkMRIwEAYDVQQLEwlTTUlNRSAwMDMxFDASBgNVBAMTC0luZm9ybWF0
+aW9uMSEwHwYJKoZIhvcNAQkBFhJpbmZvQGNyeXB0c29mdC5jb20wXDANBgkqhkiG
+9w0BAQEFAANLADBIAkEArecjie4Nh7ecMkRLlYFz3SKASy3FYLj+Hhhj79yJiSLf
+lTx62z2aBqgI1in970EJke28rZj59iiQYm/n5wxNCwIDAQABoygwJjAkBglghkgB
+hvhCAQ0EFxYVR2VuZXJhdGVkIHdpdGggU1NMZWF5MA0GCSqGSIb3DQEBBAUAA0EA
+UhXqiPTw+QvvztX4g0BhFl5V+c4t0YsxXAPGLRB8YdVcCkKX0f1ltraEpTnsRuz8
+4A3ZItobUHStkstOkOX6fQ==
+-----END CERTIFICATE-----
+
diff --git a/crypto/openssl/crypto/pkcs7/t/ff b/crypto/openssl/crypto/pkcs7/t/ff
new file mode 100644
index 000000000000..23f013516a51
--- /dev/null
+++ b/crypto/openssl/crypto/pkcs7/t/ff
@@ -0,0 +1,32 @@
+-----BEGIN PKCS7-----
+MIIGHgYJKoZIhvcNAQcCoIIGDzCCBgsCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC
+BGswggJTMIIB/aADAgECAgIEfjANBgkqhkiG9w0BAQQFADCBkjELMAkGA1UEBhMCQVUxEzAR
+BgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5lMRowGAYDVQQKExFDcnlwdHNv
+ZnQgUHR5IEx0ZDEiMCAGA1UECxMZREVNT05TVFJBVElPTiBBTkQgVEVTVElORzEbMBkGA1UE
+AxMSREVNTyBaRVJPIFZBTFVFIENBMB4XDTk4MDUxMzA2MjY1NloXDTAwMDUxMjA2MjY1Nlow
+gaUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFu
+ZTEaMBgGA1UEChMRQ3J5cHRzb2Z0IFB0eSBMdGQxEjAQBgNVBAsTCVNNSU1FIDAwMzEZMBcG
+A1UEAxMQQW5nZWxhIHZhbiBMZWVudDEjMCEGCSqGSIb3DQEJARYUYW5nZWxhQGNyeXB0c29m
+dC5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEAuC3+7dAb2LhuO7gt2cTM8vsNjhG5JfDh
+hX1Vl/wVGbKEEj0MA6vWEolvefQlxB+EzwCtR0YZ7eEC/T/4JoCyeQIDAQABoygwJjAkBglg
+hkgBhvhCAQ0EFxYVR2VuZXJhdGVkIHdpdGggU1NMZWF5MA0GCSqGSIb3DQEBBAUAA0EAUnSP
+igs6TMFISTjw8cBtJYb98czgAVkVFjKyJQwYMH8FbDnCyx6NocM555nsyDstaw8fKR11Khds
+syd3ikkrhDCCAhAwggG6AgEDMA0GCSqGSIb3DQEBBAUAMIGSMQswCQYDVQQGEwJBVTETMBEG
+A1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m
+dCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNUUkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQD
+ExJERU1PIFpFUk8gVkFMVUUgQ0EwHhcNOTgwMzAzMDc0MTMyWhcNMDgwMjI5MDc0MTMyWjCB
+kjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5l
+MRowGAYDVQQKExFDcnlwdHNvZnQgUHR5IEx0ZDEiMCAGA1UECxMZREVNT05TVFJBVElPTiBB
+TkQgVEVTVElORzEbMBkGA1UEAxMSREVNTyBaRVJPIFZBTFVFIENBMFwwDQYJKoZIhvcNAQEB
+BQADSwAwSAJBAL+0E2fLej3FSCwe2A2iRnMuC3z12qHIp6Ky1wo2zZcxft7AI+RfkrWrSGtf
+mfzBEuPrLdfulncC5Y1pNcM8RTUCAwEAATANBgkqhkiG9w0BAQQFAANBAGSbLMphL6F5pp3s
+8o0Xyh86FHFdpVOwYx09ELLkuG17V/P9pgIc0Eo/gDMbN+KT3IdgECf8S//pCRA6RrNjcXIx
+ggF7MIIBdwIBATCBmTCBkjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxETAP
+BgNVBAcTCEJyaXNiYW5lMRowGAYDVQQKExFDcnlwdHNvZnQgUHR5IEx0ZDEiMCAGA1UECxMZ
+REVNT05TVFJBVElPTiBBTkQgVEVTVElORzEbMBkGA1UEAxMSREVNTyBaRVJPIFZBTFVFIENB
+AgIEfjAJBgUrDgMCGgUAoHowGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAbBgkqhkiG9w0B
+CQ8xDjAMMAoGCCqGSIb3DQMHMBwGCSqGSIb3DQEJBTEPFw05ODA1MTQwMzM5MzdaMCMGCSqG
+SIb3DQEJBDEWBBQstNMnSV26ba8PapQEDhO21yNFrjANBgkqhkiG9w0BAQEFAARAW9Xb9YXv
+BfcNkutgFX9Gr8iXhBVsNtGEVrjrpkQwpKa7jHI8SjAlLhk/4RFwDHf+ISB9Np3Z1WDWnLcA
+9CWR6g==
+-----END PKCS7-----
diff --git a/crypto/openssl/crypto/pkcs7/t/msie-e b/crypto/openssl/crypto/pkcs7/t/msie-e
new file mode 100644
index 000000000000..aafae69fc9d8
--- /dev/null
+++ b/crypto/openssl/crypto/pkcs7/t/msie-e
@@ -0,0 +1,20 @@
+
+MIAGCSqGSIb3DQEHA6CAMIACAQAxggHCMIHMAgEAMHYwYjERMA8GA1UEBxMISW50ZXJuZXQxFzAV
+BgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5k
+aXZpZHVhbCBTdWJzY3JpYmVyAhBgQJiC3qfbCbjdj5INYLnKMA0GCSqGSIb3DQEBAQUABECMzu8y
+wQ/qZbO8cAGMRBF+mPruv3+Dvb9aWNZ2k8njUgqF6mcdhVB2MkGcsG3memRXJBixvMYWVkU3qK4Z
+VuKsMIHwAgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDERMA8GA1UE
+BxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29mdCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNU
+UkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQDExJERU1PIFpFUk8gVkFMVUUgQ0ECAgRuMA0GCSqG
+SIb3DQEBAQUABEBcWwYFHJbJGhiztt7lzue3Lc9CH5WAbyR+2BZ3uv+JxZfRs1PuaWPOwRa0Vgs3
+YwSJoRfxQj2Gk0wFqG1qt6d1MIAGCSqGSIb3DQEHATAaBggqhkiG9w0DAjAOAgIAoAQI8vRlP/Nx
+2iSggASCAZhR5srxyspy7DfomRJ9ff8eMCtaNwEoEx7G25PZRonC57hBvGoScLtEPU3Wp9FEbPN7
+oJESeC+AqMTyTLNy8aQsyC5s53E9UkoIvg62ekYZBbXZqXsrxx4PhiiX3NH8GVh42phB0Chjw0nK
+HZeRDmxGY3Cmk+J+l0uVKxbNIfJIKOguLBnhqmnKH/PrnzDt591u0ULy2aTLqRm+4/1Yat/QPb6J
+eoKGwNPBbS9ogBdrCNCp9ZFg3Xar2AtQHzyTQIfYeH3SRQUpKmRm5U5o9p5emgEdT+ZfJm/J4tSH
+OmbgAFsbHQakA4MBZ4J5qfDJhOA2g5lWk1hIeu5Dn/AaLRZd0yz3oY0Ieo/erPWx/bCqtBzYbMe9
+qSFTedKlbc9EGe3opOTdBZVzK8KH3w3zsy5luxKdOUG59YYb5F1IZiWGiDyuo/HuacX+griu5LeD
+bEzOtZnko+TZXvWIko30fD79j3T4MRRhWXbgj2HKza+4vJ0mzcC/1+GPsJjAEAA/JgIEDU4w6/DI
+/HQHhLAO3G+9xKD7MvmrzkoAAAAAAAAAAAAA
+
+
diff --git a/crypto/openssl/crypto/pkcs7/t/msie-e.pem b/crypto/openssl/crypto/pkcs7/t/msie-e.pem
new file mode 100644
index 000000000000..a2a5e24e7426
--- /dev/null
+++ b/crypto/openssl/crypto/pkcs7/t/msie-e.pem
@@ -0,0 +1,22 @@
+-----BEGIN PKCS7-----
+MIAGCSqGSIb3DQEHA6CAMIIDkAIBADGCAcIwgcwCAQAwdjBiMREwDwYDVQQHEwhJ
+bnRlcm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNVBAsTK1ZlcmlT
+aWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXICEGBAmILep9sJ
+uN2Pkg1gucowDQYJKoZIhvcNAQEBBQAEQIzO7zLBD+pls7xwAYxEEX6Y+u6/f4O9
+v1pY1naTyeNSCoXqZx2FUHYyQZywbeZ6ZFckGLG8xhZWRTeorhlW4qwwgfACAQAw
+gZkwgZIxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQH
+EwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRzb2Z0IFB0eSBMdGQxIjAgBgNVBAsT
+GURFTU9OU1RSQVRJT04gQU5EIFRFU1RJTkcxGzAZBgNVBAMTEkRFTU8gWkVSTyBW
+QUxVRSBDQQICBG4wDQYJKoZIhvcNAQEBBQAEQFxbBgUclskaGLO23uXO57ctz0If
+lYBvJH7YFne6/4nFl9GzU+5pY87BFrRWCzdjBImhF/FCPYaTTAWobWq3p3UwggHD
+BgkqhkiG9w0BBwEwGgYIKoZIhvcNAwIwDgICAKAECPL0ZT/zcdokgIIBmFHmyvHK
+ynLsN+iZEn19/x4wK1o3ASgTHsbbk9lGicLnuEG8ahJwu0Q9Tdan0URs83ugkRJ4
+L4CoxPJMs3LxpCzILmzncT1SSgi+DrZ6RhkFtdmpeyvHHg+GKJfc0fwZWHjamEHQ
+KGPDScodl5EObEZjcKaT4n6XS5UrFs0h8kgo6C4sGeGqacof8+ufMO3n3W7RQvLZ
+pMupGb7j/Vhq39A9vol6gobA08FtL2iAF2sI0Kn1kWDddqvYC1AfPJNAh9h4fdJF
+BSkqZGblTmj2nl6aAR1P5l8mb8ni1Ic6ZuAAWxsdBqQDgwFngnmp8MmE4DaDmVaT
+WEh67kOf8BotFl3TLPehjQh6j96s9bH9sKq0HNhsx72pIVN50qVtz0QZ7eik5N0F
+lXMrwoffDfOzLmW7Ep05Qbn1hhvkXUhmJYaIPK6j8e5pxf6CuK7kt4NsTM61meSj
+5Nle9YiSjfR8Pv2PdPgxFGFZduCPYcrNr7i8nSbNwL/X4Y+wmMAQAD8mAgQNTjDr
+8Mj8dAeEsA7cb73EoPsy+avOSgAAAAA=
+-----END PKCS7-----
diff --git a/crypto/openssl/crypto/pkcs7/t/msie-enc-01 b/crypto/openssl/crypto/pkcs7/t/msie-enc-01
new file mode 100644
index 000000000000..2c93ab646268
--- /dev/null
+++ b/crypto/openssl/crypto/pkcs7/t/msie-enc-01
@@ -0,0 +1,62 @@
+
+MIAGCSqGSIb3DQEHA6CAMIACAQAxgfMwgfACAQAwgZkwgZIxCzAJBgNVBAYTAkFVMRMwEQYD
+VQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRzb2Z0
+IFB0eSBMdGQxIjAgBgNVBAsTGURFTU9OU1RSQVRJT04gQU5EIFRFU1RJTkcxGzAZBgNVBAMT
+EkRFTU8gWkVSTyBWQUxVRSBDQQICBG4wDQYJKoZIhvcNAQEBBQAEQKvMaW8xh6oF/X+CJivz
+IZV7yHxlp4O3NHQtWG0A8MOZB+CtKlU7/6g5e/a9Du/TOqxRMqtYRp63pa2Q/mM4IYMwgAYJ
+KoZIhvcNAQcBMBoGCCqGSIb3DQMCMA4CAgCgBAifz6RvzOPYlKCABIGwxtGA/FLBBRs1wbBP
+gDCbSG0yCwjJNsFg89/k6xuXo8c5YTwsw8+XlIVq03navpew6XxxzY090rD2OJ0t6HA6GqrI
+pd8WiSh/Atqn0yfLFmkLqgIAPRfzxUxqUocxLpQsLIFp2YNUGE+yps+UZmIjw/WHfdqrcWTm
+STSvKuy3UkIJZCkGDBpTvqk4BFaHh4oTXEpgpNY+GKxjf9TDN9GQPqQZR7sgQki4t2g4/Saq
+Kl4EMISgluk6swdND0tiHY7v5d6YR29ePCl2/STJ98eJpWkEEC22GNNvOy7ru/Rv2He4MgQg
+optd7sk9MMd9xhJppg7CcH/yDx//HrtgpOcWmn6VxpgECFqon4uXkQtIBIH4PaNclFn7/hLx
+Pw2VmBGaC0SYF3U1jyN96EBxdjqy8Aa6ByMXYDW5BcfqniD5mYXfw+b81lh1kutxaPaV4YJ9
+ZlRUW752N7VHo/fG0/fukoe5W9a8kIhgLpygllb/GP4oSF4wM6n1/OgRzZj2IWFiobKO4d/t
+Mnh+C+PoEVAuFZcxQwi9GqvsK5OoIjVwNx0XcVSOl1TTYS9SwC7ugMBCab73JiruC24pL78Y
+M+NaIpIQ3On4DokJA2ZHtjBjZIxF4tKA144RvFN6pBd6TVE5XM6KD/Vh9bjSmujtEAfdQ3Te
+dvKJsbZuu0stErbvWcRy11I328l557EECAJT7d44OJ3rBBBj6bnnx6dDU2SRqp2CEoQaBAhK
+RBuyhNxkygQIOY9/NhwqAJAECOvX0Zd0DqgoBAjobPpMHhVV3gQQWLU2vEoZ51BwzxdzCmxO
+wwQI4oKfudaNqoAESKzBNAqv5kGumHOlMKsRfrs7jZCcSaOuEj97pYx08FLEgF23cav39MOQ
+NUEM1dNU+EYslL4o3RoSHRjUgPU+2t9c0prS9A/bPARIEOP94PynaTNxwHi3VTK7SzuQmgzA
+4n942E9joSiqsQPlsKAb3sPUaLC3SuUxSjNBgfpvD0bmrA/5h+WZoYXvIogFpwjkSmnFBEie
+0lh5Ov1aRrvCw5/j3Q/W/4ZtN5U+aeVBJMtA8n0Mxd5kPxHbNVh4oGprZ6wEegV8ht3voyZa
+mZ5Cyxc8ffMYnM/JJI6/oEYEUEMyyiS5FnYyvxKzfMtyn2lZ2st9nZGNNgMc9N62r5HgNbdD
+FHuRdKKzV+8kQfuMc3mOPpK1t9TFY+QgrxiB5p6S7VooI97YtP3PbfknszCEBEh4PdXYbbaR
+3AacN3Q5kYYmWsq3WW6xgrg0mmEGosGvwSQxBBuiXZrxScCa4ivEq05UZwyShePvKduOvnUE
+2zDO6IXFLZxhTZAESEm9/FovLgGAiJ7iMGmYvsISLJScwG4n+wrSaQNQXizs9N3ykys54wBN
+d/+BQ4F7pncHhDQ2Dyt5MekB8Y8iNOocUTFCu524vQRIaWCXmXP3vU7D21dp0XnAMzRQJ565
+JV3aHRoY7XDa4LePa7PP9ywyafOE5yCW7ndqx3J+2JhTDvSFsW8/q3H3iyeFhykuJVS6BFDK
+6CmKbnyyjOfE2iLGJmTFa905V2KrVDCmlEu/xyGMs80yTyZC+ySzM83FMVvLEQmSzcTNUZVp
+DfA1kNXbXkPouBXXT6g8r8JCRljaKKABmgRIlMheOJQRUUU4cgvhMreXPayhq5Ao4VMSCkA5
+hYRCBczm4Di/MMohF0SxIsdRY6gY9CPnrBXAsY6h1RbR7Tw0iQZmeXi52DCiBEj0by+SYMAa
+9z0CReIzl8JLL6EVIFz8kFxlkGWjr4dnOzhhPOq/mCpp0WxbavDfdhE87MdXJZBnLwoT62QG
+955HlAoEQBOGJbcESCgd5XSirZ9Y3AbCfuKOqoMBvEUGn+w/pMaqnGvnr5FZhuBDKrhRXqtx
+QsxA//drGUxsrZOuSL/0+fbvo7n2h1Z8Ny86jOvVZAQIAjw2l1Yc5RAESNc9i3I8pKEOVQf/
+UBczJ0NR9aTEF80dRg2lpXwD0ho4N0AvSiVbgxC7cPZHQwIqvq9LHRUs/4n+Vu3SVYU3cAxo
+lUTiCGUSlARIF+TD57SI5+RI+MNtnD9rs4E1ml51YoHGWFj3UPriDmY0FKEwIgqtMXMY3fZ9
+Kq8d83bjDzxwbDX7WwR7KbSeJWT42pCz7kM+BEjjPsOnZHuusXT3x2rrsBnYtYsbt98mSFiS
+KzTtFmXfkOBbCQdit1P76QnYJ1aXMGs6zP6GypQTadK/zYWvlm38QkVwueaJ0woESKW2pqKA
+70h2UMDHOrpepU1lj0YMzmotDHSTU3L909VvUMNg9uqfrQ6mSkb9j5Tl8oF2otOw5EzA1Yda
+KPmgsv62RWLYl80wXQRQwG0e/mgG75jp9lOhJdVXqcYbQpS9viwVaVkwH+69mu/bQI4gjoEs
+UYX6O71Re2z+cYhcm9UrK+DXuSFBXQOIlAFxKMW4B0apd6fU84FsZLMESOorXE5OE0A2B2ji
+J8QI0Exk4hUvWrMNJfUZwFyS7E05xV9ORuX1xmsKqkT4tVR5Nqln4vhvAY860VBoloz0CDkd
+8seSBEjeMgRI9FvpYuflIeHg9urkwp6N+1f0DrJJhJY9ZQ0HTQhziJmIfvbEjNqCl7hEC28+
+F8I5tuViLgfSwcFFCvnS6WFoN4X6QdFdqMCbBEjdlI1c+IQGA/IuTDMJYCuQ/v+8BG5ZeWVH
+icPZmXfRat9eFK1dGKAJef6+Tf9HPuDjSpDyffrifsp7Dc34lmm7GN1+ON3ZMtwEUNm6epb8
+1RKWjoI7jIKUV/M2p/0eeGSqs4b06KF/VR6dBwsJVL5DpnTsp3MV4j/CAOlRdSPZ5++tsKbM
+aplk+ceqQtpEFz1MYTtVV4+rlrWaBEA1okJyNZ5/tNOwM7B+XfOZ0xw+uyVi9v4byTZM2Qds
+J+d3YGYLAugTGHISLqQEerD8/gGK+/SL06b2gNedXPHtBAiBKX+Mdy3wFQQIqE9gVgvrFNUE
+CKKoTFoMGqnPBAjDPgLCklNfrwQI3Ek1vSq68w8ECBodu2FOZJVkBAgzwjfSr2N9WQQQTCoQ
+KkAbrS9tnjXn1I3+ZwQIrPx3eINo/YUECIeYWCFskxlYBAiDUdvZXwD3vgQIkEyZbbZWbUUE
+CH4+odl1Isk3BBj68fkqJ0fKJRWVLWuW/O3VE4BOPKwFlaIECFseVTdDUho8BAj+cOKvV2WA
+hgQgaXr+wwq+ItblG0Qxz8IVUXX6PV2mIdHwz4SCCvnCsaIECJhBYxdfLI/XBCDswamPn9MR
+yXi2HVQBineV+GtWVkIoZ2dCLFB9mQRMoAQI0nUR5a5AOJoECA+AunKlAlx8BAi5RtFeF4g1
+FQQIz/ie+16LlQcECOmNuVg5DXjMBAjH2nkfpXZgWwQIVdLuO/+kuHAECO/5rEHmyI9vBBD4
+16BU4Rd3YerDQnHtrwOQBCCkho1XxK5Maz8KLCNi20wvcGt8wsIXlj2h5q9ITBq7IgQQvKVY
+4OfJ7bKbItP2dylwQgQYPIGxwkkbRXNraONYvN19G8UdF35rFOuIBAjf0sKz/618ZQQIxObr
+xJkRe0sECIC+ssnjEb2NBBBI+XM4OntVWGsRV9Td3sFgBAinGwIroo8O0gQQMGAwgc9PaLaG
+gBCiwSTrYQQIVHjfCQgOtygEUIoraFoANfhZgIShpOd/RRxFU4/7xZR5tMdGoYz/g0thR0lM
++Hi88FtFD4mAh/Oat4Ri8B7bv04aokjN2UHz6nPbHHjZ8zIqpbYTCy043GNZBAhOqjyB2JbD
+NwQoR23XCYD9x6E20ChHJRXmaHwyMdYXKl5CUxypl7ois+sy2D7jDukS3wQIsTyyPgJi0GsA
+AAAAAAAAAAAA
+
diff --git a/crypto/openssl/crypto/pkcs7/t/msie-enc-01.pem b/crypto/openssl/crypto/pkcs7/t/msie-enc-01.pem
new file mode 100644
index 000000000000..9abf00b2f245
--- /dev/null
+++ b/crypto/openssl/crypto/pkcs7/t/msie-enc-01.pem
@@ -0,0 +1,66 @@
+-----BEGIN PKCS7-----
+MIAGCSqGSIb3DQEHA6CAMIILyAIBADGB8zCB8AIBADCBmTCBkjELMAkGA1UEBhMC
+QVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5lMRowGAYD
+VQQKExFDcnlwdHNvZnQgUHR5IEx0ZDEiMCAGA1UECxMZREVNT05TVFJBVElPTiBB
+TkQgVEVTVElORzEbMBkGA1UEAxMSREVNTyBaRVJPIFZBTFVFIENBAgIEbjANBgkq
+hkiG9w0BAQEFAARAq8xpbzGHqgX9f4ImK/MhlXvIfGWng7c0dC1YbQDww5kH4K0q
+VTv/qDl79r0O79M6rFEyq1hGnrelrZD+YzghgzCCCssGCSqGSIb3DQEHATAaBggq
+hkiG9w0DAjAOAgIAoAQIn8+kb8zj2JSAggqgxtGA/FLBBRs1wbBPgDCbSG0yCwjJ
+NsFg89/k6xuXo8c5YTwsw8+XlIVq03navpew6XxxzY090rD2OJ0t6HA6GqrIpd8W
+iSh/Atqn0yfLFmkLqgIAPRfzxUxqUocxLpQsLIFp2YNUGE+yps+UZmIjw/WHfdqr
+cWTmSTSvKuy3UkIJZCkGDBpTvqk4BFaHh4oTXEpgpNY+GKxjf9TDN9GQPqQZR7sg
+Qki4t2g4/SaqKl6EoJbpOrMHTQ9LYh2O7+XemEdvXjwpdv0kyffHiaVpBBAtthjT
+bzsu67v0b9h3uDKim13uyT0wx33GEmmmDsJwf/IPH/8eu2Ck5xaafpXGmFqon4uX
+kQtIPaNclFn7/hLxPw2VmBGaC0SYF3U1jyN96EBxdjqy8Aa6ByMXYDW5BcfqniD5
+mYXfw+b81lh1kutxaPaV4YJ9ZlRUW752N7VHo/fG0/fukoe5W9a8kIhgLpygllb/
+GP4oSF4wM6n1/OgRzZj2IWFiobKO4d/tMnh+C+PoEVAuFZcxQwi9GqvsK5OoIjVw
+Nx0XcVSOl1TTYS9SwC7ugMBCab73JiruC24pL78YM+NaIpIQ3On4DokJA2ZHtjBj
+ZIxF4tKA144RvFN6pBd6TVE5XM6KD/Vh9bjSmujtEAfdQ3TedvKJsbZuu0stErbv
+WcRy11I328l557ECU+3eODid62PpuefHp0NTZJGqnYIShBpKRBuyhNxkyjmPfzYc
+KgCQ69fRl3QOqCjobPpMHhVV3li1NrxKGedQcM8XcwpsTsPigp+51o2qgKzBNAqv
+5kGumHOlMKsRfrs7jZCcSaOuEj97pYx08FLEgF23cav39MOQNUEM1dNU+EYslL4o
+3RoSHRjUgPU+2t9c0prS9A/bPBDj/eD8p2kzccB4t1Uyu0s7kJoMwOJ/eNhPY6Eo
+qrED5bCgG97D1Giwt0rlMUozQYH6bw9G5qwP+YflmaGF7yKIBacI5EppxZ7SWHk6
+/VpGu8LDn+PdD9b/hm03lT5p5UEky0DyfQzF3mQ/Eds1WHigamtnrAR6BXyG3e+j
+JlqZnkLLFzx98xicz8kkjr+gRkMyyiS5FnYyvxKzfMtyn2lZ2st9nZGNNgMc9N62
+r5HgNbdDFHuRdKKzV+8kQfuMc3mOPpK1t9TFY+QgrxiB5p6S7VooI97YtP3Pbfkn
+szCEeD3V2G22kdwGnDd0OZGGJlrKt1lusYK4NJphBqLBr8EkMQQbol2a8UnAmuIr
+xKtOVGcMkoXj7ynbjr51BNswzuiFxS2cYU2QSb38Wi8uAYCInuIwaZi+whIslJzA
+bif7CtJpA1BeLOz03fKTKznjAE13/4FDgXumdweENDYPK3kx6QHxjyI06hxRMUK7
+nbi9aWCXmXP3vU7D21dp0XnAMzRQJ565JV3aHRoY7XDa4LePa7PP9ywyafOE5yCW
+7ndqx3J+2JhTDvSFsW8/q3H3iyeFhykuJVS6yugpim58soznxNoixiZkxWvdOVdi
+q1QwppRLv8chjLPNMk8mQvskszPNxTFbyxEJks3EzVGVaQ3wNZDV215D6LgV10+o
+PK/CQkZY2iigAZqUyF44lBFRRThyC+Eyt5c9rKGrkCjhUxIKQDmFhEIFzObgOL8w
+yiEXRLEix1FjqBj0I+esFcCxjqHVFtHtPDSJBmZ5eLnYMKL0by+SYMAa9z0CReIz
+l8JLL6EVIFz8kFxlkGWjr4dnOzhhPOq/mCpp0WxbavDfdhE87MdXJZBnLwoT62QG
+955HlAoEQBOGJbcoHeV0oq2fWNwGwn7ijqqDAbxFBp/sP6TGqpxr56+RWYbgQyq4
+UV6rcULMQP/3axlMbK2Trki/9Pn276O59odWfDcvOozr1WQCPDaXVhzlENc9i3I8
+pKEOVQf/UBczJ0NR9aTEF80dRg2lpXwD0ho4N0AvSiVbgxC7cPZHQwIqvq9LHRUs
+/4n+Vu3SVYU3cAxolUTiCGUSlBfkw+e0iOfkSPjDbZw/a7OBNZpedWKBxlhY91D6
+4g5mNBShMCIKrTFzGN32fSqvHfN24w88cGw1+1sEeym0niVk+NqQs+5DPuM+w6dk
+e66xdPfHauuwGdi1ixu33yZIWJIrNO0WZd+Q4FsJB2K3U/vpCdgnVpcwazrM/obK
+lBNp0r/Nha+WbfxCRXC55onTCqW2pqKA70h2UMDHOrpepU1lj0YMzmotDHSTU3L9
+09VvUMNg9uqfrQ6mSkb9j5Tl8oF2otOw5EzA1YdaKPmgsv62RWLYl80wXcBtHv5o
+Bu+Y6fZToSXVV6nGG0KUvb4sFWlZMB/uvZrv20COII6BLFGF+ju9UXts/nGIXJvV
+Kyvg17khQV0DiJQBcSjFuAdGqXen1POBbGSz6itcTk4TQDYHaOInxAjQTGTiFS9a
+sw0l9RnAXJLsTTnFX05G5fXGawqqRPi1VHk2qWfi+G8BjzrRUGiWjPQIOR3yx5IE
+SN4y9FvpYuflIeHg9urkwp6N+1f0DrJJhJY9ZQ0HTQhziJmIfvbEjNqCl7hEC28+
+F8I5tuViLgfSwcFFCvnS6WFoN4X6QdFdqMCb3ZSNXPiEBgPyLkwzCWArkP7/vARu
+WXllR4nD2Zl30WrfXhStXRigCXn+vk3/Rz7g40qQ8n364n7Kew3N+JZpuxjdfjjd
+2TLc2bp6lvzVEpaOgjuMgpRX8zan/R54ZKqzhvTooX9VHp0HCwlUvkOmdOyncxXi
+P8IA6VF1I9nn762wpsxqmWT5x6pC2kQXPUxhO1VXj6uWtZo1okJyNZ5/tNOwM7B+
+XfOZ0xw+uyVi9v4byTZM2QdsJ+d3YGYLAugTGHISLqQEerD8/gGK+/SL06b2gNed
+XPHtgSl/jHct8BWoT2BWC+sU1aKoTFoMGqnPwz4CwpJTX6/cSTW9KrrzDxodu2FO
+ZJVkM8I30q9jfVlMKhAqQButL22eNefUjf5nrPx3eINo/YWHmFghbJMZWINR29lf
+APe+kEyZbbZWbUV+PqHZdSLJN/rx+SonR8olFZUta5b87dUTgE48rAWVolseVTdD
+Uho8/nDir1dlgIZpev7DCr4i1uUbRDHPwhVRdfo9XaYh0fDPhIIK+cKxophBYxdf
+LI/X7MGpj5/TEcl4th1UAYp3lfhrVlZCKGdnQixQfZkETKDSdRHlrkA4mg+AunKl
+Alx8uUbRXheINRXP+J77XouVB+mNuVg5DXjMx9p5H6V2YFtV0u47/6S4cO/5rEHm
+yI9v+NegVOEXd2Hqw0Jx7a8DkKSGjVfErkxrPwosI2LbTC9wa3zCwheWPaHmr0hM
+GrsivKVY4OfJ7bKbItP2dylwQjyBscJJG0Vza2jjWLzdfRvFHRd+axTriN/SwrP/
+rXxlxObrxJkRe0uAvrLJ4xG9jUj5czg6e1VYaxFX1N3ewWCnGwIroo8O0jBgMIHP
+T2i2hoAQosEk62FUeN8JCA63KIoraFoANfhZgIShpOd/RRxFU4/7xZR5tMdGoYz/
+g0thR0lM+Hi88FtFD4mAh/Oat4Ri8B7bv04aokjN2UHz6nPbHHjZ8zIqpbYTCy04
+3GNZTqo8gdiWwzdHbdcJgP3HoTbQKEclFeZofDIx1hcqXkJTHKmXuiKz6zLYPuMO
+6RLfsTyyPgJi0GsAAAAA
+-----END PKCS7-----
diff --git a/crypto/openssl/crypto/pkcs7/t/msie-enc-02 b/crypto/openssl/crypto/pkcs7/t/msie-enc-02
new file mode 100644
index 000000000000..70170559651f
--- /dev/null
+++ b/crypto/openssl/crypto/pkcs7/t/msie-enc-02
@@ -0,0 +1,90 @@
+
+MIAGCSqGSIb3DQEHA6CAMIACAQAxggHCMIHMAgEAMHYwYjERMA8GA1UEBxMISW50ZXJuZXQxFzAV
+BgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5k
+aXZpZHVhbCBTdWJzY3JpYmVyAhBgQJiC3qfbCbjdj5INYLnKMA0GCSqGSIb3DQEBAQUABEACr4tn
+kSzvo3aIlHfJLGbfokNCV6FjdDP1vQhL+kdXONqcFCEf9ReETCvaHslIr/Wepc5j2hjZselzgqLn
+rM1ZMIHwAgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDERMA8GA1UE
+BxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29mdCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNU
+UkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQDExJERU1PIFpFUk8gVkFMVUUgQ0ECAgRuMA0GCSqG
+SIb3DQEBAQUABEBanBxKOvUoRn3DiFY55lly2TPu2Cv+dI/GLrzW6qvnUMZPWGPGaUlPyWLMZrXJ
+xGXZUiRJKTBwDu91fnodUEK9MIAGCSqGSIb3DQEHATAaBggqhkiG9w0DAjAOAgIAoAQImxKZEDWP
+EuOggASCBACBi1bX/qc3geqFyfRpX7JyIo/g4CDr62GlwvassAGlIO8zJ5Z/UDIIooeV6QS4D4OW
+PymKd0WXhwcJI0yBcJTWEoxND27LM7CWFJpA07AoxVCRHTOPgm794NynLecNUOqVTFyS4CRuLhVG
+PAk0nFZG/RE2yMtx4rAkSiVgOexES7wq/xWuoDSSmuTMNQOTbKfkEKqdFLkM/d62gD2wnaph7vKk
+PPK82wdZP8rF3nUUC5c4ahbNoa8g+5B3tIF/Jz3ZZK3vGLU0IWO+i7W451dna13MglDDjXOeikNl
+XLsQdAVo0nsjfGu+f66besJojPzysNA+IEZl6gNWUetl9lim4SqrxubUExdS2rmXnXXmEuEW/HC7
+dlTAeYq5Clqx5id6slhC2C2oegMww3XH9yxHw6OqzvXY6pVPEScEtBMQLgaKFQT+m2SRtbTVFG7c
+QcnUODyVB1IbpQTF1DHeeOX1W/HfpWZym8dzkti6SCyeumHmqO406xDiIMVKtHOqM86nEHuAMZsr
+cLy+ey6TEJvR6S4N8QRzng8JJDZDTJXQN6q84aEudsnOrw2KyOVwPpI6ey4qBsHUgQ8kAFy5lsQa
+WV45h6exgUwbBcKLgPZGFj+OdD2RKJsTb83/UqbJS5Q/lGXhzBlnaYucyJxEprRxbntmcnOEPFJe
++tRDUwOTd7qlJljdhIJL+uDcooL9Ahgo6Cwep6tduekv2cSEohJeTE8Dvy34YRhMbLvnFNdmnpNy
+rNZDYVVxxaKoyd2AfB8NPFZh1VdAYfI3R1QAQ2kXEef5NNIfVQfMzD9akJn4RP+Kv32Qaxm4FrnK
+xmwRyGJShavIBc2ax+F1r1+NZXuSBHn5vfoRTxOk0ST4dXsw74dnlYUMRaSu4qqUdM9jsXSyeX4Z
+gQgkR2bkaYO6ezFgenFIa7QWVw8rXZAEZ5aibCxbnY1VE41PYIvhlLdbFJhH9gY22s+fFAuwnzyA
+SRjC40A9aAEItRlaPStWSGiqlLRgNkBBwdpv2l2YPBd2QzHx6ek6XGrvRJuAC+Nh62rtQKwpNH54
+YAOHW55maBFW2SQ3TF+cZ6NbbqhCmHTyyR7mcSYc9sXSVDWEhYKQ1iyU870zhHWVpvglZizZetJC
+ZFjYex3b1ngVdcgargOvpPq9urCKKi2mbkqv/EFpzSWGXkKSpfCG/XfMnEOtkNrB8S06vnk2JcJB
+OBqJot+uuSH5hOg0vTpxX2DuONJSiWSWyfRE/lTfJJFXwhod7SXclUyXPeSyibcSic2hVAzDmwjD
+31js/j2k02PI/agPhr3UQ8cMgcNAiaoCKbNaWfn6BGbCAbTchxzUlo2cSJiLlrX2IDZmfXbXmZCo
+m1smWIG+BIIEALiuAxDb6dWLAYyVBoN9hYI4AiPeZAY9MtvQ6AV8o2/EFm6PvYGXy3Hei5830CH0
+PBeX7Kdd6ff1y33TW/l5qSkIL1ULTGR7okFfJePHDmq1dFt6/JOMptiQ8WSu7CsJQvZ9VTFXeYFc
+ZqCPPZc1NrPegNK70Zf9QxWIbDAevJ5KLBf1c6j8pU2/6LnvDY6VjaTvYSgr7vTR8eVzH4Rm77W0
+iOHxg5VcODv6cGSVyuvbX8UAGo8Cmb58ERDtBDJBQXVpWKLNAuDJ9GX8n2zNkpjZLbPSkcmuhqGa
+BJBE/BaCTkUQWlY9dIbRtEnxIU1mfbPPdx1Ppa8DqGDjSOsQdKcKYNNZtayEw++EIpmpdBNsKphC
+fB8UEK2Wkk4ZVW+qyGoi/r0MFsvO1NmSOOZ0o/jy/YHmoeURHhPy97AO3eVTkEAa5CfJEJybmo56
+7CDw/FwoGAUCgsoz7rlxzMudr/IhHIH+APinncxXlHO2ecvHD9i8DaHGA8tVifgsUhqQoZieULut
+eF94O5UAxOkv41UZssYTwN4nYrN1QkesZl3BX4ORS4EE30/PQ23ARf3WZptZrCJevGm2ZYzGeh8x
+g17mCDfiLO+bff4qP/4mC96Pu4ia6j4to5BwKIJS/+DCuoD8WeSKF4pugXQkMUiHdQnNnVP9Sp2O
+/4ly5mO8JzrQC59V2bnTNBqPhpno8kfJvK5TypPSVC+bTzern3rJ6UceB3srcn9zxKx9GdNydJQj
+yWjv8ec3n3d1nuQwhz5Q053NBhIjwoGg3Go7LO6i78ZOlpF7dcoAO13NfHLyNjnyHCaiWtVRTct9
+rLf5vN00urSn8YJngHk1eTKK8nHGIcOg6YdYDOD2nE5XwRijKmieG8Xa3eKRzfbL06GrBQENle6J
+mC131bp3cRVxpjq+o6RAbGoMm4yICsL4eTarCQrsyHmoPHqr91UHo91avyxU7knWmEhX27ybmsrs
+8aeZwPHixL14TeyhruCqRVvkf1Ks7P+z8MPUboGNqQe2WLN8ktCGEr15O8MJR/em86G03Jfo4oaw
+/DVUH5RwLT6acedOGuzMh/2r8BcmemhVQ8/cWvV4YJ0tOW4hzyVHC5hQf8sZ3LzxXLH6Ohnrbprh
+xvrdbaSdChWZDDP0bCCbxEhkwuBkBeKZrMbwRTP+TPTPYLVTH/CmKLzKh/114tkGkyO3hHS4qExU
+V39F2Sj4mylx+hD0+20D9pntpNi7htccGlOm6yNM69at/3+kLgJJyoIlaxLcCUYHNMifDt+T3p/t
+5U4XmD53uUQ6M8dvj/udqPekNSUfse15yrd9pjOt5PcJuqW28q0sFHf9pHIgz3XZFMe5PD7ppw6r
+S+C6Ir4PrYIEggQA7ZDVtiCm+BbtNNB/UJm79/OQ5mp5bTI0kPmDeycaWTa0Ojpum+c/dpG/iJOB
+DICj7jHOXSHT7JlGyX6aSFJUltucAnZvwzhPDmdDaIDiKSk85GqgdDWVfGosSCX9Ph/T3WpIxnwf
+WSDRtIHkWTjly+pe4yy5K6/XISy/L5Zh/fhiI5fjHjgzmlibs2ru4nVw6hBhUvlSSe2BEs5d9h/y
+NH8Wy3qvb2D3jh7hkepFtZJGNTHp8ZUC7Ns2JIpQYObsaxdI65i3mMOu7fRwI+0/4ejsWhP6KCEi
+LgwvLg0qM82ma6YB7qHAHboaczRVEffDcJUG4a5uycB0DoZFn+uEaEFyili20hCn4hVfsqUQk2PT
+8Mo1tSl5e30xI1YJZrRgiJm9nHRX6fLizngP+ILJLPHZsPvlSVIfY+/v/FR8feKOjaGhyGF51BAx
+aM2NIQ4jMP5/X+U5gQybi0E6u7rroDhaHsKmCMgXqszwXWCpedA/sEbeHpiTC59YlPPSlIOMc9vP
+Ko/mQCfWy/9icUaIfKQldvkllUxxNkqu6AbIpHVscbAEzSPs5xbQXU8EZNNCDisFnnpY3nQ3eLnl
+m89saTJxRb7NWHRMlmPv7qgD7uMIq3vdOGA7i5wT9MeoNIgK1/DsgH30s6RWjJy4YyyLmRTXPzbj
+hbQVpEmiMRbEidIvUx2OjKVxVQIcgtLsa2lvHQ4XL1cpLr5GVtOgy0fMg5OCDUUDsvjgjgLQ3P2U
+p2nVY5FM6/QpPc5DTLuuR9ekI2/c9Biz09RtcYDUQK2ajdo8h1IyKqHFoB7h48OXxXKKY94DY0TG
+x6PonB/epj8orAw4QKmm5M0vXYwBOqRymCTHTqOJGObdLx1euFFyqguzHJOU2gAGZI0z9Lg1yRuF
+yhdPZyuniIcmtLNxRZ1duYHErcAyX56qndmLXt7UVkATai/rIMuoJLfAsUnVuTUS5p7tJM754UZT
+7lTcXvDJgOUNnBRaIcxC3pxvbrYDJ2iFJ72xkxUP2p74gucqg25XnCVmQuLg6zDDxF6CLuw9isxy
+Xg4pkneMN//7fpp8GYl9nyZm2yqYYM+jcw0fcVc64L+X4w/gL3H2UMGgxIHSJp7HIG7VKHtXrNyj
+dPXXPVUsMsAAimqOr0Lr2sZWirfuivLaPTqhbkvG5PF7K3gT80AOIcd/6EIHBy2hZ7ukfjHmdP4L
+yQOhTQklaKzGHI0mypq0uFLWJOUlZnVrMiLP1xrWkpC8Ro9eo6mfjjQ45z8adC43a47klwTEzvod
+3rNEFIGJJUEjAN3mbqie7IxoSJknBBJK0D9lZEQ8lZWlq7vuN8JdqPM6xh155jMVsPwjLK6Tzkj5
+BpRD9Tgm3u6HPQSCBADgkWEN75Mu9TGosXY0xm1k6K6sPv8L949CrLWo4r1I2LA072bTGvQP28Vs
+hUA76jgcT1ocC++9PoktIK10YCq5w+FfMAQ04KeCXuAdmiY2iAT4Slea61PMCMta3mVGyLUZCLEm
+P+I0UKR5mlO0fGEcjU9j8TmbjZqxNFqloLsU7oSi7Os0EtYHkdAVrExUyOc/ZDie6fBjdLTmLdCm
+bE9JNwjlbXypdTZupGgLNhKGDIskUAAMwZYayI6YfSIMkNCeAYTnjOuGZZ1msCXGXsfMBR1sfUIj
+9UeGjwD8gq+UVVHX/oeoH/m0eJ5ppqi3+nUlgc9DvpYsC/Fg0G2KuYb9B+VJ+a4GMzQSPREoFtQp
+B9dtLkBb7Ha/hpGWTIdqzW0eAo5llyN8FNvl2Fu2IcLaNmWFO69gLjRKQopp0dvFOuwAVI6fvGDj
+p1WigoNbFZl8N+iiWmzKOjoG2ZLbez1clZCms/JPJrXhEMMOxWpVzkQyN336VWHmGgMcjaKCGSeA
+2nnESIGuiCXMrkHlGfabYIsKcHFCo2t13uXyZPf0zSPTkuD0Eh92wqC9pvA3gvrrCUfo9Mn3bs+e
+KWKmDlpcs8mDn032oIg+zrQhIduMqXVn3evzeVM3B5MBOGMvg51/SXg7R+MC/463juQQEb9IVe/I
+YGnO//oWm9lw/377Af/qH+FnN02obJw1FvesQIs9e5RHNQykKbO+vmVJQl1nd9DZWrHDNO7/80Yz
+2hCm7Tws5nSRN2iFlyRaYJHr7ypxkU2rCak2r6ua7XDwu1qU2RT3+qPjT1RuxQ2oTlHyGkKPMZGC
+Rc+CSWz5aeeCmHZVwdb3nC8YpfsujMiYqygLeuQ82pjKuR7DIKGmnfcOLdv5F+Ek2Wyy0D98iSgk
++aoQGYLhL9llU13pn21uRsDY5uGcXiIw1IETFlTdgENEv8futZuJsegrp7fmFXyNoNyFNyypeDrM
+6ZqR4vKxFjg3tKKeVpkw/W4EAklzMxmNiazGNDBHsnYV3rwPlKa+HeeE2YxnsKwGLCNgRYUXTaJk
+461vS160z3dvh/mLfdZ7MYCkmO3bNE3ELUDAw7YQkSuo9ujzdFKte9LC34sjg9fOex3ThAg5Y50n
+wYm4zBmGM7yEqL8O6QgnM6tIDFS9XryDaLNzcGhMWqMvhzO6sC/AA2WfLgwS517Cp03IkJQWqG9q
+w52+E+GAtpioJfczEhlv9BrhjttdugRSjJrG8SYVYE4zG3Aur5eNBoGaALIOHOtPw8+JovQmIWcF
+oaJ/WQuglFrWtew51IK6F8RiHAOBVavZOuZcO7tV+5enVfreOd0rX8ZOy4hYmHhmF1hOrrWOn+Ee
+E0SYKonXN01BM9xMBIIBSLCvNAppnGPTUGjwbMJRg1VJ2KMiBWH5oJp8tyfIAxMuWFdtaLYbRSOD
+XbOAshPVK8JAY8DQDkzqaCTAkLTfSRAt9yY6SbUpMsRv7xa8nMZNJBJzJT9b/wNjgiOJgaGuJMkV
+2g/DX2jfP3PrMM/Sbnz7edORXHj1Pa5XTT8nG5MS0FuZgvevdq3o/gVVAz+ZCKOH3ShMzZvfp01l
+SX5gaJTflmU6cdNwtn2yZ6IScF7OrjUeA9iEoSVR9dQcA+4lB3RAG3LMwcnxXY35D7+PMJzHIZdF
+cSnq+n03ACY2/E/T31iijRH29rvYHGI+mP/ieYs45iq4fTWo6i1HofeWLdP0fX7xW3XO0/hWYFiw
+BxKu66whAbRhaib3XJNvetVs25ToYXyiDpjG+cd5rCMei8sGQwTBj9Zeh0URoeMW1inTP0JvCmMU
+rZgAAAAAAAAAAAAA
+
diff --git a/crypto/openssl/crypto/pkcs7/t/msie-enc-02.pem b/crypto/openssl/crypto/pkcs7/t/msie-enc-02.pem
new file mode 100644
index 000000000000..279c5d830b07
--- /dev/null
+++ b/crypto/openssl/crypto/pkcs7/t/msie-enc-02.pem
@@ -0,0 +1,106 @@
+-----BEGIN PKCS7-----
+MIAGCSqGSIb3DQEHA6CAMIITQAIBADGCAcIwgcwCAQAwdjBiMREwDwYDVQQHEwhJ
+bnRlcm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNVBAsTK1ZlcmlT
+aWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXICEGBAmILep9sJ
+uN2Pkg1gucowDQYJKoZIhvcNAQEBBQAEQAKvi2eRLO+jdoiUd8ksZt+iQ0JXoWN0
+M/W9CEv6R1c42pwUIR/1F4RMK9oeyUiv9Z6lzmPaGNmx6XOCoueszVkwgfACAQAw
+gZkwgZIxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQH
+EwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRzb2Z0IFB0eSBMdGQxIjAgBgNVBAsT
+GURFTU9OU1RSQVRJT04gQU5EIFRFU1RJTkcxGzAZBgNVBAMTEkRFTU8gWkVSTyBW
+QUxVRSBDQQICBG4wDQYJKoZIhvcNAQEBBQAEQFqcHEo69ShGfcOIVjnmWXLZM+7Y
+K/50j8YuvNbqq+dQxk9YY8ZpSU/JYsxmtcnEZdlSJEkpMHAO73V+eh1QQr0wghFz
+BgkqhkiG9w0BBwEwGgYIKoZIhvcNAwIwDgICAKAECJsSmRA1jxLjgIIRSIGLVtf+
+pzeB6oXJ9GlfsnIij+DgIOvrYaXC9qywAaUg7zMnln9QMgiih5XpBLgPg5Y/KYp3
+RZeHBwkjTIFwlNYSjE0PbsszsJYUmkDTsCjFUJEdM4+Cbv3g3Kct5w1Q6pVMXJLg
+JG4uFUY8CTScVkb9ETbIy3HisCRKJWA57ERLvCr/Fa6gNJKa5Mw1A5Nsp+QQqp0U
+uQz93raAPbCdqmHu8qQ88rzbB1k/ysXedRQLlzhqFs2hryD7kHe0gX8nPdlkre8Y
+tTQhY76LtbjnV2drXcyCUMONc56KQ2VcuxB0BWjSeyN8a75/rpt6wmiM/PKw0D4g
+RmXqA1ZR62X2WKbhKqvG5tQTF1LauZeddeYS4Rb8cLt2VMB5irkKWrHmJ3qyWELY
+Lah6AzDDdcf3LEfDo6rO9djqlU8RJwS0ExAuBooVBP6bZJG1tNUUbtxBydQ4PJUH
+UhulBMXUMd545fVb8d+lZnKbx3OS2LpILJ66Yeao7jTrEOIgxUq0c6ozzqcQe4Ax
+mytwvL57LpMQm9HpLg3xBHOeDwkkNkNMldA3qrzhoS52yc6vDYrI5XA+kjp7LioG
+wdSBDyQAXLmWxBpZXjmHp7GBTBsFwouA9kYWP450PZEomxNvzf9SpslLlD+UZeHM
+GWdpi5zInESmtHFue2Zyc4Q8Ul761ENTA5N3uqUmWN2Egkv64Nyigv0CGCjoLB6n
+q1256S/ZxISiEl5MTwO/LfhhGExsu+cU12aek3Ks1kNhVXHFoqjJ3YB8Hw08VmHV
+V0Bh8jdHVABDaRcR5/k00h9VB8zMP1qQmfhE/4q/fZBrGbgWucrGbBHIYlKFq8gF
+zZrH4XWvX41le5IEefm9+hFPE6TRJPh1ezDvh2eVhQxFpK7iqpR0z2OxdLJ5fhmB
+CCRHZuRpg7p7MWB6cUhrtBZXDytdkARnlqJsLFudjVUTjU9gi+GUt1sUmEf2Bjba
+z58UC7CfPIBJGMLjQD1oAQi1GVo9K1ZIaKqUtGA2QEHB2m/aXZg8F3ZDMfHp6Tpc
+au9Em4AL42Hrau1ArCk0fnhgA4dbnmZoEVbZJDdMX5xno1tuqEKYdPLJHuZxJhz2
+xdJUNYSFgpDWLJTzvTOEdZWm+CVmLNl60kJkWNh7HdvWeBV1yBquA6+k+r26sIoq
+LaZuSq/8QWnNJYZeQpKl8Ib9d8ycQ62Q2sHxLTq+eTYlwkE4Gomi3665IfmE6DS9
+OnFfYO440lKJZJbJ9ET+VN8kkVfCGh3tJdyVTJc95LKJtxKJzaFUDMObCMPfWOz+
+PaTTY8j9qA+GvdRDxwyBw0CJqgIps1pZ+foEZsIBtNyHHNSWjZxImIuWtfYgNmZ9
+dteZkKibWyZYgb64rgMQ2+nViwGMlQaDfYWCOAIj3mQGPTLb0OgFfKNvxBZuj72B
+l8tx3oufN9Ah9DwXl+ynXen39ct901v5eakpCC9VC0xke6JBXyXjxw5qtXRbevyT
+jKbYkPFkruwrCUL2fVUxV3mBXGagjz2XNTaz3oDSu9GX/UMViGwwHryeSiwX9XOo
+/KVNv+i57w2OlY2k72EoK+700fHlcx+EZu+1tIjh8YOVXDg7+nBklcrr21/FABqP
+Apm+fBEQ7QQyQUF1aViizQLgyfRl/J9szZKY2S2z0pHJroahmgSQRPwWgk5FEFpW
+PXSG0bRJ8SFNZn2zz3cdT6WvA6hg40jrEHSnCmDTWbWshMPvhCKZqXQTbCqYQnwf
+FBCtlpJOGVVvqshqIv69DBbLztTZkjjmdKP48v2B5qHlER4T8vewDt3lU5BAGuQn
+yRCcm5qOeuwg8PxcKBgFAoLKM+65cczLna/yIRyB/gD4p53MV5RztnnLxw/YvA2h
+xgPLVYn4LFIakKGYnlC7rXhfeDuVAMTpL+NVGbLGE8DeJ2KzdUJHrGZdwV+DkUuB
+BN9Pz0NtwEX91mabWawiXrxptmWMxnofMYNe5gg34izvm33+Kj/+Jgvej7uImuo+
+LaOQcCiCUv/gwrqA/FnkiheKboF0JDFIh3UJzZ1T/Uqdjv+JcuZjvCc60AufVdm5
+0zQaj4aZ6PJHybyuU8qT0lQvm083q596yelHHgd7K3J/c8SsfRnTcnSUI8lo7/Hn
+N593dZ7kMIc+UNOdzQYSI8KBoNxqOyzuou/GTpaRe3XKADtdzXxy8jY58hwmolrV
+UU3Lfay3+bzdNLq0p/GCZ4B5NXkyivJxxiHDoOmHWAzg9pxOV8EYoyponhvF2t3i
+kc32y9OhqwUBDZXuiZgtd9W6d3EVcaY6vqOkQGxqDJuMiArC+Hk2qwkK7Mh5qDx6
+q/dVB6PdWr8sVO5J1phIV9u8m5rK7PGnmcDx4sS9eE3soa7gqkVb5H9SrOz/s/DD
+1G6BjakHtlizfJLQhhK9eTvDCUf3pvOhtNyX6OKGsPw1VB+UcC0+mnHnThrszIf9
+q/AXJnpoVUPP3Fr1eGCdLTluIc8lRwuYUH/LGdy88Vyx+joZ626a4cb63W2knQoV
+mQwz9Gwgm8RIZMLgZAXimazG8EUz/kz0z2C1Ux/wpii8yof9deLZBpMjt4R0uKhM
+VFd/Rdko+JspcfoQ9PttA/aZ7aTYu4bXHBpTpusjTOvWrf9/pC4CScqCJWsS3AlG
+BzTInw7fk96f7eVOF5g+d7lEOjPHb4/7naj3pDUlH7Htecq3faYzreT3CbqltvKt
+LBR3/aRyIM912RTHuTw+6acOq0vguiK+D62C7ZDVtiCm+BbtNNB/UJm79/OQ5mp5
+bTI0kPmDeycaWTa0Ojpum+c/dpG/iJOBDICj7jHOXSHT7JlGyX6aSFJUltucAnZv
+wzhPDmdDaIDiKSk85GqgdDWVfGosSCX9Ph/T3WpIxnwfWSDRtIHkWTjly+pe4yy5
+K6/XISy/L5Zh/fhiI5fjHjgzmlibs2ru4nVw6hBhUvlSSe2BEs5d9h/yNH8Wy3qv
+b2D3jh7hkepFtZJGNTHp8ZUC7Ns2JIpQYObsaxdI65i3mMOu7fRwI+0/4ejsWhP6
+KCEiLgwvLg0qM82ma6YB7qHAHboaczRVEffDcJUG4a5uycB0DoZFn+uEaEFyili2
+0hCn4hVfsqUQk2PT8Mo1tSl5e30xI1YJZrRgiJm9nHRX6fLizngP+ILJLPHZsPvl
+SVIfY+/v/FR8feKOjaGhyGF51BAxaM2NIQ4jMP5/X+U5gQybi0E6u7rroDhaHsKm
+CMgXqszwXWCpedA/sEbeHpiTC59YlPPSlIOMc9vPKo/mQCfWy/9icUaIfKQldvkl
+lUxxNkqu6AbIpHVscbAEzSPs5xbQXU8EZNNCDisFnnpY3nQ3eLnlm89saTJxRb7N
+WHRMlmPv7qgD7uMIq3vdOGA7i5wT9MeoNIgK1/DsgH30s6RWjJy4YyyLmRTXPzbj
+hbQVpEmiMRbEidIvUx2OjKVxVQIcgtLsa2lvHQ4XL1cpLr5GVtOgy0fMg5OCDUUD
+svjgjgLQ3P2Up2nVY5FM6/QpPc5DTLuuR9ekI2/c9Biz09RtcYDUQK2ajdo8h1Iy
+KqHFoB7h48OXxXKKY94DY0TGx6PonB/epj8orAw4QKmm5M0vXYwBOqRymCTHTqOJ
+GObdLx1euFFyqguzHJOU2gAGZI0z9Lg1yRuFyhdPZyuniIcmtLNxRZ1duYHErcAy
+X56qndmLXt7UVkATai/rIMuoJLfAsUnVuTUS5p7tJM754UZT7lTcXvDJgOUNnBRa
+IcxC3pxvbrYDJ2iFJ72xkxUP2p74gucqg25XnCVmQuLg6zDDxF6CLuw9isxyXg4p
+kneMN//7fpp8GYl9nyZm2yqYYM+jcw0fcVc64L+X4w/gL3H2UMGgxIHSJp7HIG7V
+KHtXrNyjdPXXPVUsMsAAimqOr0Lr2sZWirfuivLaPTqhbkvG5PF7K3gT80AOIcd/
+6EIHBy2hZ7ukfjHmdP4LyQOhTQklaKzGHI0mypq0uFLWJOUlZnVrMiLP1xrWkpC8
+Ro9eo6mfjjQ45z8adC43a47klwTEzvod3rNEFIGJJUEjAN3mbqie7IxoSJknBBJK
+0D9lZEQ8lZWlq7vuN8JdqPM6xh155jMVsPwjLK6Tzkj5BpRD9Tgm3u6HPeCRYQ3v
+ky71MaixdjTGbWTorqw+/wv3j0KstajivUjYsDTvZtMa9A/bxWyFQDvqOBxPWhwL
+770+iS0grXRgKrnD4V8wBDTgp4Je4B2aJjaIBPhKV5rrU8wIy1reZUbItRkIsSY/
+4jRQpHmaU7R8YRyNT2PxOZuNmrE0WqWguxTuhKLs6zQS1geR0BWsTFTI5z9kOJ7p
+8GN0tOYt0KZsT0k3COVtfKl1Nm6kaAs2EoYMiyRQAAzBlhrIjph9IgyQ0J4BhOeM
+64ZlnWawJcZex8wFHWx9QiP1R4aPAPyCr5RVUdf+h6gf+bR4nmmmqLf6dSWBz0O+
+liwL8WDQbYq5hv0H5Un5rgYzNBI9ESgW1CkH120uQFvsdr+GkZZMh2rNbR4CjmWX
+I3wU2+XYW7Yhwto2ZYU7r2AuNEpCimnR28U67ABUjp+8YOOnVaKCg1sVmXw36KJa
+bMo6OgbZktt7PVyVkKaz8k8mteEQww7FalXORDI3ffpVYeYaAxyNooIZJ4DaecRI
+ga6IJcyuQeUZ9ptgiwpwcUKja3Xe5fJk9/TNI9OS4PQSH3bCoL2m8DeC+usJR+j0
+yfduz54pYqYOWlyzyYOfTfagiD7OtCEh24ypdWfd6/N5UzcHkwE4Yy+DnX9JeDtH
+4wL/jreO5BARv0hV78hgac7/+hab2XD/fvsB/+of4Wc3TahsnDUW96xAiz17lEc1
+DKQps76+ZUlCXWd30NlascM07v/zRjPaEKbtPCzmdJE3aIWXJFpgkevvKnGRTasJ
+qTavq5rtcPC7WpTZFPf6o+NPVG7FDahOUfIaQo8xkYJFz4JJbPlp54KYdlXB1vec
+Lxil+y6MyJirKAt65DzamMq5HsMgoaad9w4t2/kX4STZbLLQP3yJKCT5qhAZguEv
+2WVTXemfbW5GwNjm4ZxeIjDUgRMWVN2AQ0S/x+61m4mx6Cunt+YVfI2g3IU3LKl4
+OszpmpHi8rEWODe0op5WmTD9bgQCSXMzGY2JrMY0MEeydhXevA+Upr4d54TZjGew
+rAYsI2BFhRdNomTjrW9LXrTPd2+H+Yt91nsxgKSY7ds0TcQtQMDDthCRK6j26PN0
+Uq170sLfiyOD1857HdOECDljnSfBibjMGYYzvISovw7pCCczq0gMVL1evINos3Nw
+aExaoy+HM7qwL8ADZZ8uDBLnXsKnTciQlBaob2rDnb4T4YC2mKgl9zMSGW/0GuGO
+2126BFKMmsbxJhVgTjMbcC6vl40GgZoAsg4c60/Dz4mi9CYhZwWhon9ZC6CUWta1
+7DnUgroXxGIcA4FVq9k65lw7u1X7l6dV+t453Stfxk7LiFiYeGYXWE6utY6f4R4T
+RJgqidc3TUEz3EywrzQKaZxj01Bo8GzCUYNVSdijIgVh+aCafLcnyAMTLlhXbWi2
+G0Ujg12zgLIT1SvCQGPA0A5M6mgkwJC030kQLfcmOkm1KTLEb+8WvJzGTSQScyU/
+W/8DY4IjiYGhriTJFdoPw19o3z9z6zDP0m58+3nTkVx49T2uV00/JxuTEtBbmYL3
+r3at6P4FVQM/mQijh90oTM2b36dNZUl+YGiU35ZlOnHTcLZ9smeiEnBezq41HgPY
+hKElUfXUHAPuJQd0QBtyzMHJ8V2N+Q+/jzCcxyGXRXEp6vp9NwAmNvxP099Yoo0R
+9va72BxiPpj/4nmLOOYquH01qOotR6H3li3T9H1+8Vt1ztP4VmBYsAcSruusIQG0
+YWom91yTb3rVbNuU6GF8og6YxvnHeawjHovLBkMEwY/WXodFEaHjFtYp0z9Cbwpj
+FK2YAAAAAA==
+-----END PKCS7-----
diff --git a/crypto/openssl/crypto/pkcs7/t/msie-s-a-e b/crypto/openssl/crypto/pkcs7/t/msie-s-a-e
new file mode 100644
index 000000000000..0067794d7081
--- /dev/null
+++ b/crypto/openssl/crypto/pkcs7/t/msie-s-a-e
@@ -0,0 +1,91 @@
+
+MIAGCSqGSIb3DQEHA6CAMIACAQAxggHCMIHMAgEAMHYwYjERMA8GA1UEBxMISW50ZXJuZXQxFzAV
+BgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5k
+aXZpZHVhbCBTdWJzY3JpYmVyAhBgQJiC3qfbCbjdj5INYLnKMA0GCSqGSIb3DQEBAQUABECjscaS
+G0U299fqiEAgTqTFQBp8Ai6zzjl557cVb3k6z4QZ7CbqBjSXAjLbh5e7S5Hd/FrFcDnxl1Ka06ha
+VHGPMIHwAgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDERMA8GA1UE
+BxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29mdCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNU
+UkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQDExJERU1PIFpFUk8gVkFMVUUgQ0ECAgRuMA0GCSqG
+SIb3DQEBAQUABECsyHXZ1xaiv0UQRvOmVYsaF38AL2XX75wxbCsz5/wOg7g3RP4aicZxaR4sBog0
+f2G1o9om/hu+A0rIYF/L4/GUMIAGCSqGSIb3DQEHATAaBggqhkiG9w0DAjAOAgIAoAQIsozQrnwj
+cc2ggASCBAAQz/LPoJe/+iYWeTwSebz6Q9UeKZzQ2UWm7GLtEM3s3c9SCvpmkwIRdEhLjWaBJMyI
+DiL7t1I1vMf9inB8LXgAcIEYkpNScjS8ERA9Ebb7ieNKSBg7w7B8ATHFxLSlDADqRgoZrB1Ctfgf
+ximp3EgxTgnhtyQhZxXW7kBQyFRwumplrJXOp7albP7IothrOKncw30IJT1fwPxWNMItI9juXF0U
+CbWVSjPzGBo4+XNXMvUO6MplOQEz/ywEQ9E8OZAQex1Zw9qq5ppsXB2pMsYV5sLJGikukMYKquiz
+3YK+tN6J8ahLcDUs+VGwqvZi17gpBTlbEP+ZmXJpnO63t1yTEB0V5AZcRKWUOhzlCBM5YUagqNoY
+cpsmSvOK6bYzkUKOrzWpDCAtGZ/Dvul5dTZZmxs2WpM+iyeHXMxO3huy8K1brPTqt1f1sHhuq1jD
+1eXedaCjIgUW9qV18vNAQCof/Yb6T/1fxztf/jD7pPLQJ+7LJkKCAEHGcaizpoKqhYcttaEhLq1G
+O+Ohqf7yFegMdTJ3wwP324w5ZYSU5fLo2Z34/Edf6EGvXyTIqVfAmEBALd6JGVdN5GlYYTxrL+eO
+P80Z4ao4YKoxwEmRp5bmQsQ8B29QhOFKmC6eiG5B96qLMtp7Zmu1grDNxTd6OXShWVwYARD0/B1P
+Sy0PAfk9Gb4fAkO9fZJDQYZ7s0mM5iOPEeSR7820TolOb+KfRabLA9d714jsc2jEykKlpP66Bh4j
+aCsyqJ0uUQcE8SnzrKAqGwgWiCGQpiTa+HBiP6eRlRGOKQj5Y06vcNx6Ija4cGe6+yCN8HV8tCY0
+okZK98NQCl5t79R/ZB2c3NvBJH+/g3ulU48ikT3tVmDxE3mOZofZyGFEM99P+YCMScLDxTl3hzGy
+0YkI8U855P7qOAbcFfh2T5n+LSELwLhbkymEfZT917GWTfmypBWMvJx0WHeDhKwQYPdzbKgWETnc
+yeKasaCW+oLdhBwrd6Ws2r4MA8cwiYXDLbwYmCxJA8VF++8kubF2HJOjSyMBS+QT2PSV/0D9UWoi
+Vfk7R4OvWBJVvq7nV+lXS0O5igjExxlmx1OaBfg7+Cr/MbK4zVNrKSJn82NnKKt6LC6RaTmvFYay
+0sDFxQ7Xo+Th6tDNKmKWJt6Kegfjc+qTWJTKb3kL+UI8vS0zTLy1+M/rZ4ekos/JiS5rYIcAswvg
+58kBgp/0rc6upBeWjBaK5O0aLAeBQfLulo1axWX04OSVKmYeoAltyR6UO9ME3acurQyg7Ta24yqO
+whi/PrIaEiO7dsWvFtzsshVzBLic02NlAkPkMUzliPYnZHWQglDAVxL5K2qhvK1OFCkQpIgBsBDM
+6KYRL/mkBIIEALIl927rIkaN37/BQIcxLcSa05YfC0Hl3mxWESt1A0D4lA37A9S8EbYmDfAYlMc0
+3HhZGdZEtawfpJFyDHzNZceNWBch6nxeNZCY4YFdsbzuGS0RKpwNA9S/czOJ4p9ymBCxuhGepI3U
+PKbC8C749Www1/wMdAot1n+K7M/PBGR8hWmaH5SS7U3yMwAB1fq2NDjx4ur+Um+MclSdN01MDXzG
+EO+eAo1pdAY8479234l8dB2YVAhZ1ZlJ4KmbqMKJrGJXnQUEYS6/cTDRjsUocsoW7uGg1ci2GiHa
+qjlkfpBfie3SdhFW/K8hwAH0HALs56oFN66wUkP/AaJAPfIUNhR6RpHKzZ9zCC42oB2mNawQRMnF
+ETBl1s/SwMxLKRp7jAfKs4NZxSY6I9z/2dTpzS3tsHMjxVDuxkolvRNWBILEMeL1CBvip2HhmoUw
+/Sz5NDgyzk1aQLV6DQNJ2RZLMZDRCtSwZSBu6lhhSgTJGazP0+NbqXXC5aQTrqrFIcWyDXz+ADle
+kszzYM/gSaQTCALTwfDDaU9Ek3xVgW+XBtExtJ3U+0AN3l0j86rUIdIvp6eWdxWQqv9LtpoorKMD
+KfUc5PYV09Z1JgsT4X51Zzq+74l5dz7udIM7UNbdTpmRm9PDj3TUbGCvNR9hqOEGTLbkvb1ZR24a
+h6uGRl2znB25IpDAGRhNRb9is/pO2tvHwHTDMOjrgvZG/pNvXgSUxz0pRjUjXIcqBe2X2gcQfeal
+r8gY76o83WEGL6ODryV9vTQVHt52+izgpYoBZaVlpgqbZl54c+OE0Zxf9RwXwDbcYu5Ku5E0MPL0
+qUjc0y2+Y6E4P5bAWaZGMGT+ORkyVUzcaWmM/+XlO7PER5wrWlCIMZCX1L/nvioY0q0CKqALn7DJ
+QU+qenbwrb6uwS7uNZY6V86s0aDYpU7yRyqxC5SbuyNJb02gdxUCgpIscFaMUjMVRml4M4BIjX/b
+U+HgHoVMUm8SnN9gRcT2izPrgOGVcMTJjfenzoCKoCPo9RjgGMctgB4DvKamErNU7OrilIfuoqzE
+PNSeP9SPw/zkDmNvMebM499We9CVnsHUWqF00/ZJWoua77+0f1bLS/tmci1JBvIcMo/4SJvgH+KF
+o0gijP9gqAPd5iCOnpnJlHUqRIym42SmyKEDuzdSwXKjAR6j7uXda39JyMJr8gGzEsu0jYRkAmj1
+YdiqwKXUcLMkcj1AKeU/PxTUVw0YKsv/rowrPYww3xQUWqNivrXB7GCHE3BzsYNdHsmziaGIXQbA
++EBHdkuKrM8BcC+fxhF/l/KUxngsD1E75IcUv8zFDF+sk4CBYHqks9S4JYlcubuizqsILbdGzIMN
+Z7w34k0XT+sEggQAyzr8MHeIJGsT+AYnZr08PeTbyr01JEoT7lPYT6PzX4F63QKKDl+mB+PwLMzY
+CXrxZcUmuay6/MV8w/f5T6vQXdoSw5puWodBYwVReYh1IaEN+jiTapm9YBVmcIsJPO6abHowknSV
+OWSvST0AtAX57fFOTckm+facfBK9s9T1lUUgF44Bh5e8f9qKqfOV44nqdCOEyUm0Dao497ieN4Eg
+XBLNvOZY9+irMiXjp0lcyFvhrJOczfyCr9EiiaiH1TfSzKGKsf2W84iKn/JH6x2eOo7xjwJ40BQD
+c6S1cUNEuqBhP6by0FioOXYOKVyifpxk84Eb+F/4CNdTJTvCPwsiegdfsX/Q53DvKVtXp9Ycam5J
+TmKRHXK/bMHF4ONv3p/O/kn/BqRx+fbbP2eMX8Z1F/ltHKfp6B+06HljUwQLBJs9XtCfqH5Zgdz9
+gad5WZF5ykFArmHDgeFlgggvbZ7z9vqnjN/TH68TxJzauYQ5vLHQ6wGXik4/4uq7/TqNmhxlQEM4
+zVkwsn203bUmKLyz+yl1zItDpn5zy1uXfGo99rBdUzdbdE9LmEFPMaFsaHd4a8oDaUroD7FgCbeD
+JJVld3ac6F8+3QbExPs48OrgA1kI3/UwXr52ldjiYzTLfAGR9BjqNFTw45FUHuMf8TEM5hcHx56w
+95eKAqraDk28o9k+M2UKpcmrdlWoWzdqVVFeWGpM8x9Y9Nt0lf/4VUQgrXjqTkUCQkJyqTeTeGgH
+rn3QBk2XAgpxZhaJs3InW0BkAlBmK99cMinUiJeFt5a4p5wPeXrVuh6V9m7Mpl9hzpogg++EZqah
+fzzNnDgxOZfW342DX052PdgXo0NnkhCk005LvFt6M2mRn0fLgNVfyUZZoOp8cO5ZWbhXXlrhrgUt
+j2zKPK6Q94Zj4kdXHBGpAkrB8ZQ4EGGODE0Dqusm8WPXzB+9236IMHPU7lFbyjBrFNI7O4jg+qRI
+Ipi+7tX0FsilqEbmjG+OPwhZXrdqUqyF+rjKQuSRq7lOeDB4c6S2dq4OOny01i5HCbbyc9UvSHRm
+hOhGqUlzHyHLo3W7j+26V/MhkDXJ+Tx+qfylv4pbliwTteJJj+CZwzjv29qb6lxYi+38Bw10ERap
+m8UCRFBecVN7xXlcIfyeAl666Vi7EBJZv3EdFNrx1nlLwM65nYya7uj6L7IwJWotIUx8E0XH0/cU
+xS/dG8bxf9L/8652h5gq3LI+wTNGuEX0DMuz7BGQG+NtgabrZ6SsKGthGa7eULTpz0McWTLRU0y/
+/tkckpm5pDnXSFbIMskwwjECz82UZBSPpigdN/Pjg5d+0yWu7s3VJxw4ENWPPpzZ+j7sOXmdvn9P
+O1tQd60EO+3awASCBAAZQvWV3/yJ6FxPttbP+qeURpJoPEZfpN2UYZmd8HqtR0YbaOZ6Rln9nvpd
+K9fylXdw9z2xeCbjDWUttJB4VqZxGJM8eCTC1VDVyAOsQ5n7SY55dMkQbU+o4Z/4J5m8+wz50BBI
+LfruL1eZ6/CF6CdvxVRiJ10sXc0Tn2sVMXqkw7Adp1GYoCI9c6VFSFK74+n+y7LVFQ5HBnbQyKJc
+dvdLOXwZOPaFHC5UNXRmOpcwdPqyXUe+xIsOMYbzdlAnI9eGDNeRDktUa/Rh0CbZCxjmJzoZEYOE
+ZjsYZlEfp1Kb61t8z4m28hGLEg88T1Ihmxa2HeUWes1RpmgIOP+/2Lb3smj/l/fpSu4gabFgyCAV
+H5HdCYMScUv8SVu55+tpeO8ELoHHQUXV4rr084O4budzhgNSOPyLGDl5sfDUXiyusPCxS4JVO/KY
+6V2Qrtg/q2wtmXpEkZnGT+Qi3WDzwt4W81alztnYMP17oGLmxX71KV9OEiMZjI4WaaGt+OOINLtR
+qefioZ1NI2L1s5M0tybwTsyU9WERM+3pUwXIfJVsbMZRlNaO2OogcHbaR4UWvhOj+3CTG1sThiYQ
+MxMnp1Rpqx3nhyzqLO3TRrkYvxnA3cdPBn9EeqpgBMg7X3hCiMV3Fl5cj/WOMhtHYgY7BgeCXo46
+EFVZ4+WroGZ46xGiRDiIblo8bzLd7QCxvukzxy3mUDgsZQ8pds4N28weSUhBk5MAPbfBpRvXUVJx
+MhKqXucQU1Md1qSGLbuuIQuz9pAGp1JFUx/vEkCgm74daSoVWCZuB+1ZE4f48clvrBj51xMNf8CP
+EFE7vySzVb6X2H1i5X3Z+Y3DdIcWw4Y2FClfcJk4Mwq8Cq2GALGFEge9YSEE9YmyuU6OFeU0ICon
+iXAgZ72SM8fBwJPruLFbdsNYKW+oAfmPisXSWMcZmdSbfk0GYv+vKtu3eegSbWw1UsCVtZOh9E5Z
+uQ83l59CBqO9sV/SFU3WrrJ0qNWxrmXu9nJn5Qf5iCRoFGYNHYHkIG5FS6N00GEDZxGkxmro2d++
+Adj5LVHc/b1cYWmrux+jEqI8ZK8cyTB0XMbBA/HYbx9NXazr7znP4/Mlv3pZToEcYt+lgLHAArtU
+AdhybhbLIwNMq0gr6EwtDklBa3ns4Wx/rJU8H7LGs6gV8uqeaSketv+nz+sQhfctxZ1rx+5qzXfy
+FOQVpO23KDQunBi1Bl9k61Di4q9JWcyADBXPHXJzp7mL8Fk7zdvMAEfuED1phdRm6GgDYoYUs4yQ
+IrhSjFlWyk7hT8475xk3BIv++obvWSAv/3+pF6A6U2RXDChVmnG0JnPa9wYYtdzBmLfZKBjX+DjD
+yEMsuhPsCzuN4R6tBIIBWCVRKmKwdkatmpsQBgDw48u0/Arffl5/DRlS9ee+QffFecUitDdCK+kt
+X5L2fGYrL5g6SltncMIeV1ptx4nuSjC/O944q1KYtqvQiPFWJqEXIRMNbbYOC47sjLza0tEFrimN
+wxcrWGSzsy5R9beFQ1aHPcMrDWfCoviNRk2qPtxuKIC5Qk2ZuOmJLjCiLwUGEb0/1Mpzv3MqQa7d
+mRayXg3DZWJPajxNZv6eS357ElMvwGQmqafb2mlQJwWLsg9m9PG7uqEoyrqSc6MiuY+icLEFib9j
+OfRQrx70rTSKUfTr4MtP0aZZAefjCrpVIyTekhFDOk0Nmx057eonlyGgmGpl5/Uo+t1J1Z11Ya/l
+bNbfmebRISJeTVW0I8FhseAZMI1GSwp/ludJxSLYOgyRkh+GX134MexNo7O9F1SxLCfWaSG9Fc3s
+5ify04ua9/t8SGrYZPm/l3MkAAAAAAAAAAAAAA==
+
+
diff --git a/crypto/openssl/crypto/pkcs7/t/msie-s-a-e.pem b/crypto/openssl/crypto/pkcs7/t/msie-s-a-e.pem
new file mode 100644
index 000000000000..55dbd8f80bdd
--- /dev/null
+++ b/crypto/openssl/crypto/pkcs7/t/msie-s-a-e.pem
@@ -0,0 +1,106 @@
+-----BEGIN PKCS7-----
+MIAGCSqGSIb3DQEHA6CAMIITUAIBADGCAcIwgcwCAQAwdjBiMREwDwYDVQQHEwhJ
+bnRlcm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNVBAsTK1ZlcmlT
+aWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXICEGBAmILep9sJ
+uN2Pkg1gucowDQYJKoZIhvcNAQEBBQAEQKOxxpIbRTb31+qIQCBOpMVAGnwCLrPO
+OXnntxVveTrPhBnsJuoGNJcCMtuHl7tLkd38WsVwOfGXUprTqFpUcY8wgfACAQAw
+gZkwgZIxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQH
+EwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRzb2Z0IFB0eSBMdGQxIjAgBgNVBAsT
+GURFTU9OU1RSQVRJT04gQU5EIFRFU1RJTkcxGzAZBgNVBAMTEkRFTU8gWkVSTyBW
+QUxVRSBDQQICBG4wDQYJKoZIhvcNAQEBBQAEQKzIddnXFqK/RRBG86ZVixoXfwAv
+ZdfvnDFsKzPn/A6DuDdE/hqJxnFpHiwGiDR/YbWj2ib+G74DSshgX8vj8ZQwghGD
+BgkqhkiG9w0BBwEwGgYIKoZIhvcNAwIwDgICAKAECLKM0K58I3HNgIIRWBDP8s+g
+l7/6JhZ5PBJ5vPpD1R4pnNDZRabsYu0Qzezdz1IK+maTAhF0SEuNZoEkzIgOIvu3
+UjW8x/2KcHwteABwgRiSk1JyNLwRED0RtvuJ40pIGDvDsHwBMcXEtKUMAOpGChms
+HUK1+B/GKancSDFOCeG3JCFnFdbuQFDIVHC6amWslc6ntqVs/sii2Gs4qdzDfQgl
+PV/A/FY0wi0j2O5cXRQJtZVKM/MYGjj5c1cy9Q7oymU5ATP/LARD0Tw5kBB7HVnD
+2qrmmmxcHakyxhXmwskaKS6Qxgqq6LPdgr603onxqEtwNSz5UbCq9mLXuCkFOVsQ
+/5mZcmmc7re3XJMQHRXkBlxEpZQ6HOUIEzlhRqCo2hhymyZK84rptjORQo6vNakM
+IC0Zn8O+6Xl1NlmbGzZakz6LJ4dczE7eG7LwrVus9Oq3V/WweG6rWMPV5d51oKMi
+BRb2pXXy80BAKh/9hvpP/V/HO1/+MPuk8tAn7ssmQoIAQcZxqLOmgqqFhy21oSEu
+rUY746Gp/vIV6Ax1MnfDA/fbjDllhJTl8ujZnfj8R1/oQa9fJMipV8CYQEAt3okZ
+V03kaVhhPGsv544/zRnhqjhgqjHASZGnluZCxDwHb1CE4UqYLp6IbkH3qosy2ntm
+a7WCsM3FN3o5dKFZXBgBEPT8HU9LLQ8B+T0Zvh8CQ719kkNBhnuzSYzmI48R5JHv
+zbROiU5v4p9FpssD13vXiOxzaMTKQqWk/roGHiNoKzKonS5RBwTxKfOsoCobCBaI
+IZCmJNr4cGI/p5GVEY4pCPljTq9w3HoiNrhwZ7r7II3wdXy0JjSiRkr3w1AKXm3v
+1H9kHZzc28Ekf7+De6VTjyKRPe1WYPETeY5mh9nIYUQz30/5gIxJwsPFOXeHMbLR
+iQjxTznk/uo4BtwV+HZPmf4tIQvAuFuTKYR9lP3XsZZN+bKkFYy8nHRYd4OErBBg
+93NsqBYROdzJ4pqxoJb6gt2EHCt3pazavgwDxzCJhcMtvBiYLEkDxUX77yS5sXYc
+k6NLIwFL5BPY9JX/QP1RaiJV+TtHg69YElW+rudX6VdLQ7mKCMTHGWbHU5oF+Dv4
+Kv8xsrjNU2spImfzY2coq3osLpFpOa8VhrLSwMXFDtej5OHq0M0qYpYm3op6B+Nz
+6pNYlMpveQv5Qjy9LTNMvLX4z+tnh6Siz8mJLmtghwCzC+DnyQGCn/Stzq6kF5aM
+Fork7RosB4FB8u6WjVrFZfTg5JUqZh6gCW3JHpQ70wTdpy6tDKDtNrbjKo7CGL8+
+shoSI7t2xa8W3OyyFXMEuJzTY2UCQ+QxTOWI9idkdZCCUMBXEvkraqG8rU4UKRCk
+iAGwEMzophEv+aSyJfdu6yJGjd+/wUCHMS3EmtOWHwtB5d5sVhErdQNA+JQN+wPU
+vBG2Jg3wGJTHNNx4WRnWRLWsH6SRcgx8zWXHjVgXIep8XjWQmOGBXbG87hktESqc
+DQPUv3MzieKfcpgQsboRnqSN1DymwvAu+PVsMNf8DHQKLdZ/iuzPzwRkfIVpmh+U
+ku1N8jMAAdX6tjQ48eLq/lJvjHJUnTdNTA18xhDvngKNaXQGPOO/dt+JfHQdmFQI
+WdWZSeCpm6jCiaxiV50FBGEuv3Ew0Y7FKHLKFu7hoNXIthoh2qo5ZH6QX4nt0nYR
+VvyvIcAB9BwC7OeqBTeusFJD/wGiQD3yFDYUekaRys2fcwguNqAdpjWsEETJxREw
+ZdbP0sDMSykae4wHyrODWcUmOiPc/9nU6c0t7bBzI8VQ7sZKJb0TVgSCxDHi9Qgb
+4qdh4ZqFMP0s+TQ4Ms5NWkC1eg0DSdkWSzGQ0QrUsGUgbupYYUoEyRmsz9PjW6l1
+wuWkE66qxSHFsg18/gA5XpLM82DP4EmkEwgC08Hww2lPRJN8VYFvlwbRMbSd1PtA
+Dd5dI/Oq1CHSL6enlncVkKr/S7aaKKyjAyn1HOT2FdPWdSYLE+F+dWc6vu+JeXc+
+7nSDO1DW3U6ZkZvTw4901GxgrzUfYajhBky25L29WUduGoerhkZds5wduSKQwBkY
+TUW/YrP6Ttrbx8B0wzDo64L2Rv6Tb14ElMc9KUY1I1yHKgXtl9oHEH3mpa/IGO+q
+PN1hBi+jg68lfb00FR7edvos4KWKAWWlZaYKm2ZeeHPjhNGcX/UcF8A23GLuSruR
+NDDy9KlI3NMtvmOhOD+WwFmmRjBk/jkZMlVM3GlpjP/l5TuzxEecK1pQiDGQl9S/
+574qGNKtAiqgC5+wyUFPqnp28K2+rsEu7jWWOlfOrNGg2KVO8kcqsQuUm7sjSW9N
+oHcVAoKSLHBWjFIzFUZpeDOASI1/21Ph4B6FTFJvEpzfYEXE9osz64DhlXDEyY33
+p86AiqAj6PUY4BjHLYAeA7ymphKzVOzq4pSH7qKsxDzUnj/Uj8P85A5jbzHmzOPf
+VnvQlZ7B1FqhdNP2SVqLmu+/tH9Wy0v7ZnItSQbyHDKP+Eib4B/ihaNIIoz/YKgD
+3eYgjp6ZyZR1KkSMpuNkpsihA7s3UsFyowEeo+7l3Wt/ScjCa/IBsxLLtI2EZAJo
+9WHYqsCl1HCzJHI9QCnlPz8U1FcNGCrL/66MKz2MMN8UFFqjYr61wexghxNwc7GD
+XR7Js4mhiF0GwPhAR3ZLiqzPAXAvn8YRf5fylMZ4LA9RO+SHFL/MxQxfrJOAgWB6
+pLPUuCWJXLm7os6rCC23RsyDDWe8N+JNF0/ryzr8MHeIJGsT+AYnZr08PeTbyr01
+JEoT7lPYT6PzX4F63QKKDl+mB+PwLMzYCXrxZcUmuay6/MV8w/f5T6vQXdoSw5pu
+WodBYwVReYh1IaEN+jiTapm9YBVmcIsJPO6abHowknSVOWSvST0AtAX57fFOTckm
++facfBK9s9T1lUUgF44Bh5e8f9qKqfOV44nqdCOEyUm0Dao497ieN4EgXBLNvOZY
+9+irMiXjp0lcyFvhrJOczfyCr9EiiaiH1TfSzKGKsf2W84iKn/JH6x2eOo7xjwJ4
+0BQDc6S1cUNEuqBhP6by0FioOXYOKVyifpxk84Eb+F/4CNdTJTvCPwsiegdfsX/Q
+53DvKVtXp9Ycam5JTmKRHXK/bMHF4ONv3p/O/kn/BqRx+fbbP2eMX8Z1F/ltHKfp
+6B+06HljUwQLBJs9XtCfqH5Zgdz9gad5WZF5ykFArmHDgeFlgggvbZ7z9vqnjN/T
+H68TxJzauYQ5vLHQ6wGXik4/4uq7/TqNmhxlQEM4zVkwsn203bUmKLyz+yl1zItD
+pn5zy1uXfGo99rBdUzdbdE9LmEFPMaFsaHd4a8oDaUroD7FgCbeDJJVld3ac6F8+
+3QbExPs48OrgA1kI3/UwXr52ldjiYzTLfAGR9BjqNFTw45FUHuMf8TEM5hcHx56w
+95eKAqraDk28o9k+M2UKpcmrdlWoWzdqVVFeWGpM8x9Y9Nt0lf/4VUQgrXjqTkUC
+QkJyqTeTeGgHrn3QBk2XAgpxZhaJs3InW0BkAlBmK99cMinUiJeFt5a4p5wPeXrV
+uh6V9m7Mpl9hzpogg++EZqahfzzNnDgxOZfW342DX052PdgXo0NnkhCk005LvFt6
+M2mRn0fLgNVfyUZZoOp8cO5ZWbhXXlrhrgUtj2zKPK6Q94Zj4kdXHBGpAkrB8ZQ4
+EGGODE0Dqusm8WPXzB+9236IMHPU7lFbyjBrFNI7O4jg+qRIIpi+7tX0FsilqEbm
+jG+OPwhZXrdqUqyF+rjKQuSRq7lOeDB4c6S2dq4OOny01i5HCbbyc9UvSHRmhOhG
+qUlzHyHLo3W7j+26V/MhkDXJ+Tx+qfylv4pbliwTteJJj+CZwzjv29qb6lxYi+38
+Bw10ERapm8UCRFBecVN7xXlcIfyeAl666Vi7EBJZv3EdFNrx1nlLwM65nYya7uj6
+L7IwJWotIUx8E0XH0/cUxS/dG8bxf9L/8652h5gq3LI+wTNGuEX0DMuz7BGQG+Nt
+gabrZ6SsKGthGa7eULTpz0McWTLRU0y//tkckpm5pDnXSFbIMskwwjECz82UZBSP
+pigdN/Pjg5d+0yWu7s3VJxw4ENWPPpzZ+j7sOXmdvn9PO1tQd60EO+3awBlC9ZXf
+/InoXE+21s/6p5RGkmg8Rl+k3ZRhmZ3weq1HRhto5npGWf2e+l0r1/KVd3D3PbF4
+JuMNZS20kHhWpnEYkzx4JMLVUNXIA6xDmftJjnl0yRBtT6jhn/gnmbz7DPnQEEgt
++u4vV5nr8IXoJ2/FVGInXSxdzROfaxUxeqTDsB2nUZigIj1zpUVIUrvj6f7LstUV
+DkcGdtDIolx290s5fBk49oUcLlQ1dGY6lzB0+rJdR77Eiw4xhvN2UCcj14YM15EO
+S1Rr9GHQJtkLGOYnOhkRg4RmOxhmUR+nUpvrW3zPibbyEYsSDzxPUiGbFrYd5RZ6
+zVGmaAg4/7/YtveyaP+X9+lK7iBpsWDIIBUfkd0JgxJxS/xJW7nn62l47wQugcdB
+RdXiuvTzg7hu53OGA1I4/IsYOXmx8NReLK6w8LFLglU78pjpXZCu2D+rbC2ZekSR
+mcZP5CLdYPPC3hbzVqXO2dgw/XugYubFfvUpX04SIxmMjhZpoa3444g0u1Gp5+Kh
+nU0jYvWzkzS3JvBOzJT1YREz7elTBch8lWxsxlGU1o7Y6iBwdtpHhRa+E6P7cJMb
+WxOGJhAzEyenVGmrHeeHLOos7dNGuRi/GcDdx08Gf0R6qmAEyDtfeEKIxXcWXlyP
+9Y4yG0diBjsGB4JejjoQVVnj5augZnjrEaJEOIhuWjxvMt3tALG+6TPHLeZQOCxl
+Dyl2zg3bzB5JSEGTkwA9t8GlG9dRUnEyEqpe5xBTUx3WpIYtu64hC7P2kAanUkVT
+H+8SQKCbvh1pKhVYJm4H7VkTh/jxyW+sGPnXEw1/wI8QUTu/JLNVvpfYfWLlfdn5
+jcN0hxbDhjYUKV9wmTgzCrwKrYYAsYUSB71hIQT1ibK5To4V5TQgKieJcCBnvZIz
+x8HAk+u4sVt2w1gpb6gB+Y+KxdJYxxmZ1Jt+TQZi/68q27d56BJtbDVSwJW1k6H0
+Tlm5DzeXn0IGo72xX9IVTdausnSo1bGuZe72cmflB/mIJGgUZg0dgeQgbkVLo3TQ
+YQNnEaTGaujZ374B2PktUdz9vVxhaau7H6MSojxkrxzJMHRcxsED8dhvH01drOvv
+Oc/j8yW/ellOgRxi36WAscACu1QB2HJuFssjA0yrSCvoTC0OSUFreezhbH+slTwf
+ssazqBXy6p5pKR62/6fP6xCF9y3FnWvH7mrNd/IU5BWk7bcoNC6cGLUGX2TrUOLi
+r0lZzIAMFc8dcnOnuYvwWTvN28wAR+4QPWmF1GboaANihhSzjJAiuFKMWVbKTuFP
+zjvnGTcEi/76hu9ZIC//f6kXoDpTZFcMKFWacbQmc9r3Bhi13MGYt9koGNf4OMPI
+Qyy6E+wLO43hHq0lUSpisHZGrZqbEAYA8OPLtPwK335efw0ZUvXnvkH3xXnFIrQ3
+QivpLV+S9nxmKy+YOkpbZ3DCHldabceJ7kowvzveOKtSmLar0IjxViahFyETDW22
+DguO7Iy82tLRBa4pjcMXK1hks7MuUfW3hUNWhz3DKw1nwqL4jUZNqj7cbiiAuUJN
+mbjpiS4woi8FBhG9P9TKc79zKkGu3ZkWsl4Nw2ViT2o8TWb+nkt+exJTL8BkJqmn
+29ppUCcFi7IPZvTxu7qhKMq6knOjIrmPonCxBYm/Yzn0UK8e9K00ilH06+DLT9Gm
+WQHn4wq6VSMk3pIRQzpNDZsdOe3qJ5choJhqZef1KPrdSdWddWGv5WzW35nm0SEi
+Xk1VtCPBYbHgGTCNRksKf5bnScUi2DoMkZIfhl9d+DHsTaOzvRdUsSwn1mkhvRXN
+7OYn8tOLmvf7fEhq2GT5v5dzJAAAAAA=
+-----END PKCS7-----
diff --git a/crypto/openssl/crypto/pkcs7/t/nav-smime b/crypto/openssl/crypto/pkcs7/t/nav-smime
new file mode 100644
index 000000000000..6ee4b597a145
--- /dev/null
+++ b/crypto/openssl/crypto/pkcs7/t/nav-smime
@@ -0,0 +1,157 @@
+From angela@c2.net.au Thu May 14 13:32:27 1998
+X-UIDL: 83c94dd550e54329bf9571b72038b8c8
+Return-Path: angela@c2.net.au
+Received: from cryptsoft.com (play.cryptsoft.com [203.56.44.3]) by pandora.cryptsoft.com (8.8.3/8.7.3) with ESMTP id NAA27838 for ; Thu, 14 May 1998 13:32:26 +1000 (EST)
+Message-ID: <355A6779.4B63E64C@cryptsoft.com>
+Date: Thu, 14 May 1998 13:39:37 +1000
+From: Angela van Lent 
+X-Mailer: Mozilla 4.03 [en] (Win95; U)
+MIME-Version: 1.0
+To: tjh@cryptsoft.com
+Subject: signed
+Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms9A58844C95949ECC78A1C54C"
+Content-Length: 2604
+Status: OR
+
+This is a cryptographically signed message in MIME format.
+
+--------------ms9A58844C95949ECC78A1C54C
+Content-Type: text/plain; charset=us-ascii
+Content-Transfer-Encoding: 7bit
+
+signed body
+
+--------------ms9A58844C95949ECC78A1C54C
+Content-Type: application/x-pkcs7-signature; name="smime.p7s"
+Content-Transfer-Encoding: base64
+Content-Disposition: attachment; filename="smime.p7s"
+Content-Description: S/MIME Cryptographic Signature
+
+MIIGHgYJKoZIhvcNAQcCoIIGDzCCBgsCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC
+BGswggJTMIIB/aADAgECAgIEfjANBgkqhkiG9w0BAQQFADCBkjELMAkGA1UEBhMCQVUxEzAR
+BgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5lMRowGAYDVQQKExFDcnlwdHNv
+ZnQgUHR5IEx0ZDEiMCAGA1UECxMZREVNT05TVFJBVElPTiBBTkQgVEVTVElORzEbMBkGA1UE
+AxMSREVNTyBaRVJPIFZBTFVFIENBMB4XDTk4MDUxMzA2MjY1NloXDTAwMDUxMjA2MjY1Nlow
+gaUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFu
+ZTEaMBgGA1UEChMRQ3J5cHRzb2Z0IFB0eSBMdGQxEjAQBgNVBAsTCVNNSU1FIDAwMzEZMBcG
+A1UEAxMQQW5nZWxhIHZhbiBMZWVudDEjMCEGCSqGSIb3DQEJARYUYW5nZWxhQGNyeXB0c29m
+dC5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEAuC3+7dAb2LhuO7gt2cTM8vsNjhG5JfDh
+hX1Vl/wVGbKEEj0MA6vWEolvefQlxB+EzwCtR0YZ7eEC/T/4JoCyeQIDAQABoygwJjAkBglg
+hkgBhvhCAQ0EFxYVR2VuZXJhdGVkIHdpdGggU1NMZWF5MA0GCSqGSIb3DQEBBAUAA0EAUnSP
+igs6TMFISTjw8cBtJYb98czgAVkVFjKyJQwYMH8FbDnCyx6NocM555nsyDstaw8fKR11Khds
+syd3ikkrhDCCAhAwggG6AgEDMA0GCSqGSIb3DQEBBAUAMIGSMQswCQYDVQQGEwJBVTETMBEG
+A1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m
+dCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNUUkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQD
+ExJERU1PIFpFUk8gVkFMVUUgQ0EwHhcNOTgwMzAzMDc0MTMyWhcNMDgwMjI5MDc0MTMyWjCB
+kjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5l
+MRowGAYDVQQKExFDcnlwdHNvZnQgUHR5IEx0ZDEiMCAGA1UECxMZREVNT05TVFJBVElPTiBB
+TkQgVEVTVElORzEbMBkGA1UEAxMSREVNTyBaRVJPIFZBTFVFIENBMFwwDQYJKoZIhvcNAQEB
+BQADSwAwSAJBAL+0E2fLej3FSCwe2A2iRnMuC3z12qHIp6Ky1wo2zZcxft7AI+RfkrWrSGtf
+mfzBEuPrLdfulncC5Y1pNcM8RTUCAwEAATANBgkqhkiG9w0BAQQFAANBAGSbLMphL6F5pp3s
+8o0Xyh86FHFdpVOwYx09ELLkuG17V/P9pgIc0Eo/gDMbN+KT3IdgECf8S//pCRA6RrNjcXIx
+ggF7MIIBdwIBATCBmTCBkjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxETAP
+BgNVBAcTCEJyaXNiYW5lMRowGAYDVQQKExFDcnlwdHNvZnQgUHR5IEx0ZDEiMCAGA1UECxMZ
+REVNT05TVFJBVElPTiBBTkQgVEVTVElORzEbMBkGA1UEAxMSREVNTyBaRVJPIFZBTFVFIENB
+AgIEfjAJBgUrDgMCGgUAoHowGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAbBgkqhkiG9w0B
+CQ8xDjAMMAoGCCqGSIb3DQMHMBwGCSqGSIb3DQEJBTEPFw05ODA1MTQwMzM5MzdaMCMGCSqG
+SIb3DQEJBDEWBBQstNMnSV26ba8PapQEDhO21yNFrjANBgkqhkiG9w0BAQEFAARAW9Xb9YXv
+BfcNkutgFX9Gr8iXhBVsNtGEVrjrpkQwpKa7jHI8SjAlLhk/4RFwDHf+ISB9Np3Z1WDWnLcA
+9CWR6g==
+--------------ms9A58844C95949ECC78A1C54C--
+
+
+From angela@c2.net.au Thu May 14 13:33:16 1998
+X-UIDL: 8f076c44ff7c5967fd5b00c4588a8731
+Return-Path: angela@c2.net.au
+Received: from cryptsoft.com (play.cryptsoft.com [203.56.44.3]) by pandora.cryptsoft.com (8.8.3/8.7.3) with ESMTP id NAA27847 for ; Thu, 14 May 1998 13:33:15 +1000 (EST)
+Message-ID: <355A67AB.2AF38806@cryptsoft.com>
+Date: Thu, 14 May 1998 13:40:27 +1000
+From: Angela van Lent 
+X-Mailer: Mozilla 4.03 [en] (Win95; U)
+MIME-Version: 1.0
+To: tjh@cryptsoft.com
+Subject: signed
+Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------msD7863B84BD61E02C407F2F5E"
+Content-Length: 2679
+Status: OR
+
+This is a cryptographically signed message in MIME format.
+
+--------------msD7863B84BD61E02C407F2F5E
+Content-Type: text/plain; charset=us-ascii
+Content-Transfer-Encoding: 7bit
+
+signed body 2
+
+--------------msD7863B84BD61E02C407F2F5E
+Content-Type: application/x-pkcs7-signature; name="smime.p7s"
+Content-Transfer-Encoding: base64
+Content-Disposition: attachment; filename="smime.p7s"
+Content-Description: S/MIME Cryptographic Signature
+
+MIIGVgYJKoZIhvcNAQcCoIIGRzCCBkMCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC
+BGswggJTMIIB/aADAgECAgIEfjANBgkqhkiG9w0BAQQFADCBkjELMAkGA1UEBhMCQVUxEzAR
+BgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5lMRowGAYDVQQKExFDcnlwdHNv
+ZnQgUHR5IEx0ZDEiMCAGA1UECxMZREVNT05TVFJBVElPTiBBTkQgVEVTVElORzEbMBkGA1UE
+AxMSREVNTyBaRVJPIFZBTFVFIENBMB4XDTk4MDUxMzA2MjY1NloXDTAwMDUxMjA2MjY1Nlow
+gaUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFu
+ZTEaMBgGA1UEChMRQ3J5cHRzb2Z0IFB0eSBMdGQxEjAQBgNVBAsTCVNNSU1FIDAwMzEZMBcG
+A1UEAxMQQW5nZWxhIHZhbiBMZWVudDEjMCEGCSqGSIb3DQEJARYUYW5nZWxhQGNyeXB0c29m
+dC5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEAuC3+7dAb2LhuO7gt2cTM8vsNjhG5JfDh
+hX1Vl/wVGbKEEj0MA6vWEolvefQlxB+EzwCtR0YZ7eEC/T/4JoCyeQIDAQABoygwJjAkBglg
+hkgBhvhCAQ0EFxYVR2VuZXJhdGVkIHdpdGggU1NMZWF5MA0GCSqGSIb3DQEBBAUAA0EAUnSP
+igs6TMFISTjw8cBtJYb98czgAVkVFjKyJQwYMH8FbDnCyx6NocM555nsyDstaw8fKR11Khds
+syd3ikkrhDCCAhAwggG6AgEDMA0GCSqGSIb3DQEBBAUAMIGSMQswCQYDVQQGEwJBVTETMBEG
+A1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m
+dCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNUUkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQD
+ExJERU1PIFpFUk8gVkFMVUUgQ0EwHhcNOTgwMzAzMDc0MTMyWhcNMDgwMjI5MDc0MTMyWjCB
+kjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5l
+MRowGAYDVQQKExFDcnlwdHNvZnQgUHR5IEx0ZDEiMCAGA1UECxMZREVNT05TVFJBVElPTiBB
+TkQgVEVTVElORzEbMBkGA1UEAxMSREVNTyBaRVJPIFZBTFVFIENBMFwwDQYJKoZIhvcNAQEB
+BQADSwAwSAJBAL+0E2fLej3FSCwe2A2iRnMuC3z12qHIp6Ky1wo2zZcxft7AI+RfkrWrSGtf
+mfzBEuPrLdfulncC5Y1pNcM8RTUCAwEAATANBgkqhkiG9w0BAQQFAANBAGSbLMphL6F5pp3s
+8o0Xyh86FHFdpVOwYx09ELLkuG17V/P9pgIc0Eo/gDMbN+KT3IdgECf8S//pCRA6RrNjcXIx
+ggGzMIIBrwIBATCBmTCBkjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxETAP
+BgNVBAcTCEJyaXNiYW5lMRowGAYDVQQKExFDcnlwdHNvZnQgUHR5IEx0ZDEiMCAGA1UECxMZ
+REVNT05TVFJBVElPTiBBTkQgVEVTVElORzEbMBkGA1UEAxMSREVNTyBaRVJPIFZBTFVFIENB
+AgIEfjAJBgUrDgMCGgUAoIGxMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcN
+AQkFMQ8XDTk4MDUxNDAzNDAyN1owIwYJKoZIhvcNAQkEMRYEFOKcV8mNYJnM8rHQajcSEqJN
+rwdDMFIGCSqGSIb3DQEJDzFFMEMwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMAcGBSsO
+AwIHMA0GCCqGSIb3DQMCAgFAMA0GCCqGSIb3DQMCAgEoMA0GCSqGSIb3DQEBAQUABEADPE/N
+coH+zTFuX5YpolupTKxKK8eEjc48TuADuO8bIHHDE/fEYaWunlwDuTlcFJl1ig0idffPB1qC
+Zp8SSVVY
+--------------msD7863B84BD61E02C407F2F5E--
+
+
+From angela@c2.net.au Thu May 14 14:05:32 1998
+X-UIDL: a7d629b4b9acacaee8b39371b860a32a
+Return-Path: angela@c2.net.au
+Received: from cryptsoft.com (play.cryptsoft.com [203.56.44.3]) by pandora.cryptsoft.com (8.8.3/8.7.3) with ESMTP id OAA28033 for ; Thu, 14 May 1998 14:05:32 +1000 (EST)
+Message-ID: <355A6F3B.AC385981@cryptsoft.com>
+Date: Thu, 14 May 1998 14:12:43 +1000
+From: Angela van Lent 
+X-Mailer: Mozilla 4.03 [en] (Win95; U)
+MIME-Version: 1.0
+To: tjh@cryptsoft.com
+Subject: encrypted
+Content-Type: application/x-pkcs7-mime; name="smime.p7m"
+Content-Transfer-Encoding: base64
+Content-Disposition: attachment; filename="smime.p7m"
+Content-Description: S/MIME Encrypted Message
+Content-Length: 905
+Status: OR
+
+MIAGCSqGSIb3DQEHA6CAMIACAQAxggHmMIHwAgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEG
+A1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m
+dCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNUUkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQD
+ExJERU1PIFpFUk8gVkFMVUUgQ0ECAgR+MA0GCSqGSIb3DQEBAQUABEA92N29Yk39RUY2tIVd
+exGT2MFX3J6H8LB8aDRJjw7843ALgJ5zXpM5+f80QkAWwEN2A6Pl3VxiCeKLi435zXVyMIHw
+AgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMI
+QnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29mdCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNU
+UkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQDExJERU1PIFpFUk8gVkFMVUUgQ0ECAgRuMA0G
+CSqGSIb3DQEBAQUABECR9IfyHtvnjFmZ8B2oUCEs1vxMsG0u1kxKE4RMPFyDqDCEARq7zXMg
+nzSUI7Wgv5USSKDqcLRJeW+jvYURv/nJMIAGCSqGSIb3DQEHATAaBggqhkiG9w0DAjAOAgIA
+oAQIrLqrij2ZMpeggAQoibtn6reRZWuWk5Iv5IAhgitr8EYE4w4ySQ7EMB6mTlBoFpccUMWX
+BwQgQn1UoWCvYAlhDzURdbui64Dc0rS2wtj+kE/InS6y25EEEPe4NUKaF8/UlE+lo3LtILQE
+CL3uV8k7m0iqAAAAAAAAAAAAAA==
+
diff --git a/crypto/openssl/crypto/pkcs7/t/s.pem b/crypto/openssl/crypto/pkcs7/t/s.pem
new file mode 100644
index 000000000000..4fa925b1824a
--- /dev/null
+++ b/crypto/openssl/crypto/pkcs7/t/s.pem
@@ -0,0 +1,57 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIBOgIBAAJBAK3nI4nuDYe3nDJES5WBc90igEstxWC4/h4YY+/ciYki35U8ets9
+mgaoCNYp/e9BCZHtvK2Y+fYokGJv5+cMTQsCAwEAAQJBAIHpvXvqEcOEoDRRHuIG
+fkcB4jPHcr9KE9TpxabH6xs9beN6OJnkePXAHwaz5MnUgSnbpOKq+cw8miKjXwe/
+zVECIQDVLwncT2lRmXarEYHzb+q/0uaSvKhWKKt3kJasLNTrAwIhANDUc/ghut29
+p3jJYjurzUKuG774/5eLjPLsxPPIZzNZAiA/10hSq41UnGqHLEUIS9m2/EeEZe7b
+bm567dfRU9OnVQIgDo8ROrZXSchEGbaog5J5r/Fle83uO8l93R3GqVxKXZkCIFfk
+IPD5PIYQAyyod3hyKKza7ZP4CGY4oOfZetbkSGGG
+-----END RSA PRIVATE KEY-----
+issuer :/C=AU/SP=Queensland/L=Brisbane/O=Cryptsoft Pty Ltd/OU=DEMONSTRATION AND TESTING/CN=DEMO ZERO VALUE CA
+subject:/C=AU/SP=Queensland/L=Brisbane/O=Cryptsoft Pty Ltd/OU=SMIME 003/CN=Information/Email=info@cryptsoft.com
+serial :047D
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1149 (0x47d)
+        Signature Algorithm: md5withRSAEncryption
+        Issuer: C=AU, SP=Queensland, L=Brisbane, O=Cryptsoft Pty Ltd, OU=DEMONSTRATION AND TESTING, CN=DEMO ZERO VALUE CA
+        Validity
+            Not Before: May 13 05:40:58 1998 GMT
+            Not After : May 12 05:40:58 2000 GMT
+        Subject: C=AU, SP=Queensland, L=Brisbane, O=Cryptsoft Pty Ltd, OU=SMIME 003, CN=Information/Email=info@cryptsoft.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Modulus:
+                    00:ad:e7:23:89:ee:0d:87:b7:9c:32:44:4b:95:81:
+                    73:dd:22:80:4b:2d:c5:60:b8:fe:1e:18:63:ef:dc:
+                    89:89:22:df:95:3c:7a:db:3d:9a:06:a8:08:d6:29:
+                    fd:ef:41:09:91:ed:bc:ad:98:f9:f6:28:90:62:6f:
+                    e7:e7:0c:4d:0b
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            Netscape Comment: 
+                Generated with SSLeay
+    Signature Algorithm: md5withRSAEncryption
+        52:15:ea:88:f4:f0:f9:0b:ef:ce:d5:f8:83:40:61:16:5e:55:
+        f9:ce:2d:d1:8b:31:5c:03:c6:2d:10:7c:61:d5:5c:0a:42:97:
+        d1:fd:65:b6:b6:84:a5:39:ec:46:ec:fc:e0:0d:d9:22:da:1b:
+        50:74:ad:92:cb:4e:90:e5:fa:7d
+
+-----BEGIN CERTIFICATE-----
+MIICTDCCAfagAwIBAgICBH0wDQYJKoZIhvcNAQEEBQAwgZIxCzAJBgNVBAYTAkFV
+MRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UE
+ChMRQ3J5cHRzb2Z0IFB0eSBMdGQxIjAgBgNVBAsTGURFTU9OU1RSQVRJT04gQU5E
+IFRFU1RJTkcxGzAZBgNVBAMTEkRFTU8gWkVSTyBWQUxVRSBDQTAeFw05ODA1MTMw
+NTQwNThaFw0wMDA1MTIwNTQwNThaMIGeMQswCQYDVQQGEwJBVTETMBEGA1UECBMK
+UXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m
+dCBQdHkgTHRkMRIwEAYDVQQLEwlTTUlNRSAwMDMxFDASBgNVBAMTC0luZm9ybWF0
+aW9uMSEwHwYJKoZIhvcNAQkBFhJpbmZvQGNyeXB0c29mdC5jb20wXDANBgkqhkiG
+9w0BAQEFAANLADBIAkEArecjie4Nh7ecMkRLlYFz3SKASy3FYLj+Hhhj79yJiSLf
+lTx62z2aBqgI1in970EJke28rZj59iiQYm/n5wxNCwIDAQABoygwJjAkBglghkgB
+hvhCAQ0EFxYVR2VuZXJhdGVkIHdpdGggU1NMZWF5MA0GCSqGSIb3DQEBBAUAA0EA
+UhXqiPTw+QvvztX4g0BhFl5V+c4t0YsxXAPGLRB8YdVcCkKX0f1ltraEpTnsRuz8
+4A3ZItobUHStkstOkOX6fQ==
+-----END CERTIFICATE-----
+
diff --git a/crypto/openssl/crypto/pkcs7/t/server.pem b/crypto/openssl/crypto/pkcs7/t/server.pem
new file mode 100644
index 000000000000..989baf87096a
--- /dev/null
+++ b/crypto/openssl/crypto/pkcs7/t/server.pem
@@ -0,0 +1,57 @@
+issuer :/C=AU/SP=Queensland/L=Brisbane/O=Cryptsoft Pty Ltd/OU=DEMONSTRATION AND TESTING/CN=DEMO ZERO VALUE CA
+subject:/C=AU/SP=Queensland/L=Brisbane/O=Cryptsoft Pty Ltd/OU=SMIME 003/CN=Information/Email=info@cryptsoft.com
+serial :047D
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1149 (0x47d)
+        Signature Algorithm: md5withRSAEncryption
+        Issuer: C=AU, SP=Queensland, L=Brisbane, O=Cryptsoft Pty Ltd, OU=DEMONSTRATION AND TESTING, CN=DEMO ZERO VALUE CA
+        Validity
+            Not Before: May 13 05:40:58 1998 GMT
+            Not After : May 12 05:40:58 2000 GMT
+        Subject: C=AU, SP=Queensland, L=Brisbane, O=Cryptsoft Pty Ltd, OU=SMIME 003, CN=Information/Email=info@cryptsoft.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Modulus:
+                    00:ad:e7:23:89:ee:0d:87:b7:9c:32:44:4b:95:81:
+                    73:dd:22:80:4b:2d:c5:60:b8:fe:1e:18:63:ef:dc:
+                    89:89:22:df:95:3c:7a:db:3d:9a:06:a8:08:d6:29:
+                    fd:ef:41:09:91:ed:bc:ad:98:f9:f6:28:90:62:6f:
+                    e7:e7:0c:4d:0b
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            Netscape Comment: 
+                Generated with SSLeay
+    Signature Algorithm: md5withRSAEncryption
+        52:15:ea:88:f4:f0:f9:0b:ef:ce:d5:f8:83:40:61:16:5e:55:
+        f9:ce:2d:d1:8b:31:5c:03:c6:2d:10:7c:61:d5:5c:0a:42:97:
+        d1:fd:65:b6:b6:84:a5:39:ec:46:ec:fc:e0:0d:d9:22:da:1b:
+        50:74:ad:92:cb:4e:90:e5:fa:7d
+
+-----BEGIN CERTIFICATE-----
+MIICTDCCAfagAwIBAgICBH0wDQYJKoZIhvcNAQEEBQAwgZIxCzAJBgNVBAYTAkFV
+MRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UE
+ChMRQ3J5cHRzb2Z0IFB0eSBMdGQxIjAgBgNVBAsTGURFTU9OU1RSQVRJT04gQU5E
+IFRFU1RJTkcxGzAZBgNVBAMTEkRFTU8gWkVSTyBWQUxVRSBDQTAeFw05ODA1MTMw
+NTQwNThaFw0wMDA1MTIwNTQwNThaMIGeMQswCQYDVQQGEwJBVTETMBEGA1UECBMK
+UXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m
+dCBQdHkgTHRkMRIwEAYDVQQLEwlTTUlNRSAwMDMxFDASBgNVBAMTC0luZm9ybWF0
+aW9uMSEwHwYJKoZIhvcNAQkBFhJpbmZvQGNyeXB0c29mdC5jb20wXDANBgkqhkiG
+9w0BAQEFAANLADBIAkEArecjie4Nh7ecMkRLlYFz3SKASy3FYLj+Hhhj79yJiSLf
+lTx62z2aBqgI1in970EJke28rZj59iiQYm/n5wxNCwIDAQABoygwJjAkBglghkgB
+hvhCAQ0EFxYVR2VuZXJhdGVkIHdpdGggU1NMZWF5MA0GCSqGSIb3DQEBBAUAA0EA
+UhXqiPTw+QvvztX4g0BhFl5V+c4t0YsxXAPGLRB8YdVcCkKX0f1ltraEpTnsRuz8
+4A3ZItobUHStkstOkOX6fQ==
+-----END CERTIFICATE-----
+
+-----BEGIN RSA PRIVATE KEY-----
+MIIBOgIBAAJBAK3nI4nuDYe3nDJES5WBc90igEstxWC4/h4YY+/ciYki35U8ets9
+mgaoCNYp/e9BCZHtvK2Y+fYokGJv5+cMTQsCAwEAAQJBAIHpvXvqEcOEoDRRHuIG
+fkcB4jPHcr9KE9TpxabH6xs9beN6OJnkePXAHwaz5MnUgSnbpOKq+cw8miKjXwe/
+zVECIQDVLwncT2lRmXarEYHzb+q/0uaSvKhWKKt3kJasLNTrAwIhANDUc/ghut29
+p3jJYjurzUKuG774/5eLjPLsxPPIZzNZAiA/10hSq41UnGqHLEUIS9m2/EeEZe7b
+bm567dfRU9OnVQIgDo8ROrZXSchEGbaog5J5r/Fle83uO8l93R3GqVxKXZkCIFfk
+IPD5PIYQAyyod3hyKKza7ZP4CGY4oOfZetbkSGGG
+-----END RSA PRIVATE KEY-----
diff --git a/crypto/openssl/crypto/pkcs7/verify.c b/crypto/openssl/crypto/pkcs7/verify.c
new file mode 100644
index 000000000000..32d9783e4515
--- /dev/null
+++ b/crypto/openssl/crypto/pkcs7/verify.c
@@ -0,0 +1,253 @@
+/* crypto/pkcs7/verify.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include "example.h"
+
+int verify_callback(int ok, X509_STORE_CTX *ctx);
+
+BIO *bio_err=NULL;
+BIO *bio_out=NULL;
+
+int main(argc,argv)
+int argc;
+char *argv[];
+	{
+	PKCS7 *p7;
+	PKCS7_SIGNER_INFO *si;
+	X509_STORE_CTX cert_ctx;
+	X509_STORE *cert_store=NULL;
+	BIO *data,*detached=NULL,*p7bio=NULL;
+	char buf[1024*4];
+	char *pp;
+	int i,printit=0;
+	STACK_OF(PKCS7_SIGNER_INFO) *sk;
+
+	bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+	bio_out=BIO_new_fp(stdout,BIO_NOCLOSE);
+	EVP_add_digest(EVP_md2());
+	EVP_add_digest(EVP_md5());
+	EVP_add_digest(EVP_sha1());
+	EVP_add_digest(EVP_mdc2());
+
+	data=BIO_new(BIO_s_file());
+
+	pp=NULL;
+	while (argc > 1)
+		{
+		argc--;
+		argv++;
+		if (strcmp(argv[0],"-p") == 0)
+			{
+			printit=1;
+			}
+		else if ((strcmp(argv[0],"-d") == 0) && (argc >= 2))
+			{
+			detached=BIO_new(BIO_s_file());
+			if (!BIO_read_filename(detached,argv[1]))
+				goto err;
+			argc--;
+			argv++;
+			}
+		else
+			{
+			pp=argv[0];
+			if (!BIO_read_filename(data,argv[0]))
+				goto err;
+			}
+		}
+
+	if (pp == NULL)
+		BIO_set_fp(data,stdin,BIO_NOCLOSE);
+
+
+	/* Load the PKCS7 object from a file */
+	if ((p7=PEM_read_bio_PKCS7(data,NULL,NULL)) == NULL) goto err;
+
+	/* This stuff is being setup for certificate verification.
+	 * When using SSL, it could be replaced with a 
+	 * cert_stre=SSL_CTX_get_cert_store(ssl_ctx); */
+	cert_store=X509_STORE_new();
+	X509_STORE_set_default_paths(cert_store);
+	X509_STORE_load_locations(cert_store,NULL,"../../certs");
+	X509_STORE_set_verify_cb_func(cert_store,verify_callback);
+
+	ERR_clear_error();
+
+	/* We need to process the data */
+	if ((PKCS7_get_detached(p7) || detached))
+		{
+		if (detached == NULL)
+			{
+			printf("no data to verify the signature on\n");
+			exit(1);
+			}
+		else
+			p7bio=PKCS7_dataInit(p7,detached);
+		}
+	else
+		{
+		p7bio=PKCS7_dataInit(p7,NULL);
+		}
+
+	/* We now have to 'read' from p7bio to calculate digests etc. */
+	for (;;)
+		{
+		i=BIO_read(p7bio,buf,sizeof(buf));
+		/* print it? */
+		if (i <= 0) break;
+		}
+
+	/* We can now verify signatures */
+	sk=PKCS7_get_signer_info(p7);
+	if (sk == NULL)
+		{
+		printf("there are no signatures on this data\n");
+		exit(1);
+		}
+
+	/* Ok, first we need to, for each subject entry, see if we can verify */
+	for (i=0; ierror)
+		{
+	case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
+		X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),buf,256);
+		BIO_printf(bio_err,"issuer= %s\n",buf);
+		break;
+	case X509_V_ERR_CERT_NOT_YET_VALID:
+	case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
+		BIO_printf(bio_err,"notBefore=");
+		ASN1_UTCTIME_print(bio_err,X509_get_notBefore(ctx->current_cert));
+		BIO_printf(bio_err,"\n");
+		break;
+	case X509_V_ERR_CERT_HAS_EXPIRED:
+	case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
+		BIO_printf(bio_err,"notAfter=");
+		ASN1_UTCTIME_print(bio_err,X509_get_notAfter(ctx->current_cert));
+		BIO_printf(bio_err,"\n");
+		break;
+		}
+	BIO_printf(bio_err,"verify return:%d\n",ok);
+	return(ok);
+	}
diff --git a/crypto/openssl/crypto/rand/Makefile.ssl b/crypto/openssl/crypto/rand/Makefile.ssl
new file mode 100644
index 000000000000..76bfdfeae5b6
--- /dev/null
+++ b/crypto/openssl/crypto/rand/Makefile.ssl
@@ -0,0 +1,87 @@
+#
+# SSLeay/crypto/rand/Makefile
+#
+
+DIR=	rand
+TOP=	../..
+CC=	cc
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=		make -f Makefile.ssl
+MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+MAKEFILE=	Makefile.ssl
+AR=		ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST= randtest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=md_rand.c randfile.c rand_lib.c
+LIBOBJ=md_rand.o randfile.o rand_lib.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= rand.h
+HEADER=	$(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:	lib
+
+lib:	$(LIBOBJ)
+	$(AR) $(LIB) $(LIBOBJ)
+	$(RANLIB) $(LIB)
+	@touch lib
+
+files:
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+	@for i in $(EXHEADER) ; \
+	do  \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+	done;
+
+tags:
+	ctags $(SRC)
+
+tests:
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+
+dclean:
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+md_rand.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+md_rand.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+md_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+md_rand.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+rand_lib.o: ../../include/openssl/rand.h
+randfile.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+randfile.o: ../../include/openssl/opensslconf.h ../../include/openssl/rand.h
diff --git a/crypto/openssl/crypto/rand/md_rand.c b/crypto/openssl/crypto/rand/md_rand.c
new file mode 100644
index 000000000000..6bd1960e1de7
--- /dev/null
+++ b/crypto/openssl/crypto/rand/md_rand.c
@@ -0,0 +1,429 @@
+/* crypto/rand/md_rand.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+#include 
+
+#include "openssl/e_os.h"
+
+#include 
+
+#if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND)
+#if !defined(NO_SHA) && !defined(NO_SHA1)
+#define USE_SHA1_RAND
+#elif !defined(NO_MD5)
+#define USE_MD5_RAND
+#elif !defined(NO_MDC2) && !defined(NO_DES)
+#define USE_MDC2_RAND
+#elif !defined(NO_MD2)
+#define USE_MD2_RAND
+#else
+#error No message digest algorithm available
+#endif
+#endif
+
+/* Changed how the state buffer used.  I now attempt to 'wrap' such
+ * that I don't run over the same locations the next time  go through
+ * the 1023 bytes - many thanks to
+ * Robert J. LeBlanc  for his comments
+ */
+
+#if defined(USE_MD5_RAND)
+#include 
+#define MD_DIGEST_LENGTH	MD5_DIGEST_LENGTH
+#define MD_CTX			MD5_CTX
+#define MD_Init(a)		MD5_Init(a)
+#define MD_Update(a,b,c)	MD5_Update(a,b,c)
+#define	MD_Final(a,b)		MD5_Final(a,b)
+#define	MD(a,b,c)		MD5(a,b,c)
+#elif defined(USE_SHA1_RAND)
+#include 
+#define MD_DIGEST_LENGTH	SHA_DIGEST_LENGTH
+#define MD_CTX			SHA_CTX
+#define MD_Init(a)		SHA1_Init(a)
+#define MD_Update(a,b,c)	SHA1_Update(a,b,c)
+#define	MD_Final(a,b)		SHA1_Final(a,b)
+#define	MD(a,b,c)		SHA1(a,b,c)
+#elif defined(USE_MDC2_RAND)
+#include 
+#define MD_DIGEST_LENGTH	MDC2_DIGEST_LENGTH
+#define MD_CTX			MDC2_CTX
+#define MD_Init(a)		MDC2_Init(a)
+#define MD_Update(a,b,c)	MDC2_Update(a,b,c)
+#define	MD_Final(a,b)		MDC2_Final(a,b)
+#define	MD(a,b,c)		MDC2(a,b,c)
+#elif defined(USE_MD2_RAND)
+#include 
+#define MD_DIGEST_LENGTH	MD2_DIGEST_LENGTH
+#define MD_CTX			MD2_CTX
+#define MD_Init(a)		MD2_Init(a)
+#define MD_Update(a,b,c)	MD2_Update(a,b,c)
+#define	MD_Final(a,b)		MD2_Final(a,b)
+#define	MD(a,b,c)		MD2(a,b,c)
+#endif
+
+#include 
+
+/* #define NORAND	1 */
+/* #define PREDICT	1 */
+
+#define STATE_SIZE	1023
+static int state_num=0,state_index=0;
+static unsigned char state[STATE_SIZE+MD_DIGEST_LENGTH];
+static unsigned char md[MD_DIGEST_LENGTH];
+static long md_count[2]={0,0};
+
+const char *RAND_version="RAND" OPENSSL_VERSION_PTEXT;
+
+static void ssleay_rand_cleanup(void);
+static void ssleay_rand_seed(const void *buf, int num);
+static void ssleay_rand_bytes(unsigned char *buf, int num);
+
+RAND_METHOD rand_ssleay_meth={
+	ssleay_rand_seed,
+	ssleay_rand_bytes,
+	ssleay_rand_cleanup,
+	}; 
+
+RAND_METHOD *RAND_SSLeay(void)
+	{
+	return(&rand_ssleay_meth);
+	}
+
+static void ssleay_rand_cleanup(void)
+	{
+	memset(state,0,sizeof(state));
+	state_num=0;
+	state_index=0;
+	memset(md,0,MD_DIGEST_LENGTH);
+	md_count[0]=0;
+	md_count[1]=0;
+	}
+
+static void ssleay_rand_seed(const void *buf, int num)
+	{
+	int i,j,k,st_idx,st_num;
+	MD_CTX m;
+
+#ifdef NORAND
+	return;
+#endif
+
+	CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+	st_idx=state_index;
+	st_num=state_num;
+
+	state_index=(state_index+num);
+	if (state_index >= STATE_SIZE)
+		{
+		state_index%=STATE_SIZE;
+		state_num=STATE_SIZE;
+		}
+	else if (state_num < STATE_SIZE)	
+		{
+		if (state_index > state_num)
+			state_num=state_index;
+		}
+	CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+
+	for (i=0; i MD_DIGEST_LENGTH)?MD_DIGEST_LENGTH:j;
+
+		MD_Init(&m);
+		MD_Update(&m,md,MD_DIGEST_LENGTH);
+		k=(st_idx+j)-STATE_SIZE;
+		if (k > 0)
+			{
+			MD_Update(&m,&(state[st_idx]),j-k);
+			MD_Update(&m,&(state[0]),k);
+			}
+		else
+			MD_Update(&m,&(state[st_idx]),j);
+			
+		MD_Update(&m,buf,j);
+		MD_Update(&m,(unsigned char *)&(md_count[0]),sizeof(md_count));
+		MD_Final(md,&m);
+		md_count[1]++;
+
+		buf=(const char *)buf + j;
+
+		for (k=0; k= STATE_SIZE)
+				{
+				st_idx=0;
+				st_num=STATE_SIZE;
+				}
+			}
+		}
+	memset((char *)&m,0,sizeof(m));
+	}
+
+static void ssleay_rand_bytes(unsigned char *buf, int num)
+	{
+	int i,j,k,st_num,st_idx;
+	MD_CTX m;
+	static int init=1;
+	unsigned long l;
+#ifdef DEVRANDOM
+	FILE *fh;
+#endif
+
+#ifdef PREDICT
+	{
+	static unsigned char val=0;
+
+	for (i=0; i state_num)
+		state_index=(state_index%state_num);
+
+	CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+
+	while (num > 0)
+		{
+		j=(num >= MD_DIGEST_LENGTH/2)?MD_DIGEST_LENGTH/2:num;
+		num-=j;
+		MD_Init(&m);
+		MD_Update(&m,&(md[MD_DIGEST_LENGTH/2]),MD_DIGEST_LENGTH/2);
+		MD_Update(&m,(unsigned char *)&(md_count[0]),sizeof(md_count));
+#ifndef PURIFY
+		MD_Update(&m,buf,j); /* purify complains */
+#endif
+		k=(st_idx+j)-st_num;
+		if (k > 0)
+			{
+			MD_Update(&m,&(state[st_idx]),j-k);
+			MD_Update(&m,&(state[0]),k);
+			}
+		else
+			MD_Update(&m,&(state[st_idx]),j);
+		MD_Final(md,&m);
+
+		for (i=0; i= st_num)
+				st_idx=0;
+			state[st_idx++]^=md[i];
+			*(buf++)=md[i+MD_DIGEST_LENGTH/2];
+			}
+		}
+
+	MD_Init(&m);
+	MD_Update(&m,(unsigned char *)&(md_count[0]),sizeof(md_count));
+	md_count[0]++;
+	MD_Update(&m,md,MD_DIGEST_LENGTH);
+	MD_Final(md,&m);
+	memset(&m,0,sizeof(m));
+	}
+
+#ifdef WINDOWS
+#include 
+#include 
+
+/*****************************************************************************
+ * Initialisation function for the SSL random generator.  Takes the contents
+ * of the screen as random seed.
+ *
+ * Created 960901 by Gertjan van Oosten, gertjan@West.NL, West Consulting B.V.
+ *
+ * Code adapted from
+ * ;
+ * the original copyright message is:
+ *
+ *   (C) Copyright Microsoft Corp. 1993.  All rights reserved.
+ *
+ *   You have a royalty-free right to use, modify, reproduce and
+ *   distribute the Sample Files (and/or any modified version) in
+ *   any way you find useful, provided that you agree that
+ *   Microsoft has no warranty obligations or liability for any
+ *   Sample Application Files which are modified.
+ */
+/*
+ * I have modified the loading of bytes via RAND_seed() mechanism since
+ * the origional would have been very very CPU intensive since RAND_seed()
+ * does an MD5 per 16 bytes of input.  The cost to digest 16 bytes is the same
+ * as that to digest 56 bytes.  So under the old system, a screen of
+ * 1024*768*256 would have been CPU cost of approximatly 49,000 56 byte MD5
+ * digests or digesting 2.7 mbytes.  What I have put in place would
+ * be 48 16k MD5 digests, or efectivly 48*16+48 MD5 bytes or 816 kbytes
+ * or about 3.5 times as much.
+ * - eric 
+ */
+void RAND_screen(void)
+{
+  HDC		hScrDC;		/* screen DC */
+  HDC		hMemDC;		/* memory DC */
+  HBITMAP	hBitmap;	/* handle for our bitmap */
+  HBITMAP	hOldBitmap;	/* handle for previous bitmap */
+  BITMAP	bm;		/* bitmap properties */
+  unsigned int	size;		/* size of bitmap */
+  char		*bmbits;	/* contents of bitmap */
+  int		w;		/* screen width */
+  int		h;		/* screen height */
+  int		y;		/* y-coordinate of screen lines to grab */
+  int		n = 16;		/* number of screen lines to grab at a time */
+
+  /* Create a screen DC and a memory DC compatible to screen DC */
+  hScrDC = CreateDC("DISPLAY", NULL, NULL, NULL);
+  hMemDC = CreateCompatibleDC(hScrDC);
+
+  /* Get screen resolution */
+  w = GetDeviceCaps(hScrDC, HORZRES);
+  h = GetDeviceCaps(hScrDC, VERTRES);
+
+  /* Create a bitmap compatible with the screen DC */
+  hBitmap = CreateCompatibleBitmap(hScrDC, w, n);
+
+  /* Select new bitmap into memory DC */
+  hOldBitmap = SelectObject(hMemDC, hBitmap);
+
+  /* Get bitmap properties */
+  GetObject(hBitmap, sizeof(BITMAP), (LPSTR)&bm);
+  size = (unsigned int)bm.bmWidthBytes * bm.bmHeight * bm.bmPlanes;
+
+  bmbits = Malloc(size);
+  if (bmbits) {
+    /* Now go through the whole screen, repeatedly grabbing n lines */
+    for (y = 0; y < h-n; y += n)
+    	{
+	unsigned char md[MD_DIGEST_LENGTH];
+
+	/* Bitblt screen DC to memory DC */
+	BitBlt(hMemDC, 0, 0, w, n, hScrDC, 0, y, SRCCOPY);
+
+	/* Copy bitmap bits from memory DC to bmbits */
+	GetBitmapBits(hBitmap, size, bmbits);
+
+	/* Get the MD5 of the bitmap */
+	MD(bmbits,size,md);
+
+	/* Seed the random generator with the MD5 digest */
+	RAND_seed(md, MD_DIGEST_LENGTH);
+	}
+
+    Free(bmbits);
+  }
+
+  /* Select old bitmap back into memory DC */
+  hBitmap = SelectObject(hMemDC, hOldBitmap);
+
+  /* Clean up */
+  DeleteObject(hBitmap);
+  DeleteDC(hMemDC);
+  DeleteDC(hScrDC);
+}
+#endif
diff --git a/crypto/openssl/crypto/rand/rand.h b/crypto/openssl/crypto/rand/rand.h
new file mode 100644
index 000000000000..fd8ee38366f0
--- /dev/null
+++ b/crypto/openssl/crypto/rand/rand.h
@@ -0,0 +1,89 @@
+/* crypto/rand/rand.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_RAND_H
+#define HEADER_RAND_H
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+typedef struct rand_meth_st
+	{
+	void (*seed)(const void *buf, int num);
+	void (*bytes)(unsigned char *buf, int num);
+	void (*cleanup)(void);
+	} RAND_METHOD;
+
+void RAND_set_rand_method(RAND_METHOD *meth);
+RAND_METHOD *RAND_get_rand_method(void );
+RAND_METHOD *RAND_SSLeay(void);
+void RAND_cleanup(void );
+void RAND_bytes(unsigned char *buf,int num);
+void RAND_seed(const void *buf,int num);
+int  RAND_load_file(const char *file,long max_bytes);
+int  RAND_write_file(const char *file);
+char *RAND_file_name(char *file,int num);
+#ifdef WINDOWS
+void RAND_screen(void);
+#endif
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
diff --git a/crypto/openssl/crypto/rand/rand_lib.c b/crypto/openssl/crypto/rand/rand_lib.c
new file mode 100644
index 000000000000..34c6d5b9681d
--- /dev/null
+++ b/crypto/openssl/crypto/rand/rand_lib.c
@@ -0,0 +1,98 @@
+/* crypto/rand/rand_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+#include 
+
+#ifdef NO_RAND
+static RAND_METHOD *rand_meth=NULL;
+#else
+extern RAND_METHOD rand_ssleay_meth;
+static RAND_METHOD *rand_meth= &rand_ssleay_meth;
+#endif
+
+void RAND_set_rand_method(RAND_METHOD *meth)
+	{
+	rand_meth=meth;
+	}
+
+RAND_METHOD *RAND_get_rand_method(void)
+	{
+	return(rand_meth);
+	}
+
+void RAND_cleanup(void)
+	{
+	if (rand_meth != NULL)
+		rand_meth->cleanup();
+	}
+
+void RAND_seed(const void *buf, int num)
+	{
+	if (rand_meth != NULL)
+		rand_meth->seed(buf,num);
+	}
+
+void RAND_bytes(unsigned char *buf, int num)
+	{
+	if (rand_meth != NULL)
+		rand_meth->bytes(buf,num);
+	}
+
diff --git a/crypto/openssl/crypto/rand/randfile.c b/crypto/openssl/crypto/rand/randfile.c
new file mode 100644
index 000000000000..6829d4ec3707
--- /dev/null
+++ b/crypto/openssl/crypto/rand/randfile.c
@@ -0,0 +1,179 @@
+/* crypto/rand/randfile.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#include "openssl/e_os.h"
+
+#include 
+
+#undef BUFSIZE
+#define BUFSIZE	1024
+#define RAND_DATA 1024
+
+/* #define RFILE ".rand" - defined in ../../e_os.h */
+
+int RAND_load_file(const char *file, long bytes)
+	{
+	MS_STATIC unsigned char buf[BUFSIZE];
+	struct stat sb;
+	int i,ret=0,n;
+	FILE *in;
+
+	if (file == NULL) return(0);
+
+	i=stat(file,&sb);
+	/* If the state fails, put some crap in anyway */
+	RAND_seed(&sb,sizeof(sb));
+	ret+=sizeof(sb);
+	if (i < 0) return(0);
+	if (bytes <= 0) return(ret);
+
+	in=fopen(file,"rb");
+	if (in == NULL) goto err;
+	for (;;)
+		{
+		n=(bytes < BUFSIZE)?(int)bytes:BUFSIZE;
+		i=fread(buf,1,n,in);
+		if (i <= 0) break;
+		/* even if n != i, use the full array */
+		RAND_seed(buf,n);
+		ret+=i;
+		bytes-=n;
+		if (bytes <= 0) break;
+		}
+	fclose(in);
+	memset(buf,0,BUFSIZE);
+err:
+	return(ret);
+	}
+
+int RAND_write_file(const char *file)
+	{
+	unsigned char buf[BUFSIZE];
+	int i,ret=0;
+	FILE *out;
+	int n;
+
+	/* Under VMS, fopen(file, "wb") will craete a new version of the
+	   same file.  This is not good, so let's try updating an existing
+	   one, and create file only if it doesn't already exist.  This
+	   should be completely harmless on system that have no file
+	   versions.					-- Richard Levitte */
+	out=fopen(file,"rb+");
+	if (out == NULL && errno == ENOENT)
+		{
+		errno = 0;
+		out=fopen(file,"wb");
+		}
+	if (out == NULL) goto err;
+	chmod(file,0600);
+	n=RAND_DATA;
+	for (;;)
+		{
+		i=(n > BUFSIZE)?BUFSIZE:n;
+		n-=BUFSIZE;
+		RAND_bytes(buf,i);
+		i=fwrite(buf,1,i,out);
+		if (i <= 0)
+			{
+			ret=0;
+			break;
+			}
+		ret+=i;
+		if (n <= 0) break;
+		}
+	fclose(out);
+	memset(buf,0,BUFSIZE);
+err:
+	return(ret);
+	}
+
+char *RAND_file_name(char *buf, int size)
+	{
+	char *s;
+	char *ret=NULL;
+
+	s=getenv("RANDFILE");
+	if (s != NULL)
+		{
+		strncpy(buf,s,size-1);
+		buf[size-1]='\0';
+		ret=buf;
+		}
+	else
+		{
+		s=getenv("HOME");
+		if (s == NULL) return(RFILE);
+		if (((int)(strlen(s)+strlen(RFILE)+2)) > size)
+			return(RFILE);
+		strcpy(buf,s);
+#ifndef VMS
+		strcat(buf,"/");
+#endif
+		strcat(buf,RFILE);
+		ret=buf;
+		}
+	return(ret);
+	}
diff --git a/crypto/openssl/crypto/rand/randtest.c b/crypto/openssl/crypto/rand/randtest.c
new file mode 100644
index 000000000000..f0706d779a25
--- /dev/null
+++ b/crypto/openssl/crypto/rand/randtest.c
@@ -0,0 +1,207 @@
+/* crypto/rand/randtest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+
+/* some FIPS 140-1 random number test */
+/* some simple tests */
+
+int main()
+	{
+	unsigned char buf[2500];
+	int i,j,k,s,sign,nsign,err=0;
+	unsigned long n1;
+	unsigned long n2[16];
+	unsigned long runs[2][34];
+	/*double d; */
+	long d;
+
+	RAND_bytes(buf,2500);
+
+	n1=0;
+	for (i=0; i<16; i++) n2[i]=0;
+	for (i=0; i<34; i++) runs[0][i]=runs[1][i]=0;
+
+	/* test 1 and 2 */
+	sign=0;
+	nsign=0;
+	for (i=0; i<2500; i++)
+		{
+		j=buf[i];
+
+		n2[j&0x0f]++;
+		n2[(j>>4)&0x0f]++;
+
+		for (k=0; k<8; k++)
+			{
+			s=(j&0x01);
+			if (s == sign)
+				nsign++;
+			else
+				{
+				if (nsign > 34) nsign=34;
+				if (nsign != 0)
+					{
+					runs[sign][nsign-1]++;
+					if (nsign > 6)
+						runs[sign][5]++;
+					}
+				sign=s;
+				nsign=1;
+				}
+
+			if (s) n1++;
+			j>>=1;
+			}
+		}
+		if (nsign > 34) nsign=34;
+		if (nsign != 0) runs[sign][nsign-1]++;
+
+	/* test 1 */
+	if (!((9654 < n1) && (n1 < 10346)))
+		{
+		printf("test 1 failed, X=%lu\n",n1);
+		err++;
+		}
+	printf("test 1 done\n");
+
+	/* test 2 */
+#ifdef undef
+	d=0;
+	for (i=0; i<16; i++)
+		d+=n2[i]*n2[i];
+	d=d*16.0/5000.0-5000.0;
+	if (!((1.03 < d) && (d < 57.4)))
+		{
+		printf("test 2 failed, X=%.2f\n",d);
+		err++;
+		}
+#endif
+	d=0;
+	for (i=0; i<16; i++)
+		d+=n2[i]*n2[i];
+	d=(d*8)/25-500000;
+	if (!((103 < d) && (d < 5740)))
+		{
+		printf("test 2 failed, X=%ld.%02ld\n",d/100L,d%100L);
+		err++;
+		}
+	printf("test 2 done\n");
+
+	/* test 3 */
+	for (i=0; i<2; i++)
+		{
+		if (!((2267 < runs[i][0]) && (runs[i][0] < 2733)))
+			{
+			printf("test 3 failed, bit=%d run=%d num=%lu\n",
+				i,1,runs[i][0]);
+			err++;
+			}
+		if (!((1079 < runs[i][1]) && (runs[i][1] < 1421)))
+			{
+			printf("test 3 failed, bit=%d run=%d num=%lu\n",
+				i,2,runs[i][1]);
+			err++;
+			}
+		if (!(( 502 < runs[i][2]) && (runs[i][2] <  748)))
+			{
+			printf("test 3 failed, bit=%d run=%d num=%lu\n",
+				i,3,runs[i][2]);
+			err++;
+			}
+		if (!(( 223 < runs[i][3]) && (runs[i][3] <  402)))
+			{
+			printf("test 3 failed, bit=%d run=%d num=%lu\n",
+				i,4,runs[i][3]);
+			err++;
+			}
+		if (!((  90 < runs[i][4]) && (runs[i][4] <  223)))
+			{
+			printf("test 3 failed, bit=%d run=%d num=%lu\n",
+				i,5,runs[i][4]);
+			err++;
+			}
+		if (!((  90 < runs[i][5]) && (runs[i][5] <  223)))
+			{
+			printf("test 3 failed, bit=%d run=%d num=%lu\n",
+				i,6,runs[i][5]);
+			err++;
+			}
+		}
+	printf("test 3 done\n");
+	
+	/* test 4 */
+	if (runs[0][33] != 0)
+		{
+		printf("test 4 failed, bit=%d run=%d num=%lu\n",
+			0,34,runs[0][33]);
+		err++;
+		}
+	if (runs[1][33] != 0)
+		{
+		printf("test 4 failed, bit=%d run=%d num=%lu\n",
+			1,34,runs[1][33]);
+		err++;
+		}
+	printf("test 4 done\n");
+	err=((err)?1:0);
+	exit(err);
+	return(err);
+	}
diff --git a/crypto/openssl/crypto/rc2/Makefile.ssl b/crypto/openssl/crypto/rc2/Makefile.ssl
new file mode 100644
index 000000000000..542397d69aa6
--- /dev/null
+++ b/crypto/openssl/crypto/rc2/Makefile.ssl
@@ -0,0 +1,90 @@
+#
+# SSLeay/crypto/rc2/Makefile
+#
+
+DIR=	rc2
+TOP=	../..
+CC=	cc
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=		make -f Makefile.ssl
+MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+MAKEFILE=	Makefile.ssl
+AR=		ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=rc2test.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=rc2_ecb.c rc2_skey.c rc2_cbc.c rc2cfb64.c rc2ofb64.c
+LIBOBJ=rc2_ecb.o rc2_skey.o rc2_cbc.o rc2cfb64.o rc2ofb64.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= rc2.h
+HEADER=	rc2_locl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:	lib
+
+lib:	$(LIBOBJ)
+	$(AR) $(LIB) $(LIBOBJ)
+	$(RANLIB) $(LIB)
+	@touch lib
+
+files:
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+	@for i in $(EXHEADER) ; \
+	do  \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+	done;
+
+tags:
+	ctags $(SRC)
+
+tests:
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+
+dclean:
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+rc2_cbc.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc2.h
+rc2_cbc.o: rc2_locl.h
+rc2_ecb.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+rc2_ecb.o: ../../include/openssl/rc2.h rc2_locl.h
+rc2_skey.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc2.h
+rc2_skey.o: rc2_locl.h
+rc2cfb64.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc2.h
+rc2cfb64.o: rc2_locl.h
+rc2ofb64.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc2.h
+rc2ofb64.o: rc2_locl.h
diff --git a/crypto/openssl/crypto/rc2/Makefile.uni b/crypto/openssl/crypto/rc2/Makefile.uni
new file mode 100644
index 000000000000..4dc20c6fcfd5
--- /dev/null
+++ b/crypto/openssl/crypto/rc2/Makefile.uni
@@ -0,0 +1,73 @@
+# Targets
+# make          - twidle the options yourself :-)
+# make cc       - standard cc options
+# make gcc      - standard gcc options
+
+DIR=    rc2
+TOP=    .
+CC=     gcc
+CFLAG=	-O3 -fomit-frame-pointer
+
+CPP=    $(CC) -E
+INCLUDES=
+INSTALLTOP=/usr/local/lib
+MAKE=           make
+MAKEDEPEND=     makedepend
+MAKEFILE=       Makefile.uni
+AR=             ar r
+RANLIB=         ranlib
+
+IDEA_ENC=rc2_cbc.o
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=rc2test
+APPS=rc2speed
+
+LIB=librc2.a
+LIBSRC=rc2_skey.c rc2_ecb.c rc2_cbc.c rc2cfb64.c rc2ofb64.c
+LIBOBJ=rc2_skey.o rc2_ecb.o $(IDEA_ENC) rc2cfb64.o rc2ofb64.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= rc2.h
+HEADER= rc2_locl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+all:    $(LIB) $(TEST) $(APPS)
+
+$(LIB):    $(LIBOBJ)
+	$(AR) $(LIB) $(LIBOBJ)
+	$(RANLIB) $(LIB)
+
+test:	$(TEST)
+	./$(TEST)
+
+$(TEST): $(TEST).c $(LIB)
+	$(CC) -o $(TEST) $(CFLAGS) $(TEST).c $(LIB)
+
+$(APPS): $(APPS).c $(LIB)
+	$(CC) -o $(APPS) $(CFLAGS) $(APPS).c $(LIB)
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+
+dclean:
+	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	/bin/rm -f $(LIB) $(TEST) $(APPS) *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+cc:
+	$(MAKE) CC="cc" CFLAG="-O" all
+
+gcc:
+	$(MAKE) CC="gcc" CFLAGS="-O3 -fomit-frame-pointer" all
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/openssl/crypto/rc2/rc2.h b/crypto/openssl/crypto/rc2/rc2.h
new file mode 100644
index 000000000000..9571efb7559e
--- /dev/null
+++ b/crypto/openssl/crypto/rc2/rc2.h
@@ -0,0 +1,99 @@
+/* crypto/rc2/rc2.h */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_RC2_H
+#define HEADER_RC2_H
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#ifdef NO_RC2
+#error RC2 is disabled.
+#endif
+
+#define RC2_ENCRYPT	1
+#define RC2_DECRYPT	0
+
+#include  /* RC2_INT */
+#define RC2_BLOCK	8
+#define RC2_KEY_LENGTH	16
+
+typedef struct rc2_key_st
+	{
+	RC2_INT data[64];
+	} RC2_KEY;
+
+ 
+void RC2_set_key(RC2_KEY *key, int len, unsigned char *data,int bits);
+void RC2_ecb_encrypt(unsigned char *in,unsigned char *out,RC2_KEY *key,
+	int enc);
+void RC2_encrypt(unsigned long *data,RC2_KEY *key);
+void RC2_decrypt(unsigned long *data,RC2_KEY *key);
+void RC2_cbc_encrypt(unsigned char *in, unsigned char *out, long length,
+	RC2_KEY *ks, unsigned char *iv, int enc);
+void RC2_cfb64_encrypt(unsigned char *in, unsigned char *out, long length,
+	RC2_KEY *schedule, unsigned char *ivec, int *num, int enc);
+void RC2_ofb64_encrypt(unsigned char *in, unsigned char *out, long length,
+	RC2_KEY *schedule, unsigned char *ivec, int *num);
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
diff --git a/crypto/openssl/crypto/rc2/rc2_cbc.c b/crypto/openssl/crypto/rc2/rc2_cbc.c
new file mode 100644
index 000000000000..1202184e85eb
--- /dev/null
+++ b/crypto/openssl/crypto/rc2/rc2_cbc.c
@@ -0,0 +1,226 @@
+/* crypto/rc2/rc2_cbc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "rc2_locl.h"
+
+void RC2_cbc_encrypt(unsigned char *in, unsigned char *out, long length,
+	     RC2_KEY *ks, unsigned char *iv, int encrypt)
+	{
+	register unsigned long tin0,tin1;
+	register unsigned long tout0,tout1,xor0,xor1;
+	register long l=length;
+	unsigned long tin[2];
+
+	if (encrypt)
+		{
+		c2l(iv,tout0);
+		c2l(iv,tout1);
+		iv-=8;
+		for (l-=8; l>=0; l-=8)
+			{
+			c2l(in,tin0);
+			c2l(in,tin1);
+			tin0^=tout0;
+			tin1^=tout1;
+			tin[0]=tin0;
+			tin[1]=tin1;
+			RC2_encrypt(tin,ks);
+			tout0=tin[0]; l2c(tout0,out);
+			tout1=tin[1]; l2c(tout1,out);
+			}
+		if (l != -8)
+			{
+			c2ln(in,tin0,tin1,l+8);
+			tin0^=tout0;
+			tin1^=tout1;
+			tin[0]=tin0;
+			tin[1]=tin1;
+			RC2_encrypt(tin,ks);
+			tout0=tin[0]; l2c(tout0,out);
+			tout1=tin[1]; l2c(tout1,out);
+			}
+		l2c(tout0,iv);
+		l2c(tout1,iv);
+		}
+	else
+		{
+		c2l(iv,xor0);
+		c2l(iv,xor1);
+		iv-=8;
+		for (l-=8; l>=0; l-=8)
+			{
+			c2l(in,tin0); tin[0]=tin0;
+			c2l(in,tin1); tin[1]=tin1;
+			RC2_decrypt(tin,ks);
+			tout0=tin[0]^xor0;
+			tout1=tin[1]^xor1;
+			l2c(tout0,out);
+			l2c(tout1,out);
+			xor0=tin0;
+			xor1=tin1;
+			}
+		if (l != -8)
+			{
+			c2l(in,tin0); tin[0]=tin0;
+			c2l(in,tin1); tin[1]=tin1;
+			RC2_decrypt(tin,ks);
+			tout0=tin[0]^xor0;
+			tout1=tin[1]^xor1;
+			l2cn(tout0,tout1,out,l+8);
+			xor0=tin0;
+			xor1=tin1;
+			}
+		l2c(xor0,iv);
+		l2c(xor1,iv);
+		}
+	tin0=tin1=tout0=tout1=xor0=xor1=0;
+	tin[0]=tin[1]=0;
+	}
+
+void RC2_encrypt(unsigned long *d, RC2_KEY *key)
+	{
+	int i,n;
+	register RC2_INT *p0,*p1;
+	register RC2_INT x0,x1,x2,x3,t;
+	unsigned long l;
+
+	l=d[0];
+	x0=(RC2_INT)l&0xffff;
+	x1=(RC2_INT)(l>>16L);
+	l=d[1];
+	x2=(RC2_INT)l&0xffff;
+	x3=(RC2_INT)(l>>16L);
+
+	n=3;
+	i=5;
+
+	p0=p1= &(key->data[0]);
+	for (;;)
+		{
+		t=(x0+(x1& ~x3)+(x2&x3)+ *(p0++))&0xffff;
+		x0=(t<<1)|(t>>15);
+		t=(x1+(x2& ~x0)+(x3&x0)+ *(p0++))&0xffff;
+		x1=(t<<2)|(t>>14);
+		t=(x2+(x3& ~x1)+(x0&x1)+ *(p0++))&0xffff;
+		x2=(t<<3)|(t>>13);
+		t=(x3+(x0& ~x2)+(x1&x2)+ *(p0++))&0xffff;
+		x3=(t<<5)|(t>>11);
+
+		if (--i == 0)
+			{
+			if (--n == 0) break;
+			i=(n == 2)?6:5;
+
+			x0+=p1[x3&0x3f];
+			x1+=p1[x0&0x3f];
+			x2+=p1[x1&0x3f];
+			x3+=p1[x2&0x3f];
+			}
+		}
+
+	d[0]=(unsigned long)(x0&0xffff)|((unsigned long)(x1&0xffff)<<16L);
+	d[1]=(unsigned long)(x2&0xffff)|((unsigned long)(x3&0xffff)<<16L);
+	}
+
+void RC2_decrypt(unsigned long *d, RC2_KEY *key)
+	{
+	int i,n;
+	register RC2_INT *p0,*p1;
+	register RC2_INT x0,x1,x2,x3,t;
+	unsigned long l;
+
+	l=d[0];
+	x0=(RC2_INT)l&0xffff;
+	x1=(RC2_INT)(l>>16L);
+	l=d[1];
+	x2=(RC2_INT)l&0xffff;
+	x3=(RC2_INT)(l>>16L);
+
+	n=3;
+	i=5;
+
+	p0= &(key->data[63]);
+	p1= &(key->data[0]);
+	for (;;)
+		{
+		t=((x3<<11)|(x3>>5))&0xffff;
+		x3=(t-(x0& ~x2)-(x1&x2)- *(p0--))&0xffff;
+		t=((x2<<13)|(x2>>3))&0xffff;
+		x2=(t-(x3& ~x1)-(x0&x1)- *(p0--))&0xffff;
+		t=((x1<<14)|(x1>>2))&0xffff;
+		x1=(t-(x2& ~x0)-(x3&x0)- *(p0--))&0xffff;
+		t=((x0<<15)|(x0>>1))&0xffff;
+		x0=(t-(x1& ~x3)-(x2&x3)- *(p0--))&0xffff;
+
+		if (--i == 0)
+			{
+			if (--n == 0) break;
+			i=(n == 2)?6:5;
+
+			x3=(x3-p1[x2&0x3f])&0xffff;
+			x2=(x2-p1[x1&0x3f])&0xffff;
+			x1=(x1-p1[x0&0x3f])&0xffff;
+			x0=(x0-p1[x3&0x3f])&0xffff;
+			}
+		}
+
+	d[0]=(unsigned long)(x0&0xffff)|((unsigned long)(x1&0xffff)<<16L);
+	d[1]=(unsigned long)(x2&0xffff)|((unsigned long)(x3&0xffff)<<16L);
+	}
+
diff --git a/crypto/openssl/crypto/rc2/rc2_ecb.c b/crypto/openssl/crypto/rc2/rc2_ecb.c
new file mode 100644
index 000000000000..7d77b9186ca8
--- /dev/null
+++ b/crypto/openssl/crypto/rc2/rc2_ecb.c
@@ -0,0 +1,88 @@
+/* crypto/rc2/rc2_ecb.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "rc2_locl.h"
+#include 
+
+const char *RC2_version="RC2" OPENSSL_VERSION_PTEXT;
+
+/* RC2 as implemented frm a posting from
+ * Newsgroups: sci.crypt
+ * Sender: pgut01@cs.auckland.ac.nz (Peter Gutmann)
+ * Subject: Specification for Ron Rivests Cipher No.2
+ * Message-ID: <4fk39f$f70@net.auckland.ac.nz>
+ * Date: 11 Feb 1996 06:45:03 GMT
+ */
+
+void RC2_ecb_encrypt(unsigned char *in, unsigned char *out, RC2_KEY *ks,
+	     int encrypt)
+	{
+	unsigned long l,d[2];
+
+	c2l(in,l); d[0]=l;
+	c2l(in,l); d[1]=l;
+	if (encrypt)
+		RC2_encrypt(d,ks);
+	else
+		RC2_decrypt(d,ks);
+	l=d[0]; l2c(l,out);
+	l=d[1]; l2c(l,out);
+	l=d[0]=d[1]=0;
+	}
+
diff --git a/crypto/openssl/crypto/rc2/rc2_locl.h b/crypto/openssl/crypto/rc2/rc2_locl.h
new file mode 100644
index 000000000000..565cd1761973
--- /dev/null
+++ b/crypto/openssl/crypto/rc2/rc2_locl.h
@@ -0,0 +1,156 @@
+/* crypto/rc2/rc2_locl.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#undef c2l
+#define c2l(c,l)	(l =((unsigned long)(*((c)++)))    , \
+			 l|=((unsigned long)(*((c)++)))<< 8L, \
+			 l|=((unsigned long)(*((c)++)))<<16L, \
+			 l|=((unsigned long)(*((c)++)))<<24L)
+
+/* NOTE - c is not incremented as per c2l */
+#undef c2ln
+#define c2ln(c,l1,l2,n)	{ \
+			c+=n; \
+			l1=l2=0; \
+			switch (n) { \
+			case 8: l2 =((unsigned long)(*(--(c))))<<24L; \
+			case 7: l2|=((unsigned long)(*(--(c))))<<16L; \
+			case 6: l2|=((unsigned long)(*(--(c))))<< 8L; \
+			case 5: l2|=((unsigned long)(*(--(c))));     \
+			case 4: l1 =((unsigned long)(*(--(c))))<<24L; \
+			case 3: l1|=((unsigned long)(*(--(c))))<<16L; \
+			case 2: l1|=((unsigned long)(*(--(c))))<< 8L; \
+			case 1: l1|=((unsigned long)(*(--(c))));     \
+				} \
+			}
+
+#undef l2c
+#define l2c(l,c)	(*((c)++)=(unsigned char)(((l)     )&0xff), \
+			 *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+			 *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+			 *((c)++)=(unsigned char)(((l)>>24L)&0xff))
+
+/* NOTE - c is not incremented as per l2c */
+#undef l2cn
+#define l2cn(l1,l2,c,n)	{ \
+			c+=n; \
+			switch (n) { \
+			case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \
+			case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \
+			case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \
+			case 5: *(--(c))=(unsigned char)(((l2)     )&0xff); \
+			case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \
+			case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \
+			case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \
+			case 1: *(--(c))=(unsigned char)(((l1)     )&0xff); \
+				} \
+			}
+
+/* NOTE - c is not incremented as per n2l */
+#define n2ln(c,l1,l2,n)	{ \
+			c+=n; \
+			l1=l2=0; \
+			switch (n) { \
+			case 8: l2 =((unsigned long)(*(--(c))))    ; \
+			case 7: l2|=((unsigned long)(*(--(c))))<< 8; \
+			case 6: l2|=((unsigned long)(*(--(c))))<<16; \
+			case 5: l2|=((unsigned long)(*(--(c))))<<24; \
+			case 4: l1 =((unsigned long)(*(--(c))))    ; \
+			case 3: l1|=((unsigned long)(*(--(c))))<< 8; \
+			case 2: l1|=((unsigned long)(*(--(c))))<<16; \
+			case 1: l1|=((unsigned long)(*(--(c))))<<24; \
+				} \
+			}
+
+/* NOTE - c is not incremented as per l2n */
+#define l2nn(l1,l2,c,n)	{ \
+			c+=n; \
+			switch (n) { \
+			case 8: *(--(c))=(unsigned char)(((l2)    )&0xff); \
+			case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
+			case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
+			case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
+			case 4: *(--(c))=(unsigned char)(((l1)    )&0xff); \
+			case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
+			case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
+			case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
+				} \
+			}
+
+#undef n2l
+#define n2l(c,l)        (l =((unsigned long)(*((c)++)))<<24L, \
+                         l|=((unsigned long)(*((c)++)))<<16L, \
+                         l|=((unsigned long)(*((c)++)))<< 8L, \
+                         l|=((unsigned long)(*((c)++))))
+
+#undef l2n
+#define l2n(l,c)        (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)     )&0xff))
+
+#define C_RC2(n) \
+	t=(x0+(x1& ~x3)+(x2&x3)+ *(p0++))&0xffff; \
+	x0=(t<<1)|(t>>15); \
+	t=(x1+(x2& ~x0)+(x3&x0)+ *(p0++))&0xffff; \
+	x1=(t<<2)|(t>>14); \
+	t=(x2+(x3& ~x1)+(x0&x1)+ *(p0++))&0xffff; \
+	x2=(t<<3)|(t>>13); \
+	t=(x3+(x0& ~x2)+(x1&x2)+ *(p0++))&0xffff; \
+	x3=(t<<5)|(t>>11);
+
diff --git a/crypto/openssl/crypto/rc2/rc2_skey.c b/crypto/openssl/crypto/rc2/rc2_skey.c
new file mode 100644
index 000000000000..7143c4e591a9
--- /dev/null
+++ b/crypto/openssl/crypto/rc2/rc2_skey.c
@@ -0,0 +1,138 @@
+/* crypto/rc2/rc2_skey.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "rc2_locl.h"
+
+static unsigned char key_table[256]={
+	0xd9,0x78,0xf9,0xc4,0x19,0xdd,0xb5,0xed,0x28,0xe9,0xfd,0x79,
+	0x4a,0xa0,0xd8,0x9d,0xc6,0x7e,0x37,0x83,0x2b,0x76,0x53,0x8e,
+	0x62,0x4c,0x64,0x88,0x44,0x8b,0xfb,0xa2,0x17,0x9a,0x59,0xf5,
+	0x87,0xb3,0x4f,0x13,0x61,0x45,0x6d,0x8d,0x09,0x81,0x7d,0x32,
+	0xbd,0x8f,0x40,0xeb,0x86,0xb7,0x7b,0x0b,0xf0,0x95,0x21,0x22,
+	0x5c,0x6b,0x4e,0x82,0x54,0xd6,0x65,0x93,0xce,0x60,0xb2,0x1c,
+	0x73,0x56,0xc0,0x14,0xa7,0x8c,0xf1,0xdc,0x12,0x75,0xca,0x1f,
+	0x3b,0xbe,0xe4,0xd1,0x42,0x3d,0xd4,0x30,0xa3,0x3c,0xb6,0x26,
+	0x6f,0xbf,0x0e,0xda,0x46,0x69,0x07,0x57,0x27,0xf2,0x1d,0x9b,
+	0xbc,0x94,0x43,0x03,0xf8,0x11,0xc7,0xf6,0x90,0xef,0x3e,0xe7,
+	0x06,0xc3,0xd5,0x2f,0xc8,0x66,0x1e,0xd7,0x08,0xe8,0xea,0xde,
+	0x80,0x52,0xee,0xf7,0x84,0xaa,0x72,0xac,0x35,0x4d,0x6a,0x2a,
+	0x96,0x1a,0xd2,0x71,0x5a,0x15,0x49,0x74,0x4b,0x9f,0xd0,0x5e,
+	0x04,0x18,0xa4,0xec,0xc2,0xe0,0x41,0x6e,0x0f,0x51,0xcb,0xcc,
+	0x24,0x91,0xaf,0x50,0xa1,0xf4,0x70,0x39,0x99,0x7c,0x3a,0x85,
+	0x23,0xb8,0xb4,0x7a,0xfc,0x02,0x36,0x5b,0x25,0x55,0x97,0x31,
+	0x2d,0x5d,0xfa,0x98,0xe3,0x8a,0x92,0xae,0x05,0xdf,0x29,0x10,
+	0x67,0x6c,0xba,0xc9,0xd3,0x00,0xe6,0xcf,0xe1,0x9e,0xa8,0x2c,
+	0x63,0x16,0x01,0x3f,0x58,0xe2,0x89,0xa9,0x0d,0x38,0x34,0x1b,
+	0xab,0x33,0xff,0xb0,0xbb,0x48,0x0c,0x5f,0xb9,0xb1,0xcd,0x2e,
+	0xc5,0xf3,0xdb,0x47,0xe5,0xa5,0x9c,0x77,0x0a,0xa6,0x20,0x68,
+	0xfe,0x7f,0xc1,0xad,
+	};
+
+/* It has come to my attention that there are 2 versions of the RC2
+ * key schedule.  One which is normal, and anther which has a hook to
+ * use a reduced key length.
+ * BSAFE uses the 'retarded' version.  What I previously shipped is
+ * the same as specifying 1024 for the 'bits' parameter.  Bsafe uses
+ * a version where the bits parameter is the same as len*8 */
+void RC2_set_key(RC2_KEY *key, int len, unsigned char *data, int bits)
+	{
+	int i,j;
+	unsigned char *k;
+	RC2_INT *ki;
+	unsigned int c,d;
+
+	k= (unsigned char *)&(key->data[0]);
+	*k=0; /* for if there is a zero length key */
+
+	if (len > 128) len=128;
+	if (bits <= 0) bits=1024;
+	if (bits > 1024) bits=1024;
+
+	for (i=0; i>3;
+	i=128-j;
+	c= (0xff>>(-bits & 0x07));
+
+	d=key_table[k[i]&c];
+	k[i]=d;
+	while (i--)
+		{
+		d=key_table[k[i+j]^d];
+		k[i]=d;
+		}
+
+	/* copy from bytes into RC2_INT's */
+	ki= &(key->data[63]);
+	for (i=127; i>=0; i-=2)
+		*(ki--)=((k[i]<<8)|k[i-1])&0xffff;
+	}
+
diff --git a/crypto/openssl/crypto/rc2/rc2cfb64.c b/crypto/openssl/crypto/rc2/rc2cfb64.c
new file mode 100644
index 000000000000..5e3fa07d9072
--- /dev/null
+++ b/crypto/openssl/crypto/rc2/rc2cfb64.c
@@ -0,0 +1,121 @@
+/* crypto/rc2/rc2cfb64.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "rc2_locl.h"
+
+/* The input and output encrypted as though 64bit cfb mode is being
+ * used.  The extra state information to record how much of the
+ * 64bit block we have used is contained in *num;
+ */
+
+void RC2_cfb64_encrypt(unsigned char *in, unsigned char *out, long length,
+	     RC2_KEY *schedule, unsigned char *ivec, int *num, int encrypt)
+	{
+	register unsigned long v0,v1,t;
+	register int n= *num;
+	register long l=length;
+	unsigned long ti[2];
+	unsigned char *iv,c,cc;
+
+	iv=(unsigned char *)ivec;
+	if (encrypt)
+		{
+		while (l--)
+			{
+			if (n == 0)
+				{
+				c2l(iv,v0); ti[0]=v0;
+				c2l(iv,v1); ti[1]=v1;
+				RC2_encrypt((unsigned long *)ti,schedule);
+				iv=(unsigned char *)ivec;
+				t=ti[0]; l2c(t,iv);
+				t=ti[1]; l2c(t,iv);
+				iv=(unsigned char *)ivec;
+				}
+			c= *(in++)^iv[n];
+			*(out++)=c;
+			iv[n]=c;
+			n=(n+1)&0x07;
+			}
+		}
+	else
+		{
+		while (l--)
+			{
+			if (n == 0)
+				{
+				c2l(iv,v0); ti[0]=v0;
+				c2l(iv,v1); ti[1]=v1;
+				RC2_encrypt((unsigned long *)ti,schedule);
+				iv=(unsigned char *)ivec;
+				t=ti[0]; l2c(t,iv);
+				t=ti[1]; l2c(t,iv);
+				iv=(unsigned char *)ivec;
+				}
+			cc= *(in++);
+			c=iv[n];
+			iv[n]=cc;
+			*(out++)=c^cc;
+			n=(n+1)&0x07;
+			}
+		}
+	v0=v1=ti[0]=ti[1]=t=c=cc=0;
+	*num=n;
+	}
+
diff --git a/crypto/openssl/crypto/rc2/rc2ofb64.c b/crypto/openssl/crypto/rc2/rc2ofb64.c
new file mode 100644
index 000000000000..42cdd40cdd98
--- /dev/null
+++ b/crypto/openssl/crypto/rc2/rc2ofb64.c
@@ -0,0 +1,110 @@
+/* crypto/rc2/rc2ofb64.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "rc2_locl.h"
+
+/* The input and output encrypted as though 64bit ofb mode is being
+ * used.  The extra state information to record how much of the
+ * 64bit block we have used is contained in *num;
+ */
+void RC2_ofb64_encrypt(unsigned char *in, unsigned char *out, long length,
+	     RC2_KEY *schedule, unsigned char *ivec, int *num)
+	{
+	register unsigned long v0,v1,t;
+	register int n= *num;
+	register long l=length;
+	unsigned char d[8];
+	register char *dp;
+	unsigned long ti[2];
+	unsigned char *iv;
+	int save=0;
+
+	iv=(unsigned char *)ivec;
+	c2l(iv,v0);
+	c2l(iv,v1);
+	ti[0]=v0;
+	ti[1]=v1;
+	dp=(char *)d;
+	l2c(v0,dp);
+	l2c(v1,dp);
+	while (l--)
+		{
+		if (n == 0)
+			{
+			RC2_encrypt((unsigned long *)ti,schedule);
+			dp=(char *)d;
+			t=ti[0]; l2c(t,dp);
+			t=ti[1]; l2c(t,dp);
+			save++;
+			}
+		*(out++)= *(in++)^d[n];
+		n=(n+1)&0x07;
+		}
+	if (save)
+		{
+		v0=ti[0];
+		v1=ti[1];
+		iv=(unsigned char *)ivec;
+		l2c(v0,iv);
+		l2c(v1,iv);
+		}
+	t=v0=v1=ti[0]=ti[1]=0;
+	*num=n;
+	}
+
diff --git a/crypto/openssl/crypto/rc2/rc2speed.c b/crypto/openssl/crypto/rc2/rc2speed.c
new file mode 100644
index 000000000000..c3da63e77eb6
--- /dev/null
+++ b/crypto/openssl/crypto/rc2/rc2speed.c
@@ -0,0 +1,274 @@
+/* crypto/rc2/rc2speed.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* 11-Sep-92 Andrew Daviel   Support for Silicon Graphics IRIX added */
+/* 06-Apr-92 Luke Brennan    Support for VMS and add extra signal calls */
+
+#if !defined(MSDOS) && (!defined(VMS) || defined(__DECC))
+#define TIMES
+#endif
+
+#include 
+
+#include 
+#include OPENSSL_UNISTD_IO
+OPENSSL_DECLARE_EXIT
+
+#include 
+#ifndef _IRIX
+#include 
+#endif
+#ifdef TIMES
+#include 
+#include 
+#endif
+
+/* Depending on the VMS version, the tms structure is perhaps defined.
+   The __TMS macro will show if it was.  If it wasn't defined, we should
+   undefine TIMES, since that tells the rest of the program how things
+   should be handled.				-- Richard Levitte */
+#if defined(VMS) && defined(__DECC) && !defined(__TMS)
+#undef TIMES
+#endif
+
+#ifndef TIMES
+#include 
+#endif
+
+#if defined(sun) || defined(__ultrix)
+#define _POSIX_SOURCE
+#include 
+#include 
+#endif
+
+#include 
+
+/* The following if from times(3) man page.  It may need to be changed */
+#ifndef HZ
+#ifndef CLK_TCK
+#define HZ	100.0
+#endif
+#else /* CLK_TCK */
+#define HZ ((double)CLK_TCK)
+#endif
+
+#define BUFSIZE	((long)1024)
+long run=0;
+
+double Time_F(int s);
+#ifdef SIGALRM
+#if defined(__STDC__) || defined(sgi) || defined(_AIX)
+#define SIGRETTYPE void
+#else
+#define SIGRETTYPE int
+#endif
+
+SIGRETTYPE sig_done(int sig);
+SIGRETTYPE sig_done(int sig)
+	{
+	signal(SIGALRM,sig_done);
+	run=0;
+#ifdef LINT
+	sig=sig;
+#endif
+	}
+#endif
+
+#define START	0
+#define STOP	1
+
+double Time_F(int s)
+	{
+	double ret;
+#ifdef TIMES
+	static struct tms tstart,tend;
+
+	if (s == START)
+		{
+		times(&tstart);
+		return(0);
+		}
+	else
+		{
+		times(&tend);
+		ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
+		return((ret == 0.0)?1e-6:ret);
+		}
+#else /* !times() */
+	static struct timeb tstart,tend;
+	long i;
+
+	if (s == START)
+		{
+		ftime(&tstart);
+		return(0);
+		}
+	else
+		{
+		ftime(&tend);
+		i=(long)tend.millitm-(long)tstart.millitm;
+		ret=((double)(tend.time-tstart.time))+((double)i)/1e3;
+		return((ret == 0.0)?1e-6:ret);
+		}
+#endif
+	}
+
+int main(int argc, char **argv)
+	{
+	long count;
+	static unsigned char buf[BUFSIZE];
+	static unsigned char key[] ={
+			0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
+			0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10,
+			};
+	RC2_KEY sch;
+	double a,b,c,d;
+#ifndef SIGALRM
+	long ca,cb,cc;
+#endif
+
+#ifndef TIMES
+	printf("To get the most acurate results, try to run this\n");
+	printf("program when this computer is idle.\n");
+#endif
+
+#ifndef SIGALRM
+	printf("First we calculate the approximate speed ...\n");
+	RC2_set_key(&sch,16,key,128);
+	count=10;
+	do	{
+		long i;
+		unsigned long data[2];
+
+		count*=2;
+		Time_F(START);
+		for (i=count; i; i--)
+			RC2_encrypt(data,&sch);
+		d=Time_F(STOP);
+		} while (d < 3.0);
+	ca=count/512;
+	cb=count;
+	cc=count*8/BUFSIZE+1;
+	printf("Doing RC2_set_key %ld times\n",ca);
+#define COND(d)	(count != (d))
+#define COUNT(d) (d)
+#else
+#define COND(c)	(run)
+#define COUNT(d) (count)
+	signal(SIGALRM,sig_done);
+	printf("Doing RC2_set_key for 10 seconds\n");
+	alarm(10);
+#endif
+
+	Time_F(START);
+	for (count=0,run=1; COND(ca); count+=4)
+		{
+		RC2_set_key(&sch,16,key,128);
+		RC2_set_key(&sch,16,key,128);
+		RC2_set_key(&sch,16,key,128);
+		RC2_set_key(&sch,16,key,128);
+		}
+	d=Time_F(STOP);
+	printf("%ld RC2_set_key's in %.2f seconds\n",count,d);
+	a=((double)COUNT(ca))/d;
+
+#ifdef SIGALRM
+	printf("Doing RC2_encrypt's for 10 seconds\n");
+	alarm(10);
+#else
+	printf("Doing RC2_encrypt %ld times\n",cb);
+#endif
+	Time_F(START);
+	for (count=0,run=1; COND(cb); count+=4)
+		{
+		unsigned long data[2];
+
+		RC2_encrypt(data,&sch);
+		RC2_encrypt(data,&sch);
+		RC2_encrypt(data,&sch);
+		RC2_encrypt(data,&sch);
+		}
+	d=Time_F(STOP);
+	printf("%ld RC2_encrypt's in %.2f second\n",count,d);
+	b=((double)COUNT(cb)*8)/d;
+
+#ifdef SIGALRM
+	printf("Doing RC2_cbc_encrypt on %ld byte blocks for 10 seconds\n",
+		BUFSIZE);
+	alarm(10);
+#else
+	printf("Doing RC2_cbc_encrypt %ld times on %ld byte blocks\n",cc,
+		BUFSIZE);
+#endif
+	Time_F(START);
+	for (count=0,run=1; COND(cc); count++)
+		RC2_cbc_encrypt(buf,buf,BUFSIZE,&sch,
+			&(key[0]),RC2_ENCRYPT);
+	d=Time_F(STOP);
+	printf("%ld RC2_cbc_encrypt's of %ld byte blocks in %.2f second\n",
+		count,BUFSIZE,d);
+	c=((double)COUNT(cc)*BUFSIZE)/d;
+
+	printf("RC2 set_key       per sec = %12.2f (%9.3fuS)\n",a,1.0e6/a);
+	printf("RC2 raw ecb bytes per sec = %12.2f (%9.3fuS)\n",b,8.0e6/b);
+	printf("RC2 cbc     bytes per sec = %12.2f (%9.3fuS)\n",c,8.0e6/c);
+	exit(0);
+#if defined(LINT) || defined(MSDOS)
+	return(0);
+#endif
+	}
diff --git a/crypto/openssl/crypto/rc2/rc2test.c b/crypto/openssl/crypto/rc2/rc2test.c
new file mode 100644
index 000000000000..6a5defa6ea8a
--- /dev/null
+++ b/crypto/openssl/crypto/rc2/rc2test.c
@@ -0,0 +1,269 @@
+/* crypto/rc2/rc2test.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* This has been a quickly hacked 'ideatest.c'.  When I add tests for other
+ * RC2 modes, more of the code will be uncommented. */
+
+#include 
+#include 
+#include 
+
+#ifdef NO_RC2
+int main(int argc, char *argv[])
+{
+    printf("No RC2 support\n");
+    return(0);
+}
+#else
+#include 
+
+unsigned char RC2key[4][16]={
+	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+	 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+	 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01},
+	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+	 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+	{0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
+	 0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F},
+	};
+
+unsigned char RC2plain[4][8]={
+	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+	{0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
+	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+	};
+
+unsigned char RC2cipher[4][8]={
+	{0x1C,0x19,0x8A,0x83,0x8D,0xF0,0x28,0xB7},
+	{0x21,0x82,0x9C,0x78,0xA9,0xF9,0xC0,0x74},
+	{0x13,0xDB,0x35,0x17,0xD3,0x21,0x86,0x9E},
+	{0x50,0xDC,0x01,0x62,0xBD,0x75,0x7F,0x31},
+	};
+/************/
+#ifdef undef
+unsigned char k[16]={
+	0x00,0x01,0x00,0x02,0x00,0x03,0x00,0x04,
+	0x00,0x05,0x00,0x06,0x00,0x07,0x00,0x08};
+
+unsigned char in[8]={0x00,0x00,0x00,0x01,0x00,0x02,0x00,0x03};
+unsigned char  c[8]={0x11,0xFB,0xED,0x2B,0x01,0x98,0x6D,0xE5};
+unsigned char out[80];
+
+char *text="Hello to all people out there";
+
+static unsigned char cfb_key[16]={
+	0xe1,0xf0,0xc3,0xd2,0xa5,0xb4,0x87,0x96,
+	0x69,0x78,0x4b,0x5a,0x2d,0x3c,0x0f,0x1e,
+	};
+static unsigned char cfb_iv[80]={0x34,0x12,0x78,0x56,0xab,0x90,0xef,0xcd};
+static unsigned char cfb_buf1[40],cfb_buf2[40],cfb_tmp[8];
+#define CFB_TEST_SIZE 24
+static unsigned char plain[CFB_TEST_SIZE]=
+        {
+        0x4e,0x6f,0x77,0x20,0x69,0x73,
+        0x20,0x74,0x68,0x65,0x20,0x74,
+        0x69,0x6d,0x65,0x20,0x66,0x6f,
+        0x72,0x20,0x61,0x6c,0x6c,0x20
+        };
+static unsigned char cfb_cipher64[CFB_TEST_SIZE]={
+	0x59,0xD8,0xE2,0x65,0x00,0x58,0x6C,0x3F,
+	0x2C,0x17,0x25,0xD0,0x1A,0x38,0xB7,0x2A,
+	0x39,0x61,0x37,0xDC,0x79,0xFB,0x9F,0x45
+
+/*	0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38,
+	0x9A,0x44,0xD6,0x04,0x19,0x43,0xC4,0xD9,
+	0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/
+	}; 
+
+
+/*static int cfb64_test(unsigned char *cfb_cipher);*/
+static char *pt(unsigned char *p);
+#endif
+
+int main(int argc, char *argv[])
+	{
+	int i,n,err=0;
+	RC2_KEY key; 
+	unsigned char buf[8],buf2[8];
+
+	for (n=0; n<4; n++)
+		{
+		RC2_set_key(&key,16,&(RC2key[n][0]),0 /* or 1024 */);
+
+		RC2_ecb_encrypt(&(RC2plain[n][0]),buf,&key,RC2_ENCRYPT);
+		if (memcmp(&(RC2cipher[n][0]),buf,8) != 0)
+			{
+			printf("ecb rc2 error encrypting\n");
+			printf("got     :");
+			for (i=0; i<8; i++)
+				printf("%02X ",buf[i]);
+			printf("\n");
+			printf("expected:");
+			for (i=0; i<8; i++)
+				printf("%02X ",RC2cipher[n][i]);
+			err=20;
+			printf("\n");
+			}
+
+		RC2_ecb_encrypt(buf,buf2,&key,RC2_DECRYPT);
+		if (memcmp(&(RC2plain[n][0]),buf2,8) != 0)
+			{
+			printf("ecb RC2 error decrypting\n");
+			printf("got     :");
+			for (i=0; i<8; i++)
+				printf("%02X ",buf[i]);
+			printf("\n");
+			printf("expected:");
+			for (i=0; i<8; i++)
+				printf("%02X ",RC2plain[n][i]);
+			printf("\n");
+			err=3;
+			}
+		}
+
+	if (err == 0) printf("ecb RC2 ok\n");
+#ifdef undef
+	memcpy(iv,k,8);
+	idea_cbc_encrypt((unsigned char *)text,out,strlen(text)+1,&key,iv,1);
+	memcpy(iv,k,8);
+	idea_cbc_encrypt(out,out,8,&dkey,iv,0);
+	idea_cbc_encrypt(&(out[8]),&(out[8]),strlen(text)+1-8,&dkey,iv,0);
+	if (memcmp(text,out,strlen(text)+1) != 0)
+		{
+		printf("cbc idea bad\n");
+		err=4;
+		}
+	else
+		printf("cbc idea ok\n");
+
+	printf("cfb64 idea ");
+	if (cfb64_test(cfb_cipher64))
+		{
+		printf("bad\n");
+		err=5;
+		}
+	else
+		printf("ok\n");
+#endif
+
+	exit(err);
+	return(err);
+	}
+
+#ifdef undef
+static int cfb64_test(unsigned char *cfb_cipher)
+        {
+        IDEA_KEY_SCHEDULE eks,dks;
+        int err=0,i,n;
+
+        idea_set_encrypt_key(cfb_key,&eks);
+        idea_set_decrypt_key(&eks,&dks);
+        memcpy(cfb_tmp,cfb_iv,8);
+        n=0;
+        idea_cfb64_encrypt(plain,cfb_buf1,(long)12,&eks,
+                cfb_tmp,&n,IDEA_ENCRYPT);
+        idea_cfb64_encrypt(&(plain[12]),&(cfb_buf1[12]),
+                (long)CFB_TEST_SIZE-12,&eks,
+                cfb_tmp,&n,IDEA_ENCRYPT);
+        if (memcmp(cfb_cipher,cfb_buf1,CFB_TEST_SIZE) != 0)
+                {
+                err=1;
+                printf("idea_cfb64_encrypt encrypt error\n");
+                for (i=0; i>4)&0xf];
+		ret[i*2+1]=f[p[i]&0xf];
+		}
+	ret[16]='\0';
+	return(ret);
+	}
+	
+#endif
+#endif
diff --git a/crypto/openssl/crypto/rc2/rrc2.doc b/crypto/openssl/crypto/rc2/rrc2.doc
new file mode 100644
index 000000000000..f93ee003d2f8
--- /dev/null
+++ b/crypto/openssl/crypto/rc2/rrc2.doc
@@ -0,0 +1,219 @@
+>From cygnus.mincom.oz.au!minbne.mincom.oz.au!bunyip.cc.uq.oz.au!munnari.OZ.AU!comp.vuw.ac.nz!waikato!auckland.ac.nz!news Mon Feb 12 18:48:17 EST 1996
+Article 23601 of sci.crypt:
+Path: cygnus.mincom.oz.au!minbne.mincom.oz.au!bunyip.cc.uq.oz.au!munnari.OZ.AU!comp.vuw.ac.nz!waikato!auckland.ac.nz!news
+>From: pgut01@cs.auckland.ac.nz (Peter Gutmann)
+Newsgroups: sci.crypt
+Subject: Specification for Ron Rivests Cipher No.2
+Date: 11 Feb 1996 06:45:03 GMT
+Organization: University of Auckland
+Lines: 203
+Sender: pgut01@cs.auckland.ac.nz (Peter Gutmann)
+Message-ID: <4fk39f$f70@net.auckland.ac.nz>
+NNTP-Posting-Host: cs26.cs.auckland.ac.nz
+X-Newsreader: NN version 6.5.0 #3 (NOV)
+
+
+
+
+                           Ron Rivest's Cipher No.2
+                           ------------------------
+ 
+Ron Rivest's Cipher No.2 (hereafter referred to as RRC.2, other people may
+refer to it by other names) is word oriented, operating on a block of 64 bits
+divided into four 16-bit words, with a key table of 64 words.  All data units
+are little-endian.  This functional description of the algorithm is based in
+the paper "The RC5 Encryption Algorithm" (RC5 is a trademark of RSADSI), using
+the same general layout, terminology, and pseudocode style.
+ 
+ 
+Notation and RRC.2 Primitive Operations
+ 
+RRC.2 uses the following primitive operations:
+ 
+1. Two's-complement addition of words, denoted by "+".  The inverse operation,
+   subtraction, is denoted by "-".
+2. Bitwise exclusive OR, denoted by "^".
+3. Bitwise AND, denoted by "&".
+4. Bitwise NOT, denoted by "~".
+5. A left-rotation of words; the rotation of word x left by y is denoted
+   x <<< y.  The inverse operation, right-rotation, is denoted x >>> y.
+ 
+These operations are directly and efficiently supported by most processors.
+ 
+ 
+The RRC.2 Algorithm
+ 
+RRC.2 consists of three components, a *key expansion* algorithm, an
+*encryption* algorithm, and a *decryption* algorithm.
+ 
+ 
+Key Expansion
+ 
+The purpose of the key-expansion routine is to expand the user's key K to fill
+the expanded key array S, so S resembles an array of random binary words
+determined by the user's secret key K.
+ 
+Initialising the S-box
+ 
+RRC.2 uses a single 256-byte S-box derived from the ciphertext contents of
+Beale Cipher No.1 XOR'd with a one-time pad.  The Beale Ciphers predate modern
+cryptography by enough time that there should be no concerns about trapdoors
+hidden in the data.  They have been published widely, and the S-box can be
+easily recreated from the one-time pad values and the Beale Cipher data taken
+from a standard source.  To initialise the S-box:
+ 
+  for i = 0 to 255 do
+    sBox[ i ] = ( beale[ i ] mod 256 ) ^ pad[ i ]
+ 
+The contents of Beale Cipher No.1 and the necessary one-time pad are given as
+an appendix at the end of this document.  For efficiency, implementors may wish
+to skip the Beale Cipher expansion and store the sBox table directly.
+ 
+Expanding the Secret Key to 128 Bytes
+ 
+The secret key is first expanded to fill 128 bytes (64 words).  The expansion
+consists of taking the sum of the first and last bytes in the user key, looking
+up the sum (modulo 256) in the S-box, and appending the result to the key.  The
+operation is repeated with the second byte and new last byte of the key until
+all 128 bytes have been generated.  Note that the following pseudocode treats
+the S array as an array of 128 bytes rather than 64 words.
+ 
+  for j = 0 to length-1 do
+    S[ j ] = K[ j ]
+  for j = length to 127 do
+    s[ j ] = sBox[ ( S[ j-length ] + S[ j-1 ] ) mod 256 ];
+ 
+At this point it is possible to perform a truncation of the effective key
+length to ease the creation of espionage-enabled software products.  However
+since the author cannot conceive why anyone would want to do this, it will not
+be considered further.
+ 
+The final phase of the key expansion involves replacing the first byte of S
+with the entry selected from the S-box:
+ 
+  S[ 0 ] = sBox[ S[ 0 ] ]
+ 
+ 
+Encryption
+ 
+The cipher has 16 full rounds, each divided into 4 subrounds.  Two of the full
+rounds perform an additional transformation on the data.  Note that the
+following pseudocode treats the S array as an array of 64 words rather than 128
+bytes.
+ 
+  for i = 0 to 15 do
+    j = i * 4;
+    word0 = ( word0 + ( word1 & ~word3 ) + ( word2 & word3 ) + S[ j+0 ] ) <<< 1
+    word1 = ( word1 + ( word2 & ~word0 ) + ( word3 & word0 ) + S[ j+1 ] ) <<< 2
+    word2 = ( word2 + ( word3 & ~word1 ) + ( word0 & word1 ) + S[ j+2 ] ) <<< 3
+    word3 = ( word3 + ( word0 & ~word2 ) + ( word1 & word2 ) + S[ j+3 ] ) <<< 5
+ 
+In addition the fifth and eleventh rounds add the contents of the S-box indexed
+by one of the data words to another of the data words following the four
+subrounds as follows:
+ 
+    word0 = word0 + S[ word3 & 63 ];
+    word1 = word1 + S[ word0 & 63 ];
+    word2 = word2 + S[ word1 & 63 ];
+    word3 = word3 + S[ word2 & 63 ];
+ 
+ 
+Decryption
+ 
+The decryption operation is simply the inverse of the encryption operation.
+Note that the following pseudocode treats the S array as an array of 64 words
+rather than 128 bytes.
+ 
+  for i = 15 downto 0 do
+    j = i * 4;
+    word3 = ( word3 >>> 5 ) - ( word0 & ~word2 ) - ( word1 & word2 ) - S[ j+3 ]
+    word2 = ( word2 >>> 3 ) - ( word3 & ~word1 ) - ( word0 & word1 ) - S[ j+2 ]
+    word1 = ( word1 >>> 2 ) - ( word2 & ~word0 ) - ( word3 & word0 ) - S[ j+1 ]
+    word0 = ( word0 >>> 1 ) - ( word1 & ~word3 ) - ( word2 & word3 ) - S[ j+0 ]
+ 
+In addition the fifth and eleventh rounds subtract the contents of the S-box
+indexed by one of the data words from another one of the data words following
+the four subrounds as follows:
+ 
+    word3 = word3 - S[ word2 & 63 ]
+    word2 = word2 - S[ word1 & 63 ]
+    word1 = word1 - S[ word0 & 63 ]
+    word0 = word0 - S[ word3 & 63 ]
+ 
+ 
+Test Vectors
+ 
+The following test vectors may be used to test the correctness of an RRC.2
+implementation:
+ 
+  Key:      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+  Plain:    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+  Cipher:   0x1C, 0x19, 0x8A, 0x83, 0x8D, 0xF0, 0x28, 0xB7
+ 
+  Key:      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01
+  Plain:    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+  Cipher:   0x21, 0x82, 0x9C, 0x78, 0xA9, 0xF9, 0xC0, 0x74
+ 
+  Key:      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+  Plain:    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
+  Cipher:   0x13, 0xDB, 0x35, 0x17, 0xD3, 0x21, 0x86, 0x9E
+ 
+  Key:      0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+            0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
+  Plain:    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+  Cipher:   0x50, 0xDC, 0x01, 0x62, 0xBD, 0x75, 0x7F, 0x31
+ 
+ 
+Appendix: Beale Cipher No.1, "The Locality of the Vault", and One-time Pad for
+          Creating the S-Box
+ 
+Beale Cipher No.1.
+ 
+  71, 194,  38,1701,  89,  76,  11,  83,1629,  48,  94,  63, 132,  16, 111,  95,
+  84, 341, 975,  14,  40,  64,  27,  81, 139, 213,  63,  90,1120,   8,  15,   3,
+ 126,2018,  40,  74, 758, 485, 604, 230, 436, 664, 582, 150, 251, 284, 308, 231,
+ 124, 211, 486, 225, 401, 370,  11, 101, 305, 139, 189,  17,  33,  88, 208, 193,
+ 145,   1,  94,  73, 416, 918, 263,  28, 500, 538, 356, 117, 136, 219,  27, 176,
+ 130,  10, 460,  25, 485,  18, 436,  65,  84, 200, 283, 118, 320, 138,  36, 416,
+ 280,  15,  71, 224, 961,  44,  16, 401,  39,  88,  61, 304,  12,  21,  24, 283,
+ 134,  92,  63, 246, 486, 682,   7, 219, 184, 360, 780,  18,  64, 463, 474, 131,
+ 160,  79,  73, 440,  95,  18,  64, 581,  34,  69, 128, 367, 460,  17,  81,  12,
+ 103, 820,  62, 110,  97, 103, 862,  70,  60,1317, 471, 540, 208, 121, 890, 346,
+  36, 150,  59, 568, 614,  13, 120,  63, 219, 812,2160,1780,  99,  35,  18,  21,
+ 136, 872,  15,  28, 170,  88,   4,  30,  44, 112,  18, 147, 436, 195, 320,  37,
+ 122, 113,   6, 140,   8, 120, 305,  42,  58, 461,  44, 106, 301,  13, 408, 680,
+  93,  86, 116, 530,  82, 568,   9, 102,  38, 416,  89,  71, 216, 728, 965, 818,
+   2,  38, 121, 195,  14, 326, 148, 234,  18,  55, 131, 234, 361, 824,   5,  81,
+ 623,  48, 961,  19,  26,  33,  10,1101, 365,  92,  88, 181, 275, 346, 201, 206
+ 
+One-time Pad.
+ 
+ 158, 186, 223,  97,  64, 145, 190, 190, 117, 217, 163,  70, 206, 176, 183, 194,
+ 146,  43, 248, 141,   3,  54,  72, 223, 233, 153,  91, 210,  36, 131, 244, 161,
+ 105, 120, 113, 191, 113,  86,  19, 245, 213, 221,  43,  27, 242, 157,  73, 213,
+ 193,  92, 166,  10,  23, 197, 112, 110, 193,  30, 156,  51, 125,  51, 158,  67,
+ 197, 215,  59, 218, 110, 246, 181,   0, 135,  76, 164,  97,  47,  87, 234, 108,
+ 144, 127,   6,   6, 222, 172,  80, 144,  22, 245, 207,  70, 227, 182, 146, 134,
+ 119, 176,  73,  58, 135,  69,  23, 198,   0, 170,  32, 171, 176, 129,  91,  24,
+ 126,  77, 248,   0, 118,  69,  57,  60, 190, 171, 217,  61, 136, 169, 196,  84,
+ 168, 167, 163, 102, 223,  64, 174, 178, 166, 239, 242, 195, 249,  92,  59,  38,
+ 241,  46, 236,  31,  59, 114,  23,  50, 119, 186,   7,  66, 212,  97, 222, 182,
+ 230, 118, 122,  86, 105,  92, 179, 243, 255, 189, 223, 164, 194, 215,  98,  44,
+  17,  20,  53, 153, 137, 224, 176, 100, 208, 114,  36, 200, 145, 150, 215,  20,
+  87,  44, 252,  20, 235, 242, 163, 132,  63,  18,   5, 122,  74,  97,  34,  97,
+ 142,  86, 146, 221, 179, 166, 161,  74,  69, 182,  88, 120, 128,  58,  76, 155,
+  15,  30,  77, 216, 165, 117, 107,  90, 169, 127, 143, 181, 208, 137, 200, 127,
+ 170, 195,  26,  84, 255, 132, 150,  58, 103, 250, 120, 221, 237,  37,   8,  99
+ 
+ 
+Implementation
+ 
+A non-US based programmer who has never seen any encryption code before will
+shortly be implementing RRC.2 based solely on this specification and not on
+knowledge of any other encryption algorithms.  Stand by.
+
+
+
diff --git a/crypto/openssl/crypto/rc2/tab.c b/crypto/openssl/crypto/rc2/tab.c
new file mode 100644
index 000000000000..25dc14eeba1d
--- /dev/null
+++ b/crypto/openssl/crypto/rc2/tab.c
@@ -0,0 +1,86 @@
+#include 
+
+unsigned char ebits_to_num[256]={
+	0xbd,0x56,0xea,0xf2,0xa2,0xf1,0xac,0x2a,
+	0xb0,0x93,0xd1,0x9c,0x1b,0x33,0xfd,0xd0,
+	0x30,0x04,0xb6,0xdc,0x7d,0xdf,0x32,0x4b,
+	0xf7,0xcb,0x45,0x9b,0x31,0xbb,0x21,0x5a,
+	0x41,0x9f,0xe1,0xd9,0x4a,0x4d,0x9e,0xda,
+	0xa0,0x68,0x2c,0xc3,0x27,0x5f,0x80,0x36,
+	0x3e,0xee,0xfb,0x95,0x1a,0xfe,0xce,0xa8,
+	0x34,0xa9,0x13,0xf0,0xa6,0x3f,0xd8,0x0c,
+	0x78,0x24,0xaf,0x23,0x52,0xc1,0x67,0x17,
+	0xf5,0x66,0x90,0xe7,0xe8,0x07,0xb8,0x60,
+	0x48,0xe6,0x1e,0x53,0xf3,0x92,0xa4,0x72,
+	0x8c,0x08,0x15,0x6e,0x86,0x00,0x84,0xfa,
+	0xf4,0x7f,0x8a,0x42,0x19,0xf6,0xdb,0xcd,
+	0x14,0x8d,0x50,0x12,0xba,0x3c,0x06,0x4e,
+	0xec,0xb3,0x35,0x11,0xa1,0x88,0x8e,0x2b,
+	0x94,0x99,0xb7,0x71,0x74,0xd3,0xe4,0xbf,
+	0x3a,0xde,0x96,0x0e,0xbc,0x0a,0xed,0x77,
+	0xfc,0x37,0x6b,0x03,0x79,0x89,0x62,0xc6,
+	0xd7,0xc0,0xd2,0x7c,0x6a,0x8b,0x22,0xa3,
+	0x5b,0x05,0x5d,0x02,0x75,0xd5,0x61,0xe3,
+	0x18,0x8f,0x55,0x51,0xad,0x1f,0x0b,0x5e,
+	0x85,0xe5,0xc2,0x57,0x63,0xca,0x3d,0x6c,
+	0xb4,0xc5,0xcc,0x70,0xb2,0x91,0x59,0x0d,
+	0x47,0x20,0xc8,0x4f,0x58,0xe0,0x01,0xe2,
+	0x16,0x38,0xc4,0x6f,0x3b,0x0f,0x65,0x46,
+	0xbe,0x7e,0x2d,0x7b,0x82,0xf9,0x40,0xb5,
+	0x1d,0x73,0xf8,0xeb,0x26,0xc7,0x87,0x97,
+	0x25,0x54,0xb1,0x28,0xaa,0x98,0x9d,0xa5,
+	0x64,0x6d,0x7a,0xd4,0x10,0x81,0x44,0xef,
+	0x49,0xd6,0xae,0x2e,0xdd,0x76,0x5c,0x2f,
+	0xa7,0x1c,0xc9,0x09,0x69,0x9a,0x83,0xcf,
+	0x29,0x39,0xb9,0xe9,0x4c,0xff,0x43,0xab,
+	};
+
+unsigned char num_to_ebits[256]={
+	0x5d,0xbe,0x9b,0x8b,0x11,0x99,0x6e,0x4d,
+	0x59,0xf3,0x85,0xa6,0x3f,0xb7,0x83,0xc5,
+	0xe4,0x73,0x6b,0x3a,0x68,0x5a,0xc0,0x47,
+	0xa0,0x64,0x34,0x0c,0xf1,0xd0,0x52,0xa5,
+	0xb9,0x1e,0x96,0x43,0x41,0xd8,0xd4,0x2c,
+	0xdb,0xf8,0x07,0x77,0x2a,0xca,0xeb,0xef,
+	0x10,0x1c,0x16,0x0d,0x38,0x72,0x2f,0x89,
+	0xc1,0xf9,0x80,0xc4,0x6d,0xae,0x30,0x3d,
+	0xce,0x20,0x63,0xfe,0xe6,0x1a,0xc7,0xb8,
+	0x50,0xe8,0x24,0x17,0xfc,0x25,0x6f,0xbb,
+	0x6a,0xa3,0x44,0x53,0xd9,0xa2,0x01,0xab,
+	0xbc,0xb6,0x1f,0x98,0xee,0x9a,0xa7,0x2d,
+	0x4f,0x9e,0x8e,0xac,0xe0,0xc6,0x49,0x46,
+	0x29,0xf4,0x94,0x8a,0xaf,0xe1,0x5b,0xc3,
+	0xb3,0x7b,0x57,0xd1,0x7c,0x9c,0xed,0x87,
+	0x40,0x8c,0xe2,0xcb,0x93,0x14,0xc9,0x61,
+	0x2e,0xe5,0xcc,0xf6,0x5e,0xa8,0x5c,0xd6,
+	0x75,0x8d,0x62,0x95,0x58,0x69,0x76,0xa1,
+	0x4a,0xb5,0x55,0x09,0x78,0x33,0x82,0xd7,
+	0xdd,0x79,0xf5,0x1b,0x0b,0xde,0x26,0x21,
+	0x28,0x74,0x04,0x97,0x56,0xdf,0x3c,0xf0,
+	0x37,0x39,0xdc,0xff,0x06,0xa4,0xea,0x42,
+	0x08,0xda,0xb4,0x71,0xb0,0xcf,0x12,0x7a,
+	0x4e,0xfa,0x6c,0x1d,0x84,0x00,0xc8,0x7f,
+	0x91,0x45,0xaa,0x2b,0xc2,0xb1,0x8f,0xd5,
+	0xba,0xf2,0xad,0x19,0xb2,0x67,0x36,0xf7,
+	0x0f,0x0a,0x92,0x7d,0xe3,0x9d,0xe9,0x90,
+	0x3e,0x23,0x27,0x66,0x13,0xec,0x81,0x15,
+	0xbd,0x22,0xbf,0x9f,0x7e,0xa9,0x51,0x4b,
+	0x4c,0xfb,0x02,0xd3,0x70,0x86,0x31,0xe7,
+	0x3b,0x05,0x03,0x54,0x60,0x48,0x65,0x18,
+	0xd2,0xcd,0x5f,0x32,0x88,0x0e,0x35,0xfd,
+	};
+	
+main()
+	{
+	int i,j;
+
+	for (i=0; i<256; i++)
+		{
+		for (j=0; j<256; j++)
+			if (ebits_to_num[j] == i)
+				{
+				printf("0x%02x,",j);
+				break;
+				}
+		}
+	}
diff --git a/crypto/openssl/crypto/rc2/version b/crypto/openssl/crypto/rc2/version
new file mode 100644
index 000000000000..6f89d595f179
--- /dev/null
+++ b/crypto/openssl/crypto/rc2/version
@@ -0,0 +1,22 @@
+1.1 23/08/96 - eay
+	Changed RC2_set_key() so it now takes another argument.  Many
+	thanks to Peter Gutmann  for the
+	clarification and origional specification of RC2.  BSAFE uses
+	this last parameter, 'bits'.  It the key is 128 bits, BSAFE
+	also sets this parameter to 128.  The old behaviour can be
+	duplicated by setting this parameter to 1024.
+
+1.0 08/04/96 - eay
+	First version of SSLeay with rc2.  This has been written from the spec
+	posted sci.crypt.  It is in this directory under rrc2.doc
+	I have no test values for any mode other than ecb, my wrappers for the
+	other modes should be ok since they are basically the same as
+	the ones taken from idea and des :-).  I have implemented them as
+	little-endian operators.
+	While rc2 is included because it is used with SSL, I don't know how
+	far I trust it.  It is about the same speed as IDEA and DES.
+	So if you are paranoid, used Tripple DES, else IDEA.  If RC2
+	does get used more, perhaps more people will look for weaknesses in
+	it.
+	
+
diff --git a/crypto/openssl/crypto/rc4/Makefile.ssl b/crypto/openssl/crypto/rc4/Makefile.ssl
new file mode 100644
index 000000000000..64092fd4f1cf
--- /dev/null
+++ b/crypto/openssl/crypto/rc4/Makefile.ssl
@@ -0,0 +1,113 @@
+#
+# SSLeay/crypto/rc4/Makefile
+#
+
+DIR=	rc4
+TOP=	../..
+CC=	cc
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=		make -f Makefile.ssl
+MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+MAKEFILE=	Makefile.ssl
+AR=		ar r
+
+RC4_ENC=rc4_enc.o
+# or use
+#RC4_ENC=asm/rx86-elf.o
+#RC4_ENC=asm/rx86-out.o
+#RC4_ENC=asm/rx86-sol.o
+#RC4_ENC=asm/rx86bdsi.o
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=rc4test.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=rc4_skey.c rc4_enc.c
+LIBOBJ=rc4_skey.o $(RC4_ENC)
+
+SRC= $(LIBSRC)
+
+EXHEADER= rc4.h
+HEADER=	$(EXHEADER) rc4_locl.h
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:	lib
+
+lib:	$(LIBOBJ)
+	$(AR) $(LIB) $(LIBOBJ)
+	$(RANLIB) $(LIB)
+	@touch lib
+
+# elf
+asm/rx86-elf.o: asm/rx86unix.cpp
+	$(CPP) -DELF asm/rx86unix.cpp | as -o asm/rx86-elf.o
+
+# solaris
+asm/rx86-sol.o: asm/rx86unix.cpp
+	$(CC) -E -DSOL asm/rx86unix.cpp | sed 's/^#.*//' > asm/rx86-sol.s
+	as -o asm/rx86-sol.o asm/rx86-sol.s
+	rm -f asm/rx86-sol.s
+
+# a.out
+asm/rx86-out.o: asm/rx86unix.cpp
+	$(CPP) -DOUT asm/rx86unix.cpp | as -o asm/rx86-out.o
+
+# bsdi
+asm/rx86bsdi.o: asm/rx86unix.cpp
+	$(CPP) -DBSDI asm/rx86unix.cpp | sed 's/ :/:/' | as -o asm/rx86bsdi.o
+
+asm/rx86unix.cpp: asm/rc4-586.pl
+	(cd asm; $(PERL) rc4-586.pl cpp >rx86unix.cpp)
+
+files:
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+	@for i in $(EXHEADER) ; \
+	do  \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+	done;
+
+tags:
+	ctags $(SRC)
+
+tests:
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+
+dclean:
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	rm -f asm/rx86unix.cpp *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff asm/*.o
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+rc4_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc4.h
+rc4_enc.o: rc4_locl.h
+rc4_skey.o: ../../include/openssl/opensslconf.h
+rc4_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/rc4.h
+rc4_skey.o: rc4_locl.h
diff --git a/crypto/openssl/crypto/rc4/Makefile.uni b/crypto/openssl/crypto/rc4/Makefile.uni
new file mode 100644
index 000000000000..855d9e50f371
--- /dev/null
+++ b/crypto/openssl/crypto/rc4/Makefile.uni
@@ -0,0 +1,103 @@
+# Targets
+# make          - twidle the options yourself :-)
+# make cc       - standard cc options
+# make gcc      - standard gcc options
+# make x86-elf  - linux-elf etc
+# make x86-out  - linux-a.out, FreeBSD etc
+# make x86-solaris
+# make x86-bdsi
+
+DIR=    rc4
+TOP=    .
+CC=     gcc
+CFLAG=	-O3 -fomit-frame-pointer
+
+CPP=    $(CC) -E
+INCLUDES=
+INSTALLTOP=/usr/local/lib
+MAKE=           make
+MAKEDEPEND=     makedepend
+MAKEFILE=       Makefile.uni
+AR=             ar r
+RANLIB=         ranlib
+
+RC4_ENC=rc4_enc.o
+# or use
+#RC4_ENC=asm/rx86-elf.o
+#RC4_ENC=asm/rx86-out.o
+#RC4_ENC=asm/rx86-sol.o
+#RC4_ENC=asm/rx86bdsi.o
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=rc4test
+APPS=rc4speed
+
+LIB=librc4.a
+LIBSRC=rc4_skey.c rc4_enc.c
+LIBOBJ=rc4_skey.o $(RC4_ENC)
+
+SRC= $(LIBSRC)
+
+EXHEADER= rc4.h
+HEADER= $(EXHEADER) rc4_locl.h
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+all:    $(LIB) $(TEST) $(APPS)
+
+$(LIB):    $(LIBOBJ)
+	$(AR) $(LIB) $(LIBOBJ)
+	$(RANLIB) $(LIB)
+
+# elf
+asm/rx86-elf.o: asm/rx86unix.cpp
+	$(CPP) -DELF asm/rx86unix.cpp | as -o asm/rx86-elf.o
+
+# solaris
+asm/rx86-sol.o: asm/rx86unix.cpp
+	$(CC) -E -DSOL asm/rx86unix.cpp | sed 's/^#.*//' > asm/rx86-sol.s
+	as -o asm/rx86-sol.o asm/rx86-sol.s
+	rm -f asm/rx86-sol.s
+
+# a.out
+asm/rx86-out.o: asm/rx86unix.cpp
+	$(CPP) -DOUT asm/rx86unix.cpp | as -o asm/rx86-out.o
+
+# bsdi
+asm/rx86bsdi.o: asm/rx86unix.cpp
+	$(CPP) -DBSDI asm/rx86unix.cpp | as -o asm/rx86bsdi.o
+
+asm/rx86unix.cpp:
+	(cd asm; perl rc4-586.pl cpp >rx86unix.cpp)
+
+test:	$(TEST)
+	./$(TEST)
+
+$(TEST): $(TEST).c $(LIB)
+	$(CC) -o $(TEST) $(CFLAGS) $(TEST).c $(LIB)
+
+$(APPS): $(APPS).c $(LIB)
+	$(CC) -o $(APPS) $(CFLAGS) $(APPS).c $(LIB)
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+
+dclean:
+	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	/bin/rm -f $(LIB) $(TEST) $(APPS) *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+cc:
+	$(MAKE) CC="cc" CFLAG="-O" all
+
+gcc:
+	$(MAKE) CC="gcc" CFLAGS="-O3 -fomit-frame-pointer" all
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/openssl/crypto/rc4/asm/rc4-586.pl b/crypto/openssl/crypto/rc4/asm/rc4-586.pl
new file mode 100644
index 000000000000..7ef889e5a135
--- /dev/null
+++ b/crypto/openssl/crypto/rc4/asm/rc4-586.pl
@@ -0,0 +1,173 @@
+#!/usr/local/bin/perl
+
+# define for pentium pro friendly version
+
+push(@INC,"perlasm","../../perlasm");
+require "x86asm.pl";
+
+&asm_init($ARGV[0],"rc4-586.pl");
+
+$tx="eax";
+$ty="ebx";
+$x="ecx";
+$y="edx";
+$in="esi";
+$out="edi";
+$d="ebp";
+
+&RC4("RC4");
+
+&asm_finish();
+
+sub RC4_loop
+	{
+	local($n,$p,$char)=@_;
+
+	&comment("Round $n");
+
+	if ($char)
+		{
+		if ($p >= 0)
+			{
+			 &mov($ty,	&swtmp(2));
+			&cmp($ty,	$in);
+			 &jle(&label("finished"));
+			&inc($in);
+			}
+		else
+			{
+			&add($ty,	8);
+			 &inc($in);
+			&cmp($ty,	$in);
+			 &jl(&label("finished"));
+			&mov(&swtmp(2),	$ty);
+			}
+		}
+	# Moved out
+	# &mov(	$tx,		&DWP(0,$d,$x,4)) if $p < 0;
+
+	 &add(	$y,		$tx);
+	&and(	$y,		0xff);
+	 &inc(	$x);			# NEXT ROUND 
+	&mov(	$ty,		&DWP(0,$d,$y,4));
+	 # XXX
+	&mov(	&DWP(-4,$d,$x,4),$ty);			# AGI
+	 &add(	$ty,		$tx);
+	&and(	$x,		0xff);	# NEXT ROUND
+	 &and(	$ty,		0xff);
+	&mov(	&DWP(0,$d,$y,4),$tx);
+	 &nop();
+	&mov(	$ty,		&DWP(0,$d,$ty,4));
+	 &mov(	$tx,		&DWP(0,$d,$x,4)) if $p < 1; # NEXT ROUND
+	 # XXX
+
+	if (!$char)
+		{
+		#moved up into last round
+		if ($p >= 1)
+			{
+			&add(	$out,	8)
+			}
+		&movb(	&BP($n,"esp","",0),	&LB($ty));
+		}
+	else
+		{
+		# Note in+=8 has occured
+		&movb(	&HB($ty),	&BP(-1,$in,"",0));
+		 # XXX
+		&xorb(&LB($ty),		&HB($ty));
+		 # XXX
+		&movb(&BP($n,$out,"",0),&LB($ty));
+		}
+	}
+
+
+sub RC4
+	{
+	local($name)=@_;
+
+	&function_begin_B($name,"");
+
+	&comment("");
+
+	&push("ebp");
+	 &push("ebx");
+	&mov(	$d,	&wparam(0));	# key
+	 &mov(	$ty,	&wparam(1));	# num
+	&push("esi");
+	 &push("edi");
+
+	&mov(	$x,	&DWP(0,$d,"",1));
+	 &mov(	$y,	&DWP(4,$d,"",1));
+
+	&mov(	$in,	&wparam(2));
+	 &inc(	$x);
+
+	&stack_push(3);	# 3 temp variables
+	 &add(	$d,	8);
+	&and(	$x,		0xff);
+
+	 &lea(	$ty,	&DWP(-8,$ty,$in));
+
+	# check for 0 length input
+
+	&mov(	$out,	&wparam(3));
+	 &mov(	&swtmp(2),	$ty);	# this is now address to exit at
+	&mov(	$tx,	&DWP(0,$d,$x,4));
+
+	 &cmp(	$ty,	$in);
+	&jl(	&label("end")); # less than 8 bytes
+
+	&set_label("start");
+
+	# filling DELAY SLOT
+	&add(	$in,	8);
+
+	&RC4_loop(0,-1,0);
+	&RC4_loop(1,0,0);
+	&RC4_loop(2,0,0);
+	&RC4_loop(3,0,0);
+	&RC4_loop(4,0,0);
+	&RC4_loop(5,0,0);
+	&RC4_loop(6,0,0);
+	&RC4_loop(7,1,0);
+	
+	&comment("apply the cipher text");
+	# xor the cipher data with input
+
+	#&add(	$out,	8); #moved up into last round
+
+	&mov(	$tx,	&swtmp(0));
+	 &mov(	$ty,	&DWP(-8,$in,"",0));
+	&xor(	$tx,	$ty);
+	 &mov(	$ty,	&DWP(-4,$in,"",0)); 
+	&mov(	&DWP(-8,$out,"",0),	$tx);
+	 &mov(	$tx,	&swtmp(1));
+	&xor(	$tx,	$ty);
+	 &mov(	$ty,	&swtmp(2));	# load end ptr;
+	&mov(	&DWP(-4,$out,"",0),	$tx);
+	 &mov(	$tx,		&DWP(0,$d,$x,4));
+	&cmp($in,	$ty);
+	 &jle(&label("start"));
+
+	&set_label("end");
+
+	# There is quite a bit of extra crap in RC4_loop() for this
+	# first round
+	&RC4_loop(0,-1,1);
+	&RC4_loop(1,0,1);
+	&RC4_loop(2,0,1);
+	&RC4_loop(3,0,1);
+	&RC4_loop(4,0,1);
+	&RC4_loop(5,0,1);
+	&RC4_loop(6,1,1);
+
+	&set_label("finished");
+	&dec(	$x);
+	 &stack_pop(3);
+	&mov(	&DWP(-4,$d,"",0),$y);
+	 &movb(	&BP(-8,$d,"",0),&LB($x));
+
+	&function_end($name);
+	}
+
diff --git a/crypto/openssl/crypto/rc4/rc4.c b/crypto/openssl/crypto/rc4/rc4.c
new file mode 100644
index 000000000000..709b7aff35ae
--- /dev/null
+++ b/crypto/openssl/crypto/rc4/rc4.c
@@ -0,0 +1,192 @@
+/* crypto/rc4/rc4.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+#include 
+
+char *usage[]={
+"usage: rc4 args\n",
+"\n",
+" -in arg         - input file - default stdin\n",
+" -out arg        - output file - default stdout\n",
+" -key key        - password\n",
+NULL
+};
+
+int main(int argc, char *argv[])
+	{
+	FILE *in=NULL,*out=NULL;
+	char *infile=NULL,*outfile=NULL,*keystr=NULL;
+	RC4_KEY key;
+	char buf[BUFSIZ];
+	int badops=0,i;
+	char **pp;
+	unsigned char md[MD5_DIGEST_LENGTH];
+
+	argc--;
+	argv++;
+	while (argc >= 1)
+		{
+		if 	(strcmp(*argv,"-in") == 0)
+			{
+			if (--argc < 1) goto bad;
+			infile= *(++argv);
+			}
+		else if (strcmp(*argv,"-out") == 0)
+			{
+			if (--argc < 1) goto bad;
+			outfile= *(++argv);
+			}
+		else if (strcmp(*argv,"-key") == 0)
+			{
+			if (--argc < 1) goto bad;
+			keystr= *(++argv);
+			}
+		else
+			{
+			fprintf(stderr,"unknown option %s\n",*argv);
+			badops=1;
+			break;
+			}
+		argc--;
+		argv++;
+		}
+
+	if (badops)
+		{
+bad:
+		for (pp=usage; (*pp != NULL); pp++)
+			fprintf(stderr,*pp);
+		exit(1);
+		}
+
+	if (infile == NULL)
+		in=stdin;
+	else
+		{
+		in=fopen(infile,"r");
+		if (in == NULL)
+			{
+			perror("open");
+			exit(1);
+			}
+
+		}
+	if (outfile == NULL)
+		out=stdout;
+	else
+		{
+		out=fopen(outfile,"w");
+		if (out == NULL)
+			{
+			perror("open");
+			exit(1);
+			}
+		}
+		
+#ifdef MSDOS
+	/* This should set the file to binary mode. */
+	{
+#include 
+	setmode(fileno(in),O_BINARY);
+	setmode(fileno(out),O_BINARY);
+	}
+#endif
+
+	if (keystr == NULL)
+		{ /* get key */
+		i=EVP_read_pw_string(buf,BUFSIZ,"Enter RC4 password:",0);
+		if (i != 0)
+			{
+			memset(buf,0,BUFSIZ);
+			fprintf(stderr,"bad password read\n");
+			exit(1);
+			}
+		keystr=buf;
+		}
+
+	MD5((unsigned char *)keystr,(unsigned long)strlen(keystr),md);
+	memset(keystr,0,strlen(keystr));
+	RC4_set_key(&key,MD5_DIGEST_LENGTH,md);
+	
+	for(;;)
+		{
+		i=fread(buf,1,BUFSIZ,in);
+		if (i == 0) break;
+		if (i < 0)
+			{
+			perror("read");
+			exit(1);
+			}
+		RC4(&key,(unsigned int)i,(unsigned char *)buf,
+			(unsigned char *)buf);
+		i=fwrite(buf,(unsigned int)i,1,out);
+		if (i != 1)
+			{
+			perror("write");
+			exit(1);
+			}
+		}
+	fclose(out);
+	fclose(in);
+	exit(0);
+	return(1);
+	}
+
diff --git a/crypto/openssl/crypto/rc4/rc4.h b/crypto/openssl/crypto/rc4/rc4.h
new file mode 100644
index 000000000000..7418c2a9a210
--- /dev/null
+++ b/crypto/openssl/crypto/rc4/rc4.h
@@ -0,0 +1,88 @@
+/* crypto/rc4/rc4.h */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_RC4_H
+#define HEADER_RC4_H
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#ifdef NO_RC4
+#error RC4 is disabled.
+#endif
+
+#include  /* RC4_INT */
+
+typedef struct rc4_key_st
+	{
+	RC4_INT x,y;
+	RC4_INT data[256];
+	} RC4_KEY;
+
+ 
+const char *RC4_options(void);
+void RC4_set_key(RC4_KEY *key, int len, unsigned char *data);
+void RC4(RC4_KEY *key, unsigned long len, unsigned char *indata,
+		unsigned char *outdata);
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
diff --git a/crypto/openssl/crypto/rc4/rc4_enc.c b/crypto/openssl/crypto/rc4/rc4_enc.c
new file mode 100644
index 000000000000..3256bea8cc86
--- /dev/null
+++ b/crypto/openssl/crypto/rc4/rc4_enc.c
@@ -0,0 +1,131 @@
+/* crypto/rc4/rc4_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "rc4_locl.h"
+
+/* RC4 as implemented from a posting from
+ * Newsgroups: sci.crypt
+ * From: sterndark@netcom.com (David Sterndark)
+ * Subject: RC4 Algorithm revealed.
+ * Message-ID: 
+ * Date: Wed, 14 Sep 1994 06:35:31 GMT
+ */
+
+void RC4(RC4_KEY *key, unsigned long len, unsigned char *indata,
+	     unsigned char *outdata)
+	{
+        register RC4_INT *d;
+        register RC4_INT x,y,tx,ty;
+	int i;
+        
+        x=key->x;     
+        y=key->y;     
+        d=key->data; 
+
+#define LOOP(in,out) \
+		x=((x+1)&0xff); \
+		tx=d[x]; \
+		y=(tx+y)&0xff; \
+		d[x]=ty=d[y]; \
+		d[y]=tx; \
+		(out) = d[(tx+ty)&0xff]^ (in);
+
+#ifndef RC4_INDEX
+#define RC4_LOOP(a,b,i)	LOOP(*((a)++),*((b)++))
+#else
+#define RC4_LOOP(a,b,i)	LOOP(a[i],b[i])
+#endif
+
+	i=(int)(len>>3L);
+	if (i)
+		{
+		for (;;)
+			{
+			RC4_LOOP(indata,outdata,0);
+			RC4_LOOP(indata,outdata,1);
+			RC4_LOOP(indata,outdata,2);
+			RC4_LOOP(indata,outdata,3);
+			RC4_LOOP(indata,outdata,4);
+			RC4_LOOP(indata,outdata,5);
+			RC4_LOOP(indata,outdata,6);
+			RC4_LOOP(indata,outdata,7);
+#ifdef RC4_INDEX
+			indata+=8;
+			outdata+=8;
+#endif
+			if (--i == 0) break;
+			}
+		}
+	i=(int)len&0x07;
+	if (i)
+		{
+		for (;;)
+			{
+			RC4_LOOP(indata,outdata,0); if (--i == 0) break;
+			RC4_LOOP(indata,outdata,1); if (--i == 0) break;
+			RC4_LOOP(indata,outdata,2); if (--i == 0) break;
+			RC4_LOOP(indata,outdata,3); if (--i == 0) break;
+			RC4_LOOP(indata,outdata,4); if (--i == 0) break;
+			RC4_LOOP(indata,outdata,5); if (--i == 0) break;
+			RC4_LOOP(indata,outdata,6); if (--i == 0) break;
+			}
+		}               
+	key->x=x;     
+	key->y=y;
+	}
diff --git a/crypto/openssl/crypto/rc4/rc4_locl.h b/crypto/openssl/crypto/rc4/rc4_locl.h
new file mode 100644
index 000000000000..3bb80b6ce9e0
--- /dev/null
+++ b/crypto/openssl/crypto/rc4/rc4_locl.h
@@ -0,0 +1,4 @@
+#ifndef HEADER_RC4_LOCL_H
+#define HEADER_RC4_LOCL_H
+#include 
+#endif
diff --git a/crypto/openssl/crypto/rc4/rc4_skey.c b/crypto/openssl/crypto/rc4/rc4_skey.c
new file mode 100644
index 000000000000..c67a445f1f65
--- /dev/null
+++ b/crypto/openssl/crypto/rc4/rc4_skey.c
@@ -0,0 +1,117 @@
+/* crypto/rc4/rc4_skey.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "rc4_locl.h"
+#include 
+
+const char *RC4_version="RC4" OPENSSL_VERSION_PTEXT;
+
+const char *RC4_options(void)
+	{
+#ifdef RC4_INDEX
+	if (sizeof(RC4_INT) == 1)
+		return("rc4(idx,char)");
+	else
+		return("rc4(idx,int)");
+#else
+	if (sizeof(RC4_INT) == 1)
+		return("rc4(ptr,char)");
+	else
+		return("rc4(ptr,int)");
+#endif
+	}
+
+/* RC4 as implemented from a posting from
+ * Newsgroups: sci.crypt
+ * From: sterndark@netcom.com (David Sterndark)
+ * Subject: RC4 Algorithm revealed.
+ * Message-ID: 
+ * Date: Wed, 14 Sep 1994 06:35:31 GMT
+ */
+
+void RC4_set_key(RC4_KEY *key, int len, register unsigned char *data)
+	{
+        register RC4_INT tmp;
+        register int id1,id2;
+        register RC4_INT *d;
+        unsigned int i;
+        
+        d= &(key->data[0]);
+	for (i=0; i<256; i++)
+		d[i]=i;
+        key->x = 0;     
+        key->y = 0;     
+        id1=id2=0;     
+
+#define SK_LOOP(n) { \
+		tmp=d[(n)]; \
+		id2 = (data[id1] + tmp + id2) & 0xff; \
+		if (++id1 == len) id1=0; \
+		d[(n)]=d[id2]; \
+		d[id2]=tmp; }
+
+	for (i=0; i < 256; i+=4)
+		{
+		SK_LOOP(i+0);
+		SK_LOOP(i+1);
+		SK_LOOP(i+2);
+		SK_LOOP(i+3);
+		}
+	}
+    
diff --git a/crypto/openssl/crypto/rc4/rc4s.cpp b/crypto/openssl/crypto/rc4/rc4s.cpp
new file mode 100644
index 000000000000..3814fde9972f
--- /dev/null
+++ b/crypto/openssl/crypto/rc4/rc4s.cpp
@@ -0,0 +1,73 @@
+//
+// gettsc.inl
+//
+// gives access to the Pentium's (secret) cycle counter
+//
+// This software was written by Leonard Janke (janke@unixg.ubc.ca)
+// in 1996-7 and is entered, by him, into the public domain.
+
+#if defined(__WATCOMC__)
+void GetTSC(unsigned long&);
+#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
+#elif defined(__GNUC__)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  asm volatile(".byte 15, 49\n\t"
+	       : "=eax" (tsc)
+	       :
+	       : "%edx", "%eax");
+}
+#elif defined(_MSC_VER)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  unsigned long a;
+  __asm _emit 0fh
+  __asm _emit 31h
+  __asm mov a, eax;
+  tsc=a;
+}
+#endif      
+
+#include 
+#include 
+#include 
+
+void main(int argc,char *argv[])
+	{
+	unsigned char buffer[1024];
+	RC4_KEY ctx;
+	unsigned long s1,s2,e1,e2;
+	unsigned char k[16];
+	unsigned long data[2];
+	unsigned char iv[8];
+	int i,num=64,numm;
+	int j=0;
+
+	if (argc >= 2)
+		num=atoi(argv[1]);
+
+	if (num == 0) num=256;
+	if (num > 1024-16) num=1024-16;
+	numm=num+8;
+
+	for (j=0; j<6; j++)
+		{
+		for (i=0; i<10; i++) /**/
+			{
+			RC4(&ctx,numm,buffer,buffer);
+			GetTSC(s1);
+			RC4(&ctx,numm,buffer,buffer);
+			GetTSC(e1);
+			GetTSC(s2);
+			RC4(&ctx,num,buffer,buffer);
+			GetTSC(e2);
+			RC4(&ctx,num,buffer,buffer);
+			}
+
+		printf("RC4 (%d bytes) %d %d (%d) - 8 bytes\n",num,
+			e1-s1,e2-s2,(e1-s1)-(e2-s2));
+		}
+	}
+
diff --git a/crypto/openssl/crypto/rc4/rc4speed.c b/crypto/openssl/crypto/rc4/rc4speed.c
new file mode 100644
index 000000000000..4fb5ebf57383
--- /dev/null
+++ b/crypto/openssl/crypto/rc4/rc4speed.c
@@ -0,0 +1,250 @@
+/* crypto/rc4/rc4speed.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* 11-Sep-92 Andrew Daviel   Support for Silicon Graphics IRIX added */
+/* 06-Apr-92 Luke Brennan    Support for VMS and add extra signal calls */
+
+#if !defined(MSDOS) && (!defined(VMS) || defined(__DECC))
+#define TIMES
+#endif
+
+#include 
+
+#include 
+#include OPENSSL_UNISTD_IO
+OPENSSL_DECLARE_EXIT
+
+#include 
+#ifndef _IRIX
+#include 
+#endif
+#ifdef TIMES
+#include 
+#include 
+#endif
+
+/* Depending on the VMS version, the tms structure is perhaps defined.
+   The __TMS macro will show if it was.  If it wasn't defined, we should
+   undefine TIMES, since that tells the rest of the program how things
+   should be handled.				-- Richard Levitte */
+#if defined(VMS) && defined(__DECC) && !defined(__TMS)
+#undef TIMES
+#endif
+
+#ifndef TIMES
+#include 
+#endif
+
+#if defined(sun) || defined(__ultrix)
+#define _POSIX_SOURCE
+#include 
+#include 
+#endif
+
+#include 
+
+/* The following if from times(3) man page.  It may need to be changed */
+#ifndef HZ
+#ifndef CLK_TCK
+#define HZ	100.0
+#else /* CLK_TCK */
+#define HZ ((double)CLK_TCK)
+#endif
+#endif
+
+#define BUFSIZE	((long)1024)
+long run=0;
+
+double Time_F(int s);
+#ifdef SIGALRM
+#if defined(__STDC__) || defined(sgi) || defined(_AIX)
+#define SIGRETTYPE void
+#else
+#define SIGRETTYPE int
+#endif
+
+SIGRETTYPE sig_done(int sig);
+SIGRETTYPE sig_done(int sig)
+	{
+	signal(SIGALRM,sig_done);
+	run=0;
+#ifdef LINT
+	sig=sig;
+#endif
+	}
+#endif
+
+#define START	0
+#define STOP	1
+
+double Time_F(int s)
+	{
+	double ret;
+#ifdef TIMES
+	static struct tms tstart,tend;
+
+	if (s == START)
+		{
+		times(&tstart);
+		return(0);
+		}
+	else
+		{
+		times(&tend);
+		ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
+		return((ret == 0.0)?1e-6:ret);
+		}
+#else /* !times() */
+	static struct timeb tstart,tend;
+	long i;
+
+	if (s == START)
+		{
+		ftime(&tstart);
+		return(0);
+		}
+	else
+		{
+		ftime(&tend);
+		i=(long)tend.millitm-(long)tstart.millitm;
+		ret=((double)(tend.time-tstart.time))+((double)i)/1e3;
+		return((ret == 0.0)?1e-6:ret);
+		}
+#endif
+	}
+
+int main(int argc, char **argv)
+	{
+	long count;
+	static unsigned char buf[BUFSIZE];
+	static unsigned char key[] ={
+			0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
+			0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10,
+			};
+	RC4_KEY sch;
+	double a,b,c,d;
+#ifndef SIGALRM
+	long ca,cb,cc;
+#endif
+
+#ifndef TIMES
+	printf("To get the most acurate results, try to run this\n");
+	printf("program when this computer is idle.\n");
+#endif
+
+#ifndef SIGALRM
+	printf("First we calculate the approximate speed ...\n");
+	RC4_set_key(&sch,16,key);
+	count=10;
+	do	{
+		long i;
+		unsigned long data[2];
+
+		count*=2;
+		Time_F(START);
+		for (i=count; i; i--)
+			RC4(&sch,8,buf,buf);
+		d=Time_F(STOP);
+		} while (d < 3.0);
+	ca=count/512;
+	cc=count*8/BUFSIZE+1;
+	printf("Doing RC4_set_key %ld times\n",ca);
+#define COND(d)	(count != (d))
+#define COUNT(d) (d)
+#else
+#define COND(c)	(run)
+#define COUNT(d) (count)
+	signal(SIGALRM,sig_done);
+	printf("Doing RC4_set_key for 10 seconds\n");
+	alarm(10);
+#endif
+
+	Time_F(START);
+	for (count=0,run=1; COND(ca); count+=4)
+		{
+		RC4_set_key(&sch,16,key);
+		RC4_set_key(&sch,16,key);
+		RC4_set_key(&sch,16,key);
+		RC4_set_key(&sch,16,key);
+		}
+	d=Time_F(STOP);
+	printf("%ld RC4_set_key's in %.2f seconds\n",count,d);
+	a=((double)COUNT(ca))/d;
+
+#ifdef SIGALRM
+	printf("Doing RC4 on %ld byte blocks for 10 seconds\n",BUFSIZE);
+	alarm(10);
+#else
+	printf("Doing RC4 %ld times on %ld byte blocks\n",cc,BUFSIZE);
+#endif
+	Time_F(START);
+	for (count=0,run=1; COND(cc); count++)
+		RC4(&sch,BUFSIZE,buf,buf);
+	d=Time_F(STOP);
+	printf("%ld RC4's of %ld byte blocks in %.2f second\n",
+		count,BUFSIZE,d);
+	c=((double)COUNT(cc)*BUFSIZE)/d;
+
+	printf("RC4 set_key per sec = %12.2f (%9.3fuS)\n",a,1.0e6/a);
+	printf("RC4   bytes per sec = %12.2f (%9.3fuS)\n",c,8.0e6/c);
+	exit(0);
+#if defined(LINT) || defined(MSDOS)
+	return(0);
+#endif
+	}
+
diff --git a/crypto/openssl/crypto/rc4/rc4test.c b/crypto/openssl/crypto/rc4/rc4test.c
new file mode 100644
index 000000000000..5abf8cff3073
--- /dev/null
+++ b/crypto/openssl/crypto/rc4/rc4test.c
@@ -0,0 +1,201 @@
+/* crypto/rc4/rc4test.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+
+#ifdef NO_RC4
+int main(int argc, char *argv[])
+{
+    printf("No RC4 support\n");
+    return(0);
+}
+#else
+#include 
+
+unsigned char keys[7][30]={
+	{8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef},
+	{8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef},
+	{8,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+	{4,0xef,0x01,0x23,0x45},
+	{8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef},
+	{4,0xef,0x01,0x23,0x45},
+	};
+
+unsigned char data_len[7]={8,8,8,20,28,10};
+unsigned char data[7][30]={
+	{0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,0xff},
+	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff},
+	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff},
+	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+	   0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+	   0x00,0x00,0x00,0x00,0xff},
+	{0x12,0x34,0x56,0x78,0x9A,0xBC,0xDE,0xF0,
+	   0x12,0x34,0x56,0x78,0x9A,0xBC,0xDE,0xF0,
+	   0x12,0x34,0x56,0x78,0x9A,0xBC,0xDE,0xF0,
+	   0x12,0x34,0x56,0x78,0xff},
+	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff},
+	{0},
+	};
+
+unsigned char output[7][30]={
+	{0x75,0xb7,0x87,0x80,0x99,0xe0,0xc5,0x96,0x00},
+	{0x74,0x94,0xc2,0xe7,0x10,0x4b,0x08,0x79,0x00},
+	{0xde,0x18,0x89,0x41,0xa3,0x37,0x5d,0x3a,0x00},
+	{0xd6,0xa1,0x41,0xa7,0xec,0x3c,0x38,0xdf,
+	 0xbd,0x61,0x5a,0x11,0x62,0xe1,0xc7,0xba,
+	 0x36,0xb6,0x78,0x58,0x00},
+	{0x66,0xa0,0x94,0x9f,0x8a,0xf7,0xd6,0x89,
+	 0x1f,0x7f,0x83,0x2b,0xa8,0x33,0xc0,0x0c,
+	 0x89,0x2e,0xbe,0x30,0x14,0x3c,0xe2,0x87,
+	 0x40,0x01,0x1e,0xcf,0x00},
+	{0xd6,0xa1,0x41,0xa7,0xec,0x3c,0x38,0xdf,0xbd,0x61,0x00},
+	{0},
+	};
+
+int main(int argc, char *argv[])
+	{
+	int i,err=0;
+	int j;
+	unsigned char *p;
+	RC4_KEY key;
+	unsigned char buf[512],obuf[512];
+
+	for (i=0; i<512; i++) buf[i]=0x01;
+
+	for (i=0; i<6; i++)
+		{
+		RC4_set_key(&key,keys[i][0],&(keys[i][1]));
+		memset(obuf,0x00,sizeof(obuf));
+		RC4(&key,data_len[i],&(data[i][0]),obuf);
+		if (memcmp(obuf,output[i],data_len[i]+1) != 0)
+			{
+			printf("error calculating RC4\n");
+			printf("output:");
+			for (j=0; j
+Sender: sterndark@netcom.com 
+Organization: NETCOM On-line Communication Services (408 261-4700 guest)
+X-Newsreader: TIN [version 1.2 PL1]
+Date: Wed, 14 Sep 1994 06:35:31 GMT
+Lines: 263
+Xref: ghost.dsi.unimi.it sci.crypt:27332 alt.security:14732 comp.security.misc:11701 alt.privacy:16026
+
+I am shocked,  shocked, I tell you,  shocked, to discover
+that the cypherpunks have illegaly and criminally revealed
+a crucial RSA trade secret and harmed the security of
+America by reverse engineering the RC4 algorithm and
+publishing it to the world.
+ 
+On Saturday morning an anonymous cypherpunk wrote:
+ 
+ 
+   SUBJECT:  RC4 Source Code
+ 
+ 
+   I've tested this.  It is compatible with the RC4 object module
+   that comes in the various RSA toolkits.  
+ 
+   /* rc4.h */
+   typedef struct rc4_key
+   {      
+        unsigned char state[256];       
+        unsigned char x;        
+        unsigned char y;
+   } rc4_key;
+   void prepare_key(unsigned char *key_data_ptr,int key_data_len,
+   rc4_key *key);
+   void rc4(unsigned char *buffer_ptr,int buffer_len,rc4_key * key);
+   
+   
+   /*rc4.c */
+   #include "rc4.h"
+   static void swap_byte(unsigned char *a, unsigned char *b);
+   void prepare_key(unsigned char *key_data_ptr, int key_data_len,
+   rc4_key *key)
+   {
+        unsigned char swapByte;
+        unsigned char index1;
+        unsigned char index2;
+        unsigned char* state;
+        short counter;     
+        
+        state = &key->state[0];         
+        for(counter = 0; counter < 256; counter++)              
+        state[counter] = counter;               
+        key->x = 0;     
+        key->y = 0;     
+        index1 = 0;     
+        index2 = 0;             
+        for(counter = 0; counter < 256; counter++)      
+        {               
+             index2 = (key_data_ptr[index1] + state[counter] +
+                index2) % 256;                
+             swap_byte(&state[counter], &state[index2]);            
+   
+             index1 = (index1 + 1) % key_data_len;  
+        }       
+    }
+    
+    void rc4(unsigned char *buffer_ptr, int buffer_len, rc4_key *key)
+    { 
+        unsigned char x;
+        unsigned char y;
+        unsigned char* state;
+        unsigned char xorIndex;
+        short counter;              
+        
+        x = key->x;     
+        y = key->y;     
+        
+        state = &key->state[0];         
+        for(counter = 0; counter < buffer_len; counter ++)      
+        {               
+             x = (x + 1) % 256;                      
+             y = (state[x] + y) % 256;               
+             swap_byte(&state[x], &state[y]);                        
+                  
+             xorIndex = (state[x] + state[y]) % 256;                 
+                  
+             buffer_ptr[counter] ^= state[xorIndex];         
+         }               
+         key->x = x;     
+         key->y = y;
+    }
+    
+    static void swap_byte(unsigned char *a, unsigned char *b)
+    {
+        unsigned char swapByte; 
+        
+        swapByte = *a; 
+        *a = *b;      
+        *b = swapByte;
+    }
+ 
+ 
+ 
+Another cypherpunk, this one not anonymous, tested the
+output from this algorithm against the output from
+official RC4 object code
+ 
+ 
+   Date: Tue, 13 Sep 94 18:37:56 PDT
+   From: ekr@eit.COM (Eric Rescorla)
+   Message-Id: <9409140137.AA17743@eitech.eit.com>
+   Subject: RC4 compatibility testing
+   Cc: cypherpunks@toad.com
+   
+   One data point:
+   
+   I can't say anything about the internals of RC4 versus the
+   algorithm that Bill Sommerfeld is rightly calling 'Alleged RC4',
+   since I don't know anything about RC4's internals. 
+   
+   However, I do have a (legitimately acquired) copy of BSAFE2 and
+   so I'm able to compare the output of this algorithm to the output
+   of genuine RC4 as found in BSAFE. I chose a set of test vectors
+   and ran them through both algorithms. The algorithms appear to
+   give identical results, at least with these key/plaintext pairs.
+   
+   I note that this is the algorithm _without_ Hal Finney's
+   proposed modification
+   
+   (see <199409130605.XAA24133@jobe.shell.portal.com>).
+   
+   The vectors I used (together with the ciphertext they produce)
+   follow at the end of this message.
+   
+   -Ekr
+   
+   Disclaimer: This posting does not reflect the opinions of EIT.
+   
+   --------------------results follow--------------
+   Test vector 0
+   Key: 0x01 0x23 0x45 0x67 0x89 0xab 0xcd 0xef 
+   Input: 0x01 0x23 0x45 0x67 0x89 0xab 0xcd 0xef 
+   0 Output: 0x75 0xb7 0x87 0x80 0x99 0xe0 0xc5 0x96 
+   
+   Test vector 1
+   Key: 0x01 0x23 0x45 0x67 0x89 0xab 0xcd 0xef 
+   Input: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 
+   0 Output: 0x74 0x94 0xc2 0xe7 0x10 0x4b 0x08 0x79 
+   
+   Test vector 2
+   Key: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 
+   Input: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 
+   0 Output: 0xde 0x18 0x89 0x41 0xa3 0x37 0x5d 0x3a 
+   
+   Test vector 3
+   Key: 0xef 0x01 0x23 0x45 
+   Input: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 
+   0 Output: 0xd6 0xa1 0x41 0xa7 0xec 0x3c 0x38 0xdf 0xbd 0x61 
+   
+   Test vector 4
+   Key: 0x01 0x23 0x45 0x67 0x89 0xab 0xcd 0xef 
+   Input: 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 
+   0 Output: 0x75 0x95 0xc3 0xe6 0x11 0x4a 0x09 0x78 0x0c 0x4a 0xd4 
+   0x52 0x33 0x8e 0x1f 0xfd 0x9a 0x1b 0xe9 0x49 0x8f 
+   0x81 0x3d 0x76 0x53 0x34 0x49 0xb6 0x77 0x8d 0xca 
+   0xd8 0xc7 0x8a 0x8d 0x2b 0xa9 0xac 0x66 0x08 0x5d 
+   0x0e 0x53 0xd5 0x9c 0x26 0xc2 0xd1 0xc4 0x90 0xc1 
+   0xeb 0xbe 0x0c 0xe6 0x6d 0x1b 0x6b 0x1b 0x13 0xb6 
+   0xb9 0x19 0xb8 0x47 0xc2 0x5a 0x91 0x44 0x7a 0x95 
+   0xe7 0x5e 0x4e 0xf1 0x67 0x79 0xcd 0xe8 0xbf 0x0a 
+   0x95 0x85 0x0e 0x32 0xaf 0x96 0x89 0x44 0x4f 0xd3 
+   0x77 0x10 0x8f 0x98 0xfd 0xcb 0xd4 0xe7 0x26 0x56 
+   0x75 0x00 0x99 0x0b 0xcc 0x7e 0x0c 0xa3 0xc4 0xaa 
+   0xa3 0x04 0xa3 0x87 0xd2 0x0f 0x3b 0x8f 0xbb 0xcd 
+   0x42 0xa1 0xbd 0x31 0x1d 0x7a 0x43 0x03 0xdd 0xa5 
+   0xab 0x07 0x88 0x96 0xae 0x80 0xc1 0x8b 0x0a 0xf6 
+   0x6d 0xff 0x31 0x96 0x16 0xeb 0x78 0x4e 0x49 0x5a 
+   0xd2 0xce 0x90 0xd7 0xf7 0x72 0xa8 0x17 0x47 0xb6 
+   0x5f 0x62 0x09 0x3b 0x1e 0x0d 0xb9 0xe5 0xba 0x53 
+   0x2f 0xaf 0xec 0x47 0x50 0x83 0x23 0xe6 0x71 0x32 
+   0x7d 0xf9 0x44 0x44 0x32 0xcb 0x73 0x67 0xce 0xc8 
+   0x2f 0x5d 0x44 0xc0 0xd0 0x0b 0x67 0xd6 0x50 0xa0 
+   0x75 0xcd 0x4b 0x70 0xde 0xdd 0x77 0xeb 0x9b 0x10 
+   0x23 0x1b 0x6b 0x5b 0x74 0x13 0x47 0x39 0x6d 0x62 
+   0x89 0x74 0x21 0xd4 0x3d 0xf9 0xb4 0x2e 0x44 0x6e 
+   0x35 0x8e 0x9c 0x11 0xa9 0xb2 0x18 0x4e 0xcb 0xef 
+   0x0c 0xd8 0xe7 0xa8 0x77 0xef 0x96 0x8f 0x13 0x90 
+   0xec 0x9b 0x3d 0x35 0xa5 0x58 0x5c 0xb0 0x09 0x29 
+   0x0e 0x2f 0xcd 0xe7 0xb5 0xec 0x66 0xd9 0x08 0x4b 
+   0xe4 0x40 0x55 0xa6 0x19 0xd9 0xdd 0x7f 0xc3 0x16 
+   0x6f 0x94 0x87 0xf7 0xcb 0x27 0x29 0x12 0x42 0x64 
+   0x45 0x99 0x85 0x14 0xc1 0x5d 0x53 0xa1 0x8c 0x86 
+   0x4c 0xe3 0xa2 0xb7 0x55 0x57 0x93 0x98 0x81 0x26 
+   0x52 0x0e 0xac 0xf2 0xe3 0x06 0x6e 0x23 0x0c 0x91 
+   0xbe 0xe4 0xdd 0x53 0x04 0xf5 0xfd 0x04 0x05 0xb3 
+   0x5b 0xd9 0x9c 0x73 0x13 0x5d 0x3d 0x9b 0xc3 0x35 
+   0xee 0x04 0x9e 0xf6 0x9b 0x38 0x67 0xbf 0x2d 0x7b 
+   0xd1 0xea 0xa5 0x95 0xd8 0xbf 0xc0 0x06 0x6f 0xf8 
+   0xd3 0x15 0x09 0xeb 0x0c 0x6c 0xaa 0x00 0x6c 0x80 
+   0x7a 0x62 0x3e 0xf8 0x4c 0x3d 0x33 0xc1 0x95 0xd2 
+   0x3e 0xe3 0x20 0xc4 0x0d 0xe0 0x55 0x81 0x57 0xc8 
+   0x22 0xd4 0xb8 0xc5 0x69 0xd8 0x49 0xae 0xd5 0x9d 
+   0x4e 0x0f 0xd7 0xf3 0x79 0x58 0x6b 0x4b 0x7f 0xf6 
+   0x84 0xed 0x6a 0x18 0x9f 0x74 0x86 0xd4 0x9b 0x9c 
+   0x4b 0xad 0x9b 0xa2 0x4b 0x96 0xab 0xf9 0x24 0x37 
+   0x2c 0x8a 0x8f 0xff 0xb1 0x0d 0x55 0x35 0x49 0x00 
+   0xa7 0x7a 0x3d 0xb5 0xf2 0x05 0xe1 0xb9 0x9f 0xcd 
+   0x86 0x60 0x86 0x3a 0x15 0x9a 0xd4 0xab 0xe4 0x0f 
+   0xa4 0x89 0x34 0x16 0x3d 0xdd 0xe5 0x42 0xa6 0x58 
+   0x55 0x40 0xfd 0x68 0x3c 0xbf 0xd8 0xc0 0x0f 0x12 
+   0x12 0x9a 0x28 0x4d 0xea 0xcc 0x4c 0xde 0xfe 0x58 
+   0xbe 0x71 0x37 0x54 0x1c 0x04 0x71 0x26 0xc8 0xd4 
+   0x9e 0x27 0x55 0xab 0x18 0x1a 0xb7 0xe9 0x40 0xb0 
+   0xc0 
+   
+
+
+-- 
+ ---------------------------------------------------------------------
+We have the right to defend ourselves and our
+property, because of the kind of animals that we              James A. Donald
+are.  True law derives from this right, not from
+the arbitrary power of the omnipotent state.                jamesd@netcom.com
+
+
diff --git a/crypto/openssl/crypto/rc5/Makefile.ssl b/crypto/openssl/crypto/rc5/Makefile.ssl
new file mode 100644
index 000000000000..666c4b6539e5
--- /dev/null
+++ b/crypto/openssl/crypto/rc5/Makefile.ssl
@@ -0,0 +1,112 @@
+#
+# SSLeay/crypto/rc5/Makefile
+#
+
+DIR=	rc5
+TOP=	../..
+CC=	cc
+CPP=	$(CC) -E
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=		make -f Makefile.ssl
+MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+MAKEFILE=	Makefile.ssl
+AR=		ar r
+
+RC5_ENC=		rc5_enc.o
+# or use
+#DES_ENC=	r586-elf.o
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=rc5test.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=rc5_skey.c rc5_ecb.c rc5_enc.c rc5cfb64.c rc5ofb64.c 
+LIBOBJ=rc5_skey.o rc5_ecb.o $(RC5_ENC) rc5cfb64.o rc5ofb64.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= rc5.h
+HEADER=	rc5_locl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:	lib
+
+lib:	$(LIBOBJ)
+	$(AR) $(LIB) $(LIBOBJ)
+	$(RANLIB) $(LIB)
+	@touch lib
+
+# elf
+asm/r586-elf.o: asm/r586unix.cpp
+	$(CPP) -DELF asm/r586unix.cpp | as -o asm/r586-elf.o
+
+# solaris
+asm/r586-sol.o: asm/r586unix.cpp
+	$(CC) -E -DSOL asm/r586unix.cpp | sed 's/^#.*//' > asm/r586-sol.s
+	as -o asm/r586-sol.o asm/r586-sol.s
+	rm -f asm/r586-sol.s
+
+# a.out
+asm/r586-out.o: asm/r586unix.cpp
+	$(CPP) -DOUT asm/r586unix.cpp | as -o asm/r586-out.o
+
+# bsdi
+asm/r586bsdi.o: asm/r586unix.cpp
+	$(CPP) -DBSDI asm/r586unix.cpp | sed 's/ :/:/' | as -o asm/r586bsdi.o
+
+asm/r586unix.cpp:
+	(cd asm; $(PERL) rc5-586.pl cpp >r586unix.cpp)
+
+files:
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+	@for i in $(EXHEADER) ; \
+	do  \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+	done;
+
+tags:
+	ctags $(SRC)
+
+tests:
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+
+dclean:
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	rm -f asm/r586unix.cpp *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+rc5_ecb.o: ../../include/openssl/opensslv.h ../../include/openssl/rc5.h
+rc5_ecb.o: rc5_locl.h
+rc5_enc.o: ../../include/openssl/rc5.h rc5_locl.h
+rc5_skey.o: ../../include/openssl/rc5.h rc5_locl.h
+rc5cfb64.o: ../../include/openssl/rc5.h rc5_locl.h
+rc5ofb64.o: ../../include/openssl/rc5.h rc5_locl.h
diff --git a/crypto/openssl/crypto/rc5/Makefile.uni b/crypto/openssl/crypto/rc5/Makefile.uni
new file mode 100644
index 000000000000..4dc20c6fcfd5
--- /dev/null
+++ b/crypto/openssl/crypto/rc5/Makefile.uni
@@ -0,0 +1,73 @@
+# Targets
+# make          - twidle the options yourself :-)
+# make cc       - standard cc options
+# make gcc      - standard gcc options
+
+DIR=    rc2
+TOP=    .
+CC=     gcc
+CFLAG=	-O3 -fomit-frame-pointer
+
+CPP=    $(CC) -E
+INCLUDES=
+INSTALLTOP=/usr/local/lib
+MAKE=           make
+MAKEDEPEND=     makedepend
+MAKEFILE=       Makefile.uni
+AR=             ar r
+RANLIB=         ranlib
+
+IDEA_ENC=rc2_cbc.o
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=rc2test
+APPS=rc2speed
+
+LIB=librc2.a
+LIBSRC=rc2_skey.c rc2_ecb.c rc2_cbc.c rc2cfb64.c rc2ofb64.c
+LIBOBJ=rc2_skey.o rc2_ecb.o $(IDEA_ENC) rc2cfb64.o rc2ofb64.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= rc2.h
+HEADER= rc2_locl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+all:    $(LIB) $(TEST) $(APPS)
+
+$(LIB):    $(LIBOBJ)
+	$(AR) $(LIB) $(LIBOBJ)
+	$(RANLIB) $(LIB)
+
+test:	$(TEST)
+	./$(TEST)
+
+$(TEST): $(TEST).c $(LIB)
+	$(CC) -o $(TEST) $(CFLAGS) $(TEST).c $(LIB)
+
+$(APPS): $(APPS).c $(LIB)
+	$(CC) -o $(APPS) $(CFLAGS) $(APPS).c $(LIB)
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+
+dclean:
+	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	/bin/rm -f $(LIB) $(TEST) $(APPS) *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+cc:
+	$(MAKE) CC="cc" CFLAG="-O" all
+
+gcc:
+	$(MAKE) CC="gcc" CFLAGS="-O3 -fomit-frame-pointer" all
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/openssl/crypto/rc5/asm/rc5-586.pl b/crypto/openssl/crypto/rc5/asm/rc5-586.pl
new file mode 100644
index 000000000000..edff1d1e64af
--- /dev/null
+++ b/crypto/openssl/crypto/rc5/asm/rc5-586.pl
@@ -0,0 +1,109 @@
+#!/usr/local/bin/perl
+
+push(@INC,"perlasm","../../perlasm");
+require "x86asm.pl";
+require "cbc.pl";
+
+&asm_init($ARGV[0],"rc5-586.pl");
+
+$RC5_MAX_ROUNDS=16;
+$RC5_32_OFF=($RC5_MAX_ROUNDS+2)*4;
+$A="edi";
+$B="esi";
+$S="ebp";
+$tmp1="eax";
+$r="ebx";
+$tmpc="ecx";
+$tmp4="edx";
+
+&RC5_32_encrypt("RC5_32_encrypt",1);
+&RC5_32_encrypt("RC5_32_decrypt",0);
+&cbc("RC5_32_cbc_encrypt","RC5_32_encrypt","RC5_32_decrypt",0,4,5,3,-1,-1);
+&asm_finish();
+
+sub RC5_32_encrypt
+	{
+	local($name,$enc)=@_;
+
+	&function_begin_B($name,"");
+
+	&comment("");
+
+	&push("ebp");
+	 &push("esi");
+	&push("edi");
+	 &mov($tmp4,&wparam(0));
+	&mov($S,&wparam(1));
+
+	&comment("Load the 2 words");
+	 &mov($A,&DWP(0,$tmp4,"",0));
+	&mov($B,&DWP(4,$tmp4,"",0));
+
+	&push($r);
+	 &mov($r,	&DWP(0,$S,"",0));
+
+	# encrypting part
+
+	if ($enc)
+		{
+		 &add($A,	&DWP(4+0,$S,"",0));
+		&add($B,	&DWP(4+4,$S,"",0));
+
+		for ($i=0; $i<$RC5_MAX_ROUNDS; $i++)
+			{
+			 &xor($A,	$B);
+			&mov($tmp1,	&DWP(12+$i*8,$S,"",0));
+			 &mov($tmpc,	$B);
+			&rotl($A,	&LB("ecx"));
+			&add($A,	$tmp1);
+
+			 &xor($B,	$A);
+			&mov($tmp1,	&DWP(16+$i*8,$S,"",0));
+			 &mov($tmpc,	$A);
+			&rotl($B,	&LB("ecx"));
+			&add($B,	$tmp1);
+			if (($i == 7) || ($i == 11))
+				{
+			 &cmp($r,	$i+1);
+			&je(&label("rc5_exit"));
+				}
+			}
+		}
+	else
+		{
+		 &cmp($r,	12);
+		&je(&label("rc5_dec_12"));
+		 &cmp($r,	8);
+		&je(&label("rc5_dec_8"));
+		for ($i=$RC5_MAX_ROUNDS; $i > 0; $i--)
+			{
+			&set_label("rc5_dec_$i") if ($i == 12) || ($i == 8);
+			 &mov($tmp1,	&DWP($i*8+8,$S,"",0));
+			&sub($B,	$tmp1);
+			 &mov($tmpc,	$A);
+			&rotr($B,	&LB("ecx"));
+			&xor($B,	$A);
+
+			 &mov($tmp1,	&DWP($i*8+4,$S,"",0));
+			&sub($A,	$tmp1);
+			 &mov($tmpc,	$B);
+			&rotr($A,	&LB("ecx"));
+			&xor($A,	$B);
+			}
+		 &sub($B,	&DWP(4+4,$S,"",0));
+		&sub($A,	&DWP(4+0,$S,"",0));
+		}
+
+	&set_label("rc5_exit");
+	 &mov(&DWP(0,$tmp4,"",0),$A);
+	&mov(&DWP(4,$tmp4,"",0),$B);
+
+	 &pop("ebx");
+	&pop("edi");
+	 &pop("esi");
+	&pop("ebp");
+	 &ret();
+	&function_end_B($name);
+	}
+
+
diff --git a/crypto/openssl/crypto/rc5/rc5.h b/crypto/openssl/crypto/rc5/rc5.h
new file mode 100644
index 000000000000..38e901502b94
--- /dev/null
+++ b/crypto/openssl/crypto/rc5/rc5.h
@@ -0,0 +1,113 @@
+/* crypto/rc5/rc5.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_RC5_H
+#define HEADER_RC5_H
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#ifdef NO_RC5
+#error RC5 is disabled.
+#endif
+
+#define RC5_ENCRYPT	1
+#define RC5_DECRYPT	0
+
+/* 32 bit.  For Alpha, things may get weird */
+#define RC5_32_INT unsigned long
+
+#define RC5_32_BLOCK		8
+#define RC5_32_KEY_LENGTH	16 /* This is a default, max is 255 */
+
+/* This are the only values supported.  Tweak the code if you want more
+ * The most supported modes will be
+ * RC5-32/12/16
+ * RC5-32/16/8
+ */
+#define RC5_8_ROUNDS	8
+#define RC5_12_ROUNDS	12
+#define RC5_16_ROUNDS	16
+
+typedef struct rc5_key_st
+	{
+	/* Number of rounds */
+	int rounds;
+	RC5_32_INT data[2*(RC5_16_ROUNDS+1)];
+	} RC5_32_KEY;
+
+ 
+void RC5_32_set_key(RC5_32_KEY *key, int len, unsigned char *data,
+	int rounds);
+void RC5_32_ecb_encrypt(unsigned char *in,unsigned char *out,RC5_32_KEY *key,
+	int enc);
+void RC5_32_encrypt(unsigned long *data,RC5_32_KEY *key);
+void RC5_32_decrypt(unsigned long *data,RC5_32_KEY *key);
+void RC5_32_cbc_encrypt(unsigned char *in, unsigned char *out, long length,
+	RC5_32_KEY *ks, unsigned char *iv, int enc);
+void RC5_32_cfb64_encrypt(unsigned char *in, unsigned char *out, long length,
+	RC5_32_KEY *schedule, unsigned char *ivec, int *num, int enc);
+void RC5_32_ofb64_encrypt(unsigned char *in, unsigned char *out, long length,
+	RC5_32_KEY *schedule, unsigned char *ivec, int *num);
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
diff --git a/crypto/openssl/crypto/rc5/rc5_ecb.c b/crypto/openssl/crypto/rc5/rc5_ecb.c
new file mode 100644
index 000000000000..17e877a146a7
--- /dev/null
+++ b/crypto/openssl/crypto/rc5/rc5_ecb.c
@@ -0,0 +1,80 @@
+/* crypto/rc5/rc5_ecb.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "rc5_locl.h"
+#include 
+
+char *RC5_version="RC5" OPENSSL_VERSION_PTEXT;
+
+void RC5_32_ecb_encrypt(unsigned char *in, unsigned char *out, RC5_32_KEY *ks,
+	     int encrypt)
+	{
+	unsigned long l,d[2];
+
+	c2l(in,l); d[0]=l;
+	c2l(in,l); d[1]=l;
+	if (encrypt)
+		RC5_32_encrypt(d,ks);
+	else
+		RC5_32_decrypt(d,ks);
+	l=d[0]; l2c(l,out);
+	l=d[1]; l2c(l,out);
+	l=d[0]=d[1]=0;
+	}
+
diff --git a/crypto/openssl/crypto/rc5/rc5_enc.c b/crypto/openssl/crypto/rc5/rc5_enc.c
new file mode 100644
index 000000000000..1124fd22eb09
--- /dev/null
+++ b/crypto/openssl/crypto/rc5/rc5_enc.c
@@ -0,0 +1,214 @@
+/* crypto/rc5/rc5_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include "rc5_locl.h"
+
+void RC5_32_cbc_encrypt(unsigned char *in, unsigned char *out, long length,
+	     RC5_32_KEY *ks, unsigned char *iv, int encrypt)
+	{
+	register unsigned long tin0,tin1;
+	register unsigned long tout0,tout1,xor0,xor1;
+	register long l=length;
+	unsigned long tin[2];
+
+	if (encrypt)
+		{
+		c2l(iv,tout0);
+		c2l(iv,tout1);
+		iv-=8;
+		for (l-=8; l>=0; l-=8)
+			{
+			c2l(in,tin0);
+			c2l(in,tin1);
+			tin0^=tout0;
+			tin1^=tout1;
+			tin[0]=tin0;
+			tin[1]=tin1;
+			RC5_32_encrypt(tin,ks);
+			tout0=tin[0]; l2c(tout0,out);
+			tout1=tin[1]; l2c(tout1,out);
+			}
+		if (l != -8)
+			{
+			c2ln(in,tin0,tin1,l+8);
+			tin0^=tout0;
+			tin1^=tout1;
+			tin[0]=tin0;
+			tin[1]=tin1;
+			RC5_32_encrypt(tin,ks);
+			tout0=tin[0]; l2c(tout0,out);
+			tout1=tin[1]; l2c(tout1,out);
+			}
+		l2c(tout0,iv);
+		l2c(tout1,iv);
+		}
+	else
+		{
+		c2l(iv,xor0);
+		c2l(iv,xor1);
+		iv-=8;
+		for (l-=8; l>=0; l-=8)
+			{
+			c2l(in,tin0); tin[0]=tin0;
+			c2l(in,tin1); tin[1]=tin1;
+			RC5_32_decrypt(tin,ks);
+			tout0=tin[0]^xor0;
+			tout1=tin[1]^xor1;
+			l2c(tout0,out);
+			l2c(tout1,out);
+			xor0=tin0;
+			xor1=tin1;
+			}
+		if (l != -8)
+			{
+			c2l(in,tin0); tin[0]=tin0;
+			c2l(in,tin1); tin[1]=tin1;
+			RC5_32_decrypt(tin,ks);
+			tout0=tin[0]^xor0;
+			tout1=tin[1]^xor1;
+			l2cn(tout0,tout1,out,l+8);
+			xor0=tin0;
+			xor1=tin1;
+			}
+		l2c(xor0,iv);
+		l2c(xor1,iv);
+		}
+	tin0=tin1=tout0=tout1=xor0=xor1=0;
+	tin[0]=tin[1]=0;
+	}
+
+void RC5_32_encrypt(unsigned long *d, RC5_32_KEY *key)
+	{
+	RC5_32_INT a,b,*s;
+
+	s=key->data;
+
+	a=d[0]+s[0];
+	b=d[1]+s[1];
+	E_RC5_32(a,b,s, 2);
+	E_RC5_32(a,b,s, 4);
+	E_RC5_32(a,b,s, 6);
+	E_RC5_32(a,b,s, 8);
+	E_RC5_32(a,b,s,10);
+	E_RC5_32(a,b,s,12);
+	E_RC5_32(a,b,s,14);
+	E_RC5_32(a,b,s,16);
+	if (key->rounds == 12)
+		{
+		E_RC5_32(a,b,s,18);
+		E_RC5_32(a,b,s,20);
+		E_RC5_32(a,b,s,22);
+		E_RC5_32(a,b,s,24);
+		}
+	else if (key->rounds == 16)
+		{
+		/* Do a full expansion to avoid a jump */
+		E_RC5_32(a,b,s,18);
+		E_RC5_32(a,b,s,20);
+		E_RC5_32(a,b,s,22);
+		E_RC5_32(a,b,s,24);
+		E_RC5_32(a,b,s,26);
+		E_RC5_32(a,b,s,28);
+		E_RC5_32(a,b,s,30);
+		E_RC5_32(a,b,s,32);
+		}
+	d[0]=a;
+	d[1]=b;
+	}
+
+void RC5_32_decrypt(unsigned long *d, RC5_32_KEY *key)
+	{
+	RC5_32_INT a,b,*s;
+
+	s=key->data;
+
+	a=d[0];
+	b=d[1];
+	if (key->rounds == 16) 
+		{
+		D_RC5_32(a,b,s,32);
+		D_RC5_32(a,b,s,30);
+		D_RC5_32(a,b,s,28);
+		D_RC5_32(a,b,s,26);
+		/* Do a full expansion to avoid a jump */
+		D_RC5_32(a,b,s,24);
+		D_RC5_32(a,b,s,22);
+		D_RC5_32(a,b,s,20);
+		D_RC5_32(a,b,s,18);
+		}
+	else if (key->rounds == 12)
+		{
+		D_RC5_32(a,b,s,24);
+		D_RC5_32(a,b,s,22);
+		D_RC5_32(a,b,s,20);
+		D_RC5_32(a,b,s,18);
+		}
+	D_RC5_32(a,b,s,16);
+	D_RC5_32(a,b,s,14);
+	D_RC5_32(a,b,s,12);
+	D_RC5_32(a,b,s,10);
+	D_RC5_32(a,b,s, 8);
+	D_RC5_32(a,b,s, 6);
+	D_RC5_32(a,b,s, 4);
+	D_RC5_32(a,b,s, 2);
+	d[0]=a-s[0];
+	d[1]=b-s[1];
+	}
+
diff --git a/crypto/openssl/crypto/rc5/rc5_locl.h b/crypto/openssl/crypto/rc5/rc5_locl.h
new file mode 100644
index 000000000000..718c6162eab9
--- /dev/null
+++ b/crypto/openssl/crypto/rc5/rc5_locl.h
@@ -0,0 +1,187 @@
+/* crypto/rc5/rc5_locl.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+
+#undef c2l
+#define c2l(c,l)	(l =((unsigned long)(*((c)++)))    , \
+			 l|=((unsigned long)(*((c)++)))<< 8L, \
+			 l|=((unsigned long)(*((c)++)))<<16L, \
+			 l|=((unsigned long)(*((c)++)))<<24L)
+
+/* NOTE - c is not incremented as per c2l */
+#undef c2ln
+#define c2ln(c,l1,l2,n)	{ \
+			c+=n; \
+			l1=l2=0; \
+			switch (n) { \
+			case 8: l2 =((unsigned long)(*(--(c))))<<24L; \
+			case 7: l2|=((unsigned long)(*(--(c))))<<16L; \
+			case 6: l2|=((unsigned long)(*(--(c))))<< 8L; \
+			case 5: l2|=((unsigned long)(*(--(c))));     \
+			case 4: l1 =((unsigned long)(*(--(c))))<<24L; \
+			case 3: l1|=((unsigned long)(*(--(c))))<<16L; \
+			case 2: l1|=((unsigned long)(*(--(c))))<< 8L; \
+			case 1: l1|=((unsigned long)(*(--(c))));     \
+				} \
+			}
+
+#undef l2c
+#define l2c(l,c)	(*((c)++)=(unsigned char)(((l)     )&0xff), \
+			 *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+			 *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+			 *((c)++)=(unsigned char)(((l)>>24L)&0xff))
+
+/* NOTE - c is not incremented as per l2c */
+#undef l2cn
+#define l2cn(l1,l2,c,n)	{ \
+			c+=n; \
+			switch (n) { \
+			case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \
+			case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \
+			case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \
+			case 5: *(--(c))=(unsigned char)(((l2)     )&0xff); \
+			case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \
+			case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \
+			case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \
+			case 1: *(--(c))=(unsigned char)(((l1)     )&0xff); \
+				} \
+			}
+
+/* NOTE - c is not incremented as per n2l */
+#define n2ln(c,l1,l2,n)	{ \
+			c+=n; \
+			l1=l2=0; \
+			switch (n) { \
+			case 8: l2 =((unsigned long)(*(--(c))))    ; \
+			case 7: l2|=((unsigned long)(*(--(c))))<< 8; \
+			case 6: l2|=((unsigned long)(*(--(c))))<<16; \
+			case 5: l2|=((unsigned long)(*(--(c))))<<24; \
+			case 4: l1 =((unsigned long)(*(--(c))))    ; \
+			case 3: l1|=((unsigned long)(*(--(c))))<< 8; \
+			case 2: l1|=((unsigned long)(*(--(c))))<<16; \
+			case 1: l1|=((unsigned long)(*(--(c))))<<24; \
+				} \
+			}
+
+/* NOTE - c is not incremented as per l2n */
+#define l2nn(l1,l2,c,n)	{ \
+			c+=n; \
+			switch (n) { \
+			case 8: *(--(c))=(unsigned char)(((l2)    )&0xff); \
+			case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
+			case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
+			case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
+			case 4: *(--(c))=(unsigned char)(((l1)    )&0xff); \
+			case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
+			case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
+			case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
+				} \
+			}
+
+#undef n2l
+#define n2l(c,l)        (l =((unsigned long)(*((c)++)))<<24L, \
+                         l|=((unsigned long)(*((c)++)))<<16L, \
+                         l|=((unsigned long)(*((c)++)))<< 8L, \
+                         l|=((unsigned long)(*((c)++))))
+
+#undef l2n
+#define l2n(l,c)        (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)     )&0xff))
+
+#if defined(WIN32)
+#define ROTATE_l32(a,n)     _lrotl(a,n)
+#define ROTATE_r32(a,n)     _lrotr(a,n)
+#else
+#define ROTATE_l32(a,n)     (((a)<<(n&0x1f))|(((a)&0xffffffff)>>(32-(n&0x1f))))
+#define ROTATE_r32(a,n)     (((a)<<(32-(n&0x1f)))|(((a)&0xffffffff)>>(n&0x1f)))
+#endif
+
+#define RC5_32_MASK	0xffffffffL
+
+#define RC5_16_P	0xB7E1
+#define RC5_16_Q	0x9E37
+#define RC5_32_P	0xB7E15163L
+#define RC5_32_Q	0x9E3779B9L
+#define RC5_64_P	0xB7E151628AED2A6BLL
+#define RC5_64_Q	0x9E3779B97F4A7C15LL
+
+#define E_RC5_32(a,b,s,n) \
+	a^=b; \
+	a=ROTATE_l32(a,b); \
+	a+=s[n]; \
+	a&=RC5_32_MASK; \
+	b^=a; \
+	b=ROTATE_l32(b,a); \
+	b+=s[n+1]; \
+	b&=RC5_32_MASK;
+
+#define D_RC5_32(a,b,s,n) \
+	b-=s[n+1]; \
+	b&=RC5_32_MASK; \
+	b=ROTATE_r32(b,a); \
+	b^=a; \
+	a-=s[n]; \
+	a&=RC5_32_MASK; \
+	a=ROTATE_r32(a,b); \
+	a^=b;
+
+
+
diff --git a/crypto/openssl/crypto/rc5/rc5_skey.c b/crypto/openssl/crypto/rc5/rc5_skey.c
new file mode 100644
index 000000000000..64e13487bfc6
--- /dev/null
+++ b/crypto/openssl/crypto/rc5/rc5_skey.c
@@ -0,0 +1,113 @@
+/* crypto/rc5/rc5_skey.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "rc5_locl.h"
+
+void RC5_32_set_key(RC5_32_KEY *key, int len, unsigned char *data,
+	     int rounds)
+	{
+	RC5_32_INT L[64],l,ll,A,B,*S,k;
+	int i,j,m,c,t,ii,jj;
+
+	if (	(rounds != RC5_16_ROUNDS) &&
+		(rounds != RC5_12_ROUNDS) &&
+		(rounds != RC5_8_ROUNDS))
+		rounds=RC5_16_ROUNDS;
+
+	key->rounds=rounds;
+	S= &(key->data[0]);
+	j=0;
+	for (i=0; i<=(len-8); i+=8)
+		{
+		c2l(data,l);
+		L[j++]=l;
+		c2l(data,l);
+		L[j++]=l;
+		}
+	ii=len-i;
+	if (ii)
+		{
+		k=len&0x07;
+		c2ln(data,l,ll,k);
+		L[j+0]=l;
+		L[j+1]=ll;
+		}
+
+	c=(len+3)/4;
+	t=(rounds+1)*2;
+	S[0]=RC5_32_P;
+	for (i=1; ic)?t:c;
+	j*=3;
+	ii=jj=0;
+	A=B=0;
+	for (i=0; i= t) ii=0;
+		if (++jj >= c) jj=0;
+		}
+	}
+
diff --git a/crypto/openssl/crypto/rc5/rc5cfb64.c b/crypto/openssl/crypto/rc5/rc5cfb64.c
new file mode 100644
index 000000000000..55e03087e2e0
--- /dev/null
+++ b/crypto/openssl/crypto/rc5/rc5cfb64.c
@@ -0,0 +1,121 @@
+/* crypto/rc5/rc5cfb64.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "rc5_locl.h"
+
+/* The input and output encrypted as though 64bit cfb mode is being
+ * used.  The extra state information to record how much of the
+ * 64bit block we have used is contained in *num;
+ */
+
+void RC5_32_cfb64_encrypt(unsigned char *in, unsigned char *out, long length,
+	     RC5_32_KEY *schedule, unsigned char *ivec, int *num, int encrypt)
+	{
+	register unsigned long v0,v1,t;
+	register int n= *num;
+	register long l=length;
+	unsigned long ti[2];
+	unsigned char *iv,c,cc;
+
+	iv=(unsigned char *)ivec;
+	if (encrypt)
+		{
+		while (l--)
+			{
+			if (n == 0)
+				{
+				c2l(iv,v0); ti[0]=v0;
+				c2l(iv,v1); ti[1]=v1;
+				RC5_32_encrypt((unsigned long *)ti,schedule);
+				iv=(unsigned char *)ivec;
+				t=ti[0]; l2c(t,iv);
+				t=ti[1]; l2c(t,iv);
+				iv=(unsigned char *)ivec;
+				}
+			c= *(in++)^iv[n];
+			*(out++)=c;
+			iv[n]=c;
+			n=(n+1)&0x07;
+			}
+		}
+	else
+		{
+		while (l--)
+			{
+			if (n == 0)
+				{
+				c2l(iv,v0); ti[0]=v0;
+				c2l(iv,v1); ti[1]=v1;
+				RC5_32_encrypt((unsigned long *)ti,schedule);
+				iv=(unsigned char *)ivec;
+				t=ti[0]; l2c(t,iv);
+				t=ti[1]; l2c(t,iv);
+				iv=(unsigned char *)ivec;
+				}
+			cc= *(in++);
+			c=iv[n];
+			iv[n]=cc;
+			*(out++)=c^cc;
+			n=(n+1)&0x07;
+			}
+		}
+	v0=v1=ti[0]=ti[1]=t=c=cc=0;
+	*num=n;
+	}
+
diff --git a/crypto/openssl/crypto/rc5/rc5ofb64.c b/crypto/openssl/crypto/rc5/rc5ofb64.c
new file mode 100644
index 000000000000..fd2ecddf6ca4
--- /dev/null
+++ b/crypto/openssl/crypto/rc5/rc5ofb64.c
@@ -0,0 +1,110 @@
+/* crypto/rc5/rc5ofb64.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "rc5_locl.h"
+
+/* The input and output encrypted as though 64bit ofb mode is being
+ * used.  The extra state information to record how much of the
+ * 64bit block we have used is contained in *num;
+ */
+void RC5_32_ofb64_encrypt(unsigned char *in, unsigned char *out, long length,
+	     RC5_32_KEY *schedule, unsigned char *ivec, int *num)
+	{
+	register unsigned long v0,v1,t;
+	register int n= *num;
+	register long l=length;
+	unsigned char d[8];
+	register char *dp;
+	unsigned long ti[2];
+	unsigned char *iv;
+	int save=0;
+
+	iv=(unsigned char *)ivec;
+	c2l(iv,v0);
+	c2l(iv,v1);
+	ti[0]=v0;
+	ti[1]=v1;
+	dp=(char *)d;
+	l2c(v0,dp);
+	l2c(v1,dp);
+	while (l--)
+		{
+		if (n == 0)
+			{
+			RC5_32_encrypt((unsigned long *)ti,schedule);
+			dp=(char *)d;
+			t=ti[0]; l2c(t,dp);
+			t=ti[1]; l2c(t,dp);
+			save++;
+			}
+		*(out++)= *(in++)^d[n];
+		n=(n+1)&0x07;
+		}
+	if (save)
+		{
+		v0=ti[0];
+		v1=ti[1];
+		iv=(unsigned char *)ivec;
+		l2c(v0,iv);
+		l2c(v1,iv);
+		}
+	t=v0=v1=ti[0]=ti[1]=0;
+	*num=n;
+	}
+
diff --git a/crypto/openssl/crypto/rc5/rc5s.cpp b/crypto/openssl/crypto/rc5/rc5s.cpp
new file mode 100644
index 000000000000..1c5518bc8045
--- /dev/null
+++ b/crypto/openssl/crypto/rc5/rc5s.cpp
@@ -0,0 +1,70 @@
+//
+// gettsc.inl
+//
+// gives access to the Pentium's (secret) cycle counter
+//
+// This software was written by Leonard Janke (janke@unixg.ubc.ca)
+// in 1996-7 and is entered, by him, into the public domain.
+
+#if defined(__WATCOMC__)
+void GetTSC(unsigned long&);
+#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
+#elif defined(__GNUC__)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  asm volatile(".byte 15, 49\n\t"
+	       : "=eax" (tsc)
+	       :
+	       : "%edx", "%eax");
+}
+#elif defined(_MSC_VER)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  unsigned long a;
+  __asm _emit 0fh
+  __asm _emit 31h
+  __asm mov a, eax;
+  tsc=a;
+}
+#endif      
+
+#include 
+#include 
+#include 
+
+void main(int argc,char *argv[])
+	{
+	RC5_32_KEY key;
+	unsigned long s1,s2,e1,e2;
+	unsigned long data[2];
+	int i,j;
+	static unsigned char d[16]={0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF};
+
+	RC5_32_set_key(&key, 16,d,12);
+
+	for (j=0; j<6; j++)
+		{
+		for (i=0; i<1000; i++) /**/
+			{
+			RC5_32_encrypt(&data[0],&key);
+			GetTSC(s1);
+			RC5_32_encrypt(&data[0],&key);
+			RC5_32_encrypt(&data[0],&key);
+			RC5_32_encrypt(&data[0],&key);
+			GetTSC(e1);
+			GetTSC(s2);
+			RC5_32_encrypt(&data[0],&key);
+			RC5_32_encrypt(&data[0],&key);
+			RC5_32_encrypt(&data[0],&key);
+			RC5_32_encrypt(&data[0],&key);
+			GetTSC(e2);
+			RC5_32_encrypt(&data[0],&key);
+			}
+
+		printf("cast %d %d (%d)\n",
+			e1-s1,e2-s2,((e2-s2)-(e1-s1)));
+		}
+	}
+
diff --git a/crypto/openssl/crypto/rc5/rc5speed.c b/crypto/openssl/crypto/rc5/rc5speed.c
new file mode 100644
index 000000000000..c5636627f6e2
--- /dev/null
+++ b/crypto/openssl/crypto/rc5/rc5speed.c
@@ -0,0 +1,274 @@
+/* crypto/rc5/rc5speed.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* 11-Sep-92 Andrew Daviel   Support for Silicon Graphics IRIX added */
+/* 06-Apr-92 Luke Brennan    Support for VMS and add extra signal calls */
+
+#if !defined(MSDOS) && (!defined(VMS) || defined(__DECC))
+#define TIMES
+#endif
+
+#include 
+
+#include 
+#include OPENSSL_UNISTD_IO
+OPENSSL_DECLARE_EXIT
+
+#include 
+#ifndef _IRIX
+#include 
+#endif
+#ifdef TIMES
+#include 
+#include 
+#endif
+
+/* Depending on the VMS version, the tms structure is perhaps defined.
+   The __TMS macro will show if it was.  If it wasn't defined, we should
+   undefine TIMES, since that tells the rest of the program how things
+   should be handled.				-- Richard Levitte */
+#if defined(VMS) && defined(__DECC) && !defined(__TMS)
+#undef TIMES
+#endif
+
+#ifndef TIMES
+#include 
+#endif
+
+#if defined(sun) || defined(__ultrix)
+#define _POSIX_SOURCE
+#include 
+#include 
+#endif
+
+#include 
+
+/* The following if from times(3) man page.  It may need to be changed */
+#ifndef HZ
+#ifndef CLK_TCK
+#define HZ	100.0
+#else /* CLK_TCK */
+#define HZ ((double)CLK_TCK)
+#endif
+#endif
+
+#define BUFSIZE	((long)1024)
+long run=0;
+
+double Time_F(int s);
+#ifdef SIGALRM
+#if defined(__STDC__) || defined(sgi) || defined(_AIX)
+#define SIGRETTYPE void
+#else
+#define SIGRETTYPE int
+#endif
+
+SIGRETTYPE sig_done(int sig);
+SIGRETTYPE sig_done(int sig)
+	{
+	signal(SIGALRM,sig_done);
+	run=0;
+#ifdef LINT
+	sig=sig;
+#endif
+	}
+#endif
+
+#define START	0
+#define STOP	1
+
+double Time_F(int s)
+	{
+	double ret;
+#ifdef TIMES
+	static struct tms tstart,tend;
+
+	if (s == START)
+		{
+		times(&tstart);
+		return(0);
+		}
+	else
+		{
+		times(&tend);
+		ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
+		return((ret == 0.0)?1e-6:ret);
+		}
+#else /* !times() */
+	static struct timeb tstart,tend;
+	long i;
+
+	if (s == START)
+		{
+		ftime(&tstart);
+		return(0);
+		}
+	else
+		{
+		ftime(&tend);
+		i=(long)tend.millitm-(long)tstart.millitm;
+		ret=((double)(tend.time-tstart.time))+((double)i)/1e3;
+		return((ret == 0.0)?1e-6:ret);
+		}
+#endif
+	}
+
+int main(int argc, char **argv)
+	{
+	long count;
+	static unsigned char buf[BUFSIZE];
+	static unsigned char key[] ={
+			0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
+			0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10,
+			};
+	RC5_32_KEY sch;
+	double a,b,c,d;
+#ifndef SIGALRM
+	long ca,cb,cc;
+#endif
+
+#ifndef TIMES
+	printf("To get the most acurate results, try to run this\n");
+	printf("program when this computer is idle.\n");
+#endif
+
+#ifndef SIGALRM
+	printf("First we calculate the approximate speed ...\n");
+	RC5_32_set_key(&sch,16,key,12);
+	count=10;
+	do	{
+		long i;
+		unsigned long data[2];
+
+		count*=2;
+		Time_F(START);
+		for (i=count; i; i--)
+			RC5_32_encrypt(data,&sch);
+		d=Time_F(STOP);
+		} while (d < 3.0);
+	ca=count/512;
+	cb=count;
+	cc=count*8/BUFSIZE+1;
+	printf("Doing RC5_32_set_key %ld times\n",ca);
+#define COND(d)	(count != (d))
+#define COUNT(d) (d)
+#else
+#define COND(c)	(run)
+#define COUNT(d) (count)
+	signal(SIGALRM,sig_done);
+	printf("Doing RC5_32_set_key for 10 seconds\n");
+	alarm(10);
+#endif
+
+	Time_F(START);
+	for (count=0,run=1; COND(ca); count+=4)
+		{
+		RC5_32_set_key(&sch,16,key,12);
+		RC5_32_set_key(&sch,16,key,12);
+		RC5_32_set_key(&sch,16,key,12);
+		RC5_32_set_key(&sch,16,key,12);
+		}
+	d=Time_F(STOP);
+	printf("%ld RC5_32_set_key's in %.2f seconds\n",count,d);
+	a=((double)COUNT(ca))/d;
+
+#ifdef SIGALRM
+	printf("Doing RC5_32_encrypt's for 10 seconds\n");
+	alarm(10);
+#else
+	printf("Doing RC5_32_encrypt %ld times\n",cb);
+#endif
+	Time_F(START);
+	for (count=0,run=1; COND(cb); count+=4)
+		{
+		unsigned long data[2];
+
+		RC5_32_encrypt(data,&sch);
+		RC5_32_encrypt(data,&sch);
+		RC5_32_encrypt(data,&sch);
+		RC5_32_encrypt(data,&sch);
+		}
+	d=Time_F(STOP);
+	printf("%ld RC5_32_encrypt's in %.2f second\n",count,d);
+	b=((double)COUNT(cb)*8)/d;
+
+#ifdef SIGALRM
+	printf("Doing RC5_32_cbc_encrypt on %ld byte blocks for 10 seconds\n",
+		BUFSIZE);
+	alarm(10);
+#else
+	printf("Doing RC5_32_cbc_encrypt %ld times on %ld byte blocks\n",cc,
+		BUFSIZE);
+#endif
+	Time_F(START);
+	for (count=0,run=1; COND(cc); count++)
+		RC5_32_cbc_encrypt(buf,buf,BUFSIZE,&sch,
+			&(key[0]),RC5_ENCRYPT);
+	d=Time_F(STOP);
+	printf("%ld RC5_32_cbc_encrypt's of %ld byte blocks in %.2f second\n",
+		count,BUFSIZE,d);
+	c=((double)COUNT(cc)*BUFSIZE)/d;
+
+	printf("RC5_32/12/16 set_key       per sec = %12.2f (%9.3fuS)\n",a,1.0e6/a);
+	printf("RC5_32/12/16 raw ecb bytes per sec = %12.2f (%9.3fuS)\n",b,8.0e6/b);
+	printf("RC5_32/12/16 cbc     bytes per sec = %12.2f (%9.3fuS)\n",c,8.0e6/c);
+	exit(0);
+#if defined(LINT) || defined(MSDOS)
+	return(0);
+#endif
+	}
diff --git a/crypto/openssl/crypto/rc5/rc5test.c b/crypto/openssl/crypto/rc5/rc5test.c
new file mode 100644
index 000000000000..d8192846077c
--- /dev/null
+++ b/crypto/openssl/crypto/rc5/rc5test.c
@@ -0,0 +1,384 @@
+/* crypto/rc5/rc5test.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* This has been a quickly hacked 'ideatest.c'.  When I add tests for other
+ * RC5 modes, more of the code will be uncommented. */
+
+#include 
+#include 
+#include 
+
+#ifdef NO_RC5
+int main(int argc, char *argv[])
+{
+    printf("No RC5 support\n");
+    return(0);
+}
+#else
+#include 
+
+unsigned char RC5key[5][16]={
+	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+	 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+	{0x91,0x5f,0x46,0x19,0xbe,0x41,0xb2,0x51,
+	 0x63,0x55,0xa5,0x01,0x10,0xa9,0xce,0x91},
+	{0x78,0x33,0x48,0xe7,0x5a,0xeb,0x0f,0x2f,
+	 0xd7,0xb1,0x69,0xbb,0x8d,0xc1,0x67,0x87},
+	{0xdc,0x49,0xdb,0x13,0x75,0xa5,0x58,0x4f,
+	 0x64,0x85,0xb4,0x13,0xb5,0xf1,0x2b,0xaf},
+	{0x52,0x69,0xf1,0x49,0xd4,0x1b,0xa0,0x15,
+	 0x24,0x97,0x57,0x4d,0x7f,0x15,0x31,0x25},
+	};
+
+unsigned char RC5plain[5][8]={
+	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+	{0x21,0xA5,0xDB,0xEE,0x15,0x4B,0x8F,0x6D},
+	{0xF7,0xC0,0x13,0xAC,0x5B,0x2B,0x89,0x52},
+	{0x2F,0x42,0xB3,0xB7,0x03,0x69,0xFC,0x92},
+	{0x65,0xC1,0x78,0xB2,0x84,0xD1,0x97,0xCC},
+	};
+
+unsigned char RC5cipher[5][8]={
+	{0x21,0xA5,0xDB,0xEE,0x15,0x4B,0x8F,0x6D},
+	{0xF7,0xC0,0x13,0xAC,0x5B,0x2B,0x89,0x52},
+	{0x2F,0x42,0xB3,0xB7,0x03,0x69,0xFC,0x92},
+	{0x65,0xC1,0x78,0xB2,0x84,0xD1,0x97,0xCC},
+	{0xEB,0x44,0xE4,0x15,0xDA,0x31,0x98,0x24},
+	};
+
+#define RC5_CBC_NUM 27
+unsigned char rc5_cbc_cipher[RC5_CBC_NUM][8]={
+	{0x7a,0x7b,0xba,0x4d,0x79,0x11,0x1d,0x1e},
+	{0x79,0x7b,0xba,0x4d,0x78,0x11,0x1d,0x1e},
+	{0x7a,0x7b,0xba,0x4d,0x79,0x11,0x1d,0x1f},
+	{0x7a,0x7b,0xba,0x4d,0x79,0x11,0x1d,0x1f},
+	{0x8b,0x9d,0xed,0x91,0xce,0x77,0x94,0xa6},
+	{0x2f,0x75,0x9f,0xe7,0xad,0x86,0xa3,0x78},
+	{0xdc,0xa2,0x69,0x4b,0xf4,0x0e,0x07,0x88},
+	{0xdc,0xa2,0x69,0x4b,0xf4,0x0e,0x07,0x88},
+	{0xdc,0xfe,0x09,0x85,0x77,0xec,0xa5,0xff},
+	{0x96,0x46,0xfb,0x77,0x63,0x8f,0x9c,0xa8},
+	{0xb2,0xb3,0x20,0x9d,0xb6,0x59,0x4d,0xa4},
+	{0x54,0x5f,0x7f,0x32,0xa5,0xfc,0x38,0x36},
+	{0x82,0x85,0xe7,0xc1,0xb5,0xbc,0x74,0x02},
+	{0xfc,0x58,0x6f,0x92,0xf7,0x08,0x09,0x34},
+	{0xcf,0x27,0x0e,0xf9,0x71,0x7f,0xf7,0xc4},
+	{0xe4,0x93,0xf1,0xc1,0xbb,0x4d,0x6e,0x8c},
+	{0x5c,0x4c,0x04,0x1e,0x0f,0x21,0x7a,0xc3},
+	{0x92,0x1f,0x12,0x48,0x53,0x73,0xb4,0xf7},
+	{0x5b,0xa0,0xca,0x6b,0xbe,0x7f,0x5f,0xad},
+	{0xc5,0x33,0x77,0x1c,0xd0,0x11,0x0e,0x63},
+	{0x29,0x4d,0xdb,0x46,0xb3,0x27,0x8d,0x60},
+	{0xda,0xd6,0xbd,0xa9,0xdf,0xe8,0xf7,0xe8},
+	{0x97,0xe0,0x78,0x78,0x37,0xed,0x31,0x7f},
+	{0x78,0x75,0xdb,0xf6,0x73,0x8c,0x64,0x78},
+	{0x8f,0x34,0xc3,0xc6,0x81,0xc9,0x96,0x95},
+	{0x7c,0xb3,0xf1,0xdf,0x34,0xf9,0x48,0x11},
+	{0x7f,0xd1,0xa0,0x23,0xa5,0xbb,0xa2,0x17},
+	};
+
+unsigned char rc5_cbc_key[RC5_CBC_NUM][17]={
+	{ 1,0x00},
+	{ 1,0x00},
+	{ 1,0x00},
+	{ 1,0x00},
+	{ 1,0x00},
+	{ 1,0x11},
+	{ 1,0x00},
+	{ 4,0x00,0x00,0x00,0x00},
+	{ 1,0x00},
+	{ 1,0x00},
+	{ 1,0x00},
+	{ 1,0x00},
+	{ 4,0x01,0x02,0x03,0x04},
+	{ 4,0x01,0x02,0x03,0x04},
+	{ 4,0x01,0x02,0x03,0x04},
+	{ 8,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08},
+	{ 8,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08},
+	{ 8,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08},
+	{ 8,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08},
+	{16,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
+	    0x10,0x20,0x30,0x40,0x50,0x60,0x70,0x80},
+	{16,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
+	    0x10,0x20,0x30,0x40,0x50,0x60,0x70,0x80},
+	{16,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
+	    0x10,0x20,0x30,0x40,0x50,0x60,0x70,0x80},
+	{ 5,0x01,0x02,0x03,0x04,0x05},
+	{ 5,0x01,0x02,0x03,0x04,0x05},
+	{ 5,0x01,0x02,0x03,0x04,0x05},
+	{ 5,0x01,0x02,0x03,0x04,0x05},
+	{ 5,0x01,0x02,0x03,0x04,0x05},
+	};
+
+unsigned char rc5_cbc_plain[RC5_CBC_NUM][8]={
+	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+	{0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff},
+	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01},
+	{0x10,0x20,0x30,0x40,0x50,0x60,0x70,0x80},
+	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+	{0x10,0x20,0x30,0x40,0x50,0x60,0x70,0x80},
+	{0x10,0x20,0x30,0x40,0x50,0x60,0x70,0x80},
+	{0x10,0x20,0x30,0x40,0x50,0x60,0x70,0x80},
+	{0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff},
+	{0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff},
+	{0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff},
+	{0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff},
+	{0x10,0x20,0x30,0x40,0x50,0x60,0x70,0x80},
+	{0x10,0x20,0x30,0x40,0x50,0x60,0x70,0x80},
+	{0x10,0x20,0x30,0x40,0x50,0x60,0x70,0x80},
+	{0x10,0x20,0x30,0x40,0x50,0x60,0x70,0x80},
+	{0x10,0x20,0x30,0x40,0x50,0x60,0x70,0x80},
+	{0x10,0x20,0x30,0x40,0x50,0x60,0x70,0x80},
+	{0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff},
+	{0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff},
+	{0x08,0x08,0x08,0x08,0x08,0x08,0x08,0x08},
+	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+	{0x11,0x22,0x33,0x44,0x55,0x66,0x77,0x01},
+	};
+
+int rc5_cbc_rounds[RC5_CBC_NUM]={
+	 0, 0, 0, 0, 0, 1, 2, 2,
+	 8, 8,12,16, 8,12,16,12,
+	 8,12,16, 8,12,16,12, 8,
+	 8, 8, 8,
+	};
+
+unsigned char rc5_cbc_iv[RC5_CBC_NUM][8]={
+	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01},
+	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+	{0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08},
+	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+	{0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08},
+	{0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08},
+	{0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08},
+	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+	{0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08},
+	{0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08},
+	{0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08},
+	{0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08},
+	{0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08},
+	{0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08},
+	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+	{0x78,0x75,0xdb,0xf6,0x73,0x8c,0x64,0x78},
+	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+	{0x7c,0xb3,0xf1,0xdf,0x34,0xf9,0x48,0x11},
+	};
+
+int main(int argc, char *argv[])
+	{
+	int i,n,err=0;
+	RC5_32_KEY key; 
+	unsigned char buf[8],buf2[8],ivb[8];
+
+	for (n=0; n<5; n++)
+		{
+		RC5_32_set_key(&key,16,&(RC5key[n][0]),12);
+
+		RC5_32_ecb_encrypt(&(RC5plain[n][0]),buf,&key,RC5_ENCRYPT);
+		if (memcmp(&(RC5cipher[n][0]),buf,8) != 0)
+			{
+			printf("ecb RC5 error encrypting (%d)\n",n+1);
+			printf("got     :");
+			for (i=0; i<8; i++)
+				printf("%02X ",buf[i]);
+			printf("\n");
+			printf("expected:");
+			for (i=0; i<8; i++)
+				printf("%02X ",RC5cipher[n][i]);
+			err=20;
+			printf("\n");
+			}
+
+		RC5_32_ecb_encrypt(buf,buf2,&key,RC5_DECRYPT);
+		if (memcmp(&(RC5plain[n][0]),buf2,8) != 0)
+			{
+			printf("ecb RC5 error decrypting (%d)\n",n+1);
+			printf("got     :");
+			for (i=0; i<8; i++)
+				printf("%02X ",buf2[i]);
+			printf("\n");
+			printf("expected:");
+			for (i=0; i<8; i++)
+				printf("%02X ",RC5plain[n][i]);
+			printf("\n");
+			err=3;
+			}
+		}
+	if (err == 0) printf("ecb RC5 ok\n");
+
+	for (n=0; n>4)&0xf];
+		ret[i*2+1]=f[p[i]&0xf];
+		}
+	ret[16]='\0';
+	return(ret);
+	}
+	
+#endif
+#endif
diff --git a/crypto/openssl/crypto/ripemd/Makefile.ssl b/crypto/openssl/crypto/ripemd/Makefile.ssl
new file mode 100644
index 000000000000..b7cd25f1233f
--- /dev/null
+++ b/crypto/openssl/crypto/ripemd/Makefile.ssl
@@ -0,0 +1,107 @@
+#
+# SSLeay/crypto/ripemd/Makefile
+#
+
+DIR=    ripemd
+TOP=    ../..
+CC=     cc
+CPP=    $(CC) -E
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+RIP_ASM_OBJ=
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=rmdtest.c
+APPS=rmd160.c
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=rmd_dgst.c rmd_one.c
+LIBOBJ=rmd_dgst.o rmd_one.o $(RMD160_ASM_OBJ)
+
+SRC= $(LIBSRC)
+
+EXHEADER= ripemd.h
+HEADER= rmd_locl.h rmdconst.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+	$(AR) $(LIB) $(LIBOBJ)
+	$(RANLIB) $(LIB)
+	@touch lib
+
+# elf
+asm/rm86-elf.o: asm/rm86unix.cpp
+	$(CPP) -DELF asm/rm86unix.cpp | as -o asm/rm86-elf.o
+
+# solaris
+asm/rm86-sol.o: asm/rm86unix.cpp
+	$(CC) -E -DSOL asm/rm86unix.cpp | sed 's/^#.*//' > asm/rm86-sol.s
+	as -o asm/rm86-sol.o asm/rm86-sol.s
+	rm -f asm/rm86-sol.s
+
+# a.out
+asm/rm86-out.o: asm/rm86unix.cpp
+	$(CPP) -DOUT asm/rm86unix.cpp | as -o asm/rm86-out.o
+
+# bsdi
+asm/rm86bsdi.o: asm/rm86unix.cpp
+	$(CPP) -DBSDI asm/rm86unix.cpp | sed 's/ :/:/' | as -o asm/rm86bsdi.o
+
+asm/rm86unix.cpp: asm/rmd-586.pl
+	(cd asm; $(PERL) rmd-586.pl cpp >rm86unix.cpp)
+
+files:
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+	@for i in $(EXHEADER) ; \
+	do  \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+	done;
+
+tags:
+	ctags $(SRC)
+
+tests:
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+
+dclean:
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	rm -f asm/rm86unix.cpp *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+rmd_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ripemd.h
+rmd_dgst.o: rmd_locl.h rmdconst.h
+rmd_one.o: ../../include/openssl/ripemd.h rmd_locl.h rmdconst.h
diff --git a/crypto/openssl/crypto/ripemd/Makefile.uni b/crypto/openssl/crypto/ripemd/Makefile.uni
new file mode 100644
index 000000000000..5310020eb11a
--- /dev/null
+++ b/crypto/openssl/crypto/ripemd/Makefile.uni
@@ -0,0 +1,109 @@
+# Targets
+# make          - twidle the options yourself :-)
+# make cc       - standard cc options
+# make gcc      - standard gcc options
+# make x86-elf  - linux-elf etc
+# make x86-out  - linux-a.out, FreeBSD etc
+# make x86-solaris
+# make x86-bdsi
+
+DIR=    md5
+TOP=    .
+CC=     gcc
+CFLAG=	-O3 -fomit-frame-pointer
+
+CPP=    $(CC) -E
+INCLUDES=
+INSTALLTOP=/usr/local/lib
+MAKE=           make
+MAKEDEPEND=     makedepend
+MAKEFILE=       Makefile.uni
+AR=             ar r
+
+MD5_ASM_OBJ=
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=md5test
+APPS=md5
+
+LIB=libmd5.a
+LIBSRC=md5_dgst.c md5_one.c
+LIBOBJ=md5_dgst.o md5_one.o $(MD5_ASM_OBJ)
+
+SRC= $(LIBSRC)
+
+EXHEADER= md5.h
+HEADER= md5_locl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+all:    $(LIB) $(TEST) $(APPS)
+
+$(LIB):    $(LIBOBJ)
+	$(AR) $(LIB) $(LIBOBJ)
+	$(RANLIB) $(LIB)
+
+# elf
+asm/mx86-elf.o: asm/mx86unix.cpp
+	$(CPP) -DELF asm/mx86unix.cpp | as -o asm/mx86-elf.o
+
+# solaris
+asm/mx86-sol.o: asm/mx86unix.cpp
+	$(CC) -E -DSOL asm/mx86unix.cpp | sed 's/^#.*//' > asm/mx86-sol.s
+	as -o asm/mx86-sol.o asm/mx86-sol.s
+	rm -f asm/mx86-sol.s
+
+# a.out
+asm/mx86-out.o: asm/mx86unix.cpp
+	$(CPP) -DOUT asm/mx86unix.cpp | as -o asm/mx86-out.o
+
+# bsdi
+asm/mx86bsdi.o: asm/mx86unix.cpp
+	$(CPP) -DBSDI asm/mx86unix.cpp | as -o asm/mx86bsdi.o
+
+asm/mx86unix.cpp:
+	(cd asm; perl md5-586.pl cpp >mx86unix.cpp)
+
+test:	$(TEST)
+	./$(TEST)
+
+$(TEST): $(TEST).c $(LIB)
+	$(CC) -o $(TEST) $(CFLAGS) $(TEST).c $(LIB)
+
+$(APPS): $(APPS).c $(LIB)
+	$(CC) -o $(APPS) $(CFLAGS) $(APPS).c $(LIB)
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+
+dclean:
+	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	/bin/rm -f $(LIB) $(TEST) $(APPS) *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+cc:
+	$(MAKE) MD5_ASM_OBJ="" CC="cc" CFLAG="-O" all
+
+gcc:
+	$(MAKE) MD5_ASM_OBJ="" CC="gcc" CFLAGS="-O3 -fomit-frame-pointer" all
+
+x86-elf:
+	$(MAKE) MD5_ASM_OBJ="asm/mx86-elf.o" CFLAG="-DELF -DMD5_ASM -DL_ENDIAN $(CFLAGS)" all
+
+x86-out:
+	$(MAKE) MD5_ASM_OBJ="asm/mx86-out.o" CFLAG="-DOUT -DMD5_ASM -DL_ENDIAN $(CFLAGS)" all
+
+x86-solaris:
+	$(MAKE) MD5_ASM_OBJ="asm/mx86-sol.o" CFLAG="-DSOL -DMD5_ASM -DL_ENDIAN $(CFLAGS)" all
+
+x86-bdsi:
+	$(MAKE) MD5_ASM_OBJ="asm/mx86-bdsi.o" CFLAG="-DBDSI -DMD5_ASM -DL_ENDIAN $(CFLAGS)" all
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/openssl/crypto/ripemd/README b/crypto/openssl/crypto/ripemd/README
new file mode 100644
index 000000000000..70977072649e
--- /dev/null
+++ b/crypto/openssl/crypto/ripemd/README
@@ -0,0 +1,15 @@
+RIPEMD-160
+http://www.esat.kuleuven.ac.be/~bosselae/ripemd160.html
+
+This is my implementation of RIPEMD-160.  The pentium assember is a little
+off the pace since I only get 1050 cycles, while the best is 1013.
+I have a few ideas for how to get another 20 or so cycles, but at
+this point I will not bother right now.  I belive the trick will be
+to remove my 'copy X array onto stack' until inside the RIP1() finctions the
+first time round.  To do this I need another register and will only have one
+temporary one.  A bit tricky....  I can also cleanup the saving of the 5 words
+after the first half of the calculation.  I should read the origional
+value, add then write.  Currently I just save the new and read the origioal.
+I then read both at the end.  Bad.
+
+eric (20-Jan-1998)
diff --git a/crypto/openssl/crypto/ripemd/asm/rips.cpp b/crypto/openssl/crypto/ripemd/asm/rips.cpp
new file mode 100644
index 000000000000..321a98443e5e
--- /dev/null
+++ b/crypto/openssl/crypto/ripemd/asm/rips.cpp
@@ -0,0 +1,78 @@
+//
+// gettsc.inl
+//
+// gives access to the Pentium's (secret) cycle counter
+//
+// This software was written by Leonard Janke (janke@unixg.ubc.ca)
+// in 1996-7 and is entered, by him, into the public domain.
+
+#if defined(__WATCOMC__)
+void GetTSC(unsigned long&);
+#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
+#elif defined(__GNUC__)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  asm volatile(".byte 15, 49\n\t"
+	       : "=eax" (tsc)
+	       :
+	       : "%edx", "%eax");
+}
+#elif defined(_MSC_VER)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  unsigned long a;
+  __asm _emit 0fh
+  __asm _emit 31h
+  __asm mov a, eax;
+  tsc=a;
+}
+#endif      
+
+#include 
+#include 
+#include 
+
+extern "C" {
+void ripemd160_block_x86(RIPEMD160_CTX *ctx, unsigned char *buffer,int num);
+}
+
+void main(int argc,char *argv[])
+	{
+	unsigned char buffer[64*256];
+	RIPEMD160_CTX ctx;
+	unsigned long s1,s2,e1,e2;
+	unsigned char k[16];
+	unsigned long data[2];
+	unsigned char iv[8];
+	int i,num=0,numm;
+	int j=0;
+
+	if (argc >= 2)
+		num=atoi(argv[1]);
+
+	if (num == 0) num=16;
+	if (num > 250) num=16;
+	numm=num+2;
+	num*=64;
+	numm*=64;
+
+	for (j=0; j<6; j++)
+		{
+		for (i=0; i<10; i++) /**/
+			{
+			ripemd160_block_x86(&ctx,buffer,numm);
+			GetTSC(s1);
+			ripemd160_block_x86(&ctx,buffer,numm);
+			GetTSC(e1);
+			GetTSC(s2);
+			ripemd160_block_x86(&ctx,buffer,num);
+			GetTSC(e2);
+			ripemd160_block_x86(&ctx,buffer,num);
+			}
+		printf("ripemd160 (%d bytes) %d %d (%.2f)\n",num,
+			e1-s1,e2-s2,(double)((e1-s1)-(e2-s2))/2);
+		}
+	}
+
diff --git a/crypto/openssl/crypto/ripemd/asm/rmd-586.pl b/crypto/openssl/crypto/ripemd/asm/rmd-586.pl
new file mode 100644
index 000000000000..e53c5fadba71
--- /dev/null
+++ b/crypto/openssl/crypto/ripemd/asm/rmd-586.pl
@@ -0,0 +1,582 @@
+#!/usr/local/bin/perl
+
+# Normal is the
+# ripemd160_block_x86(MD5_CTX *c, ULONG *X);
+# version, non-normal is the
+# ripemd160_block_x86(MD5_CTX *c, ULONG *X,int blocks);
+
+$normal=0;
+
+push(@INC,"perlasm","../../perlasm");
+require "x86asm.pl";
+
+&asm_init($ARGV[0],$0);
+
+$A="eax";
+$B="ebx";
+$C="ecx";
+$D="edx";
+$E="ebp";
+$tmp1="esi";
+$tmp2="edi";
+
+$KL1=0x5A827999;
+$KL2=0x6ED9EBA1;
+$KL3=0x8F1BBCDC;
+$KL4=0xA953FD4E;
+$KR0=0x50A28BE6;
+$KR1=0x5C4DD124; 
+$KR2=0x6D703EF3;
+$KR3=0x7A6D76E9;
+
+
+@wl=(	 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,10,11,12,13,14,15,
+	 7, 4,13, 1,10, 6,15, 3,12, 0, 9, 5, 2,14,11, 8,
+	 3,10,14, 4, 9,15, 8, 1, 2, 7, 0, 6,13,11, 5,12,
+	 1, 9,11,10, 0, 8,12, 4,13, 3, 7,15,14, 5, 6, 2,
+	 4, 0, 5, 9, 7,12, 2,10,14, 1, 3, 8,11, 6,15,13,
+	 );
+
+@wr=(	 5,14, 7, 0, 9, 2,11, 4,13, 6,15, 8, 1,10, 3,12,
+	 6,11, 3, 7, 0,13, 5,10,14,15, 8,12, 4, 9, 1, 2,
+	15, 5, 1, 3, 7,14, 6, 9,11, 8,12, 2,10, 0, 4,13,
+	 8, 6, 4, 1, 3,11,15, 0, 5,12, 2,13, 9, 7,10,14,
+	12,15,10, 4, 1, 5, 8, 7, 6, 2,13,14, 0, 3, 9,11,
+	);
+
+@sl=(	11,14,15,12, 5, 8, 7, 9,11,13,14,15, 6, 7, 9, 8,
+	 7, 6, 8,13,11, 9, 7,15, 7,12,15, 9,11, 7,13,12,
+	11,13, 6, 7,14, 9,13,15,14, 8,13, 6, 5,12, 7, 5,
+	11,12,14,15,14,15, 9, 8, 9,14, 5, 6, 8, 6, 5,12,
+	 9,15, 5,11, 6, 8,13,12, 5,12,13,14,11, 8, 5, 6,
+	 );
+
+@sr=(	 8, 9, 9,11,13,15,15, 5, 7, 7, 8,11,14,14,12, 6,
+	 9,13,15, 7,12, 8, 9,11, 7, 7,12, 7, 6,15,13,11,
+	 9, 7,15,11, 8, 6, 6,14,12,13, 5,14,13,13, 7, 5,
+	15, 5, 8,11,14,14, 6,14, 6, 9,12, 9,12, 5,15, 8,
+	 8, 5,12, 9,12, 5,14, 6, 8,13, 6, 5,15,13,11,11,
+ 	);
+
+&ripemd160_block("ripemd160_block_x86");
+&asm_finish();
+
+sub Xv
+	{
+	local($n)=@_;
+	return(&swtmp($n+1));
+	# tmp on stack
+	}
+
+sub Np
+	{
+	local($p)=@_;
+	local(%n)=($A,$E,$B,$A,$C,$B,$D,$C,$E,$D);
+	return($n{$p});
+	}
+
+sub RIP1
+	{
+	local($a,$b,$c,$d,$e,$pos,$s,$o,$pos2)=@_;
+
+	&comment($p++);
+	if ($p & 1)
+		{
+	 &mov($tmp1,	$c) if $o == -1;
+	&xor($tmp1,	$d) if $o == -1;
+	 &mov($tmp2,	&Xv($pos));
+	&xor($tmp1,	$b);
+	 &add($a,	$tmp2);
+	&rotl($c,	10);
+	&add($a,	$tmp1);
+	 &mov($tmp1,	&Np($c));	# NEXT
+	 # XXX
+	&rotl($a,	$s);
+	&add($a,	$e);
+		}
+	else
+		{
+	 &xor($tmp1,	$d);
+	&mov($tmp2,	&Xv($pos));
+	 &xor($tmp1,	$b);
+	&add($a,	$tmp1);
+	 &mov($tmp1,	&Np($c)) if $o <= 0;
+	 &mov($tmp1,	-1) if $o == 1;
+	 # XXX if $o == 2;
+	&rotl($c,	10);
+	&add($a,	$tmp2);
+	 &xor($tmp1,	&Np($d)) if $o <= 0;
+	 &mov($tmp2,	&Xv($pos2)) if $o == 1;
+	 &mov($tmp2,	&wparam(0)) if $o == 2;
+	&rotl($a,	$s);
+	&add($a,	$e);
+		}
+	}
+
+sub RIP2
+	{
+	local($a,$b,$c,$d,$e,$pos,$pos2,$s,$K,$o)=@_;
+
+# XXXXXX
+	&comment($p++);
+	if ($p & 1)
+		{
+#	 &mov($tmp2,	&Xv($pos)) if $o < -1;
+#	&mov($tmp1,	-1) if $o < -1;
+
+	 &add($a,	$tmp2);
+	&mov($tmp2,	$c);
+	 &sub($tmp1,	$b);
+	&and($tmp2,	$b);
+	 &and($tmp1,	$d);
+	&or($tmp2,	$tmp1);
+	 &mov($tmp1,	&Xv($pos2)) if $o <= 0; # XXXXXXXXXXXXXX
+	 # XXX
+	&rotl($c,	10);
+	&lea($a,	&DWP($K,$a,$tmp2,1));
+	 &mov($tmp2,	-1) if $o <= 0;
+	 # XXX
+	&rotl($a,	$s);
+	&add($a,	$e);
+		}
+	else
+		{
+	 # XXX
+	 &add($a,	$tmp1);
+	&mov($tmp1,	$c);
+	 &sub($tmp2,	$b);
+	&and($tmp1,	$b);
+	 &and($tmp2,	$d);
+	if ($o != 2)
+		{
+	&or($tmp1,	$tmp2);
+	 &mov($tmp2,	&Xv($pos2)) if $o <= 0;
+	 &mov($tmp2,	-1) if $o == 1;
+	&rotl($c,	10);
+	&lea($a,	&DWP($K,$a,$tmp1,1));
+	 &mov($tmp1,	-1) if $o <= 0;
+	 &sub($tmp2,	&Np($c)) if $o == 1;
+		} else {
+	&or($tmp2,	$tmp1);
+	 &mov($tmp1,	&Np($c));
+	&rotl($c,	10);
+	&lea($a,	&DWP($K,$a,$tmp2,1));
+	 &xor($tmp1,	&Np($d));
+		}
+	&rotl($a,	$s);
+	&add($a,	$e);
+		}
+	}
+
+sub RIP3
+	{
+	local($a,$b,$c,$d,$e,$pos,$s,$K,$o,$pos2)=@_;
+
+	&comment($p++);
+	if ($p & 1)
+		{
+#	 &mov($tmp2,	-1) if $o < -1;
+#	&sub($tmp2,	$c) if $o < -1;
+	 &mov($tmp1,	&Xv($pos));
+	&or($tmp2,	$b);
+	 &add($a,	$tmp1);
+	&xor($tmp2,	$d);
+	 &mov($tmp1,	-1) if $o <= 0;		# NEXT
+	 # XXX
+	&rotl($c,	10);
+	&lea($a,	&DWP($K,$a,$tmp2,1));
+	 &sub($tmp1,	&Np($c)) if $o <= 0;	# NEXT
+	 # XXX
+	&rotl($a,	$s);
+	&add($a,	$e);
+		}
+	else
+		{
+	 &mov($tmp2,	&Xv($pos));
+	&or($tmp1,	$b);
+	 &add($a,	$tmp2);
+	&xor($tmp1,	$d);
+	 &mov($tmp2,	-1) if $o <= 0;		# NEXT
+	 &mov($tmp2,	-1) if $o == 1;
+	 &mov($tmp2,	&Xv($pos2)) if $o == 2;
+	&rotl($c,	10);
+	&lea($a,	&DWP($K,$a,$tmp1,1));
+	 &sub($tmp2,	&Np($c)) if $o <= 0;	# NEXT
+	 &mov($tmp1,	&Np($d)) if $o == 1;
+	 &mov($tmp1,	-1) if $o == 2;
+	&rotl($a,	$s);
+	&add($a,	$e);
+		}
+	}
+
+sub RIP4
+	{
+	local($a,$b,$c,$d,$e,$pos,$s,$K,$o)=@_;
+
+	&comment($p++);
+	if ($p & 1)
+		{
+#	 &mov($tmp2,	-1) if $o == -2;
+#	&mov($tmp1,	$d) if $o == -2;
+	 &sub($tmp2,	$d);
+	&and($tmp1,	$b);
+	 &and($tmp2,	$c);
+	&or($tmp2,	$tmp1);
+	 &mov($tmp1,	&Xv($pos));
+	&rotl($c,	10);
+	&lea($a,	&DWP($K,$a,$tmp2));
+	 &mov($tmp2,	-1) unless $o > 0;	# NEXT
+	 # XXX
+	&add($a,	$tmp1);
+	 &mov($tmp1,	&Np($d)) unless $o > 0; # NEXT
+	 # XXX
+	&rotl($a,	$s);
+	&add($a,	$e);
+		}
+	else
+		{
+	 &sub($tmp2,	$d);
+	&and($tmp1,	$b);
+	 &and($tmp2,	$c);
+	&or($tmp2,	$tmp1);
+	 &mov($tmp1,	&Xv($pos));
+	&rotl($c,	10);
+	&lea($a,	&DWP($K,$a,$tmp2));
+	 &mov($tmp2,	-1) if $o == 0;	# NEXT
+	 &mov($tmp2,	-1) if $o == 1;
+	 &mov($tmp2,	-1) if $o == 2;
+	 # XXX
+	&add($a,	$tmp1);
+	 &mov($tmp1,	&Np($d)) if $o == 0;	# NEXT
+	 &sub($tmp2,	&Np($d)) if $o == 1;
+	 &sub($tmp2,	&Np($c)) if $o == 2;
+	 # XXX
+	&rotl($a,	$s);
+	&add($a,	$e);
+		}
+	}
+
+sub RIP5
+	{
+	local($a,$b,$c,$d,$e,$pos,$s,$K,$o)=@_;
+
+	&comment($p++);
+	if ($p & 1)
+		{
+	 &mov($tmp2,	-1) if $o == -2;
+	&sub($tmp2,	$d) if $o == -2;
+	 &mov($tmp1,	&Xv($pos));
+	&or($tmp2,	$c);
+	 &add($a,	$tmp1);
+	&xor($tmp2,	$b);
+	 &mov($tmp1,	-1) if $o <= 0;
+	 # XXX
+	&rotl($c,	10);
+	&lea($a,	&DWP($K,$a,$tmp2,1));
+	 &sub($tmp1,	&Np($d)) if $o <= 0;
+	 # XXX
+	&rotl($a,	$s);
+	&add($a,	$e);
+		}
+	else
+		{
+	 &mov($tmp2,	&Xv($pos));
+	&or($tmp1,	$c);
+	 &add($a,	$tmp2);
+	&xor($tmp1,	$b);
+	 &mov($tmp2,	-1) if $o <= 0;
+	 &mov($tmp2,	&wparam(0)) if $o == 1;	# Middle code
+	 &mov($tmp2,	-1) if $o == 2;
+	&rotl($c,	10);
+	&lea($a,	&DWP($K,$a,$tmp1,1));
+	 &sub($tmp2,	&Np($d)) if $o <= 0;
+	 &mov(&swtmp(1+16),	$A) if $o == 1;
+	 &mov($tmp1,	&Np($d)) if $o == 2;
+	&rotl($a,	$s);
+	&add($a,	$e);
+		}
+	}
+
+sub ripemd160_block
+	{
+	local($name)=@_;
+
+	&function_begin_B($name,"",3);
+
+	# parameter 1 is the RIPEMD160_CTX structure.
+	# A	0
+	# B	4
+	# C	8
+	# D 	12
+	# E 	16
+
+	&push("esi");
+	 &mov($C,	&wparam(2));
+	&push("edi");
+	 &mov($tmp1,	&wparam(1)); # edi
+	&push("ebp");
+	 &add($C,	$tmp1); # offset we end at
+	&push("ebx");
+	 &sub($C,	64);
+	&stack_push(16+5+1);
+	 # XXX
+
+	&mov(&swtmp(0),	$C);
+	 &mov($tmp2,	&wparam(0)); # Done at end of loop
+
+	&set_label("start") unless $normal;
+	&comment("");
+
+	# &mov($tmp1,	&wparam(1)); # Done at end of loop
+	# &mov($tmp2,	&wparam(0)); # Done at end of loop
+
+	for ($z=0; $z<16; $z+=2)
+		{
+		&mov($A,		&DWP( $z*4,$tmp1,"",0));
+		 &mov($B,		&DWP( ($z+1)*4,$tmp1,"",0));
+		&mov(&swtmp(1+$z),	$A);
+		 &mov(&swtmp(1+$z+1),	$B);
+		}
+	&add($tmp1,	64);
+	 &mov($A,	&DWP( 0,$tmp2,"",0));
+	&mov(&wparam(1),$tmp1);
+	 &mov($B,	&DWP( 4,$tmp2,"",0));
+	&mov($C,	&DWP( 8,$tmp2,"",0));
+	 &mov($D,	&DWP(12,$tmp2,"",0));
+	&mov($E,	&DWP(16,$tmp2,"",0));
+
+	&RIP1($A,$B,$C,$D,$E,$wl[ 0],$sl[ 0],-1);
+	&RIP1($E,$A,$B,$C,$D,$wl[ 1],$sl[ 1],0);
+	&RIP1($D,$E,$A,$B,$C,$wl[ 2],$sl[ 2],0);
+	&RIP1($C,$D,$E,$A,$B,$wl[ 3],$sl[ 3],0);
+	&RIP1($B,$C,$D,$E,$A,$wl[ 4],$sl[ 4],0);
+	&RIP1($A,$B,$C,$D,$E,$wl[ 5],$sl[ 5],0);
+	&RIP1($E,$A,$B,$C,$D,$wl[ 6],$sl[ 6],0);
+	&RIP1($D,$E,$A,$B,$C,$wl[ 7],$sl[ 7],0);
+	&RIP1($C,$D,$E,$A,$B,$wl[ 8],$sl[ 8],0);
+	&RIP1($B,$C,$D,$E,$A,$wl[ 9],$sl[ 9],0);
+	&RIP1($A,$B,$C,$D,$E,$wl[10],$sl[10],0);
+	&RIP1($E,$A,$B,$C,$D,$wl[11],$sl[11],0);
+	&RIP1($D,$E,$A,$B,$C,$wl[12],$sl[12],0);
+	&RIP1($C,$D,$E,$A,$B,$wl[13],$sl[13],0);
+	&RIP1($B,$C,$D,$E,$A,$wl[14],$sl[14],0);
+	&RIP1($A,$B,$C,$D,$E,$wl[15],$sl[15],1,$wl[16]);
+
+	&RIP2($E,$A,$B,$C,$D,$wl[16],$wl[17],$sl[16],$KL1,-1);
+	&RIP2($D,$E,$A,$B,$C,$wl[17],$wl[18],$sl[17],$KL1,0);
+	&RIP2($C,$D,$E,$A,$B,$wl[18],$wl[19],$sl[18],$KL1,0);
+	&RIP2($B,$C,$D,$E,$A,$wl[19],$wl[20],$sl[19],$KL1,0);
+	&RIP2($A,$B,$C,$D,$E,$wl[20],$wl[21],$sl[20],$KL1,0);
+	&RIP2($E,$A,$B,$C,$D,$wl[21],$wl[22],$sl[21],$KL1,0);
+	&RIP2($D,$E,$A,$B,$C,$wl[22],$wl[23],$sl[22],$KL1,0);
+	&RIP2($C,$D,$E,$A,$B,$wl[23],$wl[24],$sl[23],$KL1,0);
+	&RIP2($B,$C,$D,$E,$A,$wl[24],$wl[25],$sl[24],$KL1,0);
+	&RIP2($A,$B,$C,$D,$E,$wl[25],$wl[26],$sl[25],$KL1,0);
+	&RIP2($E,$A,$B,$C,$D,$wl[26],$wl[27],$sl[26],$KL1,0);
+	&RIP2($D,$E,$A,$B,$C,$wl[27],$wl[28],$sl[27],$KL1,0);
+	&RIP2($C,$D,$E,$A,$B,$wl[28],$wl[29],$sl[28],$KL1,0);
+	&RIP2($B,$C,$D,$E,$A,$wl[29],$wl[30],$sl[29],$KL1,0);
+	&RIP2($A,$B,$C,$D,$E,$wl[30],$wl[31],$sl[30],$KL1,0);
+	&RIP2($E,$A,$B,$C,$D,$wl[31],$wl[32],$sl[31],$KL1,1);
+
+	&RIP3($D,$E,$A,$B,$C,$wl[32],$sl[32],$KL2,-1);
+	&RIP3($C,$D,$E,$A,$B,$wl[33],$sl[33],$KL2,0);
+	&RIP3($B,$C,$D,$E,$A,$wl[34],$sl[34],$KL2,0);
+	&RIP3($A,$B,$C,$D,$E,$wl[35],$sl[35],$KL2,0);
+	&RIP3($E,$A,$B,$C,$D,$wl[36],$sl[36],$KL2,0);
+	&RIP3($D,$E,$A,$B,$C,$wl[37],$sl[37],$KL2,0);
+	&RIP3($C,$D,$E,$A,$B,$wl[38],$sl[38],$KL2,0);
+	&RIP3($B,$C,$D,$E,$A,$wl[39],$sl[39],$KL2,0);
+	&RIP3($A,$B,$C,$D,$E,$wl[40],$sl[40],$KL2,0);
+	&RIP3($E,$A,$B,$C,$D,$wl[41],$sl[41],$KL2,0);
+	&RIP3($D,$E,$A,$B,$C,$wl[42],$sl[42],$KL2,0);
+	&RIP3($C,$D,$E,$A,$B,$wl[43],$sl[43],$KL2,0);
+	&RIP3($B,$C,$D,$E,$A,$wl[44],$sl[44],$KL2,0);
+	&RIP3($A,$B,$C,$D,$E,$wl[45],$sl[45],$KL2,0);
+	&RIP3($E,$A,$B,$C,$D,$wl[46],$sl[46],$KL2,0);
+	&RIP3($D,$E,$A,$B,$C,$wl[47],$sl[47],$KL2,1);
+
+	&RIP4($C,$D,$E,$A,$B,$wl[48],$sl[48],$KL3,-1);
+	&RIP4($B,$C,$D,$E,$A,$wl[49],$sl[49],$KL3,0);
+	&RIP4($A,$B,$C,$D,$E,$wl[50],$sl[50],$KL3,0);
+	&RIP4($E,$A,$B,$C,$D,$wl[51],$sl[51],$KL3,0);
+	&RIP4($D,$E,$A,$B,$C,$wl[52],$sl[52],$KL3,0);
+	&RIP4($C,$D,$E,$A,$B,$wl[53],$sl[53],$KL3,0);
+	&RIP4($B,$C,$D,$E,$A,$wl[54],$sl[54],$KL3,0);
+	&RIP4($A,$B,$C,$D,$E,$wl[55],$sl[55],$KL3,0);
+	&RIP4($E,$A,$B,$C,$D,$wl[56],$sl[56],$KL3,0);
+	&RIP4($D,$E,$A,$B,$C,$wl[57],$sl[57],$KL3,0);
+	&RIP4($C,$D,$E,$A,$B,$wl[58],$sl[58],$KL3,0);
+	&RIP4($B,$C,$D,$E,$A,$wl[59],$sl[59],$KL3,0);
+	&RIP4($A,$B,$C,$D,$E,$wl[60],$sl[60],$KL3,0);
+	&RIP4($E,$A,$B,$C,$D,$wl[61],$sl[61],$KL3,0);
+	&RIP4($D,$E,$A,$B,$C,$wl[62],$sl[62],$KL3,0);
+	&RIP4($C,$D,$E,$A,$B,$wl[63],$sl[63],$KL3,1);
+
+	&RIP5($B,$C,$D,$E,$A,$wl[64],$sl[64],$KL4,-1);
+	&RIP5($A,$B,$C,$D,$E,$wl[65],$sl[65],$KL4,0);
+	&RIP5($E,$A,$B,$C,$D,$wl[66],$sl[66],$KL4,0);
+	&RIP5($D,$E,$A,$B,$C,$wl[67],$sl[67],$KL4,0);
+	&RIP5($C,$D,$E,$A,$B,$wl[68],$sl[68],$KL4,0);
+	&RIP5($B,$C,$D,$E,$A,$wl[69],$sl[69],$KL4,0);
+	&RIP5($A,$B,$C,$D,$E,$wl[70],$sl[70],$KL4,0);
+	&RIP5($E,$A,$B,$C,$D,$wl[71],$sl[71],$KL4,0);
+	&RIP5($D,$E,$A,$B,$C,$wl[72],$sl[72],$KL4,0);
+	&RIP5($C,$D,$E,$A,$B,$wl[73],$sl[73],$KL4,0);
+	&RIP5($B,$C,$D,$E,$A,$wl[74],$sl[74],$KL4,0);
+	&RIP5($A,$B,$C,$D,$E,$wl[75],$sl[75],$KL4,0);
+	&RIP5($E,$A,$B,$C,$D,$wl[76],$sl[76],$KL4,0);
+	&RIP5($D,$E,$A,$B,$C,$wl[77],$sl[77],$KL4,0);
+	&RIP5($C,$D,$E,$A,$B,$wl[78],$sl[78],$KL4,0);
+	&RIP5($B,$C,$D,$E,$A,$wl[79],$sl[79],$KL4,1);
+
+	# &mov($tmp2,	&wparam(0)); # moved into last RIP5
+	# &mov(&swtmp(1+16),	$A);
+	 &mov($A,	&DWP( 0,$tmp2,"",0));
+	&mov(&swtmp(1+17),	$B);
+	 &mov(&swtmp(1+18),	$C);
+	&mov($B,	&DWP( 4,$tmp2,"",0));
+	 &mov(&swtmp(1+19),	$D);
+	&mov($C,	&DWP( 8,$tmp2,"",0));
+	 &mov(&swtmp(1+20),	$E);
+	&mov($D,	&DWP(12,$tmp2,"",0));
+	 &mov($E,	&DWP(16,$tmp2,"",0));
+
+	&RIP5($A,$B,$C,$D,$E,$wr[ 0],$sr[ 0],$KR0,-2);
+	&RIP5($E,$A,$B,$C,$D,$wr[ 1],$sr[ 1],$KR0,0);
+	&RIP5($D,$E,$A,$B,$C,$wr[ 2],$sr[ 2],$KR0,0);
+	&RIP5($C,$D,$E,$A,$B,$wr[ 3],$sr[ 3],$KR0,0);
+	&RIP5($B,$C,$D,$E,$A,$wr[ 4],$sr[ 4],$KR0,0);
+	&RIP5($A,$B,$C,$D,$E,$wr[ 5],$sr[ 5],$KR0,0);
+	&RIP5($E,$A,$B,$C,$D,$wr[ 6],$sr[ 6],$KR0,0);
+	&RIP5($D,$E,$A,$B,$C,$wr[ 7],$sr[ 7],$KR0,0);
+	&RIP5($C,$D,$E,$A,$B,$wr[ 8],$sr[ 8],$KR0,0);
+	&RIP5($B,$C,$D,$E,$A,$wr[ 9],$sr[ 9],$KR0,0);
+	&RIP5($A,$B,$C,$D,$E,$wr[10],$sr[10],$KR0,0);
+	&RIP5($E,$A,$B,$C,$D,$wr[11],$sr[11],$KR0,0);
+	&RIP5($D,$E,$A,$B,$C,$wr[12],$sr[12],$KR0,0);
+	&RIP5($C,$D,$E,$A,$B,$wr[13],$sr[13],$KR0,0);
+	&RIP5($B,$C,$D,$E,$A,$wr[14],$sr[14],$KR0,0);
+	&RIP5($A,$B,$C,$D,$E,$wr[15],$sr[15],$KR0,2);
+
+	&RIP4($E,$A,$B,$C,$D,$wr[16],$sr[16],$KR1,-2);
+	&RIP4($D,$E,$A,$B,$C,$wr[17],$sr[17],$KR1,0);
+	&RIP4($C,$D,$E,$A,$B,$wr[18],$sr[18],$KR1,0);
+	&RIP4($B,$C,$D,$E,$A,$wr[19],$sr[19],$KR1,0);
+	&RIP4($A,$B,$C,$D,$E,$wr[20],$sr[20],$KR1,0);
+	&RIP4($E,$A,$B,$C,$D,$wr[21],$sr[21],$KR1,0);
+	&RIP4($D,$E,$A,$B,$C,$wr[22],$sr[22],$KR1,0);
+	&RIP4($C,$D,$E,$A,$B,$wr[23],$sr[23],$KR1,0);
+	&RIP4($B,$C,$D,$E,$A,$wr[24],$sr[24],$KR1,0);
+	&RIP4($A,$B,$C,$D,$E,$wr[25],$sr[25],$KR1,0);
+	&RIP4($E,$A,$B,$C,$D,$wr[26],$sr[26],$KR1,0);
+	&RIP4($D,$E,$A,$B,$C,$wr[27],$sr[27],$KR1,0);
+	&RIP4($C,$D,$E,$A,$B,$wr[28],$sr[28],$KR1,0);
+	&RIP4($B,$C,$D,$E,$A,$wr[29],$sr[29],$KR1,0);
+	&RIP4($A,$B,$C,$D,$E,$wr[30],$sr[30],$KR1,0);
+	&RIP4($E,$A,$B,$C,$D,$wr[31],$sr[31],$KR1,2);
+
+	&RIP3($D,$E,$A,$B,$C,$wr[32],$sr[32],$KR2,-2);
+	&RIP3($C,$D,$E,$A,$B,$wr[33],$sr[33],$KR2,0);
+	&RIP3($B,$C,$D,$E,$A,$wr[34],$sr[34],$KR2,0);
+	&RIP3($A,$B,$C,$D,$E,$wr[35],$sr[35],$KR2,0);
+	&RIP3($E,$A,$B,$C,$D,$wr[36],$sr[36],$KR2,0);
+	&RIP3($D,$E,$A,$B,$C,$wr[37],$sr[37],$KR2,0);
+	&RIP3($C,$D,$E,$A,$B,$wr[38],$sr[38],$KR2,0);
+	&RIP3($B,$C,$D,$E,$A,$wr[39],$sr[39],$KR2,0);
+	&RIP3($A,$B,$C,$D,$E,$wr[40],$sr[40],$KR2,0);
+	&RIP3($E,$A,$B,$C,$D,$wr[41],$sr[41],$KR2,0);
+	&RIP3($D,$E,$A,$B,$C,$wr[42],$sr[42],$KR2,0);
+	&RIP3($C,$D,$E,$A,$B,$wr[43],$sr[43],$KR2,0);
+	&RIP3($B,$C,$D,$E,$A,$wr[44],$sr[44],$KR2,0);
+	&RIP3($A,$B,$C,$D,$E,$wr[45],$sr[45],$KR2,0);
+	&RIP3($E,$A,$B,$C,$D,$wr[46],$sr[46],$KR2,0);
+	&RIP3($D,$E,$A,$B,$C,$wr[47],$sr[47],$KR2,2,$wr[48]);
+
+	&RIP2($C,$D,$E,$A,$B,$wr[48],$wr[49],$sr[48],$KR3,-2);
+	&RIP2($B,$C,$D,$E,$A,$wr[49],$wr[50],$sr[49],$KR3,0);
+	&RIP2($A,$B,$C,$D,$E,$wr[50],$wr[51],$sr[50],$KR3,0);
+	&RIP2($E,$A,$B,$C,$D,$wr[51],$wr[52],$sr[51],$KR3,0);
+	&RIP2($D,$E,$A,$B,$C,$wr[52],$wr[53],$sr[52],$KR3,0);
+	&RIP2($C,$D,$E,$A,$B,$wr[53],$wr[54],$sr[53],$KR3,0);
+	&RIP2($B,$C,$D,$E,$A,$wr[54],$wr[55],$sr[54],$KR3,0);
+	&RIP2($A,$B,$C,$D,$E,$wr[55],$wr[56],$sr[55],$KR3,0);
+	&RIP2($E,$A,$B,$C,$D,$wr[56],$wr[57],$sr[56],$KR3,0);
+	&RIP2($D,$E,$A,$B,$C,$wr[57],$wr[58],$sr[57],$KR3,0);
+	&RIP2($C,$D,$E,$A,$B,$wr[58],$wr[59],$sr[58],$KR3,0);
+	&RIP2($B,$C,$D,$E,$A,$wr[59],$wr[60],$sr[59],$KR3,0);
+	&RIP2($A,$B,$C,$D,$E,$wr[60],$wr[61],$sr[60],$KR3,0);
+	&RIP2($E,$A,$B,$C,$D,$wr[61],$wr[62],$sr[61],$KR3,0);
+	&RIP2($D,$E,$A,$B,$C,$wr[62],$wr[63],$sr[62],$KR3,0);
+	&RIP2($C,$D,$E,$A,$B,$wr[63],$wr[64],$sr[63],$KR3,2);
+
+	&RIP1($B,$C,$D,$E,$A,$wr[64],$sr[64],-2);
+	&RIP1($A,$B,$C,$D,$E,$wr[65],$sr[65],0);
+	&RIP1($E,$A,$B,$C,$D,$wr[66],$sr[66],0);
+	&RIP1($D,$E,$A,$B,$C,$wr[67],$sr[67],0);
+	&RIP1($C,$D,$E,$A,$B,$wr[68],$sr[68],0);
+	&RIP1($B,$C,$D,$E,$A,$wr[69],$sr[69],0);
+	&RIP1($A,$B,$C,$D,$E,$wr[70],$sr[70],0);
+	&RIP1($E,$A,$B,$C,$D,$wr[71],$sr[71],0);
+	&RIP1($D,$E,$A,$B,$C,$wr[72],$sr[72],0);
+	&RIP1($C,$D,$E,$A,$B,$wr[73],$sr[73],0);
+	&RIP1($B,$C,$D,$E,$A,$wr[74],$sr[74],0);
+	&RIP1($A,$B,$C,$D,$E,$wr[75],$sr[75],0);
+	&RIP1($E,$A,$B,$C,$D,$wr[76],$sr[76],0);
+	&RIP1($D,$E,$A,$B,$C,$wr[77],$sr[77],0);
+	&RIP1($C,$D,$E,$A,$B,$wr[78],$sr[78],0);
+	&RIP1($B,$C,$D,$E,$A,$wr[79],$sr[79],2);
+
+	# &mov($tmp2,	&wparam(0)); # Moved into last round
+
+	 &mov($tmp1,	&DWP( 4,$tmp2,"",0));	# ctx->B
+ 	&add($D,	$tmp1);	
+	 &mov($tmp1,	&swtmp(1+18));		# $c
+	&add($D,	$tmp1);
+
+	 &mov($tmp1,	&DWP( 8,$tmp2,"",0));	# ctx->C
+	&add($E,	$tmp1);	
+	 &mov($tmp1,	&swtmp(1+19));		# $d
+	&add($E,	$tmp1);
+
+	 &mov($tmp1,	&DWP(12,$tmp2,"",0));	# ctx->D
+	&add($A,	$tmp1);	
+	 &mov($tmp1,	&swtmp(1+20));		# $e
+	&add($A,	$tmp1);
+
+
+	 &mov($tmp1,	&DWP(16,$tmp2,"",0));	# ctx->E
+	&add($B,	$tmp1);	
+	 &mov($tmp1,	&swtmp(1+16));		# $a
+	&add($B,	$tmp1);
+
+	 &mov($tmp1,	&DWP( 0,$tmp2,"",0));	# ctx->A
+	&add($C,	$tmp1);	
+	 &mov($tmp1,	&swtmp(1+17));		# $b
+	&add($C,	$tmp1);
+
+	&mov(&DWP( 0,$tmp2,"",0),	$D);
+	 &mov(&DWP( 4,$tmp2,"",0),	$E);
+	&mov(&DWP( 8,$tmp2,"",0),	$A);
+	 &mov(&DWP(12,$tmp2,"",0),	$B);
+	&mov(&DWP(16,$tmp2,"",0),	$C);
+
+	&mov($tmp2,		&swtmp(0));
+	 &mov($tmp1,		&wparam(1));
+
+	&cmp($tmp2,$tmp1);
+	 &mov($tmp2,	&wparam(0));
+
+	# XXX
+	 &jge(&label("start"));
+
+	&stack_pop(16+5+1);
+
+	&pop("ebx");
+	&pop("ebp");
+	&pop("edi");
+	&pop("esi");
+	&ret();
+	&function_end_B($name);
+	}
+
diff --git a/crypto/openssl/crypto/ripemd/ripemd.h b/crypto/openssl/crypto/ripemd/ripemd.h
new file mode 100644
index 000000000000..ab76be4c3324
--- /dev/null
+++ b/crypto/openssl/crypto/ripemd/ripemd.h
@@ -0,0 +1,94 @@
+/* crypto/ripemd/ripemd.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_RIPEMD_H
+#define HEADER_RIPEMD_H
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#ifdef NO_RIPEMD
+#error RIPEMD is disabled.
+#endif
+
+#define RIPEMD160_CBLOCK	64
+#define RIPEMD160_LBLOCK	16
+#define RIPEMD160_BLOCK		16
+#define RIPEMD160_LAST_BLOCK	56
+#define RIPEMD160_LENGTH_BLOCK	8
+#define RIPEMD160_DIGEST_LENGTH	20
+
+typedef struct RIPEMD160state_st
+	{
+	unsigned long A,B,C,D,E;
+	unsigned long Nl,Nh;
+	unsigned long data[RIPEMD160_LBLOCK];
+	int num;
+	} RIPEMD160_CTX;
+
+void RIPEMD160_Init(RIPEMD160_CTX *c);
+void RIPEMD160_Update(RIPEMD160_CTX *c, unsigned char *data, unsigned long len);
+void RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c);
+unsigned char *RIPEMD160(unsigned char *d, unsigned long n, unsigned char *md);
+void RIPEMD160_Transform(RIPEMD160_CTX *c, unsigned char *b);
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
diff --git a/crypto/openssl/crypto/ripemd/rmd160.c b/crypto/openssl/crypto/ripemd/rmd160.c
new file mode 100644
index 000000000000..4f8b88a18ac1
--- /dev/null
+++ b/crypto/openssl/crypto/ripemd/rmd160.c
@@ -0,0 +1,127 @@
+/* crypto/ripemd/rmd160.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+
+#define BUFSIZE	1024*16
+
+void do_fp(FILE *f);
+void pt(unsigned char *md);
+#ifndef _OSD_POSIX
+int read(int, void *, unsigned int);
+#endif
+
+int main(int argc, char **argv)
+	{
+	int i,err=0;
+	FILE *IN;
+
+	if (argc == 1)
+		{
+		do_fp(stdin);
+		}
+	else
+		{
+		for (i=1; i
+#include "rmd_locl.h"
+#include 
+
+char *RMD160_version="RIPE-MD160" OPENSSL_VERSION_PTEXT;
+
+#  ifdef RMD160_ASM
+     void ripemd160_block_x86(RIPEMD160_CTX *c, unsigned long *p,int num);
+#    define ripemd160_block ripemd160_block_x86
+#  else
+     void ripemd160_block(RIPEMD160_CTX *c, unsigned long *p,int num);
+#  endif
+void RIPEMD160_Init(RIPEMD160_CTX *c)
+	{
+	c->A=RIPEMD160_A;
+	c->B=RIPEMD160_B;
+	c->C=RIPEMD160_C;
+	c->D=RIPEMD160_D;
+	c->E=RIPEMD160_E;
+	c->Nl=0;
+	c->Nh=0;
+	c->num=0;
+	}
+
+void RIPEMD160_Update(RIPEMD160_CTX *c, register unsigned char *data,
+	     unsigned long len)
+	{
+	register ULONG *p;
+	int sw,sc;
+	ULONG l;
+
+	if (len == 0) return;
+
+	l=(c->Nl+(len<<3))&0xffffffffL;
+	if (l < c->Nl) /* overflow */
+		c->Nh++;
+	c->Nh+=(len>>29);
+	c->Nl=l;
+
+	if (c->num != 0)
+		{
+		p=c->data;
+		sw=c->num>>2;
+		sc=c->num&0x03;
+
+		if ((c->num+len) >= RIPEMD160_CBLOCK)
+			{
+			l= p[sw];
+			p_c2l(data,l,sc);
+			p[sw++]=l;
+			for (; swnum);
+
+			ripemd160_block(c,p,64);
+			c->num=0;
+			/* drop through and do the rest */
+			}
+		else
+			{
+			int ew,ec;
+
+			c->num+=(int)len;
+			if ((sc+len) < 4) /* ugly, add char's to a word */
+				{
+				l= p[sw];
+				p_c2l_p(data,l,sc,len);
+				p[sw]=l;
+				}
+			else
+				{
+				ew=(c->num>>2);
+				ec=(c->num&0x03);
+				l= p[sw];
+				p_c2l(data,l,sc);
+				p[sw++]=l;
+				for (; sw < ew; sw++)
+					{ c2l(data,l); p[sw]=l; }
+				if (ec)
+					{
+					c2l_p(data,l,ec);
+					p[sw]=l;
+					}
+				}
+			return;
+			}
+		}
+	/* we now can process the input data in blocks of RIPEMD160_CBLOCK
+	 * chars and save the leftovers to c->data. */
+#ifdef L_ENDIAN
+	if ((((unsigned long)data)%sizeof(ULONG)) == 0)
+		{
+		sw=(int)len/RIPEMD160_CBLOCK;
+		if (sw > 0)
+			{
+			sw*=RIPEMD160_CBLOCK;
+			ripemd160_block(c,(ULONG *)data,sw);
+			data+=sw;
+			len-=sw;
+			}
+		}
+#endif
+	p=c->data;
+	while (len >= RIPEMD160_CBLOCK)
+		{
+#if defined(L_ENDIAN) || defined(B_ENDIAN)
+		if (p != (unsigned long *)data)
+			memcpy(p,data,RIPEMD160_CBLOCK);
+		data+=RIPEMD160_CBLOCK;
+#ifdef B_ENDIAN
+		for (sw=(RIPEMD160_LBLOCK/4); sw; sw--)
+			{
+			Endian_Reverse32(p[0]);
+			Endian_Reverse32(p[1]);
+			Endian_Reverse32(p[2]);
+			Endian_Reverse32(p[3]);
+			p+=4;
+			}
+#endif
+#else
+		for (sw=(RIPEMD160_LBLOCK/4); sw; sw--)
+			{
+			c2l(data,l); *(p++)=l;
+			c2l(data,l); *(p++)=l;
+			c2l(data,l); *(p++)=l;
+			c2l(data,l); *(p++)=l; 
+			} 
+#endif
+		p=c->data;
+		ripemd160_block(c,p,64);
+		len-=RIPEMD160_CBLOCK;
+		}
+	sc=(int)len;
+	c->num=sc;
+	if (sc)
+		{
+		sw=sc>>2;	/* words to copy */
+#ifdef L_ENDIAN
+		p[sw]=0;
+		memcpy(p,data,sc);
+#else
+		sc&=0x03;
+		for ( ; sw; sw--)
+			{ c2l(data,l); *(p++)=l; }
+		c2l_p(data,l,sc);
+		*p=l;
+#endif
+		}
+	}
+
+void RIPEMD160_Transform(RIPEMD160_CTX *c, unsigned char *b)
+	{
+	ULONG p[16];
+#if !defined(L_ENDIAN)
+	ULONG *q;
+	int i;
+#endif
+
+#if defined(B_ENDIAN) || defined(L_ENDIAN)
+	memcpy(p,b,64);
+#ifdef B_ENDIAN
+	q=p;
+	for (i=(RIPEMD160_LBLOCK/4); i; i--)
+		{
+		Endian_Reverse32(q[0]);
+		Endian_Reverse32(q[1]);
+		Endian_Reverse32(q[2]);
+		Endian_Reverse32(q[3]);
+		q+=4;
+		}
+#endif
+#else
+	q=p;
+	for (i=(RIPEMD160_LBLOCK/4); i; i--)
+		{
+		ULONG l;
+		c2l(b,l); *(q++)=l;
+		c2l(b,l); *(q++)=l;
+		c2l(b,l); *(q++)=l;
+		c2l(b,l); *(q++)=l; 
+		} 
+#endif
+	ripemd160_block(c,p,64);
+	}
+
+#ifndef RMD160_ASM
+
+void ripemd160_block(RIPEMD160_CTX *ctx, register ULONG *X, int num)
+	{
+	register ULONG A,B,C,D,E;
+	ULONG a,b,c,d,e;
+
+	for (;;)
+		{
+		A=ctx->A; B=ctx->B; C=ctx->C; D=ctx->D; E=ctx->E;
+
+	RIP1(A,B,C,D,E,WL00,SL00);
+	RIP1(E,A,B,C,D,WL01,SL01);
+	RIP1(D,E,A,B,C,WL02,SL02);
+	RIP1(C,D,E,A,B,WL03,SL03);
+	RIP1(B,C,D,E,A,WL04,SL04);
+	RIP1(A,B,C,D,E,WL05,SL05);
+	RIP1(E,A,B,C,D,WL06,SL06);
+	RIP1(D,E,A,B,C,WL07,SL07);
+	RIP1(C,D,E,A,B,WL08,SL08);
+	RIP1(B,C,D,E,A,WL09,SL09);
+	RIP1(A,B,C,D,E,WL10,SL10);
+	RIP1(E,A,B,C,D,WL11,SL11);
+	RIP1(D,E,A,B,C,WL12,SL12);
+	RIP1(C,D,E,A,B,WL13,SL13);
+	RIP1(B,C,D,E,A,WL14,SL14);
+	RIP1(A,B,C,D,E,WL15,SL15);
+
+	RIP2(E,A,B,C,D,WL16,SL16,KL1);
+	RIP2(D,E,A,B,C,WL17,SL17,KL1);
+	RIP2(C,D,E,A,B,WL18,SL18,KL1);
+	RIP2(B,C,D,E,A,WL19,SL19,KL1);
+	RIP2(A,B,C,D,E,WL20,SL20,KL1);
+	RIP2(E,A,B,C,D,WL21,SL21,KL1);
+	RIP2(D,E,A,B,C,WL22,SL22,KL1);
+	RIP2(C,D,E,A,B,WL23,SL23,KL1);
+	RIP2(B,C,D,E,A,WL24,SL24,KL1);
+	RIP2(A,B,C,D,E,WL25,SL25,KL1);
+	RIP2(E,A,B,C,D,WL26,SL26,KL1);
+	RIP2(D,E,A,B,C,WL27,SL27,KL1);
+	RIP2(C,D,E,A,B,WL28,SL28,KL1);
+	RIP2(B,C,D,E,A,WL29,SL29,KL1);
+	RIP2(A,B,C,D,E,WL30,SL30,KL1);
+	RIP2(E,A,B,C,D,WL31,SL31,KL1);
+
+	RIP3(D,E,A,B,C,WL32,SL32,KL2);
+	RIP3(C,D,E,A,B,WL33,SL33,KL2);
+	RIP3(B,C,D,E,A,WL34,SL34,KL2);
+	RIP3(A,B,C,D,E,WL35,SL35,KL2);
+	RIP3(E,A,B,C,D,WL36,SL36,KL2);
+	RIP3(D,E,A,B,C,WL37,SL37,KL2);
+	RIP3(C,D,E,A,B,WL38,SL38,KL2);
+	RIP3(B,C,D,E,A,WL39,SL39,KL2);
+	RIP3(A,B,C,D,E,WL40,SL40,KL2);
+	RIP3(E,A,B,C,D,WL41,SL41,KL2);
+	RIP3(D,E,A,B,C,WL42,SL42,KL2);
+	RIP3(C,D,E,A,B,WL43,SL43,KL2);
+	RIP3(B,C,D,E,A,WL44,SL44,KL2);
+	RIP3(A,B,C,D,E,WL45,SL45,KL2);
+	RIP3(E,A,B,C,D,WL46,SL46,KL2);
+	RIP3(D,E,A,B,C,WL47,SL47,KL2);
+
+	RIP4(C,D,E,A,B,WL48,SL48,KL3);
+	RIP4(B,C,D,E,A,WL49,SL49,KL3);
+	RIP4(A,B,C,D,E,WL50,SL50,KL3);
+	RIP4(E,A,B,C,D,WL51,SL51,KL3);
+	RIP4(D,E,A,B,C,WL52,SL52,KL3);
+	RIP4(C,D,E,A,B,WL53,SL53,KL3);
+	RIP4(B,C,D,E,A,WL54,SL54,KL3);
+	RIP4(A,B,C,D,E,WL55,SL55,KL3);
+	RIP4(E,A,B,C,D,WL56,SL56,KL3);
+	RIP4(D,E,A,B,C,WL57,SL57,KL3);
+	RIP4(C,D,E,A,B,WL58,SL58,KL3);
+	RIP4(B,C,D,E,A,WL59,SL59,KL3);
+	RIP4(A,B,C,D,E,WL60,SL60,KL3);
+	RIP4(E,A,B,C,D,WL61,SL61,KL3);
+	RIP4(D,E,A,B,C,WL62,SL62,KL3);
+	RIP4(C,D,E,A,B,WL63,SL63,KL3);
+
+	RIP5(B,C,D,E,A,WL64,SL64,KL4);
+	RIP5(A,B,C,D,E,WL65,SL65,KL4);
+	RIP5(E,A,B,C,D,WL66,SL66,KL4);
+	RIP5(D,E,A,B,C,WL67,SL67,KL4);
+	RIP5(C,D,E,A,B,WL68,SL68,KL4);
+	RIP5(B,C,D,E,A,WL69,SL69,KL4);
+	RIP5(A,B,C,D,E,WL70,SL70,KL4);
+	RIP5(E,A,B,C,D,WL71,SL71,KL4);
+	RIP5(D,E,A,B,C,WL72,SL72,KL4);
+	RIP5(C,D,E,A,B,WL73,SL73,KL4);
+	RIP5(B,C,D,E,A,WL74,SL74,KL4);
+	RIP5(A,B,C,D,E,WL75,SL75,KL4);
+	RIP5(E,A,B,C,D,WL76,SL76,KL4);
+	RIP5(D,E,A,B,C,WL77,SL77,KL4);
+	RIP5(C,D,E,A,B,WL78,SL78,KL4);
+	RIP5(B,C,D,E,A,WL79,SL79,KL4);
+
+	a=A; b=B; c=C; d=D; e=E;
+	/* Do other half */
+	A=ctx->A; B=ctx->B; C=ctx->C; D=ctx->D; E=ctx->E;
+
+	RIP5(A,B,C,D,E,WR00,SR00,KR0);
+	RIP5(E,A,B,C,D,WR01,SR01,KR0);
+	RIP5(D,E,A,B,C,WR02,SR02,KR0);
+	RIP5(C,D,E,A,B,WR03,SR03,KR0);
+	RIP5(B,C,D,E,A,WR04,SR04,KR0);
+	RIP5(A,B,C,D,E,WR05,SR05,KR0);
+	RIP5(E,A,B,C,D,WR06,SR06,KR0);
+	RIP5(D,E,A,B,C,WR07,SR07,KR0);
+	RIP5(C,D,E,A,B,WR08,SR08,KR0);
+	RIP5(B,C,D,E,A,WR09,SR09,KR0);
+	RIP5(A,B,C,D,E,WR10,SR10,KR0);
+	RIP5(E,A,B,C,D,WR11,SR11,KR0);
+	RIP5(D,E,A,B,C,WR12,SR12,KR0);
+	RIP5(C,D,E,A,B,WR13,SR13,KR0);
+	RIP5(B,C,D,E,A,WR14,SR14,KR0);
+	RIP5(A,B,C,D,E,WR15,SR15,KR0);
+
+	RIP4(E,A,B,C,D,WR16,SR16,KR1);
+	RIP4(D,E,A,B,C,WR17,SR17,KR1);
+	RIP4(C,D,E,A,B,WR18,SR18,KR1);
+	RIP4(B,C,D,E,A,WR19,SR19,KR1);
+	RIP4(A,B,C,D,E,WR20,SR20,KR1);
+	RIP4(E,A,B,C,D,WR21,SR21,KR1);
+	RIP4(D,E,A,B,C,WR22,SR22,KR1);
+	RIP4(C,D,E,A,B,WR23,SR23,KR1);
+	RIP4(B,C,D,E,A,WR24,SR24,KR1);
+	RIP4(A,B,C,D,E,WR25,SR25,KR1);
+	RIP4(E,A,B,C,D,WR26,SR26,KR1);
+	RIP4(D,E,A,B,C,WR27,SR27,KR1);
+	RIP4(C,D,E,A,B,WR28,SR28,KR1);
+	RIP4(B,C,D,E,A,WR29,SR29,KR1);
+	RIP4(A,B,C,D,E,WR30,SR30,KR1);
+	RIP4(E,A,B,C,D,WR31,SR31,KR1);
+
+	RIP3(D,E,A,B,C,WR32,SR32,KR2);
+	RIP3(C,D,E,A,B,WR33,SR33,KR2);
+	RIP3(B,C,D,E,A,WR34,SR34,KR2);
+	RIP3(A,B,C,D,E,WR35,SR35,KR2);
+	RIP3(E,A,B,C,D,WR36,SR36,KR2);
+	RIP3(D,E,A,B,C,WR37,SR37,KR2);
+	RIP3(C,D,E,A,B,WR38,SR38,KR2);
+	RIP3(B,C,D,E,A,WR39,SR39,KR2);
+	RIP3(A,B,C,D,E,WR40,SR40,KR2);
+	RIP3(E,A,B,C,D,WR41,SR41,KR2);
+	RIP3(D,E,A,B,C,WR42,SR42,KR2);
+	RIP3(C,D,E,A,B,WR43,SR43,KR2);
+	RIP3(B,C,D,E,A,WR44,SR44,KR2);
+	RIP3(A,B,C,D,E,WR45,SR45,KR2);
+	RIP3(E,A,B,C,D,WR46,SR46,KR2);
+	RIP3(D,E,A,B,C,WR47,SR47,KR2);
+
+	RIP2(C,D,E,A,B,WR48,SR48,KR3);
+	RIP2(B,C,D,E,A,WR49,SR49,KR3);
+	RIP2(A,B,C,D,E,WR50,SR50,KR3);
+	RIP2(E,A,B,C,D,WR51,SR51,KR3);
+	RIP2(D,E,A,B,C,WR52,SR52,KR3);
+	RIP2(C,D,E,A,B,WR53,SR53,KR3);
+	RIP2(B,C,D,E,A,WR54,SR54,KR3);
+	RIP2(A,B,C,D,E,WR55,SR55,KR3);
+	RIP2(E,A,B,C,D,WR56,SR56,KR3);
+	RIP2(D,E,A,B,C,WR57,SR57,KR3);
+	RIP2(C,D,E,A,B,WR58,SR58,KR3);
+	RIP2(B,C,D,E,A,WR59,SR59,KR3);
+	RIP2(A,B,C,D,E,WR60,SR60,KR3);
+	RIP2(E,A,B,C,D,WR61,SR61,KR3);
+	RIP2(D,E,A,B,C,WR62,SR62,KR3);
+	RIP2(C,D,E,A,B,WR63,SR63,KR3);
+
+	RIP1(B,C,D,E,A,WR64,SR64);
+	RIP1(A,B,C,D,E,WR65,SR65);
+	RIP1(E,A,B,C,D,WR66,SR66);
+	RIP1(D,E,A,B,C,WR67,SR67);
+	RIP1(C,D,E,A,B,WR68,SR68);
+	RIP1(B,C,D,E,A,WR69,SR69);
+	RIP1(A,B,C,D,E,WR70,SR70);
+	RIP1(E,A,B,C,D,WR71,SR71);
+	RIP1(D,E,A,B,C,WR72,SR72);
+	RIP1(C,D,E,A,B,WR73,SR73);
+	RIP1(B,C,D,E,A,WR74,SR74);
+	RIP1(A,B,C,D,E,WR75,SR75);
+	RIP1(E,A,B,C,D,WR76,SR76);
+	RIP1(D,E,A,B,C,WR77,SR77);
+	RIP1(C,D,E,A,B,WR78,SR78);
+	RIP1(B,C,D,E,A,WR79,SR79);
+
+	D     =ctx->B+c+D;
+	ctx->B=ctx->C+d+E;
+	ctx->C=ctx->D+e+A;
+	ctx->D=ctx->E+a+B;
+	ctx->E=ctx->A+b+C;
+	ctx->A=D;
+
+	X+=16;
+	num-=64;
+	if (num <= 0) break;
+		}
+	}
+#endif
+
+void RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c)
+	{
+	register int i,j;
+	register ULONG l;
+	register ULONG *p;
+	static unsigned char end[4]={0x80,0x00,0x00,0x00};
+	unsigned char *cp=end;
+
+	/* c->num should definitly have room for at least one more byte. */
+	p=c->data;
+	j=c->num;
+	i=j>>2;
+
+	/* purify often complains about the following line as an
+	 * Uninitialized Memory Read.  While this can be true, the
+	 * following p_c2l macro will reset l when that case is true.
+	 * This is because j&0x03 contains the number of 'valid' bytes
+	 * already in p[i].  If and only if j&0x03 == 0, the UMR will
+	 * occur but this is also the only time p_c2l will do
+	 * l= *(cp++) instead of l|= *(cp++)
+	 * Many thanks to Alex Tang  for pickup this
+	 * 'potential bug' */
+#ifdef PURIFY
+	if ((j&0x03) == 0) p[i]=0;
+#endif
+	l=p[i];
+	p_c2l(cp,l,j&0x03);
+	p[i]=l;
+	i++;
+	/* i is the next 'undefined word' */
+	if (c->num >= RIPEMD160_LAST_BLOCK)
+		{
+		for (; iNl;
+	p[RIPEMD160_LBLOCK-1]=c->Nh;
+	ripemd160_block(c,p,64);
+	cp=md;
+	l=c->A; l2c(l,cp);
+	l=c->B; l2c(l,cp);
+	l=c->C; l2c(l,cp);
+	l=c->D; l2c(l,cp);
+	l=c->E; l2c(l,cp);
+
+	/* clear stuff, ripemd160_block may be leaving some stuff on the stack
+	 * but I'm not worried :-) */
+	c->num=0;
+/*	memset((char *)&c,0,sizeof(c));*/
+	}
+
+#ifdef undef
+int printit(unsigned long *l)
+	{
+	int i,ii;
+
+	for (i=0; i<2; i++)
+		{
+		for (ii=0; ii<8; ii++)
+			{
+			fprintf(stderr,"%08lx ",l[i*8+ii]);
+			}
+		fprintf(stderr,"\n");
+		}
+	}
+#endif
diff --git a/crypto/openssl/crypto/ripemd/rmd_locl.h b/crypto/openssl/crypto/ripemd/rmd_locl.h
new file mode 100644
index 000000000000..d6ba02001af5
--- /dev/null
+++ b/crypto/openssl/crypto/ripemd/rmd_locl.h
@@ -0,0 +1,222 @@
+/* crypto/ripemd/rmd_locl.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+
+#define ULONG	unsigned long
+#define UCHAR	unsigned char
+#define UINT	unsigned int
+
+#undef c2nl
+#define c2nl(c,l)	(l =(((unsigned long)(*((c)++)))<<24), \
+			 l|=(((unsigned long)(*((c)++)))<<16), \
+			 l|=(((unsigned long)(*((c)++)))<< 8), \
+			 l|=(((unsigned long)(*((c)++)))    ))
+
+#undef p_c2nl
+#define p_c2nl(c,l,n)	{ \
+			switch (n) { \
+			case 0: l =((unsigned long)(*((c)++)))<<24; \
+			case 1: l|=((unsigned long)(*((c)++)))<<16; \
+			case 2: l|=((unsigned long)(*((c)++)))<< 8; \
+			case 3: l|=((unsigned long)(*((c)++))); \
+				} \
+			}
+
+#undef c2nl_p
+/* NOTE the pointer is not incremented at the end of this */
+#define c2nl_p(c,l,n)	{ \
+			l=0; \
+			(c)+=n; \
+			switch (n) { \
+			case 3: l =((unsigned long)(*(--(c))))<< 8; \
+			case 2: l|=((unsigned long)(*(--(c))))<<16; \
+			case 1: l|=((unsigned long)(*(--(c))))<<24; \
+				} \
+			}
+
+#undef p_c2nl_p
+#define p_c2nl_p(c,l,sc,len) { \
+			switch (sc) \
+				{ \
+			case 0: l =((unsigned long)(*((c)++)))<<24; \
+				if (--len == 0) break; \
+			case 1: l|=((unsigned long)(*((c)++)))<<16; \
+				if (--len == 0) break; \
+			case 2: l|=((unsigned long)(*((c)++)))<< 8; \
+				} \
+			}
+
+#undef nl2c
+#define nl2c(l,c)	(*((c)++)=(unsigned char)(((l)>>24)&0xff), \
+			 *((c)++)=(unsigned char)(((l)>>16)&0xff), \
+			 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
+			 *((c)++)=(unsigned char)(((l)    )&0xff))
+
+#undef c2l
+#define c2l(c,l)	(l =(((unsigned long)(*((c)++)))    ), \
+			 l|=(((unsigned long)(*((c)++)))<< 8), \
+			 l|=(((unsigned long)(*((c)++)))<<16), \
+			 l|=(((unsigned long)(*((c)++)))<<24))
+
+#undef p_c2l
+#define p_c2l(c,l,n)	{ \
+			switch (n) { \
+			case 0: l =((unsigned long)(*((c)++))); \
+			case 1: l|=((unsigned long)(*((c)++)))<< 8; \
+			case 2: l|=((unsigned long)(*((c)++)))<<16; \
+			case 3: l|=((unsigned long)(*((c)++)))<<24; \
+				} \
+			}
+
+#undef c2l_p
+/* NOTE the pointer is not incremented at the end of this */
+#define c2l_p(c,l,n)	{ \
+			l=0; \
+			(c)+=n; \
+			switch (n) { \
+			case 3: l =((unsigned long)(*(--(c))))<<16; \
+			case 2: l|=((unsigned long)(*(--(c))))<< 8; \
+			case 1: l|=((unsigned long)(*(--(c)))); \
+				} \
+			}
+
+#undef p_c2l_p
+#define p_c2l_p(c,l,sc,len) { \
+			switch (sc) \
+				{ \
+			case 0: l =((unsigned long)(*((c)++))); \
+				if (--len == 0) break; \
+			case 1: l|=((unsigned long)(*((c)++)))<< 8; \
+				if (--len == 0) break; \
+			case 2: l|=((unsigned long)(*((c)++)))<<16; \
+				} \
+			}
+
+#undef l2c
+#define l2c(l,c)	(*((c)++)=(unsigned char)(((l)    )&0xff), \
+			 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
+			 *((c)++)=(unsigned char)(((l)>>16)&0xff), \
+			 *((c)++)=(unsigned char)(((l)>>24)&0xff))
+
+#undef ROTATE
+#if defined(WIN32)
+#define ROTATE(a,n)     _lrotl(a,n)
+#else
+#define ROTATE(a,n)     (((a)<<(n))|(((a)&0xffffffff)>>(32-(n))))
+#endif
+
+/* A nice byte order reversal from Wei Dai  */
+#if defined(WIN32)
+/* 5 instructions with rotate instruction, else 9 */
+#define Endian_Reverse32(a) \
+	{ \
+	unsigned long l=(a); \
+	(a)=((ROTATE(l,8)&0x00FF00FF)|(ROTATE(l,24)&0xFF00FF00)); \
+	}
+#else
+/* 6 instructions with rotate instruction, else 8 */
+#define Endian_Reverse32(a) \
+	{ \
+	unsigned long l=(a); \
+	l=(((l&0xFF00FF00)>>8L)|((l&0x00FF00FF)<<8L)); \
+	(a)=ROTATE(l,16L); \
+	}
+#endif
+
+#define F1(x,y,z)	 ((x)^(y)^(z))
+#define F2(x,y,z)	(((x)&(y))|((~x)&z))
+#define F3(x,y,z)	(((x)|(~y))^(z))
+#define F4(x,y,z)	(((x)&(z))|((y)&(~(z))))
+#define F5(x,y,z)	 ((x)^((y)|(~(z))))
+
+#define RIPEMD160_A	0x67452301L
+#define RIPEMD160_B	0xEFCDAB89L
+#define RIPEMD160_C	0x98BADCFEL
+#define RIPEMD160_D	0x10325476L
+#define RIPEMD160_E	0xC3D2E1F0L
+
+#include "rmdconst.h"
+
+#define RIP1(a,b,c,d,e,w,s) { \
+	a+=F1(b,c,d)+X[w]; \
+        a=ROTATE(a,s)+e; \
+        c=ROTATE(c,10); }
+
+#define RIP2(a,b,c,d,e,w,s,K) { \
+	a+=F2(b,c,d)+X[w]+K; \
+        a=ROTATE(a,s)+e; \
+        c=ROTATE(c,10); }
+
+#define RIP3(a,b,c,d,e,w,s,K) { \
+	a+=F3(b,c,d)+X[w]+K; \
+        a=ROTATE(a,s)+e; \
+        c=ROTATE(c,10); }
+
+#define RIP4(a,b,c,d,e,w,s,K) { \
+	a+=F4(b,c,d)+X[w]+K; \
+        a=ROTATE(a,s)+e; \
+        c=ROTATE(c,10); }
+
+#define RIP5(a,b,c,d,e,w,s,K) { \
+	a+=F5(b,c,d)+X[w]+K; \
+        a=ROTATE(a,s)+e; \
+        c=ROTATE(c,10); }
+
diff --git a/crypto/openssl/crypto/ripemd/rmd_one.c b/crypto/openssl/crypto/ripemd/rmd_one.c
new file mode 100644
index 000000000000..5b6ff1471456
--- /dev/null
+++ b/crypto/openssl/crypto/ripemd/rmd_one.c
@@ -0,0 +1,75 @@
+/* crypto/ripemd/rmd_one.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "rmd_locl.h"
+
+unsigned char *RIPEMD160(unsigned char *d, unsigned long n,
+	     unsigned char *md)
+	{
+	RIPEMD160_CTX c;
+	static unsigned char m[RIPEMD160_DIGEST_LENGTH];
+
+	if (md == NULL) md=m;
+	RIPEMD160_Init(&c);
+	RIPEMD160_Update(&c,d,n);
+	RIPEMD160_Final(md,&c);
+	memset(&c,0,sizeof(c)); /* security consideration */
+	return(md);
+	}
+
diff --git a/crypto/openssl/crypto/ripemd/rmdconst.h b/crypto/openssl/crypto/ripemd/rmdconst.h
new file mode 100644
index 000000000000..59c48dead1ba
--- /dev/null
+++ b/crypto/openssl/crypto/ripemd/rmdconst.h
@@ -0,0 +1,399 @@
+/* crypto/ripemd/rmdconst.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#define KL0 0x00000000L
+#define KL1 0x5A827999L
+#define KL2 0x6ED9EBA1L
+#define KL3 0x8F1BBCDCL
+#define KL4 0xA953FD4EL
+
+#define KR0 0x50A28BE6L
+#define KR1 0x5C4DD124L
+#define KR2 0x6D703EF3L
+#define KR3 0x7A6D76E9L
+#define KR4 0x00000000L
+
+#define WL00  0
+#define SL00 11
+#define WL01  1
+#define SL01 14
+#define WL02  2
+#define SL02 15
+#define WL03  3
+#define SL03 12
+#define WL04  4
+#define SL04  5
+#define WL05  5
+#define SL05  8
+#define WL06  6
+#define SL06  7
+#define WL07  7
+#define SL07  9
+#define WL08  8
+#define SL08 11
+#define WL09  9
+#define SL09 13
+#define WL10 10
+#define SL10 14
+#define WL11 11
+#define SL11 15
+#define WL12 12
+#define SL12  6
+#define WL13 13
+#define SL13  7
+#define WL14 14
+#define SL14  9
+#define WL15 15
+#define SL15  8
+
+#define WL16  7
+#define SL16  7
+#define WL17  4
+#define SL17  6
+#define WL18 13
+#define SL18  8
+#define WL19  1
+#define SL19 13
+#define WL20 10
+#define SL20 11
+#define WL21  6
+#define SL21  9
+#define WL22 15
+#define SL22  7
+#define WL23  3
+#define SL23 15
+#define WL24 12
+#define SL24  7
+#define WL25  0
+#define SL25 12
+#define WL26  9
+#define SL26 15
+#define WL27  5
+#define SL27  9
+#define WL28  2
+#define SL28 11
+#define WL29 14
+#define SL29  7
+#define WL30 11
+#define SL30 13
+#define WL31  8
+#define SL31 12
+
+#define WL32  3
+#define SL32 11
+#define WL33 10
+#define SL33 13
+#define WL34 14
+#define SL34  6
+#define WL35  4
+#define SL35  7
+#define WL36  9
+#define SL36 14
+#define WL37 15
+#define SL37  9
+#define WL38  8
+#define SL38 13
+#define WL39  1
+#define SL39 15
+#define WL40  2
+#define SL40 14
+#define WL41  7
+#define SL41  8
+#define WL42  0
+#define SL42 13
+#define WL43  6
+#define SL43  6
+#define WL44 13
+#define SL44  5
+#define WL45 11
+#define SL45 12
+#define WL46  5
+#define SL46  7
+#define WL47 12
+#define SL47  5
+
+#define WL48  1
+#define SL48 11
+#define WL49  9
+#define SL49 12
+#define WL50 11
+#define SL50 14
+#define WL51 10
+#define SL51 15
+#define WL52  0
+#define SL52 14
+#define WL53  8
+#define SL53 15
+#define WL54 12
+#define SL54  9
+#define WL55  4
+#define SL55  8
+#define WL56 13
+#define SL56  9
+#define WL57  3
+#define SL57 14
+#define WL58  7
+#define SL58  5
+#define WL59 15
+#define SL59  6
+#define WL60 14
+#define SL60  8
+#define WL61  5
+#define SL61  6
+#define WL62  6
+#define SL62  5
+#define WL63  2
+#define SL63 12
+
+#define WL64  4
+#define SL64  9
+#define WL65  0
+#define SL65 15
+#define WL66  5
+#define SL66  5
+#define WL67  9
+#define SL67 11
+#define WL68  7
+#define SL68  6
+#define WL69 12
+#define SL69  8
+#define WL70  2
+#define SL70 13
+#define WL71 10
+#define SL71 12
+#define WL72 14
+#define SL72  5
+#define WL73  1
+#define SL73 12
+#define WL74  3
+#define SL74 13
+#define WL75  8
+#define SL75 14
+#define WL76 11
+#define SL76 11
+#define WL77  6
+#define SL77  8
+#define WL78 15
+#define SL78  5
+#define WL79 13
+#define SL79  6
+
+#define WR00  5
+#define SR00  8
+#define WR01 14
+#define SR01  9
+#define WR02  7
+#define SR02  9
+#define WR03  0
+#define SR03 11
+#define WR04  9
+#define SR04 13
+#define WR05  2
+#define SR05 15
+#define WR06 11
+#define SR06 15
+#define WR07  4
+#define SR07  5
+#define WR08 13
+#define SR08  7
+#define WR09  6
+#define SR09  7
+#define WR10 15
+#define SR10  8
+#define WR11  8
+#define SR11 11
+#define WR12  1
+#define SR12 14
+#define WR13 10
+#define SR13 14
+#define WR14  3
+#define SR14 12
+#define WR15 12
+#define SR15  6
+
+#define WR16  6
+#define SR16  9
+#define WR17 11
+#define SR17 13
+#define WR18  3
+#define SR18 15
+#define WR19  7
+#define SR19  7
+#define WR20  0
+#define SR20 12
+#define WR21 13
+#define SR21  8
+#define WR22  5
+#define SR22  9
+#define WR23 10
+#define SR23 11
+#define WR24 14
+#define SR24  7
+#define WR25 15
+#define SR25  7
+#define WR26  8
+#define SR26 12
+#define WR27 12
+#define SR27  7
+#define WR28  4
+#define SR28  6
+#define WR29  9
+#define SR29 15
+#define WR30  1
+#define SR30 13
+#define WR31  2
+#define SR31 11
+
+#define WR32 15
+#define SR32  9
+#define WR33  5
+#define SR33  7
+#define WR34  1
+#define SR34 15
+#define WR35  3
+#define SR35 11
+#define WR36  7
+#define SR36  8
+#define WR37 14
+#define SR37  6
+#define WR38  6
+#define SR38  6
+#define WR39  9
+#define SR39 14
+#define WR40 11
+#define SR40 12
+#define WR41  8
+#define SR41 13
+#define WR42 12
+#define SR42  5
+#define WR43  2
+#define SR43 14
+#define WR44 10
+#define SR44 13
+#define WR45  0
+#define SR45 13
+#define WR46  4
+#define SR46  7
+#define WR47 13
+#define SR47  5
+
+#define WR48  8
+#define SR48 15
+#define WR49  6
+#define SR49  5
+#define WR50  4
+#define SR50  8
+#define WR51  1
+#define SR51 11
+#define WR52  3
+#define SR52 14
+#define WR53 11
+#define SR53 14
+#define WR54 15
+#define SR54  6
+#define WR55  0
+#define SR55 14
+#define WR56  5
+#define SR56  6
+#define WR57 12
+#define SR57  9
+#define WR58  2
+#define SR58 12
+#define WR59 13
+#define SR59  9
+#define WR60  9
+#define SR60 12
+#define WR61  7
+#define SR61  5
+#define WR62 10
+#define SR62 15
+#define WR63 14
+#define SR63  8
+
+#define WR64 12
+#define SR64  8
+#define WR65 15
+#define SR65  5
+#define WR66 10
+#define SR66 12
+#define WR67  4
+#define SR67  9
+#define WR68  1
+#define SR68 12
+#define WR69  5
+#define SR69  5
+#define WR70  8
+#define SR70 14
+#define WR71  7
+#define SR71  6
+#define WR72  6
+#define SR72  8
+#define WR73  2
+#define SR73 13
+#define WR74 13
+#define SR74  6
+#define WR75 14
+#define SR75  5
+#define WR76  0
+#define SR76 15
+#define WR77  3
+#define SR77 13
+#define WR78  9
+#define SR78 11
+#define WR79 11
+#define SR79 11
+
diff --git a/crypto/openssl/crypto/ripemd/rmdtest.c b/crypto/openssl/crypto/ripemd/rmdtest.c
new file mode 100644
index 000000000000..5e93d4627c9b
--- /dev/null
+++ b/crypto/openssl/crypto/ripemd/rmdtest.c
@@ -0,0 +1,140 @@
+/* crypto/ripemd/rmdtest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+
+#ifdef NO_RIPEMD
+int main(int argc, char *argv[])
+{
+    printf("No ripemd support\n");
+    return(0);
+}
+#else
+#include 
+
+#ifdef CHARSET_EBCDIC
+#include 
+#endif
+
+char *test[]={
+	"",
+	"a",
+	"abc",
+	"message digest",
+	"abcdefghijklmnopqrstuvwxyz",
+	"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
+	"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
+	"12345678901234567890123456789012345678901234567890123456789012345678901234567890",
+	NULL,
+	};
+
+char *ret[]={
+	"9c1185a5c5e9fc54612808977ee8f548b2258d31",
+	"0bdc9d2d256b3ee9daae347be6f4dc835a467ffe",
+	"8eb208f7e05d987a9b044a8e98c6b087f15a0bfc",
+	"5d0689ef49d2fae572b881b123a85ffa21595f36",
+	"f71c27109c692c1b56bbdceb5b9d2865b3708dbc",
+	"12a053384a9c0c88e405a06c27dcf49ada62eb2b",
+	"b0e20b6e3116640286ed3a87a5713079b21f5189",
+	"9b752e45573d4b39f4dbd3323cab82bf63326bfb",
+	};
+
+static char *pt(unsigned char *md);
+int main(int argc, char *argv[])
+	{
+	int i,err=0;
+	unsigned char **P,**R;
+	char *p;
+
+	P=(unsigned char **)test;
+	R=(unsigned char **)ret;
+	i=1;
+	while (*P != NULL)
+		{
+#ifdef CHARSET_EBCDIC
+		ebcdic2ascii((char *)*P, (char *)*P, strlen((char *)*P));
+#endif
+		p=pt(RIPEMD160(&(P[0][0]),(unsigned long)strlen((char *)*P),NULL));
+		if (strcmp(p,(char *)*R) != 0)
+			{
+			printf("error calculating RIPEMD160 on '%s'\n",*P);
+			printf("got %s instead of %s\n",p,*R);
+			err++;
+			}
+		else
+			printf("test %d ok\n",i);
+		i++;
+		R++;
+		P++;
+		}
+	exit(err);
+	return(0);
+	}
+
+static char *pt(unsigned char *md)
+	{
+	int i;
+	static char buf[80];
+
+	for (i=0; i asm/sx86-sol.s
+	as -o asm/sx86-sol.o asm/sx86-sol.s
+	rm -f asm/sx86-sol.s
+
+# a.out
+asm/sx86-out.o: asm/sx86unix.cpp
+	$(CPP) -DOUT asm/sx86unix.cpp | as -o asm/sx86-out.o
+
+# bsdi
+asm/sx86bsdi.o: asm/sx86unix.cpp
+	$(CPP) -DBSDI asm/sx86unix.cpp | sed 's/ :/:/' | as -o asm/sx86bsdi.o
+
+asm/sx86unix.cpp:
+	(cd asm; $(PERL) sha1-586.pl cpp $(PROCESSOR) >sx86unix.cpp)
+
+files:
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+	@for i in $(EXHEADER) ; \
+	do  \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+	done;
+
+tags:
+	ctags $(SRC)
+
+tests:
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+
+dclean:
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	rm -f asm/sx86unix.cpp *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff asm/*.o
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+sha1_one.o: ../../include/openssl/sha.h
+sha1dgst.o: ../../include/openssl/opensslconf.h
+sha1dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/sha.h
+sha1dgst.o: sha_locl.h
+sha_dgst.o: ../../include/openssl/opensslconf.h
+sha_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/sha.h
+sha_dgst.o: sha_locl.h
+sha_one.o: ../../include/openssl/sha.h
diff --git a/crypto/openssl/crypto/sha/Makefile.uni b/crypto/openssl/crypto/sha/Makefile.uni
new file mode 100644
index 000000000000..b7ec5caa4e52
--- /dev/null
+++ b/crypto/openssl/crypto/sha/Makefile.uni
@@ -0,0 +1,122 @@
+# Targets
+# make          - twidle the options yourself :-)
+# make cc       - standard cc options
+# make gcc      - standard gcc options
+# make x86-elf  - linux-elf etc
+# make x86-out  - linux-a.out, FreeBSD etc
+# make x86-solaris
+# make x86-bdsi
+
+DIR=    sha
+TOP=    .
+CC=     gcc
+CFLAG=	-O3 -fomit-frame-pointer
+
+CPP=    $(CC) -E
+INCLUDES=
+INSTALLTOP=/usr/local/lib
+MAKE=           make
+MAKEDEPEND=     makedepend
+MAKEFILE=       Makefile.uni
+AR=             ar r
+
+SHA_ASM_OBJ=
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+
+TEST1=shatest
+TEST2=sha1test
+APP1=sha
+APP2=sha1
+
+TEST=$(TEST1) $(TEST2)
+APPS=$(APP1) $(APP2)
+
+LIB=libsha.a
+LIBSRC=sha_dgst.c sha1dgst.c sha_one.c sha1_one.c
+LIBOBJ=sha_dgst.o sha1dgst.o sha_one.o sha1_one.o $(SHA_ASM_OBJ)
+
+SRC= $(LIBSRC)
+
+EXHEADER= sha.h
+HEADER= sha_locl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+all:    $(LIB) $(TEST) $(APPS)
+
+$(LIB): $(LIBOBJ)
+	$(AR) $(LIB) $(LIBOBJ)
+	$(RANLIB) $(LIB)
+
+# elf
+asm/sx86-elf.o: asm/sx86unix.cpp
+	$(CPP) -DELF asm/sx86unix.cpp | as -o asm/sx86-elf.o
+
+# solaris
+asm/sx86-sol.o: asm/sx86unix.cpp
+	$(CC) -E -DSOL asm/sx86unix.cpp | sed 's/^#.*//' > asm/sx86-sol.s
+	as -o asm/sx86-sol.o asm/sx86-sol.s
+	rm -f asm/sx86-sol.s
+
+# a.out
+asm/sx86-out.o: asm/sx86unix.cpp
+	$(CPP) -DOUT asm/sx86unix.cpp | as -o asm/sx86-out.o
+
+# bsdi
+asm/sx86bsdi.o: asm/sx86unix.cpp
+	$(CPP) -DBSDI asm/sx86unix.cpp | as -o asm/sx86bsdi.o
+
+asm/sx86unix.cpp:
+	(cd asm; perl sha1-586.pl cpp >sx86unix.cpp)
+
+test:	$(TEST)
+	./$(TEST1)
+	./$(TEST2)
+
+$(TEST1): $(TEST1).c $(LIB)
+	$(CC) -o $(TEST1) $(CFLAGS) $(TEST1).c $(LIB)
+
+$(TEST2): $(TEST2).c $(LIB)
+	$(CC) -o $(TEST2) $(CFLAGS) $(TEST2).c $(LIB)
+
+$(APP1): $(APP1).c $(LIB)
+	$(CC) -o $(APP1) $(CFLAGS) $(APP1).c $(LIB)
+
+$(APP2): $(APP2).c $(LIB)
+	$(CC) -o $(APP2) $(CFLAGS) $(APP2).c $(LIB)
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+
+dclean:
+	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	/bin/rm -f $(LIB) $(TEST) $(APPS) *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+cc:
+	$(MAKE) SHA_ASM_OBJ="" CC="cc" CFLAG="-O" all
+
+gcc:
+	$(MAKE) SHA_ASM_OBJ="" CC="gcc" CFLAGS="-O3 -fomit-frame-pointer" all
+
+x86-elf:
+	$(MAKE) SHA_ASM_OBJ="asm/sx86-elf.o" CFLAG="-DELF -DSHA1_ASM -DL_ENDIAN $(CFLAGS)" all
+
+x86-out:
+	$(MAKE) SHA_ASM_OBJ="asm/sx86-out.o" CFLAG="-DOUT -DSHA1_ASM -DL_ENDIAN $(CFLAGS)" all
+
+x86-solaris:
+	$(MAKE) SHA_ASM_OBJ="asm/sx86-sol.o" CFLAG="-DSOL -DSHA1_ASM -DL_ENDIAN $(CFLAGS)" all
+
+x86-bdsi:
+	$(MAKE) SHA_ASM_OBJ="asm/sx86-bdsi.o" CFLAG="-DBDSI -DSHA1_ASM -DL_ENDIAN $(CFLAGS)" all
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/openssl/crypto/sha/asm/README b/crypto/openssl/crypto/sha/asm/README
new file mode 100644
index 000000000000..b7e755765fcc
--- /dev/null
+++ b/crypto/openssl/crypto/sha/asm/README
@@ -0,0 +1 @@
+C2.pl works
diff --git a/crypto/openssl/crypto/sha/asm/sha1-586.pl b/crypto/openssl/crypto/sha/asm/sha1-586.pl
new file mode 100644
index 000000000000..04e42ab09fdf
--- /dev/null
+++ b/crypto/openssl/crypto/sha/asm/sha1-586.pl
@@ -0,0 +1,491 @@
+#!/usr/local/bin/perl
+
+$normal=0;
+
+push(@INC,"perlasm","../../perlasm");
+require "x86asm.pl";
+
+&asm_init($ARGV[0],"sha1-586.pl",$ARGV[$#ARGV] eq "386");
+
+$A="eax";
+$B="ebx";
+$C="ecx";
+$D="edx";
+$E="edi";
+$T="esi";
+$tmp1="ebp";
+
+$off=9*4;
+
+@K=(0x5a827999,0x6ed9eba1,0x8f1bbcdc,0xca62c1d6);
+
+&sha1_block("sha1_block_x86");
+
+&asm_finish();
+
+sub Nn
+	{
+	local($p)=@_;
+	local(%n)=($A,$T,$B,$A,$C,$B,$D,$C,$E,$D,$T,$E);
+	return($n{$p});
+	}
+
+sub Np
+	{
+	local($p)=@_;
+	local(%n)=($A,$T,$B,$A,$C,$B,$D,$C,$E,$D,$T,$E);
+	local(%n)=($A,$B,$B,$C,$C,$D,$D,$E,$E,$T,$T,$A);
+	return($n{$p});
+	}
+
+sub Na
+	{
+	local($n)=@_;
+	return( (($n   )&0x0f),
+		(($n+ 2)&0x0f),
+		(($n+ 8)&0x0f),
+		(($n+13)&0x0f),
+		(($n+ 1)&0x0f));
+	}
+
+sub X_expand
+	{
+	local($in)=@_;
+
+	&comment("First, load the words onto the stack in network byte order");
+	for ($i=0; $i<16; $i++)
+		{
+		&mov("eax",&DWP(($i+0)*4,$in,"",0)) unless $i == 0;
+		&bswap("eax");
+		&mov(&swtmp($i+0),"eax");
+		}
+
+	&comment("We now have the X array on the stack");
+	&comment("starting at sp-4");
+	}
+
+# Rules of engagement
+# F is always trashable at the start, the running total.
+# E becomes the next F so it can be trashed after it has been 'accumulated'
+# F becomes A in the next round.  We don't need to access it much.
+# During the X update part, the result ends up in $X[$n0].
+
+sub BODY_00_15
+	{
+	local($pos,$K,$X,$n,$a,$b,$c,$d,$e,$f)=@_;
+
+return if $n & 1;
+	&comment("00_15 $n");
+
+	 &mov($f,$c);
+
+	&mov($tmp1,$a);
+	 &xor($f,$d);			# F2
+
+	&rotl($tmp1,5);			# A2
+
+	&and($f,$b);			# F3
+	 &add($tmp1,$e);
+
+	&rotr($b,1);			# B1	<- F
+	 &mov($e,&swtmp($n));		# G1
+
+	&rotr($b,1);			# B1	<- F
+	 &xor($f,$d);			# F4
+
+	&lea($tmp1,&DWP($K,$tmp1,$e,1));
+
+############################
+#	&BODY_40_59( 0,$K[2],$X,42,$A,$B,$C,$D,$E,$T);
+#	&BODY_40_59( 0,$K[2],$X,43,$T,$A,$B,$C,$D,$E);
+$n++;
+	local($n0,$n1,$n2,$n3,$np)=&Na($n);
+	($b,$c,$d,$e,$f,$a)=($a,$b,$c,$d,$e,$f);
+
+	 &mov($f,$c);
+
+	&add($a,$tmp1);		# MOVED DOWN
+	 &xor($f,$d);			# F2
+
+	&mov($tmp1,$a);
+	 &and($f,$b);			# F3
+
+	&rotl($tmp1,5);			# A2
+
+	&add($tmp1,$e);
+	 &mov($e,&swtmp($n));		# G1
+
+	&rotr($b,1);			# B1	<- F
+	 &xor($f,$d);			# F4
+
+	&rotr($b,1);			# B1	<- F
+	 &lea($tmp1,&DWP($K,$tmp1,$e,1));
+
+	&add($f,$tmp1);
+	}
+
+sub BODY_16_19
+	{
+	local($pos,$K,$X,$n,$a,$b,$c,$d,$e,$f)=@_;
+	local($n0,$n1,$n2,$n3,$np)=&Na($n);
+
+return if $n & 1;
+	&comment("16_19 $n");
+
+ &nop() if ($pos < 0);
+&mov($tmp1,&swtmp($n0));			# X1
+ &mov($f,&swtmp($n1));			# X2
+&xor($f,$tmp1);				# X3
+ &mov($tmp1,&swtmp($n2));		# X4
+&xor($f,$tmp1);				# X5
+ &mov($tmp1,&swtmp($n3));		# X6
+&xor($f,$tmp1);				# X7 - slot
+ &mov($tmp1,$c);			# F1
+&rotl($f,1);				# X8 - slot
+ &xor($tmp1,$d);			# F2
+&mov(&swtmp($n0),$f);			# X9 - anytime
+ &and($tmp1,$b);			# F3
+&lea($f,&DWP($K,$f,$e,1));		# tot=X+K+e
+ &xor($tmp1,$d);				# F4
+&mov($e,$a);				# A1
+ &add($f,$tmp1);			# tot+=F();
+
+&rotl($e,5);				# A2
+
+&rotr($b,1);				# B1	<- F
+ &add($f,$e);				# tot+=a
+
+############################
+#	&BODY_40_59( 0,$K[2],$X,42,$A,$B,$C,$D,$E,$T);
+#	&BODY_40_59( 0,$K[2],$X,43,$T,$A,$B,$C,$D,$E);
+$n++;
+	local($n0,$n1,$n2,$n3,$np)=&Na($n);
+	($b,$c,$d,$e,$f,$a)=($a,$b,$c,$d,$e,$f);
+
+
+&mov($f,&swtmp($n0));			# X1
+ &mov($tmp1,&swtmp($n1));		# X2
+&xor($f,$tmp1);				# X3
+ &mov($tmp1,&swtmp($n2));		# X4
+&xor($f,$tmp1);				# X5
+ &mov($tmp1,&swtmp($n3));		# X6
+&rotr($c,1); #&rotr($b,1);		# B1	<- F # MOVED DOWN
+ &xor($f,$tmp1);				# X7 - slot
+&rotl($f,1);				# X8 - slot
+ &mov($tmp1,$c);			# F1
+&xor($tmp1,$d);			# F2
+ &mov(&swtmp($n0),$f);			# X9 - anytime
+&and($tmp1,$b);			# F3
+ &lea($f,&DWP($K,$f,$e,1));		# tot=X+K+e
+
+&xor($tmp1,$d);				# F4
+ &mov($e,$a);				# A1
+
+&rotl($e,5);				# A2
+
+&rotr($b,1);				# B1	<- F
+ &add($f,$e);				# tot+=a
+
+&rotr($b,1);				# B1	<- F
+ &add($f,$tmp1);			# tot+=F();
+
+	}
+
+sub BODY_20_39
+	{
+	local($pos,$K,$X,$n,$a,$b,$c,$d,$e,$f)=@_;
+
+	&comment("20_39 $n");
+	local($n0,$n1,$n2,$n3,$np)=&Na($n);
+
+&mov($f,&swtmp($n0));			# X1
+ &mov($tmp1,&swtmp($n1));		# X2
+&xor($f,$tmp1);				# X3
+ &mov($tmp1,&swtmp($n2));		# X4
+&xor($f,$tmp1);				# X5
+ &mov($tmp1,&swtmp($n3));		# X6
+&xor($f,$tmp1);				# X7 - slot
+ &mov($tmp1,$b);			# F1
+&rotl($f,1);				# X8 - slot
+ &xor($tmp1,$c);			# F2
+&mov(&swtmp($n0),$f);			# X9 - anytime
+ &xor($tmp1,$d);			# F3
+
+&lea($f,&DWP($K,$f,$e,1));		# tot=X+K+e
+ &mov($e,$a);				# A1
+
+&rotl($e,5);				# A2
+
+if ($n != 79) # last loop	
+	{
+	&rotr($b,1);				# B1	<- F
+	 &add($e,$tmp1);			# tmp1=F()+a
+
+	&rotr($b,1);				# B2	<- F
+	 &add($f,$e);				# tot+=tmp1;
+	}
+else
+	{
+	&add($e,$tmp1);				# tmp1=F()+a
+	 &mov($tmp1,&wparam(0));
+
+	&rotr($b,1);				# B1	<- F
+	 &add($f,$e);				# tot+=tmp1;
+
+	&rotr($b,1);				# B2	<- F
+	}
+	}
+
+sub BODY_40_59
+	{
+	local($pos,$K,$X,$n,$a,$b,$c,$d,$e,$f)=@_;
+
+	&comment("40_59 $n");
+	return if $n & 1;
+	local($n0,$n1,$n2,$n3,$np)=&Na($n);
+
+&mov($f,&swtmp($n0));			# X1
+ &mov($tmp1,&swtmp($n1));		# X2
+&xor($f,$tmp1);				# X3
+ &mov($tmp1,&swtmp($n2));		# X4
+&xor($f,$tmp1);				# X5
+ &mov($tmp1,&swtmp($n3));		# X6
+&xor($f,$tmp1);				# X7 - slot
+ &mov($tmp1,$b);			# F1
+&rotl($f,1);				# X8 - slot
+ &or($tmp1,$c);				# F2
+&mov(&swtmp($n0),$f);			# X9 - anytime
+ &and($tmp1,$d);			# F3
+
+&lea($f,&DWP($K,$f,$e,1));		# tot=X+K+e
+ &mov($e,$b);				# F4
+
+&rotr($b,1);				# B1	<- F
+ &and($e,$c);				# F5
+
+&or($tmp1,$e);				# F6
+ &mov($e,$a);				# A1
+
+&rotl($e,5);				# A2
+
+&add($tmp1,$e);			# tmp1=F()+a
+
+############################
+#	&BODY_40_59( 0,$K[2],$X,42,$A,$B,$C,$D,$E,$T);
+#	&BODY_40_59( 0,$K[2],$X,43,$T,$A,$B,$C,$D,$E);
+$n++;
+	local($n0,$n1,$n2,$n3,$np)=&Na($n);
+	($b,$c,$d,$e,$f,$a)=($a,$b,$c,$d,$e,$f);
+
+ &mov($f,&swtmp($n0));			# X1
+&add($a,$tmp1);				# tot+=tmp1; # moved was add f,tmp1
+ &mov($tmp1,&swtmp($n1));		# X2
+&xor($f,$tmp1);				# X3
+ &mov($tmp1,&swtmp($n2));		# X4
+&xor($f,$tmp1);				# X5
+ &mov($tmp1,&swtmp($n3));		# X6
+&rotr($c,1);				# B2	<- F # moved was rotr b,1
+ &xor($f,$tmp1);			# X7 - slot
+&rotl($f,1);				# X8 - slot
+ &mov($tmp1,$b);			# F1
+&mov(&swtmp($n0),$f);			# X9 - anytime
+ &or($tmp1,$c);				# F2
+&lea($f,&DWP($K,$f,$e,1));		# tot=X+K+e
+ &mov($e,$b);				# F4
+&and($tmp1,$d);				# F3
+ &and($e,$c);				# F5
+
+&or($tmp1,$e);				# F6
+ &mov($e,$a);				# A1
+
+&rotl($e,5);				# A2
+
+&rotr($b,1);				# B1	<- F
+ &add($tmp1,$e);			# tmp1=F()+a
+
+&rotr($b,1);				# B2	<- F
+ &add($f,$tmp1);			# tot+=tmp1;
+	}
+
+sub BODY_60_79
+	{
+	&BODY_20_39(@_);
+	}
+
+sub sha1_block
+	{
+	local($name)=@_;
+
+	&function_begin_B($name,"");
+
+	# parameter 1 is the MD5_CTX structure.
+	# A	0
+	# B	4
+	# C	8
+	# D 	12
+	# E 	16
+
+	&push("esi");
+	 &push("ebp");
+	&mov("eax",	&wparam(2));
+	 &mov("esi",	&wparam(1));
+	&add("eax",	"esi");	# offset to leave on
+	 &mov("ebp",	&wparam(0));
+	&push("ebx");
+	 &sub("eax",	64);
+	&push("edi");
+	 &mov($B,	&DWP( 4,"ebp","",0));
+	&stack_push(18);
+	 &mov($D,	&DWP(12,"ebp","",0));
+	&mov($E,	&DWP(16,"ebp","",0));
+	 &mov($C,	&DWP( 8,"ebp","",0));
+	&mov(&swtmp(17),"eax");
+
+	&comment("First we need to setup the X array");
+	 &mov("eax",&DWP(0,"esi","",0)); # pulled out of X_expand
+
+	&set_label("start") unless $normal;
+
+	&X_expand("esi");
+	 &mov(&swtmp(16),"esi");
+
+	&comment("");
+	&comment("Start processing");
+
+	# odd start
+	&mov($A,	&DWP( 0,"ebp","",0));
+	$X="esp";
+	&BODY_00_15(-2,$K[0],$X, 0,$A,$B,$C,$D,$E,$T);
+	&BODY_00_15( 0,$K[0],$X, 1,$T,$A,$B,$C,$D,$E);
+	&BODY_00_15( 0,$K[0],$X, 2,$E,$T,$A,$B,$C,$D);
+	&BODY_00_15( 0,$K[0],$X, 3,$D,$E,$T,$A,$B,$C);
+	&BODY_00_15( 0,$K[0],$X, 4,$C,$D,$E,$T,$A,$B);
+	&BODY_00_15( 0,$K[0],$X, 5,$B,$C,$D,$E,$T,$A);
+	&BODY_00_15( 0,$K[0],$X, 6,$A,$B,$C,$D,$E,$T);
+	&BODY_00_15( 0,$K[0],$X, 7,$T,$A,$B,$C,$D,$E);
+	&BODY_00_15( 0,$K[0],$X, 8,$E,$T,$A,$B,$C,$D);
+	&BODY_00_15( 0,$K[0],$X, 9,$D,$E,$T,$A,$B,$C);
+	&BODY_00_15( 0,$K[0],$X,10,$C,$D,$E,$T,$A,$B);
+	&BODY_00_15( 0,$K[0],$X,11,$B,$C,$D,$E,$T,$A);
+	&BODY_00_15( 0,$K[0],$X,12,$A,$B,$C,$D,$E,$T);
+	&BODY_00_15( 0,$K[0],$X,13,$T,$A,$B,$C,$D,$E);
+	&BODY_00_15( 0,$K[0],$X,14,$E,$T,$A,$B,$C,$D);
+	&BODY_00_15( 1,$K[0],$X,15,$D,$E,$T,$A,$B,$C);
+	&BODY_16_19(-1,$K[0],$X,16,$C,$D,$E,$T,$A,$B);
+	&BODY_16_19( 0,$K[0],$X,17,$B,$C,$D,$E,$T,$A);
+	&BODY_16_19( 0,$K[0],$X,18,$A,$B,$C,$D,$E,$T);
+	&BODY_16_19( 1,$K[0],$X,19,$T,$A,$B,$C,$D,$E);
+
+	&BODY_20_39(-1,$K[1],$X,20,$E,$T,$A,$B,$C,$D);
+	&BODY_20_39( 0,$K[1],$X,21,$D,$E,$T,$A,$B,$C);
+	&BODY_20_39( 0,$K[1],$X,22,$C,$D,$E,$T,$A,$B);
+	&BODY_20_39( 0,$K[1],$X,23,$B,$C,$D,$E,$T,$A);
+	&BODY_20_39( 0,$K[1],$X,24,$A,$B,$C,$D,$E,$T);
+	&BODY_20_39( 0,$K[1],$X,25,$T,$A,$B,$C,$D,$E);
+	&BODY_20_39( 0,$K[1],$X,26,$E,$T,$A,$B,$C,$D);
+	&BODY_20_39( 0,$K[1],$X,27,$D,$E,$T,$A,$B,$C);
+	&BODY_20_39( 0,$K[1],$X,28,$C,$D,$E,$T,$A,$B);
+	&BODY_20_39( 0,$K[1],$X,29,$B,$C,$D,$E,$T,$A);
+	&BODY_20_39( 0,$K[1],$X,30,$A,$B,$C,$D,$E,$T);
+	&BODY_20_39( 0,$K[1],$X,31,$T,$A,$B,$C,$D,$E);
+	&BODY_20_39( 0,$K[1],$X,32,$E,$T,$A,$B,$C,$D);
+	&BODY_20_39( 0,$K[1],$X,33,$D,$E,$T,$A,$B,$C);
+	&BODY_20_39( 0,$K[1],$X,34,$C,$D,$E,$T,$A,$B);
+	&BODY_20_39( 0,$K[1],$X,35,$B,$C,$D,$E,$T,$A);
+	&BODY_20_39( 0,$K[1],$X,36,$A,$B,$C,$D,$E,$T);
+	&BODY_20_39( 0,$K[1],$X,37,$T,$A,$B,$C,$D,$E);
+	&BODY_20_39( 0,$K[1],$X,38,$E,$T,$A,$B,$C,$D);
+	&BODY_20_39( 1,$K[1],$X,39,$D,$E,$T,$A,$B,$C);
+
+	&BODY_40_59(-1,$K[2],$X,40,$C,$D,$E,$T,$A,$B);
+	&BODY_40_59( 0,$K[2],$X,41,$B,$C,$D,$E,$T,$A);
+	&BODY_40_59( 0,$K[2],$X,42,$A,$B,$C,$D,$E,$T);
+	&BODY_40_59( 0,$K[2],$X,43,$T,$A,$B,$C,$D,$E);
+	&BODY_40_59( 0,$K[2],$X,44,$E,$T,$A,$B,$C,$D);
+	&BODY_40_59( 0,$K[2],$X,45,$D,$E,$T,$A,$B,$C);
+	&BODY_40_59( 0,$K[2],$X,46,$C,$D,$E,$T,$A,$B);
+	&BODY_40_59( 0,$K[2],$X,47,$B,$C,$D,$E,$T,$A);
+	&BODY_40_59( 0,$K[2],$X,48,$A,$B,$C,$D,$E,$T);
+	&BODY_40_59( 0,$K[2],$X,49,$T,$A,$B,$C,$D,$E);
+	&BODY_40_59( 0,$K[2],$X,50,$E,$T,$A,$B,$C,$D);
+	&BODY_40_59( 0,$K[2],$X,51,$D,$E,$T,$A,$B,$C);
+	&BODY_40_59( 0,$K[2],$X,52,$C,$D,$E,$T,$A,$B);
+	&BODY_40_59( 0,$K[2],$X,53,$B,$C,$D,$E,$T,$A);
+	&BODY_40_59( 0,$K[2],$X,54,$A,$B,$C,$D,$E,$T);
+	&BODY_40_59( 0,$K[2],$X,55,$T,$A,$B,$C,$D,$E);
+	&BODY_40_59( 0,$K[2],$X,56,$E,$T,$A,$B,$C,$D);
+	&BODY_40_59( 0,$K[2],$X,57,$D,$E,$T,$A,$B,$C);
+	&BODY_40_59( 0,$K[2],$X,58,$C,$D,$E,$T,$A,$B);
+	&BODY_40_59( 1,$K[2],$X,59,$B,$C,$D,$E,$T,$A);
+
+	&BODY_60_79(-1,$K[3],$X,60,$A,$B,$C,$D,$E,$T);
+	&BODY_60_79( 0,$K[3],$X,61,$T,$A,$B,$C,$D,$E);
+	&BODY_60_79( 0,$K[3],$X,62,$E,$T,$A,$B,$C,$D);
+	&BODY_60_79( 0,$K[3],$X,63,$D,$E,$T,$A,$B,$C);
+	&BODY_60_79( 0,$K[3],$X,64,$C,$D,$E,$T,$A,$B);
+	&BODY_60_79( 0,$K[3],$X,65,$B,$C,$D,$E,$T,$A);
+	&BODY_60_79( 0,$K[3],$X,66,$A,$B,$C,$D,$E,$T);
+	&BODY_60_79( 0,$K[3],$X,67,$T,$A,$B,$C,$D,$E);
+	&BODY_60_79( 0,$K[3],$X,68,$E,$T,$A,$B,$C,$D);
+	&BODY_60_79( 0,$K[3],$X,69,$D,$E,$T,$A,$B,$C);
+	&BODY_60_79( 0,$K[3],$X,70,$C,$D,$E,$T,$A,$B);
+	&BODY_60_79( 0,$K[3],$X,71,$B,$C,$D,$E,$T,$A);
+	&BODY_60_79( 0,$K[3],$X,72,$A,$B,$C,$D,$E,$T);
+	&BODY_60_79( 0,$K[3],$X,73,$T,$A,$B,$C,$D,$E);
+	&BODY_60_79( 0,$K[3],$X,74,$E,$T,$A,$B,$C,$D);
+	&BODY_60_79( 0,$K[3],$X,75,$D,$E,$T,$A,$B,$C);
+	&BODY_60_79( 0,$K[3],$X,76,$C,$D,$E,$T,$A,$B);
+	&BODY_60_79( 0,$K[3],$X,77,$B,$C,$D,$E,$T,$A);
+	&BODY_60_79( 0,$K[3],$X,78,$A,$B,$C,$D,$E,$T);
+	&BODY_60_79( 2,$K[3],$X,79,$T,$A,$B,$C,$D,$E);
+
+	&comment("End processing");
+	&comment("");
+	# D is the tmp value
+
+	# E -> A
+	# T -> B
+	# A -> C
+	# B -> D
+	# C -> E
+	# D -> T
+
+	# The last 2 have been moved into the last loop
+	# &mov($tmp1,&wparam(0));
+
+	 &mov($D,	&DWP(12,$tmp1,"",0));
+	&add($D,$B);
+	 &mov($B,	&DWP( 4,$tmp1,"",0));
+	&add($B,$T);
+	 &mov($T,	$A);
+	&mov($A,	&DWP( 0,$tmp1,"",0));
+	 &mov(&DWP(12,$tmp1,"",0),$D);
+
+	&add($A,$E);
+	 &mov($E,	&DWP(16,$tmp1,"",0));
+	&add($E,$C);
+	 &mov($C,	&DWP( 8,$tmp1,"",0));
+	&add($C,$T);
+
+	 &mov(&DWP( 0,$tmp1,"",0),$A);
+	&mov("esi",&swtmp(16));
+	 &mov(&DWP( 8,$tmp1,"",0),$C);	# This is for looping
+ 	&add("esi",64);
+	 &mov("eax",&swtmp(17));
+	&mov(&DWP(16,$tmp1,"",0),$E);
+	 &cmp("eax","esi");
+	&mov(&DWP( 4,$tmp1,"",0),$B);	# This is for looping
+	 &jl(&label("end"));
+	&mov("eax",&DWP(0,"esi","",0));	# Pulled down from 
+	 &jmp(&label("start"));
+
+	&set_label("end");
+	&stack_pop(18);
+	 &pop("edi");
+	&pop("ebx");
+	 &pop("ebp");
+	&pop("esi");
+	 &ret();
+	&function_end_B($name);
+	}
+
diff --git a/crypto/openssl/crypto/sha/sha.c b/crypto/openssl/crypto/sha/sha.c
new file mode 100644
index 000000000000..42126551d12e
--- /dev/null
+++ b/crypto/openssl/crypto/sha/sha.c
@@ -0,0 +1,124 @@
+/* crypto/sha/sha.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+
+#define BUFSIZE	1024*16
+
+void do_fp(FILE *f);
+void pt(unsigned char *md);
+int read(int, void *, unsigned int);
+int main(int argc, char **argv)
+	{
+	int i,err=0;
+	FILE *IN;
+
+	if (argc == 1)
+		{
+		do_fp(stdin);
+		}
+	else
+		{
+		for (i=1; i
+#include 
+#include 
+
+#define BUFSIZE	1024*16
+
+void do_fp(FILE *f);
+void pt(unsigned char *md);
+#ifndef _OSD_POSIX
+int read(int, void *, unsigned int);
+#endif
+
+int main(int argc, char **argv)
+	{
+	int i,err=0;
+	FILE *IN;
+
+	if (argc == 1)
+		{
+		do_fp(stdin);
+		}
+	else
+		{
+		for (i=1; i
+#include 
+#include 
+
+#ifndef NO_SHA1
+unsigned char *SHA1(const unsigned char *d, unsigned long n, unsigned char *md)
+	{
+	SHA_CTX c;
+	static unsigned char m[SHA_DIGEST_LENGTH];
+
+	if (md == NULL) md=m;
+	SHA1_Init(&c);
+	SHA1_Update(&c,d,n);
+	SHA1_Final(md,&c);
+	memset(&c,0,sizeof(c));
+	return(md);
+	}
+#endif
diff --git a/crypto/openssl/crypto/sha/sha1dgst.c b/crypto/openssl/crypto/sha/sha1dgst.c
new file mode 100644
index 000000000000..66e885dd76d2
--- /dev/null
+++ b/crypto/openssl/crypto/sha/sha1dgst.c
@@ -0,0 +1,498 @@
+/* crypto/sha/sha1dgst.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#undef  SHA_0
+#define SHA_1
+#include 
+#include "sha_locl.h"
+#include 
+
+#ifndef NO_SHA1
+char *SHA1_version="SHA1" OPENSSL_VERSION_PTEXT;
+
+/* Implemented from SHA-1 document - The Secure Hash Algorithm
+ */
+
+#define INIT_DATA_h0 0x67452301UL
+#define INIT_DATA_h1 0xefcdab89UL
+#define INIT_DATA_h2 0x98badcfeUL
+#define INIT_DATA_h3 0x10325476UL
+#define INIT_DATA_h4 0xc3d2e1f0UL
+
+#define K_00_19	0x5a827999UL
+#define K_20_39 0x6ed9eba1UL
+#define K_40_59 0x8f1bbcdcUL
+#define K_60_79 0xca62c1d6UL
+
+#ifdef SHA1_ASM
+   void sha1_block_x86(SHA_CTX *c, register SHA_LONG *p, int num);
+#  define sha1_block(c,p,n) sha1_block_x86((c),(p),(n)*SHA_CBLOCK)
+#else
+   static void sha1_block(SHA_CTX *c, register SHA_LONG *p, int num);
+#endif
+
+#if !defined(B_ENDIAN) && defined(SHA1_ASM)
+#  define	M_c2nl 		c2l
+#  define	M_p_c2nl 	p_c2l
+#  define	M_c2nl_p	c2l_p
+#  define	M_p_c2nl_p	p_c2l_p
+#  define	M_nl2c		l2c
+#else
+#  define	M_c2nl 		c2nl
+#  define	M_p_c2nl	p_c2nl
+#  define	M_c2nl_p	c2nl_p
+#  define	M_p_c2nl_p	p_c2nl_p
+#  define	M_nl2c		nl2c
+#endif
+
+void SHA1_Init(SHA_CTX *c)
+	{
+	c->h0=INIT_DATA_h0;
+	c->h1=INIT_DATA_h1;
+	c->h2=INIT_DATA_h2;
+	c->h3=INIT_DATA_h3;
+	c->h4=INIT_DATA_h4;
+	c->Nl=0;
+	c->Nh=0;
+	c->num=0;
+	}
+
+void SHA1_Update(SHA_CTX *c, register const unsigned char *data,
+	     unsigned long len)
+	{
+	register SHA_LONG *p;
+	int ew,ec,sw,sc;
+	SHA_LONG l;
+
+	if (len == 0) return;
+
+	l=(c->Nl+(len<<3))&0xffffffffL;
+	if (l < c->Nl) /* overflow */
+		c->Nh++;
+	c->Nh+=(len>>29);
+	c->Nl=l;
+
+	if (c->num != 0)
+		{
+		p=c->data;
+		sw=c->num>>2;
+		sc=c->num&0x03;
+
+		if ((c->num+len) >= SHA_CBLOCK)
+			{
+			l= p[sw];
+			M_p_c2nl(data,l,sc);
+			p[sw++]=l;
+			for (; swnum);
+
+			sha1_block(c,p,1);
+			c->num=0;
+			/* drop through and do the rest */
+			}
+		else
+			{
+			c->num+=(int)len;
+			if ((sc+len) < 4) /* ugly, add char's to a word */
+				{
+				l= p[sw];
+				M_p_c2nl_p(data,l,sc,len);
+				p[sw]=l;
+				}
+			else
+				{
+				ew=(c->num>>2);
+				ec=(c->num&0x03);
+				l= p[sw];
+				M_p_c2nl(data,l,sc);
+				p[sw++]=l;
+				for (; sw < ew; sw++)
+					{ M_c2nl(data,l); p[sw]=l; }
+				if (ec)
+					{
+					M_c2nl_p(data,l,ec);
+					p[sw]=l;
+					}
+				}
+			return;
+			}
+		}
+	/* We can only do the following code for assember, the reason
+	 * being that the sha1_block 'C' version changes the values
+	 * in the 'data' array.  The assember code avoids this and
+	 * copies it to a local array.  I should be able to do this for
+	 * the C version as well....
+	 */
+#if SHA_LONG_LOG2==2
+#if defined(B_ENDIAN) || defined(SHA1_ASM)
+	if ((((unsigned long)data)%sizeof(SHA_LONG)) == 0)
+		{
+		sw=len/SHA_CBLOCK;
+		if (sw)
+			{
+			sha1_block(c,(SHA_LONG *)data,sw);
+			sw*=SHA_CBLOCK;
+			data+=sw;
+			len-=sw;
+			}
+		}
+#endif
+#endif
+	/* we now can process the input data in blocks of SHA_CBLOCK
+	 * chars and save the leftovers to c->data. */
+	p=c->data;
+	while (len >= SHA_CBLOCK)
+		{
+#if SHA_LONG_LOG2==2
+#if defined(B_ENDIAN) || defined(SHA1_ASM)
+#define SHA_NO_TAIL_CODE
+		/*
+		 * Basically we get here only when data happens
+		 * to be unaligned.
+		 */
+		if (p != (SHA_LONG *)data)
+			memcpy(p,data,SHA_CBLOCK);
+		data+=SHA_CBLOCK;
+		sha1_block(c,p=c->data,1);
+		len-=SHA_CBLOCK;
+#elif defined(L_ENDIAN)
+#define BE_COPY(dst,src,i)	{				\
+				l = ((SHA_LONG *)src)[i];	\
+				Endian_Reverse32(l);		\
+				dst[i] = l;			\
+				}
+		if ((((unsigned long)data)%sizeof(SHA_LONG)) == 0)
+			{
+			for (sw=(SHA_LBLOCK/4); sw; sw--)
+				{
+				BE_COPY(p,data,0);
+				BE_COPY(p,data,1);
+				BE_COPY(p,data,2);
+				BE_COPY(p,data,3);
+				p+=4;
+				data += 4*sizeof(SHA_LONG);
+				}
+			sha1_block(c,p=c->data,1);
+			len-=SHA_CBLOCK;
+			continue;
+			}
+#endif
+#endif
+#ifndef SHA_NO_TAIL_CODE
+		/*
+		 * In addition to "sizeof(SHA_LONG)!= 4" case the
+		 * following code covers unaligned access cases on
+		 * little-endian machines.
+		 *			
+		 */
+		p=c->data;
+		for (sw=(SHA_LBLOCK/4); sw; sw--)
+			{
+			M_c2nl(data,l); p[0]=l;
+			M_c2nl(data,l); p[1]=l;
+			M_c2nl(data,l); p[2]=l;
+			M_c2nl(data,l); p[3]=l;
+			p+=4;
+			}
+		p=c->data;
+		sha1_block(c,p,1);
+		len-=SHA_CBLOCK;
+#endif
+		}
+	ec=(int)len;
+	c->num=ec;
+	ew=(ec>>2);
+	ec&=0x03;
+
+	for (sw=0; sw < ew; sw++)
+		{ M_c2nl(data,l); p[sw]=l; }
+	M_c2nl_p(data,l,ec);
+	p[sw]=l;
+	}
+
+void SHA1_Transform(SHA_CTX *c, unsigned char *b)
+	{
+	SHA_LONG p[SHA_LBLOCK];
+
+#if SHA_LONG_LOG2==2
+#if defined(B_ENDIAN) || defined(SHA1_ASM)
+	memcpy(p,b,SHA_CBLOCK);
+	sha1_block(c,p,1);
+	return;
+#elif defined(L_ENDIAN)
+	if (((unsigned long)b%sizeof(SHA_LONG)) == 0)
+		{
+		SHA_LONG *q;
+		int i;
+
+		q=p;
+		for (i=(SHA_LBLOCK/4); i; i--)
+			{
+			unsigned long l;
+			BE_COPY(q,b,0);	/* BE_COPY was defined above */
+			BE_COPY(q,b,1);
+			BE_COPY(q,b,2);
+			BE_COPY(q,b,3);
+			q+=4;
+			b+=4*sizeof(SHA_LONG);
+			}
+		sha1_block(c,p,1);
+		return;
+		}
+#endif
+#endif
+#ifndef SHA_NO_TAIL_CODE /* defined above, see comment */
+		{
+		SHA_LONG *q;
+		int i;
+	
+		q=p;
+		for (i=(SHA_LBLOCK/4); i; i--)
+			{
+			SHA_LONG l;
+			c2nl(b,l); *(q++)=l;
+			c2nl(b,l); *(q++)=l;
+			c2nl(b,l); *(q++)=l;
+			c2nl(b,l); *(q++)=l; 
+			} 
+		sha1_block(c,p,1);
+		}
+#endif
+	}
+
+#ifndef SHA1_ASM
+static void sha1_block(SHA_CTX *c, register SHA_LONG *W, int num)
+	{
+	register SHA_LONG A,B,C,D,E,T;
+	SHA_LONG X[SHA_LBLOCK];
+
+	A=c->h0;
+	B=c->h1;
+	C=c->h2;
+	D=c->h3;
+	E=c->h4;
+
+	for (;;)
+		{
+	BODY_00_15( 0,A,B,C,D,E,T,W);
+	BODY_00_15( 1,T,A,B,C,D,E,W);
+	BODY_00_15( 2,E,T,A,B,C,D,W);
+	BODY_00_15( 3,D,E,T,A,B,C,W);
+	BODY_00_15( 4,C,D,E,T,A,B,W);
+	BODY_00_15( 5,B,C,D,E,T,A,W);
+	BODY_00_15( 6,A,B,C,D,E,T,W);
+	BODY_00_15( 7,T,A,B,C,D,E,W);
+	BODY_00_15( 8,E,T,A,B,C,D,W);
+	BODY_00_15( 9,D,E,T,A,B,C,W);
+	BODY_00_15(10,C,D,E,T,A,B,W);
+	BODY_00_15(11,B,C,D,E,T,A,W);
+	BODY_00_15(12,A,B,C,D,E,T,W);
+	BODY_00_15(13,T,A,B,C,D,E,W);
+	BODY_00_15(14,E,T,A,B,C,D,W);
+	BODY_00_15(15,D,E,T,A,B,C,W);
+	BODY_16_19(16,C,D,E,T,A,B,W,W,W,W);
+	BODY_16_19(17,B,C,D,E,T,A,W,W,W,W);
+	BODY_16_19(18,A,B,C,D,E,T,W,W,W,W);
+	BODY_16_19(19,T,A,B,C,D,E,W,W,W,X);
+
+	BODY_20_31(20,E,T,A,B,C,D,W,W,W,X);
+	BODY_20_31(21,D,E,T,A,B,C,W,W,W,X);
+	BODY_20_31(22,C,D,E,T,A,B,W,W,W,X);
+	BODY_20_31(23,B,C,D,E,T,A,W,W,W,X);
+	BODY_20_31(24,A,B,C,D,E,T,W,W,X,X);
+	BODY_20_31(25,T,A,B,C,D,E,W,W,X,X);
+	BODY_20_31(26,E,T,A,B,C,D,W,W,X,X);
+	BODY_20_31(27,D,E,T,A,B,C,W,W,X,X);
+	BODY_20_31(28,C,D,E,T,A,B,W,W,X,X);
+	BODY_20_31(29,B,C,D,E,T,A,W,W,X,X);
+	BODY_20_31(30,A,B,C,D,E,T,W,X,X,X);
+	BODY_20_31(31,T,A,B,C,D,E,W,X,X,X);
+	BODY_32_39(32,E,T,A,B,C,D,X);
+	BODY_32_39(33,D,E,T,A,B,C,X);
+	BODY_32_39(34,C,D,E,T,A,B,X);
+	BODY_32_39(35,B,C,D,E,T,A,X);
+	BODY_32_39(36,A,B,C,D,E,T,X);
+	BODY_32_39(37,T,A,B,C,D,E,X);
+	BODY_32_39(38,E,T,A,B,C,D,X);
+	BODY_32_39(39,D,E,T,A,B,C,X);
+
+	BODY_40_59(40,C,D,E,T,A,B,X);
+	BODY_40_59(41,B,C,D,E,T,A,X);
+	BODY_40_59(42,A,B,C,D,E,T,X);
+	BODY_40_59(43,T,A,B,C,D,E,X);
+	BODY_40_59(44,E,T,A,B,C,D,X);
+	BODY_40_59(45,D,E,T,A,B,C,X);
+	BODY_40_59(46,C,D,E,T,A,B,X);
+	BODY_40_59(47,B,C,D,E,T,A,X);
+	BODY_40_59(48,A,B,C,D,E,T,X);
+	BODY_40_59(49,T,A,B,C,D,E,X);
+	BODY_40_59(50,E,T,A,B,C,D,X);
+	BODY_40_59(51,D,E,T,A,B,C,X);
+	BODY_40_59(52,C,D,E,T,A,B,X);
+	BODY_40_59(53,B,C,D,E,T,A,X);
+	BODY_40_59(54,A,B,C,D,E,T,X);
+	BODY_40_59(55,T,A,B,C,D,E,X);
+	BODY_40_59(56,E,T,A,B,C,D,X);
+	BODY_40_59(57,D,E,T,A,B,C,X);
+	BODY_40_59(58,C,D,E,T,A,B,X);
+	BODY_40_59(59,B,C,D,E,T,A,X);
+
+	BODY_60_79(60,A,B,C,D,E,T,X);
+	BODY_60_79(61,T,A,B,C,D,E,X);
+	BODY_60_79(62,E,T,A,B,C,D,X);
+	BODY_60_79(63,D,E,T,A,B,C,X);
+	BODY_60_79(64,C,D,E,T,A,B,X);
+	BODY_60_79(65,B,C,D,E,T,A,X);
+	BODY_60_79(66,A,B,C,D,E,T,X);
+	BODY_60_79(67,T,A,B,C,D,E,X);
+	BODY_60_79(68,E,T,A,B,C,D,X);
+	BODY_60_79(69,D,E,T,A,B,C,X);
+	BODY_60_79(70,C,D,E,T,A,B,X);
+	BODY_60_79(71,B,C,D,E,T,A,X);
+	BODY_60_79(72,A,B,C,D,E,T,X);
+	BODY_60_79(73,T,A,B,C,D,E,X);
+	BODY_60_79(74,E,T,A,B,C,D,X);
+	BODY_60_79(75,D,E,T,A,B,C,X);
+	BODY_60_79(76,C,D,E,T,A,B,X);
+	BODY_60_79(77,B,C,D,E,T,A,X);
+	BODY_60_79(78,A,B,C,D,E,T,X);
+	BODY_60_79(79,T,A,B,C,D,E,X);
+	
+	c->h0=(c->h0+E)&0xffffffffL; 
+	c->h1=(c->h1+T)&0xffffffffL;
+	c->h2=(c->h2+A)&0xffffffffL;
+	c->h3=(c->h3+B)&0xffffffffL;
+	c->h4=(c->h4+C)&0xffffffffL;
+
+	if (--num <= 0) break;
+
+	A=c->h0;
+	B=c->h1;
+	C=c->h2;
+	D=c->h3;
+	E=c->h4;
+
+	W+=SHA_LBLOCK;	/* Note! This can happen only when sizeof(SHA_LONG)
+			 * is 4. Whenever it's not the actual case this
+			 * function is never called with num larger than 1
+			 * and we never advance down here.
+			 *			
+			 */
+		}
+	}
+#endif
+
+void SHA1_Final(unsigned char *md, SHA_CTX *c)
+	{
+	register int i,j;
+	register SHA_LONG l;
+	register SHA_LONG *p;
+	static unsigned char end[4]={0x80,0x00,0x00,0x00};
+	unsigned char *cp=end;
+
+	/* c->num should definitly have room for at least one more byte. */
+	p=c->data;
+	j=c->num;
+	i=j>>2;
+#ifdef PURIFY
+	if ((j&0x03) == 0) p[i]=0;
+#endif
+	l=p[i];
+	M_p_c2nl(cp,l,j&0x03);
+	p[i]=l;
+	i++;
+	/* i is the next 'undefined word' */
+	if (c->num >= SHA_LAST_BLOCK)
+		{
+		for (; iNh;
+	p[SHA_LBLOCK-1]=c->Nl;
+#if SHA_LONG_LOG2==2
+#if !defined(B_ENDIAN) && defined(SHA1_ASM)
+	Endian_Reverse32(p[SHA_LBLOCK-2]);
+	Endian_Reverse32(p[SHA_LBLOCK-1]);
+#endif
+#endif
+	sha1_block(c,p,1);
+	cp=md;
+	l=c->h0; nl2c(l,cp);
+	l=c->h1; nl2c(l,cp);
+	l=c->h2; nl2c(l,cp);
+	l=c->h3; nl2c(l,cp);
+	l=c->h4; nl2c(l,cp);
+
+	c->num=0;
+	/* sha_block may be leaving some stuff on the stack
+	 * but I'm not worried :-)
+	memset((void *)c,0,sizeof(SHA_CTX));
+	 */
+	}
+#endif
+
diff --git a/crypto/openssl/crypto/sha/sha1s.cpp b/crypto/openssl/crypto/sha/sha1s.cpp
new file mode 100644
index 000000000000..3103e1871bbe
--- /dev/null
+++ b/crypto/openssl/crypto/sha/sha1s.cpp
@@ -0,0 +1,79 @@
+//
+// gettsc.inl
+//
+// gives access to the Pentium's (secret) cycle counter
+//
+// This software was written by Leonard Janke (janke@unixg.ubc.ca)
+// in 1996-7 and is entered, by him, into the public domain.
+
+#if defined(__WATCOMC__)
+void GetTSC(unsigned long&);
+#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
+#elif defined(__GNUC__)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  asm volatile(".byte 15, 49\n\t"
+	       : "=eax" (tsc)
+	       :
+	       : "%edx", "%eax");
+}
+#elif defined(_MSC_VER)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  unsigned long a;
+  __asm _emit 0fh
+  __asm _emit 31h
+  __asm mov a, eax;
+  tsc=a;
+}
+#endif      
+
+#include 
+#include 
+#include 
+
+extern "C" {
+void sha1_block_x86(SHA_CTX *ctx, unsigned char *buffer,int num);
+}
+
+void main(int argc,char *argv[])
+	{
+	unsigned char buffer[64*256];
+	SHA_CTX ctx;
+	unsigned long s1,s2,e1,e2;
+	unsigned char k[16];
+	unsigned long data[2];
+	unsigned char iv[8];
+	int i,num=0,numm;
+	int j=0;
+
+	if (argc >= 2)
+		num=atoi(argv[1]);
+
+	if (num == 0) num=16;
+	if (num > 250) num=16;
+	numm=num+2;
+	num*=64;
+	numm*=64;
+
+	for (j=0; j<6; j++)
+		{
+		for (i=0; i<10; i++) /**/
+			{
+			sha1_block_x86(&ctx,buffer,numm);
+			GetTSC(s1);
+			sha1_block_x86(&ctx,buffer,numm);
+			GetTSC(e1);
+			GetTSC(s2);
+			sha1_block_x86(&ctx,buffer,num);
+			GetTSC(e2);
+			sha1_block_x86(&ctx,buffer,num);
+			}
+
+		printf("sha1 (%d bytes) %d %d (%.2f)\n",num,
+			e1-s1,e2-s2,(double)((e1-s1)-(e2-s2))/2);
+		}
+	}
+
diff --git a/crypto/openssl/crypto/sha/sha1test.c b/crypto/openssl/crypto/sha/sha1test.c
new file mode 100644
index 000000000000..9400ad2a61fb
--- /dev/null
+++ b/crypto/openssl/crypto/sha/sha1test.c
@@ -0,0 +1,168 @@
+/* crypto/sha/sha1test.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+
+#ifdef NO_SHA
+int main(int argc, char *argv[])
+{
+    printf("No SHA support\n");
+    return(0);
+}
+#else
+#include 
+
+#ifdef CHARSET_EBCDIC
+#include 
+#endif
+
+#undef SHA_0 /* FIPS 180 */
+#define  SHA_1 /* FIPS 180-1 */
+
+char *test[]={
+	"abc",
+	"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
+	NULL,
+	};
+
+#ifdef SHA_0
+char *ret[]={
+	"0164b8a914cd2a5e74c4f7ff082c4d97f1edf880",
+	"d2516ee1acfa5baf33dfc1c471e438449ef134c8",
+	};
+char *bigret=
+	"3232affa48628a26653b5aaa44541fd90d690603";
+#endif
+#ifdef SHA_1
+char *ret[]={
+	"a9993e364706816aba3e25717850c26c9cd0d89d",
+	"84983e441c3bd26ebaae4aa1f95129e5e54670f1",
+	};
+char *bigret=
+	"34aa973cd4c4daa4f61eeb2bdbad27316534016f";
+#endif
+
+static char *pt(unsigned char *md);
+int main(int argc, char *argv[])
+	{
+	int i,err=0;
+	unsigned char **P,**R;
+	static unsigned char buf[1000];
+	char *p,*r;
+	SHA_CTX c;
+	unsigned char md[SHA_DIGEST_LENGTH];
+
+#ifdef CHARSET_EBCDIC
+	ebcdic2ascii(test[0], test[0], strlen(test[0]));
+	ebcdic2ascii(test[1], test[1], strlen(test[1]));
+#endif
+
+	P=(unsigned char **)test;
+	R=(unsigned char **)ret;
+	i=1;
+	while (*P != NULL)
+		{
+		p=pt(SHA1(*P,(unsigned long)strlen((char *)*P),NULL));
+		if (strcmp(p,(char *)*R) != 0)
+			{
+			printf("error calculating SHA1 on '%s'\n",*P);
+			printf("got %s instead of %s\n",p,*R);
+			err++;
+			}
+		else
+			printf("test %d ok\n",i);
+		i++;
+		R++;
+		P++;
+		}
+
+	memset(buf,'a',1000);
+#ifdef CHARSET_EBCDIC
+	ebcdic2ascii(buf, buf, 1000);
+#endif /*CHARSET_EBCDIC*/
+	SHA1_Init(&c);
+	for (i=0; i<1000; i++)
+		SHA1_Update(&c,buf,1000);
+	SHA1_Final(md,&c);
+	p=pt(md);
+
+	r=bigret;
+	if (strcmp(p,r) != 0)
+		{
+		printf("error calculating SHA1 on 'a' * 1000\n");
+		printf("got %s instead of %s\n",p,r);
+		err++;
+		}
+	else
+		printf("test 3 ok\n");
+	exit(err);
+	return(0);
+	}
+
+static char *pt(unsigned char *md)
+	{
+	int i;
+	static char buf[80];
+
+	for (i=0; i
+#include 
+#define  SHA_0
+#undef SHA_1
+#include 
+#include "sha_locl.h"
+#include 
+
+#ifndef NO_SHA0
+char *SHA_version="SHA" OPENSSL_VERSION_PTEXT;
+
+/* Implemented from SHA-0 document - The Secure Hash Algorithm
+ */
+
+#define INIT_DATA_h0 0x67452301UL
+#define INIT_DATA_h1 0xefcdab89UL
+#define INIT_DATA_h2 0x98badcfeUL
+#define INIT_DATA_h3 0x10325476UL
+#define INIT_DATA_h4 0xc3d2e1f0UL
+
+#define K_00_19	0x5a827999UL
+#define K_20_39 0x6ed9eba1UL
+#define K_40_59 0x8f1bbcdcUL
+#define K_60_79 0xca62c1d6UL
+
+static void sha_block(SHA_CTX *c, register SHA_LONG *p, int num);
+
+#if !defined(B_ENDIAN) && defined(SHA_ASM)
+#  define	M_c2nl 		c2l
+#  define	M_p_c2nl 	p_c2l
+#  define	M_c2nl_p	c2l_p
+#  define	M_p_c2nl_p	p_c2l_p
+#  define	M_nl2c		l2c
+#else
+#  define	M_c2nl 		c2nl
+#  define	M_p_c2nl	p_c2nl
+#  define	M_c2nl_p	c2nl_p
+#  define	M_p_c2nl_p	p_c2nl_p
+#  define	M_nl2c		nl2c
+#endif
+
+void SHA_Init(SHA_CTX *c)
+	{
+	c->h0=INIT_DATA_h0;
+	c->h1=INIT_DATA_h1;
+	c->h2=INIT_DATA_h2;
+	c->h3=INIT_DATA_h3;
+	c->h4=INIT_DATA_h4;
+	c->Nl=0;
+	c->Nh=0;
+	c->num=0;
+	}
+
+void SHA_Update(SHA_CTX *c, register const unsigned char *data,
+		unsigned long len)
+	{
+	register SHA_LONG *p;
+	int ew,ec,sw,sc;
+	SHA_LONG l;
+
+	if (len == 0) return;
+
+	l=(c->Nl+(len<<3))&0xffffffffL;
+	if (l < c->Nl) /* overflow */
+		c->Nh++;
+	c->Nh+=(len>>29);
+	c->Nl=l;
+
+	if (c->num != 0)
+		{
+		p=c->data;
+		sw=c->num>>2;
+		sc=c->num&0x03;
+
+		if ((c->num+len) >= SHA_CBLOCK)
+			{
+			l= p[sw];
+			M_p_c2nl(data,l,sc);
+			p[sw++]=l;
+			for (; swnum);
+
+			sha_block(c,p,1);
+			c->num=0;
+			/* drop through and do the rest */
+			}
+		else
+			{
+			c->num+=(int)len;
+			if ((sc+len) < 4) /* ugly, add char's to a word */
+				{
+				l= p[sw];
+				M_p_c2nl_p(data,l,sc,len);
+				p[sw]=l;
+				}
+			else
+				{
+				ew=(c->num>>2);
+				ec=(c->num&0x03);
+				l= p[sw];
+				M_p_c2nl(data,l,sc);
+				p[sw++]=l;
+				for (; sw < ew; sw++)
+					{ M_c2nl(data,l); p[sw]=l; }
+				if (ec)
+					{
+					M_c2nl_p(data,l,ec);
+					p[sw]=l;
+					}
+				}
+			return;
+			}
+		}
+	/* We can only do the following code for assember, the reason
+	 * being that the sha_block 'C' version changes the values
+	 * in the 'data' array.  The assember code avoids this and
+	 * copies it to a local array.  I should be able to do this for
+	 * the C version as well....
+	 */
+#if SHA_LONG_LOG2==2
+#if defined(B_ENDIAN) || defined(SHA_ASM)
+	if ((((unsigned long)data)%sizeof(SHA_LONG)) == 0)
+		{
+		sw=len/SHA_CBLOCK;
+		if (sw)
+			{
+			sha_block(c,(SHA_LONG *)data,sw);
+			sw*=SHA_CBLOCK;
+			data+=sw;
+			len-=sw;
+			}
+		}
+#endif
+#endif
+	/* we now can process the input data in blocks of SHA_CBLOCK
+	 * chars and save the leftovers to c->data. */
+	p=c->data;
+	while (len >= SHA_CBLOCK)
+		{
+#if SHA_LONG_LOG2==2
+#if defined(B_ENDIAN) || defined(SHA_ASM)
+#define SHA_NO_TAIL_CODE
+		/*
+		 * Basically we get here only when data happens
+		 * to be unaligned.
+		 */
+		if (p != (SHA_LONG *)data)
+			memcpy(p,data,SHA_CBLOCK);
+		data+=SHA_CBLOCK;
+		sha_block(c,p=c->data,1);
+		len-=SHA_CBLOCK;
+#elif defined(L_ENDIAN)
+#define BE_COPY(dst,src,i)	{				\
+				l = ((SHA_LONG *)src)[i];	\
+				Endian_Reverse32(l);		\
+				dst[i] = l;			\
+				}
+		if ((((unsigned long)data)%sizeof(SHA_LONG)) == 0)
+			{
+			for (sw=(SHA_LBLOCK/4); sw; sw--)
+				{
+				BE_COPY(p,data,0);
+				BE_COPY(p,data,1);
+				BE_COPY(p,data,2);
+				BE_COPY(p,data,3);
+				p+=4;
+				data += 4*sizeof(SHA_LONG);
+				}
+			sha_block(c,p=c->data,1);
+			len-=SHA_CBLOCK;
+			continue;
+			}
+#endif
+#endif
+#ifndef SHA_NO_TAIL_CODE
+		/*
+		 * In addition to "sizeof(SHA_LONG)!= 4" case the
+		 * following code covers unaligned access cases on
+		 * little-endian machines.
+		 *			
+		 */
+		p=c->data;
+		for (sw=(SHA_LBLOCK/4); sw; sw--)
+			{
+			M_c2nl(data,l); p[0]=l;
+			M_c2nl(data,l); p[1]=l;
+			M_c2nl(data,l); p[2]=l;
+			M_c2nl(data,l); p[3]=l;
+			p+=4;
+			}
+		p=c->data;
+		sha_block(c,p,1);
+		len-=SHA_CBLOCK;
+#endif
+		}
+	ec=(int)len;
+	c->num=ec;
+	ew=(ec>>2);
+	ec&=0x03;
+
+	for (sw=0; sw < ew; sw++)
+		{ M_c2nl(data,l); p[sw]=l; }
+	M_c2nl_p(data,l,ec);
+	p[sw]=l;
+	}
+
+void SHA_Transform(SHA_CTX *c, unsigned char *b)
+	{
+	SHA_LONG p[SHA_LBLOCK];
+
+#if SHA_LONG_LOG2==2
+#if defined(B_ENDIAN) || defined(SHA_ASM)
+	memcpy(p,b,SHA_CBLOCK);
+	sha_block(c,p,1);
+	return;
+#elif defined(L_ENDIAN)
+	if (((unsigned long)b%sizeof(SHA_LONG)) == 0)
+		{
+		SHA_LONG *q;
+		int i;
+
+		q=p;
+		for (i=(SHA_LBLOCK/4); i; i--)
+			{
+			unsigned long l;
+			BE_COPY(q,b,0);	/* BE_COPY was defined above */
+			BE_COPY(q,b,1);
+			BE_COPY(q,b,2);
+			BE_COPY(q,b,3);
+			q+=4;
+			b+=4*sizeof(SHA_LONG);
+			}
+		sha_block(c,p,1);
+		return;
+		}
+#endif
+#endif
+#ifndef SHA_NO_TAIL_CODE /* defined above, see comment */
+		{
+		SHA_LONG *q;
+		int i;
+
+		q=p;
+		for (i=(SHA_LBLOCK/4); i; i--)
+			{
+			SHA_LONG l;
+			c2nl(b,l); *(q++)=l;
+			c2nl(b,l); *(q++)=l;
+			c2nl(b,l); *(q++)=l;
+			c2nl(b,l); *(q++)=l; 
+			} 
+		sha_block(c,p,1);
+		}
+#endif
+	}
+
+#ifndef SHA_ASM
+static void sha_block(SHA_CTX *c, register SHA_LONG *W, int num)
+	{
+	register SHA_LONG A,B,C,D,E,T;
+	SHA_LONG X[SHA_LBLOCK];
+
+	A=c->h0;
+	B=c->h1;
+	C=c->h2;
+	D=c->h3;
+	E=c->h4;
+
+	for (;;)
+		{
+	BODY_00_15( 0,A,B,C,D,E,T,W);
+	BODY_00_15( 1,T,A,B,C,D,E,W);
+	BODY_00_15( 2,E,T,A,B,C,D,W);
+	BODY_00_15( 3,D,E,T,A,B,C,W);
+	BODY_00_15( 4,C,D,E,T,A,B,W);
+	BODY_00_15( 5,B,C,D,E,T,A,W);
+	BODY_00_15( 6,A,B,C,D,E,T,W);
+	BODY_00_15( 7,T,A,B,C,D,E,W);
+	BODY_00_15( 8,E,T,A,B,C,D,W);
+	BODY_00_15( 9,D,E,T,A,B,C,W);
+	BODY_00_15(10,C,D,E,T,A,B,W);
+	BODY_00_15(11,B,C,D,E,T,A,W);
+	BODY_00_15(12,A,B,C,D,E,T,W);
+	BODY_00_15(13,T,A,B,C,D,E,W);
+	BODY_00_15(14,E,T,A,B,C,D,W);
+	BODY_00_15(15,D,E,T,A,B,C,W);
+	BODY_16_19(16,C,D,E,T,A,B,W,W,W,W);
+	BODY_16_19(17,B,C,D,E,T,A,W,W,W,W);
+	BODY_16_19(18,A,B,C,D,E,T,W,W,W,W);
+	BODY_16_19(19,T,A,B,C,D,E,W,W,W,X);
+
+	BODY_20_31(20,E,T,A,B,C,D,W,W,W,X);
+	BODY_20_31(21,D,E,T,A,B,C,W,W,W,X);
+	BODY_20_31(22,C,D,E,T,A,B,W,W,W,X);
+	BODY_20_31(23,B,C,D,E,T,A,W,W,W,X);
+	BODY_20_31(24,A,B,C,D,E,T,W,W,X,X);
+	BODY_20_31(25,T,A,B,C,D,E,W,W,X,X);
+	BODY_20_31(26,E,T,A,B,C,D,W,W,X,X);
+	BODY_20_31(27,D,E,T,A,B,C,W,W,X,X);
+	BODY_20_31(28,C,D,E,T,A,B,W,W,X,X);
+	BODY_20_31(29,B,C,D,E,T,A,W,W,X,X);
+	BODY_20_31(30,A,B,C,D,E,T,W,X,X,X);
+	BODY_20_31(31,T,A,B,C,D,E,W,X,X,X);
+	BODY_32_39(32,E,T,A,B,C,D,X);
+	BODY_32_39(33,D,E,T,A,B,C,X);
+	BODY_32_39(34,C,D,E,T,A,B,X);
+	BODY_32_39(35,B,C,D,E,T,A,X);
+	BODY_32_39(36,A,B,C,D,E,T,X);
+	BODY_32_39(37,T,A,B,C,D,E,X);
+	BODY_32_39(38,E,T,A,B,C,D,X);
+	BODY_32_39(39,D,E,T,A,B,C,X);
+
+	BODY_40_59(40,C,D,E,T,A,B,X);
+	BODY_40_59(41,B,C,D,E,T,A,X);
+	BODY_40_59(42,A,B,C,D,E,T,X);
+	BODY_40_59(43,T,A,B,C,D,E,X);
+	BODY_40_59(44,E,T,A,B,C,D,X);
+	BODY_40_59(45,D,E,T,A,B,C,X);
+	BODY_40_59(46,C,D,E,T,A,B,X);
+	BODY_40_59(47,B,C,D,E,T,A,X);
+	BODY_40_59(48,A,B,C,D,E,T,X);
+	BODY_40_59(49,T,A,B,C,D,E,X);
+	BODY_40_59(50,E,T,A,B,C,D,X);
+	BODY_40_59(51,D,E,T,A,B,C,X);
+	BODY_40_59(52,C,D,E,T,A,B,X);
+	BODY_40_59(53,B,C,D,E,T,A,X);
+	BODY_40_59(54,A,B,C,D,E,T,X);
+	BODY_40_59(55,T,A,B,C,D,E,X);
+	BODY_40_59(56,E,T,A,B,C,D,X);
+	BODY_40_59(57,D,E,T,A,B,C,X);
+	BODY_40_59(58,C,D,E,T,A,B,X);
+	BODY_40_59(59,B,C,D,E,T,A,X);
+
+	BODY_60_79(60,A,B,C,D,E,T,X);
+	BODY_60_79(61,T,A,B,C,D,E,X);
+	BODY_60_79(62,E,T,A,B,C,D,X);
+	BODY_60_79(63,D,E,T,A,B,C,X);
+	BODY_60_79(64,C,D,E,T,A,B,X);
+	BODY_60_79(65,B,C,D,E,T,A,X);
+	BODY_60_79(66,A,B,C,D,E,T,X);
+	BODY_60_79(67,T,A,B,C,D,E,X);
+	BODY_60_79(68,E,T,A,B,C,D,X);
+	BODY_60_79(69,D,E,T,A,B,C,X);
+	BODY_60_79(70,C,D,E,T,A,B,X);
+	BODY_60_79(71,B,C,D,E,T,A,X);
+	BODY_60_79(72,A,B,C,D,E,T,X);
+	BODY_60_79(73,T,A,B,C,D,E,X);
+	BODY_60_79(74,E,T,A,B,C,D,X);
+	BODY_60_79(75,D,E,T,A,B,C,X);
+	BODY_60_79(76,C,D,E,T,A,B,X);
+	BODY_60_79(77,B,C,D,E,T,A,X);
+	BODY_60_79(78,A,B,C,D,E,T,X);
+	BODY_60_79(79,T,A,B,C,D,E,X);
+	
+	c->h0=(c->h0+E)&0xffffffffL; 
+	c->h1=(c->h1+T)&0xffffffffL;
+	c->h2=(c->h2+A)&0xffffffffL;
+	c->h3=(c->h3+B)&0xffffffffL;
+	c->h4=(c->h4+C)&0xffffffffL;
+
+	if (--num <= 0) break;
+
+	A=c->h0;
+	B=c->h1;
+	C=c->h2;
+	D=c->h3;
+	E=c->h4;
+
+	W+=SHA_LBLOCK;	/* Note! This can happen only when sizeof(SHA_LONG)
+			 * is 4. Whenever it's not the actual case this
+			 * function is never called with num larger than 1
+			 * and we never advance down here.
+			 *			
+			 */
+		}
+	}
+#endif
+
+void SHA_Final(unsigned char *md, SHA_CTX *c)
+	{
+	register int i,j;
+	register SHA_LONG l;
+	register SHA_LONG *p;
+	static unsigned char end[4]={0x80,0x00,0x00,0x00};
+	unsigned char *cp=end;
+
+	/* c->num should definitly have room for at least one more byte. */
+	p=c->data;
+	j=c->num;
+	i=j>>2;
+#ifdef PURIFY
+	if ((j&0x03) == 0) p[i]=0;
+#endif
+	l=p[i];
+	M_p_c2nl(cp,l,j&0x03);
+	p[i]=l;
+	i++;
+	/* i is the next 'undefined word' */
+	if (c->num >= SHA_LAST_BLOCK)
+		{
+		for (; iNh;
+	p[SHA_LBLOCK-1]=c->Nl;
+#if SHA_LONG_LOG2==2
+#if !defined(B_ENDIAN) && defined(SHA_ASM)
+	Endian_Reverse32(p[SHA_LBLOCK-2]);
+	Endian_Reverse32(p[SHA_LBLOCK-1]);
+#endif
+#endif
+	sha_block(c,p,1);
+	cp=md;
+	l=c->h0; nl2c(l,cp);
+	l=c->h1; nl2c(l,cp);
+	l=c->h2; nl2c(l,cp);
+	l=c->h3; nl2c(l,cp);
+	l=c->h4; nl2c(l,cp);
+
+	c->num=0;
+	/* sha_block may be leaving some stuff on the stack
+	 * but I'm not worried :-)
+	memset((void *)c,0,sizeof(SHA_CTX));
+	 */
+	}
+#endif
diff --git a/crypto/openssl/crypto/sha/sha_locl.h b/crypto/openssl/crypto/sha/sha_locl.h
new file mode 100644
index 000000000000..6646a8915b75
--- /dev/null
+++ b/crypto/openssl/crypto/sha/sha_locl.h
@@ -0,0 +1,288 @@
+/* crypto/sha/sha_locl.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+
+#include 
+
+#ifdef undef
+/* one or the other needs to be defined */
+#ifndef SHA_1 /* FIPE 180-1 */
+#define SHA_0 /* FIPS 180   */
+#endif
+#endif
+
+#undef c2nl
+#define c2nl(c,l)	(l =(((unsigned long)(*((c)++)))<<24), \
+			 l|=(((unsigned long)(*((c)++)))<<16), \
+			 l|=(((unsigned long)(*((c)++)))<< 8), \
+			 l|=(((unsigned long)(*((c)++)))    ))
+
+#undef p_c2nl
+#define p_c2nl(c,l,n)	{ \
+			switch (n) { \
+			case 0: l =((unsigned long)(*((c)++)))<<24; \
+			case 1: l|=((unsigned long)(*((c)++)))<<16; \
+			case 2: l|=((unsigned long)(*((c)++)))<< 8; \
+			case 3: l|=((unsigned long)(*((c)++))); \
+				} \
+			}
+
+#undef c2nl_p
+/* NOTE the pointer is not incremented at the end of this */
+#define c2nl_p(c,l,n)	{ \
+			l=0; \
+			(c)+=n; \
+			switch (n) { \
+			case 3: l =((unsigned long)(*(--(c))))<< 8; \
+			case 2: l|=((unsigned long)(*(--(c))))<<16; \
+			case 1: l|=((unsigned long)(*(--(c))))<<24; \
+				} \
+			}
+
+#undef p_c2nl_p
+#define p_c2nl_p(c,l,sc,len) { \
+			switch (sc) \
+				{ \
+			case 0: l =((unsigned long)(*((c)++)))<<24; \
+				if (--len == 0) break; \
+			case 1: l|=((unsigned long)(*((c)++)))<<16; \
+				if (--len == 0) break; \
+			case 2: l|=((unsigned long)(*((c)++)))<< 8; \
+				} \
+			}
+
+#undef nl2c
+#define nl2c(l,c)	(*((c)++)=(unsigned char)(((l)>>24)&0xff), \
+			 *((c)++)=(unsigned char)(((l)>>16)&0xff), \
+			 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
+			 *((c)++)=(unsigned char)(((l)    )&0xff))
+
+#undef c2l
+#define c2l(c,l)	(l =(((unsigned long)(*((c)++)))    ), \
+			 l|=(((unsigned long)(*((c)++)))<< 8), \
+			 l|=(((unsigned long)(*((c)++)))<<16), \
+			 l|=(((unsigned long)(*((c)++)))<<24))
+
+#undef p_c2l
+#define p_c2l(c,l,n)	{ \
+			switch (n) { \
+			case 0: l =((unsigned long)(*((c)++))); \
+			case 1: l|=((unsigned long)(*((c)++)))<< 8; \
+			case 2: l|=((unsigned long)(*((c)++)))<<16; \
+			case 3: l|=((unsigned long)(*((c)++)))<<24; \
+				} \
+			}
+
+#undef c2l_p
+/* NOTE the pointer is not incremented at the end of this */
+#define c2l_p(c,l,n)	{ \
+			l=0; \
+			(c)+=n; \
+			switch (n) { \
+			case 3: l =((unsigned long)(*(--(c))))<<16; \
+			case 2: l|=((unsigned long)(*(--(c))))<< 8; \
+			case 1: l|=((unsigned long)(*(--(c)))); \
+				} \
+			}
+
+#undef p_c2l_p
+#define p_c2l_p(c,l,sc,len) { \
+			switch (sc) \
+				{ \
+			case 0: l =((unsigned long)(*((c)++))); \
+				if (--len == 0) break; \
+			case 1: l|=((unsigned long)(*((c)++)))<< 8; \
+				if (--len == 0) break; \
+			case 2: l|=((unsigned long)(*((c)++)))<<16; \
+				} \
+			}
+
+#undef l2c
+#define l2c(l,c)	(*((c)++)=(unsigned char)(((l)    )&0xff), \
+			 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
+			 *((c)++)=(unsigned char)(((l)>>16)&0xff), \
+			 *((c)++)=(unsigned char)(((l)>>24)&0xff))
+
+#ifndef SHA_LONG_LOG2
+#define SHA_LONG_LOG2	2	/* default to 32 bits */
+#endif
+
+#undef ROTATE
+#undef Endian_Reverse32
+#if defined(WIN32)
+#define ROTATE(a,n)     _lrotl(a,n)
+#elif defined(__GNUC__) && !defined(PEDANTIC)
+/* some inline assembler templates by  */
+#if defined(__i386) && !defined(NO_ASM)
+#define ROTATE(a,n)	({ register unsigned int ret;	\
+				asm ("roll %1,%0"	\
+				: "=r"(ret)		\
+				: "I"(n), "0"(a)	\
+				: "cc");		\
+			   ret;				\
+			})
+#ifndef I386_ONLY
+#define Endian_Reverse32(a) \
+			{ register unsigned int ltmp=(a);	\
+				asm ("bswapl %0"	\
+				: "=r"(ltmp) : "0"(ltmp));	\
+			  (a)=ltmp;			\
+			}
+#endif
+#elif defined(__powerpc)
+#define ROTATE(a,n)	({ register unsigned int ret;		\
+				asm ("rlwinm %0,%1,%2,0,31"	\
+				: "=r"(ret)			\
+				: "r"(a), "I"(n));		\
+			   ret;					\
+			})
+/* Endian_Reverse32 is not needed for PowerPC */
+#endif
+#endif
+
+/* A nice byte order reversal from Wei Dai  */
+#ifdef ROTATE
+#ifndef Endian_Reverse32
+/* 5 instructions with rotate instruction, else 9 */
+#define Endian_Reverse32(a) \
+	{ \
+	unsigned long t=(a); \
+	(a)=((ROTATE(t,8)&0x00FF00FF)|(ROTATE((t&0x00FF00FF),24))); \
+	}
+#endif
+#else
+#define ROTATE(a,n)     (((a)<<(n))|(((a)&0xffffffff)>>(32-(n))))
+#ifndef Endian_Reverse32
+/* 6 instructions with rotate instruction, else 8 */
+#define Endian_Reverse32(a) \
+	{ \
+	unsigned long t=(a); \
+	t=(((t>>8)&0x00FF00FF)|((t&0x00FF00FF)<<8)); \
+	(a)=ROTATE(t,16); \
+	}
+#endif
+/*
+ * Originally the middle line started with l=(((l&0xFF00FF00)>>8)|...
+ * It's rewritten as above for two reasons:
+ *	- RISCs aren't good at long constants and have to explicitely
+ *	  compose 'em with several (well, usually 2) instructions in a
+ *	  register before performing the actual operation and (as you
+ *	  already realized:-) having same constant should inspire the
+ *	  compiler to permanently allocate the only register for it;
+ *	- most modern CPUs have two ALUs, but usually only one has
+ *	  circuitry for shifts:-( this minor tweak inspires compiler
+ *	  to schedule shift instructions in a better way...
+ *
+ *				
+ */
+#endif
+
+/* As  pointed out by Wei Dai , F() below can be
+ * simplified to the code in F_00_19.  Wei attributes these optimisations
+ * to Peter Gutmann's SHS code, and he attributes it to Rich Schroeppel.
+ * #define F(x,y,z) (((x) & (y))  |  ((~(x)) & (z)))
+ * I've just become aware of another tweak to be made, again from Wei Dai,
+ * in F_40_59, (x&a)|(y&a) -> (x|y)&a
+ */
+#define	F_00_19(b,c,d)	((((c) ^ (d)) & (b)) ^ (d)) 
+#define	F_20_39(b,c,d)	((b) ^ (c) ^ (d))
+#define F_40_59(b,c,d)	(((b) & (c)) | (((b)|(c)) & (d))) 
+#define	F_60_79(b,c,d)	F_20_39(b,c,d)
+
+#undef Xupdate
+#ifdef SHA_0
+#define Xupdate(a,i,ia,ib,ic,id) X[(i)&0x0f]=(a)=\
+	(ia[(i)&0x0f]^ib[((i)+2)&0x0f]^ic[((i)+8)&0x0f]^id[((i)+13)&0x0f]);
+#endif
+#ifdef SHA_1
+#define Xupdate(a,i,ia,ib,ic,id) (a)=\
+	(ia[(i)&0x0f]^ib[((i)+2)&0x0f]^ic[((i)+8)&0x0f]^id[((i)+13)&0x0f]);\
+	X[(i)&0x0f]=(a)=ROTATE((a),1);
+#endif
+
+#define BODY_00_15(i,a,b,c,d,e,f,xa) \
+	(f)=xa[i]+(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \
+	(b)=ROTATE((b),30);
+
+#define BODY_16_19(i,a,b,c,d,e,f,xa,xb,xc,xd) \
+	Xupdate(f,i,xa,xb,xc,xd); \
+	(f)+=(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \
+	(b)=ROTATE((b),30);
+
+#define BODY_20_31(i,a,b,c,d,e,f,xa,xb,xc,xd) \
+	Xupdate(f,i,xa,xb,xc,xd); \
+	(f)+=(e)+K_20_39+ROTATE((a),5)+F_20_39((b),(c),(d)); \
+	(b)=ROTATE((b),30);
+
+#define BODY_32_39(i,a,b,c,d,e,f,xa) \
+	Xupdate(f,i,xa,xa,xa,xa); \
+	(f)+=(e)+K_20_39+ROTATE((a),5)+F_20_39((b),(c),(d)); \
+	(b)=ROTATE((b),30);
+
+#define BODY_40_59(i,a,b,c,d,e,f,xa) \
+	Xupdate(f,i,xa,xa,xa,xa); \
+	(f)+=(e)+K_40_59+ROTATE((a),5)+F_40_59((b),(c),(d)); \
+	(b)=ROTATE((b),30);
+
+#define BODY_60_79(i,a,b,c,d,e,f,xa) \
+	Xupdate(f,i,xa,xa,xa,xa); \
+	(f)=X[(i)&0x0f]+(e)+K_60_79+ROTATE((a),5)+F_60_79((b),(c),(d)); \
+	(b)=ROTATE((b),30);
+
diff --git a/crypto/openssl/crypto/sha/sha_one.c b/crypto/openssl/crypto/sha/sha_one.c
new file mode 100644
index 000000000000..2d955de16286
--- /dev/null
+++ b/crypto/openssl/crypto/sha/sha_one.c
@@ -0,0 +1,76 @@
+/* crypto/sha/sha_one.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+
+#ifndef NO_SHA0
+unsigned char *SHA(const unsigned char *d, unsigned long n, unsigned char *md)
+	{
+	SHA_CTX c;
+	static unsigned char m[SHA_DIGEST_LENGTH];
+
+	if (md == NULL) md=m;
+	SHA_Init(&c);
+	SHA_Update(&c,d,n);
+	SHA_Final(md,&c);
+	memset(&c,0,sizeof(c));
+	return(md);
+	}
+#endif
diff --git a/crypto/openssl/crypto/sha/shatest.c b/crypto/openssl/crypto/sha/shatest.c
new file mode 100644
index 000000000000..2b0744d937cd
--- /dev/null
+++ b/crypto/openssl/crypto/sha/shatest.c
@@ -0,0 +1,168 @@
+/* crypto/sha/shatest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+
+#ifdef NO_SHA
+int main(int argc, char *argv[])
+{
+    printf("No SHA support\n");
+    return(0);
+}
+#else
+#include 
+
+#ifdef CHARSET_EBCDIC
+#include 
+#endif
+
+#define SHA_0 /* FIPS 180 */
+#undef  SHA_1 /* FIPS 180-1 */
+
+char *test[]={
+	"abc",
+	"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
+	NULL,
+	};
+
+#ifdef SHA_0
+char *ret[]={
+	"0164b8a914cd2a5e74c4f7ff082c4d97f1edf880",
+	"d2516ee1acfa5baf33dfc1c471e438449ef134c8",
+	};
+char *bigret=
+	"3232affa48628a26653b5aaa44541fd90d690603";
+#endif
+#ifdef SHA_1
+char *ret[]={
+	"a9993e364706816aba3e25717850c26c9cd0d89d",
+	"84983e441c3bd26ebaae4aa1f95129e5e54670f1",
+	};
+char *bigret=
+	"34aa973cd4c4daa4f61eeb2bdbad27316534016f";
+#endif
+
+static char *pt(unsigned char *md);
+int main(int argc, char *argv[])
+	{
+	int i,err=0;
+	unsigned char **P,**R;
+	static unsigned char buf[1000];
+	char *p,*r;
+	SHA_CTX c;
+	unsigned char md[SHA_DIGEST_LENGTH];
+
+#ifdef CHARSET_EBCDIC
+	ebcdic2ascii(test[0], test[0], strlen(test[0]));
+	ebcdic2ascii(test[1], test[1], strlen(test[1]));
+#endif
+
+	P=(unsigned char **)test;
+	R=(unsigned char **)ret;
+	i=1;
+	while (*P != NULL)
+		{
+		p=pt(SHA(*P,(unsigned long)strlen((char *)*P),NULL));
+		if (strcmp(p,(char *)*R) != 0)
+			{
+			printf("error calculating SHA on '%s'\n",*P);
+			printf("got %s instead of %s\n",p,*R);
+			err++;
+			}
+		else
+			printf("test %d ok\n",i);
+		i++;
+		R++;
+		P++;
+		}
+
+	memset(buf,'a',1000);
+#ifdef CHARSET_EBCDIC
+	ebcdic2ascii(buf, buf, 1000);
+#endif /*CHARSET_EBCDIC*/
+	SHA_Init(&c);
+	for (i=0; i<1000; i++)
+		SHA_Update(&c,buf,1000);
+	SHA_Final(md,&c);
+	p=pt(md);
+
+	r=bigret;
+	if (strcmp(p,r) != 0)
+		{
+		printf("error calculating SHA on '%s'\n",p);
+		printf("got %s instead of %s\n",p,r);
+		err++;
+		}
+	else
+		printf("test 3 ok\n");
+	exit(err);
+	return(0);
+	}
+
+static char *pt(unsigned char *md)
+	{
+	int i;
+	static char buf[80];
+
+	for (i=0; i> $(TOP)/MINFO
+
+links:
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+	@for i in $(EXHEADER) ; \
+	do  \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+	done;
+
+tags:
+	ctags $(SRC)
+
+tests:
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+
+dclean:
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+stack.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+stack.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+stack.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+stack.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+stack.o: ../../include/openssl/stack.h ../cryptlib.h
diff --git a/crypto/openssl/crypto/stack/safestack.h b/crypto/openssl/crypto/stack/safestack.h
new file mode 100644
index 000000000000..38934981e3f4
--- /dev/null
+++ b/crypto/openssl/crypto/stack/safestack.h
@@ -0,0 +1,129 @@
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_SAFESTACK_H
+#define HEADER_SAFESTACK_H
+
+#include 
+
+#define STACK_OF(type)	STACK_##type
+
+#define DECLARE_STACK_OF(type) \
+typedef struct stack_st_##type	\
+    { \
+    STACK stack; \
+    } STACK_OF(type); \
+STACK_OF(type) *sk_##type##_new(int (*cmp)(type **,type **)); \
+STACK_OF(type) *sk_##type##_new_null(void); \
+void sk_##type##_free(STACK_OF(type) *sk); \
+int sk_##type##_num(const STACK_OF(type) *sk); \
+type *sk_##type##_value(const STACK_OF(type) *sk,int n); \
+type *sk_##type##_set(STACK_OF(type) *sk,int n,type *v); \
+void sk_##type##_zero(STACK_OF(type) *sk); \
+int sk_##type##_push(STACK_OF(type) *sk,type *v); \
+int sk_##type##_unshift(STACK_OF(type) *sk,type *v); \
+int sk_##type##_find(STACK_OF(type) *sk,type *v); \
+type *sk_##type##_delete(STACK_OF(type) *sk,int n); \
+void sk_##type##_delete_ptr(STACK_OF(type) *sk,type *v); \
+int sk_##type##_insert(STACK_OF(type) *sk,type *v,int n); \
+int (*sk_##type##_set_cmp_func(STACK_OF(type) *sk, \
+			       int (*cmp)(type **,type **)))(type **,type **); \
+STACK_OF(type) *sk_##type##_dup(STACK_OF(type) *sk); \
+void sk_##type##_pop_free(STACK_OF(type) *sk,void (*func)(type *)); \
+type *sk_##type##_shift(STACK_OF(type) *sk); \
+type *sk_##type##_pop(STACK_OF(type) *sk); \
+void sk_##type##_sort(STACK_OF(type) *sk);
+
+#define IMPLEMENT_STACK_OF(type) \
+STACK_OF(type) *sk_##type##_new(int (*cmp)(type **,type **)) \
+    { return (STACK_OF(type) *)sk_new(cmp); } \
+STACK_OF(type) *sk_##type##_new_null() \
+    { return (STACK_OF(type) *)sk_new_null(); } \
+void sk_##type##_free(STACK_OF(type) *sk) \
+    { sk_free((STACK *)sk); } \
+int sk_##type##_num(const STACK_OF(type) *sk) \
+    { return M_sk_num((const STACK *)sk); } \
+type *sk_##type##_value(const STACK_OF(type) *sk,int n) \
+    { return (type *)sk_value((STACK *)sk,n); } \
+type *sk_##type##_set(STACK_OF(type) *sk,int n,type *v) \
+    { return (type *)(sk_set((STACK *)sk,n,(char *)v)); } \
+void sk_##type##_zero(STACK_OF(type) *sk) \
+    { sk_zero((STACK *)sk); } \
+int sk_##type##_push(STACK_OF(type) *sk,type *v) \
+    { return sk_push((STACK *)sk,(char *)v); } \
+int sk_##type##_unshift(STACK_OF(type) *sk,type *v) \
+    { return sk_unshift((STACK *)sk,(char *)v); } \
+int sk_##type##_find(STACK_OF(type) *sk,type *v) \
+    { return sk_find((STACK *)sk,(char *)v); } \
+type *sk_##type##_delete(STACK_OF(type) *sk,int n) \
+    { return (type *)sk_delete((STACK *)sk,n); } \
+void sk_##type##_delete_ptr(STACK_OF(type) *sk,type *v) \
+    { sk_delete_ptr((STACK *)sk,(char *)v); } \
+int sk_##type##_insert(STACK_OF(type) *sk,type *v,int n) \
+    { return sk_insert((STACK *)sk,(char *)v,n); } \
+int (*sk_##type##_set_cmp_func(STACK_OF(type) *sk, \
+			       int (*cmp)(type **,type **)))(type **,type **) \
+    { return (int (*)(type **,type **))sk_set_cmp_func((STACK *)sk,cmp); } \
+STACK_OF(type) *sk_##type##_dup(STACK_OF(type) *sk) \
+    { return (STACK_OF(type) *)sk_dup((STACK *)sk); } \
+void sk_##type##_pop_free(STACK_OF(type) *sk,void (*func)(type *)) \
+    { sk_pop_free((STACK *)sk,func); } \
+type *sk_##type##_shift(STACK_OF(type) *sk) \
+    { return (type *)sk_shift((STACK *)sk); } \
+type *sk_##type##_pop(STACK_OF(type) *sk) \
+    { return (type *)sk_pop((STACK *)sk); } \
+void sk_##type##_sort(STACK_OF(type) *sk) \
+    { sk_sort((STACK *)sk); }
+
+#endif /* ndef HEADER_SAFESTACK_H */
diff --git a/crypto/openssl/crypto/stack/stack.c b/crypto/openssl/crypto/stack/stack.c
new file mode 100644
index 000000000000..8b9671388484
--- /dev/null
+++ b/crypto/openssl/crypto/stack/stack.c
@@ -0,0 +1,311 @@
+/* crypto/stack/stack.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* Code for stacks
+ * Author - Eric Young v 1.0
+ * 1.2 eay 12-Mar-97 -	Modified sk_find so that it _DOES_ return the
+ *			lowest index for the seached item.
+ *
+ * 1.1 eay - Take from netdb and added to SSLeay
+ *
+ * 1.0 eay - First version 29/07/92
+ */
+#include 
+#include "cryptlib.h"
+#include 
+
+#undef MIN_NODES
+#define MIN_NODES	4
+
+const char *STACK_version="Stack" OPENSSL_VERSION_PTEXT;
+
+#define	FP_ICC	(int (*)(const void *,const void *))
+#include 
+
+int (*sk_set_cmp_func(STACK *sk, int (*c)()))(void)
+	{
+	int (*old)()=sk->comp;
+
+	if (sk->comp != c)
+		sk->sorted=0;
+	sk->comp=c;
+
+	return old;
+	}
+
+STACK *sk_dup(STACK *sk)
+	{
+	STACK *ret;
+	char **s;
+
+	if ((ret=sk_new(sk->comp)) == NULL) goto err;
+	s=(char **)Realloc((char *)ret->data,
+		(unsigned int)sizeof(char *)*sk->num_alloc);
+	if (s == NULL) goto err;
+	ret->data=s;
+
+	ret->num=sk->num;
+	memcpy(ret->data,sk->data,sizeof(char *)*sk->num);
+	ret->sorted=sk->sorted;
+	ret->num_alloc=sk->num_alloc;
+	ret->comp=sk->comp;
+	return(ret);
+err:
+	return(NULL);
+	}
+
+STACK *sk_new(int (*c)())
+	{
+	STACK *ret;
+	int i;
+
+	if ((ret=(STACK *)Malloc(sizeof(STACK))) == NULL)
+		goto err0;
+	if ((ret->data=(char **)Malloc(sizeof(char *)*MIN_NODES)) == NULL)
+		goto err1;
+	for (i=0; idata[i]=NULL;
+	ret->comp=c;
+	ret->num_alloc=MIN_NODES;
+	ret->num=0;
+	ret->sorted=0;
+	return(ret);
+err1:
+	Free((char *)ret);
+err0:
+	return(NULL);
+	}
+
+int sk_insert(STACK *st, char *data, int loc)
+	{
+	char **s;
+
+	if(st == NULL) return 0;
+	if (st->num_alloc <= st->num+1)
+		{
+		s=(char **)Realloc((char *)st->data,
+			(unsigned int)sizeof(char *)*st->num_alloc*2);
+		if (s == NULL)
+			return(0);
+		st->data=s;
+		st->num_alloc*=2;
+		}
+	if ((loc >= (int)st->num) || (loc < 0))
+		st->data[st->num]=data;
+	else
+		{
+		int i;
+		char **f,**t;
+
+		f=(char **)st->data;
+		t=(char **)&(st->data[1]);
+		for (i=st->num; i>=loc; i--)
+			t[i]=f[i];
+			
+#ifdef undef /* no memmove on sunos :-( */
+		memmove( (char *)&(st->data[loc+1]),
+			(char *)&(st->data[loc]),
+			sizeof(char *)*(st->num-loc));
+#endif
+		st->data[loc]=data;
+		}
+	st->num++;
+	st->sorted=0;
+	return(st->num);
+	}
+
+char *sk_delete_ptr(STACK *st, char *p)
+	{
+	int i;
+
+	for (i=0; inum; i++)
+		if (st->data[i] == p)
+			return(sk_delete(st,i));
+	return(NULL);
+	}
+
+char *sk_delete(STACK *st, int loc)
+	{
+	char *ret;
+	int i,j;
+
+	if ((st == NULL) || (st->num == 0) || (loc < 0)
+					 || (loc >= st->num)) return(NULL);
+
+	ret=st->data[loc];
+	if (loc != st->num-1)
+		{
+		j=st->num-1;
+		for (i=loc; idata[i]=st->data[i+1];
+		/* In theory memcpy is not safe for this
+		 * memcpy( &(st->data[loc]),
+		 *	&(st->data[loc+1]),
+		 *	sizeof(char *)*(st->num-loc-1));
+		 */
+		}
+	st->num--;
+	return(ret);
+	}
+
+int sk_find(STACK *st, char *data)
+	{
+	char **r;
+	int i;
+	int (*comp_func)();
+	if(st == NULL) return -1;
+
+	if (st->comp == NULL)
+		{
+		for (i=0; inum; i++)
+			if (st->data[i] == data)
+				return(i);
+		return(-1);
+		}
+	sk_sort(st);
+	if (data == NULL) return(-1);
+	comp_func=(int (*)())st->comp;
+	r=(char **)bsearch(&data,(char *)st->data,
+		st->num,sizeof(char *),FP_ICC comp_func);
+	if (r == NULL) return(-1);
+	i=(int)(r-st->data);
+	for ( ; i>0; i--)
+		if ((*st->comp)(&(st->data[i-1]),&data) < 0)
+			break;
+	return(i);
+	}
+
+int sk_push(STACK *st, char *data)
+	{
+	return(sk_insert(st,data,st->num));
+	}
+
+int sk_unshift(STACK *st, char *data)
+	{
+	return(sk_insert(st,data,0));
+	}
+
+char *sk_shift(STACK *st)
+	{
+	if (st == NULL) return(NULL);
+	if (st->num <= 0) return(NULL);
+	return(sk_delete(st,0));
+	}
+
+char *sk_pop(STACK *st)
+	{
+	if (st == NULL) return(NULL);
+	if (st->num <= 0) return(NULL);
+	return(sk_delete(st,st->num-1));
+	}
+
+void sk_zero(STACK *st)
+	{
+	if (st == NULL) return;
+	if (st->num <= 0) return;
+	memset((char *)st->data,0,sizeof(st->data)*st->num);
+	st->num=0;
+	}
+
+void sk_pop_free(STACK *st, void (*func)())
+	{
+	int i;
+
+	if (st == NULL) return;
+	for (i=0; inum; i++)
+		if (st->data[i] != NULL)
+			func(st->data[i]);
+	sk_free(st);
+	}
+
+void sk_free(STACK *st)
+	{
+	if (st == NULL) return;
+	if (st->data != NULL) Free((char *)st->data);
+	Free((char *)st);
+	}
+
+int sk_num(STACK *st)
+{
+	if(st == NULL) return -1;
+	return st->num;
+}
+
+char *sk_value(STACK *st, int i)
+{
+	if(st == NULL) return NULL;
+	return st->data[i];
+}
+
+char *sk_set(STACK *st, int i, char *value)
+{
+	if(st == NULL) return NULL;
+	return (st->data[i] = value);
+}
+
+void sk_sort(STACK *st)
+    {
+    if (!st->sorted)
+	{
+	int (*comp_func)();
+
+	comp_func=(int (*)())st->comp;
+	qsort(st->data,st->num,sizeof(char *),FP_ICC comp_func);
+	st->sorted=1;
+	}
+    }
diff --git a/crypto/openssl/crypto/stack/stack.h b/crypto/openssl/crypto/stack/stack.h
new file mode 100644
index 000000000000..0f825cc0c4a6
--- /dev/null
+++ b/crypto/openssl/crypto/stack/stack.h
@@ -0,0 +1,107 @@
+/* crypto/stack/stack.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_STACK_H
+#define HEADER_STACK_H
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+typedef struct stack_st
+	{
+	int num;
+	char **data;
+	int sorted;
+
+	int num_alloc;
+	int (*comp)();
+	} STACK;
+
+
+#define sk_new_null()	sk_new(NULL)
+
+#define M_sk_num(sk)		((sk)->num)
+#define M_sk_value(sk,n)	((sk)->data[n])
+
+int sk_num(STACK *);
+char *sk_value(STACK *, int);
+
+char *sk_set(STACK *, int, char *);
+
+STACK *sk_new(int (*cmp)());
+void sk_free(STACK *);
+void sk_pop_free(STACK *st, void (*func)());
+int sk_insert(STACK *sk,char *data,int where);
+char *sk_delete(STACK *st,int loc);
+char *sk_delete_ptr(STACK *st, char *p);
+int sk_find(STACK *st,char *data);
+int sk_push(STACK *st,char *data);
+int sk_unshift(STACK *st,char *data);
+char *sk_shift(STACK *st);
+char *sk_pop(STACK *st);
+void sk_zero(STACK *st);
+int (*sk_set_cmp_func(STACK *sk, int (*c)()))();
+STACK *sk_dup(STACK *st);
+void sk_sort(STACK *st);
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
diff --git a/crypto/openssl/crypto/threads/mttest.c b/crypto/openssl/crypto/threads/mttest.c
new file mode 100644
index 000000000000..142623eddab6
--- /dev/null
+++ b/crypto/openssl/crypto/threads/mttest.c
@@ -0,0 +1,1062 @@
+/* crypto/threads/mttest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+#include 
+#ifdef LINUX
+#include 
+#endif
+#ifdef WIN32
+#include 
+#endif
+#ifdef SOLARIS
+#include 
+#include 
+#endif
+#ifdef IRIX
+#include 
+#include 
+#endif
+#include 
+#include 
+#include 
+#include "../e_os.h"
+#include 
+#include 
+#include 
+
+#ifdef NO_FP_API
+#define APPS_WIN16
+#include "../crypto/buffer/bss_file.c"
+#endif
+
+#define TEST_SERVER_CERT "../apps/server.pem"
+#define TEST_CLIENT_CERT "../apps/client.pem"
+
+#define MAX_THREAD_NUMBER	100
+
+int MS_CALLBACK verify_callback(int ok, X509 *xs, X509 *xi, int depth,
+	int error,char *arg);
+void thread_setup(void);
+void thread_cleanup(void);
+void do_threads(SSL_CTX *s_ctx,SSL_CTX *c_ctx);
+
+void irix_locking_callback(int mode,int type,char *file,int line);
+void solaris_locking_callback(int mode,int type,char *file,int line);
+void win32_locking_callback(int mode,int type,char *file,int line);
+void pthreads_locking_callback(int mode,int type,char *file,int line);
+
+unsigned long irix_thread_id(void );
+unsigned long solaris_thread_id(void );
+unsigned long pthreads_thread_id(void );
+
+BIO *bio_err=NULL;
+BIO *bio_stdout=NULL;
+
+static char *cipher=NULL;
+int verbose=0;
+#ifdef FIONBIO
+static int s_nbio=0;
+#endif
+
+int thread_number=10;
+int number_of_loops=10;
+int reconnect=0;
+int cache_stats=0;
+
+int doit(char *ctx[4]);
+static void print_stats(FILE *fp, SSL_CTX *ctx)
+{
+	fprintf(fp,"%4ld items in the session cache\n",
+		SSL_CTX_sess_number(ctx));
+	fprintf(fp,"%4d client connects (SSL_connect())\n",
+		SSL_CTX_sess_connect(ctx));
+	fprintf(fp,"%4d client connects that finished\n",
+		SSL_CTX_sess_connect_good(ctx));
+	fprintf(fp,"%4d server connects (SSL_accept())\n",
+		SSL_CTX_sess_accept(ctx));
+	fprintf(fp,"%4d server connects that finished\n",
+		SSL_CTX_sess_accept_good(ctx));
+	fprintf(fp,"%4d session cache hits\n",SSL_CTX_sess_hits(ctx));
+	fprintf(fp,"%4d session cache misses\n",SSL_CTX_sess_misses(ctx));
+	fprintf(fp,"%4d session cache timeouts\n",SSL_CTX_sess_timeouts(ctx));
+	}
+
+static void sv_usage(void)
+	{
+	fprintf(stderr,"usage: ssltest [args ...]\n");
+	fprintf(stderr,"\n");
+	fprintf(stderr," -server_auth  - check server certificate\n");
+	fprintf(stderr," -client_auth  - do client authentication\n");
+	fprintf(stderr," -v            - more output\n");
+	fprintf(stderr," -CApath arg   - PEM format directory of CA's\n");
+	fprintf(stderr," -CAfile arg   - PEM format file of CA's\n");
+	fprintf(stderr," -threads arg  - number of threads\n");
+	fprintf(stderr," -loops arg    - number of 'connections', per thread\n");
+	fprintf(stderr," -reconnect    - reuse session-id's\n");
+	fprintf(stderr," -stats        - server session-id cache stats\n");
+	fprintf(stderr," -cert arg     - server certificate/key\n");
+	fprintf(stderr," -ccert arg    - client certificate/key\n");
+	fprintf(stderr," -ssl3         - just SSLv3n\n");
+	}
+
+int main(int argc, char *argv[])
+	{
+	char *CApath=NULL,*CAfile=NULL;
+	int badop=0;
+	int ret=1;
+	int client_auth=0;
+	int server_auth=0;
+	SSL_CTX *s_ctx=NULL;
+	SSL_CTX *c_ctx=NULL;
+	char *scert=TEST_SERVER_CERT;
+	char *ccert=TEST_CLIENT_CERT;
+	SSL_METHOD *ssl_method=SSLv23_method();
+
+	if (bio_err == NULL)
+		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+	if (bio_stdout == NULL)
+		bio_stdout=BIO_new_fp(stdout,BIO_NOCLOSE);
+	argc--;
+	argv++;
+
+	while (argc >= 1)
+		{
+		if	(strcmp(*argv,"-server_auth") == 0)
+			server_auth=1;
+		else if	(strcmp(*argv,"-client_auth") == 0)
+			client_auth=1;
+		else if	(strcmp(*argv,"-reconnect") == 0)
+			reconnect=1;
+		else if	(strcmp(*argv,"-stats") == 0)
+			cache_stats=1;
+		else if	(strcmp(*argv,"-ssl3") == 0)
+			ssl_method=SSLv3_method();
+		else if	(strcmp(*argv,"-ssl2") == 0)
+			ssl_method=SSLv2_method();
+		else if	(strcmp(*argv,"-CApath") == 0)
+			{
+			if (--argc < 1) goto bad;
+			CApath= *(++argv);
+			}
+		else if	(strcmp(*argv,"-CAfile") == 0)
+			{
+			if (--argc < 1) goto bad;
+			CAfile= *(++argv);
+			}
+		else if	(strcmp(*argv,"-cert") == 0)
+			{
+			if (--argc < 1) goto bad;
+			scert= *(++argv);
+			}
+		else if	(strcmp(*argv,"-ccert") == 0)
+			{
+			if (--argc < 1) goto bad;
+			ccert= *(++argv);
+			}
+		else if	(strcmp(*argv,"-threads") == 0)
+			{
+			if (--argc < 1) goto bad;
+			thread_number= atoi(*(++argv));
+			if (thread_number == 0) thread_number=1;
+			if (thread_number > MAX_THREAD_NUMBER)
+				thread_number=MAX_THREAD_NUMBER;
+			}
+		else if	(strcmp(*argv,"-loops") == 0)
+			{
+			if (--argc < 1) goto bad;
+			number_of_loops= atoi(*(++argv));
+			if (number_of_loops == 0) number_of_loops=1;
+			}
+		else
+			{
+			fprintf(stderr,"unknown option %s\n",*argv);
+			badop=1;
+			break;
+			}
+		argc--;
+		argv++;
+		}
+	if (badop)
+		{
+bad:
+		sv_usage();
+		goto end;
+		}
+
+	if (cipher == NULL) cipher=getenv("SSL_CIPHER");
+
+	SSL_load_error_strings();
+	SSLeay_add_ssl_algorithms();
+
+	c_ctx=SSL_CTX_new(ssl_method);
+	s_ctx=SSL_CTX_new(ssl_method);
+	if ((c_ctx == NULL) || (s_ctx == NULL))
+		{
+		ERR_print_errors(bio_err);
+		goto end;
+		}
+
+	SSL_CTX_set_session_cache_mode(s_ctx,
+		SSL_SESS_CACHE_NO_AUTO_CLEAR|SSL_SESS_CACHE_SERVER);
+	SSL_CTX_set_session_cache_mode(c_ctx,
+		SSL_SESS_CACHE_NO_AUTO_CLEAR|SSL_SESS_CACHE_SERVER);
+
+	SSL_CTX_use_certificate_file(s_ctx,scert,SSL_FILETYPE_PEM);
+	SSL_CTX_use_RSAPrivateKey_file(s_ctx,scert,SSL_FILETYPE_PEM);
+
+	if (client_auth)
+		{
+		SSL_CTX_use_certificate_file(c_ctx,ccert,
+			SSL_FILETYPE_PEM);
+		SSL_CTX_use_RSAPrivateKey_file(c_ctx,ccert,
+			SSL_FILETYPE_PEM);
+		}
+
+	if (	(!SSL_CTX_load_verify_locations(s_ctx,CAfile,CApath)) ||
+		(!SSL_CTX_set_default_verify_paths(s_ctx)) ||
+		(!SSL_CTX_load_verify_locations(c_ctx,CAfile,CApath)) ||
+		(!SSL_CTX_set_default_verify_paths(c_ctx)))
+		{
+		fprintf(stderr,"SSL_load_verify_locations\n");
+		ERR_print_errors(bio_err);
+		goto end;
+		}
+
+	if (client_auth)
+		{
+		fprintf(stderr,"client authentication\n");
+		SSL_CTX_set_verify(s_ctx,
+			SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
+			verify_callback);
+		}
+	if (server_auth)
+		{
+		fprintf(stderr,"server authentication\n");
+		SSL_CTX_set_verify(c_ctx,SSL_VERIFY_PEER,
+			verify_callback);
+		}
+
+	thread_setup();
+	do_threads(s_ctx,c_ctx);
+	thread_cleanup();
+end:
+	
+	if (c_ctx != NULL) 
+		{
+		fprintf(stderr,"Client SSL_CTX stats then free it\n");
+		print_stats(stderr,c_ctx);
+		SSL_CTX_free(c_ctx);
+		}
+	if (s_ctx != NULL)
+		{
+		fprintf(stderr,"Server SSL_CTX stats then free it\n");
+		print_stats(stderr,s_ctx);
+		if (cache_stats)
+			{
+			fprintf(stderr,"-----\n");
+			lh_stats(SSL_CTX_sessions(s_ctx),stderr);
+			fprintf(stderr,"-----\n");
+		/*	lh_node_stats(SSL_CTX_sessions(s_ctx),stderr);
+			fprintf(stderr,"-----\n"); */
+			lh_node_usage_stats(SSL_CTX_sessions(s_ctx),stderr);
+			fprintf(stderr,"-----\n");
+			}
+		SSL_CTX_free(s_ctx);
+		fprintf(stderr,"done free\n");
+		}
+	exit(ret);
+	return(0);
+	}
+
+#define W_READ	1
+#define W_WRITE	2
+#define C_DONE	1
+#define S_DONE	2
+
+int ndoit(SSL_CTX *ssl_ctx[2])
+	{
+	int i;
+	int ret;
+	char *ctx[4];
+
+	ctx[0]=(char *)ssl_ctx[0];
+	ctx[1]=(char *)ssl_ctx[1];
+
+	if (reconnect)
+		{
+		ctx[2]=(char *)SSL_new(ssl_ctx[0]);
+		ctx[3]=(char *)SSL_new(ssl_ctx[1]);
+		}
+	else
+		{
+		ctx[2]=NULL;
+		ctx[3]=NULL;
+		}
+
+	fprintf(stdout,"started thread %lu\n",CRYPTO_thread_id());
+	for (i=0; iref (%3d,%3d)\n",
+			CRYPTO_thread_id(),i,
+			ssl_ctx[0]->references,
+			ssl_ctx[1]->references); */
+	/*	pthread_delay_np(&tm);*/
+
+		ret=doit(ctx);
+		if (ret != 0)
+			{
+			fprintf(stdout,"error[%d] %lu - %d\n",
+				i,CRYPTO_thread_id(),ret);
+			return(ret);
+			}
+		}
+	fprintf(stdout,"DONE %lu\n",CRYPTO_thread_id());
+	if (reconnect)
+		{
+		SSL_free((SSL *)ctx[2]);
+		SSL_free((SSL *)ctx[3]);
+		}
+	return(0);
+	}
+
+int doit(char *ctx[4])
+	{
+	SSL_CTX *s_ctx,*c_ctx;
+	static char cbuf[200],sbuf[200];
+	SSL *c_ssl=NULL;
+	SSL *s_ssl=NULL;
+	BIO *c_to_s=NULL;
+	BIO *s_to_c=NULL;
+	BIO *c_bio=NULL;
+	BIO *s_bio=NULL;
+	int c_r,c_w,s_r,s_w;
+	int c_want,s_want;
+	int i;
+	int done=0;
+	int c_write,s_write;
+	int do_server=0,do_client=0;
+
+	s_ctx=(SSL_CTX *)ctx[0];
+	c_ctx=(SSL_CTX *)ctx[1];
+
+	if (ctx[2] != NULL)
+		s_ssl=(SSL *)ctx[2];
+	else
+		s_ssl=SSL_new(s_ctx);
+
+	if (ctx[3] != NULL)
+		c_ssl=(SSL *)ctx[3];
+	else
+		c_ssl=SSL_new(c_ctx);
+
+	if ((s_ssl == NULL) || (c_ssl == NULL)) goto err;
+
+	c_to_s=BIO_new(BIO_s_mem());
+	s_to_c=BIO_new(BIO_s_mem());
+	if ((s_to_c == NULL) || (c_to_s == NULL)) goto err;
+
+	c_bio=BIO_new(BIO_f_ssl());
+	s_bio=BIO_new(BIO_f_ssl());
+	if ((c_bio == NULL) || (s_bio == NULL)) goto err;
+
+	SSL_set_connect_state(c_ssl);
+	SSL_set_bio(c_ssl,s_to_c,c_to_s);
+	BIO_set_ssl(c_bio,c_ssl,(ctx[2] == NULL)?BIO_CLOSE:BIO_NOCLOSE);
+
+	SSL_set_accept_state(s_ssl);
+	SSL_set_bio(s_ssl,c_to_s,s_to_c);
+	BIO_set_ssl(s_bio,s_ssl,(ctx[3] == NULL)?BIO_CLOSE:BIO_NOCLOSE);
+
+	c_r=0; s_r=1;
+	c_w=1; s_w=0;
+	c_want=W_WRITE;
+	s_want=0;
+	c_write=1,s_write=0;
+
+	/* We can always do writes */
+	for (;;)
+		{
+		do_server=0;
+		do_client=0;
+
+		i=(int)BIO_pending(s_bio);
+		if ((i && s_r) || s_w) do_server=1;
+
+		i=(int)BIO_pending(c_bio);
+		if ((i && c_r) || c_w) do_client=1;
+
+		if (do_server && verbose)
+			{
+			if (SSL_in_init(s_ssl))
+				printf("server waiting in SSL_accept - %s\n",
+					SSL_state_string_long(s_ssl));
+			else if (s_write)
+				printf("server:SSL_write()\n");
+			else 
+				printf("server:SSL_read()\n");
+			}
+
+		if (do_client && verbose)
+			{
+			if (SSL_in_init(c_ssl))
+				printf("client waiting in SSL_connect - %s\n",
+					SSL_state_string_long(c_ssl));
+			else if (c_write)
+				printf("client:SSL_write()\n");
+			else
+				printf("client:SSL_read()\n");
+			}
+
+		if (!do_client && !do_server)
+			{
+			fprintf(stdout,"ERROR IN STARTUP\n");
+			break;
+			}
+		if (do_client && !(done & C_DONE))
+			{
+			if (c_write)
+				{
+				i=BIO_write(c_bio,"hello from client\n",18);
+				if (i < 0)
+					{
+					c_r=0;
+					c_w=0;
+					if (BIO_should_retry(c_bio))
+						{
+						if (BIO_should_read(c_bio))
+							c_r=1;
+						if (BIO_should_write(c_bio))
+							c_w=1;
+						}
+					else
+						{
+						fprintf(stderr,"ERROR in CLIENT\n");
+						return(1);
+						}
+					}
+				else if (i == 0)
+					{
+					fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
+					return(1);
+					}
+				else
+					{
+					/* ok */
+					c_write=0;
+					}
+				}
+			else
+				{
+				i=BIO_read(c_bio,cbuf,100);
+				if (i < 0)
+					{
+					c_r=0;
+					c_w=0;
+					if (BIO_should_retry(c_bio))
+						{
+						if (BIO_should_read(c_bio))
+							c_r=1;
+						if (BIO_should_write(c_bio))
+							c_w=1;
+						}
+					else
+						{
+						fprintf(stderr,"ERROR in CLIENT\n");
+						return(1);
+						}
+					}
+				else if (i == 0)
+					{
+					fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
+					return(1);
+					}
+				else
+					{
+					done|=C_DONE;
+#ifdef undef
+					fprintf(stdout,"CLIENT:from server:");
+					fwrite(cbuf,1,i,stdout);
+					fflush(stdout);
+#endif
+					}
+				}
+			}
+
+		if (do_server && !(done & S_DONE))
+			{
+			if (!s_write)
+				{
+				i=BIO_read(s_bio,sbuf,100);
+				if (i < 0)
+					{
+					s_r=0;
+					s_w=0;
+					if (BIO_should_retry(s_bio))
+						{
+						if (BIO_should_read(s_bio))
+							s_r=1;
+						if (BIO_should_write(s_bio))
+							s_w=1;
+						}
+					else
+						{
+						fprintf(stderr,"ERROR in SERVER\n");
+						ERR_print_errors_fp(stderr);
+						return(1);
+						}
+					}
+				else if (i == 0)
+					{
+					fprintf(stderr,"SSL SERVER STARTUP FAILED\n");
+					return(1);
+					}
+				else
+					{
+					s_write=1;
+					s_w=1;
+#ifdef undef
+					fprintf(stdout,"SERVER:from client:");
+					fwrite(sbuf,1,i,stdout);
+					fflush(stdout);
+#endif
+					}
+				}
+			else
+				{
+				i=BIO_write(s_bio,"hello from server\n",18);
+				if (i < 0)
+					{
+					s_r=0;
+					s_w=0;
+					if (BIO_should_retry(s_bio))
+						{
+						if (BIO_should_read(s_bio))
+							s_r=1;
+						if (BIO_should_write(s_bio))
+							s_w=1;
+						}
+					else
+						{
+						fprintf(stderr,"ERROR in SERVER\n");
+						ERR_print_errors_fp(stderr);
+						return(1);
+						}
+					}
+				else if (i == 0)
+					{
+					fprintf(stderr,"SSL SERVER STARTUP FAILED\n");
+					return(1);
+					}
+				else
+					{
+					s_write=0;
+					s_r=1;
+					done|=S_DONE;
+					}
+				}
+			}
+
+		if ((done & S_DONE) && (done & C_DONE)) break;
+		}
+
+	SSL_set_shutdown(c_ssl,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
+	SSL_set_shutdown(s_ssl,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
+
+#ifdef undef
+	fprintf(stdout,"DONE\n");
+#endif
+err:
+	/* We have to set the BIO's to NULL otherwise they will be
+	 * free()ed twice.  Once when th s_ssl is SSL_free()ed and
+	 * again when c_ssl is SSL_free()ed.
+	 * This is a hack required because s_ssl and c_ssl are sharing the same
+	 * BIO structure and SSL_set_bio() and SSL_free() automatically
+	 * BIO_free non NULL entries.
+	 * You should not normally do this or be required to do this */
+
+	if (s_ssl != NULL)
+		{
+		s_ssl->rbio=NULL;
+		s_ssl->wbio=NULL;
+		}
+	if (c_ssl != NULL)
+		{
+		c_ssl->rbio=NULL;
+		c_ssl->wbio=NULL;
+		}
+
+	/* The SSL's are optionally freed in the following calls */
+	if (c_to_s != NULL) BIO_free(c_to_s);
+	if (s_to_c != NULL) BIO_free(s_to_c);
+
+	if (c_bio != NULL) BIO_free(c_bio);
+	if (s_bio != NULL) BIO_free(s_bio);
+	return(0);
+	}
+
+int MS_CALLBACK verify_callback(int ok, X509 *xs, X509 *xi, int depth,
+	     int error, char *arg)
+	{
+	char buf[256];
+
+	if (verbose)
+		{
+		X509_NAME_oneline(X509_get_subject_name(xs),buf,256);
+		if (ok)
+			fprintf(stderr,"depth=%d %s\n",depth,buf);
+		else
+			fprintf(stderr,"depth=%d error=%d %s\n",depth,error,buf);
+		}
+	return(ok);
+	}
+
+#define THREAD_STACK_SIZE (16*1024)
+
+#ifdef WIN32
+
+static HANDLE lock_cs[CRYPTO_NUM_LOCKS];
+
+void thread_setup(void)
+	{
+	int i;
+
+	for (i=0; i end.wDayOfWeek) end.wDayOfWeek+=7;
+	ret=(end.wDayOfWeek-start.wDayOfWeek)*24;
+
+	ret=(ret+end.wHour-start.wHour)*60;
+	ret=(ret+end.wMinute-start.wMinute)*60;
+	ret=(ret+end.wSecond-start.wSecond);
+	ret+=(end.wMilliseconds-start.wMilliseconds)/1000.0;
+
+	printf("win32 threads done - %.3f seconds\n",ret);
+	}
+
+#endif /* WIN32 */
+
+#ifdef SOLARIS
+
+static mutex_t lock_cs[CRYPTO_NUM_LOCKS];
+/*static rwlock_t lock_cs[CRYPTO_NUM_LOCKS]; */
+static long lock_count[CRYPTO_NUM_LOCKS];
+
+void thread_setup(void)
+	{
+	int i;
+
+	for (i=0; ireferences,c_ctx->references);
+	}
+
+unsigned long solaris_thread_id(void)
+	{
+	unsigned long ret;
+
+	ret=(unsigned long)thr_self();
+	return(ret);
+	}
+#endif /* SOLARIS */
+
+#ifdef IRIX
+
+
+static usptr_t *arena;
+static usema_t *lock_cs[CRYPTO_NUM_LOCKS];
+
+void thread_setup(void)
+	{
+	int i;
+	char filename[20];
+
+	strcpy(filename,"/tmp/mttest.XXXXXX");
+	mktemp(filename);
+
+	usconfig(CONF_STHREADIOOFF);
+	usconfig(CONF_STHREADMALLOCOFF);
+	usconfig(CONF_INITUSERS,100);
+	usconfig(CONF_LOCKTYPE,US_DEBUGPLUS);
+	arena=usinit(filename);
+	unlink(filename);
+
+	for (i=0; ireferences,c_ctx->references);
+	}
+
+unsigned long irix_thread_id(void)
+	{
+	unsigned long ret;
+
+	ret=(unsigned long)getpid();
+	return(ret);
+	}
+#endif /* IRIX */
+
+#ifdef PTHREADS
+
+static pthread_mutex_t lock_cs[CRYPTO_NUM_LOCKS];
+static long lock_count[CRYPTO_NUM_LOCKS];
+
+void thread_setup(void)
+	{
+	int i;
+
+	for (i=0; ireferences,c_ctx->references);
+	}
+
+unsigned long pthreads_thread_id(void)
+	{
+	unsigned long ret;
+
+	ret=(unsigned long)pthread_self();
+	return(ret);
+	}
+
+#endif /* PTHREADS */
+
+
+
diff --git a/crypto/openssl/crypto/threads/th-lock.c b/crypto/openssl/crypto/threads/th-lock.c
new file mode 100644
index 000000000000..afb4f4caf290
--- /dev/null
+++ b/crypto/openssl/crypto/threads/th-lock.c
@@ -0,0 +1,368 @@
+/* crypto/threads/th-lock.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+#include 
+#ifdef LINUX
+#include 
+#endif
+#ifdef WIN32
+#include 
+#endif
+#ifdef SOLARIS
+#include 
+#include 
+#endif
+#ifdef IRIX
+#include 
+#include 
+#endif
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+int CRYPTO_thread_setup(void);
+void CRYPTO_thread_cleanup(void);
+
+static void irix_locking_callback(int mode,int type,char *file,int line);
+static void solaris_locking_callback(int mode,int type,char *file,int line);
+static void win32_locking_callback(int mode,int type,char *file,int line);
+static void pthreads_locking_callback(int mode,int type,char *file,int line);
+
+static unsigned long irix_thread_id(void );
+static unsigned long solaris_thread_id(void );
+static unsigned long pthreads_thread_id(void );
+
+/* usage:
+ * CRYPTO_thread_setup();
+ * applicaion code
+ * CRYPTO_thread_cleanup();
+ */
+
+#define THREAD_STACK_SIZE (16*1024)
+
+#ifdef WIN32
+
+static HANDLE lock_cs[CRYPTO_NUM_LOCKS];
+
+int CRYPTO_thread_setup(void)
+	{
+	int i;
+
+	for (i=0; i
+#include 
+#include "cryptlib.h"
+#include 
+
+#ifdef TIMEB
+#undef WIN32
+#undef TIMES
+#endif
+
+#ifndef MSDOS
+#  ifndef WIN32
+#    if !defined(VMS) || defined(__DECC)
+#      define TIMES
+#    endif
+#  endif
+#endif
+
+#ifndef _IRIX
+#  include 
+#endif
+#ifdef TIMES
+#  include 
+#  include 
+#endif
+
+/* Depending on the VMS version, the tms structure is perhaps defined.
+   The __TMS macro will show if it was.  If it wasn't defined, we should
+   undefine TIMES, since that tells the rest of the program how things
+   should be handled.				-- Richard Levitte */
+#if defined(VMS) && defined(__DECC) && !defined(__TMS)
+#undef TIMES
+#endif
+
+#if defined(sun) || defined(__ultrix)
+#define _POSIX_SOURCE
+#include 
+#include 
+#endif
+
+#ifndef TIMES
+#include 
+#endif
+
+#ifdef WIN32
+#include 
+#endif
+
+/* The following if from times(3) man page.  It may need to be changed */
+#ifndef HZ
+# ifndef CLK_TCK
+#  ifndef _BSD_CLK_TCK_ /* FreeBSD hack */
+#   define HZ  100.0
+#  else /* _BSD_CLK_TCK_ */
+#   define HZ ((double)_BSD_CLK_TCK_)
+#  endif
+# else /* CLK_TCK */
+#  define HZ ((double)CLK_TCK)
+# endif
+#endif
+
+typedef struct ms_tm
+	{
+#ifdef TIMES
+	struct tms ms_tms;
+#else
+#  ifdef WIN32
+	HANDLE thread_id;
+	FILETIME ms_win32;
+#  else
+	struct timeb ms_timeb;
+#  endif
+#endif
+	} MS_TM;
+
+char *ms_time_new(void)
+	{
+	MS_TM *ret;
+
+	ret=(MS_TM *)Malloc(sizeof(MS_TM));
+	if (ret == NULL)
+		return(NULL);
+	memset(ret,0,sizeof(MS_TM));
+#ifdef WIN32
+	ret->thread_id=GetCurrentThread();
+#endif
+	return((char *)ret);
+	}
+
+void ms_time_free(char *a)
+	{
+	if (a != NULL)
+		Free(a);
+	}
+
+void ms_time_get(char *a)
+	{
+	MS_TM *tm=(MS_TM *)a;
+#ifdef WIN32
+	FILETIME tmpa,tmpb,tmpc;
+#endif
+
+#ifdef TIMES
+	times(&tm->ms_tms);
+#else
+#  ifdef WIN32
+	GetThreadTimes(tm->thread_id,&tmpa,&tmpb,&tmpc,&(tm->ms_win32));
+#  else
+	ftime(&tm->ms_timeb);
+#  endif
+#endif
+	}
+
+double ms_time_diff(char *ap, char *bp)
+	{
+	MS_TM *a=(MS_TM *)ap;
+	MS_TM *b=(MS_TM *)bp;
+	double ret;
+
+#ifdef TIMES
+	ret=(b->ms_tms.tms_utime-a->ms_tms.tms_utime)/HZ;
+#else
+# ifdef WIN32
+	{
+#ifdef __GNUC__
+	signed long long la,lb;
+#else
+	signed _int64 la,lb;
+#endif
+	la=a->ms_win32.dwHighDateTime;
+	lb=b->ms_win32.dwHighDateTime;
+	la<<=32;
+	lb<<=32;
+	la+=a->ms_win32.dwLowDateTime;
+	lb+=b->ms_win32.dwLowDateTime;
+	ret=((double)(lb-la))/1e7;
+	}
+# else
+	ret=	 (double)(b->ms_timeb.time-a->ms_timeb.time)+
+		(((double)b->ms_timeb.millitm)-
+		((double)a->ms_timeb.millitm))/1000.0;
+#  endif
+#endif
+	return((ret < 0.0000001)?0.0000001:ret);
+	}
+
+int ms_time_cmp(char *ap, char *bp)
+	{
+	MS_TM *a=(MS_TM *)ap,*b=(MS_TM *)bp;
+	double d;
+	int ret;
+
+#ifdef TIMES
+	d=(b->ms_tms.tms_utime-a->ms_tms.tms_utime)/HZ;
+#else
+# ifdef WIN32
+	d =(b->ms_win32.dwHighDateTime&0x000fffff)*10+b->ms_win32.dwLowDateTime/1e7;
+	d-=(a->ms_win32.dwHighDateTime&0x000fffff)*10+a->ms_win32.dwLowDateTime/1e7;
+# else
+	d=	 (double)(b->ms_timeb.time-a->ms_timeb.time)+
+		(((double)b->ms_timeb.millitm)-(double)a->ms_timeb.millitm)/1000.0;
+#  endif
+#endif
+	if (d == 0.0)
+		ret=0;
+	else if (d < 0)
+		ret= -1;
+	else
+		ret=1;
+	return(ret);
+	}
+
diff --git a/crypto/openssl/crypto/tmdiff.h b/crypto/openssl/crypto/tmdiff.h
new file mode 100644
index 000000000000..41a8a1e0e0da
--- /dev/null
+++ b/crypto/openssl/crypto/tmdiff.h
@@ -0,0 +1,81 @@
+/* crypto/tmdiff.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* Header for dynamic hash table routines
+ * Author - Eric Young
+ */
+
+#ifndef HEADER_TMDIFF_H
+#define HEADER_TMDIFF_H
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+char *ms_time_new(void );
+void ms_time_free(char *a);
+void ms_time_get(char *a);
+double ms_time_diff(char *start,char *end);
+int ms_time_cmp(char *ap,char *bp);
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
+
diff --git a/crypto/openssl/crypto/txt_db/Makefile.ssl b/crypto/openssl/crypto/txt_db/Makefile.ssl
new file mode 100644
index 000000000000..552ea5580f18
--- /dev/null
+++ b/crypto/openssl/crypto/txt_db/Makefile.ssl
@@ -0,0 +1,86 @@
+#
+# SSLeay/crypto/txt_db/Makefile
+#
+
+DIR=	txt_db
+TOP=	../..
+CC=	cc
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=		make -f Makefile.ssl
+MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+MAKEFILE=	Makefile.ssl
+AR=		ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=txt_db.c
+LIBOBJ=txt_db.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= txt_db.h
+HEADER=	$(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:	lib
+
+lib:	$(LIBOBJ)
+	$(AR) $(LIB) $(LIBOBJ)
+	$(RANLIB) $(LIB)
+	@touch lib
+
+files:
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+	@for i in $(EXHEADER) ; \
+	do  \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+	done;
+
+tags:
+	ctags $(SRC)
+
+tests:
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+
+dclean:
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+txt_db.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+txt_db.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+txt_db.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+txt_db.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+txt_db.o: ../../include/openssl/opensslv.h ../../include/openssl/stack.h
+txt_db.o: ../../include/openssl/txt_db.h ../cryptlib.h
diff --git a/crypto/openssl/crypto/txt_db/txt_db.c b/crypto/openssl/crypto/txt_db/txt_db.c
new file mode 100644
index 000000000000..9a9fa5ce557a
--- /dev/null
+++ b/crypto/openssl/crypto/txt_db/txt_db.c
@@ -0,0 +1,383 @@
+/* crypto/txt_db/txt_db.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+
+#undef BUFSIZE
+#define BUFSIZE	512
+
+const char *TXT_DB_version="TXT_DB" OPENSSL_VERSION_PTEXT;
+
+TXT_DB *TXT_DB_read(BIO *in, int num)
+	{
+	TXT_DB *ret=NULL;
+	int er=1;
+	int esc=0;
+	long ln=0;
+	int i,add,n;
+	int size=BUFSIZE;
+	int offset=0;
+	char *p,**pp,*f;
+	BUF_MEM *buf=NULL;
+
+	if ((buf=BUF_MEM_new()) == NULL) goto err;
+	if (!BUF_MEM_grow(buf,size)) goto err;
+
+	if ((ret=(TXT_DB *)Malloc(sizeof(TXT_DB))) == NULL)
+		goto err;
+	ret->num_fields=num;
+	ret->index=NULL;
+	ret->qual=NULL;
+	if ((ret->data=sk_new_null()) == NULL)
+		goto err;
+	if ((ret->index=(LHASH **)Malloc(sizeof(LHASH *)*num)) == NULL)
+		goto err;
+	if ((ret->qual=(int (**)())Malloc(sizeof(int (**)())*num)) == NULL)
+		goto err;
+	for (i=0; iindex[i]=NULL;
+		ret->qual[i]=NULL;
+		}
+
+	add=(num+1)*sizeof(char *);
+	buf->data[size-1]='\0';
+	offset=0;
+	for (;;)
+		{
+		if (offset != 0)
+			{
+			size+=BUFSIZE;
+			if (!BUF_MEM_grow(buf,size)) goto err;
+			}
+		buf->data[offset]='\0';
+		BIO_gets(in,&(buf->data[offset]),size-offset);
+		ln++;
+		if (buf->data[offset] == '\0') break;
+		if ((offset == 0) && (buf->data[0] == '#')) continue;
+		i=strlen(&(buf->data[offset]));
+		offset+=i;
+		if (buf->data[offset-1] != '\n')
+			continue;
+		else
+			{
+			buf->data[offset-1]='\0'; /* blat the '\n' */
+			p=(char *)Malloc(add+offset);
+			offset=0;
+			}
+		pp=(char **)p;
+		p+=add;
+		n=0;
+		pp[n++]=p;
+		i=0;
+		f=buf->data;
+
+		esc=0;
+		for (;;)
+			{
+			if (*f == '\0') break;
+			if (*f == '\t')
+				{
+				if (esc)
+					p--;
+				else
+					{	
+					*(p++)='\0';
+					f++;
+					if (n >=  num) break;
+					pp[n++]=p;
+					continue;
+					}
+				}
+			esc=(*f == '\\');
+			*(p++)= *(f++);
+			}
+		*(p++)='\0';
+		if ((n != num) || (*f != '\0'))
+			{
+#if !defined(NO_STDIO) && !defined(WIN16)	/* temporaty fix :-( */
+			fprintf(stderr,"wrong number of fields on line %ld (looking for field %d, got %d, '%s' left)\n",ln,num,n,f);
+#endif
+			er=2;
+			goto err;
+			}
+		pp[n]=p;
+		if (!sk_push(ret->data,(char *)pp))
+			{
+#if !defined(NO_STDIO) && !defined(WIN16)	/* temporaty fix :-( */
+			fprintf(stderr,"failure in sk_push\n");
+#endif
+			er=2;
+			goto err;
+			}
+		}
+	er=0;
+err:
+	BUF_MEM_free(buf);
+	if (er)
+		{
+#if !defined(NO_STDIO) && !defined(WIN16)
+		if (er == 1) fprintf(stderr,"Malloc failure\n");
+#endif
+		if (ret->data != NULL) sk_free(ret->data);
+		if (ret->index != NULL) Free(ret->index);
+		if (ret->qual != NULL) Free((char *)ret->qual);
+		if (ret != NULL) Free(ret);
+		return(NULL);
+		}
+	else
+		return(ret);
+	}
+
+char **TXT_DB_get_by_index(TXT_DB *db, int idx, char **value)
+	{
+	char **ret;
+	LHASH *lh;
+
+	if (idx >= db->num_fields)
+		{
+		db->error=DB_ERROR_INDEX_OUT_OF_RANGE;
+		return(NULL);
+		}
+	lh=db->index[idx];
+	if (lh == NULL)
+		{
+		db->error=DB_ERROR_NO_INDEX;
+		return(NULL);
+		}
+	ret=(char **)lh_retrieve(lh,(char *)value);
+	db->error=DB_ERROR_OK;
+	return(ret);
+	}
+
+int TXT_DB_create_index(TXT_DB *db, int field, int (*qual)(),
+	     unsigned long (*hash)(), int (*cmp)())
+	{
+	LHASH *idx;
+	char *r;
+	int i,n;
+
+	if (field >= db->num_fields)
+		{
+		db->error=DB_ERROR_INDEX_OUT_OF_RANGE;
+		return(0);
+		}
+	if ((idx=lh_new(hash,cmp)) == NULL)
+		{
+		db->error=DB_ERROR_MALLOC;
+		return(0);
+		}
+	n=sk_num(db->data);
+	for (i=0; idata,i);
+		if ((qual != NULL) && (qual(r) == 0)) continue;
+		if ((r=lh_insert(idx,r)) != NULL)
+			{
+			db->error=DB_ERROR_INDEX_CLASH;
+			db->arg1=sk_find(db->data,r);
+			db->arg2=i;
+			lh_free(idx);
+			return(0);
+			}
+		}
+	if (db->index[field] != NULL) lh_free(db->index[field]);
+	db->index[field]=idx;
+	db->qual[field]=qual;
+	return(1);
+	}
+
+long TXT_DB_write(BIO *out, TXT_DB *db)
+	{
+	long i,j,n,nn,l,tot=0;
+	char *p,**pp,*f;
+	BUF_MEM *buf=NULL;
+	long ret= -1;
+
+	if ((buf=BUF_MEM_new()) == NULL)
+		goto err;
+	n=sk_num(db->data);
+	nn=db->num_fields;
+	for (i=0; idata,i);
+
+		l=0;
+		for (j=0; jdata;
+		for (j=0; jdata;
+		if (BIO_write(out,buf->data,(int)j) != j)
+			goto err;
+		tot+=j;
+		}
+	ret=tot;
+err:
+	if (buf != NULL) BUF_MEM_free(buf);
+	return(ret);
+	}
+
+int TXT_DB_insert(TXT_DB *db, char **row)
+	{
+	int i;
+	char **r;
+
+	for (i=0; inum_fields; i++)
+		{
+		if (db->index[i] != NULL)
+			{
+			if ((db->qual[i] != NULL) &&
+				(db->qual[i](row) == 0)) continue;
+			r=(char **)lh_retrieve(db->index[i],(char *)row);
+			if (r != NULL)
+				{
+				db->error=DB_ERROR_INDEX_CLASH;
+				db->arg1=i;
+				db->arg_row=r;
+				goto err;
+				}
+			}
+		}
+	/* We have passed the index checks, now just append and insert */
+	if (!sk_push(db->data,(char *)row))
+		{
+		db->error=DB_ERROR_MALLOC;
+		goto err;
+		}
+
+	for (i=0; inum_fields; i++)
+		{
+		if (db->index[i] != NULL)
+			{
+			if ((db->qual[i] != NULL) &&
+				(db->qual[i](row) == 0)) continue;
+			lh_insert(db->index[i],(char *)row);
+			}
+		}
+	return(1);
+err:
+	return(0);
+	}
+
+void TXT_DB_free(TXT_DB *db)
+	{
+	int i,n;
+	char **p,*max;
+
+	if(db == NULL)
+	    return;
+
+	if (db->index != NULL)
+		{
+		for (i=db->num_fields-1; i>=0; i--)
+			if (db->index[i] != NULL) lh_free(db->index[i]);
+		Free(db->index);
+		}
+	if (db->qual != NULL)
+		Free(db->qual);
+	if (db->data != NULL)
+		{
+		for (i=sk_num(db->data)-1; i>=0; i--)
+			{
+			/* check if any 'fields' have been allocated
+			 * from outside of the initial block */
+			p=(char **)sk_value(db->data,i);
+			max=p[db->num_fields]; /* last address */
+			if (max == NULL) /* new row */
+				{
+				for (n=0; nnum_fields; n++)
+					if (p[n] != NULL) Free(p[n]);
+				}
+			else
+				{
+				for (n=0; nnum_fields; n++)
+					{
+					if (((p[n] < (char *)p) || (p[n] > max))
+						&& (p[n] != NULL))
+						Free(p[n]);
+					}
+				}
+			Free(sk_value(db->data,i));
+			}
+		sk_free(db->data);
+		}
+	Free(db);
+	}
diff --git a/crypto/openssl/crypto/txt_db/txt_db.h b/crypto/openssl/crypto/txt_db/txt_db.h
new file mode 100644
index 000000000000..58b9de13532c
--- /dev/null
+++ b/crypto/openssl/crypto/txt_db/txt_db.h
@@ -0,0 +1,105 @@
+/* crypto/txt_db/txt_db.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_TXT_DB_H
+#define HEADER_TXT_DB_H
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#include 
+#include 
+
+#define DB_ERROR_OK			0
+#define DB_ERROR_MALLOC			1
+#define DB_ERROR_INDEX_CLASH    	2
+#define DB_ERROR_INDEX_OUT_OF_RANGE	3
+#define DB_ERROR_NO_INDEX		4
+#define DB_ERROR_INSERT_INDEX_CLASH    	5
+
+typedef struct txt_db_st
+	{
+	int num_fields;
+	STACK /* char ** */ *data;
+	LHASH **index;
+	int (**qual)();
+	long error;
+	long arg1;
+	long arg2;
+	char **arg_row;
+	} TXT_DB;
+
+#ifdef HEADER_BIO_H
+TXT_DB *TXT_DB_read(BIO *in, int num);
+long TXT_DB_write(BIO *out, TXT_DB *db);
+#else
+TXT_DB *TXT_DB_read(char *in, int num);
+long TXT_DB_write(char *out, TXT_DB *db);
+#endif
+int TXT_DB_create_index(TXT_DB *db,int field,int (*qual)(),
+	 unsigned long (*hash)(),int (*cmp)());
+void TXT_DB_free(TXT_DB *db);
+char **TXT_DB_get_by_index(TXT_DB *db, int idx, char **value);
+int TXT_DB_insert(TXT_DB *db,char **value);
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
diff --git a/crypto/openssl/crypto/x509/Makefile.ssl b/crypto/openssl/crypto/x509/Makefile.ssl
new file mode 100644
index 000000000000..14bb60d41141
--- /dev/null
+++ b/crypto/openssl/crypto/x509/Makefile.ssl
@@ -0,0 +1,416 @@
+#
+# SSLeay/crypto/x509/Makefile
+#
+
+DIR=	x509
+TOP=	../..
+CC=	cc
+INCLUDES= -I.. -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=		make -f Makefile.ssl
+MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+MAKEFILE=	Makefile.ssl
+AR=		ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile README
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=	x509_def.c x509_d2.c x509_r2x.c x509_cmp.c \
+	x509_obj.c x509_req.c x509_vfy.c \
+	x509_set.c x509rset.c x509_err.c \
+	x509name.c x509_v3.c x509_ext.c \
+	x509type.c x509_lu.c x_all.c x509_txt.c \
+	by_file.c by_dir.c 
+LIBOBJ= x509_def.o x509_d2.o x509_r2x.o x509_cmp.o \
+	x509_obj.o x509_req.o x509_vfy.o \
+	x509_set.o x509rset.o x509_err.o \
+	x509name.o x509_v3.o x509_ext.o \
+	x509type.o x509_lu.o x_all.o x509_txt.o \
+	by_file.o by_dir.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= x509.h x509_vfy.h
+HEADER=	$(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:	lib
+
+lib:	$(LIBOBJ)
+	$(AR) $(LIB) $(LIBOBJ)
+	$(RANLIB) $(LIB)
+	@touch lib
+
+files:
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+	@for i in $(EXHEADER) ; \
+	do  \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+	done;
+
+tags:
+	ctags $(SRC)
+
+tests:
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+
+dclean:
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+by_dir.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+by_dir.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+by_dir.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+by_dir.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+by_dir.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+by_dir.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+by_dir.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+by_dir.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+by_dir.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+by_dir.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+by_dir.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+by_dir.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+by_dir.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+by_dir.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+by_dir.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+by_dir.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+by_dir.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+by_file.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+by_file.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+by_file.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+by_file.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+by_file.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+by_file.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+by_file.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+by_file.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+by_file.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+by_file.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+by_file.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+by_file.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+by_file.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+by_file.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+by_file.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+by_file.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+by_file.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+by_file.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+x509_cmp.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_cmp.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_cmp.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_cmp.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x509_cmp.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x509_cmp.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+x509_cmp.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_cmp.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+x509_cmp.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x509_cmp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_cmp.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+x509_cmp.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x509_cmp.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x509_cmp.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x509_cmp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509_cmp.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_cmp.o: ../cryptlib.h
+x509_d2.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_d2.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_d2.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_d2.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x509_d2.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x509_d2.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+x509_d2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_d2.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+x509_d2.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x509_d2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_d2.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+x509_d2.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x509_d2.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x509_d2.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x509_d2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509_d2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_d2.o: ../cryptlib.h
+x509_def.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_def.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_def.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_def.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x509_def.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x509_def.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+x509_def.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_def.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+x509_def.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x509_def.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_def.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+x509_def.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x509_def.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x509_def.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x509_def.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509_def.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_def.o: ../cryptlib.h
+x509_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_err.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_err.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+x509_err.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+x509_err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x509_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_err.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+x509_err.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x509_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_err.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+x509_err.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x509_err.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x509_err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x509_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509_err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_ext.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_ext.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_ext.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_ext.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x509_ext.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x509_ext.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+x509_ext.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_ext.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+x509_ext.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x509_ext.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_ext.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+x509_ext.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x509_ext.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x509_ext.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x509_ext.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509_ext.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_ext.o: ../cryptlib.h
+x509_lu.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_lu.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_lu.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_lu.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x509_lu.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x509_lu.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+x509_lu.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_lu.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509_lu.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+x509_lu.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+x509_lu.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x509_lu.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509_lu.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509_lu.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509_lu.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509_lu.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+x509_lu.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+x509_obj.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_obj.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_obj.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_obj.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x509_obj.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x509_obj.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+x509_obj.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_obj.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509_obj.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+x509_obj.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+x509_obj.o: ../../include/openssl/opensslconf.h
+x509_obj.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+x509_obj.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x509_obj.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x509_obj.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x509_obj.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509_obj.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_obj.o: ../cryptlib.h
+x509_r2x.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_r2x.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_r2x.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_r2x.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x509_r2x.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x509_r2x.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+x509_r2x.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_r2x.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+x509_r2x.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x509_r2x.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_r2x.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+x509_r2x.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x509_r2x.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x509_r2x.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x509_r2x.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509_r2x.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_r2x.o: ../cryptlib.h
+x509_req.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_req.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_req.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_req.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x509_req.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x509_req.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+x509_req.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_req.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+x509_req.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x509_req.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_req.o: ../../include/openssl/opensslv.h ../../include/openssl/pem.h
+x509_req.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+x509_req.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x509_req.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x509_req.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x509_req.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509_req.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_req.o: ../cryptlib.h
+x509_set.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_set.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_set.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_set.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x509_set.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x509_set.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+x509_set.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_set.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+x509_set.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x509_set.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_set.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+x509_set.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x509_set.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x509_set.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x509_set.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509_set.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_set.o: ../cryptlib.h
+x509_txt.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_txt.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_txt.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_txt.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x509_txt.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x509_txt.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+x509_txt.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_txt.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509_txt.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+x509_txt.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+x509_txt.o: ../../include/openssl/opensslconf.h
+x509_txt.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+x509_txt.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x509_txt.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x509_txt.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x509_txt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509_txt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_txt.o: ../cryptlib.h
+x509_v3.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_v3.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_v3.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_v3.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x509_v3.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x509_v3.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+x509_v3.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_v3.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+x509_v3.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x509_v3.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_v3.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+x509_v3.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x509_v3.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x509_v3.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x509_v3.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509_v3.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_v3.o: ../cryptlib.h
+x509_vfy.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_vfy.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_vfy.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_vfy.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x509_vfy.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x509_vfy.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+x509_vfy.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_vfy.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509_vfy.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+x509_vfy.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+x509_vfy.o: ../../include/openssl/opensslconf.h
+x509_vfy.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+x509_vfy.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x509_vfy.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x509_vfy.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x509_vfy.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509_vfy.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_vfy.o: ../cryptlib.h
+x509name.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509name.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509name.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509name.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x509name.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x509name.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+x509name.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509name.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+x509name.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x509name.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509name.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+x509name.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x509name.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x509name.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x509name.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509name.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509name.o: ../cryptlib.h
+x509rset.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509rset.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509rset.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509rset.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x509rset.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x509rset.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+x509rset.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509rset.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+x509rset.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x509rset.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509rset.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+x509rset.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x509rset.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x509rset.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x509rset.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509rset.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509rset.o: ../cryptlib.h
+x509type.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509type.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509type.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509type.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x509type.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x509type.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+x509type.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509type.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+x509type.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x509type.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509type.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+x509type.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x509type.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x509type.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x509type.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509type.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509type.o: ../cryptlib.h
+x_all.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x_all.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x_all.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x_all.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x_all.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x_all.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+x_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_all.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+x_all.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_all.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+x_all.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x_all.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_all.o: ../cryptlib.h
diff --git a/crypto/openssl/crypto/x509/by_dir.c b/crypto/openssl/crypto/x509/by_dir.c
new file mode 100644
index 000000000000..734e39ac7737
--- /dev/null
+++ b/crypto/openssl/crypto/x509/by_dir.c
@@ -0,0 +1,342 @@
+/* crypto/x509/by_dir.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#include "cryptlib.h"
+#include 
+#include 
+
+typedef struct lookup_dir_st
+	{
+	BUF_MEM *buffer;
+	int num_dirs;
+	char **dirs;
+	int *dirs_type;
+	int num_dirs_alloced;
+	} BY_DIR;
+
+static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
+	char **ret);
+static int new_dir(X509_LOOKUP *lu);
+static void free_dir(X509_LOOKUP *lu);
+static int add_cert_dir(BY_DIR *ctx,const char *dir,int type);
+static int get_cert_by_subject(X509_LOOKUP *xl,int type,X509_NAME *name,
+	X509_OBJECT *ret);
+X509_LOOKUP_METHOD x509_dir_lookup=
+	{
+	"Load certs from files in a directory",
+	new_dir,		/* new */
+	free_dir,		/* free */
+	NULL, 			/* init */
+	NULL,			/* shutdown */
+	dir_ctrl,		/* ctrl */
+	get_cert_by_subject,	/* get_by_subject */
+	NULL,			/* get_by_issuer_serial */
+	NULL,			/* get_by_fingerprint */
+	NULL,			/* get_by_alias */
+	};
+
+X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void)
+	{
+	return(&x509_dir_lookup);
+	}
+
+static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
+	     char **retp)
+	{
+	int ret=0;
+	BY_DIR *ld;
+	char *dir;
+
+	ld=(BY_DIR *)ctx->method_data;
+
+	switch (cmd)
+		{
+	case X509_L_ADD_DIR:
+		if (argl == X509_FILETYPE_DEFAULT)
+			{
+			ret=add_cert_dir(ld,X509_get_default_cert_dir(),
+				X509_FILETYPE_PEM);
+			if (!ret)
+				{
+				X509err(X509_F_DIR_CTRL,X509_R_LOADING_CERT_DIR);
+				}
+			else
+				{
+				dir=(char *)Getenv(X509_get_default_cert_dir_env());
+				ret=add_cert_dir(ld,dir,X509_FILETYPE_PEM);
+				}
+			}
+		else
+			ret=add_cert_dir(ld,argp,(int)argl);
+		break;
+		}
+	return(ret);
+	}
+
+static int new_dir(X509_LOOKUP *lu)
+	{
+	BY_DIR *a;
+
+	if ((a=(BY_DIR *)Malloc(sizeof(BY_DIR))) == NULL)
+		return(0);
+	if ((a->buffer=BUF_MEM_new()) == NULL)
+		{
+		Free(a);
+		return(0);
+		}
+	a->num_dirs=0;
+	a->dirs=NULL;
+	a->dirs_type=NULL;
+	a->num_dirs_alloced=0;
+	lu->method_data=(char *)a;
+	return(1);
+	}
+
+static void free_dir(X509_LOOKUP *lu)
+	{
+	BY_DIR *a;
+	int i;
+
+	a=(BY_DIR *)lu->method_data;
+	for (i=0; inum_dirs; i++)
+		if (a->dirs[i] != NULL) Free(a->dirs[i]);
+	if (a->dirs != NULL) Free(a->dirs);
+	if (a->dirs_type != NULL) Free(a->dirs_type);
+	if (a->buffer != NULL) BUF_MEM_free(a->buffer);
+	Free(a);
+	}
+
+static int add_cert_dir(BY_DIR *ctx, const char *dir, int type)
+	{
+	int j,len;
+	int *ip;
+	const char *s,*ss,*p;
+	char **pp;
+
+	if (dir == NULL || !*dir)
+	    {
+	    X509err(X509_F_ADD_CERT_DIR,X509_R_INVALID_DIRECTORY);
+	    return 0;
+	    }
+
+	s=dir;
+	p=s;
+	for (;;)
+		{
+		if ((*p == LIST_SEPARATOR_CHAR) || (*p == '\0'))
+			{
+			ss=s;
+			s=p+1;
+			len=(int)(p-ss);
+			if (len == 0) continue;
+			for (j=0; jnum_dirs; j++)
+				if (strncmp(ctx->dirs[j],ss,(unsigned int)len) == 0)
+					continue;
+			if (ctx->num_dirs_alloced < (ctx->num_dirs+1))
+				{
+				ctx->num_dirs_alloced+=10;
+				pp=(char **)Malloc(ctx->num_dirs_alloced*
+					sizeof(char *));
+				ip=(int *)Malloc(ctx->num_dirs_alloced*
+					sizeof(int));
+				if ((pp == NULL) || (ip == NULL))
+					{
+					X509err(X509_F_ADD_CERT_DIR,ERR_R_MALLOC_FAILURE);
+					return(0);
+					}
+				memcpy(pp,ctx->dirs,(ctx->num_dirs_alloced-10)*
+					sizeof(char *));
+				memcpy(ip,ctx->dirs_type,(ctx->num_dirs_alloced-10)*
+					sizeof(int));
+				if (ctx->dirs != NULL)
+					Free((char *)ctx->dirs);
+				if (ctx->dirs_type != NULL)
+					Free((char *)ctx->dirs_type);
+				ctx->dirs=pp;
+				ctx->dirs_type=ip;
+				}
+			ctx->dirs_type[ctx->num_dirs]=type;
+			ctx->dirs[ctx->num_dirs]=(char *)Malloc((unsigned int)len+1);
+			if (ctx->dirs[ctx->num_dirs] == NULL) return(0);
+			strncpy(ctx->dirs[ctx->num_dirs],ss,(unsigned int)len);
+			ctx->dirs[ctx->num_dirs][len]='\0';
+			ctx->num_dirs++;
+			}
+		if (*p == '\0') break;
+		p++;
+		}
+	return(1);
+	}
+
+static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
+	     X509_OBJECT *ret)
+	{
+	BY_DIR *ctx;
+	union	{
+		struct	{
+			X509 st_x509;
+			X509_CINF st_x509_cinf;
+			} x509;
+		struct	{
+			X509_CRL st_crl;
+			X509_CRL_INFO st_crl_info;
+			} crl;
+		} data;
+	int ok=0;
+	int i,j,k;
+	unsigned long h;
+	BUF_MEM *b=NULL;
+	struct stat st;
+	X509_OBJECT stmp,*tmp;
+	const char *postfix="";
+
+	if (name == NULL) return(0);
+
+	stmp.type=type;
+	if (type == X509_LU_X509)
+		{
+		data.x509.st_x509.cert_info= &data.x509.st_x509_cinf;
+		data.x509.st_x509_cinf.subject=name;
+		stmp.data.x509= &data.x509.st_x509;
+		postfix="";
+		}
+	else if (type == X509_LU_CRL)
+		{
+		data.crl.st_crl.crl= &data.crl.st_crl_info;
+		data.crl.st_crl_info.issuer=name;
+		stmp.data.crl= &data.crl.st_crl;
+		postfix="r";
+		}
+	else
+		{
+		X509err(X509_F_GET_CERT_BY_SUBJECT,X509_R_WRONG_LOOKUP_TYPE);
+		goto finish;
+		}
+
+	if ((b=BUF_MEM_new()) == NULL)
+		{
+		X509err(X509_F_GET_CERT_BY_SUBJECT,ERR_R_BUF_LIB);
+		goto finish;
+		}
+	
+	ctx=(BY_DIR *)xl->method_data;
+
+	h=X509_NAME_hash(name);
+	for (i=0; inum_dirs; i++)
+		{
+		j=strlen(ctx->dirs[i])+1+8+6+1+1;
+		if (!BUF_MEM_grow(b,j))
+			{
+			X509err(X509_F_GET_CERT_BY_SUBJECT,ERR_R_MALLOC_FAILURE);
+			goto finish;
+			}
+		k=0;
+		for (;;)
+			{
+			sprintf(b->data,"%s/%08lx.%s%d",ctx->dirs[i],h,
+				postfix,k);
+			k++;
+			if (stat(b->data,&st) < 0)
+				break;
+			/* found one. */
+			if (type == X509_LU_X509)
+				{
+				if ((X509_load_cert_file(xl,b->data,
+					ctx->dirs_type[i])) == 0)
+					break;
+				}
+			else if (type == X509_LU_CRL)
+				{
+				if ((X509_load_crl_file(xl,b->data,
+					ctx->dirs_type[i])) == 0)
+					break;
+				}
+			/* else case will caught higher up */
+			}
+
+		/* we have added it to the cache so now pull
+		 * it out again */
+		CRYPTO_r_lock(CRYPTO_LOCK_X509_STORE);
+		tmp=(X509_OBJECT *)lh_retrieve(xl->store_ctx->certs,
+			(char *)&stmp);
+		CRYPTO_r_unlock(CRYPTO_LOCK_X509_STORE);
+
+		if (tmp != NULL)
+			{
+			ok=1;
+			ret->type=tmp->type;
+			memcpy(&ret->data,&tmp->data,sizeof(ret->data));
+			/* If we were going to up the reference count,
+			 * we would need to do it on a perl 'type'
+			 * basis */
+	/*		CRYPTO_add(&tmp->data.x509->references,1,
+				CRYPTO_LOCK_X509);*/
+			goto finish;
+			}
+		}
+finish:
+	if (b != NULL) BUF_MEM_free(b);
+	return(ok);
+	}
+
diff --git a/crypto/openssl/crypto/x509/by_file.c b/crypto/openssl/crypto/x509/by_file.c
new file mode 100644
index 000000000000..00ee5e8bbc4d
--- /dev/null
+++ b/crypto/openssl/crypto/x509/by_file.c
@@ -0,0 +1,267 @@
+/* crypto/x509/by_file.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+#include 
+
+#ifndef NO_STDIO
+
+static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc,
+	long argl, char **ret);
+X509_LOOKUP_METHOD x509_file_lookup=
+	{
+	"Load file into cache",
+	NULL,		/* new */
+	NULL,		/* free */
+	NULL, 		/* init */
+	NULL,		/* shutdown */
+	by_file_ctrl,	/* ctrl */
+	NULL,		/* get_by_subject */
+	NULL,		/* get_by_issuer_serial */
+	NULL,		/* get_by_fingerprint */
+	NULL,		/* get_by_alias */
+	};
+
+X509_LOOKUP_METHOD *X509_LOOKUP_file(void)
+	{
+	return(&x509_file_lookup);
+	}
+
+static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
+	     char **ret)
+	{
+	int ok=0,ok2=0;
+	char *file;
+
+	switch (cmd)
+		{
+	case X509_L_FILE_LOAD:
+		if (argl == X509_FILETYPE_DEFAULT)
+			{
+			ok=X509_load_cert_file(ctx,X509_get_default_cert_file(),
+				X509_FILETYPE_PEM);
+			ok2=X509_load_crl_file(ctx,X509_get_default_cert_file(),
+				X509_FILETYPE_PEM);
+			if (!ok || !ok2)
+				{
+				X509err(X509_F_BY_FILE_CTRL,X509_R_LOADING_DEFAULTS);
+				}
+			else
+				{
+				file=(char *)Getenv(X509_get_default_cert_file_env());
+				ok=X509_load_cert_file(ctx,file,
+					X509_FILETYPE_PEM);
+				ok2=X509_load_crl_file(ctx,file,
+					X509_FILETYPE_PEM);
+				}
+			}
+		else
+			{
+			ok=X509_load_cert_file(ctx,argp,(int)argl);
+			ok2=X509_load_crl_file(ctx,argp,(int)argl);
+			}
+		break;
+		}
+	return((ok && ok2)?ok:0);
+	}
+
+int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type)
+	{
+	int ret=0;
+	BIO *in=NULL;
+	int i,count=0;
+	X509 *x=NULL;
+
+	if (file == NULL) return(1);
+	in=BIO_new(BIO_s_file_internal());
+
+	if ((in == NULL) || (BIO_read_filename(in,file) <= 0))
+		{
+		X509err(X509_F_X509_LOAD_CERT_FILE,ERR_R_SYS_LIB);
+		goto err;
+		}
+
+	if (type == X509_FILETYPE_PEM)
+		{
+		for (;;)
+			{
+			x=PEM_read_bio_X509(in,NULL,NULL,NULL);
+			if (x == NULL)
+				{
+				if ((ERR_GET_REASON(ERR_peek_error()) ==
+					PEM_R_NO_START_LINE) && (count > 0))
+					{
+					ERR_clear_error();
+					break;
+					}
+				else
+					{
+					X509err(X509_F_X509_LOAD_CERT_FILE,
+						ERR_R_PEM_LIB);
+					goto err;
+					}
+				}
+			i=X509_STORE_add_cert(ctx->store_ctx,x);
+			if (!i) goto err;
+			count++;
+			X509_free(x);
+			x=NULL;
+			}
+		ret=count;
+		}
+	else if (type == X509_FILETYPE_ASN1)
+		{
+		x=d2i_X509_bio(in,NULL);
+		if (x == NULL)
+			{
+			X509err(X509_F_X509_LOAD_CERT_FILE,ERR_R_ASN1_LIB);
+			goto err;
+			}
+		i=X509_STORE_add_cert(ctx->store_ctx,x);
+		if (!i) goto err;
+		ret=i;
+		}
+	else
+		{
+		X509err(X509_F_X509_LOAD_CERT_FILE,X509_R_BAD_X509_FILETYPE);
+		goto err;
+		}
+err:
+	if (x != NULL) X509_free(x);
+	if (in != NULL) BIO_free(in);
+	return(ret);
+	}
+
+int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type)
+	{
+	int ret=0;
+	BIO *in=NULL;
+	int i,count=0;
+	X509_CRL *x=NULL;
+
+	if (file == NULL) return(1);
+	in=BIO_new(BIO_s_file_internal());
+
+	if ((in == NULL) || (BIO_read_filename(in,file) <= 0))
+		{
+		X509err(X509_F_X509_LOAD_CRL_FILE,ERR_R_SYS_LIB);
+		goto err;
+		}
+
+	if (type == X509_FILETYPE_PEM)
+		{
+		for (;;)
+			{
+			x=PEM_read_bio_X509_CRL(in,NULL,NULL,NULL);
+			if (x == NULL)
+				{
+				if ((ERR_GET_REASON(ERR_peek_error()) ==
+					PEM_R_NO_START_LINE) && (count > 0))
+					{
+					ERR_clear_error();
+					break;
+					}
+				else
+					{
+					X509err(X509_F_X509_LOAD_CRL_FILE,
+						ERR_R_PEM_LIB);
+					goto err;
+					}
+				}
+			i=X509_STORE_add_crl(ctx->store_ctx,x);
+			if (!i) goto err;
+			count++;
+			X509_CRL_free(x);
+			x=NULL;
+			}
+		ret=count;
+		}
+	else if (type == X509_FILETYPE_ASN1)
+		{
+		x=d2i_X509_CRL_bio(in,NULL);
+		if (x == NULL)
+			{
+			X509err(X509_F_X509_LOAD_CRL_FILE,ERR_R_ASN1_LIB);
+			goto err;
+			}
+		i=X509_STORE_add_crl(ctx->store_ctx,x);
+		if (!i) goto err;
+		ret=i;
+		}
+	else
+		{
+		X509err(X509_F_X509_LOAD_CRL_FILE,X509_R_BAD_X509_FILETYPE);
+		goto err;
+		}
+err:
+	if (x != NULL) X509_CRL_free(x);
+	if (in != NULL) BIO_free(in);
+	return(ret);
+	}
+
+#endif /* NO_STDIO */
+
diff --git a/crypto/openssl/crypto/x509/x509.h b/crypto/openssl/crypto/x509/x509.h
new file mode 100644
index 000000000000..35f9484f8b98
--- /dev/null
+++ b/crypto/openssl/crypto/x509/x509.h
@@ -0,0 +1,989 @@
+/* crypto/x509/x509.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_X509_H
+#define HEADER_X509_H
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#ifdef VMS
+#undef X509_REVOKED_get_ext_by_critical
+#define X509_REVOKED_get_ext_by_critical X509_REVOKED_get_ext_by_critic
+#endif
+
+#include 
+#include 
+#include 
+
+#ifndef NO_RSA
+#include 
+#endif
+
+#ifndef NO_DSA
+#include 
+#endif
+
+#ifndef NO_DH
+#include 
+#endif
+
+#include 
+
+
+#ifdef WIN32
+/* Under Win32 this is defined in wincrypt.h */
+#undef X509_NAME
+#endif
+
+#define X509_FILETYPE_PEM	1
+#define X509_FILETYPE_ASN1	2
+#define X509_FILETYPE_DEFAULT	3
+
+#define X509v3_KU_DIGITAL_SIGNATURE	0x0080
+#define X509v3_KU_NON_REPUDIATION	0x0040
+#define X509v3_KU_KEY_ENCIPHERMENT	0x0020
+#define X509v3_KU_DATA_ENCIPHERMENT	0x0010
+#define X509v3_KU_KEY_AGREEMENT		0x0008
+#define X509v3_KU_KEY_CERT_SIGN		0x0004
+#define X509v3_KU_CRL_SIGN		0x0002
+#define X509v3_KU_ENCIPHER_ONLY		0x0001
+#define X509v3_KU_DECIPHER_ONLY		0x8000
+#define X509v3_KU_UNDEF			0xffff
+
+typedef struct X509_objects_st
+	{
+	int nid;
+	int (*a2i)();
+	int (*i2a)();
+	} X509_OBJECTS;
+
+typedef struct X509_algor_st
+	{
+	ASN1_OBJECT *algorithm;
+	ASN1_TYPE *parameter;
+	} X509_ALGOR;
+
+DECLARE_STACK_OF(X509_ALGOR)
+DECLARE_ASN1_SET_OF(X509_ALGOR)
+
+typedef struct X509_val_st
+	{
+	ASN1_UTCTIME *notBefore;
+	ASN1_UTCTIME *notAfter;
+	} X509_VAL;
+
+typedef struct X509_pubkey_st
+	{
+	X509_ALGOR *algor;
+	ASN1_BIT_STRING *public_key;
+	EVP_PKEY *pkey;
+	} X509_PUBKEY;
+
+typedef struct X509_sig_st
+	{
+	X509_ALGOR *algor;
+	ASN1_OCTET_STRING *digest;
+	} X509_SIG;
+
+typedef struct X509_name_entry_st
+	{
+	ASN1_OBJECT *object;
+	ASN1_STRING *value;
+	int set;
+	int size; 	/* temp variable */
+	} X509_NAME_ENTRY;
+
+DECLARE_STACK_OF(X509_NAME_ENTRY)
+DECLARE_ASN1_SET_OF(X509_NAME_ENTRY)
+
+/* we always keep X509_NAMEs in 2 forms. */
+typedef struct X509_name_st
+	{
+	STACK_OF(X509_NAME_ENTRY) *entries;
+	int modified;	/* true if 'bytes' needs to be built */
+#ifdef HEADER_BUFFER_H
+	BUF_MEM *bytes;
+#else
+	char *bytes;
+#endif
+	unsigned long hash; /* Keep the hash around for lookups */
+	} X509_NAME;
+
+DECLARE_STACK_OF(X509_NAME)
+
+#define X509_EX_V_NETSCAPE_HACK		0x8000
+#define X509_EX_V_INIT			0x0001
+typedef struct X509_extension_st
+	{
+	ASN1_OBJECT *object;
+	short critical;
+	short netscape_hack;
+	ASN1_OCTET_STRING *value;
+	long argl;			/* used when decoding */
+	char *argp;			/* used when decoding */
+	void (*ex_free)();		/* clear argp stuff */
+	} X509_EXTENSION;
+
+DECLARE_STACK_OF(X509_EXTENSION)
+DECLARE_ASN1_SET_OF(X509_EXTENSION)
+
+/* a sequence of these are used */
+typedef struct x509_attributes_st
+	{
+	ASN1_OBJECT *object;
+	int set; /* 1 for a set, 0 for a single item (which is wrong) */
+	union	{
+		char		*ptr;
+/* 1 */		STACK_OF(ASN1_TYPE) *set;
+/* 0 */		ASN1_TYPE	*single;
+		} value;
+	} X509_ATTRIBUTE;
+
+DECLARE_STACK_OF(X509_ATTRIBUTE)
+DECLARE_ASN1_SET_OF(X509_ATTRIBUTE)
+
+typedef struct X509_req_info_st
+	{
+	ASN1_INTEGER *version;
+	X509_NAME *subject;
+	X509_PUBKEY *pubkey;
+	/*  d=2 hl=2 l=  0 cons: cont: 00 */
+	STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */
+	int req_kludge;
+	} X509_REQ_INFO;
+
+typedef struct X509_req_st
+	{
+	X509_REQ_INFO *req_info;
+	X509_ALGOR *sig_alg;
+	ASN1_BIT_STRING *signature;
+	int references;
+	} X509_REQ;
+
+typedef struct x509_cinf_st
+	{
+	ASN1_INTEGER *version;		/* [ 0 ] default of v1 */
+	ASN1_INTEGER *serialNumber;
+	X509_ALGOR *signature;
+	X509_NAME *issuer;
+	X509_VAL *validity;
+	X509_NAME *subject;
+	X509_PUBKEY *key;
+	ASN1_BIT_STRING *issuerUID;		/* [ 1 ] optional in v2 */
+	ASN1_BIT_STRING *subjectUID;		/* [ 2 ] optional in v2 */
+	STACK_OF(X509_EXTENSION) *extensions;	/* [ 3 ] optional in v3 */
+	} X509_CINF;
+
+typedef struct x509_st
+	{
+	X509_CINF *cert_info;
+	X509_ALGOR *sig_alg;
+	ASN1_BIT_STRING *signature;
+	int valid;
+	int references;
+	char *name;
+	} X509;
+
+DECLARE_STACK_OF(X509)
+DECLARE_ASN1_SET_OF(X509)
+
+typedef struct X509_revoked_st
+	{
+	ASN1_INTEGER *serialNumber;
+	ASN1_UTCTIME *revocationDate;
+	STACK_OF(X509_EXTENSION) /* optional */ *extensions;
+	int sequence; /* load sequence */
+	} X509_REVOKED;
+
+DECLARE_STACK_OF(X509_REVOKED)
+DECLARE_ASN1_SET_OF(X509_REVOKED)
+
+typedef struct X509_crl_info_st
+	{
+	ASN1_INTEGER *version;
+	X509_ALGOR *sig_alg;
+	X509_NAME *issuer;
+	ASN1_UTCTIME *lastUpdate;
+	ASN1_UTCTIME *nextUpdate;
+	STACK_OF(X509_REVOKED) *revoked;
+	STACK_OF(X509_EXTENSION) /* [0] */ *extensions;
+	} X509_CRL_INFO;
+
+typedef struct X509_crl_st
+	{
+	/* actual signature */
+	X509_CRL_INFO *crl;
+	X509_ALGOR *sig_alg;
+	ASN1_BIT_STRING *signature;
+	int references;
+	} X509_CRL;
+
+DECLARE_STACK_OF(X509_CRL)
+DECLARE_ASN1_SET_OF(X509_CRL)
+
+typedef struct private_key_st
+	{
+	int version;
+	/* The PKCS#8 data types */
+	X509_ALGOR *enc_algor;
+	ASN1_OCTET_STRING *enc_pkey;	/* encrypted pub key */
+
+	/* When decrypted, the following will not be NULL */
+	EVP_PKEY *dec_pkey;
+
+	/* used to encrypt and decrypt */
+	int key_length;
+	char *key_data;
+	int key_free;	/* true if we should auto free key_data */
+
+	/* expanded version of 'enc_algor' */
+	EVP_CIPHER_INFO cipher;
+
+	int references;
+	} X509_PKEY;
+
+#ifdef HEADER_ENVELOPE_H
+typedef struct X509_info_st
+	{
+	X509 *x509;
+	X509_CRL *crl;
+	X509_PKEY *x_pkey;
+
+	EVP_CIPHER_INFO enc_cipher;
+	int enc_len;
+	char *enc_data;
+
+	int references;
+	} X509_INFO;
+
+DECLARE_STACK_OF(X509_INFO)
+#endif
+
+/* The next 2 structures and their 8 routines were sent to me by
+ * Pat Richard  and are used to manipulate
+ * Netscapes spki strucutres - usefull if you are writing a CA web page
+ */
+typedef struct Netscape_spkac_st
+	{
+	X509_PUBKEY *pubkey;
+	ASN1_IA5STRING *challenge;	/* challenge sent in atlas >= PR2 */
+	} NETSCAPE_SPKAC;
+
+typedef struct Netscape_spki_st
+	{
+	NETSCAPE_SPKAC *spkac;	/* signed public key and challenge */
+	X509_ALGOR *sig_algor;
+	ASN1_BIT_STRING *signature;
+	} NETSCAPE_SPKI;
+
+/* Netscape certificate sequence structure */
+typedef struct Netscape_certificate_sequence
+	{
+	ASN1_OBJECT *type;
+	STACK_OF(X509) *certs;
+	} NETSCAPE_CERT_SEQUENCE;
+
+typedef struct CBCParameter_st
+	{
+	unsigned char iv[8];
+	} CBC_PARAM;
+
+/* Password based encryption structure */
+
+typedef struct PBEPARAM_st {
+ASN1_OCTET_STRING *salt;
+ASN1_INTEGER *iter;
+} PBEPARAM;
+
+/* Password based encryption V2 structures */
+
+typedef struct PBE2PARAM_st {
+X509_ALGOR *keyfunc;
+X509_ALGOR *encryption;
+} PBE2PARAM;
+
+typedef struct PBKDF2PARAM_st {
+ASN1_TYPE *salt;	/* Usually OCTET STRING but could be anything */
+ASN1_INTEGER *iter;
+ASN1_INTEGER *keylength;
+X509_ALGOR *prf;
+} PBKDF2PARAM;
+
+
+/* PKCS#8 private key info structure */
+
+typedef struct pkcs8_priv_key_info_st
+        {
+        int broken;     /* Flag for various broken formats */
+#define PKCS8_OK        0
+#define PKCS8_NO_OCTET  1
+        ASN1_INTEGER *version;
+        X509_ALGOR *pkeyalg;
+        ASN1_TYPE *pkey; /* Should be OCTET STRING but some are broken */
+        STACK_OF(X509_ATTRIBUTE) *attributes;
+        } PKCS8_PRIV_KEY_INFO;
+
+#include 
+#include 
+
+#ifdef SSLEAY_MACROS
+#define X509_verify(a,r) ASN1_verify((int (*)())i2d_X509_CINF,a->sig_alg,\
+	a->signature,(char *)a->cert_info,r)
+#define X509_REQ_verify(a,r) ASN1_verify((int (*)())i2d_X509_REQ_INFO, \
+	a->sig_alg,a->signature,(char *)a->req_info,r)
+#define X509_CRL_verify(a,r) ASN1_verify((int (*)())i2d_X509_CRL_INFO, \
+	a->sig_alg, a->signature,(char *)a->crl,r)
+
+#define X509_sign(x,pkey,md) \
+	ASN1_sign((int (*)())i2d_X509_CINF, x->cert_info->signature, \
+		x->sig_alg, x->signature, (char *)x->cert_info,pkey,md)
+#define X509_REQ_sign(x,pkey,md) \
+	ASN1_sign((int (*)())i2d_X509_REQ_INFO,x->sig_alg, NULL, \
+		x->signature, (char *)x->req_info,pkey,md)
+#define X509_CRL_sign(x,pkey,md) \
+	ASN1_sign((int (*)())i2d_X509_CRL_INFO,x->crl->sig_alg,x->sig_alg, \
+		x->signature, (char *)x->crl,pkey,md)
+#define NETSCAPE_SPKI_sign(x,pkey,md) \
+	ASN1_sign((int (*)())i2d_NETSCAPE_SPKAC, x->sig_algor,NULL, \
+		x->signature, (char *)x->spkac,pkey,md)
+
+#define X509_dup(x509) (X509 *)ASN1_dup((int (*)())i2d_X509, \
+		(char *(*)())d2i_X509,(char *)x509)
+#define X509_ATTRIBUTE_dup(xa) (X509_ATTRIBUTE *)ASN1_dup(\
+		(int (*)())i2d_X509_ATTRIBUTE, \
+		(char *(*)())d2i_X509_ATTRIBUTE,(char *)xa)
+#define X509_EXTENSION_dup(ex) (X509_EXTENSION *)ASN1_dup( \
+		(int (*)())i2d_X509_EXTENSION, \
+		(char *(*)())d2i_X509_EXTENSION,(char *)ex)
+#define d2i_X509_fp(fp,x509) (X509 *)ASN1_d2i_fp((char *(*)())X509_new, \
+		(char *(*)())d2i_X509, (fp),(unsigned char **)(x509))
+#define i2d_X509_fp(fp,x509) ASN1_i2d_fp(i2d_X509,fp,(unsigned char *)x509)
+#define d2i_X509_bio(bp,x509) (X509 *)ASN1_d2i_bio((char *(*)())X509_new, \
+		(char *(*)())d2i_X509, (bp),(unsigned char **)(x509))
+#define i2d_X509_bio(bp,x509) ASN1_i2d_bio(i2d_X509,bp,(unsigned char *)x509)
+
+#define X509_CRL_dup(crl) (X509_CRL *)ASN1_dup((int (*)())i2d_X509_CRL, \
+		(char *(*)())d2i_X509_CRL,(char *)crl)
+#define d2i_X509_CRL_fp(fp,crl) (X509_CRL *)ASN1_d2i_fp((char *(*)()) \
+		X509_CRL_new,(char *(*)())d2i_X509_CRL, (fp),\
+		(unsigned char **)(crl))
+#define i2d_X509_CRL_fp(fp,crl) ASN1_i2d_fp(i2d_X509_CRL,fp,\
+		(unsigned char *)crl)
+#define d2i_X509_CRL_bio(bp,crl) (X509_CRL *)ASN1_d2i_bio((char *(*)()) \
+		X509_CRL_new,(char *(*)())d2i_X509_CRL, (bp),\
+		(unsigned char **)(crl))
+#define i2d_X509_CRL_bio(bp,crl) ASN1_i2d_bio(i2d_X509_CRL,bp,\
+		(unsigned char *)crl)
+
+#define PKCS7_dup(p7) (PKCS7 *)ASN1_dup((int (*)())i2d_PKCS7, \
+		(char *(*)())d2i_PKCS7,(char *)p7)
+#define d2i_PKCS7_fp(fp,p7) (PKCS7 *)ASN1_d2i_fp((char *(*)()) \
+		PKCS7_new,(char *(*)())d2i_PKCS7, (fp),\
+		(unsigned char **)(p7))
+#define i2d_PKCS7_fp(fp,p7) ASN1_i2d_fp(i2d_PKCS7,fp,\
+		(unsigned char *)p7)
+#define d2i_PKCS7_bio(bp,p7) (PKCS7 *)ASN1_d2i_bio((char *(*)()) \
+		PKCS7_new,(char *(*)())d2i_PKCS7, (bp),\
+		(unsigned char **)(p7))
+#define i2d_PKCS7_bio(bp,p7) ASN1_i2d_bio(i2d_PKCS7,bp,\
+		(unsigned char *)p7)
+
+#define X509_REQ_dup(req) (X509_REQ *)ASN1_dup((int (*)())i2d_X509_REQ, \
+		(char *(*)())d2i_X509_REQ,(char *)req)
+#define d2i_X509_REQ_fp(fp,req) (X509_REQ *)ASN1_d2i_fp((char *(*)())\
+		X509_REQ_new, (char *(*)())d2i_X509_REQ, (fp),\
+		(unsigned char **)(req))
+#define i2d_X509_REQ_fp(fp,req) ASN1_i2d_fp(i2d_X509_REQ,fp,\
+		(unsigned char *)req)
+#define d2i_X509_REQ_bio(bp,req) (X509_REQ *)ASN1_d2i_bio((char *(*)())\
+		X509_REQ_new, (char *(*)())d2i_X509_REQ, (bp),\
+		(unsigned char **)(req))
+#define i2d_X509_REQ_bio(bp,req) ASN1_i2d_bio(i2d_X509_REQ,bp,\
+		(unsigned char *)req)
+
+#define RSAPublicKey_dup(rsa) (RSA *)ASN1_dup((int (*)())i2d_RSAPublicKey, \
+		(char *(*)())d2i_RSAPublicKey,(char *)rsa)
+#define RSAPrivateKey_dup(rsa) (RSA *)ASN1_dup((int (*)())i2d_RSAPrivateKey, \
+		(char *(*)())d2i_RSAPrivateKey,(char *)rsa)
+
+#define d2i_RSAPrivateKey_fp(fp,rsa) (RSA *)ASN1_d2i_fp((char *(*)())\
+		RSA_new,(char *(*)())d2i_RSAPrivateKey, (fp), \
+		(unsigned char **)(rsa))
+#define i2d_RSAPrivateKey_fp(fp,rsa) ASN1_i2d_fp(i2d_RSAPrivateKey,fp, \
+		(unsigned char *)rsa)
+#define d2i_RSAPrivateKey_bio(bp,rsa) (RSA *)ASN1_d2i_bio((char *(*)())\
+		RSA_new,(char *(*)())d2i_RSAPrivateKey, (bp), \
+		(unsigned char **)(rsa))
+#define i2d_RSAPrivateKey_bio(bp,rsa) ASN1_i2d_bio(i2d_RSAPrivateKey,bp, \
+		(unsigned char *)rsa)
+
+#define d2i_RSAPublicKey_fp(fp,rsa) (RSA *)ASN1_d2i_fp((char *(*)())\
+		RSA_new,(char *(*)())d2i_RSAPublicKey, (fp), \
+		(unsigned char **)(rsa))
+#define i2d_RSAPublicKey_fp(fp,rsa) ASN1_i2d_fp(i2d_RSAPublicKey,fp, \
+		(unsigned char *)rsa)
+#define d2i_RSAPublicKey_bio(bp,rsa) (RSA *)ASN1_d2i_bio((char *(*)())\
+		RSA_new,(char *(*)())d2i_RSAPublicKey, (bp), \
+		(unsigned char **)(rsa))
+#define i2d_RSAPublicKey_bio(bp,rsa) ASN1_i2d_bio(i2d_RSAPublicKey,bp, \
+		(unsigned char *)rsa)
+
+#define d2i_DSAPrivateKey_fp(fp,dsa) (DSA *)ASN1_d2i_fp((char *(*)())\
+		DSA_new,(char *(*)())d2i_DSAPrivateKey, (fp), \
+		(unsigned char **)(dsa))
+#define i2d_DSAPrivateKey_fp(fp,dsa) ASN1_i2d_fp(i2d_DSAPrivateKey,fp, \
+		(unsigned char *)dsa)
+#define d2i_DSAPrivateKey_bio(bp,dsa) (DSA *)ASN1_d2i_bio((char *(*)())\
+		DSA_new,(char *(*)())d2i_DSAPrivateKey, (bp), \
+		(unsigned char **)(dsa))
+#define i2d_DSAPrivateKey_bio(bp,dsa) ASN1_i2d_bio(i2d_DSAPrivateKey,bp, \
+		(unsigned char *)dsa)
+
+#define X509_ALGOR_dup(xn) (X509_ALGOR *)ASN1_dup((int (*)())i2d_X509_ALGOR,\
+		(char *(*)())d2i_X509_ALGOR,(char *)xn)
+
+#define X509_NAME_dup(xn) (X509_NAME *)ASN1_dup((int (*)())i2d_X509_NAME, \
+		(char *(*)())d2i_X509_NAME,(char *)xn)
+#define X509_NAME_ENTRY_dup(ne) (X509_NAME_ENTRY *)ASN1_dup( \
+		(int (*)())i2d_X509_NAME_ENTRY, \
+		(char *(*)())d2i_X509_NAME_ENTRY,\
+		(char *)ne)
+
+#define X509_digest(data,type,md,len) \
+	ASN1_digest((int (*)())i2d_X509,type,(char *)data,md,len)
+#define X509_NAME_digest(data,type,md,len) \
+	ASN1_digest((int (*)())i2d_X509_NAME,type,(char *)data,md,len)
+#ifndef PKCS7_ISSUER_AND_SERIAL_digest
+#define PKCS7_ISSUER_AND_SERIAL_digest(data,type,md,len) \
+	ASN1_digest((int (*)())i2d_PKCS7_ISSUER_AND_SERIAL,type,\
+		(char *)data,md,len)
+#endif
+#endif
+
+#define X509_EXT_PACK_UNKNOWN	1
+#define X509_EXT_PACK_STRING	2
+
+#define		X509_get_version(x) ASN1_INTEGER_get((x)->cert_info->version)
+/* #define	X509_get_serialNumber(x) ((x)->cert_info->serialNumber) */
+#define		X509_get_notBefore(x) ((x)->cert_info->validity->notBefore)
+#define		X509_get_notAfter(x) ((x)->cert_info->validity->notAfter)
+#define		X509_extract_key(x)	X509_get_pubkey(x) /*****/
+#define		X509_REQ_get_version(x) ASN1_INTEGER_get((x)->req_info->version)
+#define		X509_REQ_get_subject_name(x) ((x)->req_info->subject)
+#define		X509_REQ_extract_key(a)	X509_REQ_get_pubkey(a)
+#define		X509_name_cmp(a,b)	X509_NAME_cmp((a),(b))
+#define		X509_get_signature_type(x) EVP_PKEY_type(OBJ_obj2nid((x)->sig_alg->algorithm))
+
+#define		X509_CRL_get_version(x) ASN1_INTEGER_get((x)->crl->version)
+#define 	X509_CRL_get_lastUpdate(x) ((x)->crl->lastUpdate)
+#define 	X509_CRL_get_nextUpdate(x) ((x)->crl->nextUpdate)
+#define		X509_CRL_get_issuer(x) ((x)->crl->issuer)
+#define		X509_CRL_get_REVOKED(x) ((x)->crl->revoked)
+
+/* This one is only used so that a binary form can output, as in
+ * i2d_X509_NAME(X509_get_X509_PUBKEY(x),&buf) */
+#define 	X509_get_X509_PUBKEY(x) ((x)->cert_info->key)
+
+
+const char *X509_verify_cert_error_string(long n);
+
+#ifndef SSLEAY_MACROS
+#ifdef HEADER_ENVELOPE_H
+int X509_verify(X509 *a, EVP_PKEY *r);
+
+int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r);
+int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r);
+int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r);
+
+int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md);
+int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md);
+int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md);
+int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md);
+
+int X509_digest(X509 *data,EVP_MD *type,unsigned char *md,unsigned int *len);
+int X509_NAME_digest(X509_NAME *data,EVP_MD *type,
+	unsigned char *md,unsigned int *len);
+#endif
+
+#ifndef NO_FP_API
+X509 *d2i_X509_fp(FILE *fp, X509 **x509);
+int i2d_X509_fp(FILE *fp,X509 *x509);
+X509_CRL *d2i_X509_CRL_fp(FILE *fp,X509_CRL **crl);
+int i2d_X509_CRL_fp(FILE *fp,X509_CRL *crl);
+X509_REQ *d2i_X509_REQ_fp(FILE *fp,X509_REQ **req);
+int i2d_X509_REQ_fp(FILE *fp,X509_REQ *req);
+#ifndef NO_RSA
+RSA *d2i_RSAPrivateKey_fp(FILE *fp,RSA **rsa);
+int i2d_RSAPrivateKey_fp(FILE *fp,RSA *rsa);
+RSA *d2i_RSAPublicKey_fp(FILE *fp,RSA **rsa);
+int i2d_RSAPublicKey_fp(FILE *fp,RSA *rsa);
+#endif
+#ifndef NO_DSA
+DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa);
+int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa);
+X509_SIG *d2i_PKCS8_fp(FILE *fp,X509_SIG **p8);
+int i2d_PKCS8_fp(FILE *fp,X509_SIG *p8);
+PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,
+						PKCS8_PRIV_KEY_INFO **p8inf);
+int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,PKCS8_PRIV_KEY_INFO *p8inf);
+#endif
+#endif
+
+#ifdef HEADER_BIO_H
+X509 *d2i_X509_bio(BIO *bp,X509 **x509);
+int i2d_X509_bio(BIO *bp,X509 *x509);
+X509_CRL *d2i_X509_CRL_bio(BIO *bp,X509_CRL **crl);
+int i2d_X509_CRL_bio(BIO *bp,X509_CRL *crl);
+X509_REQ *d2i_X509_REQ_bio(BIO *bp,X509_REQ **req);
+int i2d_X509_REQ_bio(BIO *bp,X509_REQ *req);
+#ifndef NO_RSA
+RSA *d2i_RSAPrivateKey_bio(BIO *bp,RSA **rsa);
+int i2d_RSAPrivateKey_bio(BIO *bp,RSA *rsa);
+RSA *d2i_RSAPublicKey_bio(BIO *bp,RSA **rsa);
+int i2d_RSAPublicKey_bio(BIO *bp,RSA *rsa);
+#endif
+#ifndef NO_DSA
+DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa);
+int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa);
+#endif
+X509_SIG *d2i_PKCS8_bio(BIO *bp,X509_SIG **p8);
+int i2d_PKCS8_bio(BIO *bp,X509_SIG *p8);
+PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,
+						PKCS8_PRIV_KEY_INFO **p8inf);
+int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,PKCS8_PRIV_KEY_INFO *p8inf);
+#endif
+
+X509 *X509_dup(X509 *x509);
+X509_ATTRIBUTE *X509_ATTRIBUTE_dup(X509_ATTRIBUTE *xa);
+X509_EXTENSION *X509_EXTENSION_dup(X509_EXTENSION *ex);
+X509_CRL *X509_CRL_dup(X509_CRL *crl);
+X509_REQ *X509_REQ_dup(X509_REQ *req);
+X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn);
+X509_NAME *X509_NAME_dup(X509_NAME *xn);
+X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne);
+#ifndef NO_RSA
+RSA *RSAPublicKey_dup(RSA *rsa);
+RSA *RSAPrivateKey_dup(RSA *rsa);
+#endif
+
+#endif /* !SSLEAY_MACROS */
+
+int		X509_cmp_current_time(ASN1_UTCTIME *s);
+ASN1_UTCTIME *	X509_gmtime_adj(ASN1_UTCTIME *s, long adj);
+
+const char *	X509_get_default_cert_area(void );
+const char *	X509_get_default_cert_dir(void );
+const char *	X509_get_default_cert_file(void );
+const char *	X509_get_default_cert_dir_env(void );
+const char *	X509_get_default_cert_file_env(void );
+const char *	X509_get_default_private_dir(void );
+
+X509_REQ *	X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, EVP_MD *md);
+X509 *		X509_REQ_to_X509(X509_REQ *r, int days,EVP_PKEY *pkey);
+void ERR_load_X509_strings(void );
+
+X509_ALGOR *	X509_ALGOR_new(void );
+void		X509_ALGOR_free(X509_ALGOR *a);
+int		i2d_X509_ALGOR(X509_ALGOR *a,unsigned char **pp);
+X509_ALGOR *	d2i_X509_ALGOR(X509_ALGOR **a,unsigned char **pp,
+			long length);
+
+X509_VAL *	X509_VAL_new(void );
+void		X509_VAL_free(X509_VAL *a);
+int		i2d_X509_VAL(X509_VAL *a,unsigned char **pp);
+X509_VAL *	d2i_X509_VAL(X509_VAL **a,unsigned char **pp,
+			long length);
+
+X509_PUBKEY *	X509_PUBKEY_new(void );
+void		X509_PUBKEY_free(X509_PUBKEY *a);
+int		i2d_X509_PUBKEY(X509_PUBKEY *a,unsigned char **pp);
+X509_PUBKEY *	d2i_X509_PUBKEY(X509_PUBKEY **a,unsigned char **pp,
+			long length);
+int		X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey);
+EVP_PKEY *	X509_PUBKEY_get(X509_PUBKEY *key);
+int		X509_get_pubkey_parameters(EVP_PKEY *pkey,
+					   STACK_OF(X509) *chain);
+
+
+X509_SIG *	X509_SIG_new(void );
+void		X509_SIG_free(X509_SIG *a);
+int		i2d_X509_SIG(X509_SIG *a,unsigned char **pp);
+X509_SIG *	d2i_X509_SIG(X509_SIG **a,unsigned char **pp,long length);
+
+X509_REQ_INFO *X509_REQ_INFO_new(void);
+void		X509_REQ_INFO_free(X509_REQ_INFO *a);
+int		i2d_X509_REQ_INFO(X509_REQ_INFO *a,unsigned char **pp);
+X509_REQ_INFO *d2i_X509_REQ_INFO(X509_REQ_INFO **a,unsigned char **pp,
+			long length);
+
+X509_REQ *	X509_REQ_new(void);
+void		X509_REQ_free(X509_REQ *a);
+int		i2d_X509_REQ(X509_REQ *a,unsigned char **pp);
+X509_REQ *	d2i_X509_REQ(X509_REQ **a,unsigned char **pp,long length);
+
+X509_ATTRIBUTE *X509_ATTRIBUTE_new(void );
+void		X509_ATTRIBUTE_free(X509_ATTRIBUTE *a);
+int		i2d_X509_ATTRIBUTE(X509_ATTRIBUTE *a,unsigned char **pp);
+X509_ATTRIBUTE *d2i_X509_ATTRIBUTE(X509_ATTRIBUTE **a,unsigned char **pp,
+			long length);
+X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value);
+
+
+X509_EXTENSION *X509_EXTENSION_new(void );
+void		X509_EXTENSION_free(X509_EXTENSION *a);
+int		i2d_X509_EXTENSION(X509_EXTENSION *a,unsigned char **pp);
+X509_EXTENSION *d2i_X509_EXTENSION(X509_EXTENSION **a,unsigned char **pp,
+			long length);
+
+X509_NAME_ENTRY *X509_NAME_ENTRY_new(void);
+void		X509_NAME_ENTRY_free(X509_NAME_ENTRY *a);
+int		i2d_X509_NAME_ENTRY(X509_NAME_ENTRY *a,unsigned char **pp);
+X509_NAME_ENTRY *d2i_X509_NAME_ENTRY(X509_NAME_ENTRY **a,unsigned char **pp,
+			long length);
+
+X509_NAME *	X509_NAME_new(void);
+void		X509_NAME_free(X509_NAME *a);
+int		i2d_X509_NAME(X509_NAME *a,unsigned char **pp);
+X509_NAME *	d2i_X509_NAME(X509_NAME **a,unsigned char **pp,long length);
+int		X509_NAME_set(X509_NAME **xn, X509_NAME *name);
+
+
+X509_CINF *	X509_CINF_new(void);
+void		X509_CINF_free(X509_CINF *a);
+int		i2d_X509_CINF(X509_CINF *a,unsigned char **pp);
+X509_CINF *	d2i_X509_CINF(X509_CINF **a,unsigned char **pp,long length);
+
+X509 *		X509_new(void);
+void		X509_free(X509 *a);
+int		i2d_X509(X509 *a,unsigned char **pp);
+X509 *		d2i_X509(X509 **a,unsigned char **pp,long length);
+
+X509_REVOKED *	X509_REVOKED_new(void);
+void		X509_REVOKED_free(X509_REVOKED *a);
+int		i2d_X509_REVOKED(X509_REVOKED *a,unsigned char **pp);
+X509_REVOKED *	d2i_X509_REVOKED(X509_REVOKED **a,unsigned char **pp,long length);
+
+X509_CRL_INFO *X509_CRL_INFO_new(void);
+void		X509_CRL_INFO_free(X509_CRL_INFO *a);
+int		i2d_X509_CRL_INFO(X509_CRL_INFO *a,unsigned char **pp);
+X509_CRL_INFO *d2i_X509_CRL_INFO(X509_CRL_INFO **a,unsigned char **pp,
+			long length);
+
+X509_CRL *	X509_CRL_new(void);
+void		X509_CRL_free(X509_CRL *a);
+int		i2d_X509_CRL(X509_CRL *a,unsigned char **pp);
+X509_CRL *	d2i_X509_CRL(X509_CRL **a,unsigned char **pp,long length);
+
+X509_PKEY *	X509_PKEY_new(void );
+void		X509_PKEY_free(X509_PKEY *a);
+int		i2d_X509_PKEY(X509_PKEY *a,unsigned char **pp);
+X509_PKEY *	d2i_X509_PKEY(X509_PKEY **a,unsigned char **pp,long length);
+
+NETSCAPE_SPKI *	NETSCAPE_SPKI_new(void );
+void		NETSCAPE_SPKI_free(NETSCAPE_SPKI *a);
+int		i2d_NETSCAPE_SPKI(NETSCAPE_SPKI *a,unsigned char **pp);
+NETSCAPE_SPKI *	d2i_NETSCAPE_SPKI(NETSCAPE_SPKI **a,unsigned char **pp,
+			long length);
+
+NETSCAPE_SPKAC *NETSCAPE_SPKAC_new(void );
+void		NETSCAPE_SPKAC_free(NETSCAPE_SPKAC *a);
+int		i2d_NETSCAPE_SPKAC(NETSCAPE_SPKAC *a,unsigned char **pp);
+NETSCAPE_SPKAC *d2i_NETSCAPE_SPKAC(NETSCAPE_SPKAC **a,unsigned char **pp,
+		long length);
+
+
+int i2d_NETSCAPE_CERT_SEQUENCE(NETSCAPE_CERT_SEQUENCE *a, unsigned char **pp);
+NETSCAPE_CERT_SEQUENCE *NETSCAPE_CERT_SEQUENCE_new(void);
+NETSCAPE_CERT_SEQUENCE *d2i_NETSCAPE_CERT_SEQUENCE(NETSCAPE_CERT_SEQUENCE **a, unsigned char **pp, long length);
+void NETSCAPE_CERT_SEQUENCE_free(NETSCAPE_CERT_SEQUENCE *a);
+
+#ifdef HEADER_ENVELOPE_H
+X509_INFO *	X509_INFO_new(void);
+void		X509_INFO_free(X509_INFO *a);
+char *		X509_NAME_oneline(X509_NAME *a,char *buf,int size);
+
+int ASN1_verify(int (*i2d)(), X509_ALGOR *algor1,
+	ASN1_BIT_STRING *signature,char *data,EVP_PKEY *pkey);
+
+int ASN1_digest(int (*i2d)(),EVP_MD *type,char *data,
+	unsigned char *md,unsigned int *len);
+
+int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
+	ASN1_BIT_STRING *signature,
+	char *data,EVP_PKEY *pkey, const EVP_MD *type);
+#endif
+
+int 		X509_set_version(X509 *x,long version);
+int 		X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial);
+ASN1_INTEGER *	X509_get_serialNumber(X509 *x);
+int 		X509_set_issuer_name(X509 *x, X509_NAME *name);
+X509_NAME *	X509_get_issuer_name(X509 *a);
+int 		X509_set_subject_name(X509 *x, X509_NAME *name);
+X509_NAME *	X509_get_subject_name(X509 *a);
+int 		X509_set_notBefore(X509 *x, ASN1_UTCTIME *tm);
+int 		X509_set_notAfter(X509 *x, ASN1_UTCTIME *tm);
+int 		X509_set_pubkey(X509 *x, EVP_PKEY *pkey);
+EVP_PKEY *	X509_get_pubkey(X509 *x);
+int		X509_certificate_type(X509 *x,EVP_PKEY *pubkey /* optional */);
+
+int		X509_REQ_set_version(X509_REQ *x,long version);
+int		X509_REQ_set_subject_name(X509_REQ *req,X509_NAME *name);
+int		X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey);
+EVP_PKEY *	X509_REQ_get_pubkey(X509_REQ *req);
+
+int		X509_check_private_key(X509 *x509,EVP_PKEY *pkey);
+
+int		X509_issuer_and_serial_cmp(X509 *a, X509 *b);
+unsigned long	X509_issuer_and_serial_hash(X509 *a);
+
+int		X509_issuer_name_cmp(X509 *a, X509 *b);
+unsigned long	X509_issuer_name_hash(X509 *a);
+
+int		X509_subject_name_cmp(X509 *a,X509 *b);
+unsigned long	X509_subject_name_hash(X509 *x);
+
+int		X509_NAME_cmp (X509_NAME *a, X509_NAME *b);
+unsigned long	X509_NAME_hash(X509_NAME *x);
+
+int		X509_CRL_cmp(X509_CRL *a,X509_CRL *b);
+#ifndef NO_FP_API
+int		X509_print_fp(FILE *bp,X509 *x);
+int		X509_CRL_print_fp(FILE *bp,X509_CRL *x);
+int		X509_REQ_print_fp(FILE *bp,X509_REQ *req);
+#endif
+
+#ifdef HEADER_BIO_H
+int		X509_NAME_print(BIO *bp, X509_NAME *name, int obase);
+int		X509_print(BIO *bp,X509 *x);
+int		X509_CRL_print(BIO *bp,X509_CRL *x);
+int		X509_REQ_print(BIO *bp,X509_REQ *req);
+#endif
+
+int 		X509_NAME_entry_count(X509_NAME *name);
+int 		X509_NAME_get_text_by_NID(X509_NAME *name, int nid,
+			char *buf,int len);
+int		X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj,
+			char *buf,int len);
+
+/* NOTE: you should be passsing -1, not 0 as lastpos.  The functions that use
+ * lastpos, seach after that position on. */
+int 		X509_NAME_get_index_by_NID(X509_NAME *name,int nid,int lastpos);
+int 		X509_NAME_get_index_by_OBJ(X509_NAME *name,ASN1_OBJECT *obj,
+			int lastpos);
+X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc);
+X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc);
+int 		X509_NAME_add_entry(X509_NAME *name,X509_NAME_ENTRY *ne,
+			int loc, int set);
+X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid,
+			int type,unsigned char *bytes, int len);
+X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne,
+			ASN1_OBJECT *obj, int type,unsigned char *bytes,
+			int len);
+int 		X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne,
+			ASN1_OBJECT *obj);
+int 		X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type,
+			unsigned char *bytes, int len);
+ASN1_OBJECT *	X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne);
+ASN1_STRING *	X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne);
+
+int		X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x);
+int		X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x,
+				      int nid, int lastpos);
+int		X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *x,
+				      ASN1_OBJECT *obj,int lastpos);
+int		X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *x,
+					   int crit, int lastpos);
+X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc);
+X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc);
+STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x,
+					 X509_EXTENSION *ex, int loc);
+
+int		X509_get_ext_count(X509 *x);
+int		X509_get_ext_by_NID(X509 *x, int nid, int lastpos);
+int		X509_get_ext_by_OBJ(X509 *x,ASN1_OBJECT *obj,int lastpos);
+int		X509_get_ext_by_critical(X509 *x, int crit, int lastpos);
+X509_EXTENSION *X509_get_ext(X509 *x, int loc);
+X509_EXTENSION *X509_delete_ext(X509 *x, int loc);
+int		X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc);
+
+int		X509_CRL_get_ext_count(X509_CRL *x);
+int		X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos);
+int		X509_CRL_get_ext_by_OBJ(X509_CRL *x,ASN1_OBJECT *obj,int lastpos);
+int		X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos);
+X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc);
+X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc);
+int		X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc);
+
+int		X509_REVOKED_get_ext_count(X509_REVOKED *x);
+int		X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos);
+int		X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x,ASN1_OBJECT *obj,int lastpos);
+int		X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int lastpos);
+X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc);
+X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc);
+int		X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc);
+
+X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex,
+			int nid, int crit, ASN1_OCTET_STRING *data);
+X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex,
+			ASN1_OBJECT *obj,int crit,ASN1_OCTET_STRING *data);
+int		X509_EXTENSION_set_object(X509_EXTENSION *ex,ASN1_OBJECT *obj);
+int		X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit);
+int		X509_EXTENSION_set_data(X509_EXTENSION *ex,
+			ASN1_OCTET_STRING *data);
+ASN1_OBJECT *	X509_EXTENSION_get_object(X509_EXTENSION *ex);
+ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne);
+int		X509_EXTENSION_get_critical(X509_EXTENSION *ex);
+
+int		X509_verify_cert(X509_STORE_CTX *ctx);
+
+/* lookup a cert from a X509 STACK */
+X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk,X509_NAME *name,
+				     ASN1_INTEGER *serial);
+X509 *X509_find_by_subject(STACK_OF(X509) *sk,X509_NAME *name);
+
+int i2d_PBEPARAM(PBEPARAM *a, unsigned char **pp);
+PBEPARAM *PBEPARAM_new(void);
+PBEPARAM *d2i_PBEPARAM(PBEPARAM **a, unsigned char **pp, long length);
+void PBEPARAM_free(PBEPARAM *a);
+X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt, int saltlen);
+X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
+					 unsigned char *salt, int saltlen);
+
+int i2d_PBKDF2PARAM(PBKDF2PARAM *a, unsigned char **pp);
+PBKDF2PARAM *PBKDF2PARAM_new(void);
+PBKDF2PARAM *d2i_PBKDF2PARAM(PBKDF2PARAM **a, unsigned char **pp, long length);
+void PBKDF2PARAM_free(PBKDF2PARAM *a);
+
+int i2d_PBE2PARAM(PBE2PARAM *a, unsigned char **pp);
+PBE2PARAM *PBE2PARAM_new(void);
+PBE2PARAM *d2i_PBE2PARAM(PBE2PARAM **a, unsigned char **pp, long length);
+void PBE2PARAM_free(PBE2PARAM *a);
+
+/* PKCS#8 utilities */
+
+int i2d_PKCS8_PRIV_KEY_INFO(PKCS8_PRIV_KEY_INFO *a, unsigned char **pp);
+PKCS8_PRIV_KEY_INFO *PKCS8_PRIV_KEY_INFO_new(void);
+PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO(PKCS8_PRIV_KEY_INFO **a,
+					 unsigned char **pp, long length);
+void PKCS8_PRIV_KEY_INFO_free(PKCS8_PRIV_KEY_INFO *a);
+
+EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8);
+PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey);
+PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken);
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+
+/* Error codes for the X509 functions. */
+
+/* Function codes. */
+#define X509_F_ADD_CERT_DIR				 100
+#define X509_F_BY_FILE_CTRL				 101
+#define X509_F_DIR_CTRL					 102
+#define X509_F_GET_CERT_BY_SUBJECT			 103
+#define X509_F_X509V3_ADD_EXT				 104
+#define X509_F_X509_CHECK_PRIVATE_KEY			 128
+#define X509_F_X509_EXTENSION_CREATE_BY_NID		 108
+#define X509_F_X509_EXTENSION_CREATE_BY_OBJ		 109
+#define X509_F_X509_GET_PUBKEY_PARAMETERS		 110
+#define X509_F_X509_LOAD_CERT_FILE			 111
+#define X509_F_X509_LOAD_CRL_FILE			 112
+#define X509_F_X509_NAME_ADD_ENTRY			 113
+#define X509_F_X509_NAME_ENTRY_CREATE_BY_NID		 114
+#define X509_F_X509_NAME_ENTRY_SET_OBJECT		 115
+#define X509_F_X509_NAME_ONELINE			 116
+#define X509_F_X509_NAME_PRINT				 117
+#define X509_F_X509_PRINT_FP				 118
+#define X509_F_X509_PUBKEY_GET				 119
+#define X509_F_X509_PUBKEY_SET				 120
+#define X509_F_X509_REQ_PRINT				 121
+#define X509_F_X509_REQ_PRINT_FP			 122
+#define X509_F_X509_REQ_TO_X509				 123
+#define X509_F_X509_STORE_ADD_CERT			 124
+#define X509_F_X509_STORE_ADD_CRL			 125
+#define X509_F_X509_TO_X509_REQ				 126
+#define X509_F_X509_VERIFY_CERT				 127
+
+/* Reason codes. */
+#define X509_R_BAD_X509_FILETYPE			 100
+#define X509_R_CANT_CHECK_DH_KEY			 114
+#define X509_R_CERT_ALREADY_IN_HASH_TABLE		 101
+#define X509_R_ERR_ASN1_LIB				 102
+#define X509_R_INVALID_DIRECTORY			 113
+#define X509_R_KEY_TYPE_MISMATCH			 115
+#define X509_R_KEY_VALUES_MISMATCH			 116
+#define X509_R_LOADING_CERT_DIR				 103
+#define X509_R_LOADING_DEFAULTS				 104
+#define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY		 105
+#define X509_R_SHOULD_RETRY				 106
+#define X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN	 107
+#define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY		 108
+#define X509_R_UNKNOWN_KEY_TYPE				 117
+#define X509_R_UNKNOWN_NID				 109
+#define X509_R_UNSUPPORTED_ALGORITHM			 111
+#define X509_R_WRONG_LOOKUP_TYPE			 112
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
+
diff --git a/crypto/openssl/crypto/x509/x509_cmp.c b/crypto/openssl/crypto/x509/x509_cmp.c
new file mode 100644
index 000000000000..9a93bae3ff3e
--- /dev/null
+++ b/crypto/openssl/crypto/x509/x509_cmp.c
@@ -0,0 +1,293 @@
+/* crypto/x509/x509_cmp.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+
+int X509_issuer_and_serial_cmp(X509 *a, X509 *b)
+	{
+	int i;
+	X509_CINF *ai,*bi;
+
+	ai=a->cert_info;
+	bi=b->cert_info;
+	i=ASN1_INTEGER_cmp(ai->serialNumber,bi->serialNumber);
+	if (i) return(i);
+	return(X509_NAME_cmp(ai->issuer,bi->issuer));
+	}
+
+#ifndef NO_MD5
+unsigned long X509_issuer_and_serial_hash(X509 *a)
+	{
+	unsigned long ret=0;
+	MD5_CTX ctx;
+	unsigned char md[16];
+	char str[256];
+
+	X509_NAME_oneline(a->cert_info->issuer,str,256);
+	ret=strlen(str);
+	MD5_Init(&ctx);
+	MD5_Update(&ctx,(unsigned char *)str,ret);
+	MD5_Update(&ctx,(unsigned char *)a->cert_info->serialNumber->data,
+		(unsigned long)a->cert_info->serialNumber->length);
+	MD5_Final(&(md[0]),&ctx);
+	ret=(	((unsigned long)md[0]     )|((unsigned long)md[1]<<8L)|
+		((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
+		)&0xffffffffL;
+	return(ret);
+	}
+#endif
+	
+int X509_issuer_name_cmp(X509 *a, X509 *b)
+	{
+	return(X509_NAME_cmp(a->cert_info->issuer,b->cert_info->issuer));
+	}
+
+int X509_subject_name_cmp(X509 *a, X509 *b)
+	{
+	return(X509_NAME_cmp(a->cert_info->subject,b->cert_info->subject));
+	}
+
+int X509_CRL_cmp(X509_CRL *a, X509_CRL *b)
+	{
+	return(X509_NAME_cmp(a->crl->issuer,b->crl->issuer));
+	}
+
+X509_NAME *X509_get_issuer_name(X509 *a)
+	{
+	return(a->cert_info->issuer);
+	}
+
+unsigned long X509_issuer_name_hash(X509 *x)
+	{
+	return(X509_NAME_hash(x->cert_info->issuer));
+	}
+
+X509_NAME *X509_get_subject_name(X509 *a)
+	{
+	return(a->cert_info->subject);
+	}
+
+ASN1_INTEGER *X509_get_serialNumber(X509 *a)
+	{
+	return(a->cert_info->serialNumber);
+	}
+
+unsigned long X509_subject_name_hash(X509 *x)
+	{
+	return(X509_NAME_hash(x->cert_info->subject));
+	}
+
+int X509_NAME_cmp(X509_NAME *a, X509_NAME *b)
+	{
+	int i,j;
+	X509_NAME_ENTRY *na,*nb;
+
+	if (sk_X509_NAME_ENTRY_num(a->entries)
+	    != sk_X509_NAME_ENTRY_num(b->entries))
+		return sk_X509_NAME_ENTRY_num(a->entries)
+		  -sk_X509_NAME_ENTRY_num(b->entries);
+	for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--)
+		{
+		na=sk_X509_NAME_ENTRY_value(a->entries,i);
+		nb=sk_X509_NAME_ENTRY_value(b->entries,i);
+		j=na->value->length-nb->value->length;
+		if (j) return(j);
+		j=memcmp(na->value->data,nb->value->data,
+			na->value->length);
+		if (j) return(j);
+		j=na->set-nb->set;
+		if (j) return(j);
+		}
+
+	/* We will check the object types after checking the values
+	 * since the values will more often be different than the object
+	 * types. */
+	for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--)
+		{
+		na=sk_X509_NAME_ENTRY_value(a->entries,i);
+		nb=sk_X509_NAME_ENTRY_value(b->entries,i);
+		j=OBJ_cmp(na->object,nb->object);
+		if (j) return(j);
+		}
+	return(0);
+	}
+
+#ifndef NO_MD5
+/* I now DER encode the name and hash it.  Since I cache the DER encoding,
+ * this is reasonably effiecent. */
+unsigned long X509_NAME_hash(X509_NAME *x)
+	{
+	unsigned long ret=0;
+	unsigned char md[16];
+	unsigned char str[256],*p,*pp;
+	int i;
+
+	i=i2d_X509_NAME(x,NULL);
+	if (i > sizeof(str))
+		p=Malloc(i);
+	else
+		p=str;
+
+	pp=p;
+	i2d_X509_NAME(x,&pp);
+	MD5((unsigned char *)p,i,&(md[0]));
+	if (p != str) Free(p);
+
+	ret=(	((unsigned long)md[0]     )|((unsigned long)md[1]<<8L)|
+		((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
+		)&0xffffffffL;
+	return(ret);
+	}
+#endif
+
+/* Search a stack of X509 for a match */
+X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, X509_NAME *name,
+		ASN1_INTEGER *serial)
+	{
+	int i;
+	X509_CINF cinf;
+	X509 x,*x509=NULL;
+
+	x.cert_info= &cinf;
+	cinf.serialNumber=serial;
+	cinf.issuer=name;
+
+	for (i=0; icert_info == NULL))
+		return(NULL);
+	return(X509_PUBKEY_get(x->cert_info->key));
+	}
+
+int X509_check_private_key(X509 *x, EVP_PKEY *k)
+	{
+	EVP_PKEY *xk=NULL;
+	int ok=0;
+
+	xk=X509_get_pubkey(x);
+	if (xk->type != k->type)
+	    {
+	    X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_TYPE_MISMATCH);
+	    goto err;
+	    }
+	switch (k->type)
+		{
+#ifndef NO_RSA
+	case EVP_PKEY_RSA:
+		if (BN_cmp(xk->pkey.rsa->n,k->pkey.rsa->n) != 0
+		    || BN_cmp(xk->pkey.rsa->e,k->pkey.rsa->e) != 0)
+		    {
+		    X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH);
+		    goto err;
+		    }
+		break;
+#endif
+#ifndef NO_DSA
+	case EVP_PKEY_DSA:
+		if (BN_cmp(xk->pkey.dsa->pub_key,k->pkey.dsa->pub_key) != 0)
+		    {
+		    X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH);
+		    goto err;
+		    }
+		break;
+#endif
+#ifndef NO_DH
+	case EVP_PKEY_DH:
+		/* No idea */
+	        X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_CANT_CHECK_DH_KEY);
+		goto err;
+#endif
+	default:
+	        X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_UNKNOWN_KEY_TYPE);
+		goto err;
+		}
+
+	ok=1;
+err:
+	EVP_PKEY_free(xk);
+	return(ok);
+	}
diff --git a/crypto/openssl/crypto/x509/x509_d2.c b/crypto/openssl/crypto/x509/x509_d2.c
new file mode 100644
index 000000000000..3e7ec5b43264
--- /dev/null
+++ b/crypto/openssl/crypto/x509/x509_d2.c
@@ -0,0 +1,107 @@
+/* crypto/x509/x509_d2.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+
+#ifndef NO_STDIO
+int X509_STORE_set_default_paths(X509_STORE *ctx)
+	{
+	X509_LOOKUP *lookup;
+
+	lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_file());
+	if (lookup == NULL) return(0);
+	X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT);
+
+	lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_hash_dir());
+	if (lookup == NULL) return(0);
+	X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
+	
+	/* clear any errors */
+	ERR_clear_error();
+
+	return(1);
+	}
+
+int X509_STORE_load_locations(X509_STORE *ctx, const char *file,
+		const char *path)
+	{
+	X509_LOOKUP *lookup;
+
+	if (file != NULL)
+		{
+		lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_file());
+		if (lookup == NULL) return(0);
+		X509_LOOKUP_load_file(lookup,file,X509_FILETYPE_PEM);
+		}
+	if (path != NULL)
+		{
+		lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_hash_dir());
+		if (lookup == NULL) return(0);
+		X509_LOOKUP_add_dir(lookup,path,X509_FILETYPE_PEM);
+		}
+	if ((path == NULL) && (file == NULL))
+		return(0);
+	return(1);
+	}
+
+#endif
diff --git a/crypto/openssl/crypto/x509/x509_def.c b/crypto/openssl/crypto/x509/x509_def.c
new file mode 100644
index 000000000000..c4bee715698e
--- /dev/null
+++ b/crypto/openssl/crypto/x509/x509_def.c
@@ -0,0 +1,83 @@
+/* crypto/x509/x509_def.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+
+const char *X509_get_default_private_dir(void)
+	{ return(X509_PRIVATE_DIR); }
+	
+const char *X509_get_default_cert_area(void)
+	{ return(X509_CERT_AREA); }
+
+const char *X509_get_default_cert_dir(void)
+	{ return(X509_CERT_DIR); }
+
+const char *X509_get_default_cert_file(void)
+	{ return(X509_CERT_FILE); }
+
+const char *X509_get_default_cert_dir_env(void)
+	{ return(X509_CERT_DIR_EVP); }
+
+const char *X509_get_default_cert_file_env(void)
+	{ return(X509_CERT_FILE_EVP); }
+
diff --git a/crypto/openssl/crypto/x509/x509_err.c b/crypto/openssl/crypto/x509/x509_err.c
new file mode 100644
index 000000000000..9afd4ccde5fd
--- /dev/null
+++ b/crypto/openssl/crypto/x509/x509_err.c
@@ -0,0 +1,134 @@
+/* crypto/x509/x509_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file.
+ */
+
+#include 
+#include 
+#include 
+
+/* BEGIN ERROR CODES */
+#ifndef NO_ERR
+static ERR_STRING_DATA X509_str_functs[]=
+	{
+{ERR_PACK(0,X509_F_ADD_CERT_DIR,0),	"ADD_CERT_DIR"},
+{ERR_PACK(0,X509_F_BY_FILE_CTRL,0),	"BY_FILE_CTRL"},
+{ERR_PACK(0,X509_F_DIR_CTRL,0),	"DIR_CTRL"},
+{ERR_PACK(0,X509_F_GET_CERT_BY_SUBJECT,0),	"GET_CERT_BY_SUBJECT"},
+{ERR_PACK(0,X509_F_X509V3_ADD_EXT,0),	"X509v3_add_ext"},
+{ERR_PACK(0,X509_F_X509_CHECK_PRIVATE_KEY,0),	"X509_check_private_key"},
+{ERR_PACK(0,X509_F_X509_EXTENSION_CREATE_BY_NID,0),	"X509_EXTENSION_create_by_NID"},
+{ERR_PACK(0,X509_F_X509_EXTENSION_CREATE_BY_OBJ,0),	"X509_EXTENSION_create_by_OBJ"},
+{ERR_PACK(0,X509_F_X509_GET_PUBKEY_PARAMETERS,0),	"X509_get_pubkey_parameters"},
+{ERR_PACK(0,X509_F_X509_LOAD_CERT_FILE,0),	"X509_load_cert_file"},
+{ERR_PACK(0,X509_F_X509_LOAD_CRL_FILE,0),	"X509_load_crl_file"},
+{ERR_PACK(0,X509_F_X509_NAME_ADD_ENTRY,0),	"X509_NAME_add_entry"},
+{ERR_PACK(0,X509_F_X509_NAME_ENTRY_CREATE_BY_NID,0),	"X509_NAME_ENTRY_create_by_NID"},
+{ERR_PACK(0,X509_F_X509_NAME_ENTRY_SET_OBJECT,0),	"X509_NAME_ENTRY_set_object"},
+{ERR_PACK(0,X509_F_X509_NAME_ONELINE,0),	"X509_NAME_oneline"},
+{ERR_PACK(0,X509_F_X509_NAME_PRINT,0),	"X509_NAME_print"},
+{ERR_PACK(0,X509_F_X509_PRINT_FP,0),	"X509_print_fp"},
+{ERR_PACK(0,X509_F_X509_PUBKEY_GET,0),	"X509_PUBKEY_get"},
+{ERR_PACK(0,X509_F_X509_PUBKEY_SET,0),	"X509_PUBKEY_set"},
+{ERR_PACK(0,X509_F_X509_REQ_PRINT,0),	"X509_REQ_print"},
+{ERR_PACK(0,X509_F_X509_REQ_PRINT_FP,0),	"X509_REQ_print_fp"},
+{ERR_PACK(0,X509_F_X509_REQ_TO_X509,0),	"X509_REQ_to_X509"},
+{ERR_PACK(0,X509_F_X509_STORE_ADD_CERT,0),	"X509_STORE_add_cert"},
+{ERR_PACK(0,X509_F_X509_STORE_ADD_CRL,0),	"X509_STORE_add_crl"},
+{ERR_PACK(0,X509_F_X509_TO_X509_REQ,0),	"X509_to_X509_REQ"},
+{ERR_PACK(0,X509_F_X509_VERIFY_CERT,0),	"X509_verify_cert"},
+{0,NULL}
+	};
+
+static ERR_STRING_DATA X509_str_reasons[]=
+	{
+{X509_R_BAD_X509_FILETYPE                ,"bad x509 filetype"},
+{X509_R_CANT_CHECK_DH_KEY                ,"cant check dh key"},
+{X509_R_CERT_ALREADY_IN_HASH_TABLE       ,"cert already in hash table"},
+{X509_R_ERR_ASN1_LIB                     ,"err asn1 lib"},
+{X509_R_INVALID_DIRECTORY                ,"invalid directory"},
+{X509_R_KEY_TYPE_MISMATCH                ,"key type mismatch"},
+{X509_R_KEY_VALUES_MISMATCH              ,"key values mismatch"},
+{X509_R_LOADING_CERT_DIR                 ,"loading cert dir"},
+{X509_R_LOADING_DEFAULTS                 ,"loading defaults"},
+{X509_R_NO_CERT_SET_FOR_US_TO_VERIFY     ,"no cert set for us to verify"},
+{X509_R_SHOULD_RETRY                     ,"should retry"},
+{X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN,"unable to find parameters in chain"},
+{X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY   ,"unable to get certs public key"},
+{X509_R_UNKNOWN_KEY_TYPE                 ,"unknown key type"},
+{X509_R_UNKNOWN_NID                      ,"unknown nid"},
+{X509_R_UNSUPPORTED_ALGORITHM            ,"unsupported algorithm"},
+{X509_R_WRONG_LOOKUP_TYPE                ,"wrong lookup type"},
+{0,NULL}
+	};
+
+#endif
+
+void ERR_load_X509_strings(void)
+	{
+	static int init=1;
+
+	if (init)
+		{
+		init=0;
+#ifndef NO_ERR
+		ERR_load_strings(ERR_LIB_X509,X509_str_functs);
+		ERR_load_strings(ERR_LIB_X509,X509_str_reasons);
+#endif
+
+		}
+	}
diff --git a/crypto/openssl/crypto/x509/x509_ext.c b/crypto/openssl/crypto/x509/x509_ext.c
new file mode 100644
index 000000000000..f8565a60b201
--- /dev/null
+++ b/crypto/openssl/crypto/x509/x509_ext.c
@@ -0,0 +1,174 @@
+/* crypto/x509/x509_ext.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+#include 
+
+int X509_CRL_get_ext_count(X509_CRL *x)
+	{
+	return(X509v3_get_ext_count(x->crl->extensions));
+	}
+
+int X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos)
+	{
+	return(X509v3_get_ext_by_NID(x->crl->extensions,nid,lastpos));
+	}
+
+int X509_CRL_get_ext_by_OBJ(X509_CRL *x, ASN1_OBJECT *obj, int lastpos)
+	{
+	return(X509v3_get_ext_by_OBJ(x->crl->extensions,obj,lastpos));
+	}
+
+int X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos)
+	{
+	return(X509v3_get_ext_by_critical(x->crl->extensions,crit,lastpos));
+	}
+
+X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc)
+	{
+	return(X509v3_get_ext(x->crl->extensions,loc));
+	}
+
+X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc)
+	{
+	return(X509v3_delete_ext(x->crl->extensions,loc));
+	}
+
+int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc)
+	{
+	return(X509v3_add_ext(&(x->crl->extensions),ex,loc) != NULL);
+	}
+
+int X509_get_ext_count(X509 *x)
+	{
+	return(X509v3_get_ext_count(x->cert_info->extensions));
+	}
+
+int X509_get_ext_by_NID(X509 *x, int nid, int lastpos)
+	{
+	return(X509v3_get_ext_by_NID(x->cert_info->extensions,nid,lastpos));
+	}
+
+int X509_get_ext_by_OBJ(X509 *x, ASN1_OBJECT *obj, int lastpos)
+	{
+	return(X509v3_get_ext_by_OBJ(x->cert_info->extensions,obj,lastpos));
+	}
+
+int X509_get_ext_by_critical(X509 *x, int crit, int lastpos)
+	{
+	return(X509v3_get_ext_by_critical(x->cert_info->extensions,crit,lastpos));
+	}
+
+X509_EXTENSION *X509_get_ext(X509 *x, int loc)
+	{
+	return(X509v3_get_ext(x->cert_info->extensions,loc));
+	}
+
+X509_EXTENSION *X509_delete_ext(X509 *x, int loc)
+	{
+	return(X509v3_delete_ext(x->cert_info->extensions,loc));
+	}
+
+int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc)
+	{
+	return(X509v3_add_ext(&(x->cert_info->extensions),ex,loc) != NULL);
+	}
+
+int X509_REVOKED_get_ext_count(X509_REVOKED *x)
+	{
+	return(X509v3_get_ext_count(x->extensions));
+	}
+
+int X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos)
+	{
+	return(X509v3_get_ext_by_NID(x->extensions,nid,lastpos));
+	}
+
+int X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x, ASN1_OBJECT *obj,
+	     int lastpos)
+	{
+	return(X509v3_get_ext_by_OBJ(x->extensions,obj,lastpos));
+	}
+
+int X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int lastpos)
+	{
+	return(X509v3_get_ext_by_critical(x->extensions,crit,lastpos));
+	}
+
+X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc)
+	{
+	return(X509v3_get_ext(x->extensions,loc));
+	}
+
+X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc)
+	{
+	return(X509v3_delete_ext(x->extensions,loc));
+	}
+
+int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc)
+	{
+	return(X509v3_add_ext(&(x->extensions),ex,loc) != NULL);
+	}
+
+IMPLEMENT_STACK_OF(X509_EXTENSION)
+IMPLEMENT_ASN1_SET_OF(X509_EXTENSION)
diff --git a/crypto/openssl/crypto/x509/x509_lu.c b/crypto/openssl/crypto/x509/x509_lu.c
new file mode 100644
index 000000000000..18bfecb11ed2
--- /dev/null
+++ b/crypto/openssl/crypto/x509/x509_lu.c
@@ -0,0 +1,411 @@
+/* crypto/x509/x509_lu.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+
+static STACK *x509_store_meth=NULL;
+static STACK *x509_store_ctx_meth=NULL;
+
+X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method)
+	{
+	X509_LOOKUP *ret;
+
+	ret=(X509_LOOKUP *)Malloc(sizeof(X509_LOOKUP));
+	if (ret == NULL) return(NULL);
+
+	ret->init=0;
+	ret->skip=0;
+	ret->method=method;
+	ret->method_data=NULL;
+	ret->store_ctx=NULL;
+	if ((method->new_item != NULL) && !method->new_item(ret))
+		{
+		Free(ret);
+		return(NULL);
+		}
+	return(ret);
+	}
+
+void X509_LOOKUP_free(X509_LOOKUP *ctx)
+	{
+	if (ctx == NULL) return;
+	if (	(ctx->method != NULL) &&
+		(ctx->method->free != NULL))
+		ctx->method->free(ctx);
+	Free(ctx);
+	}
+
+int X509_LOOKUP_init(X509_LOOKUP *ctx)
+	{
+	if (ctx->method == NULL) return(0);
+	if (ctx->method->init != NULL)
+		return(ctx->method->init(ctx));
+	else
+		return(1);
+	}
+
+int X509_LOOKUP_shutdown(X509_LOOKUP *ctx)
+	{
+	if (ctx->method == NULL) return(0);
+	if (ctx->method->shutdown != NULL)
+		return(ctx->method->shutdown(ctx));
+	else
+		return(1);
+	}
+
+int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl,
+	     char **ret)
+	{
+	if (ctx->method == NULL) return(-1);
+	if (ctx->method->ctrl != NULL)
+		return(ctx->method->ctrl(ctx,cmd,argc,argl,ret));
+	else
+		return(1);
+	}
+
+int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name,
+	     X509_OBJECT *ret)
+	{
+	if ((ctx->method == NULL) || (ctx->method->get_by_subject == NULL))
+		return(X509_LU_FAIL);
+	if (ctx->skip) return(0);
+	return(ctx->method->get_by_subject(ctx,type,name,ret));
+	}
+
+int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name,
+	     ASN1_INTEGER *serial, X509_OBJECT *ret)
+	{
+	if ((ctx->method == NULL) ||
+		(ctx->method->get_by_issuer_serial == NULL))
+		return(X509_LU_FAIL);
+	return(ctx->method->get_by_issuer_serial(ctx,type,name,serial,ret));
+	}
+
+int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type,
+	     unsigned char *bytes, int len, X509_OBJECT *ret)
+	{
+	if ((ctx->method == NULL) || (ctx->method->get_by_fingerprint == NULL))
+		return(X509_LU_FAIL);
+	return(ctx->method->get_by_fingerprint(ctx,type,bytes,len,ret));
+	}
+
+int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str, int len,
+	     X509_OBJECT *ret)
+	{
+	if ((ctx->method == NULL) || (ctx->method->get_by_alias == NULL))
+		return(X509_LU_FAIL);
+	return(ctx->method->get_by_alias(ctx,type,str,len,ret));
+	}
+
+static unsigned long x509_object_hash(X509_OBJECT *a)
+	{
+	unsigned long h;
+
+	switch (a->type)
+		{
+	case X509_LU_X509:
+		h=X509_NAME_hash(a->data.x509->cert_info->subject);
+		break;
+	case X509_LU_CRL:
+		h=X509_NAME_hash(a->data.crl->crl->issuer);
+		break;
+	default:
+		abort();
+		}
+	return(h);
+	}
+
+static int x509_object_cmp(X509_OBJECT *a, X509_OBJECT *b)
+	{
+	int ret;
+
+	ret=(a->type - b->type);
+	if (ret) return(ret);
+	switch (a->type)
+		{
+	case X509_LU_X509:
+		ret=X509_subject_name_cmp(a->data.x509,b->data.x509);
+		break;
+	case X509_LU_CRL:
+		ret=X509_CRL_cmp(a->data.crl,b->data.crl);
+		break;
+	default:
+		abort();
+		}
+	return(ret);
+	}
+
+X509_STORE *X509_STORE_new(void)
+	{
+	X509_STORE *ret;
+
+	if ((ret=(X509_STORE *)Malloc(sizeof(X509_STORE))) == NULL)
+		return(NULL);
+	ret->certs=lh_new(x509_object_hash,x509_object_cmp);
+	ret->cache=1;
+	ret->get_cert_methods=sk_X509_LOOKUP_new_null();
+	ret->verify=NULL;
+	ret->verify_cb=NULL;
+	memset(&ret->ex_data,0,sizeof(CRYPTO_EX_DATA));
+	ret->references=1;
+	ret->depth=0;
+	return(ret);
+	}
+
+static void cleanup(X509_OBJECT *a)
+	{
+	if (a->type == X509_LU_X509)
+		{
+		X509_free(a->data.x509);
+		}
+	else if (a->type == X509_LU_CRL)
+		{
+		X509_CRL_free(a->data.crl);
+		}
+	else
+		abort();
+
+	Free(a);
+	}
+
+void X509_STORE_free(X509_STORE *vfy)
+	{
+	int i;
+	STACK_OF(X509_LOOKUP) *sk;
+	X509_LOOKUP *lu;
+
+	if(vfy == NULL)
+	    return;
+
+	sk=vfy->get_cert_methods;
+	for (i=0; iex_data);
+	lh_doall(vfy->certs,cleanup);
+	lh_free(vfy->certs);
+	Free(vfy);
+	}
+
+X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m)
+	{
+	int i;
+	STACK_OF(X509_LOOKUP) *sk;
+	X509_LOOKUP *lu;
+
+	sk=v->get_cert_methods;
+	for (i=0; imethod)
+			{
+			return(lu);
+			}
+		}
+	/* a new one */
+	lu=X509_LOOKUP_new(m);
+	if (lu == NULL)
+		return(NULL);
+	else
+		{
+		lu->store_ctx=v;
+		if (sk_X509_LOOKUP_push(v->get_cert_methods,lu))
+			return(lu);
+		else
+			{
+			X509_LOOKUP_free(lu);
+			return(NULL);
+			}
+		}
+	}
+
+int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name,
+	     X509_OBJECT *ret)
+	{
+	X509_STORE *ctx=vs->ctx;
+	X509_LOOKUP *lu;
+	X509_OBJECT stmp,*tmp;
+	int i,j;
+
+	tmp=X509_OBJECT_retrieve_by_subject(ctx->certs,type,name);
+
+	if (tmp == NULL)
+		{
+		for (i=vs->current_method; iget_cert_methods); i++)
+			{
+			lu=sk_X509_LOOKUP_value(ctx->get_cert_methods,i);
+			j=X509_LOOKUP_by_subject(lu,type,name,&stmp);
+			if (j < 0)
+				{
+				vs->current_method=j;
+				return(j);
+				}
+			else if (j)
+				{
+				tmp= &stmp;
+				break;
+				}
+			}
+		vs->current_method=0;
+		if (tmp == NULL)
+			return(0);
+		}
+
+/*	if (ret->data.ptr != NULL)
+		X509_OBJECT_free_contents(ret); */
+
+	ret->type=tmp->type;
+	ret->data.ptr=tmp->data.ptr;
+
+	X509_OBJECT_up_ref_count(ret);
+
+	return(1);
+	}
+
+void X509_OBJECT_up_ref_count(X509_OBJECT *a)
+	{
+	switch (a->type)
+		{
+	case X509_LU_X509:
+		CRYPTO_add(&a->data.x509->references,1,CRYPTO_LOCK_X509);
+		break;
+	case X509_LU_CRL:
+		CRYPTO_add(&a->data.crl->references,1,CRYPTO_LOCK_X509_CRL);
+		break;
+		}
+	}
+
+void X509_OBJECT_free_contents(X509_OBJECT *a)
+	{
+	switch (a->type)
+		{
+	case X509_LU_X509:
+		X509_free(a->data.x509);
+		break;
+	case X509_LU_CRL:
+		X509_CRL_free(a->data.crl);
+		break;
+		}
+	}
+
+X509_OBJECT *X509_OBJECT_retrieve_by_subject(LHASH *h, int type,
+	     X509_NAME *name)
+	{
+	X509_OBJECT stmp,*tmp;
+	X509 x509_s;
+	X509_CINF cinf_s;
+	X509_CRL crl_s;
+	X509_CRL_INFO crl_info_s;
+
+	stmp.type=type;
+	switch (type)
+		{
+	case X509_LU_X509:
+		stmp.data.x509= &x509_s;
+		x509_s.cert_info= &cinf_s;
+		cinf_s.subject=name;
+		break;
+	case X509_LU_CRL:
+		stmp.data.crl= &crl_s;
+		crl_s.crl= &crl_info_s;
+		crl_info_s.issuer=name;
+		break;
+	default:
+		abort();
+		}
+
+	tmp=(X509_OBJECT *)lh_retrieve(h,(char *)&stmp);
+	return(tmp);
+	}
+
+void X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
+	     STACK_OF(X509) *chain)
+	{
+	ctx->ctx=store;
+	ctx->current_method=0;
+	ctx->cert=x509;
+	ctx->untrusted=chain;
+	ctx->last_untrusted=0;
+	ctx->valid=0;
+	ctx->chain=NULL;
+	ctx->depth=9;
+	ctx->error=0;
+	ctx->current_cert=NULL;
+	memset(&(ctx->ex_data),0,sizeof(CRYPTO_EX_DATA));
+	}
+
+void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx)
+	{
+	if (ctx->chain != NULL)
+		{
+		sk_X509_pop_free(ctx->chain,X509_free);
+		ctx->chain=NULL;
+		}
+	CRYPTO_free_ex_data(x509_store_ctx_meth,(char *)ctx,&(ctx->ex_data));
+	memset(&ctx->ex_data,0,sizeof(CRYPTO_EX_DATA));
+	}
+
+IMPLEMENT_STACK_OF(X509_LOOKUP)
diff --git a/crypto/openssl/crypto/x509/x509_obj.c b/crypto/openssl/crypto/x509/x509_obj.c
new file mode 100644
index 000000000000..691b71f03158
--- /dev/null
+++ b/crypto/openssl/crypto/x509/x509_obj.c
@@ -0,0 +1,223 @@
+/* crypto/x509/x509_obj.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+#include 
+
+char *X509_NAME_oneline(X509_NAME *a, char *buf, int len)
+	{
+	X509_NAME_ENTRY *ne;
+int i;
+	int n,lold,l,l1,l2,num,j,type;
+	const char *s;
+	char *p;
+	unsigned char *q;
+	BUF_MEM *b=NULL;
+	static char hex[17]="0123456789ABCDEF";
+	int gs_doit[4];
+	char tmp_buf[80];
+#ifdef CHARSET_EBCDIC
+	char ebcdic_buf[1024];
+#endif
+
+	if (buf == NULL)
+		{
+		if ((b=BUF_MEM_new()) == NULL) goto err;
+		if (!BUF_MEM_grow(b,200)) goto err;
+		b->data[0]='\0';
+		len=200;
+		}
+	if (a == NULL)
+	    {
+	    if(b)
+		{
+		buf=b->data;
+		Free(b);
+		}
+	    strncpy(buf,"NO X509_NAME",len);
+	    return buf;
+	    }
+
+	len--; /* space for '\0' */
+	l=0;
+	for (i=0; ientries); i++)
+		{
+		ne=sk_X509_NAME_ENTRY_value(a->entries,i);
+		n=OBJ_obj2nid(ne->object);
+		if ((n == NID_undef) || ((s=OBJ_nid2sn(n)) == NULL))
+			{
+			i2t_ASN1_OBJECT(tmp_buf,sizeof(tmp_buf),ne->object);
+			s=tmp_buf;
+			}
+		l1=strlen(s);
+
+		type=ne->value->type;
+		num=ne->value->length;
+		q=ne->value->data;
+#ifdef CHARSET_EBCDIC
+                if (type == V_ASN1_GENERALSTRING ||
+		    type == V_ASN1_VISIBLESTRING ||
+		    type == V_ASN1_PRINTABLESTRING ||
+		    type == V_ASN1_TELETEXSTRING ||
+		    type == V_ASN1_VISIBLESTRING ||
+		    type == V_ASN1_IA5STRING) {
+                        ascii2ebcdic(ebcdic_buf, q,
+				     (num > sizeof ebcdic_buf)
+				     ? sizeof ebcdic_buf : num);
+                        q=ebcdic_buf;
+		}
+#endif
+
+		if ((type == V_ASN1_GENERALSTRING) && ((num%4) == 0))
+			{
+			gs_doit[0]=gs_doit[1]=gs_doit[2]=gs_doit[3]=0;
+			for (j=0; j '~')) l2+=3;
+#else
+			if ((os_toascii[q[j]] < os_toascii[' ']) ||
+			    (os_toascii[q[j]] > os_toascii['~'])) l2+=3;
+#endif
+			}
+
+		lold=l;
+		l+=1+l1+1+l2;
+		if (b != NULL)
+			{
+			if (!BUF_MEM_grow(b,l+1)) goto err;
+			p= &(b->data[lold]);
+			}
+		else if (l > len)
+			{
+			break;
+			}
+		else
+			p= &(buf[lold]);
+		*(p++)='/';
+		memcpy(p,s,(unsigned int)l1); p+=l1;
+		*(p++)='=';
+
+#ifndef CHARSET_EBCDIC /* q was assigned above already. */
+		q=ne->value->data;
+#endif
+
+		for (j=0; j '~'))
+				{
+				*(p++)='\\';
+				*(p++)='x';
+				*(p++)=hex[(n>>4)&0x0f];
+				*(p++)=hex[n&0x0f];
+				}
+			else
+				*(p++)=n;
+#else
+			n=os_toascii[q[j]];
+			if ((n < os_toascii[' ']) ||
+			    (n > os_toascii['~']))
+				{
+				*(p++)='\\';
+				*(p++)='x';
+				*(p++)=hex[(n>>4)&0x0f];
+				*(p++)=hex[n&0x0f];
+				}
+			else
+				*(p++)=q[j];
+#endif
+			}
+		*p='\0';
+		}
+	if (b != NULL)
+		{
+		p=b->data;
+		Free(b);
+		}
+	else
+		p=buf;
+	return(p);
+err:
+	X509err(X509_F_X509_NAME_ONELINE,ERR_R_MALLOC_FAILURE);
+	if (b != NULL) BUF_MEM_free(b);
+	return(NULL);
+	}
+
diff --git a/crypto/openssl/crypto/x509/x509_r2x.c b/crypto/openssl/crypto/x509/x509_r2x.c
new file mode 100644
index 000000000000..bb4697ae60d4
--- /dev/null
+++ b/crypto/openssl/crypto/x509/x509_r2x.c
@@ -0,0 +1,110 @@
+/* crypto/x509/x509_r2x.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey)
+	{
+	X509 *ret=NULL;
+	X509_CINF *xi=NULL;
+	X509_NAME *xn;
+
+	if ((ret=X509_new()) == NULL)
+		{
+		X509err(X509_F_X509_REQ_TO_X509,ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+
+	/* duplicate the request */
+	xi=ret->cert_info;
+
+	if (sk_X509_ATTRIBUTE_num(r->req_info->attributes) != 0)
+		{
+		if ((xi->version=ASN1_INTEGER_new()) == NULL) goto err;
+		if (!ASN1_INTEGER_set(xi->version,2)) goto err;
+/*		xi->extensions=ri->attributes; <- bad, should not ever be done
+		ri->attributes=NULL; */
+		}
+
+	xn=X509_REQ_get_subject_name(r);
+	X509_set_subject_name(ret,X509_NAME_dup(xn));
+	X509_set_issuer_name(ret,X509_NAME_dup(xn));
+
+	X509_gmtime_adj(xi->validity->notBefore,0);
+	X509_gmtime_adj(xi->validity->notAfter,(long)60*60*24*days);
+
+	X509_set_pubkey(ret,X509_REQ_get_pubkey(r));
+
+	if (!X509_sign(ret,pkey,EVP_md5()))
+		goto err;
+	if (0)
+		{
+err:
+		X509_free(ret);
+		ret=NULL;
+		}
+	return(ret);
+	}
+
diff --git a/crypto/openssl/crypto/x509/x509_req.c b/crypto/openssl/crypto/x509/x509_req.c
new file mode 100644
index 000000000000..2ef94decd144
--- /dev/null
+++ b/crypto/openssl/crypto/x509/x509_req.c
@@ -0,0 +1,115 @@
+/* crypto/x509/x509_req.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, EVP_MD *md)
+	{
+	X509_REQ *ret;
+	X509_REQ_INFO *ri;
+	int i;
+	EVP_PKEY *pktmp;
+
+	ret=X509_REQ_new();
+	if (ret == NULL)
+		{
+		X509err(X509_F_X509_TO_X509_REQ,ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+
+	ri=ret->req_info;
+
+	ri->version->length=1;
+	ri->version->data=(unsigned char *)Malloc(1);
+	if (ri->version->data == NULL) goto err;
+	ri->version->data[0]=0; /* version == 0 */
+
+	if (!X509_REQ_set_subject_name(ret,X509_get_subject_name(x)))
+		goto err;
+
+	pktmp = X509_get_pubkey(x);
+	i=X509_REQ_set_pubkey(ret,pktmp);
+	EVP_PKEY_free(pktmp);
+	if (!i) goto err;
+
+	if (pkey != NULL)
+		{
+		if (!X509_REQ_sign(ret,pkey,md))
+			goto err;
+		}
+	return(ret);
+err:
+	X509_REQ_free(ret);
+	return(NULL);
+	}
+
+EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req)
+	{
+	if ((req == NULL) || (req->req_info == NULL))
+		return(NULL);
+	return(X509_PUBKEY_get(req->req_info->pubkey));
+	}
+
diff --git a/crypto/openssl/crypto/x509/x509_set.c b/crypto/openssl/crypto/x509/x509_set.c
new file mode 100644
index 000000000000..5a6f7b414f44
--- /dev/null
+++ b/crypto/openssl/crypto/x509/x509_set.c
@@ -0,0 +1,150 @@
+/* crypto/x509/x509_set.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+#include 
+
+int X509_set_version(X509 *x, long version)
+	{
+	if (x == NULL) return(0);
+	if (x->cert_info->version == NULL)
+		{
+		if ((x->cert_info->version=ASN1_INTEGER_new()) == NULL)
+			return(0);
+		}
+	return(ASN1_INTEGER_set(x->cert_info->version,version));
+	}
+
+int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial)
+	{
+	ASN1_INTEGER *in;
+
+	if (x == NULL) return(0);
+	in=x->cert_info->serialNumber;
+	if (in != serial)
+		{
+		in=ASN1_INTEGER_dup(serial);
+		if (in != NULL)
+			{
+			ASN1_INTEGER_free(x->cert_info->serialNumber);
+			x->cert_info->serialNumber=in;
+			}
+		}
+	return(in != NULL);
+	}
+
+int X509_set_issuer_name(X509 *x, X509_NAME *name)
+	{
+	if ((x == NULL) || (x->cert_info == NULL)) return(0);
+	return(X509_NAME_set(&x->cert_info->issuer,name));
+	}
+
+int X509_set_subject_name(X509 *x, X509_NAME *name)
+	{
+	if ((x == NULL) || (x->cert_info == NULL)) return(0);
+	return(X509_NAME_set(&x->cert_info->subject,name));
+	}
+
+int X509_set_notBefore(X509 *x, ASN1_UTCTIME *tm)
+	{
+	ASN1_UTCTIME *in;
+
+	if ((x == NULL) || (x->cert_info->validity == NULL)) return(0);
+	in=x->cert_info->validity->notBefore;
+	if (in != tm)
+		{
+		in=ASN1_UTCTIME_dup(tm);
+		if (in != NULL)
+			{
+			ASN1_UTCTIME_free(x->cert_info->validity->notBefore);
+			x->cert_info->validity->notBefore=in;
+			}
+		}
+	return(in != NULL);
+	}
+
+int X509_set_notAfter(X509 *x, ASN1_UTCTIME *tm)
+	{
+	ASN1_UTCTIME *in;
+
+	if ((x == NULL) || (x->cert_info->validity == NULL)) return(0);
+	in=x->cert_info->validity->notAfter;
+	if (in != tm)
+		{
+		in=ASN1_UTCTIME_dup(tm);
+		if (in != NULL)
+			{
+			ASN1_UTCTIME_free(x->cert_info->validity->notAfter);
+			x->cert_info->validity->notAfter=in;
+			}
+		}
+	return(in != NULL);
+	}
+
+int X509_set_pubkey(X509 *x, EVP_PKEY *pkey)
+	{
+	if ((x == NULL) || (x->cert_info == NULL)) return(0);
+	return(X509_PUBKEY_set(&(x->cert_info->key),pkey));
+	}
+
+
+
diff --git a/crypto/openssl/crypto/x509/x509_txt.c b/crypto/openssl/crypto/x509/x509_txt.c
new file mode 100644
index 000000000000..11a3d2012fb3
--- /dev/null
+++ b/crypto/openssl/crypto/x509/x509_txt.c
@@ -0,0 +1,132 @@
+/* crypto/x509/x509_txt.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+#include 
+
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+const char *X509_verify_cert_error_string(long n)
+	{
+	static char buf[100];
+
+	switch ((int)n)
+		{
+	case X509_V_OK:
+		return("ok");
+	case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
+		return("unable to get issuer certificate");
+	case X509_V_ERR_UNABLE_TO_GET_CRL:
+		return("unable to get certificate CRL");
+	case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
+		return("unable to decrypt certificate's signature");
+	case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
+		return("unable to decrypt CRL's's signature");
+	case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
+		return("unable to decode issuer public key");
+	case X509_V_ERR_CERT_SIGNATURE_FAILURE:
+		return("certificate signature failure");
+	case X509_V_ERR_CRL_SIGNATURE_FAILURE:
+		return("CRL signature failure");
+	case X509_V_ERR_CERT_NOT_YET_VALID:
+		return("certificate is not yet valid");
+	case X509_V_ERR_CRL_NOT_YET_VALID:
+		return("CRL is not yet valid");
+	case X509_V_ERR_CERT_HAS_EXPIRED:
+		return("Certificate has expired");
+	case X509_V_ERR_CRL_HAS_EXPIRED:
+		return("CRL has expired");
+	case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
+		return("format error in certificate's notBefore field");
+	case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
+		return("format error in certificate's notAfter field");
+	case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
+		return("format error in CRL's lastUpdate field");
+	case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
+		return("format error in CRL's nextUpdate field");
+	case X509_V_ERR_OUT_OF_MEM:
+		return("out of memory");
+	case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
+		return("self signed certificate");
+	case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
+		return("self signed certificate in certificate chain");
+	case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
+		return("unable to get local issuer certificate");
+	case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
+		return("unable to verify the first certificate");
+	case X509_V_ERR_CERT_CHAIN_TOO_LONG:
+		return("certificate chain too long");
+	case X509_V_ERR_CERT_REVOKED:
+		return("certificate revoked");
+	case X509_V_ERR_APPLICATION_VERIFICATION:
+		return("application verification failure");
+	default:
+		sprintf(buf,"error number %ld",n);
+		return(buf);
+		}
+	}
+
+
diff --git a/crypto/openssl/crypto/x509/x509_v3.c b/crypto/openssl/crypto/x509/x509_v3.c
new file mode 100644
index 000000000000..dd2f9f1b177d
--- /dev/null
+++ b/crypto/openssl/crypto/x509/x509_v3.c
@@ -0,0 +1,266 @@
+/* crypto/x509/x509_v3.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+#include 
+
+int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x)
+	{
+	if (x == NULL) return(0);
+	return(sk_X509_EXTENSION_num(x));
+	}
+
+int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x, int nid,
+			  int lastpos)
+	{
+	ASN1_OBJECT *obj;
+
+	obj=OBJ_nid2obj(nid);
+	if (obj == NULL) return(-2);
+	return(X509v3_get_ext_by_OBJ(x,obj,lastpos));
+	}
+
+int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *sk, ASN1_OBJECT *obj,
+			  int lastpos)
+	{
+	int n;
+	X509_EXTENSION *ex;
+
+	if (sk == NULL) return(-1);
+	lastpos++;
+	if (lastpos < 0)
+		lastpos=0;
+	n=sk_X509_EXTENSION_num(sk);
+	for ( ; lastpos < n; lastpos++)
+		{
+		ex=sk_X509_EXTENSION_value(sk,lastpos);
+		if (OBJ_cmp(ex->object,obj) == 0)
+			return(lastpos);
+		}
+	return(-1);
+	}
+
+int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *sk, int crit,
+			       int lastpos)
+	{
+	int n;
+	X509_EXTENSION *ex;
+
+	if (sk == NULL) return(-1);
+	lastpos++;
+	if (lastpos < 0)
+		lastpos=0;
+	n=sk_X509_EXTENSION_num(sk);
+	for ( ; lastpos < n; lastpos++)
+		{
+		ex=sk_X509_EXTENSION_value(sk,lastpos);
+		if (	(ex->critical && crit) ||
+			(!ex->critical && !crit))
+			return(lastpos);
+		}
+	return(-1);
+	}
+
+X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc)
+	{
+	if (x == NULL || sk_X509_EXTENSION_num(x) <= loc || loc < 0)
+		return NULL;
+	else
+		return sk_X509_EXTENSION_value(x,loc);
+	}
+
+X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc)
+	{
+	X509_EXTENSION *ret;
+
+	if (x == NULL || sk_X509_EXTENSION_num(x) <= loc || loc < 0)
+		return(NULL);
+	ret=sk_X509_EXTENSION_delete(x,loc);
+	return(ret);
+	}
+
+STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x,
+					 X509_EXTENSION *ex, int loc)
+	{
+	X509_EXTENSION *new_ex=NULL;
+	int n;
+	STACK_OF(X509_EXTENSION) *sk=NULL;
+
+	if ((x != NULL) && (*x == NULL))
+		{
+		if ((sk=sk_X509_EXTENSION_new_null()) == NULL)
+			goto err;
+		}
+	else
+		sk= *x;
+
+	n=sk_X509_EXTENSION_num(sk);
+	if (loc > n) loc=n;
+	else if (loc < 0) loc=n;
+
+	if ((new_ex=X509_EXTENSION_dup(ex)) == NULL)
+		goto err2;
+	if (!sk_X509_EXTENSION_insert(sk,new_ex,loc))
+		goto err;
+	if ((x != NULL) && (*x == NULL))
+		*x=sk;
+	return(sk);
+err:
+	X509err(X509_F_X509V3_ADD_EXT,ERR_R_MALLOC_FAILURE);
+err2:
+	if (new_ex != NULL) X509_EXTENSION_free(new_ex);
+	if (sk != NULL) sk_X509_EXTENSION_free(sk);
+	return(NULL);
+	}
+
+X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, int nid,
+	     int crit, ASN1_OCTET_STRING *data)
+	{
+	ASN1_OBJECT *obj;
+	X509_EXTENSION *ret;
+
+	obj=OBJ_nid2obj(nid);
+	if (obj == NULL)
+		{
+		X509err(X509_F_X509_EXTENSION_CREATE_BY_NID,X509_R_UNKNOWN_NID);
+		return(NULL);
+		}
+	ret=X509_EXTENSION_create_by_OBJ(ex,obj,crit,data);
+	if (ret == NULL) ASN1_OBJECT_free(obj);
+	return(ret);
+	}
+
+X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex,
+	     ASN1_OBJECT *obj, int crit, ASN1_OCTET_STRING *data)
+	{
+	X509_EXTENSION *ret;
+
+	if ((ex == NULL) || (*ex == NULL))
+		{
+		if ((ret=X509_EXTENSION_new()) == NULL)
+			{
+			X509err(X509_F_X509_EXTENSION_CREATE_BY_OBJ,ERR_R_MALLOC_FAILURE);
+			return(NULL);
+			}
+		}
+	else
+		ret= *ex;
+
+	if (!X509_EXTENSION_set_object(ret,obj))
+		goto err;
+	if (!X509_EXTENSION_set_critical(ret,crit))
+		goto err;
+	if (!X509_EXTENSION_set_data(ret,data))
+		goto err;
+	
+	if ((ex != NULL) && (*ex == NULL)) *ex=ret;
+	return(ret);
+err:
+	if ((ex == NULL) || (ret != *ex))
+		X509_EXTENSION_free(ret);
+	return(NULL);
+	}
+
+int X509_EXTENSION_set_object(X509_EXTENSION *ex, ASN1_OBJECT *obj)
+	{
+	if ((ex == NULL) || (obj == NULL))
+		return(0);
+	ASN1_OBJECT_free(ex->object);
+	ex->object=OBJ_dup(obj);
+	return(1);
+	}
+
+int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit)
+	{
+	if (ex == NULL) return(0);
+	ex->critical=(crit)?0xFF:0;
+	return(1);
+	}
+
+int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data)
+	{
+	int i;
+
+	if (ex == NULL) return(0);
+	i=ASN1_OCTET_STRING_set(ex->value,data->data,data->length);
+	if (!i) return(0);
+	return(1);
+	}
+
+ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex)
+	{
+	if (ex == NULL) return(NULL);
+	return(ex->object);
+	}
+
+ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ex)
+	{
+	if (ex == NULL) return(NULL);
+	return(ex->value);
+	}
+
+int X509_EXTENSION_get_critical(X509_EXTENSION *ex)
+	{
+	if (ex == NULL) return(0);
+	return(ex->critical);
+	}
diff --git a/crypto/openssl/crypto/x509/x509_vfy.c b/crypto/openssl/crypto/x509/x509_vfy.c
new file mode 100644
index 000000000000..c72ee4a3855f
--- /dev/null
+++ b/crypto/openssl/crypto/x509/x509_vfy.c
@@ -0,0 +1,639 @@
+/* crypto/x509/x509_vfy.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+static int null_callback(int ok,X509_STORE_CTX *e);
+static int internal_verify(X509_STORE_CTX *ctx);
+const char *X509_version="X.509" OPENSSL_VERSION_PTEXT;
+
+static STACK *x509_store_ctx_method=NULL;
+static int x509_store_ctx_num=0;
+#if 0
+static int x509_store_num=1;
+static STACK *x509_store_method=NULL;
+#endif
+
+static int null_callback(int ok, X509_STORE_CTX *e)
+	{
+	return(ok);
+	}
+
+#if 0
+static int x509_subject_cmp(X509 **a, X509 **b)
+	{
+	return(X509_subject_name_cmp(*a,*b));
+	}
+#endif
+
+int X509_verify_cert(X509_STORE_CTX *ctx)
+	{
+	X509 *x,*xtmp,*chain_ss=NULL;
+	X509_NAME *xn;
+	X509_OBJECT obj;
+	int depth,i,ok=0;
+	int num;
+	int (*cb)();
+	STACK_OF(X509) *sktmp=NULL;
+
+	if (ctx->cert == NULL)
+		{
+		X509err(X509_F_X509_VERIFY_CERT,X509_R_NO_CERT_SET_FOR_US_TO_VERIFY);
+		return(-1);
+		}
+
+	cb=ctx->ctx->verify_cb;
+	if (cb == NULL) cb=null_callback;
+
+	/* first we make sure the chain we are going to build is
+	 * present and that the first entry is in place */
+	if (ctx->chain == NULL)
+		{
+		if (	((ctx->chain=sk_X509_new_null()) == NULL) ||
+			(!sk_X509_push(ctx->chain,ctx->cert)))
+			{
+			X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
+			goto end;
+			}
+		CRYPTO_add(&ctx->cert->references,1,CRYPTO_LOCK_X509);
+		ctx->last_untrusted=1;
+		}
+
+	/* We use a temporary so we can chop and hack at it */
+	if (ctx->untrusted != NULL
+	    && (sktmp=sk_X509_dup(ctx->untrusted)) == NULL)
+		{
+		X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
+		goto end;
+		}
+
+	num=sk_X509_num(ctx->chain);
+	x=sk_X509_value(ctx->chain,num-1);
+	depth=ctx->depth;
+
+
+	for (;;)
+		{
+		/* If we have enough, we break */
+		if (depth < num) break; /* FIXME: If this happens, we should take
+		                         * note of it and, if appropriate, use the
+		                         * X509_V_ERR_CERT_CHAIN_TOO_LONG error
+		                         * code later.
+		                         */
+
+		/* If we are self signed, we break */
+		xn=X509_get_issuer_name(x);
+		if (X509_NAME_cmp(X509_get_subject_name(x),xn) == 0)
+			break;
+
+		/* If we were passed a cert chain, use it first */
+		if (ctx->untrusted != NULL)
+			{
+			xtmp=X509_find_by_subject(sktmp,xn);
+			if (xtmp != NULL)
+				{
+				if (!sk_X509_push(ctx->chain,xtmp))
+					{
+					X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
+					goto end;
+					}
+				CRYPTO_add(&xtmp->references,1,CRYPTO_LOCK_X509);
+				sk_X509_delete_ptr(sktmp,xtmp);
+				ctx->last_untrusted++;
+				x=xtmp;
+				num++;
+				/* reparse the full chain for
+				 * the next one */
+				continue;
+				}
+			}
+		break;
+		}
+
+	/* at this point, chain should contain a list of untrusted
+	 * certificates.  We now need to add at least one trusted one,
+	 * if possible, otherwise we complain. */
+
+	i=sk_X509_num(ctx->chain);
+	x=sk_X509_value(ctx->chain,i-1);
+	if (X509_NAME_cmp(X509_get_subject_name(x),X509_get_issuer_name(x))
+		== 0)
+		{
+		/* we have a self signed certificate */
+		if (sk_X509_num(ctx->chain) == 1)
+			{
+			ctx->error=X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT;
+			ctx->current_cert=x;
+			ctx->error_depth=i-1;
+			ok=cb(0,ctx);
+			if (!ok) goto end;
+			}
+		else
+			{
+			/* worry more about this one elsewhere */
+			chain_ss=sk_X509_pop(ctx->chain);
+			ctx->last_untrusted--;
+			num--;
+			x=sk_X509_value(ctx->chain,num-1);
+			}
+		}
+
+	/* We now lookup certs from the certificate store */
+	for (;;)
+		{
+		/* If we have enough, we break */
+		if (depth < num) break;
+
+		/* If we are self signed, we break */
+		xn=X509_get_issuer_name(x);
+		if (X509_NAME_cmp(X509_get_subject_name(x),xn) == 0)
+			break;
+
+		ok=X509_STORE_get_by_subject(ctx,X509_LU_X509,xn,&obj);
+		if (ok != X509_LU_X509)
+			{
+			if (ok == X509_LU_RETRY)
+				{
+				X509_OBJECT_free_contents(&obj);
+				X509err(X509_F_X509_VERIFY_CERT,X509_R_SHOULD_RETRY);
+				return(ok);
+				}
+			else if (ok != X509_LU_FAIL)
+				{
+				X509_OBJECT_free_contents(&obj);
+				/* not good :-(, break anyway */
+				return(ok);
+				}
+			break;
+			}
+		x=obj.data.x509;
+		if (!sk_X509_push(ctx->chain,obj.data.x509))
+			{
+			X509_OBJECT_free_contents(&obj);
+			X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
+			return(0);
+			}
+		num++;
+		}
+
+	/* we now have our chain, lets check it... */
+	xn=X509_get_issuer_name(x);
+	if (X509_NAME_cmp(X509_get_subject_name(x),xn) != 0)
+		{
+		if ((chain_ss == NULL) || (X509_NAME_cmp(X509_get_subject_name(chain_ss),xn) != 0))
+			{
+			if (ctx->last_untrusted >= num)
+				ctx->error=X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY;
+			else
+				ctx->error=X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT;
+			ctx->current_cert=x;
+			}
+		else
+			{
+
+			sk_X509_push(ctx->chain,chain_ss);
+			num++;
+			ctx->last_untrusted=num;
+			ctx->current_cert=chain_ss;
+			ctx->error=X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN;
+			chain_ss=NULL;
+			}
+
+		ctx->error_depth=num-1;
+		ok=cb(0,ctx);
+		if (!ok) goto end;
+		}
+
+	/* We may as well copy down any DSA parameters that are required */
+	X509_get_pubkey_parameters(NULL,ctx->chain);
+
+	/* At this point, we have a chain and just need to verify it */
+	if (ctx->ctx->verify != NULL)
+		ok=ctx->ctx->verify(ctx);
+	else
+		ok=internal_verify(ctx);
+	if (0)
+		{
+end:
+		X509_get_pubkey_parameters(NULL,ctx->chain);
+		}
+	if (sktmp != NULL) sk_X509_free(sktmp);
+	if (chain_ss != NULL) X509_free(chain_ss);
+	return(ok);
+	}
+
+static int internal_verify(X509_STORE_CTX *ctx)
+	{
+	int i,ok=0,n;
+	X509 *xs,*xi;
+	EVP_PKEY *pkey=NULL;
+	int (*cb)();
+
+	cb=ctx->ctx->verify_cb;
+	if (cb == NULL) cb=null_callback;
+
+	n=sk_X509_num(ctx->chain);
+	ctx->error_depth=n-1;
+	n--;
+	xi=sk_X509_value(ctx->chain,n);
+	if (X509_NAME_cmp(X509_get_subject_name(xi),
+		X509_get_issuer_name(xi)) == 0)
+		xs=xi;
+	else
+		{
+		if (n <= 0)
+			{
+			ctx->error=X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE;
+			ctx->current_cert=xi;
+			ok=cb(0,ctx);
+			goto end;
+			}
+		else
+			{
+			n--;
+			ctx->error_depth=n;
+			xs=sk_X509_value(ctx->chain,n);
+			}
+		}
+
+/*	ctx->error=0;  not needed */
+	while (n >= 0)
+		{
+		ctx->error_depth=n;
+		if (!xs->valid)
+			{
+			if ((pkey=X509_get_pubkey(xi)) == NULL)
+				{
+				ctx->error=X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY;
+				ctx->current_cert=xi;
+				ok=(*cb)(0,ctx);
+				if (!ok) goto end;
+				}
+			if (X509_verify(xs,pkey) <= 0)
+				{
+				EVP_PKEY_free(pkey);
+				ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE;
+				ctx->current_cert=xs;
+				ok=(*cb)(0,ctx);
+				if (!ok) goto end;
+				}
+			EVP_PKEY_free(pkey);
+			pkey=NULL;
+
+			i=X509_cmp_current_time(X509_get_notBefore(xs));
+			if (i == 0)
+				{
+				ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD;
+				ctx->current_cert=xs;
+				ok=(*cb)(0,ctx);
+				if (!ok) goto end;
+				}
+			if (i > 0)
+				{
+				ctx->error=X509_V_ERR_CERT_NOT_YET_VALID;
+				ctx->current_cert=xs;
+				ok=(*cb)(0,ctx);
+				if (!ok) goto end;
+				}
+			xs->valid=1;
+			}
+
+		i=X509_cmp_current_time(X509_get_notAfter(xs));
+		if (i == 0)
+			{
+			ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD;
+			ctx->current_cert=xs;
+			ok=(*cb)(0,ctx);
+			if (!ok) goto end;
+			}
+
+		if (i < 0)
+			{
+			ctx->error=X509_V_ERR_CERT_HAS_EXPIRED;
+			ctx->current_cert=xs;
+			ok=(*cb)(0,ctx);
+			if (!ok) goto end;
+			}
+
+		/* CRL CHECK */
+
+		/* The last error (if any) is still in the error value */
+		ctx->current_cert=xs;
+		ok=(*cb)(1,ctx);
+		if (!ok) goto end;
+
+		n--;
+		if (n >= 0)
+			{
+			xi=xs;
+			xs=sk_X509_value(ctx->chain,n);
+			}
+		}
+	ok=1;
+end:
+	return(ok);
+	}
+
+int X509_cmp_current_time(ASN1_UTCTIME *ctm)
+	{
+	char *str;
+	ASN1_UTCTIME atm;
+	time_t offset;
+	char buff1[24],buff2[24],*p;
+	int i,j;
+
+	p=buff1;
+	i=ctm->length;
+	str=(char *)ctm->data;
+	if ((i < 11) || (i > 17)) return(0);
+	memcpy(p,str,10);
+	p+=10;
+	str+=10;
+
+	if ((*str == 'Z') || (*str == '-') || (*str == '+'))
+		{ *(p++)='0'; *(p++)='0'; }
+	else	{ *(p++)= *(str++); *(p++)= *(str++); }
+	*(p++)='Z';
+	*(p++)='\0';
+
+	if (*str == 'Z')
+		offset=0;
+	else
+		{
+		if ((*str != '+') && (str[5] != '-'))
+			return(0);
+		offset=((str[1]-'0')*10+(str[2]-'0'))*60;
+		offset+=(str[3]-'0')*10+(str[4]-'0');
+		if (*str == '-')
+			offset= -offset;
+		}
+	atm.type=V_ASN1_UTCTIME;
+	atm.length=sizeof(buff2);
+	atm.data=(unsigned char *)buff2;
+
+	X509_gmtime_adj(&atm,-offset);
+
+	i=(buff1[0]-'0')*10+(buff1[1]-'0');
+	if (i < 50) i+=100; /* cf. RFC 2459 */
+	j=(buff2[0]-'0')*10+(buff2[1]-'0');
+	if (j < 50) j+=100;
+
+	if (i < j) return (-1);
+	if (i > j) return (1);
+	i=strcmp(buff1,buff2);
+	if (i == 0) /* wait a second then return younger :-) */
+		return(-1);
+	else
+		return(i);
+	}
+
+ASN1_UTCTIME *X509_gmtime_adj(ASN1_UTCTIME *s, long adj)
+	{
+	time_t t;
+
+	time(&t);
+	t+=adj;
+	return(ASN1_UTCTIME_set(s,t));
+	}
+
+int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain)
+	{
+	EVP_PKEY *ktmp=NULL,*ktmp2;
+	int i,j;
+
+	if ((pkey != NULL) && !EVP_PKEY_missing_parameters(pkey)) return(1);
+
+	for (i=0; i= 0; j--)
+		{
+		ktmp2=X509_get_pubkey(sk_X509_value(chain,j));
+		EVP_PKEY_copy_parameters(ktmp2,ktmp);
+		EVP_PKEY_free(ktmp2);
+		}
+	
+	if (pkey != NULL) EVP_PKEY_copy_parameters(pkey,ktmp);
+	EVP_PKEY_free(ktmp);
+	return(1);
+	}
+
+int X509_STORE_add_cert(X509_STORE *ctx, X509 *x)
+	{
+	X509_OBJECT *obj,*r;
+	int ret=1;
+
+	if (x == NULL) return(0);
+	obj=(X509_OBJECT *)Malloc(sizeof(X509_OBJECT));
+	if (obj == NULL)
+		{
+		X509err(X509_F_X509_STORE_ADD_CERT,ERR_R_MALLOC_FAILURE);
+		return(0);
+		}
+	obj->type=X509_LU_X509;
+	obj->data.x509=x;
+
+	CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
+
+	X509_OBJECT_up_ref_count(obj);
+
+	r=(X509_OBJECT *)lh_insert(ctx->certs,(char *)obj);
+	if (r != NULL)
+		{ /* oops, put it back */
+		lh_delete(ctx->certs,(char *)obj);
+		X509_OBJECT_free_contents(obj);
+		Free(obj);
+		lh_insert(ctx->certs,(char *)r);
+		X509err(X509_F_X509_STORE_ADD_CERT,X509_R_CERT_ALREADY_IN_HASH_TABLE);
+		ret=0;
+		}
+
+	CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+
+	return(ret);	
+	}
+
+int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x)
+	{
+	X509_OBJECT *obj,*r;
+	int ret=1;
+
+	if (x == NULL) return(0);
+	obj=(X509_OBJECT *)Malloc(sizeof(X509_OBJECT));
+	if (obj == NULL)
+		{
+		X509err(X509_F_X509_STORE_ADD_CRL,ERR_R_MALLOC_FAILURE);
+		return(0);
+		}
+	obj->type=X509_LU_CRL;
+	obj->data.crl=x;
+
+	CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
+
+	X509_OBJECT_up_ref_count(obj);
+
+	r=(X509_OBJECT *)lh_insert(ctx->certs,(char *)obj);
+	if (r != NULL)
+		{ /* oops, put it back */
+		lh_delete(ctx->certs,(char *)obj);
+		X509_OBJECT_free_contents(obj);
+		Free(obj);
+		lh_insert(ctx->certs,(char *)r);
+		X509err(X509_F_X509_STORE_ADD_CRL,X509_R_CERT_ALREADY_IN_HASH_TABLE);
+		ret=0;
+		}
+
+	CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+
+	return(ret);	
+	}
+
+int X509_STORE_CTX_get_ex_new_index(long argl, char *argp, int (*new_func)(),
+	     int (*dup_func)(), void (*free_func)())
+        {
+        x509_store_ctx_num++;
+        return(CRYPTO_get_ex_new_index(x509_store_ctx_num-1,
+		&x509_store_ctx_method,
+                argl,argp,new_func,dup_func,free_func));
+        }
+
+int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data)
+	{
+	return(CRYPTO_set_ex_data(&ctx->ex_data,idx,data));
+	}
+
+void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx)
+	{
+	return(CRYPTO_get_ex_data(&ctx->ex_data,idx));
+	}
+
+int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx)
+	{
+	return(ctx->error);
+	}
+
+void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int err)
+	{
+	ctx->error=err;
+	}
+
+int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx)
+	{
+	return(ctx->error_depth);
+	}
+
+X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx)
+	{
+	return(ctx->current_cert);
+	}
+
+STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx)
+	{
+	return(ctx->chain);
+	}
+
+void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x)
+	{
+	ctx->cert=x;
+	}
+
+void X509_STORE_CTX_set_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
+	{
+	ctx->untrusted=sk;
+	}
+
+IMPLEMENT_STACK_OF(X509)
+IMPLEMENT_ASN1_SET_OF(X509)
+
+IMPLEMENT_STACK_OF(X509_NAME)
+
+IMPLEMENT_STACK_OF(X509_ATTRIBUTE)
+IMPLEMENT_ASN1_SET_OF(X509_ATTRIBUTE)
diff --git a/crypto/openssl/crypto/x509/x509_vfy.h b/crypto/openssl/crypto/x509/x509_vfy.h
new file mode 100644
index 000000000000..ecfd4cf9edac
--- /dev/null
+++ b/crypto/openssl/crypto/x509/x509_vfy.h
@@ -0,0 +1,346 @@
+/* crypto/x509/x509_vfy.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_X509_H
+#include 
+/* openssl/x509.h ends up #include-ing this file at about the only
+ * appropriate moment. */
+#endif
+
+#ifndef HEADER_X509_VFY_H
+#define HEADER_X509_VFY_H
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#include 
+#include 
+
+/* Outer object */
+typedef struct x509_hash_dir_st
+	{
+	int num_dirs;
+	char **dirs;
+	int *dirs_type;
+	int num_dirs_alloced;
+	} X509_HASH_DIR_CTX;
+
+typedef struct x509_file_st
+	{
+	int num_paths;	/* number of paths to files or directories */
+	int num_alloced;
+	char **paths;	/* the list of paths or directories */
+	int *path_type;
+	} X509_CERT_FILE_CTX;
+
+/*******************************/
+/*
+SSL_CTX -> X509_STORE    
+		-> X509_LOOKUP
+			->X509_LOOKUP_METHOD
+		-> X509_LOOKUP
+			->X509_LOOKUP_METHOD
+ 
+SSL	-> X509_STORE_CTX
+		->X509_STORE    
+
+The X509_STORE holds the tables etc for verification stuff.
+A X509_STORE_CTX is used while validating a single certificate.
+The X509_STORE has X509_LOOKUPs for looking up certs.
+The X509_STORE then calls a function to actually verify the
+certificate chain.
+*/
+
+#define X509_LU_RETRY		-1
+#define X509_LU_FAIL		0
+#define X509_LU_X509		1
+#define X509_LU_CRL		2
+#define X509_LU_PKEY		3
+
+typedef struct x509_object_st
+	{
+	/* one of the above types */
+	int type;
+	union	{
+		char *ptr;
+		X509 *x509;
+		X509_CRL *crl;
+		EVP_PKEY *pkey;
+		} data;
+	} X509_OBJECT;
+
+typedef struct x509_lookup_st X509_LOOKUP;
+
+DECLARE_STACK_OF(X509_LOOKUP)
+
+/* This is a static that defines the function interface */
+typedef struct x509_lookup_method_st
+	{
+	const char *name;
+	int (*new_item)(X509_LOOKUP *ctx);
+	void (*free)(X509_LOOKUP *ctx);
+	int (*init)(X509_LOOKUP *ctx);
+	int (*shutdown)(X509_LOOKUP *ctx);
+	int (*ctrl)(X509_LOOKUP *ctx,int cmd,const char *argc,long argl,
+			char **ret);
+	int (*get_by_subject)(X509_LOOKUP *ctx,int type,X509_NAME *name,
+			      X509_OBJECT *ret);
+	int (*get_by_issuer_serial)(X509_LOOKUP *ctx,int type,X509_NAME *name,
+				    ASN1_INTEGER *serial,X509_OBJECT *ret);
+	int (*get_by_fingerprint)(X509_LOOKUP *ctx,int type,
+				  unsigned char *bytes,int len,
+				  X509_OBJECT *ret);
+	int (*get_by_alias)(X509_LOOKUP *ctx,int type,char *str,int len,
+			    X509_OBJECT *ret);
+	} X509_LOOKUP_METHOD;
+
+typedef struct x509_store_state_st X509_STORE_CTX;
+
+/* This is used to hold everything.  It is used for all certificate
+ * validation.  Once we have a certificate chain, the 'verify'
+ * function is then called to actually check the cert chain. */
+typedef struct x509_store_st
+	{
+	/* The following is a cache of trusted certs */
+	int cache; 	/* if true, stash any hits */
+#ifdef HEADER_LHASH_H
+	LHASH *certs;	/* cached certs; */ 
+#else
+	char *certs;
+#endif
+
+	/* These are external lookup methods */
+	STACK_OF(X509_LOOKUP) *get_cert_methods;
+	int (*verify)(X509_STORE_CTX *ctx);	/* called to verify a certificate */
+	int (*verify_cb)(int ok,X509_STORE_CTX *ctx);	/* error callback */
+
+	CRYPTO_EX_DATA ex_data;
+	int references;
+	int depth;		/* how deep to look (still unused -- X509_STORE_CTX's depth is used) */
+	}  X509_STORE;
+
+#define X509_STORE_set_depth(ctx,d)       ((ctx)->depth=(d))
+
+#define X509_STORE_set_verify_cb_func(ctx,func) ((ctx)->verify_cb=(func))
+#define X509_STORE_set_verify_func(ctx,func)	((ctx)->verify=(func))
+
+/* This is the functions plus an instance of the local variables. */
+struct x509_lookup_st
+	{
+	int init;			/* have we been started */
+	int skip;			/* don't use us. */
+	X509_LOOKUP_METHOD *method;	/* the functions */
+	char *method_data;		/* method data */
+
+	X509_STORE *store_ctx;	/* who owns us */
+	};
+
+/* This is a temporary used when processing cert chains.  Since the
+ * gathering of the cert chain can take some time (and have to be
+ * 'retried', this needs to be kept and passed around. */
+struct x509_store_state_st      /* X509_STORE_CTX */
+	{
+	X509_STORE *ctx;
+	int current_method;	/* used when looking up certs */
+
+	/* The following are set by the caller */
+	X509 *cert;		/* The cert to check */
+	STACK_OF(X509) *untrusted;	/* chain of X509s - untrusted - passed in */
+
+	/* The following is built up */
+	int depth;		/* how far to go looking up certs */
+	int valid;		/* if 0, rebuild chain */
+	int last_untrusted;	/* index of last untrusted cert */
+	STACK_OF(X509) *chain; 		/* chain of X509s - built up and trusted */
+
+	/* When something goes wrong, this is why */
+	int error_depth;
+	int error;
+	X509 *current_cert;
+
+	CRYPTO_EX_DATA ex_data;
+	};
+
+#define X509_STORE_CTX_set_depth(ctx,d)       ((ctx)->depth=(d))
+
+#define X509_STORE_CTX_set_app_data(ctx,data) \
+	X509_STORE_CTX_set_ex_data(ctx,0,data)
+#define X509_STORE_CTX_get_app_data(ctx) \
+	X509_STORE_CTX_get_ex_data(ctx,0)
+
+#define X509_L_FILE_LOAD	1
+#define X509_L_ADD_DIR		2
+
+#define X509_LOOKUP_load_file(x,name,type) \
+		X509_LOOKUP_ctrl((x),X509_L_FILE_LOAD,(name),(long)(type),NULL)
+
+#define X509_LOOKUP_add_dir(x,name,type) \
+		X509_LOOKUP_ctrl((x),X509_L_ADD_DIR,(name),(long)(type),NULL)
+
+#define		X509_V_OK					0
+
+#define		X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT		2
+#define		X509_V_ERR_UNABLE_TO_GET_CRL			3
+#define		X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE	4
+#define		X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE	5
+#define		X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY	6
+#define		X509_V_ERR_CERT_SIGNATURE_FAILURE		7
+#define		X509_V_ERR_CRL_SIGNATURE_FAILURE		8
+#define		X509_V_ERR_CERT_NOT_YET_VALID			9	
+#define		X509_V_ERR_CERT_HAS_EXPIRED			10
+#define		X509_V_ERR_CRL_NOT_YET_VALID			11
+#define		X509_V_ERR_CRL_HAS_EXPIRED			12
+#define		X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD	13
+#define		X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD	14
+#define		X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD	15
+#define		X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD	16
+#define		X509_V_ERR_OUT_OF_MEM				17
+#define		X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT		18
+#define		X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN		19
+#define		X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY	20
+#define		X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE	21
+#define		X509_V_ERR_CERT_CHAIN_TOO_LONG			22
+#define		X509_V_ERR_CERT_REVOKED				23
+
+/* The application is not happy */
+#define		X509_V_ERR_APPLICATION_VERIFICATION		50
+
+		  /* These functions are being redefined in another directory,
+		     and clash when the linker is case-insensitive, so let's
+		     hide them a little, by giving them an extra 'o' at the
+		     beginning of the name... */
+#ifdef VMS
+#undef X509v3_cleanup_extensions
+#define X509v3_cleanup_extensions oX509v3_cleanup_extensions
+#undef X509v3_add_extension
+#define X509v3_add_extension oX509v3_add_extension
+#undef X509v3_add_netscape_extensions
+#define X509v3_add_netscape_extensions oX509v3_add_netscape_extensions
+#undef X509v3_add_standard_extensions
+#define X509v3_add_standard_extensions oX509v3_add_standard_extensions
+#endif
+
+#ifdef HEADER_LHASH_H
+X509_OBJECT *X509_OBJECT_retrieve_by_subject(LHASH *h,int type,X509_NAME *name);
+#endif
+void X509_OBJECT_up_ref_count(X509_OBJECT *a);
+void X509_OBJECT_free_contents(X509_OBJECT *a);
+X509_STORE *X509_STORE_new(void );
+void X509_STORE_free(X509_STORE *v);
+
+void X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,
+			 X509 *x509, STACK_OF(X509) *chain);
+void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
+
+X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);
+
+X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
+X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
+
+int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);
+int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
+
+int X509_STORE_get_by_subject(X509_STORE_CTX *vs,int type,X509_NAME *name,
+	X509_OBJECT *ret);
+
+int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc,
+	long argl, char **ret);
+
+#ifndef NO_STDIO
+int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type);
+int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type);
+#endif
+
+
+X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method);
+void X509_LOOKUP_free(X509_LOOKUP *ctx);
+int X509_LOOKUP_init(X509_LOOKUP *ctx);
+int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name,
+	X509_OBJECT *ret);
+int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name,
+	ASN1_INTEGER *serial, X509_OBJECT *ret);
+int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type,
+	unsigned char *bytes, int len, X509_OBJECT *ret);
+int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str,
+	int len, X509_OBJECT *ret);
+int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);
+
+#ifndef NO_STDIO
+int	X509_STORE_load_locations (X509_STORE *ctx,
+		const char *file, const char *dir);
+int	X509_STORE_set_default_paths(X509_STORE *ctx);
+#endif
+
+int X509_STORE_CTX_get_ex_new_index(long argl, char *argp, int (*new_func)(),
+	int (*dup_func)(), void (*free_func)());
+int	X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx,int idx,void *data);
+void *	X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx,int idx);
+int	X509_STORE_CTX_get_error(X509_STORE_CTX *ctx);
+void	X509_STORE_CTX_set_error(X509_STORE_CTX *ctx,int s);
+int	X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx);
+X509 *	X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx);
+STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx);
+void	X509_STORE_CTX_set_cert(X509_STORE_CTX *c,X509 *x);
+void	X509_STORE_CTX_set_chain(X509_STORE_CTX *c,STACK_OF(X509) *sk);
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
+
diff --git a/crypto/openssl/crypto/x509/x509name.c b/crypto/openssl/crypto/x509/x509name.c
new file mode 100644
index 000000000000..2a422be3502c
--- /dev/null
+++ b/crypto/openssl/crypto/x509/x509name.c
@@ -0,0 +1,321 @@
+/* crypto/x509/x509name.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+#include 
+
+int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len)
+	{
+	ASN1_OBJECT *obj;
+
+	obj=OBJ_nid2obj(nid);
+	if (obj == NULL) return(-1);
+	return(X509_NAME_get_text_by_OBJ(name,obj,buf,len));
+	}
+
+int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, char *buf,
+	     int len)
+	{
+	int i;
+	ASN1_STRING *data;
+
+	i=X509_NAME_get_index_by_OBJ(name,obj,-1);
+	if (i < 0) return(-1);
+	data=X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name,i));
+	i=(data->length > (len-1))?(len-1):data->length;
+	if (buf == NULL) return(data->length);
+	memcpy(buf,data->data,i);
+	buf[i]='\0';
+	return(i);
+	}
+
+int X509_NAME_entry_count(X509_NAME *name)
+	{
+	if (name == NULL) return(0);
+	return(sk_X509_NAME_ENTRY_num(name->entries));
+	}
+
+int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos)
+	{
+	ASN1_OBJECT *obj;
+
+	obj=OBJ_nid2obj(nid);
+	if (obj == NULL) return(-2);
+	return(X509_NAME_get_index_by_OBJ(name,obj,lastpos));
+	}
+
+/* NOTE: you should be passsing -1, not 0 as lastpos */
+int X509_NAME_get_index_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj,
+	     int lastpos)
+	{
+	int n;
+	X509_NAME_ENTRY *ne;
+	STACK_OF(X509_NAME_ENTRY) *sk;
+
+	if (name == NULL) return(-1);
+	if (lastpos < 0)
+		lastpos= -1;
+	sk=name->entries;
+	n=sk_X509_NAME_ENTRY_num(sk);
+	for (lastpos++; lastpos < n; lastpos++)
+		{
+		ne=sk_X509_NAME_ENTRY_value(sk,lastpos);
+		if (OBJ_cmp(ne->object,obj) == 0)
+			return(lastpos);
+		}
+	return(-1);
+	}
+
+X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc)
+	{
+	if(name == NULL || sk_X509_NAME_ENTRY_num(name->entries) <= loc
+	   || loc < 0)
+		return(NULL);
+	else
+		return(sk_X509_NAME_ENTRY_value(name->entries,loc));
+	}
+
+X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc)
+	{
+	X509_NAME_ENTRY *ret;
+	int i,n,set_prev,set_next;
+	STACK_OF(X509_NAME_ENTRY) *sk;
+
+	if (name == NULL || sk_X509_NAME_ENTRY_num(name->entries) <= loc
+	    || loc < 0)
+		return(NULL);
+	sk=name->entries;
+	ret=sk_X509_NAME_ENTRY_delete(sk,loc);
+	n=sk_X509_NAME_ENTRY_num(sk);
+	name->modified=1;
+	if (loc == n) return(ret);
+
+	/* else we need to fixup the set field */
+	if (loc != 0)
+		set_prev=(sk_X509_NAME_ENTRY_value(sk,loc-1))->set;
+	else
+		set_prev=ret->set-1;
+	set_next=sk_X509_NAME_ENTRY_value(sk,loc)->set;
+
+	/* set_prev is the previous set
+	 * set is the current set
+	 * set_next is the following
+	 * prev  1 1	1 1	1 1	1 1
+	 * set   1	1	2	2
+	 * next  1 1	2 2	2 2	3 2
+	 * so basically only if prev and next differ by 2, then
+	 * re-number down by 1 */
+	if (set_prev+1 < set_next)
+		for (i=loc; iset--;
+	return(ret);
+	}
+
+/* if set is -1, append to previous set, 0 'a new one', and 1,
+ * prepend to the guy we are about to stomp on. */
+int X509_NAME_add_entry(X509_NAME *name, X509_NAME_ENTRY *ne, int loc,
+	     int set)
+	{
+	X509_NAME_ENTRY *new_name=NULL;
+	int n,i,inc;
+	STACK_OF(X509_NAME_ENTRY) *sk;
+
+	if (name == NULL) return(0);
+	sk=name->entries;
+	n=sk_X509_NAME_ENTRY_num(sk);
+	if (loc > n) loc=n;
+	else if (loc < 0) loc=n;
+
+	name->modified=1;
+
+	if (set == -1)
+		{
+		if (loc == 0)
+			{
+			set=0;
+			inc=1;
+			}
+		else
+			{
+			set=sk_X509_NAME_ENTRY_value(sk,loc-1)->set;
+			inc=0;
+			}
+		}
+	else /* if (set >= 0) */
+		{
+		if (loc >= n)
+			{
+			if (loc != 0)
+				set=sk_X509_NAME_ENTRY_value(sk,loc-1)->set+1;
+			else
+				set=0;
+			}
+		else
+			set=sk_X509_NAME_ENTRY_value(sk,loc)->set;
+		inc=(set == 0)?1:0;
+		}
+
+	if ((new_name=X509_NAME_ENTRY_dup(ne)) == NULL)
+		goto err;
+	new_name->set=set;
+	if (!sk_X509_NAME_ENTRY_insert(sk,new_name,loc))
+		{
+		X509err(X509_F_X509_NAME_ADD_ENTRY,ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+	if (inc)
+		{
+		n=sk_X509_NAME_ENTRY_num(sk);
+		for (i=loc+1; iset+=1;
+		}	
+	return(1);
+err:
+	if (new_name != NULL)
+		X509_NAME_ENTRY_free(new_name);
+	return(0);
+	}
+
+X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid,
+	     int type, unsigned char *bytes, int len)
+	{
+	ASN1_OBJECT *obj;
+
+	obj=OBJ_nid2obj(nid);
+	if (obj == NULL)
+		{
+		X509err(X509_F_X509_NAME_ENTRY_CREATE_BY_NID,X509_R_UNKNOWN_NID);
+		return(NULL);
+		}
+	return(X509_NAME_ENTRY_create_by_OBJ(ne,obj,type,bytes,len));
+	}
+
+X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne,
+	     ASN1_OBJECT *obj, int type, unsigned char *bytes, int len)
+	{
+	X509_NAME_ENTRY *ret;
+
+	if ((ne == NULL) || (*ne == NULL))
+		{
+		if ((ret=X509_NAME_ENTRY_new()) == NULL)
+			return(NULL);
+		}
+	else
+		ret= *ne;
+
+	if (!X509_NAME_ENTRY_set_object(ret,obj))
+		goto err;
+	if (!X509_NAME_ENTRY_set_data(ret,type,bytes,len))
+		goto err;
+	
+	if ((ne != NULL) && (*ne == NULL)) *ne=ret;
+	return(ret);
+err:
+	if ((ne == NULL) || (ret != *ne))
+		X509_NAME_ENTRY_free(ret);
+	return(NULL);
+	}
+
+int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj)
+	{
+	if ((ne == NULL) || (obj == NULL))
+		{
+		X509err(X509_F_X509_NAME_ENTRY_SET_OBJECT,ERR_R_PASSED_NULL_PARAMETER);
+		return(0);
+		}
+	ASN1_OBJECT_free(ne->object);
+	ne->object=OBJ_dup(obj);
+	return((ne->object == NULL)?0:1);
+	}
+
+int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type,
+	     unsigned char *bytes, int len)
+	{
+	int i;
+
+	if ((ne == NULL) || ((bytes == NULL) && (len != 0))) return(0);
+	if (len < 0) len=strlen((char *)bytes);
+	i=ASN1_STRING_set(ne->value,bytes,len);
+	if (!i) return(0);
+	if (type != V_ASN1_UNDEF)
+		{
+		if (type == V_ASN1_APP_CHOOSE)
+			ne->value->type=ASN1_PRINTABLE_type(bytes,len);
+		else
+			ne->value->type=type;
+		}
+	return(1);
+	}
+
+ASN1_OBJECT *X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne)
+	{
+	if (ne == NULL) return(NULL);
+	return(ne->object);
+	}
+
+ASN1_STRING *X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne)
+	{
+	if (ne == NULL) return(NULL);
+	return(ne->value);
+	}
+
diff --git a/crypto/openssl/crypto/x509/x509rset.c b/crypto/openssl/crypto/x509/x509rset.c
new file mode 100644
index 000000000000..d9f6b573729e
--- /dev/null
+++ b/crypto/openssl/crypto/x509/x509rset.c
@@ -0,0 +1,83 @@
+/* crypto/x509/x509rset.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+#include 
+
+int X509_REQ_set_version(X509_REQ *x, long version)
+	{
+	if (x == NULL) return(0);
+	return(ASN1_INTEGER_set(x->req_info->version,version));
+	}
+
+int X509_REQ_set_subject_name(X509_REQ *x, X509_NAME *name)
+	{
+	if ((x == NULL) || (x->req_info == NULL)) return(0);
+	return(X509_NAME_set(&x->req_info->subject,name));
+	}
+
+int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey)
+	{
+	if ((x == NULL) || (x->req_info == NULL)) return(0);
+	return(X509_PUBKEY_set(&x->req_info->pubkey,pkey));
+	}
+
diff --git a/crypto/openssl/crypto/x509/x509type.c b/crypto/openssl/crypto/x509/x509type.c
new file mode 100644
index 000000000000..8e78b344581e
--- /dev/null
+++ b/crypto/openssl/crypto/x509/x509type.c
@@ -0,0 +1,114 @@
+/* crypto/x509/x509type.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+
+int X509_certificate_type(X509 *x, EVP_PKEY *pkey)
+	{
+	EVP_PKEY *pk;
+	int ret=0,i;
+
+	if (x == NULL) return(0);
+
+	if (pkey == NULL)
+		pk=X509_get_pubkey(x);
+	else
+		pk=pkey;
+
+	if (pk == NULL) return(0);
+
+	switch (pk->type)
+		{
+	case EVP_PKEY_RSA:
+		ret=EVP_PK_RSA|EVP_PKT_SIGN;
+/*		if (!sign only extension) */
+			ret|=EVP_PKT_ENC;
+	break;
+	case EVP_PKEY_DSA:
+		ret=EVP_PK_DSA|EVP_PKT_SIGN;
+		break;
+	case EVP_PKEY_DH:
+		ret=EVP_PK_DH|EVP_PKT_EXCH;
+		break;
+	default:
+		break;
+		}
+
+	i=X509_get_signature_type(x);
+	switch (i)
+		{
+	case EVP_PKEY_RSA:
+		ret|=EVP_PKS_RSA;
+		break;
+	case EVP_PKS_DSA:
+		ret|=EVP_PKS_DSA;
+		break;
+	default:
+		break;
+		}
+
+	if (EVP_PKEY_size(pk) <= 512)
+		ret|=EVP_PKT_EXP;
+	if(pkey==NULL) EVP_PKEY_free(pk);
+	return(ret);
+	}
+
diff --git a/crypto/openssl/crypto/x509/x_all.c b/crypto/openssl/crypto/x509/x_all.c
new file mode 100644
index 000000000000..f2af895df00a
--- /dev/null
+++ b/crypto/openssl/crypto/x509/x_all.c
@@ -0,0 +1,437 @@
+/* crypto/x509/x_all.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#undef SSLEAY_MACROS
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+#include 
+
+int X509_verify(X509 *a, EVP_PKEY *r)
+	{
+	return(ASN1_verify((int (*)())i2d_X509_CINF,a->sig_alg,
+		a->signature,(char *)a->cert_info,r));
+	}
+
+int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r)
+	{
+	return( ASN1_verify((int (*)())i2d_X509_REQ_INFO,
+		a->sig_alg,a->signature,(char *)a->req_info,r));
+	}
+
+int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r)
+	{
+	return(ASN1_verify((int (*)())i2d_X509_CRL_INFO,
+		a->sig_alg, a->signature,(char *)a->crl,r));
+	}
+
+int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r)
+	{
+	return(ASN1_verify((int (*)())i2d_NETSCAPE_SPKAC,
+		a->sig_algor,a->signature, (char *)a->spkac,r));
+	}
+
+int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
+	{
+	return(ASN1_sign((int (*)())i2d_X509_CINF, x->cert_info->signature,
+		x->sig_alg, x->signature, (char *)x->cert_info,pkey,md));
+	}
+
+int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md)
+	{
+	return(ASN1_sign((int (*)())i2d_X509_REQ_INFO,x->sig_alg, NULL,
+		x->signature, (char *)x->req_info,pkey,md));
+	}
+
+int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md)
+	{
+	return(ASN1_sign((int (*)())i2d_X509_CRL_INFO,x->crl->sig_alg,
+		x->sig_alg, x->signature, (char *)x->crl,pkey,md));
+	}
+
+int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md)
+	{
+	return(ASN1_sign((int (*)())i2d_NETSCAPE_SPKAC, x->sig_algor,NULL,
+		x->signature, (char *)x->spkac,pkey,md));
+	}
+
+X509_ATTRIBUTE *X509_ATTRIBUTE_dup(X509_ATTRIBUTE *xa)
+	{
+	return((X509_ATTRIBUTE *)ASN1_dup((int (*)())i2d_X509_ATTRIBUTE,
+		(char *(*)())d2i_X509_ATTRIBUTE,(char *)xa));
+	}
+
+X509 *X509_dup(X509 *x509)
+	{
+	return((X509 *)ASN1_dup((int (*)())i2d_X509,
+		(char *(*)())d2i_X509,(char *)x509));
+	}
+
+X509_EXTENSION *X509_EXTENSION_dup(X509_EXTENSION *ex)
+	{
+	return((X509_EXTENSION *)ASN1_dup(
+		(int (*)())i2d_X509_EXTENSION,
+		(char *(*)())d2i_X509_EXTENSION,(char *)ex));
+	}
+
+#ifndef NO_FP_API
+X509 *d2i_X509_fp(FILE *fp, X509 **x509)
+	{
+	return((X509 *)ASN1_d2i_fp((char *(*)())X509_new,
+		(char *(*)())d2i_X509, (fp),(unsigned char **)(x509)));
+	}
+
+int i2d_X509_fp(FILE *fp, X509 *x509)
+	{
+	return(ASN1_i2d_fp(i2d_X509,fp,(unsigned char *)x509));
+	}
+#endif
+
+X509 *d2i_X509_bio(BIO *bp, X509 **x509)
+	{
+	return((X509 *)ASN1_d2i_bio((char *(*)())X509_new,
+		(char *(*)())d2i_X509, (bp),(unsigned char **)(x509)));
+	}
+
+int i2d_X509_bio(BIO *bp, X509 *x509)
+	{
+	return(ASN1_i2d_bio(i2d_X509,bp,(unsigned char *)x509));
+	}
+
+X509_CRL *X509_CRL_dup(X509_CRL *crl)
+	{
+	return((X509_CRL *)ASN1_dup((int (*)())i2d_X509_CRL,
+		(char *(*)())d2i_X509_CRL,(char *)crl));
+	}
+
+#ifndef NO_FP_API
+X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl)
+	{
+	return((X509_CRL *)ASN1_d2i_fp((char *(*)())
+		X509_CRL_new,(char *(*)())d2i_X509_CRL, (fp),
+		(unsigned char **)(crl)));
+	}
+
+int i2d_X509_CRL_fp(FILE *fp, X509_CRL *crl)
+	{
+	return(ASN1_i2d_fp(i2d_X509_CRL,fp,(unsigned char *)crl));
+	}
+#endif
+
+X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl)
+	{
+	return((X509_CRL *)ASN1_d2i_bio((char *(*)())
+		X509_CRL_new,(char *(*)())d2i_X509_CRL, (bp),
+		(unsigned char **)(crl)));
+	}
+
+int i2d_X509_CRL_bio(BIO *bp, X509_CRL *crl)
+	{
+	return(ASN1_i2d_bio(i2d_X509_CRL,bp,(unsigned char *)crl));
+	}
+
+PKCS7 *PKCS7_dup(PKCS7 *p7)
+	{
+	return((PKCS7 *)ASN1_dup((int (*)())i2d_PKCS7,
+		(char *(*)())d2i_PKCS7,(char *)p7));
+	}
+
+#ifndef NO_FP_API
+PKCS7 *d2i_PKCS7_fp(FILE *fp, PKCS7 **p7)
+	{
+	return((PKCS7 *)ASN1_d2i_fp((char *(*)())
+		PKCS7_new,(char *(*)())d2i_PKCS7, (fp),
+		(unsigned char **)(p7)));
+	}
+
+int i2d_PKCS7_fp(FILE *fp, PKCS7 *p7)
+	{
+	return(ASN1_i2d_fp(i2d_PKCS7,fp,(unsigned char *)p7));
+	}
+#endif
+
+PKCS7 *d2i_PKCS7_bio(BIO *bp, PKCS7 **p7)
+	{
+	return((PKCS7 *)ASN1_d2i_bio((char *(*)())
+		PKCS7_new,(char *(*)())d2i_PKCS7, (bp),
+		(unsigned char **)(p7)));
+	}
+
+int i2d_PKCS7_bio(BIO *bp, PKCS7 *p7)
+	{
+	return(ASN1_i2d_bio(i2d_PKCS7,bp,(unsigned char *)p7));
+	}
+
+X509_REQ *X509_REQ_dup(X509_REQ *req)
+	{
+	return((X509_REQ *)ASN1_dup((int (*)())i2d_X509_REQ,
+		(char *(*)())d2i_X509_REQ,(char *)req));
+	}
+
+#ifndef NO_FP_API
+X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **req)
+	{
+	return((X509_REQ *)ASN1_d2i_fp((char *(*)())
+		X509_REQ_new, (char *(*)())d2i_X509_REQ, (fp),
+		(unsigned char **)(req)));
+	}
+
+int i2d_X509_REQ_fp(FILE *fp, X509_REQ *req)
+	{
+	return(ASN1_i2d_fp(i2d_X509_REQ,fp,(unsigned char *)req));
+	}
+#endif
+
+X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **req)
+	{
+	return((X509_REQ *)ASN1_d2i_bio((char *(*)())
+		X509_REQ_new, (char *(*)())d2i_X509_REQ, (bp),
+		(unsigned char **)(req)));
+	}
+
+int i2d_X509_REQ_bio(BIO *bp, X509_REQ *req)
+	{
+	return(ASN1_i2d_bio(i2d_X509_REQ,bp,(unsigned char *)req));
+	}
+
+#ifndef NO_RSA
+RSA *RSAPublicKey_dup(RSA *rsa)
+	{
+	return((RSA *)ASN1_dup((int (*)())i2d_RSAPublicKey,
+		(char *(*)())d2i_RSAPublicKey,(char *)rsa));
+	}
+
+RSA *RSAPrivateKey_dup(RSA *rsa)
+	{
+	return((RSA *)ASN1_dup((int (*)())i2d_RSAPrivateKey,
+		(char *(*)())d2i_RSAPrivateKey,(char *)rsa));
+	}
+
+#ifndef NO_FP_API
+RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa)
+	{
+	return((RSA *)ASN1_d2i_fp((char *(*)())
+		RSA_new,(char *(*)())d2i_RSAPrivateKey, (fp),
+		(unsigned char **)(rsa)));
+	}
+
+int i2d_RSAPrivateKey_fp(FILE *fp, RSA *rsa)
+	{
+	return(ASN1_i2d_fp(i2d_RSAPrivateKey,fp,(unsigned char *)rsa));
+	}
+
+RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa)
+	{
+	return((RSA *)ASN1_d2i_fp((char *(*)())
+		RSA_new,(char *(*)())d2i_RSAPublicKey, (fp),
+		(unsigned char **)(rsa)));
+	}
+
+int i2d_RSAPublicKey_fp(FILE *fp, RSA *rsa)
+	{
+	return(ASN1_i2d_fp(i2d_RSAPublicKey,fp,(unsigned char *)rsa));
+	}
+#endif
+
+RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa)
+	{
+	return((RSA *)ASN1_d2i_bio((char *(*)())
+		RSA_new,(char *(*)())d2i_RSAPrivateKey, (bp),
+		(unsigned char **)(rsa)));
+	}
+
+int i2d_RSAPrivateKey_bio(BIO *bp, RSA *rsa)
+	{
+	return(ASN1_i2d_bio(i2d_RSAPrivateKey,bp,(unsigned char *)rsa));
+	}
+
+RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa)
+	{
+	return((RSA *)ASN1_d2i_bio((char *(*)())
+		RSA_new,(char *(*)())d2i_RSAPublicKey, (bp),
+		(unsigned char **)(rsa)));
+	}
+
+int i2d_RSAPublicKey_bio(BIO *bp, RSA *rsa)
+	{
+	return(ASN1_i2d_bio(i2d_RSAPublicKey,bp,(unsigned char *)rsa));
+	}
+#endif
+
+#ifndef NO_DSA
+#ifndef NO_FP_API
+DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa)
+	{
+	return((DSA *)ASN1_d2i_fp((char *(*)())
+		DSA_new,(char *(*)())d2i_DSAPrivateKey, (fp),
+		(unsigned char **)(dsa)));
+	}
+
+int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa)
+	{
+	return(ASN1_i2d_fp(i2d_DSAPrivateKey,fp,(unsigned char *)dsa));
+	}
+#endif
+
+DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa)
+	{
+	return((DSA *)ASN1_d2i_bio((char *(*)())
+		DSA_new,(char *(*)())d2i_DSAPrivateKey, (bp),
+		(unsigned char **)(dsa)));
+	}
+
+int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa)
+	{
+	return(ASN1_i2d_bio(i2d_DSAPrivateKey,bp,(unsigned char *)dsa));
+	}
+#endif
+
+X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn)
+	{
+	return((X509_ALGOR *)ASN1_dup((int (*)())i2d_X509_ALGOR,
+	(char *(*)())d2i_X509_ALGOR,(char *)xn));
+	}
+
+X509_NAME *X509_NAME_dup(X509_NAME *xn)
+	{
+	return((X509_NAME *)ASN1_dup((int (*)())i2d_X509_NAME,
+		(char *(*)())d2i_X509_NAME,(char *)xn));
+	}
+
+X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne)
+	{
+	return((X509_NAME_ENTRY *)ASN1_dup((int (*)())i2d_X509_NAME_ENTRY,
+		(char *(*)())d2i_X509_NAME_ENTRY,(char *)ne));
+	}
+
+int X509_digest(X509 *data, EVP_MD *type, unsigned char *md,
+	     unsigned int *len)
+	{
+	return(ASN1_digest((int (*)())i2d_X509,type,(char *)data,md,len));
+	}
+
+int X509_NAME_digest(X509_NAME *data, EVP_MD *type, unsigned char *md,
+	     unsigned int *len)
+	{
+	return(ASN1_digest((int (*)())i2d_X509_NAME,type,(char *)data,md,len));
+	}
+
+int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data, EVP_MD *type,
+	     unsigned char *md, unsigned int *len)
+	{
+	return(ASN1_digest((int (*)())i2d_PKCS7_ISSUER_AND_SERIAL,type,
+		(char *)data,md,len));
+	}
+
+
+#ifndef NO_FP_API
+X509_SIG *d2i_PKCS8_fp(FILE *fp, X509_SIG **p8)
+	{
+	return((X509_SIG *)ASN1_d2i_fp((char *(*)())X509_SIG_new,
+		(char *(*)())d2i_X509_SIG, (fp),(unsigned char **)(p8)));
+	}
+
+int i2d_PKCS8_fp(FILE *fp, X509_SIG *p8)
+	{
+	return(ASN1_i2d_fp(i2d_X509_SIG,fp,(unsigned char *)p8));
+	}
+#endif
+
+X509_SIG *d2i_PKCS8_bio(BIO *bp, X509_SIG **p8)
+	{
+	return((X509_SIG *)ASN1_d2i_bio((char *(*)())X509_SIG_new,
+		(char *(*)())d2i_X509_SIG, (bp),(unsigned char **)(p8)));
+	}
+
+int i2d_PKCS8_bio(BIO *bp, X509_SIG *p8)
+	{
+	return(ASN1_i2d_bio(i2d_X509_SIG,bp,(unsigned char *)p8));
+	}
+
+#ifndef NO_FP_API
+PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,
+						 PKCS8_PRIV_KEY_INFO **p8inf)
+	{
+	return((PKCS8_PRIV_KEY_INFO *)ASN1_d2i_fp(
+		(char *(*)())PKCS8_PRIV_KEY_INFO_new,
+		(char *(*)())d2i_PKCS8_PRIV_KEY_INFO, (fp),
+				(unsigned char **)(p8inf)));
+	}
+
+int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, PKCS8_PRIV_KEY_INFO *p8inf)
+	{
+	return(ASN1_i2d_fp(i2d_PKCS8_PRIV_KEY_INFO,fp,(unsigned char *)p8inf));
+	}
+#endif
+
+PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,
+						 PKCS8_PRIV_KEY_INFO **p8inf)
+	{
+	return((PKCS8_PRIV_KEY_INFO *)ASN1_d2i_bio(
+		(char *(*)())PKCS8_PRIV_KEY_INFO_new,
+		(char *(*)())d2i_PKCS8_PRIV_KEY_INFO, (bp),
+				(unsigned char **)(p8inf)));
+	}
+
+int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, PKCS8_PRIV_KEY_INFO *p8inf)
+	{
+	return(ASN1_i2d_bio(i2d_PKCS8_PRIV_KEY_INFO,bp,(unsigned char *)p8inf));
+	}
diff --git a/crypto/openssl/crypto/x509v3/Makefile.ssl b/crypto/openssl/crypto/x509v3/Makefile.ssl
new file mode 100644
index 000000000000..57006e687549
--- /dev/null
+++ b/crypto/openssl/crypto/x509v3/Makefile.ssl
@@ -0,0 +1,432 @@
+#
+# SSLeay/crypto/x509v3/Makefile
+#
+
+DIR=	x509v3
+TOP=	../..
+CC=	cc
+INCLUDES= -I.. -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=		make -f Makefile.ssl
+MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+MAKEFILE=	Makefile.ssl
+AR=		ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile README
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=	v3_bcons.c v3_bitst.c v3_conf.c v3_extku.c v3_ia5.c \
+v3_lib.c v3_prn.c v3_utl.c v3err.c v3_genn.c v3_alt.c v3_skey.c v3_akey.c \
+v3_pku.c v3_int.c v3_enum.c v3_sxnet.c v3_cpols.c v3_crld.c
+LIBOBJ= v3_bcons.o v3_bitst.o v3_conf.o v3_extku.o v3_ia5.o v3_lib.o \
+v3_prn.o v3_utl.o v3err.o v3_genn.o v3_alt.o v3_skey.o v3_akey.o v3_pku.o \
+v3_int.o v3_enum.o v3_sxnet.o v3_cpols.o v3_crld.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= x509v3.h
+HEADER=	$(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:	lib
+
+lib:	$(LIBOBJ)
+	$(AR) $(LIB) $(LIBOBJ)
+	$(RANLIB) $(LIB)
+	@touch lib
+
+files:
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+	@for i in $(EXHEADER) ; \
+	do  \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+	done;
+
+tags:
+	ctags $(SRC)
+
+tests:
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+
+dclean:
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+v3_akey.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+v3_akey.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_akey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_akey.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_akey.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3_akey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+v3_akey.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+v3_akey.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_akey.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_akey.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+v3_akey.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+v3_akey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_akey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+v3_akey.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+v3_akey.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+v3_akey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_akey.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+v3_akey.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_akey.o: ../cryptlib.h
+v3_alt.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+v3_alt.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+v3_alt.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+v3_alt.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+v3_alt.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+v3_alt.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+v3_alt.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+v3_alt.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+v3_alt.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_alt.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_alt.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_alt.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+v3_alt.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3_alt.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3_alt.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3_alt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_alt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_alt.o: ../../include/openssl/x509v3.h ../cryptlib.h
+v3_bcons.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+v3_bcons.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_bcons.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_bcons.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_bcons.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3_bcons.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+v3_bcons.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+v3_bcons.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_bcons.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_bcons.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+v3_bcons.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+v3_bcons.o: ../../include/openssl/opensslconf.h
+v3_bcons.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+v3_bcons.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3_bcons.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3_bcons.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3_bcons.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_bcons.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_bcons.o: ../../include/openssl/x509v3.h ../cryptlib.h
+v3_bitst.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+v3_bitst.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+v3_bitst.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+v3_bitst.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+v3_bitst.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+v3_bitst.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+v3_bitst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+v3_bitst.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+v3_bitst.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_bitst.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_bitst.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_bitst.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+v3_bitst.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3_bitst.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3_bitst.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3_bitst.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_bitst.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_bitst.o: ../../include/openssl/x509v3.h ../cryptlib.h
+v3_conf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+v3_conf.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+v3_conf.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+v3_conf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+v3_conf.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+v3_conf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+v3_conf.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+v3_conf.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+v3_conf.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_conf.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_conf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_conf.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+v3_conf.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3_conf.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3_conf.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3_conf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_conf.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_conf.o: ../../include/openssl/x509v3.h ../cryptlib.h
+v3_cpols.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+v3_cpols.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_cpols.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_cpols.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_cpols.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3_cpols.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+v3_cpols.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+v3_cpols.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_cpols.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_cpols.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+v3_cpols.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+v3_cpols.o: ../../include/openssl/opensslconf.h
+v3_cpols.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+v3_cpols.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3_cpols.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3_cpols.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3_cpols.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_cpols.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_cpols.o: ../../include/openssl/x509v3.h ../cryptlib.h
+v3_crld.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+v3_crld.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_crld.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_crld.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_crld.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3_crld.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+v3_crld.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+v3_crld.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_crld.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_crld.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+v3_crld.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+v3_crld.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_crld.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+v3_crld.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+v3_crld.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+v3_crld.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_crld.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+v3_crld.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_crld.o: ../cryptlib.h
+v3_enum.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+v3_enum.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+v3_enum.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+v3_enum.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+v3_enum.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+v3_enum.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+v3_enum.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+v3_enum.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+v3_enum.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_enum.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_enum.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_enum.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+v3_enum.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3_enum.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3_enum.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3_enum.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_enum.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_enum.o: ../../include/openssl/x509v3.h ../cryptlib.h
+v3_extku.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+v3_extku.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+v3_extku.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+v3_extku.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+v3_extku.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+v3_extku.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+v3_extku.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+v3_extku.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+v3_extku.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_extku.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_extku.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_extku.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+v3_extku.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3_extku.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3_extku.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3_extku.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_extku.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_extku.o: ../../include/openssl/x509v3.h ../cryptlib.h
+v3_genn.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+v3_genn.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_genn.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_genn.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_genn.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3_genn.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+v3_genn.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+v3_genn.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_genn.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_genn.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+v3_genn.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+v3_genn.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_genn.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+v3_genn.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+v3_genn.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+v3_genn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_genn.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+v3_genn.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_genn.o: ../cryptlib.h
+v3_ia5.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+v3_ia5.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+v3_ia5.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+v3_ia5.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+v3_ia5.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+v3_ia5.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+v3_ia5.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+v3_ia5.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+v3_ia5.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_ia5.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_ia5.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_ia5.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+v3_ia5.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3_ia5.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3_ia5.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3_ia5.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_ia5.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_ia5.o: ../../include/openssl/x509v3.h ../cryptlib.h
+v3_int.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+v3_int.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+v3_int.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+v3_int.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+v3_int.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+v3_int.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+v3_int.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+v3_int.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+v3_int.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_int.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_int.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_int.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+v3_int.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3_int.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3_int.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3_int.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_int.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_int.o: ../../include/openssl/x509v3.h ../cryptlib.h
+v3_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+v3_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+v3_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+v3_lib.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+v3_lib.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+v3_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+v3_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+v3_lib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+v3_lib.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_lib.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+v3_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_lib.o: ../../include/openssl/x509v3.h ../cryptlib.h
+v3_pku.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+v3_pku.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_pku.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_pku.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_pku.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3_pku.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+v3_pku.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+v3_pku.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_pku.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_pku.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+v3_pku.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+v3_pku.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_pku.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+v3_pku.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+v3_pku.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+v3_pku.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_pku.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+v3_pku.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_pku.o: ../cryptlib.h
+v3_prn.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+v3_prn.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+v3_prn.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+v3_prn.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+v3_prn.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+v3_prn.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+v3_prn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+v3_prn.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+v3_prn.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_prn.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_prn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+v3_prn.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3_prn.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3_prn.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3_prn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_prn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_prn.o: ../../include/openssl/x509v3.h ../cryptlib.h
+v3_skey.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+v3_skey.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+v3_skey.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+v3_skey.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+v3_skey.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+v3_skey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+v3_skey.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+v3_skey.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+v3_skey.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_skey.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_skey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+v3_skey.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3_skey.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3_skey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3_skey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_skey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_skey.o: ../../include/openssl/x509v3.h ../cryptlib.h
+v3_sxnet.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+v3_sxnet.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_sxnet.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_sxnet.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_sxnet.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3_sxnet.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+v3_sxnet.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+v3_sxnet.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_sxnet.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_sxnet.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+v3_sxnet.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+v3_sxnet.o: ../../include/openssl/opensslconf.h
+v3_sxnet.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+v3_sxnet.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3_sxnet.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3_sxnet.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3_sxnet.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_sxnet.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_sxnet.o: ../../include/openssl/x509v3.h ../cryptlib.h
+v3_utl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+v3_utl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+v3_utl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+v3_utl.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+v3_utl.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+v3_utl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+v3_utl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+v3_utl.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+v3_utl.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_utl.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_utl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_utl.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+v3_utl.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3_utl.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3_utl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3_utl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_utl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_utl.o: ../../include/openssl/x509v3.h ../cryptlib.h
+v3err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+v3err.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+v3err.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3err.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3err.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+v3err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+v3err.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+v3err.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3err.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3err.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+v3err.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3err.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3err.o: ../../include/openssl/x509v3.h
diff --git a/crypto/openssl/crypto/x509v3/README b/crypto/openssl/crypto/x509v3/README
new file mode 100644
index 000000000000..3b2cc047beb4
--- /dev/null
+++ b/crypto/openssl/crypto/x509v3/README
@@ -0,0 +1,4 @@
+WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
+
+This is ***VERY*** new experimental code and is likely to change
+considerably or vanish altogether.
diff --git a/crypto/openssl/crypto/x509v3/v3_akey.c b/crypto/openssl/crypto/x509v3/v3_akey.c
new file mode 100644
index 000000000000..4099e6019e3c
--- /dev/null
+++ b/crypto/openssl/crypto/x509v3/v3_akey.c
@@ -0,0 +1,249 @@
+/* v3_akey.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+#include 
+
+static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
+			AUTHORITY_KEYID *akeyid, STACK_OF(CONF_VALUE) *extlist);
+static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
+			X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
+
+X509V3_EXT_METHOD v3_akey_id = {
+NID_authority_key_identifier, X509V3_EXT_MULTILINE,
+(X509V3_EXT_NEW)AUTHORITY_KEYID_new,
+(X509V3_EXT_FREE)AUTHORITY_KEYID_free,
+(X509V3_EXT_D2I)d2i_AUTHORITY_KEYID,
+(X509V3_EXT_I2D)i2d_AUTHORITY_KEYID,
+NULL, NULL,
+(X509V3_EXT_I2V)i2v_AUTHORITY_KEYID,
+(X509V3_EXT_V2I)v2i_AUTHORITY_KEYID,
+NULL,NULL,
+NULL
+};
+
+
+int i2d_AUTHORITY_KEYID(AUTHORITY_KEYID *a, unsigned char **pp)
+{
+	M_ASN1_I2D_vars(a);
+
+	M_ASN1_I2D_len_IMP_opt (a->keyid, i2d_ASN1_OCTET_STRING);
+	M_ASN1_I2D_len_IMP_opt (a->issuer, i2d_GENERAL_NAMES);
+	M_ASN1_I2D_len_IMP_opt (a->serial, i2d_ASN1_INTEGER);
+
+	M_ASN1_I2D_seq_total();
+
+	M_ASN1_I2D_put_IMP_opt (a->keyid, i2d_ASN1_OCTET_STRING, 0);
+	M_ASN1_I2D_put_IMP_opt (a->issuer, i2d_GENERAL_NAMES, 1);
+	M_ASN1_I2D_put_IMP_opt (a->serial, i2d_ASN1_INTEGER, 2);
+
+	M_ASN1_I2D_finish();
+}
+
+AUTHORITY_KEYID *AUTHORITY_KEYID_new(void)
+{
+	AUTHORITY_KEYID *ret=NULL;
+	ASN1_CTX c;
+	M_ASN1_New_Malloc(ret, AUTHORITY_KEYID);
+	ret->keyid = NULL;
+	ret->issuer = NULL;
+	ret->serial = NULL;
+	return (ret);
+	M_ASN1_New_Error(ASN1_F_AUTHORITY_KEYID_NEW);
+}
+
+AUTHORITY_KEYID *d2i_AUTHORITY_KEYID(AUTHORITY_KEYID **a, unsigned char **pp,
+	     long length)
+{
+	M_ASN1_D2I_vars(a,AUTHORITY_KEYID *,AUTHORITY_KEYID_new);
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get_IMP_opt (ret->keyid, d2i_ASN1_OCTET_STRING, 0,
+							V_ASN1_OCTET_STRING);
+	M_ASN1_D2I_get_IMP_opt (ret->issuer, d2i_GENERAL_NAMES, 1,
+							V_ASN1_SEQUENCE);
+	M_ASN1_D2I_get_IMP_opt (ret->serial, d2i_ASN1_INTEGER, 2,
+							V_ASN1_INTEGER);
+	M_ASN1_D2I_Finish(a, AUTHORITY_KEYID_free, ASN1_F_D2I_AUTHORITY_KEYID);
+}
+
+void AUTHORITY_KEYID_free(AUTHORITY_KEYID *a)
+{
+	if (a == NULL) return;
+	ASN1_OCTET_STRING_free(a->keyid);
+	sk_GENERAL_NAME_pop_free(a->issuer, GENERAL_NAME_free);
+	ASN1_INTEGER_free (a->serial);
+	Free ((char *)a);
+}
+
+static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
+	     AUTHORITY_KEYID *akeyid, STACK_OF(CONF_VALUE) *extlist)
+{
+	char *tmp;
+	if(akeyid->keyid) {
+		tmp = hex_to_string(akeyid->keyid->data, akeyid->keyid->length);
+		X509V3_add_value("keyid", tmp, &extlist);
+		Free(tmp);
+	}
+	if(akeyid->issuer) 
+		extlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist);
+	if(akeyid->serial) {
+		tmp = hex_to_string(akeyid->serial->data,
+						 akeyid->serial->length);
+		X509V3_add_value("serial", tmp, &extlist);
+		Free(tmp);
+	}
+	return extlist;
+}
+
+/* Currently two options:
+ * keyid: use the issuers subject keyid, the value 'always' means its is
+ * an error if the issuer certificate doesn't have a key id.
+ * issuer: use the issuers cert issuer and serial number. The default is
+ * to only use this if keyid is not present. With the option 'always'
+ * this is always included.
+ */
+
+static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
+	     X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values)
+{
+char keyid=0, issuer=0;
+int i;
+CONF_VALUE *cnf;
+ASN1_OCTET_STRING *ikeyid = NULL;
+X509_NAME *isname = NULL;
+STACK_OF(GENERAL_NAME) * gens = NULL;
+GENERAL_NAME *gen = NULL;
+ASN1_INTEGER *serial = NULL;
+X509_EXTENSION *ext;
+X509 *cert;
+AUTHORITY_KEYID *akeyid;
+for(i = 0; i < sk_CONF_VALUE_num(values); i++) {
+	cnf = sk_CONF_VALUE_value(values, i);
+	if(!strcmp(cnf->name, "keyid")) {
+		keyid = 1;
+		if(cnf->value && !strcmp(cnf->value, "always")) keyid = 2;
+	} else if(!strcmp(cnf->name, "issuer")) {
+		issuer = 1;
+		if(cnf->value && !strcmp(cnf->value, "always")) issuer = 2;
+	} else {
+		X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNKNOWN_OPTION);
+		ERR_add_error_data(2, "name=", cnf->name);
+		return NULL;
+	}
+}
+
+
+
+if(!ctx || !ctx->issuer_cert) {
+	if(ctx && (ctx->flags==CTX_TEST)) return AUTHORITY_KEYID_new();
+	X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_NO_ISSUER_CERTIFICATE);
+	return NULL;
+}
+
+cert = ctx->issuer_cert;
+
+if(keyid) {
+	i = X509_get_ext_by_NID(cert, NID_subject_key_identifier, -1);
+	if((i >= 0)  && (ext = X509_get_ext(cert, i)))
+						 ikeyid = X509V3_EXT_d2i(ext);
+	if(keyid==2 && !ikeyid) {
+		X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_KEYID);
+		return NULL;
+	}
+}
+
+if((issuer && !ikeyid) || (issuer == 2)) {
+	isname = X509_NAME_dup(X509_get_issuer_name(cert));
+	serial = ASN1_INTEGER_dup(X509_get_serialNumber(cert));
+	if(!isname || !serial) {
+		X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS);
+		goto err;
+	}
+}
+
+if(!(akeyid = AUTHORITY_KEYID_new())) goto err;
+
+if(isname) {
+	if(!(gens = sk_GENERAL_NAME_new(NULL)) || !(gen = GENERAL_NAME_new())
+		|| !sk_GENERAL_NAME_push(gens, gen)) {
+		X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,ERR_R_MALLOC_FAILURE);
+		goto err;
+	}
+	gen->type = GEN_DIRNAME;
+	gen->d.dirn = isname;
+}
+
+akeyid->issuer = gens;
+akeyid->serial = serial;
+akeyid->keyid = ikeyid;
+
+return akeyid;
+
+err:
+X509_NAME_free(isname);
+ASN1_INTEGER_free(serial);
+ASN1_OCTET_STRING_free(ikeyid);
+return NULL;
+
+}
+
diff --git a/crypto/openssl/crypto/x509v3/v3_alt.c b/crypto/openssl/crypto/x509v3/v3_alt.c
new file mode 100644
index 000000000000..b5e1f8af9600
--- /dev/null
+++ b/crypto/openssl/crypto/x509v3/v3_alt.c
@@ -0,0 +1,402 @@
+/* v3_alt.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+
+static STACK_OF(GENERAL_NAME) *v2i_subject_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
+static STACK_OF(GENERAL_NAME) *v2i_issuer_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
+static int copy_email(X509V3_CTX *ctx, STACK_OF(GENERAL_NAME) *gens);
+static int copy_issuer(X509V3_CTX *ctx, STACK_OF(GENERAL_NAME) *gens);
+X509V3_EXT_METHOD v3_alt[] = {
+{ NID_subject_alt_name, 0,
+(X509V3_EXT_NEW)GENERAL_NAMES_new,
+(X509V3_EXT_FREE)GENERAL_NAMES_free,
+(X509V3_EXT_D2I)d2i_GENERAL_NAMES,
+(X509V3_EXT_I2D)i2d_GENERAL_NAMES,
+NULL, NULL,
+(X509V3_EXT_I2V)i2v_GENERAL_NAMES,
+(X509V3_EXT_V2I)v2i_subject_alt,
+NULL, NULL, NULL},
+{ NID_issuer_alt_name, 0,
+(X509V3_EXT_NEW)GENERAL_NAMES_new,
+(X509V3_EXT_FREE)GENERAL_NAMES_free,
+(X509V3_EXT_D2I)d2i_GENERAL_NAMES,
+(X509V3_EXT_I2D)i2d_GENERAL_NAMES,
+NULL, NULL,
+(X509V3_EXT_I2V)i2v_GENERAL_NAMES,
+(X509V3_EXT_V2I)v2i_issuer_alt,
+NULL, NULL, NULL},
+EXT_END
+};
+
+STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method,
+		STACK_OF(GENERAL_NAME) *gens, STACK_OF(CONF_VALUE) *ret)
+{
+	int i;
+	GENERAL_NAME *gen;
+	for(i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
+		gen = sk_GENERAL_NAME_value(gens, i);
+		ret = i2v_GENERAL_NAME(method, gen, ret);
+	}
+	if(!ret) return sk_CONF_VALUE_new_null();
+	return ret;
+}
+
+STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method,
+				GENERAL_NAME *gen, STACK_OF(CONF_VALUE) *ret)
+{
+	char oline[256];
+	unsigned char *p;
+	switch (gen->type)
+	{
+		case GEN_OTHERNAME:
+		X509V3_add_value("othername","", &ret);
+		break;
+
+		case GEN_X400:
+		X509V3_add_value("X400Name","", &ret);
+		break;
+
+		case GEN_EDIPARTY:
+		X509V3_add_value("EdiPartyName","", &ret);
+		break;
+
+		case GEN_EMAIL:
+		X509V3_add_value_uchar("email",gen->d.ia5->data, &ret);
+		break;
+
+		case GEN_DNS:
+		X509V3_add_value_uchar("DNS",gen->d.ia5->data, &ret);
+		break;
+
+		case GEN_URI:
+		X509V3_add_value_uchar("URI",gen->d.ia5->data, &ret);
+		break;
+
+		case GEN_DIRNAME:
+		X509_NAME_oneline(gen->d.dirn, oline, 256);
+		X509V3_add_value("DirName",oline, &ret);
+		break;
+
+		case GEN_IPADD:
+		p = gen->d.ip->data;
+		/* BUG: doesn't support IPV6 */
+		if(gen->d.ip->length != 4) {
+			X509V3_add_value("IP Address","", &ret);
+			break;
+		}
+		sprintf(oline, "%d.%d.%d.%d", p[0], p[1], p[2], p[3]);
+		X509V3_add_value("IP Address",oline, &ret);
+		break;
+
+		case GEN_RID:
+		i2t_ASN1_OBJECT(oline, 256, gen->d.rid);
+		X509V3_add_value("Registered ID",oline, &ret);
+		break;
+	}
+	return ret;
+}
+
+static STACK_OF(GENERAL_NAME) *v2i_issuer_alt(X509V3_EXT_METHOD *method,
+				 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+{
+	STACK_OF(GENERAL_NAME) *gens = NULL;
+	CONF_VALUE *cnf;
+	int i;
+	if(!(gens = sk_GENERAL_NAME_new(NULL))) {
+		X509V3err(X509V3_F_V2I_GENERAL_NAMES,ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+	for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+		cnf = sk_CONF_VALUE_value(nval, i);
+		if(!name_cmp(cnf->name, "issuer") && cnf->value &&
+						!strcmp(cnf->value, "copy")) {
+			if(!copy_issuer(ctx, gens)) goto err;
+		} else {
+			GENERAL_NAME *gen;
+			if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf)))
+								 goto err; 
+			sk_GENERAL_NAME_push(gens, gen);
+		}
+	}
+	return gens;
+	err:
+	sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
+	return NULL;
+}
+
+/* Append subject altname of issuer to issuer alt name of subject */
+
+static int copy_issuer(X509V3_CTX *ctx, STACK_OF(GENERAL_NAME) *gens)
+{
+	STACK_OF(GENERAL_NAME) *ialt;
+	GENERAL_NAME *gen;
+	X509_EXTENSION *ext;
+	int i;
+	if(ctx && (ctx->flags == CTX_TEST)) return 1;
+	if(!ctx || !ctx->issuer_cert) {
+		X509V3err(X509V3_F_COPY_ISSUER,X509V3_R_NO_ISSUER_DETAILS);
+		goto err;
+	}
+        i = X509_get_ext_by_NID(ctx->issuer_cert, NID_subject_alt_name, -1);
+	if(i < 0) return 1;
+        if(!(ext = X509_get_ext(ctx->issuer_cert, i)) ||
+                        !(ialt = X509V3_EXT_d2i(ext)) ) {
+		X509V3err(X509V3_F_COPY_ISSUER,X509V3_R_ISSUER_DECODE_ERROR);
+		goto err;
+	}
+
+	for(i = 0; i < sk_GENERAL_NAME_num(ialt); i++) {
+		gen = sk_GENERAL_NAME_value(ialt, i);
+		if(!sk_GENERAL_NAME_push(gens, gen)) {
+			X509V3err(X509V3_F_COPY_ISSUER,ERR_R_MALLOC_FAILURE);
+			goto err;
+		}
+	}
+	sk_GENERAL_NAME_free(ialt);
+
+	return 1;
+		
+	err:
+	return 0;
+	
+}
+
+static STACK_OF(GENERAL_NAME) *v2i_subject_alt(X509V3_EXT_METHOD *method,
+				 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+{
+	STACK_OF(GENERAL_NAME) *gens = NULL;
+	CONF_VALUE *cnf;
+	int i;
+	if(!(gens = sk_GENERAL_NAME_new(NULL))) {
+		X509V3err(X509V3_F_V2I_GENERAL_NAMES,ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+	for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+		cnf = sk_CONF_VALUE_value(nval, i);
+		if(!name_cmp(cnf->name, "email") && cnf->value &&
+						!strcmp(cnf->value, "copy")) {
+			if(!copy_email(ctx, gens)) goto err;
+		} else {
+			GENERAL_NAME *gen;
+			if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf)))
+								 goto err; 
+			sk_GENERAL_NAME_push(gens, gen);
+		}
+	}
+	return gens;
+	err:
+	sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
+	return NULL;
+}
+
+/* Copy any email addresses in a certificate or request to 
+ * GENERAL_NAMES
+ */
+
+static int copy_email(X509V3_CTX *ctx, STACK_OF(GENERAL_NAME) *gens)
+{
+	X509_NAME *nm;
+	ASN1_IA5STRING *email = NULL;
+	X509_NAME_ENTRY *ne;
+	GENERAL_NAME *gen = NULL;
+	int i;
+	if(ctx->flags == CTX_TEST) return 1;
+	if(!ctx || (!ctx->subject_cert && !ctx->subject_req)) {
+		X509V3err(X509V3_F_COPY_EMAIL,X509V3_R_NO_SUBJECT_DETAILS);
+		goto err;
+	}
+	/* Find the subject name */
+	if(ctx->subject_cert) nm = X509_get_subject_name(ctx->subject_cert);
+	else nm = X509_REQ_get_subject_name(ctx->subject_req);
+
+	/* Now add any email address(es) to STACK */
+	i = -1;
+	while((i = X509_NAME_get_index_by_NID(nm,
+					 NID_pkcs9_emailAddress, i)) > 0) {
+		ne = X509_NAME_get_entry(nm, i);
+		email = ASN1_IA5STRING_dup(X509_NAME_ENTRY_get_data(ne));
+		if(!email || !(gen = GENERAL_NAME_new())) {
+			X509V3err(X509V3_F_COPY_EMAIL,ERR_R_MALLOC_FAILURE);
+			goto err;
+		}
+		gen->d.ia5 = email;
+		email = NULL;
+		gen->type = GEN_EMAIL;
+		if(!sk_GENERAL_NAME_push(gens, gen)) {
+			X509V3err(X509V3_F_COPY_EMAIL,ERR_R_MALLOC_FAILURE);
+			goto err;
+		}
+		gen = NULL;
+	}
+
+	
+	return 1;
+		
+	err:
+	GENERAL_NAME_free(gen);
+	ASN1_IA5STRING_free(email);
+	return 0;
+	
+}
+
+STACK_OF(GENERAL_NAME) *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method,
+				X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+{
+	GENERAL_NAME *gen;
+	STACK_OF(GENERAL_NAME) *gens = NULL;
+	CONF_VALUE *cnf;
+	int i;
+	if(!(gens = sk_GENERAL_NAME_new(NULL))) {
+		X509V3err(X509V3_F_V2I_GENERAL_NAMES,ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+	for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+		cnf = sk_CONF_VALUE_value(nval, i);
+		if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) goto err; 
+		sk_GENERAL_NAME_push(gens, gen);
+	}
+	return gens;
+	err:
+	sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
+	return NULL;
+}
+
+GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+							 CONF_VALUE *cnf)
+{
+char is_string = 0;
+int type;
+GENERAL_NAME *gen = NULL;
+
+char *name, *value;
+
+name = cnf->name;
+value = cnf->value;
+
+if(!value) {
+	X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_MISSING_VALUE);
+	return NULL;
+}
+
+if(!(gen = GENERAL_NAME_new())) {
+	X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE);
+	return NULL;
+}
+
+if(!name_cmp(name, "email")) {
+	is_string = 1;
+	type = GEN_EMAIL;
+} else if(!name_cmp(name, "URI")) {
+	is_string = 1;
+	type = GEN_URI;
+} else if(!name_cmp(name, "DNS")) {
+	is_string = 1;
+	type = GEN_DNS;
+} else if(!name_cmp(name, "RID")) {
+	ASN1_OBJECT *obj;
+	if(!(obj = OBJ_txt2obj(value,0))) {
+		X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_BAD_OBJECT);
+		ERR_add_error_data(2, "value=", value);
+		goto err;
+	}
+	gen->d.rid = obj;
+	type = GEN_RID;
+} else if(!name_cmp(name, "IP")) {
+	int i1,i2,i3,i4;
+	unsigned char ip[4];
+	if((sscanf(value, "%d.%d.%d.%d",&i1,&i2,&i3,&i4) != 4) ||
+	    (i1 < 0) || (i1 > 255) || (i2 < 0) || (i2 > 255) ||
+	    (i3 < 0) || (i3 > 255) || (i4 < 0) || (i4 > 255) ) {
+		X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_BAD_IP_ADDRESS);
+		ERR_add_error_data(2, "value=", value);
+		goto err;
+	}
+	ip[0] = i1; ip[1] = i2 ; ip[2] = i3 ; ip[3] = i4;
+	if(!(gen->d.ip = ASN1_OCTET_STRING_new()) ||
+		!ASN1_STRING_set(gen->d.ip, ip, 4)) {
+			X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE);
+			goto err;
+	}
+	type = GEN_IPADD;
+} else {
+	X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_UNSUPPORTED_OPTION);
+	ERR_add_error_data(2, "name=", name);
+	goto err;
+}
+
+if(is_string) {
+	if(!(gen->d.ia5 = ASN1_IA5STRING_new()) ||
+		      !ASN1_STRING_set(gen->d.ia5, (unsigned char*)value,
+				       strlen(value))) {
+		X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE);
+		goto err;
+	}
+}
+
+gen->type = type;
+
+return gen;
+
+err:
+GENERAL_NAME_free(gen);
+return NULL;
+}
diff --git a/crypto/openssl/crypto/x509v3/v3_bcons.c b/crypto/openssl/crypto/x509v3/v3_bcons.c
new file mode 100644
index 000000000000..de2f855c35f6
--- /dev/null
+++ b/crypto/openssl/crypto/x509v3/v3_bcons.c
@@ -0,0 +1,164 @@
+/* v3_bcons.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+#include 
+
+static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, BASIC_CONSTRAINTS *bcons, STACK_OF(CONF_VALUE) *extlist);
+static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
+
+X509V3_EXT_METHOD v3_bcons = {
+NID_basic_constraints, 0,
+(X509V3_EXT_NEW)BASIC_CONSTRAINTS_new,
+(X509V3_EXT_FREE)BASIC_CONSTRAINTS_free,
+(X509V3_EXT_D2I)d2i_BASIC_CONSTRAINTS,
+(X509V3_EXT_I2D)i2d_BASIC_CONSTRAINTS,
+NULL, NULL,
+(X509V3_EXT_I2V)i2v_BASIC_CONSTRAINTS,
+(X509V3_EXT_V2I)v2i_BASIC_CONSTRAINTS,
+NULL,NULL,
+NULL
+};
+
+
+int i2d_BASIC_CONSTRAINTS(BASIC_CONSTRAINTS *a, unsigned char **pp)
+{
+	M_ASN1_I2D_vars(a);
+	if(a->ca) M_ASN1_I2D_len (a->ca, i2d_ASN1_BOOLEAN);
+	M_ASN1_I2D_len (a->pathlen, i2d_ASN1_INTEGER);
+
+	M_ASN1_I2D_seq_total();
+
+	if (a->ca) M_ASN1_I2D_put (a->ca, i2d_ASN1_BOOLEAN);
+	M_ASN1_I2D_put (a->pathlen, i2d_ASN1_INTEGER);
+	M_ASN1_I2D_finish();
+}
+
+BASIC_CONSTRAINTS *BASIC_CONSTRAINTS_new(void)
+{
+	BASIC_CONSTRAINTS *ret=NULL;
+	ASN1_CTX c;
+	M_ASN1_New_Malloc(ret, BASIC_CONSTRAINTS);
+	ret->ca = 0;
+	ret->pathlen = NULL;
+	return (ret);
+	M_ASN1_New_Error(ASN1_F_BASIC_CONSTRAINTS_NEW);
+}
+
+BASIC_CONSTRAINTS *d2i_BASIC_CONSTRAINTS(BASIC_CONSTRAINTS **a,
+	     unsigned char **pp, long length)
+{
+	M_ASN1_D2I_vars(a,BASIC_CONSTRAINTS *,BASIC_CONSTRAINTS_new);
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	if((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) ==
+		 (V_ASN1_UNIVERSAL|V_ASN1_BOOLEAN) ) {
+			M_ASN1_D2I_get_int (ret->ca, d2i_ASN1_BOOLEAN);
+	}
+	M_ASN1_D2I_get_opt (ret->pathlen, d2i_ASN1_INTEGER, V_ASN1_INTEGER);
+	M_ASN1_D2I_Finish(a, BASIC_CONSTRAINTS_free, ASN1_F_D2I_BASIC_CONSTRAINTS);
+}
+
+void BASIC_CONSTRAINTS_free(BASIC_CONSTRAINTS *a)
+{
+	if (a == NULL) return;
+	ASN1_INTEGER_free (a->pathlen);
+	Free ((char *)a);
+}
+
+static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method,
+	     BASIC_CONSTRAINTS *bcons, STACK_OF(CONF_VALUE) *extlist)
+{
+	X509V3_add_value_bool("CA", bcons->ca, &extlist);
+	X509V3_add_value_int("pathlen", bcons->pathlen, &extlist);
+	return extlist;
+}
+
+static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method,
+	     X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values)
+{
+	BASIC_CONSTRAINTS *bcons=NULL;
+	CONF_VALUE *val;
+	int i;
+	if(!(bcons = BASIC_CONSTRAINTS_new())) {
+		X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS, ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+	for(i = 0; i < sk_CONF_VALUE_num(values); i++) {
+		val = sk_CONF_VALUE_value(values, i);
+		if(!strcmp(val->name, "CA")) {
+			if(!X509V3_get_value_bool(val, &bcons->ca)) goto err;
+		} else if(!strcmp(val->name, "pathlen")) {
+			if(!X509V3_get_value_int(val, &bcons->pathlen)) goto err;
+		} else {
+			X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS, X509V3_R_INVALID_NAME);
+			X509V3_conf_err(val);
+			goto err;
+		}
+	}
+	return bcons;
+	err:
+	BASIC_CONSTRAINTS_free(bcons);
+	return NULL;
+}
+
diff --git a/crypto/openssl/crypto/x509v3/v3_bitst.c b/crypto/openssl/crypto/x509v3/v3_bitst.c
new file mode 100644
index 000000000000..9828ba15b3d3
--- /dev/null
+++ b/crypto/openssl/crypto/x509v3/v3_bitst.c
@@ -0,0 +1,147 @@
+/* v3_bitst.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+
+static ASN1_BIT_STRING *asn1_bit_string_new(void);
+static ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
+				X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
+static STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
+				ASN1_BIT_STRING *bits,
+				STACK_OF(CONF_VALUE) *extlist);
+static BIT_STRING_BITNAME ns_cert_type_table[] = {
+{0, "SSL Client", "client"},
+{1, "SSL Server", "server"},
+{2, "S/MIME", "email"},
+{3, "Object Signing", "objsign"},
+{4, "Unused", "reserved"},
+{5, "SSL CA", "sslCA"},
+{6, "S/MIME CA", "emailCA"},
+{7, "Object Signing CA", "objCA"},
+{-1, NULL, NULL}
+};
+
+static BIT_STRING_BITNAME key_usage_type_table[] = {
+{0, "Digital Signature", "digitalSignature"},
+{1, "Non Repudiation", "nonRepudiation"},
+{2, "Key Encipherment", "keyEncipherment"},
+{3, "Data Encipherment", "dataEncipherment"},
+{4, "Key Agreement", "keyAgreement"},
+{5, "Certificate Sign", "keyCertSign"},
+{6, "CRL Sign", "cRLSign"},
+{7, "Encipher Only", "encipherOnly"},
+{8, "Decipher Only", "decipherOnly"},
+{-1, NULL, NULL}
+};
+
+
+
+X509V3_EXT_METHOD v3_nscert = EXT_BITSTRING(NID_netscape_cert_type, ns_cert_type_table);
+X509V3_EXT_METHOD v3_key_usage = EXT_BITSTRING(NID_key_usage, key_usage_type_table);
+
+static ASN1_BIT_STRING *asn1_bit_string_new(void)
+{
+	return ASN1_BIT_STRING_new();
+}
+
+static STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
+	     ASN1_BIT_STRING *bits, STACK_OF(CONF_VALUE) *ret)
+{
+	BIT_STRING_BITNAME *bnam;
+	for(bnam =method->usr_data; bnam->lname; bnam++) {
+		if(ASN1_BIT_STRING_get_bit(bits, bnam->bitnum)) 
+			X509V3_add_value(bnam->lname, NULL, &ret);
+	}
+	return ret;
+}
+	
+static ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
+	     X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+{
+	CONF_VALUE *val;
+	ASN1_BIT_STRING *bs;
+	int i;
+	BIT_STRING_BITNAME *bnam;
+	if(!(bs = ASN1_BIT_STRING_new())) {
+		X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+	for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+		val = sk_CONF_VALUE_value(nval, i);
+		for(bnam = method->usr_data; bnam->lname; bnam++) {
+			if(!strcmp(bnam->sname, val->name) ||
+				!strcmp(bnam->lname, val->name) ) {
+				ASN1_BIT_STRING_set_bit(bs, bnam->bitnum, 1);
+				break;
+			}
+		}
+		if(!bnam->lname) {
+			X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,
+					X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT);
+			X509V3_conf_err(val);
+			ASN1_BIT_STRING_free(bs);
+			return NULL;
+		}
+	}
+	return bs;
+}
+	
+
diff --git a/crypto/openssl/crypto/x509v3/v3_conf.c b/crypto/openssl/crypto/x509v3/v3_conf.c
new file mode 100644
index 000000000000..f19bb3ad841d
--- /dev/null
+++ b/crypto/openssl/crypto/x509v3/v3_conf.c
@@ -0,0 +1,366 @@
+/* v3_conf.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* extension creation utilities */
+
+
+
+#include 
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+
+static int v3_check_critical(char **value);
+static int v3_check_generic(char **value);
+static X509_EXTENSION *do_ext_conf(LHASH *conf, X509V3_CTX *ctx, int ext_nid, int crit, char *value);
+static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, int crit, int type);
+static char *conf_lhash_get_string(void *db, char *section, char *value);
+static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section);
+static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid,
+						 int crit, void *ext_struc);
+/* LHASH *conf:  Config file    */
+/* char *name:  Name    */
+/* char *value:  Value    */
+X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name,
+	     char *value)
+{
+	int crit;
+	int ext_type;
+	X509_EXTENSION *ret;
+	crit = v3_check_critical(&value);
+	if((ext_type = v3_check_generic(&value))) 
+		return v3_generic_extension(name, value, crit, ext_type);
+	ret = do_ext_conf(conf, ctx, OBJ_sn2nid(name), crit, value);
+	if(!ret) {
+		X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_ERROR_IN_EXTENSION);
+		ERR_add_error_data(4,"name=", name, ", value=", value);
+	}
+	return ret;
+}
+
+/* LHASH *conf:  Config file    */
+/* char *value:  Value    */
+X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid,
+	     char *value)
+{
+	int crit;
+	int ext_type;
+	crit = v3_check_critical(&value);
+	if((ext_type = v3_check_generic(&value))) 
+		return v3_generic_extension(OBJ_nid2sn(ext_nid),
+							 value, crit, ext_type);
+	return do_ext_conf(conf, ctx, ext_nid, crit, value);
+}
+
+/* LHASH *conf:  Config file    */
+/* char *value:  Value    */
+static X509_EXTENSION *do_ext_conf(LHASH *conf, X509V3_CTX *ctx, int ext_nid,
+	     int crit, char *value)
+{
+	X509V3_EXT_METHOD *method;
+	X509_EXTENSION *ext;
+	STACK_OF(CONF_VALUE) *nval;
+	void *ext_struc;
+	if(ext_nid == NID_undef) {
+		X509V3err(X509V3_F_DO_EXT_CONF,X509V3_R_UNKNOWN_EXTENSION_NAME);
+		return NULL;
+	}
+	if(!(method = X509V3_EXT_get_nid(ext_nid))) {
+		X509V3err(X509V3_F_DO_EXT_CONF,X509V3_R_UNKNOWN_EXTENSION);
+		return NULL;
+	}
+	/* Now get internal extension representation based on type */
+	if(method->v2i) {
+		if(*value == '@') nval = CONF_get_section(conf, value + 1);
+		else nval = X509V3_parse_list(value);
+		if(!nval) {
+			X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_INVALID_EXTENSION_STRING);
+			ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=", value);
+			return NULL;
+		}
+		ext_struc = method->v2i(method, ctx, nval);
+		if(*value != '@') sk_CONF_VALUE_pop_free(nval,
+							 X509V3_conf_free);
+		if(!ext_struc) return NULL;
+	} else if(method->s2i) {
+		if(!(ext_struc = method->s2i(method, ctx, value))) return NULL;
+	} else if(method->r2i) {
+		if(!ctx->db) {
+			X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_NO_CONFIG_DATABASE);
+			return NULL;
+		}
+		if(!(ext_struc = method->r2i(method, ctx, value))) return NULL;
+	} else {
+		X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED);
+		ERR_add_error_data(2, "name=", OBJ_nid2sn(ext_nid));
+		return NULL;
+	}
+
+	ext  = do_ext_i2d(method, ext_nid, crit, ext_struc);
+	method->ext_free(ext_struc);
+	return ext;
+
+}
+
+static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid,
+						 int crit, void *ext_struc)
+{
+	unsigned char *ext_der, *p;
+	int ext_len;
+	ASN1_OCTET_STRING *ext_oct;
+	X509_EXTENSION *ext;
+	/* Convert internal representation to DER */
+	ext_len = method->i2d(ext_struc, NULL);
+	if(!(ext_der = Malloc(ext_len))) goto merr;
+	p = ext_der;
+	method->i2d(ext_struc, &p);
+	if(!(ext_oct = ASN1_OCTET_STRING_new())) goto merr;
+	ext_oct->data = ext_der;
+	ext_oct->length = ext_len;
+	
+	ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct);
+	if(!ext) goto merr;
+	ASN1_OCTET_STRING_free(ext_oct);
+
+	return ext;
+
+	merr:
+	X509V3err(X509V3_F_DO_EXT_I2D,ERR_R_MALLOC_FAILURE);
+	return NULL;
+
+}
+
+/* Given an internal structure, nid and critical flag create an extension */
+
+X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc)
+{
+	X509V3_EXT_METHOD *method;
+	if(!(method = X509V3_EXT_get_nid(ext_nid))) {
+		X509V3err(X509V3_F_X509V3_EXT_I2D,X509V3_R_UNKNOWN_EXTENSION);
+		return NULL;
+	}
+	return do_ext_i2d(method, ext_nid, crit, ext_struc);
+}
+
+/* Check the extension string for critical flag */
+static int v3_check_critical(char **value)
+{
+	char *p = *value;
+	if((strlen(p) < 9) || strncmp(p, "critical,", 9)) return 0;
+	p+=9;
+	while(isspace((unsigned char)*p)) p++;
+	*value = p;
+	return 1;
+}
+
+/* Check extension string for generic extension and return the type */
+static int v3_check_generic(char **value)
+{
+	char *p = *value;
+	if((strlen(p) < 4) || strncmp(p, "DER:,", 4)) return 0;
+	p+=4;
+	while(isspace((unsigned char)*p)) p++;
+	*value = p;
+	return 1;
+}
+
+/* Create a generic extension: for now just handle RAW type */
+static X509_EXTENSION *v3_generic_extension(const char *ext, char *value,
+	     int crit, int type)
+{
+unsigned char *ext_der=NULL;
+long ext_len;
+ASN1_OBJECT *obj=NULL;
+ASN1_OCTET_STRING *oct=NULL;
+X509_EXTENSION *extension=NULL;
+if(!(obj = OBJ_txt2obj(ext, 0))) {
+	X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_NAME_ERROR);
+	ERR_add_error_data(2, "name=", ext);
+	goto err;
+}
+
+if(!(ext_der = string_to_hex(value, &ext_len))) {
+	X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_VALUE_ERROR);
+	ERR_add_error_data(2, "value=", value);
+	goto err;
+}
+
+if(!(oct = ASN1_OCTET_STRING_new())) {
+	X509V3err(X509V3_F_V3_GENERIC_EXTENSION,ERR_R_MALLOC_FAILURE);
+	goto err;
+}
+
+oct->data = ext_der;
+oct->length = ext_len;
+ext_der = NULL;
+
+extension = X509_EXTENSION_create_by_OBJ(NULL, obj, crit, oct);
+
+err:
+ASN1_OBJECT_free(obj);
+ASN1_OCTET_STRING_free(oct);
+if(ext_der) Free(ext_der);
+return extension;
+}
+
+
+/* This is the main function: add a bunch of extensions based on a config file
+ * section
+ */
+
+int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
+	     X509 *cert)
+{
+	X509_EXTENSION *ext;
+	STACK_OF(CONF_VALUE) *nval;
+	CONF_VALUE *val;	
+	int i;
+	if(!(nval = CONF_get_section(conf, section))) return 0;
+	for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+		val = sk_CONF_VALUE_value(nval, i);
+		if(!(ext = X509V3_EXT_conf(conf, ctx, val->name, val->value)))
+								return 0;
+		if(cert) X509_add_ext(cert, ext, -1);
+		X509_EXTENSION_free(ext);
+	}
+	return 1;
+}
+
+/* Same as above but for a CRL */
+
+int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
+	     X509_CRL *crl)
+{
+	X509_EXTENSION *ext;
+	STACK_OF(CONF_VALUE) *nval;
+	CONF_VALUE *val;	
+	int i;
+	if(!(nval = CONF_get_section(conf, section))) return 0;
+	for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+		val = sk_CONF_VALUE_value(nval, i);
+		if(!(ext = X509V3_EXT_conf(conf, ctx, val->name, val->value)))
+								return 0;
+		if(crl) X509_CRL_add_ext(crl, ext, -1);
+		X509_EXTENSION_free(ext);
+	}
+	return 1;
+}
+
+/* Config database functions */
+
+char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section)
+{
+	if(ctx->db_meth->get_string)
+			return ctx->db_meth->get_string(ctx->db, name, section);
+	return NULL;
+}
+
+STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section)
+{
+	if(ctx->db_meth->get_section)
+			return ctx->db_meth->get_section(ctx->db, section);
+	return NULL;
+}
+
+void X509V3_string_free(X509V3_CTX *ctx, char *str)
+{
+	if(!str) return;
+	if(ctx->db_meth->free_string)
+			ctx->db_meth->free_string(ctx->db, str);
+}
+
+void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section)
+{
+	if(!section) return;
+	if(ctx->db_meth->free_section)
+			ctx->db_meth->free_section(ctx->db, section);
+}
+
+static char *conf_lhash_get_string(void *db, char *section, char *value)
+{
+	return CONF_get_string(db, section, value);
+}
+
+static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section)
+{
+	return CONF_get_section(db, section);
+}
+
+static X509V3_CONF_METHOD conf_lhash_method = {
+conf_lhash_get_string,
+conf_lhash_get_section,
+NULL,
+NULL
+};
+
+void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash)
+{
+	ctx->db_meth = &conf_lhash_method;
+	ctx->db = lhash;
+}
+
+void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req,
+	     X509_CRL *crl, int flags)
+{
+	ctx->issuer_cert = issuer;
+	ctx->subject_cert = subj;
+	ctx->crl = crl;
+	ctx->subject_req = req;
+	ctx->flags = flags;
+}
diff --git a/crypto/openssl/crypto/x509v3/v3_cpols.c b/crypto/openssl/crypto/x509v3/v3_cpols.c
new file mode 100644
index 000000000000..b4d488354518
--- /dev/null
+++ b/crypto/openssl/crypto/x509v3/v3_cpols.c
@@ -0,0 +1,655 @@
+/* v3_cpols.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+#include 
+
+/* Certificate policies extension support: this one is a bit complex... */
+
+static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol, BIO *out, int indent);
+static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *value);
+static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, int indent);
+static void print_notice(BIO *out, USERNOTICE *notice, int indent);
+static POLICYINFO *policy_section(X509V3_CTX *ctx,
+				 STACK_OF(CONF_VALUE) *polstrs, int ia5org);
+static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
+					STACK_OF(CONF_VALUE) *unot, int ia5org);
+static STACK *nref_nos(STACK_OF(CONF_VALUE) *nos);
+
+X509V3_EXT_METHOD v3_cpols = {
+NID_certificate_policies, 0,
+(X509V3_EXT_NEW)CERTIFICATEPOLICIES_new,
+(X509V3_EXT_FREE)CERTIFICATEPOLICIES_free,
+(X509V3_EXT_D2I)d2i_CERTIFICATEPOLICIES,
+(X509V3_EXT_I2D)i2d_CERTIFICATEPOLICIES,
+NULL, NULL,
+NULL, NULL,
+(X509V3_EXT_I2R)i2r_certpol,
+(X509V3_EXT_R2I)r2i_certpol,
+NULL
+};
+
+
+static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method,
+		X509V3_CTX *ctx, char *value)
+{
+	STACK_OF(POLICYINFO) *pols = NULL;
+	char *pstr;
+	POLICYINFO *pol;
+	ASN1_OBJECT *pobj;
+	STACK_OF(CONF_VALUE) *vals;
+	CONF_VALUE *cnf;
+	int i, ia5org;
+	pols = sk_POLICYINFO_new_null();
+	vals =  X509V3_parse_list(value);
+	ia5org = 0;
+	for(i = 0; i < sk_CONF_VALUE_num(vals); i++) {
+		cnf = sk_CONF_VALUE_value(vals, i);
+		if(cnf->value || !cnf->name ) {
+			X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_POLICY_IDENTIFIER);
+			X509V3_conf_err(cnf);
+			goto err;
+		}
+		pstr = cnf->name;
+		if(!strcmp(pstr,"ia5org")) {
+			ia5org = 1;
+			continue;
+		} else if(*pstr == '@') {
+			STACK_OF(CONF_VALUE) *polsect;
+			polsect = X509V3_get_section(ctx, pstr + 1);
+			if(!polsect) {
+				X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_SECTION);
+
+				X509V3_conf_err(cnf);
+				goto err;
+			}
+			pol = policy_section(ctx, polsect, ia5org);
+			X509V3_section_free(ctx, polsect);
+			if(!pol) goto err;
+		} else {
+			if(!(pobj = OBJ_txt2obj(cnf->name, 0))) {
+				X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_OBJECT_IDENTIFIER);
+				X509V3_conf_err(cnf);
+				goto err;
+			}
+			pol = POLICYINFO_new();
+			pol->policyid = pobj;
+		}
+		sk_POLICYINFO_push(pols, pol);
+	}
+	sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
+	return pols;
+	err:
+	sk_POLICYINFO_pop_free(pols, POLICYINFO_free);
+	return NULL;
+}
+
+static POLICYINFO *policy_section(X509V3_CTX *ctx,
+				STACK_OF(CONF_VALUE) *polstrs, int ia5org)
+{
+	int i;
+	CONF_VALUE *cnf;
+	POLICYINFO *pol;
+	POLICYQUALINFO *qual;
+	if(!(pol = POLICYINFO_new())) goto merr;
+	for(i = 0; i < sk_CONF_VALUE_num(polstrs); i++) {
+		cnf = sk_CONF_VALUE_value(polstrs, i);
+		if(!strcmp(cnf->name, "policyIdentifier")) {
+			ASN1_OBJECT *pobj;
+			if(!(pobj = OBJ_txt2obj(cnf->value, 0))) {
+				X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_INVALID_OBJECT_IDENTIFIER);
+				X509V3_conf_err(cnf);
+				goto err;
+			}
+			pol->policyid = pobj;
+
+		} else if(!name_cmp(cnf->name, "CPS")) {
+			if(!pol->qualifiers) pol->qualifiers =
+						 sk_POLICYQUALINFO_new_null();
+			if(!(qual = POLICYQUALINFO_new())) goto merr;
+			if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual))
+								 goto merr;
+			qual->pqualid = OBJ_nid2obj(NID_id_qt_cps);
+			qual->d.cpsuri = ASN1_IA5STRING_new();
+			if(!ASN1_STRING_set(qual->d.cpsuri, cnf->value,
+						 strlen(cnf->value))) goto merr;
+		} else if(!name_cmp(cnf->name, "userNotice")) {
+			STACK_OF(CONF_VALUE) *unot;
+			if(*cnf->value != '@') {
+				X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_EXPECTED_A_SECTION_NAME);
+				X509V3_conf_err(cnf);
+				goto err;
+			}
+			unot = X509V3_get_section(ctx, cnf->value + 1);
+			if(!unot) {
+				X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_INVALID_SECTION);
+
+				X509V3_conf_err(cnf);
+				goto err;
+			}
+			qual = notice_section(ctx, unot, ia5org);
+			X509V3_section_free(ctx, unot);
+			if(!qual) goto err;
+			if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual))
+								 goto merr;
+		} else {
+			X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_INVALID_OPTION);
+
+			X509V3_conf_err(cnf);
+			goto err;
+		}
+	}
+	if(!pol->policyid) {
+		X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_NO_POLICY_IDENTIFIER);
+		goto err;
+	}
+
+	return pol;
+
+	merr:
+	X509V3err(X509V3_F_POLICY_SECTION,ERR_R_MALLOC_FAILURE);
+
+	err:
+	POLICYINFO_free(pol);
+	return NULL;
+	
+	
+}
+
+static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
+					STACK_OF(CONF_VALUE) *unot, int ia5org)
+{
+	int i;
+	CONF_VALUE *cnf;
+	USERNOTICE *not;
+	POLICYQUALINFO *qual;
+	if(!(qual = POLICYQUALINFO_new())) goto merr;
+	qual->pqualid = OBJ_nid2obj(NID_id_qt_unotice);
+	if(!(not = USERNOTICE_new())) goto merr;
+	qual->d.usernotice = not;
+	for(i = 0; i < sk_CONF_VALUE_num(unot); i++) {
+		cnf = sk_CONF_VALUE_value(unot, i);
+		if(!strcmp(cnf->name, "explicitText")) {
+			not->exptext = ASN1_VISIBLESTRING_new();
+			if(!ASN1_STRING_set(not->exptext, cnf->value,
+						 strlen(cnf->value))) goto merr;
+		} else if(!strcmp(cnf->name, "organization")) {
+			NOTICEREF *nref;
+			if(!not->noticeref) {
+				if(!(nref = NOTICEREF_new())) goto merr;
+				not->noticeref = nref;
+			} else nref = not->noticeref;
+			if(ia5org) nref->organization = ASN1_IA5STRING_new();
+			else nref->organization = ASN1_VISIBLESTRING_new();
+			if(!ASN1_STRING_set(nref->organization, cnf->value,
+						 strlen(cnf->value))) goto merr;
+		} else if(!strcmp(cnf->name, "noticeNumbers")) {
+			NOTICEREF *nref;
+			STACK_OF(CONF_VALUE) *nos;
+			if(!not->noticeref) {
+				if(!(nref = NOTICEREF_new())) goto merr;
+				not->noticeref = nref;
+			} else nref = not->noticeref;
+			nos = X509V3_parse_list(cnf->value);
+			if(!nos || !sk_CONF_VALUE_num(nos)) {
+				X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_INVALID_NUMBERS);
+				X509V3_conf_err(cnf);
+				goto err;
+			}
+			nref->noticenos = nref_nos(nos);
+			sk_CONF_VALUE_pop_free(nos, X509V3_conf_free);
+			if(!nref->noticenos) goto err;
+		} else {
+			X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_INVALID_OPTION);
+
+			X509V3_conf_err(cnf);
+			goto err;
+		}
+	}
+
+	if(not->noticeref && 
+	      (!not->noticeref->noticenos || !not->noticeref->organization)) {
+			X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_NEED_ORGANIZATION_AND_NUMBERS);
+			goto err;
+	}
+
+	return qual;
+
+	merr:
+	X509V3err(X509V3_F_NOTICE_SECTION,ERR_R_MALLOC_FAILURE);
+
+	err:
+	POLICYQUALINFO_free(qual);
+	return NULL;
+}
+
+static STACK *nref_nos(STACK_OF(CONF_VALUE) *nos)
+{
+	STACK *nnums;
+	CONF_VALUE *cnf;
+	ASN1_INTEGER *aint;
+	int i;
+	if(!(nnums = sk_new_null())) goto merr;
+	for(i = 0; i < sk_CONF_VALUE_num(nos); i++) {
+		cnf = sk_CONF_VALUE_value(nos, i);
+		if(!(aint = s2i_ASN1_INTEGER(NULL, cnf->name))) {
+			X509V3err(X509V3_F_NREF_NOS,X509V3_R_INVALID_NUMBER);
+			goto err;
+		}
+		if(!sk_push(nnums, (char *)aint)) goto merr;
+	}
+	return nnums;
+
+	merr:
+	X509V3err(X509V3_F_NOTICE_SECTION,ERR_R_MALLOC_FAILURE);
+
+	err:
+	sk_pop_free(nnums, ASN1_STRING_free);
+	return NULL;
+}
+
+
+static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol,
+		BIO *out, int indent)
+{
+	int i;
+	POLICYINFO *pinfo;
+	/* First print out the policy OIDs */
+	for(i = 0; i < sk_POLICYINFO_num(pol); i++) {
+		pinfo = sk_POLICYINFO_value(pol, i);
+		BIO_printf(out, "%*sPolicy: ", indent, "");
+		i2a_ASN1_OBJECT(out, pinfo->policyid);
+		BIO_puts(out, "\n");
+		if(pinfo->qualifiers)
+			 print_qualifiers(out, pinfo->qualifiers, indent + 2);
+	}
+	return 1;
+}
+
+
+int i2d_CERTIFICATEPOLICIES(STACK_OF(POLICYINFO) *a, unsigned char **pp)
+{
+
+return i2d_ASN1_SET_OF_POLICYINFO(a, pp, i2d_POLICYINFO, V_ASN1_SEQUENCE,
+                                                 V_ASN1_UNIVERSAL, IS_SEQUENCE);}
+
+STACK_OF(POLICYINFO) *CERTIFICATEPOLICIES_new(void)
+{
+	return sk_POLICYINFO_new_null();
+}
+
+void CERTIFICATEPOLICIES_free(STACK_OF(POLICYINFO) *a)
+{
+	sk_POLICYINFO_pop_free(a, POLICYINFO_free);
+}
+
+STACK_OF(POLICYINFO) *d2i_CERTIFICATEPOLICIES(STACK_OF(POLICYINFO) **a,
+		unsigned char **pp,long length)
+{
+return d2i_ASN1_SET_OF_POLICYINFO(a, pp, length, d2i_POLICYINFO,
+                         POLICYINFO_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
+
+}
+
+IMPLEMENT_STACK_OF(POLICYINFO)
+IMPLEMENT_ASN1_SET_OF(POLICYINFO)
+
+int i2d_POLICYINFO(POLICYINFO *a, unsigned char **pp)
+{
+	M_ASN1_I2D_vars(a);
+
+	M_ASN1_I2D_len (a->policyid, i2d_ASN1_OBJECT);
+	M_ASN1_I2D_len_SEQUENCE_type(POLICYQUALINFO, a->qualifiers,
+							 i2d_POLICYQUALINFO);
+
+	M_ASN1_I2D_seq_total();
+
+	M_ASN1_I2D_put (a->policyid, i2d_ASN1_OBJECT);
+	M_ASN1_I2D_put_SEQUENCE_type(POLICYQUALINFO, a->qualifiers,
+							 i2d_POLICYQUALINFO);
+
+	M_ASN1_I2D_finish();
+}
+
+POLICYINFO *POLICYINFO_new(void)
+{
+	POLICYINFO *ret=NULL;
+	ASN1_CTX c;
+	M_ASN1_New_Malloc(ret, POLICYINFO);
+	ret->policyid = NULL;
+	ret->qualifiers = NULL;
+	return (ret);
+	M_ASN1_New_Error(ASN1_F_POLICYINFO_NEW);
+}
+
+POLICYINFO *d2i_POLICYINFO(POLICYINFO **a, unsigned char **pp,long length)
+{
+	M_ASN1_D2I_vars(a,POLICYINFO *,POLICYINFO_new);
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get(ret->policyid, d2i_ASN1_OBJECT);
+	if(!M_ASN1_D2I_end_sequence()) {
+		M_ASN1_D2I_get_seq_type (POLICYQUALINFO, ret->qualifiers,
+				 d2i_POLICYQUALINFO, POLICYQUALINFO_free);
+	}
+	M_ASN1_D2I_Finish(a, POLICYINFO_free, ASN1_F_D2I_POLICYINFO);
+}
+
+void POLICYINFO_free(POLICYINFO *a)
+{
+	if (a == NULL) return;
+	ASN1_OBJECT_free(a->policyid);
+	sk_POLICYQUALINFO_pop_free(a->qualifiers, POLICYQUALINFO_free);
+	Free (a);
+}
+
+static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals,
+		int indent)
+{
+	POLICYQUALINFO *qualinfo;
+	int i;
+	for(i = 0; i < sk_POLICYQUALINFO_num(quals); i++) {
+		qualinfo = sk_POLICYQUALINFO_value(quals, i);
+		switch(OBJ_obj2nid(qualinfo->pqualid))
+		{
+			case NID_id_qt_cps:
+			BIO_printf(out, "%*sCPS: %s\n", indent, "",
+						qualinfo->d.cpsuri->data);
+			break;
+		
+			case NID_id_qt_unotice:
+			BIO_printf(out, "%*sUser Notice:\n", indent, "");
+			print_notice(out, qualinfo->d.usernotice, indent + 2);
+			break;
+
+			default:
+			BIO_printf(out, "%*sUnknown Qualifier: ",
+							 indent + 2, "");
+			
+			i2a_ASN1_OBJECT(out, qualinfo->pqualid);
+			BIO_puts(out, "\n");
+			break;
+		}
+	}
+}
+
+static void print_notice(BIO *out, USERNOTICE *notice, int indent)
+{
+	int i;
+	if(notice->noticeref) {
+		NOTICEREF *ref;
+		ref = notice->noticeref;
+		BIO_printf(out, "%*sOrganization: %s\n", indent, "",
+						 ref->organization->data);
+		BIO_printf(out, "%*sNumber%s: ", indent, "",
+				 (sk_num(ref->noticenos) > 1) ? "s" : "");
+		for(i = 0; i < sk_num(ref->noticenos); i++) {
+			ASN1_INTEGER *num;
+			char *tmp;
+			num = (ASN1_INTEGER *)sk_value(ref->noticenos, i);
+			if(i) BIO_puts(out, ", ");
+			tmp = i2s_ASN1_INTEGER(NULL, num);
+			BIO_puts(out, tmp);
+			Free(tmp);
+		}
+		BIO_puts(out, "\n");
+	}
+	if(notice->exptext)
+		BIO_printf(out, "%*sExplicit Text: %s\n", indent, "",
+							 notice->exptext->data);
+}
+		
+	
+
+int i2d_POLICYQUALINFO(POLICYQUALINFO *a, unsigned char **pp)
+{
+	M_ASN1_I2D_vars(a);
+
+	M_ASN1_I2D_len (a->pqualid, i2d_ASN1_OBJECT);
+	switch(OBJ_obj2nid(a->pqualid)) {
+		case NID_id_qt_cps:
+		M_ASN1_I2D_len(a->d.cpsuri, i2d_ASN1_IA5STRING);
+		break;
+
+		case NID_id_qt_unotice:
+		M_ASN1_I2D_len(a->d.usernotice, i2d_USERNOTICE);
+		break;
+
+		default:
+		M_ASN1_I2D_len(a->d.other, i2d_ASN1_TYPE);
+		break;
+	}
+
+	M_ASN1_I2D_seq_total();
+
+	M_ASN1_I2D_put (a->pqualid, i2d_ASN1_OBJECT);
+	switch(OBJ_obj2nid(a->pqualid)) {
+		case NID_id_qt_cps:
+		M_ASN1_I2D_put(a->d.cpsuri, i2d_ASN1_IA5STRING);
+		break;
+
+		case NID_id_qt_unotice:
+		M_ASN1_I2D_put(a->d.usernotice, i2d_USERNOTICE);
+		break;
+
+		default:
+		M_ASN1_I2D_put(a->d.other, i2d_ASN1_TYPE);
+		break;
+	}
+
+	M_ASN1_I2D_finish();
+}
+
+POLICYQUALINFO *POLICYQUALINFO_new(void)
+{
+	POLICYQUALINFO *ret=NULL;
+	ASN1_CTX c;
+	M_ASN1_New_Malloc(ret, POLICYQUALINFO);
+	ret->pqualid = NULL;
+	ret->d.other = NULL;
+	return (ret);
+	M_ASN1_New_Error(ASN1_F_POLICYQUALINFO_NEW);
+}
+
+POLICYQUALINFO *d2i_POLICYQUALINFO(POLICYQUALINFO **a, unsigned char **pp,
+		long length)
+{
+	M_ASN1_D2I_vars(a,POLICYQUALINFO *,POLICYQUALINFO_new);
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get (ret->pqualid, d2i_ASN1_OBJECT);
+	switch(OBJ_obj2nid(ret->pqualid)) {
+		case NID_id_qt_cps:
+		M_ASN1_D2I_get(ret->d.cpsuri, d2i_ASN1_IA5STRING);
+		break;
+
+		case NID_id_qt_unotice:
+		M_ASN1_D2I_get(ret->d.usernotice, d2i_USERNOTICE);
+		break;
+
+		default:
+		M_ASN1_D2I_get(ret->d.other, d2i_ASN1_TYPE);
+		break;
+	}
+	M_ASN1_D2I_Finish(a, POLICYQUALINFO_free, ASN1_F_D2I_POLICYQUALINFO);
+}
+
+void POLICYQUALINFO_free(POLICYQUALINFO *a)
+{
+	if (a == NULL) return;
+	switch(OBJ_obj2nid(a->pqualid)) {
+		case NID_id_qt_cps:
+		ASN1_IA5STRING_free(a->d.cpsuri);
+		break;
+
+		case NID_id_qt_unotice:
+		USERNOTICE_free(a->d.usernotice);
+		break;
+
+		default:
+		ASN1_TYPE_free(a->d.other);
+		break;
+	}
+	
+	ASN1_OBJECT_free(a->pqualid);
+	Free (a);
+}
+
+int i2d_USERNOTICE(USERNOTICE *a, unsigned char **pp)
+{
+	M_ASN1_I2D_vars(a);
+
+	M_ASN1_I2D_len (a->noticeref, i2d_NOTICEREF);
+	M_ASN1_I2D_len (a->exptext, i2d_DISPLAYTEXT);
+
+	M_ASN1_I2D_seq_total();
+
+	M_ASN1_I2D_put (a->noticeref, i2d_NOTICEREF);
+	M_ASN1_I2D_put (a->exptext, i2d_DISPLAYTEXT);
+
+	M_ASN1_I2D_finish();
+}
+
+USERNOTICE *USERNOTICE_new(void)
+{
+	USERNOTICE *ret=NULL;
+	ASN1_CTX c;
+	M_ASN1_New_Malloc(ret, USERNOTICE);
+	ret->noticeref = NULL;
+	ret->exptext = NULL;
+	return (ret);
+	M_ASN1_New_Error(ASN1_F_USERNOTICE_NEW);
+}
+
+USERNOTICE *d2i_USERNOTICE(USERNOTICE **a, unsigned char **pp,long length)
+{
+	M_ASN1_D2I_vars(a,USERNOTICE *,USERNOTICE_new);
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get_opt(ret->noticeref, d2i_NOTICEREF, V_ASN1_SEQUENCE);
+	if (!M_ASN1_D2I_end_sequence()) {
+		M_ASN1_D2I_get(ret->exptext, d2i_DISPLAYTEXT);
+	}
+	M_ASN1_D2I_Finish(a, USERNOTICE_free, ASN1_F_D2I_USERNOTICE);
+}
+
+void USERNOTICE_free(USERNOTICE *a)
+{
+	if (a == NULL) return;
+	NOTICEREF_free(a->noticeref);
+	DISPLAYTEXT_free(a->exptext);
+	Free (a);
+}
+
+int i2d_NOTICEREF(NOTICEREF *a, unsigned char **pp)
+{
+	M_ASN1_I2D_vars(a);
+
+	M_ASN1_I2D_len (a->organization, i2d_DISPLAYTEXT);
+	M_ASN1_I2D_len_SEQUENCE(a->noticenos, i2d_ASN1_INTEGER);
+
+	M_ASN1_I2D_seq_total();
+
+	M_ASN1_I2D_put (a->organization, i2d_DISPLAYTEXT);
+	M_ASN1_I2D_put_SEQUENCE(a->noticenos, i2d_ASN1_INTEGER);
+
+	M_ASN1_I2D_finish();
+}
+
+NOTICEREF *NOTICEREF_new(void)
+{
+	NOTICEREF *ret=NULL;
+	ASN1_CTX c;
+	M_ASN1_New_Malloc(ret, NOTICEREF);
+	ret->organization = NULL;
+	ret->noticenos = NULL;
+	return (ret);
+	M_ASN1_New_Error(ASN1_F_NOTICEREF_NEW);
+}
+
+NOTICEREF *d2i_NOTICEREF(NOTICEREF **a, unsigned char **pp,long length)
+{
+	M_ASN1_D2I_vars(a,NOTICEREF *,NOTICEREF_new);
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	/* This is to cope with some broken encodings that use IA5STRING for
+         * the organization field
+	 */
+	M_ASN1_D2I_get_opt(ret->organization, d2i_ASN1_IA5STRING,
+							 V_ASN1_IA5STRING);
+	if(!ret->organization) {
+		 M_ASN1_D2I_get(ret->organization, d2i_DISPLAYTEXT);
+	}
+	M_ASN1_D2I_get_seq(ret->noticenos, d2i_ASN1_INTEGER, ASN1_STRING_free);
+	M_ASN1_D2I_Finish(a, NOTICEREF_free, ASN1_F_D2I_NOTICEREF);
+}
+
+void NOTICEREF_free(NOTICEREF *a)
+{
+	if (a == NULL) return;
+	DISPLAYTEXT_free(a->organization);
+	sk_pop_free(a->noticenos, ASN1_STRING_free);
+	Free (a);
+}
+
+IMPLEMENT_STACK_OF(POLICYQUALINFO)
+IMPLEMENT_ASN1_SET_OF(POLICYQUALINFO)
diff --git a/crypto/openssl/crypto/x509v3/v3_crld.c b/crypto/openssl/crypto/x509v3/v3_crld.c
new file mode 100644
index 000000000000..897ffb63e4ab
--- /dev/null
+++ b/crypto/openssl/crypto/x509v3/v3_crld.c
@@ -0,0 +1,283 @@
+/* v3_crld.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+#include 
+
+static STACK_OF(CONF_VALUE) *i2v_crld(X509V3_EXT_METHOD *method,
+		STACK_OF(DIST_POINT) *crld, STACK_OF(CONF_VALUE) *extlist);
+static STACK_OF(DIST_POINT) *v2i_crld(X509V3_EXT_METHOD *method,
+				X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
+
+X509V3_EXT_METHOD v3_crld = {
+NID_crl_distribution_points, X509V3_EXT_MULTILINE,
+(X509V3_EXT_NEW)CRL_DIST_POINTS_new,
+(X509V3_EXT_FREE)CRL_DIST_POINTS_free,
+(X509V3_EXT_D2I)d2i_CRL_DIST_POINTS,
+(X509V3_EXT_I2D)i2d_CRL_DIST_POINTS,
+NULL, NULL,
+(X509V3_EXT_I2V)i2v_crld,
+(X509V3_EXT_V2I)v2i_crld,
+NULL, NULL, NULL
+};
+
+static STACK_OF(CONF_VALUE) *i2v_crld(X509V3_EXT_METHOD *method,
+			STACK_OF(DIST_POINT) *crld, STACK_OF(CONF_VALUE) *exts)
+{
+	DIST_POINT *point;
+	int i;
+	for(i = 0; i < sk_DIST_POINT_num(crld); i++) {
+		point = sk_DIST_POINT_value(crld, i);
+		if(point->distpoint->fullname) {
+			exts = i2v_GENERAL_NAMES(NULL,
+					 point->distpoint->fullname, exts);
+		}
+		if(point->reasons) 
+			X509V3_add_value("reasons","", &exts);
+		if(point->CRLissuer)
+			X509V3_add_value("CRLissuer","", &exts);
+		if(point->distpoint->relativename)
+		        X509V3_add_value("RelativeName","", &exts);
+	}
+	return exts;
+}
+
+static STACK_OF(DIST_POINT) *v2i_crld(X509V3_EXT_METHOD *method,
+				X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+{
+	STACK_OF(DIST_POINT) *crld = NULL;
+	STACK_OF(GENERAL_NAME) *gens = NULL;
+	GENERAL_NAME *gen = NULL;
+	CONF_VALUE *cnf;
+	int i;
+	if(!(crld = sk_DIST_POINT_new(NULL))) goto merr;
+	for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+		DIST_POINT *point;
+		cnf = sk_CONF_VALUE_value(nval, i);
+		if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) goto err; 
+		if(!(gens = GENERAL_NAMES_new())) goto merr;
+		if(!sk_GENERAL_NAME_push(gens, gen)) goto merr;
+		gen = NULL;
+		if(!(point = DIST_POINT_new())) goto merr;
+		if(!sk_DIST_POINT_push(crld, point)) {
+			DIST_POINT_free(point);
+			goto merr;
+		}
+		if(!(point->distpoint = DIST_POINT_NAME_new())) goto merr;
+		point->distpoint->fullname = gens;
+		gens = NULL;
+	}
+	return crld;
+
+	merr:
+	X509V3err(X509V3_F_V2I_CRLD,ERR_R_MALLOC_FAILURE);
+	err:
+	GENERAL_NAME_free(gen);
+	GENERAL_NAMES_free(gens);
+	sk_DIST_POINT_pop_free(crld, DIST_POINT_free);
+	return NULL;
+}
+
+int i2d_CRL_DIST_POINTS(STACK_OF(DIST_POINT) *a, unsigned char **pp)
+{
+
+return i2d_ASN1_SET_OF_DIST_POINT(a, pp, i2d_DIST_POINT, V_ASN1_SEQUENCE,
+                                                 V_ASN1_UNIVERSAL, IS_SEQUENCE);}
+
+STACK_OF(DIST_POINT) *CRL_DIST_POINTS_new(void)
+{
+	return sk_DIST_POINT_new_null();
+}
+
+void CRL_DIST_POINTS_free(STACK_OF(DIST_POINT) *a)
+{
+	sk_DIST_POINT_pop_free(a, DIST_POINT_free);
+}
+
+STACK_OF(DIST_POINT) *d2i_CRL_DIST_POINTS(STACK_OF(DIST_POINT) **a,
+		unsigned char **pp,long length)
+{
+return d2i_ASN1_SET_OF_DIST_POINT(a, pp, length, d2i_DIST_POINT,
+                         DIST_POINT_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
+
+}
+
+IMPLEMENT_STACK_OF(DIST_POINT)
+IMPLEMENT_ASN1_SET_OF(DIST_POINT)
+
+int i2d_DIST_POINT(DIST_POINT *a, unsigned char **pp)
+{
+	int v = 0;
+	M_ASN1_I2D_vars(a);
+	/* NB: underlying type is a CHOICE so need EXPLICIT tagging */
+	M_ASN1_I2D_len_EXP_opt (a->distpoint, i2d_DIST_POINT_NAME, 0, v);
+	M_ASN1_I2D_len_IMP_opt (a->reasons, i2d_ASN1_BIT_STRING);
+	M_ASN1_I2D_len_IMP_opt (a->CRLissuer, i2d_GENERAL_NAMES);
+
+	M_ASN1_I2D_seq_total();
+
+	M_ASN1_I2D_put_EXP_opt (a->distpoint, i2d_DIST_POINT_NAME, 0, v);
+	M_ASN1_I2D_put_IMP_opt (a->reasons, i2d_ASN1_BIT_STRING, 1);
+	M_ASN1_I2D_put_IMP_opt (a->CRLissuer, i2d_GENERAL_NAMES, 2);
+
+	M_ASN1_I2D_finish();
+}
+
+DIST_POINT *DIST_POINT_new(void)
+{
+	DIST_POINT *ret=NULL;
+	ASN1_CTX c;
+	M_ASN1_New_Malloc(ret, DIST_POINT);
+	ret->distpoint = NULL;
+	ret->reasons = NULL;
+	ret->CRLissuer = NULL;
+	return (ret);
+	M_ASN1_New_Error(ASN1_F_DIST_POINT_NEW);
+}
+
+DIST_POINT *d2i_DIST_POINT(DIST_POINT **a, unsigned char **pp, long length)
+{
+	M_ASN1_D2I_vars(a,DIST_POINT *,DIST_POINT_new);
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get_EXP_opt (ret->distpoint, d2i_DIST_POINT_NAME, 0);
+	M_ASN1_D2I_get_IMP_opt (ret->reasons, d2i_ASN1_BIT_STRING, 1,
+							V_ASN1_BIT_STRING);
+	M_ASN1_D2I_get_IMP_opt (ret->CRLissuer, d2i_GENERAL_NAMES, 2,
+							V_ASN1_SEQUENCE);
+	M_ASN1_D2I_Finish(a, DIST_POINT_free, ASN1_F_D2I_DIST_POINT);
+}
+
+void DIST_POINT_free(DIST_POINT *a)
+{
+	if (a == NULL) return;
+	DIST_POINT_NAME_free(a->distpoint);
+	ASN1_BIT_STRING_free(a->reasons);
+	sk_GENERAL_NAME_pop_free(a->CRLissuer, GENERAL_NAME_free);
+	Free ((char *)a);
+}
+
+int i2d_DIST_POINT_NAME(DIST_POINT_NAME *a, unsigned char **pp)
+{
+	int v = 0;
+	M_ASN1_I2D_vars(a);
+
+	if(a->fullname) {
+		M_ASN1_I2D_len_IMP_opt (a->fullname, i2d_GENERAL_NAMES);
+	} else {
+		M_ASN1_I2D_len_EXP_opt (a->relativename, i2d_X509_NAME, 1, v);
+	}
+
+	/* Don't want a SEQUENCE so... */
+	if(pp == NULL) return ret;
+	p = *pp;
+
+	if(a->fullname) {
+		M_ASN1_I2D_put_IMP_opt (a->fullname, i2d_GENERAL_NAMES, 0);
+	} else {
+		M_ASN1_I2D_put_EXP_opt (a->relativename, i2d_X509_NAME, 1, v);
+	}
+	M_ASN1_I2D_finish();
+}
+
+DIST_POINT_NAME *DIST_POINT_NAME_new(void)
+{
+	DIST_POINT_NAME *ret=NULL;
+	ASN1_CTX c;
+	M_ASN1_New_Malloc(ret, DIST_POINT_NAME);
+	ret->fullname = NULL;
+	ret->relativename = NULL;
+	return (ret);
+	M_ASN1_New_Error(ASN1_F_DIST_POINT_NAME_NEW);
+}
+
+void DIST_POINT_NAME_free(DIST_POINT_NAME *a)
+{
+	if (a == NULL) return;
+	X509_NAME_free(a->relativename);
+	sk_GENERAL_NAME_pop_free(a->fullname, GENERAL_NAME_free);
+	Free ((char *)a);
+}
+
+DIST_POINT_NAME *d2i_DIST_POINT_NAME(DIST_POINT_NAME **a, unsigned char **pp,
+	     long length)
+{
+        unsigned char _tmp, tag;
+        M_ASN1_D2I_vars(a,DIST_POINT_NAME *,DIST_POINT_NAME_new);
+        M_ASN1_D2I_Init();
+        c.slen = length;
+
+        _tmp = M_ASN1_next;
+        tag = _tmp & ~V_ASN1_CONSTRUCTED;
+	
+	if(tag == (0|V_ASN1_CONTEXT_SPECIFIC)) {
+		M_ASN1_D2I_get_imp(ret->fullname, d2i_GENERAL_NAMES,
+							V_ASN1_SEQUENCE);
+	} else if (tag == (1|V_ASN1_CONTEXT_SPECIFIC)) {
+		M_ASN1_D2I_get_EXP_opt (ret->relativename, d2i_X509_NAME, 1);
+	} else {
+		c.error = ASN1_R_BAD_TAG;
+		goto err;
+	}
+
+	M_ASN1_D2I_Finish(a, DIST_POINT_NAME_free, ASN1_F_D2I_DIST_POINT_NAME);
+}
diff --git a/crypto/openssl/crypto/x509v3/v3_enum.c b/crypto/openssl/crypto/x509v3/v3_enum.c
new file mode 100644
index 000000000000..db423548ff0c
--- /dev/null
+++ b/crypto/openssl/crypto/x509v3/v3_enum.c
@@ -0,0 +1,103 @@
+/* v3_enum.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+
+static ASN1_ENUMERATED *asn1_enumerated_new(void);
+
+static ENUMERATED_NAMES crl_reasons[] = {
+{0, "Unspecified", "unspecified"},
+{1, "Key Compromise", "keyCompromise"},
+{2, "CA Compromise", "CACompromise"},
+{3, "Affiliation Changed", "affiliationChanged"},
+{4, "Superseded", "superseded"},
+{5, "Cessation Of Operation", "cessationOfOperation"},
+{6, "Certificate Hold", "certificateHold"},
+{8, "Remove From CRL", "removeFromCRL"},
+{-1, NULL, NULL}
+};
+
+X509V3_EXT_METHOD v3_crl_reason = { 
+NID_crl_reason, 0,
+(X509V3_EXT_NEW)asn1_enumerated_new,
+(X509V3_EXT_FREE)ASN1_STRING_free,
+(X509V3_EXT_D2I)d2i_ASN1_ENUMERATED,
+(X509V3_EXT_I2D)i2d_ASN1_ENUMERATED,
+(X509V3_EXT_I2S)i2s_ASN1_ENUMERATED_TABLE,
+(X509V3_EXT_S2I)NULL,
+NULL, NULL, NULL, NULL, crl_reasons};
+
+
+static ASN1_ENUMERATED *asn1_enumerated_new(void)
+{
+	return ASN1_ENUMERATED_new();
+}
+
+char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *method,
+	     ASN1_ENUMERATED *e)
+{
+	ENUMERATED_NAMES *enam;
+	long strval;
+	strval = ASN1_ENUMERATED_get(e);
+	for(enam = method->usr_data; enam->lname; enam++) {
+		if(strval == enam->bitnum) return BUF_strdup(enam->lname);
+	}
+	return i2s_ASN1_ENUMERATED(method, e);
+}
diff --git a/crypto/openssl/crypto/x509v3/v3_extku.c b/crypto/openssl/crypto/x509v3/v3_extku.c
new file mode 100644
index 000000000000..e039d21cbfc9
--- /dev/null
+++ b/crypto/openssl/crypto/x509v3/v3_extku.c
@@ -0,0 +1,150 @@
+/* v3_extku.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+
+static STACK_OF(ASN1_OBJECT) *v2i_ext_ku(X509V3_EXT_METHOD *method,
+				X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
+static STACK_OF(CONF_VALUE) *i2v_ext_ku(X509V3_EXT_METHOD *method,
+		STACK_OF(ASN1_OBJECT) *eku, STACK_OF(CONF_VALUE) *extlist);
+X509V3_EXT_METHOD v3_ext_ku = {
+NID_ext_key_usage, 0,
+(X509V3_EXT_NEW)ext_ku_new,
+(X509V3_EXT_FREE)ext_ku_free,
+(X509V3_EXT_D2I)d2i_ext_ku,
+(X509V3_EXT_I2D)i2d_ext_ku,
+NULL, NULL,
+(X509V3_EXT_I2V)i2v_ext_ku,
+(X509V3_EXT_V2I)v2i_ext_ku,
+NULL,NULL,
+NULL
+};
+
+STACK_OF(ASN1_OBJECT) *ext_ku_new(void)
+{
+	return sk_ASN1_OBJECT_new_null();
+}
+
+void ext_ku_free(STACK_OF(ASN1_OBJECT) *eku)
+{
+	sk_ASN1_OBJECT_pop_free(eku, ASN1_OBJECT_free);
+	return;
+}
+
+int i2d_ext_ku(STACK_OF(ASN1_OBJECT) *a, unsigned char **pp)
+{
+	return i2d_ASN1_SET_OF_ASN1_OBJECT(a, pp, i2d_ASN1_OBJECT,
+				V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, IS_SEQUENCE);
+}
+
+STACK_OF(ASN1_OBJECT) *d2i_ext_ku(STACK_OF(ASN1_OBJECT) **a,
+					unsigned char **pp, long length)
+{
+	return d2i_ASN1_SET_OF_ASN1_OBJECT(a, pp, length, d2i_ASN1_OBJECT,
+			 ASN1_OBJECT_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
+}
+
+
+
+static STACK_OF(CONF_VALUE) *i2v_ext_ku(X509V3_EXT_METHOD *method,
+		STACK_OF(ASN1_OBJECT) *eku, STACK_OF(CONF_VALUE) *ext_list)
+{
+int i;
+ASN1_OBJECT *obj;
+char obj_tmp[80];
+for(i = 0; i < sk_ASN1_OBJECT_num(eku); i++) {
+	obj = sk_ASN1_OBJECT_value(eku, i);
+	i2t_ASN1_OBJECT(obj_tmp, 80, obj);
+	X509V3_add_value(NULL, obj_tmp, &ext_list);
+}
+return ext_list;
+}
+
+static STACK_OF(ASN1_OBJECT) *v2i_ext_ku(X509V3_EXT_METHOD *method,
+				X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+{
+STACK_OF(ASN1_OBJECT) *extku;
+char *extval;
+ASN1_OBJECT *objtmp;
+CONF_VALUE *val;
+int i;
+
+if(!(extku = sk_ASN1_OBJECT_new(NULL))) {
+	X509V3err(X509V3_F_V2I_EXT_KU,ERR_R_MALLOC_FAILURE);
+	return NULL;
+}
+
+for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+	val = sk_CONF_VALUE_value(nval, i);
+	if(val->value) extval = val->value;
+	else extval = val->name;
+	if(!(objtmp = OBJ_txt2obj(extval, 0))) {
+		sk_ASN1_OBJECT_pop_free(extku, ASN1_OBJECT_free);
+		X509V3err(X509V3_F_V2I_EXT_KU,X509V3_R_INVALID_OBJECT_IDENTIFIER);
+		X509V3_conf_err(val);
+		return NULL;
+	}
+	sk_ASN1_OBJECT_push(extku, objtmp);
+}
+return extku;
+}
diff --git a/crypto/openssl/crypto/x509v3/v3_genn.c b/crypto/openssl/crypto/x509v3/v3_genn.c
new file mode 100644
index 000000000000..af716232f8bb
--- /dev/null
+++ b/crypto/openssl/crypto/x509v3/v3_genn.c
@@ -0,0 +1,237 @@
+/* v3_genn.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+#include 
+
+int i2d_GENERAL_NAME(GENERAL_NAME *a, unsigned char **pp)
+{
+	unsigned char *p;
+	int ret;
+
+	ret = 0;
+
+	/* Save the location of initial TAG */
+	if(pp) p = *pp;
+	else p = NULL;
+
+	/* GEN_DNAME needs special treatment because of EXPLICIT tag */
+
+	if(a->type == GEN_DIRNAME) {
+		int v = 0;
+		M_ASN1_I2D_len_EXP_opt(a->d.dirn, i2d_X509_NAME, 4, v);
+		if(!p) return ret;
+		M_ASN1_I2D_put_EXP_opt(a->d.dirn, i2d_X509_NAME, 4, v);
+		*pp = p;
+		return ret;
+	}
+
+	switch(a->type) {
+
+		case GEN_OTHERNAME:
+		case GEN_X400:
+		case GEN_EDIPARTY:
+		ret = i2d_ASN1_TYPE(a->d.other, pp);
+		break;
+
+		case GEN_EMAIL:
+		case GEN_DNS:
+		case GEN_URI:
+		ret = i2d_ASN1_IA5STRING(a->d.ia5, pp);
+		break;
+
+		case GEN_IPADD:
+		ret = i2d_ASN1_OCTET_STRING(a->d.ip, pp);
+		break;
+	
+		case GEN_RID:
+		ret = i2d_ASN1_OBJECT(a->d.rid, pp);
+		break;
+	}
+	/* Replace TAG with IMPLICIT value */
+	if(p) *p = (*p & V_ASN1_CONSTRUCTED) | a->type;
+	return ret;
+}
+
+GENERAL_NAME *GENERAL_NAME_new()
+{
+	GENERAL_NAME *ret=NULL;
+	ASN1_CTX c;
+	M_ASN1_New_Malloc(ret, GENERAL_NAME);
+	ret->type = -1;
+	ret->d.ptr = NULL;
+	return (ret);
+	M_ASN1_New_Error(ASN1_F_GENERAL_NAME_NEW);
+}
+
+GENERAL_NAME *d2i_GENERAL_NAME(GENERAL_NAME **a, unsigned char **pp,
+								 long length)
+{
+	unsigned char _tmp;
+	M_ASN1_D2I_vars(a,GENERAL_NAME *,GENERAL_NAME_new);
+	M_ASN1_D2I_Init();
+	c.slen = length;
+
+	_tmp = M_ASN1_next;
+	ret->type = _tmp & ~V_ASN1_CONSTRUCTED;
+
+	switch(ret->type) {
+		/* Just put these in a "blob" for now */
+		case GEN_OTHERNAME:
+		case GEN_X400:
+		case GEN_EDIPARTY:
+		M_ASN1_D2I_get_imp(ret->d.other, d2i_ASN1_TYPE,V_ASN1_SEQUENCE);
+		break;
+
+		case GEN_EMAIL:
+		case GEN_DNS:
+		case GEN_URI:
+		M_ASN1_D2I_get_imp(ret->d.ia5, d2i_ASN1_IA5STRING,
+							V_ASN1_IA5STRING);
+		break;
+
+		case GEN_DIRNAME:
+		M_ASN1_D2I_get_EXP_opt(ret->d.dirn, d2i_X509_NAME, 4);
+		break;
+
+		case GEN_IPADD:
+		M_ASN1_D2I_get_imp(ret->d.ip, d2i_ASN1_OCTET_STRING,
+							V_ASN1_OCTET_STRING);
+		break;
+	
+		case GEN_RID:
+		M_ASN1_D2I_get_imp(ret->d.rid, d2i_ASN1_OBJECT,V_ASN1_OBJECT);
+		break;
+
+		default:
+		c.error = ASN1_R_BAD_TAG;
+		goto err;
+	}
+
+	c.slen = 0;
+	M_ASN1_D2I_Finish(a, GENERAL_NAME_free, ASN1_F_D2I_GENERAL_NAME);
+}
+
+void GENERAL_NAME_free(GENERAL_NAME *a)
+{
+	if (a == NULL) return;
+	switch(a->type) {
+		case GEN_OTHERNAME:
+		case GEN_X400:
+		case GEN_EDIPARTY:
+		ASN1_TYPE_free(a->d.other);
+		break;
+
+		case GEN_EMAIL:
+		case GEN_DNS:
+		case GEN_URI:
+
+		ASN1_IA5STRING_free(a->d.ia5);
+		break;
+
+		case GEN_DIRNAME:
+		X509_NAME_free(a->d.dirn);
+		break;
+
+		case GEN_IPADD:
+		ASN1_OCTET_STRING_free(a->d.ip);
+		break;
+	
+		case GEN_RID:
+		ASN1_OBJECT_free(a->d.rid);
+		break;
+
+	}
+	Free ((char *)a);
+}
+
+/* Now the GeneralNames versions: a SEQUENCE OF GeneralName These are needed as
+ * an explicit functions.
+ */
+
+STACK_OF(GENERAL_NAME) *GENERAL_NAMES_new()
+{
+	return sk_GENERAL_NAME_new(NULL);
+}
+
+void GENERAL_NAMES_free(STACK_OF(GENERAL_NAME) *a)
+{
+	sk_GENERAL_NAME_pop_free(a, GENERAL_NAME_free);
+}
+
+STACK_OF(GENERAL_NAME) *d2i_GENERAL_NAMES(STACK_OF(GENERAL_NAME) **a,
+					 unsigned char **pp, long length)
+{
+return d2i_ASN1_SET_OF_GENERAL_NAME(a, pp, length, d2i_GENERAL_NAME,
+			 GENERAL_NAME_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
+}
+
+int i2d_GENERAL_NAMES(STACK_OF(GENERAL_NAME) *a, unsigned char **pp)
+{
+return i2d_ASN1_SET_OF_GENERAL_NAME(a, pp, i2d_GENERAL_NAME, V_ASN1_SEQUENCE,
+						 V_ASN1_UNIVERSAL, IS_SEQUENCE);
+}
+
+IMPLEMENT_STACK_OF(GENERAL_NAME)
+IMPLEMENT_ASN1_SET_OF(GENERAL_NAME)
+
diff --git a/crypto/openssl/crypto/x509v3/v3_ia5.c b/crypto/openssl/crypto/x509v3/v3_ia5.c
new file mode 100644
index 000000000000..3446c5cd6a60
--- /dev/null
+++ b/crypto/openssl/crypto/x509v3/v3_ia5.c
@@ -0,0 +1,116 @@
+/* v3_ia5.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+
+static ASN1_IA5STRING *ia5string_new(void);
+static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5);
+static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);
+X509V3_EXT_METHOD v3_ns_ia5_list[] = { 
+EXT_IA5STRING(NID_netscape_base_url),
+EXT_IA5STRING(NID_netscape_revocation_url),
+EXT_IA5STRING(NID_netscape_ca_revocation_url),
+EXT_IA5STRING(NID_netscape_renewal_url),
+EXT_IA5STRING(NID_netscape_ca_policy_url),
+EXT_IA5STRING(NID_netscape_ssl_server_name),
+EXT_IA5STRING(NID_netscape_comment),
+EXT_END
+};
+
+
+static ASN1_IA5STRING *ia5string_new(void)
+{
+	return ASN1_IA5STRING_new();
+}
+
+static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method,
+	     ASN1_IA5STRING *ia5)
+{
+	char *tmp;
+	if(!ia5 || !ia5->length) return NULL;
+	tmp = Malloc(ia5->length + 1);
+	memcpy(tmp, ia5->data, ia5->length);
+	tmp[ia5->length] = 0;
+	return tmp;
+}
+
+static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method,
+	     X509V3_CTX *ctx, char *str)
+{
+	ASN1_IA5STRING *ia5;
+	if(!str) {
+		X509V3err(X509V3_F_S2I_ASN1_IA5STRING,X509V3_R_INVALID_NULL_ARGUMENT);
+		return NULL;
+	}
+	if(!(ia5 = ASN1_IA5STRING_new())) goto err;
+	if(!ASN1_STRING_set((ASN1_STRING *)ia5, (unsigned char*)str,
+			    strlen(str))) {
+		ASN1_IA5STRING_free(ia5);
+		goto err;
+	}
+	return ia5;
+	err:
+	X509V3err(X509V3_F_S2I_ASN1_IA5STRING,ERR_R_MALLOC_FAILURE);
+	return NULL;
+}
+
diff --git a/crypto/openssl/crypto/x509v3/v3_int.c b/crypto/openssl/crypto/x509v3/v3_int.c
new file mode 100644
index 000000000000..637dd5e1288b
--- /dev/null
+++ b/crypto/openssl/crypto/x509v3/v3_int.c
@@ -0,0 +1,79 @@
+/* v3_int.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+
+static ASN1_INTEGER *asn1_integer_new(void);
+
+X509V3_EXT_METHOD v3_crl_num = { 
+NID_crl_number, 0,
+(X509V3_EXT_NEW)asn1_integer_new,
+(X509V3_EXT_FREE)ASN1_STRING_free,
+(X509V3_EXT_D2I)d2i_ASN1_INTEGER,
+(X509V3_EXT_I2D)i2d_ASN1_INTEGER,
+(X509V3_EXT_I2S)i2s_ASN1_INTEGER,
+(X509V3_EXT_S2I)NULL,
+NULL, NULL, NULL, NULL, NULL};
+
+
+static ASN1_INTEGER *asn1_integer_new(void)
+{
+	return ASN1_INTEGER_new();
+}
diff --git a/crypto/openssl/crypto/x509v3/v3_lib.c b/crypto/openssl/crypto/x509v3/v3_lib.c
new file mode 100644
index 000000000000..a0aa5de794de
--- /dev/null
+++ b/crypto/openssl/crypto/x509v3/v3_lib.c
@@ -0,0 +1,177 @@
+/* v3_lib.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* X509 v3 extension utilities */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+
+static STACK *ext_list = NULL;
+
+static int ext_cmp(X509V3_EXT_METHOD **a, X509V3_EXT_METHOD **b);
+static void ext_list_free(X509V3_EXT_METHOD *ext);
+
+int X509V3_EXT_add(X509V3_EXT_METHOD *ext)
+{
+	if(!ext_list && !(ext_list = sk_new(ext_cmp))) {
+		X509V3err(X509V3_F_X509V3_EXT_ADD,ERR_R_MALLOC_FAILURE);
+		return 0;
+	}
+	if(!sk_push(ext_list, (char *)ext)) {
+		X509V3err(X509V3_F_X509V3_EXT_ADD,ERR_R_MALLOC_FAILURE);
+		return 0;
+	}
+	return 1;
+}
+
+static int ext_cmp(X509V3_EXT_METHOD **a, X509V3_EXT_METHOD **b)
+{
+	return ((*a)->ext_nid - (*b)->ext_nid);
+}
+
+X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid)
+{
+	X509V3_EXT_METHOD tmp;
+	int idx;
+	tmp.ext_nid = nid;
+	if(!ext_list || (tmp.ext_nid < 0) ) return NULL;
+	idx = sk_find(ext_list, (char *)&tmp);
+	if(idx == -1) return NULL;
+	return (X509V3_EXT_METHOD *)sk_value(ext_list, idx);
+}
+
+X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext)
+{
+	int nid;
+	if((nid = OBJ_obj2nid(ext->object)) == NID_undef) return NULL;
+	return X509V3_EXT_get_nid(nid);
+}
+
+
+int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist)
+{
+	for(;extlist->ext_nid!=-1;extlist++) 
+			if(!X509V3_EXT_add(extlist)) return 0;
+	return 1;
+}
+
+int X509V3_EXT_add_alias(int nid_to, int nid_from)
+{
+	X509V3_EXT_METHOD *ext, *tmpext;
+	if(!(ext = X509V3_EXT_get_nid(nid_from))) {
+		X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS,X509V3_R_EXTENSION_NOT_FOUND);
+		return 0;
+	}
+	if(!(tmpext = (X509V3_EXT_METHOD *)Malloc(sizeof(X509V3_EXT_METHOD)))) {
+		X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS,ERR_R_MALLOC_FAILURE);
+		return 0;
+	}
+	*tmpext = *ext;
+	tmpext->ext_nid = nid_to;
+	tmpext->ext_flags |= X509V3_EXT_DYNAMIC;
+	return 1;
+}
+
+void X509V3_EXT_cleanup(void)
+{
+	sk_pop_free(ext_list, ext_list_free);
+	ext_list = NULL;
+}
+
+static void ext_list_free(X509V3_EXT_METHOD *ext)
+{
+	if(ext->ext_flags & X509V3_EXT_DYNAMIC) Free(ext);
+}
+
+extern X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku;
+extern X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet;
+extern X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id;
+
+extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_cpols, v3_crld;
+
+int X509V3_add_standard_extensions(void)
+{
+	X509V3_EXT_add_list(v3_ns_ia5_list);
+	X509V3_EXT_add_list(v3_alt);
+	X509V3_EXT_add(&v3_bcons);
+	X509V3_EXT_add(&v3_nscert);
+	X509V3_EXT_add(&v3_key_usage);
+	X509V3_EXT_add(&v3_ext_ku);
+	X509V3_EXT_add(&v3_skey_id);
+	X509V3_EXT_add(&v3_akey_id);
+	X509V3_EXT_add(&v3_pkey_usage_period);
+	X509V3_EXT_add(&v3_crl_num);
+	X509V3_EXT_add(&v3_sxnet);
+	X509V3_EXT_add(&v3_crl_reason);
+	X509V3_EXT_add(&v3_cpols);
+	X509V3_EXT_add(&v3_crld);
+	return 1;
+}
+
+/* Return an extension internal structure */
+
+void *X509V3_EXT_d2i(X509_EXTENSION *ext)
+{
+	X509V3_EXT_METHOD *method;
+	unsigned char *p;
+	if(!(method = X509V3_EXT_get(ext)) || !method->d2i) return NULL;
+	p = ext->value->data;
+	return method->d2i(NULL, &p, ext->value->length);
+}
+
diff --git a/crypto/openssl/crypto/x509v3/v3_pku.c b/crypto/openssl/crypto/x509v3/v3_pku.c
new file mode 100644
index 000000000000..c13e7d8f45bd
--- /dev/null
+++ b/crypto/openssl/crypto/x509v3/v3_pku.c
@@ -0,0 +1,151 @@
+/* v3_pku.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+
+static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, PKEY_USAGE_PERIOD *usage, BIO *out, int indent);
+/*
+static PKEY_USAGE_PERIOD *v2i_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
+*/
+X509V3_EXT_METHOD v3_pkey_usage_period = {
+NID_private_key_usage_period, 0,
+(X509V3_EXT_NEW)PKEY_USAGE_PERIOD_new,
+(X509V3_EXT_FREE)PKEY_USAGE_PERIOD_free,
+(X509V3_EXT_D2I)d2i_PKEY_USAGE_PERIOD,
+(X509V3_EXT_I2D)i2d_PKEY_USAGE_PERIOD,
+NULL, NULL, NULL, NULL,
+(X509V3_EXT_I2R)i2r_PKEY_USAGE_PERIOD, NULL,
+NULL
+};
+
+int i2d_PKEY_USAGE_PERIOD(PKEY_USAGE_PERIOD *a, unsigned char **pp)
+{
+	M_ASN1_I2D_vars(a);
+
+	M_ASN1_I2D_len_IMP_opt (a->notBefore, i2d_ASN1_GENERALIZEDTIME);
+	M_ASN1_I2D_len_IMP_opt (a->notAfter, i2d_ASN1_GENERALIZEDTIME);
+
+	M_ASN1_I2D_seq_total();
+
+	M_ASN1_I2D_put_IMP_opt (a->notBefore, i2d_ASN1_GENERALIZEDTIME, 0);
+	M_ASN1_I2D_put_IMP_opt (a->notAfter, i2d_ASN1_GENERALIZEDTIME, 1);
+
+	M_ASN1_I2D_finish();
+}
+
+PKEY_USAGE_PERIOD *PKEY_USAGE_PERIOD_new(void)
+{
+	PKEY_USAGE_PERIOD *ret=NULL;
+	ASN1_CTX c;
+	M_ASN1_New_Malloc(ret, PKEY_USAGE_PERIOD);
+	ret->notBefore = NULL;
+	ret->notAfter = NULL;
+	return (ret);
+	M_ASN1_New_Error(ASN1_F_PKEY_USAGE_PERIOD_NEW);
+}
+
+PKEY_USAGE_PERIOD *d2i_PKEY_USAGE_PERIOD(PKEY_USAGE_PERIOD **a,
+	     unsigned char **pp, long length)
+{
+	M_ASN1_D2I_vars(a,PKEY_USAGE_PERIOD *,PKEY_USAGE_PERIOD_new);
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get_IMP_opt (ret->notBefore, d2i_ASN1_GENERALIZEDTIME, 0,
+							V_ASN1_GENERALIZEDTIME);
+	M_ASN1_D2I_get_IMP_opt (ret->notAfter, d2i_ASN1_GENERALIZEDTIME, 1,
+							V_ASN1_GENERALIZEDTIME);
+	M_ASN1_D2I_Finish(a, PKEY_USAGE_PERIOD_free, ASN1_F_D2I_PKEY_USAGE_PERIOD);
+}
+
+void PKEY_USAGE_PERIOD_free(PKEY_USAGE_PERIOD *a)
+{
+	if (a == NULL) return;
+	ASN1_GENERALIZEDTIME_free(a->notBefore);
+	ASN1_GENERALIZEDTIME_free(a->notAfter);
+	Free ((char *)a);
+}
+
+static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method,
+	     PKEY_USAGE_PERIOD *usage, BIO *out, int indent)
+{
+	BIO_printf(out, "%*s", indent, "");
+	if(usage->notBefore) {
+		BIO_write(out, "Not Before: ", 12);
+		ASN1_GENERALIZEDTIME_print(out, usage->notBefore);
+		if(usage->notAfter) BIO_write(out, ", ", 2);
+	}
+	if(usage->notAfter) {
+		BIO_write(out, "Not After: ", 11);
+		ASN1_GENERALIZEDTIME_print(out, usage->notAfter);
+	}
+	return 1;
+}
+
+/*
+static PKEY_USAGE_PERIOD *v2i_PKEY_USAGE_PERIOD(method, ctx, values)
+X509V3_EXT_METHOD *method;
+X509V3_CTX *ctx;
+STACK_OF(CONF_VALUE) *values;
+{
+return NULL;
+}
+*/
diff --git a/crypto/openssl/crypto/x509v3/v3_prn.c b/crypto/openssl/crypto/x509v3/v3_prn.c
new file mode 100644
index 000000000000..dc20c6bdba60
--- /dev/null
+++ b/crypto/openssl/crypto/x509v3/v3_prn.c
@@ -0,0 +1,135 @@
+/* v3_prn.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* X509 v3 extension utilities */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+
+/* Extension printing routines */
+
+/* Print out a name+value stack */
+
+void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, int ml)
+{
+	int i;
+	CONF_VALUE *nval;
+	if(!val) return;
+	if(!ml || !sk_CONF_VALUE_num(val)) {
+		BIO_printf(out, "%*s", indent, "");
+		if(!sk_CONF_VALUE_num(val)) BIO_puts(out, "\n");
+	}
+	for(i = 0; i < sk_CONF_VALUE_num(val); i++) {
+		if(ml) BIO_printf(out, "%*s", indent, "");
+		else if(i > 0) BIO_printf(out, ", ");
+		nval = sk_CONF_VALUE_value(val, i);
+		if(!nval->name) BIO_puts(out, nval->value);
+		else if(!nval->value) BIO_puts(out, nval->name);
+		else BIO_printf(out, "%s:%s", nval->name, nval->value);
+		if(ml) BIO_puts(out, "\n");
+	}
+}
+
+/* Main routine: print out a general extension */
+
+int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, int flag, int indent)
+{
+	char *ext_str = NULL, *value = NULL;
+	unsigned char *p;
+	X509V3_EXT_METHOD *method;	
+	STACK_OF(CONF_VALUE) *nval = NULL;
+	int ok = 1;
+	if(!(method = X509V3_EXT_get(ext))) return 0;
+	p = ext->value->data;
+	if(!(ext_str = method->d2i(NULL, &p, ext->value->length))) return 0;
+	if(method->i2s) {
+		if(!(value = method->i2s(method, ext_str))) {
+			ok = 0;
+			goto err;
+		}
+		BIO_printf(out, "%*s%s", indent, "", value);
+	} else if(method->i2v) {
+		if(!(nval = method->i2v(method, ext_str, NULL))) {
+			ok = 0;
+			goto err;
+		}
+		X509V3_EXT_val_prn(out, nval, indent,
+				 method->ext_flags & X509V3_EXT_MULTILINE);
+	} else if(method->i2r) {
+		if(!method->i2r(method, ext_str, out, indent)) ok = 0;
+	} else ok = 0;
+
+	err:
+		sk_CONF_VALUE_pop_free(nval, X509V3_conf_free);
+		if(value) Free(value);
+		method->ext_free(ext_str);
+		return ok;
+}
+
+#ifndef NO_FP_API
+int X509V3_EXT_print_fp(FILE *fp, X509_EXTENSION *ext, int flag, int indent)
+{
+	BIO *bio_tmp;
+	int ret;
+	if(!(bio_tmp = BIO_new_fp(fp, BIO_NOCLOSE))) return 0;
+	ret = X509V3_EXT_print(bio_tmp, ext, flag, indent);
+	BIO_free(bio_tmp);
+	return ret;
+}
+#endif
diff --git a/crypto/openssl/crypto/x509v3/v3_skey.c b/crypto/openssl/crypto/x509v3/v3_skey.c
new file mode 100644
index 000000000000..fb3e36014d67
--- /dev/null
+++ b/crypto/openssl/crypto/x509v3/v3_skey.c
@@ -0,0 +1,156 @@
+/* v3_skey.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+#include 
+#include "cryptlib.h"
+#include 
+
+static ASN1_OCTET_STRING *octet_string_new(void);
+static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);
+X509V3_EXT_METHOD v3_skey_id = { 
+NID_subject_key_identifier, 0,
+(X509V3_EXT_NEW)octet_string_new,
+(X509V3_EXT_FREE)ASN1_STRING_free,
+(X509V3_EXT_D2I)d2i_ASN1_OCTET_STRING,
+(X509V3_EXT_I2D)i2d_ASN1_OCTET_STRING,
+(X509V3_EXT_I2S)i2s_ASN1_OCTET_STRING,
+(X509V3_EXT_S2I)s2i_skey_id,
+NULL, NULL, NULL, NULL, NULL};
+
+
+static ASN1_OCTET_STRING *octet_string_new(void)
+{
+	return ASN1_OCTET_STRING_new();
+}
+
+char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
+	     ASN1_OCTET_STRING *oct)
+{
+	return hex_to_string(oct->data, oct->length);
+}
+
+ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
+	     X509V3_CTX *ctx, char *str)
+{
+	ASN1_OCTET_STRING *oct;
+	long length;
+
+	if(!(oct = ASN1_OCTET_STRING_new())) {
+		X509V3err(X509V3_F_S2I_ASN1_OCTET_STRING,ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+
+	if(!(oct->data = string_to_hex(str, &length))) {
+		ASN1_OCTET_STRING_free(oct);
+		return NULL;
+	}
+
+	oct->length = length;
+
+	return oct;
+
+}
+
+static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method,
+	     X509V3_CTX *ctx, char *str)
+{
+	ASN1_OCTET_STRING *oct;
+	ASN1_BIT_STRING *pk;
+	unsigned char pkey_dig[EVP_MAX_MD_SIZE];
+	EVP_MD_CTX md;
+	unsigned int diglen;
+
+	if(strcmp(str, "hash")) return s2i_ASN1_OCTET_STRING(method, ctx, str);
+
+	if(!(oct = ASN1_OCTET_STRING_new())) {
+		X509V3err(X509V3_F_S2I_S2I_SKEY_ID,ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+
+	if(ctx && (ctx->flags == CTX_TEST)) return oct;
+
+	if(!ctx || (!ctx->subject_req && !ctx->subject_cert)) {
+		X509V3err(X509V3_F_S2I_ASN1_SKEY_ID,X509V3_R_NO_PUBLIC_KEY);
+		goto err;
+	}
+
+	if(ctx->subject_req) 
+		pk = ctx->subject_req->req_info->pubkey->public_key;
+	else pk = ctx->subject_cert->cert_info->key->public_key;
+
+	if(!pk) {
+		X509V3err(X509V3_F_S2I_ASN1_SKEY_ID,X509V3_R_NO_PUBLIC_KEY);
+		goto err;
+	}
+
+	EVP_DigestInit(&md, EVP_sha1());
+	EVP_DigestUpdate(&md, pk->data, pk->length);
+	EVP_DigestFinal(&md, pkey_dig, &diglen);
+
+	if(!ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) {
+		X509V3err(X509V3_F_S2I_S2I_SKEY_ID,ERR_R_MALLOC_FAILURE);
+		goto err;
+	}
+
+	return oct;
+	
+	err:
+	ASN1_OCTET_STRING_free(oct);
+	return NULL;
+}
diff --git a/crypto/openssl/crypto/x509v3/v3_sxnet.c b/crypto/openssl/crypto/x509v3/v3_sxnet.c
new file mode 100644
index 000000000000..0687bb4e3d0f
--- /dev/null
+++ b/crypto/openssl/crypto/x509v3/v3_sxnet.c
@@ -0,0 +1,340 @@
+/* v3_sxnet.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+#include 
+
+/* Support for Thawte strong extranet extension */
+
+#define SXNET_TEST
+
+static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out, int indent);
+#ifdef SXNET_TEST
+static SXNET * sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+						STACK_OF(CONF_VALUE) *nval);
+#endif
+X509V3_EXT_METHOD v3_sxnet = {
+NID_sxnet, X509V3_EXT_MULTILINE,
+(X509V3_EXT_NEW)SXNET_new,
+(X509V3_EXT_FREE)SXNET_free,
+(X509V3_EXT_D2I)d2i_SXNET,
+(X509V3_EXT_I2D)i2d_SXNET,
+NULL, NULL,
+NULL, 
+#ifdef SXNET_TEST
+(X509V3_EXT_V2I)sxnet_v2i,
+#else
+NULL,
+#endif
+(X509V3_EXT_I2R)sxnet_i2r,
+NULL,
+NULL
+};
+
+
+int i2d_SXNET(SXNET *a, unsigned char **pp)
+{
+	M_ASN1_I2D_vars(a);
+
+	M_ASN1_I2D_len (a->version, i2d_ASN1_INTEGER);
+	M_ASN1_I2D_len_SEQUENCE_type (SXNETID, a->ids, i2d_SXNETID);
+
+	M_ASN1_I2D_seq_total();
+
+	M_ASN1_I2D_put (a->version, i2d_ASN1_INTEGER);
+	M_ASN1_I2D_put_SEQUENCE_type (SXNETID, a->ids, i2d_SXNETID);
+
+	M_ASN1_I2D_finish();
+}
+
+SXNET *SXNET_new(void)
+{
+	SXNET *ret=NULL;
+	ASN1_CTX c;
+	M_ASN1_New_Malloc(ret, SXNET);
+	M_ASN1_New(ret->version,ASN1_INTEGER_new);
+	M_ASN1_New(ret->ids,sk_SXNETID_new_null);
+	return (ret);
+	M_ASN1_New_Error(ASN1_F_SXNET_NEW);
+}
+
+SXNET *d2i_SXNET(SXNET **a, unsigned char **pp, long length)
+{
+	M_ASN1_D2I_vars(a,SXNET *,SXNET_new);
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get (ret->version, d2i_ASN1_INTEGER);
+	M_ASN1_D2I_get_seq_type (SXNETID, ret->ids, d2i_SXNETID, SXNETID_free);
+	M_ASN1_D2I_Finish(a, SXNET_free, ASN1_F_D2I_SXNET);
+}
+
+void SXNET_free(SXNET *a)
+{
+	if (a == NULL) return;
+	ASN1_INTEGER_free(a->version);
+	sk_SXNETID_pop_free(a->ids, SXNETID_free);
+	Free (a);
+}
+
+int i2d_SXNETID(SXNETID *a, unsigned char **pp)
+{
+	M_ASN1_I2D_vars(a);
+
+	M_ASN1_I2D_len (a->zone, i2d_ASN1_INTEGER);
+	M_ASN1_I2D_len (a->user, i2d_ASN1_OCTET_STRING);
+
+	M_ASN1_I2D_seq_total();
+
+	M_ASN1_I2D_put (a->zone, i2d_ASN1_INTEGER);
+	M_ASN1_I2D_put (a->user, i2d_ASN1_OCTET_STRING);
+
+	M_ASN1_I2D_finish();
+}
+
+SXNETID *SXNETID_new(void)
+{
+	SXNETID *ret=NULL;
+	ASN1_CTX c;
+	M_ASN1_New_Malloc(ret, SXNETID);
+	ret->zone = NULL;
+	M_ASN1_New(ret->user,ASN1_OCTET_STRING_new);
+	return (ret);
+	M_ASN1_New_Error(ASN1_F_SXNETID_NEW);
+}
+
+SXNETID *d2i_SXNETID(SXNETID **a, unsigned char **pp, long length)
+{
+	M_ASN1_D2I_vars(a,SXNETID *,SXNETID_new);
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get(ret->zone, d2i_ASN1_INTEGER);
+	M_ASN1_D2I_get(ret->user, d2i_ASN1_OCTET_STRING);
+	M_ASN1_D2I_Finish(a, SXNETID_free, ASN1_F_D2I_SXNETID);
+}
+
+void SXNETID_free(SXNETID *a)
+{
+	if (a == NULL) return;
+	ASN1_INTEGER_free(a->zone);
+	ASN1_OCTET_STRING_free(a->user);
+	Free (a);
+}
+
+static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out,
+	     int indent)
+{
+	long v;
+	char *tmp;
+	SXNETID *id;
+	int i;
+	v = ASN1_INTEGER_get(sx->version);
+	BIO_printf(out, "%*sVersion: %d (0x%X)", indent, "", v + 1, v);
+	for(i = 0; i < sk_SXNETID_num(sx->ids); i++) {
+		id = sk_SXNETID_value(sx->ids, i);
+		tmp = i2s_ASN1_INTEGER(NULL, id->zone);
+		BIO_printf(out, "\n%*sZone: %s, User: ", indent, "", tmp);
+		Free(tmp);
+		ASN1_OCTET_STRING_print(out, id->user);
+	}
+	return 1;
+}
+
+#ifdef SXNET_TEST
+
+/* NBB: this is used for testing only. It should *not* be used for anything
+ * else because it will just take static IDs from the configuration file and
+ * they should really be separate values for each user.
+ */
+
+
+static SXNET * sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+	     STACK_OF(CONF_VALUE) *nval)
+{
+	CONF_VALUE *cnf;
+	SXNET *sx = NULL;
+	int i;
+	for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+		cnf = sk_CONF_VALUE_value(nval, i);
+		if(!SXNET_add_id_asc(&sx, cnf->name, cnf->value, -1))
+								 return NULL;
+	}
+	return sx;
+}
+		
+	
+#endif
+
+/* Strong Extranet utility functions */
+
+/* Add an id given the zone as an ASCII number */
+
+int SXNET_add_id_asc(SXNET **psx, char *zone, char *user,
+	     int userlen)
+{
+	ASN1_INTEGER *izone = NULL;
+	if(!(izone = s2i_ASN1_INTEGER(NULL, zone))) {
+		X509V3err(X509V3_F_SXNET_ADD_ASC,X509V3_R_ERROR_CONVERTING_ZONE);
+		return 0;
+	}
+	return SXNET_add_id_INTEGER(psx, izone, user, userlen);
+}
+
+/* Add an id given the zone as an unsigned long */
+
+int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user,
+	     int userlen)
+{
+	ASN1_INTEGER *izone = NULL;
+	if(!(izone = ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) {
+		X509V3err(X509V3_F_SXNET_ADD_ID_ULONG,ERR_R_MALLOC_FAILURE);
+		ASN1_INTEGER_free(izone);
+		return 0;
+	}
+	return SXNET_add_id_INTEGER(psx, izone, user, userlen);
+	
+}
+
+/* Add an id given the zone as an ASN1_INTEGER.
+ * Note this version uses the passed integer and doesn't make a copy so don't
+ * free it up afterwards.
+ */
+
+int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, char *user,
+	     int userlen)
+{
+	SXNET *sx = NULL;
+	SXNETID *id = NULL;
+	if(!psx || !zone || !user) {
+		X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,X509V3_R_INVALID_NULL_ARGUMENT);
+		return 0;
+	}
+	if(userlen == -1) userlen = strlen(user);
+	if(userlen > 64) {
+		X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,X509V3_R_USER_TOO_LONG);
+		return 0;
+	}
+	if(!*psx) {
+		if(!(sx = SXNET_new())) goto err;
+		if(!ASN1_INTEGER_set(sx->version, 0)) goto err;
+		*psx = sx;
+	} else sx = *psx;
+	if(SXNET_get_id_INTEGER(sx, zone)) {
+		X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,X509V3_R_DUPLICATE_ZONE_ID);
+		return 0;
+	}
+
+	if(!(id = SXNETID_new())) goto err;
+	if(userlen == -1) userlen = strlen(user);
+		
+	if(!ASN1_OCTET_STRING_set(id->user, user, userlen)) goto err;
+	if(!sk_SXNETID_push(sx->ids, id)) goto err;
+	id->zone = zone;
+	return 1;
+	
+	err:
+	X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,ERR_R_MALLOC_FAILURE);
+	SXNETID_free(id);
+	SXNET_free(sx);
+	*psx = NULL;
+	return 0;
+}
+
+ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone)
+{
+	ASN1_INTEGER *izone = NULL;
+	ASN1_OCTET_STRING *oct;
+	if(!(izone = s2i_ASN1_INTEGER(NULL, zone))) {
+		X509V3err(X509V3_F_SXNET_GET_ID_ASC,X509V3_R_ERROR_CONVERTING_ZONE);
+		return NULL;
+	}
+	oct = SXNET_get_id_INTEGER(sx, izone);
+	ASN1_INTEGER_free(izone);
+	return oct;
+}
+
+ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone)
+{
+	ASN1_INTEGER *izone = NULL;
+	ASN1_OCTET_STRING *oct;
+	if(!(izone = ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) {
+		X509V3err(X509V3_F_SXNET_GET_ID_ULONG,ERR_R_MALLOC_FAILURE);
+		ASN1_INTEGER_free(izone);
+		return NULL;
+	}
+	oct = SXNET_get_id_INTEGER(sx, izone);
+	ASN1_INTEGER_free(izone);
+	return oct;
+}
+
+ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone)
+{
+	SXNETID *id;
+	int i;
+	for(i = 0; i < sk_SXNETID_num(sx->ids); i++) {
+		id = sk_SXNETID_value(sx->ids, i);
+		if(!ASN1_INTEGER_cmp(id->zone, zone)) return id->user;
+	}
+	return NULL;
+}
+
+IMPLEMENT_STACK_OF(SXNETID)
+IMPLEMENT_ASN1_SET_OF(SXNETID)
diff --git a/crypto/openssl/crypto/x509v3/v3_utl.c b/crypto/openssl/crypto/x509v3/v3_utl.c
new file mode 100644
index 000000000000..40f71c71b4fd
--- /dev/null
+++ b/crypto/openssl/crypto/x509v3/v3_utl.c
@@ -0,0 +1,418 @@
+/* v3_utl.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* X509 v3 extension utilities */
+
+
+#include 
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+
+static char *strip_spaces(char *name);
+
+/* Add a CONF_VALUE name value pair to stack */
+
+int X509V3_add_value(const char *name, const char *value,
+						STACK_OF(CONF_VALUE) **extlist)
+{
+	CONF_VALUE *vtmp = NULL;
+	char *tname = NULL, *tvalue = NULL;
+	if(name && !(tname = BUF_strdup(name))) goto err;
+	if(value && !(tvalue = BUF_strdup(value))) goto err;;
+	if(!(vtmp = (CONF_VALUE *)Malloc(sizeof(CONF_VALUE)))) goto err;
+	if(!*extlist && !(*extlist = sk_CONF_VALUE_new(NULL))) goto err;
+	vtmp->section = NULL;
+	vtmp->name = tname;
+	vtmp->value = tvalue;
+	if(!sk_CONF_VALUE_push(*extlist, vtmp)) goto err;
+	return 1;
+	err:
+	X509V3err(X509V3_F_X509V3_ADD_VALUE,ERR_R_MALLOC_FAILURE);
+	if(vtmp) Free(vtmp);
+	if(tname) Free(tname);
+	if(tvalue) Free(tvalue);
+	return 0;
+}
+
+int X509V3_add_value_uchar(const char *name, const unsigned char *value,
+			   STACK_OF(CONF_VALUE) **extlist)
+    {
+    return X509V3_add_value(name,(const char *)value,extlist);
+    }
+
+/* Free function for STACK_OF(CONF_VALUE) */
+
+void X509V3_conf_free(CONF_VALUE *conf)
+{
+	if(!conf) return;
+	if(conf->name) Free(conf->name);
+	if(conf->value) Free(conf->value);
+	if(conf->section) Free(conf->section);
+	Free((char *)conf);
+}
+
+int X509V3_add_value_bool(const char *name, int asn1_bool,
+						STACK_OF(CONF_VALUE) **extlist)
+{
+	if(asn1_bool) return X509V3_add_value(name, "TRUE", extlist);
+	return X509V3_add_value(name, "FALSE", extlist);
+}
+
+int X509V3_add_value_bool_nf(char *name, int asn1_bool,
+						STACK_OF(CONF_VALUE) **extlist)
+{
+	if(asn1_bool) return X509V3_add_value(name, "TRUE", extlist);
+	return 1;
+}
+
+
+char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *method, ASN1_ENUMERATED *a)
+{
+	BIGNUM *bntmp = NULL;
+	char *strtmp = NULL;
+	if(!a) return NULL;
+	if(!(bntmp = ASN1_ENUMERATED_to_BN(a, NULL)) ||
+	    !(strtmp = BN_bn2dec(bntmp)) )
+		X509V3err(X509V3_F_I2S_ASN1_ENUMERATED,ERR_R_MALLOC_FAILURE);
+	BN_free(bntmp);
+	return strtmp;
+}
+
+char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *method, ASN1_INTEGER *a)
+{
+	BIGNUM *bntmp = NULL;
+	char *strtmp = NULL;
+	if(!a) return NULL;
+	if(!(bntmp = ASN1_INTEGER_to_BN(a, NULL)) ||
+	    !(strtmp = BN_bn2dec(bntmp)) )
+		X509V3err(X509V3_F_I2S_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
+	BN_free(bntmp);
+	return strtmp;
+}
+
+ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, char *value)
+{
+	BIGNUM *bn = NULL;
+	ASN1_INTEGER *aint;
+	bn = BN_new();
+	if(!value) {
+		X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_INVALID_NULL_VALUE);
+		return 0;
+	}
+	if(!BN_dec2bn(&bn, value)) {
+		X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_BN_DEC2BN_ERROR);
+		return 0;
+	}
+
+	if(!(aint = BN_to_ASN1_INTEGER(bn, NULL))) {
+		X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_BN_TO_ASN1_INTEGER_ERROR);
+		return 0;
+	}
+	BN_free(bn);
+	return aint;
+}
+
+int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint,
+	     STACK_OF(CONF_VALUE) **extlist)
+{
+	char *strtmp;
+	int ret;
+	if(!aint) return 1;
+	if(!(strtmp = i2s_ASN1_INTEGER(NULL, aint))) return 0;
+	ret = X509V3_add_value(name, strtmp, extlist);
+	Free(strtmp);
+	return ret;
+}
+
+int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool)
+{
+	char *btmp;
+	if(!(btmp = value->value)) goto err;
+	if(!strcmp(btmp, "TRUE") || !strcmp(btmp, "true")
+		 || !strcmp(btmp, "Y") || !strcmp(btmp, "y")
+		|| !strcmp(btmp, "YES") || !strcmp(btmp, "yes")) {
+		*asn1_bool = 0xff;
+		return 1;
+	} else if(!strcmp(btmp, "FALSE") || !strcmp(btmp, "false")
+		 || !strcmp(btmp, "N") || !strcmp(btmp, "n")
+		|| !strcmp(btmp, "NO") || !strcmp(btmp, "no")) {
+		*asn1_bool = 0;
+		return 1;
+	}
+	err:
+	X509V3err(X509V3_F_X509V3_GET_VALUE_BOOL,X509V3_R_INVALID_BOOLEAN_STRING);
+	X509V3_conf_err(value);
+	return 0;
+}
+
+int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint)
+{
+	ASN1_INTEGER *itmp;
+	if(!(itmp = s2i_ASN1_INTEGER(NULL, value->value))) {
+		X509V3_conf_err(value);
+		return 0;
+	}
+	*aint = itmp;
+	return 1;
+}
+
+#define HDR_NAME	1
+#define HDR_VALUE	2
+
+/*#define DEBUG*/
+
+STACK_OF(CONF_VALUE) *X509V3_parse_list(char *line)
+{
+	char *p, *q, c;
+	char *ntmp, *vtmp;
+	STACK_OF(CONF_VALUE) *values = NULL;
+	char *linebuf;
+	int state;
+	/* We are going to modify the line so copy it first */
+	linebuf = BUF_strdup(line);
+	state = HDR_NAME;
+	ntmp = NULL;
+	/* Go through all characters */
+	for(p = linebuf, q = linebuf; (c = *p) && (c!='\r') && (c!='\n'); p++) {
+
+		switch(state) {
+			case HDR_NAME:
+			if(c == ':') {
+				state = HDR_VALUE;
+				*p = 0;
+				ntmp = strip_spaces(q);
+				if(!ntmp) {
+					X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME);
+					goto err;
+				}
+				q = p + 1;
+			} else if(c == ',') {
+				*p = 0;
+				ntmp = strip_spaces(q);
+				q = p + 1;
+#ifdef DEBUG
+				printf("%s\n", ntmp);
+#endif
+				if(!ntmp) {
+					X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME);
+					goto err;
+				}
+				X509V3_add_value(ntmp, NULL, &values);
+			}
+			break ;
+
+			case HDR_VALUE:
+			if(c == ',') {
+				state = HDR_NAME;
+				*p = 0;
+				vtmp = strip_spaces(q);
+#ifdef DEBUG
+				printf("%s\n", ntmp);
+#endif
+				if(!vtmp) {
+					X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_VALUE);
+					goto err;
+				}
+				X509V3_add_value(ntmp, vtmp, &values);
+				ntmp = NULL;
+				q = p + 1;
+			}
+
+		}
+	}
+
+	if(state == HDR_VALUE) {
+		vtmp = strip_spaces(q);
+#ifdef DEBUG
+		printf("%s=%s\n", ntmp, vtmp);
+#endif
+		if(!vtmp) {
+			X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_VALUE);
+			goto err;
+		}
+		X509V3_add_value(ntmp, vtmp, &values);
+	} else {
+		ntmp = strip_spaces(q);
+#ifdef DEBUG
+		printf("%s\n", ntmp);
+#endif
+		if(!ntmp) {
+			X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME);
+			goto err;
+		}
+		X509V3_add_value(ntmp, NULL, &values);
+	}
+Free(linebuf);
+return values;
+
+err:
+Free(linebuf);
+sk_CONF_VALUE_pop_free(values, X509V3_conf_free);
+return NULL;
+
+}
+
+/* Delete leading and trailing spaces from a string */
+static char *strip_spaces(char *name)
+{
+	char *p, *q;
+	/* Skip over leading spaces */
+	p = name;
+	while(*p && isspace((unsigned char)*p)) p++;
+	if(!*p) return NULL;
+	q = p + strlen(p) - 1;
+	while((q != p) && isspace((unsigned char)*q)) q--;
+	if(p != q) q[1] = 0;
+	if(!*p) return NULL;
+	return p;
+}
+
+/* hex string utilities */
+
+/* Given a buffer of length 'len' return a Malloc'ed string with its
+ * hex representation
+ */
+
+char *hex_to_string(unsigned char *buffer, long len)
+{
+	char *tmp, *q;
+	unsigned char *p;
+	int i;
+	static char hexdig[] = "0123456789ABCDEF";
+	if(!buffer || !len) return NULL;
+	if(!(tmp = Malloc(len * 3 + 1))) {
+		X509V3err(X509V3_F_HEX_TO_STRING,ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+	q = tmp;
+	for(i = 0, p = buffer; i < len; i++,p++) {
+		*q++ = hexdig[(*p >> 4) & 0xf];
+		*q++ = hexdig[*p & 0xf];
+		*q++ = ':';
+	}
+	q[-1] = 0;
+	return tmp;
+}
+
+/* Give a string of hex digits convert to
+ * a buffer
+ */
+
+unsigned char *string_to_hex(char *str, long *len)
+{
+	unsigned char *hexbuf, *q;
+	unsigned char ch, cl, *p;
+	if(!str) {
+		X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_INVALID_NULL_ARGUMENT);
+		return NULL;
+	}
+	if(!(hexbuf = Malloc(strlen(str) >> 1))) goto err;
+	for(p = (unsigned char *)str, q = hexbuf; *p;) {
+		ch = *p++;
+		if(ch == ':') continue;
+		cl = *p++;
+		if(!cl) {
+			X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_ODD_NUMBER_OF_DIGITS);
+			Free(hexbuf);
+			return NULL;
+		}
+		if(isupper(ch)) ch = tolower(ch);
+		if(isupper(cl)) cl = tolower(cl);
+
+		if((ch >= '0') && (ch <= '9')) ch -= '0';
+		else if ((ch >= 'a') && (ch <= 'f')) ch -= 'a' - 10;
+		else goto badhex;
+
+		if((cl >= '0') && (cl <= '9')) cl -= '0';
+		else if ((cl >= 'a') && (cl <= 'f')) cl -= 'a' - 10;
+		else goto badhex;
+
+		*q++ = (ch << 4) | cl;
+	}
+
+	if(len) *len = q - hexbuf;
+
+	return hexbuf;
+
+	err:
+	if(hexbuf) Free(hexbuf);
+	X509V3err(X509V3_F_STRING_TO_HEX,ERR_R_MALLOC_FAILURE);
+	return NULL;
+
+	badhex:
+	Free(hexbuf);
+	X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_ILLEGAL_HEX_DIGIT);
+	return NULL;
+
+}
+
+/* V2I name comparison function: returns zero if 'name' matches
+ * cmp or cmp.*
+ */
+
+int name_cmp(const char *name, const char *cmp)
+{
+	int len, ret;
+	char c;
+	len = strlen(cmp);
+	if((ret = strncmp(name, cmp, len))) return ret;
+	c = name[len];
+	if(!c || (c=='.')) return 0;
+	return 1;
+}
diff --git a/crypto/openssl/crypto/x509v3/v3conf.c b/crypto/openssl/crypto/x509v3/v3conf.c
new file mode 100644
index 000000000000..21cf746f459c
--- /dev/null
+++ b/crypto/openssl/crypto/x509v3/v3conf.c
@@ -0,0 +1,128 @@
+/* v3conf.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+#include 
+#include 
+
+/* Test application to add extensions from a config file */
+
+int main(int argc, char **argv)
+{
+	LHASH *conf;
+	X509 *cert;
+	FILE *inf;
+	char *conf_file;
+	int i;
+	int count;
+	X509_EXTENSION *ext;
+	X509V3_add_standard_extensions();
+	ERR_load_crypto_strings();
+	if(!argv[1]) {
+		fprintf(stderr, "Usage: v3conf cert.pem [file.cnf]\n");
+		exit(1);
+	}
+	conf_file = argv[2];
+	if(!conf_file) conf_file = "test.cnf";
+	conf = CONF_load(NULL, "test.cnf", NULL);
+	if(!conf) {
+		fprintf(stderr, "Error opening Config file %s\n", conf_file);
+		ERR_print_errors_fp(stderr);
+		exit(1);
+	}
+
+	inf = fopen(argv[1], "r");
+	if(!inf) {
+		fprintf(stderr, "Can't open certificate file %s\n", argv[1]);
+		exit(1);
+	}
+	cert = PEM_read_X509(inf, NULL, NULL);
+	if(!cert) {
+		fprintf(stderr, "Error reading certificate file %s\n", argv[1]);
+		exit(1);
+	}
+	fclose(inf);
+
+	sk_pop_free(cert->cert_info->extensions, X509_EXTENSION_free);
+	cert->cert_info->extensions = NULL;
+
+	if(!X509V3_EXT_add_conf(conf, NULL, "test_section", cert)) {
+		fprintf(stderr, "Error adding extensions\n");
+		ERR_print_errors_fp(stderr);
+		exit(1);
+	}
+
+	count = X509_get_ext_count(cert);
+	printf("%d extensions\n", count);
+	for(i = 0; i < count; i++) {
+		ext = X509_get_ext(cert, i);
+		printf("%s", OBJ_nid2ln(OBJ_obj2nid(ext->object)));
+		if(ext->critical) printf(",critical:\n");
+		else printf(":\n");
+		X509V3_EXT_print_fp(stdout, ext, 0);
+		printf("\n");
+		
+	}
+	return 0;
+}
+
diff --git a/crypto/openssl/crypto/x509v3/v3err.c b/crypto/openssl/crypto/x509v3/v3err.c
new file mode 100644
index 000000000000..50efa8d99d85
--- /dev/null
+++ b/crypto/openssl/crypto/x509v3/v3err.c
@@ -0,0 +1,171 @@
+/* crypto/x509v3/v3err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file.
+ */
+
+#include 
+#include 
+#include 
+
+/* BEGIN ERROR CODES */
+#ifndef NO_ERR
+static ERR_STRING_DATA X509V3_str_functs[]=
+	{
+{ERR_PACK(0,X509V3_F_COPY_EMAIL,0),	"COPY_EMAIL"},
+{ERR_PACK(0,X509V3_F_COPY_ISSUER,0),	"COPY_ISSUER"},
+{ERR_PACK(0,X509V3_F_DO_EXT_CONF,0),	"DO_EXT_CONF"},
+{ERR_PACK(0,X509V3_F_DO_EXT_I2D,0),	"DO_EXT_I2D"},
+{ERR_PACK(0,X509V3_F_HEX_TO_STRING,0),	"hex_to_string"},
+{ERR_PACK(0,X509V3_F_I2S_ASN1_ENUMERATED,0),	"i2s_ASN1_ENUMERATED"},
+{ERR_PACK(0,X509V3_F_I2S_ASN1_INTEGER,0),	"i2s_ASN1_INTEGER"},
+{ERR_PACK(0,X509V3_F_NOTICE_SECTION,0),	"NOTICE_SECTION"},
+{ERR_PACK(0,X509V3_F_NREF_NOS,0),	"NREF_NOS"},
+{ERR_PACK(0,X509V3_F_POLICY_SECTION,0),	"POLICY_SECTION"},
+{ERR_PACK(0,X509V3_F_R2I_CERTPOL,0),	"R2I_CERTPOL"},
+{ERR_PACK(0,X509V3_F_S2I_ASN1_IA5STRING,0),	"S2I_ASN1_IA5STRING"},
+{ERR_PACK(0,X509V3_F_S2I_ASN1_INTEGER,0),	"s2i_ASN1_INTEGER"},
+{ERR_PACK(0,X509V3_F_S2I_ASN1_OCTET_STRING,0),	"s2i_ASN1_OCTET_STRING"},
+{ERR_PACK(0,X509V3_F_S2I_ASN1_SKEY_ID,0),	"S2I_ASN1_SKEY_ID"},
+{ERR_PACK(0,X509V3_F_S2I_S2I_SKEY_ID,0),	"S2I_S2I_SKEY_ID"},
+{ERR_PACK(0,X509V3_F_STRING_TO_HEX,0),	"string_to_hex"},
+{ERR_PACK(0,X509V3_F_SXNET_ADD_ASC,0),	"SXNET_ADD_ASC"},
+{ERR_PACK(0,X509V3_F_SXNET_ADD_ID_INTEGER,0),	"SXNET_add_id_INTEGER"},
+{ERR_PACK(0,X509V3_F_SXNET_ADD_ID_ULONG,0),	"SXNET_add_id_ulong"},
+{ERR_PACK(0,X509V3_F_SXNET_GET_ID_ASC,0),	"SXNET_get_id_asc"},
+{ERR_PACK(0,X509V3_F_SXNET_GET_ID_ULONG,0),	"SXNET_get_id_ulong"},
+{ERR_PACK(0,X509V3_F_V2I_ASN1_BIT_STRING,0),	"V2I_ASN1_BIT_STRING"},
+{ERR_PACK(0,X509V3_F_V2I_AUTHORITY_KEYID,0),	"V2I_AUTHORITY_KEYID"},
+{ERR_PACK(0,X509V3_F_V2I_BASIC_CONSTRAINTS,0),	"V2I_BASIC_CONSTRAINTS"},
+{ERR_PACK(0,X509V3_F_V2I_CRLD,0),	"V2I_CRLD"},
+{ERR_PACK(0,X509V3_F_V2I_EXT_KU,0),	"V2I_EXT_KU"},
+{ERR_PACK(0,X509V3_F_V2I_GENERAL_NAME,0),	"v2i_GENERAL_NAME"},
+{ERR_PACK(0,X509V3_F_V2I_GENERAL_NAMES,0),	"v2i_GENERAL_NAMES"},
+{ERR_PACK(0,X509V3_F_V3_GENERIC_EXTENSION,0),	"V3_GENERIC_EXTENSION"},
+{ERR_PACK(0,X509V3_F_X509V3_ADD_VALUE,0),	"X509V3_add_value"},
+{ERR_PACK(0,X509V3_F_X509V3_EXT_ADD,0),	"X509V3_EXT_add"},
+{ERR_PACK(0,X509V3_F_X509V3_EXT_ADD_ALIAS,0),	"X509V3_EXT_add_alias"},
+{ERR_PACK(0,X509V3_F_X509V3_EXT_CONF,0),	"X509V3_EXT_conf"},
+{ERR_PACK(0,X509V3_F_X509V3_EXT_I2D,0),	"X509V3_EXT_i2d"},
+{ERR_PACK(0,X509V3_F_X509V3_GET_VALUE_BOOL,0),	"X509V3_get_value_bool"},
+{ERR_PACK(0,X509V3_F_X509V3_PARSE_LIST,0),	"X509V3_parse_list"},
+{0,NULL}
+	};
+
+static ERR_STRING_DATA X509V3_str_reasons[]=
+	{
+{X509V3_R_BAD_IP_ADDRESS                 ,"bad ip address"},
+{X509V3_R_BAD_OBJECT                     ,"bad object"},
+{X509V3_R_BN_DEC2BN_ERROR                ,"bn dec2bn error"},
+{X509V3_R_BN_TO_ASN1_INTEGER_ERROR       ,"bn to asn1 integer error"},
+{X509V3_R_DUPLICATE_ZONE_ID              ,"duplicate zone id"},
+{X509V3_R_ERROR_CONVERTING_ZONE          ,"error converting zone"},
+{X509V3_R_ERROR_IN_EXTENSION             ,"error in extension"},
+{X509V3_R_EXPECTED_A_SECTION_NAME        ,"expected a section name"},
+{X509V3_R_EXTENSION_NAME_ERROR           ,"extension name error"},
+{X509V3_R_EXTENSION_NOT_FOUND            ,"extension not found"},
+{X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED,"extension setting not supported"},
+{X509V3_R_EXTENSION_VALUE_ERROR          ,"extension value error"},
+{X509V3_R_ILLEGAL_HEX_DIGIT              ,"illegal hex digit"},
+{X509V3_R_INVALID_BOOLEAN_STRING         ,"invalid boolean string"},
+{X509V3_R_INVALID_EXTENSION_STRING       ,"invalid extension string"},
+{X509V3_R_INVALID_NAME                   ,"invalid name"},
+{X509V3_R_INVALID_NULL_ARGUMENT          ,"invalid null argument"},
+{X509V3_R_INVALID_NULL_NAME              ,"invalid null name"},
+{X509V3_R_INVALID_NULL_VALUE             ,"invalid null value"},
+{X509V3_R_INVALID_NUMBER                 ,"invalid number"},
+{X509V3_R_INVALID_NUMBERS                ,"invalid numbers"},
+{X509V3_R_INVALID_OBJECT_IDENTIFIER      ,"invalid object identifier"},
+{X509V3_R_INVALID_OPTION                 ,"invalid option"},
+{X509V3_R_INVALID_POLICY_IDENTIFIER      ,"invalid policy identifier"},
+{X509V3_R_INVALID_SECTION                ,"invalid section"},
+{X509V3_R_ISSUER_DECODE_ERROR            ,"issuer decode error"},
+{X509V3_R_MISSING_VALUE                  ,"missing value"},
+{X509V3_R_NEED_ORGANIZATION_AND_NUMBERS  ,"need organization and numbers"},
+{X509V3_R_NO_CONFIG_DATABASE             ,"no config database"},
+{X509V3_R_NO_ISSUER_CERTIFICATE          ,"no issuer certificate"},
+{X509V3_R_NO_ISSUER_DETAILS              ,"no issuer details"},
+{X509V3_R_NO_POLICY_IDENTIFIER           ,"no policy identifier"},
+{X509V3_R_NO_PUBLIC_KEY                  ,"no public key"},
+{X509V3_R_NO_SUBJECT_DETAILS             ,"no subject details"},
+{X509V3_R_ODD_NUMBER_OF_DIGITS           ,"odd number of digits"},
+{X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS   ,"unable to get issuer details"},
+{X509V3_R_UNABLE_TO_GET_ISSUER_KEYID     ,"unable to get issuer keyid"},
+{X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT    ,"unknown bit string argument"},
+{X509V3_R_UNKNOWN_EXTENSION              ,"unknown extension"},
+{X509V3_R_UNKNOWN_EXTENSION_NAME         ,"unknown extension name"},
+{X509V3_R_UNKNOWN_OPTION                 ,"unknown option"},
+{X509V3_R_UNSUPPORTED_OPTION             ,"unsupported option"},
+{X509V3_R_USER_TOO_LONG                  ,"user too long"},
+{0,NULL}
+	};
+
+#endif
+
+void ERR_load_X509V3_strings(void)
+	{
+	static int init=1;
+
+	if (init)
+		{
+		init=0;
+#ifndef NO_ERR
+		ERR_load_strings(ERR_LIB_X509V3,X509V3_str_functs);
+		ERR_load_strings(ERR_LIB_X509V3,X509V3_str_reasons);
+#endif
+
+		}
+	}
diff --git a/crypto/openssl/crypto/x509v3/v3prin.c b/crypto/openssl/crypto/x509v3/v3prin.c
new file mode 100644
index 000000000000..ee798859f0b3
--- /dev/null
+++ b/crypto/openssl/crypto/x509v3/v3prin.c
@@ -0,0 +1,101 @@
+/* v3prin.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+#include 
+#include 
+
+int main(int argc, char **argv)
+{
+	X509 *cert;
+	FILE *inf;
+	int i, count;
+	X509_EXTENSION *ext;
+	X509V3_add_standard_extensions();
+	ERR_load_crypto_strings();
+	if(!argv[1]) {
+		fprintf(stderr, "Usage v3prin cert.pem\n");
+		exit(1);
+	}
+	if(!(inf = fopen(argv[1], "r"))) {
+		fprintf(stderr, "Can't open %s\n", argv[1]);
+		exit(1);
+	}
+	if(!(cert = PEM_read_X509(inf, NULL, NULL))) {
+		fprintf(stderr, "Can't read certificate %s\n", argv[1]);
+		ERR_print_errors_fp(stderr);
+		exit(1);
+	}
+	fclose(inf);
+	count = X509_get_ext_count(cert);
+	printf("%d extensions\n", count);
+	for(i = 0; i < count; i++) {
+		ext = X509_get_ext(cert, i);
+		printf("%s\n", OBJ_nid2ln(OBJ_obj2nid(ext->object)));
+		if(!X509V3_EXT_print_fp(stdout, ext, 0, 0)) ERR_print_errors_fp(stderr);
+		printf("\n");
+		
+	}
+	return 0;
+}
diff --git a/crypto/openssl/crypto/x509v3/x509v3.h b/crypto/openssl/crypto/x509v3/x509v3.h
new file mode 100644
index 000000000000..4eb04a5a89cb
--- /dev/null
+++ b/crypto/openssl/crypto/x509v3/x509v3.h
@@ -0,0 +1,532 @@
+/* x509v3.h */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#ifndef HEADER_X509V3_H
+#define HEADER_X509V3_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include 
+#include 
+#include 
+
+/* Forward reference */
+struct v3_ext_method;
+struct v3_ext_ctx;
+
+/* Useful typedefs */
+
+typedef void * (*X509V3_EXT_NEW)(void);
+typedef void (*X509V3_EXT_FREE)(void *);
+typedef void * (*X509V3_EXT_D2I)(void *, unsigned char ** , long);
+typedef int (*X509V3_EXT_I2D)(void *, unsigned char **);
+typedef STACK_OF(CONF_VALUE) * (*X509V3_EXT_I2V)(struct v3_ext_method *method, void *ext, STACK_OF(CONF_VALUE) *extlist);
+typedef void * (*X509V3_EXT_V2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, STACK_OF(CONF_VALUE) *values);
+typedef char * (*X509V3_EXT_I2S)(struct v3_ext_method *method, void *ext);
+typedef void * (*X509V3_EXT_S2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str);
+typedef int (*X509V3_EXT_I2R)(struct v3_ext_method *method, void *ext, BIO *out, int indent);
+typedef void * (*X509V3_EXT_R2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str);
+
+/* V3 extension structure */
+
+struct v3_ext_method {
+int ext_nid;
+int ext_flags;
+X509V3_EXT_NEW ext_new;
+X509V3_EXT_FREE ext_free;
+X509V3_EXT_D2I d2i;
+X509V3_EXT_I2D i2d;
+
+/* The following pair is used for string extensions */
+X509V3_EXT_I2S i2s;
+X509V3_EXT_S2I s2i;
+
+/* The following pair is used for multi-valued extensions */
+X509V3_EXT_I2V i2v;
+X509V3_EXT_V2I v2i;
+
+/* The following are used for raw extensions */
+X509V3_EXT_I2R i2r;
+X509V3_EXT_R2I r2i;
+
+void *usr_data;	/* Any extension specific data */
+};
+
+typedef struct X509V3_CONF_METHOD_st {
+char * (*get_string)(void *db, char *section, char *value);
+STACK_OF(CONF_VALUE) * (*get_section)(void *db, char *section);
+void (*free_string)(void *db, char * string);
+void (*free_section)(void *db, STACK_OF(CONF_VALUE) *section);
+} X509V3_CONF_METHOD;
+
+/* Context specific info */
+struct v3_ext_ctx {
+#define CTX_TEST 0x1
+int flags;
+X509 *issuer_cert;
+X509 *subject_cert;
+X509_REQ *subject_req;
+X509_CRL *crl;
+X509V3_CONF_METHOD *db_meth;
+void *db;
+/* Maybe more here */
+};
+
+typedef struct v3_ext_method X509V3_EXT_METHOD;
+typedef struct v3_ext_ctx X509V3_CTX;
+
+/* ext_flags values */
+#define X509V3_EXT_DYNAMIC	0x1
+#define X509V3_EXT_CTX_DEP	0x2
+#define X509V3_EXT_MULTILINE	0x4
+
+typedef struct BIT_STRING_BITNAME_st {
+int bitnum;
+const char *lname;
+const char *sname;
+} BIT_STRING_BITNAME;
+
+typedef BIT_STRING_BITNAME ENUMERATED_NAMES;
+
+typedef struct BASIC_CONSTRAINTS_st {
+int ca;
+ASN1_INTEGER *pathlen;
+} BASIC_CONSTRAINTS;
+
+
+typedef struct PKEY_USAGE_PERIOD_st {
+ASN1_GENERALIZEDTIME *notBefore;
+ASN1_GENERALIZEDTIME *notAfter;
+} PKEY_USAGE_PERIOD;
+
+typedef struct GENERAL_NAME_st {
+
+#define GEN_OTHERNAME	(0|V_ASN1_CONTEXT_SPECIFIC)
+#define GEN_EMAIL	(1|V_ASN1_CONTEXT_SPECIFIC)
+#define GEN_DNS		(2|V_ASN1_CONTEXT_SPECIFIC)
+#define GEN_X400	(3|V_ASN1_CONTEXT_SPECIFIC)
+#define GEN_DIRNAME	(4|V_ASN1_CONTEXT_SPECIFIC)
+#define GEN_EDIPARTY	(5|V_ASN1_CONTEXT_SPECIFIC)
+#define GEN_URI		(6|V_ASN1_CONTEXT_SPECIFIC)
+#define GEN_IPADD	(7|V_ASN1_CONTEXT_SPECIFIC)
+#define GEN_RID		(8|V_ASN1_CONTEXT_SPECIFIC)
+
+int type;
+union {
+	char *ptr;
+	ASN1_IA5STRING *ia5;/* rfc822Name, dNSName, uniformResourceIdentifier */
+	ASN1_OCTET_STRING *ip; /* iPAddress */
+	X509_NAME *dirn;		/* dirn */
+	ASN1_OBJECT *rid; /* registeredID */
+	ASN1_TYPE *other; /* otherName, ediPartyName, x400Address */
+} d;
+} GENERAL_NAME;
+
+DECLARE_STACK_OF(GENERAL_NAME)
+DECLARE_ASN1_SET_OF(GENERAL_NAME)
+
+typedef struct DIST_POINT_NAME_st {
+/* NB: this is a CHOICE type and only one of these should be set */
+STACK_OF(GENERAL_NAME) *fullname;
+X509_NAME *relativename;
+} DIST_POINT_NAME;
+
+typedef struct DIST_POINT_st {
+DIST_POINT_NAME	*distpoint;
+ASN1_BIT_STRING *reasons;
+STACK_OF(GENERAL_NAME) *CRLissuer;
+} DIST_POINT;
+
+DECLARE_STACK_OF(DIST_POINT)
+DECLARE_ASN1_SET_OF(DIST_POINT)
+
+typedef struct AUTHORITY_KEYID_st {
+ASN1_OCTET_STRING *keyid;
+STACK_OF(GENERAL_NAME) *issuer;
+ASN1_INTEGER *serial;
+} AUTHORITY_KEYID;
+
+/* Strong extranet structures */
+
+typedef struct SXNET_ID_st {
+	ASN1_INTEGER *zone;
+	ASN1_OCTET_STRING *user;
+} SXNETID;
+
+DECLARE_STACK_OF(SXNETID)
+DECLARE_ASN1_SET_OF(SXNETID)
+
+typedef struct SXNET_st {
+	ASN1_INTEGER *version;
+	STACK_OF(SXNETID) *ids;
+} SXNET;
+
+typedef struct NOTICEREF_st {
+	ASN1_STRING *organization;
+	STACK *noticenos;
+} NOTICEREF;
+
+typedef struct USERNOTICE_st {
+	NOTICEREF *noticeref;
+	ASN1_STRING *exptext;
+} USERNOTICE;
+
+typedef struct POLICYQUALINFO_st {
+	ASN1_OBJECT *pqualid;
+	union {
+		ASN1_IA5STRING *cpsuri;
+		USERNOTICE *usernotice;
+		ASN1_TYPE *other;
+	} d;
+} POLICYQUALINFO;
+
+DECLARE_STACK_OF(POLICYQUALINFO)
+DECLARE_ASN1_SET_OF(POLICYQUALINFO)
+
+typedef struct POLICYINFO_st {
+	ASN1_OBJECT *policyid;
+	STACK_OF(POLICYQUALINFO) *qualifiers;
+} POLICYINFO;
+
+DECLARE_STACK_OF(POLICYINFO)
+DECLARE_ASN1_SET_OF(POLICYINFO)
+
+#define X509V3_conf_err(val) ERR_add_error_data(6, "section:", val->section, \
+",name:", val->name, ",value:", val->value);
+
+#define X509V3_set_ctx_test(ctx) \
+			X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, CTX_TEST)
+#define X509V3_set_ctx_nodb(ctx) ctx->db = NULL;
+
+#define EXT_BITSTRING(nid, table) { nid, 0, \
+			(X509V3_EXT_NEW)asn1_bit_string_new, \
+			(X509V3_EXT_FREE)ASN1_STRING_free, \
+			(X509V3_EXT_D2I)d2i_ASN1_BIT_STRING, \
+			(X509V3_EXT_I2D)i2d_ASN1_BIT_STRING, \
+			NULL, NULL, \
+			(X509V3_EXT_I2V)i2v_ASN1_BIT_STRING, \
+			(X509V3_EXT_V2I)v2i_ASN1_BIT_STRING, \
+			NULL, NULL, \
+			(char *)table}
+
+#define EXT_IA5STRING(nid) { nid, 0, \
+			(X509V3_EXT_NEW)ia5string_new, \
+			(X509V3_EXT_FREE)ASN1_STRING_free, \
+			(X509V3_EXT_D2I)d2i_ASN1_IA5STRING, \
+			(X509V3_EXT_I2D)i2d_ASN1_IA5STRING, \
+			(X509V3_EXT_I2S)i2s_ASN1_IA5STRING, \
+			(X509V3_EXT_S2I)s2i_ASN1_IA5STRING, \
+			NULL, NULL, NULL, NULL, \
+			NULL}
+
+#define EXT_END { -1, 0, NULL, NULL, NULL, NULL, NULL, NULL, \
+			 NULL, NULL, NULL, NULL, \
+			 NULL}
+
+void ERR_load_X509V3_strings(void);
+int i2d_BASIC_CONSTRAINTS(BASIC_CONSTRAINTS *a, unsigned char **pp);
+BASIC_CONSTRAINTS *d2i_BASIC_CONSTRAINTS(BASIC_CONSTRAINTS **a, unsigned char **pp, long length);
+BASIC_CONSTRAINTS *BASIC_CONSTRAINTS_new(void);
+void BASIC_CONSTRAINTS_free(BASIC_CONSTRAINTS *a);
+
+int i2d_GENERAL_NAME(GENERAL_NAME *a, unsigned char **pp);
+GENERAL_NAME *d2i_GENERAL_NAME(GENERAL_NAME **a, unsigned char **pp, long length);
+GENERAL_NAME *GENERAL_NAME_new(void);
+void GENERAL_NAME_free(GENERAL_NAME *a);
+STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, GENERAL_NAME *gen, STACK_OF(CONF_VALUE) *ret);
+
+int i2d_SXNET(SXNET *a, unsigned char **pp);
+SXNET *d2i_SXNET(SXNET **a, unsigned char **pp, long length);
+SXNET *SXNET_new(void);
+void SXNET_free(SXNET *a);
+
+int i2d_SXNETID(SXNETID *a, unsigned char **pp);
+SXNETID *d2i_SXNETID(SXNETID **a, unsigned char **pp, long length);
+SXNETID *SXNETID_new(void);
+void SXNETID_free(SXNETID *a);
+
+int SXNET_add_id_asc(SXNET **psx, char *zone, char *user, int userlen); 
+int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user, int userlen); 
+int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *izone, char *user, int userlen); 
+
+ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone);
+ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone);
+ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone);
+
+int i2d_AUTHORITY_KEYID(AUTHORITY_KEYID *a, unsigned char **pp);
+AUTHORITY_KEYID *d2i_AUTHORITY_KEYID(AUTHORITY_KEYID **a, unsigned char **pp, long length);
+AUTHORITY_KEYID *AUTHORITY_KEYID_new(void);
+void AUTHORITY_KEYID_free(AUTHORITY_KEYID *a);
+
+int i2d_PKEY_USAGE_PERIOD(PKEY_USAGE_PERIOD *a, unsigned char **pp);
+PKEY_USAGE_PERIOD *d2i_PKEY_USAGE_PERIOD(PKEY_USAGE_PERIOD **a, unsigned char **pp, long length);
+PKEY_USAGE_PERIOD *PKEY_USAGE_PERIOD_new(void);
+void PKEY_USAGE_PERIOD_free(PKEY_USAGE_PERIOD *a);
+
+STACK_OF(GENERAL_NAME) *GENERAL_NAMES_new(void);
+void GENERAL_NAMES_free(STACK_OF(GENERAL_NAME) *a);
+STACK_OF(GENERAL_NAME) *d2i_GENERAL_NAMES(STACK_OF(GENERAL_NAME) **a, unsigned char **pp, long length);
+int i2d_GENERAL_NAMES(STACK_OF(GENERAL_NAME) *a, unsigned char **pp);
+STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method,
+		STACK_OF(GENERAL_NAME) *gen, STACK_OF(CONF_VALUE) *extlist);
+STACK_OF(GENERAL_NAME) *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method,
+				X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
+
+char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *ia5);
+ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);
+
+int i2d_ext_ku(STACK_OF(ASN1_OBJECT) *a, unsigned char **pp);
+STACK_OF(ASN1_OBJECT) *d2i_ext_ku(STACK_OF(ASN1_OBJECT) **a,
+					unsigned char **pp, long length);
+void ext_ku_free(STACK_OF(ASN1_OBJECT) *a);
+STACK_OF(ASN1_OBJECT) *ext_ku_new(void);
+
+int i2d_CERTIFICATEPOLICIES(STACK_OF(POLICYINFO) *a, unsigned char **pp);
+STACK_OF(POLICYINFO) *CERTIFICATEPOLICIES_new(void);
+void CERTIFICATEPOLICIES_free(STACK_OF(POLICYINFO) *a);
+STACK_OF(POLICYINFO) *d2i_CERTIFICATEPOLICIES(STACK_OF(POLICYINFO) **a, unsigned char **pp, long length);
+
+int i2d_POLICYINFO(POLICYINFO *a, unsigned char **pp);
+POLICYINFO *POLICYINFO_new(void);
+POLICYINFO *d2i_POLICYINFO(POLICYINFO **a, unsigned char **pp, long length);
+void POLICYINFO_free(POLICYINFO *a);
+
+int i2d_POLICYQUALINFO(POLICYQUALINFO *a, unsigned char **pp);
+POLICYQUALINFO *POLICYQUALINFO_new(void);
+POLICYQUALINFO *d2i_POLICYQUALINFO(POLICYQUALINFO **a, unsigned char **pp,
+								 long length);
+void POLICYQUALINFO_free(POLICYQUALINFO *a);
+
+int i2d_USERNOTICE(USERNOTICE *a, unsigned char **pp);
+USERNOTICE *USERNOTICE_new(void);
+USERNOTICE *d2i_USERNOTICE(USERNOTICE **a, unsigned char **pp, long length);
+void USERNOTICE_free(USERNOTICE *a);
+
+int i2d_NOTICEREF(NOTICEREF *a, unsigned char **pp);
+NOTICEREF *NOTICEREF_new(void);
+NOTICEREF *d2i_NOTICEREF(NOTICEREF **a, unsigned char **pp, long length);
+void NOTICEREF_free(NOTICEREF *a);
+
+int i2d_CRL_DIST_POINTS(STACK_OF(DIST_POINT) *a, unsigned char **pp);
+STACK_OF(DIST_POINT) *CRL_DIST_POINTS_new(void);
+void CRL_DIST_POINTS_free(STACK_OF(DIST_POINT) *a);
+STACK_OF(DIST_POINT) *d2i_CRL_DIST_POINTS(STACK_OF(DIST_POINT) **a,
+                unsigned char **pp,long length);
+
+int i2d_DIST_POINT(DIST_POINT *a, unsigned char **pp);
+DIST_POINT *DIST_POINT_new(void);
+DIST_POINT *d2i_DIST_POINT(DIST_POINT **a, unsigned char **pp, long length);
+void DIST_POINT_free(DIST_POINT *a);
+
+int i2d_DIST_POINT_NAME(DIST_POINT_NAME *a, unsigned char **pp);
+DIST_POINT_NAME *DIST_POINT_NAME_new(void);
+void DIST_POINT_NAME_free(DIST_POINT_NAME *a);
+DIST_POINT_NAME *d2i_DIST_POINT_NAME(DIST_POINT_NAME **a, unsigned char **pp,
+             long length);
+
+#ifdef HEADER_CONF_H
+GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, CONF_VALUE *cnf);
+void X509V3_conf_free(CONF_VALUE *val);
+X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid, char *value);
+X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name, char *value);
+int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509 *cert);
+int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl);
+int X509V3_add_value_bool_nf(char *name, int asn1_bool,
+						STACK_OF(CONF_VALUE) **extlist);
+int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool);
+int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint);
+void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash);
+#endif
+
+char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section);
+STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section);
+void X509V3_string_free(X509V3_CTX *ctx, char *str);
+void X509V3_section_free( X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section);
+void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject,
+				 X509_REQ *req, X509_CRL *crl, int flags);
+
+int X509V3_add_value(const char *name, const char *value,
+						STACK_OF(CONF_VALUE) **extlist);
+int X509V3_add_value_uchar(const char *name, const unsigned char *value,
+						STACK_OF(CONF_VALUE) **extlist);
+int X509V3_add_value_bool(const char *name, int asn1_bool,
+						STACK_OF(CONF_VALUE) **extlist);
+int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint,
+						STACK_OF(CONF_VALUE) **extlist);
+char * i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, ASN1_INTEGER *aint);
+ASN1_INTEGER * s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, char *value);
+char * i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint);
+char * i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint);
+int X509V3_EXT_add(X509V3_EXT_METHOD *ext);
+int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist);
+int X509V3_EXT_add_alias(int nid_to, int nid_from);
+void X509V3_EXT_cleanup(void);
+
+X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext);
+X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid);
+int X509V3_add_standard_extensions(void);
+STACK_OF(CONF_VALUE) *X509V3_parse_list(char *line);
+void *X509V3_EXT_d2i(X509_EXTENSION *ext);
+X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc);
+
+char *hex_to_string(unsigned char *buffer, long len);
+unsigned char *string_to_hex(char *str, long *len);
+int name_cmp(const char *name, const char *cmp);
+
+void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent,
+								 int ml);
+int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, int flag, int indent);
+int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent);
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+
+/* Error codes for the X509V3 functions. */
+
+/* Function codes. */
+#define X509V3_F_COPY_EMAIL				 122
+#define X509V3_F_COPY_ISSUER				 123
+#define X509V3_F_DO_EXT_CONF				 124
+#define X509V3_F_DO_EXT_I2D				 135
+#define X509V3_F_HEX_TO_STRING				 111
+#define X509V3_F_I2S_ASN1_ENUMERATED			 121
+#define X509V3_F_I2S_ASN1_INTEGER			 120
+#define X509V3_F_NOTICE_SECTION				 132
+#define X509V3_F_NREF_NOS				 133
+#define X509V3_F_POLICY_SECTION				 131
+#define X509V3_F_R2I_CERTPOL				 130
+#define X509V3_F_S2I_ASN1_IA5STRING			 100
+#define X509V3_F_S2I_ASN1_INTEGER			 108
+#define X509V3_F_S2I_ASN1_OCTET_STRING			 112
+#define X509V3_F_S2I_ASN1_SKEY_ID			 114
+#define X509V3_F_S2I_S2I_SKEY_ID			 115
+#define X509V3_F_STRING_TO_HEX				 113
+#define X509V3_F_SXNET_ADD_ASC				 125
+#define X509V3_F_SXNET_ADD_ID_INTEGER			 126
+#define X509V3_F_SXNET_ADD_ID_ULONG			 127
+#define X509V3_F_SXNET_GET_ID_ASC			 128
+#define X509V3_F_SXNET_GET_ID_ULONG			 129
+#define X509V3_F_V2I_ASN1_BIT_STRING			 101
+#define X509V3_F_V2I_AUTHORITY_KEYID			 119
+#define X509V3_F_V2I_BASIC_CONSTRAINTS			 102
+#define X509V3_F_V2I_CRLD				 134
+#define X509V3_F_V2I_EXT_KU				 103
+#define X509V3_F_V2I_GENERAL_NAME			 117
+#define X509V3_F_V2I_GENERAL_NAMES			 118
+#define X509V3_F_V3_GENERIC_EXTENSION			 116
+#define X509V3_F_X509V3_ADD_VALUE			 105
+#define X509V3_F_X509V3_EXT_ADD				 104
+#define X509V3_F_X509V3_EXT_ADD_ALIAS			 106
+#define X509V3_F_X509V3_EXT_CONF			 107
+#define X509V3_F_X509V3_EXT_I2D				 136
+#define X509V3_F_X509V3_GET_VALUE_BOOL			 110
+#define X509V3_F_X509V3_PARSE_LIST			 109
+
+/* Reason codes. */
+#define X509V3_R_BAD_IP_ADDRESS				 118
+#define X509V3_R_BAD_OBJECT				 119
+#define X509V3_R_BN_DEC2BN_ERROR			 100
+#define X509V3_R_BN_TO_ASN1_INTEGER_ERROR		 101
+#define X509V3_R_DUPLICATE_ZONE_ID			 133
+#define X509V3_R_ERROR_CONVERTING_ZONE			 131
+#define X509V3_R_ERROR_IN_EXTENSION			 128
+#define X509V3_R_EXPECTED_A_SECTION_NAME		 137
+#define X509V3_R_EXTENSION_NAME_ERROR			 115
+#define X509V3_R_EXTENSION_NOT_FOUND			 102
+#define X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED	 103
+#define X509V3_R_EXTENSION_VALUE_ERROR			 116
+#define X509V3_R_ILLEGAL_HEX_DIGIT			 113
+#define X509V3_R_INVALID_BOOLEAN_STRING			 104
+#define X509V3_R_INVALID_EXTENSION_STRING		 105
+#define X509V3_R_INVALID_NAME				 106
+#define X509V3_R_INVALID_NULL_ARGUMENT			 107
+#define X509V3_R_INVALID_NULL_NAME			 108
+#define X509V3_R_INVALID_NULL_VALUE			 109
+#define X509V3_R_INVALID_NUMBER				 140
+#define X509V3_R_INVALID_NUMBERS			 141
+#define X509V3_R_INVALID_OBJECT_IDENTIFIER		 110
+#define X509V3_R_INVALID_OPTION				 138
+#define X509V3_R_INVALID_POLICY_IDENTIFIER		 134
+#define X509V3_R_INVALID_SECTION			 135
+#define X509V3_R_ISSUER_DECODE_ERROR			 126
+#define X509V3_R_MISSING_VALUE				 124
+#define X509V3_R_NEED_ORGANIZATION_AND_NUMBERS		 142
+#define X509V3_R_NO_CONFIG_DATABASE			 136
+#define X509V3_R_NO_ISSUER_CERTIFICATE			 121
+#define X509V3_R_NO_ISSUER_DETAILS			 127
+#define X509V3_R_NO_POLICY_IDENTIFIER			 139
+#define X509V3_R_NO_PUBLIC_KEY				 114
+#define X509V3_R_NO_SUBJECT_DETAILS			 125
+#define X509V3_R_ODD_NUMBER_OF_DIGITS			 112
+#define X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS		 122
+#define X509V3_R_UNABLE_TO_GET_ISSUER_KEYID		 123
+#define X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT		 111
+#define X509V3_R_UNKNOWN_EXTENSION			 129
+#define X509V3_R_UNKNOWN_EXTENSION_NAME			 130
+#define X509V3_R_UNKNOWN_OPTION				 120
+#define X509V3_R_UNSUPPORTED_OPTION			 117
+#define X509V3_R_USER_TOO_LONG				 132
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
+
diff --git a/crypto/openssl/demos/README b/crypto/openssl/demos/README
new file mode 100644
index 000000000000..d2155ef97341
--- /dev/null
+++ b/crypto/openssl/demos/README
@@ -0,0 +1,9 @@
+NOTE: Don't expect any of these programs to work with current
+OpenSSL releases, or even with later SSLeay releases.
+
+Original README:
+=============================================================================
+
+Some demo programs sent to me by various people
+
+eric
diff --git a/crypto/openssl/demos/b64.c b/crypto/openssl/demos/b64.c
new file mode 100644
index 000000000000..ad86bc9b49ad
--- /dev/null
+++ b/crypto/openssl/demos/b64.c
@@ -0,0 +1,270 @@
+/* demos/b64.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+#include "../apps/apps.h"
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#undef SIZE
+#undef BSIZE
+#undef PROG
+
+#define SIZE	(512)
+#define BSIZE	(8*1024)
+#define	PROG	enc_main
+
+int main(argc,argv)
+int argc;
+char **argv;
+	{
+	char *strbuf=NULL;
+	unsigned char *buff=NULL,*bufsize=NULL;
+	int bsize=BSIZE,verbose=0;
+	int ret=1,inl;
+	unsigned char key[24],iv[MD5_DIGEST_LENGTH];
+	char *str=NULL;
+	char *hkey=NULL,*hiv=NULL;
+	int enc=1,printkey=0,i,base64=0;
+	int debug=0;
+	EVP_CIPHER *cipher=NULL,*c;
+	char *inf=NULL,*outf=NULL;
+	BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL;
+#define PROG_NAME_SIZE  16
+        char pname[PROG_NAME_SIZE];
+
+
+	apps_startup();
+
+	if (bio_err == NULL)
+		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+
+	base64=1;
+
+	argc--;
+	argv++;
+	while (argc >= 1)
+		{
+		if	(strcmp(*argv,"-e") == 0)
+			enc=1;
+		if (strcmp(*argv,"-in") == 0)
+			{
+			if (--argc < 1) goto bad;
+			inf= *(++argv);
+			}
+		else if (strcmp(*argv,"-out") == 0)
+			{
+			if (--argc < 1) goto bad;
+			outf= *(++argv);
+			}
+		else if	(strcmp(*argv,"-d") == 0)
+			enc=0;
+		else if	(strcmp(*argv,"-v") == 0)
+			verbose=1;
+		else if	(strcmp(*argv,"-debug") == 0)
+			debug=1;
+		else if (strcmp(*argv,"-bufsize") == 0)
+			{
+			if (--argc < 1) goto bad;
+			bufsize=(unsigned char *)*(++argv);
+			}
+		else
+			{
+			BIO_printf(bio_err,"unknown option '%s'\n",*argv);
+bad:
+			BIO_printf(bio_err,"options are\n");
+			BIO_printf(bio_err,"%-14s input file\n","-in ");
+			BIO_printf(bio_err,"%-14s output file\n","-out ");
+			BIO_printf(bio_err,"%-14s encode\n","-e");
+			BIO_printf(bio_err,"%-14s decode\n","-d");
+			BIO_printf(bio_err,"%-14s buffer size\n","-bufsize ");
+
+			goto end;
+			}
+		argc--;
+		argv++;
+		}
+
+	if (bufsize != NULL)
+		{
+		int i;
+		unsigned long n;
+
+		for (n=0; *bufsize; bufsize++)
+			{
+			i= *bufsize;
+			if ((i <= '9') && (i >= '0'))
+				n=n*10+i-'0';
+			else if (i == 'k')
+				{
+				n*=1024;
+				bufsize++;
+				break;
+				}
+			}
+		if (*bufsize != '\0')
+			{
+			BIO_printf(bio_err,"invalid 'bufsize' specified.\n");
+			goto end;
+			}
+
+		/* It must be large enough for a base64 encoded line */
+		if (n < 80) n=80;
+
+		bsize=(int)n;
+		if (verbose) BIO_printf(bio_err,"bufsize=%d\n",bsize);
+		}
+
+	strbuf=Malloc(SIZE);
+	buff=(unsigned char *)Malloc(EVP_ENCODE_LENGTH(bsize));
+	if ((buff == NULL) || (strbuf == NULL))
+		{
+		BIO_printf(bio_err,"Malloc failure\n");
+		goto end;
+		}
+
+	in=BIO_new(BIO_s_file());
+	out=BIO_new(BIO_s_file());
+	if ((in == NULL) || (out == NULL))
+		{
+		ERR_print_errors(bio_err);
+		goto end;
+		}
+	if (debug)
+		{
+		BIO_set_callback(in,BIO_debug_callback);
+		BIO_set_callback(out,BIO_debug_callback);
+		BIO_set_callback_arg(in,bio_err);
+		BIO_set_callback_arg(out,bio_err);
+		}
+
+	if (inf == NULL)
+		BIO_set_fp(in,stdin,BIO_NOCLOSE);
+	else
+		{
+		if (BIO_read_filename(in,inf) <= 0)
+			{
+			perror(inf);
+			goto end;
+			}
+		}
+
+	if (outf == NULL)
+		BIO_set_fp(out,stdout,BIO_NOCLOSE);
+	else
+		{
+		if (BIO_write_filename(out,outf) <= 0)
+			{
+			perror(outf);
+			goto end;
+			}
+		}
+
+	rbio=in;
+	wbio=out;
+
+	if (base64)
+		{
+		if ((b64=BIO_new(BIO_f_base64())) == NULL)
+			goto end;
+		if (debug)
+			{
+			BIO_set_callback(b64,BIO_debug_callback);
+			BIO_set_callback_arg(b64,bio_err);
+			}
+		if (enc)
+			wbio=BIO_push(b64,wbio);
+		else
+			rbio=BIO_push(b64,rbio);
+		}
+
+	for (;;)
+		{
+		inl=BIO_read(rbio,(char *)buff,bsize);
+		if (inl <= 0) break;
+		if (BIO_write(wbio,(char *)buff,inl) != inl)
+			{
+			BIO_printf(bio_err,"error writing output file\n");
+			goto end;
+			}
+		}
+	BIO_flush(wbio);
+
+	ret=0;
+	if (verbose)
+		{
+		BIO_printf(bio_err,"bytes read   :%8ld\n",BIO_number_read(in));
+		BIO_printf(bio_err,"bytes written:%8ld\n",BIO_number_written(out));
+		}
+end:
+	if (strbuf != NULL) Free(strbuf);
+	if (buff != NULL) Free(buff);
+	if (in != NULL) BIO_free(in);
+	if (out != NULL) BIO_free(out);
+	if (benc != NULL) BIO_free(benc);
+	if (b64 != NULL) BIO_free(b64);
+	EXIT(ret);
+	}
+
diff --git a/crypto/openssl/demos/b64.pl b/crypto/openssl/demos/b64.pl
new file mode 100644
index 000000000000..8aa5fb464d38
--- /dev/null
+++ b/crypto/openssl/demos/b64.pl
@@ -0,0 +1,20 @@
+#!/usr/local/bin/perl
+
+#
+# Make PEM encoded data have lines of 64 bytes of data
+#
+
+while (<>)
+	{
+	if (/^-----BEGIN/ .. /^-----END/)
+		{
+		if (/^-----BEGIN/) { $first=$_; next; }
+		if (/^-----END/) { $last=$_; next; }
+		$out.=$_;
+		}
+	}
+$out =~ s/\s//g;
+$out =~ s/(.{64})/$1\n/g;
+print "$first$out\n$last\n";
+
+
diff --git a/crypto/openssl/demos/bio/Makefile b/crypto/openssl/demos/bio/Makefile
new file mode 100644
index 000000000000..435154053236
--- /dev/null
+++ b/crypto/openssl/demos/bio/Makefile
@@ -0,0 +1,16 @@
+CC=cc
+CFLAGS= -g -I../../include
+LIBS= -L../.. ../../libssl.a ../../libcrypto.a
+EXAMPLES=saccept sconnect
+
+all: $(EXAMPLES) 
+
+saccept: saccept.o
+	$(CC) -o saccept saccept.o $(LIBS)
+
+sconnect: sconnect.o
+	$(CC) -o sconnect sconnect.o $(LIBS)
+
+clean:	
+	rm -f $(EXAMPLES) *.o
+
diff --git a/crypto/openssl/demos/bio/README b/crypto/openssl/demos/bio/README
new file mode 100644
index 000000000000..0b24e5b80cc7
--- /dev/null
+++ b/crypto/openssl/demos/bio/README
@@ -0,0 +1,3 @@
+This directory contains some simple examples of the use of BIO's
+to simplify socket programming.
+
diff --git a/crypto/openssl/demos/bio/saccept.c b/crypto/openssl/demos/bio/saccept.c
new file mode 100644
index 000000000000..2f2dc985fe78
--- /dev/null
+++ b/crypto/openssl/demos/bio/saccept.c
@@ -0,0 +1,107 @@
+/* NOCW */
+/* demos/bio/saccept.c */
+
+/* A minimal program to server an SSL connection.
+ * It uses blocking.
+ * saccept host:port
+ * host is the interface IP to use.  If any interface, use *:port
+ * The default it *:4433
+ *
+ * cc -I../../include saccept.c -L../.. -lssl -lcrypto
+ */
+
+#include 
+#include 
+#include 
+#include 
+
+#define CERT_FILE	"server.pem"
+
+BIO *in=NULL;
+
+void close_up()
+	{
+	if (in != NULL)
+		BIO_free(in);
+	}
+
+int main(argc,argv)
+int argc;
+char *argv[];
+	{
+	char *port=NULL;
+	BIO *ssl_bio,*tmp;
+	SSL_CTX *ctx;
+	SSL *ssl;
+	char buf[512];
+	int ret=1,i;
+
+        if (argc <= 1)
+		port="*:4433";
+	else
+		port=argv[1];
+
+	signal(SIGINT,close_up);
+
+	SSL_load_error_strings();
+
+	/* Add ciphers and message digests */
+	SSLeay_add_ssl_algorithms();
+
+	ctx=SSL_CTX_new(SSLv23_server_method());
+	if (!SSL_CTX_use_certificate_file(ctx,CERT_FILE,SSL_FILETYPE_PEM))
+		goto err;
+	if (!SSL_CTX_use_PrivateKey_file(ctx,CERT_FILE,SSL_FILETYPE_PEM))
+		goto err;
+	if (!SSL_CTX_check_private_key(ctx))
+		goto err;
+
+	/* Setup server side SSL bio */
+	ssl=SSL_new(ctx);
+	ssl_bio=BIO_new_ssl(ctx,0);
+
+	if ((in=BIO_new_accept(port)) == NULL) goto err;
+
+	/* This means that when a new connection is acceptede on 'in',
+	 * The ssl_bio will be 'dupilcated' and have the new socket
+	 * BIO push into it.  Basically it means the SSL BIO will be
+	 * automatically setup */
+	BIO_set_accept_bios(in,ssl_bio);
+
+again:
+	/* The first call will setup the accept socket, and the second
+	 * will get a socket.  In this loop, the first actual accept
+	 * will occur in the BIO_read() function. */
+
+	if (BIO_do_accept(in) <= 0) goto err;
+
+	for (;;)
+		{
+		i=BIO_read(in,buf,512);
+		if (i == 0)
+			{
+			/* If we have finished, remove the underlying
+			 * BIO stack so the next time we call any function
+			 * for this BIO, it will attempt to do an
+			 * accept */
+			printf("Done\n");
+			tmp=BIO_pop(in);
+			BIO_free_all(tmp);
+			goto again;
+			}
+		if (i < 0) goto err;
+		fwrite(buf,1,i,stdout);
+		fflush(stdout);
+		}
+
+	ret=0;
+err:
+	if (ret)
+		{
+		ERR_print_errors_fp(stderr);
+		}
+	if (in != NULL) BIO_free(in);
+	exit(ret);
+	return(!ret);
+	}
+
diff --git a/crypto/openssl/demos/bio/sconnect.c b/crypto/openssl/demos/bio/sconnect.c
new file mode 100644
index 000000000000..59fab1985e45
--- /dev/null
+++ b/crypto/openssl/demos/bio/sconnect.c
@@ -0,0 +1,116 @@
+/* NOCW */
+/* demos/bio/sconnect.c */
+
+/* A minimal program to do SSL to a passed host and port.
+ * It is actually using non-blocking IO but in a very simple manner
+ * sconnect host:port - it does a 'GET / HTTP/1.0'
+ *
+ * cc -I../../include sconnect.c -L../.. -lssl -lcrypto
+ */
+#include 
+#include 
+#include 
+#include 
+#include 
+
+extern int errno;
+
+int main(argc,argv)
+int argc;
+char *argv[];
+	{
+	char *host;
+	BIO *out;
+	char buf[1024*10],*p;
+	SSL_CTX *ssl_ctx=NULL;
+	SSL *ssl;
+	BIO *ssl_bio;
+	int i,len,off,ret=1;
+
+	if (argc <= 1)
+		host="localhost:4433";
+	else
+		host=argv[1];
+
+	/* Lets get nice error messages */
+	SSL_load_error_strings();
+
+	/* Setup all the global SSL stuff */
+	SSLeay_add_ssl_algorithms();
+	ssl_ctx=SSL_CTX_new(SSLv23_client_method());
+
+	/* Lets make a SSL structure */
+	ssl=SSL_new(ssl_ctx);
+	SSL_set_connect_state(ssl);
+
+	/* Use it inside an SSL BIO */
+	ssl_bio=BIO_new(BIO_f_ssl());
+	BIO_set_ssl(ssl_bio,ssl,BIO_CLOSE);
+
+	/* Lets use a connect BIO under the SSL BIO */
+	out=BIO_new(BIO_s_connect());
+	BIO_set_conn_hostname(out,host);
+	BIO_set_nbio(out,1);
+	out=BIO_push(ssl_bio,out);
+
+	p="GET / HTTP/1.0\r\n\r\n";
+	len=strlen(p);
+
+	off=0;
+	for (;;)
+		{
+		i=BIO_write(out,&(p[off]),len);
+		if (i <= 0)
+			{
+			if (BIO_should_retry(out))
+				{
+				fprintf(stderr,"write DELAY\n");
+				sleep(1);
+				continue;
+				}
+			else
+				{
+				goto err;
+				}
+			}
+		off+=i;
+		len-=i;
+		if (len <= 0) break;
+		}
+
+	for (;;)
+		{
+		i=BIO_read(out,buf,sizeof(buf));
+		if (i == 0) break;
+		if (i < 0)
+			{
+			if (BIO_should_retry(out))
+				{
+				fprintf(stderr,"read DELAY\n");
+				sleep(1);
+				continue;
+				}
+			goto err;
+			}
+		fwrite(buf,1,i,stdout);
+		}
+
+	ret=1;
+
+	if (0)
+		{
+err:
+		if (ERR_peek_error() == 0) /* system call error */
+			{
+			fprintf(stderr,"errno=%d ",errno);
+			perror("error");
+			}
+		else
+			ERR_print_errors_fp(stderr);
+		}
+	BIO_free_all(out);
+	if (ssl_ctx != NULL) SSL_CTX_free(ssl_ctx);
+	exit(!ret);
+	return(ret);
+	}
+
diff --git a/crypto/openssl/demos/bio/server.pem b/crypto/openssl/demos/bio/server.pem
new file mode 100644
index 000000000000..5cf1387d65d7
--- /dev/null
+++ b/crypto/openssl/demos/bio/server.pem
@@ -0,0 +1,30 @@
+subject=/C=AU/SP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server
+issuer= /C=AU/SP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
+-----BEGIN X509 CERTIFICATE-----
+
+MIIBgjCCASwCAQQwDQYJKoZIhvcNAQEEBQAwODELMAkGA1UEBhMCQVUxDDAKBgNV
+BAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3JzYSB0ZXN0IENBMB4XDTk1MTAwOTIz
+MzIwNVoXDTk4MDcwNTIzMzIwNVowYDELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FM
+RDEZMBcGA1UEChMQTWluY29tIFB0eS4gTHRkLjELMAkGA1UECxMCQ1MxGzAZBgNV
+BAMTElNTTGVheSBkZW1vIHNlcnZlcjBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQC3
+LCXcScWua0PFLkHBLm2VejqpA1F4RQ8q0VjRiPafjx/Z/aWH3ipdMVvuJGa/wFXb
+/nDFLDlfWp+oCPwhBtVPAgMBAAEwDQYJKoZIhvcNAQEEBQADQQArNFsihWIjBzb0
+DCsU0BvL2bvSwJrPEqFlkDq3F4M6EGutL9axEcANWgbbEdAvNJD1dmEmoWny27Pn
+IMs6ZOZB
+-----END X509 CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+
+MIIBPAIBAAJBALcsJdxJxa5rQ8UuQcEubZV6OqkDUXhFDyrRWNGI9p+PH9n9pYfe
+Kl0xW+4kZr/AVdv+cMUsOV9an6gI/CEG1U8CAwEAAQJAXJMBZ34ZXHd1vtgL/3hZ
+hexKbVTx/djZO4imXO/dxPGRzG2ylYZpHmG32/T1kaHpZlCHoEPgHoSzmxYXfxjG
+sQIhAPmZ/bQOjmRUHM/VM2X5zrjjM6z18R1P6l3ObFwt9FGdAiEAu943Yh9SqMRw
+tL0xHGxKmM/YJueUw1gB6sLkETN71NsCIQCeT3RhoqXfrpXDoEcEU+gwzjI1bpxq
+agiNTOLfqGoA5QIhAIQFYjgzONxex7FLrsKBm16N2SFl5pXsN9SpRqqL2n63AiEA
+g9VNIQ3xwpw7og3IbONifeku+J9qGMGQJMKwSTwrFtI=
+-----END RSA PRIVATE KEY-----
+
+-----BEGIN DH PARAMETERS-----
+MEYCQQDaWDwW2YUiidDkr3VvTMqS3UvlM7gE+w/tlO+cikQD7VdGUNNpmdsp13Yn
+a6LT1BLiGPTdHghM9tgAPnxHdOgzAgEC
+-----END DH PARAMETERS-----
+
diff --git a/crypto/openssl/demos/eay/Makefile b/crypto/openssl/demos/eay/Makefile
new file mode 100644
index 000000000000..2d22eaca569d
--- /dev/null
+++ b/crypto/openssl/demos/eay/Makefile
@@ -0,0 +1,24 @@
+CC=cc
+CFLAGS= -g -I../../include
+#LIBS=  -L../.. -lcrypto -lssl
+LIBS= -L../.. ../../libssl.a ../../libcrypto.a
+
+# the file conn.c requires a file "proxy.h" which I couldn't find...
+#EXAMPLES=base64 conn loadrsa
+EXAMPLES=base64 loadrsa
+
+all: $(EXAMPLES) 
+
+base64: base64.o
+	$(CC) -o base64 base64.o $(LIBS)
+#
+# sorry... can't find "proxy.h"
+#conn: conn.o
+#	$(CC) -o conn conn.o $(LIBS)
+
+loadrsa: loadrsa.o
+	$(CC) -o loadrsa loadrsa.o $(LIBS)
+
+clean:	
+	rm -f $(EXAMPLES) *.o
+
diff --git a/crypto/openssl/demos/eay/base64.c b/crypto/openssl/demos/eay/base64.c
new file mode 100644
index 000000000000..4b8b0627d19f
--- /dev/null
+++ b/crypto/openssl/demos/eay/base64.c
@@ -0,0 +1,49 @@
+/* This is a simple example of using the base64 BIO to a memory BIO and then
+ * getting the data.
+ */
+#include 
+#include 
+#include 
+
+main()
+	{
+	int i;
+	BIO *mbio,*b64bio,*bio;
+	char buf[512];
+	char *p;
+
+	mbio=BIO_new(BIO_s_mem());
+	b64bio=BIO_new(BIO_f_base64());
+
+	bio=BIO_push(b64bio,mbio);
+	/* We now have bio pointing at b64->mem, the base64 bio encodes on
+	 * write and decodes on read */
+
+	for (;;)
+		{
+		i=fread(buf,1,512,stdin);
+		if (i <= 0) break;
+		BIO_write(bio,buf,i);
+		}
+	/* We need to 'flush' things to push out the encoding of the
+	 * last few bytes.  There is special encoding if it is not a
+	 * multiple of 3
+	 */
+	BIO_flush(bio);
+
+	printf("We have %d bytes available\n",BIO_pending(mbio));
+
+	/* We will now get a pointer to the data and the number of elements. */
+	/* hmm... this one was not defined by a macro in bio.h, it will be for
+	 * 0.9.1.  The other option is too just read from the memory bio.
+	 */
+	i=(int)BIO_ctrl(mbio,BIO_CTRL_INFO,0,(char *)&p);
+
+	printf("%d\n",i);
+	fwrite("---\n",1,4,stdout);
+	fwrite(p,1,i,stdout);
+	fwrite("---\n",1,4,stdout);
+
+	/* This call will walk the chain freeing all the BIOs */
+	BIO_free_all(bio);
+	}
diff --git a/crypto/openssl/demos/eay/conn.c b/crypto/openssl/demos/eay/conn.c
new file mode 100644
index 000000000000..c4b8f5163e11
--- /dev/null
+++ b/crypto/openssl/demos/eay/conn.c
@@ -0,0 +1,105 @@
+/* NOCW */
+/* demos/eay/conn.c */
+
+/* A minimal program to connect to a port using the sock4a protocol.
+ *
+ * cc -I../../include conn.c -L../.. -lcrypto
+ */
+#include 
+#include 
+#include 
+#include 
+/* #include "proxy.h" */
+
+extern int errno;
+
+int main(argc,argv)
+int argc;
+char *argv[];
+	{
+	PROXY *pxy;
+	char *host;
+	char buf[1024*10],*p;
+	BIO *bio;
+	int i,len,off,ret=1;
+
+	if (argc <= 1)
+		host="localhost:4433";
+	else
+		host=argv[1];
+
+	/* Lets get nice error messages */
+	ERR_load_crypto_strings();
+
+	/* First, configure proxy settings */
+	pxy=PROXY_new();
+	PROXY_add_server(pxy,PROXY_PROTOCOL_SOCKS,"gromit:1080");
+
+	bio=BIO_new(BIO_s_socks4a_connect());
+
+	BIO_set_conn_hostname(bio,host);
+	BIO_set_proxies(bio,pxy);
+	BIO_set_socks_userid(bio,"eay");
+	BIO_set_nbio(bio,1);
+
+	p="GET / HTTP/1.0\r\n\r\n";
+	len=strlen(p);
+
+	off=0;
+	for (;;)
+		{
+		i=BIO_write(bio,&(p[off]),len);
+		if (i <= 0)
+			{
+			if (BIO_should_retry(bio))
+				{
+				fprintf(stderr,"write DELAY\n");
+				sleep(1);
+				continue;
+				}
+			else
+				{
+				goto err;
+				}
+			}
+		off+=i;
+		len-=i;
+		if (len <= 0) break;
+		}
+
+	for (;;)
+		{
+		i=BIO_read(bio,buf,sizeof(buf));
+		if (i == 0) break;
+		if (i < 0)
+			{
+			if (BIO_should_retry(bio))
+				{
+				fprintf(stderr,"read DELAY\n");
+				sleep(1);
+				continue;
+				}
+			goto err;
+			}
+		fwrite(buf,1,i,stdout);
+		}
+
+	ret=1;
+
+	if (0)
+		{
+err:
+		if (ERR_peek_error() == 0) /* system call error */
+			{
+			fprintf(stderr,"errno=%d ",errno);
+			perror("error");
+			}
+		else
+			ERR_print_errors_fp(stderr);
+		}
+	BIO_free_all(bio);
+	if (pxy != NULL) PROXY_free(pxy);
+	exit(!ret);
+	return(ret);
+	}
+
diff --git a/crypto/openssl/demos/eay/loadrsa.c b/crypto/openssl/demos/eay/loadrsa.c
new file mode 100644
index 000000000000..79f1885ca4a8
--- /dev/null
+++ b/crypto/openssl/demos/eay/loadrsa.c
@@ -0,0 +1,53 @@
+#include 
+#include 
+
+/* This is a simple program to generate an RSA private key.  It then
+ * saves both the public and private key into a char array, then
+ * re-reads them.  It saves them as DER encoded binary data.
+ */
+
+void callback(stage,count,arg)
+int stage,count;
+char *arg;
+	{
+	FILE *out;
+
+	out=(FILE *)arg;
+	fprintf(out,"%d",stage);
+	if (stage == 3)
+		fprintf(out,"\n");
+	fflush(out);
+	}
+
+main()
+	{
+	RSA *rsa,*pub_rsa,*priv_rsa;
+	int len;
+	unsigned char buf[1024],*p;
+
+	rsa=RSA_generate_key(512,RSA_F4,callback,(char *)stdout);
+
+	p=buf;
+
+	/* Save the public key into buffer, we know it will be big enough
+	 * but we should really check how much space we need by calling the
+	 * i2d functions with a NULL second parameter */
+	len=i2d_RSAPublicKey(rsa,&p);
+	len+=i2d_RSAPrivateKey(rsa,&p);
+
+	printf("The public and private key are now both in a char array\n");
+	printf("and are taking up %d bytes\n",len);
+
+	RSA_free(rsa);
+
+	p=buf;
+	pub_rsa=d2i_RSAPublicKey(NULL,&p,(long)len);
+	len-=(p-buf);
+	priv_rsa=d2i_RSAPrivateKey(NULL,&p,(long)len);
+
+	if ((pub_rsa == NULL) || (priv_rsa == NULL))
+		ERR_print_errors_fp(stderr);
+
+	RSA_free(pub_rsa);
+	RSA_free(priv_rsa);
+	}
diff --git a/crypto/openssl/demos/maurice/Makefile b/crypto/openssl/demos/maurice/Makefile
new file mode 100644
index 000000000000..f9bf62276e83
--- /dev/null
+++ b/crypto/openssl/demos/maurice/Makefile
@@ -0,0 +1,59 @@
+CC=cc
+CFLAGS= -g -I../../include -Wall
+LIBS=  -L../.. -lcrypto
+EXAMPLES=example1 example2 example3 example4
+
+all: $(EXAMPLES) 
+
+example1: example1.o loadkeys.o 
+	$(CC) -o example1 example1.o loadkeys.o $(LIBS)
+
+example2: example2.o loadkeys.o
+	$(CC) -o example2 example2.o loadkeys.o $(LIBS)
+
+example3: example3.o 
+	$(CC) -o example3 example3.o $(LIBS)
+
+example4: example4.o
+	$(CC) -o example4 example4.o $(LIBS)
+
+clean:	
+	rm -f $(EXAMPLES) *.o
+
+test: all
+	@echo
+	@echo Example 1 Demonstrates the sealing and opening APIs
+	@echo Doing the encrypt side...
+	./example1 t.t
+	@echo Doing the decrypt side...
+	./example1 -d t.2
+	diff t.2 README
+	rm -f t.t t.2
+	@echo  example1 is OK
+
+	@echo
+	@echo Example2 Demonstrates rsa encryption and decryption
+	@echo   and it should just print \"This the clear text\"
+	./example2
+
+	@echo
+	@echo Example3 Demonstrates the use of symmetric block ciphers
+	@echo in this case it uses EVP_des_ede3_cbc
+	@echo i.e. triple DES in Cipher Block Chaining mode
+	@echo Doing the encrypt side...
+	./example3 ThisIsThePassword t.t
+	@echo Doing the decrypt side...
+	./example3 -d ThisIsThePassword t.2
+	diff t.2 README
+	rm -f t.t t.2
+	@echo  example3 is OK
+
+	@echo
+	@echo Example4 Demonstrates base64 encoding and decoding
+	@echo Doing the encrypt side...
+	./example4 t.t
+	@echo Doing the decrypt side...
+	./example4 -d t.2
+	diff t.2 README
+	rm -f t.t t.2
+	@echo example4 is OK
diff --git a/crypto/openssl/demos/maurice/README b/crypto/openssl/demos/maurice/README
new file mode 100644
index 000000000000..29778d55cbc1
--- /dev/null
+++ b/crypto/openssl/demos/maurice/README
@@ -0,0 +1,34 @@
+From Maurice Gittens 
+--
+	Example programs, demonstrating some basic SSLeay crypto library
+	operations, to help you not to make the same mistakes I did. 
+
+	The following files are present.
+	- loadkeys.c 	Demonstrates the loading and of public and 
+			private keys.
+	- loadkeys.h   	The interface for loadkeys.c
+	- example1.c    Demonstrates the sealing and opening API's
+	- example2.c  	Demonstrates rsa encryption and decryption
+	- example3.c    Demonstrates the use of symmetric block ciphers
+	- example4.c	Demonstrates base64 and decoding 		
+	- Makefile	A makefile you probably will have to adjust for
+			your environment
+	- README	this file
+
+
+	The programs were written by Maurice Gittens 
+	with the necesary help from Eric Young  
+	
+	You may do as you please with these programs, but please don't
+	pretend that you wrote them. 
+
+	To be complete: If you use these programs you acknowlegde that
+	you are aware that there is NO warranty of any kind associated
+	with these programs. I don't even claim that the programs work,
+	they are provided AS-IS.
+
+ 	January 1997
+
+	Maurice	
+
+
diff --git a/crypto/openssl/demos/maurice/cert.pem b/crypto/openssl/demos/maurice/cert.pem
new file mode 100644
index 000000000000..e31a9ae05f93
--- /dev/null
+++ b/crypto/openssl/demos/maurice/cert.pem
@@ -0,0 +1,77 @@
+issuer :/C=NL/SP=Brabant/L=Eindhoven/O=Gittens Information Systems B.V./OU=Certification Services/CN=ca.gits.nl/Email=mgittens@gits.nl
+subject:/C=NL/SP=Brabant/O=Gittens Information Systems B.V./OU=Certification Services/CN=caleb.gits.nl/Email=mgittens@gits.nl
+serial :01
+
+Certificate:
+    Data:
+        Version: 0 (0x0)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: md5withRSAEncryption
+        Issuer: C=NL, SP=Brabant, L=Eindhoven, O=Gittens Information Systems B.V., OU=Certification Services, CN=ca.gits.nl/Email=mgittens@gits.nl
+        Validity
+            Not Before: Jan  5 13:21:16 1997 GMT
+            Not After : Jul 24 13:21:16 1997 GMT
+        Subject: C=NL, SP=Brabant, O=Gittens Information Systems B.V., OU=Certification Services, CN=caleb.gits.nl/Email=mgittens@gits.nl
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Modulus:
+                    00:dd:82:a0:fe:a9:8d:6a:02:7e:78:d6:33:75:9b:
+                    82:01:4b:12:80:ea:6b:9b:83:9e:e3:ae:dc:f3:d0:
+                    71:7c:4b:ea:03:57:b4:cc:ba:44:5b:b8:4b:49:d3:
+                    f6:39:cc:3d:12:1f:da:58:26:27:bc:bc:ab:a4:6d:
+                    62:d1:91:5a:47:9f:80:40:c1:b9:fa:e3:1e:ef:52:
+                    78:46:26:43:65:1d:f2:6b:bf:ff:c0:81:66:14:cd:
+                    81:32:91:f1:f8:51:7d:0e:17:1f:27:fc:c7:51:fd:
+                    1c:73:41:e5:66:43:3c:67:a3:09:b9:5e:36:50:50:
+                    b1:e8:42:bd:5c:c6:2b:ec:a9:2c:fe:6a:fe:40:26:
+                    64:9e:b9:bf:2d:1d:fb:d0:48:5b:82:2a:8e:ab:a4:
+                    d5:7b:5f:26:84:8a:9a:69:5e:c1:71:e2:a9:59:4c:
+                    2a:76:f7:fd:f4:cf:3f:d3:ce:30:72:62:65:1c:e9:
+                    e9:ee:d2:fc:44:00:1e:e0:80:57:e9:41:b3:f0:44:
+                    e5:0f:77:3b:1a:1f:57:5e:94:1d:c3:a5:fa:af:41:
+                    8c:4c:30:6b:2b:00:84:52:0c:64:0c:a8:5b:17:16:
+                    d1:1e:f8:ea:72:01:47:9a:b9:21:95:f9:71:ed:7c:
+                    d2:93:54:0c:c5:9c:e8:e5:40:28:c5:a0:ca:b1:a9:
+                    20:f9
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: md5withRSAEncryption
+        93:08:f9:e0:d4:c5:ca:95:de:4e:38:3b:28:87:e9:d3:b6:ce:
+        4f:69:2e:c9:09:57:2f:fa:e2:50:9f:39:ec:f3:84:e8:3a:8f:
+        9b:c3:06:62:90:49:93:6d:23:7a:2b:3d:7b:f9:46:32:18:d3:
+        87:44:49:f7:29:2f:f3:58:97:70:c3:45:5b:90:52:1c:df:fb:
+        a8:a3:a1:29:53:a3:4c:ed:d2:51:d0:44:98:a4:14:6f:76:9d:
+        0d:03:76:e5:d3:13:21:ce:a3:4d:2a:77:fe:ad:b3:47:6d:42:
+        b9:4a:0e:ff:61:f4:ec:62:b2:3b:00:9c:ac:16:a2:ec:19:c8:
+        c7:3d:d7:7d:97:cd:4d:1a:d2:00:07:4e:40:3d:b9:ba:1e:e2:
+        fe:81:28:57:b9:ad:2b:74:59:b0:9f:8b:a5:98:d3:75:06:67:
+        4a:04:11:b2:ea:1a:8c:e0:d4:be:c8:0c:46:76:7f:5f:5a:7b:
+        72:09:dd:b6:d3:6b:97:70:e8:7e:17:74:1c:f7:3a:5f:e3:fa:
+        c2:f7:95:bd:74:5e:44:4b:9b:bd:27:de:02:7f:87:1f:68:68:
+        60:b9:f4:1d:2b:7b:ce:ef:b1:7f:3a:be:b9:66:60:54:6f:0c:
+        a0:dd:8c:03:a7:f1:9f:f8:0e:8d:bb:c6:ba:77:61:f7:8e:be:
+        28:ba:d8:4f
+
+-----BEGIN CERTIFICATE-----
+MIIDzzCCArcCAQEwDQYJKoZIhvcNAQEEBQAwgbUxCzAJBgNVBAYTAk5MMRAwDgYD
+VQQIEwdCcmFiYW50MRIwEAYDVQQHEwlFaW5kaG92ZW4xKTAnBgNVBAoTIEdpdHRl
+bnMgSW5mb3JtYXRpb24gU3lzdGVtcyBCLlYuMR8wHQYDVQQLExZDZXJ0aWZpY2F0
+aW9uIFNlcnZpY2VzMRMwEQYDVQQDEwpjYS5naXRzLm5sMR8wHQYJKoZIhvcNAQkB
+FhBtZ2l0dGVuc0BnaXRzLm5sMB4XDTk3MDEwNTEzMjExNloXDTk3MDcyNDEzMjEx
+NlowgaQxCzAJBgNVBAYTAk5MMRAwDgYDVQQIEwdCcmFiYW50MSkwJwYDVQQKEyBH
+aXR0ZW5zIEluZm9ybWF0aW9uIFN5c3RlbXMgQi5WLjEfMB0GA1UECxMWQ2VydGlm
+aWNhdGlvbiBTZXJ2aWNlczEWMBQGA1UEAxMNY2FsZWIuZ2l0cy5ubDEfMB0GCSqG
+SIb3DQEJARYQbWdpdHRlbnNAZ2l0cy5ubDCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAN2CoP6pjWoCfnjWM3WbggFLEoDqa5uDnuOu3PPQcXxL6gNXtMy6
+RFu4S0nT9jnMPRIf2lgmJ7y8q6RtYtGRWkefgEDBufrjHu9SeEYmQ2Ud8mu//8CB
+ZhTNgTKR8fhRfQ4XHyf8x1H9HHNB5WZDPGejCbleNlBQsehCvVzGK+ypLP5q/kAm
+ZJ65vy0d+9BIW4Iqjquk1XtfJoSKmmlewXHiqVlMKnb3/fTPP9POMHJiZRzp6e7S
+/EQAHuCAV+lBs/BE5Q93OxofV16UHcOl+q9BjEwwaysAhFIMZAyoWxcW0R746nIB
+R5q5IZX5ce180pNUDMWc6OVAKMWgyrGpIPkCAwEAATANBgkqhkiG9w0BAQQFAAOC
+AQEAkwj54NTFypXeTjg7KIfp07bOT2kuyQlXL/riUJ857POE6DqPm8MGYpBJk20j
+eis9e/lGMhjTh0RJ9ykv81iXcMNFW5BSHN/7qKOhKVOjTO3SUdBEmKQUb3adDQN2
+5dMTIc6jTSp3/q2zR21CuUoO/2H07GKyOwCcrBai7BnIxz3XfZfNTRrSAAdOQD25
+uh7i/oEoV7mtK3RZsJ+LpZjTdQZnSgQRsuoajODUvsgMRnZ/X1p7cgndttNrl3Do
+fhd0HPc6X+P6wveVvXReREubvSfeAn+HH2hoYLn0HSt7zu+xfzq+uWZgVG8MoN2M
+A6fxn/gOjbvGundh946+KLrYTw==
+-----END CERTIFICATE-----
+
diff --git a/crypto/openssl/demos/maurice/example1.c b/crypto/openssl/demos/maurice/example1.c
new file mode 100644
index 000000000000..0e70523a3366
--- /dev/null
+++ b/crypto/openssl/demos/maurice/example1.c
@@ -0,0 +1,200 @@
+/* NOCW */
+/*
+	Please read the README file for condition of use, before
+	using this software.
+	
+	Maurice Gittens     January 1997
+*/
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#include "loadkeys.h"
+
+#define PUBFILE   "cert.pem"
+#define PRIVFILE  "privkey.pem"
+
+#define STDIN     0
+#define STDOUT    1 
+
+void main_encrypt(void);
+void main_decrypt(void);
+
+static const char *usage = "Usage: example1 [-d]\n";
+
+int main(int argc, char *argv[])
+{
+
+        ERR_load_crypto_strings();
+
+	if ((argc == 1))	
+	{
+		main_encrypt();
+	}	
+	else if ((argc == 2) && !strcmp(argv[1],"-d"))
+	{
+		main_decrypt();
+	}
+	else
+	{
+		printf("%s",usage);
+		exit(1);
+	}
+
+	return 0;		
+}
+
+void main_encrypt(void)
+{
+	unsigned int ebuflen;
+        EVP_CIPHER_CTX ectx;
+        unsigned char iv[EVP_MAX_IV_LENGTH];
+	unsigned char *ekey[1]; 
+	int readlen;
+	int ekeylen, net_ekeylen; 
+	EVP_PKEY *pubKey[1];
+	char buf[512];
+	char ebuf[512];
+	
+ 	memset(iv, '\0', sizeof(iv));
+
+        pubKey[0] = ReadPublicKey(PUBFILE);
+
+	if(!pubKey)
+	{
+           fprintf(stderr,"Error: can't load public key");
+           exit(1);
+        }      
+
+        ekey[0] = malloc(EVP_PKEY_size(pubKey[0]));  
+        if (!ekey[0])
+	{
+	   EVP_PKEY_free(pubKey[0]); 
+	   perror("malloc");
+	   exit(1);
+	}
+
+	EVP_SealInit(&ectx,
+                   EVP_des_ede3_cbc(),
+		   ekey,
+		   &ekeylen,
+		   iv,
+		   pubKey,
+		   1); 
+
+	net_ekeylen = htonl(ekeylen);	
+	write(STDOUT, (char*)&net_ekeylen, sizeof(net_ekeylen));
+        write(STDOUT, ekey[0], ekeylen);
+        write(STDOUT, iv, sizeof(iv));
+
+	while(1)
+	{
+		readlen = read(STDIN, buf, sizeof(buf));
+
+		if (readlen <= 0)
+		{
+		   if (readlen < 0)
+			perror("read");
+
+		   break;
+		}
+
+		EVP_SealUpdate(&ectx, ebuf, &ebuflen, buf, readlen);
+
+		write(STDOUT, ebuf, ebuflen);
+	}
+
+        EVP_SealFinal(&ectx, ebuf, &ebuflen);
+        
+	write(STDOUT, ebuf, ebuflen);
+
+        EVP_PKEY_free(pubKey[0]);
+	free(ekey[0]);
+}
+
+void main_decrypt(void)
+{
+	char buf[512];
+	char ebuf[512];
+	unsigned int buflen;
+        EVP_CIPHER_CTX ectx;
+        unsigned char iv[8];
+	unsigned char *encryptKey; 
+	unsigned int ekeylen; 
+	EVP_PKEY *privateKey;
+
+	memset(iv, '\0', sizeof(iv));
+
+	privateKey = ReadPrivateKey(PRIVFILE);
+	if (!privateKey)
+	{
+		fprintf(stderr, "Error: can't load private key");
+		exit(1);	
+	}
+
+     	read(STDIN, &ekeylen, sizeof(ekeylen));
+	ekeylen = ntohl(ekeylen);
+
+	if (ekeylen != EVP_PKEY_size(privateKey))
+	{
+        	EVP_PKEY_free(privateKey);
+		fprintf(stderr, "keylength mismatch");
+		exit(1);	
+	}
+
+	encryptKey = malloc(sizeof(char) * ekeylen);
+	if (!encryptKey)
+	{
+        	EVP_PKEY_free(privateKey);
+		perror("malloc");
+		exit(1);
+	}
+
+	read(STDIN, encryptKey, ekeylen);
+	read(STDIN, iv, sizeof(iv));
+
+	EVP_OpenInit(&ectx,
+		   EVP_des_ede3_cbc(), 
+		   encryptKey,
+		   ekeylen,
+		   iv,
+		   privateKey); 	
+
+	while(1)
+	{
+		int readlen = read(STDIN, ebuf, sizeof(ebuf));
+
+		if (readlen <= 0)
+		{
+			if (readlen < 0)
+				perror("read");
+
+			break;
+		}
+
+		EVP_OpenUpdate(&ectx, buf, &buflen, ebuf, readlen);
+
+		write(STDOUT, buf, buflen);
+	}
+
+        EVP_OpenFinal(&ectx, buf, &buflen);
+
+	write(STDOUT, buf, buflen);
+
+        EVP_PKEY_free(privateKey);
+	free(encryptKey);
+}
+
+
diff --git a/crypto/openssl/demos/maurice/example2.c b/crypto/openssl/demos/maurice/example2.c
new file mode 100644
index 000000000000..57bce10b5ed5
--- /dev/null
+++ b/crypto/openssl/demos/maurice/example2.c
@@ -0,0 +1,75 @@
+/* NOCW */
+/*
+        Please read the README file for condition of use, before
+        using this software.
+
+        Maurice Gittens     January 1997
+*/
+
+#include 
+#include 
+#include 
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#include "loadkeys.h"
+
+#define PUBFILE   "cert.pem"
+#define PRIVFILE  "privkey.pem"
+#define STDIN     0
+#define STDOUT    1 
+
+int main()
+{
+        char *ct = "This the clear text";
+	char *buf;   
+	char *buf2;
+  	EVP_PKEY *pubKey;
+  	EVP_PKEY *privKey;
+	int len;
+
+        ERR_load_crypto_strings();
+
+        privKey = ReadPrivateKey(PRIVFILE);
+        if (!privKey) 
+	{  
+		ERR_print_errors_fp (stderr);    
+		exit (1);  
+	}
+
+        pubKey = ReadPublicKey(PUBFILE);  
+	if(!pubKey)
+	{
+	   EVP_PKEY_free(privKey);   
+           fprintf(stderr,"Error: can't load public key");
+	   exit(1);
+	}
+
+	/* No error checking */
+        buf = malloc(EVP_PKEY_size(pubKey));
+        buf2 = malloc(EVP_PKEY_size(pubKey));
+
+	len = RSA_public_encrypt(strlen(ct)+1, ct, buf, pubKey->pkey.rsa,RSA_PKCS1_PADDING);
+
+	if (len != EVP_PKEY_size(pubKey))
+	{
+	    fprintf(stderr,"Error: ciphertext should match length of key\n");
+	    exit(1);
+	}
+
+	RSA_private_decrypt(len, buf, buf2, privKey->pkey.rsa,RSA_PKCS1_PADDING);
+
+	printf("%s\n", buf2);
+
+	EVP_PKEY_free(privKey);
+	EVP_PKEY_free(pubKey);
+	free(buf);
+	free(buf2);
+        return 0;
+}
diff --git a/crypto/openssl/demos/maurice/example3.c b/crypto/openssl/demos/maurice/example3.c
new file mode 100644
index 000000000000..c8462a47c371
--- /dev/null
+++ b/crypto/openssl/demos/maurice/example3.c
@@ -0,0 +1,85 @@
+/* NOCW */
+/*
+        Please read the README file for condition of use, before
+        using this software.
+
+        Maurice Gittens     January 1997
+
+*/
+
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#define STDIN     	0
+#define STDOUT    	1
+#define BUFLEN	  	512 
+#define INIT_VECTOR 	"12345678"
+#define ENCRYPT		1
+#define DECRYPT         0
+#define ALG		EVP_des_ede3_cbc()
+
+static const char *usage = "Usage: example3 [-d] password\n";
+
+void do_cipher(char *,int);
+
+int main(int argc, char *argv[])
+{
+	if ((argc == 2))	
+	{
+		do_cipher(argv[1],ENCRYPT);
+	}	
+	else if ((argc == 3) && !strcmp(argv[1],"-d"))
+	{
+		do_cipher(argv[2],DECRYPT);
+	}
+	else
+	{
+		fprintf(stderr,"%s", usage);
+		exit(1);
+	}
+
+	return 0;		
+}
+
+void do_cipher(char *pw, int operation)
+{
+	char buf[BUFLEN];
+	char ebuf[BUFLEN + 8];
+	unsigned int ebuflen; /* rc; */
+        unsigned char iv[EVP_MAX_IV_LENGTH], key[EVP_MAX_KEY_LENGTH];
+	/* unsigned int ekeylen, net_ekeylen;  */
+	EVP_CIPHER_CTX ectx;
+        
+	memcpy(iv, INIT_VECTOR, sizeof(iv));
+
+	EVP_BytesToKey(ALG, EVP_md5(), "salu", pw, strlen(pw), 1, key, iv);
+
+	EVP_CipherInit(&ectx, ALG, key, iv, operation);
+
+	while(1)
+	{
+		int readlen = read(STDIN, buf, sizeof(buf));
+	
+		if (readlen <= 0)
+		{
+			if (!readlen)
+			   break;
+			else
+			{
+				perror("read");
+				exit(1);
+			}
+		}
+
+		EVP_CipherUpdate(&ectx, ebuf, &ebuflen, buf, readlen);
+
+		write(STDOUT, ebuf, ebuflen);
+	}
+
+        EVP_CipherFinal(&ectx, ebuf, &ebuflen); 
+
+	write(STDOUT, ebuf, ebuflen); 
+}
diff --git a/crypto/openssl/demos/maurice/example4.c b/crypto/openssl/demos/maurice/example4.c
new file mode 100644
index 000000000000..ce629848b74f
--- /dev/null
+++ b/crypto/openssl/demos/maurice/example4.c
@@ -0,0 +1,123 @@
+/* NOCW */
+/*
+        Please read the README file for condition of use, before
+        using this software.
+
+        Maurice Gittens     January 1997
+
+*/
+
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#define STDIN     	0
+#define STDOUT    	1
+#define BUFLEN	  	512 
+
+static const char *usage = "Usage: example4 [-d]\n";
+
+void do_encode(void);
+void do_decode(void);
+
+int main(int argc, char *argv[])
+{
+	if ((argc == 1))	
+	{
+		do_encode();
+	}	
+	else if ((argc == 2) && !strcmp(argv[1],"-d"))
+	{
+		do_decode();
+	}
+	else
+	{
+		fprintf(stderr,"%s", usage);
+		exit(1);
+	}
+
+	return 0;		
+}
+
+void do_encode()
+{
+	char buf[BUFLEN];
+	char ebuf[BUFLEN+24];
+	unsigned int ebuflen;
+	EVP_ENCODE_CTX ectx;
+        
+	EVP_EncodeInit(&ectx);
+
+	while(1)
+	{
+		int readlen = read(STDIN, buf, sizeof(buf));
+	
+		if (readlen <= 0)
+		{
+			if (!readlen)
+			   break;
+			else
+			{
+				perror("read");
+				exit(1);
+			}
+		}
+
+		EVP_EncodeUpdate(&ectx, ebuf, &ebuflen, buf, readlen);
+
+		write(STDOUT, ebuf, ebuflen);
+	}
+
+        EVP_EncodeFinal(&ectx, ebuf, &ebuflen); 
+
+	write(STDOUT, ebuf, ebuflen);
+}
+
+void do_decode()
+{
+ 	char buf[BUFLEN];
+ 	char ebuf[BUFLEN+24];
+	unsigned int ebuflen;
+	EVP_ENCODE_CTX ectx;
+        
+	EVP_DecodeInit(&ectx);
+
+	while(1)
+	{
+		int readlen = read(STDIN, buf, sizeof(buf));
+		int rc;	
+	
+		if (readlen <= 0)
+		{
+			if (!readlen)
+			   break;
+			else
+			{
+				perror("read");
+				exit(1);
+			}
+		}
+
+		rc = EVP_DecodeUpdate(&ectx, ebuf, &ebuflen, buf, readlen);
+		if (rc <= 0)
+		{
+			if (!rc)
+			{
+				write(STDOUT, ebuf, ebuflen);
+				break;
+			}
+
+			fprintf(stderr, "Error: decoding message\n");
+			return;
+		}
+
+		write(STDOUT, ebuf, ebuflen);
+	}
+
+        EVP_DecodeFinal(&ectx, ebuf, &ebuflen); 
+
+	write(STDOUT, ebuf, ebuflen); 
+}
+
diff --git a/crypto/openssl/demos/maurice/loadkeys.c b/crypto/openssl/demos/maurice/loadkeys.c
new file mode 100644
index 000000000000..0f3464753af1
--- /dev/null
+++ b/crypto/openssl/demos/maurice/loadkeys.c
@@ -0,0 +1,77 @@
+/* NOCW */
+/*
+        Please read the README file for condition of use, before
+        using this software.
+
+        Maurice Gittens     January 1997
+
+*/
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+EVP_PKEY * ReadPublicKey(const char *certfile)
+{
+  FILE *fp = fopen (certfile, "r");   
+  X509 *x509;
+  EVP_PKEY *pkey;
+
+  if (!fp) 
+     return NULL; 
+
+  x509 = (X509 *)PEM_ASN1_read ((char *(*)())d2i_X509,
+                                   PEM_STRING_X509,
+                                   fp, NULL, NULL);
+
+  if (x509 == NULL) 
+  {  
+     ERR_print_errors_fp (stderr);
+     return NULL;   
+  }
+
+  fclose (fp);
+  
+  pkey=X509_extract_key(x509);
+
+  X509_free(x509);
+
+  if (pkey == NULL) 
+     ERR_print_errors_fp (stderr);
+
+  return pkey; 
+}
+
+EVP_PKEY *ReadPrivateKey(const char *keyfile)
+{
+	FILE *fp = fopen(keyfile, "r");
+	EVP_PKEY *pkey;
+
+	if (!fp)
+		return NULL;
+
+	pkey = (EVP_PKEY*)PEM_ASN1_read ((char *(*)())d2i_PrivateKey,
+                              PEM_STRING_EVP_PKEY,
+                              fp,
+                              NULL, NULL);
+
+	fclose (fp);
+
+  	if (pkey == NULL) 
+		ERR_print_errors_fp (stderr);   
+
+	return pkey;
+}
+
+
diff --git a/crypto/openssl/demos/maurice/loadkeys.h b/crypto/openssl/demos/maurice/loadkeys.h
new file mode 100644
index 000000000000..d8fde86eb7fa
--- /dev/null
+++ b/crypto/openssl/demos/maurice/loadkeys.h
@@ -0,0 +1,19 @@
+/* NOCW */
+/*
+        Please read the README file for condition of use, before
+        using this software.
+
+        Maurice Gittens     January 1997
+
+*/
+
+#ifndef LOADKEYS_H_SEEN
+#define LOADKEYS_H_SEEN
+
+#include 
+
+EVP_PKEY * ReadPublicKey(const char *certfile);
+EVP_PKEY *ReadPrivateKey(const char *keyfile);
+
+#endif
+
diff --git a/crypto/openssl/demos/maurice/privkey.pem b/crypto/openssl/demos/maurice/privkey.pem
new file mode 100644
index 000000000000..fc3554e930a1
--- /dev/null
+++ b/crypto/openssl/demos/maurice/privkey.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEA3YKg/qmNagJ+eNYzdZuCAUsSgOprm4Oe467c89BxfEvqA1e0
+zLpEW7hLSdP2Ocw9Eh/aWCYnvLyrpG1i0ZFaR5+AQMG5+uMe71J4RiZDZR3ya7//
+wIFmFM2BMpHx+FF9DhcfJ/zHUf0cc0HlZkM8Z6MJuV42UFCx6EK9XMYr7Kks/mr+
+QCZknrm/LR370EhbgiqOq6TVe18mhIqaaV7BceKpWUwqdvf99M8/084wcmJlHOnp
+7tL8RAAe4IBX6UGz8ETlD3c7Gh9XXpQdw6X6r0GMTDBrKwCEUgxkDKhbFxbRHvjq
+cgFHmrkhlflx7XzSk1QMxZzo5UAoxaDKsakg+QIDAQABAoIBAQC0hnh083PnuJ6g
+Flob+B+stCUhYWtPc6ZzgphaMD+9ABV4oescipWZdooNYiyikBwZgFIvUvFBtTXh
+rLBDgUVlZ81beUb7/EvC2aBh818rsotWW0Sw/ARY4d7wetcL/EWBzUA8E5vR6wlb
+uZGelR9OiyYqp2h2bj1/v5yaVnuHxBeBj5clTHtPMXc+/70iUNBDMZ0ruZTdSwll
+e0DH8pp/5USYewlrKtRIJT7elC8LFMqEz4OpNvfaR2OEY0FatYYmSvQPNwV8/Eor
+XlNzRi9qD0uXbVexaAgQZ3/KZuAzUbOgwJZZXEAOGkZ/J1n08jljPXdU0o7bHhNl
+7siHbuEBAoGBAP53IvvJkhnH8Akf6E6sXelZkPKHnwDwfywDAiIhXza9DB1DViRS
+bZUB5gzcxmLGalex5+LcwZmsqFO5NXZ8SQeE9p0YT8yJsX4J1w9JzSvsWJBS2vyW
+Kbt21oG6JAGrWSGMIfxKpuahtWLf4JpGjftti0qIVQ60GKEPc1/xE2PZAoGBAN7Y
+nRPaUaqcIwbnH9kovOKwZ/PWREy1ecr3YXj65VYTnwSJHD0+CJa/DX8eB/G4AoNA
+Y2LPbq0Xu3+7SaUsO45VkaZuJmNwheUQ4tmyd/YdnVZ0AHXx1tvpR7QeO0WjnlNK
+mR+x00fetrff2Ypahs0wtU0Xf3F8ORgVB8jnxBIhAoGAcwf0PpI+g30Im3dbEsWE
+poogpiJ81HXjZ0fs3PTtD9eh9FCOTlkcxHFZR5M980TyqbX4t2tH8WpFpaNh8a/5
+a3bF7PoiiLnuDKXyHC0mnKZ42rU53VkcgGwWSAqXYFHPNwUcD+rHTBbp4kqGQ/eF
+E5XPk9/RY5YyVAyiAUr/kvECgYBvW1Ua75SxqbZDI8mhbZ79tGMt0NtubZz/1KCL
+oOxrGAD1dkJ7Q/1svunSpMIZgvcWeV1wqfFHY72ZNZC2jiTwmkffH9nlBPyTm92Q
+JYOWo/PUmMEGLyRL3gWrtxOtV/as7nEYCndmyZ8KwTxmy5fi/z0J2f0gS5AIPbIX
+LeGnoQKBgQDapjz9K4HWR5AMxyga4eiLIrmADySP846uz3eZIvTJQZ+6TAamvnno
+KbnU21cGq5HBBtxqQvGswLPGW9rZAgykHHJmYBUp0xv4+I4qHfXyD7QNmvq+Vxjj
+V2tgIafEpaf2ZsfM7BZeZz8MzeGcDwyrHtIO1FQiYN5Qz9Hq68XmVA==
+-----END RSA PRIVATE KEY-----
diff --git a/crypto/openssl/demos/prime/Makefile b/crypto/openssl/demos/prime/Makefile
new file mode 100644
index 000000000000..0166cd46fe46
--- /dev/null
+++ b/crypto/openssl/demos/prime/Makefile
@@ -0,0 +1,20 @@
+CC=cc
+CFLAGS= -g -I../../include -Wall
+LIBS=  -L../.. -lcrypto
+EXAMPLES=prime
+
+all: $(EXAMPLES) 
+
+prime: prime.o
+	$(CC) -o prime prime.o $(LIBS)
+
+clean:	
+	rm -f $(EXAMPLES) *.o
+
+test: all
+	@echo Test creating a 128-bit prime
+	./prime 128
+	@echo Test creating a 256-bit prime
+	./prime 256
+	@echo Test creating a 512-bit prime
+	./prime 512
diff --git a/crypto/openssl/demos/prime/prime.c b/crypto/openssl/demos/prime/prime.c
new file mode 100644
index 000000000000..103e0efc0cda
--- /dev/null
+++ b/crypto/openssl/demos/prime/prime.c
@@ -0,0 +1,101 @@
+/* demos/prime/prime.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include     
+
+void callback(type,num)
+int type,num;
+	{
+	if (type == 0)
+		fprintf(stderr,".");
+	else if (type == 1)
+		fprintf(stderr,"+");
+	else if (type == 2)
+		fprintf(stderr,"*");
+	fflush(stderr);
+	}
+
+int main(argc,argv)
+int argc;
+char *argv[];
+	{
+	BIGNUM *rand;
+	int num=256;
+
+	/* we should really call RAND_seed(char *bytes,int num);
+	 * to fully initalise the random number generator */
+	if (argc >= 2)
+		{
+		num=atoi(argv[1]);
+		if (num == 0) num=256;
+		}
+
+	fprintf(stderr,"generate a strong prime\n");
+        rand=BN_generate_prime(NULL,num,1,NULL,NULL,callback,NULL);
+	/* change the third parameter to 1 for a strong prime */
+	fprintf(stderr,"\n");
+
+	BN_print_fp(stdout,rand);           
+	fprintf(stdout,"\n");
+	BN_free(rand); 
+	exit(0);
+	return(0);
+	}
+
diff --git a/crypto/openssl/demos/privkey.pem b/crypto/openssl/demos/privkey.pem
new file mode 100644
index 000000000000..ddae24075da9
--- /dev/null
+++ b/crypto/openssl/demos/privkey.pem
@@ -0,0 +1,9 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIBPAIBAAJBAN+FmbxmHVOp/RxtpMGz0DvQEBz1sDktHp19hIoMSu0YZift5MAu
+4xAEJYvWVCshDiyOTWsUBXwZkrkt87FyctkCAwEAAQJAG/vxBGpQb6IPo1iC0RF/
+F430BnwoBPCGLbeCOXpSgx5X+19vuTSdEqMgeNB6+aNb+XY/7mvVfCjyD6WZ0oxs
+JQIhAPO+uL9cP40lFs62pdL3QSWsh3VNDByvOtr9LpeaxBm/AiEA6sKVfXsDQ5hd
+SHt9U61r2r8Lcxmzi9Kw6JNqjMmzqWcCIQCKoRy+aZ8Tjdas9yDVHh+FZ90bEBkl
+b1xQFNOdEj8aTQIhAOJWrO6INYNsWTPS6+hLYZtLamyUsQj0H+B8kNQge/mtAiEA
+nBfvUl243qbqN8gF7Az1u33uc9FsPVvQPiBzLxZ4ixw=
+-----END RSA PRIVATE KEY-----
diff --git a/crypto/openssl/demos/selfsign.c b/crypto/openssl/demos/selfsign.c
new file mode 100644
index 000000000000..f4a83693528e
--- /dev/null
+++ b/crypto/openssl/demos/selfsign.c
@@ -0,0 +1,168 @@
+/* NOCW */
+/* cc -o ssdemo -I../include selfsign.c ../libcrypto.a */
+
+#include 
+#include 
+
+#include 
+#include 
+#include 
+
+int mkit(X509 **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days);
+
+int main()
+	{
+	BIO *bio_err;
+	X509 *x509=NULL;
+	EVP_PKEY *pkey=NULL;
+
+	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+	X509V3_add_standard_extensions();
+
+	if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+		BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+
+	mkit(&x509,&pkey,512,0,365);
+
+	RSA_print_fp(stdout,pkey->pkey.rsa,0);
+	X509_print_fp(stdout,x509);
+
+	PEM_write_RSAPrivateKey(stdout,pkey->pkey.rsa,NULL,NULL,0,NULL);
+	PEM_write_X509(stdout,x509);
+
+	X509_free(x509);
+	EVP_PKEY_free(pkey);
+	BIO_free(bio_err);
+
+	X509V3_EXT_cleanup();
+
+	CRYPTO_mem_leaks(bio_err);
+	return(0);
+	}
+
+#ifdef WIN16
+#  define MS_CALLBACK   _far _loadds
+#  define MS_FAR        _far
+#else
+#  define MS_CALLBACK
+#  define MS_FAR
+#endif
+
+static void MS_CALLBACK callback(p, n, arg)
+int p;
+int n;
+void *arg;
+	{
+	char c='B';
+
+	if (p == 0) c='.';
+	if (p == 1) c='+';
+	if (p == 2) c='*';
+	if (p == 3) c='\n';
+	fputc(c,stderr);
+	}
+
+int mkit(x509p,pkeyp,bits,serial,days)
+X509 **x509p;
+EVP_PKEY **pkeyp;
+int bits;
+int serial;
+int days;
+	{
+	X509 *x;
+	EVP_PKEY *pk;
+	RSA *rsa;
+	X509_NAME *name=NULL;
+	X509_NAME_ENTRY *ne=NULL;
+	X509_EXTENSION *ex=NULL;
+
+	
+	if ((pkeyp == NULL) || (*pkeyp == NULL))
+		{
+		if ((pk=EVP_PKEY_new()) == NULL)
+			{
+			abort(); 
+			return(0);
+			}
+		}
+	else
+		pk= *pkeyp;
+
+	if ((x509p == NULL) || (*x509p == NULL))
+		{
+		if ((x=X509_new()) == NULL)
+			goto err;
+		}
+	else
+		x= *x509p;
+
+	rsa=RSA_generate_key(bits,RSA_F4,callback,NULL);
+	if (!EVP_PKEY_assign_RSA(pk,rsa))
+		{
+		abort();
+		goto err;
+		}
+	rsa=NULL;
+
+	X509_set_version(x,3);
+	ASN1_INTEGER_set(X509_get_serialNumber(x),serial);
+	X509_gmtime_adj(X509_get_notBefore(x),0);
+	X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days);
+	X509_set_pubkey(x,pk);
+
+	name=X509_NAME_new();
+
+	ne=X509_NAME_ENTRY_create_by_NID(NULL,NID_countryName,
+		V_ASN1_APP_CHOOSE,"AU",-1);
+	X509_NAME_add_entry(name,ne,0,0);
+
+	X509_NAME_ENTRY_create_by_NID(&ne,NID_commonName,
+		V_ASN1_APP_CHOOSE,"Eric Young",-1);
+	X509_NAME_add_entry(name,ne,1,0);
+
+	/* finished with structure */
+	X509_NAME_ENTRY_free(ne);
+
+	X509_set_subject_name(x,name);
+	X509_set_issuer_name(x,name);
+
+	/* finished with structure */
+	X509_NAME_free(name);
+
+	/* Add extension using V3 code: we can set the config file as NULL
+	 * because we wont reference any other sections. We can also set
+         * the context to NULL because none of these extensions below will need
+	 * to access it.
+	 */
+
+	ex = X509V3_EXT_conf_nid(NULL, NULL, NID_netscape_cert_type, "server");
+	X509_add_ext(x,ex,-1);
+
+	ex = X509V3_EXT_conf_nid(NULL, NULL, NID_netscape_comment,
+						"example comment extension");
+	X509_add_ext(x,ex,-1);
+
+	ex = X509V3_EXT_conf_nid(NULL, NULL, NID_netscape_ssl_server_name,
+							"www.openssl.org");
+
+	X509_add_ext(x,ex,-1);
+
+#if 0
+	/* might want something like this too.... */
+	ex = X509V3_EXT_conf_nid(NULL, NULL, NID_basic_constraints,
+							"critical,CA:TRUE");
+
+
+	X509_add_ext(x,ex,-1);
+#endif
+	
+	if (!X509_sign(x,pk,EVP_md5()))
+		goto err;
+
+	*x509p=x;
+	*pkeyp=pk;
+	return(1);
+err:
+	return(0);
+	}
diff --git a/crypto/openssl/demos/sign/Makefile b/crypto/openssl/demos/sign/Makefile
new file mode 100644
index 000000000000..e6d391e4ada4
--- /dev/null
+++ b/crypto/openssl/demos/sign/Makefile
@@ -0,0 +1,15 @@
+CC=cc
+CFLAGS= -g -I../../include -Wall
+LIBS=  -L../.. -lcrypto
+EXAMPLES=sign
+
+all: $(EXAMPLES) 
+
+sign: sign.o
+	$(CC) -o sign sign.o $(LIBS)
+
+clean:	
+	rm -f $(EXAMPLES) *.o
+
+test: all
+	./sign
diff --git a/crypto/openssl/demos/sign/cert.pem b/crypto/openssl/demos/sign/cert.pem
new file mode 100644
index 000000000000..9d7ac238d86b
--- /dev/null
+++ b/crypto/openssl/demos/sign/cert.pem
@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICLDCCAdYCAQAwDQYJKoZIhvcNAQEEBQAwgaAxCzAJBgNVBAYTAlBUMRMwEQYD
+VQQIEwpRdWVlbnNsYW5kMQ8wDQYDVQQHEwZMaXNib2ExFzAVBgNVBAoTDk5ldXJv
+bmlvLCBMZGEuMRgwFgYDVQQLEw9EZXNlbnZvbHZpbWVudG8xGzAZBgNVBAMTEmJy
+dXR1cy5uZXVyb25pby5wdDEbMBkGCSqGSIb3DQEJARYMc2FtcG9AaWtpLmZpMB4X
+DTk2MDkwNTAzNDI0M1oXDTk2MTAwNTAzNDI0M1owgaAxCzAJBgNVBAYTAlBUMRMw
+EQYDVQQIEwpRdWVlbnNsYW5kMQ8wDQYDVQQHEwZMaXNib2ExFzAVBgNVBAoTDk5l
+dXJvbmlvLCBMZGEuMRgwFgYDVQQLEw9EZXNlbnZvbHZpbWVudG8xGzAZBgNVBAMT
+EmJydXR1cy5uZXVyb25pby5wdDEbMBkGCSqGSIb3DQEJARYMc2FtcG9AaWtpLmZp
+MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAL7+aty3S1iBA/+yxjxv4q1MUTd1kjNw
+L4lYKbpzzlmC5beaQXeQ2RmGMTXU+mDvuqItjVHOK3DvPK7lTcSGftUCAwEAATAN
+BgkqhkiG9w0BAQQFAANBAFqPEKFjk6T6CKTHvaQeEAsX0/8YHPHqH/9AnhSjrwuX
+9EBc0n6bVGhN7XaXd6sJ7dym9sbsWxb+pJdurnkxjx4=
+-----END CERTIFICATE-----
diff --git a/crypto/openssl/demos/sign/key.pem b/crypto/openssl/demos/sign/key.pem
new file mode 100644
index 000000000000..239ad66f9903
--- /dev/null
+++ b/crypto/openssl/demos/sign/key.pem
@@ -0,0 +1,9 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIBPAIBAAJBAL7+aty3S1iBA/+yxjxv4q1MUTd1kjNwL4lYKbpzzlmC5beaQXeQ
+2RmGMTXU+mDvuqItjVHOK3DvPK7lTcSGftUCAwEAAQJBALjkK+jc2+iihI98riEF
+oudmkNziSRTYjnwjx8mCoAjPWviB3c742eO3FG4/soi1jD9A5alihEOXfUzloenr
+8IECIQD3B5+0l+68BA/6d76iUNqAAV8djGTzvxnCxycnxPQydQIhAMXt4trUI3nc
+a+U8YL2HPFA3gmhBsSICbq2OptOCnM7hAiEA6Xi3JIQECob8YwkRj29DU3/4WYD7
+WLPgsQpwo1GuSpECICGsnWH5oaeD9t9jbFoSfhJvv0IZmxdcLpRcpslpeWBBAiEA
+6/5B8J0GHdJq89FHwEG/H2eVVUYu5y/aD6sgcm+0Avg=
+-----END RSA PRIVATE KEY-----
diff --git a/crypto/openssl/demos/sign/sig.txt b/crypto/openssl/demos/sign/sig.txt
new file mode 100644
index 000000000000..5613c0ee77ba
--- /dev/null
+++ b/crypto/openssl/demos/sign/sig.txt
@@ -0,0 +1,158 @@
+From ssl-lists-owner@mincom.com Mon Sep 30 02:37:40 1996
+Received: from cygnus.mincom.oz.au by orb.mincom.oz.au with SMTP id AA11782
+  (5.65c/IDA-1.4.4 for eay); Mon, 30 Sep 1996 11:46:21 +1000
+Received: (from daemon@localhost) by cygnus.mincom.oz.au (8.7.5/8.7.3) id LAA18980 for ssl-users-outgoing; Mon, 30 Sep 1996 11:44:56 +1000 (EST)
+Received: from minbne.mincom.oz.au (minbne.mincom.oz.au [192.55.196.247]) by cygnus.mincom.oz.au (8.7.5/8.7.3) with SMTP id LAA18962 for ; Mon, 30 Sep 1996 11:44:51 +1000 (EST)
+Received: by minbne.mincom.oz.au id AA22230
+  (5.65c/IDA-1.4.4 for ssl-users@listserv.mincom.oz.au); Mon, 30 Sep 1996 11:38:41 +1000
+Received: from brutus.neuronio.pt (brutus.neuronio.pt [193.126.253.2]) by bunyip.cc.uq.oz.au (8.7.6/8.7.3) with SMTP id LAA15824 for ; Mon, 30 Sep 1996 11:40:07 +1000
+Received: (from sampo@localhost) by brutus.neuronio.pt (8.6.11/8.6.11) id BAA08729; Mon, 30 Sep 1996 01:37:40 +0100
+Date: Mon, 30 Sep 1996 01:37:40 +0100
+Message-Id: <199609300037.BAA08729@brutus.neuronio.pt>
+From: Sampo Kellomaki 
+To: ssl-users@mincom.com
+Cc: sampo@brutus.neuronio.pt
+Subject: Signing with envelope routines
+Sender: ssl-lists-owner@mincom.com
+Precedence: bulk
+Status: RO
+X-Status: D
+
+
+I have been trying to figure out how to produce signatures with EVP_
+routines. I seem to be able to read in private key and sign some
+data ok, but I can't figure out how I am supposed to read in
+public key so that I could verify my signature. I use self signed
+certificate.
+
+I figured I should use
+	EVP_PKEY* pkey = PEM_ASN1_read(d2i_PrivateKey, PEM_STRING_EVP_PKEY,
+	                               fp, NULL, NULL);
+to read in private key and this seems to work Ok.
+
+However when I try analogous
+	EVP_PKEY* pkey = PEM_ASN1_read(d2i_PublicKey, PEM_STRING_X509,
+	                               fp, NULL, NULL);
+the program fails with
+
+error:0D09508D:asn1 encoding routines:D2I_PUBLICKEY:unknown public key type:d2i_pu.c:93
+error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:pem_lib.c:232
+
+I figured that the second argument to PEM_ASN1_read should match the
+name in my PEM encoded object, hence PEM_STRING_X509.
+PEM_STRING_EVP_PKEY seems to be somehow magical
+because it matches whatever private key there happens to be. I could
+not find a similar constant to use with getting the certificate, however.
+
+Is my approach of using PEM_ASN1_read correct? What should I pass in
+as name?  Can I use normal (or even self signed) X509 certificate for
+verifying the signature?
+
+When will SSLeay documentation be written ;-)? If I would contribute
+comments to the code, would Eric take time to review them and include
+them in distribution?
+
+I'm using SSLeay-0.6.4. My program is included below along with the
+key and cert that I use.
+
+--Sampo
+
+-----------------------------------
+/* sign-it.cpp  -  Simple test app using SSLeay envelopes to sign data
+   29.9.1996, Sampo Kellomaki  */
+
+#include 
+#include "rsa.h"
+#include "evp.h"
+#include "objects.h"
+#include "x509.h"
+#include "err.h"
+#include "pem.h"
+#include "ssl.h"
+
+void main ()
+{
+  int err;
+  int sig_len;
+  unsigned char sig_buf [4096];
+  const char certfile[] = "plain-cert.pem";
+  const char keyfile[]  = "plain-key.pem";
+  const char data[]     = "I owe you...";
+  EVP_MD_CTX     md_ctx;
+  EVP_PKEY*      pkey;
+  FILE*          fp;
+
+  SSL_load_error_strings();
+  
+  /* Read private key */
+  
+  fp = fopen (keyfile, "r");   if (fp == NULL) exit (1);
+  pkey = (EVP_PKEY*)PEM_ASN1_read ((char *(*)())d2i_PrivateKey,
+				   PEM_STRING_EVP_PKEY,
+				   fp,
+				   NULL, NULL);
+  if (pkey == NULL) {  ERR_print_errors_fp (stderr);    exit (1);  }
+  fclose (fp);
+  
+  /* Do the signature */
+  
+  EVP_SignInit   (&md_ctx, EVP_md5());
+  EVP_SignUpdate (&md_ctx, data, strlen(data));
+  sig_len = sizeof(sig_buf);
+  err = EVP_SignFinal (&md_ctx,
+		       sig_buf, 
+		       &sig_len,
+		       pkey);
+  if (err != 1) {  ERR_print_errors_fp (stderr);    exit (1);  }
+  EVP_PKEY_free (pkey);
+  
+  /* Read public key */
+  
+  fp = fopen (certfile, "r");   if (fp == NULL) exit (1);
+  pkey = (EVP_PKEY*)PEM_ASN1_read ((char *(*)())d2i_PublicKey,
+				   PEM_STRING_X509,
+				   fp,
+				   NULL, NULL);
+  if (pkey == NULL) {  ERR_print_errors_fp (stderr);    exit (1);  }
+  fclose (fp);
+  
+  /* Verify the signature */
+  
+  EVP_VerifyInit   (&md_ctx, EVP_md5());
+  EVP_VerifyUpdate (&md_ctx, data, strlen((char*)data));
+  err = EVP_VerifyFinal (&md_ctx,
+			 sig_buf,
+			 sig_len,
+			 pkey);
+  if (err != 1) {  ERR_print_errors_fp (stderr);    exit (1);  }
+  EVP_PKEY_free (pkey);
+  printf ("Signature Verified Ok.\n");
+}
+/* EOF */
+--------------- plain-cert.pem -----------------
+-----BEGIN CERTIFICATE-----
+MIICLDCCAdYCAQAwDQYJKoZIhvcNAQEEBQAwgaAxCzAJBgNVBAYTAlBUMRMwEQYD
+VQQIEwpRdWVlbnNsYW5kMQ8wDQYDVQQHEwZMaXNib2ExFzAVBgNVBAoTDk5ldXJv
+bmlvLCBMZGEuMRgwFgYDVQQLEw9EZXNlbnZvbHZpbWVudG8xGzAZBgNVBAMTEmJy
+dXR1cy5uZXVyb25pby5wdDEbMBkGCSqGSIb3DQEJARYMc2FtcG9AaWtpLmZpMB4X
+DTk2MDkwNTAzNDI0M1oXDTk2MTAwNTAzNDI0M1owgaAxCzAJBgNVBAYTAlBUMRMw
+EQYDVQQIEwpRdWVlbnNsYW5kMQ8wDQYDVQQHEwZMaXNib2ExFzAVBgNVBAoTDk5l
+dXJvbmlvLCBMZGEuMRgwFgYDVQQLEw9EZXNlbnZvbHZpbWVudG8xGzAZBgNVBAMT
+EmJydXR1cy5uZXVyb25pby5wdDEbMBkGCSqGSIb3DQEJARYMc2FtcG9AaWtpLmZp
+MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAL7+aty3S1iBA/+yxjxv4q1MUTd1kjNw
+L4lYKbpzzlmC5beaQXeQ2RmGMTXU+mDvuqItjVHOK3DvPK7lTcSGftUCAwEAATAN
+BgkqhkiG9w0BAQQFAANBAFqPEKFjk6T6CKTHvaQeEAsX0/8YHPHqH/9AnhSjrwuX
+9EBc0n6bVGhN7XaXd6sJ7dym9sbsWxb+pJdurnkxjx4=
+-----END CERTIFICATE-----
+---------------- plain-key.pem -----------------
+-----BEGIN RSA PRIVATE KEY-----
+MIIBPAIBAAJBAL7+aty3S1iBA/+yxjxv4q1MUTd1kjNwL4lYKbpzzlmC5beaQXeQ
+2RmGMTXU+mDvuqItjVHOK3DvPK7lTcSGftUCAwEAAQJBALjkK+jc2+iihI98riEF
+oudmkNziSRTYjnwjx8mCoAjPWviB3c742eO3FG4/soi1jD9A5alihEOXfUzloenr
+8IECIQD3B5+0l+68BA/6d76iUNqAAV8djGTzvxnCxycnxPQydQIhAMXt4trUI3nc
+a+U8YL2HPFA3gmhBsSICbq2OptOCnM7hAiEA6Xi3JIQECob8YwkRj29DU3/4WYD7
+WLPgsQpwo1GuSpECICGsnWH5oaeD9t9jbFoSfhJvv0IZmxdcLpRcpslpeWBBAiEA
+6/5B8J0GHdJq89FHwEG/H2eVVUYu5y/aD6sgcm+0Avg=
+-----END RSA PRIVATE KEY-----
+------------------------------------------------
+
diff --git a/crypto/openssl/demos/sign/sign.c b/crypto/openssl/demos/sign/sign.c
new file mode 100644
index 000000000000..0fdf0de387d4
--- /dev/null
+++ b/crypto/openssl/demos/sign/sign.c
@@ -0,0 +1,153 @@
+/* demos/sign/sign.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* sign-it.cpp  -  Simple test app using SSLeay envelopes to sign data
+   29.9.1996, Sampo Kellomaki  */
+
+/* converted to C - eay :-) */
+
+/* reformated a bit and converted to use the more common functions: this was
+ * initially written at the dawn of time :-) - Steve.
+ */
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+int main ()
+{
+  int err;
+  int sig_len;
+  unsigned char sig_buf [4096];
+  static char certfile[] = "cert.pem";
+  static char keyfile[]  = "key.pem";
+  static char data[]     = "I owe you...";
+  EVP_MD_CTX     md_ctx;
+  EVP_PKEY *      pkey;
+  FILE *          fp;
+  X509 *	x509;
+
+  /* Just load the crypto library error strings,
+   * SSL_load_error_strings() loads the crypto AND the SSL ones */
+  /* SSL_load_error_strings();*/
+  ERR_load_crypto_strings();
+  
+  /* Read private key */
+  
+  fp = fopen (keyfile, "r");
+  if (fp == NULL) exit (1);
+  pkey = PEM_read_PrivateKey(fp, NULL, NULL);
+  fclose (fp);
+
+  if (pkey == NULL) { 
+	ERR_print_errors_fp (stderr);
+	exit (1);
+  }
+  
+  /* Do the signature */
+  
+  EVP_SignInit   (&md_ctx, EVP_sha1());
+  EVP_SignUpdate (&md_ctx, data, strlen(data));
+  sig_len = sizeof(sig_buf);
+  err = EVP_SignFinal (&md_ctx, sig_buf, &sig_len, pkey);
+
+  if (err != 1) {
+	ERR_print_errors_fp(stderr);
+	exit (1);
+  }
+
+  EVP_PKEY_free (pkey);
+  
+  /* Read public key */
+  
+  fp = fopen (certfile, "r");
+  if (fp == NULL) exit (1);
+  x509 = PEM_read_X509(fp, NULL, NULL);
+  fclose (fp);
+
+  if (x509 == NULL) {
+	ERR_print_errors_fp (stderr);
+	exit (1);
+  }
+  
+  /* Get public key - eay */
+  pkey=X509_get_pubkey(x509);
+  if (pkey == NULL) {
+	ERR_print_errors_fp (stderr);
+	exit (1);
+  }
+
+  /* Verify the signature */
+  
+  EVP_VerifyInit   (&md_ctx, EVP_sha1());
+  EVP_VerifyUpdate (&md_ctx, data, strlen((char*)data));
+  err = EVP_VerifyFinal (&md_ctx, sig_buf, sig_len, pkey);
+  EVP_PKEY_free (pkey);
+
+  if (err != 1) {
+	ERR_print_errors_fp (stderr);
+	exit (1);
+  }
+  printf ("Signature Verified Ok.\n");
+  return(0);
+}
diff --git a/crypto/openssl/demos/sign/sign.txt b/crypto/openssl/demos/sign/sign.txt
new file mode 100644
index 000000000000..2aa2b46cc36e
--- /dev/null
+++ b/crypto/openssl/demos/sign/sign.txt
@@ -0,0 +1,170 @@
+From ssl-lists-owner@mincom.com Mon Sep 30 22:43:15 1996
+Received: from cygnus.mincom.oz.au by orb.mincom.oz.au with SMTP id AA12802
+  (5.65c/IDA-1.4.4 for eay); Mon, 30 Sep 1996 12:45:43 +1000
+Received: (from daemon@localhost) by cygnus.mincom.oz.au (8.7.5/8.7.3) id MAA25922 for ssl-users-outgoing; Mon, 30 Sep 1996 12:43:43 +1000 (EST)
+Received: from orb.mincom.oz.au (eay@orb.mincom.oz.au [192.55.197.1]) by cygnus.mincom.oz.au (8.7.5/8.7.3) with SMTP id MAA25900 for ; Mon, 30 Sep 1996 12:43:39 +1000 (EST)
+Received: by orb.mincom.oz.au id AA12688
+  (5.65c/IDA-1.4.4 for ssl-users@listserv.mincom.oz.au); Mon, 30 Sep 1996 12:43:16 +1000
+Date: Mon, 30 Sep 1996 12:43:15 +1000 (EST)
+From: Eric Young 
+X-Sender: eay@orb
+To: Sampo Kellomaki 
+Cc: ssl-users@mincom.com, sampo@brutus.neuronio.pt
+Subject: Re: Signing with envelope routines
+In-Reply-To: <199609300037.BAA08729@brutus.neuronio.pt>
+Message-Id: 
+Mime-Version: 1.0
+Content-Type: TEXT/PLAIN; charset=US-ASCII
+Sender: ssl-lists-owner@mincom.com
+Precedence: bulk
+Status: O
+X-Status: 
+
+
+On Mon, 30 Sep 1996, Sampo Kellomaki wrote:
+> I have been trying to figure out how to produce signatures with EVP_
+> routines. I seem to be able to read in private key and sign some
+> data ok, but I can't figure out how I am supposed to read in
+> public key so that I could verify my signature. I use self signed
+> certificate.
+
+hmm... a rather poorly documented are of the library at this point in time.
+
+> I figured I should use
+> 	EVP_PKEY* pkey = PEM_ASN1_read(d2i_PrivateKey, PEM_STRING_EVP_PKEY,
+> 	                               fp, NULL, NULL);
+> to read in private key and this seems to work Ok.
+> 
+> However when I try analogous
+> 	EVP_PKEY* pkey = PEM_ASN1_read(d2i_PublicKey, PEM_STRING_X509,
+> 	                               fp, NULL, NULL);
+
+What you should do is 
+	X509 *x509=PEM_read_X509(fp,NULL,NULL);
+	/* which is the same as PEM_ASN1_read(d2i_X509,PEM_STRING_X509,fp,
+	 * NULL,NULL); */
+Then
+	EVP_PKEY *pkey=X509_extract_key(x509);
+
+There is also a X509_REQ_extract_key(req);
+which gets the public key from a certificate request.
+
+I re-worked quite a bit of this when I cleaned up the dependancy on
+RSA as the private key.
+
+> I figured that the second argument to PEM_ASN1_read should match the
+> name in my PEM encoded object, hence PEM_STRING_X509.
+> PEM_STRING_EVP_PKEY seems to be somehow magical
+> because it matches whatever private key there happens to be. I could
+> not find a similar constant to use with getting the certificate, however.
+
+:-), PEM_STRING_EVP_PKEY is 'magical' :-).  In theory I should be using a
+standard such as PKCS#8 to store the private key so that the type is 
+encoded in the asn.1 encoding of the object.
+
+> Is my approach of using PEM_ASN1_read correct? What should I pass in
+> as name?  Can I use normal (or even self signed) X509 certificate for
+> verifying the signature?
+
+The actual public key is kept in the certificate, so basically you have 
+to load the certificate and then 'unpack' the public key from the 
+certificate.
+
+> When will SSLeay documentation be written ;-)? If I would contribute
+> comments to the code, would Eric take time to review them and include
+> them in distribution?
+
+:-) After SSLv3 and PKCS#7 :-).  I actually started doing a function list 
+but what I really need to do is do quite a few 'this is how you do xyz' 
+type documents.  I suppose the current method is to post to ssl-users and 
+I'll respond :-).
+
+I'll add a 'demo' directory for the next release, I've appended a 
+modified version of your program that works, you were very close :-).
+
+eric
+
+/* sign-it.cpp  -  Simple test app using SSLeay envelopes to sign data
+   29.9.1996, Sampo Kellomaki  */
+
+/* converted to C - eay :-) */
+
+#include 
+#include "rsa.h"
+#include "evp.h"
+#include "objects.h"
+#include "x509.h"
+#include "err.h"
+#include "pem.h"
+#include "ssl.h"
+
+void main ()
+{
+  int err;
+  int sig_len;
+  unsigned char sig_buf [4096];
+  static char certfile[] = "plain-cert.pem";
+  static char keyfile[]  = "plain-key.pem";
+  static char data[]     = "I owe you...";
+  EVP_MD_CTX     md_ctx;
+  EVP_PKEY *      pkey;
+  FILE *          fp;
+  X509 *	x509;
+
+  /* Just load the crypto library error strings,
+   * SSL_load_error_strings() loads the crypto AND the SSL ones */
+  /* SSL_load_error_strings();*/
+  ERR_load_crypto_strings();
+  
+  /* Read private key */
+  
+  fp = fopen (keyfile, "r");   if (fp == NULL) exit (1);
+  pkey = (EVP_PKEY*)PEM_ASN1_read ((char *(*)())d2i_PrivateKey,
+				   PEM_STRING_EVP_PKEY,
+				   fp,
+				   NULL, NULL);
+  if (pkey == NULL) {  ERR_print_errors_fp (stderr);    exit (1);  }
+  fclose (fp);
+  
+  /* Do the signature */
+  
+  EVP_SignInit   (&md_ctx, EVP_md5());
+  EVP_SignUpdate (&md_ctx, data, strlen(data));
+  sig_len = sizeof(sig_buf);
+  err = EVP_SignFinal (&md_ctx,
+		       sig_buf, 
+		       &sig_len,
+		       pkey);
+  if (err != 1) {  ERR_print_errors_fp (stderr);    exit (1);  }
+  EVP_PKEY_free (pkey);
+  
+  /* Read public key */
+  
+  fp = fopen (certfile, "r");   if (fp == NULL) exit (1);
+  x509 = (X509 *)PEM_ASN1_read ((char *(*)())d2i_X509,
+				   PEM_STRING_X509,
+				   fp, NULL, NULL);
+  if (x509 == NULL) {  ERR_print_errors_fp (stderr);    exit (1);  }
+  fclose (fp);
+  
+  /* Get public key - eay */
+  pkey=X509_extract_key(x509);
+  if (pkey == NULL) {  ERR_print_errors_fp (stderr);    exit (1);  }
+
+  /* Verify the signature */
+  
+  EVP_VerifyInit   (&md_ctx, EVP_md5());
+  EVP_VerifyUpdate (&md_ctx, data, strlen((char*)data));
+  err = EVP_VerifyFinal (&md_ctx,
+			 sig_buf,
+			 sig_len,
+			 pkey);
+  if (err != 1) {  ERR_print_errors_fp (stderr);    exit (1);  }
+  EVP_PKEY_free (pkey);
+  printf ("Signature Verified Ok.\n");
+}
+
+
+
+
+
diff --git a/crypto/openssl/demos/spkigen.c b/crypto/openssl/demos/spkigen.c
new file mode 100644
index 000000000000..d87881197c55
--- /dev/null
+++ b/crypto/openssl/demos/spkigen.c
@@ -0,0 +1,160 @@
+/* NOCW */
+/* demos/spkigen.c
+ * 18-Mar-1997 - eay - A quick hack :-) 
+ * 		version 1.1, it would probably help to save or load the
+ *		private key :-)
+ */
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+/* The following two don't exist in SSLeay but they are in here as
+ * examples */
+#define PEM_write_SPKI(fp,x) \
+	PEM_ASN1_write((int (*)())i2d_NETSCAPE_SPKI,"SPKI",fp,\
+			(char *)x,NULL,NULL,0,NULL)
+int SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey);
+
+/* These are defined in the next version of SSLeay */
+int EVP_PKEY_assign(EVP_PKEY *pkey, int type,char *key);
+#define RSA_F4	0x10001
+#define EVP_PKEY_assign_RSA(pkey,rsa) EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\
+					(char *)(rsa))
+
+int main(argc,argv)
+int argc;
+char *argv[];
+	{
+	RSA *rsa=NULL;
+	NETSCAPE_SPKI *spki=NULL;
+	EVP_PKEY *pkey=NULL;
+	char buf[128];
+	int ok=0,i;
+	FILE *fp;
+
+	pkey=EVP_PKEY_new();
+	 
+	if (argc < 2)
+		{
+		/* Generate an RSA key, the random state should have been seeded
+		 * with lots of calls to RAND_seed(....) */
+		fprintf(stderr,"generating RSA key, could take some time...\n");
+		if ((rsa=RSA_generate_key(512,RSA_F4,NULL)) == NULL) goto err;
+		}
+	else
+		{
+		if ((fp=fopen(argv[1],"r")) == NULL)
+			{ perror(argv[1]); goto err; }
+		if ((rsa=PEM_read_RSAPrivateKey(fp,NULL,NULL)) == NULL)
+			goto err;
+		fclose(fp);
+		}
+	
+	if (!EVP_PKEY_assign_RSA(pkey,rsa)) goto err;
+	rsa=NULL;
+
+	/* lets make the spki and set the public key and challenge */
+	if ((spki=NETSCAPE_SPKI_new()) == NULL) goto err;
+
+	if (!SPKI_set_pubkey(spki,pkey)) goto err;
+
+	fprintf(stderr,"please enter challenge string:");
+	fflush(stderr);
+	fgets(buf,120,stdin);
+	i=strlen(buf);
+	if (i > 0) buf[--i]='\0';
+	if (!ASN1_STRING_set((ASN1_STRING *)spki->spkac->challenge,
+		buf,i)) goto err;
+
+	if (!NETSCAPE_SPKI_sign(spki,pkey,EVP_md5())) goto err;
+	PEM_write_SPKI(stdout,spki);
+	if (argc < 2)
+		PEM_write_RSAPrivateKey(stdout,pkey->pkey.rsa,NULL,NULL,0,NULL);
+
+	ok=1;
+err:
+	if (!ok)
+		{
+		fprintf(stderr,"something bad happened....");
+		ERR_print_errors_fp(stderr);
+		}
+	NETSCAPE_SPKI_free(spki);
+	EVP_PKEY_free(pkey);
+	exit(!ok);
+	}
+
+/* This function is in the next version of SSLeay */
+int EVP_PKEY_assign(pkey,type,key)
+EVP_PKEY *pkey;
+int type;
+char *key;
+	{
+	if (pkey == NULL) return(0);
+	if (pkey->pkey.ptr != NULL)
+		{
+		if (pkey->type == EVP_PKEY_RSA)
+			RSA_free(pkey->pkey.rsa);
+		/* else memory leak */
+		}
+	pkey->type=type;
+	pkey->pkey.ptr=key;
+	return(1);
+	}
+
+/* While I have a 
+ * X509_set_pubkey() and X509_REQ_set_pubkey(), SPKI_set_pubkey() does
+ * not currently exist so here is a version of it.
+ * The next SSLeay release will probably have
+ * X509_set_pubkey(),
+ * X509_REQ_set_pubkey() and
+ * NETSCAPE_SPKI_set_pubkey()
+ * as macros calling the same function */
+int SPKI_set_pubkey(x,pkey)
+NETSCAPE_SPKI *x;
+EVP_PKEY *pkey;
+	{
+	int ok=0;
+	X509_PUBKEY *pk;
+	X509_ALGOR *a;
+	ASN1_OBJECT *o;
+	unsigned char *s,*p;
+	int i;
+
+	if (x == NULL) return(0);
+
+	if ((pk=X509_PUBKEY_new()) == NULL) goto err;
+	a=pk->algor;
+
+	/* set the algorithm id */
+	if ((o=OBJ_nid2obj(pkey->type)) == NULL) goto err;
+	ASN1_OBJECT_free(a->algorithm);
+	a->algorithm=o;
+
+	/* Set the parameter list */
+	if ((a->parameter == NULL) || (a->parameter->type != V_ASN1_NULL))
+		{
+		ASN1_TYPE_free(a->parameter);
+		a->parameter=ASN1_TYPE_new();
+		a->parameter->type=V_ASN1_NULL;
+		}
+	i=i2d_PublicKey(pkey,NULL);
+	if ((s=(unsigned char *)malloc(i+1)) == NULL) goto err;
+	p=s;
+	i2d_PublicKey(pkey,&p);
+	if (!ASN1_BIT_STRING_set(pk->public_key,s,i)) goto err;
+	free(s);
+
+	X509_PUBKEY_free(x->spkac->pubkey);
+	x->spkac->pubkey=pk;
+	pk=NULL;
+	ok=1;
+err:
+	if (pk != NULL) X509_PUBKEY_free(pk);
+	return(ok);
+	}
+
diff --git a/crypto/openssl/demos/ssl/cli.cpp b/crypto/openssl/demos/ssl/cli.cpp
new file mode 100644
index 000000000000..b3d726961f5d
--- /dev/null
+++ b/crypto/openssl/demos/ssl/cli.cpp
@@ -0,0 +1,111 @@
+/* cli.cpp  -  Minimal ssleay client for Unix
+   30.9.1996, Sampo Kellomaki  */
+
+/* mangled to work with SSLeay-0.9.0b and OpenSSL 0.9.2b
+   Simplified to be even more minimal
+   12/98 - 4/99 Wade Scholine  */
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#include "rsa.h"       /* SSLeay stuff */
+#include 
+#include 
+#include 
+#include 
+#include 
+
+
+#define CHK_NULL(x) if ((x)==NULL) exit (1)
+#define CHK_ERR(err,s) if ((err)==-1) { perror(s); exit(1); }
+#define CHK_SSL(err) if ((err)==-1) { ERR_print_errors_fp(stderr); exit(2); }
+
+void main ()
+{
+  int err;
+  int sd;
+  struct sockaddr_in sa;
+  SSL_CTX* ctx;
+  SSL*     ssl;
+  X509*    server_cert;
+  char*    str;
+  char     buf [4096];
+  SSL_METHOD *meth;
+
+  SSLeay_add_ssl_algorithms();
+  meth = SSLv2_client_method();
+  SSL_load_error_strings();
+  ctx = SSL_CTX_new (meth);                        CHK_NULL(ctx);
+
+  CHK_SSL(err);
+  
+  /* ----------------------------------------------- */
+  /* Create a socket and connect to server using normal socket calls. */
+  
+  sd = socket (AF_INET, SOCK_STREAM, 0);       CHK_ERR(sd, "socket");
+ 
+  memset (&sa, '\0', sizeof(sa));
+  sa.sin_family      = AF_INET;
+  sa.sin_addr.s_addr = inet_addr ("127.0.0.1");   /* Server IP */
+  sa.sin_port        = htons     (1111);          /* Server Port number */
+  
+  err = connect(sd, (struct sockaddr*) &sa,
+		sizeof(sa));                   CHK_ERR(err, "connect");
+
+  /* ----------------------------------------------- */
+  /* Now we have TCP conncetion. Start SSL negotiation. */
+  
+  ssl = SSL_new (ctx);                         CHK_NULL(ssl);    
+  SSL_set_fd (ssl, sd);
+  err = SSL_connect (ssl);                     CHK_SSL(err);
+    
+  /* Following two steps are optional and not required for
+     data exchange to be successful. */
+  
+  /* Get the cipher - opt */
+
+  printf ("SSL connection using %s\n", SSL_get_cipher (ssl));
+  
+  /* Get server's certificate (note: beware of dynamic allocation) - opt */
+
+  server_cert = SSL_get_peer_certificate (ssl);       CHK_NULL(server_cert);
+  printf ("Server certificate:\n");
+  
+  str = X509_NAME_oneline (X509_get_subject_name (server_cert),0,0);
+  CHK_NULL(str);
+  printf ("\t subject: %s\n", str);
+  Free (str);
+
+  str = X509_NAME_oneline (X509_get_issuer_name  (server_cert),0,0);
+  CHK_NULL(str);
+  printf ("\t issuer: %s\n", str);
+  Free (str);
+
+  /* We could do all sorts of certificate verification stuff here before
+     deallocating the certificate. */
+
+  X509_free (server_cert);
+  
+  /* --------------------------------------------------- */
+  /* DATA EXCHANGE - Send a message and receive a reply. */
+
+  err = SSL_write (ssl, "Hello World!", strlen("Hello World!"));  CHK_SSL(err);
+  
+  err = SSL_read (ssl, buf, sizeof(buf) - 1);                     CHK_SSL(err);
+  buf[err] = '\0';
+  printf ("Got %d chars:'%s'\n", err, buf);
+  SSL_shutdown (ssl);  /* send SSL/TLS close_notify */
+
+  /* Clean up. */
+
+  close (sd);
+  SSL_free (ssl);
+  SSL_CTX_free (ctx);
+}
+/* EOF - cli.cpp */
diff --git a/crypto/openssl/demos/ssl/inetdsrv.cpp b/crypto/openssl/demos/ssl/inetdsrv.cpp
new file mode 100644
index 000000000000..5b0922721069
--- /dev/null
+++ b/crypto/openssl/demos/ssl/inetdsrv.cpp
@@ -0,0 +1,98 @@
+/* inetdserv.cpp  -  Minimal ssleay server for Unix inetd.conf
+ * 30.9.1996, Sampo Kellomaki 
+ * From /etc/inetd.conf:
+ *     1111 stream tcp nowait sampo /usr/users/sampo/demo/inetdserv inetdserv
+ */
+
+#include 
+#include 
+
+#include "rsa.h"       /* SSLeay stuff */
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#define HOME "/usr/users/sampo/demo/"
+#define CERTF HOME "plain-cert.pem"
+#define KEYF  HOME "plain-key.pem"
+
+#define CHK_NULL(x) if ((x)==NULL) exit (1)
+#define CHK_ERR(err,s) if ((err)==-1) \
+                         { fprintf(log, "%s %d\n", (s), errno); exit(1); }
+#define CHK_SSL(err) if ((err)==-1) { ERR_print_errors_fp(log); exit(2); }
+
+void main ()
+{
+  int err;
+  SSL_CTX* ctx;
+  SSL*     ssl;
+  X509*    client_cert;
+  char*    str;
+  char     buf [4096];
+  FILE* log;
+  
+  log = fopen ("/dev/console", "a");                     CHK_NULL(log);
+  fprintf (log, "inetdserv %ld\n", (long)getpid());
+  
+  SSL_load_error_strings();
+  ctx = SSL_CTX_new (); CHK_NULL(ctx);
+  
+  err = SSL_CTX_use_RSAPrivateKey_file (ctx, KEYF,  SSL_FILETYPE_PEM);
+  CHK_SSL (err);
+  
+  err = SSL_CTX_use_certificate_file   (ctx, CERTF, SSL_FILETYPE_PEM);
+  CHK_SSL (err);
+
+  /* inetd has already opened the TCP connection, so we can get right
+     down to business. */
+  
+  ssl = SSL_new (ctx);  CHK_NULL(ssl);
+  SSL_set_fd (ssl,  fileno(stdin));
+  err = SSL_accept (ssl);                                CHK_SSL(err);
+  
+  /* Get the cipher - opt */
+  
+  fprintf (log, "SSL connection using %s\n", SSL_get_cipher (ssl));
+  
+  /* Get client's certificate (note: beware of dynamic allocation) - opt */
+
+  client_cert = SSL_get_peer_certificate (ssl);
+  if (client_cert != NULL) {
+    fprintf (log, "Client certificate:\n");
+    
+    str = X509_NAME_oneline (X509_get_subject_name (client_cert));
+    CHK_NULL(str);
+    fprintf (log, "\t subject: %s\n", str);
+    Free (str);
+    
+    str = X509_NAME_oneline (X509_get_issuer_name  (client_cert));
+    CHK_NULL(str);
+    fprintf (log, "\t issuer: %s\n", str);
+    Free (str);
+    
+    /* We could do all sorts of certificate verification stuff here before
+       deallocating the certificate. */
+    
+    X509_free (client_cert);
+  } else
+    fprintf (log, "Client doe not have certificate.\n");
+
+  /* ------------------------------------------------- */
+  /* DATA EXCHANGE: Receive message and send reply  */
+  
+  err = SSL_read (ssl, buf, sizeof(buf) - 1);  CHK_SSL(err);
+  buf[err] = '\0';
+  fprintf (log, "Got %d chars:'%s'\n", err, buf);
+  
+  err = SSL_write (ssl, "Loud and clear.", strlen("Loud and clear."));
+  CHK_SSL(err);
+
+  /* Clean up. */
+
+  fclose (log);
+  SSL_free (ssl);
+  SSL_CTX_free (ctx);
+}
+/* EOF - inetdserv.cpp */
diff --git a/crypto/openssl/demos/ssl/serv.cpp b/crypto/openssl/demos/ssl/serv.cpp
new file mode 100644
index 000000000000..aec610d01894
--- /dev/null
+++ b/crypto/openssl/demos/ssl/serv.cpp
@@ -0,0 +1,152 @@
+/* serv.cpp  -  Minimal ssleay server for Unix
+   30.9.1996, Sampo Kellomaki  */
+
+
+/* mangled to work with SSLeay-0.9.0b and OpenSSL 0.9.2b
+   Simplified to be even more minimal
+   12/98 - 4/99 Wade Scholine  */
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#include        /* SSLeay stuff */
+#include 
+#include 
+#include 
+#include 
+#include 
+
+
+/* define HOME to be dir for key and cert files... */
+#define HOME "./"
+/* Make these what you want for cert & key files */
+#define CERTF  HOME "foo-cert.pem"
+#define KEYF  HOME  "foo-cert.pem"
+
+
+#define CHK_NULL(x) if ((x)==NULL) exit (1)
+#define CHK_ERR(err,s) if ((err)==-1) { perror(s); exit(1); }
+#define CHK_SSL(err) if ((err)==-1) { ERR_print_errors_fp(stderr); exit(2); }
+
+void main ()
+{
+  int err;
+  int listen_sd;
+  int sd;
+  struct sockaddr_in sa_serv;
+  struct sockaddr_in sa_cli;
+  size_t client_len;
+  SSL_CTX* ctx;
+  SSL*     ssl;
+  X509*    client_cert;
+  char*    str;
+  char     buf [4096];
+  SSL_METHOD *meth;
+  
+  /* SSL preliminaries. We keep the certificate and key with the context. */
+
+  SSL_load_error_strings();
+  SSLeay_add_ssl_algorithms();
+  meth = SSLv23_server_method();
+  ctx = SSL_CTX_new (meth);
+  if (!ctx) {
+    ERR_print_errors_fp(stderr);
+    exit(2);
+  }
+  
+  if (SSL_CTX_use_certificate_file(ctx, CERTF, SSL_FILETYPE_PEM) <= 0) {
+    ERR_print_errors_fp(stderr);
+    exit(3);
+  }
+  if (SSL_CTX_use_PrivateKey_file(ctx, KEYF, SSL_FILETYPE_PEM) <= 0) {
+    ERR_print_errors_fp(stderr);
+    exit(4);
+  }
+
+  if (!SSL_CTX_check_private_key(ctx)) {
+    fprintf(stderr,"Private key does not match the certificate public key\n");
+    exit(5);
+  }
+
+  /* ----------------------------------------------- */
+  /* Prepare TCP socket for receiving connections */
+
+  listen_sd = socket (AF_INET, SOCK_STREAM, 0);   CHK_ERR(listen_sd, "socket");
+  
+  memset (&sa_serv, '\0', sizeof(sa_serv));
+  sa_serv.sin_family      = AF_INET;
+  sa_serv.sin_addr.s_addr = INADDR_ANY;
+  sa_serv.sin_port        = htons (1111);          /* Server Port number */
+  
+  err = bind(listen_sd, (struct sockaddr*) &sa_serv,
+	     sizeof (sa_serv));                   CHK_ERR(err, "bind");
+	     
+  /* Receive a TCP connection. */
+	     
+  err = listen (listen_sd, 5);                    CHK_ERR(err, "listen");
+  
+  client_len = sizeof(sa_cli);
+  sd = accept (listen_sd, (struct sockaddr*) &sa_cli, &client_len);
+  CHK_ERR(sd, "accept");
+  close (listen_sd);
+
+  printf ("Connection from %lx, port %x\n",
+	  sa_cli.sin_addr.s_addr, sa_cli.sin_port);
+  
+  /* ----------------------------------------------- */
+  /* TCP connection is ready. Do server side SSL. */
+
+  ssl = SSL_new (ctx);                           CHK_NULL(ssl);
+  SSL_set_fd (ssl, sd);
+  err = SSL_accept (ssl);                        CHK_SSL(err);
+  
+  /* Get the cipher - opt */
+  
+  printf ("SSL connection using %s\n", SSL_get_cipher (ssl));
+  
+  /* Get client's certificate (note: beware of dynamic allocation) - opt */
+
+  client_cert = SSL_get_peer_certificate (ssl);
+  if (client_cert != NULL) {
+    printf ("Client certificate:\n");
+    
+    str = X509_NAME_oneline (X509_get_subject_name (client_cert), 0, 0);
+    CHK_NULL(str);
+    printf ("\t subject: %s\n", str);
+    Free (str);
+    
+    str = X509_NAME_oneline (X509_get_issuer_name  (client_cert), 0, 0);
+    CHK_NULL(str);
+    printf ("\t issuer: %s\n", str);
+    Free (str);
+    
+    /* We could do all sorts of certificate verification stuff here before
+       deallocating the certificate. */
+    
+    X509_free (client_cert);
+  } else
+    printf ("Client does not have certificate.\n");
+
+  /* DATA EXCHANGE - Receive message and send reply. */
+
+  err = SSL_read (ssl, buf, sizeof(buf) - 1);                   CHK_SSL(err);
+  buf[err] = '\0';
+  printf ("Got %d chars:'%s'\n", err, buf);
+  
+  err = SSL_write (ssl, "I hear you.", strlen("I hear you."));  CHK_SSL(err);
+
+  /* Clean up. */
+
+  close (sd);
+  SSL_free (ssl);
+  SSL_CTX_free (ctx);
+}
+/* EOF - serv.cpp */
diff --git a/crypto/openssl/dep/crypto.txt b/crypto/openssl/dep/crypto.txt
new file mode 100644
index 000000000000..9e5144fec64d
--- /dev/null
+++ b/crypto/openssl/dep/crypto.txt
@@ -0,0 +1,1043 @@
+ASN1_BIT_STRING_asn1_meth
+ASN1_BIT_STRING_get_bit
+ASN1_BIT_STRING_set_bit
+ASN1_HEADER_free
+ASN1_HEADER_new
+ASN1_IA5STRING_asn1_meth
+ASN1_INTEGER_get
+ASN1_INTEGER_set
+ASN1_INTEGER_to_BN
+ASN1_OBJECT_create
+ASN1_OBJECT_free
+ASN1_OBJECT_new
+ASN1_PRINTABLE_type
+ASN1_STRING_cmp
+ASN1_STRING_dup
+ASN1_STRING_free
+ASN1_STRING_new
+ASN1_STRING_print
+ASN1_STRING_set
+ASN1_STRING_type_new
+ASN1_TYPE_free
+ASN1_TYPE_get
+ASN1_TYPE_new
+ASN1_TYPE_set
+ASN1_UNIVERSALSTRING_to_string
+ASN1_UTCTIME_check
+ASN1_UTCTIME_print
+ASN1_UTCTIME_set
+ASN1_check_infinite_end
+ASN1_d2i_bio
+ASN1_d2i_fp
+ASN1_digest
+ASN1_dup
+ASN1_get_object
+ASN1_i2d_bio
+ASN1_i2d_fp
+ASN1_object_size
+ASN1_parse
+ASN1_put_object
+ASN1_sign
+ASN1_verify
+BF_cbc_encrypt
+BF_cfb64_encrypt
+BF_decrypt
+BF_ecb_encrypt
+BF_encrypt
+BF_ofb64_encrypt
+BF_options
+BF_set_key
+BIO_ACCEPT_free
+BIO_ACCEPT_new
+BIO_CONNECT_free
+BIO_CONNECT_new
+BIO_accept
+BIO_copy_next_retry
+BIO_ctrl
+BIO_ctrl_int
+BIO_debug_callback
+BIO_dump
+BIO_dup_chain
+BIO_f_base64
+BIO_f_buffer
+BIO_f_cipher
+BIO_f_md
+BIO_f_nbio_test
+BIO_f_null
+BIO_f_proxy_server
+BIO_fd_non_fatal_error
+BIO_fd_should_retry
+BIO_find_type
+BIO_free
+BIO_free_all
+BIO_get_accept_socket
+BIO_get_ex_data
+BIO_get_ex_new_index
+BIO_get_filter_bio
+BIO_get_host_ip
+BIO_get_port
+BIO_get_retry_BIO
+BIO_get_retry_reason
+BIO_gethostbyname
+BIO_gets
+BIO_ghbn_ctrl
+BIO_new
+BIO_new_accept
+BIO_new_connect
+BIO_new_fd
+BIO_new_file
+BIO_new_fp
+BIO_new_socket
+BIO_pop
+BIO_printf
+BIO_ptr_ctrl
+BIO_push
+BIO_puts
+BIO_read
+BIO_s_accept
+BIO_s_connect
+BIO_s_fd
+BIO_s_file
+BIO_s_mem
+BIO_s_null
+BIO_s_proxy_client
+BIO_s_socket
+BIO_set
+BIO_set_cipher
+BIO_set_ex_data
+BIO_set_tcp_ndelay
+BIO_sock_cleanup
+BIO_sock_error
+BIO_sock_init
+BIO_sock_non_fatal_error
+BIO_sock_should_retry
+BIO_socket_ioctl
+BIO_write
+BN_BLINDING_convert
+BN_BLINDING_free
+BN_BLINDING_invert
+BN_BLINDING_new
+BN_BLINDING_update
+BN_CTX_free
+BN_CTX_new
+BN_MONT_CTX_free
+BN_MONT_CTX_new
+BN_MONT_CTX_set
+BN_add
+BN_add_word
+BN_bin2bn
+BN_bn2bin
+BN_bn2dec
+BN_bn2hex
+BN_bn2mpi
+BN_clear
+BN_clear_bit
+BN_clear_free
+BN_cmp
+BN_copy
+BN_dec2bn
+BN_div
+BN_div_word
+BN_dup
+BN_exp
+BN_free
+BN_from_montgomery
+BN_gcd
+BN_generate_prime
+BN_get_word
+BN_hex2bn
+BN_is_bit_set
+BN_is_prime
+BN_lshift
+BN_lshift1
+BN_mask_bits
+BN_mod
+BN_mod_exp
+BN_mod_exp_mont
+BN_mod_exp_recp
+BN_mod_exp_simple
+BN_mod_inverse
+BN_mod_mul
+BN_mod_mul_montgomery
+BN_mod_mul_reciprocal
+BN_mod_word
+BN_mpi2bn
+BN_mul
+BN_mul_word
+BN_new
+BN_num_bits
+BN_num_bits_word
+BN_options
+BN_print
+BN_print_fp
+BN_rand
+BN_reciprocal
+BN_rshift
+BN_rshift1
+BN_set_bit
+BN_set_word
+BN_sqr
+BN_sub
+BN_sub_word
+BN_to_ASN1_INTEGER
+BN_ucmp
+BN_value_one
+BUF_MEM_free
+BUF_MEM_grow
+BUF_MEM_new
+BUF_strdup
+CAST_cbc_encrypt
+CAST_cfb64_encrypt
+CAST_decrypt
+CAST_ecb_encrypt
+CAST_encrypt
+CAST_ofb64_encrypt
+CAST_set_key
+CONF_free
+CONF_get_number
+CONF_get_section
+CONF_get_string
+CONF_load
+CRYPTO_add_lock
+CRYPTO_dbg_free
+CRYPTO_dbg_malloc
+CRYPTO_dbg_realloc
+CRYPTO_dbg_remalloc
+CRYPTO_dup_ex_data
+CRYPTO_free
+CRYPTO_free_ex_data
+CRYPTO_get_add_lock_callback
+CRYPTO_get_ex_data
+CRYPTO_get_ex_new_index
+CRYPTO_get_id_callback
+CRYPTO_get_lock_name
+CRYPTO_get_locking_callback
+CRYPTO_get_mem_functions
+CRYPTO_get_new_lockid
+CRYPTO_lock
+CRYPTO_malloc
+CRYPTO_mem_ctrl
+CRYPTO_mem_leaks
+CRYPTO_mem_leaks_cb
+CRYPTO_mem_leaks_fp
+CRYPTO_new_ex_data
+CRYPTO_realloc
+CRYPTO_remalloc
+CRYPTO_set_add_lock_callback
+CRYPTO_set_ex_data
+CRYPTO_set_id_callback
+CRYPTO_set_locking_callback
+CRYPTO_set_mem_functions
+CRYPTO_thread_id
+DH_check
+DH_compute_key
+DH_free
+DH_generate_key
+DH_generate_parameters
+DH_new
+DH_size
+DHparams_print
+DHparams_print_fp
+DSA_free
+DSA_generate_key
+DSA_generate_parameters
+DSA_is_prime
+DSA_new
+DSA_print
+DSA_print_fp
+DSA_sign
+DSA_sign_setup
+DSA_size
+DSA_verify
+DSAparams_print
+DSAparams_print_fp
+ERR_clear_error
+ERR_error_string
+ERR_free_strings
+ERR_func_error_string
+ERR_get_err_state_table
+ERR_get_error
+ERR_get_error_line
+ERR_get_next_error_library
+ERR_get_state
+ERR_get_string_table
+ERR_lib_error_string
+ERR_load_ASN1_strings
+ERR_load_BIO_strings
+ERR_load_BN_strings
+ERR_load_BUF_strings
+ERR_load_CONF_strings
+ERR_load_CRYPTO_strings
+ERR_load_DH_strings
+ERR_load_DSA_strings
+ERR_load_ERR_strings
+ERR_load_EVP_strings
+ERR_load_OBJ_strings
+ERR_load_PEM_strings
+ERR_load_PKCS7_strings
+ERR_load_PROXY_strings
+ERR_load_RSA_strings
+ERR_load_X509_strings
+ERR_load_crypto_strings
+ERR_load_strings
+ERR_peek_error
+ERR_peek_error_line
+ERR_print_errors
+ERR_print_errors_fp
+ERR_put_error
+ERR_reason_error_string
+ERR_remove_state
+EVP_BytesToKey
+EVP_CIPHER_CTX_cleanup
+EVP_CIPHER_CTX_init
+EVP_CipherFinal
+EVP_CipherInit
+EVP_CipherUpdate
+EVP_DecodeBlock
+EVP_DecodeFinal
+EVP_DecodeInit
+EVP_DecodeUpdate
+EVP_DecryptFinal
+EVP_DecryptInit
+EVP_DecryptUpdate
+EVP_DigestFinal
+EVP_DigestInit
+EVP_DigestUpdate
+EVP_EncodeBlock
+EVP_EncodeFinal
+EVP_EncodeInit
+EVP_EncodeUpdate
+EVP_EncryptFinal
+EVP_EncryptInit
+EVP_EncryptUpdate
+EVP_OpenFinal
+EVP_OpenInit
+EVP_PKEY_assign
+EVP_PKEY_bits
+EVP_PKEY_cmp_parameters
+EVP_PKEY_copy_parameters
+EVP_PKEY_free
+EVP_PKEY_missing_parameters
+EVP_PKEY_new
+EVP_PKEY_save_parameters
+EVP_PKEY_size
+EVP_PKEY_type
+EVP_SealFinal
+EVP_SealInit
+EVP_SignFinal
+EVP_VerifyFinal
+EVP_add_alias
+EVP_add_cipher
+EVP_add_digest
+EVP_bf_cbc
+EVP_bf_cfb
+EVP_bf_ecb
+EVP_bf_ofb
+EVP_cast5_cbc
+EVP_cast5_cfb
+EVP_cast5_ecb
+EVP_cast5_ofb
+EVP_cleanup
+EVP_delete_alias
+EVP_des_cbc
+EVP_des_cfb
+EVP_des_ecb
+EVP_des_ede
+EVP_des_ede3
+EVP_des_ede3_cbc
+EVP_des_ede3_cfb
+EVP_des_ede3_ofb
+EVP_des_ede_cbc
+EVP_des_ede_cfb
+EVP_des_ede_ofb
+EVP_des_ofb
+EVP_desx_cbc
+EVP_dss
+EVP_dss1
+EVP_enc_null
+EVP_get_cipherbyname
+EVP_get_digestbyname
+EVP_get_pw_prompt
+EVP_idea_cbc
+EVP_idea_cfb
+EVP_idea_ecb
+EVP_idea_ofb
+EVP_md2
+EVP_md5
+EVP_md_null
+EVP_mdc2
+EVP_rc2_40_cbc
+EVP_rc2_cbc
+EVP_rc2_cfb
+EVP_rc2_ecb
+EVP_rc2_ofb
+EVP_rc4
+EVP_rc4_40
+EVP_read_pw_string
+EVP_set_pw_prompt
+EVP_sha
+EVP_sha1
+HMAC
+HMAC_Final
+HMAC_Init
+HMAC_Update
+HMAC_cleanup
+MD2
+MD2_Final
+MD2_Init
+MD2_Update
+MD2_options
+MD5
+MD5_Final
+MD5_Init
+MD5_Transform
+MD5_Update
+MDC2
+MDC2_Final
+MDC2_Init
+MDC2_Update
+NETSCAPE_SPKAC_free
+NETSCAPE_SPKAC_new
+NETSCAPE_SPKI_free
+NETSCAPE_SPKI_new
+NETSCAPE_SPKI_sign
+NETSCAPE_SPKI_verify
+OBJ_add_object
+OBJ_bsearch
+OBJ_cleanup
+OBJ_cmp
+OBJ_create
+OBJ_create_objects
+OBJ_dup
+OBJ_ln2nid
+OBJ_new_nid
+OBJ_nid2ln
+OBJ_nid2obj
+OBJ_nid2sn
+OBJ_obj2nid
+OBJ_sn2nid
+OBJ_txt2nid
+PEM_ASN1_read
+PEM_ASN1_read_bio
+PEM_ASN1_write
+PEM_ASN1_write_bio
+PEM_SealFinal
+PEM_SealInit
+PEM_SealUpdate
+PEM_SignFinal
+PEM_SignInit
+PEM_SignUpdate
+PEM_X509_INFO_read
+PEM_X509_INFO_read_bio
+PEM_X509_INFO_write_bio
+PEM_dek_info
+PEM_do_header
+PEM_get_EVP_CIPHER_INFO
+PEM_proc_type
+PEM_read
+PEM_read_DHparams
+PEM_read_DSAPrivateKey
+PEM_read_DSAparams
+PEM_read_PKCS7
+PEM_read_PrivateKey
+PEM_read_RSAPrivateKey
+PEM_read_RSAPublicKey
+PEM_read_X509
+PEM_read_X509_CRL
+PEM_read_X509_REQ
+PEM_read_bio
+PEM_read_bio_DHparams
+PEM_read_bio_DSAPrivateKey
+PEM_read_bio_DSAparams
+PEM_read_bio_PKCS7
+PEM_read_bio_PrivateKey
+PEM_read_bio_RSAPrivateKey
+PEM_read_bio_RSAPublicKey
+PEM_read_bio_X509
+PEM_read_bio_X509_CRL
+PEM_read_bio_X509_REQ
+PEM_write
+PEM_write_DHparams
+PEM_write_DSAPrivateKey
+PEM_write_DSAparams
+PEM_write_PKCS7
+PEM_write_PrivateKey
+PEM_write_RSAPrivateKey
+PEM_write_RSAPublicKey
+PEM_write_X509
+PEM_write_X509_CRL
+PEM_write_X509_REQ
+PEM_write_bio
+PEM_write_bio_DHparams
+PEM_write_bio_DSAPrivateKey
+PEM_write_bio_DSAparams
+PEM_write_bio_PKCS7
+PEM_write_bio_PrivateKey
+PEM_write_bio_RSAPrivateKey
+PEM_write_bio_RSAPublicKey
+PEM_write_bio_X509
+PEM_write_bio_X509_CRL
+PEM_write_bio_X509_REQ
+PKCS7_DIGEST_free
+PKCS7_DIGEST_new
+PKCS7_ENCRYPT_free
+PKCS7_ENCRYPT_new
+PKCS7_ENC_CONTENT_free
+PKCS7_ENC_CONTENT_new
+PKCS7_ENVELOPE_free
+PKCS7_ENVELOPE_new
+PKCS7_ISSUER_AND_SERIAL_digest
+PKCS7_ISSUER_AND_SERIAL_free
+PKCS7_ISSUER_AND_SERIAL_new
+PKCS7_RECIP_INFO_free
+PKCS7_RECIP_INFO_new
+PKCS7_SIGNED_free
+PKCS7_SIGNED_new
+PKCS7_SIGNER_INFO_free
+PKCS7_SIGNER_INFO_new
+PKCS7_SIGNER_INFO_set
+PKCS7_SIGN_ENVELOPE_free
+PKCS7_SIGN_ENVELOPE_new
+PKCS7_add_certificate
+PKCS7_add_crl
+PKCS7_add_signature
+PKCS7_add_signer
+PKCS7_cert_from_signer_info
+PKCS7_content_free
+PKCS7_content_new
+PKCS7_ctrl
+PKCS7_dataInit
+PKCS7_dataSign
+PKCS7_dataVerify
+PKCS7_dup
+PKCS7_free
+PKCS7_get_signer_info
+PKCS7_new
+PKCS7_set_content
+PKCS7_set_type
+PROXY_ENTRY_add_noproxy
+PROXY_ENTRY_clear_noproxy
+PROXY_ENTRY_free
+PROXY_ENTRY_get_noproxy
+PROXY_ENTRY_new
+PROXY_ENTRY_set_server
+PROXY_add_noproxy
+PROXY_add_server
+PROXY_check_by_host
+PROXY_check_url
+PROXY_clear_noproxy
+PROXY_free
+PROXY_get_noproxy
+PROXY_get_proxies
+PROXY_get_proxy_entry
+PROXY_load_conf
+PROXY_new
+PROXY_print
+RAND_bytes
+RAND_cleanup
+RAND_file_name
+RAND_load_file
+RAND_seed
+RAND_write_file
+RC2_cbc_encrypt
+RC2_cfb64_encrypt
+RC2_decrypt
+RC2_ecb_encrypt
+RC2_encrypt
+RC2_ofb64_encrypt
+RC2_set_key
+RC4
+RC4_options
+RC4_set_key
+RC5_32_cbc_encrypt
+RC5_32_cfb64_encrypt
+RC5_32_decrypt
+RC5_32_ecb_encrypt
+RC5_32_encrypt
+RC5_32_ofb64_encrypt
+RC5_32_set_key
+RIPEMD160
+RIPEMD160_Final
+RIPEMD160_Init
+RIPEMD160_Transform
+RIPEMD160_Update
+RSAPrivateKey_asn1_meth
+RSAPrivateKey_dup
+RSAPublicKey_dup
+RSA_PKCS1_SSLeay
+RSA_blinding_off
+RSA_blinding_on
+RSA_flags
+RSA_free
+RSA_generate_key
+RSA_get_ex_data
+RSA_get_ex_new_index
+RSA_new
+RSA_new_method
+RSA_padding_add_PKCS1_type_1
+RSA_padding_add_PKCS1_type_2
+RSA_padding_add_SSLv23
+RSA_padding_add_none
+RSA_padding_check_PKCS1_type_1
+RSA_padding_check_PKCS1_type_2
+RSA_padding_check_SSLv23
+RSA_padding_check_none
+RSA_print
+RSA_print_fp
+RSA_private_decrypt
+RSA_private_encrypt
+RSA_public_decrypt
+RSA_public_encrypt
+RSA_set_default_method
+RSA_set_ex_data
+RSA_sign
+RSA_sign_ASN1_OCTET_STRING
+RSA_size
+RSA_verify
+RSA_verify_ASN1_OCTET_STRING
+SHA
+SHA1
+SHA1_Final
+SHA1_Init
+SHA1_Transform
+SHA1_Update
+SHA_Final
+SHA_Init
+SHA_Transform
+SHA_Update
+SSLeay
+SSLeay_add_all_algorithms
+SSLeay_add_all_ciphers
+SSLeay_add_all_digests
+SSLeay_version
+TXT_DB_create_index
+TXT_DB_free
+TXT_DB_get_by_index
+TXT_DB_insert
+TXT_DB_read
+TXT_DB_write
+X509_ALGOR_free
+X509_ALGOR_new
+X509_ATTRIBUTE_free
+X509_ATTRIBUTE_new
+X509_CINF_free
+X509_CINF_new
+X509_CRL_INFO_free
+X509_CRL_INFO_new
+X509_CRL_add_ext
+X509_CRL_cmp
+X509_CRL_delete_ext
+X509_CRL_dup
+X509_CRL_free
+X509_CRL_get_ext
+X509_CRL_get_ext_by_NID
+X509_CRL_get_ext_by_OBJ
+X509_CRL_get_ext_by_critical
+X509_CRL_get_ext_count
+X509_CRL_new
+X509_CRL_sign
+X509_CRL_verify
+X509_EXTENSION_create_by_NID
+X509_EXTENSION_create_by_OBJ
+X509_EXTENSION_dup
+X509_EXTENSION_free
+X509_EXTENSION_get_critical
+X509_EXTENSION_get_data
+X509_EXTENSION_get_object
+X509_EXTENSION_new
+X509_EXTENSION_set_critical
+X509_EXTENSION_set_data
+X509_EXTENSION_set_object
+X509_INFO_free
+X509_INFO_new
+X509_LOOKUP_by_alias
+X509_LOOKUP_by_fingerprint
+X509_LOOKUP_by_issuer_serial
+X509_LOOKUP_by_subject
+X509_LOOKUP_ctrl
+X509_LOOKUP_file
+X509_LOOKUP_free
+X509_LOOKUP_hash_dir
+X509_LOOKUP_init
+X509_LOOKUP_new
+X509_LOOKUP_shutdown
+X509_NAME_ENTRY_create_by_NID
+X509_NAME_ENTRY_create_by_OBJ
+X509_NAME_ENTRY_dup
+X509_NAME_ENTRY_free
+X509_NAME_ENTRY_get_data
+X509_NAME_ENTRY_get_object
+X509_NAME_ENTRY_new
+X509_NAME_ENTRY_set_data
+X509_NAME_ENTRY_set_object
+X509_NAME_add_entry
+X509_NAME_cmp
+X509_NAME_delete_entry
+X509_NAME_digest
+X509_NAME_dup
+X509_NAME_entry_count
+X509_NAME_free
+X509_NAME_get_entry
+X509_NAME_get_index_by_NID
+X509_NAME_get_index_by_OBJ
+X509_NAME_get_text_by_NID
+X509_NAME_get_text_by_OBJ
+X509_NAME_hash
+X509_NAME_new
+X509_NAME_oneline
+X509_NAME_print
+X509_NAME_set
+X509_OBJECT_free_contents
+X509_OBJECT_retrive_by_subject
+X509_OBJECT_up_ref_count
+X509_PKEY_free
+X509_PKEY_new
+X509_PUBKEY_free
+X509_PUBKEY_get
+X509_PUBKEY_new
+X509_PUBKEY_set
+X509_REQ_INFO_free
+X509_REQ_INFO_new
+X509_REQ_dup
+X509_REQ_free
+X509_REQ_get_pubkey
+X509_REQ_new
+X509_REQ_print
+X509_REQ_print_fp
+X509_REQ_set_pubkey
+X509_REQ_set_subject_name
+X509_REQ_set_version
+X509_REQ_sign
+X509_REQ_to_X509
+X509_REQ_verify
+X509_REVOKED_add_ext
+X509_REVOKED_delete_ext
+X509_REVOKED_free
+X509_REVOKED_get_ext
+X509_REVOKED_get_ext_by_NID
+X509_REVOKED_get_ext_by_OBJ
+X509_REVOKED_get_ext_by_critical
+X509_REVOKED_get_ext_count
+X509_REVOKED_new
+X509_SIG_free
+X509_SIG_new
+X509_STORE_CTX_cleanup
+X509_STORE_CTX_get_chain
+X509_STORE_CTX_get_current_cert
+X509_STORE_CTX_get_error
+X509_STORE_CTX_get_error_depth
+X509_STORE_CTX_get_ex_data
+X509_STORE_CTX_get_ex_new_index
+X509_STORE_CTX_init
+X509_STORE_CTX_set_cert
+X509_STORE_CTX_set_chain
+X509_STORE_CTX_set_error
+X509_STORE_CTX_set_ex_data
+X509_STORE_add_cert
+X509_STORE_add_crl
+X509_STORE_add_lookup
+X509_STORE_free
+X509_STORE_get_by_subject
+X509_STORE_load_locations
+X509_STORE_new
+X509_STORE_set_default_paths
+X509_VAL_free
+X509_VAL_new
+X509_add_ext
+X509_asn1_meth
+X509_certificate_type
+X509_check_private_key
+X509_cmp_current_time
+X509_delete_ext
+X509_digest
+X509_dup
+X509_find_by_issuer_and_serial
+X509_find_by_subject
+X509_free
+X509_get_default_cert_area
+X509_get_default_cert_dir
+X509_get_default_cert_dir_env
+X509_get_default_cert_file
+X509_get_default_cert_file_env
+X509_get_default_private_dir
+X509_get_ext
+X509_get_ext_by_NID
+X509_get_ext_by_OBJ
+X509_get_ext_by_critical
+X509_get_ext_count
+X509_get_issuer_name
+X509_get_pubkey
+X509_get_pubkey_parameters
+X509_get_serialNumber
+X509_get_subject_name
+X509_gmtime_adj
+X509_issuer_and_serial_cmp
+X509_issuer_and_serial_hash
+X509_issuer_name_cmp
+X509_issuer_name_hash
+X509_load_cert_file
+X509_load_crl_file
+X509_new
+X509_print
+X509_print_fp
+X509_set_issuer_name
+X509_set_notAfter
+X509_set_notBefore
+X509_set_pubkey
+X509_set_serialNumber
+X509_set_subject_name
+X509_set_version
+X509_sign
+X509_subject_name_cmp
+X509_subject_name_hash
+X509_to_X509_REQ
+X509_verify
+X509_verify_cert
+X509_verify_cert_error_string
+X509v3_add_ext
+X509v3_add_extension
+X509v3_add_netscape_extensions
+X509v3_add_standard_extensions
+X509v3_cleanup_extensions
+X509v3_data_type_by_NID
+X509v3_data_type_by_OBJ
+X509v3_delete_ext
+X509v3_get_ext
+X509v3_get_ext_by_NID
+X509v3_get_ext_by_OBJ
+X509v3_get_ext_by_critical
+X509v3_get_ext_count
+X509v3_get_key_usage
+X509v3_pack_string
+X509v3_pack_type_by_NID
+X509v3_pack_type_by_OBJ
+X509v3_set_key_usage
+X509v3_unpack_string
+_des_crypt
+a2d_ASN1_OBJECT
+a2i_ASN1_INTEGER
+a2i_ASN1_STRING
+a2i_X509v3_key_usage
+asn1_Finish
+asn1_GetSequence
+bn_add_words
+bn_div64
+bn_expand2
+bn_mul_add_words
+bn_mul_words
+bn_qadd
+bn_qsub
+bn_sqr_words
+crypt
+d2i_ASN1_BIT_STRING
+d2i_ASN1_BOOLEAN
+d2i_ASN1_HEADER
+d2i_ASN1_IA5STRING
+d2i_ASN1_INTEGER
+d2i_ASN1_OBJECT
+d2i_ASN1_OCTET_STRING
+d2i_ASN1_PRINTABLE
+d2i_ASN1_PRINTABLESTRING
+d2i_ASN1_SET
+d2i_ASN1_T61STRING
+d2i_ASN1_TYPE
+d2i_ASN1_UTCTIME
+d2i_ASN1_bytes
+d2i_ASN1_type_bytes
+d2i_DHparams
+d2i_DSAPrivateKey
+d2i_DSAPrivateKey_bio
+d2i_DSAPrivateKey_fp
+d2i_DSAPublicKey
+d2i_DSAparams
+d2i_NETSCAPE_SPKAC
+d2i_NETSCAPE_SPKI
+d2i_Netscape_RSA
+d2i_Netscape_RSA_2
+d2i_PKCS7
+d2i_PKCS7_DIGEST
+d2i_PKCS7_ENCRYPT
+d2i_PKCS7_ENC_CONTENT
+d2i_PKCS7_ENVELOPE
+d2i_PKCS7_ISSUER_AND_SERIAL
+d2i_PKCS7_RECIP_INFO
+d2i_PKCS7_SIGNED
+d2i_PKCS7_SIGNER_INFO
+d2i_PKCS7_SIGN_ENVELOPE
+d2i_PKCS7_bio
+d2i_PKCS7_fp
+d2i_PrivateKey
+d2i_PublicKey
+d2i_RSAPrivateKey
+d2i_RSAPrivateKey_bio
+d2i_RSAPrivateKey_fp
+d2i_RSAPublicKey
+d2i_RSAPublicKey_bio
+d2i_RSAPublicKey_fp
+d2i_X509
+d2i_X509_ALGOR
+d2i_X509_ATTRIBUTE
+d2i_X509_CINF
+d2i_X509_CRL
+d2i_X509_CRL_INFO
+d2i_X509_CRL_bio
+d2i_X509_CRL_fp
+d2i_X509_EXTENSION
+d2i_X509_NAME
+d2i_X509_NAME_ENTRY
+d2i_X509_PKEY
+d2i_X509_PUBKEY
+d2i_X509_REQ
+d2i_X509_REQ_INFO
+d2i_X509_REQ_bio
+d2i_X509_REQ_fp
+d2i_X509_REVOKED
+d2i_X509_SIG
+d2i_X509_VAL
+d2i_X509_bio
+d2i_X509_fp
+des_cbc_cksum
+des_cbc_encrypt
+des_cblock_print_file
+des_cfb64_encrypt
+des_cfb_encrypt
+des_decrypt3
+des_ecb3_encrypt
+des_ecb_encrypt
+des_ede3_cbc_encrypt
+des_ede3_cfb64_encrypt
+des_ede3_ofb64_encrypt
+des_enc_read
+des_enc_write
+des_encrypt
+des_encrypt2
+des_encrypt3
+des_fcrypt
+des_is_weak_key
+des_key_sched
+des_ncbc_encrypt
+des_ofb64_encrypt
+des_ofb_encrypt
+des_options
+des_pcbc_encrypt
+des_quad_cksum
+des_random_key
+des_random_seed
+des_read_2passwords
+des_read_password
+des_read_pw
+des_read_pw_string
+des_set_key
+des_set_odd_parity
+des_string_to_2keys
+des_string_to_key
+des_xcbc_encrypt
+des_xwhite_in2out
+fcrypt_body
+i2a_ASN1_INTEGER
+i2a_ASN1_OBJECT
+i2a_ASN1_STRING
+i2a_X509v3_key_usage
+i2d_ASN1_BIT_STRING
+i2d_ASN1_BOOLEAN
+i2d_ASN1_HEADER
+i2d_ASN1_IA5STRING
+i2d_ASN1_INTEGER
+i2d_ASN1_OBJECT
+i2d_ASN1_OCTET_STRING
+i2d_ASN1_PRINTABLE
+i2d_ASN1_SET
+i2d_ASN1_TYPE
+i2d_ASN1_UTCTIME
+i2d_ASN1_bytes
+i2d_DHparams
+i2d_DSAPrivateKey
+i2d_DSAPrivateKey_bio
+i2d_DSAPrivateKey_fp
+i2d_DSAPublicKey
+i2d_DSAparams
+i2d_NETSCAPE_SPKAC
+i2d_NETSCAPE_SPKI
+i2d_Netscape_RSA
+i2d_PKCS7
+i2d_PKCS7_DIGEST
+i2d_PKCS7_ENCRYPT
+i2d_PKCS7_ENC_CONTENT
+i2d_PKCS7_ENVELOPE
+i2d_PKCS7_ISSUER_AND_SERIAL
+i2d_PKCS7_RECIP_INFO
+i2d_PKCS7_SIGNED
+i2d_PKCS7_SIGNER_INFO
+i2d_PKCS7_SIGN_ENVELOPE
+i2d_PKCS7_bio
+i2d_PKCS7_fp
+i2d_PrivateKey
+i2d_PublicKey
+i2d_RSAPrivateKey
+i2d_RSAPrivateKey_bio
+i2d_RSAPrivateKey_fp
+i2d_RSAPublicKey
+i2d_RSAPublicKey_bio
+i2d_RSAPublicKey_fp
+i2d_X509
+i2d_X509_ALGOR
+i2d_X509_ATTRIBUTE
+i2d_X509_CINF
+i2d_X509_CRL
+i2d_X509_CRL_INFO
+i2d_X509_CRL_bio
+i2d_X509_CRL_fp
+i2d_X509_EXTENSION
+i2d_X509_NAME
+i2d_X509_NAME_ENTRY
+i2d_X509_PKEY
+i2d_X509_PUBKEY
+i2d_X509_REQ
+i2d_X509_REQ_INFO
+i2d_X509_REQ_bio
+i2d_X509_REQ_fp
+i2d_X509_REVOKED
+i2d_X509_SIG
+i2d_X509_VAL
+i2d_X509_bio
+i2d_X509_fp
+i2t_ASN1_OBJECT
+idea_cbc_encrypt
+idea_cfb64_encrypt
+idea_ecb_encrypt
+idea_encrypt
+idea_ofb64_encrypt
+idea_options
+idea_set_decrypt_key
+idea_set_encrypt_key
+lh_delete
+lh_doall
+lh_doall_arg
+lh_free
+lh_insert
+lh_new
+lh_node_stats
+lh_node_stats_bio
+lh_node_usage_stats
+lh_node_usage_stats_bio
+lh_retrieve
+lh_stats
+lh_stats_bio
+lh_strhash
+ripemd160_block
+sha1_block
+sha_block
+sk_delete
+sk_delete_ptr
+sk_dup
+sk_find
+sk_free
+sk_insert
+sk_new
+sk_pop
+sk_pop_free
+sk_push
+sk_set_cmp_func
+sk_shift
+sk_unshift
+sk_zero
diff --git a/crypto/openssl/dep/files b/crypto/openssl/dep/files
new file mode 100644
index 000000000000..85cd7a3ff93f
--- /dev/null
+++ b/crypto/openssl/dep/files
@@ -0,0 +1,566 @@
+./e_os.h
+
+./crypto/cryptall.h		CRYPTO
+./crypto/cryptlib.h		CRYPTO
+./crypto/crypto.c		CRYPTO
+./crypto/cversion.c		CRYPTO
+./crypto/date.h			CRYPTO
+./crypto/mem.c			CRYPTO
+./crypto/cpt_err.c		CRYPTO
+./crypto/ex_data.c		CRYPTO
+./crypto/crypto.h		CRYPTO
+./crypto/cryptlib.c		CRYPTO
+./crypto/tmdiff.c		CRYPTO
+
+./crypto/asn1/asn1.h		ASN1
+./crypto/asn1/asn1_mac.h	ASN1
+./crypto/asn1/asn1_err.c	ASN1
+./crypto/asn1/asn1_lib.c	ASN1
+./crypto/asn1/asn1_par.c	ASN1
+./crypto/asn1/a_bitstr.c	ASN1
+./crypto/asn1/a_bmp.c		ASN1
+./crypto/asn1/a_bool.c		ASN1
+./crypto/asn1/a_bytes.c		ASN1
+./crypto/asn1/a_d2i_fp.c	ASN1
+./crypto/asn1/a_digest.c	ASN1
+./crypto/asn1/a_dup.c		ASN1
+./crypto/asn1/a_hdr.c		ASN1
+./crypto/asn1/a_i2d_fp.c	ASN1
+./crypto/asn1/a_int.c		ASN1
+./crypto/asn1/a_meth.c		ASN1
+./crypto/asn1/a_object.c	ASN1
+./crypto/asn1/a_octet.c		ASN1
+./crypto/asn1/a_print.c		ASN1
+./crypto/asn1/a_set.c		ASN1
+./crypto/asn1/a_sign.c		ASN1
+./crypto/asn1/a_type.c		ASN1
+./crypto/asn1/a_utctm.c		ASN1
+./crypto/asn1/a_verify.c	ASN1
+./crypto/asn1/d2i_dhp.c		ASN1
+./crypto/asn1/d2i_dsap.c	ASN1
+./crypto/asn1/d2i_pr.c		ASN1
+./crypto/asn1/d2i_pu.c		ASN1
+./crypto/asn1/d2i_r_pr.c	ASN1
+./crypto/asn1/d2i_r_pu.c	ASN1
+./crypto/asn1/d2i_s_pr.c	ASN1
+./crypto/asn1/d2i_s_pu.c	ASN1
+./crypto/asn1/f_int.c		ASN1
+./crypto/asn1/f_string.c	ASN1
+./crypto/asn1/i2d_dhp.c		ASN1
+./crypto/asn1/i2d_dsap.c	ASN1
+./crypto/asn1/i2d_pr.c		ASN1
+./crypto/asn1/i2d_pu.c		ASN1
+./crypto/asn1/i2d_r_pr.c	ASN1
+./crypto/asn1/i2d_r_pu.c	ASN1
+./crypto/asn1/i2d_s_pr.c	ASN1
+./crypto/asn1/i2d_s_pu.c	ASN1
+./crypto/asn1/n_pkey.c		ASN1
+./crypto/asn1/p7_dgst.c		ASN1
+./crypto/asn1/p7_enc.c		ASN1
+./crypto/asn1/p7_enc_c.c	ASN1
+./crypto/asn1/p7_evp.c		ASN1
+./crypto/asn1/p7_i_s.c		ASN1
+./crypto/asn1/p7_lib.c		ASN1
+./crypto/asn1/p7_recip.c	ASN1
+./crypto/asn1/p7_signd.c	ASN1
+./crypto/asn1/p7_signi.c	ASN1
+./crypto/asn1/p7_s_e.c		ASN1
+./crypto/asn1/pk.c		ASN1
+./crypto/asn1/pkcs8.c		ASN1
+./crypto/asn1/t_pkey.c		ASN1
+./crypto/asn1/t_req.c		ASN1
+./crypto/asn1/t_x509.c		ASN1
+./crypto/asn1/x_algor.c		ASN1
+./crypto/asn1/x_attrib.c	ASN1
+./crypto/asn1/x_cinf.c		ASN1
+./crypto/asn1/x_crl.c		ASN1
+./crypto/asn1/x_exten.c		ASN1
+./crypto/asn1/x_info.c		ASN1
+./crypto/asn1/x_name.c		ASN1
+./crypto/asn1/x_pkey.c		ASN1
+./crypto/asn1/x_pubkey.c	ASN1
+./crypto/asn1/x_req.c		ASN1
+./crypto/asn1/x_sig.c		ASN1
+./crypto/asn1/x_spki.c		ASN1
+./crypto/asn1/x_val.c		ASN1
+./crypto/asn1/x_x509.c		ASN1
+
+./crypto/bf/blowfish.h		BF
+./crypto/bf/bf_pi.h		BF
+./crypto/bf/bf_locl.h		BF
+./crypto/bf/bfspeed.c		BF
+./crypto/bf/bftest.c		BF
+./crypto/bf/bf_cbc.c		BF
+./crypto/bf/bf_cfb64.c		BF
+./crypto/bf/bf_ecb.c		BF
+./crypto/bf/bf_enc.c		BF
+./crypto/bf/bf_ofb64.c		BF
+./crypto/bf/bf_opts.c		BF
+./crypto/bf/bf_skey.c		BF
+
+./crypto/bio/bio.h		BIO
+./crypto/bio/bf_buff.c		BIO
+./crypto/bio/bf_nbio.c		BIO
+./crypto/bio/bf_null.c		BIO
+./crypto/bio/bio_cb.c		BIO
+./crypto/bio/bio_err.c		BIO
+./crypto/bio/bio_lib.c		BIO
+./crypto/bio/bss_acpt.c		BIO
+./crypto/bio/bss_conn.c		BIO
+./crypto/bio/bss_fd.c		BIO
+./crypto/bio/bss_file.c		BIO
+./crypto/bio/bss_mem.c		BIO
+./crypto/bio/bss_null.c		BIO
+./crypto/bio/bss_rtcp.c		BIO
+./crypto/bio/bss_sock.c		BIO
+./crypto/bio/b_dump.c		BIO
+./crypto/bio/b_print.c		BIO
+./crypto/bio/b_sock.c		BIO
+
+./crypto/bn/bn.h		BN
+./crypto/bn/bn_lcl.h		BN
+./crypto/bn/bn_prime.h		BN
+./crypto/bn/bnspeed.c		BN
+./crypto/bn/bntest.c		BN
+./crypto/bn/bn_add.c		BN
+./crypto/bn/bn_bld.c		BN
+./crypto/bn/bn_blind.c		BN
+./crypto/bn/bn_div.c		BN
+./crypto/bn/bn_err.c		BN
+./crypto/bn/bn_exp.c		BN
+./crypto/bn/bn_gcd.c		BN
+./crypto/bn/bn_lib.c		BN
+./crypto/bn/bn_mod.c		BN
+./crypto/bn/bn_mont.c		BN
+./crypto/bn/bn_mul.c		BN
+./crypto/bn/bn_mulw.c		BN
+./crypto/bn/bn_prime.c		BN
+./crypto/bn/bn_print.c		BN
+./crypto/bn/bn_rand.c		BN
+./crypto/bn/bn_recp.c		BN
+./crypto/bn/bn_shift.c		BN
+./crypto/bn/bn_sqr.c		BN
+./crypto/bn/bn_sub.c		BN
+./crypto/bn/bn_word.c		BN
+./crypto/bn/bn_m.c		BN
+./crypto/bn/m.c			BN
+./crypto/bn/expspeed.c		BN
+./crypto/bn/bn_mpi.c		BN
+./crypto/bn/exptest.c		BN
+
+./crypto/buffer/buffer.c	BUFF
+./crypto/buffer/buffer.h	BUFF
+./crypto/buffer/buf_err.c	BUFF
+
+./crypto/cast/cast.h		CAST
+./crypto/cast/castopts.c	CAST
+./crypto/cast/casttest.c	CAST
+./crypto/cast/cast_lcl.h	CAST
+./crypto/cast/cast_s.h		CAST
+./crypto/cast/cast_spd.c	CAST
+./crypto/cast/c_cfb64.c		CAST
+./crypto/cast/c_ecb.c		CAST
+./crypto/cast/c_enc.c		CAST
+./crypto/cast/c_ofb64.c		CAST
+./crypto/cast/c_skey.c		CAST
+
+./crypto/conf/conf_lcl.h	CONF
+./crypto/conf/cnf_save.c	CONF
+./crypto/conf/conf.c		CONF
+./crypto/conf/conf.h		CONF
+./crypto/conf/conf_err.c	CONF
+
+./crypto/des/des.h		DES
+./crypto/des/des_locl.h		DES
+./crypto/des/spr.h		DES
+./crypto/des/podd.h		DES
+./crypto/des/sk.h		DES
+./crypto/des/cbc3_enc.c		DES
+./crypto/des/cbc_cksm.c		DES
+./crypto/des/cbc_enc.c		DES
+./crypto/des/cfb64ede.c		DES
+./crypto/des/cfb64enc.c		DES
+./crypto/des/cfb_enc.c		DES
+./crypto/des/des.c		DES
+./crypto/des/destest.c		DES
+./crypto/des/des_enc.c		DES
+./crypto/des/des_opts.c		DES
+./crypto/des/des_ver.h		DES
+./crypto/des/ecb3_enc.c		DES
+./crypto/des/ecb_enc.c		DES
+./crypto/des/ede_enc.c		DES
+./crypto/des/enc_read.c		DES
+./crypto/des/enc_writ.c		DES
+./crypto/des/fcrypt.c		DES
+./crypto/des/fcrypt_b.c		DES
+./crypto/des/ncbc_enc.c		DES
+./crypto/des/ofb64ede.c		DES
+./crypto/des/ofb64enc.c		DES
+./crypto/des/ofb_enc.c		DES
+./crypto/des/pcbc_enc.c		DES
+./crypto/des/qud_cksm.c		DES
+./crypto/des/rand_key.c		DES
+./crypto/des/read2pwd.c		DES
+./crypto/des/read_pwd.c		DES
+./crypto/des/rpc_des.h		DES
+./crypto/des/rpc_enc.c		DES
+./crypto/des/rpw.c		DES
+./crypto/des/set_key.c		DES
+./crypto/des/str2key.c		DES
+./crypto/des/supp.c		DES
+./crypto/des/xcbc_enc.c		DES
+
+./crypto/dh/dh.h		DH
+./crypto/dh/dh_check.c		DH
+./crypto/dh/dh_err.c		DH
+./crypto/dh/dh_gen.c		DH
+./crypto/dh/dh_key.c		DH
+./crypto/dh/dh_lib.c		DH
+./crypto/dh/p1024.c		DH
+./crypto/dh/p192.c		DH
+./crypto/dh/p512.c		DH
+./crypto/dh/dhtest.c		DH
+
+./crypto/dsa/dsa.h		DSA
+./crypto/dsa/dsagen.c		DSA
+./crypto/dsa/dsa_err.c		DSA
+./crypto/dsa/dsa_gen.c		DSA
+./crypto/dsa/dsa_key.c		DSA
+./crypto/dsa/dsa_lib.c		DSA
+./crypto/dsa/dsa_sign.c		DSA
+./crypto/dsa/dsa_vrf.c		DSA
+./crypto/dsa/dsatest.c		DSA
+
+./crypto/err/err.c		ERR
+./crypto/err/err.h		ERR
+./crypto/err/err_all.c		ERR
+./crypto/err/err_prn.c		ERR
+
+./crypto/evp/evp.h		EVP
+./crypto/evp/bio_b64.c		EVP
+./crypto/evp/bio_enc.c		EVP
+./crypto/evp/bio_md.c		EVP
+./crypto/evp/c_all.c		EVP
+./crypto/evp/digest.c		EVP
+./crypto/evp/encode.c		EVP
+./crypto/evp/evp_enc.c		EVP
+./crypto/evp/evp_err.c		EVP
+./crypto/evp/evp_key.c		EVP
+./crypto/evp/e_cbc_3d.c		EVP
+./crypto/evp/e_cbc_bf.c		EVP
+./crypto/evp/e_cbc_c.c		EVP
+./crypto/evp/e_cbc_d.c		EVP
+./crypto/evp/e_cbc_i.c		EVP
+./crypto/evp/e_cbc_r2.c		EVP
+./crypto/evp/e_cfb_3d.c		EVP
+./crypto/evp/e_cfb_bf.c		EVP
+./crypto/evp/e_cfb_c.c		EVP
+./crypto/evp/e_cfb_d.c		EVP
+./crypto/evp/e_cfb_i.c		EVP
+./crypto/evp/e_cfb_r2.c		EVP
+./crypto/evp/e_dsa.c		EVP
+./crypto/evp/e_ecb_3d.c		EVP
+./crypto/evp/e_ecb_bf.c		EVP
+./crypto/evp/e_ecb_c.c		EVP
+./crypto/evp/e_ecb_d.c		EVP
+./crypto/evp/e_ecb_i.c		EVP
+./crypto/evp/e_ecb_r2.c		EVP
+./crypto/evp/e_null.c		EVP
+./crypto/evp/e_ofb_3d.c		EVP
+./crypto/evp/e_ofb_bf.c		EVP
+./crypto/evp/e_ofb_c.c		EVP
+./crypto/evp/e_ofb_d.c		EVP
+./crypto/evp/e_ofb_i.c		EVP
+./crypto/evp/e_ofb_r2.c		EVP
+./crypto/evp/e_rc4.c		EVP
+./crypto/evp/e_xcbc_d.c		EVP
+./crypto/evp/m_dss.c		EVP
+./crypto/evp/m_dss1.c		EVP
+./crypto/evp/m_md2.c		EVP
+./crypto/evp/m_md5.c		EVP
+./crypto/evp/m_mdc2.c		EVP
+./crypto/evp/m_null.c		EVP
+./crypto/evp/m_sha.c		EVP
+./crypto/evp/m_sha1.c		EVP
+./crypto/evp/names.c		EVP
+./crypto/evp/p_lib.c		EVP
+./crypto/evp/p_open.c		EVP
+./crypto/evp/p_seal.c		EVP
+./crypto/evp/p_sign.c		EVP
+./crypto/evp/p_verify.c		EVP
+
+./crypto/hmac/hmac.c		HMAC
+./crypto/hmac/hmac.h		HMAC
+./crypto/hmac/hmactest.c	HMAC
+
+./crypto/idea/ideatest.c	IDEA
+./crypto/idea/idea_lcl.h	IDEA
+./crypto/idea/idea_spd.c	IDEA
+./crypto/idea/i_cbc.c		IDEA
+./crypto/idea/i_cfb64.c		IDEA
+./crypto/idea/i_ecb.c		IDEA
+./crypto/idea/i_ofb64.c		IDEA
+./crypto/idea/i_skey.c		IDEA
+./crypto/idea/idea.h		IDEA
+
+./crypto/lhash/lhash.c		LHASH
+./crypto/lhash/lhash.h		LHASH
+./crypto/lhash/lh_stats.c	LHASH
+./crypto/lhash/lh_test.c	LHASH
+
+./crypto/md2/md2.c		MD2
+./crypto/md2/md2test.c		MD2
+./crypto/md2/md2_dgst.c		MD2
+./crypto/md2/md2_one.c		MD2
+./crypto/md2/md2.h		MD2
+
+./crypto/md5/md5.c		MD5
+./crypto/md5/md5.h		MD5
+./crypto/md5/md5test.c		MD5
+./crypto/md5/md5_dgst.c		MD5
+./crypto/md5/md5_locl.h		MD5
+./crypto/md5/md5_one.c		MD5
+
+./crypto/mdc2/mdc2.h		MDC2
+./crypto/mdc2/mdc2dgst.c	MDC2
+./crypto/mdc2/mdc2test.c	MDC2
+./crypto/mdc2/mdc2_one.c	MDC2
+
+./crypto/objects/objects.h	OBJ
+./crypto/objects/obj_dat.c	OBJ
+./crypto/objects/obj_dat.h	OBJ
+./crypto/objects/obj_err.c	OBJ
+./crypto/objects/obj_lib.c	OBJ
+
+./crypto/pem/ctx_size.c		PEM
+./crypto/pem/pem.h		PEM
+./crypto/pem/pem_all.c		PEM
+./crypto/pem/pem_err.c		PEM
+./crypto/pem/pem_info.c		PEM
+./crypto/pem/pem_lib.c		PEM
+./crypto/pem/pem_seal.c		PEM
+./crypto/pem/pem_sign.c		PEM
+
+./crypto/pkcs7/pk7_dgst.c	PKCS7
+./crypto/pkcs7/pk7_doit.c	PKCS7
+./crypto/pkcs7/pk7_enc.c	PKCS7
+./crypto/pkcs7/pk7_lib.c	PKCS7
+./crypto/pkcs7/pkcs7.h		PKCS7
+./crypto/pkcs7/pkcs7err.c	PKCS7
+./crypto/pkcs7/sign.c		PKCS7
+
+./crypto/proxy/bf_proxy.c	PROXY
+./crypto/proxy/p2test.c		PROXY
+./crypto/proxy/p3test.c		PROXY
+./crypto/proxy/paccept.c	PROXY
+./crypto/proxy/proxy.c		PROXY
+./crypto/proxy/proxy.h		PROXY
+./crypto/proxy/ptest.c		PROXY
+./crypto/proxy/pxy_conf.c	PROXY
+./crypto/proxy/pxy_err.c	PROXY
+./crypto/proxy/pxy_txt.c	PROXY
+
+./crypto/rand/md_rand.c		RAND
+./crypto/rand/rand.h		RAND
+./crypto/rand/randfile.c	RAND
+./crypto/rand/randtest.c	RAND
+
+./crypto/rc2/rc2cfb64.c		RC2
+./crypto/rc2/rc2ofb64.c		RC2
+./crypto/rc2/rc2speed.c		RC2
+./crypto/rc2/rc2test.c		RC2
+./crypto/rc2/rc2_cbc.c		RC2
+./crypto/rc2/rc2_ecb.c		RC2
+./crypto/rc2/rc2_locl.h		RC2
+./crypto/rc2/rc2_skey.c		RC2
+./crypto/rc2/rc2.h		RC2
+
+./crypto/rc4/rc4.c		RC4
+./crypto/rc4/rc4speed.c		RC4
+./crypto/rc4/rc4test.c		RC4
+./crypto/rc4/rc4_enc.c		RC4
+./crypto/rc4/rc4_skey.c		RC4
+./crypto/rc4/rc4.h		RC4
+./crypto/rc4/rc4_locl.h		RC4
+
+./crypto/rsa/rsa.h		RSA
+./crypto/rsa/rsa_eay.c		RSA
+./crypto/rsa/rsa_err.c		RSA
+./crypto/rsa/rsa_gen.c		RSA
+./crypto/rsa/rsa_lib.c		RSA
+./crypto/rsa/rsa_saos.c		RSA
+./crypto/rsa/rsa_sign.c		RSA
+./crypto/rsa/rsa_ssl.c		RSA
+./crypto/rsa/rsa_pk1.c		RSA
+./crypto/rsa/rsa_none.c		RSA
+
+./crypto/sha/sha.h		SHA
+./crypto/sha/sha_locl.h		SHA
+./crypto/sha/sha.c		SHA0
+./crypto/sha/sha_dgst.c		SHA0
+./crypto/sha/sha_one.c		SHA0
+./crypto/sha/sha_sgst.c		SHA0
+./crypto/sha/shatest.c		SHA0
+./crypto/sha/sha1.c		SHA1
+./crypto/sha/sha1dgst.c		SHA1
+./crypto/sha/sha1_one.c		SHA1
+./crypto/sha/sha1test.c		SHA1
+
+./crypto/stack/stack.c		STACK
+./crypto/stack/stack.h		STACK
+
+./crypto/txt_db/txt_db.c	TXTDB
+./crypto/txt_db/txt_db.h	TXTDB
+
+./crypto/x509/by_dir.c		X509
+./crypto/x509/by_file.c		X509
+./crypto/x509/v3_net.c		X509
+./crypto/x509/v3_x509.c		X509
+./crypto/x509/x509.h		X509
+./crypto/x509/x509name.c	X509
+./crypto/x509/x509pack.c	X509
+./crypto/x509/x509rset.c	X509
+./crypto/x509/x509type.c	X509
+./crypto/x509/x509_cmp.c	X509
+./crypto/x509/x509_d2.c		X509
+./crypto/x509/x509_def.c	X509
+./crypto/x509/x509_err.c	X509
+./crypto/x509/x509_ext.c	X509
+./crypto/x509/x509_lu.c		X509
+./crypto/x509/x509_obj.c	X509
+./crypto/x509/x509_r2x.c	X509
+./crypto/x509/x509_req.c	X509
+./crypto/x509/x509_set.c	X509
+./crypto/x509/x509_txt.c	X509
+./crypto/x509/x509_v3.c		X509
+./crypto/x509/x509_vfy.c	X509
+./crypto/x509/x_all.c		X509
+./crypto/x509/x509_vfy.h	X509
+./crypto/x509v3/v3_ku.c		X509
+./crypto/x509v3/x509v3.h	X509
+
+./crypto/threads/mttest.c	THREADS
+./crypto/threads/th-lock.c	THREADS
+
+./crypto/ripemd/rmdtest.c	RMD160
+./crypto/ripemd/ripemd.h	RMD160
+./crypto/ripemd/rmdconst.h	RMD160
+./crypto/ripemd/rmd_locl.h	RMD160
+./crypto/ripemd/rmd_one.c	RMD160
+./crypto/ripemd/rmd160.c	RMD160
+./crypto/ripemd/rmd_dgst.c	RMD160
+
+./crypto/rc5/rc5_ecb.c		RC5
+./crypto/rc5/rc5cfb64.c		RC5
+./crypto/rc5/rc5ofb64.c		RC5
+./crypto/rc5/rc5speed.c		RC5
+./crypto/rc5/rc5test.c		RC5
+./crypto/rc5/rc5_enc.c		RC5
+./crypto/rc5/rc5.h		RC5
+./crypto/rc5/rc5_locl.h		RC5
+./crypto/rc5/rc5_skey.c		RC5
+
+./ssl/bio_ssl.c			SSL
+./ssl/pxy_ssl.c			SSL
+./ssl/s23_clnt.c		SSL
+./ssl/s23_lib.c			SSL
+./ssl/s23_meth.c		SSL
+./ssl/s23_pkt.c			SSL
+./ssl/s23_srvr.c		SSL
+./ssl/s2_clnt.c			SSL
+./ssl/s2_enc.c			SSL
+./ssl/s2_lib.c			SSL
+./ssl/s2_meth.c			SSL
+./ssl/s2_pkt.c			SSL
+./ssl/s2_srvr.c			SSL
+./ssl/s3_both.c			SSL
+./ssl/s3_clnt.c			SSL
+./ssl/s3_enc.c			SSL
+./ssl/s3_lib.c			SSL
+./ssl/s3_meth.c			SSL
+./ssl/s3_pkt.c			SSL
+./ssl/s3_srvr.c			SSL
+./ssl/ssl.c			SSL
+./ssl/ssl2.h			SSL
+./ssl/ssl23.h			SSL
+./ssl/ssl3.h			SSL
+./ssl/ssl_algs.c		SSL
+./ssl/ssl_asn1.c		SSL
+./ssl/ssl_cert.c		SSL
+./ssl/ssl_ciph.c		SSL
+./ssl/ssl_err.c			SSL
+./ssl/ssl_err2.c		SSL
+./ssl/ssl_lib.c			SSL
+./ssl/ssl_locl.h		SSL
+./ssl/ssl_rsa.c			SSL
+./ssl/ssl_sess.c		SSL
+./ssl/ssl_stat.c		SSL
+./ssl/ssl_task.c		SSL
+./ssl/ssl_txt.c			SSL
+./ssl/tls1.h			SSL
+./ssl/t1_lib.c			SSL
+./ssl/t1_enc.c			SSL
+./ssl/t1_meth.c			SSL
+./ssl/t1_srvr.c			SSL
+./ssl/t1_clnt.c			SSL
+./ssl/ssl.h			SSL
+./ssl/ssltest.c			SSL
+
+./rsaref/rsaref.c		RSAREF
+./rsaref/rsaref.h		RSAREF
+./rsaref/rsar_err.c		RSAREF
+
+./apps/apps.c			APPS
+./apps/apps.h			APPS
+./apps/asn1pars.c		APPS
+./apps/bf_perm.c		APPS
+./apps/bf_perm.h		APPS
+./apps/ca.c			APPS
+./apps/ciphers.c		APPS
+./apps/crl.c			APPS
+./apps/crl2p7.c			APPS
+./apps/dgst.c			APPS
+./apps/dh.c			APPS
+./apps/dsa.c			APPS
+./apps/dsaparam.c		APPS
+./apps/eay.c			APPS
+./apps/enc.c			APPS
+./apps/errstr.c			APPS
+./apps/speed.c			APPS
+./apps/gendh.c			APPS
+./apps/gendsa.c			APPS
+./apps/genrsa.c			APPS
+./apps/mybio_cb.c		APPS
+./apps/pem_mail.c		APPS
+./apps/pkcs7.c			APPS
+./apps/progs.h			APPS
+./apps/req.c			APPS
+./apps/rsa.c			APPS
+./apps/sess_id.c		APPS
+./apps/s_apps.h			APPS
+./apps/s_cb.c			APPS
+./apps/s_client.c		APPS
+./apps/s_server.c		APPS
+./apps/s_socket.c		APPS
+./apps/s_time.c			APPS
+./apps/testdsa.h		APPS
+./apps/testrsa.h		APPS
+./apps/verify.c			APPS
+./apps/version.c		APPS
+./apps/x509.c			APPS
+./apps/ssleay.c			APPS
+./apps/sp.c			APPS
+
+./demos/b64.c			DEMO
+./demos/bio/saccept.c		DEMO
+./demos/bio/sconnect.c		DEMO
+./demos/maurice/example1.c	DEMO
+./demos/maurice/example2.c	DEMO
+./demos/maurice/example3.c	DEMO
+./demos/maurice/example4.c	DEMO
+./demos/maurice/loadkeys.c	DEMO
+./demos/maurice/loadkeys.h	DEMO
+./demos/prime/prime.c		DEMO
+./demos/selfsign.c		DEMO
+./demos/spkigen.c		DEMO
+
diff --git a/crypto/openssl/dep/gen.pl b/crypto/openssl/dep/gen.pl
new file mode 100644
index 000000000000..8ab6db5c5329
--- /dev/null
+++ b/crypto/openssl/dep/gen.pl
@@ -0,0 +1,113 @@
+#!/usr/local/bin/perl
+
+require 'getopts.pl';
+
+$files="files";
+%have=();
+%missing=();
+%name=();
+%func=();
+
+&Getopts('Ff:');
+
+&load_file("files");
+foreach $file (@ARGV)
+	{ &do_nm($file); }
+
+if (defined($opt_f))
+	{
+	%a=();
+	$r=&list_files($opt_f,"",*a);
+	if ($opt_F)
+		{
+		foreach (sort split(/\n/,$r))
+			{ print "$_\n"; }
+		}
+	else
+		{ print $r; }
+	}
+else
+	{
+	for (sort keys %have)
+		{
+		print "$_:$have{$_}\n";
+		}
+	}
+
+sub list_files
+	{
+	local($f,$o,*done)=@_;
+	local($a,$_,$ff,$ret);
+
+	return if $f =~ /^\s*$/;
+
+	$done{$f}=1;
+	$ret.=$f."\n" if $opt_F;
+	foreach (split(/ /,$have{$f}))
+		{
+		$ret.="$o$f:$_\n" unless $opt_F;
+		}
+
+	foreach (split(/ /,$missing{$f}))
+		{
+		$ff=$func{$_};
+		next if defined($done{$ff});
+		$ret.=&list_files($ff,$o."	");
+		}
+	$ret;
+	}
+
+sub do_nm
+	{
+	local($file)=@_;
+	local($fname)="";
+
+	open(IN,"nm $file|") || die "unable to run 'nm $file|':$!\n";
+	while ()
+		{
+		chop;
+		next if /^\s*$/;
+		if (/^(.*)\.o:\s*$/)
+			{
+			$fname="$1.c";
+			next;
+			}
+		($type,$name)=/^.{8} (.) (.+)/;
+#		print "$fname $type $name\n";
+
+		if ($type eq "T")
+			{
+			$have{$fname}.="$name ";
+			$func{$name}=$fname;
+			}
+		elsif ($type eq "U")
+			{
+			$missing{$fname}.="$name ";
+			}
+		}
+	close(IN);
+	}
+
+sub load_file
+	{
+	local($file)=@_;
+
+	open(IN,"<$files") || die "unable to open $files:$!\n";
+
+	while ()
+		{
+		chop;
+		next if /^\s*$/;
+		($n)=/\/([^\/\s]+)\s+/;
+		($fn)=/^(\S+)\s/;
+#		print "$n - $fn\n";
+		if (defined($name{$n}))
+			{ print "$n already exists\n"; }
+		else
+			{ $name{$n}=$fn; }
+		}
+	close(IN);
+	@name=%name;
+	}
+
+
diff --git a/crypto/openssl/dep/ssl.txt b/crypto/openssl/dep/ssl.txt
new file mode 100644
index 000000000000..7cd125a0d178
--- /dev/null
+++ b/crypto/openssl/dep/ssl.txt
@@ -0,0 +1,156 @@
+BIO_f_ssl
+BIO_new_buffer_ssl_connect
+BIO_new_ssl
+BIO_new_ssl_connect
+BIO_proxy_ssl_copy_session_id
+BIO_ssl_copy_session_id
+BIO_ssl_shutdown
+ERR_load_SSL_strings
+SSL_CIPHER_description
+SSL_CIPHER_get_bits
+SSL_CIPHER_get_name
+SSL_CIPHER_get_version
+SSL_CTX_add_client_CA
+SSL_CTX_add_session
+SSL_CTX_check_private_key
+SSL_CTX_ctrl
+SSL_CTX_flush_sessions
+SSL_CTX_free
+SSL_CTX_get_client_CA_list
+SSL_CTX_get_ex_data
+SSL_CTX_get_ex_new_index
+SSL_CTX_get_quiet_shutdown
+SSL_CTX_get_verify_callback
+SSL_CTX_get_verify_mode
+SSL_CTX_load_verify_locations
+SSL_CTX_new
+SSL_CTX_remove_session
+SSL_CTX_set_cert_verify_cb
+SSL_CTX_set_cipher_list
+SSL_CTX_set_client_CA_list
+SSL_CTX_set_default_passwd_cb
+SSL_CTX_set_default_verify_paths
+SSL_CTX_set_ex_data
+SSL_CTX_set_quiet_shutdown
+SSL_CTX_set_ssl_version
+SSL_CTX_set_verify
+SSL_CTX_use_PrivateKey
+SSL_CTX_use_PrivateKey_ASN1
+SSL_CTX_use_PrivateKey_file
+SSL_CTX_use_RSAPrivateKey
+SSL_CTX_use_RSAPrivateKey_ASN1
+SSL_CTX_use_RSAPrivateKey_file
+SSL_CTX_use_certificate
+SSL_CTX_use_certificate_ASN1
+SSL_CTX_use_certificate_file
+SSL_SESSION_cmp
+SSL_SESSION_free
+SSL_SESSION_get_ex_data
+SSL_SESSION_get_ex_new_index
+SSL_SESSION_get_time
+SSL_SESSION_get_timeout
+SSL_SESSION_hash
+SSL_SESSION_new
+SSL_SESSION_print
+SSL_SESSION_print_fp
+SSL_SESSION_set_ex_data
+SSL_SESSION_set_time
+SSL_SESSION_set_timeout
+SSL_accept
+SSL_add_client_CA
+SSL_alert_desc_string
+SSL_alert_desc_string_long
+SSL_alert_type_string
+SSL_alert_type_string_long
+SSL_check_private_key
+SSL_clear
+SSL_connect
+SSL_copy_session_id
+SSL_ctrl
+SSL_do_handshake
+SSL_dup
+SSL_dup_CA_list
+SSL_free
+SSL_get_SSL_CTX
+SSL_get_certificate
+SSL_get_cipher_list
+SSL_get_ciphers
+SSL_get_client_CA_list
+SSL_get_current_cipher
+SSL_get_default_timeout
+SSL_get_error
+SSL_get_ex_data
+SSL_get_ex_new_index
+SSL_get_fd
+SSL_get_info_callback
+SSL_get_peer_cert_chain
+SSL_get_peer_certificate
+SSL_get_privatekey
+SSL_get_quiet_shutdown
+SSL_get_rbio
+SSL_get_read_ahead
+SSL_get_session
+SSL_get_shared_ciphers
+SSL_get_shutdown
+SSL_get_ssl_method
+SSL_get_verify_callback
+SSL_get_verify_mode
+SSL_get_verify_result
+SSL_get_version
+SSL_get_wbio
+SSL_load_client_CA_file
+SSL_load_error_strings
+SSL_new
+SSL_peek
+SSL_pending
+SSL_read
+SSL_renegotiate
+SSL_rstate_string
+SSL_rstate_string_long
+SSL_set_accept_state
+SSL_set_bio
+SSL_set_cipher_list
+SSL_set_client_CA_list
+SSL_set_connect_state
+SSL_set_ex_data
+SSL_set_fd
+SSL_set_info_callback
+SSL_set_quiet_shutdown
+SSL_set_read_ahead
+SSL_set_rfd
+SSL_set_session
+SSL_set_shutdown
+SSL_set_ssl_method
+SSL_set_verify
+SSL_set_verify_result
+SSL_set_wfd
+SSL_shutdown
+SSL_state
+SSL_state_string
+SSL_state_string_long
+SSL_use_PrivateKey
+SSL_use_PrivateKey_ASN1
+SSL_use_PrivateKey_file
+SSL_use_RSAPrivateKey
+SSL_use_RSAPrivateKey_ASN1
+SSL_use_RSAPrivateKey_file
+SSL_use_certificate
+SSL_use_certificate_ASN1
+SSL_use_certificate_file
+SSL_version
+SSL_write
+SSLeay_add_ssl_algorithms
+SSLv23_client_method
+SSLv23_method
+SSLv23_server_method
+SSLv2_client_method
+SSLv2_method
+SSLv2_server_method
+SSLv3_client_method
+SSLv3_method
+SSLv3_server_method
+TLSv1_client_method
+TLSv1_method
+TLSv1_server_method
+d2i_SSL_SESSION
+i2d_SSL_SESSION
diff --git a/crypto/openssl/doc/README b/crypto/openssl/doc/README
new file mode 100644
index 000000000000..a9a588262a0a
--- /dev/null
+++ b/crypto/openssl/doc/README
@@ -0,0 +1,10 @@
+
+ openssl.pod ..... Documentation of OpenSSL `openssl' command
+ crypto.pod ...... Documentation of OpenSSL crypto.h+libcrypto.a
+ ssl.pod ......... Documentation of OpenSSL ssl.h+libssl.a
+ ssleay.txt ...... Assembled documentation files of ancestor SSLeay [obsolete]
+ openssl.txt ..... Assembled documentation files for OpenSSL [not final]
+
+ An archive of HTML documents for the SSLeay library is available from
+ http://www.columbia.edu/~ariel/ssleay/
+
diff --git a/crypto/openssl/doc/c-indentation.el b/crypto/openssl/doc/c-indentation.el
new file mode 100644
index 000000000000..9a4a0be598f0
--- /dev/null
+++ b/crypto/openssl/doc/c-indentation.el
@@ -0,0 +1,36 @@
+; This Emacs Lisp file defines a C indentation style that closely
+; follows most aspects of the one that is used throughout SSLeay,
+; and hence in OpenSSL.
+; 
+; This definition is for the "CC mode" package, which is the default
+; mode for editing C source files in Emacs 20, not for the older
+; c-mode.el (which was the default in less recent releaes of Emacs 19).
+;
+; Copy the definition in your .emacs file or use M-x eval-buffer.
+; To activate this indentation style, visit a C file, type
+; M-x c-set-style  (or C-c . for short), and enter "eay".
+; To toggle the auto-newline feature of CC mode, type C-c C-a.
+;
+; Apparently statement blocks that are not introduced by a statement
+; such as "if" and that are not the body of a function cannot
+; be handled too well by CC mode with this indentation style.
+; The style defined below does not indent them at all.
+; To insert tabs manually, prefix them with ^Q (the "quoted-insert"
+; command of Emacs).  If you know a solution to this problem
+; or find other problems with this indentation style definition,
+; please send e-mail to bodo@openssl.org.
+
+(c-add-style "eay"
+	     '((c-basic-offset . 8)
+	       (c-comment-only-line-offset . 0)
+	       (c-hanging-braces-alist)
+	       (c-offsets-alist	. ((defun-open . +)
+				   (defun-block-intro . 0)
+				   (block-open . 0)
+				   (substatement-open . +)
+				   (statement-block-intro . 0)
+				   (statement-case-open . +)
+				   (statement-case-intro . +)
+				   (case-label . -)
+				   (label . -)
+				   (arglist-cont-nonempty . +)))))
diff --git a/crypto/openssl/doc/crypto.pod b/crypto/openssl/doc/crypto.pod
new file mode 100644
index 000000000000..9c8a143b09b9
--- /dev/null
+++ b/crypto/openssl/doc/crypto.pod
@@ -0,0 +1,27 @@
+
+=pod
+
+=head1 NAME
+
+Crypto - OpenSSL Cryptography library
+
+=head1 SYNOPSIS
+
+=head1 DESCRIPTION
+
+The OpenSSL B library implements various cryptography standards
+related to the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security
+(TLS v1) protocols. It provides a rich API which is documented here.
+
+...
+
+=head1 SEE ALSO
+
+openssl(1), ssl(3)
+
+=head1 HISTORY
+
+The crypto(3) document appeared in OpenSSL 0.9.2
+
+=cut
+
diff --git a/crypto/openssl/doc/openssl.pod b/crypto/openssl/doc/openssl.pod
new file mode 100644
index 000000000000..561f01e0ca81
--- /dev/null
+++ b/crypto/openssl/doc/openssl.pod
@@ -0,0 +1,304 @@
+
+=pod
+
+=head1 NAME
+
+openssl - OpenSSL command line tool
+
+=head1 SYNOPSIS
+
+B
+I
+[ I ]
+[ I ]
+
+=head1 DESCRIPTION
+
+OpenSSL is a cryptography toolkit implementing the Secure Sockets Layer (SSL
+v2/v3) and Transport Layer Security (TLS v1) network protocols and related
+cryptography standards required by them.
+
+The B program is a command line tool for using the various
+cryptography functions of OpenSSL's B library from the shell. 
+It can be used for 
+
+ o  Creation of RSA, DH and DSA key parameters
+ o  Creation of X.509 certificates, CSRs and CRLs 
+ o  Calculation of Message Digests
+ o  Encryption and Decryption with Ciphers
+ o  SSL/TLS Client and Server Tests
+
+=head1 COMMAND SUMMARY
+
+The B program provides a rich variety of commands (I in the
+SYNOPSIS above), each of which often has a wealth of options and arguments
+(I and I in the SYNOPSIS).
+
+=head2 STANDARD COMMANDS
+
+=over 10
+
+=item B 
+
+Parse an ASN.1 sequence.
+
+=item B
+
+Certificate Authority (CA) Management.  
+
+=item B
+
+Cipher Suite Description Determination.
+
+=item B
+
+Certificate Revocation List (CRL) Management.
+
+=item B      
+
+CRL2 to PKCS#7 Conversion.
+
+=item B
+
+Message Digest Calculation.
+
+=item B
+
+Diffie-Hellman Data Management.
+
+=item B
+
+DSA Data Management.
+
+=item B
+
+DSA Parameter Generation.
+
+=item B            
+
+Encoding with Ciphers.
+
+=item B
+
+Error Number to Error String Conversion.
+
+=item B
+
+Generation of Diffie-Hellman Parameters.
+
+=item B
+
+Generation of DSA Parameters.
+
+=item B
+
+Generation of RSA Parameters.
+
+=item B
+
+PKCS#7 Data Management.
+
+=item B
+
+X.509 Certificate Signing Request (CSR) Management.
+
+=item B
+
+RSA Data Management.
+
+=item B
+
+This implements a generic SSL/TLS client which can establish a transparent
+connection to a remote server speaking SSL/TLS. It's intended for testing
+purposes only and provides only rudimentary interface functionality but
+internally uses mostly all functionality of the OpenSSL B library.
+
+=item B
+
+This implements a generic SSL/TLS server which accepts connections from remote
+clients speaking SSL/TLS. It's intended for testing purposes only and provides
+only rudimentary interface functionality but internally uses mostly all
+functionality of the OpenSSL B library.  It provides both an own command
+line oriented protocol for testing SSL functions and a simple HTTP response
+facility to emulate an SSL/TLS-aware webserver.
+
+=item B        
+
+SSL Connection Timer.
+
+=item B
+
+SSL Session Data Management.
+
+=item B
+
+Algorithm Speed Measurement.
+
+=item B
+
+X.509 Certificate Verification.
+
+=item B
+
+OpenSSL Version Information.
+
+=item B           
+
+X.509 Certificate Data Management.
+
+=back
+
+=head2 MESSAGE DIGEST COMMANDS
+
+=over 10
+
+=item B
+
+MD2 Digest
+
+=item B
+
+MD5 Digest
+
+=item B
+
+MDC2 Digest
+
+=item B
+
+RMD-160 Digest
+
+=item B            
+
+SHA Digest
+
+=item B           
+
+SHA-1 Digest
+
+=back
+
+=head2 ENCODING AND CIPHER COMMANDS
+
+=over 10
+
+=item B
+
+Base64 Encoding
+
+=item B
+
+Blowfish Cipher
+
+=item B
+
+CAST Cipher
+
+=item B
+
+CAST5 Cipher
+
+=item B
+
+DES Cipher
+
+=item B
+
+Triple-DES Cipher
+
+=item B
+
+IDEA Cipher
+
+=item B
+
+RC2 Cipher
+
+=item B
+
+RC4 Cipher
+
+=item B
+
+RC5 Cipher
+
+=back
+
+=head1 DETAILED COMMAND DESCRIPTION
+
+The following is a detailed description of every B I.
+
+=over 4
+
+=item B B
+[B<-connect> IB<:>I]
+[B<-verify> I]
+[B<-cert> I]
+[B<-key> I]
+[B<-CApath> I]
+[B<-CAfile> I]
+[B<-reconnect>]
+[B<-pause>]
+[B<-debug>]
+[B<-nbio_test>]
+[B<-state>]
+[B<-nbio>]
+[B<-quiet>]
+[B<-ssl2>]
+[B<-ssl3>]
+[B<-tls1>]
+[B<-no_ssl2>]
+[B<-no_ssl3>]
+[B<-no_tls1>]
+[B<-bugs>]
+[B<-cipher>]
+
+The B command implements a generic SSL/TLS client which can
+establish a transparent connection to a remote I and I speaking
+SSL/TLS. 
+
+=item B B
+[B<-accept> I]
+[B<-verify> I]
+[B<-Verify> I]
+[B<-cert> I]
+[B<-key> I]
+[B<-dcert> I]
+[B<-dkey> I]
+[B<-nbio>]
+[B<-nbio_test>]
+[B<-debug>]
+[B<-state>]
+[B<-CApath> I]
+[B<-CAfile> I]
+[B<-nocert>]
+[B<-cipher> I]
+[B<-quiet>]
+[B<-no_tmp_rsa>]
+[B<-ssl2>]
+[B<-ssl3>]
+[B<-tls1>]
+[B<-no_ssl2>]
+[B<-no_ssl3>]
+[B<-no_tls1>]
+[B<-bugs>]
+[B<-www>]
+[B<-WWW>]
+
+The B command implements a generic SSL/TLS server which accepts
+connections from remote clients on I speaking SSL/TLS.
+
+=back
+
+...
+
+=head1 SEE ALSO
+
+crypto(3), ssl(3)
+
+=head1 HISTORY
+
+The openssl(3) document appeared in OpenSSL 0.9.2
+
+=cut
+
diff --git a/crypto/openssl/doc/openssl.txt b/crypto/openssl/doc/openssl.txt
new file mode 100644
index 000000000000..91b85e5f14cb
--- /dev/null
+++ b/crypto/openssl/doc/openssl.txt
@@ -0,0 +1,1174 @@
+
+This is some preliminary documentation for OpenSSL.
+
+==============================================================================
+                            BUFFER Library
+==============================================================================
+
+The buffer library handles simple character arrays. Buffers are used for
+various purposes in the library, most notably memory BIOs.
+
+The library uses the BUF_MEM structure defined in buffer.h:
+
+typedef struct buf_mem_st
+{
+        int length;     /* current number of bytes */
+        char *data;
+        int max;        /* size of buffer */
+} BUF_MEM;
+
+'length' is the current size of the buffer in bytes, 'max' is the amount of
+memory allocated to the buffer. There are three functions which handle these
+and one "miscellaneous" function.
+
+BUF_MEM *BUF_MEM_new()
+
+This allocates a new buffer of zero size. Returns the buffer or NULL on error.
+
+void BUF_MEM_free(BUF_MEM *a)
+
+This frees up an already existing buffer. The data is zeroed before freeing
+up in case the buffer contains sensitive data.
+
+int BUF_MEM_grow(BUF_MEM *str, int len)
+
+This changes the size of an already existing buffer. It returns zero on error
+or the new size (i.e. 'len'). Any data already in the buffer is preserved if
+it increases in size.
+
+char * BUF_strdup(char *str)
+
+This is the previously mentioned strdup function: like the standard library
+strdup() it copies a null terminated string into a block of allocated memory
+and returns a pointer to the allocated block.
+
+Unlike the standard C library strdup() this function uses Malloc() and so
+should be used in preference to the standard library strdup() because it can
+be used for memory leak checking or replacing the malloc() function.
+
+The memory allocated from BUF_strdup() should be freed up using the Free()
+function.
+
+==============================================================================
+               OpenSSL X509V3 extension configuration
+==============================================================================
+
+OpenSSL X509V3 extension configuration: preliminary documentation.
+
+INTRODUCTION.
+
+For OpenSSL 0.9.2 the extension code has be considerably enhanced. It is now
+possible to add and print out common X509 V3 certificate and CRL extensions.
+
+BEGINNERS NOTE
+
+For most simple applications you don't need to know too much about extensions:
+the default openssl.cnf values will usually do sensible things.
+
+If you want to know more you can initially quickly look through the sections
+describing how the standard OpenSSL utilities display and add extensions and
+then the list of supported extensions.
+
+For more technical information about the meaning of extensions see:
+
+http://www.imc.org/ietf-pkix/
+http://home.netscape.com/eng/security/certs.html
+
+PRINTING EXTENSIONS.
+
+Extension values are automatically printed out for supported extensions.
+
+openssl x509 -in cert.pem -text
+openssl crl -in crl.pem -text
+
+will give information in the extension printout, for example:
+
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:TRUE
+            X509v3 Subject Key Identifier: 
+                73:FE:F7:59:A7:E1:26:84:44:D6:44:36:EE:79:1A:95:7C:B1:4B:15
+            X509v3 Authority Key Identifier: 
+                keyid:73:FE:F7:59:A7:E1:26:84:44:D6:44:36:EE:79:1A:95:7C:B1:4B:15, DirName:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/Email=email@1.address/Email=email@2.address, serial:00
+            X509v3 Key Usage: 
+                Certificate Sign, CRL Sign
+            X509v3 Subject Alternative Name: 
+                email:email@1.address, email:email@2.address
+
+CONFIGURATION FILES.
+
+The OpenSSL utilities 'ca' and 'req' can now have extension sections listing
+which certificate extensions to include. In each case a line:
+
+x509_extensions = extension_section
+
+indicates which section contains the extensions. In the case of 'req' the
+extension section is used when the -x509 option is present to create a
+self signed root certificate.
+
+The 'x509' utility also supports extensions when it signs a certificate.
+The -extfile option is used to set the configuration file containing the
+extensions. In this case a line with:
+
+extensions = extension_section
+
+in the nameless (default) section is used. If no such line is included then
+it uses the default section.
+
+You can also add extensions to CRLs: a line
+
+crl_extensions = crl_extension_section
+
+will include extensions when the -gencrl option is used with the 'ca' utility.
+You can add any extension to a CRL but of the supported extensions only
+issuerAltName and authorityKeyIdentifier make any real sense. Note: these are
+CRL extensions NOT CRL *entry* extensions which cannot currently be generated.
+CRL entry extensions can be displayed.
+
+NB. At this time Netscape Communicator rejects V2 CRLs: to get an old V1 CRL
+you should not include a crl_extensions line in the configuration file.
+
+As with all configuration files you can use the inbuilt environment expansion
+to allow the values to be passed in the environment. Therefore if you have
+several extension sections used for different purposes you can have a line:
+
+x509_extensions = $ENV::ENV_EXT
+
+and set the ENV_EXT environment variable before calling the relevant utility.
+
+EXTENSION SYNTAX.
+
+Extensions have the basic form:
+
+extension_name=[critical,] extension_options
+
+the use of the critical option makes the extension critical. Extreme caution
+should be made when using the critical flag. If an extension is marked
+as critical then any client that does not understand the extension should
+reject it as invalid. Some broken software will reject certificates which
+have *any* critical extensions (these violates PKIX but we have to live
+with it).
+
+There are three main types of extension: string extensions, multi-valued
+extensions, and raw extensions.
+
+String extensions simply have a string which contains either the value itself
+or how it is obtained.
+
+For example:
+
+nsComment="This is a Comment"
+
+Multi-valued extensions have a short form and a long form. The short form
+is a list of names and values:
+
+basicConstraints=critical,CA:true,pathlen:1
+
+The long form allows the values to be placed in a separate section:
+
+basicConstraints=critical,@bs_section
+
+[bs_section]
+
+CA=true
+pathlen=1
+
+Both forms are equivalent. However it should be noted that in some cases the
+same name can appear multiple times, for example,
+
+subjectAltName=email:steve@here,email:steve@there
+
+in this case an equivalent long form is:
+
+subjectAltName=@alt_section
+
+[alt_section]
+
+email.1=steve@here
+email.2=steve@there
+
+This is because the configuration file code cannot handle the same name
+occurring twice in the same extension.
+
+The syntax of raw extensions is governed by the extension code: it can
+for example contain data in multiple sections. The correct syntax to
+use is defined by the extension code itself: check out the certificate
+policies extension for an example.
+
+In addition it is also possible to use the word DER to include arbitrary
+data in any extension.
+
+1.2.3.4=critical,DER:01:02:03:04
+1.2.3.4=DER:01020304
+
+The value following DER is a hex dump of the DER encoding of the extension
+Any extension can be placed in this form to override the default behaviour.
+For example:
+
+basicConstraints=critical,DER:00:01:02:03
+
+WARNING: DER should be used with caution. It is possible to create totally
+invalid extensions unless care is taken.
+
+CURRENTLY SUPPORTED EXTENSIONS.
+
+If you aren't sure about extensions then they can be largely ignored: its only
+when you want to do things like restrict certificate usage when you need to
+worry about them. 
+
+The only extension that a beginner might want to look at is Basic Constraints.
+If in addition you want to try Netscape object signing the you should also
+look at Netscape Certificate Type.
+
+Literal String extensions.
+
+In each case the 'value' of the extension is placed directly in the
+extension. Currently supported extensions in this category are: nsBaseUrl,
+nsRevocationUrl, nsCaRevocationUrl, nsRenewalUrl, nsCaPolicyUrl,
+nsSslServerName and nsComment.
+
+For example:
+
+nsComment="This is a test comment"
+
+Bit Strings.
+
+Bit string extensions just consist of a list of supported bits, currently
+two extensions are in this category: PKIX keyUsage and the Netscape specific
+nsCertType.
+
+nsCertType (netscape certificate type) takes the flags: client, server, email,
+objsign, reserved, sslCA, emailCA, objCA.
+
+keyUsage (PKIX key usage) takes the flags: digitalSignature, nonRepudiation,
+keyEncipherment, dataEncipherment, keyAgreement, keyCertSign, cRLSign,
+encipherOnly, decipherOnly.
+
+For example:
+
+nsCertType=server
+
+keyUsage=digitalSignature, nonRepudiation
+
+Hints on Netscape Certificate Type.
+
+Other than Basic Constraints this is the only extension a beginner might
+want to use, if you want to try Netscape object signing, otherwise it can
+be ignored.
+
+If you want a certificate that can be used just for object signing then:
+
+nsCertType=objsign
+
+will do the job. If you want to use it as a normal end user and server
+certificate as well then
+
+nsCertType=objsign,email,server
+
+is more appropriate. You cannot use a self signed certificate for object
+signing (well Netscape signtool can but it cheats!) so you need to create
+a CA certificate and sign an end user certificate with it.
+
+Side note: If you want to conform to the Netscape specifications then you
+should really also set:
+
+nsCertType=objCA
+
+in the *CA* certificate for just an object signing CA and
+
+nsCertType=objCA,emailCA,sslCA
+
+for everything. Current Netscape software doesn't enforce this so it can
+be omitted.
+
+Basic Constraints.
+
+This is generally the only extension you need to worry about for simple
+applications. If you want your certificate to be usable as a CA certificate
+(in addition to an end user certificate) then you set this to:
+
+basicConstraints=CA:TRUE
+
+if you want to be certain the certificate cannot be used as a CA then do:
+
+basicConstraints=CA:FALSE
+
+The rest of this section describes more advanced usage.
+
+Basic constraints is a multi-valued extension that supports a CA and an
+optional pathlen option. The CA option takes the values true and false and
+pathlen takes an integer. Note if the CA option is false the pathlen option
+should be omitted. 
+
+The pathlen parameter indicates the maximum number of CAs that can appear
+below this one in a chain. So if you have a CA with a pathlen of zero it can
+only be used to sign end user certificates and not further CAs. This all
+assumes that the software correctly interprets this extension of course.
+
+Examples:
+
+basicConstraints=CA:TRUE
+basicConstraints=critical,CA:TRUE, pathlen:0
+
+NOTE: for a CA to be considered valid it must have the CA option set to
+TRUE. An end user certificate MUST NOT have the CA value set to true.
+According to PKIX recommendations it should exclude the extension entirely,
+however some software may require CA set to FALSE for end entity certificates.
+
+Subject Key Identifier.
+
+This is really a string extension and can take two possible values. Either
+a hex string giving details of the extension value to include or the word
+'hash' which then automatically follow PKIX guidelines in selecting and
+appropriate key identifier. The use of the hex string is strongly discouraged.
+
+Example: subjectKeyIdentifier=hash
+
+Authority Key Identifier.
+
+The authority key identifier extension permits two options. keyid and issuer:
+both can take the optional value "always".
+
+If the keyid option is present an attempt is made to copy the subject key
+identifier from the parent certificate. If the value "always" is present
+then an error is returned if the option fails.
+
+The issuer option copies the issuer and serial number from the issuer
+certificate. Normally this will only be done if the keyid option fails or
+is not included: the "always" flag will always include the value.
+
+Subject Alternative Name.
+
+The subject alternative name extension allows various literal values to be
+included in the configuration file. These include "email" (an email address)
+"URI" a uniform resource indicator, "DNS" (a DNS domain name), RID (a
+registered ID: OBJECT IDENTIFIER) and IP (and IP address).
+
+Also the email option include a special 'copy' value. This will automatically
+include and email addresses contained in the certificate subject name in
+the extension.
+
+Examples:
+
+subjectAltName=email:copy,email:my@other.address,URL:http://my.url.here/
+subjectAltName=email:my@other.address,RID:1.2.3.4
+
+Issuer Alternative Name.
+
+The issuer alternative name option supports all the literal options of
+subject alternative name. It does *not* support the email:copy option because
+that would not make sense. It does support an additional issuer:copy option
+that will copy all the subject alternative name values from the issuer 
+certificate (if possible).
+
+CRL distribution points.
+
+This is a multi-valued extension that supports all the literal options of
+subject alternative name. Of the few software packages that currently interpret
+this extension most only interpret the URI option.
+
+Currently each option will set a new DistributionPoint with the fullName
+field set to the given value.
+
+Other fields like cRLissuer and reasons cannot currently be set or displayed:
+at this time no examples were available that used these fields.
+
+If you see this extension with  when you attempt to print it out
+or it doesn't appear to display correctly then let me know, including the
+certificate (mail me at steve@openssl.org) .
+
+Examples:
+
+crlDistributionPoints=URI:http://www.myhost.com/myca.crl
+crlDistributionPoints=URI:http://www.my.com/my.crl,URI:http://www.oth.com/my.crl
+
+Certificate Policies.
+
+This is a RAW extension. It attempts to display the contents of this extension:
+unfortunately this extension is often improperly encoded.
+
+The certificate policies extension will rarely be used in practice: few
+software packages interpret it correctly or at all. IE5 does partially
+support this extension: but it needs the 'ia5org' option because it will
+only correctly support a broken encoding. Of the options below only the
+policy OID, explicitText and CPS options are displayed with IE5.
+
+All the fields of this extension can be set by using the appropriate syntax.
+
+If you follow the PKIX recommendations of not including any qualifiers and just
+using only one OID then you just include the value of that OID. Multiple OIDs
+can be set separated by commas, for example:
+
+certificatePolicies= 1.2.4.5, 1.1.3.4
+
+If you wish to include qualifiers then the policy OID and qualifiers need to
+be specified in a separate section: this is done by using the @section syntax
+instead of a literal OID value.
+
+The section referred to must include the policy OID using the name
+policyIdentifier, cPSuri qualifiers can be included using the syntax:
+
+CPS.nnn=value
+
+userNotice qualifiers can be set using the syntax:
+
+userNotice.nnn=@notice
+
+The value of the userNotice qualifier is specified in the relevant section.
+This section can include explicitText, organization and noticeNumbers
+options. explicitText and organization are text strings, noticeNumbers is a
+comma separated list of numbers. The organization and noticeNumbers options
+(if included) must BOTH be present. If you use the userNotice option with IE5
+then you need the 'ia5org' option at the top level to modify the encoding:
+otherwise it will not be interpreted properly.
+
+Example:
+
+certificatePolicies=ia5org,1.2.3.4,1.5.6.7.8,@polsect
+
+[polsect]
+
+policyIdentifier = 1.3.5.8
+CPS.1="http://my.host.name/"
+CPS.2="http://my.your.name/"
+userNotice.1=@notice
+
+[notice]
+
+explicitText="Explicit Text Here"
+organization="Organisation Name"
+noticeNumbers=1,2,3,4
+
+TECHNICAL NOTE: the ia5org option changes the type of the 'organization' field,
+according to PKIX it should be of type DisplayText but Verisign uses an 
+IA5STRING and IE5 needs this too.
+
+Display only extensions.
+
+Some extensions are only partially supported and currently are only displayed
+but cannot be set. These include private key usage period, CRL number, and
+CRL reason.
+
+==============================================================================
+		X509V3 Extension code: programmers guide
+==============================================================================
+
+The purpose of the extension code is twofold. It allows an extension to be
+created from a string or structure describing its contents and it prints out an
+extension in a human or machine readable form.
+
+1. Initialisation and cleanup.
+
+X509V3_add_standard_extensions();
+
+This function should be called before any other extension code. It adds support
+for some common PKIX and Netscape extensions. Additional custom extensions can
+be added as well (see later).
+
+void X509V3_EXT_cleanup(void);
+
+This function should be called last to cleanup the extension code. After this
+call no other extension calls should be made.
+
+2. Printing and parsing extensions.
+
+The simplest way to print out extensions is via the standard X509 printing
+routines: if you use the standard X509_print() function, the supported
+extensions will be printed out automatically.
+
+The following functions allow finer control over extension display:
+
+int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, int flag, int indent);
+int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent);
+
+These two functions print out an individual extension to a BIO or FILE pointer.
+Currently the flag argument is unused and should be set to 0. The 'indent'
+argument is the number of spaces to indent each line.
+
+void *X509V3_EXT_d2i(X509_EXTENSION *ext);
+
+This function parses an extension and returns its internal structure. The
+precise structure you get back depends on the extension being parsed. If the
+extension if basicConstraints you will get back a pointer to a
+BASIC_CONSTRAINTS structure. Check out the source in crypto/x509v3 for more
+details about the structures returned. The returned structure should be freed
+after use using the relevant free function, BASIC_CONSTRAINTS_free() for 
+example.
+
+3. Generating extensions.
+
+An extension will typically be generated from a configuration file, or some
+other kind of configuration database.
+
+int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
+								 X509 *cert);
+int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
+								 X509_CRL *crl);
+
+These functions add all the extensions in the given section to the given
+certificate or CRL. They will normally be called just before the certificate
+or CRL is due to be signed. Both return 0 on error on non zero for success.
+
+In each case 'conf' is the LHASH pointer of the configuration file to use
+and 'section' is the section containing the extension details.
+
+See the 'context functions' section for a description of the ctx paramater.
+
+
+X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name,
+								 char *value);
+
+This function returns an extension based on a name and value pair, if the
+pair will not need to access other sections in a config file (or there is no
+config file) then the 'conf' parameter can be set to NULL.
+
+X509_EXTENSION *X509V3_EXT_conf_nid(char *conf, X509V3_CTX *ctx, int nid,
+								 char *value);
+
+This function creates an extension in the same way as X509V3_EXT_conf() but
+takes the NID of the extension rather than its name.
+
+For example to produce basicConstraints with the CA flag and a path length of
+10:
+
+x = X509V3_EXT_conf_nid(NULL, NULL, NID_basicConstraints, "CA:TRUE,pathlen:10");
+
+
+X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc);
+
+This function sets up an extension from its internal structure. The ext_nid
+parameter is the NID of the extension and 'crit' is the critical flag.
+
+4. Context functions.
+
+The following functions set and manipulate an extension context structure.
+The purpose of the extension context is to allow the extension code to
+access various structures relating to the "environment" of the certificate:
+for example the issuers certificate or the certificate request.
+
+void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject,
+                                 X509_REQ *req, X509_CRL *crl, int flags);
+
+This function sets up an X509V3_CTX structure with details of the certificate
+environment: specifically the issuers certificate, the subject certificate,
+the certificate request and the CRL: if these are not relevant or not
+available then they can be set to NULL. The 'flags' parameter should be set
+to zero.
+
+X509V3_set_ctx_test(ctx)
+
+This macro is used to set the 'ctx' structure to a 'test' value: this is to
+allow the syntax of an extension (or configuration file) to be tested.
+
+X509V3_set_ctx_nodb(ctx)
+
+This macro is used when no configuration database is present.
+
+void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash);
+
+This function is used to set the configuration database when it is an LHASH
+structure: typically a configuration file.
+
+The following functions are used to access a configuration database: they
+should only be used in RAW extensions.
+
+char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section);
+
+This function returns the value of the parameter "name" in "section", or NULL
+if there has been an error.
+
+void X509V3_string_free(X509V3_CTX *ctx, char *str);
+
+This function frees up the string returned by the above function.
+
+STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section);
+
+This function returns a whole section as a STACK_OF(CONF_VALUE) .
+
+void X509V3_section_free( X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section);
+
+This function frees up the STACK returned by the above function.
+
+Note: it is possible to use the extension code with a custom configuration
+database. To do this the "db_meth" element of the X509V3_CTX structure should
+be set to an X509V3_CTX_METHOD structure. This structure contains the following
+function pointers:
+
+char * (*get_string)(void *db, char *section, char *value);
+STACK_OF(CONF_VALUE) * (*get_section)(void *db, char *section);
+void (*free_string)(void *db, char * string);
+void (*free_section)(void *db, STACK_OF(CONF_VALUE) *section);
+
+these will be called and passed the 'db' element in the X509V3_CTX structure
+to access the database. If a given function is not implemented or not required
+it can be set to NULL.
+
+5. String helper functions.
+
+There are several "i2s" and "s2i" functions that convert structures to and
+from ASCII strings. In all the "i2s" cases the returned string should be
+freed using Free() after use. Since some of these are part of other extension
+code they may take a 'method' parameter. Unless otherwise stated it can be
+safely set to NULL.
+
+char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *oct);
+
+This returns a hex string from an ASN1_OCTET_STRING.
+
+char * i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, ASN1_INTEGER *aint);
+char * i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint);
+
+These return a string decimal representations of an ASN1_INTEGER and an
+ASN1_ENUMERATED type, respectively.
+
+ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
+                                                   X509V3_CTX *ctx, char *str);
+
+This converts an ASCII hex string to an ASN1_OCTET_STRING.
+
+ASN1_INTEGER * s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, char *value);
+
+This converts a decimal ASCII string into an ASN1_INTEGER.
+
+6. Multi valued extension helper functions.
+
+The following functions can be used to manipulate STACKs of CONF_VALUE
+structures, as used by multi valued extensions.
+
+int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool);
+
+This function expects a boolean value in 'value' and sets 'asn1_bool' to
+it. That is it sets it to 0 for FALSE or 0xff for TRUE. The following
+strings are acceptable: "TRUE", "true", "Y", "y", "YES", "yes", "FALSE"
+"false", "N", "n", "NO" or "no".
+
+int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint);
+
+This accepts a decimal integer of arbitrary length and sets an ASN1_INTEGER.
+
+int X509V3_add_value(const char *name, const char *value,
+						STACK_OF(CONF_VALUE) **extlist);
+
+This simply adds a string name and value pair.
+
+int X509V3_add_value_uchar(const char *name, const unsigned char *value,
+                          			STACK_OF(CONF_VALUE) **extlist);
+
+The same as above but for an unsigned character value.
+
+int X509V3_add_value_bool(const char *name, int asn1_bool,
+						STACK_OF(CONF_VALUE) **extlist);
+
+This adds either "TRUE" or "FALSE" depending on the value of 'ans1_bool'
+
+int X509V3_add_value_bool_nf(char *name, int asn1_bool,
+						STACK_OF(CONF_VALUE) **extlist);
+
+This is the same as above except it adds nothing if asn1_bool is FALSE.
+
+int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint,
+						STACK_OF(CONF_VALUE) **extlist);
+
+This function adds the value of the ASN1_INTEGER in decimal form.
+
+7. Other helper functions.
+
+
+
+ADDING CUSTOM EXTENSIONS.
+
+Currently there are three types of supported extensions. 
+
+String extensions are simple strings where the value is placed directly in the
+extensions, and the string returned is printed out.
+
+Multi value extensions are passed a STACK_OF(CONF_VALUE) name and value pairs
+or return a STACK_OF(CONF_VALUE).
+
+Raw extensions are just passed a BIO or a value and it is the extensions
+responsiblity to handle all the necessary printing.
+
+There are two ways to add an extension. One is simply as an alias to an already
+existing extension. An alias is an extension that is identical in ASN1 structure
+to an existing extension but has a different OBJECT IDENTIFIER. This can be
+done by calling:
+
+int X509V3_EXT_add_alias(int nid_to, int nid_from);
+
+'nid_to' is the new extension NID and 'nid_from' is the already existing
+extension NID.
+
+Alternatively an extension can be written from scratch. This involves writing
+the ASN1 code to encode and decode the extension and functions to print out and
+generate the extension from strings. The relevant functions are then placed in
+a X509V3_EXT_METHOD structure and int X509V3_EXT_add(X509V3_EXT_METHOD *ext);
+called.
+
+The X509V3_EXT_METHOD structure is described below.
+
+strut {
+int ext_nid;
+int ext_flags;
+X509V3_EXT_NEW ext_new;
+X509V3_EXT_FREE ext_free;
+X509V3_EXT_D2I d2i;
+X509V3_EXT_I2D i2d;
+X509V3_EXT_I2S i2s;
+X509V3_EXT_S2I s2i;
+X509V3_EXT_I2V i2v;
+X509V3_EXT_V2I v2i;
+X509V3_EXT_R2I r2i;
+X509V3_EXT_I2R i2r;
+
+void *usr_data;
+};
+
+The elements have the following meanings.
+
+ext_nid		is the NID of the object identifier of the extension.
+
+ext_flags	is set of flags. Currently the only external flag is
+		X509V3_EXT_MULTILINE which means a multi valued extensions
+		should be printed on separate lines.
+
+usr_data	is an extension specific pointer to any relevant data. This
+		allows extensions to share identical code but have different
+		uses. An example of this is the bit string extension which uses
+		usr_data to contain a list of the bit names.
+
+All the remaining elements are function pointers.
+
+ext_new		is a pointer to a function that allocates memory for the
+		extension ASN1 structure: for example ASN1_OBJECT_new().
+
+ext_free	is a pointer to a function that free up memory of the extension
+		ASN1 structure: for example ASN1_OBJECT_free().
+
+d2i		is the standard ASN1 function that converts a DER buffer into
+		the internal ASN1 structure: for example d2i_ASN1_IA5STRING().
+
+i2d		is the standard ASN1 function that converts the internal
+		structure into the DER representation: for example
+		i2d_ASN1_IA5STRING().
+
+The remaining functions are depend on the type of extension. One i2X and
+one X2i should be set and the rest set to NULL. The types set do not need
+to match up, for example the extension could be set using the multi valued
+v2i function and printed out using the raw i2r.
+
+All functions have the X509V3_EXT_METHOD passed to them in the 'method'
+parameter and an X509V3_CTX structure. Extension code can then access the
+parent structure via the 'method' parameter to for example make use of the value
+of usr_data. If the code needs to use detail relating to the request it can
+use the 'ctx' parameter.
+
+A note should be given here about the 'flags' member of the 'ctx' parameter.
+If it has the value CTX_TEST then the configuration syntax is being checked
+and no actual certificate or CRL exists. Therefore any attempt in the config
+file to access such information should silently succeed. If the syntax is OK
+then it should simply return a (possibly bogus) extension, otherwise it
+should return NULL.
+
+char *i2s(struct v3_ext_method *method, void *ext);
+
+This function takes the internal structure in the ext parameter and returns
+a Malloc'ed string representing its value.
+
+void * s2i(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str);
+
+This function takes the string representation in the ext parameter and returns
+an allocated internal structure: ext_free() will be used on this internal
+structure after use.
+
+i2v and v2i handle a STACK_OF(CONF_VALUE):
+
+typedef struct
+{
+        char *section;
+        char *name;
+        char *value;
+} CONF_VALUE;
+
+Only the name and value members are currently used.
+
+STACK_OF(CONF_VALUE) * i2v(struct v3_ext_method *method, void *ext);
+
+This function is passed the internal structure in the ext parameter and
+returns a STACK of CONF_VALUE structures. The values of name, value,
+section and the structure itself will be freed up with Free after use.
+Several helper functions are available to add values to this STACK.
+
+void * v2i(struct v3_ext_method *method, struct v3_ext_ctx *ctx,
+						STACK_OF(CONF_VALUE) *values);
+
+This function takes a STACK_OF(CONF_VALUE) structures and should set the
+values of the external structure. This typically uses the name element to
+determine which structure element to set and the value element to determine
+what to set it to. Several helper functions are available for this
+purpose (see above).
+
+int i2r(struct v3_ext_method *method, void *ext, BIO *out, int indent);
+
+This function is passed the internal extension structure in the ext parameter
+and sends out a human readable version of the extension to out. The 'indent'
+paremeter should be noted to determine the necessary amount of indentation
+needed on the output.
+
+void * r2i(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str);
+
+This is just passed the string representation of the extension. It is intended
+to be used for more elaborate extensions where the standard single and multi
+valued options are insufficient. They can use the 'ctx' parameter to parse the
+configuration database themselves. See the context functions section for details
+of how to do this.
+
+Note: although this type takes the same parameters as the "r2s" function there
+is a subtle difference. Whereas an "r2i" function can access a configuration
+database an "s2i" function MUST NOT. This is so the internal code can safely
+assume that an "s2i" function will work without a configuration database.
+
+==============================================================================
+                            PKCS#12 Library
+==============================================================================
+
+This section describes the internal PKCS#12 support. There are very few
+differences between the old external library and the new internal code at
+present. This may well change because the external library will not be updated
+much in future.
+
+This version now includes a couple of high level PKCS#12 functions which
+generally "do the right thing" and should make it much easier to handle PKCS#12
+structures.
+
+HIGH LEVEL FUNCTIONS.
+
+For most applications you only need concern yourself with the high level
+functions. They can parse and generate simple PKCS#12 files as produced by
+Netscape and MSIE or indeed any compliant PKCS#12 file containing a single
+private key and certificate pair.
+
+1. Initialisation and cleanup.
+
+No special initialisation is needed for the internal PKCS#12 library: the 
+standard SSLeay_add_all_algorithms() is sufficient. If you do not wish to
+add all algorithms (you should at least add SHA1 though) then you can manually
+initialise the PKCS#12 library with:
+
+PKCS12_PBE_add();
+
+The memory allocated by the PKCS#12 library is freed up when EVP_cleanup() is
+called or it can be directly freed with:
+
+EVP_PBE_cleanup();
+
+after this call (or EVP_cleanup() ) no more PKCS#12 library functions should
+be called.
+
+2. I/O functions.
+
+i2d_PKCS12_bio(bp, p12)
+
+This writes out a PKCS12 structure to a BIO.
+
+i2d_PKCS12_fp(fp, p12)
+
+This is the same but for a FILE pointer.
+
+d2i_PKCS12_bio(bp, p12)
+
+This reads in a PKCS12 structure from a BIO.
+
+d2i_PKCS12_fp(fp, p12)
+
+This is the same but for a FILE pointer.
+
+3. Parsing and creation functions.
+
+3.1 Parsing with PKCS12_parse().
+
+int PKCS12_parse(PKCS12 *p12, char *pass, EVP_PKEY **pkey, X509 **cert,
+								 STACK **ca);
+
+This function takes a PKCS12 structure and a password (ASCII, null terminated)
+and returns the private key, the corresponding certificate and any CA
+certificates. If any of these is not required it can be passed as a NULL.
+The 'ca' parameter should be either NULL, a pointer to NULL or a valid STACK
+structure. Typically to read in a PKCS#12 file you might do:
+
+p12 = d2i_PKCS12_fp(fp, NULL);
+PKCS12_parse(p12, password, &pkey, &cert, NULL); 	/* CAs not wanted */
+PKCS12_free(p12);
+
+3.2 PKCS#12 creation with PKCS12_create().
+
+PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
+			STACK *ca, int nid_key, int nid_cert, int iter,
+						 int mac_iter, int keytype);
+
+This function will create a PKCS12 structure from a given password, name,
+private key, certificate and optional STACK of CA certificates. The remaining
+5 parameters can be set to 0 and sensible defaults will be used.
+
+The parameters nid_key and nid_cert are the key and certificate encryption
+algorithms, iter is the encryption iteration count, mac_iter is the MAC
+iteration count and keytype is the type of private key. If you really want
+to know what these last 5 parameters do then read the low level section.
+
+Typically to create a PKCS#12 file the following could be used:
+
+p12 = PKCS12_create(pass, "My Certificate", pkey, cert, NULL, 0,0,0,0,0);
+i2d_PKCS12_fp(fp, p12);
+PKCS12_free(p12);
+
+LOW LEVEL FUNCTIONS.
+
+In some cases the high level functions do not provide the necessary
+functionality. For example if you want to generate or parse more complex
+PKCS#12 files. The sample pkcs12 application uses the low level functions
+to display details about the internal structure of a PKCS#12 file.
+
+Introduction.
+
+This is a brief description of how a PKCS#12 file is represented internally:
+some knowledge of PKCS#12 is assumed.
+
+A PKCS#12 object contains several levels.
+
+At the lowest level is a PKCS12_SAFEBAG. This can contain a certificate, a
+CRL, a private key, encrypted or unencrypted, a set of safebags (so the
+structure can be nested) or other secrets (not documented at present). 
+A safebag can optionally have attributes, currently these are: a unicode
+friendlyName (a Unicode string) or a localKeyID (a string of bytes).
+
+At the next level is an authSafe which is a set of safebags collected into
+a PKCS#7 ContentInfo. This can be just plain data, or encrypted itself.
+
+At the top level is the PKCS12 structure itself which contains a set of
+authSafes in an embedded PKCS#7 Contentinfo of type data. In addition it
+contains a MAC which is a kind of password protected digest to preserve
+integrity (so any unencrypted stuff below can't be tampered with).
+
+The reason for these levels is so various objects can be encrypted in various
+ways. For example you might want to encrypt a set of private keys with
+triple-DES and then include the related certificates either unencrypted or
+with lower encryption. Yes it's the dreaded crypto laws at work again which
+allow strong encryption on private keys and only weak encryption on other
+stuff.
+
+To build one of these things you turn all certificates and keys into safebags
+(with optional attributes). You collect the safebags into (one or more) STACKS
+and convert these into authsafes (encrypted or unencrypted).  The authsafes
+are collected into a STACK and added to a PKCS12 structure.  Finally a MAC
+inserted.
+
+Pulling one apart is basically the reverse process. The MAC is verified against
+the given password. The authsafes are extracted and each authsafe split into
+a set of safebags (possibly involving decryption). Finally the safebags are
+decomposed into the original keys and certificates and the attributes used to
+match up private key and certificate pairs.
+
+Anyway here are the functions that do the dirty work.
+
+1. Construction functions.
+
+1.1 Safebag functions.
+
+M_PKCS12_x5092certbag(x509)
+
+This macro takes an X509 structure and returns a certificate bag. The
+X509 structure can be freed up after calling this function.
+
+M_PKCS12_x509crl2certbag(crl)
+
+As above but for a CRL.
+
+PKCS8_PRIV_KEY_INFO *PKEY2PKCS8(EVP_PKEY *pkey)
+
+Take a private key and convert it into a PKCS#8 PrivateKeyInfo structure.
+Works for both RSA and DSA private keys. NB since the PKCS#8 PrivateKeyInfo
+structure contains a private key data in plain text form it should be free'd
+up as soon as it has been encrypted for security reasons (freeing up the
+structure zeros out the sensitive data). This can be done with
+PKCS8_PRIV_KEY_INFO_free().
+
+PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage)
+
+This sets the key type when a key is imported into MSIE or Outlook 98. Two
+values are currently supported: KEY_EX and KEY_SIG. KEY_EX is an exchange type
+key that can also be used for signing but its size is limited in the export
+versions of MS software to 512 bits, it is also the default. KEY_SIG is a
+signing only key but the keysize is unlimited (well 16K is supposed to work).
+If you are using the domestic version of MSIE then you can ignore this because
+KEY_EX is not limited and can be used for both.
+
+PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8)
+
+Convert a PKCS8 private key structure into a keybag. This routine embeds the
+p8 structure in the keybag so p8 should not be freed up or used after it is
+called.  The p8 structure will be freed up when the safebag is freed.
+
+PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8)
+
+Convert a PKCS#8 structure into a shrouded key bag (encrypted). p8 is not
+embedded and can be freed up after use.
+
+int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, int namelen)
+int PKCS12_add_friendlyname(PKCS12_SAFEBAG *bag, unsigned char *name, int namelen)
+
+Add a local key id or a friendlyname to a safebag.
+
+1.2 Authsafe functions.
+
+PKCS7 *PKCS12_pack_p7data(STACK *sk)
+Take a stack of safebags and convert them into an unencrypted authsafe. The
+stack of safebags can be freed up after calling this function.
+
+PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int iter, STACK *bags);
+
+As above but encrypted.
+
+1.3 PKCS12 functions.
+
+PKCS12 *PKCS12_init(int mode)
+
+Initialise a PKCS12 structure (currently mode should be NID_pkcs7_data).
+
+M_PKCS12_pack_authsafes(p12, safes)
+
+This macro takes a STACK of authsafes and adds them to a PKCS#12 structure.
+
+int PKCS12_set_mac(PKCS12 *p12, unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int iter, EVP_MD *md_type);
+
+Add a MAC to a PKCS12 structure. If EVP_MD is NULL use SHA-1, the spec suggests
+that SHA-1 should be used.
+
+2. Extraction Functions.
+
+2.1 Safebags.
+
+M_PKCS12_bag_type(bag)
+
+Return the type of "bag". Returns one of the following
+
+NID_keyBag
+NID_pkcs8ShroudedKeyBag			7
+NID_certBag				8
+NID_crlBag				9
+NID_secretBag				10
+NID_safeContentsBag			11
+
+M_PKCS12_cert_bag_type(bag)
+
+Returns type of certificate bag, following are understood.
+
+NID_x509Certificate			14
+NID_sdsiCertificate			15
+
+M_PKCS12_crl_bag_type(bag)
+
+Returns crl bag type, currently only NID_crlBag is recognised.
+
+M_PKCS12_certbag2x509(bag)
+
+This macro extracts an X509 certificate from a certificate bag.
+
+M_PKCS12_certbag2x509crl(bag)
+
+As above but for a CRL.
+
+EVP_PKEY * PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8)
+
+Extract a private key from a PKCS8 private key info structure.
+
+M_PKCS12_decrypt_skey(bag, pass, passlen) 
+
+Decrypt a shrouded key bag and return a PKCS8 private key info structure.
+Works with both RSA and DSA keys
+
+char *PKCS12_get_friendlyname(bag)
+
+Returns the friendlyName of a bag if present or NULL if none. The returned
+string is a null terminated ASCII string allocated with Malloc(). It should 
+thus be freed up with Free() after use.
+
+2.2 AuthSafe functions.
+
+M_PKCS12_unpack_p7data(p7)
+
+Extract a STACK of safe bags from a PKCS#7 data ContentInfo.
+
+#define M_PKCS12_unpack_p7encdata(p7, pass, passlen)
+
+As above but for an encrypted content info.
+
+2.3 PKCS12 functions.
+
+M_PKCS12_unpack_authsafes(p12)
+
+Extract a STACK of authsafes from a PKCS12 structure.
+
+M_PKCS12_mac_present(p12)
+
+Check to see if a MAC is present.
+
+int PKCS12_verify_mac(PKCS12 *p12, unsigned char *pass, int passlen)
+
+Verify a MAC on a PKCS12 structure. Returns an error if MAC not present.
+
+
+Notes.
+
+1. All the function return 0 or NULL on error.
+2. Encryption based functions take a common set of parameters. These are
+described below.
+
+pass, passlen
+ASCII password and length. The password on the MAC is called the "integrity
+password" the encryption password is called the "privacy password" in the
+PKCS#12 documentation. The passwords do not have to be the same. If -1 is
+passed for the length it is worked out by the function itself (currently
+this is sometimes done whatever is passed as the length but that may change).
+
+salt, saltlen
+A 'salt' if salt is NULL a random salt is used. If saltlen is also zero a
+default length is used.
+
+iter
+Iteration count. This is a measure of how many times an internal function is
+called to encrypt the data. The larger this value is the longer it takes, it
+makes dictionary attacks on passwords harder. NOTE: Some implementations do
+not support an iteration count on the MAC. If the password for the MAC and
+encryption is the same then there is no point in having a high iteration
+count for encryption if the MAC has no count. The MAC could be attacked
+and the password used for the main decryption.
+
+pbe_nid
+This is the NID of the password based encryption method used. The following are
+supported.
+NID_pbe_WithSHA1And128BitRC4
+NID_pbe_WithSHA1And40BitRC4
+NID_pbe_WithSHA1And3_Key_TripleDES_CBC
+NID_pbe_WithSHA1And2_Key_TripleDES_CBC
+NID_pbe_WithSHA1And128BitRC2_CBC
+NID_pbe_WithSHA1And40BitRC2_CBC
+
+Which you use depends on the implementation you are exporting to. "Export
+grade" (i.e. cryptographically challenged) products cannot support all
+algorithms. Typically you may be able to use any encryption on shrouded key
+bags but they must then be placed in an unencrypted authsafe. Other authsafes
+may only support 40bit encryption. Of course if you are using SSLeay
+throughout you can strongly encrypt everything and have high iteration counts
+on everything.
+
+3. For decryption routines only the password and length are needed.
+
+4. Unlike the external version the nid's of objects are the values of the
+constants: that is NID_certBag is the real nid, therefore there is no 
+PKCS12_obj_offset() function.  Note the object constants are not the same as
+those of the external version. If you use these constants then you will need
+to recompile your code.
+
+5. With the exception of PKCS12_MAKE_KEYBAG(), after calling any function or 
+macro of the form PKCS12_MAKE_SOMETHING(other) the "other" structure can be
+reused or freed up safely.
+
diff --git a/crypto/openssl/doc/openssl_button.gif b/crypto/openssl/doc/openssl_button.gif
new file mode 100644
index 0000000000000000000000000000000000000000..3d3c90c9f849929d0b26bed710e00f3f6f4f88cc
GIT binary patch
literal 2063
zcmY*Udt8!f7XH2uL_kzTR8nXVZ>X3kqnV{53OK2G!7*&LBo(!+RmTb&a{zDPWyCZQ
ztx+d$>r94IyS6)4sCjFxG1D$?`9r#xW6jps#osg|`!WCR`QG!L=bYy`=e#ffGhWaR
zkr?m=766kOjYf?|Gcz-z5yMfe5yOWCCo`rZOu@tq%ot%Th5?+-z>+_si7;g*gJrP9
zXoP!A4u2ZcT(~HPD=;={;0Y!)1F!%w0Epo~yvfwdG6i@aO9KEfHkk%?z~o{UJOobR
zO)vvD{hv8++Vel-Q3Xdtg+&6<@vK5>a#o?=Ha`)-FzHOMWTQ6O()=ifWBpWD;dEYb
z`)ps)ZwwNWJZANIJ`Uxy`;dA!4u|?~U;b4B77CZ?z8-R_94g&LLMt3VD-isO(5|-=9v}k
zJI$L54j`LnxJX2;5T)Rhtf8&$$B$_pzmo;n8?Y`$wOatMHs^V%iNfaGqP^#FD=h+H_4c
zI7S>zT5WKhZgh()e5pu~^6Mw^mR!5OSlPVwO=vOJa$io)Y$*HGL@tJ12MSO}JN`*s
zXlmUd#86cN8JWDjaIxxBHqOsx1!C7gTS#Hr2tLeR!HM?6|QIRj8JY$`^yC
ze?jVRqQJK6@ysXY<5npU>H9T*_Lwhr2E9FbiV^;Tcu}xGD;k}aTkOe1cAP_gBpyQ(
zrdB!K!^Ix%zWpas1~X&S^oL^yjHTTr@0kK|(oe*dg!4PML?k632rct*IhHMra?DL+
z$5%+NXI1hq6NJ=6hsB5{DQk1b8R0=i=kl4LBU1@{M~|=9d5+#aQ+#EStCkHFj2~0h
z`p>yMfxyQRQg?*iJV0qf10cx9iYh)&kEa5VnSwupGPpIvZz<`~uysMr$nARhmwigP{Ef=?ej2JG6$iTat_0HA@@E}ZH1N%_3D_(}U&UQ%k
zG7kQF-Wymfw!ynpA5UVqwE8oT1~wSHBg4?1vr>;Q<<2@#YZ!HMa==M}E!S(`n}K_o
z8U0@7Ee$*{*;O|)Zg*HOb>>guM~+*-*R+w9j8F(mA=A&uUUc_MfWzfJ-RRjf@1ATe
z!e#!n3;Ki1N4&**s@b-7SJ?<_?X)}P2+v2FCx}jew?H`C`|e({i6G^T$yC$!iS}j4@VMX!($~>XSwxeM`Be(j>Hi5s_7rg
zfj-?yPiuUwB;|^Xt@@>q?pGgHI;wsdI=!_=baHiXT1jxTK_|1TdD=8(PTmYzX{@i~
zuWVDNB4a6C$lZ5c%0YC?Ry#-YC^y4+n$5+Nl))d#r?&dJ3}?L(qvuAb*kkr@LpPbf
z#)TKL8`bl%cg4d=`9iTqBJ!ypT=TJ?wWDN@4DcEIM=ymBMrko@{ld9nDGnIVu|17*
zrm++7
zUP^gM1t}7oS0A_XHc=1tvd5ISX;$CVxmi-0q#);oRN{GqhXvWxVK%Z2d4me-_Uum%
zl%jR2+)7nNzd}}-!}SJ<`CRN~Z(ByZ&VOhN+KjxZZOeGOOq$f!Nr+Siji`72$7{%RA&t)K>jXR4o>AwkMWl3=dY(I?3J3l3*dWq-Y#=dTO44?m{(+t{
z47K1+4fX_KW+zmx+Dp8HhoQKHTGy;ji`4G^s=^0VUI$eZL^@DXIA_O{p9e>$ZpJIG
z?7`Fn4!kryQn!<i
zmiRLbwAHQp(KBq#GuP2bJw~%ppmUK-9^0$G1u!xu|E5A^H!dDB);6erCJJ76`
z0hYq4%huS9mR)3
+
+
+
+
diff --git a/crypto/openssl/doc/ssl.pod b/crypto/openssl/doc/ssl.pod
new file mode 100644
index 000000000000..46ee443f5753
--- /dev/null
+++ b/crypto/openssl/doc/ssl.pod
@@ -0,0 +1,633 @@
+
+=pod
+
+=head1 NAME
+
+SSL - OpenSSL SSL/TLS library
+
+=head1 SYNOPSIS
+
+=head1 DESCRIPTION
+
+The OpenSSL B library implements the Secure Sockets Layer (SSL v2/v3) and
+Transport Layer Security (TLS v1) protocols. It provides a rich API which is
+documented here.
+
+=head1 HEADER FILES
+
+Currently the OpenSSL B library provides the following C header files
+containing the prototypes for the data structures and and functions:
+
+=over 4
+
+=item B
+
+That's the common header file for the SSL/TLS API.  Include it into your
+program to make the API of the B library available. It internally
+includes both more private SSL headers and headers from the B library.
+Whenever you need hard-core details on the internals of the SSL API, look
+inside this header file.
+
+=item B
+
+That's the sub header file dealing with the SSLv2 protocol only.
+I.
+
+=item B
+
+That's the sub header file dealing with the SSLv3 protocol only.
+I.
+
+=item B
+
+That's the sub header file dealing with the combined use of the SSLv2 and
+SSLv3 protocols.
+I.
+
+=item B
+
+That's the sub header file dealing with the TLSv1 protocol only.
+I.
+
+=back
+
+=head1 DATA STRUCTURES
+
+Currently the OpenSSL B library functions deals with the following data
+structures:
+
+=over 4
+
+=item B (SSL Method)
+
+That's a dispatch structure describing the internal B library
+methods/functions which implement the various protocol versions (SSLv1, SSLv2
+and TLSv1). It's needed to create an B.
+
+=item B (SSL Cipher)
+
+This structure holds the algorithm information for a particular cipher which
+are a core part of the SSL/TLS protocol. The available ciphers are configured
+on a B basis and the actually used ones are then part of the
+B.
+
+=item B (SSL Context)
+
+That's the global context structure which is created by a server or client
+once per program life-time and which holds mainly default values for the
+B structures which are later created for the connections.
+
+=item B (SSL Session)
+
+This is a structure containing the current SSL session details for a
+connection: Bs, client and server certificates, keys, etc.
+
+=item B (SSL Connection)
+
+That's the main SSL/TLS structure which is created by a server or client per
+established connection. This actually is the core structure in the SSL API.
+Under run-time the application usually deals with this structure which has
+links to mostly all other structures.
+
+=back
+
+=head1 API FUNCTIONS
+
+Currently the OpenSSL B library exports 214 API functions.
+They are documented in the following:
+
+=head2 DEALING WITH PROTOCOL METHODS
+
+Here we document the various API functions which deal with the SSL/TLS
+protocol methods defined in B structures.
+
+=over 4
+
+=item SSL_METHOD *B(void);
+
+Constructor for the SSLv2 SSL_METHOD structure for a dedicated client.
+
+=item SSL_METHOD *B(void);
+
+Constructor for the SSLv2 SSL_METHOD structure for a dedicated server.
+
+=item SSL_METHOD *B(void);
+
+Constructor for the SSLv2 SSL_METHOD structure for combined client and server.
+
+=item SSL_METHOD *B(void);
+
+Constructor for the SSLv3 SSL_METHOD structure for a dedicated client.
+
+=item SSL_METHOD *B(void);
+
+Constructor for the SSLv3 SSL_METHOD structure for a dedicated server.
+
+=item SSL_METHOD *B(void);
+
+Constructor for the SSLv3 SSL_METHOD structure for combined client and server.
+
+=item SSL_METHOD *B(void);
+
+Constructor for the TLSv1 SSL_METHOD structure for a dedicated client.
+
+=item SSL_METHOD *B(void);
+
+Constructor for the TLSv1 SSL_METHOD structure for a dedicated server.
+
+=item SSL_METHOD *B(void);
+
+Constructor for the TLSv1 SSL_METHOD structure for combined client and server.
+
+=back
+
+=head2 DEALING WITH CIPHERS
+
+Here we document the various API functions which deal with the SSL/TLS
+ciphers defined in B structures.
+
+=over 4
+
+=item char *B(SSL_CIPHER *cipher, char *buf, int len);
+
+Write a string to I (with a maximum size of I) containing a human
+readable description of I. Returns I.
+
+=item int B(SSL_CIPHER *cipher, int *alg_bits);
+
+Determine the number of bits in I. Because of export crippled ciphers
+there are two bits: The bits the algorithm supports in general (stored to
+I) and the bits which are actually used (the return value).
+
+=item char *B(SSL_CIPHER *cipher);
+
+Return the internal name of I as a string. These are the various
+strings defined by the I, I and I
+definitions in the header files.
+
+=item char *B(SSL_CIPHER *cipher);
+
+Returns a string like "C" or "C" which indicates the
+SSL/TLS protocol version to which I belongs (i.e. where it was defined
+in the specification the first time).
+
+=back
+
+=head2 DEALING WITH PROTOCOL CONTEXTS
+
+Here we document the various API functions which deal with the SSL/TLS
+protocol context defined in the B structure.
+
+=over 4
+
+=item int B(SSL_CTX *ctx, X509 *x);
+
+=item long B(SSL_CTX *ctx, X509 *x509);
+
+=item int B(SSL_CTX *ctx, SSL_SESSION *c);
+
+=item int B(SSL_CTX *ctx);
+
+=item long B(SSL_CTX *ctx, int cmd, long larg, char *parg);
+
+=item void B(SSL_CTX *s, long t);
+
+=item void B(SSL_CTX *a);
+
+=item char *B(SSL_CTX *ctx);
+
+=item X509_STORE *B(SSL_CTX *ctx);
+
+=item STACK *B(SSL_CTX *ctx);
+
+=item int (*B(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
+
+=item char *B(SSL_CTX *s, int idx);
+
+=item int B(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))
+
+=item void (*B(SSL_CTX *ctx))(SSL *ssl, int cb, int ret);
+
+=item int B(SSL_CTX *ctx);
+
+=item int B(SSL_CTX *ctx);
+
+=item long B(SSL_CTX *ctx);
+
+=item int (*B(SSL_CTX *ctx))(int ok, X509_STORE_CTX *ctx);
+
+=item int B(SSL_CTX *ctx);
+
+=item int B(SSL_CTX *ctx, char *CAfile, char *CApath);
+
+=item long B(SSL_CTX *ctx);
+
+=item SSL_CTX *B(SSL_METHOD *meth);
+
+=item int B(SSL_CTX *ctx, SSL_SESSION *c);
+
+=item int B(SSL_CTX *ctx);
+
+=item int B(SSL_CTX *ctx);
+
+=item int B(SSL_CTX *ctx);
+
+=item int B(SSL_CTX *ctx);
+
+=item int B(SSL_CTX *ctx);
+
+=item int B(SSL_CTX *ctx);
+
+=item int B(SSL_CTX *ctx);
+
+=item int B(SSL_CTX *ctx);
+
+=item int B(SSL_CTX *ctx);
+
+=item SSL_SESSION *(*B(SSL_CTX *ctx))(SSL *ssl, unsigned char *data, int len, int *copy);
+
+=item int (*B(SSL_CTX *ctx)(SSL *ssl, SSL_SESSION *sess);
+
+=item void (*B(SSL_CTX *ctx)(SSL_CTX *ctx, SSL_SESSION *sess);
+
+=item int B(SSL_CTX *ctx);
+
+=item int B(SSL_CTX *ctx);
+
+=item int B(SSL_CTX *ctx);
+
+=item void B(SSL_CTX *ctx,t);
+
+=item void B(SSL_CTX *ctx, SSL_SESSION *(*cb)(SSL *ssl, unsigned char *data, int len, int *copy));
+
+=item void B(SSL_CTX *ctx, int (*cb)(SSL *ssl, SSL_SESSION *sess));
+
+=item void B(SSL_CTX *ctx, void (*cb)(SSL_CTX *ctx, SSL_SESSION *sess));
+
+=item int B(SSL_CTX *ctx);
+
+=item LHASH *B(SSL_CTX *ctx);
+
+=item void B(SSL_CTX *ctx, void *arg);
+
+=item void B(SSL_CTX *ctx, X509_STORE *cs);
+
+=item void B(SSL_CTX *ctx, int (*cb)(SSL_CTX *), char *arg)
+
+=item int B(SSL_CTX *ctx, char *str);
+
+=item void B(SSL_CTX *ctx, STACK *list);
+
+=item void B(SSL_CTX *ctx, int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey));
+
+=item void B(SSL_CTX *ctx, int (*cb);(void))
+
+=item void B(SSL_CTX *ctx, int m);
+
+=item int B(SSL_CTX *ctx);
+
+=item int B(SSL_CTX *s, int idx, char *arg);
+
+=item void B(SSL_CTX *ctx, void (*cb)(SSL *ssl, int cb, int ret));
+
+=item void B(SSL_CTX *ctx, unsigned long op);
+
+=item void B(SSL_CTX *ctx, int mode);
+
+=item void B(SSL_CTX *ctx, int mode);
+
+=item int B(SSL_CTX *ctx, SSL_METHOD *meth);
+
+=item void B(SSL_CTX *ctx, long t);
+
+=item long B(SSL_CTX* ctx, DH *dh);
+
+=item long B(SSL_CTX *ctx, DH *(*cb)(void));
+
+=item long B(SSL_CTX *ctx, RSA *rsa);
+
+=item SSL_CTX_set_tmp_rsa_callback
+
+C(SSL_CTX *B, RSA *(*B)(SSL *B, int B, int B));>
+
+Sets the callback which will be called when a temporary private key is
+required. The B> flag will be set if the reason for needing
+a temp key is that an export ciphersuite is in use, in which case,
+B> will contain the required keylength in bits. Generate a key of
+appropriate size (using ???) and return it.
+
+=item SSL_set_tmp_rsa_callback
+
+long B(SSL *ssl, RSA *(*cb)(SSL *ssl, int export, int keylength));
+
+The same as L<"SSL_CTX_set_tmp_rsa_callback">, except it operates on an SSL
+session instead of a context.
+
+=item void B(SSL_CTX *ctx, int mode, int (*cb);(void))
+
+=item int B(SSL_CTX *ctx, EVP_PKEY *pkey);
+
+=item int B(int type, SSL_CTX *ctx, unsigned char *d, long len);
+
+=item int B(SSL_CTX *ctx, char *file, int type);
+
+=item int B(SSL_CTX *ctx, RSA *rsa);
+
+=item int B(SSL_CTX *ctx, unsigned char *d, long len);
+
+=item int B(SSL_CTX *ctx, char *file, int type);
+
+=item int B(SSL_CTX *ctx, X509 *x);
+
+=item int B(SSL_CTX *ctx, int len, unsigned char *d);
+
+=item int B(SSL_CTX *ctx, char *file, int type);
+
+=back
+
+=head2 DEALING WITH SESSIONS
+
+Here we document the various API functions which deal with the SSL/TLS
+sessions defined in the B structures.
+
+=over 4
+
+=item int B(SSL_SESSION *a, SSL_SESSION *b);
+
+=item void B(SSL_SESSION *ss);
+
+=item char *B(SSL_SESSION *s);
+
+=item char *B(SSL_SESSION *s, int idx);
+
+=item int B(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))
+
+=item long B(SSL_SESSION *s);
+
+=item long B(SSL_SESSION *s);
+
+=item unsigned long B(SSL_SESSION *a);
+
+=item SSL_SESSION *B(void);
+
+=item int B(BIO *bp, SSL_SESSION *x);
+
+=item int B(FILE *fp, SSL_SESSION *x);
+
+=item void B(SSL_SESSION *s, char *a);
+
+=item int B(SSL_SESSION *s, int idx, char *arg);
+
+=item long B(SSL_SESSION *s, long t);
+
+=item long B(SSL_SESSION *s, long t);
+
+=back
+
+=head2 DEALING WITH CONNECTIONS
+
+Here we document the various API functions which deal with the SSL/TLS
+connection defined in the B structure.
+
+=over 4
+
+=item int B(SSL *ssl);
+
+=item int B(STACK *stack, const char *dir);
+
+=item int B(STACK *stack, const char *file);
+
+=item int B(SSL *ssl, X509 *x);
+
+=item char *B(int value);
+
+=item char *B(int value);
+
+=item char *B(int value);
+
+=item char *B(int value);
+
+=item int B(SSL *ssl);
+
+=item void B(SSL *ssl);
+
+=item long B(SSL *ssl);
+
+=item int B(SSL *ssl);
+
+=item void B(SSL *t, SSL *f);
+
+=item long B(SSL *ssl, int cmd, long larg, char *parg);
+
+=item int B(SSL *ssl);
+
+=item SSL *B(SSL *ssl);
+
+=item STACK *B(STACK *sk);
+
+=item void B(SSL *ssl);
+
+=item SSL_CTX *B(SSL *ssl);
+
+=item char *B(SSL *ssl);
+
+=item X509 *B(SSL *ssl);
+
+=item SSL_CIPHER *B(SSL *ssl);
+
+=item int B(SSL *ssl, int *alg_bits);
+
+=item char *B(SSL *ssl, int n);
+
+=item char *B(SSL *ssl);
+
+=item char *B(SSL *ssl);
+
+=item STACK *B(SSL *ssl);
+
+=item STACK *B(SSL *ssl);
+
+=item SSL_CIPHER *B(SSL *ssl);
+
+=item long B(SSL *ssl);
+
+=item int B(SSL *ssl, int i);
+
+=item char *B(SSL *ssl, int idx);
+
+=item int B(void);
+
+=item int B(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))
+
+=item int B(SSL *ssl);
+
+=item void (*B(SSL *ssl);)(void)
+
+=item STACK *B(SSL *ssl);
+
+=item X509 *B(SSL *ssl);
+
+=item EVP_PKEY *B(SSL *ssl);
+
+=item int B(SSL *ssl);
+
+=item BIO *B(SSL *ssl);
+
+=item int B(SSL *ssl);
+
+=item SSL_SESSION *B(SSL *ssl);
+
+=item char *B(SSL *ssl, char *buf, int len);
+
+=item int B(SSL *ssl);
+
+=item SSL_METHOD *B(SSL *ssl);
+
+=item int B(SSL *ssl);
+
+=item long B(SSL *ssl);
+
+=item long B(SSL *ssl);
+
+=item int (*B(SSL *ssl);)(void)
+
+=item int B(SSL *ssl);
+
+=item long B(SSL *ssl);
+
+=item char *B(SSL *ssl);
+
+=item BIO *B(SSL *ssl);
+
+=item int B(SSL *ssl);
+
+=item int B(SSL *ssl);
+
+=item int B(SSL *ssl);
+
+=item int B(SSL *ssl);
+
+=item int B(SSL *ssl);
+
+=item STACK *B(char *file);
+
+=item void B(void);
+
+=item SSL *B(SSL_CTX *ctx);
+
+=item long B(SSL *ssl);
+
+=item int B(SSL *ssl, char *buf, int num);
+
+=item int B(SSL *ssl);
+
+=item int B(SSL *ssl, char *buf, int num);
+
+=item int B(SSL *ssl);
+
+=item char *B(SSL *ssl);
+
+=item char *B(SSL *ssl);
+
+=item long B(SSL *ssl);
+
+=item void B(SSL *ssl);
+
+=item void B(SSL *ssl, char *arg);
+
+=item void B(SSL *ssl, BIO *rbio, BIO *wbio);
+
+=item int B(SSL *ssl, char *str);
+
+=item void B(SSL *ssl, STACK *list);
+
+=item void B(SSL *ssl);
+
+=item int B(SSL *ssl, int idx, char *arg);
+
+=item int B(SSL *ssl, int fd);
+
+=item void B(SSL *ssl, void (*cb);(void))
+
+=item void B(SSL *ssl, unsigned long op);
+
+=item void B(SSL *ssl, int mode);
+
+=item void B(SSL *ssl, int yes);
+
+=item int B(SSL *ssl, int fd);
+
+=item int B(SSL *ssl, SSL_SESSION *session);
+
+=item void B(SSL *ssl, int mode);
+
+=item int B(SSL *ssl, SSL_METHOD *meth);
+
+=item void B(SSL *ssl, long t);
+
+=item void B(SSL *ssl, long t);
+
+=item void B(SSL *ssl, int mode, int (*callback);(void))
+
+=item void B(SSL *ssl, long arg);
+
+=item int B(SSL *ssl, int fd);
+
+=item int B(SSL *ssl);
+
+=item int B(SSL *ssl);
+
+=item char *B(SSL *ssl);
+
+=item char *B(SSL *ssl);
+
+=item long B(SSL *ssl);
+
+=item int B(SSL *ssl, EVP_PKEY *pkey);
+
+=item int B(int type, SSL *ssl, unsigned char *d, long len);
+
+=item int B(SSL *ssl, char *file, int type);
+
+=item int B(SSL *ssl, RSA *rsa);
+
+=item int B(SSL *ssl, unsigned char *d, long len);
+
+=item int B(SSL *ssl, char *file, int type);
+
+=item int B(SSL *ssl, X509 *x);
+
+=item int B(SSL *ssl, int len, unsigned char *d);
+
+=item int B(SSL *ssl, char *file, int type);
+
+=item int B(SSL *ssl);
+
+=item int B(SSL *ssl);
+
+=item int B(SSL *ssl);
+
+=item int B(SSL *ssl);
+
+=item int B(SSL *ssl);
+
+=item int B(s);
+
+=item int B(SSL *ssl, char *buf, int num);
+
+=back
+
+=head1 SEE ALSO
+
+openssl(1), crypto(3)
+
+=head1 HISTORY
+
+The ssl(3) document appeared in OpenSSL 0.9.2
+
+=cut
+
diff --git a/crypto/openssl/doc/ssleay.txt b/crypto/openssl/doc/ssleay.txt
new file mode 100644
index 000000000000..094e28ce48dc
--- /dev/null
+++ b/crypto/openssl/doc/ssleay.txt
@@ -0,0 +1,7014 @@
+
+Bundle of old SSLeay documentation files [OBSOLETE!]
+
+==== readme ========================================================
+
+This is the old 0.6.6 docuementation.  Most of the cipher stuff is still
+relevent but I'm working (very slowly) on new docuemtation.
+The current version can be found online at
+
+http://www.cryptsoft.com/ssleay/doc
+
+==== API.doc ========================================================
+
+SSL - SSLv2/v3/v23 etc.
+
+BIO - methods and how they plug together
+
+MEM - memory allocation callback
+
+CRYPTO - locking for threads
+
+EVP - Ciphers/Digests/signatures
+
+RSA - methods
+
+X509 - certificate retrieval
+
+X509 - validation
+
+X509 - X509v3 extensions
+
+Objects - adding object identifiers
+
+ASN.1 - parsing
+
+PEM - parsing
+
+==== ssl/readme =====================================================
+
+22 Jun 1996
+This file belongs in ../apps, but I'll leave it here because it deals
+with SSL :-)  It is rather dated but it gives you an idea of how
+things work.
+===
+
+17 Jul 1995
+I have been changing things quite a bit and have not fully updated
+this file, so take what you read with a grain of salt
+eric
+===
+The s_client and s_server programs can be used to test SSL capable
+IP/port addresses and the verification of the X509 certificates in use
+by these services.  I strongly advise having a look at the code to get
+an idea of how to use the authentication under SSLeay.  Any feedback
+on changes and improvements would be greatly accepted.
+
+This file will probably be gibberish unless you have read
+rfc1421, rfc1422, rfc1423 and rfc1424 which describe PEM
+authentication.
+
+A Brief outline (and examples) how to use them to do so.
+
+NOTE:
+The environment variable SSL_CIPER is used to specify the prefered
+cipher to use, play around with setting it's value to combinations of
+RC4-MD5, EXP-RC4-MD5, CBC-DES-MD5, CBC3-DES-MD5, CFB-DES-NULL
+in a : separated list.
+
+This directory contains 3 X509 certificates which can be used by these programs.
+client.pem: a file containing a certificate and private key to be used
+	by s_client.
+server.pem :a file containing a certificate and private key to be used
+	by s_server.
+eay1024.pem:the certificate used to sign client.pem and server.pem.
+	This would be your CA's certificate.  There is also a link
+	from the file a8556381.0 to eay1024.PEM.  The value a8556381
+	is returned by 'x509 -hash -noout  to exit.  Flags are as follows.
+-host arg	: Arg is the host or IP address to connect to.
+-port arg	: Arg is the port to connect to (https is 443).
+-verify arg	: Turn on authentication of the server certificate.
+		: Arg specifies the 'depth', this will covered below.
+-cert arg	: The optional certificate to use.  This certificate
+		: will be returned to the server if the server
+		: requests it for client authentication.
+-key arg	: The private key that matches the certificate
+		: specified by the -cert option.  If this is not
+		: specified (but -cert is), the -cert file will be
+		: searched for the Private key.  Both files are
+		: assumed to be in PEM format.
+-CApath arg	: When to look for certificates when 'verifying' the
+		: certificate from the server.
+-CAfile arg	: A file containing certificates to be used for
+		: 'verifying' the server certificate.
+-reconnect	: Once a connection has been made, drop it and
+		: reconnect with same session-id.  This is for testing :-).
+
+The '-verify n' parameter specifies not only to verify the servers
+certificate but to also only take notice of 'n' levels.  The best way
+to explain is to show via examples.
+Given
+s_server -cert server.PEM is running.
+
+s_client
+	CONNECTED
+	depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server
+	issuer= /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
+	verify error:num=1:unable to get issuer certificate
+	verify return:1
+	CIPHER is CBC-DES-MD5
+What has happened is that the 'SSLeay demo server' certificate's
+issuer ('CA') could not be found but because verify is not on, we
+don't care and the connection has been made anyway.  It is now 'up'
+using CBC-DES-MD5 mode.  This is an unauthenticate secure channel.
+You may not be talking to the right person but the data going to them
+is encrypted.
+
+s_client -verify 0
+	CONNECTED
+	depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server
+	issuer= /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
+	verify error:num=1:unable to get issuer certificate
+	verify return:1
+	CIPHER is CBC-DES-MD5
+We are 'verifying' but only to depth 0, so since the 'SSLeay demo server'
+certificate passed the date and checksum, we are happy to proceed.
+
+s_client -verify 1
+	CONNECTED
+	depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server
+	issuer= /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
+	verify error:num=1:unable to get issuer certificate
+	verify return:0
+	ERROR
+	verify error:unable to get issuer certificate
+In this case we failed to make the connection because we could not
+authenticate the certificate because we could not find the
+'CA' certificate.
+
+s_client -verify 1 -CAfile eay1024.PEM
+	CONNECTED
+	depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server
+	verify return:1
+	depth=1 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
+	verify return:1
+	CIPHER is CBC-DES-MD5
+We loaded the certificates from the file eay1024.PEM.  Everything
+checked out and so we made the connection.
+
+s_client -verify 1 -CApath .
+	CONNECTED
+	depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server
+	verify return:1
+	depth=1 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
+	verify return:1
+	CIPHER is CBC-DES-MD5
+We looked in out local directory for issuer certificates and 'found'
+a8556381.0 and so everything is ok.
+
+It is worth noting that 'CA' is a self certified certificate.  If you
+are passed one of these, it will fail to 'verify' at depth 0 because
+we need to lookup the certifier of a certificate from some information
+that we trust and keep locally.
+
+SSL_CIPHER=CBC3-DES-MD5:RC4-MD5
+export SSL_CIPHER
+s_client -verify 10 -CApath . -reconnect
+	CONNECTED
+	depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server
+	verify return:1
+	depth=1 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
+	verify return:1
+	drop the connection and reconnect with the same session id
+	CIPHER is CBC3-DES-MD5
+This has done a full connection and then re-estabished it with the
+same session id but a new socket.  No RSA stuff occures on the second
+connection.  Note that we said we would prefer to use CBC3-DES-MD5
+encryption and so, since the server supports it, we are.
+
+=====
+s_server
+This program accepts SSL connections on a specified port
+Once connected, it will estabish an SSL connection and optionaly
+attempt to authenticate the client.  A 2 directional channel will be
+open.  Any text typed will be sent to the other end.  Type Q to exit.
+Flags are as follows.
+-port arg	: Arg is the port to listen on.
+-verify arg	: Turn on authentication of the client if they have a
+		: certificate.  Arg specifies the 'depth'.
+-Verify arg	: Turn on authentication of the client. If they don't
+		: have a valid certificate, drop the connection.
+-cert arg	: The certificate to use.  This certificate
+		: will be passed to the client.  If it is not
+		: specified, it will default to server.PEM
+-key arg	: The private key that matches the certificate
+		: specified by the -cert option.  If this is not
+		: specified (but -cert is), the -cert file will be
+		: searched for the Private key.  Both files are
+		: assumed to be in PEM format.  Default is server.PEM
+-CApath arg	: When to look for certificates when 'verifying' the
+		: certificate from the client.
+-CAfile arg	: A file containing certificates to be used for
+		: 'verifying' the client certificate.
+
+For the following 'demo'  I will specify the s_server command and
+the s_client command and then list the output from the s_server.
+s_server
+s_client
+	CONNECTED
+	CIPHER is CBC-DES-MD5
+Everything up and running
+
+s_server -verify 0
+s_client  
+	CONNECTED
+	CIPHER is CBC-DES-MD5
+Ok since no certificate was returned and we don't care.
+
+s_server -verify 0
+./s_client -cert client.PEM
+	CONNECTED
+	depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo client
+	issuer= /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
+	verify error:num=1:unable to get issuer certificate
+	verify return:1
+	CIPHER is CBC-DES-MD5
+Ok since we were only verifying to level 0
+
+s_server -verify 4
+s_client -cert client.PEM
+	CONNECTED
+	depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo client
+	issuer= /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
+	verify error:num=1:unable to get issuer certificate
+	verify return:0
+	ERROR
+	verify error:unable to get issuer certificate
+Bad because we could not authenticate the returned certificate.
+
+s_server -verify 4 -CApath .
+s_client -cert client.PEM
+	CONNECTED
+	depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo client
+	verify return:1
+	depth=1 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
+	verify return:1
+	CIPHER is CBC-DES-MD5
+Ok because we could authenticate the returned certificate :-).
+
+s_server -Verify 0 -CApath .
+s_client
+	CONNECTED
+	ERROR
+	SSL error:function is:REQUEST_CERTIFICATE
+		 :error is   :client end did not return a certificate
+Error because no certificate returned.
+
+s_server -Verify 4 -CApath .
+s_client -cert client.PEM
+	CONNECTED
+	depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo client
+	verify return:1
+	depth=1 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
+	verify return:1
+	CIPHER is CBC-DES-MD5
+Full authentication of the client.
+
+So in summary to do full authentication of both ends
+s_server -Verify 9 -CApath .
+s_client -cert client.PEM -CApath . -verify 9
+From the server side
+	CONNECTED
+	depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo client
+	verify return:1
+	depth=1 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
+	verify return:1
+	CIPHER is CBC-DES-MD5
+From the client side
+	CONNECTED
+	depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server
+	verify return:1
+	depth=1 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
+	verify return:1
+	CIPHER is CBC-DES-MD5
+
+For general probing of the 'internet https' servers for the
+distribution area, run
+s_client -host www.netscape.com -port 443 -verify 4 -CApath ../rsa/hash
+Then enter
+GET /
+and you should be talking to the https server on that host.
+
+www.rsa.com was refusing to respond to connections on 443 when I was
+testing.
+
+have fun :-).
+
+eric
+
+==== a_verify.doc ========================================================
+
+From eay@mincom.com Fri Oct  4 18:29:06 1996
+Received: by orb.mincom.oz.au id AA29080
+  (5.65c/IDA-1.4.4 for eay); Fri, 4 Oct 1996 08:29:07 +1000
+Date: Fri, 4 Oct 1996 08:29:06 +1000 (EST)
+From: Eric Young 
+X-Sender: eay@orb
+To: wplatzer 
+Cc: Eric Young , SSL Mailing List 
+Subject: Re: Netscape's Public Key
+In-Reply-To: <19961003134837.NTM0049@iaik.tu-graz.ac.at>
+Message-Id: 
+Mime-Version: 1.0
+Content-Type: TEXT/PLAIN; charset=US-ASCII
+Status: RO
+X-Status: 
+
+On Thu, 3 Oct 1996, wplatzer wrote:
+> I get Public Key from Netscape (Gold 3.0b4), but cannot do anything
+> with it... It looks like (asn1parse):
+> 
+> 0:d=0 hl=3 l=180 cons: SEQUENCE
+> 3:d=1 hl=2 l= 96 cons: SEQUENCE
+> 5:d=2 hl=2 l= 92 cons: SEQUENCE
+> 7:d=3 hl=2 l= 13 cons: SEQUENCE
+> 9:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption
+> 20:d=4 hl=2 l= 0 prim: NULL
+> 22:d=3 hl=2 l= 75 prim: BIT STRING
+> 99:d=2 hl=2 l= 0 prim: IA5STRING :
+> 101:d=1 hl=2 l= 13 cons: SEQUENCE
+> 103:d=2 hl=2 l= 9 prim: OBJECT :md5withRSAEncryption
+> 114:d=2 hl=2 l= 0 prim: NULL
+> 116:d=1 hl=2 l= 65 prim: BIT STRING
+> 
+> The first BIT STRING is the public key and the second BIT STRING is 
+> the signature.
+> But a public key consists of the public exponent and the modulus. Are 
+> both numbers in the first BIT STRING?
+> Is there a document simply describing this coding stuff (checking 
+> signature, get the public key, etc.)?
+
+Minimal in SSLeay.  If you want to see what the modulus and exponent are,
+try asn1parse -offset 25 -length 75 next_bio list.
+
+
+
+Extra commands are normally implemented as macros calling BIO_ctrl().
+-	BIO_number_read(BIO *bio) - the number of bytes processed 
+	by BIO_read(bio,.).
+-	BIO_number_written(BIO *bio) - the number of bytes written 
+	by BIO_write(bio,.).
+-	BIO_reset(BIO *bio) - 'reset' the BIO.
+-	BIO_eof(BIO *bio) - non zero if we are at the current end 
+	of input.
+-	BIO_set_close(BIO *bio, int close_flag) - set the close flag.
+-	BIO_get_close(BIO *bio) - return the close flag.
+	BIO_pending(BIO *bio) - return the number of bytes waiting 
+	to be read (normally buffered internally).
+-	BIO_flush(BIO *bio) - output any data waiting to be output.
+-	BIO_should_retry(BIO *io) - after a BIO_read/BIO_write 
+	operation returns 0 or -1, a call to this function will 
+	return non zero if you should retry the call later (this 
+	is for non-blocking IO).
+-	BIO_should_read(BIO *io) - we should retry when data can 
+	be read.
+-	BIO_should_write(BIO *io) - we should retry when data can 
+	be written.
+-	BIO_method_name(BIO *io) - return a string for the method name.
+-	BIO_method_type(BIO *io) - return the unique ID of the BIO method.
+-	BIO_set_callback(BIO *io,  long (*callback)(BIO *io, int 
+	cmd, char *argp, int argi, long argl, long ret); - sets 
+	the debug callback.
+-	BIO_get_callback(BIO *io) - return the assigned function 
+	as mentioned above.
+-	BIO_set_callback_arg(BIO *io, char *arg)  - assign some 
+	data against the BIO.  This is normally used by the debug 
+	callback but could in reality be used for anything.  To 
+	get an idea of how all this works, have a look at the code 
+	in the default debug callback mentioned above.  The 
+	callback can modify the return values.
+
+Details of the BIO_METHOD structure.
+typedef struct bio_method_st
+        {
+	int type;
+	char *name;
+	int (*bwrite)();
+	int (*bread)();
+	int (*bputs)();
+	int (*bgets)();
+	long (*ctrl)();
+	int (*create)();
+	int (*destroy)();
+	} BIO_METHOD;
+
+The 'type' is the numeric type of the BIO, these are listed in buffer.h;
+'Name' is a textual representation of the BIO 'type'.
+The 7 function pointers point to the respective function 
+methods, some of which can be NULL if not implemented.
+The BIO structure
+typedef struct bio_st
+	{
+	BIO_METHOD *method;
+	long (*callback)(BIO * bio, int mode, char *argp, int 
+		argi, long argl, long ret);
+	char *cb_arg; /* first argument for the callback */
+	int init;
+	int shutdown;
+	int flags;      /* extra storage */
+	int num;
+	char *ptr;
+	struct bio_st *next_bio; /* used by filter BIOs */
+	int references;
+	unsigned long num_read;
+	unsigned long num_write;
+	} BIO;
+
+-	'Method' is the BIO method.
+-	'callback', when configured, is called before and after 
+	each BIO method is called for that particular BIO.  This 
+	is intended primarily for debugging and of informational feedback.
+-	'init' is 0 when the BIO can be used for operation.  
+	Often, after a BIO is created, a number of operations may 
+	need to be performed before it is available for use.  An 
+	example is for BIO_s_sock().  A socket needs to be 
+	assigned to the BIO before it can be used.
+-	'shutdown', this flag indicates if the underlying 
+	comunication primative being used should be closed/freed 
+	when the BIO is closed.
+-	'flags' is used to hold extra state.  It is primarily used 
+	to hold information about why a non-blocking operation 
+	failed and to record startup protocol information for the 
+	SSL BIO.
+-	'num' and 'ptr' are used to hold instance specific state 
+	like file descriptors or local data structures.
+-	'next_bio' is used by filter BIOs to hold the pointer of the
+	next BIO in the chain. written data is sent to this BIO and
+	data read is taken from it.
+-	'references' is used to indicate the number of pointers to 
+	this structure.  This needs to be '1' before a call to 
+	BIO_free() is made if the BIO_free() function is to 
+	actually free() the structure, otherwise the reference 
+	count is just decreased.  The actual BIO subsystem does 
+	not really use this functionality but it is useful when 
+	used in more advanced applicaion.
+-	num_read and num_write are the total number of bytes 
+	read/written via the 'read()' and 'write()' methods.
+
+BIO_ctrl operations.
+The following is the list of standard commands passed as the 
+second parameter to BIO_ctrl() and should be supported by 
+all BIO as best as possible.  Some are optional, some are 
+manditory, in any case, where is makes sense, a filter BIO 
+should pass such requests to underlying BIO's.
+-	BIO_CTRL_RESET	- Reset the BIO back to an initial state.
+-	BIO_CTRL_EOF	- return 0 if we are not at the end of input, 
+	non 0 if we are.
+-	BIO_CTRL_INFO	- BIO specific special command, normal
+	information return.
+-	BIO_CTRL_SET	- set IO specific parameter.
+-	BIO_CTRL_GET	- get IO specific parameter.
+-	BIO_CTRL_GET_CLOSE - Get the close on BIO_free() flag, one 
+	of BIO_CLOSE or BIO_NOCLOSE.
+-	BIO_CTRL_SET_CLOSE - Set the close on BIO_free() flag.
+-	BIO_CTRL_PENDING - Return the number of bytes available 
+	for instant reading
+-	BIO_CTRL_FLUSH	- Output pending data, return number of bytes output.
+-	BIO_CTRL_SHOULD_RETRY - After an IO error (-1 returned) 
+	should we 'retry' when IO is possible on the underlying IO object.
+-	BIO_CTRL_RETRY_TYPE - What kind of IO are we waiting on.
+
+The following command is a special BIO_s_file() specific option.
+-	BIO_CTRL_SET_FILENAME - specify a file to open for IO.
+
+The BIO_CTRL_RETRY_TYPE needs a little more explanation.  
+When performing non-blocking IO, or say reading on a memory 
+BIO, when no data is present (or cannot be written), 
+BIO_read() and/or BIO_write() will return -1.  
+BIO_should_retry(bio) will return true if this is due to an 
+IO condition rather than an actual error.  In the case of 
+BIO_s_mem(), a read when there is no data will return -1 and 
+a should retry when there is more 'read' data.
+The retry type is deduced from 2 macros
+BIO_should_read(bio) and BIO_should_write(bio).
+Now while it may appear obvious that a BIO_read() failure 
+should indicate that a retry should be performed when more 
+read data is available, this is often not true when using 
+things like an SSL BIO.  During the SSL protocol startup 
+multiple reads and writes are performed, triggered by any 
+SSL_read or SSL_write.
+So to write code that will transparently handle either a 
+socket or SSL BIO,
+	i=BIO_read(bio,..)
+	if (I == -1)
+		{
+		if (BIO_should_retry(bio))
+			{
+			if (BIO_should_read(bio))
+				{
+				/* call us again when BIO can be read */
+				}
+			if (BIO_should_write(bio))
+				{
+				/* call us again when BIO can be written */
+				}
+			}
+		}
+
+At this point in time only read and write conditions can be 
+used but in the future I can see the situation for other 
+conditions, specifically with SSL there could be a condition 
+of a X509 certificate lookup taking place and so the non-
+blocking BIO_read would require a retry when the certificate 
+lookup subsystem has finished it's lookup.  This is all 
+makes more sense and is easy to use in a event loop type 
+setup.
+When using the SSL BIO, either SSL_read() or SSL_write()s 
+can be called during the protocol startup and things will 
+still work correctly.
+The nice aspect of the use of the BIO_should_retry() macro 
+is that all the errno codes that indicate a non-fatal error 
+are encapsulated in one place.  The Windows specific error 
+codes and WSAGetLastError() calls are also hidden from the 
+application.
+
+Notes on each BIO method.
+Normally buffer.h is just required but depending on the 
+BIO_METHOD, ssl.h or evp.h will also be required.
+
+BIO_METHOD *BIO_s_mem(void);
+-	BIO_set_mem_buf(BIO *bio, BUF_MEM *bm, int close_flag) - 
+	set the underlying BUF_MEM structure for the BIO to use.
+-	BIO_get_mem_ptr(BIO *bio, char **pp) - if pp is not NULL, 
+	set it to point to the memory array and return the number 
+	of bytes available.
+A read/write BIO.  Any data written is appended to the 
+memory array and any read is read from the front.  This BIO 
+can be used for read/write at the same time. BIO_gets() is 
+supported in the fgets() sense.
+BIO_CTRL_INFO can be used to retrieve pointers to the memory 
+buffer and it's length.
+
+BIO_METHOD *BIO_s_file(void);
+-	BIO_set_fp(BIO *bio, FILE *fp, int close_flag) - set 'FILE *' to use.
+-	BIO_get_fp(BIO *bio, FILE **fp) - get the 'FILE *' in use.
+-	BIO_read_filename(BIO *bio, char *name) - read from file.
+-	BIO_write_filename(BIO *bio, char *name) - write to file.
+-	BIO_append_filename(BIO *bio, char *name) - append to file.
+This BIO sits over the normal system fread()/fgets() type 
+functions. Gets() is supported.  This BIO in theory could be 
+used for read and write but it is best to think of each BIO 
+of this type as either a read or a write BIO, not both.
+
+BIO_METHOD *BIO_s_socket(void);
+BIO_METHOD *BIO_s_fd(void);
+-	BIO_sock_should_retry(int i) - the underlying function 
+	used to determine if a call should be retried; the 
+	argument is the '0' or '-1' returned by the previous BIO 
+	operation.
+-	BIO_fd_should_retry(int i) - same as the 
+-	BIO_sock_should_retry() except that it is different internally.
+-	BIO_set_fd(BIO *bio, int fd, int close_flag) - set the 
+	file descriptor to use
+-	BIO_get_fd(BIO *bio, int *fd) - get the file descriptor.
+These two methods are very similar.  Gets() is not 
+supported, if you want this functionality, put a 
+BIO_f_buffer() onto it.  This BIO is bi-directional if the 
+underlying file descriptor is.  This is normally the case 
+for sockets but not the case for stdio descriptors.
+
+BIO_METHOD *BIO_s_null(void);
+Read and write as much data as you like, it all disappears 
+into this BIO.
+
+BIO_METHOD *BIO_f_buffer(void);
+-	BIO_get_buffer_num_lines(BIO *bio) - return the number of 
+	complete lines in the buffer.
+-	BIO_set_buffer_size(BIO *bio, long size) - set the size of 
+	the buffers.
+This type performs input and output buffering.  It performs 
+both at the same time.  The size of the buffer can be set 
+via the set buffer size option.  Data buffered for output is 
+only written when the buffer fills.
+
+BIO_METHOD *BIO_f_ssl(void);
+-	BIO_set_ssl(BIO *bio, SSL *ssl, int close_flag) - the SSL 
+	structure to use.
+-	BIO_get_ssl(BIO *bio, SSL **ssl) - get the SSL structure 
+	in use.
+The SSL bio is a little different from normal BIOs because 
+the underlying SSL structure is a little different.  A SSL 
+structure performs IO via a read and write BIO.  These can 
+be different and are normally set via the
+SSL_set_rbio()/SSL_set_wbio() calls.  The SSL_set_fd() calls 
+are just wrappers that create socket BIOs and then call 
+SSL_set_bio() where the read and write BIOs are the same.  
+The BIO_push() operation makes the SSLs IO BIOs the same, so 
+make sure the BIO pushed is capable of two directional 
+traffic.  If it is not, you will have to install the BIOs 
+via the more conventional SSL_set_bio() call.  BIO_pop() will retrieve
+the 'SSL read' BIO.
+
+BIO_METHOD *BIO_f_md(void);
+-	BIO_set_md(BIO *bio, EVP_MD *md) - set the message digest 
+	to use.
+-	BIO_get_md(BIO *bio, EVP_MD **mdp) - return the digest 
+	method in use in mdp, return 0 if not set yet.
+-	BIO_reset() reinitializes the digest (EVP_DigestInit()) 
+	and passes the reset to the underlying BIOs.
+All data read or written via BIO_read() or BIO_write() to 
+this BIO will be added to the calculated digest.  This 
+implies that this BIO is only one directional.  If read and 
+write operations are performed, two separate BIO_f_md() BIOs 
+are reuqired to generate digests on both the input and the 
+output.  BIO_gets(BIO *bio, char *md, int size) will place the 
+generated digest into 'md' and return the number of bytes.  
+The EVP_MAX_MD_SIZE should probably be used to size the 'md' 
+array.  Reading the digest will also reset it.
+
+BIO_METHOD *BIO_f_cipher(void);
+-	BIO_reset() reinitializes the cipher.
+-	BIO_flush() should be called when the last bytes have been 
+	output to flush the final block of block ciphers.
+-	BIO_get_cipher_status(BIO *b), when called after the last 
+	read from a cipher BIO, returns non-zero if the data 
+	decrypted correctly, otherwise, 0.
+-	BIO_set_cipher(BIO *b, EVP_CIPHER *c, unsigned char *key, 
+	unsigned char *iv, int encrypt)   This function is used to 
+	setup a cipher BIO.  The length of key and iv are 
+	specified by the choice of EVP_CIPHER.  Encrypt is 1 to 
+	encrypt and 0 to decrypt.
+
+BIO_METHOD *BIO_f_base64(void);
+-	BIO_flush() should be called when the last bytes have been output.
+This BIO base64 encodes when writing and base64 decodes when 
+reading.  It will scan the input until a suitable begin line 
+is found.  After reading data, BIO_reset() will reset the 
+BIO to start scanning again.  Do not mix reading and writing 
+on the same base64 BIO.  It is meant as a single stream BIO.
+
+Directions	type
+both		BIO_s_mem()
+one/both	BIO_s_file()
+both		BIO_s_fd()
+both		BIO_s_socket() 
+both		BIO_s_null()
+both		BIO_f_buffer()
+one		BIO_f_md()  
+one		BIO_f_cipher()  
+one		BIO_f_base64()  
+both		BIO_f_ssl()
+
+It is easy to mix one and two directional BIOs, all one has 
+to do is to keep two separate BIO pointers for reading and 
+writing and be careful about usage of underlying BIOs.  The 
+SSL bio by it's very nature has to be two directional but 
+the BIO_push() command will push the one BIO into the SSL 
+BIO for both reading and writing.
+
+The best example program to look at is apps/enc.c and/or perhaps apps/dgst.c.
+
+
+==== blowfish.doc ========================================================
+
+The Blowfish library.
+
+Blowfish is a block cipher that operates on 64bit (8 byte) quantities.  It
+uses variable size key, but 128bit (16 byte) key would normally be considered
+good.  It can be used in all the modes that DES can be used.  This
+library implements the ecb, cbc, cfb64, ofb64 modes.
+
+Blowfish is quite a bit faster that DES, and much faster than IDEA or
+RC2.  It is one of the faster block ciphers.
+
+For all calls that have an 'input' and 'output' variables, they can be the
+same.
+
+This library requires the inclusion of 'blowfish.h'.
+
+All of the encryption functions take what is called an BF_KEY as an 
+argument.  An BF_KEY is an expanded form of the Blowfish key.
+For all modes of the Blowfish algorithm, the BF_KEY used for
+decryption is the same one that was used for encryption.
+
+The define BF_ENCRYPT is passed to specify encryption for the functions
+that require an encryption/decryption flag. BF_DECRYPT is passed to
+specify decryption.
+
+Please note that any of the encryption modes specified in my DES library
+could be used with Blowfish.  I have only implemented ecb, cbc, cfb64 and
+ofb64 for the following reasons.
+- ecb is the basic Blowfish encryption.
+- cbc is the normal 'chaining' form for block ciphers.
+- cfb64 can be used to encrypt single characters, therefore input and output
+  do not need to be a multiple of 8.
+- ofb64 is similar to cfb64 but is more like a stream cipher, not as
+  secure (not cipher feedback) but it does not have an encrypt/decrypt mode.
+- If you want triple Blowfish, thats 384 bits of key and you must be totally
+  obsessed with security.  Still, if you want it, it is simple enough to
+  copy the function from the DES library and change the des_encrypt to
+  BF_encrypt; an exercise left for the paranoid reader :-).
+
+The functions are as follows:
+
+void BF_set_key(
+BF_KEY *ks;
+int len;
+unsigned char *key;
+        BF_set_key converts an 'len' byte key into a BF_KEY.
+        A 'ks' is an expanded form of the 'key' which is used to
+        perform actual encryption.  It can be regenerated from the Blowfish key
+        so it only needs to be kept when encryption or decryption is about
+        to occur.  Don't save or pass around BF_KEY's since they
+        are CPU architecture dependent, 'key's are not.  Blowfish is an
+	interesting cipher in that it can be used with a variable length
+	key.  'len' is the length of 'key' to be used as the key.
+	A 'len' of 16 is recomended by me, but blowfish can use upto
+	72 bytes.  As a warning, blowfish has a very very slow set_key
+	function, it actually runs BF_encrypt 521 times.
+	
+void BF_encrypt(unsigned long *data, BF_KEY *key);
+void BF_decrypt(unsigned long *data, BF_KEY *key);
+	These are the Blowfish encryption function that gets called by just
+	about every other Blowfish routine in the library.  You should not
+	use this function except to implement 'modes' of Blowfish.
+	I say this because the
+	functions that call this routine do the conversion from 'char *' to
+	long, and this needs to be done to make sure 'non-aligned' memory
+	access do not occur.
+	Data is a pointer to 2 unsigned long's and key is the
+	BF_KEY to use. 
+
+void BF_ecb_encrypt(
+unsigned char *in,
+unsigned char *out,
+BF_KEY *key,
+int encrypt);
+	This is the basic Electronic Code Book form of Blowfish (in DES this
+	mode is called Electronic Code Book so I'm going to use the term
+	for blowfish as well.
+	Input is encrypted into output using the key represented by
+	key.  Depending on the encrypt, encryption or
+	decryption occurs.  Input is 8 bytes long and output is 8 bytes.
+	
+void BF_cbc_encrypt(
+unsigned char *in,
+unsigned char *out,
+long length,
+BF_KEY *ks,
+unsigned char *ivec,
+int encrypt);
+	This routine implements Blowfish in Cipher Block Chaining mode.
+	Input, which should be a multiple of 8 bytes is encrypted
+	(or decrypted) to output which will also be a multiple of 8 bytes.
+	The number of bytes is in length (and from what I've said above,
+	should be a multiple of 8).  If length is not a multiple of 8, bad 
+	things will probably happen.  ivec is the initialisation vector.
+	This function updates iv after each call so that it can be passed to
+	the next call to BF_cbc_encrypt().
+	
+void BF_cfb64_encrypt(
+unsigned char *in,
+unsigned char *out,
+long length,
+BF_KEY *schedule,
+unsigned char *ivec,
+int *num,
+int encrypt);
+	This is one of the more useful functions in this Blowfish library, it
+	implements CFB mode of Blowfish with 64bit feedback.
+	This allows you to encrypt an arbitrary number of bytes,
+	you do not require 8 byte padding.  Each call to this
+	routine will encrypt the input bytes to output and then update ivec
+	and num.  Num contains 'how far' we are though ivec.
+	'Encrypt' is used to indicate encryption or decryption.
+	CFB64 mode operates by using the cipher to generate a stream
+	of bytes which is used to encrypt the plain text.
+	The cipher text is then encrypted to generate the next 64 bits to
+	be xored (incrementally) with the next 64 bits of plain
+	text.  As can be seen from this, to encrypt or decrypt,
+	the same 'cipher stream' needs to be generated but the way the next
+	block of data is gathered for encryption is different for
+	encryption and decryption.
+	
+void BF_ofb64_encrypt(
+unsigned char *in,
+unsigned char *out,
+long length,
+BF_KEY *schedule,
+unsigned char *ivec,
+int *num);
+	This functions implements OFB mode of Blowfish with 64bit feedback.
+	This allows you to encrypt an arbitrary number of bytes,
+	you do not require 8 byte padding.  Each call to this
+	routine will encrypt the input bytes to output and then update ivec
+	and num.  Num contains 'how far' we are though ivec.
+	This is in effect a stream cipher, there is no encryption or
+	decryption mode.
+	
+For reading passwords, I suggest using des_read_pw_string() from my DES library.
+To generate a password from a text string, I suggest using MD5 (or MD2) to
+produce a 16 byte message digest that can then be passed directly to
+BF_set_key().
+
+=====
+For more information about the specific Blowfish modes in this library
+(ecb, cbc, cfb and ofb), read the section entitled 'Modes of DES' from the
+documentation on my DES library.  What is said about DES is directly
+applicable for Blowfish.
+
+
+==== bn.doc ========================================================
+
+The Big Number library.
+
+#include "bn.h" when using this library.
+
+This big number library was written for use in implementing the RSA and DH
+public key encryption algorithms.  As such, features such as negative
+numbers have not been extensively tested but they should work as expected.
+This library uses dynamic memory allocation for storing its data structures
+and so there are no limit on the size of the numbers manipulated by these
+routines but there is always the requirement to check return codes from
+functions just in case a memory allocation error has occurred.
+
+The basic object in this library is a BIGNUM.  It is used to hold a single
+large integer.  This type should be considered opaque and fields should not
+be modified or accessed directly.
+typedef struct bignum_st
+	{
+	int top;	/* Index of last used d. */
+	BN_ULONG *d;	/* Pointer to an array of 'BITS2' bit chunks. */
+	int max;	/* Size of the d array. */
+	int neg;
+	} BIGNUM;
+The big number is stored in a malloced array of BN_ULONG's.  A BN_ULONG can
+be either 16, 32 or 64 bits in size, depending on the 'number of  bits'
+specified in bn.h. 
+The 'd' field is this array.  'max' is the size of the 'd' array that has
+been allocated.  'top' is the 'last' entry being used, so for a value of 4,
+bn.d[0]=4 and bn.top=1.  'neg' is 1 if the number is negative.
+When a BIGNUM is '0', the 'd' field can be NULL and top == 0.
+
+Various routines in this library require the use of 'temporary' BIGNUM
+variables during their execution.  Due to the use of dynamic memory
+allocation to create BIGNUMs being rather expensive when used in
+conjunction with repeated subroutine calls, the BN_CTX structure is
+used.  This structure contains BN_CTX BIGNUMs.  BN_CTX
+is the maximum number of temporary BIGNUMs any publicly exported 
+function will use.
+
+#define BN_CTX	12
+typedef struct bignum_ctx
+	{
+	int tos;			/* top of stack */
+	BIGNUM *bn[BN_CTX];	/* The variables */
+	} BN_CTX;
+
+The functions that follow have been grouped according to function.  Most
+arithmetic functions return a result in the first argument, sometimes this
+first argument can also be an input parameter, sometimes it cannot.  These
+restrictions are documented.
+
+extern BIGNUM *BN_value_one;
+There is one variable defined by this library, a BIGNUM which contains the
+number 1.  This variable is useful for use in comparisons and assignment.
+
+Get Size functions.
+
+int BN_num_bits(BIGNUM *a);
+	This function returns the size of 'a' in bits.
+	
+int BN_num_bytes(BIGNUM *a);
+	This function (macro) returns the size of 'a' in bytes.
+	For conversion of BIGNUMs to byte streams, this is the number of
+	bytes the output string will occupy.  If the output byte
+	format specifies that the 'top' bit indicates if the number is
+	signed, so an extra '0' byte is required if the top bit on a
+	positive number is being written, it is upto the application to
+	make this adjustment.  Like I said at the start, I don't
+	really support negative numbers :-).
+
+Creation/Destruction routines.
+
+BIGNUM *BN_new();
+	Return a new BIGNUM object.  The number initially has a value of 0.  If
+	there is an error, NULL is returned.
+	
+void	BN_free(BIGNUM *a);
+	Free()s a BIGNUM.
+	
+void	BN_clear(BIGNUM *a);
+	Sets 'a' to a value of 0 and also zeros all unused allocated
+	memory.  This function is used to clear a variable of 'sensitive'
+	data that was held in it.
+	
+void	BN_clear_free(BIGNUM *a);
+	This function zeros the memory used by 'a' and then free()'s it.
+	This function should be used to BN_free() BIGNUMS that have held
+	sensitive numeric values like RSA private key values.  Both this
+	function and BN_clear tend to only be used by RSA and DH routines.
+
+BN_CTX *BN_CTX_new(void);
+	Returns a new BN_CTX.  NULL on error.
+	
+void	BN_CTX_free(BN_CTX *c);
+	Free a BN_CTX structure.  The BIGNUMs in 'c' are BN_clear_free()ed.
+	
+BIGNUM *bn_expand(BIGNUM *b, int bits);
+	This is an internal function that should not normally be used.  It
+	ensures that 'b' has enough room for a 'bits' bit number.  It is
+	mostly used by the various BIGNUM routines.  If there is an error,
+	NULL is returned. if not, 'b' is returned.
+	
+BIGNUM *BN_copy(BIGNUM *to, BIGNUM *from);
+	The 'from' is copied into 'to'.  NULL is returned if there is an
+	error, otherwise 'to' is returned.
+
+BIGNUM *BN_dup(BIGNUM *a);
+	A new BIGNUM is created and returned containing the value of 'a'.
+	NULL is returned on error.
+
+Comparison and Test Functions.
+
+int BN_is_zero(BIGNUM *a)
+	Return 1 if 'a' is zero, else 0.
+
+int BN_is_one(a)
+	Return 1 is 'a' is one, else 0.
+
+int BN_is_word(a,w)
+	Return 1 if 'a' == w, else 0.  'w' is a BN_ULONG.
+
+int BN_cmp(BIGNUM *a, BIGNUM *b);
+	Return -1 if 'a' is less than 'b', 0 if 'a' and 'b' are the same
+	and 1 is 'a' is greater than 'b'.  This is a signed comparison.
+	
+int BN_ucmp(BIGNUM *a, BIGNUM *b);
+	This function is the same as BN_cmp except that the comparison
+	ignores the sign of the numbers.
+	
+Arithmetic Functions
+For all of these functions, 0 is returned if there is an error and 1 is
+returned for success.  The return value should always be checked.  eg.
+if (!BN_add(r,a,b)) goto err;
+Unless explicitly mentioned, the 'return' value can be one of the
+'parameters' to the function.
+
+int BN_add(BIGNUM *r, BIGNUM *a, BIGNUM *b);
+	Add 'a' and 'b' and return the result in 'r'.  This is r=a+b.
+	
+int BN_sub(BIGNUM *r, BIGNUM *a, BIGNUM *b);
+	Subtract 'a' from 'b' and put the result in 'r'. This is r=a-b.
+	
+int BN_lshift(BIGNUM *r, BIGNUM *a, int n);
+	Shift 'a' left by 'n' bits.  This is r=a*(2^n).
+	
+int BN_lshift1(BIGNUM *r, BIGNUM *a);
+	Shift 'a' left by 1 bit.  This form is more efficient than
+	BN_lshift(r,a,1).  This is r=a*2.
+	
+int BN_rshift(BIGNUM *r, BIGNUM *a, int n);
+	Shift 'a' right by 'n' bits.  This is r=int(a/(2^n)).
+	
+int BN_rshift1(BIGNUM *r, BIGNUM *a);
+	Shift 'a' right by 1 bit.  This form is more efficient than
+	BN_rshift(r,a,1).  This is r=int(a/2).
+	
+int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b);
+	Multiply a by b and return the result in 'r'. 'r' must not be
+	either 'a' or 'b'.  It has to be a different BIGNUM.
+	This is r=a*b.
+
+int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx);
+	Multiply a by a and return the result in 'r'. 'r' must not be
+	'a'.  This function is alot faster than BN_mul(r,a,a).  This is r=a*a.
+
+int BN_div(BIGNUM *dv, BIGNUM *rem, BIGNUM *m, BIGNUM *d, BN_CTX *ctx);
+	Divide 'm' by 'd' and return the result in 'dv' and the remainder
+	in 'rem'.  Either of 'dv' or 'rem' can be NULL in which case that
+	value is not returned.  'ctx' needs to be passed as a source of
+	temporary BIGNUM variables.
+	This is dv=int(m/d), rem=m%d.
+	
+int BN_mod(BIGNUM *rem, BIGNUM *m, BIGNUM *d, BN_CTX *ctx);
+	Find the remainder of 'm' divided by 'd' and return it in 'rem'.
+	'ctx' holds the temporary BIGNUMs required by this function.
+	This function is more efficient than BN_div(NULL,rem,m,d,ctx);
+	This is rem=m%d.
+
+int BN_mod_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BIGNUM *m,BN_CTX *ctx);
+	Multiply 'a' by 'b' and return the remainder when divided by 'm'.
+	'ctx' holds the temporary BIGNUMs required by this function.
+	This is r=(a*b)%m.
+
+int BN_mod_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BIGNUM *m,BN_CTX *ctx);
+	Raise 'a' to the 'p' power and return the remainder when divided by
+	'm'.  'ctx' holds the temporary BIGNUMs required by this function.
+	This is r=(a^p)%m.
+
+int BN_reciprocal(BIGNUM *r, BIGNUM *m, BN_CTX *ctx);
+	Return the reciprocal of 'm'.  'ctx' holds the temporary variables
+	required.  This function returns -1 on error, otherwise it returns
+	the number of bits 'r' is shifted left to make 'r' into an integer.
+	This number of bits shifted is required in BN_mod_mul_reciprocal().
+	This is r=(1/m)<<(BN_num_bits(m)+1).
+	
+int BN_mod_mul_reciprocal(BIGNUM *r, BIGNUM *x, BIGNUM *y, BIGNUM *m, 
+	BIGNUM *i, int nb, BN_CTX *ctx);
+	This function is used to perform an efficient BN_mod_mul()
+	operation.  If one is going to repeatedly perform BN_mod_mul() with
+	the same modulus is worth calculating the reciprocal of the modulus
+	and then using this function.  This operation uses the fact that
+	a/b == a*r where r is the reciprocal of b.  On modern computers
+	multiplication is very fast and big number division is very slow.
+	'x' is multiplied by 'y' and then divided by 'm' and the remainder
+	is returned.  'i' is the reciprocal of 'm' and 'nb' is the number
+	of bits as returned from BN_reciprocal().  Normal usage is as follows.
+	bn=BN_reciprocal(i,m);
+	for (...)
+		{ BN_mod_mul_reciprocal(r,x,y,m,i,bn,ctx); }
+	This is r=(x*y)%m.  Internally it is approximately
+	r=(x*y)-m*(x*y/m) or r=(x*y)-m*((x*y*i) >> bn)
+	This function is used in BN_mod_exp() and BN_is_prime().
+
+Assignment Operations
+
+int BN_one(BIGNUM *a)
+	Set 'a' to hold the value one.
+	This is a=1.
+	
+int BN_zero(BIGNUM *a)
+	Set 'a' to hold the value zero.
+	This is a=0.
+	
+int BN_set_word(BIGNUM *a, unsigned long w);
+	Set 'a' to hold the value of 'w'.  'w' is an unsigned long.
+	This is a=w.
+
+unsigned long BN_get_word(BIGNUM *a);
+	Returns 'a' in an unsigned long.  Not remarkably, often 'a' will
+	be biger than a word, in which case 0xffffffffL is returned.
+
+Word Operations
+These functions are much more efficient that the normal bignum arithmetic
+operations.
+
+BN_ULONG BN_mod_word(BIGNUM *a, unsigned long w);
+	Return the remainder of 'a' divided by 'w'.
+	This is return(a%w).
+	
+int BN_add_word(BIGNUM *a, unsigned long w);
+	Add 'w' to 'a'.  This function does not take the sign of 'a' into
+	account.  This is a+=w;
+	
+Bit operations.
+
+int BN_is_bit_set(BIGNUM *a, int n);
+	This function return 1 if bit 'n' is set in 'a' else 0.
+
+int BN_set_bit(BIGNUM *a, int n);
+	This function sets bit 'n' to 1 in 'a'. 
+	This is a&= ~(1< 0, the call is aborted
+and the returned <= 0 value is returned.
+The second time the callback is called, the 'cmd' value also has
+BIO_CB_RETURN logically 'or'ed with it.  The 'ret' value is the value returned
+from the actuall function call and whatever the callback returns is returned
+from the BIO function.
+
+BIO_set_callback(b,cb) can be used to set the callback function
+(b is a BIO), and BIO_set_callback_arg(b,arg) can be used to
+set the cb_arg argument in the BIO strucutre.  This field is only intended
+to be used by application, primarily in the callback function since it is
+accessable since the BIO is passed.
+
+--------------------------
+The PEM library.
+
+The pem library only really uses one type of callback,
+static int def_callback(char *buf, int num, int verify);
+which is used to return a password string if required.
+'buf' is the buffer to put the string in.  'num' is the size of 'buf'
+and 'verify' is used to indicate that the password should be checked.
+This last flag is mostly used when reading a password for encryption.
+
+For all of these functions, a NULL callback will call the above mentioned
+default callback.  This default function does not work under Windows 3.1.
+For other machines, it will use an application defined prompt string
+(EVP_set_pw_prompt(), which defines a library wide prompt string)
+if defined, otherwise it will use it's own PEM password prompt.
+It will then call EVP_read_pw_string() to get a password from the console.
+If your application wishes to use nice fancy windows to retrieve passwords,
+replace this function.  The callback should return the number of bytes read
+into 'buf'.  If the number of bytes <= 0, it is considered an error.
+
+Functions that take this callback are listed below.  For the 'read' type
+functions, the callback will only be required if the PEM data is encrypted.
+
+For the Write functions, normally a password can be passed in 'kstr', of
+'klen' bytes which will be used if the 'enc' cipher is not NULL.  If
+'kstr' is NULL, the callback will be used to retrieve a password.
+
+int PEM_do_header (EVP_CIPHER_INFO *cipher, unsigned char *data,long *len,
+	int (*callback)());
+char *PEM_ASN1_read_bio(char *(*d2i)(),char *name,BIO *bp,char **x,int (*cb)());
+char *PEM_ASN1_read(char *(*d2i)(),char *name,FILE *fp,char **x,int (*cb)());
+int PEM_ASN1_write_bio(int (*i2d)(),char *name,BIO *bp,char *x,
+	EVP_CIPHER *enc,unsigned char *kstr,int klen,int (*callback)());
+int PEM_ASN1_write(int (*i2d)(),char *name,FILE *fp,char *x,
+	EVP_CIPHER *enc,unsigned char *kstr,int klen,int (*callback)());
+STACK *PEM_X509_INFO_read(FILE *fp, STACK *sk, int (*cb)());
+STACK *PEM_X509_INFO_read_bio(BIO *fp, STACK *sk, int (*cb)());
+
+#define	PEM_write_RSAPrivateKey(fp,x,enc,kstr,klen,cb)
+#define	PEM_write_DSAPrivateKey(fp,x,enc,kstr,klen,cb)
+#define	PEM_write_bio_RSAPrivateKey(bp,x,enc,kstr,klen,cb)
+#define	PEM_write_bio_DSAPrivateKey(bp,x,enc,kstr,klen,cb)
+#define	PEM_read_SSL_SESSION(fp,x,cb)
+#define	PEM_read_X509(fp,x,cb)
+#define	PEM_read_X509_REQ(fp,x,cb)
+#define	PEM_read_X509_CRL(fp,x,cb)
+#define	PEM_read_RSAPrivateKey(fp,x,cb)
+#define	PEM_read_DSAPrivateKey(fp,x,cb)
+#define	PEM_read_PrivateKey(fp,x,cb)
+#define	PEM_read_PKCS7(fp,x,cb)
+#define	PEM_read_DHparams(fp,x,cb)
+#define	PEM_read_bio_SSL_SESSION(bp,x,cb)
+#define	PEM_read_bio_X509(bp,x,cb)
+#define	PEM_read_bio_X509_REQ(bp,x,cb)
+#define	PEM_read_bio_X509_CRL(bp,x,cb)
+#define	PEM_read_bio_RSAPrivateKey(bp,x,cb)
+#define	PEM_read_bio_DSAPrivateKey(bp,x,cb)
+#define	PEM_read_bio_PrivateKey(bp,x,cb)
+#define	PEM_read_bio_PKCS7(bp,x,cb)
+#define	PEM_read_bio_DHparams(bp,x,cb)
+int i2d_Netscape_RSA(RSA *a, unsigned char **pp, int (*cb)());
+RSA *d2i_Netscape_RSA(RSA **a, unsigned char **pp, long length, int (*cb)());
+
+Now you will notice that macros like
+#define PEM_write_X509(fp,x) \
+                PEM_ASN1_write((int (*)())i2d_X509,PEM_STRING_X509,fp, \
+		                        (char *)x, NULL,NULL,0,NULL)
+Don't do encryption normally.  If you want to PEM encrypt your X509 structure,
+either just call PEM_ASN1_write directly or just define you own
+macro variant.  As you can see, this macro just sets all encryption related
+parameters to NULL.
+
+
+--------------------------
+The SSL library.
+
+#define SSL_set_info_callback(ssl,cb)
+#define SSL_CTX_set_info_callback(ctx,cb)
+void callback(SSL *ssl,int location,int ret)
+This callback is called each time around the SSL_connect()/SSL_accept() 
+state machine.  So it will be called each time the SSL protocol progresses.
+It is mostly present for use when debugging.  When SSL_connect() or
+SSL_accept() return, the location flag is SSL_CB_ACCEPT_EXIT or
+SSL_CB_CONNECT_EXIT and 'ret' is the value about to be returned.
+Have a look at the SSL_CB_* defines in ssl.h.  If an info callback is defined
+against the SSL_CTX, it is called unless there is one set against the SSL.
+Have a look at
+void client_info_callback() in apps/s_client() for an example.
+
+Certificate verification.
+void SSL_set_verify(SSL *s, int mode, int (*callback) ());
+void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,int (*callback)());
+This callback is used to help verify client and server X509 certificates.
+It is actually passed to X509_cert_verify(), along with the SSL structure
+so you have to read about X509_cert_verify() :-).  The SSL_CTX version is used
+if the SSL version is not defined.  X509_cert_verify() is the function used
+by the SSL part of the library to verify certificates.  This function is
+nearly always defined by the application.
+
+void SSL_CTX_set_cert_verify_cb(SSL_CTX *ctx, int (*cb)(),char *arg);
+int callback(char *arg,SSL *s,X509 *xs,STACK *cert_chain);
+This call is used to replace the SSLeay certificate verification code.
+The 'arg' is kept in the SSL_CTX and is passed to the callback.
+If the callback returns 0, the certificate is rejected, otherwise it
+is accepted.  The callback is replacing the X509_cert_verify() call.
+This feature is not often used, but if you wished to implement
+some totally different certificate authentication system, this 'hook' is
+vital.
+
+SSLeay keeps a cache of session-ids against each SSL_CTX.  These callbacks can
+be used to notify the application when a SSL_SESSION is added to the cache
+or to retrieve a SSL_SESSION that is not in the cache from the application.
+#define SSL_CTX_sess_set_get_cb(ctx,cb)
+SSL_SESSION *callback(SSL *s,char *session_id,int session_id_len,int *copy);
+If defined, this callback is called to return the SESSION_ID for the
+session-id in 'session_id', of 'session_id_len' bytes.  'copy' is set to 1
+if the server is to 'take a copy' of the SSL_SESSION structure.  It is 0
+if the SSL_SESSION is being 'passed in' so the SSLeay library is now
+responsible for 'free()ing' the structure.  Basically it is used to indicate
+if the reference count on the SSL_SESSION structure needs to be incremented.
+
+#define SSL_CTX_sess_set_new_cb(ctx,cb)
+int callback(SSL *s, SSL_SESSION *sess);
+When a new connection is established, if the SSL_SESSION is going to be added
+to the cache, this callback is called.  Return 1 if a 'copy' is required,
+otherwise, return 0.  This return value just causes the reference count
+to be incremented (on return of a 1), this means the application does
+not need to worry about incrementing the refernece count (and the
+locking that implies in a multi-threaded application).
+
+void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx,int (*cb)());
+This sets the SSL password reading function.
+It is mostly used for windowing applications
+and used by PEM_read_bio_X509() and PEM_read_bio_RSAPrivateKey()
+calls inside the SSL library.   The only reason this is present is because the
+calls to PEM_* functions is hidden in the SSLeay library so you have to
+pass in the callback some how.
+
+#define SSL_CTX_set_client_cert_cb(ctx,cb)
+int callback(SSL *s,X509 **x509, EVP_PKEY **pkey);
+Called when a client certificate is requested but there is not one set
+against the SSL_CTX or the SSL.  If the callback returns 1, x509 and
+pkey need to point to valid data.  The library will free these when
+required so if the application wants to keep these around, increment
+their reference counts.  If 0 is returned, no client cert is
+available.  If -1 is returned, it is assumed that the callback needs
+to be called again at a later point in time.  SSL_connect will return
+-1 and SSL_want_x509_lookup(ssl) returns true.  Remember that
+application data can be attached to an SSL structure via the
+SSL_set_app_data(SSL *ssl,char *data) call.
+
+--------------------------
+The X509 library.
+
+int X509_cert_verify(CERTIFICATE_CTX *ctx,X509 *xs, int (*cb)(),
+	int *error,char *arg,STACK *cert_chain);
+int verify_callback(int ok,X509 *xs,X509 *xi,int depth,int error,char *arg,
+	STACK *cert_chain);
+
+X509_cert_verify() is used to authenticate X509 certificates.  The 'ctx' holds
+the details of the various caches and files used to locate certificates.
+'xs' is the certificate to verify and 'cb' is the application callback (more
+detail later).  'error' will be set to the error code and 'arg' is passed
+to the 'cb' callback.  Look at the VERIFY_* defines in crypto/x509/x509.h
+
+When ever X509_cert_verify() makes a 'negative' decision about a
+certitificate, the callback is called.  If everything checks out, the
+callback is called with 'VERIFY_OK' or 'VERIFY_ROOT_OK' (for a self
+signed cert that is not the passed certificate).
+
+The callback is passed the X509_cert_verify opinion of the certificate 
+in 'ok', the certificate in 'xs', the issuer certificate in 'xi',
+the 'depth' of the certificate in the verification 'chain', the
+VERIFY_* code in 'error' and the argument passed to X509_cert_verify()
+in 'arg'. cert_chain is a list of extra certs to use if they are not
+in the cache.
+
+The callback can be used to look at the error reason, and then return 0
+for an 'error' or '1' for ok.  This will override the X509_cert_verify()
+opinion of the certificates validity.  Processing will continue depending on
+the return value.  If one just wishes to use the callback for informational
+reason, just return the 'ok' parameter.
+
+--------------------------
+The BN and DH library.
+
+BIGNUM *BN_generate_prime(int bits,int strong,BIGNUM *add,
+	BIGNUM *rem,void (*callback)(int,int));
+int BN_is_prime(BIGNUM *p,int nchecks,void (*callback)(int,int),
+
+Read doc/bn.doc for the description of these 2.
+
+DH *DH_generate_parameters(int prime_len,int generator,
+	void (*callback)(int,int));
+Read doc/bn.doc for the description of the callback, since it is just passed
+to BN_generate_prime(), except that it is also called as
+callback(3,0) by this function.
+
+--------------------------
+The CRYPTO library.
+
+void CRYPTO_set_locking_callback(void (*func)(int mode,int type,char *file,
+	int line));
+void CRYPTO_set_add_lock_callback(int (*func)(int *num,int mount,
+	int type,char *file, int line));
+void CRYPTO_set_id_callback(unsigned long (*func)(void));
+
+Read threads.doc for info on these ones.
+
+
+==== cipher.doc ========================================================
+
+The Cipher subroutines.
+
+These routines require "evp.h" to be included.
+
+These functions are a higher level interface to the various cipher
+routines found in this library.  As such, they allow the same code to be
+used to encrypt and decrypt via different ciphers with only a change
+in an initial parameter.  These routines also provide buffering for block
+ciphers.
+
+These routines all take a pointer to the following structure to specify
+which cipher to use.  If you wish to use a new cipher with these routines,
+you would probably be best off looking an how an existing cipher is
+implemented and copying it.  At this point in time, I'm not going to go
+into many details.  This structure should be considered opaque
+
+typedef struct pem_cipher_st
+	{
+	int type;
+	int block_size;
+	int key_len;
+	int iv_len;
+	void (*enc_init)();	/* init for encryption */
+	void (*dec_init)();	/* init for decryption */
+	void (*do_cipher)();	/* encrypt data */
+	} EVP_CIPHER;
+	
+The type field is the object NID of the cipher type
+(read the section on Objects for an explanation of what a NID is).
+The cipher block_size is how many bytes need to be passed
+to the cipher at a time.  Key_len is the
+length of the key the cipher requires and iv_len is the length of the
+initialisation vector required.  enc_init is the function
+called to initialise the ciphers context for encryption and dec_init is the
+function to initialise for decryption (they need to be different, especially
+for the IDEA cipher).
+
+One reason for specifying the Cipher via a pointer to a structure
+is that if you only use des-cbc, only the des-cbc routines will
+be included when you link the program.  If you passed an integer
+that specified which cipher to use, the routine that mapped that
+integer to a set of cipher functions would cause all the ciphers
+to be link into the code.  This setup also allows new ciphers
+to be added by the application (with some restrictions).
+
+The thirteen ciphers currently defined in this library are
+
+EVP_CIPHER *EVP_des_ecb();     /* DES in ecb mode,     iv=0, block=8, key= 8 */
+EVP_CIPHER *EVP_des_ede();     /* DES in ecb ede mode, iv=0, block=8, key=16 */
+EVP_CIPHER *EVP_des_ede3();    /* DES in ecb ede mode, iv=0, block=8, key=24 */
+EVP_CIPHER *EVP_des_cfb();     /* DES in cfb mode,     iv=8, block=1, key= 8 */
+EVP_CIPHER *EVP_des_ede_cfb(); /* DES in ede cfb mode, iv=8, block=1, key=16 */
+EVP_CIPHER *EVP_des_ede3_cfb();/* DES in ede cfb mode, iv=8, block=1, key=24 */
+EVP_CIPHER *EVP_des_ofb();     /* DES in ofb mode,     iv=8, block=1, key= 8 */
+EVP_CIPHER *EVP_des_ede_ofb(); /* DES in ede ofb mode, iv=8, block=1, key=16 */
+EVP_CIPHER *EVP_des_ede3_ofb();/* DES in ede ofb mode, iv=8, block=1, key=24 */
+EVP_CIPHER *EVP_des_cbc();     /* DES in cbc mode,     iv=8, block=8, key= 8 */
+EVP_CIPHER *EVP_des_ede_cbc(); /* DES in cbc ede mode, iv=8, block=8, key=16 */
+EVP_CIPHER *EVP_des_ede3_cbc();/* DES in cbc ede mode, iv=8, block=8, key=24 */
+EVP_CIPHER *EVP_desx_cbc();    /* DES in desx cbc mode,iv=8, block=8, key=24 */
+EVP_CIPHER *EVP_rc4();         /* RC4,                 iv=0, block=1, key=16 */
+EVP_CIPHER *EVP_idea_ecb();    /* IDEA in ecb mode,    iv=0, block=8, key=16 */
+EVP_CIPHER *EVP_idea_cfb();    /* IDEA in cfb mode,    iv=8, block=1, key=16 */
+EVP_CIPHER *EVP_idea_ofb();    /* IDEA in ofb mode,    iv=8, block=1, key=16 */
+EVP_CIPHER *EVP_idea_cbc();    /* IDEA in cbc mode,    iv=8, block=8, key=16 */
+EVP_CIPHER *EVP_rc2_ecb();     /* RC2 in ecb mode,     iv=0, block=8, key=16 */
+EVP_CIPHER *EVP_rc2_cfb();     /* RC2 in cfb mode,     iv=8, block=1, key=16 */
+EVP_CIPHER *EVP_rc2_ofb();     /* RC2 in ofb mode,     iv=8, block=1, key=16 */
+EVP_CIPHER *EVP_rc2_cbc();     /* RC2 in cbc mode,     iv=8, block=8, key=16 */
+EVP_CIPHER *EVP_bf_ecb();      /* Blowfish in ecb mode,iv=0, block=8, key=16 */
+EVP_CIPHER *EVP_bf_cfb();      /* Blowfish in cfb mode,iv=8, block=1, key=16 */
+EVP_CIPHER *EVP_bf_ofb();      /* Blowfish in ofb mode,iv=8, block=1, key=16 */
+EVP_CIPHER *EVP_bf_cbc();      /* Blowfish in cbc mode,iv=8, block=8, key=16 */
+
+The meaning of the compound names is as follows.
+des	The base cipher is DES.
+idea	The base cipher is IDEA
+rc4	The base cipher is RC4-128
+rc2	The base cipher is RC2-128
+ecb	Electronic Code Book form of the cipher.
+cbc	Cipher Block Chaining form of the cipher.
+cfb	64 bit Cipher Feedback form of the cipher.
+ofb	64 bit Output Feedback form of the cipher.
+ede	The cipher is used in Encrypt, Decrypt, Encrypt mode.  The first
+	and last keys are the same.
+ede3	The cipher is used in Encrypt, Decrypt, Encrypt mode.
+
+All the Cipher routines take a EVP_CIPHER_CTX pointer as an argument.
+The state of the cipher is kept in this structure.
+
+typedef struct EVP_CIPHER_Ctx_st
+	{
+	EVP_CIPHER *cipher;
+	int encrypt;		/* encrypt or decrypt */
+	int buf_len;		/* number we have left */
+	unsigned char buf[8];
+	union	{
+		.... /* cipher specific stuff */
+		} c;
+	} EVP_CIPHER_CTX;
+
+Cipher is a pointer the the EVP_CIPHER for the current context.  The encrypt
+flag indicates encryption or decryption.  buf_len is the number of bytes
+currently being held in buf.
+The 'c' union holds the cipher specify context.
+
+The following functions are to be used.
+
+int EVP_read_pw_string(
+char *buf,
+int len,
+char *prompt,
+int verify,
+	This function is the same as des_read_pw_string() (des.doc).
+
+void EVP_set_pw_prompt(char *prompt);
+	This function sets the 'default' prompt to use to use in
+	EVP_read_pw_string when the prompt parameter is NULL.  If the
+	prompt parameter is NULL, this 'default prompt' feature is turned
+	off.  Be warned, this is a global variable so weird things
+	will happen if it is used under Win16 and care must be taken
+	with a multi-threaded version of the library.
+
+char *EVP_get_pw_prompt();
+	This returns a pointer to the default prompt string.  NULL
+	if it is not set.
+
+int EVP_BytesToKey(
+EVP_CIPHER *type,
+EVP_MD *md,
+unsigned char *salt,
+unsigned char *data,
+int datal,
+int count,
+unsigned char *key,
+unsigned char *iv);
+	This function is used to generate a key and an initialisation vector
+	for a specified cipher from a key string and a salt.  Type
+	specifies the cipher the 'key' is being generated for.  Md is the
+	message digest algorithm to use to generate the key and iv.  The salt
+	is an optional 8 byte object that is used to help seed the key
+	generator.
+	If the salt value is NULL, it is just not used.  Datal is the
+	number of bytes to use from 'data' in the key generation.  
+	This function returns the key size for the specified cipher, if
+	data is NULL, this value is returns and no other
+	computation is performed.  Count is
+	the number of times to loop around the key generator.  I would
+	suggest leaving it's value as 1.  Key and iv are the structures to
+	place the returning iv and key in.  If they are NULL, no value is
+	generated for that particular value.
+	The algorithm used is as follows
+	
+	/* M[] is an array of message digests
+	 * MD() is the message digest function */
+	M[0]=MD(data . salt);
+	for (i=1; i key=M[0.. 8], iv=M[ 9 .. 16].
+	For key=16, iv=0 => key=M[0..16].
+	For key=16, iv=8 => key=M[0..16], iv=M[17 .. 24].
+	For key=24, iv=8 => key=M[0..24], iv=M[25 .. 32].
+
+	This routine will produce DES-CBC keys and iv that are compatible
+	with the PKCS-5 standard when md2 or md5 are used.  If md5 is
+	used, the salt is NULL and count is 1, this routine will produce
+	the password to key mapping normally used with RC4.
+	I have attempted to logically extend the PKCS-5 standard to
+	generate keys and iv for ciphers that require more than 16 bytes,
+	if anyone knows what the correct standard is, please inform me.
+	When using sha or sha1, things are a bit different under this scheme,
+	since sha produces a 20 byte digest.  So for ciphers requiring
+	24 bits of data, 20 will come from the first MD and 4 will
+	come from the second.
+
+	I have considered having a separate function so this 'routine'
+	can be used without the requirement of passing a EVP_CIPHER *,
+	but I have decided to not bother.  If you wish to use the
+	function without official EVP_CIPHER structures, just declare
+	a local one and set the key_len and iv_len fields to the
+	length you desire.
+
+The following routines perform encryption and decryption 'by parts'.  By
+this I mean that there are groups of 3 routines.  An Init function that is
+used to specify a cipher and initialise data structures.  An Update routine
+that does encryption/decryption, one 'chunk' at a time.  And finally a
+'Final' function that finishes the encryption/decryption process.
+All these functions take a EVP_CIPHER pointer to specify which cipher to
+encrypt/decrypt with.  They also take a EVP_CIPHER_CTX object as an
+argument.  This structure is used to hold the state information associated
+with the operation in progress.
+
+void EVP_EncryptInit(
+EVP_CIPHER_CTX *ctx,
+EVP_CIPHER *type,
+unsigned char *key,
+unsigned char *iv);
+	This function initialise a EVP_CIPHER_CTX for encryption using the
+	cipher passed in the 'type' field.  The cipher is initialised to use
+	'key' as the key and 'iv' for the initialisation vector (if one is
+	required).  If the type, key or iv is NULL, the value currently in the
+	EVP_CIPHER_CTX is reused.  So to perform several decrypt
+	using the same cipher, key and iv, initialise with the cipher,
+	key and iv the first time and then for subsequent calls,
+	reuse 'ctx' but pass NULL for type, key and iv.  You must make sure
+	to pass a key that is large enough for a particular cipher.  I
+	would suggest using the EVP_BytesToKey() function.
+
+void EVP_EncryptUpdate(
+EVP_CIPHER_CTX *ctx,
+unsigned char *out,
+int *outl,
+unsigned char *in,
+int inl);
+	This function takes 'inl' bytes from 'in' and outputs bytes
+	encrypted by the cipher 'ctx' was initialised with into 'out'.  The
+	number of bytes written to 'out' is put into outl.  If a particular
+	cipher encrypts in blocks, less or more bytes than input may be
+	output.  Currently the largest block size used by supported ciphers
+	is 8 bytes, so 'out' should have room for 'inl+7' bytes.  Normally
+	EVP_EncryptInit() is called once, followed by lots and lots of
+	calls to EVP_EncryptUpdate, followed by a single EVP_EncryptFinal
+	call.
+
+void EVP_EncryptFinal(
+EVP_CIPHER_CTX *ctx,
+unsigned char *out,
+int *outl);
+	Because quite a large number of ciphers are block ciphers, there is
+	often an incomplete block to write out at the end of the
+	encryption.  EVP_EncryptFinal() performs processing on this last
+	block.  The last block in encoded in such a way that it is possible
+	to determine how many bytes in the last block are valid.  For 8 byte
+	block size ciphers, if only 5 bytes in the last block are valid, the
+	last three bytes will be filled with the value 3.  If only 2 were
+	valid, the other 6 would be filled with sixes.  If all 8 bytes are
+	valid, a extra 8 bytes are appended to the cipher stream containing
+	nothing but 8 eights.  These last bytes are output into 'out' and
+	the number of bytes written is put into 'outl'  These last bytes
+	are output into 'out' and the number of bytes written is put into
+	'outl'.  This form of block cipher finalisation is compatible with
+	PKCS-5.  Please remember that even if you are using ciphers like
+	RC4 that has no blocking and so the function will not write
+	anything into 'out', it would still be a good idea to pass a
+	variable for 'out' that can hold 8 bytes just in case the cipher is
+	changed some time in the future.  It should also be remembered
+	that the EVP_CIPHER_CTX contains the password and so when one has
+	finished encryption with a particular EVP_CIPHER_CTX, it is good
+	practice to zero the structure 
+	(ie. memset(ctx,0,sizeof(EVP_CIPHER_CTX)).
+	
+void EVP_DecryptInit(
+EVP_CIPHER_CTX *ctx,
+EVP_CIPHER *type,
+unsigned char *key,
+unsigned char *iv);
+	This function is basically the same as EVP_EncryptInit() accept that
+	is prepares the EVP_CIPHER_CTX for decryption.
+
+void EVP_DecryptUpdate(
+EVP_CIPHER_CTX *ctx,
+unsigned char *out,
+int *outl,
+unsigned char *in,
+int inl);
+	This function is basically the same as EVP_EncryptUpdate()
+	except that it performs decryption.  There is one
+	fundamental difference though.  'out' can not be the same as
+	'in' for any ciphers with a block size greater than 1 if more
+	than one call to EVP_DecryptUpdate() will be made.  This
+	is because this routine can hold a 'partial' block between
+	calls.  When a partial block is decrypted (due to more bytes
+	being passed via this function, they will be written to 'out'
+	overwriting the input bytes in 'in' that have not been read
+	yet.  From this it should also be noted that 'out' should
+	be at least one 'block size' larger than 'inl'.  This problem
+	only occurs on the second and subsequent call to
+	EVP_DecryptUpdate() when using a block cipher.
+
+int EVP_DecryptFinal(
+EVP_CIPHER_CTX *ctx,
+unsigned char *out,
+int *outl);
+	This function is different to EVP_EncryptFinal in that it 'removes'
+	any padding bytes appended when the data was encrypted.  Due to the
+	way in which 1 to 8 bytes may have been appended when encryption
+	using a block cipher, 'out' can end up with 0 to 7 bytes being put
+	into it.  When decoding the padding bytes, it is possible to detect
+	an incorrect decryption.  If the decryption appears to be wrong, 0
+	is returned.  If everything seems ok, 1 is returned.  For ciphers
+	with a block size of 1 (RC4), this function would normally not
+	return any bytes and would always return 1.  Just because this
+	function returns 1 does not mean the decryption was correct. It
+	would normally be wrong due to either the wrong key/iv or
+	corruption of the cipher data fed to EVP_DecryptUpdate().
+	As for EVP_EncryptFinal, it is a good idea to zero the
+	EVP_CIPHER_CTX after use since the structure contains the key used
+	to decrypt the data.
+	
+The following Cipher routines are convenience routines that call either
+EVP_EncryptXxx or EVP_DecryptXxx depending on weather the EVP_CIPHER_CTX
+was setup to encrypt or decrypt.  
+
+void EVP_CipherInit(
+EVP_CIPHER_CTX *ctx,
+EVP_CIPHER *type,
+unsigned char *key,
+unsigned char *iv,
+int enc);
+	This function take arguments that are the same as EVP_EncryptInit()
+	and EVP_DecryptInit() except for the extra 'enc' flag.  If 1, the
+	EVP_CIPHER_CTX is setup for encryption, if 0, decryption.
+
+void EVP_CipherUpdate(
+EVP_CIPHER_CTX *ctx,
+unsigned char *out,
+int *outl,
+unsigned char *in,
+int inl);
+	Again this function calls either EVP_EncryptUpdate() or
+	EVP_DecryptUpdate() depending on state in the 'ctx' structure.
+	As noted for EVP_DecryptUpdate(), when this routine is used
+	for decryption with block ciphers, 'out' should not be the
+	same as 'in'.
+
+int EVP_CipherFinal(
+EVP_CIPHER_CTX *ctx,
+unsigned char *outm,
+int *outl);
+	This routine call EVP_EncryptFinal() or EVP_DecryptFinal()
+	depending on the state information in 'ctx'.  1 is always returned
+	if the mode is encryption, otherwise the return value is the return
+	value of EVP_DecryptFinal().
+
+==== cipher.m ========================================================
+
+Date: Tue, 15 Oct 1996 08:16:14 +1000 (EST)
+From: Eric Young 
+X-Sender: eay@orb
+To: Roland Haring 
+Cc: ssl-users@mincom.com
+Subject: Re: Symmetric encryption with ssleay
+In-Reply-To: 
+Message-Id: 
+Mime-Version: 1.0
+Content-Type: TEXT/PLAIN; charset=US-ASCII
+Sender: ssl-lists-owner@mincom.com
+Precedence: bulk
+Status: RO
+X-Status: 
+
+On Fri, 11 Oct 1996, Roland Haring wrote:
+> THE_POINT:
+> 	Would somebody be so kind to give me the minimum basic 
+> 	calls I need to do to libcrypto.a to get some text encrypted
+> 	and decrypted again? ...hopefully with code included to do
+> 	base64 encryption and decryption ... e.g. that sign-it.c code
+> 	posted some while ago was a big help :-) (please, do not point
+> 	me to apps/enc.c where I suspect my Heissenbug to be hidden :-)
+
+Ok, the base64 encoding stuff in 'enc.c' does the wrong thing sometimes 
+when the data is less than a line long (this is for decoding).  I'll dig 
+up the exact fix today and post it.  I am taking longer on 0.6.5 than I 
+intended so I'll just post this patch.
+
+The documentation to read is in
+doc/cipher.doc,
+doc/encode.doc (very sparse :-).
+and perhaps
+doc/digest.doc,
+
+The basic calls to encrypt with say triple DES are
+
+Given
+char key[EVP_MAX_KEY_LENGTH];
+char iv[EVP_MAX_IV_LENGTH];
+EVP_CIPHER_CTX ctx;
+unsigned char out[512+8];
+int outl;
+
+/* optional generation of key/iv data from text password using md5
+ * via an upward compatable verson of PKCS#5. */
+EVP_BytesToKey(EVP_des_ede3_cbc,EVP_md5,NULL,passwd,strlen(passwd),
+	key,iv);
+
+/* Initalise the EVP_CIPHER_CTX */
+EVP_EncryptInit(ctx,EVP_des_ede3_cbc,key,iv);
+
+while (....)
+	{
+	/* This is processing 512 bytes at a time, the bytes are being
+	 * copied into 'out', outl bytes are output.  'out' should not be the
+	 * same as 'in' for reasons mentioned in the documentation. */
+	EVP_EncryptUpdate(ctx,out,&outl,in,512);
+	}
+
+/* Output the last 'block'.  If the cipher is a block cipher, the last
+ * block is encoded in such a way so that a wrong decryption will normally be
+ * detected - again, one of the PKCS standards. */
+
+EVP_EncryptFinal(ctx,out,&outl);
+
+To decrypt, use the EVP_DecryptXXXXX functions except that EVP_DecryptFinal()
+will return 0 if the decryption fails (only detectable on block ciphers).
+
+You can also use
+EVP_CipherInit()
+EVP_CipherUpdate()
+EVP_CipherFinal()
+which does either encryption or decryption depending on an extra 
+parameter to EVP_CipherInit().
+
+
+To do the base64 encoding,
+EVP_EncodeInit()
+EVP_EncodeUpdate()
+EVP_EncodeFinal()
+
+EVP_DecodeInit()
+EVP_DecodeUpdate()
+EVP_DecodeFinal()
+
+where the encoding is quite simple, but the decoding can be a bit more 
+fun (due to dud input).
+
+EVP_DecodeUpdate() returns -1 for an error on an input line, 0 if the 
+'last line' was just processed, and 1 if more lines should be submitted.
+
+EVP_DecodeFinal() returns -1 for an error or 1 if things are ok.
+
+So the loop becomes
+EVP_DecodeInit(....)
+for (;;)
+	{
+	i=EVP_DecodeUpdate(....);
+	if (i < 0) goto err;
+
+	/* process the data */
+
+	if (i == 0) break;
+	}
+EVP_DecodeFinal(....);
+/* process the data */
+
+The problem in 'enc.c' is that I was stuff the processing up after the 
+EVP_DecodeFinal(...) when the for(..) loop was not being run (one line of 
+base64 data) and this was because 'enc.c' tries to scan over a file until
+it hits the first valid base64 encoded line.
+
+hope this helps a bit.
+eric
+--
+Eric Young                  | BOOL is tri-state according to Bill Gates.
+AARNet: eay@mincom.oz.au    | RTFM Win32 GetMessage().
+
+==== conf.doc ========================================================
+
+The CONF library.
+
+The CONF library is a simple set of routines that can be used to configure
+programs.  It is a superset of the genenv() function with some extra
+structure.
+
+The library consists of 5 functions.
+
+LHASH *CONF_load(LHASH *config,char *file);
+This function is called to load in a configuration file.  Multiple
+configuration files can be loaded, with each subsequent 'load' overwriting
+any already defined 'variables'.  If there is an error, NULL is returned.
+If config is NULL, a new LHASH structure is created and returned, otherwise
+the new data in the 'file' is loaded into the 'config' structure.
+
+void CONF_free(LHASH *config);
+This function free()s the data in config.
+
+char *CONF_get_string(LHASH *config,char *section,char *name);
+This function returns the string found in 'config' that corresponds to the
+'section' and 'name' specified.  Classes and the naming system used will be
+discussed later in this document.  If the variable is not defined, an NULL
+is returned.
+
+long CONF_get_long(LHASH *config,char *section, char *name);
+This function is the same as CONF_get_string() except that it converts the
+string to an long and returns it.  If variable is not a number or the
+variable does not exist, 0 is returned.  This is a little problematic but I
+don't know of a simple way around it.
+
+STACK *CONF_get_section(LHASH *config, char *section);
+This function returns a 'stack' of CONF_VALUE items that are all the
+items defined in a particular section.  DO NOT free() any of the
+variable returned.  They will disappear when CONF_free() is called.
+
+The 'lookup' model.
+The configuration file is divided into 'sections'.  Each section is started by
+a line of the form '[ section ]'.  All subsequent variable definitions are
+of this section.  A variable definition is a simple alpha-numeric name
+followed by an '=' and then the data.  A section or variable name can be
+described by a regular expression of the following form '[A-Za-z0-9_]+'.
+The value of the variable is the text after the '=' until the end of the
+line, stripped of leading and trailing white space.
+At this point I should mention that a '#' is a comment character, \ is the
+escape character, and all three types of quote can be used to stop any
+special interpretation of the data.
+Now when the data is being loaded, variable expansion can occur.  This is
+done by expanding any $NAME sequences into the value represented by the
+variable NAME.  If the variable is not in the current section, the different
+section can be specified by using the $SECTION::NAME form.  The ${NAME} form
+also works and is very useful for expanding variables inside strings.
+
+When a variable is looked up, there are 2 special section. 'default', which
+is the initial section, and 'ENV' which is the processes environment
+variables (accessed via getenv()).  When a variable is looked up, it is
+first 'matched' with it's section (if one was specified), if this fails, the
+'default' section is matched.
+If the 'lhash' variable passed was NULL, the environment is searched.
+
+Now why do we bother with sections?  So we can have multiple programs using
+the same configuration file, or multiple instances of the same program
+using different variables.  It also provides a nice mechanism to override
+the processes environment variables (eg ENV::HOME=/tmp).  If there is a
+program specific variable missing, we can have default values.
+Multiple configuration files can be loaded, with each new value clearing
+any predefined values.  A system config file can provide 'default' values,
+and application/usr specific files can provide overriding values.
+
+Examples
+
+# This is a simple example
+SSLEAY_HOME	= /usr/local/ssl
+ENV::PATH	= $SSLEAY_HOME/bin:$PATH	# override my path
+
+[X509]
+cert_dir	= $SSLEAY_HOME/certs	# /usr/local/ssl/certs
+
+[SSL]
+CIPHER		= DES-EDE-MD5:RC4-MD5
+USER_CERT	= $HOME/${USER}di'r 5'	# /home/eay/eaydir 5
+USER_CERT	= $HOME/\${USER}di\'r	# /home/eay/${USER}di'r
+USER_CERT	= "$HOME/${US"ER}di\'r	# $HOME/${USER}di'r
+
+TEST		= 1234\
+5678\
+9ab					# TEST=123456789ab
+TTT		= 1234\n\n		# TTT=1234
+
+
+
+==== des.doc ========================================================
+
+The DES library.
+
+Please note that this library was originally written to operate with
+eBones, a version of Kerberos that had had encryption removed when it left
+the USA and then put back in.  As such there are some routines that I will
+advise not using but they are still in the library for historical reasons.
+For all calls that have an 'input' and 'output' variables, they can be the
+same.
+
+This library requires the inclusion of 'des.h'.
+
+All of the encryption functions take what is called a des_key_schedule as an 
+argument.  A des_key_schedule is an expanded form of the des key.
+A des_key is 8 bytes of odd parity, the type used to hold the key is a
+des_cblock.  A des_cblock is an array of 8 bytes, often in this library
+description I will refer to input bytes when the function specifies
+des_cblock's as input or output, this just means that the variable should
+be a multiple of 8 bytes.
+
+The define DES_ENCRYPT is passed to specify encryption, DES_DECRYPT to
+specify decryption.  The functions and global variable are as follows:
+
+int des_check_key;
+	DES keys are supposed to be odd parity.  If this variable is set to
+	a non-zero value, des_set_key() will check that the key has odd
+	parity and is not one of the known weak DES keys.  By default this
+	variable is turned off;
+	
+void des_set_odd_parity(
+des_cblock *key );
+	This function takes a DES key (8 bytes) and sets the parity to odd.
+	
+int des_is_weak_key(
+des_cblock *key );
+	This function returns a non-zero value if the DES key passed is a
+	weak, DES key.  If it is a weak key, don't use it, try a different
+	one.  If you are using 'random' keys, the chances of hitting a weak
+	key are 1/2^52 so it is probably not worth checking for them.
+	
+int des_set_key(
+des_cblock *key,
+des_key_schedule schedule);
+	Des_set_key converts an 8 byte DES key into a des_key_schedule.
+	A des_key_schedule is an expanded form of the key which is used to
+	perform actual encryption.  It can be regenerated from the DES key
+	so it only needs to be kept when encryption or decryption is about
+	to occur.  Don't save or pass around des_key_schedule's since they
+	are CPU architecture dependent, DES keys are not.  If des_check_key
+	is non zero, zero is returned if the key has the wrong parity or
+	the key is a weak key, else 1 is returned.
+	
+int des_key_sched(
+des_cblock *key,
+des_key_schedule schedule);
+	An alternative name for des_set_key().
+
+int des_rw_mode;		/* defaults to DES_PCBC_MODE */
+	This flag holds either DES_CBC_MODE or DES_PCBC_MODE (default).
+	This specifies the function to use in the enc_read() and enc_write()
+	functions.
+
+void des_encrypt(
+unsigned long *data,
+des_key_schedule ks,
+int enc);
+	This is the DES encryption function that gets called by just about
+	every other DES routine in the library.  You should not use this
+	function except to implement 'modes' of DES.  I say this because the
+	functions that call this routine do the conversion from 'char *' to
+	long, and this needs to be done to make sure 'non-aligned' memory
+	access do not occur.  The characters are loaded 'little endian',
+	have a look at my source code for more details on how I use this
+	function.
+	Data is a pointer to 2 unsigned long's and ks is the
+	des_key_schedule to use.  enc, is non zero specifies encryption,
+	zero if decryption.
+
+void des_encrypt2(
+unsigned long *data,
+des_key_schedule ks,
+int enc);
+	This functions is the same as des_encrypt() except that the DES
+	initial permutation (IP) and final permutation (FP) have been left
+	out.  As for des_encrypt(), you should not use this function.
+	It is used by the routines in my library that implement triple DES.
+	IP() des_encrypt2() des_encrypt2() des_encrypt2() FP() is the same
+	as des_encrypt() des_encrypt() des_encrypt() except faster :-).
+
+void des_ecb_encrypt(
+des_cblock *input,
+des_cblock *output,
+des_key_schedule ks,
+int enc);
+	This is the basic Electronic Code Book form of DES, the most basic
+	form.  Input is encrypted into output using the key represented by
+	ks.  If enc is non zero (DES_ENCRYPT), encryption occurs, otherwise
+	decryption occurs.  Input is 8 bytes long and output is 8 bytes.
+	(the des_cblock structure is 8 chars).
+	
+void des_ecb3_encrypt(
+des_cblock *input,
+des_cblock *output,
+des_key_schedule ks1,
+des_key_schedule ks2,
+des_key_schedule ks3,
+int enc);
+	This is the 3 key EDE mode of ECB DES.  What this means is that 
+	the 8 bytes of input is encrypted with ks1, decrypted with ks2 and
+	then encrypted again with ks3, before being put into output;
+	C=E(ks3,D(ks2,E(ks1,M))).  There is a macro, des_ecb2_encrypt()
+	that only takes 2 des_key_schedules that implements,
+	C=E(ks1,D(ks2,E(ks1,M))) in that the final encrypt is done with ks1.
+	
+void des_cbc_encrypt(
+des_cblock *input,
+des_cblock *output,
+long length,
+des_key_schedule ks,
+des_cblock *ivec,
+int enc);
+	This routine implements DES in Cipher Block Chaining mode.
+	Input, which should be a multiple of 8 bytes is encrypted
+	(or decrypted) to output which will also be a multiple of 8 bytes.
+	The number of bytes is in length (and from what I've said above,
+	should be a multiple of 8).  If length is not a multiple of 8, I'm
+	not being held responsible :-).  ivec is the initialisation vector.
+	This function does not modify this variable.  To correctly implement
+	cbc mode, you need to do one of 2 things; copy the last 8 bytes of
+	cipher text for use as the next ivec in your application,
+	or use des_ncbc_encrypt(). 
+	Only this routine has this problem with updating the ivec, all
+	other routines that are implementing cbc mode update ivec.
+	
+void des_ncbc_encrypt(
+des_cblock *input,
+des_cblock *output,
+long length,
+des_key_schedule sk,
+des_cblock *ivec,
+int enc);
+	For historical reasons, des_cbc_encrypt() did not update the
+	ivec with the value requires so that subsequent calls to
+	des_cbc_encrypt() would 'chain'.  This was needed so that the same
+	'length' values would not need to be used when decrypting.
+	des_ncbc_encrypt() does the right thing.  It is the same as
+	des_cbc_encrypt accept that ivec is updates with the correct value
+	to pass in subsequent calls to des_ncbc_encrypt().  I advise using
+	des_ncbc_encrypt() instead of des_cbc_encrypt();
+
+void des_xcbc_encrypt(
+des_cblock *input,
+des_cblock *output,
+long length,
+des_key_schedule sk,
+des_cblock *ivec,
+des_cblock *inw,
+des_cblock *outw,
+int enc);
+	This is RSA's DESX mode of DES.  It uses inw and outw to
+	'whiten' the encryption.  inw and outw are secret (unlike the iv)
+	and are as such, part of the key.  So the key is sort of 24 bytes.
+	This is much better than cbc des.
+	
+void des_3cbc_encrypt(
+des_cblock *input,
+des_cblock *output,
+long length,
+des_key_schedule sk1,
+des_key_schedule sk2,
+des_cblock *ivec1,
+des_cblock *ivec2,
+int enc);
+	This function is flawed, do not use it.  I have left it in the
+	library because it is used in my des(1) program and will function
+	correctly when used by des(1).  If I removed the function, people
+	could end up unable to decrypt files.
+	This routine implements outer triple cbc encryption using 2 ks and
+	2 ivec's.  Use des_ede2_cbc_encrypt() instead.
+	
+void des_ede3_cbc_encrypt(
+des_cblock *input,
+des_cblock *output, 
+long length,
+des_key_schedule ks1,
+des_key_schedule ks2, 
+des_key_schedule ks3, 
+des_cblock *ivec,
+int enc);
+	This function implements outer triple CBC DES encryption with 3
+	keys.  What this means is that each 'DES' operation
+	inside the cbc mode is really an C=E(ks3,D(ks2,E(ks1,M))).
+	Again, this is cbc mode so an ivec is requires.
+	This mode is used by SSL.
+	There is also a des_ede2_cbc_encrypt() that only uses 2
+	des_key_schedule's, the first being reused for the final
+	encryption.  C=E(ks1,D(ks2,E(ks1,M))).  This form of triple DES
+	is used by the RSAref library.
+	
+void des_pcbc_encrypt(
+des_cblock *input,
+des_cblock *output,
+long length,
+des_key_schedule ks,
+des_cblock *ivec,
+int enc);
+	This is Propagating Cipher Block Chaining mode of DES.  It is used
+	by Kerberos v4.  It's parameters are the same as des_ncbc_encrypt().
+	
+void des_cfb_encrypt(
+unsigned char *in,
+unsigned char *out,
+int numbits,
+long length,
+des_key_schedule ks,
+des_cblock *ivec,
+int enc);
+	Cipher Feedback Back mode of DES.  This implementation 'feeds back'
+	in numbit blocks.  The input (and output) is in multiples of numbits
+	bits.  numbits should to be a multiple of 8 bits.  Length is the
+	number of bytes input.  If numbits is not a multiple of 8 bits,
+	the extra bits in the bytes will be considered padding.  So if
+	numbits is 12, for each 2 input bytes, the 4 high bits of the
+	second byte will be ignored.  So to encode 72 bits when using
+	a numbits of 12 take 12 bytes.  To encode 72 bits when using
+	numbits of 9 will take 16 bytes.  To encode 80 bits when using
+	numbits of 16 will take 10 bytes. etc, etc.  This padding will
+	apply to both input and output.
+
+	
+void des_cfb64_encrypt(
+unsigned char *in,
+unsigned char *out,
+long length,
+des_key_schedule ks,
+des_cblock *ivec,
+int *num,
+int enc);
+	This is one of the more useful functions in this DES library, it
+	implements CFB mode of DES with 64bit feedback.  Why is this
+	useful you ask?  Because this routine will allow you to encrypt an
+	arbitrary number of bytes, no 8 byte padding.  Each call to this
+	routine will encrypt the input bytes to output and then update ivec
+	and num.  num contains 'how far' we are though ivec.  If this does
+	not make much sense, read more about cfb mode of DES :-).
+	
+void des_ede3_cfb64_encrypt(
+unsigned char *in,
+unsigned char *out,
+long length,
+des_key_schedule ks1,
+des_key_schedule ks2,
+des_key_schedule ks3,
+des_cblock *ivec,
+int *num,
+int enc);
+	Same as des_cfb64_encrypt() accept that the DES operation is
+	triple DES.  As usual, there is a macro for
+	des_ede2_cfb64_encrypt() which reuses ks1.
+
+void des_ofb_encrypt(
+unsigned char *in,
+unsigned char *out,
+int numbits,
+long length,
+des_key_schedule ks,
+des_cblock *ivec);
+	This is a implementation of Output Feed Back mode of DES.  It is
+	the same as des_cfb_encrypt() in that numbits is the size of the
+	units dealt with during input and output (in bits).
+	
+void des_ofb64_encrypt(
+unsigned char *in,
+unsigned char *out,
+long length,
+des_key_schedule ks,
+des_cblock *ivec,
+int *num);
+	The same as des_cfb64_encrypt() except that it is Output Feed Back
+	mode.
+
+void des_ede3_ofb64_encrypt(
+unsigned char *in,
+unsigned char *out,
+long length,
+des_key_schedule ks1,
+des_key_schedule ks2,
+des_key_schedule ks3,
+des_cblock *ivec,
+int *num);
+	Same as des_ofb64_encrypt() accept that the DES operation is
+	triple DES.  As usual, there is a macro for
+	des_ede2_ofb64_encrypt() which reuses ks1.
+
+int des_read_pw_string(
+char *buf,
+int length,
+char *prompt,
+int verify);
+	This routine is used to get a password from the terminal with echo
+	turned off.  Buf is where the string will end up and length is the
+	size of buf.  Prompt is a string presented to the 'user' and if
+	verify is set, the key is asked for twice and unless the 2 copies
+	match, an error is returned.  A return code of -1 indicates a
+	system error, 1 failure due to use interaction, and 0 is success.
+
+unsigned long des_cbc_cksum(
+des_cblock *input,
+des_cblock *output,
+long length,
+des_key_schedule ks,
+des_cblock *ivec);
+	This function produces an 8 byte checksum from input that it puts in
+	output and returns the last 4 bytes as a long.  The checksum is
+	generated via cbc mode of DES in which only the last 8 byes are
+	kept.  I would recommend not using this function but instead using
+	the EVP_Digest routines, or at least using MD5 or SHA.  This
+	function is used by Kerberos v4 so that is why it stays in the
+	library.
+	
+char *des_fcrypt(
+const char *buf,
+const char *salt
+char *ret);
+	This is my fast version of the unix crypt(3) function.  This version
+	takes only a small amount of space relative to other fast
+	crypt() implementations.  This is different to the normal crypt
+	in that the third parameter is the buffer that the return value
+	is written into.  It needs to be at least 14 bytes long.  This
+	function is thread safe, unlike the normal crypt.
+
+char *crypt(
+const char *buf,
+const char *salt);
+	This function calls des_fcrypt() with a static array passed as the
+	third parameter.  This emulates the normal non-thread safe semantics
+	of crypt(3).
+
+void des_string_to_key(
+char *str,
+des_cblock *key);
+	This function takes str and converts it into a DES key.  I would
+	recommend using MD5 instead and use the first 8 bytes of output.
+	When I wrote the first version of these routines back in 1990, MD5
+	did not exist but I feel these routines are still sound.  This
+	routines is compatible with the one in MIT's libdes.
+	
+void des_string_to_2keys(
+char *str,
+des_cblock *key1,
+des_cblock *key2);
+	This function takes str and converts it into 2 DES keys.
+	I would recommend using MD5 and using the 16 bytes as the 2 keys.
+	I have nothing against these 2 'string_to_key' routines, it's just
+	that if you say that your encryption key is generated by using the
+	16 bytes of an MD5 hash, every-one knows how you generated your
+	keys.
+
+int des_read_password(
+des_cblock *key,
+char *prompt,
+int verify);
+	This routine combines des_read_pw_string() with des_string_to_key().
+
+int des_read_2passwords(
+des_cblock *key1,
+des_cblock *key2,
+char *prompt,
+int verify);
+	This routine combines des_read_pw_string() with des_string_to_2key().
+
+void des_random_seed(
+des_cblock key);
+	This routine sets a starting point for des_random_key().
+	
+void des_random_key(
+des_cblock ret);
+	This function return a random key.  Make sure to 'seed' the random
+	number generator (with des_random_seed()) before using this function.
+	I personally now use a MD5 based random number system.
+
+int des_enc_read(
+int fd,
+char *buf,
+int len,
+des_key_schedule ks,
+des_cblock *iv);
+	This function will write to a file descriptor the encrypted data
+	from buf.  This data will be preceded by a 4 byte 'byte count' and
+	will be padded out to 8 bytes.  The encryption is either CBC of
+	PCBC depending on the value of des_rw_mode.  If it is DES_PCBC_MODE,
+	pcbc is used, if DES_CBC_MODE, cbc is used.  The default is to use
+	DES_PCBC_MODE.
+
+int des_enc_write(
+int fd,
+char *buf,
+int len,
+des_key_schedule ks,
+des_cblock *iv);
+	This routines read stuff written by des_enc_read() and decrypts it.
+	I have used these routines quite a lot but I don't believe they are
+	suitable for non-blocking io.  If you are after a full
+	authentication/encryption over networks, have a look at SSL instead.
+
+unsigned long des_quad_cksum(
+des_cblock *input,
+des_cblock *output,
+long length,
+int out_count,
+des_cblock *seed);
+	This is a function from Kerberos v4 that is not anything to do with
+	DES but was needed.  It is a cksum that is quicker to generate than
+	des_cbc_cksum();  I personally would use MD5 routines now.
+=====
+Modes of DES
+Quite a bit of the following information has been taken from
+	AS 2805.5.2
+	Australian Standard
+	Electronic funds transfer - Requirements for interfaces,
+	Part 5.2: Modes of operation for an n-bit block cipher algorithm
+	Appendix A
+
+There are several different modes in which DES can be used, they are
+as follows.
+
+Electronic Codebook Mode (ECB) (des_ecb_encrypt())
+- 64 bits are enciphered at a time.
+- The order of the blocks can be rearranged without detection.
+- The same plaintext block always produces the same ciphertext block
+  (for the same key) making it vulnerable to a 'dictionary attack'.
+- An error will only affect one ciphertext block.
+
+Cipher Block Chaining Mode (CBC) (des_cbc_encrypt())
+- a multiple of 64 bits are enciphered at a time.
+- The CBC mode produces the same ciphertext whenever the same
+  plaintext is encrypted using the same key and starting variable.
+- The chaining operation makes the ciphertext blocks dependent on the
+  current and all preceding plaintext blocks and therefore blocks can not
+  be rearranged.
+- The use of different starting variables prevents the same plaintext
+  enciphering to the same ciphertext.
+- An error will affect the current and the following ciphertext blocks.
+
+Cipher Feedback Mode (CFB) (des_cfb_encrypt())
+- a number of bits (j) <= 64 are enciphered at a time.
+- The CFB mode produces the same ciphertext whenever the same
+  plaintext is encrypted using the same key and starting variable.
+- The chaining operation makes the ciphertext variables dependent on the
+  current and all preceding variables and therefore j-bit variables are
+  chained together and can not be rearranged.
+- The use of different starting variables prevents the same plaintext
+  enciphering to the same ciphertext.
+- The strength of the CFB mode depends on the size of k (maximal if
+  j == k).  In my implementation this is always the case.
+- Selection of a small value for j will require more cycles through
+  the encipherment algorithm per unit of plaintext and thus cause
+  greater processing overheads.
+- Only multiples of j bits can be enciphered.
+- An error will affect the current and the following ciphertext variables.
+
+Output Feedback Mode (OFB) (des_ofb_encrypt())
+- a number of bits (j) <= 64 are enciphered at a time.
+- The OFB mode produces the same ciphertext whenever the same
+  plaintext enciphered using the same key and starting variable.  More
+  over, in the OFB mode the same key stream is produced when the same
+  key and start variable are used.  Consequently, for security reasons
+  a specific start variable should be used only once for a given key.
+- The absence of chaining makes the OFB more vulnerable to specific attacks.
+- The use of different start variables values prevents the same
+  plaintext enciphering to the same ciphertext, by producing different
+  key streams.
+- Selection of a small value for j will require more cycles through
+  the encipherment algorithm per unit of plaintext and thus cause
+  greater processing overheads.
+- Only multiples of j bits can be enciphered.
+- OFB mode of operation does not extend ciphertext errors in the
+  resultant plaintext output.  Every bit error in the ciphertext causes
+  only one bit to be in error in the deciphered plaintext.
+- OFB mode is not self-synchronising.  If the two operation of
+  encipherment and decipherment get out of synchronism, the system needs
+  to be re-initialised.
+- Each re-initialisation should use a value of the start variable
+ different from the start variable values used before with the same
+ key.  The reason for this is that an identical bit stream would be
+ produced each time from the same parameters.  This would be
+ susceptible to a ' known plaintext' attack.
+
+Triple ECB Mode (des_ecb3_encrypt())
+- Encrypt with key1, decrypt with key2 and encrypt with key3 again.
+- As for ECB encryption but increases the key length to 168 bits.
+  There are theoretic attacks that can be used that make the effective
+  key length 112 bits, but this attack also requires 2^56 blocks of
+  memory, not very likely, even for the NSA.
+- If both keys are the same it is equivalent to encrypting once with
+  just one key.
+- If the first and last key are the same, the key length is 112 bits.
+  There are attacks that could reduce the key space to 55 bit's but it
+  requires 2^56 blocks of memory.
+- If all 3 keys are the same, this is effectively the same as normal
+  ecb mode.
+
+Triple CBC Mode (des_ede3_cbc_encrypt())
+- Encrypt with key1, decrypt with key2 and then encrypt with key3.
+- As for CBC encryption but increases the key length to 168 bits with
+  the same restrictions as for triple ecb mode.
+
+==== digest.doc ========================================================
+
+
+The Message Digest subroutines.
+
+These routines require "evp.h" to be included.
+
+These functions are a higher level interface to the various message digest
+routines found in this library.  As such, they allow the same code to be
+used to digest via different algorithms with only a change in an initial
+parameter.  They are basically just a front-end to the MD2, MD5, SHA
+and SHA1
+routines.
+
+These routines all take a pointer to the following structure to specify
+which message digest algorithm to use.
+typedef struct evp_md_st
+	{
+	int type;
+	int pkey_type;
+	int md_size;
+	void (*init)();
+	void (*update)();
+	void (*final)();
+
+	int required_pkey_type; /*EVP_PKEY_xxx */
+	int (*sign)();
+	int (*verify)();
+	} EVP_MD;
+
+If additional message digest algorithms are to be supported, a structure of
+this type needs to be declared and populated and then the Digest routines
+can be used with that algorithm.  The type field is the object NID of the
+digest type (read the section on Objects for an explanation).  The pkey_type
+is the Object type to use when the a message digest is generated by there
+routines and then is to be signed with the pkey algorithm.  Md_size is
+the size of the message digest returned.  Init, update
+and final are the relevant functions to perform the message digest function
+by parts.  One reason for specifying the message digest to use via this
+mechanism is that if you only use md5, only the md5 routines will
+be included in you linked program.  If you passed an integer
+that specified which message digest to use, the routine that mapped that
+integer to a set of message digest functions would cause all the message
+digests functions to be link into the code.  This setup also allows new
+message digest functions to be added by the application.
+
+The six message digests defined in this library are
+
+EVP_MD *EVP_md2(void);	/* RSA sign/verify */
+EVP_MD *EVP_md5(void);	/* RSA sign/verify */
+EVP_MD *EVP_sha(void);	/* RSA sign/verify */
+EVP_MD *EVP_sha1(void);	/* RSA sign/verify */
+EVP_MD *EVP_dss(void);	/* DSA sign/verify */
+EVP_MD *EVP_dss1(void);	/* DSA sign/verify */
+
+All the message digest routines take a EVP_MD_CTX pointer as an argument.
+The state of the message digest is kept in this structure.
+
+typedef struct pem_md_ctx_st
+	{
+	EVP_MD *digest;
+	union	{
+		unsigned char base[4]; /* this is used in my library as a
+					* 'pointer' to all union elements
+					* structures. */
+		MD2_CTX md2;
+		MD5_CTX md5;
+		SHA_CTX sha;
+		} md;
+	} EVP_MD_CTX;
+
+The Digest functions are as follows.
+
+void EVP_DigestInit(
+EVP_MD_CTX *ctx,
+EVP_MD *type);
+	This function is used to initialise the EVP_MD_CTX.  The message
+	digest that will associated with 'ctx' is specified by 'type'.
+
+void EVP_DigestUpdate(
+EVP_MD_CTX *ctx,
+unsigned char *data,
+unsigned int cnt);
+	This function is used to pass more data to the message digest
+	function.  'cnt' bytes are digested from 'data'.
+
+void EVP_DigestFinal(
+EVP_MD_CTX *ctx,
+unsigned char *md,
+unsigned int *len);
+	This function finishes the digestion and puts the message digest
+	into 'md'.  The length of the message digest is put into len;
+	EVP_MAX_MD_SIZE is the size of the largest message digest that
+	can be returned from this function.  Len can be NULL if the
+	size of the digest is not required.
+	
+
+==== encode.doc ========================================================
+
+
+void    EVP_EncodeInit(EVP_ENCODE_CTX *ctx);
+void    EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out,
+		int *outl,unsigned char *in,int inl);
+void    EVP_EncodeFinal(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl);
+int     EVP_EncodeBlock(unsigned char *t, unsigned char *f, int n);
+
+void    EVP_DecodeInit(EVP_ENCODE_CTX *ctx);
+int     EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl,
+		unsigned char *in, int inl);
+int     EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned
+		char *out, int *outl);
+int     EVP_DecodeBlock(unsigned char *t, unsigned
+		char *f, int n);
+
+
+==== envelope.doc ========================================================
+
+The following routines are use to create 'digital' envelopes.
+By this I mean that they perform various 'higher' level cryptographic
+functions.  Have a read of 'cipher.doc' and 'digest.doc' since those
+routines are used by these functions.
+cipher.doc contains documentation about the cipher part of the
+envelope library and digest.doc contatins the description of the
+message digests supported.
+
+To 'sign' a document involves generating a message digest and then encrypting
+the digest with an private key.
+
+#define EVP_SignInit(a,b)		EVP_DigestInit(a,b)
+#define EVP_SignUpdate(a,b,c)		EVP_DigestUpdate(a,b,c)
+Due to the fact this operation is basically just an extended message
+digest, the first 2 functions are macro calls to Digest generating
+functions.
+
+int     EVP_SignFinal(
+EVP_MD_CTX *ctx,
+unsigned char *md,
+unsigned int *s,
+EVP_PKEY *pkey);
+	This finalisation function finishes the generation of the message
+digest and then encrypts the digest (with the correct message digest 
+object identifier) with the EVP_PKEY private key.  'ctx' is the message digest
+context.  'md' will end up containing the encrypted message digest.  This
+array needs to be EVP_PKEY_size(pkey) bytes long.  's' will actually
+contain the exact length.  'pkey' of course is the private key.  It is
+one of EVP_PKEY_RSA or EVP_PKEY_DSA type.
+If there is an error, 0 is returned, otherwise 1.
+		
+Verify is used to check an signed message digest.
+
+#define EVP_VerifyInit(a,b)		EVP_DigestInit(a,b)
+#define EVP_VerifyUpdate(a,b,c)		EVP_DigestUpdate(a,b,c)
+Since the first step is to generate a message digest, the first 2 functions
+are macros.
+
+int EVP_VerifyFinal(
+EVP_MD_CTX *ctx,
+unsigned char *md,
+unsigned int s,
+EVP_PKEY *pkey);
+	This function finishes the generation of the message digest and then
+compares it with the supplied encrypted message digest.  'md' contains the
+'s' bytes of encrypted message digest.  'pkey' is used to public key decrypt
+the digest.  It is then compared with the message digest just generated.
+If they match, 1 is returned else 0.
+
+int	EVP_SealInit(EVP_CIPHER_CTX *ctx, EVP_CIPHER *type, unsigned char **ek,
+		int *ekl, unsigned char *iv, EVP_PKEY **pubk, int npubk);
+Must have at least one public key, error is 0.  I should also mention that
+the buffers pointed to by 'ek' need to be EVP_PKEY_size(pubk[n]) is size.
+
+#define EVP_SealUpdate(a,b,c,d,e)	EVP_EncryptUpdate(a,b,c,d,e)	
+void	EVP_SealFinal(EVP_CIPHER_CTX *ctx,unsigned char *out,int *outl);
+
+
+int	EVP_OpenInit(EVP_CIPHER_CTX *ctx,EVP_CIPHER *type,unsigned char *ek,
+		int ekl,unsigned char *iv,EVP_PKEY *priv);
+0 on failure
+
+#define EVP_OpenUpdate(a,b,c,d,e)	EVP_DecryptUpdate(a,b,c,d,e)
+
+int	EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
+Decrypt final return code
+
+
+==== error.doc ========================================================
+
+The error routines.
+
+The 'error' system I've implemented is intended to server 2 purpose, to
+record the reason why a command failed and to record where in the libraries
+the failure occurred.  It is more or less setup to record a 'trace' of which
+library components were being traversed when the error occurred.
+
+When an error is recorded, it is done so a as single unsigned long which is
+composed of three parts.  The top byte is the 'library' number, the middle
+12 bytes is the function code, and the bottom 12 bits is the 'reason' code.
+
+Each 'library', or should a say, 'section' of the SSLeay library has a
+different unique 'library' error number.  Each function in the library has
+a number that is unique for that library.  Each 'library' also has a number
+for each 'error reason' that is only unique for that 'library'.
+
+Due to the way these error routines record a 'error trace', there is an
+array per thread that is used to store the error codes.
+The various functions in this library are used to access
+and manipulate this array.
+
+void ERR_put_error(int lib, int func,int reason);
+	This routine records an error in library 'lib', function 'func'
+and reason 'reason'.  As errors get 'put' into the buffer, they wrap
+around and overwrite old errors if too many are written.  It is assumed
+that the last errors are the most important.
+
+unsigned long ERR_get_error(void );
+	This function returns the last error added to the error buffer.
+In effect it is popping the value off the buffer so repeated calls will
+continue to return values until there are no more errors to return in which
+case 0 is returned.
+
+unsigned long ERR_peek_error(void );
+	This function returns the value of the last error added to the
+error buffer but does not 'pop' it from the buffer.
+
+void ERR_clear_error(void );
+	This function clears the error buffer, discarding all unread
+errors.
+
+While the above described error system obviously produces lots of different
+error number, a method for 'reporting' these errors in a human readable
+form is required.  To achieve this, each library has the option of
+'registering' error strings.
+
+typedef struct ERR_string_data_st
+	{
+	unsigned long error;
+	char *string;
+	} ERR_STRING_DATA;
+
+The 'ERR_STRING_DATA' contains an error code and the corresponding text
+string.  To add new function error strings for a library, the
+ERR_STRING_DATA needs to be 'registered' with the library.
+
+void ERR_load_strings(unsigned long lib,ERR_STRING_DATA *err);
+	This function 'registers' the array of ERR_STRING_DATA pointed to by
+'err' as error text strings for the error library 'lib'.
+
+void ERR_free_strings(void);
+	This function free()s all the loaded error strings.
+
+char *ERR_error_string(unsigned long error,char *buf);
+	This function returns a text string that is a human readable
+version of the error represented by 'error'.  Buff should be at least 120
+bytes long and if it is NULL, the return value is a pointer to a static
+variable that will contain the error string, otherwise 'buf' is returned.
+If there is not a text string registered for a particular error, a text
+string containing the error number is returned instead.
+
+void ERR_print_errors(BIO *bp);
+void ERR_print_errors_fp(FILE *fp);
+	This function is a convenience routine that prints the error string
+for each error until all errors have been accounted for.
+
+char *ERR_lib_error_string(unsigned long e);
+char *ERR_func_error_string(unsigned long e);
+char *ERR_reason_error_string(unsigned long e);
+The above three functions return the 3 different components strings for the
+error 'e'.  ERR_error_string() uses these functions.
+
+void ERR_load_ERR_strings(void );
+	This function 'registers' the error strings for the 'ERR' module.
+
+void ERR_load_crypto_strings(void );
+	This function 'register' the error strings for just about every
+library in the SSLeay package except for the SSL routines.  There is no
+need to ever register any error text strings and you will probably save in
+program size.  If on the other hand you do 'register' all errors, it is
+quite easy to determine why a particular routine failed.
+
+As a final footnote as to why the error system is designed as it is.
+1) I did not want a single 'global' error code.
+2) I wanted to know which subroutine a failure occurred in.
+3) For Windows NT etc, it should be simple to replace the 'key' routines
+   with code to pass error codes back to the application.
+4) I wanted the option of meaningful error text strings.
+
+Late breaking news - the changes to support threads.
+
+Each 'thread' has an 'ERR_STATE' state associated with it.
+ERR_STATE *ERR_get_state(void ) will return the 'state' for the calling
+thread/process.
+
+ERR_remove_state(unsigned long pid); will 'free()' this state.  If pid == 0
+the current 'thread/process' will have it's error state removed.
+If you do not remove the error state of a thread, this could be considered a
+form of memory leak, so just after 'reaping' a thread that has died,
+call ERR_remove_state(pid).
+
+Have a read of thread.doc for more details for what is required for
+multi-threading support.  All the other error routines will
+work correctly when using threads.
+
+
+==== idea.doc ========================================================
+
+The IDEA library.
+IDEA is a block cipher that operates on 64bit (8 byte) quantities.  It
+uses a 128bit (16 byte) key.  It can be used in all the modes that DES can
+be used.  This library implements the ecb, cbc, cfb64 and ofb64 modes.
+
+For all calls that have an 'input' and 'output' variables, they can be the
+same.
+
+This library requires the inclusion of 'idea.h'.
+
+All of the encryption functions take what is called an IDEA_KEY_SCHEDULE as an 
+argument.  An IDEA_KEY_SCHEDULE is an expanded form of the idea key.
+For all modes of the IDEA algorithm, the IDEA_KEY_SCHEDULE used for
+decryption is different to the one used for encryption.
+
+The define IDEA_ENCRYPT is passed to specify encryption for the functions
+that require an encryption/decryption flag. IDEA_DECRYPT is passed to
+specify decryption.  For some mode there is no encryption/decryption
+flag since this is determined by the IDEA_KEY_SCHEDULE.
+
+So to encrypt you would do the following
+idea_set_encrypt_key(key,encrypt_ks);
+idea_ecb_encrypt(...,encrypt_ks);
+idea_cbc_encrypt(....,encrypt_ks,...,IDEA_ENCRYPT);
+
+To Decrypt
+idea_set_encrypt_key(key,encrypt_ks);
+idea_set_decrypt_key(encrypt_ks,decrypt_ks);
+idea_ecb_encrypt(...,decrypt_ks);
+idea_cbc_encrypt(....,decrypt_ks,...,IDEA_DECRYPT);
+
+Please note that any of the encryption modes specified in my DES library
+could be used with IDEA.  I have only implemented ecb, cbc, cfb64 and
+ofb64 for the following reasons.
+- ecb is the basic IDEA encryption.
+- cbc is the normal 'chaining' form for block ciphers.
+- cfb64 can be used to encrypt single characters, therefore input and output
+  do not need to be a multiple of 8.
+- ofb64 is similar to cfb64 but is more like a stream cipher, not as
+  secure (not cipher feedback) but it does not have an encrypt/decrypt mode.
+- If you want triple IDEA, thats 384 bits of key and you must be totally
+  obsessed with security.  Still, if you want it, it is simple enough to
+  copy the function from the DES library and change the des_encrypt to
+  idea_encrypt; an exercise left for the paranoid reader :-).
+
+The functions are as follows:
+
+void idea_set_encrypt_key(
+unsigned char *key;
+IDEA_KEY_SCHEDULE *ks);
+	idea_set_encrypt_key converts a 16 byte IDEA key into an
+	IDEA_KEY_SCHEDULE.  The IDEA_KEY_SCHEDULE is an expanded form of
+	the key which can be used to perform IDEA encryption.
+	An IDEA_KEY_SCHEDULE is an expanded form of the key which is used to
+	perform actual encryption.  It can be regenerated from the IDEA key
+	so it only needs to be kept when encryption is about
+	to occur.  Don't save or pass around IDEA_KEY_SCHEDULE's since they
+	are CPU architecture dependent, IDEA keys are not.
+	
+void idea_set_decrypt_key(
+IDEA_KEY_SCHEDULE *encrypt_ks,
+IDEA_KEY_SCHEDULE *decrypt_ks);
+	This functions converts an encryption IDEA_KEY_SCHEDULE into a
+	decryption IDEA_KEY_SCHEDULE.  For all decryption, this conversion
+	of the key must be done.  In some modes of IDEA, an
+	encryption/decryption flag is also required, this is because these
+	functions involve block chaining and the way this is done changes
+	depending on which of encryption of decryption is being done.
+	Please note that there is no quick way to generate the decryption
+	key schedule other than generating the encryption key schedule and
+	then converting it.
+
+void idea_encrypt(
+unsigned long *data,
+IDEA_KEY_SCHEDULE *ks);
+	This is the IDEA encryption function that gets called by just about
+	every other IDEA routine in the library.  You should not use this
+	function except to implement 'modes' of IDEA.  I say this because the
+	functions that call this routine do the conversion from 'char *' to
+	long, and this needs to be done to make sure 'non-aligned' memory
+	access do not occur.
+	Data is a pointer to 2 unsigned long's and ks is the
+	IDEA_KEY_SCHEDULE to use.  Encryption or decryption depends on the
+	IDEA_KEY_SCHEDULE.
+
+void idea_ecb_encrypt(
+unsigned char *input,
+unsigned char *output,
+IDEA_KEY_SCHEDULE *ks);
+	This is the basic Electronic Code Book form of IDEA (in DES this
+	mode is called Electronic Code Book so I'm going to use the term
+	for idea as well :-).
+	Input is encrypted into output using the key represented by
+	ks.  Depending on the IDEA_KEY_SCHEDULE, encryption or
+	decryption occurs.  Input is 8 bytes long and output is 8 bytes.
+	
+void idea_cbc_encrypt(
+unsigned char *input,
+unsigned char *output,
+long length,
+IDEA_KEY_SCHEDULE *ks,
+unsigned char *ivec,
+int enc);
+	This routine implements IDEA in Cipher Block Chaining mode.
+	Input, which should be a multiple of 8 bytes is encrypted
+	(or decrypted) to output which will also be a multiple of 8 bytes.
+	The number of bytes is in length (and from what I've said above,
+	should be a multiple of 8).  If length is not a multiple of 8, bad 
+	things will probably happen.  ivec is the initialisation vector.
+	This function updates iv after each call so that it can be passed to
+	the next call to idea_cbc_encrypt().
+	
+void idea_cfb64_encrypt(
+unsigned char *in,
+unsigned char *out,
+long length,
+des_key_schedule ks,
+des_cblock *ivec,
+int *num,
+int enc);
+	This is one of the more useful functions in this IDEA library, it
+	implements CFB mode of IDEA with 64bit feedback.
+	This allows you to encrypt an arbitrary number of bytes,
+	you do not require 8 byte padding.  Each call to this
+	routine will encrypt the input bytes to output and then update ivec
+	and num.  Num contains 'how far' we are though ivec.
+	Enc is used to indicate encryption or decryption.
+	One very important thing to remember is that when decrypting, use
+	the encryption form of the key.
+	CFB64 mode operates by using the cipher to
+	generate a stream of bytes which is used to encrypt the plain text.
+	The cipher text is then encrypted to generate the next 64 bits to
+	be xored (incrementally) with the next 64 bits of plain
+	text.  As can be seen from this, to encrypt or decrypt,
+	the same 'cipher stream' needs to be generated but the way the next
+	block of data is gathered for encryption is different for
+	encryption and decryption.  What this means is that to encrypt
+	idea_set_encrypt_key(key,ks);
+	idea_cfb64_encrypt(...,ks,..,IDEA_ENCRYPT)
+	do decrypt
+	idea_set_encrypt_key(key,ks)
+	idea_cfb64_encrypt(...,ks,...,IDEA_DECRYPT)
+	Note: The same IDEA_KEY_SCHEDULE but different encryption flags.
+	For idea_cbc or idea_ecb, idea_set_decrypt_key() would need to be
+	used to generate the IDEA_KEY_SCHEDULE for decryption.
+	The reason I'm stressing this point is that I just wasted 3 hours
+	today trying to decrypt using this mode and the decryption form of
+	the key :-(.
+	
+void idea_ofb64_encrypt(
+unsigned char *in,
+unsigned char *out,
+long length,
+des_key_schedule ks,
+des_cblock *ivec,
+int *num);
+	This functions implements OFB mode of IDEA with 64bit feedback.
+	This allows you to encrypt an arbitrary number of bytes,
+	you do not require 8 byte padding.  Each call to this
+	routine will encrypt the input bytes to output and then update ivec
+	and num.  Num contains 'how far' we are though ivec.
+	This is in effect a stream cipher, there is no encryption or
+	decryption mode.  The same key and iv should be used to
+	encrypt and decrypt.
+	
+For reading passwords, I suggest using des_read_pw_string() from my DES library.
+To generate a password from a text string, I suggest using MD5 (or MD2) to
+produce a 16 byte message digest that can then be passed directly to
+idea_set_encrypt_key().
+
+=====
+For more information about the specific IDEA modes in this library
+(ecb, cbc, cfb and ofb), read the section entitled 'Modes of DES' from the
+documentation on my DES library.  What is said about DES is directly
+applicable for IDEA.
+
+
+==== legal.doc ========================================================
+
+From eay@mincom.com Thu Jun 27 00:25:45 1996
+Received: by orb.mincom.oz.au id AA15821
+  (5.65c/IDA-1.4.4 for eay); Wed, 26 Jun 1996 14:25:45 +1000
+Date: Wed, 26 Jun 1996 14:25:45 +1000 (EST)
+From: Eric Young 
+X-Sender: eay@orb
+To: Ken Toll 
+Cc: Eric Young , ssl-talk@netscape.com
+Subject: Re: Unidentified subject!
+In-Reply-To: <9606261950.ZM28943@ren.digitalage.com>
+Message-Id: 
+Mime-Version: 1.0
+Content-Type: TEXT/PLAIN; charset=US-ASCII
+Status: O
+X-Status: 
+
+
+This is a little off topic but since SSLeay is a free implementation of
+the SSLv2 protocol, I feel it is worth responding on the topic of if it 
+is actually legal for Americans to use free cryptographic software.
+
+On Wed, 26 Jun 1996, Ken Toll wrote:
+> Is the U.S the only country that SSLeay cannot be used commercially 
+> (because of RSAref) or is that going to be an issue with every country 
+> that a client/server application (non-web browser/server) is deployed 
+> and sold?
+
+>From what I understand, the software patents that apply to algorithms 
+like RSA and DH only apply in the USA.  The IDEA algorithm I believe is 
+patened in europe (USA?), but considing how little it is used by other SSL 
+implementations, it quite easily be left out of the SSLeay build
+(this can be done with a compile flag).
+
+Actually if the RSA patent did apply outside the USA, it could be rather
+interesting since RSA is not alowed to let RSA toolkits outside of the USA
+[1], and since these are the only forms that they will alow the algorithm
+to be used in, it would mean that non-one outside of the USA could produce
+public key software which would be a very strong statment for
+international patent law to make :-).  This logic is a little flawed but
+it still points out some of the more interesting permutations of USA
+patent law and ITAR restrictions. 
+
+Inside the USA there is also the unresolved issue of RC4/RC2 which were
+made public on sci.crypt in Sep 1994 (RC4) and Feb 1996 (RC2).  I have
+copies of the origional postings if people are interested.  RSA I believe 
+claim that they were 'trade-secrets' and that some-one broke an NDA in 
+revealing them.  Other claim they reverse engineered the algorithms from 
+compiled binaries.  If the algorithms were reverse engineered, I belive 
+RSA had no legal leg to stand on.  If an NDA was broken, I don't know.
+Regardless, RSA, I belive, is willing to go to court over the issue so 
+licencing is probably the best idea, or at least talk to them.
+If there are people who actually know more about this, pease let me know, I 
+don't want to vilify or spread miss-information if I can help it.
+
+If you are not producing a web browser, it is easy to build SSLeay with
+RC2/RC4 removed. Since RC4 is the defacto standard cipher in 
+all web software (and it is damn fast) it is more or less required for 
+www use. For non www use of SSL, especially for an application where 
+interoperability with other vendors is not critical just leave it out.
+
+Removing IDEA, RC2 and RC4 would only leave DES and Triple DES but 
+they should be ok.  Considing that Triple DES can encrypt at rates of
+410k/sec on a pentium 100, and 940k/sec on a P6/200, this is quite 
+reasonable performance.  Single DES clocks in at 1160k/s and 2467k/s
+respectivly is actually quite fast for those not so paranoid (56 bit key).[1]
+
+> Is it possible to get a certificate for commercial use outside of the U.S.?
+yes.
+
+Thawte Consulting issues certificates (they are the people who sell the
+	Sioux httpd server and are based in South Africa)
+Verisign will issue certificates for Sioux (sold from South Africa), so this
+	proves that they will issue certificate for OS use if they are
+	happy with the quality of the software.
+
+(The above mentioned companies just the ones that I know for sure are issuing
+ certificates outside the USA).
+
+There is always the point that if you are using SSL for an intra net, 
+SSLeay provides programs that can be used so you can issue your own 
+certificates.  They need polishing but at least it is a good starting point.
+
+I am not doing anything outside Australian law by implementing these
+algorithms (to the best of my knowedge).  It is another example of how 
+the world legal system does not cope with the internet very well.
+
+I may start making shared libraries available (I have now got DLL's for 
+Windows).  This will mean that distributions into the usa could be 
+shipped with a version with a reduced cipher set and the versions outside 
+could use the DLL/shared library with all the ciphers (and without RSAref).
+
+This could be completly hidden from the application, so this would not 
+even require a re-linking.
+
+This is the reverse of what people were talking about doing to get around 
+USA export regulations :-)
+
+eric
+
+[1]:	The RSAref2.0 tookit is available on at least 3 ftp sites in Europe
+	and one in South Africa.
+
+[2]:	Since I always get questions when I post benchmark numbers :-),
+	DES performace figures are in 1000's of bytes per second in cbc 
+	mode using an 8192 byte buffer.  The pentium 100 was running Windows NT 
+	3.51 DLLs and the 686/200 was running NextStep.
+	I quote pentium 100 benchmarks because it is basically the
+	'entry level' computer that most people buy for personal use.
+	Windows 95 is the OS shipping on those boxes, so I'll give
+	NT numbers (the same Win32 runtime environment).  The 686
+	numbers are present as an indication of where we will be in a
+	few years.
+--
+Eric Young                  | BOOL is tri-state according to Bill Gates.
+AARNet: eay@mincom.oz.au    | RTFM Win32 GetMessage().
+
+
+
+==== lhash.doc ========================================================
+
+The LHASH library.
+
+I wrote this library in 1991 and have since forgotten why I called it lhash.
+It implements a hash table from an article I read at the
+time from 'Communications of the ACM'.  What makes this hash
+table different is that as the table fills, the hash table is
+increased (or decreased) in size via realloc().
+When a 'resize' is done, instead of all hashes being redistributed over
+twice as many 'buckets', one bucket is split.  So when an 'expand' is done,
+there is only a minimal cost to redistribute some values.  Subsequent
+inserts will cause more single 'bucket' redistributions but there will
+never be a sudden large cost due to redistributing all the 'buckets'.
+
+The state for a particular hash table is kept in the LHASH structure.
+The LHASH structure also records statistics about most aspects of accessing
+the hash table.  This is mostly a legacy of my writing this library for
+the reasons of implementing what looked like a nice algorithm rather than
+for a particular software product.
+
+Internal stuff you probably don't want to know about.
+The decision to increase or decrease the hash table size is made depending
+on the 'load' of the hash table.  The load is the number of items in the
+hash table divided by the size of the hash table.  The default values are
+as follows.  If (hash->up_load < load) => expand.
+if (hash->down_load > load) =>  contract.  The 'up_load' has a default value of
+1 and 'down_load' has a default value of 2.  These numbers can be modified
+by the application by just playing with the 'up_load' and 'down_load'
+variables.  The 'load' is kept in a form which is multiplied by 256.  So
+hash->up_load=8*256; will cause a load of 8 to be set.
+
+If you are interested in performance the field to watch is
+num_comp_calls.  The hash library keeps track of the 'hash' value for
+each item so when a lookup is done, the 'hashes' are compared, if
+there is a match, then a full compare is done, and
+hash->num_comp_calls is incremented.  If num_comp_calls is not equal
+to num_delete plus num_retrieve it means that your hash function is
+generating hashes that are the same for different values.  It is
+probably worth changing your hash function if this is the case because
+even if your hash table has 10 items in a 'bucked', it can be searched
+with 10 'unsigned long' compares and 10 linked list traverses.  This
+will be much less expensive that 10 calls to you compare function.
+
+LHASH *lh_new(
+unsigned long (*hash)(),
+int (*cmp)());
+	This function is used to create a new LHASH structure.  It is passed
+	function pointers that are used to store and retrieve values passed
+	into the hash table.  The 'hash'
+	function is a hashing function that will return a hashed value of
+	it's passed structure.  'cmp' is passed 2 parameters, it returns 0
+	is they are equal, otherwise, non zero.
+	If there are any problems (usually malloc failures), NULL is
+	returned, otherwise a new LHASH structure is returned.  The
+	hash value is normally truncated to a power of 2, so make sure
+	that your hash function returns well mixed low order bits.
+	
+void lh_free(
+LHASH *lh);
+	This function free()s a LHASH structure.  If there is malloced
+	data in the hash table, it will not be freed.  Consider using the
+	lh_doall function to deallocate any remaining entries in the hash
+	table.
+	
+char *lh_insert(
+LHASH *lh,
+char *data);
+	This function inserts the data pointed to by data into the lh hash
+	table.  If there is already and entry in the hash table entry, the
+	value being replaced is returned.  A NULL is returned if the new
+	entry does not clash with an entry already in the table (the normal
+	case) or on a malloc() failure (perhaps I should change this....).
+	The 'char *data' is exactly what is passed to the hash and
+	comparison functions specified in lh_new().
+	
+char *lh_delete(
+LHASH *lh,
+char *data);
+	This routine deletes an entry from the hash table.  The value being
+	deleted is returned.  NULL is returned if there is no such value in
+	the hash table.
+
+char *lh_retrieve(
+LHASH *lh,
+char *data);
+	If 'data' is in the hash table it is returned, else NULL is
+	returned.  The way these routines would normally be uses is that a
+	dummy structure would have key fields populated and then
+	ret=lh_retrieve(hash,&dummy);.  Ret would now be a pointer to a fully
+	populated structure.
+
+void lh_doall(
+LHASH *lh,
+void (*func)(char *a));
+	This function will, for every entry in the hash table, call function
+	'func' with the data item as parameters.
+	This function can be quite useful when used as follows.
+	void cleanup(STUFF *a)
+		{ STUFF_free(a); }
+	lh_doall(hash,cleanup);
+	lh_free(hash);
+	This can be used to free all the entries, lh_free() then
+	cleans up the 'buckets' that point to nothing.  Be careful
+	when doing this.  If you delete entries from the hash table,
+	in the call back function, the table may decrease in size,
+	moving item that you are
+	currently on down lower in the hash table.  This could cause
+	some entries to be skipped.  The best solution to this problem
+	is to set lh->down_load=0 before you start.  This will stop
+	the hash table ever being decreased in size.
+
+void lh_doall_arg(
+LHASH *lh;
+void(*func)(char *a,char *arg));
+char *arg;
+	This function is the same as lh_doall except that the function
+	called will be passed 'arg' as the second argument.
+	
+unsigned long lh_strhash(
+char *c);
+	This function is a demo string hashing function.  Since the LHASH
+	routines would normally be passed structures, this routine would
+	not normally be passed to lh_new(), rather it would be used in the
+	function passed to lh_new().
+
+The next three routines print out various statistics about the state of the
+passed hash table.  These numbers are all kept in the lhash structure.
+
+void lh_stats(
+LHASH *lh,
+FILE *out);
+	This function prints out statistics on the size of the hash table,
+	how many entries are in it, and the number and result of calls to
+	the routines in this library.
+
+void lh_node_stats(
+LHASH *lh,
+FILE *out);
+	For each 'bucket' in the hash table, the number of entries is
+	printed.
+	
+void lh_node_usage_stats(
+LHASH *lh,
+FILE *out);
+	This function prints out a short summary of the state of the hash
+	table.  It prints what I call the 'load' and the 'actual load'.
+	The load is the average number of data items per 'bucket' in the
+	hash table.  The 'actual load' is the average number of items per
+	'bucket', but only for buckets which contain entries.  So the
+	'actual load' is the average number of searches that will need to
+	find an item in the hash table, while the 'load' is the average number
+	that will be done to record a miss.
+
+==== md2.doc ========================================================
+
+The MD2 library.
+MD2 is a message digest algorithm that can be used to condense an arbitrary
+length message down to a 16 byte hash.  The functions all need to be passed
+a MD2_CTX which is used to hold the MD2 context during multiple MD2_Update()
+function calls.  The normal method of use for this library is as follows
+
+MD2_Init(...);
+MD2_Update(...);
+...
+MD2_Update(...);
+MD2_Final(...);
+
+This library requires the inclusion of 'md2.h'.
+
+The main negative about MD2 is that it is slow, especially when compared
+to MD5.
+
+The functions are as follows:
+
+void MD2_Init(
+MD2_CTX *c);
+	This function needs to be called to initiate a MD2_CTX structure for
+	use.
+	
+void MD2_Update(
+MD2_CTX *c;
+unsigned char *data;
+unsigned long len);
+	This updates the message digest context being generated with 'len'
+	bytes from the 'data' pointer.  The number of bytes can be any
+	length.
+
+void MD2_Final(
+unsigned char *md;
+MD2_CTX *c;
+	This function is called when a message digest of the data digested
+	with MD2_Update() is wanted.  The message digest is put in the 'md'
+	array and is MD2_DIGEST_LENGTH (16) bytes long.
+
+unsigned char *MD2(
+unsigned long n;
+unsigned char *d;
+unsigned char *md;
+	This function performs a MD2_Init(), followed by a MD2_Update()
+	followed by a MD2_Final() (using a local MD2_CTX).
+	The resulting digest is put into 'md' if it is not NULL.
+	Regardless of the value of 'md', the message
+	digest is returned from the function.  If 'md' was NULL, the message
+	digest returned is being stored in a static structure.
+
+==== md5.doc ========================================================
+
+The MD5 library.
+MD5 is a message digest algorithm that can be used to condense an arbitrary
+length message down to a 16 byte hash.  The functions all need to be passed
+a MD5_CTX which is used to hold the MD5 context during multiple MD5_Update()
+function calls.  This library also contains random number routines that are
+based on MD5
+
+The normal method of use for this library is as follows
+
+MD5_Init(...);
+MD5_Update(...);
+...
+MD5_Update(...);
+MD5_Final(...);
+
+This library requires the inclusion of 'md5.h'.
+
+The functions are as follows:
+
+void MD5_Init(
+MD5_CTX *c);
+	This function needs to be called to initiate a MD5_CTX structure for
+	use.
+	
+void MD5_Update(
+MD5_CTX *c;
+unsigned char *data;
+unsigned long len);
+	This updates the message digest context being generated with 'len'
+	bytes from the 'data' pointer.  The number of bytes can be any
+	length.
+
+void MD5_Final(
+unsigned char *md;
+MD5_CTX *c;
+	This function is called when a message digest of the data digested
+	with MD5_Update() is wanted.  The message digest is put in the 'md'
+	array and is MD5_DIGEST_LENGTH (16) bytes long.
+
+unsigned char *MD5(
+unsigned char *d;
+unsigned long n;
+unsigned char *md;
+	This function performs a MD5_Init(), followed by a MD5_Update()
+	followed by a MD5_Final() (using a local MD5_CTX).
+	The resulting digest is put into 'md' if it is not NULL.
+	Regardless of the value of 'md', the message
+	digest is returned from the function.  If 'md' was NULL, the message
+	digest returned is being stored in a static structure.
+
+
+==== memory.doc ========================================================
+
+In the interests of debugging SSLeay, there is an option to compile
+using some simple memory leak checking.
+
+All malloc(), free() and realloc() calls in SSLeay now go via
+Malloc(), Free() and Realloc() (except those in crypto/lhash).
+
+If CRYPTO_MDEBUG is defined, these calls are #defined to
+CRYPTO_malloc(), CRYPTO_free() and CRYPTO_realloc().
+If it is not defined, they are #defined to malloc(), free() and realloc().
+
+the CRYPTO_malloc() routines by default just call the underlying library
+functons.
+
+If CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON) is called, memory leak detection is
+turned on.  CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_OFF) turns it off.
+
+When turned on, each Malloc() or Realloc() call is recored along with the file
+and line number from where the call was made.   (This is done using the
+lhash library which always uses normal system malloc(3) routines).
+
+void CRYPTO_mem_leaks(BIO *b);
+void CRYPTO_mem_leaks_fp(FILE *fp);
+These both print out the list of memory that has not been free()ed.
+This will probably be rather hard to read, but if you look for the 'top level'
+structure allocation, this will often give an idea as to what is not being
+free()ed.  I don't expect people to use this stuff normally.
+
+==== ca.1 ========================================================
+
+From eay@orb.mincom.oz.au Thu Dec 28 23:56:45 1995
+Received: by orb.mincom.oz.au id AA07374
+  (5.65c/IDA-1.4.4 for eay); Thu, 28 Dec 1995 13:56:45 +1000
+Date: Thu, 28 Dec 1995 13:56:45 +1000 (EST)
+From: Eric Young 
+X-Sender: eay@orb
+To: sameer 
+Cc: ssleay@mincom.oz.au
+Subject: Re: 'ca'
+In-Reply-To: <199512230440.UAA23410@infinity.c2.org>
+Message-Id: 
+Mime-Version: 1.0
+Content-Type: TEXT/PLAIN; charset=US-ASCII
+Status: RO
+X-Status: 
+
+On Fri, 22 Dec 1995, sameer wrote:
+> 	I could use documentation on 'ca'. Thanks.
+
+Very quickly.
+The ca program uses the ssleay.conf file for most of its configuration
+
+./ca -help
+
+ -verbose        - Talk alot while doing things
+ -config file    - A config file. If you don't want to use the
+		   default config file
+ -name arg       - The particular CA definition to use
+	In the config file, the section to use for parameters.  This lets 
+	multiple setups to be contained in the one file.  By default, the 
+	default_ca variable is looked up in the [ ca ] section.  So in the 
+	shipped ssleay.conf, the CA definition used is CA_default.  It could be 
+	any other name.
+ -gencrl days    - Generate a new CRL, days is when the next CRL is due
+	This will generate a new certificate revocion list.
+ -days arg       - number of days to certify the certificate for
+	When certifiying certificates, this is the number of days to use.
+ -md arg         - md to use, one of md2, md5, sha or sha1
+ -policy arg     - The CA 'policy' to support
+	I'll describe this later, but there are 2 policies definied in the 
+	shipped ssleay.conf
+ -keyfile arg    - PEM RSA private key file
+ -key arg        - key to decode the RSA private key if it is encrypted
+	since we need to keep the CA's RSA key encrypted
+ -cert           - The CA certificate
+ -in file        - The input PEM encoded certificate request(s)
+ -out file       - Where to put the output file(s)
+ -outdir dir     - Where to put output certificates
+	The -out options concatinates all the output certificied
+	certificates to one file, -outdir puts them in a directory,
+	named by serial number.
+ -infiles ....   - The last argument, requests to process
+	The certificate requests to process, -in is the same.
+
+Just about all the above have default values defined in ssleay.conf.
+
+The key variables in ssleay.conf are (for the pariticular '-name' being 
+used, in the default, it is CA_default).
+
+dir is where all the CA database stuff is kept.
+certs is where all the previously issued certificates are kept.
+The database is a simple text database containing the following tab separated 
+fields.
+status: a value of 'R' - revoked, 'E' -expired or 'V' valid.
+issued date:  When the certificate was certified.
+revoked date:  When it was revoked, blank if not revoked.
+serial number:  The certificate serial number.
+certificate:	Where the certificate is located.
+CN:	The name of the certificate.
+
+The demo file has quite a few made up values it it.  The last 2 were 
+added by the ca program and are acurate.
+The CA program does not update the 'certificate' file correctly right now.
+The serial field should be unique as should the CN/status combination.
+The ca program checks these at startup.  What still needs to be 
+wrtten is a program to 'regenerate' the data base file from the issued 
+certificate list (and a CRL list).
+
+Back to the CA_default variables.
+
+Most of the variables are commented.
+
+policy is the default policy.
+
+Ok for policies, they define the order and which fields must be present 
+in the certificate request and what gets filled in.
+
+So a value of
+countryName             = match
+means that the country name must match the CA certificate.
+organizationalUnitName  = optional
+The org.Unit,Name does not have to be present and
+commonName              = supplied
+commonName must be supplied in the certificate request.
+
+For the 'policy_match' polocy, the order of the attributes in the 
+generated certiticate would be
+countryName
+stateOrProvinceName
+organizationName
+organizationalUnitName
+commonName
+emailAddress
+
+Have a play, it sort of makes sense.  If you think about how the persona 
+requests operate, it is similar to the 'policy_match' policy and the
+'policy_anything' is similar to what versign is doing.
+
+I hope this helps a bit.  Some backend scripts are definitly needed to 
+update the database and to make certificate revocion easy.  All 
+certificates issued should also be kept forever (or until they expire?)
+
+hope this helps
+eric (who has to run off an buy some cheap knee pads for the caving in 4 
+days time :-)
+
+--
+Eric Young                  | Signature removed since it was generating
+AARNet: eay@mincom.oz.au    | more followups than the message contents :-)
+
+
+==== ms3-ca.doc ========================================================
+
+Date: Mon, 9 Jun 97 08:00:33 +0200
+From: Holger.Reif@PrakInf.TU-Ilmenau.DE (Holger Reif)
+Subject: ms3-ca.doc
+Organization: TU Ilmenau, Fak. IA, FG Telematik
+Content-Length: 14575
+Status: RO
+X-Status: 
+
+Loading client certs into MSIE 3.01
+===================================
+
+This document conatains all the information necessary to succesfully set up 
+some scripts to issue client certs to Microsoft Internet Explorer. It 
+includes the required knowledge about the model MSIE uses for client 
+certification and includes complete sample scripts ready to play with. The 
+scripts were tested against a modified ca program of SSLeay 0.6.6 and should 
+work with the regular ca program that comes with version 0.8.0. I haven't 
+tested against MSIE 4.0
+
+You can use the information contained in this document in either way you 
+want. However if you feel it saved you a lot of time I ask you to be as fair 
+as to mention my name: Holger Reif .
+
+1.) The model used by MSIE
+--------------------------
+
+The Internet Explorer doesn't come with a embedded engine for installing 
+client certs like Netscape's Navigator. It rather uses the CryptoAPI (CAPI) 
+defined by Microsoft. CAPI comes with WindowsNT 4.0 or is installed together 
+with Internet Explorer since 3.01. The advantage of this approach is a higher 
+flexibility because the certificates in the (per user) system open 
+certificate store may be used by other applications as well. The drawback 
+however is that you need to do a bit more work to get a client cert issued.
+
+CAPI defines functions which will handle basic cryptographic work, eg. 
+generating keys, encrypting some data, signing text or building a certificate 
+request. The procedure is as follows: A CAPI function generates you a key 
+pair and saves it into the certificate store. After that one builds a 
+Distinguished Name. Together with that key pair another CAPI function forms a 
+PKCS#10 request which you somehow need to submit to a CA. Finally the issued 
+cert is given to a yet another CAPI function which saves it into the 
+certificate store.
+
+The certificate store with the user's keys and certs is in the registry. You 
+will find it under HKEY_CURRENT_USER/Software/Microsoft/Cryptography/ (I 
+leave it to you as a little exercise to figure out what all the entries mean 
+;-). Note that the keys are protected only with the user's usual Windows 
+login password.
+
+2.) The practical usage
+-----------------------
+
+Unfortunatly since CAPI is a system API you can't access its functions from 
+HTML code directly. For this purpose Microsoft provides a wrapper called 
+certenr3.dll. This DLL accesses the CAPI functions and provides an interface 
+usable from Visual Basic Script. One needs to install that library on the 
+computer which wants to have client cert. The easiest way is to load it as an 
+ActiveX control (certenr3.dll is properly authenticode signed by MS ;-). If 
+you have ever enrolled e cert request at a CA you will have installed it.
+
+At time of writing certenr3.dll is contained in 
+http://www.microsoft.com/workshop/prog/security/csa/certenr3.exe. It comes 
+with an README file which explains the available functions. It is labeled 
+beta but every CA seems to use it anyway. The license.txt allows you the 
+usage for your own purposes (as far as I understood) and a somehow limited 
+distribution. 
+
+The two functions of main interest are GenerateKeyPair and AcceptCredentials. 
+For complete explanation of all possible parameters see the README file. Here 
+are only minimal required parameters and their values.
+
+GenerateKeyPair(sessionID, FASLE, szName, 0, "ClientAuth", TRUE, FALSE, 1)
+- sessionID is a (locally to that computer) unique string to correlate the 
+generated key pair with a cert installed later.
+- szName is the DN of the form "C=DE; S=Thueringen; L=Ilmenau; CN=Holger 
+Reif; 1.2.840.113549.1.9.1=reif@prakinf.tu-ilmenau.de". Note that S is the 
+abreviation for StateOrProvince. The recognized abreviation include CN, O, C, 
+OU, G, I, L, S, T. If the abreviation is unknown (eg. for PKCS#9 email addr) 
+you need to use the full object identifier. The starting point for searching 
+them could be crypto/objects.h since all OIDs know to SSLeay are listed 
+there.
+- note: the possible ninth parameter which should give a default name to the 
+certificate storage location doesn't seem to work. Changes to the constant 
+values in the call above doesn't seem to make sense. You can't generate 
+PKCS#10 extensions with that function.
+
+The result of GenerateKeyPair is the base64 encoded PKCS#10 request. However 
+it has a little strange format that SSLeay doesn't accept. (BTW I feel the 
+decision of rejecting that format as standard conforming.) It looks like 
+follows:
+	1st line with 76 chars
+	2nd line with 76 chars
+	...
+	(n-2)th line with 76 chars
+	(n-1)th line contains a multiple of 4 chars less then 76 (possible 
+empty)
+	(n)th line has zero or 4 chars (then with 1 or 2 equal signs - the 
+		original text's lenght wasn'T a multiple of 3) 
+	The line separator has two chars: 0x0d 0x0a
+
+AcceptCredentials(sessionID, credentials, 0, FALSE)
+- sessionID needs to be the same as while generating the key pair
+- credentials is the base64 encoded PKCS#7 object containing the cert. 
+
+CRL's and CA certs are not required simply just the client cert. (It seems to 
+me that both are not even checked somehow.) The only format of the base64 
+encoded object I succesfully used was all characters in a very long string 
+without line feeds or carriage returns. (Hey, it doesn't matter, only a 
+computer reads it!)
+
+The result should be S_OK. For error handling see the example that comes with 
+certenr3.dll.
+
+A note about ASN.1 character encodings. certenr3.dll seems to know only about 
+2 of them: UniversalString and PrintableString. First it is definitely wrong 
+for an email address which is IA5STRING (checked by ssleay's ca). Second 
+unfortunately MSIE (at least until version 3.02) can't handle UniversalString 
+correctly - they just blow up you cert store! Therefore ssleay's ca (starting 
+from version 0.8.0) tries to convert the encodings automatically to IA5STRING 
+or TeletexString. The beef is it will work only for the latin-1 (western) 
+charset. Microsoft still has to do abit of homework...
+
+3.) An example
+--------------
+
+At least you need two steps: generating the key & request and then installing 
+the certificate. A real world CA would have some more steps involved, eg. 
+accepting some license. Note that both scripts shown below are just 
+experimental state without any warrenty!
+
+First how to generate a request. Note that we can't use a static page because 
+of the sessionID. I generate it from system time plus pid and hope it is 
+unique enough. Your are free to feed it through md5 to get more impressive 
+ID's ;-) Then the intended text is read in with sed which inserts the 
+sessionID. 
+
+-----BEGIN ms-enroll.cgi-----
+#!/bin/sh
+SESSION_ID=`date '+%y%m%d%H%M%S'`$$
+echo Content-type: text/html
+echo
+sed s/template_for_sessId/$SESSION_ID/ <
+Certificate Enrollment Test Page
+
+
+
+
+
+

+
enrollment for a personal cert

+


+

+
+    
+    
+    
+    
+    
+        
+    
+    
+        
+    
+        
+
Country
State
Location
Organization
Organizational Unit
Name
eMail Address

+	
+	
+

+


+

+
+
+
+
+EOF
+-----END ms-enroll.cgi-----
+
+Second, how to extract the request and feed the certificate back? We need to 
+"normalize" the base64 encoding of the PKCS#10 format which means 
+regenerating the lines and wrapping with BEGIN and END line. This is done by 
+gawk. The request is taken by ca the normal way. Then the cert needs to be 
+packed into a PKCS#7 structure (note: the use of a CRL is necessary for 
+crl2pkcs7 as of version 0.6.6. Starting with 0.8.0 it it might probably be 
+ommited). Finally we need to format the PKCS#7 object and generate the HTML 
+text. I use two templates to have a clearer script.
+
+1st note: postit2 is slightly modified from a program I found at ncsa's ftp 
+site. Grab it from http://www.easterngraphics.com/certs/IX9704/postit2.c. You 
+need utils.c from there too.
+
+2nd note: I'm note quite sure wether the gawk script really handles all 
+possible inputs for the request right! Today I don't use this construction 
+anymore myself.
+
+3d note: the cert must be of version 3! This could be done with the nsComment 
+line in ssleay.cnf...
+
+------BEGIN ms-gencert.cgi-----
+#!/bin/sh
+FILE="/tmp/"`date '+%y%m%d%H%M%S'-`$$
+rm -f "$FILE".*
+
+HOME=`pwd`; export HOME  # as ssleay.cnf insists on having such an env var
+cd /usr/local/ssl #where demoCA (as named in ssleay.conf) is located
+
+postit2 -s " " -i 0x0d > "$FILE".inp  # process the FORM vars
+
+SESSION_ID=`gawk '$1 == "SessionId" { print $2; exit }' "$FILE".inp`
+
+gawk \
+	'BEGIN { \
+		OFS = ""; \
+		print "-----BEGIN CERTIFICATE REQUEST-----"; \
+		req_seen=0 \
+	} \
+	$1 == "Request" { \
+		req_seen=1; \
+		if (length($2) == 72) print($2); \
+		lastline=$2; \
+		next; \
+	} \
+	{ \
+		if (req_seen == 1) { \
+			if (length($1) >= 72) print($1); \
+			else if (length(lastline) < 72) { \
+				req_seen=0; \
+				print (lastline,$1); \
+			} \
+		lastline=$1; \
+		} \
+	} \
+	END { \
+		print "-----END CERTIFICATE REQUEST-----"; \
+	}' > "$FILE".pem < "$FILE".inp 
+
+ssleay ca -batch -in "$FILE".pem -key passwd -out "$FILE".out
+ssleay crl2pkcs7 -certfile "$FILE".out -out "$FILE".pkcs7 -in demoCA/crl.pem
+
+sed s/template_for_sessId/$SESSION_ID/ "$FILE".cert
+/usr/local/bin/gawk \
+	'BEGIN	{ \
+		OFS = ""; \
+		dq = sprintf("%c",34); \
+	} \
+	$0 ~ "PKCS7" { next; } \
+	{ \
+		print dq$0dq" & _"; \
+	}' <"$FILE".pkcs7 >> "$FILE".cert
+cat  ms-enroll2b.html >>"$FILE".cert
+
+echo Content-type: text/html
+echo Content-length: `wc -c "$FILE".cert`
+echo
+cat "$FILE".cert
+rm -f "$FILE".*
+-----END ms-gencert.cgi-----
+
+----BEGIN ms-enroll2a.html----
+Certificate Acceptance Test Page
+
+
+
+
+

+
Your personal certificate

+


+Press the button!
+

+

+


+
+
+
+
+----END ms-enroll2b.html----
+
+4.) What do do with the cert?
+-----------------------------
+
+The cert is visible (without restarting MSIE) under the following menu:
+View->Options->Security->Personal certs. You can examine it's contents at 
+least partially.
+
+To use it for client authentication you need to use SSL3.0 (fortunately 
+SSLeay supports it with 0.8.0). Furthermore MSIE is told to only supports a 
+kind of automatic selection of certs (I personally wasn't able to test it 
+myself). But there is a requirement that the issuer of the server cert and 
+the issuer of the client cert needs to be the same (according to a developer 
+from MS). Which means: you need may more then one cert to talk to all 
+servers...
+
+I'm sure we will get a bit more experience after ApacheSSL is available for 
+SSLeay 0.8.8.
+
+
+I hope you enjoyed reading and that in future questions on this topic will 
+rarely appear on ssl-users@moncom.com ;-)
+
+Ilmenau, 9th of June 1997
+Holger Reif 
+-- 
+read you later  -  Holger Reif
+----------------------------------------  Signaturprojekt Deutsche Einheit
+TU Ilmenau - Informatik - Telematik                      (Verdamp lang her)
+Holger.Reif@PrakInf.TU-Ilmenau.DE         Alt wie ein Baum werden, um ueber
+http://Remus.PrakInf.TU-Ilmenau.DE/Reif/  alle 7 Bruecken gehen zu koennen
+
+
+==== ns-ca.doc ========================================================
+
+The following documentation was supplied by Jeff Barber, who provided the
+patch to the CA program to add this functionality.
+
+eric
+--
+Jeff Barber                                Email: jeffb@issl.atl.hp.com
+
+Hewlett Packard                            Phone: (404) 648-9503
+Internet and System Security Lab           Fax:   (404) 648-9516
+
+                         oo
+---------------------cut /\ here for ns-ca.doc ------------------------------
+
+This document briefly describes how to use SSLeay to implement a 
+certificate authority capable of dynamically serving up client
+certificates for version 3.0 beta 5 (and presumably later) versions of
+the Netscape Navigator.  Before describing how this is done, it's
+important to understand a little about how the browser implements its
+client certificate support.  This is documented in some detail in the
+URLs based at .
+Here's a brief overview:
+
+-	The Navigator supports a new HTML tag "KEYGEN" which will cause
+	the browser to generate an RSA key pair when you submit a form
+	containing the tag.  The public key, along with an optional
+	challenge (supposedly provided for use in certificate revocation
+	but I don't use it) is signed, DER-encoded, base-64 encoded
+	and sent to the web server as the value of the variable
+	whose NAME is provided in the KEYGEN tag.  The private key is
+	stored by the browser in a local key database.
+
+	This "Signed Public Key And Challenge" (SPKAC) arrives formatted
+	into 64 character lines (which are of course URL-encoded when 
+	sent via HTTP -- i.e. spaces, newlines and most punctuatation are
+	encoded as "%HH" where HH is the hex equivalent of the ASCII code).
+	Note that the SPKAC does not contain the other usual attributes
+	of a certificate request, especially the subject name fields.
+	These must be otherwise encoded in the form for submission along
+	with the SPKAC.
+
+-	Either immediately (in response to this form submission), or at
+	some later date (a real CA will probably verify your identity in
+	some way before issuing the certificate), a web server can send a
+	certificate based on the public key and other attributes back to
+	the browser by encoding it in DER (the binary form) and sending it
+	to the browser as MIME type:
+	"Content-type: application/x-x509-user-cert"
+
+	The browser uses the public key encoded in the certificate to
+	associate the certificate with the appropriate private key in
+	its local key database.  Now, the certificate is "installed".
+
+-	When a server wants to require authentication based on client
+	certificates, it uses the right signals via the SSL protocol to
+	trigger the Navigator to ask you which certificate you want to
+	send.  Whether the certificate is accepted is dependent on CA
+	certificates and so forth installed in the server and is beyond
+	the scope of this document.
+
+
+Now, here's how the SSLeay package can be used to provide client 
+certficates:
+
+-	You prepare a file for input to the SSLeay ca application.
+	The file contains a number of "name = value" pairs that identify
+	the subject.  The names here are the same subject name component
+	identifiers used in the CA section of the lib/ssleay.conf file,
+	such as "emailAddress", "commonName" "organizationName" and so
+	forth.  Both the long version and the short version (e.g. "Email",
+	"CN", "O") can be used.
+
+	One more name is supported: this one is "SPKAC".  Its value
+	is simply the value of the base-64 encoded SPKAC sent by the
+	browser (with all the newlines and other space charaters
+	removed -- and newline escapes are NOT supported).
+
+	[ As of SSLeay 0.6.4, multiple lines are supported.
+	  Put a \ at the end of each line and it will be joined with the
+	  previous line with the '\n' removed - eay ]
+	
+	Here's a sample input file:
+
+C = US
+SP = Georgia
+O = Some Organization, Inc.
+OU = Netscape Compatibility Group
+CN = John X. Doe
+Email = jxdoe@someorg.com
+SPKAC = MIG0MGAwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAwmk6FMJ4uAVIYbcvIOx5+bDGTfvL8X5gE+R67ccMk6rCSGbVQz2cetyQtnI+VIs0NwdD6wjuSuVtVFbLoHonowIDAQABFgAwDQYJKoZIhvcNAQEEBQADQQBFZDUWFl6BJdomtN1Bi53mwijy1rRgJ4YirF15yBEDM3DjAQkKXHYOIX+qpz4KXKnl6EYxTnGSFL5wWt8X2iyx
+
+-	You execute the ca command (either from a CGI program run out of
+	the web server, or as a later manual task) giving it the above
+	file as input.  For example, if the file were named /tmp/cert.req,
+	you'd run:
+	$SSLDIR/bin/ca -spkac /tmp/cert.req -out /tmp/cert
+
+	The output is in DER format (binary) if a -out argument is 
+	provided, as above; otherwise, it's in the PEM format (base-64
+	encoded DER).  Also, the "-batch" switch is implied by the
+	"-spkac" so you don't get asked whether to complete the signing
+	(probably it shouldn't work this way but I was only interested
+	in hacking together an online CA that could be used for issuing
+	test certificates).
+
+	The "-spkac" capability doesn't support multiple files (I think).
+
+	Any CHALLENGE provided in the SPKAC is simply ignored.
+
+	The interactions between the identification fields you provide
+	and those identified in your lib/ssleay.conf are the same as if
+	you did an ordinary "ca -in infile -out outfile" -- that is, if
+	something is marked as required in the ssleay.conf file and it
+	isn't found in the -spkac file, the certificate won't be issued.
+
+-	Now, you pick up the output from /tmp/cert and pass it back to
+	the Navigator prepending the Content-type string described earlier.
+
+-	In order to run the ca command out of a CGI program, you must
+	provide a password to decrypt the CA's private key.  You can
+	do this by using "echo MyKeyPassword | $SSLDIR/bin/ca ..."
+	I think there's a way to not encrypt the key file in the first
+	place, but I didn't see how to do that, so I made a small change
+	to the library that allows the password to be accepted from a pipe.
+	Either way is UTTERLY INSECURE and a real CA would never do that.
+
+	[ You can use the 'ssleay rsa' command to remove the password
+	  from the private key, or you can use the '-key' option to the
+	  ca command to specify the decryption key on the command line
+	  or use the -nodes option when generating the key.
+	  ca will try to clear the command line version of the password
+	  but for quite a few operating systems, this is not possible.
+	  - eric ]
+
+So, what do you have to do to make use of this stuff to create an online 
+demo CA capability with SSLeay?
+
+1	Create an HTML form for your users.  The form should contain
+	fields for all of the required or optional fields in ssleay.conf.
+	The form must contain a KEYGEN tag somewhere with at least a NAME
+	attribute.
+
+2	Create a CGI program to process the form input submitted by the
+	browser.  The CGI program must URL-decode the variables and create
+	the file described above, containing subject identification info
+	as well as the SPKAC block.  It should then run the the ca program
+	with the -spkac option.  If it works (check the exit status),
+	return the new certificate with the appropriate MIME type.  If not,
+	return the output of the ca command with MIME type "text/plain".
+
+3	Set up your web server to accept connections signed by your demo
+	CA.  This probably involves obtaining the PEM-encoded CA certificate
+	(ordinarily in $SSLDIR/CA/cacert.pem) and installing it into a
+	server database.  See your server manual for instructions.
+
+
+==== obj.doc ========================================================
+
+The Object library.
+
+As part of my Crypto library, I found I required a method of identifying various
+objects.  These objects normally had 3 different values associated with
+them, a short text name, a long (or lower case) text name, and an
+ASN.1 Object Identifier (which is a sequence of numbers).
+This library contains a static list of objects and functions to lookup
+according to one type and to return the other types.
+
+To use these routines, 'Object.h' needs to be included.
+
+For each supported object, #define entries are defined as follows
+#define SN_Algorithm			"Algorithm"
+#define LN_algorithm			"algorithm"
+#define NID_algorithm			38
+#define OBJ_algorithm			1L,3L,14L,3L,2L
+
+SN_  stands for short name.
+LN_  stands for either long name or lowercase name.
+NID_ stands for Numeric ID.  I each object has a unique NID and this
+     should be used internally to identify objects.
+OBJ_ stands for ASN.1 Object Identifier or ASN1_OBJECT as defined in the
+     ASN1 routines.  These values are used in ASN1 encoding.
+
+The following functions are to be used to return pointers into a static
+definition of these types.  What this means is "don't try to free() any
+pointers returned from these functions.
+
+ASN1_OBJECT *OBJ_nid2obj(
+int n);
+	Return the ASN1_OBJECT that corresponds to a NID of n.
+	
+char *OBJ_nid2ln(
+int n);
+	Return the long/lower case name of the object represented by the
+	NID of n.
+	
+char *OBJ_nid2sn(
+int n);
+	Return the short name for the object represented by the NID of n.
+
+ASN1_OBJECT *OBJ_dup(
+ASN1_OBJECT *o);
+	Duplicate and return a new ASN1_OBJECT that is the same as the
+	passed parameter.
+	
+int OBJ_obj2nid(
+ASN1_OBJECT *o);
+	Given ASN1_OBJECT o, return the NID that corresponds.
+	
+int OBJ_ln2nid(
+char *s);
+	Given the long/lower case name 's', return the NID of the object.
+	
+int OBJ_sn2nid(
+char *s);
+	Given the short name 's', return the NID of the object.
+	
+char *OBJ_bsearch(
+char *key,
+char *base,
+int num,
+int size,
+int (*cmp)());
+	Since I have come across a few platforms that do not have the
+	bsearch() function, OBJ_bsearch is my version of that function.
+	Feel free to use this function, but you may as well just use the
+	normal system bsearch(3) if it is present.  This version also
+	has tolerance of being passed NULL pointers.
+
+==== keys ===========================================================
+
+EVP_PKEY_DSA
+EVP_PKEY_DSA2
+EVP_PKEY_DSA3
+EVP_PKEY_DSA4
+
+EVP_PKEY_RSA
+EVP_PKEY_RSA2
+
+valid DSA pkey types
+	NID_dsa
+	NID_dsaWithSHA
+	NID_dsaWithSHA1
+	NID_dsaWithSHA1_2
+
+valid RSA pkey types
+	NID_rsaEncryption
+	NID_rsa
+
+NID_dsaWithSHA	NID_dsaWithSHA			DSA		SHA
+NID_dsa		NID_dsaWithSHA1			DSA		SHA1
+NID_md2		NID_md2WithRSAEncryption	RSA-pkcs1	MD2
+NID_md5		NID_md5WithRSAEncryption	RSA-pkcs1	MD5
+NID_mdc2	NID_mdc2WithRSA			RSA-none	MDC2
+NID_ripemd160	NID_ripemd160WithRSA		RSA-pkcs1	RIPEMD160
+NID_sha		NID_shaWithRSAEncryption	RSA-pkcs1	SHA
+NID_sha1	NID_sha1WithRSAEncryption	RSA-pkcs1	SHA1
+
+==== rand.doc ========================================================
+
+My Random number library.
+
+These routines can be used to generate pseudo random numbers and can be
+used to 'seed' the pseudo random number generator (RNG).  The RNG make no
+effort to reproduce the same random number stream with each execution.
+Various other routines in the SSLeay library 'seed' the RNG when suitable
+'random' input data is available.  Read the section at the end for details
+on the design of the RNG.
+
+void RAND_bytes(
+unsigned char *buf,
+int num);
+	This routine puts 'num' random bytes into 'buf'.  One should make
+	sure RAND_seed() has been called before using this routine.
+	
+void RAND_seed(
+unsigned char *buf,
+int num);
+	This routine adds more 'seed' data the RNG state.  'num' bytes
+	are added to the RNG state, they are taken from 'buf'.  This
+	routine can be called with sensitive data such as user entered
+	passwords.  This sensitive data is in no way recoverable from
+	the RAND library routines or state.  Try to pass as much data
+	from 'random' sources as possible into the RNG via this function.
+	Also strongly consider using the RAND_load_file() and
+	RAND_write_file() routines.
+
+void RAND_cleanup();
+	When a program has finished with the RAND library, if it so
+	desires, it can 'zero' all RNG state.
+	
+The following 3 routines are convenience routines that can be used to
+'save' and 'restore' data from/to the RNG and it's state.
+Since the more 'random' data that is feed as seed data the better, why not
+keep it around between executions of the program?  Of course the
+application should pass more 'random' data in via RAND_seed() and 
+make sure no-one can read the 'random' data file.
+	
+char *RAND_file_name(
+char *buf,
+int size);
+	This routine returns a 'default' name for the location of a 'rand'
+	file.  The 'rand' file should keep a sequence of random bytes used
+	to initialise the RNG.  The filename is put in 'buf'.  Buf is 'size'
+	bytes long.  Buf is returned if things go well, if they do not,
+	NULL is returned.  The 'rand' file name is generated in the
+	following way.  First, if there is a 'RANDFILE' environment
+	variable, it is returned.  Second, if there is a 'HOME' environment
+	variable, $HOME/.rand is returned.  Third, NULL is returned.  NULL
+	is also returned if a buf would overflow.
+
+int RAND_load_file(
+char *file,
+long number);
+	This function 'adds' the 'file' into the RNG state.  It does this by
+	doing a RAND_seed() on the value returned from a stat() system call
+	on the file and if 'number' is non-zero, upto 'number' bytes read
+	from the file.  The number of bytes passed to RAND_seed() is returned.
+
+int RAND_write_file(
+char *file),
+	RAND_write_file() writes N random bytes to the file 'file', where
+	N is the size of the internal RND state (currently 1k).
+	This is a suitable method of saving RNG state for reloading via
+	RAND_load_file().
+
+What follows is a description of this RNG and a description of the rational
+behind it's design.
+
+It should be noted that this RNG is intended to be used to generate
+'random' keys for various ciphers including generation of DH and RSA keys.  
+
+It should also be noted that I have just created a system that I am happy with.
+It may be overkill but that does not worry me.  I have not spent that much
+time on this algorithm so if there are glaring errors, please let me know.
+Speed has not been a consideration in the design of these routines.
+
+First up I will state the things I believe I need for a good RNG.
+1) A good hashing algorithm to mix things up and to convert the RNG 'state'
+   to random numbers.
+2) An initial source of random 'state'.
+3) The state should be very large.  If the RNG is being used to generate
+   4096 bit RSA keys, 2 2048 bit random strings are required (at a minimum).
+   If your RNG state only has 128 bits, you are obviously limiting the
+   search space to 128 bits, not 2048.  I'm probably getting a little
+   carried away on this last point but it does indicate that it may not be
+   a bad idea to keep quite a lot of RNG state.  It should be easier to
+   break a cipher than guess the RNG seed data.
+4) Any RNG seed data should influence all subsequent random numbers
+   generated.  This implies that any random seed data entered will have
+   an influence on all subsequent random numbers generated.
+5) When using data to seed the RNG state, the data used should not be
+   extractable from the RNG state.  I believe this should be a
+   requirement because one possible source of 'secret' semi random
+   data would be a private key or a password.  This data must
+   not be disclosed by either subsequent random numbers or a
+   'core' dump left by a program crash.
+6) Given the same initial 'state', 2 systems should deviate in their RNG state
+   (and hence the random numbers generated) over time if at all possible.
+7) Given the random number output stream, it should not be possible to determine
+   the RNG state or the next random number.
+
+
+The algorithm is as follows.
+
+There is global state made up of a 1023 byte buffer (the 'state'), a
+working message digest ('md') and a counter ('count').
+
+Whenever seed data is added, it is inserted into the 'state' as
+follows.
+	The input is chopped up into units of 16 bytes (or less for
+	the last block).  Each of these blocks is run through the MD5
+	message digest.  The data passed to the MD5 digest is the
+	current 'md', the same number of bytes from the 'state'
+	(the location determined by in incremented looping index) as
+	the current 'block' and the new key data 'block'.  The result
+	of this is kept in 'md' and also xored into the 'state' at the
+	same locations that were used as input into the MD5.
+	I believe this system addresses points 1 (MD5), 3 (the 'state'),
+	4 (via the 'md'), 5 (by the use of MD5 and xor).
+
+When bytes are extracted from the RNG, the following process is used.
+For each group of 8 bytes (or less), we do the following,
+	Input into MD5, the top 8 bytes from 'md', the byte that are
+	to be overwritten by the random bytes and bytes from the
+	'state' (incrementing looping index).  From this digest output
+	(which is kept in 'md'), the top (upto) 8 bytes are
+	returned to the caller and the bottom (upto) 8 bytes are xored
+	into the 'state'.
+	Finally, after we have finished 'generation' random bytes for the
+	called, 'count' (which is incremented) and 'md' are fed into MD5 and
+	the results are kept in 'md'.
+	I believe the above addressed points 1 (use of MD5), 6 (by
+	hashing into the 'state' the 'old' data from the caller that
+	is about to be overwritten) and 7 (by not using the 8 bytes
+	given to the caller to update the 'state', but they are used
+	to update 'md').
+
+So of the points raised, only 2 is not addressed, but sources of
+random data will always be a problem.
+	
+
+==== rc2.doc ========================================================
+
+The RC2 library.
+
+RC2 is a block cipher that operates on 64bit (8 byte) quantities.  It
+uses variable size key, but 128bit (16 byte) key would normally be considered
+good.  It can be used in all the modes that DES can be used.  This
+library implements the ecb, cbc, cfb64, ofb64 modes.
+
+I have implemented this library from an article posted to sci.crypt on
+11-Feb-1996.  I personally don't know how far to trust the RC2 cipher.
+While it is capable of having a key of any size, not much reseach has
+publically been done on it at this point in time (Apr-1996)
+since the cipher has only been public for a few months :-)
+It is of a similar speed to DES and IDEA, so unless it is required for
+meeting some standard (SSLv2, perhaps S/MIME), it would probably be advisable
+to stick to IDEA, or for the paranoid, Tripple DES.
+
+Mind you, having said all that, I should mention that I just read alot and
+implement ciphers, I'm a 'babe in the woods' when it comes to evaluating
+ciphers :-).
+
+For all calls that have an 'input' and 'output' variables, they can be the
+same.
+
+This library requires the inclusion of 'rc2.h'.
+
+All of the encryption functions take what is called an RC2_KEY as an 
+argument.  An RC2_KEY is an expanded form of the RC2 key.
+For all modes of the RC2 algorithm, the RC2_KEY used for
+decryption is the same one that was used for encryption.
+
+The define RC2_ENCRYPT is passed to specify encryption for the functions
+that require an encryption/decryption flag. RC2_DECRYPT is passed to
+specify decryption.
+
+Please note that any of the encryption modes specified in my DES library
+could be used with RC2.  I have only implemented ecb, cbc, cfb64 and
+ofb64 for the following reasons.
+- ecb is the basic RC2 encryption.
+- cbc is the normal 'chaining' form for block ciphers.
+- cfb64 can be used to encrypt single characters, therefore input and output
+  do not need to be a multiple of 8.
+- ofb64 is similar to cfb64 but is more like a stream cipher, not as
+  secure (not cipher feedback) but it does not have an encrypt/decrypt mode.
+- If you want triple RC2, thats 384 bits of key and you must be totally
+  obsessed with security.  Still, if you want it, it is simple enough to
+  copy the function from the DES library and change the des_encrypt to
+  RC2_encrypt; an exercise left for the paranoid reader :-).
+
+The functions are as follows:
+
+void RC2_set_key(
+RC2_KEY *ks;
+int len;
+unsigned char *key;
+int bits;
+        RC2_set_key converts an 'len' byte key into a RC2_KEY.
+        A 'ks' is an expanded form of the 'key' which is used to
+        perform actual encryption.  It can be regenerated from the RC2 key
+        so it only needs to be kept when encryption or decryption is about
+        to occur.  Don't save or pass around RC2_KEY's since they
+        are CPU architecture dependent, 'key's are not.  RC2 is an
+	interesting cipher in that it can be used with a variable length
+	key.  'len' is the length of 'key' to be used as the key.
+	A 'len' of 16 is recomended.  The 'bits' argument is an
+	interesting addition which I only found out about in Aug 96.
+	BSAFE uses this parameter to 'limit' the number of bits used
+	for the key.  To use the 'key' unmodified, set bits to 1024.
+	This is what old versions of my RC2 library did (SSLeay 0.6.3).
+	RSAs BSAFE library sets this parameter to be 128 if 128 bit
+	keys are being used.  So to be compatable with BSAFE, set it
+	to 128, if you don't want to reduce RC2's key length, leave it
+	at 1024.
+	
+void RC2_encrypt(
+unsigned long *data,
+RC2_KEY *key,
+int encrypt);
+	This is the RC2 encryption function that gets called by just about
+	every other RC2 routine in the library.  You should not use this
+	function except to implement 'modes' of RC2.  I say this because the
+	functions that call this routine do the conversion from 'char *' to
+	long, and this needs to be done to make sure 'non-aligned' memory
+	access do not occur.
+	Data is a pointer to 2 unsigned long's and key is the
+	RC2_KEY to use.  Encryption or decryption is indicated by 'encrypt'.
+	which can have the values RC2_ENCRYPT or RC2_DECRYPT.
+
+void RC2_ecb_encrypt(
+unsigned char *in,
+unsigned char *out,
+RC2_KEY *key,
+int encrypt);
+	This is the basic Electronic Code Book form of RC2 (in DES this
+	mode is called Electronic Code Book so I'm going to use the term
+	for rc2 as well.
+	Input is encrypted into output using the key represented by
+	key.  Depending on the encrypt, encryption or
+	decryption occurs.  Input is 8 bytes long and output is 8 bytes.
+	
+void RC2_cbc_encrypt(
+unsigned char *in,
+unsigned char *out,
+long length,
+RC2_KEY *ks,
+unsigned char *ivec,
+int encrypt);
+	This routine implements RC2 in Cipher Block Chaining mode.
+	Input, which should be a multiple of 8 bytes is encrypted
+	(or decrypted) to output which will also be a multiple of 8 bytes.
+	The number of bytes is in length (and from what I've said above,
+	should be a multiple of 8).  If length is not a multiple of 8, bad 
+	things will probably happen.  ivec is the initialisation vector.
+	This function updates iv after each call so that it can be passed to
+	the next call to RC2_cbc_encrypt().
+	
+void RC2_cfb64_encrypt(
+unsigned char *in,
+unsigned char *out,
+long length,
+RC2_KEY *schedule,
+unsigned char *ivec,
+int *num,
+int encrypt);
+	This is one of the more useful functions in this RC2 library, it
+	implements CFB mode of RC2 with 64bit feedback.
+	This allows you to encrypt an arbitrary number of bytes,
+	you do not require 8 byte padding.  Each call to this
+	routine will encrypt the input bytes to output and then update ivec
+	and num.  Num contains 'how far' we are though ivec.
+	'Encrypt' is used to indicate encryption or decryption.
+	CFB64 mode operates by using the cipher to generate a stream
+	of bytes which is used to encrypt the plain text.
+	The cipher text is then encrypted to generate the next 64 bits to
+	be xored (incrementally) with the next 64 bits of plain
+	text.  As can be seen from this, to encrypt or decrypt,
+	the same 'cipher stream' needs to be generated but the way the next
+	block of data is gathered for encryption is different for
+	encryption and decryption.
+	
+void RC2_ofb64_encrypt(
+unsigned char *in,
+unsigned char *out,
+long length,
+RC2_KEY *schedule,
+unsigned char *ivec,
+int *num);
+	This functions implements OFB mode of RC2 with 64bit feedback.
+	This allows you to encrypt an arbitrary number of bytes,
+	you do not require 8 byte padding.  Each call to this
+	routine will encrypt the input bytes to output and then update ivec
+	and num.  Num contains 'how far' we are though ivec.
+	This is in effect a stream cipher, there is no encryption or
+	decryption mode.
+	
+For reading passwords, I suggest using des_read_pw_string() from my DES library.
+To generate a password from a text string, I suggest using MD5 (or MD2) to
+produce a 16 byte message digest that can then be passed directly to
+RC2_set_key().
+
+=====
+For more information about the specific RC2 modes in this library
+(ecb, cbc, cfb and ofb), read the section entitled 'Modes of DES' from the
+documentation on my DES library.  What is said about DES is directly
+applicable for RC2.
+
+
+==== rc4.doc ========================================================
+
+The RC4 library.
+RC4 is a stream cipher that operates on a byte stream.  It can be used with
+any length key but I would recommend normally using 16 bytes.
+
+This library requires the inclusion of 'rc4.h'.
+
+The RC4 encryption function takes what is called an RC4_KEY as an argument.
+The RC4_KEY is generated by the RC4_set_key function from the key bytes.
+
+RC4, being a stream cipher, does not have an encryption or decryption mode.
+It produces a stream of bytes that the input stream is xor'ed against and
+so decryption is just a case of 'encrypting' again with the same key.
+
+I have only put in one 'mode' for RC4 which is the normal one.  This means
+there is no initialisation vector and there is no feedback of the cipher
+text into the cipher.  This implies that you should not ever use the
+same key twice if you can help it.  If you do, you leave yourself open to
+known plain text attacks; if you know the plain text and
+corresponding cipher text in one message, all messages that used the same
+key can have the cipher text decoded for the corresponding positions in the
+cipher stream.
+
+The main positive feature of RC4 is that it is a very fast cipher; about 4
+times faster that DES.  This makes it ideally suited to protocols where the
+key is randomly chosen, like SSL.
+
+The functions are as follows:
+
+void RC4_set_key(
+RC4_KEY *key;
+int len;
+unsigned char *data);
+	This function initialises the RC4_KEY structure with the key passed
+	in 'data', which is 'len' bytes long.  The key data can be any
+	length but 16 bytes seems to be a good number.
+
+void RC4(
+RC4_KEY *key;
+unsigned long len;
+unsigned char *in;
+unsigned char *out);
+	Do the actual RC4 encryption/decryption.  Using the 'key', 'len'
+	bytes are transformed from 'in' to 'out'.  As mentioned above,
+	decryption is the operation as encryption.
+
+==== ref.doc ========================================================
+
+I have lots more references etc, and will update this list in the future,
+30 Aug 1996 - eay
+
+
+SSL	The SSL Protocol - from Netscapes.
+
+RC4	Newsgroups: sci.crypt
+	From: sterndark@netcom.com (David Sterndark)
+	Subject: RC4 Algorithm revealed.
+	Message-ID: 
+
+RC2	Newsgroups: sci.crypt
+	From: pgut01@cs.auckland.ac.nz (Peter Gutmann)
+	Subject: Specification for Ron Rivests Cipher No.2
+	Message-ID: <4fk39f$f70@net.auckland.ac.nz>
+
+MD2	RFC1319 The MD2 Message-Digest Algorithm
+MD5	RFC1321 The MD5 Message-Digest Algorithm
+
+X509 Certificates
+	RFC1421 Privacy Enhancement for Internet Electronic Mail: Part I
+	RFC1422 Privacy Enhancement for Internet Electronic Mail: Part II
+	RFC1423 Privacy Enhancement for Internet Electronic Mail: Part III
+	RFC1424 Privacy Enhancement for Internet Electronic Mail: Part IV
+
+RSA and various standard encoding
+	PKCS#1 RSA Encryption Standard
+	PKCS#5 Password-Based Encryption Standard
+	PKCS#7 Cryptographic Message Syntax Standard
+	A Layman's Guide to a Subset of ASN.1, BER, and DER
+	An Overview of the PKCS Standards
+	Some Examples of the PKCS Standards
+
+IDEA	Chapter 3 The Block Cipher IDEA
+
+RSA, prime number generation and bignum algorithms
+	Introduction To Algorithms,
+	Thomas Cormen, Charles Leiserson, Ronald Rivest,
+	Section 29 Arithmetic Circuits
+	Section 33 Number-Theoretic Algorithms
+
+Fast Private Key algorithm
+	Fast Decipherment Algorithm for RSA Public-Key Cryptosystem
+	J.-J. Quisquater and C. Couvreur, Electronics Letters,
+	14th October 1982, Vol. 18 No. 21
+
+Prime number generation and bignum algorithms.
+	PGP-2.3a
+
+==== rsa.doc ========================================================
+
+The RSA encryption and utility routines.
+
+The RSA routines are built on top of a big number library (the BN library).
+There are support routines in the X509 library for loading and manipulating
+the various objects in the RSA library.  When errors are returned, read
+about the ERR library for how to access the error codes.
+
+All RSA encryption is done according to the PKCS-1 standard which is
+compatible with PEM and RSAref.  This means that any values being encrypted
+must be less than the size of the modulus in bytes, minus 10, bytes long.
+
+This library uses RAND_bytes()() for it's random data, make sure to feed
+RAND_seed() with lots of interesting and varied data before using these
+routines.
+
+The RSA library has one specific data type, the RSA structure.
+It is composed of 8 BIGNUM variables (see the BN library for details) and
+can hold either a private RSA key or a public RSA key.
+Some RSA libraries have different structures for public and private keys, I
+don't.  For my libraries, a public key is determined by the fact that the
+RSA->d value is NULL.  These routines will operate on any size RSA keys.
+While I'm sure 4096 bit keys are very very secure, they take a lot longer
+to process that 1024 bit keys :-).
+
+The function in the RSA library are as follows.
+
+RSA *RSA_new();
+	This function creates a new RSA object.  The sub-fields of the RSA
+	type are also malloced so you should always use this routine to
+	create RSA variables.
+	
+void RSA_free(
+RSA *rsa);
+	This function 'frees' an RSA structure.  This routine should always
+	be used to free the RSA structure since it will also 'free' any
+	sub-fields of the RSA type that need freeing.
+	
+int RSA_size(
+RSA *rsa);	
+	This function returns the size of the RSA modulus in bytes.  Why do
+	I need this you may ask, well the reason is that when you encrypt
+	with RSA, the output string will be the size of the RSA modulus.
+	So the output for the RSA_encrypt and the input for the RSA_decrypt
+	routines need to be RSA_size() bytes long, because this is how many
+	bytes are expected.
+	
+For the following 4 RSA encryption routines, it should be noted that
+RSA_private_decrypt() should be used on the output from 
+RSA_public_encrypt() and RSA_public_decrypt() should be used on
+the output from RSA_private_encrypt().
+	
+int RSA_public_encrypt(
+int from_len;
+unsigned char *from	
+unsigned char *to	
+RSA *rsa);
+	This function implements RSA public encryption, the rsa variable
+	should be a public key (but can be a private key).  'from_len'
+	bytes taken from 'from' and encrypted and put into 'to'.  'to' needs
+	to be at least RSA_size(rsa) bytes long.  The number of bytes
+	written into 'to' is returned.  -1 is returned on an error.  The
+	operation performed is
+	to = from^rsa->e mod rsa->n.
+	
+int RSA_private_encrypt(
+int from_len;
+unsigned char *from	
+unsigned char *to	
+RSA *rsa);
+	This function implements RSA private encryption, the rsa variable
+	should be a private key.  'from_len' bytes taken from
+	'from' and encrypted and put into 'to'.  'to' needs
+	to be at least RSA_size(rsa) bytes long.  The number of bytes
+	written into 'to' is returned.  -1 is returned on an error.  The
+	operation performed is
+	to = from^rsa->d mod rsa->n.
+
+int RSA_public_decrypt(
+int from_len;
+unsigned char *from	
+unsigned char *to	
+RSA *rsa);
+	This function implements RSA public decryption, the rsa variable
+	should be a public key (but can be a private key).  'from_len'
+	bytes are taken from 'from' and decrypted.  The decrypted data is
+	put into 'to'.  The number of bytes encrypted is returned.  -1 is
+	returned to indicate an error. The operation performed is
+	to = from^rsa->e mod rsa->n.
+
+int RSA_private_decrypt(
+int from_len;
+unsigned char *from	
+unsigned char *to	
+RSA *rsa);
+	This function implements RSA private decryption, the rsa variable
+	should be a private key.  'from_len' bytes are taken
+	from 'from' and decrypted.  The decrypted data is
+	put into 'to'.  The number of bytes encrypted is returned.  -1 is
+	returned to indicate an error. The operation performed is
+	to = from^rsa->d mod rsa->n.
+
+int RSA_mod_exp(
+BIGNUM *n;
+BIGNUM *p;
+RSA *rsa);
+	Normally you will never use this routine.
+	This is really an internal function which is called by
+	RSA_private_encrypt() and RSA_private_decrypt().  It performs
+	n=n^p mod rsa->n except that it uses the 5 extra variables in the
+	RSA structure to make this more efficient.
+	
+RSA *RSA_generate_key(
+int bits;
+unsigned long e;
+void (*callback)();
+char *cb_arg;
+	This routine is used to generate RSA private keys.  It takes
+	quite a period of time to run and should only be used to
+	generate initial private keys that should then be stored
+	for later use.  The passed callback function 
+	will be called periodically so that feedback can be given
+	as to how this function is progressing.
+	'bits' is the length desired for the modulus, so it would be 1024
+	to generate a 1024 bit private key.
+	'e' is the value to use for the public exponent 'e'.  Traditionally
+	it is set to either 3 or 0x10001.
+	The callback function (if not NULL) is called in the following
+	situations.
+	when we have generated a suspected prime number to test,
+	callback(0,num1++,cb_arg).  When it passes a prime number test,
+	callback(1,num2++,cb_arg).  When it is rejected as one of
+	the 2 primes required due to gcd(prime,e value) != 0,
+	callback(2,num3++,cb_arg).  When finally accepted as one
+	of the 2 primes, callback(3,num4++,cb_arg).
+
+
+==== rsaref.doc ========================================================
+
+This package can be compiled to use the RSAref library.
+This library is not allowed outside of the USA but inside the USA it is
+claimed by RSA to be the only RSA public key library that can be used
+besides BSAFE..
+
+There are 2 files, rsaref/rsaref.c and rsaref/rsaref.h that contain the glue
+code to use RSAref.  These files were written by looking at the PGP
+source code and seeing which routines it used to access RSAref.
+I have also been sent by some-one a copy of the RSAref header file that
+contains the library error codes.
+
+[ Jun 1996 update - I have recently gotten hold of RSAref 2.0 from
+  South Africa and have been doing some performace tests. ]
+	
+They have now been tested against the recently announced RSAEURO
+library.
+
+There are 2 ways to use SSLeay and RSAref.  First, to build so that
+the programs must be linked with RSAref, add '-DRSAref' to CFLAG in the top
+level makefile and -lrsaref (or where ever you are keeping RSAref) to
+EX_LIBS.
+
+To build a makefile via util/mk1mf.pl to do this, use the 'rsaref' option.
+
+The second method is to build as per normal and link applications with
+the RSAglue library.  The correct library order would be
+cc -o cmd cmd.o -lssl -lRSAglue -lcrypto -lrsaref -ldes
+The RSAglue library is built in the rsa directory and is NOT
+automatically installed.
+
+Be warned that the RSAEURO library, that is claimed to be compatible
+with RSAref contains a different value for the maximum number of bits
+supported.  This changes structure sizes and so if you are using
+RSAEURO, change the value of RSAref_MAX_BITS in rsa/rsaref.h
+
+
+==== s_mult.doc ========================================================
+
+s_mult is a test program I hacked up on a Sunday for testing non-blocking
+IO.  It has a select loop at it's centre that handles multiple readers
+and writers.
+
+Try the following command
+ssleay s_mult -echo -nbio -ssl -v
+echo - sends any sent text back to the sender
+nbio - turns on non-blocking IO
+ssl  - accept SSL connections, default is normal text
+v    - print lots
+	type Q to quit
+
+In another window, run the following
+ssleay s_client -pause new_session_cb is a function pointer to a function of type
+int new_session_callback(SSL *ssl,SSL_SESSION *new);
+This function, if set in the SSL_CTX structure is called whenever a new
+SSL_SESSION is added to the cache.  If the callback returns non-zero, it
+means that the application will have to do a SSL_SESSION_free()
+on the structure (this is
+to do with the cache keeping the reference counts correct, without the
+application needing to know about it.
+The 'active' parameter is the current SSL session for which this connection
+was created.
+
+void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,int (*cb)());
+to set the callback,
+int (*cb)() SSL_CTX_sess_get_new_cb(SSL_CTX *ctx)
+to get the callback.
+
+If the 'get session' callback is set, when a session id is looked up and
+it is not in the session-id cache, this callback is called.  The callback is
+of the form
+SSL_SESSION *get_session_callback(unsigned char *sess_id,int sess_id_len,
+	int *copy);
+
+The get_session_callback is intended to return null if no session id is found.
+The reference count on the SSL_SESSION in incremented by the SSL library,
+if copy is 1.  Otherwise, the reference count is not modified.
+
+void SSL_CTX_sess_set_get_cb(ctx,cb) sets the callback and
+int (*cb)()SSL_CTX_sess_get_get_cb(ctx) returns the callback.
+
+These callbacks are basically indended to be used by processes to
+send their session-id's to other processes.  I currently have not implemented
+non-blocking semantics for these callbacks, it is upto the appication
+to make the callbacks effiecent if they require blocking (perhaps
+by 'saving' them and then 'posting them' when control returns from
+the SSL_accept().
+
+LHASH *SSL_CTX_sessions(SSL_CTX *ctx)
+This returns the session cache.  The lhash strucutre can be accessed for
+statistics about the cache.
+
+void lh_stats(LHASH *lh, FILE *out);
+void lh_node_stats(LHASH *lh, FILE *out);
+void lh_node_usage_stats(LHASH *lh, FILE *out);
+
+can be used to print details about it's activity and current state.
+You can also delve directly into the lhash structure for 14 different
+counters that are kept against the structure.  When I wrote the lhash library,
+I was interested in gathering statistics :-).
+Have a read of doc/lhash.doc in the SSLeay distribution area for more details
+on the lhash library.
+
+Now as mentioned ealier, when a SSL is created, it needs a SSL_CTX.
+SSL *   SSL_new(SSL_CTX *);
+
+This stores a session.  A session is secret information shared between 2
+SSL contexts.  It will only be created if both ends of the connection have
+authenticated their peer to their satisfaction.  It basically contains
+the information required to use a particular secret key cipher.
+
+To retrieve the SSL_CTX being used by a SSL,
+SSL_CTX *SSL_get_SSL_CTX(SSL *s);
+
+Now when a SSL session is established between to programs, the 'session'
+information that is cached in the SSL_CTX can me manipulated by the
+following functions.
+int SSL_set_session(SSL *s, SSL_SESSION *session);
+This will set the SSL_SESSION to use for the next SSL_connect().  If you use
+this function on an already 'open' established SSL connection, 'bad things
+will happen'.  This function is meaning-less when used on a ssl strucutre
+that is just about to be used in a SSL_accept() call since the
+SSL_accept() will either create a new session or retrieve one from the
+cache.
+
+SSL_SESSION *SSL_get_session(SSL *s);
+This will return the SSL_SESSION for the current SSL, NULL if there is
+no session associated with the SSL structure.
+
+The SSL sessions are kept in the SSL_CTX in a hash table, to remove a
+session
+void    SSL_CTX_remove_session(SSL_CTX *,SSL_SESSION *c);
+and to add one
+int    SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c);
+SSL_CTX_add_session() returns 1 if the session was already in the cache (so it
+was not added).
+Whenever a new session is created via SSL_connect()/SSL_accept(),
+they are automatically added to the cache, depending on the session_cache_mode
+settings.  SSL_set_session()
+does not add it to the cache.  Just call SSL_CTX_add_session() if you do want the
+session added.  For a 'client' this would not normally be the case.
+SSL_CTX_add_session() is not normally ever used, except for doing 'evil' things
+which the next 2 funtions help you do.
+
+int     i2d_SSL_SESSION(SSL_SESSION *in,unsigned char **pp);
+SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a,unsigned char **pp,long length);
+These 2 functions are in the standard ASN1 library form and can be used to
+load and save to a byte format, the SSL_SESSION structure.
+With these functions, you can save and read these structures to a files or
+arbitary byte string.
+The PEM_write_SSL_SESSION(fp,x) and PEM_read_SSL_SESSION(fp,x,cb) will
+write to a file pointer in base64 encoding.
+
+What you can do with this, is pass session information between separate
+processes.  Please note, that you will probably also need to modify the
+timeout information on the SSL_SESSIONs.
+
+long SSL_get_time(SSL_SESSION *s)
+will return the 'time' that the session
+was loaded.  The timeout is relative to this time.  This information is
+saved when the SSL_SESSION is converted to binarary but it is stored
+in as a unix long, which is rather OS dependant, but easy to convert back.
+
+long SSL_set_time(SSL_SESSION *s,long t) will set the above mentioned time.
+The time value is just the value returned from time(3), and should really
+be defined by be to be time_t.
+
+long SSL_get_timeout(SSL_SESSION *s);
+long SSL_set_timeout(SSL_SESSION *s,long t);
+These 2 retrieve and set the timeout which is just a number of secconds
+from the 'SSL_get_time()' value.  When this time period has elapesed,
+the session will no longer be in the cache (well it will actually be removed
+the next time it is attempted to be retrieved, so you could 'bump'
+the timeout so it remains valid).
+The 'time' and 'timeout' are set on a session when it is created, not reset
+each time it is reused.  If you did wish to 'bump it', just after establishing
+a connection, do a
+SSL_set_time(ssl,time(NULL));
+
+You can also use
+SSL_CTX_set_timeout(SSL_CTX *ctx,unsigned long t) and
+SSL_CTX_get_timeout(SSL_CTX *ctx) to manipulate the default timeouts for
+all SSL connections created against a SSL_CTX.  If you set a timeout in
+an SSL_CTX, all new SSL's created will inherit the timeout.  It can be over
+written by the SSL_set_timeout(SSL *s,unsigned long t) function call.
+If you 'set' the timeout back to 0, the system default will be used.
+
+SSL_SESSION *SSL_SESSION_new();
+void SSL_SESSION_free(SSL_SESSION *ses);
+These 2 functions are used to create and dispose of SSL_SESSION functions.
+You should not ever normally need to use them unless you are using 
+i2d_SSL_SESSION() and/or d2i_SSL_SESSION().  If you 'load' a SSL_SESSION
+via d2i_SSL_SESSION(), you will need to SSL_SESSION_free() it.
+Both SSL_set_session() and SSL_CTX_add_session() will 'take copies' of the
+structure (via reference counts) when it is passed to them.
+
+SSL_CTX_flush_sessions(ctx,time);
+The first function will clear all sessions from the cache, which have expired
+relative to 'time' (which could just be time(NULL)).
+
+SSL_CTX_flush_sessions(ctx,0);
+This is a special case that clears everything.
+
+As a final comment, a 'session' is not enough to establish a new
+connection.  If a session has timed out, a certificate and private key
+need to have been associated with the SSL structure.
+SSL_copy_session_id(SSL *to,SSL *from); will copy not only the session
+strucutre but also the private key and certificate associated with
+'from'.
+
+EXAMPLES.
+
+So lets play at being a wierd SSL server.
+
+/* setup a context */
+ctx=SSL_CTX_new();
+
+/* Lets load some session from binary into the cache, why one would do
+ * this is not toally clear, but passing between programs does make sense
+ * Perhaps you are using 4096 bit keys and are happy to keep them
+ * valid for a week, to avoid the RSA overhead of 15 seconds, I'm not toally
+ * sure, perhaps this is a process called from an SSL inetd and this is being 
+ * passed to the application. */
+session=d2i_SSL_SESSION(....)
+SSL_CTX_add_session(ctx,session);
+
+/* Lets even add a session from a file */
+session=PEM_read_SSL_SESSION(....)
+SSL_CTX_add_session(ctx,session);
+
+/* create a new SSL structure */
+ssl=SSL_new(ctx);
+
+/* At this point we want to be able to 'create' new session if
+ * required, so we need a certificate and RSAkey. */
+SSL_use_RSAPrivateKey_file(ssl,...)
+SSL_use_certificate_file(ssl,...)
+
+/* Now since we are a server, it make little sence to load a session against
+ * the ssl strucutre since a SSL_accept() will either create a new session or
+ * grab an existing one from the cache. */
+
+/* grab a socket descriptor */
+fd=accept(...);
+
+/* associated it with the ssl strucutre */
+SSL_set_fd(ssl,fd);
+
+SSL_accept(ssl); /* 'do' SSL using out cert and RSA key */
+
+/* Lets print out the session details or lets save it to a file,
+ * perhaps with a secret key cipher, so that we can pass it to the FBI
+ * when they want to decode the session :-).  While we have RSA
+ * this does not matter much but when I do SSLv3, this will allow a mechanism
+ * for the server/client to record the information needed to decode
+ * the traffic that went over the wire, even when using Diffie-Hellman */
+PEM_write_SSL_SESSION(SSL_get_session(ssl),stdout,....)
+
+Lets 'connect' back to the caller using the same session id.
+
+ssl2=SSL_new(ctx);
+fd2=connect(them);
+SSL_set_fd(ssl2,fd2);
+SSL_set_session(ssl2,SSL_get_session(ssl));
+SSL_connect(ssl2);
+
+/* what the hell, lets accept no more connections using this session */
+SSL_CTX_remove_session(SSL_get_SSL_CTX(ssl),SSL_get_session(ssl));
+
+/* we could have just as easily used ssl2 since they both are using the
+ * same session.
+ * You will note that both ssl and ssl2 are still using the session, and
+ * the SSL_SESSION structure will be free()ed when both ssl and ssl2
+ * finish using the session.  Also note that you could continue to initiate
+ * connections using this session by doing SSL_get_session(ssl) to get the
+ * existing session, but SSL_accept() will not be able to find it to
+ * use for incoming connections.
+ * Of corse, the session will timeout at the far end and it will no
+ * longer be accepted after a while.  The time and timeout are ignored except
+ * by SSL_accept(). */
+
+/* Since we have had our server running for 10 weeks, and memory is getting
+ * short, perhaps we should clear the session cache to remove those
+ * 100000 session entries that have expired.  Some may consider this
+ * a memory leak :-) */
+
+SSL_CTX_flush_sessions(ctx,time(NULL));
+
+/* Ok, after a bit more time we wish to flush all sessions from the cache
+ * so that all new connections will be authenticated and incure the
+ * public key operation overhead */
+
+SSL_CTX_flush_sessions(ctx,0);
+
+/* As a final note, to copy everything to do with a SSL, use */
+SSL_copy_session_id(SSL *to,SSL *from);
+/* as this also copies the certificate and RSA key so new session can
+ * be established using the same details */
+
+
+==== sha.doc ========================================================
+
+The SHA (Secure Hash Algorithm) library.
+SHA is a message digest algorithm that can be used to condense an arbitrary
+length message down to a 20 byte hash.  The functions all need to be passed
+a SHA_CTX which is used to hold the SHA context during multiple SHA_Update()
+function calls.  The normal method of use for this library is as follows
+This library contains both SHA and SHA-1 digest algorithms.  SHA-1 is
+an update to SHA (which should really be called SHA-0 now) which
+tweaks the algorithm slightly.  The SHA-1 algorithm is used by simply
+using SHA1_Init(), SHA1_Update(), SHA1_Final() and SHA1() instead of the
+SHA*() calls
+
+SHA_Init(...);
+SHA_Update(...);
+...
+SHA_Update(...);
+SHA_Final(...);
+
+This library requires the inclusion of 'sha.h'.
+
+The functions are as follows:
+
+void SHA_Init(
+SHA_CTX *c);
+	This function needs to be called to initiate a SHA_CTX structure for
+	use.
+	
+void SHA_Update(
+SHA_CTX *c;
+unsigned char *data;
+unsigned long len);
+	This updates the message digest context being generated with 'len'
+	bytes from the 'data' pointer.  The number of bytes can be any
+	length.
+
+void SHA_Final(
+unsigned char *md;
+SHA_CTX *c;
+	This function is called when a message digest of the data digested
+	with SHA_Update() is wanted.  The message digest is put in the 'md'
+	array and is SHA_DIGEST_LENGTH (20) bytes long.
+
+unsigned char *SHA(
+unsigned char *d;
+unsigned long n;
+unsigned char *md;
+	This function performs a SHA_Init(), followed by a SHA_Update()
+	followed by a SHA_Final() (using a local SHA_CTX).
+	The resulting digest is put into 'md' if it is not NULL.
+	Regardless of the value of 'md', the message
+	digest is returned from the function.  If 'md' was NULL, the message
+	digest returned is being stored in a static structure.
+	
+
+==== speed.doc ========================================================
+
+To get an idea of the performance of this library, use
+ssleay speed
+
+perl util/sp-diff.pl file1 file2
+
+will print out the relative differences between the 2 files which are
+expected to be the output from the speed program.
+
+The performace of the library is very dependant on the Compiler
+quality and various flags used to build.
+
+---
+
+These are some numbers I did comparing RSAref and SSLeay on a Pentium 100.
+[ These numbers are all out of date, as of SSL - 0.6.1 the RSA
+operations are about 2 times faster, so check the version number ]
+
+RSA performance.
+
+SSLeay 0.6.0
+Pentium 100, 32meg, Windows NT Workstation 3.51
+linux - gcc v 2.7.0 -O3 -fomit-frame-pointer -m486
+and
+Windows NT  - Windows NT 3.51 - Visual C++ 4.1   - 586 code + 32bit assember
+Windows 3.1 - Windows NT 3.51 - Visual C++ 1.52c - 286 code + 32bit assember
+NT Dos Shell- Windows NT 3.51 - Visual C++ 1.52c - 286 code + 16bit assember
+
+Times are how long it takes to do an RSA private key operation.
+
+	       512bits 1024bits
+-------------------------------
+SSLeay NT dll	0.042s   0.202s see above
+SSLeay linux	0.046s   0.218s	Assember inner loops (normal build) 
+SSLeay linux	0.067s   0.380s Pure C code with BN_LLONG defined
+SSLeay W3.1 dll	0.108s 	 0.478s see above
+SSLeay linux	0.109s   0.713s C without BN_LLONG.
+RSAref2.0 linux	0.149s   0.936s
+SSLeay MS-DOS	0.197s   1.049s see above
+
+486DX66, 32meg, Windows NT Server 3.51
+	       512bits 1024bits
+-------------------------------
+SSLeay NT dll   0.084s	 0.495s	<- SSLeay 0.6.3
+SSLeay NT dll   0.154s   0.882s
+SSLeay W3.1 dll 0.335s   1.538s
+SSLeay MS-DOS	0.490s   2.790s
+
+What I find cute is that I'm still faster than RSAref when using standard C,
+without using the 'long long' data type :-), %35 faster for 512bit and we
+scale up to 3.2 times faster for the 'default linux' build.  I should mention
+that people should 'try' to use either x86-lnx.s (elf), x86-lnxa.s or
+x86-sol.s for any x86 based unix they are building on.  The only problems
+with be with syntax but the performance gain is quite large, especially for
+servers.  The code is very simple, you just need to modify the 'header'.
+
+The message is, if you are stuck using RSAref, the RSA performance will be
+bad. Considering the code was compiled for a pentium, the 486DX66 number
+would indicate 'Use RSAref and turn you Pentium 100 into a 486DX66' :-). 
+[ As of verson 0.6.1, it would be correct to say 'turn you pentium 100
+ into a 486DX33' :-) ]
+
+I won't tell people if the DLL's are using RSAref or my stuff if no-one
+asks :-).
+
+eric
+
+PS while I know I could speed things up further, I will probably not do
+   so due to the effort involved.  I did do some timings on the
+   SSLeay bignum format -> RSAref number format conversion that occurs
+   each time RSAref is used by SSLeay, and the numbers are trivial.
+   0.00012s a call for 512bit vs 0.149s for the time spent in the function.
+   0.00018s for 1024bit vs 0.938s.  Insignificant.
+   So the 'way to go', to support faster RSA libraries, if people are keen,
+   is to write 'glue' code in a similar way that I do for RSAref and send it
+   to me :-).
+   My base library still has the advantage of being able to operate on 
+   any size numbers, and is not that far from the performance from the
+   leaders in the field. (-%30?)
+   [ Well as of 0.6.1 I am now the leader in the filed on x86 (we at
+     least very close :-) ]
+
+   I suppose I should also mention some other numbers RSAref numbers, again
+   on my Pentium.
+		DES CBC		EDE-DES		MD5
+   RSAref linux	 830k/s		 302k/s		4390k/s
+   SSLeay linux  855k/s          319k/s        10025k/s
+   SSLeay NT	1158k/s		 410k/s	       10470k/s
+   SSLeay w31	 378k/s		 143k/s         2383k/s (fully 16bit)
+
+   Got to admit that Visual C++ 4.[01] is a damn fine compiler :-)
+--
+Eric Young                  | BOOL is tri-state according to Bill Gates.
+AARNet: eay@cryptsoft.com   | RTFM Win32 GetMessage().
+
+
+
+
+==== ssl-ciph.doc ========================================================
+
+This is a quick high level summery of how things work now.
+
+Each SSLv2 and SSLv3 cipher is composed of 4 major attributes plus a few extra
+minor ones.
+
+They are 'The key exchange algorithm', which is RSA for SSLv2 but can also
+be Diffle-Hellman for SSLv3.
+
+An 'Authenticion algorithm', which can be RSA, Diffle-Helman, DSS or
+none.
+
+The cipher
+
+The MAC digest.
+
+A cipher can also be an export cipher and is either an SSLv2 or a
+SSLv3 ciphers.
+
+To specify which ciphers to use, one can either specify all the ciphers,
+one at a time, or use 'aliases' to specify the preference and order for
+the ciphers.
+
+There are a large number of aliases, but the most importaint are
+kRSA, kDHr, kDHd and kEDH for key exchange types.
+
+aRSA, aDSS, aNULL and aDH for authentication
+DES, 3DES, RC4, RC2, IDEA and eNULL for ciphers
+MD5, SHA0 and SHA1 digests
+
+Now where this becomes interesting is that these can be put together to
+specify the order and ciphers you wish to use.
+
+To speed this up there are also aliases for certian groups of ciphers.
+The main ones are
+SSLv2	- all SSLv2 ciphers
+SSLv3	- all SSLv3 ciphers
+EXP	- all export ciphers
+LOW	- all low strngth ciphers (no export ciphers, normally single DES)
+MEDIUM	- 128 bit encryption
+HIGH	- Triple DES
+
+These aliases can be joined in a : separated list which specifies to
+add ciphers, move them to the current location and delete them.
+
+A simpler way to look at all of this is to use the 'ssleay ciphers -v' command.
+The default library cipher spec is
+!ADH:RC4+RSA:HIGH:MEDIUM:LOW:EXP:+SSLv2:+EXP
+which means, first, remove from consideration any ciphers that do not
+authenticate.  Next up, use ciphers using RC4 and RSA.  Next include the HIGH,
+MEDIUM and the LOW security ciphers.  Finish up by adding all the export
+ciphers on the end, then 'pull' all the SSLv2 and export ciphers to
+the end of the list.
+
+The results are
+$ ssleay ciphers -v '!ADH:RC4+RSA:HIGH:MEDIUM:LOW:EXP:+SSLv2:+EXP'
+
+RC4-SHA                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=SHA1
+RC4-MD5                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=MD5 
+EDH-RSA-DES-CBC3-SHA    SSLv3 Kx=DH       Au=RSA  Enc=3DES(168) Mac=SHA1
+EDH-DSS-DES-CBC3-SHA    SSLv3 Kx=DH       Au=DSS  Enc=3DES(168) Mac=SHA1
+DES-CBC3-SHA            SSLv3 Kx=RSA      Au=RSA  Enc=3DES(168) Mac=SHA1
+IDEA-CBC-MD5            SSLv3 Kx=RSA      Au=RSA  Enc=IDEA(128) Mac=SHA1
+EDH-RSA-DES-CBC-SHA     SSLv3 Kx=DH       Au=RSA  Enc=DES(56)   Mac=SHA1
+EDH-DSS-DES-CBC-SHA     SSLv3 Kx=DH       Au=DSS  Enc=DES(56)   Mac=SHA1
+DES-CBC-SHA             SSLv3 Kx=RSA      Au=RSA  Enc=DES(56)   Mac=SHA1
+DES-CBC3-MD5            SSLv2 Kx=RSA      Au=RSA  Enc=3DES(168) Mac=MD5 
+DES-CBC-MD5             SSLv2 Kx=RSA      Au=RSA  Enc=DES(56)   Mac=MD5 
+IDEA-CBC-MD5            SSLv2 Kx=RSA      Au=RSA  Enc=IDEA(128) Mac=MD5 
+RC2-CBC-MD5             SSLv2 Kx=RSA      Au=RSA  Enc=RC2(128)  Mac=MD5 
+RC4-MD5                 SSLv2 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=MD5 
+EXP-EDH-RSA-DES-CBC     SSLv3 Kx=DH(512)  Au=RSA  Enc=DES(40)   Mac=SHA1 export
+EXP-EDH-DSS-DES-CBC-SHA SSLv3 Kx=DH(512)  Au=DSS  Enc=DES(40)   Mac=SHA1 export
+EXP-DES-CBC-SHA         SSLv3 Kx=RSA(512) Au=RSA  Enc=DES(40)   Mac=SHA1 export
+EXP-RC2-CBC-MD5         SSLv3 Kx=RSA(512) Au=RSA  Enc=RC2(40)   Mac=MD5  export
+EXP-RC4-MD5             SSLv3 Kx=RSA(512) Au=RSA  Enc=RC4(40)   Mac=MD5  export
+EXP-RC2-CBC-MD5         SSLv2 Kx=RSA(512) Au=RSA  Enc=RC2(40)   Mac=MD5  export
+EXP-RC4-MD5             SSLv2 Kx=RSA(512) Au=RSA  Enc=RC4(40)   Mac=MD5  export
+
+I would recoment people use the 'ssleay ciphers -v "text"'
+command to check what they are going to use.
+
+Anyway, I'm falling asleep here so I'll do some more tomorrow.
+
+eric
+
+==== ssl.doc ========================================================
+
+SSL_CTX_sessions(SSL_CTX *ctx) - the session-id hash table.
+
+/* Session-id cache stats */
+SSL_CTX_sess_number
+SSL_CTX_sess_connect
+SSL_CTX_sess_connect_good
+SSL_CTX_sess_accept
+SSL_CTX_sess_accept_good
+SSL_CTX_sess_hits
+SSL_CTX_sess_cb_hits
+SSL_CTX_sess_misses
+SSL_CTX_sess_timeouts
+
+/* Session-id application notification callbacks */
+SSL_CTX_sess_set_new_cb
+SSL_CTX_sess_get_new_cb
+SSL_CTX_sess_set_get_cb
+SSL_CTX_sess_get_get_cb
+
+/* Session-id cache operation mode */
+SSL_CTX_set_session_cache_mode
+SSL_CTX_get_session_cache_mode
+
+/* Set default timeout values to use. */
+SSL_CTX_set_timeout
+SSL_CTX_get_timeout
+
+/* Global  SSL initalisation informational callback */
+SSL_CTX_set_info_callback
+SSL_CTX_get_info_callback
+SSL_set_info_callback
+SSL_get_info_callback
+
+/* If the SSL_accept/SSL_connect returned with -1, these indicate when
+ * we should re-call *.
+SSL_want
+SSL_want_nothing
+SSL_want_read
+SSL_want_write
+SSL_want_x509_lookup
+
+/* Where we are in SSL initalisation, used in non-blocking, perhaps
+ * have a look at ssl/bio_ssl.c */
+SSL_state
+SSL_is_init_finished
+SSL_in_init
+SSL_in_connect_init
+SSL_in_accept_init
+
+/* Used to set the 'inital' state so SSL_in_connect_init and SSL_in_accept_init
+ * can be used to work out which function to call. */
+SSL_set_connect_state
+SSL_set_accept_state
+
+/* Where to look for certificates for authentication */
+SSL_set_default_verify_paths /* calles SSL_load_verify_locations */
+SSL_load_verify_locations
+
+/* get info from an established connection */
+SSL_get_session
+SSL_get_certificate
+SSL_get_SSL_CTX
+
+SSL_CTX_new
+SSL_CTX_free
+SSL_new
+SSL_clear
+SSL_free
+
+SSL_CTX_set_cipher_list
+SSL_get_cipher
+SSL_set_cipher_list
+SSL_get_cipher_list
+SSL_get_shared_ciphers
+
+SSL_accept
+SSL_connect
+SSL_read
+SSL_write
+
+SSL_debug
+
+SSL_get_read_ahead
+SSL_set_read_ahead
+SSL_set_verify
+
+SSL_pending
+
+SSL_set_fd
+SSL_set_rfd
+SSL_set_wfd
+SSL_set_bio
+SSL_get_fd
+SSL_get_rbio
+SSL_get_wbio
+
+SSL_use_RSAPrivateKey
+SSL_use_RSAPrivateKey_ASN1
+SSL_use_RSAPrivateKey_file
+SSL_use_PrivateKey
+SSL_use_PrivateKey_ASN1
+SSL_use_PrivateKey_file
+SSL_use_certificate
+SSL_use_certificate_ASN1
+SSL_use_certificate_file
+
+ERR_load_SSL_strings
+SSL_load_error_strings
+
+/* human readable version of the 'state' of the SSL connection. */
+SSL_state_string
+SSL_state_string_long
+/* These 2 report what kind of IO operation the library was trying to
+ * perform last.  Probably not very usefull. */
+SSL_rstate_string
+SSL_rstate_string_long
+
+SSL_get_peer_certificate
+
+SSL_SESSION_new
+SSL_SESSION_print_fp
+SSL_SESSION_print
+SSL_SESSION_free
+i2d_SSL_SESSION
+d2i_SSL_SESSION
+
+SSL_get_time
+SSL_set_time
+SSL_get_timeout
+SSL_set_timeout
+SSL_copy_session_id
+SSL_set_session
+SSL_CTX_add_session
+SSL_CTX_remove_session
+SSL_CTX_flush_sessions
+
+BIO_f_ssl
+
+/* used to hold information as to why a certificate verification failed */
+SSL_set_verify_result
+SSL_get_verify_result
+
+/* can be used by the application to associate data with an SSL structure.
+ * It needs to be 'free()ed' by the application */
+SSL_set_app_data
+SSL_get_app_data
+
+/* The following all set values that are kept in the SSL_CTX but
+ * are used as the default values when an SSL session is created.
+ * They are over writen by the relevent SSL_xxxx functions */
+
+/* SSL_set_verify */
+void SSL_CTX_set_default_verify
+
+/* This callback, if set, totaly overrides the normal SSLeay verification
+ * functions and should return 1 on sucesss and 0 on failure */
+void SSL_CTX_set_cert_verify_callback
+
+/* The following are the same as the equivilent SSL_xxx functions.
+ * Only one copy of this information is kept and if a particular
+ * SSL structure has a local override, it is totally separate structure.
+ */
+int SSL_CTX_use_RSAPrivateKey
+int SSL_CTX_use_RSAPrivateKey_ASN1
+int SSL_CTX_use_RSAPrivateKey_file
+int SSL_CTX_use_PrivateKey
+int SSL_CTX_use_PrivateKey_ASN1
+int SSL_CTX_use_PrivateKey_file
+int SSL_CTX_use_certificate
+int SSL_CTX_use_certificate_ASN1
+int SSL_CTX_use_certificate_file
+
+
+==== ssl_ctx.doc ========================================================
+
+This is now a bit dated, quite a few of the SSL_ functions could be
+SSL_CTX_ functions.  I will update this in the future. 30 Aug 1996
+
+From eay@orb.mincom.oz.au Mon Dec 11 21:37:08 1995
+Received: by orb.mincom.oz.au id AA00696
+  (5.65c/IDA-1.4.4 for eay); Mon, 11 Dec 1995 11:37:08 +1000
+Date: Mon, 11 Dec 1995 11:37:08 +1000 (EST)
+From: Eric Young 
+X-Sender: eay@orb
+To: sameer 
+Cc: Eric Young 
+Subject: Re: PEM_readX509 oesn't seem to be working
+In-Reply-To: <199512110102.RAA12521@infinity.c2.org>
+Message-Id: 
+Mime-Version: 1.0
+Content-Type: TEXT/PLAIN; charset=US-ASCII
+Status: RO
+X-Status: 
+
+On Sun, 10 Dec 1995, sameer wrote:
+> 	OK, that's solved. I've found out that it is saying "no
+> certificate set" in SSL_accept because s->conn == NULL
+> so there is some place I need to initialize s->conn that I am
+> not initializing it.
+
+The full order of things for a server should be.
+
+ctx=SSL_CTX_new();
+
+/* The next line should not really be using ctx->cert but I'll leave it 
+ * this way right now... I don't want a X509_ routine to know about an SSL
+ * structure, there should be an SSL_load_verify_locations... hmm, I may 
+ * add it tonight.
+ */
+X509_load_verify_locations(ctx->cert,CAfile,CApath);
+
+/* Ok now for each new connection we do the following */
+con=SSL_new(ctx);
+SSL_set_fd(con,s);
+SSL_set_verify(con,verify,verify_callback);
+
+/* set the certificate and private key to use. */
+SSL_use_certificate_ASN1(con,X509_certificate);
+SSL_use_RSAPrivateKey_ASN1(con,RSA_private_key);
+
+SSL_accept(con);
+
+SSL_read(con)/SSL_write(con);
+
+There is a bit more than that but that is basically the structure.
+
+Create a context and specify where to lookup certificates.
+
+foreach connection
+	{
+	create a SSL structure
+	set the certificate and private key
+	do a SSL_accept
+	
+	we should now be ok
+	}
+
+eric
+--
+Eric Young                  | Signature removed since it was generating
+AARNet: eay@mincom.oz.au    | more followups than the message contents :-)
+
+
+
+==== ssleay.doc ========================================================
+
+SSLeay: a cryptographic kitchen sink.
+
+1st December 1995
+Way back at the start of April 1995, I was looking for a mindless
+programming project.  A friend of mine (Tim Hudson) said "why don't you do SSL,
+it has DES encryption in it and I would not mind using it in a SSL telnet".
+While it was true I had written a DES library in previous years, litle
+did I know what an expansive task SSL would turn into.
+
+First of all, the SSL protocol contains DES encryption.  Well and good.  My
+DES library was fast and portable.  It also contained the RSA's RC4 stream
+cipher.  Again, not a problem, some-one had just posted to sci.crypt
+something that was claimed to be RC4.  It also contained IDEA, I had the
+specifications, not a problem to implement.  MD5, an RFC, trivial, at most
+I could spend a week or so trying to see if I could speed up the
+implementation.  All in all a nice set of ciphers.
+Then the first 'expantion of the scope', RSA public key
+encryption.  Since I did not knowing a thing about public key encryption
+or number theory, this appeared quite a daunting task.  Just writing a
+big number library would be problomatic in itself, let alone making it fast.
+At this point the scope of 'implementing SSL' expands eponentialy.
+First of all, the RSA private keys  were being kept in ASN.1 format.
+Thankfully the RSA PKCS series of documents explains this format.  So I now
+needed to be able to encode and decode arbitary ASN.1 objects.  The Public
+keys were embeded in X509 certificates.  Hmm... these are not only
+ASN.1 objects but they make up a heirachy of authentication.  To
+authenticate a X509 certificate one needs to retrieve it's issuers
+certificate etc etc.  Hmm..., so I also need to implement some kind
+of certificate management software.  I would also have to implement
+software to authenticate certificates.  At this point the support code made
+the SSL part of my library look quite small.
+Around this time, the first version of SSLeay was released.
+
+Ah, but here was the problem, I was not happy with the code so far.  As may
+have become obvious, I had been treating all of this as a learning
+exersize, so I have completely written the library myself.  As such, due
+to the way it had grown like a fungus, much of the library was not
+'elagent' or neat.  There were global and static variables all over the
+place, the SSL part did not even handle non-blocking IO.
+The Great rewrite began.
+
+As of this point in time, the 'Great rewrite' has almost finished.  So what
+follows is an approximate list of what is actually SSLeay 0.5.0
+
+/********* This needs to be updated for 0.6.0+ *************/
+
+---
+The library contains the following routines.  Please note that most of these
+functions are not specfic for SSL or any other particular cipher
+implementation.  I have tried to make all the routines as general purpose
+as possible.  So you should not think of this library as an SSL
+implemtation, but rather as a library of cryptographic functions
+that also contains SSL.  I refer to each of these function groupings as
+libraries since they are often capable of functioning as independant
+libraries
+
+First up, the general ciphers and message digests supported by the library.
+
+MD2	rfc???, a standard 'by parts' interface to this algorithm.
+MD5	rfc???, the same type of interface as for the MD2 library except a
+	different algorithm.
+SHA	THe Secure Hash Algorithm.  Again the same type of interface as
+	MD2/MD5 except the digest is 20 bytes.
+SHA1	The 'revised' version of SHA.  Just about identical to SHA except
+	for one tweak of an inner loop.
+DES	This is my libdes library that has been floating around for the last
+	few years.  It has been enhanced for no other reason than completeness.
+	It now supports ecb, cbc, cfb, ofb, cfb64, ofb64 in normal mode and
+	triple DES modes of ecb, cbc, cfb64 and ofb64.  cfb64 and ofb64 are
+	functional interfaces to the 64 bit modes of cfb and ofb used in
+	such a way thay they function as single character interfaces.
+RC4	The RSA Inc. stream cipher.
+RC2	The RSA Inc. block cipher.
+IDEA	An implmentation of the IDEA cipher, the library supports ecb, cbc,
+	cfb64 and ofb64 modes of operation.
+
+Now all the above mentioned ciphers and digests libraries support high
+speed, minimal 'crap in the way' type interfaces.  For fastest and
+lowest level access, these routines should be used directly.
+
+Now there was also the matter of public key crypto systems.  These are
+based on large integer arithmatic.
+
+BN	This is my large integer library.  It supports all the normal
+	arithmentic operations.  It uses malloc extensivly and as such has
+	no limits of the size of the numbers being manipulated.  If you
+	wish to use 4000 bit RSA moduli, these routines will handle it.
+	This library also contains routines to 'generate' prime numbers and
+	to test for primality.  The RSA and DH libraries sit on top of this
+	library.  As of this point in time, I don't support SHA, but
+	when I do add it, it will just sit on top of the routines contained
+	in this library.
+RSA	This implements the RSA public key algorithm.  It also contains
+	routines that will generate a new private/public key pair.
+	All the RSA functions conform to the PKCS#1 standard.
+DH	This is an implementation of the
+	Diffie-Hellman protocol.  There are all the require routines for
+	the protocol, plus extra routines that can be used to generate a
+	strong prime for use with a specified generator.  While this last
+	routine is not generally required by applications implementing DH,
+	It is present for completeness and because I thing it is much
+	better to be able to 'generate' your own 'magic' numbers as oposed
+	to using numbers suplied by others.  I conform to the PKCS#3
+	standard where required.
+
+You may have noticed the preceeding section mentions the 'generation' of
+prime numbers.  Now this requries the use of 'random numbers'. 
+
+RAND	This psuedo-random number library is based on MD5 at it's core
+	and a large internal state (2k bytes).  Once you have entered enough
+	seed data into this random number algorithm I don't feel
+	you will ever need to worry about it generating predictable output.
+	Due to the way I am writing a portable library, I have left the
+	issue of how to get good initial random seed data upto the
+	application but I do have support routines for saving and loading a
+	persistant random number state for use between program runs.
+	
+Now to make all these ciphers easier to use, a higher level
+interface was required.  In this form, the same function would be used to
+encrypt 'by parts', via any one of the above mentioned ciphers.
+
+EVP	The Digital EnVeloPe library is quite large.  At it's core are
+	function to perform encryption and decryption by parts while using
+	an initial parameter to specify which of the 17 different ciphers
+	or 4 different message digests to use.  On top of these are implmented
+	the digital signature functions, sign, verify, seal and open.
+	Base64 encoding of binary data is also done in this library.
+
+PEM	rfc???? describe the format for Privacy Enhanced eMail.
+	As part of this standard, methods of encoding digital enveloped
+	data is an ascii format are defined.  As such, I use a form of these
+	to encode enveloped data.  While at this point in time full support
+	for PEM has not been built into the library, a minimal subset of
+	the secret key and Base64 encoding is present.  These reoutines are
+	mostly used to Ascii encode binary data with a 'type' associated
+	with it and perhaps details of private key encryption used to
+	encrypt the data.
+	
+PKCS7	This is another Digital Envelope encoding standard which uses ASN.1
+	to encode the data.  At this point in time, while there are some
+	routines to encode and decode this binary format, full support is
+	not present.
+	
+As Mentioned, above, there are several different ways to encode
+data structures.
+
+ASN1	This library is more a set of primatives used to encode the packing
+	and unpacking of data structures.  It is used by the X509
+	certificate standard and by the PKCS standards which are used by
+	this library.  It also contains routines for duplicating and signing
+	the structures asocisated with X509.
+	
+X509	The X509 library contains routines for packing and unpacking,
+	verifying and just about every thing else you would want to do with
+	X509 certificates.
+
+PKCS7	PKCS-7 is a standard for encoding digital envelope data
+	structures.  At this point in time the routines will load and save
+	DER forms of these structees.  They need to be re-worked to support
+	the BER form which is the normal way PKCS-7 is encoded.  If the
+	previous 2 sentances don't make much sense, don't worry, this
+	library is not used by this version of SSLeay anyway.
+
+OBJ	ASN.1 uses 'object identifiers' to identify objects.  A set of
+	functions were requred to translate from ASN.1 to an intenger, to a
+	character string.  This library provieds these translations
+	
+Now I mentioned an X509 library.  X509 specified a hieachy of certificates
+which needs to be traversed to authenticate particular certificates.
+
+METH	This library is used to push 'methods' of retrieving certificates
+	into the library.  There are some supplied 'methods' with SSLeay
+	but applications can add new methods if they so desire.
+	This library has not been finished and is not being used in this
+	version.
+	
+Now all the above are required for use in the initial point of this project.
+
+SSL	The SSL protocol.  This is a full implmentation of SSL v 2.  It
+	support both server and client authentication.  SSL v 3 support
+	will be added when the SSL v 3 specification is released in it's
+	final form.
+
+Now quite a few of the above mentioned libraries rely on a few 'complex'
+data structures.  For each of these I have a library.
+
+Lhash	This is a hash table library which is used extensivly.
+
+STACK	An implemetation of a Stack data structure.
+
+BUF	A simple character array structure that also support a function to
+	check that the array is greater that a certain size, if it is not,
+	it is realloced so that is it.
+	
+TXT_DB	A simple memory based text file data base.  The application can specify
+	unique indexes that will be enforced at update time.
+
+CONF	Most of the programs written for this library require a configuration
+	file.  Instead of letting programs constantly re-implment this
+	subsystem, the CONF library provides a consistant and flexable
+	interface to not only configuration files but also environment
+	variables.
+
+But what about when something goes wrong?
+The one advantage (and perhaps disadvantage) of all of these
+functions being in one library was the ability to implement a
+single error reporting system.
+	
+ERR	This library is used to report errors.  The error system records
+	library number, function number (in the library) and reason
+	number.  Multiple errors can be reported so that an 'error' trace
+	is created.  The errors can be printed in numeric or textual form.
+
+
+==== ssluse.doc ========================================================
+
+We have an SSL_CTX which contains global information for lots of
+SSL connections.  The session-id cache and the certificate verificate cache.
+It also contains default values for use when certificates are used.
+
+SSL_CTX
+	default cipher list
+	session-id cache
+	certificate cache
+	default session-id timeout period
+	New session-id callback
+	Required session-id callback
+	session-id stats
+	Informational callback
+	Callback that is set, overrides the SSLeay X509 certificate
+	  verification
+	The default Certificate/Private Key pair
+	Default read ahead mode.
+	Default verify mode and verify callback.  These are not used
+	  if the over ride callback mentioned above is used.
+	
+Each SSL can have the following defined for it before a connection is made.
+
+Certificate
+Private key
+Ciphers to use
+Certificate verify mode and callback
+IO object to use in the comunication.
+Some 'read-ahead' mode information.
+A previous session-id to re-use.
+
+A connection is made by using SSL_connect or SSL_accept.
+When non-blocking IO is being used, there are functions that can be used
+to determin where and why the SSL_connect or SSL_accept did not complete.
+This information can be used to recall the functions when the 'error'
+condition has dissapeared.
+
+After the connection has been made, information can be retrived about the
+SSL session and the session-id values that have been decided apon.
+The 'peer' certificate can be retrieved.
+
+The session-id values include
+'start time'
+'timeout length'
+
+
+
+==== stack.doc ========================================================
+
+The stack data structure is used to store an ordered list of objects.
+It is basically misnamed to call it a stack but it can function that way
+and that is what I originally used it for.  Due to the way element
+pointers are kept in a malloc()ed array, the most efficient way to use this
+structure is to add and delete elements from the end via sk_pop() and
+sk_push().  If you wish to do 'lookups' sk_find() is quite efficient since
+it will sort the stack (if required) and then do a binary search to lookup 
+the requested item.  This sorting occurs automatically so just sk_push()
+elements on the stack and don't worry about the order.  Do remember that if
+you do a sk_find(), the order of the elements will change.
+
+You should never need to 'touch' this structure directly.
+typedef struct stack_st
+	{
+	unsigned int num;
+	char **data;
+	int sorted;
+
+	unsigned int num_alloc;
+	int (*comp)();
+	} STACK;
+
+'num' holds the number of elements in the stack, 'data' is the array of
+elements.  'sorted' is 1 is the list has been sorted, 0 if not.
+
+num_alloc is the number of 'nodes' allocated in 'data'.  When num becomes
+larger than num_alloc, data is realloced to a larger size.
+If 'comp' is set, it is a function that is used to compare 2 of the items
+in the stack.  The function should return -1, 0 or 1, depending on the
+ordering.
+
+#define sk_num(sk)	((sk)->num)
+#define sk_value(sk,n)	((sk)->data[n])
+
+These 2 macros should be used to access the number of elements in the
+'stack' and to access a pointer to one of the values.
+
+STACK *sk_new(int (*c)());
+	This creates a new stack.  If 'c', the comparison function, is not
+specified, the various functions that operate on a sorted 'stack' will not
+work (sk_find()).  NULL is returned on failure.
+
+void sk_free(STACK *);
+	This function free()'s a stack structure.  The elements in the
+stack will not be freed so one should 'pop' and free all elements from the
+stack before calling this function or call sk_pop_free() instead.
+
+void sk_pop_free(STACK *st; void (*func)());
+	This function calls 'func' for each element on the stack, passing
+the element as the argument.  sk_free() is then called to free the 'stack'
+structure.
+
+int sk_insert(STACK *sk,char *data,int where);
+	This function inserts 'data' into stack 'sk' at location 'where'.
+If 'where' is larger that the number of elements in the stack, the element
+is put at the end.  This function tends to be used by other 'stack'
+functions.  Returns 0 on failure, otherwise the number of elements in the
+new stack.
+
+char *sk_delete(STACK *st,int loc);
+	Remove the item a location 'loc' from the stack and returns it.
+Returns NULL if the 'loc' is out of range.
+
+char *sk_delete_ptr(STACK *st, char *p);
+	If the data item pointed to by 'p' is in the stack, it is deleted
+from the stack and returned.  NULL is returned if the element is not in the
+stack.
+
+int sk_find(STACK *st,char *data);
+	Returns the location that contains a value that is equal to 
+the 'data' item.  If the comparison function was not set, this function
+does a linear search.  This function actually qsort()s the stack if it is not
+in order and then uses bsearch() to do the initial search.  If the
+search fails,, -1 is returned.  For mutliple items with the same
+value, the index of the first in the array is returned.
+
+int sk_push(STACK *st,char *data);
+	Append 'data' to the stack.  0 is returned if there is a failure
+(due to a malloc failure), else 1.  This is 
+sk_insert(st,data,sk_num(st));
+
+int sk_unshift(STACK *st,char *data);
+	Prepend 'data' to the front (location 0) of the stack.  This is
+sk_insert(st,data,0);
+
+char *sk_shift(STACK *st);
+	Return and delete from the stack the first element in the stack.
+This is sk_delete(st,0);
+
+char *sk_pop(STACK *st);
+	Return and delete the last element on the stack.  This is
+sk_delete(st,sk_num(sk)-1);
+
+void sk_zero(STACK *st);
+	Removes all items from the stack.  It does not 'free'
+pointers but is a quick way to clear a 'stack of references'.
+
+==== threads.doc ========================================================
+
+How to compile SSLeay for multi-threading.
+
+Well basically it is quite simple, set the compiler flags and build.
+I have only really done much testing under Solaris and Windows NT.
+If you library supports localtime_r() and gmtime_r() add,
+-DTHREADS to the makefile parameters.  You can probably survive with out
+this define unless you are going to have multiple threads generating
+certificates at once.  It will not affect the SSL side of things.
+
+The approach I have taken to doing locking is to make the application provide
+callbacks to perform locking and so that the SSLeay library can distinguish
+between threads (for the error state).
+
+To have a look at an example program, 'cd mt; vi mttest.c'.
+To build under solaris, sh solaris.sh, for Windows NT or Windows 95,
+win32.bat
+
+This will build mttest which will fire up 10 threads that talk SSL
+to each other 10 times.
+To enable everything to work, the application needs to call
+
+CRYPTO_set_id_callback(id_function);
+CRYPTO_set_locking_callback(locking_function);
+
+before any multithreading is started.
+id_function does not need to be defined under Windows NT or 95, the
+correct function will be called if it is not.  Under unix, getpid()
+is call if the id_callback is not defined, for solaris this is wrong
+(since threads id's are not pid's) but under IRIX it is correct
+(threads are just processes sharing the data segement).
+
+The locking_callback is used to perform locking by the SSLeay library.
+eg.
+
+void solaris_locking_callback(mode,type,file,line)
+int mode;
+int type;
+char *file;
+int line;
+	{
+	if (mode & CRYPTO_LOCK)
+		mutex_lock(&(lock_cs[type]));
+	else
+		mutex_unlock(&(lock_cs[type]));
+	}
+
+Now in this case I have used mutexes instead of read/write locks, since they
+are faster and there are not many read locks in SSLeay, you may as well
+always use write locks.  file and line are __FILE__ and __LINE__ from
+the compile and can be usefull when debugging.
+
+Now as you can see, 'type' can be one of a range of values, these values are
+defined in crypto/crypto.h
+CRYPTO_get_lock_name(type) will return a text version of what the lock is.
+There are CRYPTO_NUM_LOCKS locks required, so under solaris, the setup
+for multi-threading can be
+
+static mutex_t lock_cs[CRYPTO_NUM_LOCKS];
+
+void thread_setup()
+	{
+	int i;
+
+	for (i=0; i		=> string to prompt with
+# _default	=> default value for people
+# _value	=> Automatically use this value for this field.
+# _min	=> minimum number of characters for data (def. 0)
+# _max	=> maximum number of characters for data (def. inf.)
+# All of these entries are optional except for the first one.
+[ req_dn ]
+countryName			= Country Name (2 letter code)
+countryName_default		= AU
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= Queensland
+
+localityName			= Locality Name (eg, city)
+
+organizationName		= Organization Name (eg, company)
+organizationName_default	= Mincom Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+organizationalUnitName_default	= MTR
+
+commonName			= Common Name (eg, YOUR name)
+commonName_max			= 64
+
+emailAddress			= Email Address
+emailAddress_max		= 40
+
+# The next section is the attributes section.  This is exactly the
+# same as for the previous section except that the resulting objects are
+# put in the attributes field. 
+[ req_attr ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+----
+Also note that the order that attributes appear in this file is the
+order they will be put into the distinguished name.
+
+Once this request has been generated, it can be sent to a CA for
+certifying.
+
+----
+A few quick examples....
+
+To generate a new request and a new key
+req -new
+
+To generate a new request and a 1058 bit key
+req -newkey 1058
+
+To generate a new request using a pre-existing key
+req -new -key key.pem
+
+To generate a self signed x509 certificate from a certificate
+request using a supplied key, and we want to see the text form of the
+output certificate (which we will put in the file selfSign.pem
+req -x509 -in req.pem -key key.pem -text -out selfSign.pem
+
+Verify that the signature is correct on a certificate request.
+req -verify -in req.pem
+
+Verify that the signature was made using a specified public key.
+req -verify -in req.pem -key key.pem
+
+Print the contents of a certificate request
+req -text -in req.pem
+
+==== danger ========================================================
+
+If you specify a SSLv2 cipher, and the mode is SSLv23 and the server
+can talk SSLv3, it will claim there is no cipher since you should be
+using SSLv3.
+
+When tracing debug stuff, remember BIO_s_socket() is different to
+BIO_s_connect().
+
+BSD/OS assember is not working
+
diff --git a/crypto/openssl/e_os.h b/crypto/openssl/e_os.h
new file mode 100644
index 000000000000..58934d1be104
--- /dev/null
+++ b/crypto/openssl/e_os.h
@@ -0,0 +1,376 @@
+/* e_os.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_E_OS_H
+#define HEADER_E_OS_H
+
+#include 
+
+#include 
+/*  contains what we can justify to make visible
+ * to the outside; this file e_os.h is not part of the exported
+ * interface. */
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* Used to checking reference counts, most while doing perl5 stuff :-) */
+#ifdef REF_PRINT
+#undef REF_PRINT
+#define REF_PRINT(a,b)	fprintf(stderr,"%08X:%4d:%s\n",(int)b,b->references,a)
+#endif
+
+#ifndef DEVRANDOM
+/* set this to your 'random' device if you have one.
+ * My default, we will try to read this file */
+#define DEVRANDOM "/dev/urandom"
+#endif
+
+/********************************************************************
+ The Microsoft section
+ ********************************************************************/
+/* The following is used becaue of the small stack in some
+ * Microsoft operating systems */
+#if defined(WIN16) || defined(MSDOS)
+#  define MS_STATIC	static
+#else
+#  define MS_STATIC
+#endif
+
+#if defined(WIN32) || defined(WIN16)
+#  ifndef WINDOWS
+#    define WINDOWS
+#  endif
+#  ifndef MSDOS
+#    define MSDOS
+#  endif
+#endif
+
+#ifdef WIN32
+#define get_last_sys_error()	GetLastError()
+#define clear_sys_error()	SetLastError(0)
+#if !defined(WINNT)
+#define WIN_CONSOLE_BUG
+#endif
+#else
+#define get_last_sys_error()	errno
+#define clear_sys_error()	errno=0
+#endif
+
+#ifdef WINDOWS
+#define get_last_socket_error()	WSAGetLastError()
+#define clear_socket_error()	WSASetLastError(0)
+#define readsocket(s,b,n)	recv((s),(b),(n),0)
+#define writesocket(s,b,n)	send((s),(b),(n),0)
+#define EADDRINUSE		WSAEADDRINUSE
+#else
+#define get_last_socket_error()	errno
+#define clear_socket_error()	errno=0
+#define ioctlsocket(a,b,c)	ioctl(a,b,c)
+#define closesocket(s)		close(s)
+#define readsocket(s,b,n)	read((s),(b),(n))
+#define writesocket(s,b,n)	write((s),(b),(n))
+#endif
+
+#ifdef WIN16
+#  define NO_FP_API
+#  define MS_CALLBACK	_far _loadds
+#  define MS_FAR	_far
+#else
+#  define MS_CALLBACK
+#  define MS_FAR
+#endif
+
+#ifdef NO_STDIO
+#  define NO_FP_API
+#endif
+
+#if defined(WINDOWS) || defined(MSDOS)
+
+#ifndef S_IFDIR
+#define S_IFDIR	_S_IFDIR
+#endif
+
+#ifndef S_IFMT
+#define S_IFMT	_S_IFMT
+
+#if !defined(WINNT)
+#define NO_SYSLOG
+#endif
+#define NO_DIRENT
+
+#endif
+
+#  ifdef WINDOWS
+#    include 
+#    include 
+#    include 
+#    include 
+#    include 
+#  endif
+#  include 
+#  include 
+
+#if defined (__BORLANDC__)
+#define _setmode setmode
+#define _O_TEXT O_TEXT
+#define _O_BINARY O_BINARY
+#define _int64 __int64
+#endif
+
+#if defined(WIN16) && !defined(MONOLITH) && defined(SSLEAY) && defined(_WINEXITNOPERSIST)
+#  define EXIT(n) { if (n == 0) _wsetexit(_WINEXITNOPERSIST); return(n); }
+#else
+#  define EXIT(n)		return(n);
+#endif
+#  define LIST_SEPARATOR_CHAR ';'
+#ifndef X_OK
+#  define X_OK	0
+#endif
+#ifndef W_OK
+#  define W_OK	2
+#endif
+#ifndef R_OK
+#  define R_OK	4
+#endif
+#  define OPENSSL_CONF	"openssl.cnf"
+#  define SSLEAY_CONF	OPENSSL_CONF
+#  define NUL_DEV	"nul"
+#  define RFILE		".rnd"
+
+#else /* The non-microsoft world world */
+
+#  if defined(__VMS) && !defined(VMS)
+#  define VMS 1
+#  endif
+
+#  ifdef VMS
+  /* some programs don't include stdlib, so exit() and others give implicit 
+     function warnings */
+#    include 
+#    if defined(__DECC)
+#      include 
+#    else
+#      include 
+#    endif
+#    define OPENSSL_CONF	"openssl.cnf"
+#    define SSLEAY_CONF		OPENSSL_CONF
+#    define RFILE		".rnd"
+#    define LIST_SEPARATOR_CHAR ','
+#    define NUL_DEV		"NLA0:"
+  /* We need to do this, because DEC C converts exit code 0 to 1, but not 1
+     to 0.  We will convert 1 to 3!  Also, add the inhibit message bit... */
+#    ifndef MONOLITH
+#      define EXIT(n)		do { int __VMS_EXIT = n; \
+                                     if (__VMS_EXIT == 1) __VMS_EXIT = 3; \
+                                     __VMS_EXIT |= 0x10000000; \
+				     exit(n); return(n); } while(0)
+#    else
+#      define EXIT(n)		do { int __VMS_EXIT = n; \
+                                     if (__VMS_EXIT == 1) __VMS_EXIT = 3; \
+                                     __VMS_EXIT |= 0x10000000; \
+				     return(n); } while(0)
+#    endif
+#  else
+     /* !defined VMS */
+#    include OPENSSL_UNISTD
+
+#    define OPENSSL_CONF	"openssl.cnf"
+#    define SSLEAY_CONF		OPENSSL_CONF
+#    define RFILE		".rnd"
+#    define LIST_SEPARATOR_CHAR ':'
+#    define NUL_DEV		"/dev/null"
+#    ifndef MONOLITH
+#      define EXIT(n)		exit(n); return(n)
+#    else
+#      define EXIT(n)		return(n)
+#    endif
+#  endif
+
+#  define SSLeay_getpid()	getpid()
+
+#endif
+
+
+/*************/
+
+#ifdef USE_SOCKETS
+#  if defined(WINDOWS) || defined(MSDOS)
+      /* windows world */
+
+#    ifdef NO_SOCK
+#      define SSLeay_Write(a,b,c)	(-1)
+#      define SSLeay_Read(a,b,c)	(-1)
+#      define SHUTDOWN(fd)		close(fd)
+#      define SHUTDOWN2(fd)		close(fd)
+#    else
+#      include 
+extern HINSTANCE _hInstance;
+#      define SSLeay_Write(a,b,c)	send((a),(b),(c),0)
+#      define SSLeay_Read(a,b,c)	recv((a),(b),(c),0)
+#      define SHUTDOWN(fd)		{ shutdown((fd),0); closesocket(fd); }
+#      define SHUTDOWN2(fd)		{ shutdown((fd),2); closesocket(fd); }
+#    endif
+
+
+#  else
+
+#    include 
+#    ifndef VMS
+#      include 
+#    endif
+#    include  /* Needed under linux for FD_XXX */
+
+#    include 
+#    if defined(VMS) && !defined(__DECC)
+#      include 
+#      include 
+#    else
+#      include 
+#      ifdef FILIO_H
+#        include  /* Added for FIONBIO under unixware */
+#      endif
+#      include 
+#    endif
+
+#    if defined(NeXT) || defined(_NEXT_SOURCE)
+#      include 
+#      include 
+#    endif
+
+#    ifdef AIX
+#      include 
+#    endif
+
+#    if defined(sun)
+#      include 
+#    else
+#      ifndef VMS
+#        include 
+#      else
+	 /* ioctl is only in VMS > 7.0 and when socketshr is not used */
+#        if !defined(TCPIP_TYPE_SOCKETSHR) && defined(__VMS_VER) && (__VMS_VER > 70000000)
+#          include 
+#        endif
+#      endif
+#    endif
+
+#    ifdef VMS
+#      include 
+#      if defined(TCPIP_TYPE_SOCKETSHR)
+#        include 
+#      endif
+#    endif
+
+#    define SSLeay_Read(a,b,c)     read((a),(b),(c))
+#    define SSLeay_Write(a,b,c)    write((a),(b),(c))
+#    define SHUTDOWN(fd)    { shutdown((fd),0); close((fd)); }
+#    define SHUTDOWN2(fd)   { shutdown((fd),2); close((fd)); }
+#    define INVALID_SOCKET	(-1)
+#  endif
+#endif
+
+#if defined(THREADS) || defined(sun)
+#ifndef _REENTRANT
+#define _REENTRANT
+#endif
+#endif
+
+/***********************************************/
+
+/* do we need to do this for getenv.
+ * Just define getenv for use under windows */
+
+#ifdef WIN16
+/* How to do this needs to be thought out a bit more.... */
+/*char *GETENV(char *);
+#define Getenv	GETENV*/
+#define Getenv	getenv
+#else
+#define Getenv getenv
+#endif
+
+#define DG_GCC_BUG	/* gcc < 2.6.3 on DGUX */
+
+#ifdef sgi
+#define IRIX_CC_BUG	/* all version of IRIX I've tested (4.* 5.*) */
+#endif
+#ifdef SNI
+#define IRIX_CC_BUG	/* CDS++ up to V2.0Bsomething suffered from the same bug.*/
+#endif
+
+#ifdef NO_MD2
+#define MD2_Init MD2Init
+#define MD2_Update MD2Update
+#define MD2_Final MD2Final
+#define MD2_DIGEST_LENGTH 16
+#endif
+#ifdef NO_MD5
+#define MD5_Init MD5Init 
+#define MD5_Update MD5Update
+#define MD5_Final MD5Final
+#define MD5_DIGEST_LENGTH 16
+#endif
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
+
diff --git a/crypto/openssl/e_os2.h b/crypto/openssl/e_os2.h
new file mode 100644
index 000000000000..bd97b921a8f5
--- /dev/null
+++ b/crypto/openssl/e_os2.h
@@ -0,0 +1,38 @@
+/* e_os2.h */
+
+#ifndef HEADER_E_OS2_H
+#define HEADER_E_OS2_H
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#include  /* OPENSSL_UNISTD */
+
+#ifdef MSDOS
+# define OPENSSL_UNISTD_IO 
+# define OPENSSL_DECLARE_EXIT extern void exit(int);
+#else
+# define OPENSSL_UNISTD_IO OPENSSL_UNISTD
+# define OPENSSL_DECLARE_EXIT /* declared in unistd.h */
+#endif
+
+/* Definitions of OPENSSL_GLOBAL and OPENSSL_EXTERN,
+   to define and declare certain global
+   symbols that, with some compilers under VMS, have to be defined and
+   declared explicitely with globaldef and globalref.  On other OS:es,
+   these macros are defined with something sensible. */
+
+#if defined(VMS) && !defined(__DECC)
+# define OPENSSL_EXTERN globalref
+# define OPENSSL_GLOBAL globaldef
+#else
+# define OPENSSL_EXTERN extern
+# define OPENSSL_GLOBAL
+#endif
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
+
diff --git a/crypto/openssl/mt/README b/crypto/openssl/mt/README
new file mode 100644
index 000000000000..df6b26e146f2
--- /dev/null
+++ b/crypto/openssl/mt/README
@@ -0,0 +1,14 @@
+Mutithreading testing area.
+
+Since this stuff is very very platorm specific, this is not part of the
+normal build.  Have a read of doc/threads.doc.
+
+mttest will do some testing and will currently build under Windows NT/95,
+Solaris and Linux.  The IRIX stuff is not finished.
+
+I have tested this program on a 12 CPU ultra sparc box (solaris 2.5.1)
+and things seem to work ok.
+
+The Linux pthreads package can be retrieved from 
+http://www.mit.edu:8001/people/proven/pthreads.html
+
diff --git a/crypto/openssl/mt/mttest.c b/crypto/openssl/mt/mttest.c
new file mode 100644
index 000000000000..b2f332602dac
--- /dev/null
+++ b/crypto/openssl/mt/mttest.c
@@ -0,0 +1,1092 @@
+/* mt/mttest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+#include 
+#ifdef LINUX
+#include 
+#endif
+#ifdef WIN32
+#include 
+#endif
+#ifdef SOLARIS
+#include 
+#include 
+#endif
+#ifdef IRIX
+#include 
+#include 
+#endif
+#include 
+#include 
+#include 
+#include "../e_os.h"
+#include 
+#include 
+#include 
+
+#ifdef NO_FP_API
+#define APPS_WIN16
+#include "../crypto/buffer/bss_file.c"
+#endif
+
+#define TEST_SERVER_CERT "../apps/server.pem"
+#define TEST_CLIENT_CERT "../apps/client.pem"
+
+#define MAX_THREAD_NUMBER	100
+
+int MS_CALLBACK verify_callback(int ok, X509 *xs, X509 *xi, int depth,
+	int error,char *arg);
+void thread_setup(void);
+void thread_cleanup(void);
+void do_threads(SSL_CTX *s_ctx,SSL_CTX *c_ctx);
+
+void irix_locking_callback(int mode,int type,char *file,int line);
+void solaris_locking_callback(int mode,int type,char *file,int line);
+void win32_locking_callback(int mode,int type,char *file,int line);
+void pthreads_locking_callback(int mode,int type,char *file,int line);
+
+unsigned long irix_thread_id(void );
+unsigned long solaris_thread_id(void );
+unsigned long pthreads_thread_id(void );
+
+BIO *bio_err=NULL;
+BIO *bio_stdout=NULL;
+
+static char *cipher=NULL;
+int verbose=0;
+#ifdef FIONBIO
+static int s_nbio=0;
+#endif
+
+int thread_number=10;
+int number_of_loops=10;
+int reconnect=0;
+int cache_stats=0;
+
+int doit(char *ctx[4]);
+static void print_stats(fp,ctx)
+FILE *fp;
+SSL_CTX *ctx;
+{
+	fprintf(fp,"%4ld items in the session cache\n",
+		SSL_CTX_sess_number(ctx));
+	fprintf(fp,"%4d client connects (SSL_connect())\n",
+		SSL_CTX_sess_connect(ctx));
+	fprintf(fp,"%4d client connects that finished\n",
+		SSL_CTX_sess_connect_good(ctx));
+	fprintf(fp,"%4d server connects (SSL_accept())\n",
+		SSL_CTX_sess_accept(ctx));
+	fprintf(fp,"%4d server connects that finished\n",
+		SSL_CTX_sess_accept_good(ctx));
+	fprintf(fp,"%4d session cache hits\n",SSL_CTX_sess_hits(ctx));
+	fprintf(fp,"%4d session cache misses\n",SSL_CTX_sess_misses(ctx));
+	fprintf(fp,"%4d session cache timeouts\n",SSL_CTX_sess_timeouts(ctx));
+	}
+
+static void sv_usage()
+	{
+	fprintf(stderr,"usage: ssltest [args ...]\n");
+	fprintf(stderr,"\n");
+	fprintf(stderr," -server_auth  - check server certificate\n");
+	fprintf(stderr," -client_auth  - do client authentication\n");
+	fprintf(stderr," -v            - more output\n");
+	fprintf(stderr," -CApath arg   - PEM format directory of CA's\n");
+	fprintf(stderr," -CAfile arg   - PEM format file of CA's\n");
+	fprintf(stderr," -threads arg  - number of threads\n");
+	fprintf(stderr," -loops arg    - number of 'connections', per thread\n");
+	fprintf(stderr," -reconnect    - reuse session-id's\n");
+	fprintf(stderr," -stats        - server session-id cache stats\n");
+	fprintf(stderr," -cert arg     - server certificate/key\n");
+	fprintf(stderr," -ccert arg    - client certificate/key\n");
+	fprintf(stderr," -ssl3         - just SSLv3n\n");
+	}
+
+int main(argc, argv)
+int argc;
+char *argv[];
+	{
+	char *CApath=NULL,*CAfile=NULL;
+	int badop=0;
+	int ret=1;
+	int client_auth=0;
+	int server_auth=0;
+	SSL_CTX *s_ctx=NULL;
+	SSL_CTX *c_ctx=NULL;
+	char *scert=TEST_SERVER_CERT;
+	char *ccert=TEST_CLIENT_CERT;
+	SSL_METHOD *ssl_method=SSLv23_method();
+
+	if (bio_err == NULL)
+		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+	if (bio_stdout == NULL)
+		bio_stdout=BIO_new_fp(stdout,BIO_NOCLOSE);
+	argc--;
+	argv++;
+
+	while (argc >= 1)
+		{
+		if	(strcmp(*argv,"-server_auth") == 0)
+			server_auth=1;
+		else if	(strcmp(*argv,"-client_auth") == 0)
+			client_auth=1;
+		else if	(strcmp(*argv,"-reconnect") == 0)
+			reconnect=1;
+		else if	(strcmp(*argv,"-stats") == 0)
+			cache_stats=1;
+		else if	(strcmp(*argv,"-ssl3") == 0)
+			ssl_method=SSLv3_method();
+		else if	(strcmp(*argv,"-ssl2") == 0)
+			ssl_method=SSLv2_method();
+		else if	(strcmp(*argv,"-CApath") == 0)
+			{
+			if (--argc < 1) goto bad;
+			CApath= *(++argv);
+			}
+		else if	(strcmp(*argv,"-CAfile") == 0)
+			{
+			if (--argc < 1) goto bad;
+			CAfile= *(++argv);
+			}
+		else if	(strcmp(*argv,"-cert") == 0)
+			{
+			if (--argc < 1) goto bad;
+			scert= *(++argv);
+			}
+		else if	(strcmp(*argv,"-ccert") == 0)
+			{
+			if (--argc < 1) goto bad;
+			ccert= *(++argv);
+			}
+		else if	(strcmp(*argv,"-threads") == 0)
+			{
+			if (--argc < 1) goto bad;
+			thread_number= atoi(*(++argv));
+			if (thread_number == 0) thread_number=1;
+			if (thread_number > MAX_THREAD_NUMBER)
+				thread_number=MAX_THREAD_NUMBER;
+			}
+		else if	(strcmp(*argv,"-loops") == 0)
+			{
+			if (--argc < 1) goto bad;
+			number_of_loops= atoi(*(++argv));
+			if (number_of_loops == 0) number_of_loops=1;
+			}
+		else
+			{
+			fprintf(stderr,"unknown option %s\n",*argv);
+			badop=1;
+			break;
+			}
+		argc--;
+		argv++;
+		}
+	if (badop)
+		{
+bad:
+		sv_usage();
+		goto end;
+		}
+
+	if (cipher == NULL) cipher=getenv("SSL_CIPHER");
+
+	SSL_load_error_strings();
+	SSLeay_add_ssl_algorithms();
+
+	c_ctx=SSL_CTX_new(ssl_method);
+	s_ctx=SSL_CTX_new(ssl_method);
+	if ((c_ctx == NULL) || (s_ctx == NULL))
+		{
+		ERR_print_errors(bio_err);
+		goto end;
+		}
+
+	SSL_CTX_set_session_cache_mode(s_ctx,
+		SSL_SESS_CACHE_NO_AUTO_CLEAR|SSL_SESS_CACHE_SERVER);
+	SSL_CTX_set_session_cache_mode(c_ctx,
+		SSL_SESS_CACHE_NO_AUTO_CLEAR|SSL_SESS_CACHE_SERVER);
+
+	SSL_CTX_use_certificate_file(s_ctx,scert,SSL_FILETYPE_PEM);
+	SSL_CTX_use_RSAPrivateKey_file(s_ctx,scert,SSL_FILETYPE_PEM);
+
+	if (client_auth)
+		{
+		SSL_CTX_use_certificate_file(c_ctx,ccert,
+			SSL_FILETYPE_PEM);
+		SSL_CTX_use_RSAPrivateKey_file(c_ctx,ccert,
+			SSL_FILETYPE_PEM);
+		}
+
+	if (	(!SSL_CTX_load_verify_locations(s_ctx,CAfile,CApath)) ||
+		(!SSL_CTX_set_default_verify_paths(s_ctx)) ||
+		(!SSL_CTX_load_verify_locations(c_ctx,CAfile,CApath)) ||
+		(!SSL_CTX_set_default_verify_paths(c_ctx)))
+		{
+		fprintf(stderr,"SSL_load_verify_locations\n");
+		ERR_print_errors(bio_err);
+		goto end;
+		}
+
+	if (client_auth)
+		{
+		fprintf(stderr,"client authentication\n");
+		SSL_CTX_set_verify(s_ctx,
+			SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
+			verify_callback);
+		}
+	if (server_auth)
+		{
+		fprintf(stderr,"server authentication\n");
+		SSL_CTX_set_verify(c_ctx,SSL_VERIFY_PEER,
+			verify_callback);
+		}
+
+	thread_setup();
+	do_threads(s_ctx,c_ctx);
+	thread_cleanup();
+end:
+	
+	if (c_ctx != NULL) 
+		{
+		fprintf(stderr,"Client SSL_CTX stats then free it\n");
+		print_stats(stderr,c_ctx);
+		SSL_CTX_free(c_ctx);
+		}
+	if (s_ctx != NULL)
+		{
+		fprintf(stderr,"Server SSL_CTX stats then free it\n");
+		print_stats(stderr,s_ctx);
+		if (cache_stats)
+			{
+			fprintf(stderr,"-----\n");
+			lh_stats(SSL_CTX_sessions(s_ctx),stderr);
+			fprintf(stderr,"-----\n");
+		/*	lh_node_stats(SSL_CTX_sessions(s_ctx),stderr);
+			fprintf(stderr,"-----\n"); */
+			lh_node_usage_stats(SSL_CTX_sessions(s_ctx),stderr);
+			fprintf(stderr,"-----\n");
+			}
+		SSL_CTX_free(s_ctx);
+		fprintf(stderr,"done free\n");
+		}
+	exit(ret);
+	return(0);
+	}
+
+#define W_READ	1
+#define W_WRITE	2
+#define C_DONE	1
+#define S_DONE	2
+
+int ndoit(ssl_ctx)
+SSL_CTX *ssl_ctx[2];
+	{
+	int i;
+	int ret;
+	char *ctx[4];
+
+	ctx[0]=(char *)ssl_ctx[0];
+	ctx[1]=(char *)ssl_ctx[1];
+
+	if (reconnect)
+		{
+		ctx[2]=(char *)SSL_new(ssl_ctx[0]);
+		ctx[3]=(char *)SSL_new(ssl_ctx[1]);
+		}
+	else
+		{
+		ctx[2]=NULL;
+		ctx[3]=NULL;
+		}
+
+	fprintf(stdout,"started thread %lu\n",CRYPTO_thread_id());
+	for (i=0; iref (%3d,%3d)\n",
+			CRYPTO_thread_id(),i,
+			ssl_ctx[0]->references,
+			ssl_ctx[1]->references); */
+	/*	pthread_delay_np(&tm);*/
+
+		ret=doit(ctx);
+		if (ret != 0)
+			{
+			fprintf(stdout,"error[%d] %lu - %d\n",
+				i,CRYPTO_thread_id(),ret);
+			return(ret);
+			}
+		}
+	fprintf(stdout,"DONE %lu\n",CRYPTO_thread_id());
+	if (reconnect)
+		{
+		SSL_free((SSL *)ctx[2]);
+		SSL_free((SSL *)ctx[3]);
+		}
+	return(0);
+	}
+
+int doit(ctx)
+char *ctx[4];
+	{
+	SSL_CTX *s_ctx,*c_ctx;
+	static char cbuf[200],sbuf[200];
+	SSL *c_ssl=NULL;
+	SSL *s_ssl=NULL;
+	BIO *c_to_s=NULL;
+	BIO *s_to_c=NULL;
+	BIO *c_bio=NULL;
+	BIO *s_bio=NULL;
+	int c_r,c_w,s_r,s_w;
+	int c_want,s_want;
+	int i;
+	int done=0;
+	int c_write,s_write;
+	int do_server=0,do_client=0;
+
+	s_ctx=(SSL_CTX *)ctx[0];
+	c_ctx=(SSL_CTX *)ctx[1];
+
+	if (ctx[2] != NULL)
+		s_ssl=(SSL *)ctx[2];
+	else
+		s_ssl=SSL_new(s_ctx);
+
+	if (ctx[3] != NULL)
+		c_ssl=(SSL *)ctx[3];
+	else
+		c_ssl=SSL_new(c_ctx);
+
+	if ((s_ssl == NULL) || (c_ssl == NULL)) goto err;
+
+	c_to_s=BIO_new(BIO_s_mem());
+	s_to_c=BIO_new(BIO_s_mem());
+	if ((s_to_c == NULL) || (c_to_s == NULL)) goto err;
+
+	c_bio=BIO_new(BIO_f_ssl());
+	s_bio=BIO_new(BIO_f_ssl());
+	if ((c_bio == NULL) || (s_bio == NULL)) goto err;
+
+	SSL_set_connect_state(c_ssl);
+	SSL_set_bio(c_ssl,s_to_c,c_to_s);
+	BIO_set_ssl(c_bio,c_ssl,(ctx[2] == NULL)?BIO_CLOSE:BIO_NOCLOSE);
+
+	SSL_set_accept_state(s_ssl);
+	SSL_set_bio(s_ssl,c_to_s,s_to_c);
+	BIO_set_ssl(s_bio,s_ssl,(ctx[3] == NULL)?BIO_CLOSE:BIO_NOCLOSE);
+
+	c_r=0; s_r=1;
+	c_w=1; s_w=0;
+	c_want=W_WRITE;
+	s_want=0;
+	c_write=1,s_write=0;
+
+	/* We can always do writes */
+	for (;;)
+		{
+		do_server=0;
+		do_client=0;
+
+		i=(int)BIO_pending(s_bio);
+		if ((i && s_r) || s_w) do_server=1;
+
+		i=(int)BIO_pending(c_bio);
+		if ((i && c_r) || c_w) do_client=1;
+
+		if (do_server && verbose)
+			{
+			if (SSL_in_init(s_ssl))
+				printf("server waiting in SSL_accept - %s\n",
+					SSL_state_string_long(s_ssl));
+			else if (s_write)
+				printf("server:SSL_write()\n");
+			else 
+				printf("server:SSL_read()\n");
+			}
+
+		if (do_client && verbose)
+			{
+			if (SSL_in_init(c_ssl))
+				printf("client waiting in SSL_connect - %s\n",
+					SSL_state_string_long(c_ssl));
+			else if (c_write)
+				printf("client:SSL_write()\n");
+			else
+				printf("client:SSL_read()\n");
+			}
+
+		if (!do_client && !do_server)
+			{
+			fprintf(stdout,"ERROR IN STARTUP\n");
+			break;
+			}
+		if (do_client && !(done & C_DONE))
+			{
+			if (c_write)
+				{
+				i=BIO_write(c_bio,"hello from client\n",18);
+				if (i < 0)
+					{
+					c_r=0;
+					c_w=0;
+					if (BIO_should_retry(c_bio))
+						{
+						if (BIO_should_read(c_bio))
+							c_r=1;
+						if (BIO_should_write(c_bio))
+							c_w=1;
+						}
+					else
+						{
+						fprintf(stderr,"ERROR in CLIENT\n");
+						return(1);
+						}
+					}
+				else if (i == 0)
+					{
+					fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
+					return(1);
+					}
+				else
+					{
+					/* ok */
+					c_write=0;
+					}
+				}
+			else
+				{
+				i=BIO_read(c_bio,cbuf,100);
+				if (i < 0)
+					{
+					c_r=0;
+					c_w=0;
+					if (BIO_should_retry(c_bio))
+						{
+						if (BIO_should_read(c_bio))
+							c_r=1;
+						if (BIO_should_write(c_bio))
+							c_w=1;
+						}
+					else
+						{
+						fprintf(stderr,"ERROR in CLIENT\n");
+						return(1);
+						}
+					}
+				else if (i == 0)
+					{
+					fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
+					return(1);
+					}
+				else
+					{
+					done|=C_DONE;
+#ifdef undef
+					fprintf(stdout,"CLIENT:from server:");
+					fwrite(cbuf,1,i,stdout);
+					fflush(stdout);
+#endif
+					}
+				}
+			}
+
+		if (do_server && !(done & S_DONE))
+			{
+			if (!s_write)
+				{
+				i=BIO_read(s_bio,sbuf,100);
+				if (i < 0)
+					{
+					s_r=0;
+					s_w=0;
+					if (BIO_should_retry(s_bio))
+						{
+						if (BIO_should_read(s_bio))
+							s_r=1;
+						if (BIO_should_write(s_bio))
+							s_w=1;
+						}
+					else
+						{
+						fprintf(stderr,"ERROR in SERVER\n");
+						ERR_print_errors_fp(stderr);
+						return(1);
+						}
+					}
+				else if (i == 0)
+					{
+					fprintf(stderr,"SSL SERVER STARTUP FAILED\n");
+					return(1);
+					}
+				else
+					{
+					s_write=1;
+					s_w=1;
+#ifdef undef
+					fprintf(stdout,"SERVER:from client:");
+					fwrite(sbuf,1,i,stdout);
+					fflush(stdout);
+#endif
+					}
+				}
+			else
+				{
+				i=BIO_write(s_bio,"hello from server\n",18);
+				if (i < 0)
+					{
+					s_r=0;
+					s_w=0;
+					if (BIO_should_retry(s_bio))
+						{
+						if (BIO_should_read(s_bio))
+							s_r=1;
+						if (BIO_should_write(s_bio))
+							s_w=1;
+						}
+					else
+						{
+						fprintf(stderr,"ERROR in SERVER\n");
+						ERR_print_errors_fp(stderr);
+						return(1);
+						}
+					}
+				else if (i == 0)
+					{
+					fprintf(stderr,"SSL SERVER STARTUP FAILED\n");
+					return(1);
+					}
+				else
+					{
+					s_write=0;
+					s_r=1;
+					done|=S_DONE;
+					}
+				}
+			}
+
+		if ((done & S_DONE) && (done & C_DONE)) break;
+		}
+
+	SSL_set_shutdown(c_ssl,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
+	SSL_set_shutdown(s_ssl,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
+
+#ifdef undef
+	fprintf(stdout,"DONE\n");
+#endif
+err:
+	/* We have to set the BIO's to NULL otherwise they will be
+	 * free()ed twice.  Once when th s_ssl is SSL_free()ed and
+	 * again when c_ssl is SSL_free()ed.
+	 * This is a hack required because s_ssl and c_ssl are sharing the same
+	 * BIO structure and SSL_set_bio() and SSL_free() automatically
+	 * BIO_free non NULL entries.
+	 * You should not normally do this or be required to do this */
+
+	if (s_ssl != NULL)
+		{
+		s_ssl->rbio=NULL;
+		s_ssl->wbio=NULL;
+		}
+	if (c_ssl != NULL)
+		{
+		c_ssl->rbio=NULL;
+		c_ssl->wbio=NULL;
+		}
+
+	/* The SSL's are optionally freed in the following calls */
+	if (c_to_s != NULL) BIO_free(c_to_s);
+	if (s_to_c != NULL) BIO_free(s_to_c);
+
+	if (c_bio != NULL) BIO_free(c_bio);
+	if (s_bio != NULL) BIO_free(s_bio);
+	return(0);
+	}
+
+int MS_CALLBACK verify_callback(ok, xs, xi, depth, error, arg)
+int ok;
+X509 *xs;
+X509 *xi;
+int depth;
+int error;
+char *arg;
+	{
+	char buf[256];
+
+	if (verbose)
+		{
+		X509_NAME_oneline(X509_get_subject_name(xs),buf,256);
+		if (ok)
+			fprintf(stderr,"depth=%d %s\n",depth,buf);
+		else
+			fprintf(stderr,"depth=%d error=%d %s\n",depth,error,buf);
+		}
+	return(ok);
+	}
+
+#define THREAD_STACK_SIZE (16*1024)
+
+#ifdef WIN32
+
+static PRLOCK lock_cs[CRYPTO_NUM_LOCKS];
+
+void thread_setup()
+	{
+	int i;
+
+	for (i=0; i end.wDayOfWeek) end.wDayOfWeek+=7;
+	ret=(end.wDayOfWeek-start.wDayOfWeek)*24;
+
+	ret=(ret+end.wHour-start.wHour)*60;
+	ret=(ret+end.wMinute-start.wMinute)*60;
+	ret=(ret+end.wSecond-start.wSecond);
+	ret+=(end.wMilliseconds-start.wMilliseconds)/1000.0;
+
+	printf("win32 threads done - %.3f seconds\n",ret);
+	}
+
+#endif /* WIN32 */
+
+#ifdef SOLARIS
+
+static mutex_t lock_cs[CRYPTO_NUM_LOCKS];
+/*static rwlock_t lock_cs[CRYPTO_NUM_LOCKS]; */
+static long lock_count[CRYPTO_NUM_LOCKS];
+
+void thread_setup()
+	{
+	int i;
+
+	for (i=0; ireferences,c_ctx->references);
+	}
+
+unsigned long solaris_thread_id()
+	{
+	unsigned long ret;
+
+	ret=(unsigned long)thr_self();
+	return(ret);
+	}
+#endif /* SOLARIS */
+
+#ifdef IRIX
+
+
+static usptr_t *arena;
+static usema_t *lock_cs[CRYPTO_NUM_LOCKS];
+
+void thread_setup()
+	{
+	int i;
+	char filename[20];
+
+	strcpy(filename,"/tmp/mttest.XXXXXX");
+	mktemp(filename);
+
+	usconfig(CONF_STHREADIOOFF);
+	usconfig(CONF_STHREADMALLOCOFF);
+	usconfig(CONF_INITUSERS,100);
+	usconfig(CONF_LOCKTYPE,US_DEBUGPLUS);
+	arena=usinit(filename);
+	unlink(filename);
+
+	for (i=0; ireferences,c_ctx->references);
+	}
+
+unsigned long irix_thread_id()
+	{
+	unsigned long ret;
+
+	ret=(unsigned long)getpid();
+	return(ret);
+	}
+#endif /* IRIX */
+
+#ifdef PTHREADS
+
+static pthread_mutex_t lock_cs[CRYPTO_NUM_LOCKS];
+static long lock_count[CRYPTO_NUM_LOCKS];
+
+void thread_setup()
+	{
+	int i;
+
+	for (i=0; ireferences,c_ctx->references);
+	}
+
+unsigned long pthreads_thread_id()
+	{
+	unsigned long ret;
+
+	ret=(unsigned long)pthread_self();
+	return(ret);
+	}
+
+#endif /* PTHREADS */
+
+
+
diff --git a/crypto/openssl/mt/profile.sh b/crypto/openssl/mt/profile.sh
new file mode 100644
index 000000000000..de5eb0670860
--- /dev/null
+++ b/crypto/openssl/mt/profile.sh
@@ -0,0 +1,4 @@
+#!/bin/sh
+/bin/rm -f mttest
+cc -p -DSOLARIS -I../include -g mttest.c -o mttest -L/usr/lib/libc -ldl -L.. -lthread  -lssl -lcrypto -lnsl -lsocket
+
diff --git a/crypto/openssl/mt/pthread.sh b/crypto/openssl/mt/pthread.sh
new file mode 100644
index 000000000000..7d0b6e55f546
--- /dev/null
+++ b/crypto/openssl/mt/pthread.sh
@@ -0,0 +1,9 @@
+#!/bin/sh
+#
+# build using pthreads
+#
+# http://www.mit.edu:8001/people/proven/pthreads.html
+#
+/bin/rm -f mttest
+pgcc -DPTHREADS -I../include -g mttest.c -o mttest -L.. -lssl -lcrypto 
+
diff --git a/crypto/openssl/mt/purify.sh b/crypto/openssl/mt/purify.sh
new file mode 100644
index 000000000000..57c4017073a8
--- /dev/null
+++ b/crypto/openssl/mt/purify.sh
@@ -0,0 +1,4 @@
+#!/bin/sh
+/bin/rm -f mttest
+purify cc -DSOLARIS -I../include -g mttest.c -o mttest -L.. -lthread  -lssl -lcrypto -lnsl -lsocket
+
diff --git a/crypto/openssl/mt/solaris.sh b/crypto/openssl/mt/solaris.sh
new file mode 100644
index 000000000000..f6a90b17ee0a
--- /dev/null
+++ b/crypto/openssl/mt/solaris.sh
@@ -0,0 +1,4 @@
+#!/bin/sh
+/bin/rm -f mttest
+cc -DSOLARIS -I../include -g mttest.c -o mttest -L.. -lthread  -lssl -lcrypto -lnsl -lsocket
+
diff --git a/crypto/openssl/openssl.doxy b/crypto/openssl/openssl.doxy
new file mode 100644
index 000000000000..479c311470af
--- /dev/null
+++ b/crypto/openssl/openssl.doxy
@@ -0,0 +1,7 @@
+PROJECT_NAME=OpenSSL
+GENERATE_LATEX=no
+OUTPUT_DIRECTORY=doxygen
+INPUT=ssl include
+FILE_PATTERNS=*.c *.h
+RECURSIVE=yes
+PREDEFINED=DOXYGEN
diff --git a/crypto/openssl/perl/MANIFEST b/crypto/openssl/perl/MANIFEST
new file mode 100644
index 000000000000..80c900769d0b
--- /dev/null
+++ b/crypto/openssl/perl/MANIFEST
@@ -0,0 +1,17 @@
+README.1ST
+MANIFEST
+Makefile.PL
+typemap
+OpenSSL.pm
+OpenSSL.xs
+openssl.h
+openssl_bio.xs
+openssl_bn.xs
+openssl_cipher.xs
+openssl_digest.xs
+openssl_err.xs
+openssl_ssl.xs
+openssl_x509.xs
+t/01-use.t
+t/02-version.t
+t/03-bio.t
diff --git a/crypto/openssl/perl/Makefile.PL b/crypto/openssl/perl/Makefile.PL
new file mode 100644
index 000000000000..2a67ad061d5c
--- /dev/null
+++ b/crypto/openssl/perl/Makefile.PL
@@ -0,0 +1,45 @@
+##
+##  Makefile.PL -- Perl MakeMaker specification
+##
+
+open(IN,"<../Makefile.ssl") || die "unable to open Makefile.ssl!\n";
+while() {
+    $V=$1 if (/^VERSION=(.*)$/);
+}
+close(IN);
+print "Configuring companion Perl module for OpenSSL $V\n";
+
+use ExtUtils::MakeMaker;
+
+WriteMakefile(
+    'OPTIMIZE'      => '',
+    'DISTNAME'      => "openssl-$V",
+    'NAME'          => 'OpenSSL',
+    'VERSION_FROM'  => 'OpenSSL.pm',
+    'LIBS'          => ( $^O eq 'MSWin32'
+                         ? [ '-L../out32dll -lssleay32 -llibeay32' ]
+                         : [ '-L.. -lssl -lcrypto' ]                 ),
+    'DEFINE'        => '',
+    'INC'           => '-I../include',
+    'H'             => ['openssl.h'],
+    'OBJECT' =>
+        'OpenSSL.o ' .
+        'openssl_bio.o ' .
+        'openssl_bn.o ' .
+        'openssl_cipher.o ' .
+        'openssl_digest.o ' .
+        'openssl_err.o ' .
+        'openssl_ssl.o ' .
+        'openssl_x509.o ',
+    'XS' => { 
+        'OpenSSL.xs'        =>  'OpenSSL.c',
+        'openssl_bio.xs'    =>  'openssl_bio.c',
+        'openssl_bn.xs'     =>  'openssl_bn.c',
+        'openssl_cipher.xs' =>  'openssl_cipher.c',
+        'openssl_digest.xs' =>  'openssl_digest.c',
+        'openssl_err.xs'    =>  'openssl_err.c',
+        'openssl_ssl.xs'    =>  'openssl_ssl.c',
+        'openssl_x509.xs'   =>  'openssl_x509.c',
+    },
+);
+
diff --git a/crypto/openssl/perl/OpenSSL.pm b/crypto/openssl/perl/OpenSSL.pm
new file mode 100644
index 000000000000..ae7265a21d95
--- /dev/null
+++ b/crypto/openssl/perl/OpenSSL.pm
@@ -0,0 +1,90 @@
+##
+##  OpenSSL.pm
+##
+
+package OpenSSL;
+
+require 5.000;
+use Exporter;
+use DynaLoader;
+
+@ISA    = qw(Exporter DynaLoader);
+@EXPORT = qw();
+
+$VERSION = '0.94';
+bootstrap OpenSSL;
+
+@OpenSSL::BN::ISA        = qw(OpenSSL::ERR);
+@OpenSSL::MD::ISA        = qw(OpenSSL::ERR);
+@OpenSSL::Cipher::ISA    = qw(OpenSSL::ERR);
+@OpenSSL::SSL::CTX::ISA  = qw(OpenSSL::ERR);
+@OpenSSL::BIO::ISA       = qw(OpenSSL::ERR);
+@OpenSSL::SSL::ISA       = qw(OpenSSL::ERR);
+
+@BN::ISA                 = qw(OpenSSL::BN);
+@MD::ISA                 = qw(OpenSSL::MD);
+@Cipher::ISA             = qw(OpenSSL::Cipher);
+@SSL::ISA                = qw(OpenSSL::SSL);
+@SSL::CTX::ISA           = qw(OpenSSL::SSL::CTX);
+@BIO::ISA                = qw(OpenSSL::BIO);
+
+@OpenSSL::MD::names = qw(
+    md2 md5 sha sha1 ripemd160 mdc2
+);
+
+@OpenSSL::Cipher::names = qw(
+    des-ecb des-cfb des-ofb des-cbc
+    des-ede des-ede-cfb des-ede-ofb des-ede-cbc
+    des-ede3 des-ede3-cfb des-ede3-ofb des-ede3-cbc
+    desx-cbc rc4 rc4-40
+    idea-ecb idea-cfb idea-ofb idea-cbc
+    rc2-ecb rc2-cbc rc2-40-cbc rc2-cfb rc2-ofb
+    bf-ecb bf-cfb bf-ofb bf-cbc
+    cast5-ecb cast5-cfb cast5-ofb cast5-cbc
+    rc5-ecb rc5-cfb rc5-ofb rc5-cbc
+);
+
+sub OpenSSL::SSL::CTX::new_ssl { 
+    OpenSSL::SSL::new($_[0]);
+}
+
+sub OpenSSL::ERR::error {
+    my($o) = @_;
+    my($s, $ret);
+
+    while (($s = $o->get_error()) != 0) {
+        $ret.=$s."\n";
+    }
+    return($ret);
+}
+
+@OpenSSL::Cipher::aliases = qw(
+    des desx des3 idea rc2 bf cast
+);
+
+package OpenSSL::BN;
+
+sub bnfix { 
+    (ref($_[0]) ne "OpenSSL::BN") ? OpenSSL::BN::dec2bn($_[0]) : $_[0]; 
+}
+
+use overload
+"="    => sub { dup($_[0]); },
+"+"    => sub { add($_[0],$_[1]); },
+"-"    => sub { ($_[1],$_[0])=($_[0],$_[1]) if $_[2]; OpenSSL::BN::sub($_[0],$_[1]); },
+"*"    => sub { mul($_[0],$_[1]); },
+"**"   => sub { ($_[1],$_[0])=($_[0],$_[1]) if $_[2]; OpenSSL::BN::exp($_[0],$_[1]); },
+"/"    => sub { ($_[1],$_[0])=($_[0],$_[1]) if $_[2]; (div($_[0],$_[1]))[0]; },
+"%"    => sub { ($_[1],$_[0])=($_[0],$_[1]) if $_[2]; mod($_[0],$_[1]); },
+"<<"   => sub { lshift($_[0],$_[1]); },
+">>"   => sub { rshift($_[0],$_[1]); },
+"<=>"  => sub { OpenSSL::BN::cmp($_[0],$_[1]); },
+'""'   => sub { bn2dec($_[0]); },
+'0+'   => sub { dec2bn($_[0]); },
+"bool" => sub { ref($_[0]) eq "OpenSSL::BN"; };
+
+sub OpenSSL::BIO::do_accept { 
+    OpenSSL::BIO::do_handshake(@_);
+}
+
+1;
diff --git a/crypto/openssl/perl/OpenSSL.xs b/crypto/openssl/perl/OpenSSL.xs
new file mode 100644
index 000000000000..2267168b79a9
--- /dev/null
+++ b/crypto/openssl/perl/OpenSSL.xs
@@ -0,0 +1,82 @@
+/*
+**  OpenSSL.xs
+*/
+
+#include "openssl.h"
+
+SV *
+new_ref(type, obj, mort)
+  char *type;
+  char *obj;
+{
+    SV *ret;
+
+    if (mort)
+        ret = sv_newmortal();
+    else
+        ret = newSViv(0);
+#ifdef DEBUG
+    printf(">new_ref %d\n",type);
+#endif
+    sv_setref_pv(ret, type, (void *)obj);
+    return(ret);
+}
+
+int 
+ex_new(obj, data, ad, idx, argl, argp)
+  char *obj;
+  SV *data;
+  CRYPTO_EX_DATA *ad;
+  int idx;
+  long argl;
+  char *argp;
+{
+    SV *sv;
+
+#ifdef DEBUG
+    printf("ex_new %08X %s\n",obj,argp); 
+#endif
+    sv = sv_newmortal();
+    sv_setref_pv(sv, argp, (void *)obj);
+#ifdef DEBUG
+    printf("%d>new_ref '%s'\n", sv, argp);
+#endif
+    CRYPTO_set_ex_data(ad, idx, (char *)sv);
+    return(1);
+}
+
+void 
+ex_cleanup(obj, data, ad, idx, argl, argp)
+  char *obj;
+  SV *data;
+  CRYPTO_EX_DATA *ad;
+  int idx;
+  long argl;
+  char *argp;
+{
+    pr_name("ex_cleanup");
+#ifdef DEBUG
+    printf("ex_cleanup %08X %s\n", obj, argp);
+#endif
+    if (data != NULL)
+        SvREFCNT_dec((SV *)data);
+}
+
+MODULE = OpenSSL  PACKAGE = OpenSSL
+
+PROTOTYPES: ENABLE
+
+BOOT:
+    boot_bio();
+    boot_cipher();
+    boot_digest();
+    boot_err();
+    boot_ssl();
+    boot_OpenSSL__BN();
+    boot_OpenSSL__BIO();
+    boot_OpenSSL__Cipher();
+    boot_OpenSSL__MD();
+    boot_OpenSSL__ERR();
+    boot_OpenSSL__SSL();
+    boot_OpenSSL__X509();
+
diff --git a/crypto/openssl/perl/README.1ST b/crypto/openssl/perl/README.1ST
new file mode 100644
index 000000000000..7b5a1aa5e9dc
--- /dev/null
+++ b/crypto/openssl/perl/README.1ST
@@ -0,0 +1,4 @@
+
+  WARNING, this Perl interface to OpenSSL is horrible incomplete.
+  Don't expect it to be really useable!!
+
diff --git a/crypto/openssl/perl/openssl.h b/crypto/openssl/perl/openssl.h
new file mode 100644
index 000000000000..2712324a302a
--- /dev/null
+++ b/crypto/openssl/perl/openssl.h
@@ -0,0 +1,96 @@
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include "EXTERN.h"
+#include "perl.h"
+#include "XSUB.h"
+
+#ifdef __cplusplus
+}
+#endif
+
+typedef struct datum_st {
+    char *dptr;
+    int dsize;
+} datum;
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#ifdef DEBUG
+#define pr_name(name)           printf("%s\n",name)
+#define pr_name_d(name,p2)      printf("%s %d\n",name,p2)
+#define pr_name_dd(name,p2,p3)  printf("%s %d %d\n",name,p2,p3)
+#else
+#define pr_name(name)
+#define pr_name_d(name,p2)
+#define pr_name_dd(name,p2,p3)
+#endif
+
+SV *new_ref(char *type, char *obj, int mort);
+int ex_new(char *obj, SV *data, CRYPTO_EX_DATA *ad, int idx, long argl, char *argp);
+void ex_cleanup(char *obj, SV *data, CRYPTO_EX_DATA *ad, int idx, long argl, char *argp);
+
diff --git a/crypto/openssl/perl/openssl_bio.xs b/crypto/openssl/perl/openssl_bio.xs
new file mode 100644
index 000000000000..06d61af13052
--- /dev/null
+++ b/crypto/openssl/perl/openssl_bio.xs
@@ -0,0 +1,450 @@
+
+#include "openssl.h"
+
+static int p5_bio_ex_bio_ptr = 0;
+static int p5_bio_ex_bio_callback = 0;
+static int p5_bio_ex_bio_callback_data = 0;
+
+static long 
+p5_bio_callback(bio,state,parg,cmd,larg,ret)
+  BIO  *bio;
+  int   state;
+  char *parg;
+  int   cmd;
+  long  larg;
+  int   ret;
+{
+    int i;
+    SV *me,*cb;
+
+    me = (SV *)BIO_get_ex_data(bio, p5_bio_ex_bio_ptr);
+    cb = (SV *)BIO_get_ex_data(bio, p5_bio_ex_bio_callback);
+    if (cb != NULL) {
+        dSP;
+
+        ENTER;
+        SAVETMPS;
+
+        PUSHMARK(sp);
+        XPUSHs(sv_2mortal(newSVsv(me)));
+        XPUSHs(sv_2mortal(newSViv(state)));
+        XPUSHs(sv_2mortal(newSViv(cmd)));
+        if ((state == BIO_CB_READ) || (state == BIO_CB_WRITE))
+            XPUSHs(sv_2mortal(newSVpv(parg,larg)));
+        else
+            XPUSHs(&sv_undef);
+        /* ptr one */
+        XPUSHs(sv_2mortal(newSViv(larg)));
+        XPUSHs(sv_2mortal(newSViv(ret)));
+        PUTBACK;
+
+        i = perl_call_sv(cb,G_SCALAR);
+
+        SPAGAIN;
+        if (i == 1)
+            ret = POPi;
+        else
+            ret = 1;
+        PUTBACK;
+        FREETMPS;
+        LEAVE;
+    }
+    else {
+        croak("Internal error in p5_bio_callback");
+    }
+    return(ret);
+}
+
+int 
+boot_bio(void)
+{
+    p5_bio_ex_bio_ptr = BIO_get_ex_new_index(0, "OpenSSL::BIO", ex_new, NULL, ex_cleanup);
+    p5_bio_ex_bio_callback = BIO_get_ex_new_index(0, "bio_callback", NULL, NULL, ex_cleanup);
+    p5_bio_ex_bio_callback_data = BIO_get_ex_new_index(0, "bio_callback_data", NULL, NULL, ex_cleanup);
+    return(1);
+}
+
+MODULE = OpenSSL::BIO  PACKAGE = OpenSSL::BIO  PREFIX = p5_BIO_
+
+PROTOTYPES: ENABLE
+VERSIONCHECK: DISABLE
+
+void
+p5_BIO_new_buffer_ssl_connect(...)
+    PROTOTYPE: ;$
+    PREINIT:
+        SSL_CTX *ctx;
+        BIO *bio;
+        SV *arg;
+    PPCODE:
+        if (items == 1)
+            arg = ST(0);
+        else if (items == 2)
+            arg = ST(1);
+        else
+            arg = NULL;
+        if ((arg == NULL) || !(sv_derived_from(arg,"OpenSSL::SSL::CTX")))
+            croak("Usage: OpenSSL::BIO::new_buffer_ssl_connect(SSL_CTX)");
+        else {
+            IV tmp = SvIV((SV *)SvRV(arg));
+            ctx = (SSL_CTX *)tmp;
+        }
+        EXTEND(sp, 1);
+        bio = BIO_new_buffer_ssl_connect(ctx);
+        arg = (SV *)BIO_get_ex_data(bio, p5_bio_ex_bio_ptr);
+        PUSHs(arg);
+    
+void
+p5_BIO_new_ssl_connect(...)
+    PROTOTYPE: ;$
+    PREINIT:
+        SSL_CTX *ctx;
+        BIO *bio;
+        SV *arg;
+    PPCODE:
+        if (items == 1)
+            arg = ST(0);
+        else if (items == 2)
+            arg = ST(1);
+        else
+            arg = NULL;
+        if ((arg == NULL) || !(sv_derived_from(arg,"OpenSSL::SSL::CTX")))
+            croak("Usage: OpenSSL::BIO::new_ssl_connect(SSL_CTX)");
+        else {
+            IV tmp = SvIV((SV *)SvRV(arg));
+            ctx = (SSL_CTX *)tmp;
+        }
+        EXTEND(sp,1);
+        bio = BIO_new_ssl_connect(ctx);
+        arg = (SV *)BIO_get_ex_data(bio,p5_bio_ex_bio_ptr);
+        PUSHs(arg);
+    
+void
+p5_BIO_new(...)
+    PROTOTYPE: ;$
+    PREINIT:
+        BIO *bio;
+        char *type;
+        SV *arg;
+    PPCODE:
+        pr_name("p5_BIO_new");
+        if ((items == 1) && SvPOK(ST(0)))
+            type = SvPV(ST(0),na);
+        else if ((items == 2) && SvPOK(ST(1)))
+            type = SvPV(ST(1),na);
+        else
+            croak("Usage: OpenSSL::BIO::new(type)");
+        EXTEND(sp,1);
+        if (strcmp(type, "mem") == 0)
+            bio=BIO_new(BIO_s_mem());
+        else if (strcmp(type, "socket") == 0)
+            bio=BIO_new(BIO_s_socket());
+        else if (strcmp(type, "connect") == 0)
+            bio=BIO_new(BIO_s_connect());
+        else if (strcmp(type, "accept") == 0)
+            bio=BIO_new(BIO_s_accept());
+        else if (strcmp(type, "fd") == 0)
+            bio=BIO_new(BIO_s_fd());
+        else if (strcmp(type, "file") == 0)
+            bio=BIO_new(BIO_s_file());
+        else if (strcmp(type, "null") == 0)
+            bio=BIO_new(BIO_s_null());
+        else if (strcmp(type, "ssl") == 0)
+            bio=BIO_new(BIO_f_ssl());
+        else if (strcmp(type, "buffer") == 0)
+            bio=BIO_new(BIO_f_buffer());
+        else
+            croak("unknown BIO type");
+        arg = (SV *)BIO_get_ex_data(bio,p5_bio_ex_bio_ptr);
+        PUSHs(arg);
+
+int
+p5_BIO_hostname(bio, name)
+    BIO *bio;
+    char *name;
+    PROTOTYPE: $$
+    CODE:
+        RETVAL = BIO_set_conn_hostname(bio, name);
+    OUTPUT:
+        RETVAL
+
+int
+p5_BIO_set_accept_port(bio, str)
+    BIO *bio;
+    char *str;
+    PROTOTYPE: $$
+    CODE:
+        RETVAL = BIO_set_accept_port(bio, str);
+    OUTPUT:
+        RETVAL
+
+int
+p5_BIO_do_handshake(bio)
+    BIO *bio;
+    PROTOTYPE: $
+    CODE:
+        RETVAL = BIO_do_handshake(bio);
+    OUTPUT:
+        RETVAL
+
+BIO *
+p5_BIO_push(b, bio)
+    BIO *b;
+    BIO *bio;
+    PROTOTYPE: $$
+    CODE:
+        /* This reference will be reduced when the reference is
+         * let go, and then when the BIO_free_all() is called
+         * inside the OpenSSL library by the BIO with this
+         * pushed into */
+        bio->references++;
+        RETVAL = BIO_push(b, bio);
+    OUTPUT:
+        RETVAL
+
+void
+p5_BIO_pop(b)
+    BIO *b
+    PROTOTYPE: $
+    PREINIT:
+        BIO *bio;
+        char *type;
+        SV *arg;
+    PPCODE:
+        bio = BIO_pop(b);
+        if (bio != NULL) {
+            /* This BIO will either be one created in the
+             * perl library, in which case it will have a perl
+             * SV, otherwise it will have been created internally,
+             * inside OpenSSL.  For the 'pushed in', it needs
+             * the reference count decremented. */
+            arg = (SV *)BIO_get_ex_data(bio, p5_bio_ex_bio_ptr);
+            if (arg == NULL) {
+                arg = new_ref("OpenSSL::BIO",(char *)bio,0);
+                BIO_set_ex_data(bio, p5_bio_ex_bio_ptr, (char *)arg);
+                PUSHs(arg);
+            }
+            else {
+                /* it was pushed in */
+                SvREFCNT_inc(arg);
+                PUSHs(arg);
+            }
+        }
+
+int
+p5_BIO_sysread(bio, in, num, ...)
+    BIO *bio;
+    SV *in;
+    int num;
+    PROTOTYPE: $$$;
+    PREINIT:
+        int i,n,olen;
+        int offset;
+        char *p;
+    CODE:
+        offset = 0;
+        if (!SvPOK(in))
+            sv_setpvn(in, "", 0);
+        SvPV(in, olen);
+        if (items > 3) {
+            offset = SvIV(ST(3));
+            if (offset < 0) {
+                if (-offset > olen)
+                    croak("Offset outside string");
+                offset+=olen;
+            }
+        }
+        if ((num+offset) > olen) {
+            SvGROW(in, num+offset+1);
+            p=SvPV(in, i);
+            memset(&(p[olen]), 0, (num+offset)-olen+1);
+        }
+        p = SvPV(in,n);
+        i = BIO_read(bio, p+offset, num);
+        RETVAL = i;
+        if (i <= 0) 
+            i = 0;
+        SvCUR_set(in, offset+i);
+    OUTPUT:
+        RETVAL
+
+int
+p5_BIO_syswrite(bio, in, ...)
+    BIO *bio;
+    SV *in;
+    PROTOTYPE: $$;
+    PREINIT:
+        char *ptr;
+        int len,in_len;
+        int offset=0;
+        int n;
+    CODE:
+        ptr = SvPV(in, in_len);
+        if (items > 2) {
+            len = SvOK(ST(2)) ? SvIV(ST(2)) : in_len;
+            if (items > 3) {
+                offset = SvIV(ST(3));
+                if (offset < 0) {
+                    if (-offset > in_len)
+                        croak("Offset outside string");
+                    offset+=in_len;
+                }
+                else if ((offset >= in_len) && (in_len > 0))
+                    croak("Offset outside string");
+            }
+            if (len >= (in_len-offset))
+                len = in_len-offset;
+        }
+        else
+            len = in_len;
+        RETVAL = BIO_write(bio, ptr+offset, len);
+    OUTPUT:
+        RETVAL
+
+void
+p5_BIO_getline(bio)
+    BIO *bio;
+    PROTOTYPE: $
+    PREINIT:
+        int i;
+        char *p;
+    PPCODE:
+        pr_name("p5_BIO_gets");
+        EXTEND(sp, 1);
+        PUSHs(sv_newmortal());
+        sv_setpvn(ST(0), "", 0);
+        SvGROW(ST(0), 1024);
+        p=SvPV(ST(0), na);
+        i = BIO_gets(bio, p, 1024);
+        if (i < 0) 
+            i = 0;
+        SvCUR_set(ST(0), i);
+
+int
+p5_BIO_flush(bio)
+    BIO *bio;
+    PROTOTYPE: $
+    CODE:
+        RETVAL = BIO_flush(bio);
+    OUTPUT:
+        RETVAL
+
+char *
+p5_BIO_type(bio)
+    BIO *bio;
+    PROTOTYPE: $
+    CODE:
+        RETVAL = bio->method->name;
+    OUTPUT:
+        RETVAL
+
+void
+p5_BIO_next_bio(b)
+    BIO *b
+    PROTOTYPE: $
+    PREINIT:
+        BIO *bio;
+        char *type;
+        SV *arg;
+    PPCODE:
+        bio = b->next_bio;
+        if (bio != NULL) {
+            arg = (SV *)BIO_get_ex_data(bio, p5_bio_ex_bio_ptr);
+            if (arg == NULL) {
+                arg = new_ref("OpenSSL::BIO", (char *)bio, 0);
+                BIO_set_ex_data(bio, p5_bio_ex_bio_ptr, (char *)arg);
+                bio->references++;
+                PUSHs(arg);
+            }
+            else {
+                SvREFCNT_inc(arg);
+                PUSHs(arg);
+            }
+        }
+
+int
+p5_BIO_puts(bio, in)
+    BIO *bio;
+    SV *in;
+    PROTOTYPE: $$
+    PREINIT:
+        char *ptr;
+    CODE:
+        ptr = SvPV(in,na);
+        RETVAL = BIO_puts(bio, ptr);
+    OUTPUT:
+        RETVAL
+
+void
+p5_BIO_set_callback(bio, cb,...)
+    BIO *bio;
+    SV *cb;
+    PROTOTYPE: $$;
+    PREINIT:
+        SV *arg  = NULL;
+        SV *arg2 = NULL;
+    CODE:
+        if (items > 3)
+            croak("Usage: OpenSSL::BIO::set_callback(bio,callback[,arg]");
+        if (items == 3) {
+            arg2 = sv_mortalcopy(ST(2));
+            SvREFCNT_inc(arg2);
+            BIO_set_ex_data(bio, p5_bio_ex_bio_callback_data, (char *)arg2);
+        }
+        arg = sv_mortalcopy(ST(1));
+        SvREFCNT_inc(arg);
+        BIO_set_ex_data(bio, p5_bio_ex_bio_callback, (char *)arg);
+        /* printf("%08lx < bio_ptr\n",BIO_get_ex_data(bio,p5_bio_ex_bio_ptr)); */
+        BIO_set_callback(bio, p5_bio_callback);
+
+void
+p5_BIO_DESTROY(bio)
+    BIO *bio
+    PROTOTYPE: $
+    PREINIT:
+        SV *sv;
+    PPCODE:
+        pr_name_d("p5_BIO_DESTROY",bio->references);
+        /* printf("p5_BIO_DESTROY <%s> %d\n",bio->method->name,bio->references); */
+        BIO_set_ex_data(bio,p5_bio_ex_bio_ptr,NULL);
+        BIO_free_all(bio);
+
+int
+p5_BIO_set_ssl(bio, ssl)
+    BIO *bio;
+    SSL *ssl;
+    PROTOTYPE: $$
+    CODE:
+        pr_name("p5_BIO_set_ssl");
+        ssl->references++;
+        RETVAL = BIO_set_ssl(bio, ssl, BIO_CLOSE);
+    OUTPUT:
+        RETVAL
+
+int
+p5_BIO_number_read(bio)
+    BIO *bio;
+    PROTOTYPE: $
+    CODE:
+        RETVAL = BIO_number_read(bio);
+    OUTPUT:
+        RETVAL
+
+int
+p5_BIO_number_written(bio)
+    BIO *bio;
+    PROTOTYPE: $
+    CODE:
+        RETVAL = BIO_number_written(bio);
+    OUTPUT:
+        RETVAL
+
+int
+p5_BIO_references(bio)
+    BIO *bio;
+    PROTOTYPE: $
+    CODE:
+        RETVAL = bio->references; 
+    OUTPUT:
+        RETVAL
+
diff --git a/crypto/openssl/perl/openssl_bn.xs b/crypto/openssl/perl/openssl_bn.xs
new file mode 100644
index 000000000000..f79bf879e8bc
--- /dev/null
+++ b/crypto/openssl/perl/openssl_bn.xs
@@ -0,0 +1,593 @@
+
+#include "openssl.h"
+
+int sv_to_BIGNUM(var,arg,name)
+BIGNUM **var;
+SV *arg;
+char *name;
+	{
+	int ret=1;
+
+	if (sv_derived_from(arg,"OpenSSL::BN"))
+		{
+		IV tmp = SvIV((SV*)SvRV(arg));
+		*var = (BIGNUM *) tmp;
+		}
+	else if (SvIOK(arg)) {
+		SV *tmp=sv_newmortal();
+		*var=BN_new();
+		BN_set_word(*var,SvIV(arg));
+		sv_setref_pv(tmp,"OpenSSL::BN",(void*)*var);
+		}
+	else if (SvPOK(arg)) {
+		char *ptr;
+		STRLEN len;
+		SV *tmp=sv_newmortal();
+		*var=BN_new();
+		sv_setref_pv(tmp,"OpenSSL::BN", (void*)*var);
+		ptr=SvPV(arg,len);
+		SvGROW(arg,len+1);
+		ptr[len]='\0';
+		BN_dec2bn(var,ptr);
+		}
+	else
+		{
+		croak(name);
+		ret=0;
+		}
+	return(ret);
+	}
+
+typedef struct gpc_args_st {
+	SV *cb;
+	SV *arg;
+	} GPC_ARGS;
+
+static void generate_prime_callback(pos,num,arg)
+int pos;
+int num;
+char *arg;
+	{
+	dSP ;
+	int i;
+	GPC_ARGS *a=(GPC_ARGS *)arg;
+
+	ENTER ;
+	SAVETMPS ;
+
+	PUSHMARK(sp);
+	XPUSHs(sv_2mortal(newSViv(pos)));
+	XPUSHs(sv_2mortal(newSViv(num)));
+	XPUSHs(sv_2mortal(newSVsv(a->arg)));
+	PUTBACK;
+
+	i=perl_call_sv(a->cb,G_DISCARD);
+
+	SPAGAIN;
+
+	PUTBACK;
+	FREETMPS;
+	LEAVE;
+	}
+
+MODULE =  OpenSSL::BN	PACKAGE = OpenSSL::BN	PREFIX = p5_BN_
+
+PROTOTYPES: ENABLE
+VERSIONCHECK: DISABLE
+
+void
+p5_BN_new(...)
+	PREINIT:
+		BIGNUM *bn;
+		SV *arg;
+	PPCODE:
+		pr_name("p5_BN_new");
+		EXTEND(sp,1);
+		PUSHs(sv_newmortal());
+		bn=BN_new();
+		sv_setref_pv(ST(0), "OpenSSL::BN", (void*)bn);
+
+void
+p5_BN_dup(a)
+	BIGNUM *a;
+	PREINIT:
+		BIGNUM *bn;
+	PPCODE:
+		pr_name("p5_BN_dup");
+		EXTEND(sp,1);
+		PUSHs(sv_newmortal());
+		bn=BN_dup(a);
+		sv_setref_pv(ST(0), "OpenSSL::BN", (void*)bn);
+
+void
+p5_BN_rand(bits,...)
+	int bits;
+	PREINIT:
+		int top=1;
+		int bottom=0;
+		BIGNUM *ret;
+	PPCODE:	
+		pr_name("p5_BN_rand");
+		if ((items < 1) || (items > 3))
+			croak("Usage: OpenSSL::BN::rand(bits[,top_bit][,bottombit]");
+		if (items >= 2) top=(int)SvIV(ST(0));
+		if (items >= 3) bottom=(int)SvIV(ST(1));
+		EXTEND(sp,1);
+		PUSHs(sv_newmortal());
+		ret=BN_new();
+		BN_rand(ret,bits,top,bottom);
+		sv_setref_pv(ST(0), "OpenSSL::BN", (void*)ret);
+
+void
+p5_BN_bin2bn(a)
+	datum a;
+	PREINIT:
+		BIGNUM *ret;
+	PPCODE:
+		pr_name("p5_BN_bin2bn");
+		EXTEND(sp,1);
+		PUSHs(sv_newmortal());
+		ret=BN_bin2bn(a.dptr,a.dsize,NULL);
+		sv_setref_pv(ST(0), "OpenSSL::BN", (void*)ret);
+
+void
+p5_BN_bn2bin(a)
+	BIGNUM *a;
+	PREINIT:
+		int i;
+	PPCODE:
+		pr_name("p5_BN_bn2bin");
+		EXTEND(sp,1);
+		PUSHs(sv_newmortal());
+		i=BN_num_bytes(a)+2;
+		sv_setpvn(ST(0),"",1);
+		SvGROW(ST(0),i+1);
+		SvCUR_set(ST(0),BN_bn2bin(a,SvPV(ST(0),na)));
+
+void
+p5_BN_mpi2bn(a)
+	datum a;
+	PREINIT:
+		BIGNUM *ret;
+	PPCODE:
+		pr_name("p5_BN_mpi2bn");
+		EXTEND(sp,1);
+		PUSHs(sv_newmortal());
+		ret=BN_mpi2bn(a.dptr,a.dsize,NULL);
+		sv_setref_pv(ST(0), "OpenSSL::BN", (void*)ret);
+
+void
+p5_BN_bn2mpi(a)
+	BIGNUM *a;
+	PREINIT:
+		int i;
+	PPCODE:
+		pr_name("p5_BN_bn2mpi");
+		EXTEND(sp,1);
+		PUSHs(sv_newmortal());
+		i=BN_bn2mpi(a,NULL);
+		sv_setpvn(ST(0),"",1);
+		SvGROW(ST(0),i+1);
+		SvCUR_set(ST(0),BN_bn2mpi(a,SvPV(ST(0),na)));
+
+void
+p5_BN_hex2bn(a)
+	datum a;
+	PREINIT:
+		BIGNUM *ret;
+	PPCODE:
+		pr_name("p5_BN_hex2bn");
+		EXTEND(sp,1);
+		PUSHs(sv_newmortal());
+		ret=BN_new();
+		sv_setref_pv(ST(0), "OpenSSL::BN", (void*)ret);
+		BN_hex2bn(&ret,a.dptr);
+
+void
+p5_BN_dec2bn(a)
+	datum a;
+	PREINIT:
+		BIGNUM *ret;
+	PPCODE:
+		pr_name("p5_BN_dec2bn");
+		EXTEND(sp,1);
+		PUSHs(sv_newmortal());
+		ret=BN_new();
+		sv_setref_pv(ST(0), "OpenSSL::BN", (void*)ret);
+		BN_dec2bn(&ret,a.dptr);
+
+SV *
+p5_BN_bn2hex(a)
+	BIGNUM *a;
+	PREINIT:
+		char *ptr;
+		int i;
+	CODE:
+		pr_name("p5_BN_bn2hex");
+		ptr=BN_bn2hex(a);
+		RETVAL=newSVpv("",0);
+		i=strlen(ptr);
+		SvGROW(RETVAL,i+1);
+		memcpy(SvPV(RETVAL,na),ptr,i+1);
+		SvCUR_set(RETVAL,i);
+		Free(ptr);
+	OUTPUT:
+		RETVAL
+
+SV *
+p5_BN_bn2dec(a)
+	BIGNUM *a;
+	PREINIT:
+		char *ptr;
+		int i;
+	CODE:
+		pr_name("p5_BN_bn2dec");
+		ptr=BN_bn2dec(a);
+		RETVAL=newSVpv("",0);
+		i=strlen(ptr);
+		SvGROW(RETVAL,i+1);
+		memcpy(SvPV(RETVAL,na),ptr,i+1);
+		SvCUR_set(RETVAL,i);
+		Free(ptr);
+	OUTPUT:
+		RETVAL
+
+void
+p5_BN_add(a,b)
+	BIGNUM *a;
+	BIGNUM *b;
+	PREINIT:
+		BIGNUM *ret;
+	PPCODE:
+		pr_name("p5_BN_add");
+		EXTEND(sp,1);
+		PUSHs(sv_newmortal());
+		ret=BN_new();
+		sv_setref_pv(ST(0), "OpenSSL::BN", (void*)ret);
+		BN_add(ret,a,b);
+
+void
+p5_BN_sub(a,b)
+	BIGNUM *a;
+	BIGNUM *b;
+	PREINIT:
+		BIGNUM *ret;
+	PPCODE:
+		pr_name("p5_BN_sub");
+		EXTEND(sp,1);
+		PUSHs(sv_newmortal());
+		ret=BN_new();
+		sv_setref_pv(ST(0), "OpenSSL::BN", (void*)ret);
+		BN_sub(ret,a,b);
+
+void
+p5_BN_mul(a,b)
+	BIGNUM *a;
+	BIGNUM *b;
+	PREINIT:
+		static BN_CTX *ctx=NULL;
+		BIGNUM *ret;
+	PPCODE:
+		pr_name("p5_BN_mul");
+		if (ctx == NULL) ctx=BN_CTX_new();
+		EXTEND(sp,1);
+		PUSHs(sv_newmortal());
+		ret=BN_new();
+		sv_setref_pv(ST(0), "OpenSSL::BN", (void*)ret);
+		BN_mul(ret,a,b,ctx);
+
+void
+p5_BN_div(a,b)
+	BIGNUM *a;
+	BIGNUM *b;
+	PREINIT:
+		static BN_CTX *ctx=NULL;
+		BIGNUM *div,*mod;
+	PPCODE:
+		pr_name("p5_BN_div");
+		if (ctx == NULL) ctx=BN_CTX_new();
+		EXTEND(sp,2);
+		PUSHs(sv_newmortal());
+		PUSHs(sv_newmortal());
+		div=BN_new();
+		mod=BN_new();
+		sv_setref_pv(ST(0), "OpenSSL::BN", (void*)div);
+		sv_setref_pv(ST(1), "OpenSSL::BN", (void*)mod);
+		BN_div(div,mod,a,b,ctx);
+
+void
+p5_BN_mod(a,b)
+	BIGNUM *a;
+	BIGNUM *b;
+	PREINIT:
+		static BN_CTX *ctx=NULL;
+		BIGNUM *rem;
+	PPCODE:
+		pr_name("p5_BN_mod");
+		if (ctx == NULL) ctx=BN_CTX_new();
+		EXTEND(sp,1);
+		PUSHs(sv_newmortal());
+		rem=BN_new();
+		sv_setref_pv(ST(0), "OpenSSL::BN", (void*)rem);
+		BN_mod(rem,a,b,ctx);
+
+void
+p5_BN_exp(a,p)
+	BIGNUM *a;
+	BIGNUM *p;
+	PREINIT:
+		BIGNUM *ret;
+		static BN_CTX *ctx=NULL;
+	PPCODE:
+		pr_name("p5_BN_exp");
+		if (ctx == NULL) ctx=BN_CTX_new();
+		EXTEND(sp,1);
+		PUSHs(sv_newmortal());
+		ret=BN_new();
+		sv_setref_pv(ST(0), "OpenSSL::BN", (void*)ret);
+		BN_exp(ret,a,p,ctx);
+
+void
+p5_BN_mod_mul(a,b,c)
+	BIGNUM *a;
+	BIGNUM *b;
+	BIGNUM *c;
+	PREINIT:
+		static BN_CTX *ctx=NULL;
+		BIGNUM *ret;
+	PPCODE:
+		pr_name("p5_BN_mod_mul");
+		if (ctx == NULL) ctx=BN_CTX_new();
+		EXTEND(sp,1);
+		PUSHs(sv_newmortal());
+		ret=BN_new();
+		sv_setref_pv(ST(0), "OpenSSL::BN", (void*)ret);
+		BN_mod_mul(ret,a,b,c,ctx);
+
+void
+p5_BN_mod_exp(a,b,c)
+	BIGNUM *a;
+	BIGNUM *b;
+	BIGNUM *c;
+	PREINIT:
+		static BN_CTX *ctx=NULL;
+		BIGNUM *ret;
+	PPCODE:
+		pr_name("p5_BN_mod_exp");
+		if (ctx == NULL) ctx=BN_CTX_new();
+		EXTEND(sp,1);
+		PUSHs(sv_newmortal());
+		ret=BN_new();
+		sv_setref_pv(ST(0), "OpenSSL::BN", (void*)ret);
+		BN_mod_exp(ret,a,b,c,ctx);
+
+void
+p5_BN_generate_prime(...)
+	PREINIT:
+		int bits=512;
+		int strong=0;
+		BIGNUM *ret=NULL;
+		SV *callback=NULL;
+		SV *cb_arg=NULL;
+		GPC_ARGS arg;
+		dSP;
+
+	PPCODE:
+		pr_name("p5_BN_generate_prime");
+		if ((items < 0) || (items > 4))
+			croak("Usage: OpenSSL::BN::generate_prime(a[,strong][,callback][,cb_arg]");
+		if (items >= 1) bits=(int)SvIV(ST(0));
+		if (items >= 2) strong=(int)SvIV(ST(1));
+		if (items >= 3) callback=ST(2);
+		if (items == 4) cb_arg=ST(3);
+
+		if (callback == NULL)
+			ret=BN_generate_prime(ret,bits,strong,NULL,NULL,NULL,NULL);
+		else
+			{
+			arg.cb=callback;
+			arg.arg=cb_arg;
+
+			ret=BN_generate_prime(ret,bits,strong,NULL,NULL,
+				generate_prime_callback,(char *)&arg);
+			}
+
+		SPAGAIN;
+		sp-=items; /* a bit evil that I do this */
+
+		EXTEND(sp,1);
+		PUSHs(sv_newmortal());
+		sv_setref_pv(ST(0), "OpenSSL::BN", (void*)ret);
+
+void
+p5_BN_is_prime(p,...)
+	BIGNUM *p;
+	PREINIT:
+	int nchecks=5,ret;
+	SV *callback=NULL;
+	SV *cb_arg=NULL;
+	GPC_ARGS arg;
+	dSP;
+	static BN_CTX *ctx=NULL;
+	PPCODE:
+		pr_name("p5_BN_is_prime");
+		if ((items < 1) || (items > 4))
+			croak("Usage: OpenSSL::BN::is_prime(a[,ncheck][,callback][,callback_arg]");
+		if (ctx == NULL) ctx=BN_CTX_new();
+		if (items >= 2) nchecks=(int)SvIV(ST(1));
+		if (items >= 3) callback=ST(2);
+		if (items >= 4) cb_arg=ST(3);
+		arg.arg=cb_arg; 
+		if (callback == NULL)
+			ret=BN_is_prime(p,nchecks,NULL,ctx,NULL);
+		else
+			{
+			arg.cb=callback;
+			arg.arg=cb_arg;
+			ret=BN_is_prime(p,nchecks,generate_prime_callback,
+				ctx,(char *)&arg);
+			}
+		SPAGAIN;
+		sp-=items; /* a bit evil */
+		PUSHs(sv_2mortal(newSViv(ret)));
+
+int
+p5_BN_num_bits(a)
+	BIGNUM *a;
+	CODE:
+		pr_name("p5_BN_num_bits");
+		RETVAL=BN_num_bits(a);
+	OUTPUT:
+		RETVAL
+
+int
+p5_BN_cmp(a,b)
+	BIGNUM *a;
+	BIGNUM *b;
+	CODE:
+		pr_name("p5_BN_cmp");
+		RETVAL=BN_cmp(a,b);
+	OUTPUT:
+		RETVAL
+
+int
+p5_BN_ucmp(a,b)
+	BIGNUM *a;
+	BIGNUM *b;
+	CODE:
+		pr_name("p5_BN_ucmp");
+		RETVAL=BN_ucmp(a,b);
+	OUTPUT:
+		RETVAL
+
+int
+p5_BN_is_bit_set(a,b)
+	BIGNUM *a;
+	int b;
+	CODE:
+		pr_name("p5_BN_is_bit_set");
+		RETVAL=BN_is_bit_set(a,b);
+	OUTPUT:
+		RETVAL
+
+void
+p5_BN_set_bit(a,b)
+	BIGNUM *a;
+	int b;
+	PREINIT:
+		BIGNUM *ret;
+	PPCODE:
+		pr_name("p5_BN_set_bit");
+		EXTEND(sp,1);
+		PUSHs(sv_newmortal());
+		ret=BN_dup(a);
+		sv_setref_pv(ST(0), "OpenSSL::BN", (void*)ret);
+		BN_set_bit(ret,b);
+
+void
+p5_BN_clear_bit(a,b)
+	BIGNUM *a;
+	int b;
+	PREINIT:
+		BIGNUM *ret;
+	PPCODE:
+		pr_name("p5_BN_clear_bit");
+		EXTEND(sp,1);
+		PUSHs(sv_newmortal());
+		ret=BN_dup(a);
+		sv_setref_pv(ST(0), "OpenSSL::BN", (void*)ret);
+		BN_clear_bit(ret,b);
+
+void
+p5_BN_lshift(a,b)
+	BIGNUM *a;
+	int b;
+	PREINIT:
+		BIGNUM *ret;
+	PPCODE:
+		pr_name("p5_BN_lshift");
+		EXTEND(sp,1);
+		PUSHs(sv_newmortal());
+		ret=BN_new();
+		sv_setref_pv(ST(0), "OpenSSL::BN", (void*)ret);
+		if (b == 1)
+			BN_lshift1(ret,a);
+		else
+			BN_lshift(ret,a,b);
+
+void
+p5_BN_rshift(a,b)
+	BIGNUM *a;
+	int b;
+	PREINIT:
+		BIGNUM *ret;
+	PPCODE:
+		pr_name("p5_BN_rshift");
+		EXTEND(sp,1);
+		PUSHs(sv_newmortal());
+		ret=BN_new();
+		sv_setref_pv(ST(0), "OpenSSL::BN", (void*)ret);
+		if (b == 1)
+			BN_rshift1(ret,a);
+		else
+			BN_rshift(ret,a,b);
+
+void
+p5_BN_mask_bits(a,b)
+	BIGNUM *a;
+	int b;
+	PREINIT:
+		BIGNUM *ret;
+	PPCODE:
+		pr_name("p5_BN_mask_bits");
+		EXTEND(sp,1);
+		PUSHs(sv_newmortal());
+		ret=BN_dup(a);
+		sv_setref_pv(ST(0), "OpenSSL::BN", (void*)ret);
+		BN_mask_bits(ret,b);
+
+void
+p5_BN_clear(a)
+	BIGNUM *a;
+	PPCODE:
+		pr_name("p5_BN_clear");
+		BN_clear(a);
+
+void
+p5_BN_gcd(a,b)
+	BIGNUM *a;
+	BIGNUM *b;
+	PREINIT:
+		static BN_CTX *ctx=NULL;
+		BIGNUM *ret;
+	PPCODE:
+		pr_name("p5_BN_gcd");
+		if (ctx == NULL) ctx=BN_CTX_new();
+		EXTEND(sp,1);
+		PUSHs(sv_newmortal());
+		ret=BN_new();
+		sv_setref_pv(ST(0), "OpenSSL::BN", (void*)ret);
+		BN_gcd(ret,a,b,ctx);
+
+void
+p5_BN_mod_inverse(a,mod)
+	BIGNUM *a;
+	BIGNUM *mod;
+	PREINIT:
+		static BN_CTX *ctx=NULL;
+		BIGNUM *ret;
+	PPCODE:
+		pr_name("p5_BN_mod_inverse");
+		if (ctx == NULL) ctx=BN_CTX_new();
+		ret=BN_mod_inverse(ret,a,mod,ctx);
+		EXTEND(sp,1);
+		PUSHs(sv_newmortal());
+		sv_setref_pv(ST(0), "OpenSSL::BN", (void*)ret);
+
+void
+p5_BN_DESTROY(bn)
+	BIGNUM *bn
+	CODE:
+	pr_name("p5_BN_DESTROY");
+	BN_free(bn);
+
diff --git a/crypto/openssl/perl/openssl_cipher.xs b/crypto/openssl/perl/openssl_cipher.xs
new file mode 100644
index 000000000000..e9ff2a8f7905
--- /dev/null
+++ b/crypto/openssl/perl/openssl_cipher.xs
@@ -0,0 +1,154 @@
+
+#include "openssl.h"
+
+int boot_cipher()
+	{
+        SSLeay_add_all_ciphers();
+	return(1);
+	}
+
+MODULE =  OpenSSL::Cipher	PACKAGE = OpenSSL::Cipher PREFIX = p5_EVP_C_
+
+PROTOTYPES: ENABLE
+VERSIONCHECK: DISABLE
+
+void
+p5_EVP_C_new(...)
+	PREINIT:
+		EVP_CIPHER_CTX *ctx;
+		const EVP_CIPHER *c;
+		char *name;
+	PPCODE:
+		if ((items == 1) && SvPOK(ST(0)))
+			name=SvPV(ST(0),na);
+		else if ((items == 2) && SvPOK(ST(1)))
+			name=SvPV(ST(1),na);
+		else
+			croak("Usage: OpenSSL::Cipher::new(type)");
+		PUSHs(sv_newmortal());
+		c=EVP_get_cipherbyname(name);
+		if (c != NULL)
+			{
+			ctx=malloc(sizeof(EVP_CIPHER_CTX));
+			EVP_EncryptInit(ctx,c,NULL,NULL);
+			sv_setref_pv(ST(0), "OpenSSL::Cipher", (void*)ctx);
+			}
+
+datum
+p5_EVP_C_name(ctx)
+	EVP_CIPHER_CTX *ctx
+	CODE:
+		RETVAL.dptr=OBJ_nid2ln(EVP_CIPHER_CTX_nid(ctx));
+		RETVAL.dsize=strlen(RETVAL.dptr);
+	OUTPUT:
+		RETVAL
+
+int
+p5_EVP_C_key_length(ctx)
+	EVP_CIPHER_CTX *ctx
+	CODE:
+		RETVAL=EVP_CIPHER_CTX_key_length(ctx);
+	OUTPUT:
+		RETVAL
+
+int
+p5_EVP_C_iv_length(ctx)
+	EVP_CIPHER_CTX *ctx
+	CODE:
+		RETVAL=EVP_CIPHER_CTX_iv_length(ctx);
+	OUTPUT:
+		RETVAL
+	
+int
+p5_EVP_C_block_size(ctx)
+	EVP_CIPHER_CTX *ctx
+	CODE:
+		RETVAL=EVP_CIPHER_CTX_block_size(ctx);
+	OUTPUT:
+		RETVAL
+	
+void
+p5_EVP_C_init(ctx,key,iv,enc)
+	EVP_CIPHER_CTX *ctx
+	datum key
+	datum iv
+	int enc
+	PREINIT:
+		char loc_iv[EVP_MAX_IV_LENGTH];
+		char loc_key[EVP_MAX_KEY_LENGTH];
+		char *ip=loc_iv,*kp=loc_key;
+		int i;
+		memset(loc_iv,0,EVP_MAX_IV_LENGTH);
+		memset(loc_key,0,EVP_MAX_KEY_LENGTH);
+	CODE:
+		i=key.dsize;
+		if (key.dsize > EVP_CIPHER_CTX_key_length(ctx))
+			i=EVP_CIPHER_CTX_key_length(ctx);
+		if (i > 0)
+			{
+			memset(kp,0,EVP_MAX_KEY_LENGTH);
+			memcpy(kp,key.dptr,i);
+			}
+		else
+			kp=NULL;
+		i=iv.dsize;
+		if (iv.dsize > EVP_CIPHER_CTX_iv_length(ctx))
+			i=EVP_CIPHER_CTX_iv_length(ctx);
+		if (i > 0)
+			{
+			memcpy(ip,iv.dptr,i);
+			memset(ip,0,EVP_MAX_IV_LENGTH);
+			}
+		else
+			ip=NULL;
+		EVP_CipherInit(ctx,EVP_CIPHER_CTX_cipher(ctx),kp,ip,enc);
+		memset(loc_key,0,sizeof(loc_key));
+		memset(loc_iv,0,sizeof(loc_iv));
+
+SV *
+p5_EVP_C_cipher(ctx,in)
+	EVP_CIPHER_CTX *ctx;
+	datum in;
+	CODE:
+		RETVAL=newSVpv("",0);
+		SvGROW(RETVAL,in.dsize+EVP_CIPHER_CTX_block_size(ctx)+1);
+		EVP_Cipher(ctx,SvPV(RETVAL,na),in.dptr,in.dsize);
+		SvCUR_set(RETVAL,in.dsize);
+	OUTPUT:
+		RETVAL
+
+SV *
+p5_EVP_C_update(ctx, in)
+	EVP_CIPHER_CTX *ctx
+	datum in
+	PREINIT:
+	int i;
+	CODE:
+		RETVAL=newSVpv("",0);
+		SvGROW(RETVAL,in.dsize+EVP_CIPHER_CTX_block_size(ctx)+1);
+		EVP_CipherUpdate(ctx,SvPV(RETVAL,na),&i,in.dptr,in.dsize);
+		SvCUR_set(RETVAL,i);
+	OUTPUT:
+		RETVAL
+
+SV *
+p5_EVP_C_final(ctx)
+	EVP_CIPHER_CTX *ctx
+	PREINIT:
+	int i;
+	CODE:
+		RETVAL=newSVpv("",0);
+		SvGROW(RETVAL,EVP_CIPHER_CTX_block_size(ctx)+1);
+		if (!EVP_CipherFinal(ctx,SvPV(RETVAL,na),&i))
+			sv_setpv(RETVAL,"BAD DECODE");
+		else
+			SvCUR_set(RETVAL,i);
+	OUTPUT:
+		RETVAL
+
+void
+p5_EVP_C_DESTROY(ctx)
+	EVP_CIPHER_CTX *ctx
+	CODE:
+	free((char *)ctx);
+
diff --git a/crypto/openssl/perl/openssl_digest.xs b/crypto/openssl/perl/openssl_digest.xs
new file mode 100644
index 000000000000..6cd3018e9f21
--- /dev/null
+++ b/crypto/openssl/perl/openssl_digest.xs
@@ -0,0 +1,84 @@
+
+#include "openssl.h"
+
+int boot_digest()
+	{
+	SSLeay_add_all_digests();
+	return(1);
+	}
+
+MODULE =  OpenSSL::MD	PACKAGE = OpenSSL::MD	PREFIX = p5_EVP_MD_
+
+PROTOTYPES: ENABLE
+VERSIONCHECK: DISABLE
+
+# OpenSSL::MD::new(name) name= md2, md5, sha, sha1, or mdc2
+#	md->name() - returns the name
+#	md->init() - reinitalises the digest
+#	md->update(data) - adds more data to digest
+#	digest=md->final() - returns digest
+#
+
+void
+p5_EVP_MD_new(...)
+	PREINIT:
+		EVP_MD_CTX *ctx;
+		const EVP_MD *md;
+		char *name;
+	PPCODE:
+		if ((items == 1) && SvPOK(ST(0)))
+			name=SvPV(ST(0),na);
+		else if ((items == 2) && SvPOK(ST(1)))
+			name=SvPV(ST(1),na);
+		else
+			croak("Usage: OpenSSL::MD::new(type)");
+		PUSHs(sv_newmortal());
+		md=EVP_get_digestbyname(name);
+		if (md != NULL)
+			{
+			ctx=malloc(sizeof(EVP_MD_CTX));
+			EVP_DigestInit(ctx,md);
+			sv_setref_pv(ST(0), "OpenSSL::MD", (void*)ctx);
+			}
+
+datum
+p5_EVP_MD_name(ctx)
+	EVP_MD_CTX *ctx
+	CODE:
+		RETVAL.dptr=OBJ_nid2ln(EVP_MD_type(EVP_MD_CTX_type(ctx)));
+		RETVAL.dsize=strlen(RETVAL.dptr);
+	OUTPUT:
+		RETVAL
+	
+void
+p5_EVP_MD_init(ctx)
+	EVP_MD_CTX *ctx
+	CODE:
+		EVP_DigestInit(ctx,EVP_MD_CTX_type(ctx));
+
+void
+p5_EVP_MD_update(ctx, in)
+	EVP_MD_CTX *ctx
+	datum in
+	CODE:
+		EVP_DigestUpdate(ctx,in.dptr,in.dsize);
+
+datum
+p5_EVP_MD_final(ctx)
+	EVP_MD_CTX *ctx
+	PREINIT:
+		char md[EVP_MAX_MD_SIZE];
+		int len;
+	CODE:
+		EVP_DigestFinal(ctx,md,&len);
+		RETVAL.dptr=md;
+		RETVAL.dsize=len;
+	OUTPUT:
+		RETVAL
+
+void
+p5_EVP_MD_DESTROY(ctx)
+	EVP_MD_CTX *ctx
+	CODE:
+	free((char *)ctx);
+
diff --git a/crypto/openssl/perl/openssl_err.xs b/crypto/openssl/perl/openssl_err.xs
new file mode 100644
index 000000000000..3a6f698f2854
--- /dev/null
+++ b/crypto/openssl/perl/openssl_err.xs
@@ -0,0 +1,47 @@
+
+#include "openssl.h"
+
+int boot_err()
+	{
+	SSL_load_error_strings();
+	return(1);
+	}
+
+MODULE =  OpenSSL::ERR	PACKAGE = OpenSSL::ERR	PREFIX = p5_ERR_
+
+PROTOTYPES: ENABLE
+VERSIONCHECK: DISABLE
+
+#	md->error() - returns the last error in text or numeric context
+
+void
+p5_ERR_get_error(...)
+	PPCODE:
+		char buf[512];
+		unsigned long l;
+
+		pr_name("p5_ERR_get_code");
+		EXTEND(sp,1);
+		PUSHs(sv_newmortal());
+		l=ERR_get_error();
+		ERR_error_string(l,buf);
+		sv_setiv(ST(0),l);
+		sv_setpv(ST(0),buf);
+		SvIOK_on(ST(0));
+
+void
+p5_ERR_peek_error(...)
+	PPCODE:
+		char buf[512];
+		unsigned long l;
+
+		pr_name("p5_ERR_get_code");
+		EXTEND(sp,1);
+		PUSHs(sv_newmortal());
+		l=ERR_peek_error();
+		ERR_error_string(l,buf);
+		sv_setiv(ST(0),l);
+		sv_setpv(ST(0),buf);
+		SvIOK_on(ST(0));
+
+
diff --git a/crypto/openssl/perl/openssl_ssl.xs b/crypto/openssl/perl/openssl_ssl.xs
new file mode 100644
index 000000000000..c7d1b171abfa
--- /dev/null
+++ b/crypto/openssl/perl/openssl_ssl.xs
@@ -0,0 +1,483 @@
+
+#include "openssl.h"
+
+static int p5_ssl_ex_ssl_ptr=0;
+static int p5_ssl_ex_ssl_info_callback=0;
+static int p5_ssl_ex_ssl_ctx_ptr=0;
+static int p5_ssl_ctx_ex_ssl_info_callback=0;
+
+typedef struct ssl_ic_args_st {
+	SV *cb;
+	SV *arg;
+	} SSL_IC_ARGS;
+
+static void p5_ssl_info_callback(ssl,mode,ret)
+SSL *ssl;
+int mode;
+int ret;
+	{
+	int i;
+	SV *me,*cb;
+
+	me=(SV *)SSL_get_ex_data(ssl,p5_ssl_ex_ssl_ptr);
+	cb=(SV *)SSL_get_ex_data(ssl,p5_ssl_ex_ssl_info_callback);
+	if (cb == NULL)
+		cb=(SV *)SSL_CTX_get_ex_data(
+			SSL_get_SSL_CTX(ssl),p5_ssl_ctx_ex_ssl_info_callback);
+	if (cb != NULL)
+		{
+		dSP;
+
+		PUSHMARK(sp);
+		XPUSHs(me);
+		XPUSHs(sv_2mortal(newSViv(mode)));
+		XPUSHs(sv_2mortal(newSViv(ret)));
+		PUTBACK;
+
+		i=perl_call_sv(cb,G_DISCARD);
+		}
+	else
+		{
+		croak("Internal error in SSL p5_ssl_info_callback");
+		}
+	}
+
+int boot_ssl()
+	{
+	p5_ssl_ex_ssl_ptr=		
+		SSL_get_ex_new_index(0,"OpenSSL::SSL",ex_new,NULL,ex_cleanup);
+	p5_ssl_ex_ssl_info_callback=
+		SSL_get_ex_new_index(0,"ssl_info_callback",NULL,NULL,
+			ex_cleanup);
+	p5_ssl_ex_ssl_ctx_ptr=
+		SSL_get_ex_new_index(0,"ssl_ctx_ptr",NULL,NULL,
+			ex_cleanup);
+	p5_ssl_ctx_ex_ssl_info_callback=
+		SSL_CTX_get_ex_new_index(0,"ssl_ctx_info_callback",NULL,NULL,
+			ex_cleanup);
+	return(1);
+	}
+
+MODULE =  OpenSSL::SSL	PACKAGE = OpenSSL::SSL::CTX PREFIX = p5_SSL_CTX_
+
+PROTOTYPES: ENABLE
+VERSIONCHECK: DISABLE
+
+void
+p5_SSL_CTX_new(...)
+	PREINIT:
+		SSL_METHOD *meth;
+		SSL_CTX *ctx;
+		char *method;
+	PPCODE:
+		pr_name("p5_SSL_CTX_new");
+		if ((items == 1) && SvPOK(ST(0)))
+			method=SvPV(ST(0),na);
+		else if ((items == 2) && SvPOK(ST(1)))
+			method=SvPV(ST(1),na);
+		else
+			croak("Usage: OpenSSL::SSL::CTX::new(type)");
+			
+		if (strcmp(method,"SSLv3") == 0)
+			meth=SSLv3_method();
+		else if (strcmp(method,"SSLv3_client") == 0)
+			meth=SSLv3_client_method();
+		else if (strcmp(method,"SSLv3_server") == 0)
+			meth=SSLv3_server_method();
+		else if (strcmp(method,"SSLv23") == 0)
+			meth=SSLv23_method();
+		else if (strcmp(method,"SSLv23_client") == 0)
+			meth=SSLv23_client_method();
+		else if (strcmp(method,"SSLv23_server") == 0)
+			meth=SSLv23_server_method();
+		else if (strcmp(method,"SSLv2") == 0)
+			meth=SSLv2_method();
+		else if (strcmp(method,"SSLv2_client") == 0)
+			meth=SSLv2_client_method();
+		else if (strcmp(method,"SSLv2_server") == 0)
+			meth=SSLv2_server_method();
+		else if (strcmp(method,"TLSv1") == 0)
+			meth=TLSv1_method();
+		else if (strcmp(method,"TLSv1_client") == 0)
+			meth=TLSv1_client_method();
+		else if (strcmp(method,"TLSv1_server") == 0)
+			meth=TLSv1_server_method();
+		else
+			{
+			croak("Not a valid SSL method name, should be 'SSLv[23] [client|server]'");
+			}
+		EXTEND(sp,1);
+		PUSHs(sv_newmortal());
+		ctx=SSL_CTX_new(meth);
+		sv_setref_pv(ST(0), "OpenSSL::SSL::CTX", (void*)ctx);
+
+int
+p5_SSL_CTX_use_PrivateKey_file(ctx,file,...)
+	SSL_CTX *ctx;
+	char *file;
+	PREINIT:
+		int i=SSL_FILETYPE_PEM;
+		char *ptr;
+	CODE:
+		pr_name("p5_SSL_CTX_use_PrivateKey_file");
+		if (items > 3)
+			croak("OpenSSL::SSL::CTX::use_PrivateKey_file(ssl_ctx,file[,type])");
+		if (items == 3)
+			{
+			ptr=SvPV(ST(2),na);
+			if (strcmp(ptr,"der") == 0)
+				i=SSL_FILETYPE_ASN1;
+			else
+				i=SSL_FILETYPE_PEM;
+			}
+		RETVAL=SSL_CTX_use_RSAPrivateKey_file(ctx,file,i);
+	OUTPUT:
+		RETVAL
+
+int
+p5_SSL_CTX_set_options(ctx,...)
+	SSL_CTX *ctx;
+	PREINIT:
+		int i;
+		char *ptr;
+		SV *sv;
+	CODE:
+		pr_name("p5_SSL_CTX_set_options");
+
+		for (i=1; ireferences);
+		SSL_CTX_free(ctx);
+
+MODULE =  OpenSSL::SSL	PACKAGE = OpenSSL::SSL PREFIX = p5_SSL_
+
+void
+p5_SSL_new(...)
+	PREINIT:
+		SV *sv_ctx;
+		SSL_CTX *ctx;
+		SSL *ssl;
+		SV *arg;
+	PPCODE:
+		pr_name("p5_SSL_new");
+		if ((items != 1) && (items != 2))
+			croak("Usage: OpenSSL::SSL::new(ssl_ctx)");
+		if (sv_derived_from(ST(items-1),"OpenSSL::SSL::CTX"))
+			{
+			IV tmp = SvIV((SV*)SvRV(ST(items-1)));
+			ctx=(SSL_CTX *)tmp;
+			sv_ctx=ST(items-1);
+			}
+		else
+			croak("ssl_ctx is not of type OpenSSL::SSL::CTX");
+
+		EXTEND(sp,1);
+		PUSHs(sv_newmortal());
+		ssl=SSL_new(ctx);
+		sv_setref_pv(ST(0), "OpenSSL::SSL", (void*)ssl);
+
+		/* Now this is being a little hairy, we keep a pointer to
+		 * our perl reference.  We need to do a different one
+		 * to the one we return because it will have its reference
+		 * count dropped to 0 upon return and if we up its reference
+		 * count, it will never be DESTROYED */
+		arg=newSVsv(ST(0));
+		SSL_set_ex_data(ssl,p5_ssl_ex_ssl_ptr,(char *)arg);
+		SvREFCNT_inc(sv_ctx);
+		SSL_set_ex_data(ssl,p5_ssl_ex_ssl_ctx_ptr,(char *)sv_ctx);
+
+int
+p5_SSL_connect(ssl)
+	SSL *ssl;
+	CODE:
+		RETVAL=SSL_connect(ssl);
+	OUTPUT:
+		RETVAL
+
+int
+p5_SSL_accept(ssl)
+	SSL *ssl;
+	CODE:
+		RETVAL=SSL_connect(ssl);
+	OUTPUT:
+		RETVAL
+
+int
+p5_SSL_sysread(ssl,in,num, ...)
+	SSL *ssl;
+	SV *in;
+	int num;
+	PREINIT:
+		int i,n,olen;
+		int offset;
+		char *p;
+	CODE:
+		offset=0;
+		if (!SvPOK(in))
+			sv_setpvn(in,"",0);
+		SvPV(in,olen);
+		if (items > 3)
+			{
+			offset=SvIV(ST(3));
+			if (offset < 0)
+				{
+				if (-offset > olen)
+					croak("Offset outside string");
+				offset+=olen;
+				}
+			}
+		if ((num+offset) > olen)
+			{
+			SvGROW(in,num+offset+1);
+			p=SvPV(in,i);
+			memset(&(p[olen]),0,(num+offset)-olen+1);
+			}
+		p=SvPV(in,n);
+
+		i=SSL_read(ssl,p+offset,num);
+		RETVAL=i;
+		if (i <= 0) i=0;
+		SvCUR_set(in,offset+i);
+	OUTPUT:
+		RETVAL
+
+int
+p5_SSL_syswrite(ssl,in, ...)
+	SSL *ssl;
+	SV *in;
+	PREINIT:
+		char *ptr;
+		int len,in_len;
+		int offset=0;
+		int n;
+	CODE:
+		ptr=SvPV(in,in_len);
+		if (items > 2)
+			{
+			len=SvOK(ST(2))?SvIV(ST(2)):in_len;
+			if (items > 3)
+				{
+				offset=SvIV(ST(3));
+				if (offset < 0)
+					{
+					if (-offset > in_len)
+						croak("Offset outside string");
+					offset+=in_len;
+					}
+				else if ((offset >= in_len) && (in_len > 0))
+					croak("Offset outside string");
+				}
+			if (len >= (in_len-offset))
+				len=in_len-offset;
+			}
+		else
+			len=in_len;
+
+		RETVAL=SSL_write(ssl,ptr+offset,len);
+	OUTPUT:
+		RETVAL
+
+void
+p5_SSL_set_bio(ssl,bio)
+	SSL *ssl;
+	BIO *bio;
+	CODE:
+		bio->references++;
+		SSL_set_bio(ssl,bio,bio);
+
+int
+p5_SSL_set_options(ssl,...)
+	SSL *ssl;
+	PREINIT:
+		int i;
+		char *ptr;
+		SV *sv;
+	CODE:
+		pr_name("p5_SSL_set_options");
+
+		for (i=1; ireferences,ssl->ctx->references);
+#ifdef DEBUG
+	fprintf(stderr,"SSL_DESTROY %d\n",ssl->references);
+#endif
+	SSL_free(ssl);
+
+int
+p5_SSL_references(ssl)
+	SSL *ssl;
+	CODE:
+		RETVAL=ssl->references;
+	OUTPUT:
+		RETVAL
+
+int
+p5_SSL_do_handshake(ssl)
+	SSL *ssl;
+	CODE:
+		RETVAL=SSL_do_handshake(ssl);
+	OUTPUT:
+		RETVAL
+
+int
+p5_SSL_renegotiate(ssl)
+	SSL *ssl;
+	CODE:
+		RETVAL=SSL_renegotiate(ssl);
+	OUTPUT:
+		RETVAL
+
+int
+p5_SSL_shutdown(ssl)
+	SSL *ssl;
+	CODE:
+		RETVAL=SSL_shutdown(ssl);
+	OUTPUT:
+		RETVAL
+
+char *
+p5_SSL_get_version(ssl)
+	SSL *ssl;
+	CODE:
+		RETVAL=SSL_get_version(ssl);
+	OUTPUT:
+		RETVAL
+
+SSL_CIPHER *
+p5_SSL_get_current_cipher(ssl)
+	SSL *ssl;
+	CODE:
+		RETVAL=SSL_get_current_cipher(ssl);
+	OUTPUT:
+		RETVAL
+
+X509 *
+p5_SSL_get_peer_certificate(ssl)
+	SSL *ssl
+	CODE:
+		RETVAL=SSL_get_peer_certificate(ssl);
+	OUTPUT:
+		RETVAL
+
+MODULE =  OpenSSL::SSL	PACKAGE = OpenSSL::SSL::CIPHER PREFIX = p5_SSL_CIPHER_
+
+int
+p5_SSL_CIPHER_get_bits(sc)
+	SSL_CIPHER *sc
+	PREINIT:
+		int i,ret;
+	PPCODE:
+		EXTEND(sp,2);
+		PUSHs(sv_newmortal());
+		PUSHs(sv_newmortal());
+		ret=SSL_CIPHER_get_bits(sc,&i);
+		sv_setiv(ST(0),(IV)ret);
+		sv_setiv(ST(1),(IV)i);
+
+char *
+p5_SSL_CIPHER_get_version(sc)
+	SSL_CIPHER *sc
+	CODE:
+		RETVAL=SSL_CIPHER_get_version(sc);
+	OUTPUT:
+		RETVAL
+
+char *
+p5_SSL_CIPHER_get_name(sc)
+	SSL_CIPHER *sc
+	CODE:
+		RETVAL=SSL_CIPHER_get_name(sc);
+	OUTPUT:
+		RETVAL
+
+MODULE =  OpenSSL::SSL	PACKAGE = OpenSSL::BIO PREFIX = p5_BIO_
+
+void
+p5_BIO_get_ssl(bio)
+	BIO *bio;
+	PREINIT:
+		SSL *ssl;
+		SV *ret;
+		int i;
+	PPCODE:
+		if ((i=BIO_get_ssl(bio,&ssl)) > 0)
+			{
+			ret=(SV *)SSL_get_ex_data(ssl,p5_ssl_ex_ssl_ptr);
+			ret=sv_mortalcopy(ret);
+			}
+		else
+			ret= &sv_undef;
+		EXTEND(sp,1);
+		PUSHs(ret);
+
diff --git a/crypto/openssl/perl/openssl_x509.xs b/crypto/openssl/perl/openssl_x509.xs
new file mode 100644
index 000000000000..008d959c6420
--- /dev/null
+++ b/crypto/openssl/perl/openssl_x509.xs
@@ -0,0 +1,75 @@
+
+#include "openssl.h"
+
+MODULE =  OpenSSL::X509	PACKAGE = OpenSSL::X509	PREFIX = p5_X509_
+
+PROTOTYPES: ENABLE
+VERSIONCHECK: DISABLE
+
+void
+p5_X509_new(void )
+	PREINIT:
+		X509 *x509;
+		SV *arg;
+	PPCODE:
+		pr_name("p5_X509_new");
+		EXTEND(sp,1);
+		PUSHs(sv_newmortal());
+		x509=X509_new();
+		sv_setref_pv(ST(0),"OpenSSL::X509",(void *)x509);
+
+char *
+p5_X509_get_subject_name(x509)
+	X509 *x509;
+	PREINIT:
+		char *p;
+		X509_NAME *name;
+		char buf[1024];
+		int i;
+	CODE:
+		name=X509_get_subject_name(x509);
+		X509_NAME_oneline(name,buf,sizeof(buf));
+		p= &(buf[0]);
+		RETVAL=p;
+	OUTPUT:
+		RETVAL
+
+char *
+p5_X509_get_issuer_name(x509)
+	X509 *x509;
+	PREINIT:
+		char *p;
+		X509_NAME *name;
+		char buf[1024];
+		int i;
+	CODE:
+		name=X509_get_issuer_name(x509);
+		X509_NAME_oneline(name,buf,sizeof(buf));
+		p= &(buf[0]);
+		RETVAL=p;
+	OUTPUT:
+		RETVAL
+
+int
+p5_X509_get_version(x509)
+	X509 *x509;
+	CODE:
+		RETVAL=X509_get_version(x509);
+	OUTPUT:
+		RETVAL
+
+BIGNUM *
+p5_X509_get_serialNumber(x509)
+	X509 *x509;
+	CODE:
+		RETVAL=ASN1_INTEGER_to_BN(X509_get_serialNumber(x509),NULL);
+	OUTPUT:
+		RETVAL
+
+void
+p5_X509_DESTROY(x509)
+	X509 *x509;
+	CODE:
+	pr_name("p5_X509_DESTROY");
+	X509_free(x509);
+
diff --git a/crypto/openssl/perl/t/01-use.t b/crypto/openssl/perl/t/01-use.t
new file mode 100644
index 000000000000..e24fd1f5045b
--- /dev/null
+++ b/crypto/openssl/perl/t/01-use.t
@@ -0,0 +1,13 @@
+
+BEGIN { 
+    $| = 1; 
+    print "1..1\n";
+}
+END {
+	print "not ok 1\n" unless $loaded;
+}
+use OpenSSL;
+$loaded = 1;
+print "ok 1\n";
+
+
diff --git a/crypto/openssl/perl/t/02-version.t b/crypto/openssl/perl/t/02-version.t
new file mode 100644
index 000000000000..8b5f6a0c9772
--- /dev/null
+++ b/crypto/openssl/perl/t/02-version.t
@@ -0,0 +1,10 @@
+
+print "1..1\n";
+use OpenSSL;
+if ($OpenSSL::VERSION ne '') {
+    print "ok 1\n";
+}
+else {
+    print "not ok 1\n";
+}
+
diff --git a/crypto/openssl/perl/t/03-bio.t b/crypto/openssl/perl/t/03-bio.t
new file mode 100644
index 000000000000..e3ed7ed842e5
--- /dev/null
+++ b/crypto/openssl/perl/t/03-bio.t
@@ -0,0 +1,16 @@
+
+BEGIN { 
+    $| = 1; 
+    print "1..1\n";
+}
+END {
+	print "not ok 1\n" unless $ok;
+}
+
+use OpenSSL;
+my $bio = OpenSSL::BIO::new("mem") || die;
+undef $bio;
+
+$ok = 1;
+print "ok 1\n";
+
diff --git a/crypto/openssl/perl/typemap b/crypto/openssl/perl/typemap
new file mode 100644
index 000000000000..f67b598adf12
--- /dev/null
+++ b/crypto/openssl/perl/typemap
@@ -0,0 +1,96 @@
+
+datum			T_DATUM
+EVP_MD_CTX *		T_MD_CTX
+EVP_CIPHER_CTX *	T_CIPHER_CTX
+BIGNUM *		T_BIGNUM
+SSL_METHOD *		T_SSL_METHOD
+SSL_CTX *		T_SSL_CTX
+SSL_CIPHER *		T_SSL_CIPHER
+SSL *			T_SSL
+BIO *			T_BIO
+X509 *			T_X509
+
+INPUT
+T_DATUM
+	$var.dptr=SvPV($arg,$var.dsize);
+T_MD_CTX
+	if (sv_derived_from($arg, \"OpenSSL::MD\")) {
+		IV tmp = SvIV((SV*)SvRV($arg));
+		$var = (EVP_MD_CTX *) tmp;
+		}
+	else
+		croak(\"$var is not of type OpenSSL::MD\")
+T_CIPHER_CTX
+	if (sv_derived_from($arg, \"OpenSSL::Cipher\")) {
+		IV tmp = SvIV((SV*)SvRV($arg));
+		$var = (EVP_CIPHER_CTX *) tmp;
+		}
+	else
+		croak(\"$var is not of type OpenSSL::Cipher\")
+T_BIGNUM
+	sv_to_BIGNUM(&($var),$arg,\"$var is not of type OpenSSL::MD, int or string\")
+T_SSL_METHOD
+	if (sv_derived_from($arg, \"OpenSSL::SSL::METHOD\")) {
+		IV tmp = SvIV((SV*)SvRV($arg));
+		$var = (SSL_METHOD *) tmp;
+		}
+	else
+		croak(\"$var is not of type OpenSSL::SSL::METHOD\")
+T_SSL_CTX
+	if (sv_derived_from($arg, \"OpenSSL::SSL::CTX\")) {
+		IV tmp = SvIV((SV*)SvRV($arg));
+		$var = (SSL_CTX *) tmp;
+		}
+	else
+		croak(\"$var is not of type OpenSSL::SSL::CTX\")
+T_SSL_CIPHER
+	if (sv_derived_from($arg, \"OpenSSL::SSL::CIPHER\")) {
+		IV tmp = SvIV((SV*)SvRV($arg));
+		$var = (SSL_CIPHER *) tmp;
+		}
+	else
+		croak(\"$var is not of type OpenSSL::SSL::CIPHER\")
+T_SSL
+	if (sv_derived_from($arg, \"OpenSSL::SSL\")) {
+		IV tmp = SvIV((SV*)SvRV($arg));
+		$var = (SSL *) tmp;
+		}
+	else
+		croak(\"$var is not of type OpenSSL::SSL\")
+T_BIO
+	if (sv_derived_from($arg, \"OpenSSL::BIO\")) {
+		IV tmp = SvIV((SV*)SvRV($arg));
+		$var = (BIO *) tmp;
+		}
+	else
+		croak(\"$var is not of type OpenSSL::BIO\")
+T_X509
+	if (sv_derived_from($arg, \"OpenSSL::X509\")) {
+		IV tmp = SvIV((SV*)SvRV($arg));
+		$var = (X509 *) tmp;
+		}
+	else
+		croak(\"$var is not of type OpenSSL::X509\")
+OUTPUT
+T_DATUM
+	sv_setpvn($arg,$var.dptr,$var.dsize);
+T_MD_CTX
+	sv_setref_pv($arg, \"OpenSSL::MD\", (void*)$var);
+T_CIPHER_CTX
+	sv_setref_pv($arg, \"OpenSSL::Cipher\", (void*)$var);
+T_BIGNUM
+	sv_setref_pv($arg, \"OpenSSL::BN\", (void*)$var);
+T_SSL_METHOD
+	sv_setref_pv($arg, \"OpenSSL::SSL::METHOD\", (void*)$var);
+T_SSL_CTX
+	sv_setref_pv($arg, \"OpenSSL::SSL::CTX\", (void*)$var);
+T_SSL_CIPHER
+	sv_setref_pv($arg, \"OpenSSL::SSL::CIPHER\", (void*)$var);
+T_SSL
+	sv_setref_pv($arg, \"OpenSSL::SSL\", (void*)$var);
+T_BIO
+	sv_setref_pv($arg, \"OpenSSL::BIO\", (void*)$var);
+T_X509
+	sv_setref_pv($arg, \"OpenSSL::X509\", (void*)$var);
+
+
diff --git a/crypto/openssl/rsaref/Makefile.ssl b/crypto/openssl/rsaref/Makefile.ssl
new file mode 100644
index 000000000000..165b2b8036f5
--- /dev/null
+++ b/crypto/openssl/rsaref/Makefile.ssl
@@ -0,0 +1,98 @@
+#
+# SSLeay/rsaref/Makefile
+#
+
+DIR=	rsaref
+TOP=	..
+CC=	cc
+INCLUDES= -I../crypto -I../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=		make -f Makefile.ssl
+MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+MAKEFILE=	Makefile.ssl
+AR=		ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile rsaref-lib.com install.com
+TEST=
+APPS=
+
+LIB=$(TOP)/libRSAglue.a
+LIBSRC=	rsaref.c rsar_err.c
+LIBOBJ= rsaref.o rsar_err.o
+
+SRC= $(LIBSRC)
+
+EXHEADER=	rsaref.h
+HEADER=	$(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+	(cd ..; $(MAKE) DIRS=rsaref all)
+
+all:	lib
+
+lib:	$(LIBOBJ)
+	$(AR) $(LIB) $(LIBOBJ)
+	$(RANLIB) $(LIB)
+	@touch lib
+
+files:
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../apps $(APPS)
+
+install:
+	-@if [ "x`echo x $(EX_LIBS) | grep RSAglue`" != x ]; then \
+	    echo "installing libRSAglue.a"; \
+	    cp $(LIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/libRSAglue.a; \
+	    $(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/libRSAglue.a; \
+	    chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/libRSAglue.a; \
+	fi
+
+#	@for i in $(EXHEADER) ; \
+#	do  \
+#	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+#	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+#	done;
+
+tags:
+	ctags $(SRC)
+
+tests:
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+
+dclean:
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+rsar_err.o: ../include/openssl/bn.h ../include/openssl/crypto.h
+rsar_err.o: ../include/openssl/err.h ../include/openssl/opensslconf.h
+rsar_err.o: ../include/openssl/opensslv.h ../include/openssl/rsa.h
+rsar_err.o: ../include/openssl/rsaref.h ../include/openssl/stack.h
+rsaref.o: ../crypto/cryptlib.h ../include/openssl/bio.h ../include/openssl/bn.h
+rsaref.o: ../include/openssl/buffer.h ../include/openssl/crypto.h
+rsaref.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+rsaref.o: ../include/openssl/err.h ../include/openssl/opensslconf.h
+rsaref.o: ../include/openssl/opensslv.h ../include/openssl/rand.h
+rsaref.o: ../include/openssl/rsa.h ../include/openssl/rsaref.h
+rsaref.o: ../include/openssl/stack.h
diff --git a/crypto/openssl/rsaref/rsar_err.c b/crypto/openssl/rsaref/rsar_err.c
new file mode 100644
index 000000000000..d2eb3a2b0187
--- /dev/null
+++ b/crypto/openssl/rsaref/rsar_err.c
@@ -0,0 +1,118 @@
+/* rsaref/rsar_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file.
+ */
+
+#include 
+#include 
+#include 
+
+/* BEGIN ERROR CODES */
+#ifndef NO_ERR
+static ERR_STRING_DATA RSAREF_str_functs[]=
+	{
+{ERR_PACK(0,RSAREF_F_BN_REF_MOD_EXP,0),	"BN_REF_MOD_EXP"},
+{ERR_PACK(0,RSAREF_F_RSAREF_BN2BIN,0),	"RSAREF_BN2BIN"},
+{ERR_PACK(0,RSAREF_F_RSA_BN2BIN,0),	"RSA_BN2BIN"},
+{ERR_PACK(0,RSAREF_F_RSA_PRIVATE_DECRYPT,0),	"RSA_private_decrypt"},
+{ERR_PACK(0,RSAREF_F_RSA_PRIVATE_ENCRYPT,0),	"RSA_private_encrypt"},
+{ERR_PACK(0,RSAREF_F_RSA_PUBLIC_DECRYPT,0),	"RSA_public_decrypt"},
+{ERR_PACK(0,RSAREF_F_RSA_PUBLIC_ENCRYPT,0),	"RSA_public_encrypt"},
+{ERR_PACK(0,RSAREF_F_RSA_REF_BN2BIN,0),	"RSA_REF_BN2BIN"},
+{ERR_PACK(0,RSAREF_F_RSA_REF_MOD_EXP,0),	"RSA_REF_MOD_EXP"},
+{ERR_PACK(0,RSAREF_F_RSA_REF_PRIVATE_DECRYPT,0),	"RSA_REF_PRIVATE_DECRYPT"},
+{ERR_PACK(0,RSAREF_F_RSA_REF_PRIVATE_ENCRYPT,0),	"RSA_REF_PRIVATE_ENCRYPT"},
+{ERR_PACK(0,RSAREF_F_RSA_REF_PUBLIC_DECRYPT,0),	"RSA_REF_PUBLIC_DECRYPT"},
+{ERR_PACK(0,RSAREF_F_RSA_REF_PUBLIC_ENCRYPT,0),	"RSA_REF_PUBLIC_ENCRYPT"},
+{0,NULL}
+	};
+
+static ERR_STRING_DATA RSAREF_str_reasons[]=
+	{
+{RSAREF_R_CONTENT_ENCODING               ,"content encoding"},
+{RSAREF_R_DATA                           ,"data"},
+{RSAREF_R_DIGEST_ALGORITHM               ,"digest algorithm"},
+{RSAREF_R_ENCODING                       ,"encoding"},
+{RSAREF_R_ENCRYPTION_ALGORITHM           ,"encryption algorithm"},
+{RSAREF_R_KEY                            ,"key"},
+{RSAREF_R_KEY_ENCODING                   ,"key encoding"},
+{RSAREF_R_LEN                            ,"len"},
+{RSAREF_R_MODULUS_LEN                    ,"modulus len"},
+{RSAREF_R_NEED_RANDOM                    ,"need random"},
+{RSAREF_R_PRIVATE_KEY                    ,"private key"},
+{RSAREF_R_PUBLIC_KEY                     ,"public key"},
+{RSAREF_R_SIGNATURE                      ,"signature"},
+{RSAREF_R_SIGNATURE_ENCODING             ,"signature encoding"},
+{0,NULL}
+	};
+
+#endif
+
+void ERR_load_RSAREF_strings(void)
+	{
+	static int init=1;
+
+	if (init)
+		{
+		init=0;
+#ifndef NO_ERR
+		ERR_load_strings(ERR_LIB_RSAREF,RSAREF_str_functs);
+		ERR_load_strings(ERR_LIB_RSAREF,RSAREF_str_reasons);
+#endif
+
+		}
+	}
diff --git a/crypto/openssl/rsaref/rsaref.c b/crypto/openssl/rsaref/rsaref.c
new file mode 100644
index 000000000000..7677eb9fce9f
--- /dev/null
+++ b/crypto/openssl/rsaref/rsaref.c
@@ -0,0 +1,301 @@
+/* rsaref/rsaref.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef NO_RSA
+#include 
+#include "cryptlib.h"
+#include 
+#include 
+#include 
+#include 
+
+static int RSAref_bn2bin(BIGNUM * from, unsigned char* to, int max);
+#ifdef undef
+static BIGNUM* RSAref_bin2bn(unsigned char* from, BIGNUM * to, int max);
+#endif
+static int RSAref_Public_eay2ref(RSA * from, RSArefPublicKey * to);
+static int RSAref_Private_eay2ref(RSA * from, RSArefPrivateKey * to);
+int RSA_ref_private_decrypt(int len, unsigned char *from,
+	unsigned char *to, RSA *rsa, int padding);
+int RSA_ref_private_encrypt(int len, unsigned char *from,
+	unsigned char *to, RSA *rsa, int padding);
+int RSA_ref_public_encrypt(int len, unsigned char *from,
+	unsigned char *to, RSA *rsa, int padding);
+int RSA_ref_public_decrypt(int len, unsigned char *from,
+	unsigned char *to, RSA *rsa, int padding);
+static int BN_ref_mod_exp(BIGNUM *r,BIGNUM *a,const BIGNUM *p,const BIGNUM *m,
+			  BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+static int RSA_ref_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa);
+static RSA_METHOD rsa_pkcs1_ref_meth={
+	"RSAref PKCS#1 RSA",
+	RSA_ref_public_encrypt,
+	RSA_ref_public_decrypt,
+	RSA_ref_private_encrypt,
+	RSA_ref_private_decrypt,
+	RSA_ref_mod_exp,
+	BN_ref_mod_exp,
+	NULL,
+	NULL,
+	0,
+	NULL,
+	};
+
+RSA_METHOD *RSA_PKCS1_RSAref(void)
+	{
+	return(&rsa_pkcs1_ref_meth);
+	}
+
+static int RSA_ref_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa)
+	{
+	RSAREFerr(RSAREF_F_RSA_REF_MOD_EXP,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+	return(0);
+	}
+
+static int BN_ref_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+			  const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+	{
+	RSAREFerr(RSAREF_F_BN_REF_MOD_EXP,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+	return(0);
+	}
+
+/* unsigned char *to:  [max]    */
+static int RSAref_bn2bin(BIGNUM *from, unsigned char *to, int max)
+	{
+	int i;
+
+	i=BN_num_bytes(from);
+	if (i > max)
+		{
+		RSAREFerr(RSAREF_F_RSAREF_BN2BIN,RSAREF_R_LEN);
+		return(0);
+		}
+
+	memset(to,0,(unsigned int)max);
+	if (!BN_bn2bin(from,&(to[max-i])))
+		return(0);
+	return(1);
+	}
+
+#ifdef undef
+/* unsigned char *from:  [max]    */
+static BIGNUM *RSAref_bin2bn(unsigned char *from, BIGNUM *to, int max)
+	{
+	int i;
+	BIGNUM *ret;
+
+	for (i=0; in=RSAref_bin2bn(from->m,NULL,RSAref_MAX_LEN);
+	to->e=RSAref_bin2bn(from->e,NULL,RSAref_MAX_LEN);
+	if ((to->n == NULL) || (to->e == NULL)) return(0);
+	return(1);
+	}
+#endif
+
+static int RSAref_Public_eay2ref(RSA *from, RSArefPublicKey *to)
+	{
+	to->bits=BN_num_bits(from->n);
+	if (!RSAref_bn2bin(from->n,to->m,RSAref_MAX_LEN)) return(0);
+	if (!RSAref_bn2bin(from->e,to->e,RSAref_MAX_LEN)) return(0);
+	return(1);
+	}
+
+#ifdef undef
+static int RSAref_Private_ref2eay(RSArefPrivateKey *from, RSA *to)
+	{
+	if ((to->n=RSAref_bin2bn(from->m,NULL,RSAref_MAX_LEN)) == NULL)
+		return(0);
+	if ((to->e=RSAref_bin2bn(from->e,NULL,RSAref_MAX_LEN)) == NULL)
+		return(0);
+	if ((to->d=RSAref_bin2bn(from->d,NULL,RSAref_MAX_LEN)) == NULL)
+		return(0);
+	if ((to->p=RSAref_bin2bn(from->prime[0],NULL,RSAref_MAX_PLEN)) == NULL)
+		return(0);
+	if ((to->q=RSAref_bin2bn(from->prime[1],NULL,RSAref_MAX_PLEN)) == NULL)
+		return(0);
+	if ((to->dmp1=RSAref_bin2bn(from->pexp[0],NULL,RSAref_MAX_PLEN))
+		== NULL)
+		return(0);
+	if ((to->dmq1=RSAref_bin2bn(from->pexp[1],NULL,RSAref_MAX_PLEN))
+		== NULL)
+		return(0);
+	if ((to->iqmp=RSAref_bin2bn(from->coef,NULL,RSAref_MAX_PLEN)) == NULL)
+		return(0);
+	return(1);
+	}
+#endif
+
+static int RSAref_Private_eay2ref(RSA *from, RSArefPrivateKey *to)
+	{
+	to->bits=BN_num_bits(from->n);
+	if (!RSAref_bn2bin(from->n,to->m,RSAref_MAX_LEN)) return(0);
+	if (!RSAref_bn2bin(from->e,to->e,RSAref_MAX_LEN)) return(0);
+	if (!RSAref_bn2bin(from->d,to->d,RSAref_MAX_LEN)) return(0);
+	if (!RSAref_bn2bin(from->p,to->prime[0],RSAref_MAX_PLEN)) return(0);
+	if (!RSAref_bn2bin(from->q,to->prime[1],RSAref_MAX_PLEN)) return(0);
+	if (!RSAref_bn2bin(from->dmp1,to->pexp[0],RSAref_MAX_PLEN)) return(0);
+	if (!RSAref_bn2bin(from->dmq1,to->pexp[1],RSAref_MAX_PLEN)) return(0);
+	if (!RSAref_bn2bin(from->iqmp,to->coef,RSAref_MAX_PLEN)) return(0);
+	return(1);
+	}
+
+int RSA_ref_private_decrypt(int len, unsigned char *from, unsigned char *to,
+	     RSA *rsa, int padding)
+	{
+	int i,outlen= -1;
+	RSArefPrivateKey RSAkey;
+
+	if (!RSAref_Private_eay2ref(rsa,&RSAkey))
+		goto err;
+	if ((i=RSAPrivateDecrypt(to,&outlen,from,len,&RSAkey)) != 0)
+		{
+		RSAREFerr(RSAREF_F_RSA_REF_PRIVATE_DECRYPT,i);
+		outlen= -1;
+		}
+err:
+	memset(&RSAkey,0,sizeof(RSAkey));
+	return(outlen);
+	}
+
+int RSA_ref_private_encrypt(int len, unsigned char *from, unsigned char *to,
+	     RSA *rsa, int padding)
+	{
+	int i,outlen= -1;
+	RSArefPrivateKey RSAkey;
+
+	if (padding != RSA_PKCS1_PADDING)
+		{
+		RSAREFerr(RSAREF_F_RSA_REF_PRIVATE_ENCRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
+		goto err;
+	}
+	if (!RSAref_Private_eay2ref(rsa,&RSAkey))
+		goto err;
+	if ((i=RSAPrivateEncrypt(to,&outlen,from,len,&RSAkey)) != 0)
+		{
+		RSAREFerr(RSAREF_F_RSA_REF_PRIVATE_ENCRYPT,i);
+		outlen= -1;
+		}
+err:
+	memset(&RSAkey,0,sizeof(RSAkey));
+	return(outlen);
+	}
+
+int RSA_ref_public_decrypt(int len, unsigned char *from, unsigned char *to,
+	     RSA *rsa, int padding)
+	{
+	int i,outlen= -1;
+	RSArefPublicKey RSAkey;
+
+	if (!RSAref_Public_eay2ref(rsa,&RSAkey))
+		goto err;
+	if ((i=RSAPublicDecrypt(to,&outlen,from,len,&RSAkey)) != 0)
+		{
+		RSAREFerr(RSAREF_F_RSA_REF_PUBLIC_DECRYPT,i);
+		outlen= -1;
+		}
+err:
+	memset(&RSAkey,0,sizeof(RSAkey));
+	return(outlen);
+	}
+
+int RSA_ref_public_encrypt(int len, unsigned char *from, unsigned char *to,
+	     RSA *rsa, int padding)
+	{
+	int outlen= -1;
+	int i;
+	RSArefPublicKey RSAkey;
+	RSARandomState rnd;
+	unsigned char buf[16];
+
+	if (padding != RSA_PKCS1_PADDING && padding != RSA_SSLV23_PADDING) 
+		{
+		RSAREFerr(RSAREF_F_RSA_REF_PUBLIC_ENCRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
+		goto err;
+		}
+	
+	R_RandomInit(&rnd);
+	R_GetRandomBytesNeeded((unsigned int *)&i,&rnd);
+	while (i > 0)
+		{
+		RAND_bytes(buf,16);
+		R_RandomUpdate(&rnd,buf,(unsigned int)((i>16)?16:i));
+		i-=16;
+		}
+
+	if (!RSAref_Public_eay2ref(rsa,&RSAkey))
+		goto err;
+	if ((i=RSAPublicEncrypt(to,&outlen,from,len,&RSAkey,&rnd)) != 0)
+		{
+		RSAREFerr(RSAREF_F_RSA_REF_PUBLIC_ENCRYPT,i);
+		outlen= -1;
+		goto err;
+		}
+err:
+	memset(&RSAkey,0,sizeof(RSAkey));
+	R_RandomFinal(&rnd);
+	memset(&rnd,0,sizeof(rnd));
+	return(outlen);
+	}
+#endif
diff --git a/crypto/openssl/rsaref/rsaref.h b/crypto/openssl/rsaref/rsaref.h
new file mode 100644
index 000000000000..15f65dd94f8d
--- /dev/null
+++ b/crypto/openssl/rsaref/rsaref.h
@@ -0,0 +1,180 @@
+/* rsaref/rsaref.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_RSAREF_H
+#define HEADER_RSAREF_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+ 
+#ifndef NO_RSA
+#include 
+
+/* RSAeuro */
+/*#define  RSAref_MAX_BITS		2048*/
+
+/* RSAref */
+#define  RSAref_MAX_BITS		1024
+
+#define RSAref_MIN_BITS		508
+#define RSAref_MAX_LEN		((RSAref_MAX_BITS+7)/8)
+#define RSAref_MAX_PBITS	(RSAref_MAX_BITS+1)/2
+#define RSAref_MAX_PLEN		((RSAref_MAX_PBITS+7)/8)
+
+typedef struct RSArefPublicKey_st
+	{
+	unsigned int bits;
+	unsigned char m[RSAref_MAX_LEN];
+	unsigned char e[RSAref_MAX_LEN];
+	} RSArefPublicKey;
+
+typedef struct RSArefPrivateKey_st
+	{
+	unsigned int bits;
+	unsigned char m[RSAref_MAX_LEN];
+	unsigned char e[RSAref_MAX_LEN];
+	unsigned char d[RSAref_MAX_LEN];
+	unsigned char prime[2][RSAref_MAX_PLEN];/* p & q */
+	unsigned char pexp[2][RSAref_MAX_PLEN];	/* dmp1 & dmq1 */
+	unsigned char coef[RSAref_MAX_PLEN];	/* iqmp */
+	} RSArefPrivateKey;
+
+typedef struct RSARandomState_st
+	{
+	unsigned int needed;
+	unsigned char state[16];
+	unsigned int outputnum;
+	unsigned char output[16];
+	} RSARandomState;
+
+#define RE_CONTENT_ENCODING 0x0400
+#define RE_DATA 0x0401
+#define RE_DIGEST_ALGORITHM 0x0402
+#define RE_ENCODING 0x0403
+#define RE_KEY 0x0404
+#define RE_KEY_ENCODING 0x0405
+#define RE_LEN 0x0406
+#define RE_MODULUS_LEN 0x0407
+#define RE_NEED_RANDOM 0x0408
+#define RE_PRIVATE_KEY 0x0409
+#define RE_PUBLIC_KEY 0x040a
+#define RE_SIGNATURE 0x040b
+#define RE_SIGNATURE_ENCODING 0x040c
+#define RE_ENCRYPTION_ALGORITHM 0x040d
+
+int RSAPrivateDecrypt(unsigned char *to, int *outlen, unsigned char *from,
+	int len, RSArefPrivateKey *RSAkey);
+int RSAPrivateEncrypt(unsigned char *to, int *outlen, unsigned char *from,
+	int len, RSArefPrivateKey *RSAkey);
+int RSAPublicDecrypt(unsigned char *to, int *outlen, unsigned char *from,
+	int len, RSArefPublicKey *RSAkey);
+int RSAPublicEncrypt(unsigned char *to, int *outlen, unsigned char *from,
+	int len, RSArefPublicKey *RSAkey,RSARandomState *rnd);
+int R_RandomInit(RSARandomState *rnd);
+int R_GetRandomBytesNeeded(unsigned int *,RSARandomState *rnd);
+int R_RandomUpdate(RSARandomState *rnd, unsigned char *data, unsigned int n);
+int R_RandomFinal(RSARandomState *rnd);
+
+void ERR_load_RSAREF_strings(void );
+RSA_METHOD *RSA_PKCS1_RSAref(void );
+#endif
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+
+/* Error codes for the RSAREF functions. */
+
+/* Function codes. */
+#define RSAREF_F_BN_REF_MOD_EXP				 100
+#define RSAREF_F_RSAREF_BN2BIN				 101
+#define RSAREF_F_RSA_BN2BIN				 102
+#define RSAREF_F_RSA_PRIVATE_DECRYPT			 103
+#define RSAREF_F_RSA_PRIVATE_ENCRYPT			 104
+#define RSAREF_F_RSA_PUBLIC_DECRYPT			 105
+#define RSAREF_F_RSA_PUBLIC_ENCRYPT			 106
+#define RSAREF_F_RSA_REF_BN2BIN				 107
+#define RSAREF_F_RSA_REF_MOD_EXP			 108
+#define RSAREF_F_RSA_REF_PRIVATE_DECRYPT		 109
+#define RSAREF_F_RSA_REF_PRIVATE_ENCRYPT		 110
+#define RSAREF_F_RSA_REF_PUBLIC_DECRYPT			 111
+#define RSAREF_F_RSA_REF_PUBLIC_ENCRYPT			 112
+
+/* Reason codes. */
+#define RSAREF_R_CONTENT_ENCODING			 0x0400
+#define RSAREF_R_DATA					 0x0401
+#define RSAREF_R_DIGEST_ALGORITHM			 0x0402
+#define RSAREF_R_ENCODING				 0x0403
+#define RSAREF_R_ENCRYPTION_ALGORITHM			 0x040d
+#define RSAREF_R_KEY					 0x0404
+#define RSAREF_R_KEY_ENCODING				 0x0405
+#define RSAREF_R_LEN					 0x0406
+#define RSAREF_R_MODULUS_LEN				 0x0407
+#define RSAREF_R_NEED_RANDOM				 0x0408
+#define RSAREF_R_PRIVATE_KEY				 0x0409
+#define RSAREF_R_PUBLIC_KEY				 0x040a
+#define RSAREF_R_SIGNATURE				 0x040b
+#define RSAREF_R_SIGNATURE_ENCODING			 0x040c
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
+
diff --git a/crypto/openssl/shlib/README b/crypto/openssl/shlib/README
new file mode 100644
index 000000000000..fea07a59eab5
--- /dev/null
+++ b/crypto/openssl/shlib/README
@@ -0,0 +1 @@
+Only the windows NT and, linux builds have been tested for SSLeay 0.8.0
diff --git a/crypto/openssl/shlib/irix.sh b/crypto/openssl/shlib/irix.sh
new file mode 100644
index 000000000000..22e4e6ad508d
--- /dev/null
+++ b/crypto/openssl/shlib/irix.sh
@@ -0,0 +1,7 @@
+FLAGS="-DTERMIOS -O2 -mips2 -DB_ENDIAN -fomit-frame-pointer -Wall -Iinclude"
+SHFLAGS="-DPIC -fpic"
+
+gcc -c -Icrypto $SHFLAGS $FLAGS -o crypto.o crypto/crypto.c
+ld -shared -o libcrypto.so crypto.o
+gcc -c -Issl $SHFLAGS $FLAGS -o ssl.o ssl/ssl.c
+ld -shared -o libssl.so ssl.o
diff --git a/crypto/openssl/shlib/solaris-sc4.sh b/crypto/openssl/shlib/solaris-sc4.sh
new file mode 100755
index 000000000000..b0766b35f7ca
--- /dev/null
+++ b/crypto/openssl/shlib/solaris-sc4.sh
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+major="1"
+
+slib=libssl
+sh_slib=$slib.so.$major
+
+clib=libcrypto
+sh_clib=$clib.so.$major
+
+echo collecting all object files for $clib.so
+OBJS=
+find . -name \*.o -print > allobjs
+for obj in `ar t libcrypto.a`
+do
+	OBJS="$OBJS `grep $obj allobjs`"
+done
+
+echo linking $clib.so
+cc -G -o $sh_clib -h $sh_clib $OBJS -lnsl -lsocket
+
+rm -f $clib.so
+ln -s $sh_clib $clib.so
+
+echo collecting all object files for $slib.so
+OBJS=
+for obj in `ar t libssl.a`
+do
+	OBJS="$OBJS `grep $obj allobjs`"
+done
+
+echo linking $slib.so
+cc -G -o $sh_slib -h $sh_slib $OBJS -L. -lcrypto
+	
+rm -f $slib.so
+ln -s $sh_slib $slib.so
+
+rm -f allobjs
+
+mv libRSAglue.a libRSAglue.a.orig
+mv libcrypto.a  libcrypto.a.orig
+mv libssl.a     libssl.a.orig 
diff --git a/crypto/openssl/shlib/solaris.sh b/crypto/openssl/shlib/solaris.sh
new file mode 100644
index 000000000000..03475f12b410
--- /dev/null
+++ b/crypto/openssl/shlib/solaris.sh
@@ -0,0 +1,36 @@
+#!/bin/sh
+
+echo "#define DATE      \"`date`\"" >crypto/date.h
+
+major="0"
+minor="8.0"
+slib=libssl
+clib=libcrypto
+CC=gcc
+CPP='gcc -E'
+AS=as
+#FLAGS='-DTERMIO -O3 -DL_ENDIAN -fomit-frame-pointer -mv8 -Wall'
+FLAGS='-DTERMIO -g2 -ggdb -DL_ENDIAN -Wall -DREF_CHECK -DCRYPTO_MDEBUG'
+INCLUDE='-Iinclude -Icrypto -Issl'
+SHFLAGS='-DPIC -fpic'
+
+CFLAGS="$FLAGS $INCLUDE $SHFLAGS"
+ASM_OBJ="";
+
+echo compiling bignum assember
+$AS -o bn_asm.o crypto/bn/asm/sparc.s
+CFLAGS="$CFLAGS -DBN_ASM"
+ASM_OBJ="$ASM_OBJ bn_asm.o"
+
+echo compiling $clib
+$CC -c $CFLAGS -DCFLAGS="\"$FLAGS\"" -o crypto.o crypto/crypto.c
+
+echo linking $clib.so
+gcc $CFLAGS -shared -o $clib.so.$major.$minor crypto.o $ASM_OBJ -lnsl -lsocket
+
+echo compiling $slib.so
+$CC -c $CFLAGS -o ssl.o ssl/ssl.c
+
+echo building $slib.so
+gcc $CFLAGS -shared -o $slib.so ssl.o -L. -lcrypto
+
diff --git a/crypto/openssl/shlib/sun.sh b/crypto/openssl/shlib/sun.sh
new file mode 100644
index 000000000000..a890bbd37653
--- /dev/null
+++ b/crypto/openssl/shlib/sun.sh
@@ -0,0 +1,8 @@
+FLAGS="-DTERMIO -O3 -DB_ENDIAN -fomit-frame-pointer -mv8 -Wall -Iinclude"
+SHFLAGS="-DPIC -fpic"
+
+gcc -c -Icrypto $SHFLAGS -fpic $FLAGS -o crypto.o crypto/crypto.c
+ld -G -z text -o libcrypto.so crypto.o
+
+gcc -c -Issl $SHFLAGS $FLAGS -o ssl.o ssl/ssl.c
+ld -G -z text -o libssl.so ssl.o
diff --git a/crypto/openssl/ssl/Makefile.ssl b/crypto/openssl/ssl/Makefile.ssl
new file mode 100644
index 000000000000..7f9c6ead8a8e
--- /dev/null
+++ b/crypto/openssl/ssl/Makefile.ssl
@@ -0,0 +1,828 @@
+#
+# SSLeay/ssl/Makefile
+#
+
+DIR=	ssl
+TOP=	..
+CC=	cc
+INCLUDES= -I../crypto -I../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=		make -f Makefile.ssl
+MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+MAKEFILE=	Makefile.ssl
+AR=		ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile README ssl-lib.com install.com
+TEST=ssltest.c
+APPS=
+
+LIB=$(TOP)/libssl.a
+LIBSRC=	\
+	s2_meth.c   s2_srvr.c s2_clnt.c  s2_lib.c  s2_enc.c s2_pkt.c \
+	s3_meth.c   s3_srvr.c s3_clnt.c  s3_lib.c  s3_enc.c s3_pkt.c s3_both.c \
+	s23_meth.c s23_srvr.c s23_clnt.c s23_lib.c          s23_pkt.c \
+	t1_meth.c   t1_srvr.c t1_clnt.c  t1_lib.c  t1_enc.c \
+	ssl_lib.c ssl_err2.c ssl_cert.c ssl_sess.c \
+	ssl_ciph.c ssl_stat.c ssl_rsa.c \
+	ssl_asn1.c ssl_txt.c ssl_algs.c \
+	bio_ssl.c ssl_err.c
+LIBOBJ= \
+	s2_meth.o  s2_srvr.o  s2_clnt.o  s2_lib.o  s2_enc.o s2_pkt.o \
+	s3_meth.o  s3_srvr.o  s3_clnt.o  s3_lib.o  s3_enc.o s3_pkt.o s3_both.o \
+	s23_meth.o s23_srvr.o s23_clnt.o s23_lib.o          s23_pkt.o \
+	t1_meth.o   t1_srvr.o t1_clnt.o  t1_lib.o  t1_enc.o \
+	ssl_lib.o ssl_err2.o ssl_cert.o ssl_sess.o \
+	ssl_ciph.o ssl_stat.o ssl_rsa.o \
+	ssl_asn1.o ssl_txt.o ssl_algs.o \
+	bio_ssl.o ssl_err.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= ssl.h ssl2.h ssl3.h ssl23.h tls1.h
+HEADER=	$(EXHEADER) ssl_locl.h
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+	(cd ..; $(MAKE) DIRS=$(DIR) all)
+
+all:	lib
+
+lib:	$(LIBOBJ)
+	$(AR) $(LIB) $(LIBOBJ)
+	$(RANLIB) $(LIB)
+	@touch lib
+
+files:
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../apps $(APPS)
+
+install:
+	@for i in $(EXHEADER) ; \
+	do  \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+	done;
+
+tags:
+	ctags $(SRC)
+
+tests:
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+
+dclean:
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+bio_ssl.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+bio_ssl.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+bio_ssl.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+bio_ssl.o: ../include/openssl/crypto.h ../include/openssl/des.h
+bio_ssl.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+bio_ssl.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+bio_ssl.o: ../include/openssl/evp.h ../include/openssl/idea.h
+bio_ssl.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+bio_ssl.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+bio_ssl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+bio_ssl.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+bio_ssl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+bio_ssl.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+bio_ssl.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+bio_ssl.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+bio_ssl.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+bio_ssl.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+bio_ssl.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+bio_ssl.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+bio_ssl.o: ../include/openssl/x509_vfy.h
+s23_clnt.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s23_clnt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s23_clnt.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s23_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s23_clnt.o: ../include/openssl/des.h ../include/openssl/dh.h
+s23_clnt.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+s23_clnt.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+s23_clnt.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s23_clnt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s23_clnt.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s23_clnt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s23_clnt.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+s23_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s23_clnt.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+s23_clnt.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+s23_clnt.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+s23_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s23_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s23_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s23_clnt.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+s23_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+s23_lib.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s23_lib.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s23_lib.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s23_lib.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s23_lib.o: ../include/openssl/des.h ../include/openssl/dh.h
+s23_lib.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+s23_lib.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+s23_lib.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s23_lib.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s23_lib.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s23_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s23_lib.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+s23_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s23_lib.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+s23_lib.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+s23_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s23_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s23_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s23_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s23_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+s23_lib.o: ../include/openssl/x509_vfy.h ssl_locl.h
+s23_meth.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s23_meth.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s23_meth.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s23_meth.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s23_meth.o: ../include/openssl/des.h ../include/openssl/dh.h
+s23_meth.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+s23_meth.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+s23_meth.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s23_meth.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s23_meth.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s23_meth.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s23_meth.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+s23_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s23_meth.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+s23_meth.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+s23_meth.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s23_meth.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s23_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s23_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s23_meth.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+s23_meth.o: ../include/openssl/x509_vfy.h ssl_locl.h
+s23_pkt.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s23_pkt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s23_pkt.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s23_pkt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s23_pkt.o: ../include/openssl/des.h ../include/openssl/dh.h
+s23_pkt.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+s23_pkt.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+s23_pkt.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s23_pkt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s23_pkt.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s23_pkt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s23_pkt.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+s23_pkt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s23_pkt.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+s23_pkt.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+s23_pkt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s23_pkt.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s23_pkt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s23_pkt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s23_pkt.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+s23_pkt.o: ../include/openssl/x509_vfy.h ssl_locl.h
+s23_srvr.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s23_srvr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s23_srvr.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s23_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s23_srvr.o: ../include/openssl/des.h ../include/openssl/dh.h
+s23_srvr.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+s23_srvr.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+s23_srvr.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s23_srvr.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s23_srvr.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s23_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s23_srvr.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+s23_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s23_srvr.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+s23_srvr.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+s23_srvr.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+s23_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s23_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s23_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s23_srvr.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+s23_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+s2_clnt.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s2_clnt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s2_clnt.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s2_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s2_clnt.o: ../include/openssl/des.h ../include/openssl/dh.h
+s2_clnt.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+s2_clnt.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+s2_clnt.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s2_clnt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s2_clnt.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s2_clnt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s2_clnt.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+s2_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s2_clnt.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+s2_clnt.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+s2_clnt.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+s2_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s2_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s2_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s2_clnt.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+s2_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+s2_enc.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s2_enc.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s2_enc.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s2_enc.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s2_enc.o: ../include/openssl/des.h ../include/openssl/dh.h
+s2_enc.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+s2_enc.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+s2_enc.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s2_enc.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s2_enc.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s2_enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s2_enc.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+s2_enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s2_enc.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+s2_enc.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+s2_enc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s2_enc.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s2_enc.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s2_enc.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s2_enc.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+s2_enc.o: ../include/openssl/x509_vfy.h ssl_locl.h
+s2_lib.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s2_lib.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s2_lib.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s2_lib.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s2_lib.o: ../include/openssl/des.h ../include/openssl/dh.h
+s2_lib.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+s2_lib.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+s2_lib.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s2_lib.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s2_lib.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s2_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s2_lib.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+s2_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s2_lib.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+s2_lib.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+s2_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s2_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s2_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s2_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s2_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+s2_lib.o: ../include/openssl/x509_vfy.h ssl_locl.h
+s2_meth.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s2_meth.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s2_meth.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s2_meth.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s2_meth.o: ../include/openssl/des.h ../include/openssl/dh.h
+s2_meth.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+s2_meth.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+s2_meth.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s2_meth.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s2_meth.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s2_meth.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s2_meth.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+s2_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s2_meth.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+s2_meth.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+s2_meth.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s2_meth.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s2_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s2_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s2_meth.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+s2_meth.o: ../include/openssl/x509_vfy.h ssl_locl.h
+s2_pkt.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s2_pkt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s2_pkt.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s2_pkt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s2_pkt.o: ../include/openssl/des.h ../include/openssl/dh.h
+s2_pkt.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+s2_pkt.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+s2_pkt.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s2_pkt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s2_pkt.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s2_pkt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s2_pkt.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+s2_pkt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s2_pkt.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+s2_pkt.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+s2_pkt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s2_pkt.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s2_pkt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s2_pkt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s2_pkt.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+s2_pkt.o: ../include/openssl/x509_vfy.h ssl_locl.h
+s2_srvr.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s2_srvr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s2_srvr.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s2_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s2_srvr.o: ../include/openssl/des.h ../include/openssl/dh.h
+s2_srvr.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+s2_srvr.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+s2_srvr.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s2_srvr.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s2_srvr.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s2_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s2_srvr.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+s2_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s2_srvr.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+s2_srvr.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+s2_srvr.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+s2_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s2_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s2_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s2_srvr.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+s2_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+s3_both.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s3_both.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s3_both.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s3_both.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s3_both.o: ../include/openssl/des.h ../include/openssl/dh.h
+s3_both.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+s3_both.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+s3_both.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s3_both.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s3_both.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s3_both.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s3_both.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+s3_both.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s3_both.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+s3_both.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+s3_both.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+s3_both.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s3_both.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s3_both.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s3_both.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+s3_both.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+s3_clnt.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s3_clnt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s3_clnt.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s3_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s3_clnt.o: ../include/openssl/des.h ../include/openssl/dh.h
+s3_clnt.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+s3_clnt.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+s3_clnt.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s3_clnt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s3_clnt.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s3_clnt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s3_clnt.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+s3_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s3_clnt.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+s3_clnt.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+s3_clnt.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+s3_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s3_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s3_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s3_clnt.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+s3_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+s3_enc.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s3_enc.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s3_enc.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s3_enc.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s3_enc.o: ../include/openssl/des.h ../include/openssl/dh.h
+s3_enc.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+s3_enc.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+s3_enc.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s3_enc.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s3_enc.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s3_enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s3_enc.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+s3_enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s3_enc.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+s3_enc.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+s3_enc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s3_enc.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s3_enc.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s3_enc.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s3_enc.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+s3_enc.o: ../include/openssl/x509_vfy.h ssl_locl.h
+s3_lib.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s3_lib.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s3_lib.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s3_lib.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s3_lib.o: ../include/openssl/des.h ../include/openssl/dh.h
+s3_lib.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+s3_lib.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+s3_lib.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s3_lib.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s3_lib.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s3_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s3_lib.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+s3_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s3_lib.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+s3_lib.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+s3_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s3_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s3_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s3_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s3_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+s3_lib.o: ../include/openssl/x509_vfy.h ssl_locl.h
+s3_meth.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s3_meth.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s3_meth.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s3_meth.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s3_meth.o: ../include/openssl/des.h ../include/openssl/dh.h
+s3_meth.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+s3_meth.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+s3_meth.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s3_meth.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s3_meth.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s3_meth.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s3_meth.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+s3_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s3_meth.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+s3_meth.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+s3_meth.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s3_meth.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s3_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s3_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s3_meth.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+s3_meth.o: ../include/openssl/x509_vfy.h ssl_locl.h
+s3_pkt.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s3_pkt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s3_pkt.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s3_pkt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s3_pkt.o: ../include/openssl/des.h ../include/openssl/dh.h
+s3_pkt.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+s3_pkt.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+s3_pkt.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s3_pkt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s3_pkt.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s3_pkt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s3_pkt.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+s3_pkt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s3_pkt.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+s3_pkt.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+s3_pkt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s3_pkt.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s3_pkt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s3_pkt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s3_pkt.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+s3_pkt.o: ../include/openssl/x509_vfy.h ssl_locl.h
+s3_srvr.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s3_srvr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s3_srvr.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s3_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s3_srvr.o: ../include/openssl/des.h ../include/openssl/dh.h
+s3_srvr.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+s3_srvr.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+s3_srvr.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s3_srvr.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s3_srvr.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s3_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s3_srvr.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+s3_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s3_srvr.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+s3_srvr.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+s3_srvr.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+s3_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s3_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s3_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s3_srvr.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+s3_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+ssl_algs.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+ssl_algs.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+ssl_algs.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+ssl_algs.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+ssl_algs.o: ../include/openssl/des.h ../include/openssl/dh.h
+ssl_algs.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+ssl_algs.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+ssl_algs.o: ../include/openssl/evp.h ../include/openssl/idea.h
+ssl_algs.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+ssl_algs.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+ssl_algs.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+ssl_algs.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+ssl_algs.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ssl_algs.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+ssl_algs.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+ssl_algs.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+ssl_algs.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+ssl_algs.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+ssl_algs.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+ssl_algs.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+ssl_algs.o: ../include/openssl/x509_vfy.h ssl_locl.h
+ssl_asn1.o: ../include/openssl/asn1.h ../include/openssl/asn1_mac.h
+ssl_asn1.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+ssl_asn1.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ssl_asn1.o: ../include/openssl/cast.h ../include/openssl/comp.h
+ssl_asn1.o: ../include/openssl/crypto.h ../include/openssl/des.h
+ssl_asn1.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+ssl_asn1.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+ssl_asn1.o: ../include/openssl/err.h ../include/openssl/evp.h
+ssl_asn1.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+ssl_asn1.o: ../include/openssl/md2.h ../include/openssl/md5.h
+ssl_asn1.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+ssl_asn1.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ssl_asn1.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+ssl_asn1.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+ssl_asn1.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+ssl_asn1.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+ssl_asn1.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ssl_asn1.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+ssl_asn1.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+ssl_asn1.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+ssl_asn1.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+ssl_cert.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+ssl_cert.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+ssl_cert.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+ssl_cert.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+ssl_cert.o: ../include/openssl/des.h ../include/openssl/dh.h
+ssl_cert.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+ssl_cert.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+ssl_cert.o: ../include/openssl/evp.h ../include/openssl/idea.h
+ssl_cert.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+ssl_cert.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+ssl_cert.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+ssl_cert.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+ssl_cert.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ssl_cert.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+ssl_cert.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+ssl_cert.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+ssl_cert.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+ssl_cert.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+ssl_cert.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+ssl_cert.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+ssl_cert.o: ../include/openssl/x509_vfy.h ssl_locl.h
+ssl_ciph.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+ssl_ciph.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+ssl_ciph.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+ssl_ciph.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+ssl_ciph.o: ../include/openssl/des.h ../include/openssl/dh.h
+ssl_ciph.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+ssl_ciph.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+ssl_ciph.o: ../include/openssl/evp.h ../include/openssl/idea.h
+ssl_ciph.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+ssl_ciph.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+ssl_ciph.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+ssl_ciph.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+ssl_ciph.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ssl_ciph.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+ssl_ciph.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+ssl_ciph.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+ssl_ciph.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+ssl_ciph.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+ssl_ciph.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+ssl_ciph.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+ssl_ciph.o: ../include/openssl/x509_vfy.h ssl_locl.h
+ssl_err.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+ssl_err.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+ssl_err.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+ssl_err.o: ../include/openssl/crypto.h ../include/openssl/des.h
+ssl_err.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+ssl_err.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+ssl_err.o: ../include/openssl/evp.h ../include/openssl/idea.h
+ssl_err.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+ssl_err.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+ssl_err.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+ssl_err.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+ssl_err.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ssl_err.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+ssl_err.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+ssl_err.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+ssl_err.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+ssl_err.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+ssl_err.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+ssl_err.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+ssl_err.o: ../include/openssl/x509_vfy.h
+ssl_err2.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+ssl_err2.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+ssl_err2.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+ssl_err2.o: ../include/openssl/crypto.h ../include/openssl/des.h
+ssl_err2.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+ssl_err2.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+ssl_err2.o: ../include/openssl/evp.h ../include/openssl/idea.h
+ssl_err2.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+ssl_err2.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+ssl_err2.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+ssl_err2.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+ssl_err2.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ssl_err2.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+ssl_err2.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+ssl_err2.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+ssl_err2.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+ssl_err2.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+ssl_err2.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+ssl_err2.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+ssl_err2.o: ../include/openssl/x509_vfy.h
+ssl_lib.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+ssl_lib.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+ssl_lib.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+ssl_lib.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+ssl_lib.o: ../include/openssl/des.h ../include/openssl/dh.h
+ssl_lib.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+ssl_lib.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+ssl_lib.o: ../include/openssl/evp.h ../include/openssl/idea.h
+ssl_lib.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+ssl_lib.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+ssl_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+ssl_lib.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+ssl_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ssl_lib.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+ssl_lib.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+ssl_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+ssl_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+ssl_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+ssl_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+ssl_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+ssl_lib.o: ../include/openssl/x509_vfy.h ssl_locl.h
+ssl_rsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+ssl_rsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+ssl_rsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+ssl_rsa.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+ssl_rsa.o: ../include/openssl/des.h ../include/openssl/dh.h
+ssl_rsa.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+ssl_rsa.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+ssl_rsa.o: ../include/openssl/evp.h ../include/openssl/idea.h
+ssl_rsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+ssl_rsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+ssl_rsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+ssl_rsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+ssl_rsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ssl_rsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+ssl_rsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+ssl_rsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+ssl_rsa.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+ssl_rsa.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+ssl_rsa.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+ssl_rsa.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+ssl_rsa.o: ../include/openssl/x509_vfy.h ssl_locl.h
+ssl_sess.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+ssl_sess.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+ssl_sess.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+ssl_sess.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+ssl_sess.o: ../include/openssl/des.h ../include/openssl/dh.h
+ssl_sess.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+ssl_sess.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+ssl_sess.o: ../include/openssl/evp.h ../include/openssl/idea.h
+ssl_sess.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+ssl_sess.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+ssl_sess.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+ssl_sess.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+ssl_sess.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ssl_sess.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+ssl_sess.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+ssl_sess.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+ssl_sess.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ssl_sess.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+ssl_sess.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+ssl_sess.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+ssl_sess.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+ssl_stat.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+ssl_stat.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+ssl_stat.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+ssl_stat.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+ssl_stat.o: ../include/openssl/des.h ../include/openssl/dh.h
+ssl_stat.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+ssl_stat.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+ssl_stat.o: ../include/openssl/evp.h ../include/openssl/idea.h
+ssl_stat.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+ssl_stat.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+ssl_stat.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+ssl_stat.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+ssl_stat.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ssl_stat.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+ssl_stat.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+ssl_stat.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+ssl_stat.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+ssl_stat.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+ssl_stat.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+ssl_stat.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+ssl_stat.o: ../include/openssl/x509_vfy.h ssl_locl.h
+ssl_txt.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+ssl_txt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+ssl_txt.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+ssl_txt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+ssl_txt.o: ../include/openssl/des.h ../include/openssl/dh.h
+ssl_txt.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+ssl_txt.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+ssl_txt.o: ../include/openssl/evp.h ../include/openssl/idea.h
+ssl_txt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+ssl_txt.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+ssl_txt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+ssl_txt.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+ssl_txt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ssl_txt.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+ssl_txt.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+ssl_txt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+ssl_txt.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+ssl_txt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+ssl_txt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+ssl_txt.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+ssl_txt.o: ../include/openssl/x509_vfy.h ssl_locl.h
+t1_clnt.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+t1_clnt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+t1_clnt.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+t1_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+t1_clnt.o: ../include/openssl/des.h ../include/openssl/dh.h
+t1_clnt.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+t1_clnt.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+t1_clnt.o: ../include/openssl/evp.h ../include/openssl/idea.h
+t1_clnt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+t1_clnt.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+t1_clnt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+t1_clnt.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+t1_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+t1_clnt.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+t1_clnt.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+t1_clnt.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+t1_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+t1_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+t1_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+t1_clnt.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+t1_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+t1_enc.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+t1_enc.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+t1_enc.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+t1_enc.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+t1_enc.o: ../include/openssl/des.h ../include/openssl/dh.h
+t1_enc.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+t1_enc.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+t1_enc.o: ../include/openssl/evp.h ../include/openssl/hmac.h
+t1_enc.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+t1_enc.o: ../include/openssl/md2.h ../include/openssl/md5.h
+t1_enc.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+t1_enc.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+t1_enc.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+t1_enc.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+t1_enc.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+t1_enc.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+t1_enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+t1_enc.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+t1_enc.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+t1_enc.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+t1_enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+t1_lib.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+t1_lib.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+t1_lib.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+t1_lib.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+t1_lib.o: ../include/openssl/des.h ../include/openssl/dh.h
+t1_lib.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+t1_lib.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+t1_lib.o: ../include/openssl/evp.h ../include/openssl/idea.h
+t1_lib.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+t1_lib.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+t1_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+t1_lib.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+t1_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+t1_lib.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+t1_lib.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+t1_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+t1_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+t1_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+t1_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+t1_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+t1_lib.o: ../include/openssl/x509_vfy.h ssl_locl.h
+t1_meth.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+t1_meth.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+t1_meth.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+t1_meth.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+t1_meth.o: ../include/openssl/des.h ../include/openssl/dh.h
+t1_meth.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+t1_meth.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+t1_meth.o: ../include/openssl/evp.h ../include/openssl/idea.h
+t1_meth.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+t1_meth.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+t1_meth.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+t1_meth.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+t1_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+t1_meth.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+t1_meth.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+t1_meth.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+t1_meth.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+t1_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+t1_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+t1_meth.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+t1_meth.o: ../include/openssl/x509_vfy.h ssl_locl.h
+t1_srvr.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+t1_srvr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+t1_srvr.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+t1_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+t1_srvr.o: ../include/openssl/des.h ../include/openssl/dh.h
+t1_srvr.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+t1_srvr.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+t1_srvr.o: ../include/openssl/evp.h ../include/openssl/idea.h
+t1_srvr.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+t1_srvr.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+t1_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+t1_srvr.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+t1_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+t1_srvr.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+t1_srvr.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+t1_srvr.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+t1_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+t1_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+t1_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+t1_srvr.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+t1_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
diff --git a/crypto/openssl/ssl/bio_ssl.c b/crypto/openssl/ssl/bio_ssl.c
new file mode 100644
index 000000000000..f62cde4e5d51
--- /dev/null
+++ b/crypto/openssl/ssl/bio_ssl.c
@@ -0,0 +1,555 @@
+/* ssl/bio_ssl.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+static int ssl_write(BIO *h,char *buf,int num);
+static int ssl_read(BIO *h,char *buf,int size);
+static int ssl_puts(BIO *h,char *str);
+static long ssl_ctrl(BIO *h,int cmd,long arg1,char *arg2);
+static int ssl_new(BIO *h);
+static int ssl_free(BIO *data);
+typedef struct bio_ssl_st
+	{
+	SSL *ssl; /* The ssl handle :-) */
+	/* re-negotiate every time the total number of bytes is this size */
+	int num_renegotiates;
+	unsigned long renegotiate_count;
+	unsigned long byte_count;
+	unsigned long renegotiate_timeout;
+	unsigned long last_time;
+	} BIO_SSL;
+
+static BIO_METHOD methods_sslp=
+	{
+	BIO_TYPE_SSL,"ssl",
+	ssl_write,
+	ssl_read,
+	ssl_puts,
+	NULL, /* ssl_gets, */
+	ssl_ctrl,
+	ssl_new,
+	ssl_free,
+	};
+
+BIO_METHOD *BIO_f_ssl(void)
+	{
+	return(&methods_sslp);
+	}
+
+static int ssl_new(BIO *bi)
+	{
+	BIO_SSL *bs;
+
+	bs=(BIO_SSL *)Malloc(sizeof(BIO_SSL));
+	if (bs == NULL)
+		{
+		BIOerr(BIO_F_SSL_NEW,ERR_R_MALLOC_FAILURE);
+		return(0);
+		}
+	memset(bs,0,sizeof(BIO_SSL));
+	bi->init=0;
+	bi->ptr=(char *)bs;
+	bi->flags=0;
+	return(1);
+	}
+
+static int ssl_free(BIO *a)
+	{
+	BIO_SSL *bs;
+
+	if (a == NULL) return(0);
+	bs=(BIO_SSL *)a->ptr;
+	if (bs->ssl != NULL) SSL_shutdown(bs->ssl);
+	if (a->shutdown)
+		{
+		if (a->init && (bs->ssl != NULL))
+			SSL_free(bs->ssl);
+		a->init=0;
+		a->flags=0;
+		}
+	if (a->ptr != NULL)
+		Free(a->ptr);
+	return(1);
+	}
+	
+static int ssl_read(BIO *b, char *out, int outl)
+	{
+	int ret=1;
+	BIO_SSL *sb;
+	SSL *ssl;
+	int retry_reason=0;
+	int r=0;
+
+	if (out == NULL) return(0);
+	sb=(BIO_SSL *)b->ptr;
+	ssl=sb->ssl;
+
+	BIO_clear_retry_flags(b);
+
+#if 0
+	if (!SSL_is_init_finished(ssl))
+		{
+/*		ret=SSL_do_handshake(ssl); */
+		if (ret > 0)
+			{
+
+			outflags=(BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY);
+			ret= -1;
+			goto end;
+			}
+		}
+#endif
+/*	if (ret > 0) */
+	ret=SSL_read(ssl,out,outl);
+
+	switch (SSL_get_error(ssl,ret))
+		{
+	case SSL_ERROR_NONE:
+		if (ret <= 0) break;
+		if (sb->renegotiate_count > 0)
+			{
+			sb->byte_count+=ret;
+			if (sb->byte_count > sb->renegotiate_count)
+				{
+				sb->byte_count=0;
+				sb->num_renegotiates++;
+				SSL_renegotiate(ssl);
+				r=1;
+				}
+			}
+		if ((sb->renegotiate_timeout > 0) && (!r))
+			{
+			unsigned long tm;
+
+			tm=(unsigned long)time(NULL);
+			if (tm > sb->last_time+sb->renegotiate_timeout)
+				{
+				sb->last_time=tm;
+				sb->num_renegotiates++;
+				SSL_renegotiate(ssl);
+				}
+			}
+
+		break;
+	case SSL_ERROR_WANT_READ:
+		BIO_set_retry_read(b);
+		break;
+	case SSL_ERROR_WANT_WRITE:
+		BIO_set_retry_write(b);
+		break;
+	case SSL_ERROR_WANT_X509_LOOKUP:
+		BIO_set_retry_special(b);
+		retry_reason=BIO_RR_SSL_X509_LOOKUP;
+		break;
+	case SSL_ERROR_WANT_CONNECT:
+		BIO_set_retry_special(b);
+		retry_reason=BIO_RR_CONNECT;
+		break;
+	case SSL_ERROR_SYSCALL:
+	case SSL_ERROR_SSL:
+	case SSL_ERROR_ZERO_RETURN:
+	default:
+		break;
+		}
+
+	b->retry_reason=retry_reason;
+	return(ret);
+	}
+
+static int ssl_write(BIO *b, char *out, int outl)
+	{
+	int ret,r=0;
+	int retry_reason=0;
+	SSL *ssl;
+	BIO_SSL *bs;
+
+	if (out == NULL) return(0);
+	bs=(BIO_SSL *)b->ptr;
+	ssl=bs->ssl;
+
+	BIO_clear_retry_flags(b);
+
+/*	ret=SSL_do_handshake(ssl);
+	if (ret > 0) */
+	ret=SSL_write(ssl,out,outl);
+
+	switch (SSL_get_error(ssl,ret))
+		{
+	case SSL_ERROR_NONE:
+		if (ret <= 0) break;
+		if (bs->renegotiate_count > 0)
+			{
+			bs->byte_count+=ret;
+			if (bs->byte_count > bs->renegotiate_count)
+				{
+				bs->byte_count=0;
+				bs->num_renegotiates++;
+				SSL_renegotiate(ssl);
+				r=1;
+				}
+			}
+		if ((bs->renegotiate_timeout > 0) && (!r))
+			{
+			unsigned long tm;
+
+			tm=(unsigned long)time(NULL);
+			if (tm > bs->last_time+bs->renegotiate_timeout)
+				{
+				bs->last_time=tm;
+				bs->num_renegotiates++;
+				SSL_renegotiate(ssl);
+				}
+			}
+		break;
+	case SSL_ERROR_WANT_WRITE:
+		BIO_set_retry_write(b);
+		break;
+	case SSL_ERROR_WANT_READ:
+		BIO_set_retry_read(b);
+		break;
+	case SSL_ERROR_WANT_X509_LOOKUP:
+		BIO_set_retry_special(b);
+		retry_reason=BIO_RR_SSL_X509_LOOKUP;
+		break;
+	case SSL_ERROR_WANT_CONNECT:
+		BIO_set_retry_special(b);
+		retry_reason=BIO_RR_CONNECT;
+	case SSL_ERROR_SYSCALL:
+	case SSL_ERROR_SSL:
+	default:
+		break;
+		}
+
+	b->retry_reason=retry_reason;
+	return(ret);
+	}
+
+static long ssl_ctrl(BIO *b, int cmd, long num, char *ptr)
+	{
+	SSL **sslp,*ssl;
+	BIO_SSL *bs;
+	BIO *dbio,*bio;
+	long ret=1;
+
+	bs=(BIO_SSL *)b->ptr;
+	ssl=bs->ssl;
+	if ((ssl == NULL)  && (cmd != BIO_C_SET_SSL))
+		return(0);
+	switch (cmd)
+		{
+	case BIO_CTRL_RESET:
+		SSL_shutdown(ssl);
+
+		if (ssl->handshake_func == ssl->method->ssl_connect)
+			SSL_set_connect_state(ssl);
+		else if (ssl->handshake_func == ssl->method->ssl_accept)
+			SSL_set_accept_state(ssl);
+
+		SSL_clear(ssl);
+
+		if (b->next_bio != NULL)
+			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+		else if (ssl->rbio != NULL)
+			ret=BIO_ctrl(ssl->rbio,cmd,num,ptr);
+		else
+			ret=1;
+		break;
+	case BIO_CTRL_INFO:
+		ret=0;
+		break;
+	case BIO_C_SSL_MODE:
+		if (num) /* client mode */
+			SSL_set_connect_state(ssl);
+		else
+			SSL_set_accept_state(ssl);
+		break;
+	case BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT:
+		ret=bs->renegotiate_timeout;
+		if (num < 60) num=5;
+		bs->renegotiate_timeout=(unsigned long)num;
+		bs->last_time=(unsigned long)time(NULL);
+		break;
+	case BIO_C_SET_SSL_RENEGOTIATE_BYTES:
+		ret=bs->renegotiate_count;
+		if ((long)num >=512)
+			bs->renegotiate_count=(unsigned long)num;
+		break;
+	case BIO_C_GET_SSL_NUM_RENEGOTIATES:
+		ret=bs->num_renegotiates;
+		break;
+	case BIO_C_SET_SSL:
+		if (ssl != NULL)
+			ssl_free(b);
+		b->shutdown=(int)num;
+		ssl=(SSL *)ptr;
+		((BIO_SSL *)b->ptr)->ssl=ssl;
+		bio=SSL_get_rbio(ssl);
+		if (bio != NULL)
+			{
+			if (b->next_bio != NULL)
+				BIO_push(bio,b->next_bio);
+			b->next_bio=bio;
+			CRYPTO_add(&bio->references,1,CRYPTO_LOCK_BIO);
+			}
+		b->init=1;
+		break;
+	case BIO_C_GET_SSL:
+		if (ptr != NULL)
+			{
+			sslp=(SSL **)ptr;
+			*sslp=ssl;
+			}
+		else
+			ret=0;
+		break;
+	case BIO_CTRL_GET_CLOSE:
+		ret=b->shutdown;
+		break;
+	case BIO_CTRL_SET_CLOSE:
+		b->shutdown=(int)num;
+		break;
+	case BIO_CTRL_WPENDING:
+		ret=BIO_ctrl(ssl->wbio,cmd,num,ptr);
+		break;
+	case BIO_CTRL_PENDING:
+		ret=SSL_pending(ssl);
+		if (ret == 0)
+			ret=BIO_pending(ssl->rbio);
+		break;
+	case BIO_CTRL_FLUSH:
+		BIO_clear_retry_flags(b);
+		ret=BIO_ctrl(ssl->wbio,cmd,num,ptr);
+		BIO_copy_next_retry(b);
+		break;
+	case BIO_CTRL_PUSH:
+		if ((b->next_bio != NULL) && (b->next_bio != ssl->rbio))
+			{
+			SSL_set_bio(ssl,b->next_bio,b->next_bio);
+			CRYPTO_add(&b->next_bio->references,1,CRYPTO_LOCK_BIO);
+			}
+		break;
+	case BIO_CTRL_POP:
+		/* ugly bit of a hack */
+		if (ssl->rbio != ssl->wbio) /* we are in trouble :-( */
+			{
+			BIO_free_all(ssl->wbio);
+			}
+		ssl->wbio=NULL;
+		ssl->rbio=NULL;
+		break;
+	case BIO_C_DO_STATE_MACHINE:
+		BIO_clear_retry_flags(b);
+
+		b->retry_reason=0;
+		ret=(int)SSL_do_handshake(ssl);
+
+		switch (SSL_get_error(ssl,(int)ret))
+			{
+		case SSL_ERROR_WANT_READ:
+			BIO_set_flags(b,
+				BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY);
+			break;
+		case SSL_ERROR_WANT_WRITE:
+			BIO_set_flags(b,
+				BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY);
+			break;
+		case SSL_ERROR_WANT_CONNECT:
+			BIO_set_flags(b,
+				BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY);
+			b->retry_reason=b->next_bio->retry_reason;
+			break;
+		default:
+			break;
+			}
+		break;
+	case BIO_CTRL_DUP:
+		dbio=(BIO *)ptr;
+		if (((BIO_SSL *)dbio->ptr)->ssl != NULL)
+			SSL_free(((BIO_SSL *)dbio->ptr)->ssl);
+		((BIO_SSL *)dbio->ptr)->ssl=SSL_dup(ssl);
+		((BIO_SSL *)dbio->ptr)->renegotiate_count=
+			((BIO_SSL *)b->ptr)->renegotiate_count;
+		((BIO_SSL *)dbio->ptr)->byte_count=
+			((BIO_SSL *)b->ptr)->byte_count;
+		((BIO_SSL *)dbio->ptr)->renegotiate_timeout=
+			((BIO_SSL *)b->ptr)->renegotiate_timeout;
+		((BIO_SSL *)dbio->ptr)->last_time=
+			((BIO_SSL *)b->ptr)->last_time;
+		ret=(((BIO_SSL *)dbio->ptr)->ssl != NULL);
+		break;
+	case BIO_C_GET_FD:
+		ret=BIO_ctrl(ssl->rbio,cmd,num,ptr);
+		break;
+	case BIO_CTRL_SET_CALLBACK:
+		SSL_set_info_callback(ssl,(void (*)())ptr);
+		break;
+	case BIO_CTRL_GET_CALLBACK:
+		{
+		void (**fptr)();
+
+		fptr=(void (**)())ptr;
+		*fptr=SSL_get_info_callback(ssl);
+		}
+		break;
+	default:
+		ret=BIO_ctrl(ssl->rbio,cmd,num,ptr);
+		break;
+		}
+	return(ret);
+	}
+
+static int ssl_puts(BIO *bp, char *str)
+	{
+	int n,ret;
+
+	n=strlen(str);
+	ret=BIO_write(bp,str,n);
+	return(ret);
+	}
+
+BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx)
+	{
+	BIO *ret=NULL,*buf=NULL,*ssl=NULL;
+
+	if ((buf=BIO_new(BIO_f_buffer())) == NULL)
+		return(NULL);
+	if ((ssl=BIO_new_ssl_connect(ctx)) == NULL)
+		goto err;
+	if ((ret=BIO_push(buf,ssl)) == NULL)
+		goto err;
+	return(ret);
+err:
+	if (buf != NULL) BIO_free(buf);
+	if (ssl != NULL) BIO_free(ssl);
+	return(NULL);
+	}
+
+BIO *BIO_new_ssl_connect(SSL_CTX *ctx)
+	{
+	BIO *ret=NULL,*con=NULL,*ssl=NULL;
+
+	if ((con=BIO_new(BIO_s_connect())) == NULL)
+		return(NULL);
+	if ((ssl=BIO_new_ssl(ctx,1)) == NULL)
+		goto err;
+	if ((ret=BIO_push(ssl,con)) == NULL)
+		goto err;
+	return(ret);
+err:
+	if (con != NULL) BIO_free(con);
+	if (ret != NULL) BIO_free(ret);
+	return(NULL);
+	}
+
+BIO *BIO_new_ssl(SSL_CTX *ctx, int client)
+	{
+	BIO *ret;
+	SSL *ssl;
+
+	if ((ret=BIO_new(BIO_f_ssl())) == NULL)
+		return(NULL);
+	if ((ssl=SSL_new(ctx)) == NULL)
+		{
+		BIO_free(ret);
+		return(NULL);
+		}
+	if (client)
+		SSL_set_connect_state(ssl);
+	else
+		SSL_set_accept_state(ssl);
+		
+	BIO_set_ssl(ret,ssl,BIO_CLOSE);
+	return(ret);
+	}
+
+int BIO_ssl_copy_session_id(BIO *t, BIO *f)
+	{
+	t=BIO_find_type(t,BIO_TYPE_SSL);
+	f=BIO_find_type(f,BIO_TYPE_SSL);
+	if ((t == NULL) || (f == NULL))
+		return(0);
+	if (	(((BIO_SSL *)t->ptr)->ssl == NULL) || 
+		(((BIO_SSL *)f->ptr)->ssl == NULL))
+		return(0);
+	SSL_copy_session_id(((BIO_SSL *)t->ptr)->ssl,((BIO_SSL *)f->ptr)->ssl);
+	return(1);
+	}
+
+void BIO_ssl_shutdown(BIO *b)
+	{
+	SSL *s;
+
+	while (b != NULL)
+		{
+		if (b->method->type == BIO_TYPE_SSL)
+			{
+			s=((BIO_SSL *)b->ptr)->ssl;
+			SSL_shutdown(s);
+			break;
+			}
+		b=b->next_bio;
+		}
+	}
diff --git a/crypto/openssl/ssl/s23_clnt.c b/crypto/openssl/ssl/s23_clnt.c
new file mode 100644
index 000000000000..299d2ae5d28e
--- /dev/null
+++ b/crypto/openssl/ssl/s23_clnt.c
@@ -0,0 +1,465 @@
+/* ssl/s23_clnt.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include "ssl_locl.h"
+
+static SSL_METHOD *ssl23_get_client_method(int ver);
+static int ssl23_client_hello(SSL *s);
+static int ssl23_get_server_hello(SSL *s);
+static SSL_METHOD *ssl23_get_client_method(int ver)
+	{
+	if (ver == SSL2_VERSION)
+		return(SSLv2_client_method());
+	if (ver == SSL3_VERSION)
+		return(SSLv3_client_method());
+	else if (ver == TLS1_VERSION)
+		return(TLSv1_client_method());
+	else
+		return(NULL);
+	}
+
+SSL_METHOD *SSLv23_client_method(void)
+	{
+	static int init=1;
+	static SSL_METHOD SSLv23_client_data;
+
+	if (init)
+		{
+		memcpy((char *)&SSLv23_client_data,
+			(char *)sslv23_base_method(),sizeof(SSL_METHOD));
+		SSLv23_client_data.ssl_connect=ssl23_connect;
+		SSLv23_client_data.get_ssl_method=ssl23_get_client_method;
+		init=0;
+		}
+	return(&SSLv23_client_data);
+	}
+
+int ssl23_connect(SSL *s)
+	{
+	BUF_MEM *buf;
+	unsigned long Time=time(NULL);
+	void (*cb)()=NULL;
+	int ret= -1;
+	int new_state,state;
+
+	RAND_seed(&Time,sizeof(Time));
+	ERR_clear_error();
+	clear_sys_error();
+
+	if (s->info_callback != NULL)
+		cb=s->info_callback;
+	else if (s->ctx->info_callback != NULL)
+		cb=s->ctx->info_callback;
+	
+	if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 
+	s->in_handshake++;
+
+	for (;;)
+		{
+		state=s->state;
+
+		switch(s->state)
+			{
+		case SSL_ST_BEFORE:
+		case SSL_ST_CONNECT:
+		case SSL_ST_BEFORE|SSL_ST_CONNECT:
+		case SSL_ST_OK|SSL_ST_CONNECT:
+
+			if (s->session != NULL)
+				{
+				SSLerr(SSL_F_SSL23_CONNECT,SSL_R_SSL23_DOING_SESSION_ID_REUSE);
+				ret= -1;
+				goto end;
+				}
+			s->server=0;
+			if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
+
+			/* s->version=TLS1_VERSION; */
+			s->type=SSL_ST_CONNECT;
+
+			if (s->init_buf == NULL)
+				{
+				if ((buf=BUF_MEM_new()) == NULL)
+					{
+					ret= -1;
+					goto end;
+					}
+				if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
+					{
+					ret= -1;
+					goto end;
+					}
+				s->init_buf=buf;
+				}
+
+			if (!ssl3_setup_buffers(s)) { ret= -1; goto end; }
+
+			ssl3_init_finished_mac(s);
+
+			s->state=SSL23_ST_CW_CLNT_HELLO_A;
+			s->ctx->stats.sess_connect++;
+			s->init_num=0;
+			break;
+
+		case SSL23_ST_CW_CLNT_HELLO_A:
+		case SSL23_ST_CW_CLNT_HELLO_B:
+
+			s->shutdown=0;
+			ret=ssl23_client_hello(s);
+			if (ret <= 0) goto end;
+			s->state=SSL23_ST_CR_SRVR_HELLO_A;
+			s->init_num=0;
+
+			break;
+
+		case SSL23_ST_CR_SRVR_HELLO_A:
+		case SSL23_ST_CR_SRVR_HELLO_B:
+			ret=ssl23_get_server_hello(s);
+			if (ret >= 0) cb=NULL;
+			goto end;
+			/* break; */
+
+		default:
+			SSLerr(SSL_F_SSL23_CONNECT,SSL_R_UNKNOWN_STATE);
+			ret= -1;
+			goto end;
+			/* break; */
+			}
+
+		if (s->debug) { (void)BIO_flush(s->wbio); }
+
+		if ((cb != NULL) && (s->state != state))
+			{
+			new_state=s->state;
+			s->state=state;
+			cb(s,SSL_CB_CONNECT_LOOP,1);
+			s->state=new_state;
+			}
+		}
+end:
+	s->in_handshake--;
+	if (cb != NULL)
+		cb(s,SSL_CB_CONNECT_EXIT,ret);
+	return(ret);
+	}
+
+
+static int ssl23_client_hello(SSL *s)
+	{
+	unsigned char *buf;
+	unsigned char *p,*d;
+	int i,ch_len;
+
+	buf=(unsigned char *)s->init_buf->data;
+	if (s->state == SSL23_ST_CW_CLNT_HELLO_A)
+		{
+#if 0
+		/* don't reuse session-id's */
+		if (!ssl_get_new_session(s,0))
+			{
+			return(-1);
+			}
+#endif
+
+		p=s->s3->client_random;
+		RAND_bytes(p,SSL3_RANDOM_SIZE);
+
+		/* Do the message type and length last */
+		d= &(buf[2]);
+		p=d+9;
+
+		*(d++)=SSL2_MT_CLIENT_HELLO;
+		if (!(s->options & SSL_OP_NO_TLSv1))
+			{
+			*(d++)=TLS1_VERSION_MAJOR;
+			*(d++)=TLS1_VERSION_MINOR;
+			s->client_version=TLS1_VERSION;
+			}
+		else if (!(s->options & SSL_OP_NO_SSLv3))
+			{
+			*(d++)=SSL3_VERSION_MAJOR;
+			*(d++)=SSL3_VERSION_MINOR;
+			s->client_version=SSL3_VERSION;
+			}
+		else if (!(s->options & SSL_OP_NO_SSLv2))
+			{
+			*(d++)=SSL2_VERSION_MAJOR;
+			*(d++)=SSL2_VERSION_MINOR;
+			s->client_version=SSL2_VERSION;
+			}
+		else
+			{
+			SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_PROTOCOLS_AVAILABLE);
+			return(-1);
+			}
+
+		/* Ciphers supported */
+		i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),p);
+		if (i == 0)
+			{
+			/* no ciphers */
+			SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
+			return(-1);
+			}
+		s2n(i,d);
+		p+=i;
+
+		/* put in the session-id, zero since there is no
+		 * reuse. */
+#if 0
+		s->session->session_id_length=0;
+#endif
+		s2n(0,d);
+
+		if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG)
+			ch_len=SSL2_CHALLENGE_LENGTH;
+		else
+			ch_len=SSL2_MAX_CHALLENGE_LENGTH;
+
+		/* write out sslv2 challenge */
+		if (SSL3_RANDOM_SIZE < ch_len)
+			i=SSL3_RANDOM_SIZE;
+		else
+			i=ch_len;
+		s2n(i,d);
+		memset(&(s->s3->client_random[0]),0,SSL3_RANDOM_SIZE);
+		RAND_bytes(&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i);
+		memcpy(p,&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i);
+		p+=i;
+
+		i= p- &(buf[2]);
+		buf[0]=((i>>8)&0xff)|0x80;
+		buf[1]=(i&0xff);
+
+		s->state=SSL23_ST_CW_CLNT_HELLO_B;
+		/* number of bytes to write */
+		s->init_num=i+2;
+		s->init_off=0;
+
+		ssl3_finish_mac(s,&(buf[2]),i);
+		}
+
+	/* SSL3_ST_CW_CLNT_HELLO_B */
+	return(ssl23_write_bytes(s));
+	}
+
+static int ssl23_get_server_hello(SSL *s)
+	{
+	char buf[8];
+	unsigned char *p;
+	int i,ch_len;
+	int n;
+
+	n=ssl23_read_bytes(s,7);
+
+	if (n != 7) return(n);
+	p=s->packet;
+
+	memcpy(buf,p,n);
+
+	if ((p[0] & 0x80) && (p[2] == SSL2_MT_SERVER_HELLO) &&
+		(p[5] == 0x00) && (p[6] == 0x02))
+		{
+		/* we are talking sslv2 */
+		/* we need to clean up the SSLv3 setup and put in the
+		 * sslv2 stuff. */
+
+		if (s->options & SSL_OP_NO_SSLv2)
+			{
+			SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
+			goto err;
+			}
+		if (s->s2 == NULL)
+			{
+			if (!ssl2_new(s))
+				goto err;
+			}
+		else
+			ssl2_clear(s);
+
+		if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG)
+			ch_len=SSL2_CHALLENGE_LENGTH;
+		else
+			ch_len=SSL2_MAX_CHALLENGE_LENGTH;
+
+		/* write out sslv2 challenge */
+		i=(SSL3_RANDOM_SIZE < ch_len)
+			?SSL3_RANDOM_SIZE:ch_len;
+		s->s2->challenge_length=i;
+		memcpy(s->s2->challenge,
+			&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i);
+
+		if (s->s3 != NULL) ssl3_free(s);
+
+		if (!BUF_MEM_grow(s->init_buf,
+			SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER))
+			{
+			SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,ERR_R_BUF_LIB);
+			goto err;
+			}
+
+		s->state=SSL2_ST_GET_SERVER_HELLO_A;
+		s->s2->ssl2_rollback=1;
+
+		/* setup the 5 bytes we have read so we get them from
+		 * the sslv2 buffer */
+		s->rstate=SSL_ST_READ_HEADER;
+		s->packet_length=n;
+		s->packet= &(s->s2->rbuf[0]);
+		memcpy(s->packet,buf,n);
+		s->s2->rbuf_left=n;
+		s->s2->rbuf_offs=0;
+
+		/* we have already written one */
+		s->s2->write_sequence=1;
+
+		s->method=SSLv2_client_method();
+		s->handshake_func=s->method->ssl_connect;
+		}
+	else if ((p[0] == SSL3_RT_HANDSHAKE) &&
+		 (p[1] == SSL3_VERSION_MAJOR) &&
+		 ((p[2] == SSL3_VERSION_MINOR) ||
+		  (p[2] == TLS1_VERSION_MINOR)) &&
+		 (p[5] == SSL3_MT_SERVER_HELLO))
+		{
+		/* we have sslv3 or tls1 */
+
+		if (!ssl_init_wbio_buffer(s,1)) goto err;
+
+		/* we are in this state */
+		s->state=SSL3_ST_CR_SRVR_HELLO_A;
+
+		/* put the 5 bytes we have read into the input buffer
+		 * for SSLv3 */
+		s->rstate=SSL_ST_READ_HEADER;
+		s->packet_length=n;
+		s->packet= &(s->s3->rbuf.buf[0]);
+		memcpy(s->packet,buf,n);
+		s->s3->rbuf.left=n;
+		s->s3->rbuf.offset=0;
+
+		if ((p[2] == SSL3_VERSION_MINOR) &&
+			!(s->options & SSL_OP_NO_SSLv3))
+			{
+			s->version=SSL3_VERSION;
+			s->method=SSLv3_client_method();
+			}
+		else if ((p[2] == TLS1_VERSION_MINOR) &&
+			!(s->options & SSL_OP_NO_TLSv1))
+			{
+			s->version=TLS1_VERSION;
+			s->method=TLSv1_client_method();
+			}
+		else
+			{
+			SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
+			goto err;
+			}
+			
+		s->handshake_func=s->method->ssl_connect;
+		}
+	else if ((p[0] == SSL3_RT_ALERT) &&
+		 (p[1] == SSL3_VERSION_MAJOR) &&
+		 ((p[2] == SSL3_VERSION_MINOR) ||
+		  (p[2] == TLS1_VERSION_MINOR)) &&
+		 (p[3] == 0) &&
+		 (p[4] == 2))
+		{
+		void (*cb)()=NULL;
+		int j;
+
+		/* An alert */
+		if (s->info_callback != NULL)
+			cb=s->info_callback;
+		else if (s->ctx->info_callback != NULL)
+			cb=s->ctx->info_callback;
+ 
+		i=p[5];
+		if (cb != NULL)
+			{
+			j=(i<<8)|p[6];
+			cb(s,SSL_CB_READ_ALERT,j);
+			}
+
+		s->rwstate=SSL_NOTHING;
+		SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_AD_REASON_OFFSET+p[6]);
+		goto err;
+		}
+	else
+		{
+		SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNKNOWN_PROTOCOL);
+		goto err;
+		}
+	s->init_num=0;
+
+	/* Since, if we are sending a ssl23 client hello, we are not
+	 * reusing a session-id */
+	if (!ssl_get_new_session(s,0))
+		goto err;
+
+	s->first_packet=1;
+	return(SSL_connect(s));
+err:
+	return(-1);
+	}
+
diff --git a/crypto/openssl/ssl/s23_lib.c b/crypto/openssl/ssl/s23_lib.c
new file mode 100644
index 000000000000..822a3958372d
--- /dev/null
+++ b/crypto/openssl/ssl/s23_lib.c
@@ -0,0 +1,213 @@
+/* ssl/s23_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include "ssl_locl.h"
+
+static int ssl23_num_ciphers(void );
+static SSL_CIPHER *ssl23_get_cipher(unsigned int u);
+static int ssl23_read(SSL *s, void *buf, int len);
+static int ssl23_write(SSL *s, const void *buf, int len);
+static long ssl23_default_timeout(void );
+static int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p);
+static SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p);
+char *SSL23_version_str="SSLv2/3 compatibility" OPENSSL_VERSION_PTEXT;
+
+static SSL_METHOD SSLv23_data= {
+	TLS1_VERSION,
+	tls1_new,
+	tls1_clear,
+	tls1_free,
+	ssl_undefined_function,
+	ssl_undefined_function,
+	ssl23_read,
+	(int (*)(struct ssl_st *, char *, int))ssl_undefined_function,
+	ssl23_write,
+	ssl_undefined_function,
+	ssl_undefined_function,
+	ssl_ok,
+	ssl3_ctrl,
+	ssl3_ctx_ctrl,
+	ssl23_get_cipher_by_char,
+	ssl23_put_cipher_by_char,
+	ssl_undefined_function,
+	ssl23_num_ciphers,
+	ssl23_get_cipher,
+	ssl_bad_method,
+	ssl23_default_timeout,
+	&ssl3_undef_enc_method,
+	};
+
+static long ssl23_default_timeout(void)
+	{
+	return(300);
+	}
+
+SSL_METHOD *sslv23_base_method(void)
+	{
+	return(&SSLv23_data);
+	}
+
+static int ssl23_num_ciphers(void)
+	{
+	return(ssl3_num_ciphers()+ssl2_num_ciphers());
+	}
+
+static SSL_CIPHER *ssl23_get_cipher(unsigned int u)
+	{
+	unsigned int uu=ssl3_num_ciphers();
+
+	if (u < uu)
+		return(ssl3_get_cipher(u));
+	else
+		return(ssl2_get_cipher(u-uu));
+	}
+
+/* This function needs to check if the ciphers required are actually
+ * available */
+static SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p)
+	{
+	SSL_CIPHER c,*cp;
+	unsigned long id;
+	int n;
+
+	n=ssl3_num_ciphers();
+	id=0x03000000|((unsigned long)p[0]<<16L)|
+		((unsigned long)p[1]<<8L)|(unsigned long)p[2];
+	c.id=id;
+	cp=ssl3_get_cipher_by_char(p);
+	if (cp == NULL)
+		cp=ssl2_get_cipher_by_char(p);
+	return(cp);
+	}
+
+static int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
+	{
+	long l;
+
+	/* We can write SSLv2 and SSLv3 ciphers */
+	if (p != NULL)
+		{
+		l=c->id;
+		p[0]=((unsigned char)(l>>16L))&0xFF;
+		p[1]=((unsigned char)(l>> 8L))&0xFF;
+		p[2]=((unsigned char)(l     ))&0xFF;
+		}
+	return(3);
+	}
+
+static int ssl23_read(SSL *s, void *buf, int len)
+	{
+	int n;
+
+#if 0
+	if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
+		{
+		s->rwstate=SSL_NOTHING;
+		return(0);
+		}
+#endif
+	clear_sys_error();
+	if (SSL_in_init(s) && (!s->in_handshake))
+		{
+		n=s->handshake_func(s);
+		if (n < 0) return(n);
+		if (n == 0)
+			{
+			SSLerr(SSL_F_SSL23_READ,SSL_R_SSL_HANDSHAKE_FAILURE);
+			return(-1);
+			}
+		return(SSL_read(s,buf,len));
+		}
+	else
+		{
+		ssl_undefined_function(s);
+		return(-1);
+		}
+	}
+
+static int ssl23_write(SSL *s, const void *buf, int len)
+	{
+	int n;
+
+#if 0
+	if (s->shutdown & SSL_SENT_SHUTDOWN)
+		{
+		s->rwstate=SSL_NOTHING;
+		return(0);
+		}
+#endif
+	clear_sys_error();
+	if (SSL_in_init(s) && (!s->in_handshake))
+		{
+		n=s->handshake_func(s);
+		if (n < 0) return(n);
+		if (n == 0)
+			{
+			SSLerr(SSL_F_SSL23_WRITE,SSL_R_SSL_HANDSHAKE_FAILURE);
+			return(-1);
+			}
+		return(SSL_write(s,buf,len));
+		}
+	else
+		{
+		ssl_undefined_function(s);
+		return(-1);
+		}
+	}
diff --git a/crypto/openssl/ssl/s23_meth.c b/crypto/openssl/ssl/s23_meth.c
new file mode 100644
index 000000000000..b52ca1d58b3f
--- /dev/null
+++ b/crypto/openssl/ssl/s23_meth.c
@@ -0,0 +1,92 @@
+/* ssl/s23_meth.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include "ssl_locl.h"
+
+static SSL_METHOD *ssl23_get_method(int ver);
+static SSL_METHOD *ssl23_get_method(int ver)
+	{
+	if (ver == SSL2_VERSION)
+		return(SSLv23_method());
+	else if (ver == SSL3_VERSION)
+		return(SSLv3_method());
+	else if (ver == TLS1_VERSION)
+		return(TLSv1_method());
+	else
+		return(NULL);
+	}
+
+SSL_METHOD *SSLv23_method(void)
+	{
+	static int init=1;
+	static SSL_METHOD SSLv23_data;
+
+	if (init)
+		{
+		memcpy((char *)&SSLv23_data,(char *)sslv23_base_method(),
+			sizeof(SSL_METHOD));
+		SSLv23_data.ssl_connect=ssl23_connect;
+		SSLv23_data.ssl_accept=ssl23_accept;
+		SSLv23_data.get_ssl_method=ssl23_get_method;
+		init=0;
+		}
+	return(&SSLv23_data);
+	}
+
diff --git a/crypto/openssl/ssl/s23_pkt.c b/crypto/openssl/ssl/s23_pkt.c
new file mode 100644
index 000000000000..8370ea508c7e
--- /dev/null
+++ b/crypto/openssl/ssl/s23_pkt.c
@@ -0,0 +1,117 @@
+/* ssl/s23_pkt.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#define USE_SOCKETS
+#include 
+#include 
+#include "ssl_locl.h"
+
+int ssl23_write_bytes(SSL *s)
+	{
+	int i,num,tot;
+	char *buf;
+
+	buf=s->init_buf->data;
+	tot=s->init_off;
+	num=s->init_num;
+	for (;;)
+		{
+		s->rwstate=SSL_WRITING;
+		i=BIO_write(s->wbio,&(buf[tot]),num);
+		if (i <= 0)
+			{
+			s->init_off=tot;
+			s->init_num=num;
+			return(i);
+			}
+		s->rwstate=SSL_NOTHING;
+		if (i == num) return(tot+i);
+
+		num-=i;
+		tot+=i;
+		}
+	}
+
+/* only return when we have read 'n' bytes */
+int ssl23_read_bytes(SSL *s, int n)
+	{
+	unsigned char *p;
+	int j;
+
+	if (s->packet_length < (unsigned int)n)
+		{
+		p=s->packet;
+
+		for (;;)
+			{
+			s->rwstate=SSL_READING;
+			j=BIO_read(s->rbio,(char *)&(p[s->packet_length]),
+				n-s->packet_length);
+			if (j <= 0)
+				return(j);
+			s->rwstate=SSL_NOTHING;
+			s->packet_length+=j;
+			if (s->packet_length >= (unsigned int)n)
+				return(s->packet_length);
+			}
+		}
+	return(n);
+	}
+
diff --git a/crypto/openssl/ssl/s23_srvr.c b/crypto/openssl/ssl/s23_srvr.c
new file mode 100644
index 000000000000..e4122f2d78df
--- /dev/null
+++ b/crypto/openssl/ssl/s23_srvr.c
@@ -0,0 +1,503 @@
+/* ssl/s23_srvr.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include "ssl_locl.h"
+
+static SSL_METHOD *ssl23_get_server_method(int ver);
+int ssl23_get_client_hello(SSL *s);
+static SSL_METHOD *ssl23_get_server_method(int ver)
+	{
+	if (ver == SSL2_VERSION)
+		return(SSLv2_server_method());
+	if (ver == SSL3_VERSION)
+		return(SSLv3_server_method());
+	else if (ver == TLS1_VERSION)
+		return(TLSv1_server_method());
+	else
+		return(NULL);
+	}
+
+SSL_METHOD *SSLv23_server_method(void)
+	{
+	static int init=1;
+	static SSL_METHOD SSLv23_server_data;
+
+	if (init)
+		{
+		memcpy((char *)&SSLv23_server_data,
+			(char *)sslv23_base_method(),sizeof(SSL_METHOD));
+		SSLv23_server_data.ssl_accept=ssl23_accept;
+		SSLv23_server_data.get_ssl_method=ssl23_get_server_method;
+		init=0;
+		}
+	return(&SSLv23_server_data);
+	}
+
+int ssl23_accept(SSL *s)
+	{
+	BUF_MEM *buf;
+	unsigned long Time=time(NULL);
+	void (*cb)()=NULL;
+	int ret= -1;
+	int new_state,state;
+
+	RAND_seed(&Time,sizeof(Time));
+	ERR_clear_error();
+	clear_sys_error();
+
+	if (s->info_callback != NULL)
+		cb=s->info_callback;
+	else if (s->ctx->info_callback != NULL)
+		cb=s->ctx->info_callback;
+	
+	if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 
+	s->in_handshake++;
+
+	for (;;)
+		{
+		state=s->state;
+
+		switch(s->state)
+			{
+		case SSL_ST_BEFORE:
+		case SSL_ST_ACCEPT:
+		case SSL_ST_BEFORE|SSL_ST_ACCEPT:
+		case SSL_ST_OK|SSL_ST_ACCEPT:
+
+			s->server=1;
+			if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
+
+			/* s->version=SSL3_VERSION; */
+			s->type=SSL_ST_ACCEPT;
+
+			if (s->init_buf == NULL)
+				{
+				if ((buf=BUF_MEM_new()) == NULL)
+					{
+					ret= -1;
+					goto end;
+					}
+				if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
+					{
+					ret= -1;
+					goto end;
+					}
+				s->init_buf=buf;
+				}
+
+			ssl3_init_finished_mac(s);
+
+			s->state=SSL23_ST_SR_CLNT_HELLO_A;
+			s->ctx->stats.sess_accept++;
+			s->init_num=0;
+			break;
+
+		case SSL23_ST_SR_CLNT_HELLO_A:
+		case SSL23_ST_SR_CLNT_HELLO_B:
+
+			s->shutdown=0;
+			ret=ssl23_get_client_hello(s);
+			if (ret >= 0) cb=NULL;
+			goto end;
+			/* break; */
+
+		default:
+			SSLerr(SSL_F_SSL23_ACCEPT,SSL_R_UNKNOWN_STATE);
+			ret= -1;
+			goto end;
+			/* break; */
+			}
+
+		if ((cb != NULL) && (s->state != state))
+			{
+			new_state=s->state;
+			s->state=state;
+			cb(s,SSL_CB_ACCEPT_LOOP,1);
+			s->state=new_state;
+			}
+		}
+end:
+	if (cb != NULL)
+		cb(s,SSL_CB_ACCEPT_EXIT,ret);
+	s->in_handshake--;
+	return(ret);
+	}
+
+
+int ssl23_get_client_hello(SSL *s)
+	{
+	char buf_space[8];
+	char *buf= &(buf_space[0]);
+	unsigned char *p,*d,*dd;
+	unsigned int i;
+	unsigned int csl,sil,cl;
+	int n=0,j,tls1=0;
+	int type=0,use_sslv2_strong=0;
+	int v[2];
+
+	/* read the initial header */
+	v[0]=v[1]=0;
+	if (s->state ==	SSL23_ST_SR_CLNT_HELLO_A)
+		{
+		if (!ssl3_setup_buffers(s)) goto err;
+
+		n=ssl23_read_bytes(s,7);
+		if (n != 7) return(n); /* n == -1 || n == 0 */
+
+		p=s->packet;
+
+		memcpy(buf,p,n);
+
+		if ((p[0] & 0x80) && (p[2] == SSL2_MT_CLIENT_HELLO))
+			{
+			/* SSLv2 header */
+			if ((p[3] == 0x00) && (p[4] == 0x02))
+				{
+				v[0]=p[3]; v[1]=p[4];
+				/* SSLv2 */
+				if (!(s->options & SSL_OP_NO_SSLv2))
+					type=1;
+				}
+			else if (p[3] == SSL3_VERSION_MAJOR)
+				{
+				v[0]=p[3]; v[1]=p[4];
+				/* SSLv3/TLSv1 */
+				if (p[4] >= TLS1_VERSION_MINOR)
+					{
+					if (!(s->options & SSL_OP_NO_TLSv1))
+						{
+						tls1=1;
+						s->state=SSL23_ST_SR_CLNT_HELLO_B;
+						}
+					else if (!(s->options & SSL_OP_NO_SSLv3))
+						{
+						s->state=SSL23_ST_SR_CLNT_HELLO_B;
+						}
+					else if (!(s->options & SSL_OP_NO_SSLv2))
+						{
+						type=1;
+						}
+					}
+				else if (!(s->options & SSL_OP_NO_SSLv3))
+					s->state=SSL23_ST_SR_CLNT_HELLO_B;
+				else if (!(s->options & SSL_OP_NO_SSLv2))
+					type=1;
+
+				if (s->options & SSL_OP_NON_EXPORT_FIRST)
+					{
+					STACK_OF(SSL_CIPHER) *sk;
+					SSL_CIPHER *c;
+					int ne2,ne3;
+
+					j=((p[0]&0x7f)<<8)|p[1];
+					if (j > (1024*4))
+						{
+						SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_LARGE);
+						goto err;
+						}
+
+					n=ssl23_read_bytes(s,j+2);
+					if (n <= 0) return(n);
+					p=s->packet;
+
+					if ((buf=Malloc(n)) == NULL)
+						{
+						SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,ERR_R_MALLOC_FAILURE);
+						goto err;
+						}
+					memcpy(buf,p,n);
+
+					p+=5;
+					n2s(p,csl);
+					p+=4;
+
+					sk=ssl_bytes_to_cipher_list(
+						s,p,csl,NULL);
+					if (sk != NULL)
+						{
+						ne2=ne3=0;
+						for (j=0; jid>>24L) == 2L)
+									ne2=1;
+								else
+									ne3=1;
+								}
+							}
+						if (ne2 && !ne3)
+							{
+							type=1;
+							use_sslv2_strong=1;
+							goto next_bit;
+							}
+						}
+					}
+				}
+			}
+		else if ((p[0] == SSL3_RT_HANDSHAKE) &&
+			 (p[1] == SSL3_VERSION_MAJOR) &&
+			 (p[5] == SSL3_MT_CLIENT_HELLO))
+			{
+			v[0]=p[1]; v[1]=p[2];
+			/* true SSLv3 or tls1 */
+			if (p[2] >= TLS1_VERSION_MINOR)
+				{
+				if (!(s->options & SSL_OP_NO_TLSv1))
+					{
+					type=3;
+					tls1=1;
+					}
+				else if (!(s->options & SSL_OP_NO_SSLv3))
+					type=3;
+				}
+			else if (!(s->options & SSL_OP_NO_SSLv3))
+				type=3;
+			}
+		else if ((strncmp("GET ", (char *)p,4) == 0) ||
+			 (strncmp("POST ",(char *)p,5) == 0) ||
+			 (strncmp("HEAD ",(char *)p,5) == 0) ||
+			 (strncmp("PUT ", (char *)p,4) == 0))
+			{
+			SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_HTTP_REQUEST);
+			goto err;
+			}
+		else if (strncmp("CONNECT",(char *)p,7) == 0)
+			{
+			SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_HTTPS_PROXY_REQUEST);
+			goto err;
+			}
+		}
+
+next_bit:
+	if (s->state == SSL23_ST_SR_CLNT_HELLO_B)
+		{
+		/* we have a SSLv3/TLSv1 in a SSLv2 header */
+		type=2;
+		p=s->packet;
+		n=((p[0]&0x7f)<<8)|p[1];
+		if (n > (1024*4))
+			{
+			SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_LARGE);
+			goto err;
+			}
+
+		j=ssl23_read_bytes(s,n+2);
+		if (j <= 0) return(j);
+
+		ssl3_finish_mac(s,&(s->packet[2]),s->packet_length-2);
+
+		p=s->packet;
+		p+=5;
+		n2s(p,csl);
+		n2s(p,sil);
+		n2s(p,cl);
+		d=(unsigned char *)s->init_buf->data;
+		if ((csl+sil+cl+11) != s->packet_length)
+			{
+			SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_LENGTH_MISMATCH);
+			goto err;
+			}
+
+		*(d++)=SSL3_VERSION_MAJOR;
+		if (tls1)
+			*(d++)=TLS1_VERSION_MINOR;
+		else
+			*(d++)=SSL3_VERSION_MINOR;
+
+		/* lets populate the random area */
+		/* get the chalenge_length */
+		i=(cl > SSL3_RANDOM_SIZE)?SSL3_RANDOM_SIZE:cl;
+		memset(d,0,SSL3_RANDOM_SIZE);
+		memcpy(&(d[SSL3_RANDOM_SIZE-i]),&(p[csl+sil]),i);
+		d+=SSL3_RANDOM_SIZE;
+
+		/* no session-id reuse */
+		*(d++)=0;
+
+		/* ciphers */
+		j=0;
+		dd=d;
+		d+=2;
+		for (i=0; iinit_buf->data);
+
+		/* get the data reused from the init_buf */
+		s->s3->tmp.reuse_message=1;
+		s->s3->tmp.message_type=SSL3_MT_CLIENT_HELLO;
+		s->s3->tmp.message_size=i;
+		}
+
+	if (type == 1)
+		{
+		/* we are talking sslv2 */
+		/* we need to clean up the SSLv3/TLSv1 setup and put in the
+		 * sslv2 stuff. */
+
+		if (s->s2 == NULL)
+			{
+			if (!ssl2_new(s))
+				goto err;
+			}
+		else
+			ssl2_clear(s);
+
+		if (s->s3 != NULL) ssl3_free(s);
+
+		if (!BUF_MEM_grow(s->init_buf,
+			SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER))
+			{
+			goto err;
+			}
+
+		s->state=SSL2_ST_GET_CLIENT_HELLO_A;
+		if ((s->options & SSL_OP_MSIE_SSLV2_RSA_PADDING) ||
+			use_sslv2_strong)
+			s->s2->ssl2_rollback=0;
+		else
+			s->s2->ssl2_rollback=1;
+
+		/* setup the 5 bytes we have read so we get them from
+		 * the sslv2 buffer */
+		s->rstate=SSL_ST_READ_HEADER;
+		s->packet_length=n;
+		s->packet= &(s->s2->rbuf[0]);
+		memcpy(s->packet,buf,n);
+		s->s2->rbuf_left=n;
+		s->s2->rbuf_offs=0;
+
+		s->method=SSLv2_server_method();
+		s->handshake_func=s->method->ssl_accept;
+		}
+
+	if ((type == 2) || (type == 3))
+		{
+		/* we have SSLv3/TLSv1 */
+
+		if (!ssl_init_wbio_buffer(s,1)) goto err;
+
+		/* we are in this state */
+		s->state=SSL3_ST_SR_CLNT_HELLO_A;
+
+		if (type == 3)
+			{
+			/* put the 'n' bytes we have read into the input buffer
+			 * for SSLv3 */
+			s->rstate=SSL_ST_READ_HEADER;
+			s->packet_length=n;
+			s->packet= &(s->s3->rbuf.buf[0]);
+			memcpy(s->packet,buf,n);
+			s->s3->rbuf.left=n;
+			s->s3->rbuf.offset=0;
+			}
+		else
+			{
+			s->packet_length=0;
+			s->s3->rbuf.left=0;
+			s->s3->rbuf.offset=0;
+			}
+
+		if (tls1)
+			{
+			s->version=TLS1_VERSION;
+			s->method=TLSv1_server_method();
+			}
+		else
+			{
+			s->version=SSL3_VERSION;
+			s->method=SSLv3_server_method();
+			}
+		s->client_version=(v[0]<<8)|v[1];
+		s->handshake_func=s->method->ssl_accept;
+		}
+	
+	if ((type < 1) || (type > 3))
+		{
+		/* bad, very bad */
+		SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNKNOWN_PROTOCOL);
+		goto err;
+		}
+	s->init_num=0;
+
+	if (buf != buf_space) Free(buf);
+	s->first_packet=1;
+	return(SSL_accept(s));
+err:
+	if (buf != buf_space) Free(buf);
+	return(-1);
+	}
+
diff --git a/crypto/openssl/ssl/s2_clnt.c b/crypto/openssl/ssl/s2_clnt.c
new file mode 100644
index 000000000000..1fe8bd627dbe
--- /dev/null
+++ b/crypto/openssl/ssl/s2_clnt.c
@@ -0,0 +1,971 @@
+/* ssl/s2_clnt.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef NO_RSA
+#include 
+#include 
+#include 
+#include 
+#include "ssl_locl.h"
+#include 
+
+static SSL_METHOD *ssl2_get_client_method(int ver);
+static int get_server_finished(SSL *s);
+static int get_server_verify(SSL *s);
+static int get_server_hello(SSL *s);
+static int client_hello(SSL *s); 
+static int client_master_key(SSL *s);
+static int client_finished(SSL *s);
+static int client_certificate(SSL *s);
+static int ssl_rsa_public_encrypt(SESS_CERT *sc, int len, unsigned char *from,
+	unsigned char *to,int padding);
+#define BREAK	break
+
+static SSL_METHOD *ssl2_get_client_method(int ver)
+	{
+	if (ver == SSL2_VERSION)
+		return(SSLv2_client_method());
+	else
+		return(NULL);
+	}
+
+SSL_METHOD *SSLv2_client_method(void)
+	{
+	static int init=1;
+	static SSL_METHOD SSLv2_client_data;
+
+	if (init)
+		{
+		memcpy((char *)&SSLv2_client_data,(char *)sslv2_base_method(),
+			sizeof(SSL_METHOD));
+		SSLv2_client_data.ssl_connect=ssl2_connect;
+		SSLv2_client_data.get_ssl_method=ssl2_get_client_method;
+		init=0;
+		}
+	return(&SSLv2_client_data);
+	}
+
+int ssl2_connect(SSL *s)
+	{
+	unsigned long l=time(NULL);
+	BUF_MEM *buf=NULL;
+	int ret= -1;
+	void (*cb)()=NULL;
+	int new_state,state;
+
+	RAND_seed(&l,sizeof(l));
+	ERR_clear_error();
+	clear_sys_error();
+
+	if (s->info_callback != NULL)
+		cb=s->info_callback;
+	else if (s->ctx->info_callback != NULL)
+		cb=s->ctx->info_callback;
+
+	/* init things to blank */
+	if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
+	s->in_handshake++;
+
+	for (;;)
+		{
+		state=s->state;
+
+		switch (s->state)
+			{
+		case SSL_ST_BEFORE:
+		case SSL_ST_CONNECT:
+		case SSL_ST_BEFORE|SSL_ST_CONNECT:
+		case SSL_ST_OK|SSL_ST_CONNECT:
+
+			s->server=0;
+			if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
+
+			s->version=SSL2_VERSION;
+			s->type=SSL_ST_CONNECT;
+
+			buf=s->init_buf;
+			if ((buf == NULL) && ((buf=BUF_MEM_new()) == NULL))
+				{
+				ret= -1;
+				goto end;
+				}
+			if (!BUF_MEM_grow(buf,
+				SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER))
+				{
+				ret= -1;
+				goto end;
+				}
+			s->init_buf=buf;
+			s->init_num=0;
+			s->state=SSL2_ST_SEND_CLIENT_HELLO_A;
+			s->ctx->stats.sess_connect++;
+			s->handshake_func=ssl2_connect;
+			BREAK;
+
+		case SSL2_ST_SEND_CLIENT_HELLO_A:
+		case SSL2_ST_SEND_CLIENT_HELLO_B:
+			s->shutdown=0;
+			ret=client_hello(s);
+			if (ret <= 0) goto end;
+			s->init_num=0;
+			s->state=SSL2_ST_GET_SERVER_HELLO_A;
+			BREAK;
+		
+		case SSL2_ST_GET_SERVER_HELLO_A:
+		case SSL2_ST_GET_SERVER_HELLO_B:
+			ret=get_server_hello(s);
+			if (ret <= 0) goto end;
+			s->init_num=0;
+			if (!s->hit) /* new session */
+				{
+				s->state=SSL2_ST_SEND_CLIENT_MASTER_KEY_A;
+				BREAK; 
+				}
+			else
+				{
+				s->state=SSL2_ST_CLIENT_START_ENCRYPTION;
+				break;
+				}
+	
+		case SSL2_ST_SEND_CLIENT_MASTER_KEY_A:
+		case SSL2_ST_SEND_CLIENT_MASTER_KEY_B:
+			ret=client_master_key(s);
+			if (ret <= 0) goto end;
+			s->init_num=0;
+			s->state=SSL2_ST_CLIENT_START_ENCRYPTION;
+			break;
+
+		case SSL2_ST_CLIENT_START_ENCRYPTION:
+			/* Ok, we now have all the stuff needed to
+			 * start encrypting, so lets fire it up :-) */
+			if (!ssl2_enc_init(s,1))
+				{
+				ret= -1;
+				goto end;
+				}
+			s->s2->clear_text=0;
+			s->state=SSL2_ST_SEND_CLIENT_FINISHED_A;
+			break;
+
+		case SSL2_ST_SEND_CLIENT_FINISHED_A:
+		case SSL2_ST_SEND_CLIENT_FINISHED_B:
+			ret=client_finished(s);
+			if (ret <= 0) goto end;
+			s->init_num=0;
+			s->state=SSL2_ST_GET_SERVER_VERIFY_A;
+			break;
+
+		case SSL2_ST_GET_SERVER_VERIFY_A:
+		case SSL2_ST_GET_SERVER_VERIFY_B:
+			ret=get_server_verify(s);
+			if (ret <= 0) goto end;
+			s->init_num=0;
+			s->state=SSL2_ST_GET_SERVER_FINISHED_A;
+			break;
+
+		case SSL2_ST_GET_SERVER_FINISHED_A:
+		case SSL2_ST_GET_SERVER_FINISHED_B:
+			ret=get_server_finished(s);
+			if (ret <= 0) goto end;
+			break;
+
+		case SSL2_ST_SEND_CLIENT_CERTIFICATE_A:
+		case SSL2_ST_SEND_CLIENT_CERTIFICATE_B:
+		case SSL2_ST_SEND_CLIENT_CERTIFICATE_C:
+		case SSL2_ST_SEND_CLIENT_CERTIFICATE_D:
+		case SSL2_ST_X509_GET_CLIENT_CERTIFICATE:
+			ret=client_certificate(s);
+			if (ret <= 0) goto end;
+			s->init_num=0;
+			s->state=SSL2_ST_GET_SERVER_FINISHED_A;
+			break;
+
+		case SSL_ST_OK:
+			if (s->init_buf != NULL)
+				{
+				BUF_MEM_free(s->init_buf);
+				s->init_buf=NULL;
+				}
+			s->init_num=0;
+		/*	ERR_clear_error();*/
+
+			/* If we want to cache session-ids in the client
+			 * and we sucessfully add the session-id to the
+			 * cache, and there is a callback, then pass it out.
+			 * 26/11/96 - eay - only add if not a re-used session.
+			 */
+
+			ssl_update_cache(s,SSL_SESS_CACHE_CLIENT);
+			if (s->hit) s->ctx->stats.sess_hit++;
+
+			ret=1;
+			/* s->server=0; */
+			s->ctx->stats.sess_connect_good++;
+
+			if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
+
+			goto end;
+			/* break; */
+		default:
+			SSLerr(SSL_F_SSL2_CONNECT,SSL_R_UNKNOWN_STATE);
+			return(-1);
+			/* break; */
+			}
+
+		if ((cb != NULL) && (s->state != state))
+			{
+			new_state=s->state;
+			s->state=state;
+			cb(s,SSL_CB_CONNECT_LOOP,1);
+			s->state=new_state;
+			}
+		}
+end:
+	s->in_handshake--;
+	if (cb != NULL) 
+		cb(s,SSL_CB_CONNECT_EXIT,ret);
+	return(ret);
+	}
+
+static int get_server_hello(SSL *s)
+	{
+	unsigned char *buf;
+	unsigned char *p;
+	int i,j;
+	STACK_OF(SSL_CIPHER) *sk=NULL,*cl;
+
+	buf=(unsigned char *)s->init_buf->data;
+	p=buf;
+	if (s->state == SSL2_ST_GET_SERVER_HELLO_A)
+		{
+		i=ssl2_read(s,(char *)&(buf[s->init_num]),11-s->init_num);
+		if (i < (11-s->init_num)) 
+			return(ssl2_part_read(s,SSL_F_GET_SERVER_HELLO,i));
+
+		if (*(p++) != SSL2_MT_SERVER_HELLO)
+			{
+			if (p[-1] != SSL2_MT_ERROR)
+				{
+				ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+				SSLerr(SSL_F_GET_SERVER_HELLO,
+					SSL_R_READ_WRONG_PACKET_TYPE);
+				}
+			else
+				SSLerr(SSL_F_GET_SERVER_HELLO,
+					SSL_R_PEER_ERROR);
+			return(-1);
+			}
+		s->hit=(*(p++))?1:0;
+		s->s2->tmp.cert_type= *(p++);
+		n2s(p,i);
+		if (i < s->version) s->version=i;
+		n2s(p,i); s->s2->tmp.cert_length=i;
+		n2s(p,i); s->s2->tmp.csl=i;
+		n2s(p,i); s->s2->tmp.conn_id_length=i;
+		s->state=SSL2_ST_GET_SERVER_HELLO_B;
+		s->init_num=0;
+		}
+
+	/* SSL2_ST_GET_SERVER_HELLO_B */
+	j=s->s2->tmp.cert_length+s->s2->tmp.csl+s->s2->tmp.conn_id_length
+		- s->init_num;
+	i=ssl2_read(s,(char *)&(buf[s->init_num]),j);
+	if (i != j) return(ssl2_part_read(s,SSL_F_GET_SERVER_HELLO,i));
+
+	/* things are looking good */
+
+	p=buf;
+	if (s->hit)
+		{
+		if (s->s2->tmp.cert_length != 0) 
+			{
+			SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_REUSE_CERT_LENGTH_NOT_ZERO);
+			return(-1);
+			}
+		if (s->s2->tmp.cert_type != 0)
+			{
+			if (!(s->options &
+				SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG))
+				{
+				SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_REUSE_CERT_TYPE_NOT_ZERO);
+				return(-1);
+				}
+			}
+		if (s->s2->tmp.csl != 0)
+			{
+			SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_REUSE_CIPHER_LIST_NOT_ZERO);
+			return(-1);
+			}
+		}
+	else
+		{
+#ifdef undef
+		/* very bad */
+		memset(s->session->session_id,0,
+			SSL_MAX_SSL_SESSION_ID_LENGTH_IN_BYTES);
+		s->session->session_id_length=0;
+		*/
+#endif
+
+		/* we need to do this incase we were trying to reuse a 
+		 * client session but others are already reusing it.
+		 * If this was a new 'blank' session ID, the session-id
+		 * length will still be 0 */
+		if (s->session->session_id_length > 0)
+			{
+			if (!ssl_get_new_session(s,0))
+				{
+				ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+				return(-1);
+				}
+			}
+
+		if (ssl2_set_certificate(s,s->s2->tmp.cert_type,
+			s->s2->tmp.cert_length,p) <= 0)
+			{
+			ssl2_return_error(s,SSL2_PE_BAD_CERTIFICATE);
+			return(-1);
+			}
+		p+=s->s2->tmp.cert_length;
+
+		if (s->s2->tmp.csl == 0)
+			{
+			ssl2_return_error(s,SSL2_PE_NO_CIPHER);
+			SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_NO_CIPHER_LIST);
+			return(-1);
+			}
+
+		/* We have just received a list of ciphers back from the
+		 * server.  We need to get the ones that match, then select
+		 * the one we want the most :-). */
+
+		/* load the ciphers */
+		sk=ssl_bytes_to_cipher_list(s,p,s->s2->tmp.csl,
+					    &s->session->ciphers);
+		p+=s->s2->tmp.csl;
+		if (sk == NULL)
+			{
+			ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+			SSLerr(SSL_F_GET_SERVER_HELLO,ERR_R_MALLOC_FAILURE);
+			return(-1);
+			}
+
+		sk_SSL_CIPHER_set_cmp_func(sk,ssl_cipher_ptr_id_cmp);
+
+		/* get the array of ciphers we will accept */
+		cl=ssl_get_ciphers_by_id(s);
+
+		/* In theory we could have ciphers sent back that we
+		 * don't want to use but that does not matter since we
+		 * will check against the list we origionally sent and
+		 * for performance reasons we should not bother to match
+		 * the two lists up just to check. */
+		for (i=0; i= 0)
+				break;
+			}
+
+		if (i >= sk_SSL_CIPHER_num(cl))
+			{
+			ssl2_return_error(s,SSL2_PE_NO_CIPHER);
+			SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_NO_CIPHER_MATCH);
+			return(-1);
+			}
+		s->session->cipher=sk_SSL_CIPHER_value(cl,i);
+		}
+
+	if (s->session->peer != NULL)
+		X509_free(s->session->peer);
+
+#if 0 /* What is all this meant to accomplish?? */
+	/* hmmm, can we have the problem of the other session with this
+	 * cert, Free's it before we increment the reference count. */
+	CRYPTO_w_lock(CRYPTO_LOCK_X509);
+	s->session->peer=s->session->sess_cert->key->x509;
+	/* Shouldn't do this: already locked */
+	/*CRYPTO_add(&s->session->peer->references,1,CRYPTO_LOCK_X509);*/
+	s->session->peer->references++;
+	CRYPTO_w_unlock(CRYPTO_LOCK_X509);
+#else
+	s->session->peer = s->session->sess_cert->peer_key->x509;
+    /* peer_key->x509 has been set by ssl2_set_certificate. */
+	CRYPTO_add(&s->session->peer->references, 1, CRYPTO_LOCK_X509);
+#endif
+
+	s->s2->conn_id_length=s->s2->tmp.conn_id_length;
+	memcpy(s->s2->conn_id,p,s->s2->tmp.conn_id_length);
+	return(1);
+	}
+
+static int client_hello(SSL *s)
+	{
+	unsigned char *buf;
+	unsigned char *p,*d;
+/*	CIPHER **cipher;*/
+	int i,n,j;
+
+	buf=(unsigned char *)s->init_buf->data;
+	if (s->state == SSL2_ST_SEND_CLIENT_HELLO_A)
+		{
+		if ((s->session == NULL) ||
+			(s->session->ssl_version != s->version))
+			{
+			if (!ssl_get_new_session(s,0))
+				{
+				ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+				return(-1);
+				}
+			}
+		/* else use the pre-loaded session */
+
+		p=buf;					/* header */
+		d=p+9;					/* data section */
+		*(p++)=SSL2_MT_CLIENT_HELLO;		/* type */
+		s2n(SSL2_VERSION,p);			/* version */
+		n=j=0;
+
+		n=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),d);
+		d+=n;
+
+		if (n == 0)
+			{
+			SSLerr(SSL_F_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
+			return(-1);
+			}
+
+		s2n(n,p);			/* cipher spec num bytes */
+
+		if ((s->session->session_id_length > 0) &&
+			(s->session->session_id_length <=
+			SSL2_MAX_SSL_SESSION_ID_LENGTH))
+			{
+			i=s->session->session_id_length;
+			s2n(i,p);		/* session id length */
+			memcpy(d,s->session->session_id,(unsigned int)i);
+			d+=i;
+			}
+		else
+			{
+			s2n(0,p);
+			}
+
+		s->s2->challenge_length=SSL2_CHALLENGE_LENGTH;
+		s2n(SSL2_CHALLENGE_LENGTH,p);		/* challenge length */
+		/*challenge id data*/
+		RAND_bytes(s->s2->challenge,SSL2_CHALLENGE_LENGTH);
+		memcpy(d,s->s2->challenge,SSL2_CHALLENGE_LENGTH);
+		d+=SSL2_CHALLENGE_LENGTH;
+
+		s->state=SSL2_ST_SEND_CLIENT_HELLO_B;
+		s->init_num=d-buf;
+		s->init_off=0;
+		}
+	/* SSL2_ST_SEND_CLIENT_HELLO_B */
+	return(ssl2_do_write(s));
+	}
+
+static int client_master_key(SSL *s)
+	{
+	unsigned char *buf;
+	unsigned char *p,*d;
+	int clear,enc,karg,i;
+	SSL_SESSION *sess;
+	const EVP_CIPHER *c;
+	const EVP_MD *md;
+
+	buf=(unsigned char *)s->init_buf->data;
+	if (s->state == SSL2_ST_SEND_CLIENT_MASTER_KEY_A)
+		{
+
+		if (!ssl_cipher_get_evp(s->session,&c,&md,NULL))
+			{
+			ssl2_return_error(s,SSL2_PE_NO_CIPHER);
+			SSLerr(SSL_F_CLIENT_MASTER_KEY,SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS);
+			return(-1);
+			}
+		sess=s->session;
+		p=buf;
+		d=p+10;
+		*(p++)=SSL2_MT_CLIENT_MASTER_KEY;/* type */
+
+		i=ssl_put_cipher_by_char(s,sess->cipher,p);
+		p+=i;
+
+		/* make key_arg data */
+		i=EVP_CIPHER_iv_length(c);
+		sess->key_arg_length=i;
+		if (i > 0) RAND_bytes(sess->key_arg,i);
+
+		/* make a master key */
+		i=EVP_CIPHER_key_length(c);
+		sess->master_key_length=i;
+		if (i > 0) RAND_bytes(sess->master_key,i);
+
+		if (sess->cipher->algorithm2 & SSL2_CF_8_BYTE_ENC)
+			enc=8;
+		else if (SSL_C_IS_EXPORT(sess->cipher))
+			enc=5;
+		else
+			enc=i;
+
+		if (i < enc)
+			{
+			ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+			SSLerr(SSL_F_CLIENT_MASTER_KEY,SSL_R_CIPHER_TABLE_SRC_ERROR);
+			return(-1);
+			}
+		clear=i-enc;
+		s2n(clear,p);
+		memcpy(d,sess->master_key,(unsigned int)clear);
+		d+=clear;
+
+		enc=ssl_rsa_public_encrypt(sess->sess_cert,enc,
+			&(sess->master_key[clear]),d,
+			(s->s2->ssl2_rollback)?RSA_SSLV23_PADDING:RSA_PKCS1_PADDING);
+		if (enc <= 0)
+			{
+			ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+			SSLerr(SSL_F_CLIENT_MASTER_KEY,SSL_R_PUBLIC_KEY_ENCRYPT_ERROR);
+			return(-1);
+			}
+#ifdef PKCS1_CHECK
+		if (s->options & SSL_OP_PKCS1_CHECK_1) d[1]++;
+		if (s->options & SSL_OP_PKCS1_CHECK_2)
+			sess->master_key[clear]++;
+#endif
+		s2n(enc,p);
+		d+=enc;
+		karg=sess->key_arg_length;	
+		s2n(karg,p); /* key arg size */
+		memcpy(d,sess->key_arg,(unsigned int)karg);
+		d+=karg;
+
+		s->state=SSL2_ST_SEND_CLIENT_MASTER_KEY_B;
+		s->init_num=d-buf;
+		s->init_off=0;
+		}
+
+	/* SSL2_ST_SEND_CLIENT_MASTER_KEY_B */
+	return(ssl2_do_write(s));
+	}
+
+static int client_finished(SSL *s)
+	{
+	unsigned char *p;
+
+	if (s->state == SSL2_ST_SEND_CLIENT_FINISHED_A)
+		{
+		p=(unsigned char *)s->init_buf->data;
+		*(p++)=SSL2_MT_CLIENT_FINISHED;
+		memcpy(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length);
+
+		s->state=SSL2_ST_SEND_CLIENT_FINISHED_B;
+		s->init_num=s->s2->conn_id_length+1;
+		s->init_off=0;
+		}
+	return(ssl2_do_write(s));
+	}
+
+/* read the data and then respond */
+static int client_certificate(SSL *s)
+	{
+	unsigned char *buf;
+	unsigned char *p,*d;
+	int i;
+	unsigned int n;
+	int cert_ch_len=0;
+	unsigned char *cert_ch;
+
+	buf=(unsigned char *)s->init_buf->data;
+	cert_ch= &(buf[2]);
+
+	/* We have a cert associated with the SSL, so attach it to
+	 * the session if it does not have one */
+
+	if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_A)
+		{
+		i=ssl2_read(s,(char *)&(buf[s->init_num]),
+			SSL2_MAX_CERT_CHALLENGE_LENGTH+1-s->init_num);
+		if (i<(SSL2_MIN_CERT_CHALLENGE_LENGTH+1-s->init_num))
+			return(ssl2_part_read(s,SSL_F_CLIENT_CERTIFICATE,i));
+
+		/* type=buf[0]; */
+		/* type eq x509 */
+		if (buf[1] != SSL2_AT_MD5_WITH_RSA_ENCRYPTION)
+			{
+			ssl2_return_error(s,SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE);
+			SSLerr(SSL_F_CLIENT_CERTIFICATE,SSL_R_BAD_AUTHENTICATION_TYPE);
+			return(-1);
+			}
+		cert_ch_len=i-1;
+
+		if ((s->cert == NULL) ||
+			(s->cert->key->x509 == NULL) ||
+			(s->cert->key->privatekey == NULL))
+			{
+			s->state=SSL2_ST_X509_GET_CLIENT_CERTIFICATE;
+			}
+		else
+			s->state=SSL2_ST_SEND_CLIENT_CERTIFICATE_C;
+		}
+
+	if (s->state == SSL2_ST_X509_GET_CLIENT_CERTIFICATE)
+		{
+		X509 *x509=NULL;
+		EVP_PKEY *pkey=NULL;
+
+		/* If we get an error we need to
+		 * ssl->rwstate=SSL_X509_LOOKUP;
+		 * return(error);
+		 * We should then be retried when things are ok and we
+		 * can get a cert or not */
+
+		i=0;
+		if (s->ctx->client_cert_cb != NULL)
+			{
+			i=s->ctx->client_cert_cb(s,&(x509),&(pkey));
+			}
+
+		if (i < 0)
+			{
+			s->rwstate=SSL_X509_LOOKUP;
+			return(-1);
+			}
+		s->rwstate=SSL_NOTHING;
+
+		if ((i == 1) && (pkey != NULL) && (x509 != NULL))
+			{
+			s->state=SSL2_ST_SEND_CLIENT_CERTIFICATE_C;
+			if (	!SSL_use_certificate(s,x509) || 
+				!SSL_use_PrivateKey(s,pkey))
+				{
+				i=0;
+				}
+			X509_free(x509);
+			EVP_PKEY_free(pkey);
+			}
+		else if (i == 1)
+			{
+			if (x509 != NULL) X509_free(x509);
+			if (pkey != NULL) EVP_PKEY_free(pkey);
+			SSLerr(SSL_F_CLIENT_CERTIFICATE,SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
+			i=0;
+			}
+
+		if (i == 0)
+			{
+			/* We have no client certificate to respond with
+			 * so send the correct error message back */
+			s->state=SSL2_ST_SEND_CLIENT_CERTIFICATE_B;
+			p=buf;
+			*(p++)=SSL2_MT_ERROR;
+			s2n(SSL2_PE_NO_CERTIFICATE,p);
+			s->init_off=0;
+			s->init_num=3;
+			/* Write is done at the end */
+			}
+		}
+
+	if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_B)
+		{
+		return(ssl2_do_write(s));
+		}
+
+	if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_C)
+		{
+		EVP_MD_CTX ctx;
+
+		/* ok, now we calculate the checksum
+		 * do it first so we can reuse buf :-) */
+		p=buf;
+		EVP_SignInit(&ctx,s->ctx->rsa_md5);
+		EVP_SignUpdate(&ctx,s->s2->key_material,
+			(unsigned int)s->s2->key_material_length);
+		EVP_SignUpdate(&ctx,cert_ch,(unsigned int)cert_ch_len);
+		n=i2d_X509(s->session->sess_cert->peer_key->x509,&p);
+		EVP_SignUpdate(&ctx,buf,(unsigned int)n);
+
+		p=buf;
+		d=p+6;
+		*(p++)=SSL2_MT_CLIENT_CERTIFICATE;
+		*(p++)=SSL2_CT_X509_CERTIFICATE;
+		n=i2d_X509(s->cert->key->x509,&d);
+		s2n(n,p);
+
+		if (!EVP_SignFinal(&ctx,d,&n,s->cert->key->privatekey))
+			{
+			/* this is not good.  If things have failed it
+			 * means there so something wrong with the key.
+			 * We will contiune with a 0 length signature
+			 */
+			}
+		memset(&ctx,0,sizeof(ctx));
+		s2n(n,p);
+		d+=n;
+
+		s->state=SSL2_ST_SEND_CLIENT_CERTIFICATE_D;
+		s->init_num=d-buf;
+		s->init_off=0;
+		}
+	/* if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_D) */
+	return(ssl2_do_write(s));
+	}
+
+static int get_server_verify(SSL *s)
+	{
+	unsigned char *p;
+	int i;
+
+	p=(unsigned char *)s->init_buf->data;
+	if (s->state == SSL2_ST_GET_SERVER_VERIFY_A)
+		{
+		i=ssl2_read(s,(char *)&(p[s->init_num]),1-s->init_num);
+		if (i < (1-s->init_num)) 
+			return(ssl2_part_read(s,SSL_F_GET_SERVER_VERIFY,i));
+
+		s->state= SSL2_ST_GET_SERVER_VERIFY_B;
+		s->init_num=0;
+		if (*p != SSL2_MT_SERVER_VERIFY)
+			{
+			if (p[0] != SSL2_MT_ERROR)
+				{
+				ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+				SSLerr(SSL_F_GET_SERVER_VERIFY,
+					SSL_R_READ_WRONG_PACKET_TYPE);
+				}
+			else
+				SSLerr(SSL_F_GET_SERVER_VERIFY,
+					SSL_R_PEER_ERROR);
+			return(-1);
+			}
+		}
+	
+	p=(unsigned char *)s->init_buf->data;
+	i=ssl2_read(s,(char *)&(p[s->init_num]),
+		(unsigned int)s->s2->challenge_length-s->init_num);
+	if (i < ((int)s->s2->challenge_length-s->init_num))
+		return(ssl2_part_read(s,SSL_F_GET_SERVER_VERIFY,i));
+	if (memcmp(p,s->s2->challenge,(unsigned int)s->s2->challenge_length) != 0)
+		{
+		ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+		SSLerr(SSL_F_GET_SERVER_VERIFY,SSL_R_CHALLENGE_IS_DIFFERENT);
+		return(-1);
+		}
+	return(1);
+	}
+
+static int get_server_finished(SSL *s)
+	{
+	unsigned char *buf;
+	unsigned char *p;
+	int i;
+
+	buf=(unsigned char *)s->init_buf->data;
+	p=buf;
+	if (s->state == SSL2_ST_GET_SERVER_FINISHED_A)
+		{
+		i=ssl2_read(s,(char *)&(buf[s->init_num]),1-s->init_num);
+		if (i < (1-s->init_num))
+			return(ssl2_part_read(s,SSL_F_GET_SERVER_FINISHED,i));
+		s->init_num=i;
+		if (*p == SSL2_MT_REQUEST_CERTIFICATE)
+			{
+			s->state=SSL2_ST_SEND_CLIENT_CERTIFICATE_A;
+			return(1);
+			}
+		else if (*p != SSL2_MT_SERVER_FINISHED)
+			{
+			if (p[0] != SSL2_MT_ERROR)
+				{
+				ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+				SSLerr(SSL_F_GET_SERVER_FINISHED,SSL_R_READ_WRONG_PACKET_TYPE);
+				}
+			else
+				SSLerr(SSL_F_GET_SERVER_FINISHED,SSL_R_PEER_ERROR);
+			return(-1);
+			}
+		s->state=SSL_ST_OK;
+		s->init_num=0;
+		}
+
+	i=ssl2_read(s,(char *)&(buf[s->init_num]),
+		SSL2_SSL_SESSION_ID_LENGTH-s->init_num);
+	if (i < (SSL2_SSL_SESSION_ID_LENGTH-s->init_num))
+		return(ssl2_part_read(s,SSL_F_GET_SERVER_FINISHED,i));
+
+	if (!s->hit) /* new session */
+		{
+		/* new session-id */
+		/* Make sure we were not trying to re-use an old SSL_SESSION
+		 * or bad things can happen */
+		/* ZZZZZZZZZZZZZ */
+		s->session->session_id_length=SSL2_SSL_SESSION_ID_LENGTH;
+		memcpy(s->session->session_id,p,SSL2_SSL_SESSION_ID_LENGTH);
+		}
+	else
+		{
+		if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG))
+			{
+			if (memcmp(buf,s->session->session_id,
+				(unsigned int)s->session->session_id_length) != 0)
+				{
+				ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+				SSLerr(SSL_F_GET_SERVER_FINISHED,SSL_R_SSL_SESSION_ID_IS_DIFFERENT);
+				return(-1);
+				}
+			}
+		}
+	return(1);
+	}
+
+/* loads in the certificate from the server */
+int ssl2_set_certificate(SSL *s, int type, int len, unsigned char *data)
+	{
+	STACK_OF(X509) *sk=NULL;
+	EVP_PKEY *pkey=NULL;
+	SESS_CERT *sc=NULL;
+	int i;
+	X509 *x509=NULL;
+	int ret=0;
+	
+	x509=d2i_X509(NULL,&data,(long)len);
+	if (x509 == NULL)
+		{
+		SSLerr(SSL_F_SSL2_SET_CERTIFICATE,ERR_R_X509_LIB);
+		goto err;
+		}
+
+	if ((sk=sk_X509_new_null()) == NULL || !sk_X509_push(sk,x509))
+		{
+		SSLerr(SSL_F_SSL2_SET_CERTIFICATE,ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+
+	i=ssl_verify_cert_chain(s,sk);
+		
+	if ((s->verify_mode != SSL_VERIFY_NONE) && (!i))
+		{
+		SSLerr(SSL_F_SSL2_SET_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED);
+		goto err;
+		}
+
+	/* server's cert for this session */
+	sc=ssl_sess_cert_new();
+	if (sc == NULL)
+		{
+		ret= -1;
+		goto err;
+		}
+	if (s->session->sess_cert) ssl_sess_cert_free(s->session->sess_cert);
+	s->session->sess_cert=sc;
+
+	sc->peer_pkeys[SSL_PKEY_RSA_ENC].x509=x509;
+	sc->peer_key= &(sc->peer_pkeys[SSL_PKEY_RSA_ENC]);
+
+	pkey=X509_get_pubkey(x509);
+	x509=NULL;
+	if (pkey == NULL)
+		{
+		SSLerr(SSL_F_SSL2_SET_CERTIFICATE,SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY);
+		goto err;
+		}
+	if (pkey->type != EVP_PKEY_RSA)
+		{
+		SSLerr(SSL_F_SSL2_SET_CERTIFICATE,SSL_R_PUBLIC_KEY_NOT_RSA);
+		goto err;
+		}
+
+	if (!ssl_set_peer_cert_type(sc,SSL2_CT_X509_CERTIFICATE))
+		goto err;
+	ret=1;
+err:
+	sk_X509_free(sk);
+	X509_free(x509);
+	EVP_PKEY_free(pkey);
+	return(ret);
+	}
+
+static int ssl_rsa_public_encrypt(SESS_CERT *sc, int len, unsigned char *from,
+	     unsigned char *to, int padding)
+	{
+	EVP_PKEY *pkey=NULL;
+	int i= -1;
+
+	if ((sc == NULL) || (sc->peer_key->x509 == NULL) ||
+		((pkey=X509_get_pubkey(sc->peer_key->x509)) == NULL))
+		{
+		SSLerr(SSL_F_SSL_RSA_PUBLIC_ENCRYPT,SSL_R_NO_PUBLICKEY);
+		return(-1);
+		}
+	if (pkey->type != EVP_PKEY_RSA)
+		{
+		SSLerr(SSL_F_SSL_RSA_PUBLIC_ENCRYPT,SSL_R_PUBLIC_KEY_IS_NOT_RSA);
+		goto end;
+		}
+
+	/* we have the public key */
+	i=RSA_public_encrypt(len,from,to,pkey->pkey.rsa,padding);
+	if (i < 0)
+		SSLerr(SSL_F_SSL_RSA_PUBLIC_ENCRYPT,ERR_R_RSA_LIB);
+end:
+	EVP_PKEY_free(pkey);
+	return(i);
+	}
+#endif
diff --git a/crypto/openssl/ssl/s2_enc.c b/crypto/openssl/ssl/s2_enc.c
new file mode 100644
index 000000000000..09835008a99d
--- /dev/null
+++ b/crypto/openssl/ssl/s2_enc.c
@@ -0,0 +1,180 @@
+/* ssl/s2_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "ssl_locl.h"
+
+int ssl2_enc_init(SSL *s, int client)
+	{
+	/* Max number of bytes needed */
+	EVP_CIPHER_CTX *rs,*ws;
+	const EVP_CIPHER *c;
+	const EVP_MD *md;
+	int num;
+
+	if (!ssl_cipher_get_evp(s->session,&c,&md,NULL))
+		{
+		ssl2_return_error(s,SSL2_PE_NO_CIPHER);
+		SSLerr(SSL_F_SSL2_ENC_INIT,SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS);
+		return(0);
+		}
+
+	s->read_hash=md;
+	s->write_hash=md;
+
+	if ((s->enc_read_ctx == NULL) &&
+		((s->enc_read_ctx=(EVP_CIPHER_CTX *)
+		Malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
+		goto err;
+	if ((s->enc_write_ctx == NULL) &&
+		((s->enc_write_ctx=(EVP_CIPHER_CTX *)
+		Malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
+		goto err;
+
+	rs= s->enc_read_ctx;
+	ws= s->enc_write_ctx;
+
+	EVP_CIPHER_CTX_init(rs);
+	EVP_CIPHER_CTX_init(ws);
+
+	num=c->key_len;
+	s->s2->key_material_length=num*2;
+
+	ssl2_generate_key_material(s);
+
+	EVP_EncryptInit(ws,c,&(s->s2->key_material[(client)?num:0]),
+		s->session->key_arg);
+	EVP_DecryptInit(rs,c,&(s->s2->key_material[(client)?0:num]),
+		s->session->key_arg);
+	s->s2->read_key=  &(s->s2->key_material[(client)?0:num]);
+	s->s2->write_key= &(s->s2->key_material[(client)?num:0]);
+	return(1);
+err:
+	SSLerr(SSL_F_SSL2_ENC_INIT,ERR_R_MALLOC_FAILURE);
+	return(0);
+	}
+
+/* read/writes from s->s2->mac_data using length for encrypt and 
+ * decrypt.  It sets the s->s2->padding, s->[rw]length and
+ * s->s2->pad_data ptr if we are encrypting */
+void ssl2_enc(SSL *s, int send)
+	{
+	EVP_CIPHER_CTX *ds;
+	unsigned long l;
+	int bs;
+
+	if (send)
+		{
+		ds=s->enc_write_ctx;
+		l=s->s2->wlength;
+		}
+	else
+		{
+		ds=s->enc_read_ctx;
+		l=s->s2->rlength;
+		}
+
+	/* check for NULL cipher */
+	if (ds == NULL) return;
+
+
+	bs=ds->cipher->block_size;
+	/* This should be using (bs-1) and bs instead of 7 and 8, but
+	 * what the hell. */
+	if (bs == 8)
+		l=(l+7)/8*8;
+
+	EVP_Cipher(ds,s->s2->mac_data,s->s2->mac_data,l);
+	}
+
+void ssl2_mac(SSL *s, unsigned char *md, int send)
+	{
+	EVP_MD_CTX c;
+	unsigned char sequence[4],*p,*sec,*act;
+	unsigned long seq;
+	unsigned int len;
+
+	if (send)
+		{
+		seq=s->s2->write_sequence;
+		sec=s->s2->write_key;
+		len=s->s2->wact_data_length;
+		act=s->s2->wact_data;
+		}
+	else
+		{
+		seq=s->s2->read_sequence;
+		sec=s->s2->read_key;
+		len=s->s2->ract_data_length;
+		act=s->s2->ract_data;
+		}
+
+	p= &(sequence[0]);
+	l2n(seq,p);
+
+	/* There has to be a MAC algorithm. */
+	EVP_DigestInit(&c,s->read_hash);
+	EVP_DigestUpdate(&c,sec,
+		EVP_CIPHER_CTX_key_length(s->enc_read_ctx));
+	EVP_DigestUpdate(&c,act,len); 
+	/* the above line also does the pad data */
+	EVP_DigestUpdate(&c,sequence,4); 
+	EVP_DigestFinal(&c,md,NULL);
+	/* some would say I should zero the md context */
+	}
+
diff --git a/crypto/openssl/ssl/s2_lib.c b/crypto/openssl/ssl/s2_lib.c
new file mode 100644
index 000000000000..ff804d8e0d1b
--- /dev/null
+++ b/crypto/openssl/ssl/s2_lib.c
@@ -0,0 +1,424 @@
+/* ssl/s2_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef NO_RSA
+#include 
+#include 
+#include 
+#include 
+#include "ssl_locl.h"
+
+static long ssl2_default_timeout(void );
+const char *ssl2_version_str="SSLv2" OPENSSL_VERSION_PTEXT;
+
+#define SSL2_NUM_CIPHERS (sizeof(ssl2_ciphers)/sizeof(SSL_CIPHER))
+
+OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={
+/* NULL_WITH_MD5 v3 */
+#if 0
+	{
+	1,
+	SSL2_TXT_NULL_WITH_MD5,
+	SSL2_CK_NULL_WITH_MD5,
+	SSL_kRSA|SSL_aRSA|SSL_eNULL|SSL_MD5|SSL_EXP40|SSL_SSLV2,
+	0,
+	SSL_ALL_CIPHERS,
+	},
+#endif
+/* RC4_128_EXPORT40_WITH_MD5 */
+	{
+	1,
+	SSL2_TXT_RC4_128_EXPORT40_WITH_MD5,
+	SSL2_CK_RC4_128_EXPORT40_WITH_MD5,
+	SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_EXP40|SSL_SSLV2,
+	SSL2_CF_5_BYTE_ENC,
+	SSL_ALL_CIPHERS,
+	},
+/* RC4_128_WITH_MD5 */
+	{
+	1,
+	SSL2_TXT_RC4_128_WITH_MD5,
+	SSL2_CK_RC4_128_WITH_MD5,
+	SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_NOT_EXP|SSL_SSLV2|SSL_MEDIUM,
+	0,
+	SSL_ALL_CIPHERS,
+	},
+/* RC2_128_CBC_EXPORT40_WITH_MD5 */
+	{
+	1,
+	SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5,
+	SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5,
+	SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_EXP40|SSL_SSLV2,
+	SSL2_CF_5_BYTE_ENC,
+	SSL_ALL_CIPHERS,
+	},
+/* RC2_128_CBC_WITH_MD5 */
+	{
+	1,
+	SSL2_TXT_RC2_128_CBC_WITH_MD5,
+	SSL2_CK_RC2_128_CBC_WITH_MD5,
+	SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_NOT_EXP|SSL_SSLV2|SSL_MEDIUM,
+	0,
+	SSL_ALL_CIPHERS,
+	},
+/* IDEA_128_CBC_WITH_MD5 */
+	{
+	1,
+	SSL2_TXT_IDEA_128_CBC_WITH_MD5,
+	SSL2_CK_IDEA_128_CBC_WITH_MD5,
+	SSL_kRSA|SSL_aRSA|SSL_IDEA|SSL_MD5|SSL_NOT_EXP|SSL_SSLV2|SSL_MEDIUM,
+	0,
+	SSL_ALL_CIPHERS,
+	},
+/* DES_64_CBC_WITH_MD5 */
+	{
+	1,
+	SSL2_TXT_DES_64_CBC_WITH_MD5,
+	SSL2_CK_DES_64_CBC_WITH_MD5,
+	SSL_kRSA|SSL_aRSA|SSL_DES|SSL_MD5|SSL_NOT_EXP|SSL_SSLV2|SSL_LOW,
+	0,
+	SSL_ALL_CIPHERS,
+	},
+/* DES_192_EDE3_CBC_WITH_MD5 */
+	{
+	1,
+	SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5,
+	SSL2_CK_DES_192_EDE3_CBC_WITH_MD5,
+	SSL_kRSA|SSL_aRSA|SSL_3DES|SSL_MD5|SSL_NOT_EXP|SSL_SSLV2|SSL_HIGH,
+	0,
+	SSL_ALL_CIPHERS,
+	},
+/* RC4_64_WITH_MD5 */
+#if 1
+	{
+	1,
+	SSL2_TXT_RC4_64_WITH_MD5,
+	SSL2_CK_RC4_64_WITH_MD5,
+	SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_SSLV2|SSL_LOW,
+	SSL2_CF_8_BYTE_ENC,
+	SSL_ALL_CIPHERS,
+	},
+#endif
+/* NULL SSLeay (testing) */
+#if 0
+	{	
+	0,
+	SSL2_TXT_NULL,
+	SSL2_CK_NULL,
+	0,
+	SSL_ALL_CIPHERS,
+	},
+#endif
+
+/* end of list :-) */
+	};
+
+static SSL_METHOD SSLv2_data= {
+	SSL2_VERSION,
+	ssl2_new,	/* local */
+	ssl2_clear,	/* local */
+	ssl2_free,	/* local */
+	ssl_undefined_function,
+	ssl_undefined_function,
+	ssl2_read,
+	ssl2_peek,
+	ssl2_write,
+	ssl2_shutdown,
+	ssl_ok,	/* NULL - renegotiate */
+	ssl_ok,	/* NULL - check renegotiate */
+	ssl2_ctrl,	/* local */
+	ssl2_ctx_ctrl,	/* local */
+	ssl2_get_cipher_by_char,
+	ssl2_put_cipher_by_char,
+	ssl2_pending,
+	ssl2_num_ciphers,
+	ssl2_get_cipher,
+	ssl_bad_method,
+	ssl2_default_timeout,
+	&ssl3_undef_enc_method,
+	};
+
+static long ssl2_default_timeout(void)
+	{
+	return(300);
+	}
+
+SSL_METHOD *sslv2_base_method(void)
+	{
+	return(&SSLv2_data);
+	}
+
+int ssl2_num_ciphers(void)
+	{
+	return(SSL2_NUM_CIPHERS);
+	}
+
+SSL_CIPHER *ssl2_get_cipher(unsigned int u)
+	{
+	if (u < SSL2_NUM_CIPHERS)
+		return(&(ssl2_ciphers[SSL2_NUM_CIPHERS-1-u]));
+	else
+		return(NULL);
+	}
+
+int ssl2_pending(SSL *s)
+	{
+	return(s->s2->ract_data_length);
+	}
+
+int ssl2_new(SSL *s)
+	{
+	SSL2_CTX *s2;
+
+	if ((s2=(SSL2_CTX *)Malloc(sizeof(SSL2_CTX))) == NULL) goto err;
+	memset(s2,0,sizeof(SSL2_CTX));
+
+	if ((s2->rbuf=(unsigned char *)Malloc(
+		SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2)) == NULL) goto err;
+	if ((s2->wbuf=(unsigned char *)Malloc(
+		SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2)) == NULL) goto err;
+	s->s2=s2;
+
+	ssl2_clear(s);
+	return(1);
+err:
+	if (s2 != NULL)
+		{
+		if (s2->wbuf != NULL) Free(s2->wbuf);
+		if (s2->rbuf != NULL) Free(s2->rbuf);
+		Free(s2);
+		}
+	return(0);
+	}
+
+void ssl2_free(SSL *s)
+	{
+	SSL2_CTX *s2;
+
+	if(s == NULL)
+	    return;
+
+	s2=s->s2;
+	if (s2->rbuf != NULL) Free(s2->rbuf);
+	if (s2->wbuf != NULL) Free(s2->wbuf);
+	memset(s2,0,sizeof(SSL2_CTX));
+	Free(s2);
+	s->s2=NULL;
+	}
+
+void ssl2_clear(SSL *s)
+	{
+	SSL2_CTX *s2;
+	unsigned char *rbuf,*wbuf;
+
+	s2=s->s2;
+
+	rbuf=s2->rbuf;
+	wbuf=s2->wbuf;
+
+	memset(s2,0,sizeof(SSL2_CTX));
+
+	s2->rbuf=rbuf;
+	s2->wbuf=wbuf;
+	s2->clear_text=1;
+	s->packet=s2->rbuf;
+	s->version=SSL2_VERSION;
+	s->packet_length=0;
+	}
+
+long ssl2_ctrl(SSL *s, int cmd, long larg, char *parg)
+	{
+	int ret=0;
+
+	switch(cmd)
+		{
+	case SSL_CTRL_GET_SESSION_REUSED:
+		ret=s->hit;
+		break;
+	default:
+		break;
+		}
+	return(ret);
+	}
+
+long ssl2_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, char *parg)
+	{
+	return(0);
+	}
+
+/* This function needs to check if the ciphers required are actually
+ * available */
+SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p)
+	{
+	static int init=1;
+	static SSL_CIPHER *sorted[SSL2_NUM_CIPHERS];
+	SSL_CIPHER c,*cp= &c,**cpp;
+	unsigned long id;
+	int i;
+
+	if (init)
+		{
+		CRYPTO_w_lock(CRYPTO_LOCK_SSL);
+
+		for (i=0; ivalid)
+		return(NULL);
+	else
+		return(*cpp);
+	}
+
+int ssl2_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
+	{
+	long l;
+
+	if (p != NULL)
+		{
+		l=c->id;
+		if ((l & 0xff000000) != 0x02000000) return(0);
+		p[0]=((unsigned char)(l>>16L))&0xFF;
+		p[1]=((unsigned char)(l>> 8L))&0xFF;
+		p[2]=((unsigned char)(l     ))&0xFF;
+		}
+	return(3);
+	}
+
+void ssl2_generate_key_material(SSL *s)
+	{
+	unsigned int i;
+	MD5_CTX ctx;
+	unsigned char *km;
+	unsigned char c='0';
+
+#ifdef CHARSET_EBCDIC
+	c = os_toascii['0']; /* Must be an ASCII '0', not EBCDIC '0',
+				see SSLv2 docu */
+#endif
+
+	km=s->s2->key_material;
+	for (i=0; is2->key_material_length; i+=MD5_DIGEST_LENGTH)
+		{
+		MD5_Init(&ctx);
+
+		MD5_Update(&ctx,s->session->master_key,s->session->master_key_length);
+		MD5_Update(&ctx,(unsigned char *)&c,1);
+		c++;
+		MD5_Update(&ctx,s->s2->challenge,s->s2->challenge_length);
+		MD5_Update(&ctx,s->s2->conn_id,s->s2->conn_id_length);
+		MD5_Final(km,&ctx);
+		km+=MD5_DIGEST_LENGTH;
+		}
+	}
+
+void ssl2_return_error(SSL *s, int err)
+	{
+	if (!s->error)
+		{
+		s->error=3;
+		s->error_code=err;
+
+		ssl2_write_error(s);
+		}
+	}
+
+
+void ssl2_write_error(SSL *s)
+	{
+	unsigned char buf[3];
+	int i,error;
+
+	buf[0]=SSL2_MT_ERROR;
+	buf[1]=(s->error_code>>8)&0xff;
+	buf[2]=(s->error_code)&0xff;
+
+/*	state=s->rwstate;*/
+	error=s->error;
+	s->error=0;
+	i=ssl2_write(s,&(buf[3-error]),error);
+/*	if (i == error) s->rwstate=state; */
+
+	if (i < 0)
+		s->error=error;
+	else if (i != s->error)
+		s->error=error-i;
+	/* else
+		s->error=0; */
+	}
+
+int ssl2_shutdown(SSL *s)
+	{
+	s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
+	return(1);
+	}
+#endif
diff --git a/crypto/openssl/ssl/s2_meth.c b/crypto/openssl/ssl/s2_meth.c
new file mode 100644
index 000000000000..e2add164ddbe
--- /dev/null
+++ b/crypto/openssl/ssl/s2_meth.c
@@ -0,0 +1,89 @@
+/* ssl/s2_meth.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef NO_RSA
+#include 
+#include 
+#include "ssl_locl.h"
+
+static SSL_METHOD *ssl2_get_method(int ver);
+static SSL_METHOD *ssl2_get_method(int ver)
+	{
+	if (ver == SSL2_VERSION)
+		return(SSLv2_method());
+	else
+		return(NULL);
+	}
+
+SSL_METHOD *SSLv2_method(void)
+	{
+	static int init=1;
+	static SSL_METHOD SSLv2_data;
+
+	if (init)
+		{
+		memcpy((char *)&SSLv2_data,(char *)sslv2_base_method(),
+			sizeof(SSL_METHOD));
+		SSLv2_data.ssl_connect=ssl2_connect;
+		SSLv2_data.ssl_accept=ssl2_accept;
+		SSLv2_data.get_ssl_method=ssl2_get_method;
+		init=0;
+		}
+	return(&SSLv2_data);
+	}
+#endif
diff --git a/crypto/openssl/ssl/s2_pkt.c b/crypto/openssl/ssl/s2_pkt.c
new file mode 100644
index 000000000000..a1bb5bca4b80
--- /dev/null
+++ b/crypto/openssl/ssl/s2_pkt.c
@@ -0,0 +1,640 @@
+/* ssl/s2_pkt.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#define USE_SOCKETS
+#include "ssl_locl.h"
+
+static int read_n(SSL *s,unsigned int n,unsigned int max,unsigned int extend);
+static int do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len);
+static int write_pending(SSL *s, const unsigned char *buf, unsigned int len);
+static int ssl_mt_error(int n);
+int ssl2_peek(SSL *s, char *buf, int len)
+	{
+	int ret;
+
+	ret=ssl2_read(s,buf,len);
+	if (ret > 0)
+	        {
+		s->s2->ract_data_length+=ret;
+		s->s2->ract_data-=ret;
+		}
+	return(ret);
+	}
+
+/* SSL_read -
+ * This routine will return 0 to len bytes, decrypted etc if required.
+ */
+int ssl2_read(SSL *s, void *buf, int len)
+	{
+	int n;
+	unsigned char mac[MAX_MAC_SIZE];
+	unsigned char *p;
+	int i;
+	unsigned int mac_size=0;
+
+ssl2_read_again:
+	if (SSL_in_init(s) && !s->in_handshake)
+		{
+		n=s->handshake_func(s);
+		if (n < 0) return(n);
+		if (n == 0)
+			{
+			SSLerr(SSL_F_SSL2_READ,SSL_R_SSL_HANDSHAKE_FAILURE);
+			return(-1);
+			}
+		}
+
+	clear_sys_error();
+	s->rwstate=SSL_NOTHING;
+	if (len <= 0) return(len);
+
+	if (s->s2->ract_data_length != 0) /* read from buffer */
+		{
+		if (len > s->s2->ract_data_length)
+			n=s->s2->ract_data_length;
+		else
+			n=len;
+
+		memcpy(buf,s->s2->ract_data,(unsigned int)n);
+		s->s2->ract_data_length-=n;
+		s->s2->ract_data+=n;
+		if (s->s2->ract_data_length == 0)
+			s->rstate=SSL_ST_READ_HEADER;
+		return(n);
+		}
+
+	if (s->rstate == SSL_ST_READ_HEADER)
+		{
+		if (s->first_packet)
+			{
+			n=read_n(s,5,SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2,0);
+			if (n <= 0) return(n); /* error or non-blocking */
+			s->first_packet=0;
+			p=s->packet;
+			if (!((p[0] & 0x80) && (
+				(p[2] == SSL2_MT_CLIENT_HELLO) ||
+				(p[2] == SSL2_MT_SERVER_HELLO))))
+				{
+				SSLerr(SSL_F_SSL2_READ,SSL_R_NON_SSLV2_INITIAL_PACKET);
+				return(-1);
+				}
+			}
+		else
+			{
+			n=read_n(s,2,SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2,0);
+			if (n <= 0) return(n); /* error or non-blocking */
+			}
+		/* part read stuff */
+
+		s->rstate=SSL_ST_READ_BODY;
+		p=s->packet;
+		/* Do header */
+		/*s->s2->padding=0;*/
+		s->s2->escape=0;
+		s->s2->rlength=(((unsigned int)p[0])<<8)|((unsigned int)p[1]);
+		if ((p[0] & TWO_BYTE_BIT))		/* Two byte header? */
+			{
+			s->s2->three_byte_header=0;
+			s->s2->rlength&=TWO_BYTE_MASK;	
+			}
+		else
+			{
+			s->s2->three_byte_header=1;
+			s->s2->rlength&=THREE_BYTE_MASK;
+
+			/* security >s2->escape */
+			s->s2->escape=((p[0] & SEC_ESC_BIT))?1:0;
+			}
+		}
+
+	if (s->rstate == SSL_ST_READ_BODY)
+		{
+		n=s->s2->rlength+2+s->s2->three_byte_header;
+		if (n > (int)s->packet_length)
+			{
+			n-=s->packet_length;
+			i=read_n(s,(unsigned int)n,(unsigned int)n,1);
+			if (i <= 0) return(i); /* ERROR */
+			}
+
+		p= &(s->packet[2]);
+		s->rstate=SSL_ST_READ_HEADER;
+		if (s->s2->three_byte_header)
+			s->s2->padding= *(p++);
+		else	s->s2->padding=0;
+
+		/* Data portion */
+		if (s->s2->clear_text)
+			{
+			s->s2->mac_data=p;
+			s->s2->ract_data=p;
+			s->s2->pad_data=NULL;
+			}
+		else
+			{
+			mac_size=EVP_MD_size(s->read_hash);
+			s->s2->mac_data=p;
+			s->s2->ract_data= &p[mac_size];
+			s->s2->pad_data= &p[mac_size+
+				s->s2->rlength-s->s2->padding];
+			}
+
+		s->s2->ract_data_length=s->s2->rlength;
+		/* added a check for length > max_size in case
+		 * encryption was not turned on yet due to an error */
+		if ((!s->s2->clear_text) &&
+			(s->s2->rlength >= mac_size))
+			{
+			ssl2_enc(s,0);
+			s->s2->ract_data_length-=mac_size;
+			ssl2_mac(s,mac,0);
+			s->s2->ract_data_length-=s->s2->padding;
+			if (	(memcmp(mac,s->s2->mac_data,
+				(unsigned int)mac_size) != 0) ||
+				(s->s2->rlength%EVP_CIPHER_CTX_block_size(s->enc_read_ctx) != 0))
+				{
+				SSLerr(SSL_F_SSL2_READ,SSL_R_BAD_MAC_DECODE);
+				return(-1);
+				}
+			}
+		INC32(s->s2->read_sequence); /* expect next number */
+		/* s->s2->ract_data is now available for processing */
+
+#if 1
+		/* How should we react when a packet containing 0
+		 * bytes is received?  (Note that SSLeay/OpenSSL itself
+		 * never sends such packets; see ssl2_write.)
+		 * Returning 0 would be interpreted by the caller as
+		 * indicating EOF, so it's not a good idea.
+		 * Instead, we just continue reading.  Note that using
+		 * select() for blocking sockets *never* guarantees
+		 * that the next SSL_read will not block -- the available
+		 * data may contain incomplete packets, and except for SSL 2
+		 * renegotiation can confuse things even more. */
+
+		goto ssl2_read_again; /* This should really be
+				       * "return ssl2_read(s,buf,len)",
+				       * but that would allow for
+				       * denial-of-service attacks if a
+				       * C compiler is used that does not
+				       * recognize end-recursion. */
+#else
+		/* If a 0 byte packet was sent, return 0, otherwise
+		 * we play havoc with people using select with
+		 * blocking sockets.  Let them handle a packet at a time,
+		 * they should really be using non-blocking sockets. */
+		if (s->s2->ract_data_length == 0)
+			return(0);
+		return(ssl2_read(s,buf,len));
+#endif
+		}
+	else
+		{
+		SSLerr(SSL_F_SSL2_READ,SSL_R_BAD_STATE);
+			return(-1);
+		}
+	}
+
+static int read_n(SSL *s, unsigned int n, unsigned int max,
+	     unsigned int extend)
+	{
+	int i,off,newb;
+
+	/* if there is stuff still in the buffer from a previous read,
+	 * and there is more than we want, take some. */
+	if (s->s2->rbuf_left >= (int)n)
+		{
+		if (extend)
+			s->packet_length+=n;
+		else
+			{
+			s->packet= &(s->s2->rbuf[s->s2->rbuf_offs]);
+			s->packet_length=n;
+			}
+		s->s2->rbuf_left-=n;
+		s->s2->rbuf_offs+=n;
+		return(n);
+		}
+
+	if (!s->read_ahead) max=n;
+	if (max > (unsigned int)(SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2))
+		max=SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2;
+	
+
+	/* Else we want more than we have.
+	 * First, if there is some left or we want to extend */
+	off=0;
+	if ((s->s2->rbuf_left != 0) || ((s->packet_length != 0) && extend))
+		{
+		newb=s->s2->rbuf_left;
+		if (extend)
+			{
+			off=s->packet_length;
+			if (s->packet != s->s2->rbuf)
+				memcpy(s->s2->rbuf,s->packet,
+					(unsigned int)newb+off);
+			}
+		else if (s->s2->rbuf_offs != 0)
+			{
+			memcpy(s->s2->rbuf,&(s->s2->rbuf[s->s2->rbuf_offs]),
+				(unsigned int)newb);
+			s->s2->rbuf_offs=0;
+			}
+		s->s2->rbuf_left=0;
+		}
+	else
+		newb=0;
+
+	/* off is the offset to start writing too.
+	 * r->s2->rbuf_offs is the 'unread data', now 0. 
+	 * newb is the number of new bytes so far
+	 */
+	s->packet=s->s2->rbuf;
+	while (newb < (int)n)
+		{
+		clear_sys_error();
+		if (s->rbio != NULL)
+			{
+			s->rwstate=SSL_READING;
+			i=BIO_read(s->rbio,(char *)&(s->s2->rbuf[off+newb]),
+				max-newb);
+			}
+		else
+			{
+			SSLerr(SSL_F_READ_N,SSL_R_READ_BIO_NOT_SET);
+			i= -1;
+			}
+#ifdef PKT_DEBUG
+		if (s->debug & 0x01) sleep(1);
+#endif
+		if (i <= 0)
+			{
+			s->s2->rbuf_left+=newb;
+			return(i);
+			}
+		newb+=i;
+		}
+
+	/* record unread data */
+	if (newb > (int)n)
+		{
+		s->s2->rbuf_offs=n+off;
+		s->s2->rbuf_left=newb-n;
+		}
+	else
+		{
+		s->s2->rbuf_offs=0;
+		s->s2->rbuf_left=0;
+		}
+	if (extend)
+		s->packet_length+=n;
+	else
+		s->packet_length=n;
+	s->rwstate=SSL_NOTHING;
+	return(n);
+	}
+
+int ssl2_write(SSL *s, const void *_buf, int len)
+	{
+	const unsigned char *buf=_buf;
+	unsigned int n,tot;
+	int i;
+
+	if (SSL_in_init(s) && !s->in_handshake)
+		{
+		i=s->handshake_func(s);
+		if (i < 0) return(i);
+		if (i == 0)
+			{
+			SSLerr(SSL_F_SSL2_WRITE,SSL_R_SSL_HANDSHAKE_FAILURE);
+			return(-1);
+			}
+		}
+
+	if (s->error)
+		{
+		ssl2_write_error(s);
+		if (s->error)
+			return(-1);
+		}
+
+	clear_sys_error();
+	s->rwstate=SSL_NOTHING;
+	if (len <= 0) return(len);
+
+	tot=s->s2->wnum;
+	s->s2->wnum=0;
+
+	n=(len-tot);
+	for (;;)
+		{
+		i=do_ssl_write(s,&(buf[tot]),n);
+		if (i <= 0)
+			{
+			s->s2->wnum=tot;
+			return(i);
+			}
+		if ((i == (int)n) ||
+			(s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE))
+			{
+			return(tot+i);
+			}
+		
+		n-=i;
+		tot+=i;
+		}
+	}
+
+static int write_pending(SSL *s, const unsigned char *buf, unsigned int len)
+	{
+	int i;
+
+	/* s->s2->wpend_len != 0 MUST be true. */
+
+	/* check that they have given us the same buffer to
+	 * write */
+	if ((s->s2->wpend_tot > (int)len) ||
+		((s->s2->wpend_buf != buf) &&
+		 !(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)))
+		{
+		SSLerr(SSL_F_WRITE_PENDING,SSL_R_BAD_WRITE_RETRY);
+		return(-1);
+		}
+
+	for (;;)
+		{
+		clear_sys_error();
+		if (s->wbio != NULL)
+			{
+			s->rwstate=SSL_WRITING;
+			i=BIO_write(s->wbio,
+				(char *)&(s->s2->write_ptr[s->s2->wpend_off]),
+				(unsigned int)s->s2->wpend_len);
+			}
+		else
+			{
+			SSLerr(SSL_F_WRITE_PENDING,SSL_R_WRITE_BIO_NOT_SET);
+			i= -1;
+			}
+#ifdef PKT_DEBUG
+		if (s->debug & 0x01) sleep(1);
+#endif
+		if (i == s->s2->wpend_len)
+			{
+			s->s2->wpend_len=0;
+			s->rwstate=SSL_NOTHING;
+			return(s->s2->wpend_ret);
+			}
+		else if (i <= 0)
+			return(i);
+		s->s2->wpend_off+=i;
+		s->s2->wpend_len-=i;
+		}
+	}
+
+static int do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len)
+	{
+	unsigned int j,k,olen,p,mac_size,bs;
+	register unsigned char *pp;
+
+	olen=len;
+
+	/* first check if there is data from an encryption waiting to
+	 * be sent - it must be sent because the other end is waiting.
+	 * This will happen with non-blocking IO.  We print it and then
+	 * return.
+	 */
+	if (s->s2->wpend_len != 0) return(write_pending(s,buf,len));
+
+	/* set mac_size to mac size */
+	if (s->s2->clear_text)
+		mac_size=0;
+	else
+		mac_size=EVP_MD_size(s->write_hash);
+
+	/* lets set the pad p */
+	if (s->s2->clear_text)
+		{
+		if (len > SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER)
+			len=SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER;
+		p=0;
+		s->s2->three_byte_header=0;
+		/* len=len; */
+		}
+	else
+		{
+		bs=EVP_CIPHER_CTX_block_size(s->enc_read_ctx);
+		j=len+mac_size;
+		if ((j > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) &&
+			(!s->s2->escape))
+			{
+			if (j > SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER)
+				j=SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER;
+			/* set k to the max number of bytes with 2
+			 * byte header */
+			k=j-(j%bs);
+			/* how many data bytes? */
+			len=k-mac_size; 
+			s->s2->three_byte_header=0;
+			p=0;
+			}
+		else if ((bs <= 1) && (!s->s2->escape))
+			{
+			/* len=len; */
+			s->s2->three_byte_header=0;
+			p=0;
+			}
+		else /* 3 byte header */
+			{
+			/*len=len; */
+			p=(j%bs);
+			p=(p == 0)?0:(bs-p);
+			if (s->s2->escape)
+				s->s2->three_byte_header=1;
+			else
+				s->s2->three_byte_header=(p == 0)?0:1;
+			}
+		}
+	/* mac_size is the number of MAC bytes
+	 * len is the number of data bytes we are going to send
+	 * p is the number of padding bytes
+	 * if p == 0, it is a 2 byte header */
+
+	s->s2->wlength=len;
+	s->s2->padding=p;
+	s->s2->mac_data= &(s->s2->wbuf[3]);
+	s->s2->wact_data= &(s->s2->wbuf[3+mac_size]);
+	/* we copy the data into s->s2->wbuf */
+	memcpy(s->s2->wact_data,buf,len);
+#ifdef PURIFY
+	if (p)
+		memset(&(s->s2->wact_data[len]),0,p);
+#endif
+
+	if (!s->s2->clear_text)
+		{
+		s->s2->wact_data_length=len+p;
+		ssl2_mac(s,s->s2->mac_data,1);
+		s->s2->wlength+=p+mac_size;
+		ssl2_enc(s,1);
+		}
+
+	/* package up the header */
+	s->s2->wpend_len=s->s2->wlength;
+	if (s->s2->three_byte_header) /* 3 byte header */
+		{
+		pp=s->s2->mac_data;
+		pp-=3;
+		pp[0]=(s->s2->wlength>>8)&(THREE_BYTE_MASK>>8);
+		if (s->s2->escape) pp[0]|=SEC_ESC_BIT;
+		pp[1]=s->s2->wlength&0xff;
+		pp[2]=s->s2->padding;
+		s->s2->wpend_len+=3;
+		}
+	else
+		{
+		pp=s->s2->mac_data;
+		pp-=2;
+		pp[0]=((s->s2->wlength>>8)&(TWO_BYTE_MASK>>8))|TWO_BYTE_BIT;
+		pp[1]=s->s2->wlength&0xff;
+		s->s2->wpend_len+=2;
+		}
+	s->s2->write_ptr=pp;
+	
+	INC32(s->s2->write_sequence); /* expect next number */
+
+	/* lets try to actually write the data */
+	s->s2->wpend_tot=olen;
+	s->s2->wpend_buf=buf;
+
+	s->s2->wpend_ret=len;
+
+	s->s2->wpend_off=0;
+	return(write_pending(s,buf,olen));
+	}
+
+int ssl2_part_read(SSL *s, unsigned long f, int i)
+	{
+	unsigned char *p;
+	int j;
+
+	/* check for error */
+	if ((s->init_num == 0) && (i >= 3))
+		{
+		p=(unsigned char *)s->init_buf->data;
+		if (p[0] == SSL2_MT_ERROR)
+			{
+			j=(p[1]<<8)|p[2];
+			SSLerr((int)f,ssl_mt_error(j));
+			}
+		}
+
+	if (i < 0)
+		{
+		/* ssl2_return_error(s); */
+		/* for non-blocking io,
+		 * this is not fatal */
+		return(i);
+		}
+	else
+		{
+		s->init_num+=i;
+		return(0);
+		}
+	}
+
+int ssl2_do_write(SSL *s)
+	{
+	int ret;
+
+	ret=ssl2_write(s,&s->init_buf->data[s->init_off],s->init_num);
+	if (ret == s->init_num)
+		return(1);
+	if (ret < 0)
+		return(-1);
+	s->init_off+=ret;
+	s->init_num-=ret;
+	return(0);
+	}
+
+static int ssl_mt_error(int n)
+	{
+	int ret;
+
+	switch (n)
+		{
+	case SSL2_PE_NO_CIPHER:
+		ret=SSL_R_PEER_ERROR_NO_CIPHER;
+		break;
+	case SSL2_PE_NO_CERTIFICATE:
+		ret=SSL_R_PEER_ERROR_NO_CERTIFICATE;
+		break;
+	case SSL2_PE_BAD_CERTIFICATE:
+		ret=SSL_R_PEER_ERROR_CERTIFICATE;
+		break;
+	case SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE:
+		ret=SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE;
+		break;
+	default:
+		ret=SSL_R_UNKNOWN_REMOTE_ERROR_TYPE;
+		break;
+		}
+	return(ret);
+	}
diff --git a/crypto/openssl/ssl/s2_srvr.c b/crypto/openssl/ssl/s2_srvr.c
new file mode 100644
index 000000000000..9aeedef55f62
--- /dev/null
+++ b/crypto/openssl/ssl/s2_srvr.c
@@ -0,0 +1,968 @@
+/* ssl/s2_srvr.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef NO_RSA
+#include 
+#include 
+#include 
+#include 
+#include "ssl_locl.h"
+#include 
+
+static SSL_METHOD *ssl2_get_server_method(int ver);
+static int get_client_master_key(SSL *s);
+static int get_client_hello(SSL *s);
+static int server_hello(SSL *s); 
+static int get_client_finished(SSL *s);
+static int server_verify(SSL *s);
+static int server_finish(SSL *s);
+static int request_certificate(SSL *s);
+static int ssl_rsa_private_decrypt(CERT *c, int len, unsigned char *from,
+	unsigned char *to,int padding);
+#define BREAK	break
+
+static SSL_METHOD *ssl2_get_server_method(int ver)
+	{
+	if (ver == SSL2_VERSION)
+		return(SSLv2_server_method());
+	else
+		return(NULL);
+	}
+
+SSL_METHOD *SSLv2_server_method(void)
+	{
+	static int init=1;
+	static SSL_METHOD SSLv2_server_data;
+
+	if (init)
+		{
+		memcpy((char *)&SSLv2_server_data,(char *)sslv2_base_method(),
+			sizeof(SSL_METHOD));
+		SSLv2_server_data.ssl_accept=ssl2_accept;
+		SSLv2_server_data.get_ssl_method=ssl2_get_server_method;
+		init=0;
+		}
+	return(&SSLv2_server_data);
+	}
+
+int ssl2_accept(SSL *s)
+	{
+	unsigned long l=time(NULL);
+	BUF_MEM *buf=NULL;
+	int ret= -1;
+	long num1;
+	void (*cb)()=NULL;
+	int new_state,state;
+
+	RAND_seed(&l,sizeof(l));
+	ERR_clear_error();
+	clear_sys_error();
+
+	if (s->info_callback != NULL)
+		cb=s->info_callback;
+	else if (s->ctx->info_callback != NULL)
+		cb=s->ctx->info_callback;
+
+	/* init things to blank */
+	if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
+	s->in_handshake++;
+
+	if (s->cert == NULL)
+		{
+		SSLerr(SSL_F_SSL2_ACCEPT,SSL_R_NO_CERTIFICATE_SET);
+		return(-1);
+		}
+
+	clear_sys_error();
+	for (;;)
+		{
+		state=s->state;
+
+		switch (s->state)
+			{
+		case SSL_ST_BEFORE:
+		case SSL_ST_ACCEPT:
+		case SSL_ST_BEFORE|SSL_ST_ACCEPT:
+		case SSL_ST_OK|SSL_ST_ACCEPT:
+
+			s->server=1;
+			if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
+
+			s->version=SSL2_VERSION;
+			s->type=SSL_ST_ACCEPT;
+
+			buf=s->init_buf;
+			if ((buf == NULL) && ((buf=BUF_MEM_new()) == NULL))
+				{ ret= -1; goto end; }
+			if (!BUF_MEM_grow(buf,(int)
+				SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER))
+				{ ret= -1; goto end; }
+			s->init_buf=buf;
+			s->init_num=0;
+			s->ctx->stats.sess_accept++;
+			s->handshake_func=ssl2_accept;
+			s->state=SSL2_ST_GET_CLIENT_HELLO_A;
+			BREAK;
+
+		case SSL2_ST_GET_CLIENT_HELLO_A:
+		case SSL2_ST_GET_CLIENT_HELLO_B:
+		case SSL2_ST_GET_CLIENT_HELLO_C:
+			s->shutdown=0;
+			ret=get_client_hello(s);
+			if (ret <= 0) goto end;
+			s->init_num=0;
+			s->state=SSL2_ST_SEND_SERVER_HELLO_A;
+			BREAK;
+
+		case SSL2_ST_SEND_SERVER_HELLO_A:
+		case SSL2_ST_SEND_SERVER_HELLO_B:
+			ret=server_hello(s);
+			if (ret <= 0) goto end;
+			s->init_num=0;
+			if (!s->hit)
+				{
+				s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_A;
+				BREAK;
+				}
+			else
+				{
+				s->state=SSL2_ST_SERVER_START_ENCRYPTION;
+				BREAK;
+				}
+		case SSL2_ST_GET_CLIENT_MASTER_KEY_A:
+		case SSL2_ST_GET_CLIENT_MASTER_KEY_B:
+			ret=get_client_master_key(s);
+			if (ret <= 0) goto end;
+			s->init_num=0;
+			s->state=SSL2_ST_SERVER_START_ENCRYPTION;
+			BREAK;
+
+		case SSL2_ST_SERVER_START_ENCRYPTION:
+			/* Ok we how have sent all the stuff needed to
+			 * start encrypting, the next packet back will
+			 * be encrypted. */
+			if (!ssl2_enc_init(s,0))
+				{ ret= -1; goto end; }
+			s->s2->clear_text=0;
+			s->state=SSL2_ST_SEND_SERVER_VERIFY_A;
+			BREAK;
+
+		case SSL2_ST_SEND_SERVER_VERIFY_A:
+		case SSL2_ST_SEND_SERVER_VERIFY_B:
+			ret=server_verify(s);
+			if (ret <= 0) goto end;
+			s->init_num=0;
+			if (s->hit)
+				{
+				/* If we are in here, we have been
+				 * buffering the output, so we need to
+				 * flush it and remove buffering from
+				 * future traffic */
+				s->state=SSL2_ST_SEND_SERVER_VERIFY_C;
+				BREAK;
+				}
+			else
+				{
+				s->state=SSL2_ST_GET_CLIENT_FINISHED_A;
+				break;
+				}
+
+ 		case SSL2_ST_SEND_SERVER_VERIFY_C:
+ 			/* get the number of bytes to write */
+ 			num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL);
+ 			if (num1 != 0)
+ 				{
+				s->rwstate=SSL_WRITING;
+ 				num1=BIO_flush(s->wbio);
+ 				if (num1 <= 0) { ret= -1; goto end; }
+				s->rwstate=SSL_NOTHING;
+				}
+
+ 			/* flushed and now remove buffering */
+ 			s->wbio=BIO_pop(s->wbio);
+
+ 			s->state=SSL2_ST_GET_CLIENT_FINISHED_A;
+  			BREAK;
+
+		case SSL2_ST_GET_CLIENT_FINISHED_A:
+		case SSL2_ST_GET_CLIENT_FINISHED_B:
+			ret=get_client_finished(s);
+			if (ret <= 0)
+				goto end;
+			s->init_num=0;
+			s->state=SSL2_ST_SEND_REQUEST_CERTIFICATE_A;
+			BREAK;
+
+		case SSL2_ST_SEND_REQUEST_CERTIFICATE_A:
+		case SSL2_ST_SEND_REQUEST_CERTIFICATE_B:
+		case SSL2_ST_SEND_REQUEST_CERTIFICATE_C:
+		case SSL2_ST_SEND_REQUEST_CERTIFICATE_D:
+			/* don't do a 'request certificate' if we
+			 * don't want to, or we already have one, and
+			 * we only want to do it once. */
+			if (!(s->verify_mode & SSL_VERIFY_PEER) ||
+				((s->session->peer != NULL) &&
+				(s->verify_mode & SSL_VERIFY_CLIENT_ONCE)))
+				{
+				s->state=SSL2_ST_SEND_SERVER_FINISHED_A;
+				break;
+				}
+			else
+				{
+				ret=request_certificate(s);
+				if (ret <= 0) goto end;
+				s->init_num=0;
+				s->state=SSL2_ST_SEND_SERVER_FINISHED_A;
+				}
+			BREAK;
+
+		case SSL2_ST_SEND_SERVER_FINISHED_A:
+		case SSL2_ST_SEND_SERVER_FINISHED_B:
+			ret=server_finish(s);
+			if (ret <= 0) goto end;
+			s->init_num=0;
+			s->state=SSL_ST_OK;
+			break;
+
+		case SSL_ST_OK:
+			BUF_MEM_free(s->init_buf);
+			ssl_free_wbio_buffer(s);
+			s->init_buf=NULL;
+			s->init_num=0;
+		/*	ERR_clear_error();*/
+
+			ssl_update_cache(s,SSL_SESS_CACHE_SERVER);
+
+			s->ctx->stats.sess_accept_good++;
+			/* s->server=1; */
+			ret=1;
+
+			if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
+
+			goto end;
+			/* BREAK; */
+
+		default:
+			SSLerr(SSL_F_SSL2_ACCEPT,SSL_R_UNKNOWN_STATE);
+			ret= -1;
+			goto end;
+			/* BREAK; */
+			}
+		
+		if ((cb != NULL) && (s->state != state))
+			{
+			new_state=s->state;
+			s->state=state;
+			cb(s,SSL_CB_ACCEPT_LOOP,1);
+			s->state=new_state;
+			}
+		}
+end:
+	s->in_handshake--;
+	if (cb != NULL)
+		cb(s,SSL_CB_ACCEPT_EXIT,ret);
+	return(ret);
+	}
+
+static int get_client_master_key(SSL *s)
+	{
+	int is_export,i,n,keya,ek;
+	unsigned char *p;
+	SSL_CIPHER *cp;
+	const EVP_CIPHER *c;
+	const EVP_MD *md;
+
+	p=(unsigned char *)s->init_buf->data;
+	if (s->state == SSL2_ST_GET_CLIENT_MASTER_KEY_A)
+		{
+		i=ssl2_read(s,(char *)&(p[s->init_num]),10-s->init_num);
+
+		if (i < (10-s->init_num))
+			return(ssl2_part_read(s,SSL_F_GET_CLIENT_MASTER_KEY,i));
+		if (*(p++) != SSL2_MT_CLIENT_MASTER_KEY)
+			{
+			if (p[-1] != SSL2_MT_ERROR)
+				{
+				ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+				SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_READ_WRONG_PACKET_TYPE);
+				}
+			else
+				SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,
+					SSL_R_PEER_ERROR);
+			return(-1);
+			}
+
+		cp=ssl2_get_cipher_by_char(p);
+		if (cp == NULL)
+			{
+			ssl2_return_error(s,SSL2_PE_NO_CIPHER);
+			SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,
+				SSL_R_NO_CIPHER_MATCH);
+			return(-1);
+			}
+		s->session->cipher= cp;
+
+		p+=3;
+		n2s(p,i); s->s2->tmp.clear=i;
+		n2s(p,i); s->s2->tmp.enc=i;
+		n2s(p,i); s->session->key_arg_length=i;
+		s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B;
+		s->init_num=0;
+		}
+
+	/* SSL2_ST_GET_CLIENT_MASTER_KEY_B */
+	p=(unsigned char *)s->init_buf->data;
+	keya=s->session->key_arg_length;
+	n=s->s2->tmp.clear+s->s2->tmp.enc+keya - s->init_num;
+	i=ssl2_read(s,(char *)&(p[s->init_num]),n);
+	if (i != n) return(ssl2_part_read(s,SSL_F_GET_CLIENT_MASTER_KEY,i));
+
+	memcpy(s->session->key_arg,&(p[s->s2->tmp.clear+s->s2->tmp.enc]),
+		(unsigned int)keya);
+
+	if (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL)
+		{
+		ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+		SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_NO_PRIVATEKEY);
+		return(-1);
+		}
+	i=ssl_rsa_private_decrypt(s->cert,s->s2->tmp.enc,
+		&(p[s->s2->tmp.clear]),&(p[s->s2->tmp.clear]),
+		(s->s2->ssl2_rollback)?RSA_SSLV23_PADDING:RSA_PKCS1_PADDING);
+
+	is_export=SSL_C_IS_EXPORT(s->session->cipher);
+	
+	if (!ssl_cipher_get_evp(s->session,&c,&md,NULL))
+		{
+		ssl2_return_error(s,SSL2_PE_NO_CIPHER);
+		SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS);
+		return(0);
+		}
+
+	if (s->session->cipher->algorithm2 & SSL2_CF_8_BYTE_ENC)
+		{
+		is_export=1;
+		ek=8;
+		}
+	else
+		ek=5;
+
+	/* bad decrypt */
+#if 1
+	/* If a bad decrypt, continue with protocol but with a
+	 * dud master secret */
+	if ((i < 0) ||
+		((!is_export && (i != EVP_CIPHER_key_length(c)))
+		|| (is_export && ((i != ek) || (s->s2->tmp.clear+i !=
+			EVP_CIPHER_key_length(c))))))
+		{
+		if (is_export)
+			i=ek;
+		else
+			i=EVP_CIPHER_key_length(c);
+		RAND_bytes(p,i);
+		}
+#else
+	if (i < 0)
+		{
+		error=1;
+		SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_BAD_RSA_DECRYPT);
+		}
+	/* incorrect number of key bytes for non export cipher */
+	else if ((!is_export && (i != EVP_CIPHER_key_length(c)))
+		|| (is_export && ((i != ek) || (s->s2->tmp.clear+i !=
+			EVP_CIPHER_key_length(c)))))
+		{
+		error=1;
+		SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_WRONG_NUMBER_OF_KEY_BITS);
+		}
+	if (error)
+		{
+		ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+		return(-1);
+		}
+#endif
+
+	if (is_export) i+=s->s2->tmp.clear;
+	s->session->master_key_length=i;
+	memcpy(s->session->master_key,p,(unsigned int)i);
+	return(1);
+	}
+
+static int get_client_hello(SSL *s)
+	{
+	int i,n;
+	unsigned char *p;
+	STACK_OF(SSL_CIPHER) *cs; /* a stack of SSL_CIPHERS */
+	STACK_OF(SSL_CIPHER) *cl; /* the ones we want to use */
+	int z;
+
+	/* This is a bit of a hack to check for the correct packet
+	 * type the first time round. */
+	if (s->state == SSL2_ST_GET_CLIENT_HELLO_A)
+		{
+		s->first_packet=1;
+		s->state=SSL2_ST_GET_CLIENT_HELLO_B;
+		}
+
+	p=(unsigned char *)s->init_buf->data;
+	if (s->state == SSL2_ST_GET_CLIENT_HELLO_B)
+		{
+		i=ssl2_read(s,(char *)&(p[s->init_num]),9-s->init_num);
+		if (i < (9-s->init_num)) 
+			return(ssl2_part_read(s,SSL_F_GET_CLIENT_HELLO,i));
+	
+		if (*(p++) != SSL2_MT_CLIENT_HELLO)
+			{
+			if (p[-1] != SSL2_MT_ERROR)
+				{
+				ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+				SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_READ_WRONG_PACKET_TYPE);
+				}
+			else
+				SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_PEER_ERROR);
+			return(-1);
+			}
+		n2s(p,i);
+		if (i < s->version) s->version=i;
+		n2s(p,i); s->s2->tmp.cipher_spec_length=i;
+		n2s(p,i); s->s2->tmp.session_id_length=i;
+		n2s(p,i); s->s2->challenge_length=i;
+		if (	(i < SSL2_MIN_CHALLENGE_LENGTH) ||
+			(i > SSL2_MAX_CHALLENGE_LENGTH))
+			{
+			SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_INVALID_CHALLENGE_LENGTH);
+			return(-1);
+			}
+		s->state=SSL2_ST_GET_CLIENT_HELLO_C;
+		s->init_num=0;
+		}
+
+	/* SSL2_ST_GET_CLIENT_HELLO_C */
+	p=(unsigned char *)s->init_buf->data;
+	n=s->s2->tmp.cipher_spec_length+s->s2->challenge_length+
+		s->s2->tmp.session_id_length-s->init_num;
+	i=ssl2_read(s,(char *)&(p[s->init_num]),n);
+	if (i != n) return(ssl2_part_read(s,SSL_F_GET_CLIENT_HELLO,i));
+
+	/* get session-id before cipher stuff so we can get out session
+	 * structure if it is cached */
+	/* session-id */
+	if ((s->s2->tmp.session_id_length != 0) && 
+		(s->s2->tmp.session_id_length != SSL2_SSL_SESSION_ID_LENGTH))
+		{
+		ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+		SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_BAD_SSL_SESSION_ID_LENGTH);
+		return(-1);
+		}
+
+	if (s->s2->tmp.session_id_length == 0)
+		{
+		if (!ssl_get_new_session(s,1))
+			{
+			ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+			return(-1);
+			}
+		}
+	else
+		{
+		i=ssl_get_prev_session(s,&(p[s->s2->tmp.cipher_spec_length]),
+			s->s2->tmp.session_id_length);
+		if (i == 1)
+			{ /* previous session */
+			s->hit=1;
+			}
+		else if (i == -1)
+			{
+			ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+			return(-1);
+			}
+		else
+			{
+			if (s->cert == NULL)
+				{
+				ssl2_return_error(s,SSL2_PE_NO_CERTIFICATE);
+				SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_NO_CERTIFICATE_SET);
+				return(-1);
+				}
+
+			if (!ssl_get_new_session(s,1))
+				{
+				ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+				return(-1);
+				}
+			}
+		}
+
+	if (!s->hit)
+		{
+		cs=ssl_bytes_to_cipher_list(s,p,s->s2->tmp.cipher_spec_length,
+			&s->session->ciphers);
+		if (cs == NULL) goto mem_err;
+
+		cl=ssl_get_ciphers_by_id(s);
+
+		for (z=0; zsession->ciphers should now have a list of
+		 * ciphers that are on both the client and server.
+		 * This list is ordered by the order the client sent
+		 * the ciphers.
+		 */
+		}
+	p+=s->s2->tmp.cipher_spec_length;
+	/* done cipher selection */
+
+	/* session id extracted already */
+	p+=s->s2->tmp.session_id_length;
+
+	/* challenge */
+	memcpy(s->s2->challenge,p,(unsigned int)s->s2->challenge_length);
+	return(1);
+mem_err:
+	SSLerr(SSL_F_GET_CLIENT_HELLO,ERR_R_MALLOC_FAILURE);
+	return(0);
+	}
+
+static int server_hello(SSL *s)
+	{
+	unsigned char *p,*d;
+	int n,hit;
+	STACK_OF(SSL_CIPHER) *sk;
+
+	p=(unsigned char *)s->init_buf->data;
+	if (s->state == SSL2_ST_SEND_SERVER_HELLO_A)
+		{
+		d=p+11;
+		*(p++)=SSL2_MT_SERVER_HELLO;		/* type */
+		hit=s->hit;
+		*(p++)=(unsigned char)hit;
+#if 1
+		if (!hit)
+			{
+			if (s->session->sess_cert != NULL)
+				/* This can't really happen because get_client_hello
+				 * has called ssl_get_new_session, which does not set
+				 * sess_cert. */
+				ssl_sess_cert_free(s->session->sess_cert);
+			s->session->sess_cert = ssl_sess_cert_new();
+			if (s->session->sess_cert == NULL)
+				{
+				SSLerr(SSL_F_SERVER_HELLO, ERR_R_MALLOC_FAILURE);
+				return(-1);
+				}
+			}
+		/* If 'hit' is set, then s->sess_cert may be non-NULL or NULL,
+		 * depending on whether it survived in the internal cache
+		 * or was retrieved from an external cache.
+		 * If it is NULL, we cannot put any useful data in it anyway,
+		 * so we don't touch it.
+		 */
+
+#else /* That's what used to be done when cert_st and sess_cert_st were
+	   * the same. */
+		if (!hit)
+			{			/* else add cert to session */
+			CRYPTO_add(&s->cert->references,1,CRYPTO_LOCK_SSL_CERT);
+			if (s->session->sess_cert != NULL)
+				ssl_cert_free(s->session->sess_cert);
+			s->session->sess_cert=s->cert;		
+			}
+		else	/* We have a session id-cache hit, if the
+			 * session-id has no certificate listed against
+			 * the 'cert' structure, grab the 'old' one
+			 * listed against the SSL connection */
+			{
+			if (s->session->sess_cert == NULL)
+				{
+				CRYPTO_add(&s->cert->references,1,
+					CRYPTO_LOCK_SSL_CERT);
+				s->session->sess_cert=s->cert;
+				}
+			}
+#endif
+
+		if (s->cert == NULL)
+			{
+			ssl2_return_error(s,SSL2_PE_NO_CERTIFICATE);
+			SSLerr(SSL_F_SERVER_HELLO,SSL_R_NO_CERTIFICATE_SPECIFIED);
+			return(-1);
+			}
+
+		if (hit)
+			{
+			*(p++)=0;		/* no certificate type */
+			s2n(s->version,p);	/* version */
+			s2n(0,p);		/* cert len */
+			s2n(0,p);		/* ciphers len */
+			}
+		else
+			{
+			/* EAY EAY */
+			/* put certificate type */
+			*(p++)=SSL2_CT_X509_CERTIFICATE;
+			s2n(s->version,p);	/* version */
+			n=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,NULL);
+			s2n(n,p);		/* certificate length */
+			i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,&d);
+			n=0;
+			
+			/* lets send out the ciphers we like in the
+			 * prefered order */
+			sk= s->session->ciphers;
+			n=ssl_cipher_list_to_bytes(s,s->session->ciphers,d);
+			d+=n;
+			s2n(n,p);		/* add cipher length */
+			}
+
+		/* make and send conn_id */
+		s2n(SSL2_CONNECTION_ID_LENGTH,p);	/* add conn_id length */
+		s->s2->conn_id_length=SSL2_CONNECTION_ID_LENGTH;
+		RAND_bytes(s->s2->conn_id,(int)s->s2->conn_id_length);
+		memcpy(d,s->s2->conn_id,SSL2_CONNECTION_ID_LENGTH);
+		d+=SSL2_CONNECTION_ID_LENGTH;
+
+		s->state=SSL2_ST_SEND_SERVER_HELLO_B;
+		s->init_num=d-(unsigned char *)s->init_buf->data;
+		s->init_off=0;
+		}
+	/* SSL2_ST_SEND_SERVER_HELLO_B */
+ 	/* If we are using TCP/IP, the performace is bad if we do 2
+ 	 * writes without a read between them.  This occurs when
+ 	 * Session-id reuse is used, so I will put in a buffering module
+ 	 */
+ 	if (s->hit)
+ 		{
+		if (!ssl_init_wbio_buffer(s,1)) return(-1);
+ 		}
+ 
+	return(ssl2_do_write(s));
+	}
+
+static int get_client_finished(SSL *s)
+	{
+	unsigned char *p;
+	int i;
+
+	p=(unsigned char *)s->init_buf->data;
+	if (s->state == SSL2_ST_GET_CLIENT_FINISHED_A)
+		{
+		i=ssl2_read(s,(char *)&(p[s->init_num]),1-s->init_num);
+		if (i < 1-s->init_num)
+			return(ssl2_part_read(s,SSL_F_GET_CLIENT_FINISHED,i));
+
+		if (*p != SSL2_MT_CLIENT_FINISHED)
+			{
+			if (*p != SSL2_MT_ERROR)
+				{
+				ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+				SSLerr(SSL_F_GET_CLIENT_FINISHED,SSL_R_READ_WRONG_PACKET_TYPE);
+				}
+			else
+				SSLerr(SSL_F_GET_CLIENT_FINISHED,SSL_R_PEER_ERROR);
+			return(-1);
+			}
+		s->init_num=0;
+		s->state=SSL2_ST_GET_CLIENT_FINISHED_B;
+		}
+
+	/* SSL2_ST_GET_CLIENT_FINISHED_B */
+	i=ssl2_read(s,(char *)&(p[s->init_num]),s->s2->conn_id_length-s->init_num);
+	if (i < (int)s->s2->conn_id_length-s->init_num)
+		{
+		return(ssl2_part_read(s,SSL_F_GET_CLIENT_FINISHED,i));
+		}
+	if (memcmp(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length) != 0)
+		{
+		ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+		SSLerr(SSL_F_GET_CLIENT_FINISHED,SSL_R_CONNECTION_ID_IS_DIFFERENT);
+		return(-1);
+		}
+	return(1);
+	}
+
+static int server_verify(SSL *s)
+	{
+	unsigned char *p;
+
+	if (s->state == SSL2_ST_SEND_SERVER_VERIFY_A)
+		{
+		p=(unsigned char *)s->init_buf->data;
+		*(p++)=SSL2_MT_SERVER_VERIFY;
+		memcpy(p,s->s2->challenge,(unsigned int)s->s2->challenge_length);
+		/* p+=s->s2->challenge_length; */
+
+		s->state=SSL2_ST_SEND_SERVER_VERIFY_B;
+		s->init_num=s->s2->challenge_length+1;
+		s->init_off=0;
+		}
+	return(ssl2_do_write(s));
+	}
+
+static int server_finish(SSL *s)
+	{
+	unsigned char *p;
+
+	if (s->state == SSL2_ST_SEND_SERVER_FINISHED_A)
+		{
+		p=(unsigned char *)s->init_buf->data;
+		*(p++)=SSL2_MT_SERVER_FINISHED;
+
+		memcpy(p,s->session->session_id,
+			(unsigned int)s->session->session_id_length);
+		/* p+=s->session->session_id_length; */
+
+		s->state=SSL2_ST_SEND_SERVER_FINISHED_B;
+		s->init_num=s->session->session_id_length+1;
+		s->init_off=0;
+		}
+
+	/* SSL2_ST_SEND_SERVER_FINISHED_B */
+	return(ssl2_do_write(s));
+	}
+
+/* send the request and check the response */
+static int request_certificate(SSL *s)
+	{
+	unsigned char *p,*p2,*buf2;
+	unsigned char *ccd;
+	int i,j,ctype,ret= -1;
+	X509 *x509=NULL;
+	STACK_OF(X509) *sk=NULL;
+
+	ccd=s->s2->tmp.ccl;
+	if (s->state == SSL2_ST_SEND_REQUEST_CERTIFICATE_A)
+		{
+		p=(unsigned char *)s->init_buf->data;
+		*(p++)=SSL2_MT_REQUEST_CERTIFICATE;
+		*(p++)=SSL2_AT_MD5_WITH_RSA_ENCRYPTION;
+		RAND_bytes(ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH);
+		memcpy(p,ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH);
+
+		s->state=SSL2_ST_SEND_REQUEST_CERTIFICATE_B;
+		s->init_num=SSL2_MIN_CERT_CHALLENGE_LENGTH+2;
+		s->init_off=0;
+		}
+
+	if (s->state == SSL2_ST_SEND_REQUEST_CERTIFICATE_B)
+		{
+		i=ssl2_do_write(s);
+		if (i <= 0)
+			{
+			ret=i;
+			goto end;
+			}
+
+		s->init_num=0;
+		s->state=SSL2_ST_SEND_REQUEST_CERTIFICATE_C;
+		}
+
+	if (s->state == SSL2_ST_SEND_REQUEST_CERTIFICATE_C)
+		{
+		p=(unsigned char *)s->init_buf->data;
+		i=ssl2_read(s,(char *)&(p[s->init_num]),6-s->init_num);
+		if (i < 3)
+			{
+			ret=ssl2_part_read(s,SSL_F_REQUEST_CERTIFICATE,i);
+			goto end;
+			}
+
+		if ((*p == SSL2_MT_ERROR) && (i >= 3))
+			{
+			n2s(p,i);
+			if (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
+				{
+				ssl2_return_error(s,SSL2_PE_BAD_CERTIFICATE);
+				SSLerr(SSL_F_REQUEST_CERTIFICATE,SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
+				goto end;
+				}
+			ret=1;
+			goto end;
+			}
+		if ((*(p++) != SSL2_MT_CLIENT_CERTIFICATE) || (i < 6))
+			{
+			ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+			SSLerr(SSL_F_REQUEST_CERTIFICATE,SSL_R_SHORT_READ);
+			goto end;
+			}
+		/* ok we have a response */
+		/* certificate type, there is only one right now. */
+		ctype= *(p++);
+		if (ctype != SSL2_AT_MD5_WITH_RSA_ENCRYPTION)
+			{
+			ssl2_return_error(s,SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE);
+			SSLerr(SSL_F_REQUEST_CERTIFICATE,SSL_R_BAD_RESPONSE_ARGUMENT);
+			goto end;
+			}
+		n2s(p,i); s->s2->tmp.clen=i;
+		n2s(p,i); s->s2->tmp.rlen=i;
+		s->state=SSL2_ST_SEND_REQUEST_CERTIFICATE_D;
+		s->init_num=0;
+		}
+
+	/* SSL2_ST_SEND_REQUEST_CERTIFICATE_D */
+	p=(unsigned char *)s->init_buf->data;
+	j=s->s2->tmp.clen+s->s2->tmp.rlen-s->init_num;
+	i=ssl2_read(s,(char *)&(p[s->init_num]),j);
+	if (i < j) 
+		{
+		ret=ssl2_part_read(s,SSL_F_REQUEST_CERTIFICATE,i);
+		goto end;
+		}
+
+	x509=(X509 *)d2i_X509(NULL,&p,(long)s->s2->tmp.clen);
+	if (x509 == NULL)
+		{
+		SSLerr(SSL_F_REQUEST_CERTIFICATE,ERR_R_X509_LIB);
+		goto msg_end;
+		}
+
+	if (((sk=sk_X509_new_null()) == NULL) || (!sk_X509_push(sk,x509)))
+		{
+		SSLerr(SSL_F_REQUEST_CERTIFICATE,ERR_R_MALLOC_FAILURE);
+		goto msg_end;
+		}
+
+	i=ssl_verify_cert_chain(s,sk);
+
+	if (i)	/* we like the packet, now check the chksum */
+		{
+		EVP_MD_CTX ctx;
+		EVP_PKEY *pkey=NULL;
+
+		EVP_VerifyInit(&ctx,s->ctx->rsa_md5);
+		EVP_VerifyUpdate(&ctx,s->s2->key_material,
+			(unsigned int)s->s2->key_material_length);
+		EVP_VerifyUpdate(&ctx,ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH);
+
+		i=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,NULL);
+		buf2=(unsigned char *)Malloc((unsigned int)i);
+		if (buf2 == NULL)
+			{
+			SSLerr(SSL_F_REQUEST_CERTIFICATE,ERR_R_MALLOC_FAILURE);
+			goto msg_end;
+			}
+		p2=buf2;
+		i=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,&p2);
+		EVP_VerifyUpdate(&ctx,buf2,(unsigned int)i);
+		Free(buf2);
+
+		pkey=X509_get_pubkey(x509);
+		if (pkey == NULL) goto end;
+		i=EVP_VerifyFinal(&ctx,p,s->s2->tmp.rlen,pkey);
+		EVP_PKEY_free(pkey);
+		memset(&ctx,0,sizeof(ctx));
+
+		if (i) 
+			{
+			if (s->session->peer != NULL)
+				X509_free(s->session->peer);
+			s->session->peer=x509;
+			CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509);
+			ret=1;
+			goto end;
+			}
+		else
+			{
+			SSLerr(SSL_F_REQUEST_CERTIFICATE,SSL_R_BAD_CHECKSUM);
+			goto msg_end;
+			}
+		}
+	else
+		{
+msg_end:
+		ssl2_return_error(s,SSL2_PE_BAD_CERTIFICATE);
+		}
+end:
+	sk_X509_free(sk);
+	X509_free(x509);
+	return(ret);
+	}
+
+static int ssl_rsa_private_decrypt(CERT *c, int len, unsigned char *from,
+	     unsigned char *to, int padding)
+	{
+	RSA *rsa;
+	int i;
+
+	if ((c == NULL) || (c->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL))
+		{
+		SSLerr(SSL_F_SSL_RSA_PRIVATE_DECRYPT,SSL_R_NO_PRIVATEKEY);
+		return(-1);
+		}
+	if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey->type != EVP_PKEY_RSA)
+		{
+		SSLerr(SSL_F_SSL_RSA_PRIVATE_DECRYPT,SSL_R_PUBLIC_KEY_IS_NOT_RSA);
+		return(-1);
+		}
+	rsa=c->pkeys[SSL_PKEY_RSA_ENC].privatekey->pkey.rsa;
+
+	/* we have the public key */
+	i=RSA_private_decrypt(len,from,to,rsa,padding);
+	if (i < 0)
+		SSLerr(SSL_F_SSL_RSA_PRIVATE_DECRYPT,ERR_R_RSA_LIB);
+	return(i);
+	}
+#endif
diff --git a/crypto/openssl/ssl/s3_both.c b/crypto/openssl/ssl/s3_both.c
new file mode 100644
index 000000000000..f3f27715d571
--- /dev/null
+++ b/crypto/openssl/ssl/s3_both.c
@@ -0,0 +1,468 @@
+/* ssl/s3_both.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include "ssl_locl.h"
+
+int ssl3_send_finished(SSL *s, int a, int b, unsigned char *sender,
+	     int slen)
+	{
+	unsigned char *p,*d;
+	int i;
+	unsigned long l;
+
+	if (s->state == a)
+		{
+		d=(unsigned char *)s->init_buf->data;
+		p= &(d[4]);
+
+		i=s->method->ssl3_enc->final_finish_mac(s,
+			&(s->s3->finish_dgst1),
+			&(s->s3->finish_dgst2),
+			sender,slen,p);
+		p+=i;
+		l=i;
+
+#ifdef WIN16
+		/* MSVC 1.5 does not clear the top bytes of the word unless
+		 * I do this.
+		 */
+		l&=0xffff;
+#endif
+
+		*(d++)=SSL3_MT_FINISHED;
+		l2n3(l,d);
+		s->init_num=(int)l+4;
+		s->init_off=0;
+
+		s->state=b;
+		}
+
+	/* SSL3_ST_SEND_xxxxxx_HELLO_B */
+	return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
+	}
+
+int ssl3_get_finished(SSL *s, int a, int b)
+	{
+	int al,i,ok;
+	long n;
+	unsigned char *p;
+
+	/* the mac has already been generated when we received the
+	 * change cipher spec message and is in s->s3->tmp.in_dgst[12]
+	 */ 
+
+	n=ssl3_get_message(s,
+		a,
+		b,
+		SSL3_MT_FINISHED,
+		64, /* should actually be 36+4 :-) */
+		&ok);
+
+	if (!ok) return((int)n);
+
+	/* If this occurs if we has missed a message */
+	if (!s->s3->change_cipher_spec)
+		{
+		al=SSL_AD_UNEXPECTED_MESSAGE;
+		SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_GOT_A_FIN_BEFORE_A_CCS);
+		goto f_err;
+		}
+	s->s3->change_cipher_spec=0;
+
+	p=(unsigned char *)s->init_buf->data;
+
+	i=s->method->ssl3_enc->finish_mac_length;
+
+	if (i != n)
+		{
+		al=SSL_AD_DECODE_ERROR;
+		SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_BAD_DIGEST_LENGTH);
+		goto f_err;
+		}
+
+	if (memcmp(  p,    (char *)&(s->s3->tmp.finish_md[0]),i) != 0)
+		{
+		al=SSL_AD_DECRYPT_ERROR;
+		SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_DIGEST_CHECK_FAILED);
+		goto f_err;
+		}
+
+	return(1);
+f_err:
+	ssl3_send_alert(s,SSL3_AL_FATAL,al);
+	return(0);
+	}
+
+/* for these 2 messages, we need to
+ * ssl->enc_read_ctx			re-init
+ * ssl->s3->read_sequence		zero
+ * ssl->s3->read_mac_secret		re-init
+ * ssl->session->read_sym_enc		assign
+ * ssl->session->read_compression	assign
+ * ssl->session->read_hash		assign
+ */
+int ssl3_send_change_cipher_spec(SSL *s, int a, int b)
+	{ 
+	unsigned char *p;
+
+	if (s->state == a)
+		{
+		p=(unsigned char *)s->init_buf->data;
+		*p=SSL3_MT_CCS;
+		s->init_num=1;
+		s->init_off=0;
+
+		s->state=b;
+		}
+
+	/* SSL3_ST_CW_CHANGE_B */
+	return(ssl3_do_write(s,SSL3_RT_CHANGE_CIPHER_SPEC));
+	}
+
+unsigned long ssl3_output_cert_chain(SSL *s, X509 *x)
+	{
+	unsigned char *p;
+	int n,i;
+	unsigned long l=7;
+	BUF_MEM *buf;
+	X509_STORE_CTX xs_ctx;
+	X509_OBJECT obj;
+
+	/* TLSv1 sends a chain with nothing in it, instead of an alert */
+	buf=s->init_buf;
+	if (!BUF_MEM_grow(buf,(int)(10)))
+		{
+		SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
+		return(0);
+		}
+	if (x != NULL)
+		{
+		X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,NULL,NULL);
+
+		for (;;)
+			{
+			n=i2d_X509(x,NULL);
+			if (!BUF_MEM_grow(buf,(int)(n+l+3)))
+				{
+				SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
+				return(0);
+				}
+			p=(unsigned char *)&(buf->data[l]);
+			l2n3(n,p);
+			i2d_X509(x,&p);
+			l+=n+3;
+			if (X509_NAME_cmp(X509_get_subject_name(x),
+				X509_get_issuer_name(x)) == 0) break;
+
+			i=X509_STORE_get_by_subject(&xs_ctx,X509_LU_X509,
+				X509_get_issuer_name(x),&obj);
+			if (i <= 0) break;
+			x=obj.data.x509;
+			/* Count is one too high since the X509_STORE_get uped the
+			 * ref count */
+			X509_free(x);
+			}
+
+		X509_STORE_CTX_cleanup(&xs_ctx);
+		}
+
+	/* Thawte special :-) */
+	if (s->ctx->extra_certs != NULL)
+	for (i=0; ictx->extra_certs); i++)
+		{
+		x=sk_X509_value(s->ctx->extra_certs,i);
+		n=i2d_X509(x,NULL);
+		if (!BUF_MEM_grow(buf,(int)(n+l+3)))
+			{
+			SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
+			return(0);
+			}
+		p=(unsigned char *)&(buf->data[l]);
+		l2n3(n,p);
+		i2d_X509(x,&p);
+		l+=n+3;
+		}
+
+	l-=7;
+	p=(unsigned char *)&(buf->data[4]);
+	l2n3(l,p);
+	l+=3;
+	p=(unsigned char *)&(buf->data[0]);
+	*(p++)=SSL3_MT_CERTIFICATE;
+	l2n3(l,p);
+	l+=4;
+	return(l);
+	}
+
+long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
+	{
+	unsigned char *p;
+	unsigned long l;
+	long n;
+	int i,al;
+
+	if (s->s3->tmp.reuse_message)
+		{
+		s->s3->tmp.reuse_message=0;
+		if ((mt >= 0) && (s->s3->tmp.message_type != mt))
+			{
+			al=SSL_AD_UNEXPECTED_MESSAGE;
+			SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE);
+			goto f_err;
+			}
+		*ok=1;
+		return((int)s->s3->tmp.message_size);
+		}
+
+	p=(unsigned char *)s->init_buf->data;
+
+	if (s->state == st1)
+		{
+		i=ssl3_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],
+				  4-s->init_num);
+		if (i < (4-s->init_num))
+			{
+			*ok=0;
+			return(ssl3_part_read(s,i));
+			}
+
+		if ((mt >= 0) && (*p != mt))
+			{
+			al=SSL_AD_UNEXPECTED_MESSAGE;
+			SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE);
+			goto f_err;
+			}
+		s->s3->tmp.message_type= *(p++);
+
+		n2l3(p,l);
+		if (l > (unsigned long)max)
+			{
+			al=SSL_AD_ILLEGAL_PARAMETER;
+			SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE);
+			goto f_err;
+			}
+		if (l && !BUF_MEM_grow(s->init_buf,(int)l))
+			{
+			SSLerr(SSL_F_SSL3_GET_MESSAGE,ERR_R_BUF_LIB);
+			goto err;
+			}
+		s->s3->tmp.message_size=l;
+		s->state=stn;
+
+		s->init_num=0;
+		}
+
+	/* next state (stn) */
+	p=(unsigned char *)s->init_buf->data;
+	n=s->s3->tmp.message_size;
+	if (n > 0)
+		{
+		i=ssl3_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],n);
+		if (i != (int)n)
+			{
+			*ok=0;
+			return(ssl3_part_read(s,i));
+			}
+		}
+	*ok=1;
+	return(n);
+f_err:
+	ssl3_send_alert(s,SSL3_AL_FATAL,al);
+err:
+	*ok=0;
+	return(-1);
+	}
+
+int ssl_cert_type(X509 *x, EVP_PKEY *pkey)
+	{
+	EVP_PKEY *pk;
+	int ret= -1,i,j;
+
+	if (pkey == NULL)
+		pk=X509_get_pubkey(x);
+	else
+		pk=pkey;
+	if (pk == NULL) goto err;
+
+	i=pk->type;
+	if (i == EVP_PKEY_RSA)
+		{
+		ret=SSL_PKEY_RSA_ENC;
+		if (x != NULL)
+			{
+			j=X509_get_ext_count(x);
+			/* check to see if this is a signing only certificate */
+			/* EAY EAY EAY EAY */
+			}
+		}
+	else if (i == EVP_PKEY_DSA)
+		{
+		ret=SSL_PKEY_DSA_SIGN;
+		}
+	else if (i == EVP_PKEY_DH)
+		{
+		/* if we just have a key, we needs to be guess */
+
+		if (x == NULL)
+			ret=SSL_PKEY_DH_DSA;
+		else
+			{
+			j=X509_get_signature_type(x);
+			if (j == EVP_PKEY_RSA)
+				ret=SSL_PKEY_DH_RSA;
+			else if (j== EVP_PKEY_DSA)
+				ret=SSL_PKEY_DH_DSA;
+			else ret= -1;
+			}
+		}
+	else
+		ret= -1;
+
+err:
+	if(!pkey) EVP_PKEY_free(pk);
+	return(ret);
+	}
+
+int ssl_verify_alarm_type(long type)
+	{
+	int al;
+
+	switch(type)
+		{
+	case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
+	case X509_V_ERR_UNABLE_TO_GET_CRL:
+		al=SSL_AD_UNKNOWN_CA;
+		break;
+	case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
+	case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
+	case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
+	case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
+	case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
+	case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
+	case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
+	case X509_V_ERR_CERT_NOT_YET_VALID:
+	case X509_V_ERR_CRL_NOT_YET_VALID:
+		al=SSL_AD_BAD_CERTIFICATE;
+		break;
+	case X509_V_ERR_CERT_SIGNATURE_FAILURE:
+	case X509_V_ERR_CRL_SIGNATURE_FAILURE:
+		al=SSL_AD_DECRYPT_ERROR;
+		break;
+	case X509_V_ERR_CERT_HAS_EXPIRED:
+	case X509_V_ERR_CRL_HAS_EXPIRED:
+		al=SSL_AD_CERTIFICATE_EXPIRED;
+		break;
+	case X509_V_ERR_CERT_REVOKED:
+		al=SSL_AD_CERTIFICATE_REVOKED;
+		break;
+	case X509_V_ERR_OUT_OF_MEM:
+		al=SSL_AD_INTERNAL_ERROR;
+		break;
+	case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
+	case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
+	case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
+	case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
+	case X509_V_ERR_CERT_CHAIN_TOO_LONG:
+		al=SSL_AD_UNKNOWN_CA;
+		break;
+	case X509_V_ERR_APPLICATION_VERIFICATION:
+		al=SSL_AD_HANDSHAKE_FAILURE;
+		break;
+	default:
+		al=SSL_AD_CERTIFICATE_UNKNOWN;
+		break;
+		}
+	return(al);
+	}
+
+int ssl3_setup_buffers(SSL *s)
+	{
+	unsigned char *p;
+	unsigned int extra;
+
+	if (s->s3->rbuf.buf == NULL)
+		{
+		if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
+			extra=SSL3_RT_MAX_EXTRA;
+		else
+			extra=0;
+		if ((p=(unsigned char *)Malloc(SSL3_RT_MAX_PACKET_SIZE+extra))
+			== NULL)
+			goto err;
+		s->s3->rbuf.buf=p;
+		}
+
+	if (s->s3->wbuf.buf == NULL)
+		{
+		if ((p=(unsigned char *)Malloc(SSL3_RT_MAX_PACKET_SIZE))
+			== NULL)
+			goto err;
+		s->s3->wbuf.buf=p;
+		}
+	s->packet= &(s->s3->rbuf.buf[0]);
+	return(1);
+err:
+	SSLerr(SSL_F_SSL3_SETUP_BUFFERS,ERR_R_MALLOC_FAILURE);
+	return(0);
+	}
diff --git a/crypto/openssl/ssl/s3_clnt.c b/crypto/openssl/ssl/s3_clnt.c
new file mode 100644
index 000000000000..d3e6b4d1e58f
--- /dev/null
+++ b/crypto/openssl/ssl/s3_clnt.c
@@ -0,0 +1,1729 @@
+/* ssl/s3_clnt.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include "ssl_locl.h"
+
+static SSL_METHOD *ssl3_get_client_method(int ver);
+static int ssl3_client_hello(SSL *s);
+static int ssl3_get_server_hello(SSL *s);
+static int ssl3_get_certificate_request(SSL *s);
+static int ca_dn_cmp(X509_NAME **a,X509_NAME **b);
+static int ssl3_get_server_done(SSL *s);
+static int ssl3_send_client_verify(SSL *s);
+static int ssl3_send_client_certificate(SSL *s);
+static int ssl3_send_client_key_exchange(SSL *s);
+static int ssl3_get_key_exchange(SSL *s);
+static int ssl3_get_server_certificate(SSL *s);
+static int ssl3_check_cert_and_algorithm(SSL *s);
+static SSL_METHOD *ssl3_get_client_method(int ver)
+	{
+	if (ver == SSL3_VERSION)
+		return(SSLv3_client_method());
+	else
+		return(NULL);
+	}
+
+SSL_METHOD *SSLv3_client_method(void)
+	{
+	static int init=1;
+	static SSL_METHOD SSLv3_client_data;
+
+	if (init)
+		{
+		init=0;
+		memcpy((char *)&SSLv3_client_data,(char *)sslv3_base_method(),
+			sizeof(SSL_METHOD));
+		SSLv3_client_data.ssl_connect=ssl3_connect;
+		SSLv3_client_data.get_ssl_method=ssl3_get_client_method;
+		}
+	return(&SSLv3_client_data);
+	}
+
+int ssl3_connect(SSL *s)
+	{
+	BUF_MEM *buf;
+	unsigned long Time=time(NULL),l;
+	long num1;
+	void (*cb)()=NULL;
+	int ret= -1;
+	int new_state,state,skip=0;;
+
+	RAND_seed(&Time,sizeof(Time));
+	ERR_clear_error();
+	clear_sys_error();
+
+	if (s->info_callback != NULL)
+		cb=s->info_callback;
+	else if (s->ctx->info_callback != NULL)
+		cb=s->ctx->info_callback;
+	
+	if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 
+	s->in_handshake++;
+
+	for (;;)
+		{
+		state=s->state;
+
+		switch(s->state)
+			{
+		case SSL_ST_RENEGOTIATE:
+			s->new_session=1;
+			s->state=SSL_ST_CONNECT;
+			s->ctx->stats.sess_connect_renegotiate++;
+			/* break */
+		case SSL_ST_BEFORE:
+		case SSL_ST_CONNECT:
+		case SSL_ST_BEFORE|SSL_ST_CONNECT:
+		case SSL_ST_OK|SSL_ST_CONNECT:
+
+			s->server=0;
+			if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
+
+			if ((s->version & 0xff00 ) != 0x0300)
+				abort();
+			/* s->version=SSL3_VERSION; */
+			s->type=SSL_ST_CONNECT;
+
+			if (s->init_buf == NULL)
+				{
+				if ((buf=BUF_MEM_new()) == NULL)
+					{
+					ret= -1;
+					goto end;
+					}
+				if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
+					{
+					ret= -1;
+					goto end;
+					}
+				s->init_buf=buf;
+				}
+
+			if (!ssl3_setup_buffers(s)) { ret= -1; goto end; }
+
+			/* setup buffing BIO */
+			if (!ssl_init_wbio_buffer(s,0)) { ret= -1; goto end; }
+
+			/* don't push the buffering BIO quite yet */
+
+			ssl3_init_finished_mac(s);
+
+			s->state=SSL3_ST_CW_CLNT_HELLO_A;
+			s->ctx->stats.sess_connect++;
+			s->init_num=0;
+			break;
+
+		case SSL3_ST_CW_CLNT_HELLO_A:
+		case SSL3_ST_CW_CLNT_HELLO_B:
+
+			s->shutdown=0;
+			ret=ssl3_client_hello(s);
+			if (ret <= 0) goto end;
+			s->state=SSL3_ST_CR_SRVR_HELLO_A;
+			s->init_num=0;
+
+			/* turn on buffering for the next lot of output */
+			if (s->bbio != s->wbio)
+				s->wbio=BIO_push(s->bbio,s->wbio);
+
+			break;
+
+		case SSL3_ST_CR_SRVR_HELLO_A:
+		case SSL3_ST_CR_SRVR_HELLO_B:
+			ret=ssl3_get_server_hello(s);
+			if (ret <= 0) goto end;
+			if (s->hit)
+				s->state=SSL3_ST_CR_FINISHED_A;
+			else
+				s->state=SSL3_ST_CR_CERT_A;
+			s->init_num=0;
+			break;
+
+		case SSL3_ST_CR_CERT_A:
+		case SSL3_ST_CR_CERT_B:
+			/* Check if it is anon DH */
+			if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL))
+				{
+				ret=ssl3_get_server_certificate(s);
+				if (ret <= 0) goto end;
+				}
+			else
+				skip=1;
+			s->state=SSL3_ST_CR_KEY_EXCH_A;
+			s->init_num=0;
+			break;
+
+		case SSL3_ST_CR_KEY_EXCH_A:
+		case SSL3_ST_CR_KEY_EXCH_B:
+			ret=ssl3_get_key_exchange(s);
+			if (ret <= 0) goto end;
+			s->state=SSL3_ST_CR_CERT_REQ_A;
+			s->init_num=0;
+
+			/* at this point we check that we have the
+			 * required stuff from the server */
+			if (!ssl3_check_cert_and_algorithm(s))
+				{
+				ret= -1;
+				goto end;
+				}
+			break;
+
+		case SSL3_ST_CR_CERT_REQ_A:
+		case SSL3_ST_CR_CERT_REQ_B:
+			ret=ssl3_get_certificate_request(s);
+			if (ret <= 0) goto end;
+			s->state=SSL3_ST_CR_SRVR_DONE_A;
+			s->init_num=0;
+			break;
+
+		case SSL3_ST_CR_SRVR_DONE_A:
+		case SSL3_ST_CR_SRVR_DONE_B:
+			ret=ssl3_get_server_done(s);
+			if (ret <= 0) goto end;
+			if (s->s3->tmp.cert_req)
+				s->state=SSL3_ST_CW_CERT_A;
+			else
+				s->state=SSL3_ST_CW_KEY_EXCH_A;
+			s->init_num=0;
+
+			break;
+
+		case SSL3_ST_CW_CERT_A:
+		case SSL3_ST_CW_CERT_B:
+		case SSL3_ST_CW_CERT_C:
+		case SSL3_ST_CW_CERT_D:
+			ret=ssl3_send_client_certificate(s);
+			if (ret <= 0) goto end;
+			s->state=SSL3_ST_CW_KEY_EXCH_A;
+			s->init_num=0;
+			break;
+
+		case SSL3_ST_CW_KEY_EXCH_A:
+		case SSL3_ST_CW_KEY_EXCH_B:
+			ret=ssl3_send_client_key_exchange(s);
+			if (ret <= 0) goto end;
+			l=s->s3->tmp.new_cipher->algorithms;
+			/* EAY EAY EAY need to check for DH fix cert
+			 * sent back */
+			/* For TLS, cert_req is set to 2, so a cert chain
+			 * of nothing is sent, but no verify packet is sent */
+			if (s->s3->tmp.cert_req == 1)
+				{
+				s->state=SSL3_ST_CW_CERT_VRFY_A;
+				}
+			else
+				{
+				s->state=SSL3_ST_CW_CHANGE_A;
+				s->s3->change_cipher_spec=0;
+				}
+
+			s->init_num=0;
+			break;
+
+		case SSL3_ST_CW_CERT_VRFY_A:
+		case SSL3_ST_CW_CERT_VRFY_B:
+			ret=ssl3_send_client_verify(s);
+			if (ret <= 0) goto end;
+			s->state=SSL3_ST_CW_CHANGE_A;
+			s->init_num=0;
+			s->s3->change_cipher_spec=0;
+			break;
+
+		case SSL3_ST_CW_CHANGE_A:
+		case SSL3_ST_CW_CHANGE_B:
+			ret=ssl3_send_change_cipher_spec(s,
+				SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B);
+			if (ret <= 0) goto end;
+			s->state=SSL3_ST_CW_FINISHED_A;
+			s->init_num=0;
+
+			s->session->cipher=s->s3->tmp.new_cipher;
+			if (s->s3->tmp.new_compression == NULL)
+				s->session->compress_meth=0;
+			else
+				s->session->compress_meth=
+					s->s3->tmp.new_compression->id;
+			if (!s->method->ssl3_enc->setup_key_block(s))
+				{
+				ret= -1;
+				goto end;
+				}
+
+			if (!s->method->ssl3_enc->change_cipher_state(s,
+				SSL3_CHANGE_CIPHER_CLIENT_WRITE))
+				{
+				ret= -1;
+				goto end;
+				}
+
+			break;
+
+		case SSL3_ST_CW_FINISHED_A:
+		case SSL3_ST_CW_FINISHED_B:
+			ret=ssl3_send_finished(s,
+				SSL3_ST_CW_FINISHED_A,SSL3_ST_CW_FINISHED_B,
+				s->method->ssl3_enc->client_finished,
+				s->method->ssl3_enc->client_finished_len);
+			if (ret <= 0) goto end;
+			s->state=SSL3_ST_CW_FLUSH;
+
+			/* clear flags */
+			s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
+			if (s->hit)
+				{
+				s->s3->tmp.next_state=SSL_ST_OK;
+				if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED)
+					{
+					s->state=SSL_ST_OK;
+					s->s3->flags|=SSL3_FLAGS_POP_BUFFER;
+					s->s3->delay_buf_pop_ret=0;
+					}
+				}
+			else
+				{
+				s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A;
+				}
+			s->init_num=0;
+			break;
+
+		case SSL3_ST_CR_FINISHED_A:
+		case SSL3_ST_CR_FINISHED_B:
+
+			ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A,
+				SSL3_ST_CR_FINISHED_B);
+			if (ret <= 0) goto end;
+
+			if (s->hit)
+				s->state=SSL3_ST_CW_CHANGE_A;
+			else
+				s->state=SSL_ST_OK;
+			s->init_num=0;
+			break;
+
+		case SSL3_ST_CW_FLUSH:
+			/* number of bytes to be flushed */
+			num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL);
+			if (num1 > 0)
+				{
+				s->rwstate=SSL_WRITING;
+				num1=BIO_flush(s->wbio);
+				if (num1 <= 0) { ret= -1; goto end; }
+				s->rwstate=SSL_NOTHING;
+				}
+
+			s->state=s->s3->tmp.next_state;
+			break;
+
+		case SSL_ST_OK:
+			/* clean a few things up */
+			ssl3_cleanup_key_block(s);
+
+			if (s->init_buf != NULL)
+				{
+				BUF_MEM_free(s->init_buf);
+				s->init_buf=NULL;
+				}
+
+			/* If we are not 'joining' the last two packets,
+			 * remove the buffering now */
+			if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER))
+				ssl_free_wbio_buffer(s);
+			/* else do it later in ssl3_write */
+
+			s->init_num=0;
+			s->new_session=0;
+
+			ssl_update_cache(s,SSL_SESS_CACHE_CLIENT);
+			if (s->hit) s->ctx->stats.sess_hit++;
+
+			ret=1;
+			/* s->server=0; */
+			s->handshake_func=ssl3_connect;
+			s->ctx->stats.sess_connect_good++;
+
+			if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
+
+			goto end;
+			/* break; */
+			
+		default:
+			SSLerr(SSL_F_SSL3_CONNECT,SSL_R_UNKNOWN_STATE);
+			ret= -1;
+			goto end;
+			/* break; */
+			}
+
+		/* did we do anything */
+		if (!s->s3->tmp.reuse_message && !skip)
+			{
+			if (s->debug)
+				{
+				if ((ret=BIO_flush(s->wbio)) <= 0)
+					goto end;
+				}
+
+			if ((cb != NULL) && (s->state != state))
+				{
+				new_state=s->state;
+				s->state=state;
+				cb(s,SSL_CB_CONNECT_LOOP,1);
+				s->state=new_state;
+				}
+			}
+		skip=0;
+		}
+end:
+	if (cb != NULL)
+		cb(s,SSL_CB_CONNECT_EXIT,ret);
+	s->in_handshake--;
+	return(ret);
+	}
+
+
+static int ssl3_client_hello(SSL *s)
+	{
+	unsigned char *buf;
+	unsigned char *p,*d;
+	int i,j;
+	unsigned long Time,l;
+	SSL_COMP *comp;
+
+	buf=(unsigned char *)s->init_buf->data;
+	if (s->state == SSL3_ST_CW_CLNT_HELLO_A)
+		{
+		if ((s->session == NULL) ||
+			(s->session->ssl_version != s->version) ||
+			(s->session->not_resumable))
+			{
+			if (!ssl_get_new_session(s,0))
+				goto err;
+			}
+		/* else use the pre-loaded session */
+
+		p=s->s3->client_random;
+		Time=time(NULL);			/* Time */
+		l2n(Time,p);
+		RAND_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time));
+
+		/* Do the message type and length last */
+		d=p= &(buf[4]);
+
+		*(p++)=s->version>>8;
+		*(p++)=s->version&0xff;
+		s->client_version=s->version;
+
+		/* Random stuff */
+		memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
+		p+=SSL3_RANDOM_SIZE;
+
+		/* Session ID */
+		if (s->new_session)
+			i=0;
+		else
+			i=s->session->session_id_length;
+		*(p++)=i;
+		if (i != 0)
+			{
+			memcpy(p,s->session->session_id,i);
+			p+=i;
+			}
+		
+		/* Ciphers supported */
+		i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]));
+		if (i == 0)
+			{
+			SSLerr(SSL_F_SSL3_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
+			goto err;
+			}
+		s2n(i,p);
+		p+=i;
+
+		/* COMPRESSION */
+		if (s->ctx->comp_methods == NULL)
+			j=0;
+		else
+			j=sk_SSL_COMP_num(s->ctx->comp_methods);
+		*(p++)=1+j;
+		for (i=0; ictx->comp_methods,i);
+			*(p++)=comp->id;
+			}
+		*(p++)=0; /* Add the NULL method */
+		
+		l=(p-d);
+		d=buf;
+		*(d++)=SSL3_MT_CLIENT_HELLO;
+		l2n3(l,d);
+
+		s->state=SSL3_ST_CW_CLNT_HELLO_B;
+		/* number of bytes to write */
+		s->init_num=p-buf;
+		s->init_off=0;
+		}
+
+	/* SSL3_ST_CW_CLNT_HELLO_B */
+	return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
+err:
+	return(-1);
+	}
+
+static int ssl3_get_server_hello(SSL *s)
+	{
+	STACK_OF(SSL_CIPHER) *sk;
+	SSL_CIPHER *c;
+	unsigned char *p,*d;
+	int i,al,ok;
+	unsigned int j;
+	long n;
+	SSL_COMP *comp;
+
+	n=ssl3_get_message(s,
+		SSL3_ST_CR_SRVR_HELLO_A,
+		SSL3_ST_CR_SRVR_HELLO_B,
+		SSL3_MT_SERVER_HELLO,
+		300, /* ?? */
+		&ok);
+
+	if (!ok) return((int)n);
+	d=p=(unsigned char *)s->init_buf->data;
+
+	if ((p[0] != (s->version>>8)) || (p[1] != (s->version&0xff)))
+		{
+		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_WRONG_SSL_VERSION);
+		s->version=(s->version&0xff00)|p[1];
+		al=SSL_AD_PROTOCOL_VERSION;
+		goto f_err;
+		}
+	p+=2;
+
+	/* load the server hello data */
+	/* load the server random */
+	memcpy(s->s3->server_random,p,SSL3_RANDOM_SIZE);
+	p+=SSL3_RANDOM_SIZE;
+
+	/* get the session-id */
+	j= *(p++);
+
+	if ((j != 0) && (j != SSL3_SESSION_ID_SIZE))
+		{
+		/* SSLref returns 16 :-( */
+		if (j < SSL2_SSL_SESSION_ID_LENGTH)
+			{
+			al=SSL_AD_ILLEGAL_PARAMETER;
+			SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SSL3_SESSION_ID_TOO_SHORT);
+			goto f_err;
+			}
+		}
+	if (j != 0 && j == s->session->session_id_length
+	    && memcmp(p,s->session->session_id,j) == 0)
+	    {
+	    if(s->sid_ctx_length != s->session->sid_ctx_length
+	       || memcmp(s->session->sid_ctx,s->sid_ctx,s->sid_ctx_length))
+		{
+		al=SSL_AD_ILLEGAL_PARAMETER;
+		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
+		goto f_err;
+		}
+	    s->hit=1;
+	    }
+	else	/* a miss or crap from the other end */
+		{
+		/* If we were trying for session-id reuse, make a new
+		 * SSL_SESSION so we don't stuff up other people */
+		s->hit=0;
+		if (s->session->session_id_length > 0)
+			{
+			if (!ssl_get_new_session(s,0))
+				{
+				al=SSL_AD_INTERNAL_ERROR;
+				goto f_err;
+				}
+			}
+		s->session->session_id_length=j;
+		memcpy(s->session->session_id,p,j); /* j could be 0 */
+		}
+	p+=j;
+	c=ssl_get_cipher_by_char(s,p);
+	if (c == NULL)
+		{
+		/* unknown cipher */
+		al=SSL_AD_ILLEGAL_PARAMETER;
+		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNKNOWN_CIPHER_RETURNED);
+		goto f_err;
+		}
+	p+=ssl_put_cipher_by_char(s,NULL,NULL);
+
+	sk=ssl_get_ciphers_by_id(s);
+	i=sk_SSL_CIPHER_find(sk,c);
+	if (i < 0)
+		{
+		/* we did not say we would use this cipher */
+		al=SSL_AD_ILLEGAL_PARAMETER;
+		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_WRONG_CIPHER_RETURNED);
+		goto f_err;
+		}
+
+	if (s->hit && (s->session->cipher != c))
+		{
+		if (!(s->options &
+			SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG))
+			{
+			al=SSL_AD_ILLEGAL_PARAMETER;
+			SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED);
+			goto f_err;
+			}
+		}
+	s->s3->tmp.new_cipher=c;
+
+	/* lets get the compression algorithm */
+	/* COMPRESSION */
+	j= *(p++);
+	if (j == 0)
+		comp=NULL;
+	else
+		comp=ssl3_comp_find(s->ctx->comp_methods,j);
+	
+	if ((j != 0) && (comp == NULL))
+		{
+		al=SSL_AD_ILLEGAL_PARAMETER;
+		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
+		goto f_err;
+		}
+	else
+		{
+		s->s3->tmp.new_compression=comp;
+		}
+
+	if (p != (d+n))
+		{
+		/* wrong packet length */
+		al=SSL_AD_DECODE_ERROR;
+		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_BAD_PACKET_LENGTH);
+		goto err;
+		}
+
+	return(1);
+f_err:
+	ssl3_send_alert(s,SSL3_AL_FATAL,al);
+err:
+	return(-1);
+	}
+
+static int ssl3_get_server_certificate(SSL *s)
+	{
+	int al,i,ok,ret= -1;
+	unsigned long n,nc,llen,l;
+	X509 *x=NULL;
+	unsigned char *p,*d,*q;
+	STACK_OF(X509) *sk=NULL;
+	SESS_CERT *sc;
+	EVP_PKEY *pkey=NULL;
+
+	n=ssl3_get_message(s,
+		SSL3_ST_CR_CERT_A,
+		SSL3_ST_CR_CERT_B,
+		-1,
+#if defined(MSDOS) && !defined(WIN32)
+		1024*30, /* 30k max cert list :-) */
+#else
+		1024*100, /* 100k max cert list :-) */
+#endif
+		&ok);
+
+	if (!ok) return((int)n);
+
+	if (s->s3->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE)
+		{
+		s->s3->tmp.reuse_message=1;
+		return(1);
+		}
+
+	if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE)
+		{
+		al=SSL_AD_UNEXPECTED_MESSAGE;
+		SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_BAD_MESSAGE_TYPE);
+		goto f_err;
+		}
+	d=p=(unsigned char *)s->init_buf->data;
+
+	if ((sk=sk_X509_new_null()) == NULL)
+		{
+		SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+
+	n2l3(p,llen);
+	if (llen+3 != n)
+		{
+		al=SSL_AD_DECODE_ERROR;
+		SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_LENGTH_MISMATCH);
+		goto f_err;
+		}
+	for (nc=0; nc llen)
+			{
+			al=SSL_AD_DECODE_ERROR;
+			SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH);
+			goto f_err;
+			}
+
+		q=p;
+		x=d2i_X509(NULL,&q,l);
+		if (x == NULL)
+			{
+			al=SSL_AD_BAD_CERTIFICATE;
+			SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_ASN1_LIB);
+			goto f_err;
+			}
+		if (q != (p+l))
+			{
+			al=SSL_AD_DECODE_ERROR;
+			SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH);
+			goto f_err;
+			}
+		if (!sk_X509_push(sk,x))
+			{
+			SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_MALLOC_FAILURE);
+			goto err;
+			}
+		x=NULL;
+		nc+=l+3;
+		p=q;
+		}
+
+	i=ssl_verify_cert_chain(s,sk);
+	if ((s->verify_mode != SSL_VERIFY_NONE) && (!i))
+		{
+		al=ssl_verify_alarm_type(s->verify_result);
+		SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED);
+		goto f_err; 
+		}
+
+	sc=ssl_sess_cert_new();
+	if (sc == NULL) goto err;
+
+	if (s->session->sess_cert) ssl_sess_cert_free(s->session->sess_cert);
+	s->session->sess_cert=sc;
+
+	sc->cert_chain=sk;
+	x=sk_X509_value(sk,0);
+	sk=NULL;
+
+	pkey=X509_get_pubkey(x);
+
+	if ((pkey == NULL) || EVP_PKEY_missing_parameters(pkey))
+		{
+		x=NULL;
+		al=SSL3_AL_FATAL;
+		SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS);
+		goto f_err;
+		}
+
+	i=ssl_cert_type(x,pkey);
+	if (i < 0)
+		{
+		x=NULL;
+		al=SSL3_AL_FATAL;
+		SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_UNKNOWN_CERTIFICATE_TYPE);
+		goto f_err;
+		}
+
+	sc->peer_cert_type=i;
+	CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
+	if (sc->peer_pkeys[i].x509 != NULL) /* Why would this ever happen?
+										 * We just created sc a couple of
+										 * lines ago. */
+		X509_free(sc->peer_pkeys[i].x509);
+	sc->peer_pkeys[i].x509=x;
+	sc->peer_key= &(sc->peer_pkeys[i]);
+
+	if (s->session->peer != NULL)
+		X509_free(s->session->peer);
+	CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
+	s->session->peer=x;
+
+	x=NULL;
+	ret=1;
+
+	if (0)
+		{
+f_err:
+		ssl3_send_alert(s,SSL3_AL_FATAL,al);
+		}
+err:
+	EVP_PKEY_free(pkey);
+	X509_free(x);
+	sk_X509_pop_free(sk,X509_free);
+	return(ret);
+	}
+
+static int ssl3_get_key_exchange(SSL *s)
+	{
+#ifndef NO_RSA
+	unsigned char *q,md_buf[EVP_MAX_MD_SIZE*2];
+#endif
+	EVP_MD_CTX md_ctx;
+	unsigned char *param,*p;
+	int al,i,j,param_len,ok;
+	long n,alg;
+	EVP_PKEY *pkey=NULL;
+#ifndef NO_RSA
+	RSA *rsa=NULL;
+#endif
+#ifndef NO_DH
+	DH *dh=NULL;
+#endif
+
+	n=ssl3_get_message(s,
+		SSL3_ST_CR_KEY_EXCH_A,
+		SSL3_ST_CR_KEY_EXCH_B,
+		-1,
+		1024*8, /* ?? */
+		&ok);
+
+	if (!ok) return((int)n);
+
+	if (s->s3->tmp.message_type != SSL3_MT_SERVER_KEY_EXCHANGE)
+		{
+		s->s3->tmp.reuse_message=1;
+		return(1);
+		}
+
+	param=p=(unsigned char *)s->init_buf->data;
+
+	if (s->session->sess_cert != NULL)
+		{
+#ifndef NO_RSA
+		if (s->session->sess_cert->peer_rsa_tmp != NULL)
+			{
+			RSA_free(s->session->sess_cert->peer_rsa_tmp);
+			s->session->sess_cert->peer_rsa_tmp=NULL;
+			}
+#endif
+#ifndef NO_DH
+		if (s->session->sess_cert->peer_dh_tmp)
+			{
+			DH_free(s->session->sess_cert->peer_dh_tmp);
+			s->session->sess_cert->peer_dh_tmp=NULL;
+			}
+#endif
+		}
+	else
+		{
+		s->session->sess_cert=ssl_sess_cert_new();
+		}
+
+	param_len=0;
+	alg=s->s3->tmp.new_cipher->algorithms;
+
+#ifndef NO_RSA
+	if (alg & SSL_kRSA)
+		{
+		if ((rsa=RSA_new()) == NULL)
+			{
+			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
+			goto err;
+			}
+		n2s(p,i);
+		param_len=i+2;
+		if (param_len > n)
+			{
+			al=SSL_AD_DECODE_ERROR;
+			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_MODULUS_LENGTH);
+			goto f_err;
+			}
+		if (!(rsa->n=BN_bin2bn(p,i,rsa->n)))
+			{
+			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
+			goto err;
+			}
+		p+=i;
+
+		n2s(p,i);
+		param_len+=i+2;
+		if (param_len > n)
+			{
+			al=SSL_AD_DECODE_ERROR;
+			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_E_LENGTH);
+			goto f_err;
+			}
+		if (!(rsa->e=BN_bin2bn(p,i,rsa->e)))
+			{
+			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
+			goto err;
+			}
+		p+=i;
+		n-=param_len;
+
+		/* this should be because we are using an export cipher */
+		if (alg & SSL_aRSA)
+			pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
+		else
+			{
+			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_INTERNAL_ERROR);
+			goto err;
+			}
+		s->session->sess_cert->peer_rsa_tmp=rsa;
+		rsa=NULL;
+		}
+	else
+#endif
+#ifndef NO_DH
+		if (alg & SSL_kEDH)
+		{
+		if ((dh=DH_new()) == NULL)
+			{
+			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_DH_LIB);
+			goto err;
+			}
+		n2s(p,i);
+		param_len=i+2;
+		if (param_len > n)
+			{
+			al=SSL_AD_DECODE_ERROR;
+			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_P_LENGTH);
+			goto f_err;
+			}
+		if (!(dh->p=BN_bin2bn(p,i,NULL)))
+			{
+			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
+			goto err;
+			}
+		p+=i;
+
+		n2s(p,i);
+		param_len+=i+2;
+		if (param_len > n)
+			{
+			al=SSL_AD_DECODE_ERROR;
+			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_G_LENGTH);
+			goto f_err;
+			}
+		if (!(dh->g=BN_bin2bn(p,i,NULL)))
+			{
+			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
+			goto err;
+			}
+		p+=i;
+
+		n2s(p,i);
+		param_len+=i+2;
+		if (param_len > n)
+			{
+			al=SSL_AD_DECODE_ERROR;
+			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_PUB_KEY_LENGTH);
+			goto f_err;
+			}
+		if (!(dh->pub_key=BN_bin2bn(p,i,NULL)))
+			{
+			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
+			goto err;
+			}
+		p+=i;
+		n-=param_len;
+
+#ifndef NO_RSA
+		if (alg & SSL_aRSA)
+			pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
+		else
+#endif
+#ifndef NO_DSA
+		if (alg & SSL_aDSS)
+			pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].x509);
+#endif
+		/* else anonymous DH, so no certificate or pkey. */
+
+		s->session->sess_cert->peer_dh_tmp=dh;
+		dh=NULL;
+		}
+	else if ((alg & SSL_kDHr) || (alg & SSL_kDHd))
+		{
+		al=SSL_AD_ILLEGAL_PARAMETER;
+		SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER);
+		goto f_err;
+		}
+#endif
+	if (alg & SSL_aFZA)
+		{
+		al=SSL_AD_HANDSHAKE_FAILURE;
+		SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER);
+		goto f_err;
+		}
+
+
+	/* p points to the next byte, there are 'n' bytes left */
+
+
+	/* if it was signed, check the signature */
+	if (pkey != NULL)
+		{
+		n2s(p,i);
+		n-=2;
+		j=EVP_PKEY_size(pkey);
+
+		if ((i != n) || (n > j) || (n <= 0))
+			{
+			/* wrong packet length */
+			al=SSL_AD_DECODE_ERROR;
+			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_WRONG_SIGNATURE_LENGTH);
+			goto f_err;
+			}
+
+#ifndef NO_RSA
+		if (pkey->type == EVP_PKEY_RSA)
+			{
+			int num;
+
+			j=0;
+			q=md_buf;
+			for (num=2; num > 0; num--)
+				{
+				EVP_DigestInit(&md_ctx,(num == 2)
+					?s->ctx->md5:s->ctx->sha1);
+				EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
+				EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
+				EVP_DigestUpdate(&md_ctx,param,param_len);
+				EVP_DigestFinal(&md_ctx,q,(unsigned int *)&i);
+				q+=i;
+				j+=i;
+				}
+			i=RSA_public_decrypt((int)n,p,p,pkey->pkey.rsa,
+				RSA_PKCS1_PADDING);
+			if (i <= 0)
+				{
+				al=SSL_AD_DECRYPT_ERROR;
+				SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT);
+				goto f_err;
+				}
+			if ((j != i) || (memcmp(p,md_buf,i) != 0))
+				{
+				/* bad signature */
+				al=SSL_AD_DECRYPT_ERROR;
+				SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SIGNATURE);
+				goto f_err;
+				}
+			}
+		else
+#endif
+#ifndef NO_DSA
+			if (pkey->type == EVP_PKEY_DSA)
+			{
+			/* lets do DSS */
+			EVP_VerifyInit(&md_ctx,EVP_dss1());
+			EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
+			EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
+			EVP_VerifyUpdate(&md_ctx,param,param_len);
+			if (!EVP_VerifyFinal(&md_ctx,p,(int)n,pkey))
+				{
+				/* bad signature */
+				al=SSL_AD_DECRYPT_ERROR;
+				SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SIGNATURE);
+				goto f_err;
+				}
+			}
+		else
+#endif
+			{
+			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_INTERNAL_ERROR);
+			goto err;
+			}
+		}
+	else
+		{
+		/* still data left over */
+		if (!(alg & SSL_aNULL))
+			{
+			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_INTERNAL_ERROR);
+			goto err;
+			}
+		if (n != 0)
+			{
+			al=SSL_AD_DECODE_ERROR;
+			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_EXTRA_DATA_IN_MESSAGE);
+			goto f_err;
+			}
+		}
+	EVP_PKEY_free(pkey);
+	return(1);
+f_err:
+	ssl3_send_alert(s,SSL3_AL_FATAL,al);
+err:
+	EVP_PKEY_free(pkey);
+#ifndef NO_RSA
+	if (rsa != NULL)
+		RSA_free(rsa);
+#endif
+#ifndef NO_DH
+	if (dh != NULL)
+		DH_free(dh);
+#endif
+	return(-1);
+	}
+
+static int ssl3_get_certificate_request(SSL *s)
+	{
+	int ok,ret=0;
+	unsigned long n,nc,l;
+	unsigned int llen,ctype_num,i;
+	X509_NAME *xn=NULL;
+	unsigned char *p,*d,*q;
+	STACK_OF(X509_NAME) *ca_sk=NULL;
+
+	n=ssl3_get_message(s,
+		SSL3_ST_CR_CERT_REQ_A,
+		SSL3_ST_CR_CERT_REQ_B,
+		-1,
+#if defined(MSDOS) && !defined(WIN32)
+		1024*30,  /* 30k max cert list :-) */
+#else
+		1024*100, /* 100k max cert list :-) */
+#endif
+		&ok);
+
+	if (!ok) return((int)n);
+
+	s->s3->tmp.cert_req=0;
+
+	if (s->s3->tmp.message_type == SSL3_MT_SERVER_DONE)
+		{
+		s->s3->tmp.reuse_message=1;
+		return(1);
+		}
+
+	if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_REQUEST)
+		{
+		ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
+		SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_WRONG_MESSAGE_TYPE);
+		goto err;
+		}
+
+	/* TLS does not like anon-DH with client cert */
+	if (s->version > SSL3_VERSION)
+		{
+		l=s->s3->tmp.new_cipher->algorithms;
+		if (l & SSL_aNULL)
+			{
+			ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
+			SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER);
+			goto err;
+			}
+		}
+
+	d=p=(unsigned char *)s->init_buf->data;
+
+	if ((ca_sk=sk_X509_NAME_new(ca_dn_cmp)) == NULL)
+		{
+		SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+
+	/* get the certificate types */
+	ctype_num= *(p++);
+	if (ctype_num > SSL3_CT_NUMBER)
+		ctype_num=SSL3_CT_NUMBER;
+	for (i=0; is3->tmp.ctype[i]= p[i];
+	p+=ctype_num;
+
+	/* get the CA RDNs */
+	n2s(p,llen);
+#if 0
+{
+FILE *out;
+out=fopen("/tmp/vsign.der","w");
+fwrite(p,1,llen,out);
+fclose(out);
+}
+#endif
+
+	if ((llen+ctype_num+2+1) != n)
+		{
+		ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
+		SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_LENGTH_MISMATCH);
+		goto err;
+		}
+
+	for (nc=0; nc llen)
+			{
+			if ((s->options & SSL_OP_NETSCAPE_CA_DN_BUG))
+				goto cont; /* netscape bugs */
+			ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
+			SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_CA_DN_TOO_LONG);
+			goto err;
+			}
+
+		q=p;
+
+		if ((xn=d2i_X509_NAME(NULL,&q,l)) == NULL)
+			{
+			/* If netscape tollerance is on, ignore errors */
+			if (s->options & SSL_OP_NETSCAPE_CA_DN_BUG)
+				goto cont;
+			else
+				{
+				ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
+				SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_ASN1_LIB);
+				goto err;
+				}
+			}
+
+		if (q != (p+l))
+			{
+			ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
+			SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_CA_DN_LENGTH_MISMATCH);
+			goto err;
+			}
+		if (!sk_X509_NAME_push(ca_sk,xn))
+			{
+			SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_MALLOC_FAILURE);
+			goto err;
+			}
+
+		p+=l;
+		nc+=l+2;
+		}
+
+	if (0)
+		{
+cont:
+		ERR_clear_error();
+		}
+
+	/* we should setup a certficate to return.... */
+	s->s3->tmp.cert_req=1;
+	s->s3->tmp.ctype_num=ctype_num;
+	if (s->s3->tmp.ca_names != NULL)
+		sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
+	s->s3->tmp.ca_names=ca_sk;
+	ca_sk=NULL;
+
+	ret=1;
+err:
+	if (ca_sk != NULL) sk_X509_NAME_pop_free(ca_sk,X509_NAME_free);
+	return(ret);
+	}
+
+static int ca_dn_cmp(X509_NAME **a, X509_NAME **b)
+	{
+	return(X509_NAME_cmp(*a,*b));
+	}
+
+static int ssl3_get_server_done(SSL *s)
+	{
+	int ok,ret=0;
+	long n;
+
+	n=ssl3_get_message(s,
+		SSL3_ST_CR_SRVR_DONE_A,
+		SSL3_ST_CR_SRVR_DONE_B,
+		SSL3_MT_SERVER_DONE,
+		30, /* should be very small, like 0 :-) */
+		&ok);
+
+	if (!ok) return((int)n);
+	if (n > 0)
+		{
+		/* should contain no data */
+		ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
+		SSLerr(SSL_F_SSL3_GET_SERVER_DONE,SSL_R_LENGTH_MISMATCH);
+		}
+	ret=1;
+	return(ret);
+	}
+
+static int ssl3_send_client_key_exchange(SSL *s)
+	{
+	unsigned char *p,*d;
+	int n;
+	unsigned long l;
+#ifndef NO_RSA
+	unsigned char *q;
+	EVP_PKEY *pkey=NULL;
+#endif
+
+	if (s->state == SSL3_ST_CW_KEY_EXCH_A)
+		{
+		d=(unsigned char *)s->init_buf->data;
+		p= &(d[4]);
+
+		l=s->s3->tmp.new_cipher->algorithms;
+
+#ifndef NO_RSA
+		if (l & SSL_kRSA)
+			{
+			RSA *rsa;
+			unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
+
+			if (s->session->sess_cert->peer_rsa_tmp != NULL)
+				rsa=s->session->sess_cert->peer_rsa_tmp;
+			else
+				{
+				pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
+				if ((pkey == NULL) ||
+					(pkey->type != EVP_PKEY_RSA) ||
+					(pkey->pkey.rsa == NULL))
+					{
+					SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_INTERNAL_ERROR);
+					goto err;
+					}
+				rsa=pkey->pkey.rsa;
+				EVP_PKEY_free(pkey);
+				}
+				
+			tmp_buf[0]=s->client_version>>8;
+			tmp_buf[1]=s->client_version&0xff;
+			RAND_bytes(&(tmp_buf[2]),SSL_MAX_MASTER_KEY_LENGTH-2);
+
+			s->session->master_key_length=SSL_MAX_MASTER_KEY_LENGTH;
+
+			q=p;
+			/* Fix buf for TLS and beyond */
+			if (s->version > SSL3_VERSION)
+				p+=2;
+			n=RSA_public_encrypt(SSL_MAX_MASTER_KEY_LENGTH,
+				tmp_buf,p,rsa,RSA_PKCS1_PADDING);
+#ifdef PKCS1_CHECK
+			if (s->options & SSL_OP_PKCS1_CHECK_1) p[1]++;
+			if (s->options & SSL_OP_PKCS1_CHECK_2) tmp_buf[0]=0x70;
+#endif
+			if (n <= 0)
+				{
+				SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_ENCRYPT);
+				goto err;
+				}
+
+			/* Fix buf for TLS and beyond */
+			if (s->version > SSL3_VERSION)
+				{
+				s2n(n,q);
+				n+=2;
+				}
+
+			s->session->master_key_length=
+				s->method->ssl3_enc->generate_master_secret(s,
+					s->session->master_key,
+					tmp_buf,SSL_MAX_MASTER_KEY_LENGTH);
+			memset(tmp_buf,0,SSL_MAX_MASTER_KEY_LENGTH);
+			}
+		else
+#endif
+#ifndef NO_DH
+		if (l & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
+			{
+			DH *dh_srvr,*dh_clnt;
+
+			if (s->session->sess_cert->peer_dh_tmp != NULL)
+				dh_srvr=s->session->sess_cert->peer_dh_tmp;
+			else
+				{
+				/* we get them from the cert */
+				ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
+				SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_DH_PARAMETERS);
+				goto err;
+				}
+			
+			/* generate a new random key */
+			if ((dh_clnt=DHparams_dup(dh_srvr)) == NULL)
+				{
+				SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
+				goto err;
+				}
+			if (!DH_generate_key(dh_clnt))
+				{
+				SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
+				goto err;
+				}
+
+			/* use the 'p' output buffer for the DH key, but
+			 * make sure to clear it out afterwards */
+
+			n=DH_compute_key(p,dh_srvr->pub_key,dh_clnt);
+
+			if (n <= 0)
+				{
+				SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
+				goto err;
+				}
+
+			/* generate master key from the result */
+			s->session->master_key_length=
+				s->method->ssl3_enc->generate_master_secret(s,
+					s->session->master_key,p,n);
+			/* clean up */
+			memset(p,0,n);
+
+			/* send off the data */
+			n=BN_num_bytes(dh_clnt->pub_key);
+			s2n(n,p);
+			BN_bn2bin(dh_clnt->pub_key,p);
+			n+=2;
+
+			DH_free(dh_clnt);
+
+			/* perhaps clean things up a bit EAY EAY EAY EAY*/
+			}
+		else
+#endif
+			{
+			ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
+			SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_INTERNAL_ERROR);
+			goto err;
+			}
+		
+		*(d++)=SSL3_MT_CLIENT_KEY_EXCHANGE;
+		l2n3(n,d);
+
+		s->state=SSL3_ST_CW_KEY_EXCH_B;
+		/* number of bytes to write */
+		s->init_num=n+4;
+		s->init_off=0;
+		}
+
+	/* SSL3_ST_CW_KEY_EXCH_B */
+	return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
+err:
+	return(-1);
+	}
+
+static int ssl3_send_client_verify(SSL *s)
+	{
+	unsigned char *p,*d;
+	unsigned char data[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
+	EVP_PKEY *pkey;
+#ifndef NO_RSA
+	int i=0;
+#endif
+	unsigned long n;
+#ifndef NO_DSA
+	int j;
+#endif
+
+	if (s->state == SSL3_ST_CW_CERT_VRFY_A)
+		{
+		d=(unsigned char *)s->init_buf->data;
+		p= &(d[4]);
+		pkey=s->cert->key->privatekey;
+
+		s->method->ssl3_enc->cert_verify_mac(s,&(s->s3->finish_dgst2),
+			&(data[MD5_DIGEST_LENGTH]));
+
+#ifndef NO_RSA
+		if (pkey->type == EVP_PKEY_RSA)
+			{
+			s->method->ssl3_enc->cert_verify_mac(s,
+				&(s->s3->finish_dgst1),&(data[0]));
+			i=RSA_private_encrypt(
+				MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH,
+				data,&(p[2]),pkey->pkey.rsa,
+				RSA_PKCS1_PADDING);
+			if (i <= 0)
+				{
+				SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_RSA_LIB);
+				goto err;
+				}
+			s2n(i,p);
+			n=i+2;
+			}
+		else
+#endif
+#ifndef NO_DSA
+			if (pkey->type == EVP_PKEY_DSA)
+			{
+			if (!DSA_sign(pkey->save_type,
+				&(data[MD5_DIGEST_LENGTH]),
+				SHA_DIGEST_LENGTH,&(p[2]),
+				(unsigned int *)&j,pkey->pkey.dsa))
+				{
+				SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_DSA_LIB);
+				goto err;
+				}
+			s2n(j,p);
+			n=j+2;
+			}
+		else
+#endif
+			{
+			SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,SSL_R_INTERNAL_ERROR);
+			goto err;
+			}
+		*(d++)=SSL3_MT_CERTIFICATE_VERIFY;
+		l2n3(n,d);
+
+		s->init_num=(int)n+4;
+		s->init_off=0;
+		}
+	return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
+err:
+	return(-1);
+	}
+
+static int ssl3_send_client_certificate(SSL *s)
+	{
+	X509 *x509=NULL;
+	EVP_PKEY *pkey=NULL;
+	int i;
+	unsigned long l;
+
+	if (s->state ==	SSL3_ST_CW_CERT_A)
+		{
+		if ((s->cert == NULL) ||
+			(s->cert->key->x509 == NULL) ||
+			(s->cert->key->privatekey == NULL))
+			s->state=SSL3_ST_CW_CERT_B;
+		else
+			s->state=SSL3_ST_CW_CERT_C;
+		}
+
+	/* We need to get a client cert */
+	if (s->state == SSL3_ST_CW_CERT_B)
+		{
+		/* If we get an error, we need to
+		 * ssl->rwstate=SSL_X509_LOOKUP; return(-1);
+		 * We then get retied later */
+		i=0;
+		if (s->ctx->client_cert_cb != NULL)
+			i=s->ctx->client_cert_cb(s,&(x509),&(pkey));
+		if (i < 0)
+			{
+			s->rwstate=SSL_X509_LOOKUP;
+			return(-1);
+			}
+		s->rwstate=SSL_NOTHING;
+		if ((i == 1) && (pkey != NULL) && (x509 != NULL))
+			{
+			s->state=SSL3_ST_CW_CERT_B;
+			if (	!SSL_use_certificate(s,x509) ||
+				!SSL_use_PrivateKey(s,pkey))
+				i=0;
+			}
+		else if (i == 1)
+			{
+			i=0;
+			SSLerr(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE,SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
+			}
+
+		if (x509 != NULL) X509_free(x509);
+		if (pkey != NULL) EVP_PKEY_free(pkey);
+		if (i == 0)
+			{
+			if (s->version == SSL3_VERSION)
+				{
+				s->s3->tmp.cert_req=0;
+				ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_NO_CERTIFICATE);
+				return(1);
+				}
+			else
+				{
+				s->s3->tmp.cert_req=2;
+				}
+			}
+
+		/* Ok, we have a cert */
+		s->state=SSL3_ST_CW_CERT_C;
+		}
+
+	if (s->state == SSL3_ST_CW_CERT_C)
+		{
+		s->state=SSL3_ST_CW_CERT_D;
+		l=ssl3_output_cert_chain(s,
+			(s->s3->tmp.cert_req == 2)?NULL:s->cert->key->x509);
+		s->init_num=(int)l;
+		s->init_off=0;
+		}
+	/* SSL3_ST_CW_CERT_D */
+	return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
+	}
+
+#define has_bits(i,m)	(((i)&(m)) == (m))
+
+static int ssl3_check_cert_and_algorithm(SSL *s)
+	{
+	int i,idx;
+	long algs;
+	EVP_PKEY *pkey=NULL;
+	SESS_CERT *sc;
+#ifndef NO_RSA
+	RSA *rsa;
+#endif
+#ifndef NO_DH
+	DH *dh;
+#endif
+
+	sc=s->session->sess_cert;
+
+	if (sc == NULL)
+		{
+		SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_INTERNAL_ERROR);
+		goto err;
+		}
+
+	algs=s->s3->tmp.new_cipher->algorithms;
+
+	/* we don't have a certificate */
+	if (algs & (SSL_aDH|SSL_aNULL))
+		return(1);
+
+#ifndef NO_RSA
+	rsa=s->session->sess_cert->peer_rsa_tmp;
+#endif
+#ifndef NO_DH
+	dh=s->session->sess_cert->peer_dh_tmp;
+#endif
+
+	/* This is the passed certificate */
+
+	idx=sc->peer_cert_type;
+	pkey=X509_get_pubkey(sc->peer_pkeys[idx].x509);
+	i=X509_certificate_type(sc->peer_pkeys[idx].x509,pkey);
+	EVP_PKEY_free(pkey);
+
+	
+	/* Check that we have a certificate if we require one */
+	if ((algs & SSL_aRSA) && !has_bits(i,EVP_PK_RSA|EVP_PKT_SIGN))
+		{
+		SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_RSA_SIGNING_CERT);
+		goto f_err;
+		}
+#ifndef NO_DSA
+	else if ((algs & SSL_aDSS) && !has_bits(i,EVP_PK_DSA|EVP_PKT_SIGN))
+		{
+		SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DSA_SIGNING_CERT);
+		goto f_err;
+		}
+#endif
+#ifndef NO_RSA
+	if ((algs & SSL_kRSA) &&
+		!(has_bits(i,EVP_PK_RSA|EVP_PKT_ENC) || (rsa != NULL)))
+		{
+		SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_RSA_ENCRYPTING_CERT);
+		goto f_err;
+		}
+#endif
+#ifndef NO_DH
+	if ((algs & SSL_kEDH) &&
+		!(has_bits(i,EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL)))
+		{
+		SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_KEY);
+		goto f_err;
+		}
+	else if ((algs & SSL_kDHr) && !has_bits(i,EVP_PK_DH|EVP_PKS_RSA))
+		{
+		SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_RSA_CERT);
+		goto f_err;
+		}
+#ifndef NO_DSA
+	else if ((algs & SSL_kDHd) && !has_bits(i,EVP_PK_DH|EVP_PKS_DSA))
+		{
+		SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_DSA_CERT);
+		goto f_err;
+		}
+#endif
+#endif
+
+	if (SSL_IS_EXPORT(algs) && !has_bits(i,EVP_PKT_EXP))
+		{
+#ifndef NO_RSA
+		if (algs & SSL_kRSA)
+			{
+			if (rsa == NULL
+			    || RSA_size(rsa) > SSL_EXPORT_PKEYLENGTH(algs))
+				{
+				SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_RSA_KEY);
+				goto f_err;
+				}
+			}
+		else
+#endif
+#ifndef NO_DH
+			if (algs & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
+			    {
+			    if (dh == NULL
+				|| DH_size(dh) > SSL_EXPORT_PKEYLENGTH(algs))
+				{
+				SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_DH_KEY);
+				goto f_err;
+				}
+			}
+		else
+#endif
+			{
+			SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
+			goto f_err;
+			}
+		}
+	return(1);
+f_err:
+	ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
+err:
+	return(0);
+	}
+
diff --git a/crypto/openssl/ssl/s3_enc.c b/crypto/openssl/ssl/s3_enc.c
new file mode 100644
index 000000000000..15d4af6dfbae
--- /dev/null
+++ b/crypto/openssl/ssl/s3_enc.c
@@ -0,0 +1,587 @@
+/* ssl/s3_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+#include 
+#include "ssl_locl.h"
+
+static unsigned char ssl3_pad_1[48]={
+	0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36,
+	0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36,
+	0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36,
+	0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36,
+	0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36,
+	0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36 };
+
+static unsigned char ssl3_pad_2[48]={
+	0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,
+	0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,
+	0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,
+	0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,
+	0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,
+	0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c };
+
+#ifndef NO_PROTO
+static int ssl3_handshake_mac(SSL *s, EVP_MD_CTX *in_ctx,
+	unsigned char *sender, int len, unsigned char *p);
+#else
+static int ssl3_handshake_mac();
+#endif
+
+static void ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
+	{
+	MD5_CTX m5;
+	SHA_CTX s1;
+	unsigned char buf[8],smd[SHA_DIGEST_LENGTH];
+	unsigned char c='A';
+	int i,j,k;
+
+#ifdef CHARSET_EBCDIC
+	c = os_toascii[c]; /*'A' in ASCII */
+#endif
+	k=0;
+	for (i=0; isession->master_key,
+			s->session->master_key_length);
+		SHA1_Update(&s1,s->s3->server_random,SSL3_RANDOM_SIZE);
+		SHA1_Update(&s1,s->s3->client_random,SSL3_RANDOM_SIZE);
+		SHA1_Final( smd,&s1);
+
+		MD5_Init(  &m5);
+		MD5_Update(&m5,s->session->master_key,
+			s->session->master_key_length);
+		MD5_Update(&m5,smd,SHA_DIGEST_LENGTH);
+		if ((i+MD5_DIGEST_LENGTH) > num)
+			{
+			MD5_Final(smd,&m5);
+			memcpy(km,smd,(num-i));
+			}
+		else
+			MD5_Final(km,&m5);
+
+		km+=MD5_DIGEST_LENGTH;
+		}
+	memset(smd,0,SHA_DIGEST_LENGTH);
+	}
+
+int ssl3_change_cipher_state(SSL *s, int which)
+	{
+	unsigned char *p,*key_block,*mac_secret;
+	unsigned char exp_key[EVP_MAX_KEY_LENGTH];
+	unsigned char exp_iv[EVP_MAX_KEY_LENGTH];
+	unsigned char *ms,*key,*iv,*er1,*er2;
+	EVP_CIPHER_CTX *dd;
+	const EVP_CIPHER *c;
+	COMP_METHOD *comp;
+	const EVP_MD *m;
+	MD5_CTX md;
+	int exp,n,i,j,k,cl;
+
+	exp=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
+	c=s->s3->tmp.new_sym_enc;
+	m=s->s3->tmp.new_hash;
+	if (s->s3->tmp.new_compression == NULL)
+		comp=NULL;
+	else
+		comp=s->s3->tmp.new_compression->method;
+	key_block=s->s3->tmp.key_block;
+
+	if (which & SSL3_CC_READ)
+		{
+		if ((s->enc_read_ctx == NULL) &&
+			((s->enc_read_ctx=(EVP_CIPHER_CTX *)
+			Malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
+			goto err;
+		dd= s->enc_read_ctx;
+		s->read_hash=m;
+		/* COMPRESS */
+		if (s->expand != NULL)
+			{
+			COMP_CTX_free(s->expand);
+			s->expand=NULL;
+			}
+		if (comp != NULL)
+			{
+			s->expand=COMP_CTX_new(comp);
+			if (s->expand == NULL)
+				{
+				SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR);
+				goto err2;
+				}
+			if (s->s3->rrec.comp == NULL)
+				s->s3->rrec.comp=(unsigned char *)
+					Malloc(SSL3_RT_MAX_PLAIN_LENGTH);
+			if (s->s3->rrec.comp == NULL)
+				goto err;
+			}
+		memset(&(s->s3->read_sequence[0]),0,8);
+		mac_secret= &(s->s3->read_mac_secret[0]);
+		}
+	else
+		{
+		if ((s->enc_write_ctx == NULL) &&
+			((s->enc_write_ctx=(EVP_CIPHER_CTX *)
+			Malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
+			goto err;
+		dd= s->enc_write_ctx;
+		s->write_hash=m;
+		/* COMPRESS */
+		if (s->compress != NULL)
+			{
+			COMP_CTX_free(s->compress);
+			s->compress=NULL;
+			}
+		if (comp != NULL)
+			{
+			s->compress=COMP_CTX_new(comp);
+			if (s->compress == NULL)
+				{
+				SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR);
+				goto err2;
+				}
+			}
+		memset(&(s->s3->write_sequence[0]),0,8);
+		mac_secret= &(s->s3->write_mac_secret[0]);
+		}
+
+	EVP_CIPHER_CTX_init(dd);
+
+	p=s->s3->tmp.key_block;
+	i=EVP_MD_size(m);
+	cl=EVP_CIPHER_key_length(c);
+	j=exp ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
+		 cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
+	/* Was j=(exp)?5:EVP_CIPHER_key_length(c); */
+	k=EVP_CIPHER_iv_length(c);
+	if (	(which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) ||
+		(which == SSL3_CHANGE_CIPHER_SERVER_READ))
+		{
+		ms=  &(p[ 0]); n=i+i;
+		key= &(p[ n]); n+=j+j;
+		iv=  &(p[ n]); n+=k+k;
+		er1= &(s->s3->client_random[0]);
+		er2= &(s->s3->server_random[0]);
+		}
+	else
+		{
+		n=i;
+		ms=  &(p[ n]); n+=i+j;
+		key= &(p[ n]); n+=j+k;
+		iv=  &(p[ n]); n+=k;
+		er1= &(s->s3->server_random[0]);
+		er2= &(s->s3->client_random[0]);
+		}
+
+	if (n > s->s3->tmp.key_block_length)
+		{
+		SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,SSL_R_INTERNAL_ERROR);
+		goto err2;
+		}
+
+	memcpy(mac_secret,ms,i);
+	if (exp)
+		{
+		/* In here I set both the read and write key/iv to the
+		 * same value since only the correct one will be used :-).
+		 */
+		MD5_Init(&md);
+		MD5_Update(&md,key,j);
+		MD5_Update(&md,er1,SSL3_RANDOM_SIZE);
+		MD5_Update(&md,er2,SSL3_RANDOM_SIZE);
+		MD5_Final(&(exp_key[0]),&md);
+		key= &(exp_key[0]);
+
+		if (k > 0)
+			{
+			MD5_Init(&md);
+			MD5_Update(&md,er1,SSL3_RANDOM_SIZE);
+			MD5_Update(&md,er2,SSL3_RANDOM_SIZE);
+			MD5_Final(&(exp_iv[0]),&md);
+			iv= &(exp_iv[0]);
+			}
+		}
+
+	s->session->key_arg_length=0;
+
+	EVP_CipherInit(dd,c,key,iv,(which & SSL3_CC_WRITE));
+
+	memset(&(exp_key[0]),0,sizeof(exp_key));
+	memset(&(exp_iv[0]),0,sizeof(exp_iv));
+	return(1);
+err:
+	SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE);
+err2:
+	return(0);
+	}
+
+int ssl3_setup_key_block(SSL *s)
+	{
+	unsigned char *p;
+	const EVP_CIPHER *c;
+	const EVP_MD *hash;
+	int num;
+	SSL_COMP *comp;
+
+	if (s->s3->tmp.key_block_length != 0)
+		return(1);
+
+	if (!ssl_cipher_get_evp(s->session,&c,&hash,&comp))
+		{
+		SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK,SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
+		return(0);
+		}
+
+	s->s3->tmp.new_sym_enc=c;
+	s->s3->tmp.new_hash=hash;
+	s->s3->tmp.new_compression=comp;
+
+	num=EVP_CIPHER_key_length(c)+EVP_MD_size(hash)+EVP_CIPHER_iv_length(c);
+	num*=2;
+
+	ssl3_cleanup_key_block(s);
+
+	if ((p=(unsigned char *)Malloc(num)) == NULL)
+		goto err;
+
+	s->s3->tmp.key_block_length=num;
+	s->s3->tmp.key_block=p;
+
+	ssl3_generate_key_block(s,p,num);
+
+	return(1);
+err:
+	SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE);
+	return(0);
+	}
+
+void ssl3_cleanup_key_block(SSL *s)
+	{
+	if (s->s3->tmp.key_block != NULL)
+		{
+		memset(s->s3->tmp.key_block,0,
+			s->s3->tmp.key_block_length);
+		Free(s->s3->tmp.key_block);
+		s->s3->tmp.key_block=NULL;
+		}
+	s->s3->tmp.key_block_length=0;
+	}
+
+int ssl3_enc(SSL *s, int send)
+	{
+	SSL3_RECORD *rec;
+	EVP_CIPHER_CTX *ds;
+	unsigned long l;
+	int bs,i;
+	const EVP_CIPHER *enc;
+
+	if (send)
+		{
+		ds=s->enc_write_ctx;
+		rec= &(s->s3->wrec);
+		if (s->enc_write_ctx == NULL)
+			enc=NULL;
+		else
+			enc=EVP_CIPHER_CTX_cipher(s->enc_write_ctx);
+		}
+	else
+		{
+		ds=s->enc_read_ctx;
+		rec= &(s->s3->rrec);
+		if (s->enc_read_ctx == NULL)
+			enc=NULL;
+		else
+			enc=EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
+		}
+
+	if ((s->session == NULL) || (ds == NULL) ||
+		(enc == NULL))
+		{
+		memcpy(rec->data,rec->input,rec->length);
+		rec->input=rec->data;
+		}
+	else
+		{
+		l=rec->length;
+		bs=EVP_CIPHER_block_size(ds->cipher);
+
+		/* COMPRESS */
+
+		/* This should be using (bs-1) and bs instead of 7 and 8 */
+		if ((bs != 1) && send)
+			{
+			i=bs-((int)l%bs);
+
+			/* we need to add 'i-1' padding bytes */
+			l+=i;
+			rec->length+=i;
+			rec->input[l-1]=(i-1);
+			}
+
+		EVP_Cipher(ds,rec->data,rec->input,l);
+
+		if ((bs != 1) && !send)
+			{
+			i=rec->data[l-1]+1;
+			if (i > bs)
+				{
+				SSLerr(SSL_F_SSL3_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
+				ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPT_ERROR);
+				return(0);
+				}
+			rec->length-=i;
+			}
+		}
+	return(1);
+	}
+
+void ssl3_init_finished_mac(SSL *s)
+	{
+	EVP_DigestInit(&(s->s3->finish_dgst1),s->ctx->md5);
+	EVP_DigestInit(&(s->s3->finish_dgst2),s->ctx->sha1);
+	}
+
+void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len)
+	{
+	EVP_DigestUpdate(&(s->s3->finish_dgst1),buf,len);
+	EVP_DigestUpdate(&(s->s3->finish_dgst2),buf,len);
+	}
+
+int ssl3_cert_verify_mac(SSL *s, EVP_MD_CTX *ctx, unsigned char *p)
+	{
+	return(ssl3_handshake_mac(s,ctx,NULL,0,p));
+	}
+
+int ssl3_final_finish_mac(SSL *s, EVP_MD_CTX *ctx1, EVP_MD_CTX *ctx2,
+	     unsigned char *sender, int len, unsigned char *p)
+	{
+	int ret;
+
+	ret=ssl3_handshake_mac(s,ctx1,sender,len,p);
+	p+=ret;
+	ret+=ssl3_handshake_mac(s,ctx2,sender,len,p);
+	return(ret);
+	}
+
+static int ssl3_handshake_mac(SSL *s, EVP_MD_CTX *in_ctx,
+	     unsigned char *sender, int len, unsigned char *p)
+	{
+	unsigned int ret;
+	int npad,n;
+	unsigned int i;
+	unsigned char md_buf[EVP_MAX_MD_SIZE];
+	EVP_MD_CTX ctx;
+
+	EVP_MD_CTX_copy(&ctx,in_ctx);
+
+	n=EVP_MD_CTX_size(&ctx);
+	npad=(48/n)*n;
+
+	if (sender != NULL)
+		EVP_DigestUpdate(&ctx,sender,len);
+	EVP_DigestUpdate(&ctx,s->session->master_key,
+		s->session->master_key_length);
+	EVP_DigestUpdate(&ctx,ssl3_pad_1,npad);
+	EVP_DigestFinal(&ctx,md_buf,&i);
+
+	EVP_DigestInit(&ctx,EVP_MD_CTX_type(&ctx));
+	EVP_DigestUpdate(&ctx,s->session->master_key,
+		s->session->master_key_length);
+	EVP_DigestUpdate(&ctx,ssl3_pad_2,npad);
+	EVP_DigestUpdate(&ctx,md_buf,i);
+	EVP_DigestFinal(&ctx,p,&ret);
+
+	memset(&ctx,0,sizeof(EVP_MD_CTX));
+
+	return((int)ret);
+	}
+
+int ssl3_mac(SSL *ssl, unsigned char *md, int send)
+	{
+	SSL3_RECORD *rec;
+	unsigned char *mac_sec,*seq;
+	EVP_MD_CTX md_ctx;
+	const EVP_MD *hash;
+	unsigned char *p,rec_char;
+	unsigned int md_size;
+	int npad,i;
+
+	if (send)
+		{
+		rec= &(ssl->s3->wrec);
+		mac_sec= &(ssl->s3->write_mac_secret[0]);
+		seq= &(ssl->s3->write_sequence[0]);
+		hash=ssl->write_hash;
+		}
+	else
+		{
+		rec= &(ssl->s3->rrec);
+		mac_sec= &(ssl->s3->read_mac_secret[0]);
+		seq= &(ssl->s3->read_sequence[0]);
+		hash=ssl->read_hash;
+		}
+
+	md_size=EVP_MD_size(hash);
+	npad=(48/md_size)*md_size;
+
+	/* Chop the digest off the end :-) */
+
+	EVP_DigestInit(  &md_ctx,hash);
+	EVP_DigestUpdate(&md_ctx,mac_sec,md_size);
+	EVP_DigestUpdate(&md_ctx,ssl3_pad_1,npad);
+	EVP_DigestUpdate(&md_ctx,seq,8);
+	rec_char=rec->type;
+	EVP_DigestUpdate(&md_ctx,&rec_char,1);
+	p=md;
+	s2n(rec->length,p);
+	EVP_DigestUpdate(&md_ctx,md,2);
+	EVP_DigestUpdate(&md_ctx,rec->input,rec->length);
+	EVP_DigestFinal( &md_ctx,md,NULL);
+
+	EVP_DigestInit(  &md_ctx,hash);
+	EVP_DigestUpdate(&md_ctx,mac_sec,md_size);
+	EVP_DigestUpdate(&md_ctx,ssl3_pad_2,npad);
+	EVP_DigestUpdate(&md_ctx,md,md_size);
+	EVP_DigestFinal( &md_ctx,md,&md_size);
+
+	for (i=7; i>=0; i--)
+		if (++seq[i]) break; 
+
+	return(md_size);
+	}
+
+int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
+	     int len)
+	{
+	static const unsigned char *salt[3]={
+#ifndef CHARSET_EBCDIC
+		(const unsigned char *)"A",
+		(const unsigned char *)"BB",
+		(const unsigned char *)"CCC",
+#else
+		(const unsigned char *)"\x41",
+		(const unsigned char *)"\x42\x42",
+		(const unsigned char *)"\x43\x43\x43",
+#endif
+		};
+	unsigned char buf[EVP_MAX_MD_SIZE];
+	EVP_MD_CTX ctx;
+	int i,ret=0;
+	unsigned int n;
+
+	for (i=0; i<3; i++)
+		{
+		EVP_DigestInit(&ctx,s->ctx->sha1);
+		EVP_DigestUpdate(&ctx,salt[i],strlen((const char *)salt[i]));
+		EVP_DigestUpdate(&ctx,p,len);
+		EVP_DigestUpdate(&ctx,&(s->s3->client_random[0]),
+			SSL3_RANDOM_SIZE);
+		EVP_DigestUpdate(&ctx,&(s->s3->server_random[0]),
+			SSL3_RANDOM_SIZE);
+		EVP_DigestFinal(&ctx,buf,&n);
+
+		EVP_DigestInit(&ctx,s->ctx->md5);
+		EVP_DigestUpdate(&ctx,p,len);
+		EVP_DigestUpdate(&ctx,buf,n);
+		EVP_DigestFinal(&ctx,out,&n);
+		out+=n;
+		ret+=n;
+		}
+	return(ret);
+	}
+
+int ssl3_alert_code(int code)
+	{
+	switch (code)
+		{
+	case SSL_AD_CLOSE_NOTIFY:	return(SSL3_AD_CLOSE_NOTIFY);
+	case SSL_AD_UNEXPECTED_MESSAGE:	return(SSL3_AD_UNEXPECTED_MESSAGE);
+	case SSL_AD_BAD_RECORD_MAC:	return(SSL3_AD_BAD_RECORD_MAC);
+	case SSL_AD_DECRYPTION_FAILED:	return(SSL3_AD_BAD_RECORD_MAC);
+	case SSL_AD_RECORD_OVERFLOW:	return(SSL3_AD_BAD_RECORD_MAC);
+	case SSL_AD_DECOMPRESSION_FAILURE:return(SSL3_AD_DECOMPRESSION_FAILURE);
+	case SSL_AD_HANDSHAKE_FAILURE:	return(SSL3_AD_HANDSHAKE_FAILURE);
+	case SSL_AD_NO_CERTIFICATE:	return(SSL3_AD_NO_CERTIFICATE);
+	case SSL_AD_BAD_CERTIFICATE:	return(SSL3_AD_BAD_CERTIFICATE);
+	case SSL_AD_UNSUPPORTED_CERTIFICATE:return(SSL3_AD_UNSUPPORTED_CERTIFICATE);
+	case SSL_AD_CERTIFICATE_REVOKED:return(SSL3_AD_CERTIFICATE_REVOKED);
+	case SSL_AD_CERTIFICATE_EXPIRED:return(SSL3_AD_CERTIFICATE_EXPIRED);
+	case SSL_AD_CERTIFICATE_UNKNOWN:return(SSL3_AD_CERTIFICATE_UNKNOWN);
+	case SSL_AD_ILLEGAL_PARAMETER:	return(SSL3_AD_ILLEGAL_PARAMETER);
+	case SSL_AD_UNKNOWN_CA:		return(SSL3_AD_BAD_CERTIFICATE);
+	case SSL_AD_ACCESS_DENIED:	return(SSL3_AD_HANDSHAKE_FAILURE);
+	case SSL_AD_DECODE_ERROR:	return(SSL3_AD_HANDSHAKE_FAILURE);
+	case SSL_AD_DECRYPT_ERROR:	return(SSL3_AD_HANDSHAKE_FAILURE);
+	case SSL_AD_EXPORT_RESTRICION:	return(SSL3_AD_HANDSHAKE_FAILURE);
+	case SSL_AD_PROTOCOL_VERSION:	return(SSL3_AD_HANDSHAKE_FAILURE);
+	case SSL_AD_INSUFFICIENT_SECURITY:return(SSL3_AD_HANDSHAKE_FAILURE);
+	case SSL_AD_INTERNAL_ERROR:	return(SSL3_AD_HANDSHAKE_FAILURE);
+	case SSL_AD_USER_CANCLED:	return(SSL3_AD_HANDSHAKE_FAILURE);
+	case SSL_AD_NO_RENEGOTIATION:	return(-1); /* Don't send it :-) */
+	default:			return(-1);
+		}
+	}
+
diff --git a/crypto/openssl/ssl/s3_lib.c b/crypto/openssl/ssl/s3_lib.c
new file mode 100644
index 000000000000..aeff6b5c5bc6
--- /dev/null
+++ b/crypto/openssl/ssl/s3_lib.c
@@ -0,0 +1,1107 @@
+/* ssl/s3_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+#include 
+#include "ssl_locl.h"
+
+const char *ssl3_version_str="SSLv3" OPENSSL_VERSION_PTEXT;
+
+#define SSL3_NUM_CIPHERS	(sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER))
+
+static long ssl3_default_timeout(void );
+
+OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
+/* The RSA ciphers */
+/* Cipher 01 */
+	{
+	1,
+	SSL3_TXT_RSA_NULL_MD5,
+	SSL3_CK_RSA_NULL_MD5,
+	SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_MD5|SSL_NOT_EXP|SSL_SSLV3,
+	0,
+	SSL_ALL_CIPHERS,
+	},
+/* Cipher 02 */
+	{
+	1,
+	SSL3_TXT_RSA_NULL_SHA,
+	SSL3_CK_RSA_NULL_SHA,
+	SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3,
+	0,
+	SSL_ALL_CIPHERS,
+	},
+
+/* anon DH */
+/* Cipher 17 */
+	{
+	1,
+	SSL3_TXT_ADH_RC4_40_MD5,
+	SSL3_CK_ADH_RC4_40_MD5,
+	SSL_kEDH |SSL_aNULL|SSL_RC4  |SSL_MD5 |SSL_EXP40|SSL_SSLV3,
+	0,
+	SSL_ALL_CIPHERS,
+	},
+/* Cipher 18 */
+	{
+	1,
+	SSL3_TXT_ADH_RC4_128_MD5,
+	SSL3_CK_ADH_RC4_128_MD5,
+	SSL_kEDH |SSL_aNULL|SSL_RC4  |SSL_MD5|SSL_NOT_EXP|SSL_SSLV3,
+	0,
+	SSL_ALL_CIPHERS,
+	},
+/* Cipher 19 */
+	{
+	1,
+	SSL3_TXT_ADH_DES_40_CBC_SHA,
+	SSL3_CK_ADH_DES_40_CBC_SHA,
+	SSL_kEDH |SSL_aNULL|SSL_DES|SSL_SHA1|SSL_EXP40|SSL_SSLV3,
+	0,
+	SSL_ALL_CIPHERS,
+	},
+/* Cipher 1A */
+	{
+	1,
+	SSL3_TXT_ADH_DES_64_CBC_SHA,
+	SSL3_CK_ADH_DES_64_CBC_SHA,
+	SSL_kEDH |SSL_aNULL|SSL_DES  |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3,
+	0,
+	SSL_ALL_CIPHERS,
+	},
+/* Cipher 1B */
+	{
+	1,
+	SSL3_TXT_ADH_DES_192_CBC_SHA,
+	SSL3_CK_ADH_DES_192_CBC_SHA,
+	SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3,
+	0,
+	SSL_ALL_CIPHERS,
+	},
+
+/* RSA again */
+/* Cipher 03 */
+	{
+	1,
+	SSL3_TXT_RSA_RC4_40_MD5,
+	SSL3_CK_RSA_RC4_40_MD5,
+	SSL_kRSA|SSL_aRSA|SSL_RC4  |SSL_MD5 |SSL_EXP40|SSL_SSLV3,
+	0,
+	SSL_ALL_CIPHERS,
+	},
+/* Cipher 04 */
+	{
+	1,
+	SSL3_TXT_RSA_RC4_128_MD5,
+	SSL3_CK_RSA_RC4_128_MD5,
+	SSL_kRSA|SSL_aRSA|SSL_RC4  |SSL_MD5|SSL_NOT_EXP|SSL_SSLV3|SSL_MEDIUM,
+	0,
+	SSL_ALL_CIPHERS,
+	},
+/* Cipher 05 */
+	{
+	1,
+	SSL3_TXT_RSA_RC4_128_SHA,
+	SSL3_CK_RSA_RC4_128_SHA,
+	SSL_kRSA|SSL_aRSA|SSL_RC4  |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_MEDIUM,
+	0,
+	SSL_ALL_CIPHERS,
+	},
+/* Cipher 06 */
+	{
+	1,
+	SSL3_TXT_RSA_RC2_40_MD5,
+	SSL3_CK_RSA_RC2_40_MD5,
+	SSL_kRSA|SSL_aRSA|SSL_RC2  |SSL_MD5 |SSL_EXP40|SSL_SSLV3,
+	0,
+	SSL_ALL_CIPHERS,
+	},
+/* Cipher 07 */
+	{
+	1,
+	SSL3_TXT_RSA_IDEA_128_SHA,
+	SSL3_CK_RSA_IDEA_128_SHA,
+	SSL_kRSA|SSL_aRSA|SSL_IDEA |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_MEDIUM,
+	0,
+	SSL_ALL_CIPHERS,
+	},
+/* Cipher 08 */
+	{
+	1,
+	SSL3_TXT_RSA_DES_40_CBC_SHA,
+	SSL3_CK_RSA_DES_40_CBC_SHA,
+	SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_EXP40|SSL_SSLV3,
+	0,
+	SSL_ALL_CIPHERS,
+	},
+/* Cipher 09 */
+	{
+	1,
+	SSL3_TXT_RSA_DES_64_CBC_SHA,
+	SSL3_CK_RSA_DES_64_CBC_SHA,
+	SSL_kRSA|SSL_aRSA|SSL_DES  |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW,
+	0,
+	SSL_ALL_CIPHERS,
+	},
+/* Cipher 0A */
+	{
+	1,
+	SSL3_TXT_RSA_DES_192_CBC3_SHA,
+	SSL3_CK_RSA_DES_192_CBC3_SHA,
+	SSL_kRSA|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH,
+	0,
+	SSL_ALL_CIPHERS,
+	},
+
+/*  The DH ciphers */
+/* Cipher 0B */
+	{
+	0,
+	SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
+	SSL3_CK_DH_DSS_DES_40_CBC_SHA,
+	SSL_kDHd |SSL_aDH|SSL_DES|SSL_SHA1|SSL_EXP40|SSL_SSLV3,
+	0,
+	SSL_ALL_CIPHERS,
+	},
+/* Cipher 0C */
+	{
+	0,
+	SSL3_TXT_DH_DSS_DES_64_CBC_SHA,
+	SSL3_CK_DH_DSS_DES_64_CBC_SHA,
+	SSL_kDHd |SSL_aDH|SSL_DES  |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW,
+	0,
+	SSL_ALL_CIPHERS,
+	},
+/* Cipher 0D */
+	{
+	0,
+	SSL3_TXT_DH_DSS_DES_192_CBC3_SHA,
+	SSL3_CK_DH_DSS_DES_192_CBC3_SHA,
+	SSL_kDHd |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH,
+	0,
+	SSL_ALL_CIPHERS,
+	},
+/* Cipher 0E */
+	{
+	0,
+	SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
+	SSL3_CK_DH_RSA_DES_40_CBC_SHA,
+	SSL_kDHr |SSL_aDH|SSL_DES|SSL_SHA1|SSL_EXP40|SSL_SSLV3,
+	0,
+	SSL_ALL_CIPHERS,
+	},
+/* Cipher 0F */
+	{
+	0,
+	SSL3_TXT_DH_RSA_DES_64_CBC_SHA,
+	SSL3_CK_DH_RSA_DES_64_CBC_SHA,
+	SSL_kDHr |SSL_aDH|SSL_DES  |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW,
+	0,
+	SSL_ALL_CIPHERS,
+	},
+/* Cipher 10 */
+	{
+	0,
+	SSL3_TXT_DH_RSA_DES_192_CBC3_SHA,
+	SSL3_CK_DH_RSA_DES_192_CBC3_SHA,
+	SSL_kDHr |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH,
+	0,
+	SSL_ALL_CIPHERS,
+	},
+
+/* The Ephemeral DH ciphers */
+/* Cipher 11 */
+	{
+	1,
+	SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
+	SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
+	SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA1|SSL_EXP40|SSL_SSLV3,
+	0,
+	SSL_ALL_CIPHERS,
+	},
+/* Cipher 12 */
+	{
+	1,
+	SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
+	SSL3_CK_EDH_DSS_DES_64_CBC_SHA,
+	SSL_kEDH|SSL_aDSS|SSL_DES  |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW,
+	0,
+	SSL_ALL_CIPHERS,
+	},
+/* Cipher 13 */
+	{
+	1,
+	SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
+	SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
+	SSL_kEDH|SSL_aDSS|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH,
+	0,
+	SSL_ALL_CIPHERS,
+	},
+/* Cipher 14 */
+	{
+	1,
+	SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
+	SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
+	SSL_kEDH|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_EXP40|SSL_SSLV3,
+	0,
+	SSL_ALL_CIPHERS,
+	},
+/* Cipher 15 */
+	{
+	1,
+	SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
+	SSL3_CK_EDH_RSA_DES_64_CBC_SHA,
+	SSL_kEDH|SSL_aRSA|SSL_DES  |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW,
+	0,
+	SSL_ALL_CIPHERS,
+	},
+/* Cipher 16 */
+	{
+	1,
+	SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
+	SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
+	SSL_kEDH|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH,
+	0,
+	SSL_ALL_CIPHERS,
+	},
+
+/* Fortezza */
+/* Cipher 1C */
+	{
+	0,
+	SSL3_TXT_FZA_DMS_NULL_SHA,
+	SSL3_CK_FZA_DMS_NULL_SHA,
+	SSL_kFZA|SSL_aFZA |SSL_eNULL |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3,
+	0,
+	SSL_ALL_CIPHERS,
+	},
+
+/* Cipher 1D */
+	{
+	0,
+	SSL3_TXT_FZA_DMS_FZA_SHA,
+	SSL3_CK_FZA_DMS_FZA_SHA,
+	SSL_kFZA|SSL_aFZA |SSL_eFZA |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3,
+	0,
+	SSL_ALL_CIPHERS,
+	},
+
+/* Cipher 1E */
+	{
+	0,
+	SSL3_TXT_FZA_DMS_RC4_SHA,
+	SSL3_CK_FZA_DMS_RC4_SHA,
+	SSL_kFZA|SSL_aFZA |SSL_RC4  |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3,
+	0,
+	SSL_ALL_CIPHERS,
+	},
+
+#if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES
+	/* New TLS Export CipherSuites */
+	/* Cipher 60 */
+	    {
+	    1,
+	    TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5,
+	    TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5,
+	    SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_EXP56|SSL_TLSV1,
+	    0,
+	    SSL_ALL_CIPHERS
+	    },
+	/* Cipher 61 */
+	    {
+	    1,
+	    TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
+	    TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
+	    SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_EXP56|SSL_TLSV1,
+	    0,
+	    SSL_ALL_CIPHERS
+	    },
+	/* Cipher 62 */
+	    {
+	    1,
+	    TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
+	    TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA,
+	    SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA|SSL_EXP56|SSL_TLSV1,
+	    0,
+	    SSL_ALL_CIPHERS
+	    },
+	/* Cipher 63 */
+	    {
+	    1,
+	    TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
+	    TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
+	    SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA|SSL_EXP56|SSL_TLSV1,
+	    0,
+	    SSL_ALL_CIPHERS
+	    },
+	/* Cipher 64 */
+	    {
+	    1,
+	    TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA,
+	    TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA,
+	    SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_EXP56|SSL_TLSV1,
+	    0,
+	    SSL_ALL_CIPHERS
+	    },
+	/* Cipher 65 */
+	    {
+	    1,
+	    TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
+	    TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
+	    SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_EXP56|SSL_TLSV1,
+	    0,
+	    SSL_ALL_CIPHERS
+	    },
+	/* Cipher 66 */
+	    {
+	    1,
+	    TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
+	    TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,
+	    SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1,
+	    0,
+	    SSL_ALL_CIPHERS
+	    },
+#endif
+
+/* end of list */
+	};
+
+static SSL3_ENC_METHOD SSLv3_enc_data={
+	ssl3_enc,
+	ssl3_mac,
+	ssl3_setup_key_block,
+	ssl3_generate_master_secret,
+	ssl3_change_cipher_state,
+	ssl3_final_finish_mac,
+	MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH,
+	ssl3_cert_verify_mac,
+	SSL3_MD_CLIENT_FINISHED_CONST,4,
+	SSL3_MD_SERVER_FINISHED_CONST,4,
+	ssl3_alert_code,
+	};
+
+static SSL_METHOD SSLv3_data= {
+	SSL3_VERSION,
+	ssl3_new,
+	ssl3_clear,
+	ssl3_free,
+	ssl_undefined_function,
+	ssl_undefined_function,
+	ssl3_read,
+	ssl3_peek,
+	ssl3_write,
+	ssl3_shutdown,
+	ssl3_renegotiate,
+	ssl3_renegotiate_check,
+	ssl3_ctrl,
+	ssl3_ctx_ctrl,
+	ssl3_get_cipher_by_char,
+	ssl3_put_cipher_by_char,
+	ssl3_pending,
+	ssl3_num_ciphers,
+	ssl3_get_cipher,
+	ssl_bad_method,
+	ssl3_default_timeout,
+	&SSLv3_enc_data,
+	};
+
+static long ssl3_default_timeout(void)
+	{
+	/* 2 hours, the 24 hours mentioned in the SSLv3 spec
+	 * is way too long for http, the cache would over fill */
+	return(60*60*2);
+	}
+
+SSL_METHOD *sslv3_base_method(void)
+	{
+	return(&SSLv3_data);
+	}
+
+int ssl3_num_ciphers(void)
+	{
+	return(SSL3_NUM_CIPHERS);
+	}
+
+SSL_CIPHER *ssl3_get_cipher(unsigned int u)
+	{
+	if (u < SSL3_NUM_CIPHERS)
+		return(&(ssl3_ciphers[SSL3_NUM_CIPHERS-1-u]));
+	else
+		return(NULL);
+	}
+
+/* The problem is that it may not be the correct record type */
+int ssl3_pending(SSL *s)
+	{
+	return(s->s3->rrec.length);
+	}
+
+int ssl3_new(SSL *s)
+	{
+	SSL3_CTX *s3;
+
+	if ((s3=(SSL3_CTX *)Malloc(sizeof(SSL3_CTX))) == NULL) goto err;
+	memset(s3,0,sizeof(SSL3_CTX));
+
+	s->s3=s3;
+	/*
+	s->s3->tmp.ca_names=NULL;
+	s->s3->tmp.key_block=NULL;
+	s->s3->tmp.key_block_length=0;
+	s->s3->rbuf.buf=NULL;
+	s->s3->wbuf.buf=NULL;
+	*/
+
+	s->method->ssl_clear(s);
+	return(1);
+err:
+	return(0);
+	}
+
+void ssl3_free(SSL *s)
+	{
+	if(s == NULL)
+	    return;
+
+	ssl3_cleanup_key_block(s);
+	if (s->s3->rbuf.buf != NULL)
+		Free(s->s3->rbuf.buf);
+	if (s->s3->wbuf.buf != NULL)
+		Free(s->s3->wbuf.buf);
+	if (s->s3->rrec.comp != NULL)
+		Free(s->s3->rrec.comp);
+#ifndef NO_DH
+	if (s->s3->tmp.dh != NULL)
+		DH_free(s->s3->tmp.dh);
+#endif
+	if (s->s3->tmp.ca_names != NULL)
+		sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
+	memset(s->s3,0,sizeof(SSL3_CTX));
+	Free(s->s3);
+	s->s3=NULL;
+	}
+
+void ssl3_clear(SSL *s)
+	{
+	unsigned char *rp,*wp;
+
+	ssl3_cleanup_key_block(s);
+	if (s->s3->tmp.ca_names != NULL)
+		sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
+
+	if (s->s3->rrec.comp != NULL)
+		{
+		Free(s->s3->rrec.comp);
+		s->s3->rrec.comp=NULL;
+		}
+
+	rp=s->s3->rbuf.buf;
+	wp=s->s3->wbuf.buf;
+
+	memset(s->s3,0,sizeof(SSL3_CTX));
+	if (rp != NULL) s->s3->rbuf.buf=rp;
+	if (wp != NULL) s->s3->wbuf.buf=wp;
+
+	ssl_free_wbio_buffer(s);
+
+	s->packet_length=0;
+	s->s3->renegotiate=0;
+	s->s3->total_renegotiations=0;
+	s->s3->num_renegotiations=0;
+	s->s3->in_read_app_data=0;
+	s->version=SSL3_VERSION;
+	}
+
+long ssl3_ctrl(SSL *s, int cmd, long larg, char *parg)
+	{
+	int ret=0;
+
+#if !defined(NO_DSA) || !defined(NO_RSA)
+	if (
+#ifndef NO_RSA
+	    cmd == SSL_CTRL_SET_TMP_RSA ||
+	    cmd == SSL_CTRL_SET_TMP_RSA_CB ||
+#endif
+#ifndef NO_DSA
+	    cmd == SSL_CTRL_SET_TMP_DH ||
+	    cmd == SSL_CTRL_SET_TMP_DH_CB ||
+#endif
+		0)
+		{
+		if (!ssl_cert_inst(&s->cert))
+		    	{
+			SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
+			return(0);
+			}
+		}
+#endif
+
+	switch (cmd)
+		{
+	case SSL_CTRL_GET_SESSION_REUSED:
+		ret=s->hit;
+		break;
+	case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
+		break;
+	case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
+		ret=s->s3->num_renegotiations;
+		break;
+	case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
+		ret=s->s3->num_renegotiations;
+		s->s3->num_renegotiations=0;
+		break;
+	case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
+		ret=s->s3->total_renegotiations;
+		break;
+	case SSL_CTRL_GET_FLAGS:
+		ret=(int)(s->s3->flags);
+		break;
+#ifndef NO_RSA
+	case SSL_CTRL_NEED_TMP_RSA:
+		if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) &&
+		    ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
+		     (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8))))
+			ret = 1;
+		break;
+	case SSL_CTRL_SET_TMP_RSA:
+		{
+			RSA *rsa = (RSA *)parg;
+			if (rsa == NULL) {
+				SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
+				return(ret);
+			}
+			if ((rsa = RSAPrivateKey_dup(rsa)) == NULL) {
+				SSLerr(SSL_F_SSL3_CTRL, ERR_R_RSA_LIB);
+				return(ret);
+			}
+			if (s->cert->rsa_tmp != NULL)
+				RSA_free(s->cert->rsa_tmp);
+			s->cert->rsa_tmp = rsa;
+			ret = 1;
+		}
+		break;
+	case SSL_CTRL_SET_TMP_RSA_CB:
+		s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))parg;
+		break;
+#endif
+#ifndef NO_DH
+	case SSL_CTRL_SET_TMP_DH:
+		{
+			DH *dh = (DH *)parg;
+			if (dh == NULL) {
+				SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
+				return(ret);
+			}
+			if ((dh = DHparams_dup(dh)) == NULL) {
+				SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
+				return(ret);
+			}
+			if (!DH_generate_key(dh)) {
+				DH_free(dh);
+				SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
+				return(ret);
+			}
+			if (s->cert->dh_tmp != NULL)
+				DH_free(s->cert->dh_tmp);
+			s->cert->dh_tmp = dh;
+			ret = 1;
+		}
+		break;
+	case SSL_CTRL_SET_TMP_DH_CB:
+		s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))parg;
+		break;
+#endif
+	default:
+		break;
+		}
+	return(ret);
+	}
+
+long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, char *parg)
+	{
+	CERT *cert;
+
+	cert=ctx->cert;
+
+	switch (cmd)
+		{
+#ifndef NO_RSA
+	case SSL_CTRL_NEED_TMP_RSA:
+		if (	(cert->rsa_tmp == NULL) &&
+			((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
+			 (EVP_PKEY_size(cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8)))
+			)
+			return(1);
+		else
+			return(0);
+		/* break; */
+	case SSL_CTRL_SET_TMP_RSA:
+		{
+		RSA *rsa;
+		int i;
+
+		rsa=(RSA *)parg;
+		i=1;
+		if (rsa == NULL)
+			i=0;
+		else
+			{
+			if ((rsa=RSAPrivateKey_dup(rsa)) == NULL)
+				i=0;
+			}
+		if (!i)
+			{
+			SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_RSA_LIB);
+			return(0);
+			}
+		else
+			{
+			if (cert->rsa_tmp != NULL)
+				RSA_free(cert->rsa_tmp);
+			cert->rsa_tmp=rsa;
+			return(1);
+			}
+		}
+		/* break; */
+	case SSL_CTRL_SET_TMP_RSA_CB:
+		cert->rsa_tmp_cb=(RSA *(*)(SSL *, int, int))parg;
+		break;
+#endif
+#ifndef NO_DH
+	case SSL_CTRL_SET_TMP_DH:
+		{
+		DH *new=NULL,*dh;
+		int rret=0;
+
+		dh=(DH *)parg;
+		if (	((new=DHparams_dup(dh)) == NULL) ||
+			(!DH_generate_key(new)))
+			{
+			SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB);
+			if (new != NULL) DH_free(new);
+			}
+		else
+			{
+			if (cert->dh_tmp != NULL)
+				DH_free(cert->dh_tmp);
+			cert->dh_tmp=new;
+			rret=1;
+			}
+		return(rret);
+		}
+		/*break; */
+	case SSL_CTRL_SET_TMP_DH_CB:
+		cert->dh_tmp_cb=(DH *(*)(SSL *, int, int))parg;
+		break;
+#endif
+	/* A Thawte special :-) */
+	case SSL_CTRL_EXTRA_CHAIN_CERT:
+		if (ctx->extra_certs == NULL)
+			{
+			if ((ctx->extra_certs=sk_X509_new_null()) == NULL)
+				return(0);
+			}
+		sk_X509_push(ctx->extra_certs,(X509 *)parg);
+		break;
+
+	default:
+		return(0);
+		}
+	return(1);
+	}
+
+/* This function needs to check if the ciphers required are actually
+ * available */
+SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
+	{
+	static int init=1;
+	static SSL_CIPHER *sorted[SSL3_NUM_CIPHERS];
+	SSL_CIPHER c,*cp= &c,**cpp;
+	unsigned long id;
+	int i;
+
+	if (init)
+		{
+		CRYPTO_w_lock(CRYPTO_LOCK_SSL);
+
+		for (i=0; ivalid)
+		return(NULL);
+	else
+		return(*cpp);
+	}
+
+int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
+	{
+	long l;
+
+	if (p != NULL)
+		{
+		l=c->id;
+		if ((l & 0xff000000) != 0x03000000) return(0);
+		p[0]=((unsigned char)(l>> 8L))&0xFF;
+		p[1]=((unsigned char)(l     ))&0xFF;
+		}
+	return(2);
+	}
+
+int ssl3_part_read(SSL *s, int i)
+	{
+	s->rwstate=SSL_READING;
+
+	if (i < 0)
+		{
+		return(i);
+		}
+	else
+		{
+		s->init_num+=i;
+		return(0);
+		}
+	}
+
+SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *have,
+	     STACK_OF(SSL_CIPHER) *pref)
+	{
+	SSL_CIPHER *c,*ret=NULL;
+	int i,j,ok;
+	CERT *cert;
+	unsigned long alg,mask,emask;
+
+	/* Let's see which ciphers we can support */
+	cert=s->cert;
+
+	sk_SSL_CIPHER_set_cmp_func(pref,ssl_cipher_ptr_id_cmp);
+
+#ifdef CIPHER_DEBUG
+	printf("Have:\n");
+	for(i=0 ; i < sk_num(pref) ; ++i)
+	    {
+	    c=(SSL_CIPHER *)sk_value(pref,i);
+	    printf("%p:%s\n",c,c->name);
+	    }
+#endif
+
+	for (i=0; imask;
+		emask=cert->export_mask;
+			
+		alg=c->algorithms&(SSL_MKEY_MASK|SSL_AUTH_MASK);
+		if (SSL_IS_EXPORT(c->algorithms))
+			{
+			ok=((alg & emask) == alg)?1:0;
+#ifdef CIPHER_DEBUG
+			printf("%d:[%08lX:%08lX]%p:%s (export)\n",ok,alg,emask,
+			       c,c->name);
+#endif
+			}
+		else
+			{
+			ok=((alg & mask) == alg)?1:0;
+#ifdef CIPHER_DEBUG
+			printf("%d:[%08lX:%08lX]%p:%s\n",ok,alg,mask,c,
+			       c->name);
+#endif
+			}
+
+		if (!ok) continue;
+	
+		j=sk_SSL_CIPHER_find(pref,c);
+		if (j >= 0)
+			{
+			ret=sk_SSL_CIPHER_value(pref,j);
+			break;
+			}
+		}
+	return(ret);
+	}
+
+int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
+	{
+	int ret=0;
+	unsigned long alg;
+
+	alg=s->s3->tmp.new_cipher->algorithms;
+
+#ifndef NO_DH
+	if (alg & (SSL_kDHr|SSL_kEDH))
+		{
+#  ifndef NO_RSA
+		p[ret++]=SSL3_CT_RSA_FIXED_DH;
+#  endif
+#  ifndef NO_DSA
+		p[ret++]=SSL3_CT_DSS_FIXED_DH;
+#  endif
+		}
+	if ((s->version == SSL3_VERSION) &&
+		(alg & (SSL_kEDH|SSL_kDHd|SSL_kDHr)))
+		{
+#  ifndef NO_RSA
+		p[ret++]=SSL3_CT_RSA_EPHEMERAL_DH;
+#  endif
+#  ifndef NO_DSA
+		p[ret++]=SSL3_CT_DSS_EPHEMERAL_DH;
+#  endif
+		}
+#endif /* !NO_DH */
+#ifndef NO_RSA
+	p[ret++]=SSL3_CT_RSA_SIGN;
+#endif
+#ifndef NO_DSA
+	p[ret++]=SSL3_CT_DSS_SIGN;
+#endif
+	return(ret);
+	}
+
+int ssl3_shutdown(SSL *s)
+	{
+
+	/* Don't do anything much if we have not done the handshake or
+	 * we don't want to send messages :-) */
+	if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE))
+		{
+		s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
+		return(1);
+		}
+
+	if (!(s->shutdown & SSL_SENT_SHUTDOWN))
+		{
+		s->shutdown|=SSL_SENT_SHUTDOWN;
+#if 1
+		ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_CLOSE_NOTIFY);
+#endif
+		/* our shutdown alert has been sent now, and if it still needs
+	 	 * to be written, s->s3->alert_dispatch will be true */
+		}
+	else if (s->s3->alert_dispatch)
+		{
+		/* resend it if not sent */
+#if 1
+		ssl3_dispatch_alert(s);
+#endif
+		}
+	else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN))
+		{
+		/* If we are waiting for a close from our peer, we are closed */
+		ssl3_read_bytes(s,0,NULL,0);
+		}
+
+	if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) &&
+		!s->s3->alert_dispatch)
+		return(1);
+	else
+		return(0);
+	}
+
+int ssl3_write(SSL *s, const void *buf, int len)
+	{
+	int ret,n;
+
+#if 0
+	if (s->shutdown & SSL_SEND_SHUTDOWN)
+		{
+		s->rwstate=SSL_NOTHING;
+		return(0);
+		}
+#endif
+	clear_sys_error();
+	if (s->s3->renegotiate) ssl3_renegotiate_check(s);
+
+	/* This is an experimental flag that sends the
+	 * last handshake message in the same packet as the first
+	 * use data - used to see if it helps the TCP protocol during
+	 * session-id reuse */
+	/* The second test is because the buffer may have been removed */
+	if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio))
+		{
+		/* First time through, we write into the buffer */
+		if (s->s3->delay_buf_pop_ret == 0)
+			{
+			ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA,
+					     buf,len);
+			if (ret <= 0) return(ret);
+
+			s->s3->delay_buf_pop_ret=ret;
+			}
+
+		s->rwstate=SSL_WRITING;
+		n=BIO_flush(s->wbio);
+		if (n <= 0) return(n);
+		s->rwstate=SSL_NOTHING;
+
+		/* We have flushed the buffer, so remove it */
+		ssl_free_wbio_buffer(s);
+		s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
+
+		ret=s->s3->delay_buf_pop_ret;
+		s->s3->delay_buf_pop_ret=0;
+		}
+	else
+		{
+		ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA,
+				     buf,len);
+		if (ret <= 0) return(ret);
+		}
+
+	return(ret);
+	}
+
+int ssl3_read(SSL *s, void *buf, int len)
+	{
+	int ret;
+	
+	clear_sys_error();
+	if (s->s3->renegotiate) ssl3_renegotiate_check(s);
+	s->s3->in_read_app_data=1;
+	ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len);
+	if ((ret == -1) && (s->s3->in_read_app_data == 0))
+		{
+		ERR_get_error(); /* clear the error */
+		s->s3->in_read_app_data=0;
+		s->in_handshake++;
+		ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len);
+		s->in_handshake--;
+		}
+	else
+		s->s3->in_read_app_data=0;
+
+	return(ret);
+	}
+
+int ssl3_peek(SSL *s, char *buf, int len)
+	{
+	SSL3_RECORD *rr;
+	int n;
+
+	rr= &(s->s3->rrec);
+	if ((rr->length == 0) || (rr->type != SSL3_RT_APPLICATION_DATA))
+		{
+		n=ssl3_read(s,buf,1);
+		if (n <= 0) return(n);
+		rr->length++;
+		rr->off--;
+		}
+
+	if ((unsigned int)len > rr->length)
+		n=rr->length;
+	else
+		n=len;
+	memcpy(buf,&(rr->data[rr->off]),(unsigned int)n);
+	return(n);
+	}
+
+int ssl3_renegotiate(SSL *s)
+	{
+	if (s->handshake_func == NULL)
+		return(1);
+
+	if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
+		return(0);
+
+	s->s3->renegotiate=1;
+	return(1);
+	}
+
+int ssl3_renegotiate_check(SSL *s)
+	{
+	int ret=0;
+
+	if (s->s3->renegotiate)
+		{
+		if (	(s->s3->rbuf.left == 0) &&
+			(s->s3->wbuf.left == 0) &&
+			!SSL_in_init(s))
+			{
+/*
+if we are the server, and we have sent a 'RENEGOTIATE' message, we
+need to go to SSL_ST_ACCEPT.
+*/
+			/* SSL_ST_ACCEPT */
+			s->state=SSL_ST_RENEGOTIATE;
+			s->s3->renegotiate=0;
+			s->s3->num_renegotiations++;
+			s->s3->total_renegotiations++;
+			ret=1;
+			}
+		}
+	return(ret);
+	}
+
diff --git a/crypto/openssl/ssl/s3_meth.c b/crypto/openssl/ssl/s3_meth.c
new file mode 100644
index 000000000000..81bcad89c52f
--- /dev/null
+++ b/crypto/openssl/ssl/s3_meth.c
@@ -0,0 +1,88 @@
+/* ssl/s3_meth.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include "ssl_locl.h"
+
+static SSL_METHOD *ssl3_get_method(int ver);
+static SSL_METHOD *ssl3_get_method(int ver)
+	{
+	if (ver == SSL3_VERSION)
+		return(SSLv3_method());
+	else 
+		return(NULL);
+	}
+
+SSL_METHOD *SSLv3_method(void)
+	{
+	static int init=1;
+	static SSL_METHOD SSLv3_data;
+
+	if (init)
+		{
+		memcpy((char *)&SSLv3_data,(char *)sslv3_base_method(),
+			sizeof(SSL_METHOD));
+		SSLv3_data.ssl_connect=ssl3_connect;
+		SSLv3_data.ssl_accept=ssl3_accept;
+		SSLv3_data.get_ssl_method=ssl3_get_method;
+		init=0;
+		}
+	return(&SSLv3_data);
+	}
+
diff --git a/crypto/openssl/ssl/s3_pkt.c b/crypto/openssl/ssl/s3_pkt.c
new file mode 100644
index 000000000000..7893d03123df
--- /dev/null
+++ b/crypto/openssl/ssl/s3_pkt.c
@@ -0,0 +1,1041 @@
+/* ssl/s3_pkt.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#define USE_SOCKETS
+#include 
+#include 
+#include "ssl_locl.h"
+
+static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
+			 unsigned int len);
+static int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
+			      unsigned int len);
+static int ssl3_get_record(SSL *s);
+static int do_compress(SSL *ssl);
+static int do_uncompress(SSL *ssl);
+static int do_change_cipher_spec(SSL *ssl);
+static int ssl3_read_n(SSL *s, int n, int max, int extend)
+	{
+	int i,off,newb;
+
+	/* if there is stuff still in the buffer from a previous read,
+	 * and there is more than we want, take some. */
+	if (s->s3->rbuf.left >= (int)n)
+		{
+		if (extend)
+			s->packet_length+=n;
+		else
+			{
+			s->packet= &(s->s3->rbuf.buf[s->s3->rbuf.offset]);
+			s->packet_length=n;
+			}
+		s->s3->rbuf.left-=n;
+		s->s3->rbuf.offset+=n;
+		return(n);
+		}
+
+	/* else we need to read more data */
+	if (!s->read_ahead) max=n;
+	if (max > SSL3_RT_MAX_PACKET_SIZE)
+		max=SSL3_RT_MAX_PACKET_SIZE;
+
+	/* First check if there is some left or we want to extend */
+	off=0;
+	if (	(s->s3->rbuf.left != 0) ||
+		((s->packet_length != 0) && extend))
+		{
+		newb=s->s3->rbuf.left;
+		if (extend)
+			{
+			/* Copy bytes back to the front of the buffer 
+			 * Take the bytes already pointed to by 'packet'
+			 * and take the extra ones on the end. */
+			off=s->packet_length;
+			if (s->packet != s->s3->rbuf.buf)
+				memcpy(s->s3->rbuf.buf,s->packet,newb+off);
+			}
+		else if (s->s3->rbuf.offset != 0)
+			{ /* so the data is not at the start of the buffer */
+			memcpy(s->s3->rbuf.buf,
+				&(s->s3->rbuf.buf[s->s3->rbuf.offset]),newb);
+			s->s3->rbuf.offset=0;
+			}
+
+		s->s3->rbuf.left=0;
+		}
+	else
+		newb=0;
+
+	/* So we now have 'newb' bytes at the front of 
+	 * s->s3->rbuf.buf and need to read some more in on the end
+	 * We start reading into the buffer at 's->s3->rbuf.offset'
+	 */
+	s->packet=s->s3->rbuf.buf;
+
+	while (newb < n)
+		{
+		clear_sys_error();
+		if (s->rbio != NULL)
+			{
+			s->rwstate=SSL_READING;
+			i=BIO_read(s->rbio,
+				(char *)&(s->s3->rbuf.buf[off+newb]),
+				max-newb);
+			}
+		else
+			{
+			SSLerr(SSL_F_SSL3_READ_N,SSL_R_READ_BIO_NOT_SET);
+			i= -1;
+			}
+
+		if (i <= 0)
+			{
+			s->s3->rbuf.left+=newb;
+			return(i);
+			}
+		newb+=i;
+		}
+
+	/* record used data read */
+	if (newb > n)
+		{
+		s->s3->rbuf.offset=n+off;
+		s->s3->rbuf.left=newb-n;
+		}
+	else
+		{
+		s->s3->rbuf.offset=0;
+		s->s3->rbuf.left=0;
+		}
+
+	if (extend)
+		s->packet_length+=n;
+	else
+		s->packet_length+=n;
+	return(n);
+	}
+
+/* Call this to get a new input record.
+ * It will return <= 0 if more data is needed, normally due to an error
+ * or non-blocking IO.
+ * When it finishes, one packet has been decoded and can be found in
+ * ssl->s3->rrec.type	- is the type of record
+ * ssl->s3->rrec.data, 	- data
+ * ssl->s3->rrec.length, - number of bytes
+ */
+static int ssl3_get_record(SSL *s)
+	{
+	int ssl_major,ssl_minor,al;
+	int n,i,ret= -1;
+	SSL3_BUFFER *rb;
+	SSL3_RECORD *rr;
+	SSL_SESSION *sess;
+	unsigned char *p;
+	unsigned char md[EVP_MAX_MD_SIZE];
+	short version;
+	unsigned int mac_size;
+	int clear=0,extra;
+
+	rr= &(s->s3->rrec);
+	rb= &(s->s3->rbuf);
+	sess=s->session;
+
+	if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
+		extra=SSL3_RT_MAX_EXTRA;
+	else
+		extra=0;
+
+again:
+	/* check if we have the header */
+	if (	(s->rstate != SSL_ST_READ_BODY) ||
+		(s->packet_length < SSL3_RT_HEADER_LENGTH)) 
+		{
+		n=ssl3_read_n(s,SSL3_RT_HEADER_LENGTH,
+			SSL3_RT_MAX_PACKET_SIZE,0);
+		if (n <= 0) return(n); /* error or non-blocking */
+		s->rstate=SSL_ST_READ_BODY;
+
+		p=s->packet;
+
+		/* Pull apart the header into the SSL3_RECORD */
+		rr->type= *(p++);
+		ssl_major= *(p++);
+		ssl_minor= *(p++);
+		version=(ssl_major<<8)|ssl_minor;
+		n2s(p,rr->length);
+
+		/* Lets check version */
+		if (s->first_packet)
+			{
+			s->first_packet=0;
+			}
+		else
+			{
+			if (version != s->version)
+				{
+				SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
+				/* Send back error using their
+				 * version number :-) */
+				s->version=version;
+				al=SSL_AD_PROTOCOL_VERSION;
+				goto f_err;
+				}
+			}
+
+		if ((version>>8) != SSL3_VERSION_MAJOR)
+			{
+			SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
+			goto err;
+			}
+
+		if (rr->length > 
+			(unsigned int)SSL3_RT_MAX_ENCRYPTED_LENGTH+extra)
+			{
+			al=SSL_AD_RECORD_OVERFLOW;
+			SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PACKET_LENGTH_TOO_LONG);
+			goto f_err;
+			}
+
+		s->rstate=SSL_ST_READ_BODY;
+		}
+
+	/* get and decode the data */
+	if (s->rstate == SSL_ST_READ_BODY)
+		{
+		if (rr->length > (s->packet_length-SSL3_RT_HEADER_LENGTH))
+			{
+			i=rr->length;
+			/*-(s->packet_length-SSL3_RT_HEADER_LENGTH); */
+			n=ssl3_read_n(s,i,i,1);
+			if (n <= 0) return(n); /* error or non-blocking io */
+			}
+		s->rstate=SSL_ST_READ_HEADER;
+		}
+
+	/* At this point, we have the data in s->packet and there should be
+	 * s->packet_length bytes, we must not 'overrun' this buffer :-)
+	 * One of the following functions will copy the data from the
+	 * s->packet buffer */
+
+	rr->input= &(s->packet[SSL3_RT_HEADER_LENGTH]);
+
+	/* ok, we can now read from 's->packet' data into 'rr'
+	 * rr->input points at rr->length bytes, which
+	 * need to be copied into rr->data by either
+	 * the decryption or by the decompression
+	 * When the data is 'copied' into the rr->data buffer,
+	 * rr->input will be pointed at the new buffer */ 
+
+	/* Set the state for the following operations */
+	s->rstate=SSL_ST_READ_HEADER;
+
+	/* We now have - encrypted [ MAC [ compressed [ plain ] ] ]
+	 * rr->length bytes of encrypted compressed stuff. */
+
+	/* check is not needed I belive */
+	if (rr->length > (unsigned int)SSL3_RT_MAX_ENCRYPTED_LENGTH+extra)
+		{
+		al=SSL_AD_RECORD_OVERFLOW;
+		SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
+		goto f_err;
+		}
+
+	/* decrypt in place in 'rr->input' */
+	rr->data=rr->input;
+
+	if (!s->method->ssl3_enc->enc(s,0))
+		{
+		al=SSL_AD_DECRYPT_ERROR;
+		goto f_err;
+		}
+#ifdef TLS_DEBUG
+printf("dec %d\n",rr->length);
+{ unsigned int z; for (z=0; zlength; z++) printf("%02X%c",rr->data[z],((z+1)%16)?' ':'\n'); }
+printf("\n");
+#endif
+	/* r->length is now the compressed data plus mac */
+	if (	(sess == NULL) ||
+		(s->enc_read_ctx == NULL) ||
+		(s->read_hash == NULL))
+		clear=1;
+
+	if (!clear)
+		{
+		mac_size=EVP_MD_size(s->read_hash);
+
+		if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra+mac_size)
+			{
+			al=SSL_AD_RECORD_OVERFLOW;
+			SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG);
+			goto f_err;
+			}
+		/* check MAC for rr->input' */
+		if (rr->length < mac_size)
+			{
+			al=SSL_AD_DECODE_ERROR;
+			SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT);
+			goto f_err;
+			}
+		rr->length-=mac_size;
+		i=s->method->ssl3_enc->mac(s,md,0);
+		if (memcmp(md,&(rr->data[rr->length]),mac_size) != 0)
+			{
+			al=SSL_AD_BAD_RECORD_MAC;
+			SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BAD_MAC_DECODE);
+			ret= -1;
+			goto f_err;
+			}
+		}
+
+	/* r->length is now just compressed */
+	if (s->expand != NULL)
+		{
+		if (rr->length > 
+			(unsigned int)SSL3_RT_MAX_COMPRESSED_LENGTH+extra)
+			{
+			al=SSL_AD_RECORD_OVERFLOW;
+			SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG);
+			goto f_err;
+			}
+		if (!do_uncompress(s))
+			{
+			al=SSL_AD_DECOMPRESSION_FAILURE;
+			SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BAD_DECOMPRESSION);
+			goto f_err;
+			}
+		}
+
+	if (rr->length > (unsigned int)SSL3_RT_MAX_PLAIN_LENGTH+extra)
+		{
+		al=SSL_AD_RECORD_OVERFLOW;
+		SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DATA_LENGTH_TOO_LONG);
+		goto f_err;
+		}
+
+	rr->off=0;
+	/* So at this point the following is true
+	 * ssl->s3->rrec.type 	is the type of record
+	 * ssl->s3->rrec.length	== number of bytes in record
+	 * ssl->s3->rrec.off	== offset to first valid byte
+	 * ssl->s3->rrec.data	== where to take bytes from, increment
+	 *			   after use :-).
+	 */
+
+	/* we have pulled in a full packet so zero things */
+	s->packet_length=0;
+
+	/* just read a 0 length packet */
+	if (rr->length == 0) goto again;
+
+	return(1);
+f_err:
+	ssl3_send_alert(s,SSL3_AL_FATAL,al);
+err:
+	return(ret);
+	}
+
+static int do_uncompress(SSL *ssl)
+	{
+	int i;
+	SSL3_RECORD *rr;
+
+	rr= &(ssl->s3->rrec);
+	i=COMP_expand_block(ssl->expand,rr->comp,
+		SSL3_RT_MAX_PLAIN_LENGTH,rr->data,(int)rr->length);
+	if (i < 0)
+		return(0);
+	else
+		rr->length=i;
+	rr->data=rr->comp;
+
+	return(1);
+	}
+
+static int do_compress(SSL *ssl)
+	{
+	int i;
+	SSL3_RECORD *wr;
+
+	wr= &(ssl->s3->wrec);
+	i=COMP_compress_block(ssl->compress,wr->data,
+		SSL3_RT_MAX_COMPRESSED_LENGTH,
+		wr->input,(int)wr->length);
+	if (i < 0)
+		return(0);
+	else
+		wr->length=i;
+
+	wr->input=wr->data;
+	return(1);
+	}
+
+/* Call this to write data
+ * It will return <= 0 if not all data has been sent or non-blocking IO.
+ */
+int ssl3_write_bytes(SSL *s, int type, const void *_buf, int len)
+	{
+	const unsigned char *buf=_buf;
+	unsigned int tot,n,nw;
+	int i;
+
+	s->rwstate=SSL_NOTHING;
+	tot=s->s3->wnum;
+	s->s3->wnum=0;
+
+	if (SSL_in_init(s) && !s->in_handshake)
+		{
+		i=s->handshake_func(s);
+		if (i < 0) return(i);
+		if (i == 0)
+			{
+			SSLerr(SSL_F_SSL3_WRITE_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
+			return(-1);
+			}
+		}
+
+	n=(len-tot);
+	for (;;)
+		{
+		if (n > SSL3_RT_MAX_PLAIN_LENGTH)
+			nw=SSL3_RT_MAX_PLAIN_LENGTH;
+		else
+			nw=n;
+			
+		i=do_ssl3_write(s,type,&(buf[tot]),nw);
+		if (i <= 0)
+			{
+			s->s3->wnum=tot;
+			return(i);
+			}
+
+		if (type == SSL3_RT_HANDSHAKE)
+			ssl3_finish_mac(s,&(buf[tot]),i);
+
+		if ((i == (int)n) ||
+			(type == SSL3_RT_APPLICATION_DATA &&
+			 (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE)))
+			{
+			return(tot+i);
+			}
+
+		n-=i;
+		tot+=i;
+		}
+	}
+
+static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
+			 unsigned int len)
+	{
+	unsigned char *p,*plen;
+	int i,mac_size,clear=0;
+	SSL3_RECORD *wr;
+	SSL3_BUFFER *wb;
+	SSL_SESSION *sess;
+
+	/* first check is there is a SSL3_RECORD still being written
+	 * out.  This will happen with non blocking IO */
+	if (s->s3->wbuf.left != 0)
+		return(ssl3_write_pending(s,type,buf,len));
+
+	/* If we have an alert to send, lets send it */
+	if (s->s3->alert_dispatch)
+		{
+		i=ssl3_dispatch_alert(s);
+		if (i <= 0)
+			return(i);
+		/* if it went, fall through and send more stuff */
+		}
+
+	if (len <= 0) return(len);
+	
+	wr= &(s->s3->wrec);
+	wb= &(s->s3->wbuf);
+	sess=s->session;
+
+	if (	(sess == NULL) ||
+		(s->enc_write_ctx == NULL) ||
+		(s->write_hash == NULL))
+		clear=1;
+
+	if (clear)
+		mac_size=0;
+	else
+		mac_size=EVP_MD_size(s->write_hash);
+
+	p=wb->buf;
+
+	/* write the header */
+	*(p++)=type&0xff;
+	wr->type=type;
+
+	*(p++)=(s->version>>8);
+	*(p++)=s->version&0xff;
+	
+	/* record where we are to write out packet length */
+	plen=p; 
+	p+=2;
+	
+	/* lets setup the record stuff. */
+	wr->data=p;
+	wr->length=(int)len;
+	wr->input=(unsigned char *)buf;
+
+	/* we now 'read' from wr->input, wr->length bytes into
+	 * wr->data */
+
+	/* first we compress */
+	if (s->compress != NULL)
+		{
+		if (!do_compress(s))
+			{
+			SSLerr(SSL_F_DO_SSL3_WRITE,SSL_R_COMPRESSION_FAILURE);
+			goto err;
+			}
+		}
+	else
+		{
+		memcpy(wr->data,wr->input,wr->length);
+		wr->input=wr->data;
+		}
+
+	/* we should still have the output to wr->data and the input
+	 * from wr->input.  Length should be wr->length.
+	 * wr->data still points in the wb->buf */
+
+	if (mac_size != 0)
+		{
+		s->method->ssl3_enc->mac(s,&(p[wr->length]),1);
+		wr->length+=mac_size;
+		wr->input=p;
+		wr->data=p;
+		}
+
+	/* ssl3_enc can only have an error on read */
+	s->method->ssl3_enc->enc(s,1);
+
+	/* record length after mac and block padding */
+	s2n(wr->length,plen);
+
+	/* we should now have
+	 * wr->data pointing to the encrypted data, which is
+	 * wr->length long */
+	wr->type=type; /* not needed but helps for debugging */
+	wr->length+=SSL3_RT_HEADER_LENGTH;
+
+	/* Now lets setup wb */
+	wb->left=wr->length;
+	wb->offset=0;
+
+	s->s3->wpend_tot=len;
+	s->s3->wpend_buf=buf;
+	s->s3->wpend_type=type;
+	s->s3->wpend_ret=len;
+
+	/* we now just need to write the buffer */
+	return(ssl3_write_pending(s,type,buf,len));
+err:
+	return(-1);
+	}
+
+/* if s->s3->wbuf.left != 0, we need to call this */
+static int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
+			      unsigned int len)
+	{
+	int i;
+
+/* XXXX */
+	if ((s->s3->wpend_tot > (int)len)
+		|| ((s->s3->wpend_buf != buf) &&
+			!(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER))
+		|| (s->s3->wpend_type != type))
+		{
+		SSLerr(SSL_F_SSL3_WRITE_PENDING,SSL_R_BAD_WRITE_RETRY);
+		return(-1);
+		}
+
+	for (;;)
+		{
+		clear_sys_error();
+		if (s->wbio != NULL)
+			{
+			s->rwstate=SSL_WRITING;
+			i=BIO_write(s->wbio,
+				(char *)&(s->s3->wbuf.buf[s->s3->wbuf.offset]),
+				(unsigned int)s->s3->wbuf.left);
+			}
+		else
+			{
+			SSLerr(SSL_F_SSL3_WRITE_PENDING,SSL_R_BIO_NOT_SET);
+			i= -1;
+			}
+		if (i == s->s3->wbuf.left)
+			{
+			s->s3->wbuf.left=0;
+			s->rwstate=SSL_NOTHING;
+			return(s->s3->wpend_ret);
+			}
+		else if (i <= 0)
+			return(i);
+		s->s3->wbuf.offset+=i;
+		s->s3->wbuf.left-=i;
+		}
+	}
+
+int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len)
+	{
+	int al,i,j,n,ret;
+	SSL3_RECORD *rr;
+	void (*cb)()=NULL;
+	BIO *bio;
+
+	if (s->s3->rbuf.buf == NULL) /* Not initialize yet */
+		if (!ssl3_setup_buffers(s))
+			return(-1);
+
+	if (!s->in_handshake && SSL_in_init(s))
+		{
+		i=s->handshake_func(s);
+		if (i < 0) return(i);
+		if (i == 0)
+			{
+			SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
+			return(-1);
+			}
+		}
+start:
+	s->rwstate=SSL_NOTHING;
+
+	/* s->s3->rrec.type	- is the type of record
+	 * s->s3->rrec.data, 	- data
+	 * s->s3->rrec.off, 	- ofset into 'data' for next read
+	 * s->s3->rrec.length,	- number of bytes. */
+	rr= &(s->s3->rrec);
+
+	/* get new packet */
+	if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY))
+		{
+		ret=ssl3_get_record(s);
+		if (ret <= 0) return(ret);
+		}
+
+	/* we now have a packet which can be read and processed */
+
+	if (s->s3->change_cipher_spec && (rr->type != SSL3_RT_HANDSHAKE))
+		{
+		al=SSL_AD_UNEXPECTED_MESSAGE;
+		SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_DATA_BETWEEN_CCS_AND_FINISHED);
+		goto err;
+		}
+
+	/* If the other end has shutdown, throw anything we read away */
+	if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
+		{
+		rr->length=0;
+		s->rwstate=SSL_NOTHING;
+		return(0);
+		}
+
+	/* Check for an incoming 'Client Request' message */
+	if ((rr->type == SSL3_RT_HANDSHAKE) && (rr->length == 4) &&
+		(rr->data[0] == SSL3_MT_CLIENT_REQUEST) &&
+		(s->session != NULL) && (s->session->cipher != NULL))
+		{
+		if ((rr->data[1] != 0) || (rr->data[2] != 0) ||
+			(rr->data[3] != 0))
+			{
+			al=SSL_AD_DECODE_ERROR;
+			SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_CLIENT_REQUEST);
+			goto err;
+			}
+
+		if (SSL_is_init_finished(s) &&
+			!(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
+			!s->s3->renegotiate)
+			{
+			ssl3_renegotiate(s);
+			if (ssl3_renegotiate_check(s))
+				{
+				n=s->handshake_func(s);
+				if (n < 0) return(n);
+				if (n == 0)
+					{
+					SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
+					return(-1);
+					}
+				}
+			}
+		rr->length=0;
+/* ZZZ */	goto start;
+		}
+
+	/* if it is not the type we want, or we have shutdown and want
+	 * the peer shutdown */
+	if ((rr->type != type) || (s->shutdown & SSL_SENT_SHUTDOWN))
+		{
+		if (rr->type == SSL3_RT_ALERT)
+			{
+			if ((rr->length != 2) || (rr->off != 0))
+				{
+				al=SSL_AD_DECODE_ERROR;
+				SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_ALERT_RECORD);
+				goto f_err;
+				}
+
+			i=rr->data[0];
+			n=rr->data[1];
+
+			/* clear from buffer */
+			rr->length=0;
+
+			if (s->info_callback != NULL)
+				cb=s->info_callback;
+			else if (s->ctx->info_callback != NULL)
+				cb=s->ctx->info_callback;
+
+			if (cb != NULL)
+				{
+				j=(i<<8)|n;
+				cb(s,SSL_CB_READ_ALERT,j);
+				}
+
+			if (i == 1)
+				{
+				s->s3->warn_alert=n;
+				if (n == SSL_AD_CLOSE_NOTIFY)
+					{
+					s->shutdown|=SSL_RECEIVED_SHUTDOWN;
+					return(0);
+					}
+				}
+			else if (i == 2)
+				{
+				char tmp[16];
+
+				s->rwstate=SSL_NOTHING;
+				s->s3->fatal_alert=n;
+				SSLerr(SSL_F_SSL3_READ_BYTES,
+					SSL_AD_REASON_OFFSET+n);
+				sprintf(tmp,"%d",n);
+				ERR_add_error_data(2,"SSL alert number ",tmp);
+				s->shutdown|=SSL_RECEIVED_SHUTDOWN;
+				SSL_CTX_remove_session(s->ctx,s->session);
+				return(0);
+				}
+			else
+				{
+				al=SSL_AD_ILLEGAL_PARAMETER;
+				SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNKNOWN_ALERT_TYPE);
+				goto f_err;
+				}
+
+			rr->length=0;
+			goto start;
+			}
+
+		if (s->shutdown & SSL_SENT_SHUTDOWN)
+			{
+			s->rwstate=SSL_NOTHING;
+			rr->length=0;
+			return(0);
+			}
+
+		if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC)
+			{
+			if (	(rr->length != 1) || (rr->off != 0) ||
+				(rr->data[0] != SSL3_MT_CCS))
+				{
+				i=SSL_AD_ILLEGAL_PARAMETER;
+				SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_SPEC);
+				goto err;
+				}
+
+			rr->length=0;
+			s->s3->change_cipher_spec=1;
+			if (!do_change_cipher_spec(s))
+				goto err;
+			else
+				goto start;
+			}
+
+		/* else we have a handshake */
+		if ((rr->type == SSL3_RT_HANDSHAKE) &&
+			!s->in_handshake)
+			{
+			if (((s->state&SSL_ST_MASK) == SSL_ST_OK) &&
+				!(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS))
+				{
+				s->state=SSL_ST_BEFORE|(s->server)
+						?SSL_ST_ACCEPT
+						:SSL_ST_CONNECT;
+				s->new_session=1;
+				}
+			n=s->handshake_func(s);
+			if (n < 0) return(n);
+			if (n == 0)
+				{
+				SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
+				return(-1);
+				}
+
+			/* In the case where we try to read application data
+			 * the first time, but we trigger an SSL handshake, we
+			 * return -1 with the retry option set.  I do this
+			 * otherwise renegotiation can cause nasty problems 
+			 * in the non-blocking world */
+
+			s->rwstate=SSL_READING;
+			bio=SSL_get_rbio(s);
+			BIO_clear_retry_flags(bio);
+			BIO_set_retry_read(bio);
+			return(-1);
+			}
+
+		switch (rr->type)
+			{
+		default:
+#ifndef NO_TLS
+			/* TLS just ignores unknown message types */
+			if (s->version == TLS1_VERSION)
+				{
+				goto start;
+				}
+#endif
+		case SSL3_RT_CHANGE_CIPHER_SPEC:
+		case SSL3_RT_ALERT:
+		case SSL3_RT_HANDSHAKE:
+			al=SSL_AD_UNEXPECTED_MESSAGE;
+			SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNEXPECTED_RECORD);
+			goto f_err;
+		case SSL3_RT_APPLICATION_DATA:
+			/* At this point, we were expecting something else,
+			 * but have application data.  What we do is set the
+			 * error, and return -1.  On the way out, if the
+			 * library was running inside ssl3_read() and it makes
+			 * sense to read application data at this point, we
+			 * will indulge it.  This will mostly happen during
+			 * session renegotiation.
+			 */
+			if (s->s3->in_read_app_data &&
+				(s->s3->total_renegotiations != 0) &&
+				((
+				  (s->state & SSL_ST_CONNECT) &&
+				  (s->state >= SSL3_ST_CW_CLNT_HELLO_A) &&
+				  (s->state <= SSL3_ST_CR_SRVR_HELLO_A)
+				 ) || (
+				  (s->state & SSL_ST_ACCEPT) &&
+				  (s->state <= SSL3_ST_SW_HELLO_REQ_A) &&
+				  (s->state >= SSL3_ST_SR_CLNT_HELLO_A)
+				 )
+				))
+				{
+				s->s3->in_read_app_data=0;
+				return(-1);
+				}
+			else
+				{
+				al=SSL_AD_UNEXPECTED_MESSAGE;
+				SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNEXPECTED_RECORD);
+				goto f_err;
+				}
+			}
+		}
+
+	/* make sure that we are not getting application data when we
+	 * are doing a handshake for the first time */
+	if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&
+		(s->enc_read_ctx == NULL))
+		{
+		al=SSL_AD_UNEXPECTED_MESSAGE;
+		SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_APP_DATA_IN_HANDSHAKE);
+		goto f_err;
+		}
+
+	if (len <= 0) return(len);
+
+	if ((unsigned int)len > rr->length)
+		n=rr->length;
+	else
+		n=len;
+
+	memcpy(buf,&(rr->data[rr->off]),(unsigned int)n);
+	rr->length-=n;
+	rr->off+=n;
+	if (rr->length <= 0)
+		{
+		s->rstate=SSL_ST_READ_HEADER;
+		rr->off=0;
+		}
+
+	if (type == SSL3_RT_HANDSHAKE)
+		ssl3_finish_mac(s,buf,n);
+	return(n);
+f_err:
+	ssl3_send_alert(s,SSL3_AL_FATAL,al);
+err:
+	return(-1);
+	}
+
+static int do_change_cipher_spec(SSL *s)
+	{
+	int i;
+	unsigned char *sender;
+	int slen;
+
+	if (s->state & SSL_ST_ACCEPT)
+		i=SSL3_CHANGE_CIPHER_SERVER_READ;
+	else
+		i=SSL3_CHANGE_CIPHER_CLIENT_READ;
+
+	if (s->s3->tmp.key_block == NULL)
+		{
+		s->session->cipher=s->s3->tmp.new_cipher;
+		if (!s->method->ssl3_enc->setup_key_block(s)) return(0);
+		}
+
+	if (!s->method->ssl3_enc->change_cipher_state(s,i))
+		return(0);
+
+	/* we have to record the message digest at
+	 * this point so we can get it before we read
+	 * the finished message */
+	if (s->state & SSL_ST_CONNECT)
+		{
+		sender=s->method->ssl3_enc->server_finished;
+		slen=s->method->ssl3_enc->server_finished_len;
+		}
+	else
+		{
+		sender=s->method->ssl3_enc->client_finished;
+		slen=s->method->ssl3_enc->client_finished_len;
+		}
+
+	s->method->ssl3_enc->final_finish_mac(s,
+		&(s->s3->finish_dgst1),
+		&(s->s3->finish_dgst2),
+		sender,slen,&(s->s3->tmp.finish_md[0]));
+
+	return(1);
+	}
+
+int ssl3_do_write(SSL *s, int type)
+	{
+	int ret;
+
+	ret=ssl3_write_bytes(s,type,&s->init_buf->data[s->init_off],
+			     s->init_num);
+	if (ret == s->init_num)
+		return(1);
+	if (ret < 0) return(-1);
+	s->init_off+=ret;
+	s->init_num-=ret;
+	return(0);
+	}
+
+void ssl3_send_alert(SSL *s, int level, int desc)
+	{
+	/* Map tls/ssl alert value to correct one */
+	desc=s->method->ssl3_enc->alert_value(desc);
+	if (desc < 0) return;
+	/* If a fatal one, remove from cache */
+	if ((level == 2) && (s->session != NULL))
+		SSL_CTX_remove_session(s->ctx,s->session);
+
+	s->s3->alert_dispatch=1;
+	s->s3->send_alert[0]=level;
+	s->s3->send_alert[1]=desc;
+	if (s->s3->wbuf.left == 0) /* data still being written out */
+		ssl3_dispatch_alert(s);
+	/* else data is still being written out, we will get written
+	 * some time in the future */
+	}
+
+int ssl3_dispatch_alert(SSL *s)
+	{
+	int i,j;
+	void (*cb)()=NULL;
+
+	s->s3->alert_dispatch=0;
+	i=do_ssl3_write(s,SSL3_RT_ALERT,&s->s3->send_alert[0],2);
+	if (i <= 0)
+		{
+		s->s3->alert_dispatch=1;
+		}
+	else
+		{
+		/* If it is important, send it now.  If the message
+		 * does not get sent due to non-blocking IO, we will
+		 * not worry too much. */
+		if (s->s3->send_alert[0] == SSL3_AL_FATAL)
+			(void)BIO_flush(s->wbio);
+
+		if (s->info_callback != NULL)
+			cb=s->info_callback;
+		else if (s->ctx->info_callback != NULL)
+			cb=s->ctx->info_callback;
+		
+		if (cb != NULL)
+			{
+			j=(s->s3->send_alert[0]<<8)|s->s3->send_alert[1];
+			cb(s,SSL_CB_WRITE_ALERT,j);
+			}
+		}
+	return(i);
+	}
+
diff --git a/crypto/openssl/ssl/s3_srvr.c b/crypto/openssl/ssl/s3_srvr.c
new file mode 100644
index 000000000000..e003d8835746
--- /dev/null
+++ b/crypto/openssl/ssl/s3_srvr.c
@@ -0,0 +1,1683 @@
+/* ssl/s3_srvr.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#define REUSE_CIPHER_BUG
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include "ssl_locl.h"
+
+static SSL_METHOD *ssl3_get_server_method(int ver);
+static int ssl3_get_client_hello(SSL *s);
+static int ssl3_send_server_hello(SSL *s);
+static int ssl3_send_server_key_exchange(SSL *s);
+static int ssl3_send_certificate_request(SSL *s);
+static int ssl3_send_server_done(SSL *s);
+static int ssl3_get_cert_verify(SSL *s);
+static int ssl3_get_client_key_exchange(SSL *s);
+static int ssl3_get_client_certificate(SSL *s);
+static int ssl3_send_hello_request(SSL *s);
+
+static SSL_METHOD *ssl3_get_server_method(int ver)
+	{
+	if (ver == SSL3_VERSION)
+		return(SSLv3_server_method());
+	else
+		return(NULL);
+	}
+
+SSL_METHOD *SSLv3_server_method(void)
+	{
+	static int init=1;
+	static SSL_METHOD SSLv3_server_data;
+
+	if (init)
+		{
+		memcpy((char *)&SSLv3_server_data,(char *)sslv3_base_method(),
+			sizeof(SSL_METHOD));
+		SSLv3_server_data.ssl_accept=ssl3_accept;
+		SSLv3_server_data.get_ssl_method=ssl3_get_server_method;
+		init=0;
+		}
+	return(&SSLv3_server_data);
+	}
+
+int ssl3_accept(SSL *s)
+	{
+	BUF_MEM *buf;
+	unsigned long l,Time=time(NULL);
+	void (*cb)()=NULL;
+	long num1;
+	int ret= -1;
+	int new_state,state,skip=0;
+
+	RAND_seed(&Time,sizeof(Time));
+	ERR_clear_error();
+	clear_sys_error();
+
+	if (s->info_callback != NULL)
+		cb=s->info_callback;
+	else if (s->ctx->info_callback != NULL)
+		cb=s->ctx->info_callback;
+
+	/* init things to blank */
+	if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
+	s->in_handshake++;
+
+	if (s->cert == NULL)
+		{
+		SSLerr(SSL_F_SSL3_ACCEPT,SSL_R_NO_CERTIFICATE_SET);
+		return(-1);
+		}
+
+	for (;;)
+		{
+		state=s->state;
+
+		switch (s->state)
+			{
+		case SSL_ST_RENEGOTIATE:
+			s->new_session=1;
+			/* s->state=SSL_ST_ACCEPT; */
+
+		case SSL_ST_BEFORE:
+		case SSL_ST_ACCEPT:
+		case SSL_ST_BEFORE|SSL_ST_ACCEPT:
+		case SSL_ST_OK|SSL_ST_ACCEPT:
+
+			s->server=1;
+			if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
+
+			if ((s->version>>8) != 3)
+				abort();
+			/* s->version=SSL3_VERSION; */
+			s->type=SSL_ST_ACCEPT;
+
+			if (s->init_buf == NULL)
+				{
+				if ((buf=BUF_MEM_new()) == NULL)
+					{
+					ret= -1;
+					goto end;
+					}
+				if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
+					{
+					ret= -1;
+					goto end;
+					}
+				s->init_buf=buf;
+				}
+
+			if (!ssl3_setup_buffers(s))
+				{
+				ret= -1;
+				goto end;
+				}
+
+			/* Ok, we now need to push on a buffering BIO so that
+			 * the output is sent in a way that TCP likes :-)
+			 */
+			if (!ssl_init_wbio_buffer(s,1)) { ret= -1; goto end; }
+
+			s->init_num=0;
+
+			if (s->state != SSL_ST_RENEGOTIATE)
+				{
+				s->state=SSL3_ST_SR_CLNT_HELLO_A;
+				ssl3_init_finished_mac(s);
+				s->ctx->stats.sess_accept++;
+				}
+			else
+				{
+				s->ctx->stats.sess_accept_renegotiate++;
+				s->state=SSL3_ST_SW_HELLO_REQ_A;
+				}
+			break;
+
+		case SSL3_ST_SW_HELLO_REQ_A:
+		case SSL3_ST_SW_HELLO_REQ_B:
+
+			s->shutdown=0;
+			ret=ssl3_send_hello_request(s);
+			if (ret <= 0) goto end;
+			s->s3->tmp.next_state=SSL3_ST_SW_HELLO_REQ_C;
+			s->state=SSL3_ST_SW_FLUSH;
+			s->init_num=0;
+
+			ssl3_init_finished_mac(s);
+			break;
+
+		case SSL3_ST_SW_HELLO_REQ_C:
+			s->state=SSL_ST_OK;
+			ret=1;
+			goto end;
+			/* break; */
+
+		case SSL3_ST_SR_CLNT_HELLO_A:
+		case SSL3_ST_SR_CLNT_HELLO_B:
+		case SSL3_ST_SR_CLNT_HELLO_C:
+
+			s->shutdown=0;
+			ret=ssl3_get_client_hello(s);
+			if (ret <= 0) goto end;
+			s->state=SSL3_ST_SW_SRVR_HELLO_A;
+			s->init_num=0;
+			break;
+
+		case SSL3_ST_SW_SRVR_HELLO_A:
+		case SSL3_ST_SW_SRVR_HELLO_B:
+			ret=ssl3_send_server_hello(s);
+			if (ret <= 0) goto end;
+
+			if (s->hit)
+				s->state=SSL3_ST_SW_CHANGE_A;
+			else
+				s->state=SSL3_ST_SW_CERT_A;
+			s->init_num=0;
+			break;
+
+		case SSL3_ST_SW_CERT_A:
+		case SSL3_ST_SW_CERT_B:
+			/* Check if it is anon DH */
+			if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL))
+				{
+				ret=ssl3_send_server_certificate(s);
+				if (ret <= 0) goto end;
+				}
+			else
+				skip=1;
+			s->state=SSL3_ST_SW_KEY_EXCH_A;
+			s->init_num=0;
+			break;
+
+		case SSL3_ST_SW_KEY_EXCH_A:
+		case SSL3_ST_SW_KEY_EXCH_B:
+			l=s->s3->tmp.new_cipher->algorithms;
+
+			/* clear this, it may get reset by
+			 * send_server_key_exchange */
+			if (s->options & SSL_OP_EPHEMERAL_RSA)
+				s->s3->tmp.use_rsa_tmp=1;
+			else
+				s->s3->tmp.use_rsa_tmp=0;
+
+			/* only send if a DH key exchange, fortezza or
+			 * RSA but we have a sign only certificate */
+			if (s->s3->tmp.use_rsa_tmp
+			    || (l & (SSL_DH|SSL_kFZA))
+			    || ((l & SSL_kRSA)
+				&& (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
+				    || (SSL_IS_EXPORT(l)
+					&& EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > SSL_EXPORT_PKEYLENGTH(l)
+					)
+				    )
+				)
+			    )
+				{
+				ret=ssl3_send_server_key_exchange(s);
+				if (ret <= 0) goto end;
+				}
+			else
+				skip=1;
+
+			s->state=SSL3_ST_SW_CERT_REQ_A;
+			s->init_num=0;
+			break;
+
+		case SSL3_ST_SW_CERT_REQ_A:
+		case SSL3_ST_SW_CERT_REQ_B:
+			if (!(s->verify_mode & SSL_VERIFY_PEER) ||
+				((s->session->peer != NULL) &&
+				 (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)))
+				{
+				/* no cert request */
+				skip=1;
+				s->s3->tmp.cert_request=0;
+				s->state=SSL3_ST_SW_SRVR_DONE_A;
+				}
+			else
+				{
+				s->s3->tmp.cert_request=1;
+				ret=ssl3_send_certificate_request(s);
+				if (ret <= 0) goto end;
+				s->state=SSL3_ST_SW_SRVR_DONE_A;
+				s->init_num=0;
+				}
+			break;
+
+		case SSL3_ST_SW_SRVR_DONE_A:
+		case SSL3_ST_SW_SRVR_DONE_B:
+			ret=ssl3_send_server_done(s);
+			if (ret <= 0) goto end;
+			s->s3->tmp.next_state=SSL3_ST_SR_CERT_A;
+			s->state=SSL3_ST_SW_FLUSH;
+			s->init_num=0;
+			break;
+		
+		case SSL3_ST_SW_FLUSH:
+			/* number of bytes to be flushed */
+			num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL);
+			if (num1 > 0)
+				{
+				s->rwstate=SSL_WRITING;
+				num1=BIO_flush(s->wbio);
+				if (num1 <= 0) { ret= -1; goto end; }
+				s->rwstate=SSL_NOTHING;
+				}
+
+			s->state=s->s3->tmp.next_state;
+			break;
+
+		case SSL3_ST_SR_CERT_A:
+		case SSL3_ST_SR_CERT_B:
+			/* could be sent for a DH cert, even if we
+			 * have not asked for it :-) */
+			ret=ssl3_get_client_certificate(s);
+			if (ret <= 0) goto end;
+			s->init_num=0;
+			s->state=SSL3_ST_SR_KEY_EXCH_A;
+			break;
+
+		case SSL3_ST_SR_KEY_EXCH_A:
+		case SSL3_ST_SR_KEY_EXCH_B:
+			ret=ssl3_get_client_key_exchange(s);
+			if (ret <= 0) goto end;
+			s->state=SSL3_ST_SR_CERT_VRFY_A;
+			s->init_num=0;
+
+			/* We need to get hashes here so if there is
+			 * a client cert, it can be verified */ 
+			s->method->ssl3_enc->cert_verify_mac(s,
+				&(s->s3->finish_dgst1),
+				&(s->s3->tmp.finish_md[0]));
+			s->method->ssl3_enc->cert_verify_mac(s,
+				&(s->s3->finish_dgst2),
+				&(s->s3->tmp.finish_md[MD5_DIGEST_LENGTH]));
+
+			break;
+
+		case SSL3_ST_SR_CERT_VRFY_A:
+		case SSL3_ST_SR_CERT_VRFY_B:
+
+			/* we should decide if we expected this one */
+			ret=ssl3_get_cert_verify(s);
+			if (ret <= 0) goto end;
+
+			s->state=SSL3_ST_SR_FINISHED_A;
+			s->init_num=0;
+			break;
+
+		case SSL3_ST_SR_FINISHED_A:
+		case SSL3_ST_SR_FINISHED_B:
+			ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A,
+				SSL3_ST_SR_FINISHED_B);
+			if (ret <= 0) goto end;
+			if (s->hit)
+				s->state=SSL_ST_OK;
+			else
+				s->state=SSL3_ST_SW_CHANGE_A;
+			s->init_num=0;
+			break;
+
+		case SSL3_ST_SW_CHANGE_A:
+		case SSL3_ST_SW_CHANGE_B:
+
+			s->session->cipher=s->s3->tmp.new_cipher;
+			if (!s->method->ssl3_enc->setup_key_block(s))
+				{ ret= -1; goto end; }
+
+			ret=ssl3_send_change_cipher_spec(s,
+				SSL3_ST_SW_CHANGE_A,SSL3_ST_SW_CHANGE_B);
+
+			if (ret <= 0) goto end;
+			s->state=SSL3_ST_SW_FINISHED_A;
+			s->init_num=0;
+
+			if (!s->method->ssl3_enc->change_cipher_state(s,
+				SSL3_CHANGE_CIPHER_SERVER_WRITE))
+				{
+				ret= -1;
+				goto end;
+				}
+
+			break;
+
+		case SSL3_ST_SW_FINISHED_A:
+		case SSL3_ST_SW_FINISHED_B:
+			ret=ssl3_send_finished(s,
+				SSL3_ST_SW_FINISHED_A,SSL3_ST_SW_FINISHED_B,
+				s->method->ssl3_enc->server_finished,
+				s->method->ssl3_enc->server_finished_len);
+			if (ret <= 0) goto end;
+			s->state=SSL3_ST_SW_FLUSH;
+			if (s->hit)
+				s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;
+			else
+				s->s3->tmp.next_state=SSL_ST_OK;
+			s->init_num=0;
+			break;
+
+		case SSL_ST_OK:
+			/* clean a few things up */
+			ssl3_cleanup_key_block(s);
+
+			BUF_MEM_free(s->init_buf);
+			s->init_buf=NULL;
+
+			/* remove buffering on output */
+			ssl_free_wbio_buffer(s);
+
+			s->new_session=0;
+			s->init_num=0;
+
+			ssl_update_cache(s,SSL_SESS_CACHE_SERVER);
+
+			s->ctx->stats.sess_accept_good++;
+			/* s->server=1; */
+			s->handshake_func=ssl3_accept;
+			ret=1;
+
+			if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
+
+			goto end;
+			/* break; */
+
+		default:
+			SSLerr(SSL_F_SSL3_ACCEPT,SSL_R_UNKNOWN_STATE);
+			ret= -1;
+			goto end;
+			/* break; */
+			}
+		
+		if (!s->s3->tmp.reuse_message && !skip)
+			{
+			if (s->debug)
+				{
+				if ((ret=BIO_flush(s->wbio)) <= 0)
+					goto end;
+				}
+
+
+			if ((cb != NULL) && (s->state != state))
+				{
+				new_state=s->state;
+				s->state=state;
+				cb(s,SSL_CB_ACCEPT_LOOP,1);
+				s->state=new_state;
+				}
+			}
+		skip=0;
+		}
+end:
+	/* BIO_flush(s->wbio); */
+
+	if (cb != NULL)
+		cb(s,SSL_CB_ACCEPT_EXIT,ret);
+	s->in_handshake--;
+	return(ret);
+	}
+
+static int ssl3_send_hello_request(SSL *s)
+	{
+	unsigned char *p;
+
+	if (s->state == SSL3_ST_SW_HELLO_REQ_A)
+		{
+		p=(unsigned char *)s->init_buf->data;
+		*(p++)=SSL3_MT_CLIENT_REQUEST;
+		*(p++)=0;
+		*(p++)=0;
+		*(p++)=0;
+
+		s->state=SSL3_ST_SW_HELLO_REQ_B;
+		/* number of bytes to write */
+		s->init_num=4;
+		s->init_off=0;
+		}
+
+	/* SSL3_ST_SW_HELLO_REQ_B */
+	return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
+	}
+
+static int ssl3_get_client_hello(SSL *s)
+	{
+	int i,j,ok,al,ret= -1;
+	long n;
+	unsigned long id;
+	unsigned char *p,*d,*q;
+	SSL_CIPHER *c;
+	SSL_COMP *comp=NULL;
+	STACK_OF(SSL_CIPHER) *ciphers=NULL;
+
+	/* We do this so that we will respond with our native type.
+	 * If we are TLSv1 and we get SSLv3, we will respond with TLSv1,
+	 * This down switching should be handled by a different method.
+	 * If we are SSLv3, we will respond with SSLv3, even if prompted with
+	 * TLSv1.
+	 */
+	if (s->state == SSL3_ST_SR_CLNT_HELLO_A)
+		{
+		s->first_packet=1;
+		s->state=SSL3_ST_SR_CLNT_HELLO_B;
+		}
+	n=ssl3_get_message(s,
+		SSL3_ST_SR_CLNT_HELLO_B,
+		SSL3_ST_SR_CLNT_HELLO_C,
+		SSL3_MT_CLIENT_HELLO,
+		SSL3_RT_MAX_PLAIN_LENGTH,
+		&ok);
+
+	if (!ok) return((int)n);
+	d=p=(unsigned char *)s->init_buf->data;
+
+	/* The version number has already been checked in ssl3_get_message.
+	 * I a native TLSv1/SSLv3 method, the match must be correct except
+	 * perhaps for the first message */
+/*	s->client_version=(((int)p[0])<<8)|(int)p[1]; */
+	p+=2;
+
+	/* load the client random */
+	memcpy(s->s3->client_random,p,SSL3_RANDOM_SIZE);
+	p+=SSL3_RANDOM_SIZE;
+
+	/* get the session-id */
+	j= *(p++);
+
+	s->hit=0;
+	if (j == 0)
+		{
+		if (!ssl_get_new_session(s,1))
+			goto err;
+		}
+	else
+		{
+		i=ssl_get_prev_session(s,p,j);
+		if (i == 1)
+			{ /* previous session */
+			s->hit=1;
+			}
+		else if (i == -1)
+			goto err;
+		else /* i == 0 */
+			{
+			if (!ssl_get_new_session(s,1))
+				goto err;
+			}
+		}
+
+	p+=j;
+	n2s(p,i);
+	if ((i == 0) && (j != 0))
+		{
+		/* we need a cipher if we are not resuming a session */
+		al=SSL_AD_ILLEGAL_PARAMETER;
+		SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_CIPHERS_SPECIFIED);
+		goto f_err;
+		}
+	if ((i+p) > (d+n))
+		{
+		/* not enough data */
+		al=SSL_AD_DECODE_ERROR;
+		SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_LENGTH_MISMATCH);
+		goto f_err;
+		}
+	if ((i > 0) && (ssl_bytes_to_cipher_list(s,p,i,&(ciphers))
+		== NULL))
+		{
+		goto err;
+		}
+	p+=i;
+
+	/* If it is a hit, check that the cipher is in the list */
+	if ((s->hit) && (i > 0))
+		{
+		j=0;
+		id=s->session->cipher->id;
+
+#ifdef CIPHER_DEBUG
+		printf("client sent %d ciphers\n",sk_num(ciphers));
+#endif
+		for (i=0; iid == id)
+				{
+				j=1;
+				break;
+				}
+			}
+		if (j == 0)
+			{
+			if ((s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) && (sk_SSL_CIPHER_num(ciphers) == 1))
+				{
+				/* Very bad for multi-threading.... */
+				s->session->cipher=sk_SSL_CIPHER_value(ciphers,
+								       0);
+				}
+			else
+				{
+				/* we need to have the cipher in the cipher
+				 * list if we are asked to reuse it */
+				al=SSL_AD_ILLEGAL_PARAMETER;
+				SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_REQUIRED_CIPHER_MISSING);
+				goto f_err;
+				}
+			}
+		}
+
+	/* compression */
+	i= *(p++);
+	q=p;
+	for (j=0; j= i)
+		{
+		/* no compress */
+		al=SSL_AD_DECODE_ERROR;
+		SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_COMPRESSION_SPECIFIED);
+		goto f_err;
+		}
+
+	/* Worst case, we will use the NULL compression, but if we have other
+	 * options, we will now look for them.  We have i-1 compression
+	 * algorithms from the client, starting at q. */
+	s->s3->tmp.new_compression=NULL;
+	if (s->ctx->comp_methods != NULL)
+		{ /* See if we have a match */
+		int m,nn,o,v,done=0;
+
+		nn=sk_SSL_COMP_num(s->ctx->comp_methods);
+		for (m=0; mctx->comp_methods,m);
+			v=comp->id;
+			for (o=0; os3->tmp.new_compression=comp;
+		else
+			comp=NULL;
+		}
+
+	/* TLS does not mind if there is extra stuff */
+	if (s->version == SSL3_VERSION)
+		{
+		if (p > (d+n))
+			{
+			/* wrong number of bytes,
+			 * there could be more to follow */
+			al=SSL_AD_DECODE_ERROR;
+			SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_LENGTH_MISMATCH);
+			goto f_err;
+			}
+		}
+
+	/* Given s->session->ciphers and ssl_get_ciphers_by_id(s), we must
+	 * pick a cipher */
+
+	if (!s->hit)
+		{
+		s->session->compress_meth=(comp == NULL)?0:comp->id;
+		if (s->session->ciphers != NULL)
+			sk_SSL_CIPHER_free(s->session->ciphers);
+		s->session->ciphers=ciphers;
+		if (ciphers == NULL)
+			{
+			al=SSL_AD_ILLEGAL_PARAMETER;
+			SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_CIPHERS_PASSED);
+			goto f_err;
+			}
+		ciphers=NULL;
+		c=ssl3_choose_cipher(s,s->session->ciphers,
+				     ssl_get_ciphers_by_id(s));
+
+		if (c == NULL)
+			{
+			al=SSL_AD_HANDSHAKE_FAILURE;
+			SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_SHARED_CIPHER);
+			goto f_err;
+			}
+		s->s3->tmp.new_cipher=c;
+		}
+	else
+		{
+		/* Session-id reuse */
+#ifdef REUSE_CIPHER_BUG
+		STACK_OF(SSL_CIPHER) *sk;
+		SSL_CIPHER *nc=NULL;
+		SSL_CIPHER *ec=NULL;
+
+		if (s->options & SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG)
+			{
+			sk=s->session->ciphers;
+			for (i=0; ialgorithms & SSL_eNULL)
+					nc=c;
+				if (SSL_C_IS_EXPORT(c))
+					ec=c;
+				}
+			if (nc != NULL)
+				s->s3->tmp.new_cipher=nc;
+			else if (ec != NULL)
+				s->s3->tmp.new_cipher=ec;
+			else
+				s->s3->tmp.new_cipher=s->session->cipher;
+			}
+		else
+#endif
+		s->s3->tmp.new_cipher=s->session->cipher;
+		}
+	
+	/* we now have the following setup. 
+	 * client_random
+	 * cipher_list 		- our prefered list of ciphers
+	 * ciphers 		- the clients prefered list of ciphers
+	 * compression		- basically ignored right now
+	 * ssl version is set	- sslv3
+	 * s->session		- The ssl session has been setup.
+	 * s->hit		- sesson reuse flag
+	 * s->tmp.new_cipher	- the new cipher to use.
+	 */
+
+	ret=1;
+	if (0)
+		{
+f_err:
+		ssl3_send_alert(s,SSL3_AL_FATAL,al);
+		}
+err:
+	if (ciphers != NULL) sk_SSL_CIPHER_free(ciphers);
+	return(ret);
+	}
+
+static int ssl3_send_server_hello(SSL *s)
+	{
+	unsigned char *buf;
+	unsigned char *p,*d;
+	int i,sl;
+	unsigned long l,Time;
+
+	if (s->state == SSL3_ST_SW_SRVR_HELLO_A)
+		{
+		buf=(unsigned char *)s->init_buf->data;
+		p=s->s3->server_random;
+		Time=time(NULL);			/* Time */
+		l2n(Time,p);
+		RAND_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time));
+		/* Do the message type and length last */
+		d=p= &(buf[4]);
+
+		*(p++)=s->version>>8;
+		*(p++)=s->version&0xff;
+
+		/* Random stuff */
+		memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
+		p+=SSL3_RANDOM_SIZE;
+
+		/* now in theory we have 3 options to sending back the
+		 * session id.  If it is a re-use, we send back the
+		 * old session-id, if it is a new session, we send
+		 * back the new session-id or we send back a 0 length
+		 * session-id if we want it to be single use.
+		 * Currently I will not implement the '0' length session-id
+		 * 12-Jan-98 - I'll now support the '0' length stuff.
+		 */
+		if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER))
+			s->session->session_id_length=0;
+
+		sl=s->session->session_id_length;
+		*(p++)=sl;
+		memcpy(p,s->session->session_id,sl);
+		p+=sl;
+
+		/* put the cipher */
+		i=ssl3_put_cipher_by_char(s->s3->tmp.new_cipher,p);
+		p+=i;
+
+		/* put the compression method */
+		if (s->s3->tmp.new_compression == NULL)
+			*(p++)=0;
+		else
+			*(p++)=s->s3->tmp.new_compression->id;
+
+		/* do the header */
+		l=(p-d);
+		d=buf;
+		*(d++)=SSL3_MT_SERVER_HELLO;
+		l2n3(l,d);
+
+		s->state=SSL3_ST_CW_CLNT_HELLO_B;
+		/* number of bytes to write */
+		s->init_num=p-buf;
+		s->init_off=0;
+		}
+
+	/* SSL3_ST_CW_CLNT_HELLO_B */
+	return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
+	}
+
+static int ssl3_send_server_done(SSL *s)
+	{
+	unsigned char *p;
+
+	if (s->state == SSL3_ST_SW_SRVR_DONE_A)
+		{
+		p=(unsigned char *)s->init_buf->data;
+
+		/* do the header */
+		*(p++)=SSL3_MT_SERVER_DONE;
+		*(p++)=0;
+		*(p++)=0;
+		*(p++)=0;
+
+		s->state=SSL3_ST_SW_SRVR_DONE_B;
+		/* number of bytes to write */
+		s->init_num=4;
+		s->init_off=0;
+		}
+
+	/* SSL3_ST_CW_CLNT_HELLO_B */
+	return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
+	}
+
+static int ssl3_send_server_key_exchange(SSL *s)
+	{
+#ifndef NO_RSA
+	unsigned char *q;
+	int j,num;
+	RSA *rsa;
+	unsigned char md_buf[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
+#endif
+#ifndef NO_DH
+	DH *dh,*dhp;
+#endif
+	EVP_PKEY *pkey;
+	unsigned char *p,*d;
+	int al,i;
+	unsigned long type;
+	int n;
+	CERT *cert;
+	BIGNUM *r[4];
+	int nr[4],kn;
+	BUF_MEM *buf;
+	EVP_MD_CTX md_ctx;
+
+	if (s->state == SSL3_ST_SW_KEY_EXCH_A)
+		{
+		type=s->s3->tmp.new_cipher->algorithms & SSL_MKEY_MASK;
+		cert=s->cert;
+
+		buf=s->init_buf;
+
+		r[0]=r[1]=r[2]=r[3]=NULL;
+		n=0;
+#ifndef NO_RSA
+		if (type & SSL_kRSA)
+			{
+			rsa=cert->rsa_tmp;
+			if ((rsa == NULL) && (s->cert->rsa_tmp_cb != NULL))
+				{
+				rsa=s->cert->rsa_tmp_cb(s,
+				      SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
+				      SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
+				CRYPTO_add(&rsa->references,1,CRYPTO_LOCK_RSA);
+				cert->rsa_tmp=rsa;
+				}
+			if (rsa == NULL)
+				{
+				al=SSL_AD_HANDSHAKE_FAILURE;
+				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_RSA_KEY);
+				goto f_err;
+				}
+			r[0]=rsa->n;
+			r[1]=rsa->e;
+			s->s3->tmp.use_rsa_tmp=1;
+			}
+		else
+#endif
+#ifndef NO_DH
+			if (type & SSL_kEDH)
+			{
+			dhp=cert->dh_tmp;
+			if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL))
+				dhp=s->cert->dh_tmp_cb(s,
+				      !SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
+				      SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
+			if (dhp == NULL)
+				{
+				al=SSL_AD_HANDSHAKE_FAILURE;
+				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_DH_KEY);
+				goto f_err;
+				}
+			if ((dh=DHparams_dup(dhp)) == NULL)
+				{
+				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB);
+				goto err;
+				}
+
+			s->s3->tmp.dh=dh;
+			if ((dhp->pub_key == NULL ||
+			     dhp->priv_key == NULL ||
+			     (s->options & SSL_OP_SINGLE_DH_USE)))
+				{
+				if(!DH_generate_key(dh))
+				    {
+				    SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
+					   ERR_R_DH_LIB);
+				    goto err;
+				    }
+				}
+			else
+				{
+				dh->pub_key=BN_dup(dhp->pub_key);
+				dh->priv_key=BN_dup(dhp->priv_key);
+				if ((dh->pub_key == NULL) ||
+					(dh->priv_key == NULL))
+					{
+					SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB);
+					goto err;
+					}
+				}
+			r[0]=dh->p;
+			r[1]=dh->g;
+			r[2]=dh->pub_key;
+			}
+		else 
+#endif
+			{
+			al=SSL_AD_HANDSHAKE_FAILURE;
+			SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
+			goto f_err;
+			}
+		for (i=0; r[i] != NULL; i++)
+			{
+			nr[i]=BN_num_bytes(r[i]);
+			n+=2+nr[i];
+			}
+
+		if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL))
+			{
+			if ((pkey=ssl_get_sign_pkey(s,s->s3->tmp.new_cipher))
+				== NULL)
+				{
+				al=SSL_AD_DECODE_ERROR;
+				goto f_err;
+				}
+			kn=EVP_PKEY_size(pkey);
+			}
+		else
+			{
+			pkey=NULL;
+			kn=0;
+			}
+
+		if (!BUF_MEM_grow(buf,n+4+kn))
+			{
+			SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_BUF);
+			goto err;
+			}
+		d=(unsigned char *)s->init_buf->data;
+		p= &(d[4]);
+
+		for (i=0; r[i] != NULL; i++)
+			{
+			s2n(nr[i],p);
+			BN_bn2bin(r[i],p);
+			p+=nr[i];
+			}
+
+		/* not anonymous */
+		if (pkey != NULL)
+			{
+			/* n is the length of the params, they start at &(d[4])
+			 * and p points to the space at the end. */
+#ifndef NO_RSA
+			if (pkey->type == EVP_PKEY_RSA)
+				{
+				q=md_buf;
+				j=0;
+				for (num=2; num > 0; num--)
+					{
+					EVP_DigestInit(&md_ctx,(num == 2)
+						?s->ctx->md5:s->ctx->sha1);
+					EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
+					EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
+					EVP_DigestUpdate(&md_ctx,&(d[4]),n);
+					EVP_DigestFinal(&md_ctx,q,
+						(unsigned int *)&i);
+					q+=i;
+					j+=i;
+					}
+				i=RSA_private_encrypt(j,md_buf,&(p[2]),
+					pkey->pkey.rsa,RSA_PKCS1_PADDING);
+				if (i <= 0)
+					{
+					SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_RSA);
+					goto err;
+					}
+				s2n(i,p);
+				n+=i+2;
+				}
+			else
+#endif
+#if !defined(NO_DSA)
+				if (pkey->type == EVP_PKEY_DSA)
+				{
+				/* lets do DSS */
+				EVP_SignInit(&md_ctx,EVP_dss1());
+				EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
+				EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
+				EVP_SignUpdate(&md_ctx,&(d[4]),n);
+				if (!EVP_SignFinal(&md_ctx,&(p[2]),
+					(unsigned int *)&i,pkey))
+					{
+					SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_DSA);
+					goto err;
+					}
+				s2n(i,p);
+				n+=i+2;
+				}
+			else
+#endif
+				{
+				/* Is this error check actually needed? */
+				al=SSL_AD_HANDSHAKE_FAILURE;
+				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_PKEY_TYPE);
+				goto f_err;
+				}
+			}
+
+		*(d++)=SSL3_MT_SERVER_KEY_EXCHANGE;
+		l2n3(n,d);
+
+		/* we should now have things packed up, so lets send
+		 * it off */
+		s->init_num=n+4;
+		s->init_off=0;
+		}
+
+	/* SSL3_ST_SW_KEY_EXCH_B */
+	return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
+f_err:
+	ssl3_send_alert(s,SSL3_AL_FATAL,al);
+err:
+	return(-1);
+	}
+
+static int ssl3_send_certificate_request(SSL *s)
+	{
+	unsigned char *p,*d;
+	int i,j,nl,off,n;
+	STACK_OF(X509_NAME) *sk=NULL;
+	X509_NAME *name;
+	BUF_MEM *buf;
+
+	if (s->state == SSL3_ST_SW_CERT_REQ_A)
+		{
+		buf=s->init_buf;
+
+		d=p=(unsigned char *)&(buf->data[4]);
+
+		/* get the list of acceptable cert types */
+		p++;
+		n=ssl3_get_req_cert_type(s,p);
+		d[0]=n;
+		p+=n;
+		n++;
+
+		off=n;
+		p+=2;
+		n+=2;
+
+		sk=SSL_get_client_CA_list(s);
+		nl=0;
+		if (sk != NULL)
+			{
+			for (i=0; idata[4+n]);
+				if (!(s->options & SSL_OP_NETSCAPE_CA_DN_BUG))
+					{
+					s2n(j,p);
+					i2d_X509_NAME(name,&p);
+					n+=2+j;
+					nl+=2+j;
+					}
+				else
+					{
+					d=p;
+					i2d_X509_NAME(name,&p);
+					j-=2; s2n(j,d); j+=2;
+					n+=j;
+					nl+=j;
+					}
+				}
+			}
+		/* else no CA names */
+		p=(unsigned char *)&(buf->data[4+off]);
+		s2n(nl,p);
+
+		d=(unsigned char *)buf->data;
+		*(d++)=SSL3_MT_CERTIFICATE_REQUEST;
+		l2n3(n,d);
+
+		/* we should now have things packed up, so lets send
+		 * it off */
+
+		s->init_num=n+4;
+		s->init_off=0;
+		}
+
+	/* SSL3_ST_SW_CERT_REQ_B */
+	return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
+err:
+	return(-1);
+	}
+
+static int ssl3_get_client_key_exchange(SSL *s)
+	{
+	int i,al,ok;
+	long n;
+	unsigned long l;
+	unsigned char *p;
+#ifndef NO_RSA
+	RSA *rsa=NULL;
+	EVP_PKEY *pkey=NULL;
+#endif
+#ifndef NO_DH
+	BIGNUM *pub=NULL;
+	DH *dh_srvr;
+#endif
+
+	n=ssl3_get_message(s,
+		SSL3_ST_SR_KEY_EXCH_A,
+		SSL3_ST_SR_KEY_EXCH_B,
+		SSL3_MT_CLIENT_KEY_EXCHANGE,
+		400, /* ???? */
+		&ok);
+
+	if (!ok) return((int)n);
+	p=(unsigned char *)s->init_buf->data;
+
+	l=s->s3->tmp.new_cipher->algorithms;
+
+#ifndef NO_RSA
+	if (l & SSL_kRSA)
+		{
+		/* FIX THIS UP EAY EAY EAY EAY */
+		if (s->s3->tmp.use_rsa_tmp)
+			{
+			if ((s->cert != NULL) && (s->cert->rsa_tmp != NULL))
+				rsa=s->cert->rsa_tmp;
+			/* Don't do a callback because rsa_tmp should
+			 * be sent already */
+			if (rsa == NULL)
+				{
+				al=SSL_AD_HANDSHAKE_FAILURE;
+				SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_TMP_RSA_PKEY);
+				goto f_err;
+
+				}
+			}
+		else
+			{
+			pkey=s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey;
+			if (	(pkey == NULL) ||
+				(pkey->type != EVP_PKEY_RSA) ||
+				(pkey->pkey.rsa == NULL))
+				{
+				al=SSL_AD_HANDSHAKE_FAILURE;
+				SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_RSA_CERTIFICATE);
+				goto f_err;
+				}
+			rsa=pkey->pkey.rsa;
+			}
+
+		/* TLS */
+		if (s->version > SSL3_VERSION)
+			{
+			n2s(p,i);
+			if (n != i+2)
+				{
+				if (!(s->options & SSL_OP_TLS_D5_BUG))
+					{
+					SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG);
+					goto err;
+					}
+				else
+					p-=2;
+				}
+			else
+				n=i;
+			}
+
+		i=RSA_private_decrypt((int)n,p,p,rsa,RSA_PKCS1_PADDING);
+
+#if 1
+		/* If a bad decrypt, use a random master key */
+		if ((i != SSL_MAX_MASTER_KEY_LENGTH) ||
+			((p[0] != (s->client_version>>8)) ||
+			 (p[1] != (s->client_version & 0xff))))
+			{
+			int bad=1;
+
+			if ((i == SSL_MAX_MASTER_KEY_LENGTH) &&
+				(p[0] == (s->version>>8)) &&
+				(p[1] == 0))
+				{
+				if (s->options & SSL_OP_TLS_ROLLBACK_BUG)
+					bad=0;
+				}
+			if (bad)
+				{
+				p[0]=(s->version>>8);
+				p[1]=(s->version & 0xff);
+				RAND_bytes(&(p[2]),SSL_MAX_MASTER_KEY_LENGTH-2);
+				i=SSL_MAX_MASTER_KEY_LENGTH;
+				}
+			/* else, an SSLeay bug, ssl only server, tls client */
+			}
+#else
+		if (i != SSL_MAX_MASTER_KEY_LENGTH)
+			{
+			al=SSL_AD_DECODE_ERROR;
+			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT);
+			goto f_err;
+			}
+
+		if ((p[0] != (s->version>>8)) || (p[1] != (s->version & 0xff)))
+			{
+			al=SSL_AD_DECODE_ERROR;
+			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER);
+			goto f_err;
+			}
+#endif
+
+		s->session->master_key_length=
+			s->method->ssl3_enc->generate_master_secret(s,
+				s->session->master_key,
+				p,i);
+		memset(p,0,i);
+		}
+	else
+#endif
+#ifndef NO_DH
+		if (l & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
+		{
+		n2s(p,i);
+		if (n != i+2)
+			{
+			if (!(s->options & SSL_OP_SSLEAY_080_CLIENT_DH_BUG))
+				{
+				SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG);
+				goto err;
+				}
+			else
+				{
+				p-=2;
+				i=(int)n;
+				}
+			}
+
+		if (n == 0L) /* the parameters are in the cert */
+			{
+			al=SSL_AD_HANDSHAKE_FAILURE;
+			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_UNABLE_TO_DECODE_DH_CERTS);
+			goto f_err;
+			}
+		else
+			{
+			if (s->s3->tmp.dh == NULL)
+				{
+				al=SSL_AD_HANDSHAKE_FAILURE;
+				SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_TMP_DH_KEY);
+				goto f_err;
+				}
+			else
+				dh_srvr=s->s3->tmp.dh;
+			}
+
+		pub=BN_bin2bn(p,i,NULL);
+		if (pub == NULL)
+			{
+			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BN_LIB);
+			goto err;
+			}
+
+		i=DH_compute_key(p,pub,dh_srvr);
+
+		if (i <= 0)
+			{
+			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
+			goto err;
+			}
+
+		DH_free(s->s3->tmp.dh);
+		s->s3->tmp.dh=NULL;
+
+		BN_clear_free(pub);
+		pub=NULL;
+		s->session->master_key_length=
+			s->method->ssl3_enc->generate_master_secret(s,
+				s->session->master_key,p,i);
+		}
+	else
+#endif
+		{
+		al=SSL_AD_HANDSHAKE_FAILURE;
+		SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_UNKNOWN_CIPHER_TYPE);
+		goto f_err;
+		}
+
+	return(1);
+f_err:
+	ssl3_send_alert(s,SSL3_AL_FATAL,al);
+#if !defined(NO_DH) || !defined(NO_RSA)
+err:
+#endif
+	return(-1);
+	}
+
+static int ssl3_get_cert_verify(SSL *s)
+	{
+	EVP_PKEY *pkey=NULL;
+	unsigned char *p;
+	int al,ok,ret=0;
+	long n;
+	int type=0,i,j;
+	X509 *peer;
+
+	n=ssl3_get_message(s,
+		SSL3_ST_SR_CERT_VRFY_A,
+		SSL3_ST_SR_CERT_VRFY_B,
+		-1,
+		512, /* 512? */
+		&ok);
+
+	if (!ok) return((int)n);
+
+	if (s->session->peer != NULL)
+		{
+		peer=s->session->peer;
+		pkey=X509_get_pubkey(peer);
+		type=X509_certificate_type(peer,pkey);
+		}
+	else
+		{
+		peer=NULL;
+		pkey=NULL;
+		}
+
+	if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_VERIFY)
+		{
+		s->s3->tmp.reuse_message=1;
+		if ((peer != NULL) && (type | EVP_PKT_SIGN))
+			{
+			al=SSL_AD_UNEXPECTED_MESSAGE;
+			SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_MISSING_VERIFY_MESSAGE);
+			goto f_err;
+			}
+		ret=1;
+		goto end;
+		}
+
+	if (peer == NULL)
+		{
+		SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_NO_CLIENT_CERT_RECEIVED);
+		al=SSL_AD_UNEXPECTED_MESSAGE;
+		goto f_err;
+		}
+
+	if (!(type & EVP_PKT_SIGN))
+		{
+		SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE);
+		al=SSL_AD_ILLEGAL_PARAMETER;
+		goto f_err;
+		}
+
+	if (s->s3->change_cipher_spec)
+		{
+		SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_CCS_RECEIVED_EARLY);
+		al=SSL_AD_UNEXPECTED_MESSAGE;
+		goto f_err;
+		}
+
+	/* we now have a signature that we need to verify */
+	p=(unsigned char *)s->init_buf->data;
+	n2s(p,i);
+	n-=2;
+	if (i > n)
+		{
+		SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_LENGTH_MISMATCH);
+		al=SSL_AD_DECODE_ERROR;
+		goto f_err;
+		}
+
+	j=EVP_PKEY_size(pkey);
+	if ((i > j) || (n > j) || (n <= 0))
+		{
+		SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_WRONG_SIGNATURE_SIZE);
+		al=SSL_AD_DECODE_ERROR;
+		goto f_err;
+		}
+
+#ifndef NO_RSA 
+	if (pkey->type == EVP_PKEY_RSA)
+		{
+		i=RSA_public_decrypt(i,p,p,pkey->pkey.rsa,RSA_PKCS1_PADDING);
+		if (i < 0)
+			{
+			al=SSL_AD_DECRYPT_ERROR;
+			SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_BAD_RSA_DECRYPT);
+			goto f_err;
+			}
+		if ((i != (MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH)) ||
+			memcmp(&(s->s3->tmp.finish_md[0]),p,
+				MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH))
+			{
+			al=SSL_AD_DECRYPT_ERROR;
+			SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_BAD_RSA_SIGNATURE);
+			goto f_err;
+			}
+		}
+	else
+#endif
+#ifndef NO_DSA
+		if (pkey->type == EVP_PKEY_DSA)
+		{
+		j=DSA_verify(pkey->save_type,
+			&(s->s3->tmp.finish_md[MD5_DIGEST_LENGTH]),
+			SHA_DIGEST_LENGTH,p,i,pkey->pkey.dsa);
+		if (j <= 0)
+			{
+			/* bad signature */
+			al=SSL_AD_DECRYPT_ERROR;
+			SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_BAD_DSA_SIGNATURE);
+			goto f_err;
+			}
+		}
+	else
+#endif
+		{
+		SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_INTERNAL_ERROR);
+		al=SSL_AD_UNSUPPORTED_CERTIFICATE;
+		goto f_err;
+		}
+
+
+	ret=1;
+	if (0)
+		{
+f_err:
+		ssl3_send_alert(s,SSL3_AL_FATAL,al);
+		}
+end:
+	EVP_PKEY_free(pkey);
+	return(ret);
+	}
+
+static int ssl3_get_client_certificate(SSL *s)
+	{
+	int i,ok,al,ret= -1;
+	X509 *x=NULL;
+	unsigned long l,nc,llen,n;
+	unsigned char *p,*d,*q;
+	STACK_OF(X509) *sk=NULL;
+
+	n=ssl3_get_message(s,
+		SSL3_ST_SR_CERT_A,
+		SSL3_ST_SR_CERT_B,
+		-1,
+#if defined(MSDOS) && !defined(WIN32)
+		1024*30, /* 30k max cert list :-) */
+#else
+		1024*100, /* 100k max cert list :-) */
+#endif
+		&ok);
+
+	if (!ok) return((int)n);
+
+	if	(s->s3->tmp.message_type == SSL3_MT_CLIENT_KEY_EXCHANGE)
+		{
+		if (	(s->verify_mode & SSL_VERIFY_PEER) &&
+			(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT))
+			{
+			SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
+			al=SSL_AD_HANDSHAKE_FAILURE;
+			goto f_err;
+			}
+		/* If tls asked for a client cert we must return a 0 list */
+		if ((s->version > SSL3_VERSION) && s->s3->tmp.cert_request)
+			{
+			SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST);
+			al=SSL_AD_UNEXPECTED_MESSAGE;
+			goto f_err;
+			}
+		s->s3->tmp.reuse_message=1;
+		return(1);
+		}
+
+	if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE)
+		{
+		al=SSL_AD_UNEXPECTED_MESSAGE;
+		SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_WRONG_MESSAGE_TYPE);
+		goto f_err;
+		}
+	d=p=(unsigned char *)s->init_buf->data;
+
+	if ((sk=sk_X509_new_null()) == NULL)
+		{
+		SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+
+	n2l3(p,llen);
+	if (llen+3 != n)
+		{
+		al=SSL_AD_DECODE_ERROR;
+		SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_LENGTH_MISMATCH);
+		goto f_err;
+		}
+	for (nc=0; nc llen)
+			{
+			al=SSL_AD_DECODE_ERROR;
+			SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH);
+			goto f_err;
+			}
+
+		q=p;
+		x=d2i_X509(NULL,&p,l);
+		if (x == NULL)
+			{
+			SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,ERR_R_ASN1_LIB);
+			goto err;
+			}
+		if (p != (q+l))
+			{
+			al=SSL_AD_DECODE_ERROR;
+			SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH);
+			goto f_err;
+			}
+		if (!sk_X509_push(sk,x))
+			{
+			SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,ERR_R_MALLOC_FAILURE);
+			goto err;
+			}
+		x=NULL;
+		nc+=l+3;
+		}
+
+	if (sk_X509_num(sk) <= 0)
+		{
+		/* TLS does not mind 0 certs returned */
+		if (s->version == SSL3_VERSION)
+			{
+			al=SSL_AD_HANDSHAKE_FAILURE;
+			SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_NO_CERTIFICATES_RETURNED);
+			goto f_err;
+			}
+		/* Fail for TLS only if we required a certificate */
+		else if ((s->verify_mode & SSL_VERIFY_PEER) &&
+			 (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT))
+			{
+			SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
+			al=SSL_AD_HANDSHAKE_FAILURE;
+			goto f_err;
+			}
+		}
+	else
+		{
+		i=ssl_verify_cert_chain(s,sk);
+		if (!i)
+			{
+			al=ssl_verify_alarm_type(s->verify_result);
+			SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_NO_CERTIFICATE_RETURNED);
+			goto f_err;
+			}
+		}
+
+	if (s->session->peer != NULL) /* This should not be needed */
+		X509_free(s->session->peer);
+	s->session->peer=sk_X509_shift(sk);
+
+	/* With the current implementation, sess_cert will always be NULL
+	 * when we arrive here. */
+	if (s->session->sess_cert == NULL)
+		{
+		s->session->sess_cert = ssl_sess_cert_new();
+		if (s->session->sess_cert == NULL)
+			{
+			SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, ERR_R_MALLOC_FAILURE);
+			goto err;
+			}
+		}
+	if (s->session->sess_cert->cert_chain != NULL)
+		sk_X509_pop_free(s->session->sess_cert->cert_chain, X509_free);
+	s->session->sess_cert->cert_chain=sk;
+
+	sk=NULL;
+
+	ret=1;
+	if (0)
+		{
+f_err:
+		ssl3_send_alert(s,SSL3_AL_FATAL,al);
+		}
+err:
+	if (x != NULL) X509_free(x);
+	if (sk != NULL) sk_X509_pop_free(sk,X509_free);
+	return(ret);
+	}
+
+int ssl3_send_server_certificate(SSL *s)
+	{
+	unsigned long l;
+	X509 *x;
+
+	if (s->state == SSL3_ST_SW_CERT_A)
+		{
+		x=ssl_get_server_send_cert(s);
+		if (x == NULL)
+			{
+			SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE,SSL_R_INTERNAL_ERROR);
+			return(0);
+			}
+
+		l=ssl3_output_cert_chain(s,x);
+		s->state=SSL3_ST_SW_CERT_B;
+		s->init_num=(int)l;
+		s->init_off=0;
+		}
+
+	/* SSL3_ST_SW_CERT_B */
+	return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
+	}
diff --git a/crypto/openssl/ssl/ssl.h b/crypto/openssl/ssl/ssl.h
new file mode 100644
index 000000000000..fbe4f667fa13
--- /dev/null
+++ b/crypto/openssl/ssl/ssl.h
@@ -0,0 +1,1484 @@
+/* ssl/ssl.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_SSL_H 
+#define HEADER_SSL_H 
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#include 
+
+/* SSLeay version number for ASN.1 encoding of the session information */
+/* Version 0 - initial version
+ * Version 1 - added the optional peer certificate
+ */
+#define SSL_SESSION_ASN1_VERSION 0x0001
+
+/* text strings for the ciphers */
+#define SSL_TXT_NULL_WITH_MD5		SSL2_TXT_NULL_WITH_MD5			
+#define SSL_TXT_RC4_128_WITH_MD5	SSL2_TXT_RC4_128_WITH_MD5		
+#define SSL_TXT_RC4_128_EXPORT40_WITH_MD5 SSL2_TXT_RC4_128_EXPORT40_WITH_MD5	
+#define SSL_TXT_RC2_128_CBC_WITH_MD5	SSL2_TXT_RC2_128_CBC_WITH_MD5		
+#define SSL_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5	
+#define SSL_TXT_IDEA_128_CBC_WITH_MD5	SSL2_TXT_IDEA_128_CBC_WITH_MD5		
+#define SSL_TXT_DES_64_CBC_WITH_MD5	SSL2_TXT_DES_64_CBC_WITH_MD5		
+#define SSL_TXT_DES_64_CBC_WITH_SHA	SSL2_TXT_DES_64_CBC_WITH_SHA		
+#define SSL_TXT_DES_192_EDE3_CBC_WITH_MD5 SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5	
+#define SSL_TXT_DES_192_EDE3_CBC_WITH_SHA SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA	
+
+#define SSL_MAX_SSL_SESSION_ID_LENGTH		32
+#define SSL_MAX_SID_CTX_LENGTH			32
+
+#define SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES	(512/8)
+#define SSL_MAX_KEY_ARG_LENGTH			8
+#define SSL_MAX_MASTER_KEY_LENGTH		48
+
+/* These are used to specify which ciphers to use and not to use */
+#define SSL_TXT_LOW		"LOW"
+#define SSL_TXT_MEDIUM		"MEDIUM"
+#define SSL_TXT_HIGH		"HIGH"
+#define SSL_TXT_kFZA		"kFZA"
+#define	SSL_TXT_aFZA		"aFZA"
+#define SSL_TXT_eFZA		"eFZA"
+#define SSL_TXT_FZA		"FZA"
+
+#define	SSL_TXT_aNULL		"aNULL"
+#define	SSL_TXT_eNULL		"eNULL"
+#define	SSL_TXT_NULL		"NULL"
+
+#define SSL_TXT_kRSA		"kRSA"
+#define SSL_TXT_kDHr		"kDHr"
+#define SSL_TXT_kDHd		"kDHd"
+#define SSL_TXT_kEDH		"kEDH"
+#define	SSL_TXT_aRSA		"aRSA"
+#define	SSL_TXT_aDSS		"aDSS"
+#define	SSL_TXT_aDH		"aDH"
+#define	SSL_TXT_DSS		"DSS"
+#define SSL_TXT_DH		"DH"
+#define SSL_TXT_EDH		"EDH"
+#define SSL_TXT_ADH		"ADH"
+#define SSL_TXT_RSA		"RSA"
+#define SSL_TXT_DES		"DES"
+#define SSL_TXT_3DES		"3DES"
+#define SSL_TXT_RC4		"RC4"
+#define SSL_TXT_RC2		"RC2"
+#define SSL_TXT_IDEA		"IDEA"
+#define SSL_TXT_MD5		"MD5"
+#define SSL_TXT_SHA1		"SHA1"
+#define SSL_TXT_SHA		"SHA"
+#define SSL_TXT_EXP40		"EXP"
+#define SSL_TXT_EXPORT		"EXPORT"
+#define SSL_TXT_EXP56		"EXPORT56"
+#define SSL_TXT_SSLV2		"SSLv2"
+#define SSL_TXT_SSLV3		"SSLv3"
+#define SSL_TXT_TLSV1		"TLSv1"
+#define SSL_TXT_ALL		"ALL"
+
+/* 'DEFAULT' at the start of the cipher list insert the following string
+ * in addition to this being the default cipher string */
+#ifndef NO_RSA
+#define SSL_DEFAULT_CIPHER_LIST	"ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP"
+#else
+#define SSL_ALLOW_ADH
+#define SSL_DEFAULT_CIPHER_LIST	"HIGH:MEDIUM:LOW:ADH+3DES:ADH+RC4:ADH+DES:+EXP"
+#endif
+
+/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
+#define SSL_SENT_SHUTDOWN	1
+#define SSL_RECEIVED_SHUTDOWN	2
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#define SSL_FILETYPE_ASN1	X509_FILETYPE_ASN1
+#define SSL_FILETYPE_PEM	X509_FILETYPE_PEM
+
+/* This is needed to stop compilers complaining about the
+ * 'struct ssl_st *' function parameters used to prototype callbacks
+ * in SSL_CTX. */
+typedef struct ssl_st *ssl_crock_st;
+
+/* used to hold info on the particular ciphers used */
+typedef struct ssl_cipher_st
+	{
+	int valid;
+	const char *name;		/* text name */
+	unsigned long id;		/* id, 4 bytes, first is version */
+	unsigned long algorithms;	/* what ciphers are used */
+	unsigned long algorithm2;	/* Extra flags */
+	unsigned long mask;		/* used for matching */
+	} SSL_CIPHER;
+
+DECLARE_STACK_OF(SSL_CIPHER)
+
+typedef struct ssl_st SSL;
+typedef struct ssl_ctx_st SSL_CTX;
+
+/* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */
+typedef struct ssl_method_st
+	{
+	int version;
+	int (*ssl_new)(SSL *s);
+	void (*ssl_clear)(SSL *s);
+	void (*ssl_free)(SSL *s);
+	int (*ssl_accept)(SSL *s);
+	int (*ssl_connect)(SSL *s);
+	int (*ssl_read)(SSL *s,void *buf,int len);
+	int (*ssl_peek)(SSL *s,char *buf,int len);
+	int (*ssl_write)(SSL *s,const void *buf,int len);
+	int (*ssl_shutdown)(SSL *s);
+	int (*ssl_renegotiate)(SSL *s);
+	int (*ssl_renegotiate_check)(SSL *s);
+	long (*ssl_ctrl)(SSL *s,int cmd,long larg,char *parg);
+	long (*ssl_ctx_ctrl)(SSL_CTX *ctx,int cmd,long larg,char *parg);
+	SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr);
+	int (*put_cipher_by_char)(const SSL_CIPHER *cipher,unsigned char *ptr);
+	int (*ssl_pending)(SSL *s);
+	int (*num_ciphers)(void);
+	SSL_CIPHER *(*get_cipher)(unsigned ncipher);
+	struct ssl_method_st *(*get_ssl_method)(int version);
+	long (*get_timeout)(void);
+	struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */
+	int (*ssl_version)();
+	} SSL_METHOD;
+
+/* Lets make this into an ASN.1 type structure as follows
+ * SSL_SESSION_ID ::= SEQUENCE {
+ *	version 		INTEGER,	-- structure version number
+ *	SSLversion 		INTEGER,	-- SSL version number
+ *	Cipher 			OCTET_STRING,	-- the 3 byte cipher ID
+ *	Session_ID 		OCTET_STRING,	-- the Session ID
+ *	Master_key 		OCTET_STRING,	-- the master key
+ *	Key_Arg [ 0 ] IMPLICIT	OCTET_STRING,	-- the optional Key argument
+ *	Time [ 1 ] EXPLICIT	INTEGER,	-- optional Start Time
+ *	Timeout [ 2 ] EXPLICIT	INTEGER,	-- optional Timeout ins seconds
+ *	Peer [ 3 ] EXPLICIT	X509,		-- optional Peer Certificate
+ *	Session_ID_context [ 4 ] EXPLICIT OCTET_STRING,   -- the Session ID context
+ *	Compression [5] IMPLICIT ASN1_OBJECT	-- compression OID XXXXX
+ *	}
+ * Look in ssl/ssl_asn1.c for more details
+ * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-).
+ */
+typedef struct ssl_session_st
+	{
+	int ssl_version;	/* what ssl version session info is
+				 * being kept in here? */
+
+	/* only really used in SSLv2 */
+	unsigned int key_arg_length;
+	unsigned char key_arg[SSL_MAX_KEY_ARG_LENGTH];
+	int master_key_length;
+	unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH];
+	/* session_id - valid? */
+	unsigned int session_id_length;
+	unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH];
+	/* this is used to determine whether the session is being reused in
+	 * the appropriate context. It is up to the application to set this,
+	 * via SSL_new */
+	unsigned int sid_ctx_length;
+	unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
+
+	int not_resumable;
+
+	/* The cert is the certificate used to establish this connection */
+	struct sess_cert_st /* SESS_CERT */ *sess_cert;
+
+	/* This is the cert for the other end.
+	 * On clients, it will be the same as sess_cert->peer_key->x509
+	 * (the latter is not enough as sess_cert is not retained
+	 * in the external representation of sessions, see ssl_asn1.c). */
+	X509 *peer;
+
+	int references;
+	long timeout;
+	long time;
+
+	int compress_meth;		/* Need to lookup the method */
+
+	SSL_CIPHER *cipher;
+	unsigned long cipher_id;	/* when ASN.1 loaded, this
+					 * needs to be used to load
+					 * the 'cipher' structure */
+
+	STACK_OF(SSL_CIPHER) *ciphers; /* shared ciphers? */
+
+	CRYPTO_EX_DATA ex_data; /* application specific data */
+
+	/* These are used to make removal of session-ids more
+	 * efficient and to implement a maximum cache size. */
+	struct ssl_session_st *prev,*next;
+	} SSL_SESSION;
+
+#define SSL_OP_MICROSOFT_SESS_ID_BUG			0x00000001L
+#define SSL_OP_NETSCAPE_CHALLENGE_BUG			0x00000002L
+#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG		0x00000008L
+#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG		0x00000010L
+#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER		0x00000020L
+#define SSL_OP_MSIE_SSLV2_RSA_PADDING			0x00000040L
+#define SSL_OP_SSLEAY_080_CLIENT_DH_BUG			0x00000080L
+#define SSL_OP_TLS_D5_BUG				0x00000100L
+#define SSL_OP_TLS_BLOCK_PADDING_BUG			0x00000200L
+#define SSL_OP_TLS_ROLLBACK_BUG				0x00000400L
+
+/* If set, always create a new key when using tmp_dh parameters */
+#define SSL_OP_SINGLE_DH_USE				0x00100000L
+/* Set to also use the tmp_rsa key when doing RSA operations. */
+#define SSL_OP_EPHEMERAL_RSA				0x00200000L
+
+/* The next flag deliberately changes the ciphertest, this is a check
+ * for the PKCS#1 attack */
+#define SSL_OP_PKCS1_CHECK_1				0x08000000L
+#define SSL_OP_PKCS1_CHECK_2				0x10000000L
+#define SSL_OP_NETSCAPE_CA_DN_BUG			0x20000000L
+#define SSL_OP_NON_EXPORT_FIRST 			0x40000000L
+#define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG		0x80000000L
+#define SSL_OP_ALL					0x000FFFFFL
+
+#define SSL_OP_NO_SSLv2					0x01000000L
+#define SSL_OP_NO_SSLv3					0x02000000L
+#define SSL_OP_NO_TLSv1					0x04000000L
+
+/* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success
+ * when just a single record has been written): */
+#define SSL_MODE_ENABLE_PARTIAL_WRITE       0x00000001L
+/* Make it possible to retry SSL_write() with changed buffer location
+ * (buffer contents must stay the same!); this is not the default to avoid
+ * the misconception that non-blocking SSL_write() behaves like
+ * non-blocking write(): */
+#define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002L
+
+/* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value,
+ * they cannot be used to clear bits. */
+
+#define SSL_CTX_set_options(ctx,op) \
+	SSL_CTX_ctrl(ctx,SSL_CTRL_OPTIONS,op,NULL)
+#define SSL_CTX_get_options(ctx) \
+	SSL_CTX_ctrl(ctx,SSL_CTRL_OPTIONS,0,NULL)
+#define SSL_set_options(ssl,op) \
+	SSL_ctrl(ssl,SSL_CTRL_OPTIONS,op,NULL)
+#define SSL_get_options(ssl) \
+        SSL_ctrl(ssl,SSL_CTRL_OPTIONS,0,NULL)
+
+#define SSL_CTX_set_mode(ctx,op) \
+	SSL_CTX_ctrl(ctx,SSL_CTRL_MODE,op,NULL)
+#define SSL_CTX_get_mode(ctx) \
+	SSL_CTX_ctrl(ctx,SSL_CTRL_MODE,0,NULL)
+#define SSL_set_mode(ssl,op) \
+	SSL_ctrl(ssl,SSL_CTRL_MODE,op,NULL)
+#define SSL_get_mode(ssl) \
+        SSL_ctrl(ssl,SSL_CTRL_MODE,0,NULL)
+
+#define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT	(1024*20)
+
+typedef struct ssl_comp_st
+{
+    int id;
+    char *name;
+#ifdef HEADER_COMP_H
+    COMP_METHOD *method;
+#else
+    char *method;
+#endif
+} SSL_COMP;
+
+DECLARE_STACK_OF(SSL_COMP)
+
+struct ssl_ctx_st
+	{
+	SSL_METHOD *method;
+	unsigned long options;
+	unsigned long mode;
+
+	STACK_OF(SSL_CIPHER) *cipher_list;
+	/* same as above but sorted for lookup */
+	STACK_OF(SSL_CIPHER) *cipher_list_by_id;
+
+	struct x509_store_st /* X509_STORE */ *cert_store;
+	struct lhash_st /* LHASH */ *sessions;	/* a set of SSL_SESSION's */
+	/* Most session-ids that will be cached, default is
+	 * SSL_SESSION_CACHE_SIZE_DEFAULT. 0 is unlimited. */
+	unsigned long session_cache_size;
+	struct ssl_session_st *session_cache_head;
+	struct ssl_session_st *session_cache_tail;
+
+	/* This can have one of 2 values, ored together,
+	 * SSL_SESS_CACHE_CLIENT,
+	 * SSL_SESS_CACHE_SERVER,
+	 * Default is SSL_SESSION_CACHE_SERVER, which means only
+	 * SSL_accept which cache SSL_SESSIONS. */
+	int session_cache_mode;
+
+	/* If timeout is not 0, it is the default timeout value set
+	 * when SSL_new() is called.  This has been put in to make
+	 * life easier to set things up */
+	long session_timeout;
+
+	/* If this callback is not null, it will be called each
+	 * time a session id is added to the cache.  If this function
+	 * returns 1, it means that the callback will do a
+	 * SSL_SESSION_free() when it has finished using it.  Otherwise,
+	 * on 0, it means the callback has finished with it.
+	 * If remove_session_cb is not null, it will be called when
+	 * a session-id is removed from the cache.  Again, a return
+	 * of 0 mens that SSLeay should not SSL_SESSION_free() since
+	 * the application is doing something with it. */
+	int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess);
+	void (*remove_session_cb)(struct ssl_ctx_st *ctx,SSL_SESSION *sess);
+	SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl,
+		unsigned char *data,int len,int *copy);
+	struct
+		{
+		int sess_connect;	/* SSL new conn - started */
+		int sess_connect_renegotiate;/* SSL reneg - requested */
+		int sess_connect_good;	/* SSL new conne/reneg - finished */
+		int sess_accept;	/* SSL new accept - started */
+		int sess_accept_renegotiate;/* SSL reneg - requested */
+		int sess_accept_good;	/* SSL accept/reneg - finished */
+		int sess_miss;		/* session lookup misses  */
+		int sess_timeout;	/* reuse attempt on timeouted session */
+		int sess_cache_full;	/* session removed due to full cache */
+		int sess_hit;		/* session reuse actually done */
+		int sess_cb_hit;	/* session-id that was not
+					 * in the cache was
+					 * passed back via the callback.  This
+					 * indicates that the application is
+					 * supplying session-id's from other
+					 * processes - spooky :-) */
+		} stats;
+
+	int references;
+
+/**/	void (*info_callback)();
+
+	/* if defined, these override the X509_verify_cert() calls */
+/**/	int (*app_verify_callback)();
+/**/	char *app_verify_arg; /* never used; should be void * */
+
+	/* default values to use in SSL structures */
+/**/	struct cert_st /* CERT */ *cert;
+/**/	int read_ahead;
+/**/	int verify_mode;
+/**/	int verify_depth;
+/**/	unsigned int sid_ctx_length;
+/**/	unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
+/**/	int (*default_verify_callback)(int ok,X509_STORE_CTX *ctx);
+
+	/* Default password callback. */
+/**/	pem_password_cb *default_passwd_callback;
+
+	/* Default password callback user data. */
+/**/	void *default_passwd_callback_userdata;
+
+	/* get client cert callback */
+/**/	int (*client_cert_cb)(/* SSL *ssl, X509 **x509, EVP_PKEY **pkey */);
+
+	/* what we put in client requests */
+	STACK_OF(X509_NAME) *client_CA;
+
+/**/	int quiet_shutdown;
+
+	CRYPTO_EX_DATA ex_data;
+
+	const EVP_MD *rsa_md5;/* For SSLv2 - name is 'ssl2-md5' */
+	const EVP_MD *md5;	/* For SSLv3/TLSv1 'ssl3-md5' */
+	const EVP_MD *sha1;   /* For SSLv3/TLSv1 'ssl3->sha1' */
+
+	STACK_OF(X509) *extra_certs;
+        STACK_OF(SSL_COMP) *comp_methods; /* stack of SSL_COMP, SSLv3/TLSv1 */
+	};
+
+#define SSL_SESS_CACHE_OFF			0x0000
+#define SSL_SESS_CACHE_CLIENT			0x0001
+#define SSL_SESS_CACHE_SERVER			0x0002
+#define SSL_SESS_CACHE_BOTH	(SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER)
+#define SSL_SESS_CACHE_NO_AUTO_CLEAR		0x0080
+/* This one, when set, makes the server session-id lookup not look
+ * in the cache.  If there is an application get_session callback
+ * defined, this will still get called. */
+#define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP	0x0100
+
+#define SSL_CTX_sess_number(ctx) \
+	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_NUMBER,0,NULL)
+#define SSL_CTX_sess_connect(ctx) \
+	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT,0,NULL)
+#define SSL_CTX_sess_connect_good(ctx) \
+	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_GOOD,0,NULL)
+#define SSL_CTX_sess_connect_renegotiate(ctx) \
+	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_RENEGOTIATE,0,NULL)
+#define SSL_CTX_sess_accept(ctx) \
+	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT,0,NULL)
+#define SSL_CTX_sess_accept_renegotiate(ctx) \
+	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_RENEGOTIATE,0,NULL)
+#define SSL_CTX_sess_accept_good(ctx) \
+	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_GOOD,0,NULL)
+#define SSL_CTX_sess_hits(ctx) \
+	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_HIT,0,NULL)
+#define SSL_CTX_sess_cb_hits(ctx) \
+	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CB_HIT,0,NULL)
+#define SSL_CTX_sess_misses(ctx) \
+	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_MISSES,0,NULL)
+#define SSL_CTX_sess_timeouts(ctx) \
+	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_TIMEOUTS,0,NULL)
+#define SSL_CTX_sess_cache_full(ctx) \
+	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL)
+
+#define SSL_CTX_sess_set_new_cb(ctx,cb)	((ctx)->new_session_cb=(cb))
+#define SSL_CTX_sess_get_new_cb(ctx)	((ctx)->new_session_cb)
+#define SSL_CTX_sess_set_remove_cb(ctx,cb)	((ctx)->remove_session_cb=(cb))
+#define SSL_CTX_sess_get_remove_cb(ctx)	((ctx)->remove_session_cb)
+#define SSL_CTX_sess_set_get_cb(ctx,cb)	((ctx)->get_session_cb=(cb))
+#define SSL_CTX_sess_get_get_cb(ctx)	((ctx)->get_session_cb)
+#define SSL_CTX_set_info_callback(ctx,cb)	((ctx)->info_callback=(cb))
+#define SSL_CTX_get_info_callback(ctx)		((ctx)->info_callback)
+#define SSL_CTX_set_client_cert_cb(ctx,cb)	((ctx)->client_cert_cb=(cb))
+#define SSL_CTX_get_client_cert_cb(ctx)		((ctx)->client_cert_cb)
+
+#define SSL_NOTHING	1
+#define SSL_WRITING	2
+#define SSL_READING	3
+#define SSL_X509_LOOKUP	4
+
+/* These will only be used when doing non-blocking IO */
+#define SSL_want_nothing(s)	(SSL_want(s) == SSL_NOTHING)
+#define SSL_want_read(s)	(SSL_want(s) == SSL_READING)
+#define SSL_want_write(s)	(SSL_want(s) == SSL_WRITING)
+#define SSL_want_x509_lookup(s)	(SSL_want(s) == SSL_X509_LOOKUP)
+
+struct ssl_st
+	{
+	/* protocol version
+	 * (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION)
+	 */
+	int version;
+	int type; /* SSL_ST_CONNECT or SSL_ST_ACCEPT */
+
+	SSL_METHOD *method; /* SSLv3 */
+
+	/* There are 2 BIO's even though they are normally both the
+	 * same.  This is so data can be read and written to different
+	 * handlers */
+
+#ifdef HEADER_BIO_H
+	BIO *rbio; /* used by SSL_read */
+	BIO *wbio; /* used by SSL_write */
+	BIO *bbio; /* used during session-id reuse to concatinate
+		    * messages */
+#else
+	char *rbio; /* used by SSL_read */
+	char *wbio; /* used by SSL_write */
+	char *bbio;
+#endif
+	/* This holds a variable that indicates what we were doing
+	 * when a 0 or -1 is returned.  This is needed for
+	 * non-blocking IO so we know what request needs re-doing when
+	 * in SSL_accept or SSL_connect */
+	int rwstate;
+
+	/* true when we are actually in SSL_accept() or SSL_connect() */
+	int in_handshake;
+	int (*handshake_func)();
+
+	/* Imagine that here's a boolean member "init" that is
+	 * switched as soon as SSL_set_{accept/connect}_state
+	 * is called for the first time, so that "state" and
+	 * "handshake_func" are properly initialized.  But as
+	 * handshake_func is == 0 until then, we use this
+	 * test instead of an "init" member.
+	 */
+
+	int server;	/* are we the server side? - mostly used by SSL_clear*/
+
+	int new_session;/* 1 if we are to use a new session */
+	int quiet_shutdown;/* don't send shutdown packets */
+	int shutdown;	/* we have shut things down, 0x01 sent, 0x02
+			 * for received */
+	int state;	/* where we are */
+	int rstate;	/* where we are when reading */
+
+	BUF_MEM *init_buf;	/* buffer used during init */
+	int init_num;		/* amount read/written */
+	int init_off;		/* amount read/written */
+
+	/* used internally to point at a raw packet */
+	unsigned char *packet;
+	unsigned int packet_length;
+
+	struct ssl2_ctx_st *s2;	/* SSLv2 variables */
+	struct ssl3_ctx_st *s3;	/* SSLv3 variables */
+
+	int read_ahead;		/* Read as many input bytes as possible */
+	int hit;		/* reusing a previous session */
+
+	/* crypto */
+	STACK_OF(SSL_CIPHER) *cipher_list;
+	STACK_OF(SSL_CIPHER) *cipher_list_by_id;
+
+	/* These are the ones being used, the ones is SSL_SESSION are
+	 * the ones to be 'copied' into these ones */
+
+	EVP_CIPHER_CTX *enc_read_ctx;		/* cryptographic state */
+	const EVP_MD *read_hash;		/* used for mac generation */
+#ifdef HEADER_COMP_H
+	COMP_CTX *expand;			/* uncompress */
+#else
+	char *expand;
+#endif
+
+	EVP_CIPHER_CTX *enc_write_ctx;		/* cryptographic state */
+	const EVP_MD *write_hash;		/* used for mac generation */
+#ifdef HEADER_COMP_H
+	COMP_CTX *compress;			/* compression */
+#else
+	char *compress;	
+#endif
+
+	/* session info */
+
+	/* client cert? */
+	/* This is used to hold the server certificate used */
+	struct cert_st /* CERT */ *cert;
+
+	/* the session_id_context is used to ensure sessions are only reused
+	 * in the appropriate context */
+	unsigned int sid_ctx_length;
+	unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
+
+	/* This can also be in the session once a session is established */
+	SSL_SESSION *session;
+
+	/* Used in SSL2 and SSL3 */
+	int verify_mode;	/* 0 don't care about verify failure.
+				 * 1 fail if verify fails */
+	int verify_depth;
+	int (*verify_callback)(int ok,X509_STORE_CTX *ctx); /* fail if callback returns 0 */
+	void (*info_callback)(); /* optional informational callback */
+
+	int error;		/* error bytes to be written */
+	int error_code;		/* actual code */
+
+	SSL_CTX *ctx;
+	/* set this flag to 1 and a sleep(1) is put into all SSL_read()
+	 * and SSL_write() calls, good for nbio debuging :-) */
+	int debug;	
+
+	/* extra application data */
+	long verify_result;
+	CRYPTO_EX_DATA ex_data;
+
+	/* for server side, keep the list of CA_dn we can use */
+	STACK_OF(X509_NAME) *client_CA;
+
+	int references;
+	unsigned long options; /* protocol behaviour */
+	unsigned long mode; /* API behaviour */
+	int first_packet;
+	int client_version;	/* what was passed, used for
+				 * SSLv3/TLS rolback check */
+	};
+
+#include 
+#include 
+#include  /* This is mostly sslv3 with a few tweaks */
+#include 
+
+/* compatablity */
+#define SSL_set_app_data(s,arg)		(SSL_set_ex_data(s,0,(char *)arg))
+#define SSL_get_app_data(s)		(SSL_get_ex_data(s,0))
+#define SSL_SESSION_set_app_data(s,a)	(SSL_SESSION_set_ex_data(s,0,(char *)a))
+#define SSL_SESSION_get_app_data(s)	(SSL_SESSION_get_ex_data(s,0))
+#define SSL_CTX_get_app_data(ctx)	(SSL_CTX_get_ex_data(ctx,0))
+#define SSL_CTX_set_app_data(ctx,arg)	(SSL_CTX_set_ex_data(ctx,0,(char *)arg))
+
+/* The following are the possible values for ssl->state are are
+ * used to indicate where we are upto in the SSL connection establishment.
+ * The macros that follow are about the only things you should need to use
+ * and even then, only when using non-blocking IO.
+ * It can also be useful to work out where you were when the connection
+ * failed */
+
+#define SSL_ST_CONNECT			0x1000
+#define SSL_ST_ACCEPT			0x2000
+#define SSL_ST_MASK			0x0FFF
+#define SSL_ST_INIT			(SSL_ST_CONNECT|SSL_ST_ACCEPT)
+#define SSL_ST_BEFORE			0x4000
+#define SSL_ST_OK			0x03
+#define SSL_ST_RENEGOTIATE		(0x04|SSL_ST_INIT)
+
+#define SSL_CB_LOOP			0x01
+#define SSL_CB_EXIT			0x02
+#define SSL_CB_READ			0x04
+#define SSL_CB_WRITE			0x08
+#define SSL_CB_ALERT			0x4000 /* used in callback */
+#define SSL_CB_READ_ALERT		(SSL_CB_ALERT|SSL_CB_READ)
+#define SSL_CB_WRITE_ALERT		(SSL_CB_ALERT|SSL_CB_WRITE)
+#define SSL_CB_ACCEPT_LOOP		(SSL_ST_ACCEPT|SSL_CB_LOOP)
+#define SSL_CB_ACCEPT_EXIT		(SSL_ST_ACCEPT|SSL_CB_EXIT)
+#define SSL_CB_CONNECT_LOOP		(SSL_ST_CONNECT|SSL_CB_LOOP)
+#define SSL_CB_CONNECT_EXIT		(SSL_ST_CONNECT|SSL_CB_EXIT)
+#define SSL_CB_HANDSHAKE_START		0x10
+#define SSL_CB_HANDSHAKE_DONE		0x20
+
+/* Is the SSL_connection established? */
+#define SSL_get_state(a)		SSL_state(a)
+#define SSL_is_init_finished(a)		(SSL_state(a) == SSL_ST_OK)
+#define SSL_in_init(a)			(SSL_state(a)&SSL_ST_INIT)
+#define SSL_in_before(a)		(SSL_state(a)&SSL_ST_BEFORE)
+#define SSL_in_connect_init(a)		(SSL_state(a)&SSL_ST_CONNECT)
+#define SSL_in_accept_init(a)		(SSL_state(a)&SSL_ST_ACCEPT)
+
+/* The following 2 states are kept in ssl->rstate when reads fail,
+ * you should not need these */
+#define SSL_ST_READ_HEADER			0xF0
+#define SSL_ST_READ_BODY			0xF1
+#define SSL_ST_READ_DONE			0xF2
+
+/* use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 2 options
+ * are 'ored' with SSL_VERIFY_PEER if they are desired */
+#define SSL_VERIFY_NONE			0x00
+#define SSL_VERIFY_PEER			0x01
+#define SSL_VERIFY_FAIL_IF_NO_PEER_CERT	0x02
+#define SSL_VERIFY_CLIENT_ONCE		0x04
+
+#define SSLeay_add_ssl_algorithms()	SSL_library_init()
+
+/* this is for backward compatablility */
+#if 0 /* NEW_SSLEAY */
+#define SSL_CTX_set_default_verify(a,b,c) SSL_CTX_set_verify(a,b,c)
+#define SSL_set_pref_cipher(c,n)	SSL_set_cipher_list(c,n)
+#define SSL_add_session(a,b)            SSL_CTX_add_session((a),(b))
+#define SSL_remove_session(a,b)		SSL_CTX_remove_session((a),(b))
+#define SSL_flush_sessions(a,b)		SSL_CTX_flush_sessions((a),(b))
+#endif
+/* More backward compatablity */
+#define SSL_get_cipher(s) \
+		SSL_CIPHER_get_name(SSL_get_current_cipher(s))
+#define SSL_get_cipher_bits(s,np) \
+		SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np)
+#define SSL_get_cipher_version(s) \
+		SSL_CIPHER_get_version(SSL_get_current_cipher(s))
+#define SSL_get_cipher_name(s) \
+		SSL_CIPHER_get_name(SSL_get_current_cipher(s))
+#define SSL_get_time(a)		SSL_SESSION_get_time(a)
+#define SSL_set_time(a,b)	SSL_SESSION_set_time((a),(b))
+#define SSL_get_timeout(a)	SSL_SESSION_get_timeout(a)
+#define SSL_set_timeout(a,b)	SSL_SESSION_set_timeout((a),(b))
+
+#if 1 /*SSLEAY_MACROS*/
+#define d2i_SSL_SESSION_bio(bp,s_id) (SSL_SESSION *)ASN1_d2i_bio( \
+	(char *(*)())SSL_SESSION_new,(char *(*)())d2i_SSL_SESSION, \
+	(bp),(unsigned char **)(s_id))
+#define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio(i2d_SSL_SESSION, \
+	bp,(unsigned char *)s_id)
+#define PEM_read_SSL_SESSION(fp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read( \
+	(char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,fp,(char **)x,cb,u)
+#define PEM_read_bio_SSL_SESSION(bp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read_bio( \
+	(char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,(char **)x,cb,u)
+#define PEM_write_SSL_SESSION(fp,x) \
+	PEM_ASN1_write((int (*)())i2d_SSL_SESSION, \
+		PEM_STRING_SSL_SESSION,fp, (char *)x, NULL,NULL,0,NULL,NULL)
+#define PEM_write_bio_SSL_SESSION(bp,x) \
+	PEM_ASN1_write_bio((int (*)())i2d_SSL_SESSION, \
+		PEM_STRING_SSL_SESSION,bp, (char *)x, NULL,NULL,0,NULL,NULL)
+#endif
+
+#define SSL_AD_REASON_OFFSET		1000
+/* These alert types are for SSLv3 and TLSv1 */
+#define SSL_AD_CLOSE_NOTIFY		SSL3_AD_CLOSE_NOTIFY
+#define SSL_AD_UNEXPECTED_MESSAGE	SSL3_AD_UNEXPECTED_MESSAGE /* fatal */
+#define SSL_AD_BAD_RECORD_MAC		SSL3_AD_BAD_RECORD_MAC     /* fatal */
+#define SSL_AD_DECRYPTION_FAILED	TLS1_AD_DECRYPTION_FAILED
+#define SSL_AD_RECORD_OVERFLOW		TLS1_AD_RECORD_OVERFLOW
+#define SSL_AD_DECOMPRESSION_FAILURE	SSL3_AD_DECOMPRESSION_FAILURE/* fatal */
+#define SSL_AD_HANDSHAKE_FAILURE	SSL3_AD_HANDSHAKE_FAILURE/* fatal */
+#define SSL_AD_NO_CERTIFICATE		SSL3_AD_NO_CERTIFICATE /* Not for TLS */
+#define SSL_AD_BAD_CERTIFICATE		SSL3_AD_BAD_CERTIFICATE
+#define SSL_AD_UNSUPPORTED_CERTIFICATE	SSL3_AD_UNSUPPORTED_CERTIFICATE
+#define SSL_AD_CERTIFICATE_REVOKED	SSL3_AD_CERTIFICATE_REVOKED
+#define SSL_AD_CERTIFICATE_EXPIRED	SSL3_AD_CERTIFICATE_EXPIRED
+#define SSL_AD_CERTIFICATE_UNKNOWN	SSL3_AD_CERTIFICATE_UNKNOWN
+#define SSL_AD_ILLEGAL_PARAMETER	SSL3_AD_ILLEGAL_PARAMETER   /* fatal */
+#define SSL_AD_UNKNOWN_CA		TLS1_AD_UNKNOWN_CA	/* fatal */
+#define SSL_AD_ACCESS_DENIED		TLS1_AD_ACCESS_DENIED	/* fatal */
+#define SSL_AD_DECODE_ERROR		TLS1_AD_DECODE_ERROR	/* fatal */
+#define SSL_AD_DECRYPT_ERROR		TLS1_AD_DECRYPT_ERROR
+#define SSL_AD_EXPORT_RESTRICION	TLS1_AD_EXPORT_RESTRICION/* fatal */
+#define SSL_AD_PROTOCOL_VERSION		TLS1_AD_PROTOCOL_VERSION /* fatal */
+#define SSL_AD_INSUFFICIENT_SECURITY	TLS1_AD_INSUFFICIENT_SECURITY/* fatal */
+#define SSL_AD_INTERNAL_ERROR		TLS1_AD_INTERNAL_ERROR	/* fatal */
+#define SSL_AD_USER_CANCLED		TLS1_AD_USER_CANCLED
+#define SSL_AD_NO_RENEGOTIATION		TLS1_AD_NO_RENEGOTIATION
+
+#define SSL_ERROR_NONE			0
+#define SSL_ERROR_SSL			1
+#define SSL_ERROR_WANT_READ		2
+#define SSL_ERROR_WANT_WRITE		3
+#define SSL_ERROR_WANT_X509_LOOKUP	4
+#define SSL_ERROR_SYSCALL		5 /* look at error stack/return value/errno */
+#define SSL_ERROR_ZERO_RETURN		6
+#define SSL_ERROR_WANT_CONNECT		7
+
+#define SSL_CTRL_NEED_TMP_RSA			1
+#define SSL_CTRL_SET_TMP_RSA			2
+#define SSL_CTRL_SET_TMP_DH			3
+#define SSL_CTRL_SET_TMP_RSA_CB			4
+#define SSL_CTRL_SET_TMP_DH_CB			5
+/* Add these ones */
+#define SSL_CTRL_GET_SESSION_REUSED		6
+#define SSL_CTRL_GET_CLIENT_CERT_REQUEST	7
+#define SSL_CTRL_GET_NUM_RENEGOTIATIONS		8
+#define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS	9
+#define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS	10
+#define SSL_CTRL_GET_FLAGS			11
+#define SSL_CTRL_EXTRA_CHAIN_CERT		12
+
+/* Stats */
+#define SSL_CTRL_SESS_NUMBER			20
+#define SSL_CTRL_SESS_CONNECT			21
+#define SSL_CTRL_SESS_CONNECT_GOOD		22
+#define SSL_CTRL_SESS_CONNECT_RENEGOTIATE	23
+#define SSL_CTRL_SESS_ACCEPT			24
+#define SSL_CTRL_SESS_ACCEPT_GOOD		25
+#define SSL_CTRL_SESS_ACCEPT_RENEGOTIATE	26
+#define SSL_CTRL_SESS_HIT			27
+#define SSL_CTRL_SESS_CB_HIT			28
+#define SSL_CTRL_SESS_MISSES			29
+#define SSL_CTRL_SESS_TIMEOUTS			30
+#define SSL_CTRL_SESS_CACHE_FULL		31
+#define SSL_CTRL_OPTIONS			32
+#define SSL_CTRL_MODE			33
+
+#define SSL_CTRL_GET_READ_AHEAD			40
+#define SSL_CTRL_SET_READ_AHEAD			41
+#define SSL_CTRL_SET_SESS_CACHE_SIZE		42
+#define SSL_CTRL_GET_SESS_CACHE_SIZE		43
+#define SSL_CTRL_SET_SESS_CACHE_MODE		44
+#define SSL_CTRL_GET_SESS_CACHE_MODE		45
+
+#define SSL_session_reused(ssl) \
+	SSL_ctrl((ssl),SSL_CTRL_GET_SESSION_REUSED,0,NULL)
+#define SSL_num_renegotiations(ssl) \
+	SSL_ctrl((ssl),SSL_CTRL_GET_NUM_RENEGOTIATIONS,0,NULL)
+#define SSL_clear_num_renegotiations(ssl) \
+	SSL_ctrl((ssl),SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS,0,NULL)
+#define SSL_total_renegotiations(ssl) \
+	SSL_ctrl((ssl),SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL)
+
+#define SSL_CTX_need_tmp_RSA(ctx) \
+	SSL_CTX_ctrl(ctx,SSL_CTRL_NEED_TMP_RSA,0,NULL)
+#define SSL_CTX_set_tmp_rsa(ctx,rsa) \
+	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa)
+#define SSL_CTX_set_tmp_dh(ctx,dh) \
+	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh)
+
+#define SSL_need_tmp_RSA(ssl) \
+	SSL_ctrl(ssl,SSL_CTRL_NEED_TMP_RSA,0,NULL)
+#define SSL_set_tmp_rsa(ssl,rsa) \
+	SSL_ctrl(ssl,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa)
+#define SSL_set_tmp_dh(ssl,dh) \
+	SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)dh)
+
+#define SSL_CTX_add_extra_chain_cert(ctx,x509) \
+	SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509)
+
+/* VMS uses only 31 characters for symbols. */
+#ifdef VMS
+#undef SSL_CTX_set_cert_verify_callback
+#define SSL_CTX_set_cert_verify_callback SSL_CTX_set_cert_verify_cb
+#undef SSL_CTX_use_certificate_chain_file
+#define SSL_CTX_use_certificate_chain_file SSL_CTX_use_cert_chain_file
+#undef SSL_CTX_set_default_verify_paths
+#define SSL_CTX_set_default_verify_paths SSL_CTX_set_def_verify_paths
+#undef SSL_get_ex_data_X509_STORE_CTX_idx
+#define SSL_get_ex_data_X509_STORE_CTX_idx SSL_get_ex_data_X509_STOR_CTX_i
+#undef SSL_add_file_cert_subjects_to_stack
+#define SSL_add_file_cert_subjects_to_stack SSL_add_file_cert_sub_to_stack
+#undef SSL_add_dir_cert_subjects_to_stack
+#define SSL_add_dir_cert_subjects_to_stack SSL_add_dir_cert_sub_to_stack
+#endif
+
+#ifdef HEADER_BIO_H
+BIO_METHOD *BIO_f_ssl(void);
+BIO *BIO_new_ssl(SSL_CTX *ctx,int client);
+BIO *BIO_new_ssl_connect(SSL_CTX *ctx);
+BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx);
+int BIO_ssl_copy_session_id(BIO *to,BIO *from);
+void BIO_ssl_shutdown(BIO *ssl_bio);
+
+#endif
+
+int	SSL_CTX_set_cipher_list(SSL_CTX *,char *str);
+SSL_CTX *SSL_CTX_new(SSL_METHOD *meth);
+void	SSL_CTX_free(SSL_CTX *);
+long SSL_CTX_set_timeout(SSL_CTX *ctx,long t);
+long SSL_CTX_get_timeout(SSL_CTX *ctx);
+X509_STORE *SSL_CTX_get_cert_store(SSL_CTX *);
+void SSL_CTX_set_cert_store(SSL_CTX *,X509_STORE *);
+int SSL_want(SSL *s);
+int	SSL_clear(SSL *s);
+
+void	SSL_CTX_flush_sessions(SSL_CTX *ctx,long tm);
+
+SSL_CIPHER *SSL_get_current_cipher(SSL *s);
+int	SSL_CIPHER_get_bits(SSL_CIPHER *c,int *alg_bits);
+char *	SSL_CIPHER_get_version(SSL_CIPHER *c);
+const char *	SSL_CIPHER_get_name(SSL_CIPHER *c);
+
+int	SSL_get_fd(SSL *s);
+const char  * SSL_get_cipher_list(SSL *s,int n);
+char *	SSL_get_shared_ciphers(SSL *s, char *buf, int len);
+int	SSL_get_read_ahead(SSL * s);
+int	SSL_pending(SSL *s);
+#ifndef NO_SOCK
+int	SSL_set_fd(SSL *s, int fd);
+int	SSL_set_rfd(SSL *s, int fd);
+int	SSL_set_wfd(SSL *s, int fd);
+#endif
+#ifdef HEADER_BIO_H
+void	SSL_set_bio(SSL *s, BIO *rbio,BIO *wbio);
+BIO *	SSL_get_rbio(SSL *s);
+BIO *	SSL_get_wbio(SSL *s);
+#endif
+int	SSL_set_cipher_list(SSL *s, char *str);
+void	SSL_set_read_ahead(SSL *s, int yes);
+int	SSL_get_verify_mode(SSL *s);
+int	SSL_get_verify_depth(SSL *s);
+int	(*SSL_get_verify_callback(SSL *s))(int,X509_STORE_CTX *);
+void	SSL_set_verify(SSL *s, int mode,
+		       int (*callback)(int ok,X509_STORE_CTX *ctx));
+void	SSL_set_verify_depth(SSL *s, int depth);
+#ifndef NO_RSA
+int	SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);
+#endif
+int	SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len);
+int	SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);
+int	SSL_use_PrivateKey_ASN1(int pk,SSL *ssl, unsigned char *d, long len);
+int	SSL_use_certificate(SSL *ssl, X509 *x);
+int	SSL_use_certificate_ASN1(SSL *ssl, unsigned char *d, int len);
+
+#ifndef NO_STDIO
+int	SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type);
+int	SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type);
+int	SSL_use_certificate_file(SSL *ssl, const char *file, int type);
+int	SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type);
+int	SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type);
+int	SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type);
+int	SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); /* PEM type */
+STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file);
+int	SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
+					    const char *file);
+int	SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
+					   const char *dir);
+#endif
+
+void	ERR_load_SSL_strings(void );
+void	SSL_load_error_strings(void );
+char * 	SSL_state_string(SSL *s);
+char * 	SSL_rstate_string(SSL *s);
+char * 	SSL_state_string_long(SSL *s);
+char * 	SSL_rstate_string_long(SSL *s);
+long	SSL_SESSION_get_time(SSL_SESSION *s);
+long	SSL_SESSION_set_time(SSL_SESSION *s, long t);
+long	SSL_SESSION_get_timeout(SSL_SESSION *s);
+long	SSL_SESSION_set_timeout(SSL_SESSION *s, long t);
+void	SSL_copy_session_id(SSL *to,SSL *from);
+
+SSL_SESSION *SSL_SESSION_new(void);
+unsigned long SSL_SESSION_hash(SSL_SESSION *a);
+int	SSL_SESSION_cmp(SSL_SESSION *a,SSL_SESSION *b);
+#ifndef NO_FP_API
+int	SSL_SESSION_print_fp(FILE *fp,SSL_SESSION *ses);
+#endif
+#ifdef HEADER_BIO_H
+int	SSL_SESSION_print(BIO *fp,SSL_SESSION *ses);
+#endif
+void	SSL_SESSION_free(SSL_SESSION *ses);
+int	i2d_SSL_SESSION(SSL_SESSION *in,unsigned char **pp);
+int	SSL_set_session(SSL *to, SSL_SESSION *session);
+int	SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c);
+int	SSL_CTX_remove_session(SSL_CTX *,SSL_SESSION *c);
+SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a,unsigned char **pp,long length);
+
+#ifdef HEADER_X509_H
+X509 *	SSL_get_peer_certificate(SSL *s);
+#endif
+
+STACK_OF(X509) *SSL_get_peer_cert_chain(SSL *s);
+
+#ifdef VMS
+#define SSL_CTX_set_default_passwd_cb_userdata SSL_CTX_set_def_passwd_cb_ud
+#endif
+
+int SSL_CTX_get_verify_mode(SSL_CTX *ctx);
+int SSL_CTX_get_verify_depth(SSL_CTX *ctx);
+int (*SSL_CTX_get_verify_callback(SSL_CTX *ctx))(int,X509_STORE_CTX *);
+void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,
+			int (*callback)(int, X509_STORE_CTX *));
+void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth);
+void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(),char *arg);
+#ifndef NO_RSA
+int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);
+#endif
+int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len);
+int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);
+int SSL_CTX_use_PrivateKey_ASN1(int pk,SSL_CTX *ctx,
+	unsigned char *d, long len);
+int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);
+int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d);
+
+void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb);
+void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u);
+
+int SSL_CTX_check_private_key(SSL_CTX *ctx);
+int SSL_check_private_key(SSL *ctx);
+
+int	SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx,
+				       unsigned int sid_ctx_len);
+
+SSL *	SSL_new(SSL_CTX *ctx);
+int	SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx,
+				   unsigned int sid_ctx_len);
+void	SSL_free(SSL *ssl);
+int 	SSL_accept(SSL *ssl);
+int 	SSL_connect(SSL *ssl);
+int 	SSL_read(SSL *ssl,char *buf,int num);
+int 	SSL_peek(SSL *ssl,char *buf,int num);
+int 	SSL_write(SSL *ssl,const char *buf,int num);
+long	SSL_ctrl(SSL *ssl,int cmd, long larg, char *parg);
+long	SSL_CTX_ctrl(SSL_CTX *ctx,int cmd, long larg, char *parg);
+
+int	SSL_get_error(SSL *s,int ret_code);
+char *	SSL_get_version(SSL *s);
+
+/* This sets the 'default' SSL version that SSL_new() will create */
+int SSL_CTX_set_ssl_version(SSL_CTX *ctx,SSL_METHOD *meth);
+
+SSL_METHOD *SSLv2_method(void);		/* SSLv2 */
+SSL_METHOD *SSLv2_server_method(void);	/* SSLv2 */
+SSL_METHOD *SSLv2_client_method(void);	/* SSLv2 */
+
+SSL_METHOD *SSLv3_method(void);		/* SSLv3 */
+SSL_METHOD *SSLv3_server_method(void);	/* SSLv3 */
+SSL_METHOD *SSLv3_client_method(void);	/* SSLv3 */
+
+SSL_METHOD *SSLv23_method(void);	/* SSLv3 but can rollback to v2 */
+SSL_METHOD *SSLv23_server_method(void);	/* SSLv3 but can rollback to v2 */
+SSL_METHOD *SSLv23_client_method(void);	/* SSLv3 but can rollback to v2 */
+
+SSL_METHOD *TLSv1_method(void);		/* TLSv1.0 */
+SSL_METHOD *TLSv1_server_method(void);	/* TLSv1.0 */
+SSL_METHOD *TLSv1_client_method(void);	/* TLSv1.0 */
+
+STACK_OF(SSL_CIPHER) *SSL_get_ciphers(SSL *s);
+
+int SSL_do_handshake(SSL *s);
+int SSL_renegotiate(SSL *s);
+int SSL_shutdown(SSL *s);
+
+SSL_METHOD *SSL_get_ssl_method(SSL *s);
+int SSL_set_ssl_method(SSL *s,SSL_METHOD *method);
+char *SSL_alert_type_string_long(int value);
+char *SSL_alert_type_string(int value);
+char *SSL_alert_desc_string_long(int value);
+char *SSL_alert_desc_string(int value);
+
+void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *list);
+void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *list);
+STACK_OF(X509_NAME) *SSL_get_client_CA_list(SSL *s);
+STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(SSL_CTX *s);
+int SSL_add_client_CA(SSL *ssl,X509 *x);
+int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x);
+
+void SSL_set_connect_state(SSL *s);
+void SSL_set_accept_state(SSL *s);
+
+long SSL_get_default_timeout(SSL *s);
+
+int SSL_library_init(void );
+
+char *SSL_CIPHER_description(SSL_CIPHER *,char *buf,int size);
+STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk);
+
+SSL *SSL_dup(SSL *ssl);
+
+X509 *SSL_get_certificate(SSL *ssl);
+/* EVP_PKEY */ struct evp_pkey_st *SSL_get_privatekey(SSL *ssl);
+
+void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx,int mode);
+int SSL_CTX_get_quiet_shutdown(SSL_CTX *ctx);
+void SSL_set_quiet_shutdown(SSL *ssl,int mode);
+int SSL_get_quiet_shutdown(SSL *ssl);
+void SSL_set_shutdown(SSL *ssl,int mode);
+int SSL_get_shutdown(SSL *ssl);
+int SSL_version(SSL *ssl);
+int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx);
+int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
+	const char *CApath);
+SSL_SESSION *SSL_get_session(SSL *ssl);
+SSL_CTX *SSL_get_SSL_CTX(SSL *ssl);
+void SSL_set_info_callback(SSL *ssl,void (*cb)());
+void (*SSL_get_info_callback(SSL *ssl))();
+int SSL_state(SSL *ssl);
+
+void SSL_set_verify_result(SSL *ssl,long v);
+long SSL_get_verify_result(SSL *ssl);
+
+int SSL_set_ex_data(SSL *ssl,int idx,void *data);
+void *SSL_get_ex_data(SSL *ssl,int idx);
+int SSL_get_ex_new_index(long argl, char *argp, int (*new_func)(),
+	int (*dup_func)(), void (*free_func)());
+
+int SSL_SESSION_set_ex_data(SSL_SESSION *ss,int idx,void *data);
+void *SSL_SESSION_get_ex_data(SSL_SESSION *ss,int idx);
+int SSL_SESSION_get_ex_new_index(long argl, char *argp, int (*new_func)(),
+	int (*dup_func)(), void (*free_func)());
+
+int SSL_CTX_set_ex_data(SSL_CTX *ssl,int idx,void *data);
+void *SSL_CTX_get_ex_data(SSL_CTX *ssl,int idx);
+int SSL_CTX_get_ex_new_index(long argl, char *argp, int (*new_func)(),
+	int (*dup_func)(), void (*free_func)());
+
+int SSL_get_ex_data_X509_STORE_CTX_idx(void );
+
+#define SSL_CTX_sess_set_cache_size(ctx,t) \
+	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_SIZE,t,NULL)
+#define SSL_CTX_sess_get_cache_size(ctx) \
+	SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_SIZE,0,NULL)
+#define SSL_CTX_set_session_cache_mode(ctx,m) \
+	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_MODE,m,NULL)
+#define SSL_CTX_get_session_cache_mode(ctx) \
+	SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_MODE,0,NULL)
+
+#define SSL_CTX_get_default_read_ahead(ctx) SSL_CTX_get_read_ahead(ctx)
+#define SSL_CTX_set_default_read_ahead(ctx,m) SSL_CTX_set_read_ahead(ctx,m)
+#define SSL_CTX_get_read_ahead(ctx) \
+	SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL)
+#define SSL_CTX_set_read_ahead(ctx,m) \
+	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,0,NULL)
+
+     /* NB: the keylength is only applicable when is_export is true */
+#ifndef NO_RSA
+void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,
+				  RSA *(*cb)(SSL *ssl,int is_export,
+					     int keylength));
+
+void SSL_set_tmp_rsa_callback(SSL *ssl,
+				  RSA *(*cb)(SSL *ssl,int is_export,
+					     int keylength));
+#endif
+#ifndef NO_DH
+void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
+				 DH *(*dh)(SSL *ssl,int is_export,
+					   int keylength));
+void SSL_set_tmp_dh_callback(SSL *ssl,
+				 DH *(*dh)(SSL *ssl,int is_export,
+					   int keylength));
+#endif
+
+#ifdef HEADER_COMP_H
+int SSL_COMP_add_compression_method(int id,COMP_METHOD *cm);
+#else
+int SSL_COMP_add_compression_method(int id,char *cm);
+#endif
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+
+/* Error codes for the SSL functions. */
+
+/* Function codes. */
+#define SSL_F_CLIENT_CERTIFICATE			 100
+#define SSL_F_CLIENT_HELLO				 101
+#define SSL_F_CLIENT_MASTER_KEY				 102
+#define SSL_F_D2I_SSL_SESSION				 103
+#define SSL_F_DO_SSL3_WRITE				 104
+#define SSL_F_GET_CLIENT_FINISHED			 105
+#define SSL_F_GET_CLIENT_HELLO				 106
+#define SSL_F_GET_CLIENT_MASTER_KEY			 107
+#define SSL_F_GET_SERVER_FINISHED			 108
+#define SSL_F_GET_SERVER_HELLO				 109
+#define SSL_F_GET_SERVER_VERIFY				 110
+#define SSL_F_I2D_SSL_SESSION				 111
+#define SSL_F_READ_N					 112
+#define SSL_F_REQUEST_CERTIFICATE			 113
+#define SSL_F_SERVER_HELLO				 114
+#define SSL_F_SSL23_ACCEPT				 115
+#define SSL_F_SSL23_CLIENT_HELLO			 116
+#define SSL_F_SSL23_CONNECT				 117
+#define SSL_F_SSL23_GET_CLIENT_HELLO			 118
+#define SSL_F_SSL23_GET_SERVER_HELLO			 119
+#define SSL_F_SSL23_READ				 120
+#define SSL_F_SSL23_WRITE				 121
+#define SSL_F_SSL2_ACCEPT				 122
+#define SSL_F_SSL2_CONNECT				 123
+#define SSL_F_SSL2_ENC_INIT				 124
+#define SSL_F_SSL2_READ					 125
+#define SSL_F_SSL2_SET_CERTIFICATE			 126
+#define SSL_F_SSL2_WRITE				 127
+#define SSL_F_SSL3_ACCEPT				 128
+#define SSL_F_SSL3_CHANGE_CIPHER_STATE			 129
+#define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM		 130
+#define SSL_F_SSL3_CLIENT_HELLO				 131
+#define SSL_F_SSL3_CONNECT				 132
+#define SSL_F_SSL3_CTRL					 213
+#define SSL_F_SSL3_CTX_CTRL				 133
+#define SSL_F_SSL3_ENC					 134
+#define SSL_F_SSL3_GET_CERTIFICATE_REQUEST		 135
+#define SSL_F_SSL3_GET_CERT_VERIFY			 136
+#define SSL_F_SSL3_GET_CLIENT_CERTIFICATE		 137
+#define SSL_F_SSL3_GET_CLIENT_HELLO			 138
+#define SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE		 139
+#define SSL_F_SSL3_GET_FINISHED				 140
+#define SSL_F_SSL3_GET_KEY_EXCHANGE			 141
+#define SSL_F_SSL3_GET_MESSAGE				 142
+#define SSL_F_SSL3_GET_RECORD				 143
+#define SSL_F_SSL3_GET_SERVER_CERTIFICATE		 144
+#define SSL_F_SSL3_GET_SERVER_DONE			 145
+#define SSL_F_SSL3_GET_SERVER_HELLO			 146
+#define SSL_F_SSL3_OUTPUT_CERT_CHAIN			 147
+#define SSL_F_SSL3_READ_BYTES				 148
+#define SSL_F_SSL3_READ_N				 149
+#define SSL_F_SSL3_SEND_CERTIFICATE_REQUEST		 150
+#define SSL_F_SSL3_SEND_CLIENT_CERTIFICATE		 151
+#define SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE		 152
+#define SSL_F_SSL3_SEND_CLIENT_VERIFY			 153
+#define SSL_F_SSL3_SEND_SERVER_CERTIFICATE		 154
+#define SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE		 155
+#define SSL_F_SSL3_SETUP_BUFFERS			 156
+#define SSL_F_SSL3_SETUP_KEY_BLOCK			 157
+#define SSL_F_SSL3_WRITE_BYTES				 158
+#define SSL_F_SSL3_WRITE_PENDING			 159
+#define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK	 215
+#define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK	 216
+#define SSL_F_SSL_BAD_METHOD				 160
+#define SSL_F_SSL_BYTES_TO_CIPHER_LIST			 161
+#define SSL_F_SSL_CERT_DUP				 221
+#define SSL_F_SSL_CERT_INST				 222
+#define SSL_F_SSL_CERT_INSTANTIATE			 214
+#define SSL_F_SSL_CERT_NEW				 162
+#define SSL_F_SSL_CHECK_PRIVATE_KEY			 163
+#define SSL_F_SSL_CLEAR					 164
+#define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD		 165
+#define SSL_F_SSL_CREATE_CIPHER_LIST			 166
+#define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY			 168
+#define SSL_F_SSL_CTX_NEW				 169
+#define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT		 219
+#define SSL_F_SSL_CTX_SET_SSL_VERSION			 170
+#define SSL_F_SSL_CTX_USE_CERTIFICATE			 171
+#define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1		 172
+#define SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE	 220
+#define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE		 173
+#define SSL_F_SSL_CTX_USE_PRIVATEKEY			 174
+#define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1		 175
+#define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE		 176
+#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY			 177
+#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1		 178
+#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE		 179
+#define SSL_F_SSL_DO_HANDSHAKE				 180
+#define SSL_F_SSL_GET_NEW_SESSION			 181
+#define SSL_F_SSL_GET_PREV_SESSION			 217
+#define SSL_F_SSL_GET_SERVER_SEND_CERT			 182
+#define SSL_F_SSL_GET_SIGN_PKEY				 183
+#define SSL_F_SSL_INIT_WBIO_BUFFER			 184
+#define SSL_F_SSL_LOAD_CLIENT_CA_FILE			 185
+#define SSL_F_SSL_NEW					 186
+#define SSL_F_SSL_READ					 223
+#define SSL_F_SSL_RSA_PRIVATE_DECRYPT			 187
+#define SSL_F_SSL_RSA_PUBLIC_ENCRYPT			 188
+#define SSL_F_SSL_SESSION_NEW				 189
+#define SSL_F_SSL_SESSION_PRINT_FP			 190
+#define SSL_F_SSL_SESS_CERT_NEW				 225
+#define SSL_F_SSL_SET_CERT				 191
+#define SSL_F_SSL_SET_FD				 192
+#define SSL_F_SSL_SET_PKEY				 193
+#define SSL_F_SSL_SET_RFD				 194
+#define SSL_F_SSL_SET_SESSION				 195
+#define SSL_F_SSL_SET_SESSION_ID_CONTEXT		 218
+#define SSL_F_SSL_SET_WFD				 196
+#define SSL_F_SSL_SHUTDOWN				 224
+#define SSL_F_SSL_UNDEFINED_FUNCTION			 197
+#define SSL_F_SSL_USE_CERTIFICATE			 198
+#define SSL_F_SSL_USE_CERTIFICATE_ASN1			 199
+#define SSL_F_SSL_USE_CERTIFICATE_FILE			 200
+#define SSL_F_SSL_USE_PRIVATEKEY			 201
+#define SSL_F_SSL_USE_PRIVATEKEY_ASN1			 202
+#define SSL_F_SSL_USE_PRIVATEKEY_FILE			 203
+#define SSL_F_SSL_USE_RSAPRIVATEKEY			 204
+#define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1		 205
+#define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE		 206
+#define SSL_F_SSL_VERIFY_CERT_CHAIN			 207
+#define SSL_F_SSL_WRITE					 208
+#define SSL_F_TLS1_CHANGE_CIPHER_STATE			 209
+#define SSL_F_TLS1_ENC					 210
+#define SSL_F_TLS1_SETUP_KEY_BLOCK			 211
+#define SSL_F_WRITE_PENDING				 212
+
+/* Reason codes. */
+#define SSL_R_APP_DATA_IN_HANDSHAKE			 100
+#define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272
+#define SSL_R_BAD_ALERT_RECORD				 101
+#define SSL_R_BAD_AUTHENTICATION_TYPE			 102
+#define SSL_R_BAD_CHANGE_CIPHER_SPEC			 103
+#define SSL_R_BAD_CHECKSUM				 104
+#define SSL_R_BAD_CLIENT_REQUEST			 105
+#define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK		 106
+#define SSL_R_BAD_DECOMPRESSION				 107
+#define SSL_R_BAD_DH_G_LENGTH				 108
+#define SSL_R_BAD_DH_PUB_KEY_LENGTH			 109
+#define SSL_R_BAD_DH_P_LENGTH				 110
+#define SSL_R_BAD_DIGEST_LENGTH				 111
+#define SSL_R_BAD_DSA_SIGNATURE				 112
+#define SSL_R_BAD_LENGTH				 271
+#define SSL_R_BAD_MAC_DECODE				 113
+#define SSL_R_BAD_MESSAGE_TYPE				 114
+#define SSL_R_BAD_PACKET_LENGTH				 115
+#define SSL_R_BAD_PROTOCOL_VERSION_NUMBER		 116
+#define SSL_R_BAD_RESPONSE_ARGUMENT			 117
+#define SSL_R_BAD_RSA_DECRYPT				 118
+#define SSL_R_BAD_RSA_ENCRYPT				 119
+#define SSL_R_BAD_RSA_E_LENGTH				 120
+#define SSL_R_BAD_RSA_MODULUS_LENGTH			 121
+#define SSL_R_BAD_RSA_SIGNATURE				 122
+#define SSL_R_BAD_SIGNATURE				 123
+#define SSL_R_BAD_SSL_FILETYPE				 124
+#define SSL_R_BAD_SSL_SESSION_ID_LENGTH			 125
+#define SSL_R_BAD_STATE					 126
+#define SSL_R_BAD_WRITE_RETRY				 127
+#define SSL_R_BIO_NOT_SET				 128
+#define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG			 129
+#define SSL_R_BN_LIB					 130
+#define SSL_R_CA_DN_LENGTH_MISMATCH			 131
+#define SSL_R_CA_DN_TOO_LONG				 132
+#define SSL_R_CCS_RECEIVED_EARLY			 133
+#define SSL_R_CERTIFICATE_VERIFY_FAILED			 134
+#define SSL_R_CERT_LENGTH_MISMATCH			 135
+#define SSL_R_CHALLENGE_IS_DIFFERENT			 136
+#define SSL_R_CIPHER_CODE_WRONG_LENGTH			 137
+#define SSL_R_CIPHER_OR_HASH_UNAVAILABLE		 138
+#define SSL_R_CIPHER_TABLE_SRC_ERROR			 139
+#define SSL_R_COMPRESSED_LENGTH_TOO_LONG		 140
+#define SSL_R_COMPRESSION_FAILURE			 141
+#define SSL_R_COMPRESSION_LIBRARY_ERROR			 142
+#define SSL_R_CONNECTION_ID_IS_DIFFERENT		 143
+#define SSL_R_CONNECTION_TYPE_NOT_SET			 144
+#define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED		 145
+#define SSL_R_DATA_LENGTH_TOO_LONG			 146
+#define SSL_R_DECRYPTION_FAILED				 147
+#define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG		 148
+#define SSL_R_DIGEST_CHECK_FAILED			 149
+#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG			 150
+#define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST		 151
+#define SSL_R_EXCESSIVE_MESSAGE_SIZE			 152
+#define SSL_R_EXTRA_DATA_IN_MESSAGE			 153
+#define SSL_R_GOT_A_FIN_BEFORE_A_CCS			 154
+#define SSL_R_HTTPS_PROXY_REQUEST			 155
+#define SSL_R_HTTP_REQUEST				 156
+#define SSL_R_INTERNAL_ERROR				 157
+#define SSL_R_INVALID_CHALLENGE_LENGTH			 158
+#define SSL_R_LENGTH_MISMATCH				 159
+#define SSL_R_LENGTH_TOO_SHORT				 160
+#define SSL_R_LIBRARY_BUG				 274
+#define SSL_R_LIBRARY_HAS_NO_CIPHERS			 161
+#define SSL_R_MISSING_DH_DSA_CERT			 162
+#define SSL_R_MISSING_DH_KEY				 163
+#define SSL_R_MISSING_DH_RSA_CERT			 164
+#define SSL_R_MISSING_DSA_SIGNING_CERT			 165
+#define SSL_R_MISSING_EXPORT_TMP_DH_KEY			 166
+#define SSL_R_MISSING_EXPORT_TMP_RSA_KEY		 167
+#define SSL_R_MISSING_RSA_CERTIFICATE			 168
+#define SSL_R_MISSING_RSA_ENCRYPTING_CERT		 169
+#define SSL_R_MISSING_RSA_SIGNING_CERT			 170
+#define SSL_R_MISSING_TMP_DH_KEY			 171
+#define SSL_R_MISSING_TMP_RSA_KEY			 172
+#define SSL_R_MISSING_TMP_RSA_PKEY			 173
+#define SSL_R_MISSING_VERIFY_MESSAGE			 174
+#define SSL_R_NON_SSLV2_INITIAL_PACKET			 175
+#define SSL_R_NO_CERTIFICATES_RETURNED			 176
+#define SSL_R_NO_CERTIFICATE_ASSIGNED			 177
+#define SSL_R_NO_CERTIFICATE_RETURNED			 178
+#define SSL_R_NO_CERTIFICATE_SET			 179
+#define SSL_R_NO_CERTIFICATE_SPECIFIED			 180
+#define SSL_R_NO_CIPHERS_AVAILABLE			 181
+#define SSL_R_NO_CIPHERS_PASSED				 182
+#define SSL_R_NO_CIPHERS_SPECIFIED			 183
+#define SSL_R_NO_CIPHER_LIST				 184
+#define SSL_R_NO_CIPHER_MATCH				 185
+#define SSL_R_NO_CLIENT_CERT_RECEIVED			 186
+#define SSL_R_NO_COMPRESSION_SPECIFIED			 187
+#define SSL_R_NO_METHOD_SPECIFIED			 188
+#define SSL_R_NO_PRIVATEKEY				 189
+#define SSL_R_NO_PRIVATE_KEY_ASSIGNED			 190
+#define SSL_R_NO_PROTOCOLS_AVAILABLE			 191
+#define SSL_R_NO_PUBLICKEY				 192
+#define SSL_R_NO_SHARED_CIPHER				 193
+#define SSL_R_NO_VERIFY_CALLBACK			 194
+#define SSL_R_NULL_SSL_CTX				 195
+#define SSL_R_NULL_SSL_METHOD_PASSED			 196
+#define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED		 197
+#define SSL_R_PACKET_LENGTH_TOO_LONG			 198
+#define SSL_R_PATH_TOO_LONG				 270
+#define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE		 199
+#define SSL_R_PEER_ERROR				 200
+#define SSL_R_PEER_ERROR_CERTIFICATE			 201
+#define SSL_R_PEER_ERROR_NO_CERTIFICATE			 202
+#define SSL_R_PEER_ERROR_NO_CIPHER			 203
+#define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE	 204
+#define SSL_R_PRE_MAC_LENGTH_TOO_LONG			 205
+#define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS		 206
+#define SSL_R_PROTOCOL_IS_SHUTDOWN			 207
+#define SSL_R_PUBLIC_KEY_ENCRYPT_ERROR			 208
+#define SSL_R_PUBLIC_KEY_IS_NOT_RSA			 209
+#define SSL_R_PUBLIC_KEY_NOT_RSA			 210
+#define SSL_R_READ_BIO_NOT_SET				 211
+#define SSL_R_READ_WRONG_PACKET_TYPE			 212
+#define SSL_R_RECORD_LENGTH_MISMATCH			 213
+#define SSL_R_RECORD_TOO_LARGE				 214
+#define SSL_R_REQUIRED_CIPHER_MISSING			 215
+#define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO		 216
+#define SSL_R_REUSE_CERT_TYPE_NOT_ZERO			 217
+#define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO		 218
+#define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED		 277
+#define SSL_R_SHORT_READ				 219
+#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE	 220
+#define SSL_R_SSL23_DOING_SESSION_ID_REUSE		 221
+#define SSL_R_SSL3_SESSION_ID_TOO_SHORT			 222
+#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE		 1042
+#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC		 1020
+#define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED		 1045
+#define SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED		 1044
+#define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN		 1046
+#define SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE		 1030
+#define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE		 1040
+#define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER		 1047
+#define SSL_R_SSLV3_ALERT_NO_CERTIFICATE		 1041
+#define SSL_R_SSLV3_ALERT_PEER_ERROR_CERTIFICATE	 223
+#define SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CERTIFICATE	 224
+#define SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CIPHER		 225
+#define SSL_R_SSLV3_ALERT_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 226
+#define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE		 1010
+#define SSL_R_SSLV3_ALERT_UNKNOWN_REMOTE_ERROR_TYPE	 227
+#define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE	 1043
+#define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION	 228
+#define SSL_R_SSL_HANDSHAKE_FAILURE			 229
+#define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS		 230
+#define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG		 273
+#define SSL_R_SSL_SESSION_ID_IS_DIFFERENT		 231
+#define SSL_R_TLSV1_ALERT_ACCESS_DENIED			 1049
+#define SSL_R_TLSV1_ALERT_DECODE_ERROR			 1050
+#define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED		 1021
+#define SSL_R_TLSV1_ALERT_DECRYPT_ERROR			 1051
+#define SSL_R_TLSV1_ALERT_EXPORT_RESTRICION		 1060
+#define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY		 1071
+#define SSL_R_TLSV1_ALERT_INTERNAL_ERROR		 1080
+#define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION		 1100
+#define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION		 1070
+#define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW		 1022
+#define SSL_R_TLSV1_ALERT_UNKNOWN_CA			 1048
+#define SSL_R_TLSV1_ALERT_USER_CANCLED			 1090
+#define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER	 232
+#define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233
+#define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG	 234
+#define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER		 235
+#define SSL_R_UNABLE_TO_DECODE_DH_CERTS			 236
+#define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY		 237
+#define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS		 238
+#define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS	 239
+#define SSL_R_UNABLE_TO_FIND_SSL_METHOD			 240
+#define SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES		 241
+#define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES		 242
+#define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES		 243
+#define SSL_R_UNEXPECTED_MESSAGE			 244
+#define SSL_R_UNEXPECTED_RECORD				 245
+#define SSL_R_UNINITIALIZED				 276
+#define SSL_R_UNKNOWN_ALERT_TYPE			 246
+#define SSL_R_UNKNOWN_CERTIFICATE_TYPE			 247
+#define SSL_R_UNKNOWN_CIPHER_RETURNED			 248
+#define SSL_R_UNKNOWN_CIPHER_TYPE			 249
+#define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE			 250
+#define SSL_R_UNKNOWN_PKEY_TYPE				 251
+#define SSL_R_UNKNOWN_PROTOCOL				 252
+#define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE			 253
+#define SSL_R_UNKNOWN_SSL_VERSION			 254
+#define SSL_R_UNKNOWN_STATE				 255
+#define SSL_R_UNSUPPORTED_CIPHER			 256
+#define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM		 257
+#define SSL_R_UNSUPPORTED_PROTOCOL			 258
+#define SSL_R_UNSUPPORTED_SSL_VERSION			 259
+#define SSL_R_WRITE_BIO_NOT_SET				 260
+#define SSL_R_WRONG_CIPHER_RETURNED			 261
+#define SSL_R_WRONG_MESSAGE_TYPE			 262
+#define SSL_R_WRONG_NUMBER_OF_KEY_BITS			 263
+#define SSL_R_WRONG_SIGNATURE_LENGTH			 264
+#define SSL_R_WRONG_SIGNATURE_SIZE			 265
+#define SSL_R_WRONG_SSL_VERSION				 266
+#define SSL_R_WRONG_VERSION_NUMBER			 267
+#define SSL_R_X509_LIB					 268
+#define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS		 269
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
+
diff --git a/crypto/openssl/ssl/ssl2.h b/crypto/openssl/ssl/ssl2.h
new file mode 100644
index 000000000000..d7f24ac1b4e8
--- /dev/null
+++ b/crypto/openssl/ssl/ssl2.h
@@ -0,0 +1,265 @@
+/* ssl/ssl2.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_SSL2_H 
+#define HEADER_SSL2_H 
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* Protocol Version Codes */
+#define SSL2_VERSION		0x0002
+#define SSL2_VERSION_MAJOR	0x00
+#define SSL2_VERSION_MINOR	0x02
+/* #define SSL2_CLIENT_VERSION	0x0002 */
+/* #define SSL2_SERVER_VERSION	0x0002 */
+
+/* Protocol Message Codes */
+#define SSL2_MT_ERROR			0
+#define SSL2_MT_CLIENT_HELLO		1
+#define SSL2_MT_CLIENT_MASTER_KEY	2
+#define SSL2_MT_CLIENT_FINISHED		3
+#define SSL2_MT_SERVER_HELLO		4
+#define SSL2_MT_SERVER_VERIFY		5
+#define SSL2_MT_SERVER_FINISHED		6
+#define SSL2_MT_REQUEST_CERTIFICATE	7
+#define SSL2_MT_CLIENT_CERTIFICATE	8
+
+/* Error Message Codes */
+#define SSL2_PE_UNDEFINED_ERROR		0x0000
+#define SSL2_PE_NO_CIPHER		0x0001
+#define SSL2_PE_NO_CERTIFICATE		0x0002
+#define SSL2_PE_BAD_CERTIFICATE		0x0004
+#define SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE 0x0006
+
+/* Cipher Kind Values */
+#define SSL2_CK_NULL_WITH_MD5			0x02000000 /* v3 */
+#define SSL2_CK_RC4_128_WITH_MD5		0x02010080
+#define SSL2_CK_RC4_128_EXPORT40_WITH_MD5	0x02020080
+#define SSL2_CK_RC2_128_CBC_WITH_MD5		0x02030080
+#define SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5	0x02040080
+#define SSL2_CK_IDEA_128_CBC_WITH_MD5		0x02050080
+#define SSL2_CK_DES_64_CBC_WITH_MD5		0x02060040
+#define SSL2_CK_DES_64_CBC_WITH_SHA		0x02060140 /* v3 */
+#define SSL2_CK_DES_192_EDE3_CBC_WITH_MD5	0x020700c0
+#define SSL2_CK_DES_192_EDE3_CBC_WITH_SHA	0x020701c0 /* v3 */
+#define SSL2_CK_RC4_64_WITH_MD5			0x02080080 /* MS hack */
+ 
+#define SSL2_CK_DES_64_CFB64_WITH_MD5_1		0x02ff0800 /* SSLeay */
+#define SSL2_CK_NULL				0x02ff0810 /* SSLeay */
+
+#define SSL2_TXT_DES_64_CFB64_WITH_MD5_1	"DES-CFB-M1"
+#define SSL2_TXT_NULL_WITH_MD5			"NULL-MD5"
+#define SSL2_TXT_RC4_128_WITH_MD5		"RC4-MD5"
+#define SSL2_TXT_RC4_128_EXPORT40_WITH_MD5	"EXP-RC4-MD5"
+#define SSL2_TXT_RC2_128_CBC_WITH_MD5		"RC2-CBC-MD5"
+#define SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5	"EXP-RC2-CBC-MD5"
+#define SSL2_TXT_IDEA_128_CBC_WITH_MD5		"IDEA-CBC-MD5"
+#define SSL2_TXT_DES_64_CBC_WITH_MD5		"DES-CBC-MD5"
+#define SSL2_TXT_DES_64_CBC_WITH_SHA		"DES-CBC-SHA"
+#define SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5	"DES-CBC3-MD5"
+#define SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA	"DES-CBC3-SHA"
+#define SSL2_TXT_RC4_64_WITH_MD5		"RC4-64-MD5"
+
+#define SSL2_TXT_NULL				"NULL"
+
+/* Flags for the SSL_CIPHER.algorithm2 field */
+#define SSL2_CF_5_BYTE_ENC			0x01
+#define SSL2_CF_8_BYTE_ENC			0x02
+
+/* Certificate Type Codes */
+#define SSL2_CT_X509_CERTIFICATE		0x01
+
+/* Authentication Type Code */
+#define SSL2_AT_MD5_WITH_RSA_ENCRYPTION		0x01
+
+#define SSL2_MAX_SSL_SESSION_ID_LENGTH		32
+
+/* Upper/Lower Bounds */
+#define SSL2_MAX_MASTER_KEY_LENGTH_IN_BITS	256
+#define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER	(unsigned int)32767 
+#define SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER	16383 /**/
+
+#define SSL2_CHALLENGE_LENGTH	16
+/*#define SSL2_CHALLENGE_LENGTH	32 */
+#define SSL2_MIN_CHALLENGE_LENGTH	16
+#define SSL2_MAX_CHALLENGE_LENGTH	32
+#define SSL2_CONNECTION_ID_LENGTH	16
+#define SSL2_MAX_CONNECTION_ID_LENGTH	16
+#define SSL2_SSL_SESSION_ID_LENGTH	16
+#define SSL2_MAX_CERT_CHALLENGE_LENGTH	32
+#define SSL2_MIN_CERT_CHALLENGE_LENGTH	16
+#define SSL2_MAX_KEY_MATERIAL_LENGTH	24
+
+#ifndef HEADER_SSL_LOCL_H
+#define  CERT		char
+#endif
+
+typedef struct ssl2_ctx_st
+	{
+	int three_byte_header;
+	int clear_text;		/* clear text */
+	int escape;		/* not used in SSLv2 */
+	int ssl2_rollback;	/* used if SSLv23 rolled back to SSLv2 */
+
+	/* non-blocking io info, used to make sure the same
+	 * args were passwd */
+	unsigned int wnum;	/* number of bytes sent so far */
+	int wpend_tot;
+	const unsigned char *wpend_buf;
+
+	int wpend_off;	/* offset to data to write */
+	int wpend_len; 	/* number of bytes passwd to write */
+	int wpend_ret; 	/* number of bytes to return to caller */
+
+	/* buffer raw data */
+	int rbuf_left;
+	int rbuf_offs;
+	unsigned char *rbuf;
+	unsigned char *wbuf;
+
+	unsigned char *write_ptr;/* used to point to the start due to
+				  * 2/3 byte header. */
+
+	unsigned int padding;
+	unsigned int rlength; /* passed to ssl2_enc */
+	int ract_data_length; /* Set when things are encrypted. */
+	unsigned int wlength; /* passed to ssl2_enc */
+	int wact_data_length; /* Set when things are decrypted. */
+	unsigned char *ract_data;
+	unsigned char *wact_data;
+	unsigned char *mac_data;
+	unsigned char *pad_data;
+
+	unsigned char *read_key;
+	unsigned char *write_key;
+
+		/* Stuff specifically to do with this SSL session */
+	unsigned int challenge_length;
+	unsigned char challenge[SSL2_MAX_CHALLENGE_LENGTH];
+	unsigned int conn_id_length;
+	unsigned char conn_id[SSL2_MAX_CONNECTION_ID_LENGTH];
+	unsigned int key_material_length;
+	unsigned char key_material[SSL2_MAX_KEY_MATERIAL_LENGTH*2];
+
+	unsigned long read_sequence;
+	unsigned long write_sequence;
+
+	struct	{
+		unsigned int conn_id_length;
+		unsigned int cert_type;	
+		unsigned int cert_length;
+		int csl; 
+		int clear;
+		unsigned int enc; 
+		unsigned char ccl[SSL2_MAX_CERT_CHALLENGE_LENGTH];
+		int cipher_spec_length;
+		unsigned int session_id_length;
+		unsigned int clen;
+		unsigned int rlen;
+		} tmp;
+	} SSL2_CTX;
+
+/* SSLv2 */
+/* client */
+#define SSL2_ST_SEND_CLIENT_HELLO_A		(0x10|SSL_ST_CONNECT)
+#define SSL2_ST_SEND_CLIENT_HELLO_B		(0x11|SSL_ST_CONNECT)
+#define SSL2_ST_GET_SERVER_HELLO_A		(0x20|SSL_ST_CONNECT)
+#define SSL2_ST_GET_SERVER_HELLO_B		(0x21|SSL_ST_CONNECT)
+#define SSL2_ST_SEND_CLIENT_MASTER_KEY_A	(0x30|SSL_ST_CONNECT)
+#define SSL2_ST_SEND_CLIENT_MASTER_KEY_B	(0x31|SSL_ST_CONNECT)
+#define SSL2_ST_SEND_CLIENT_FINISHED_A		(0x40|SSL_ST_CONNECT)
+#define SSL2_ST_SEND_CLIENT_FINISHED_B		(0x41|SSL_ST_CONNECT)
+#define SSL2_ST_SEND_CLIENT_CERTIFICATE_A	(0x50|SSL_ST_CONNECT)
+#define SSL2_ST_SEND_CLIENT_CERTIFICATE_B	(0x51|SSL_ST_CONNECT)
+#define SSL2_ST_SEND_CLIENT_CERTIFICATE_C	(0x52|SSL_ST_CONNECT)
+#define SSL2_ST_SEND_CLIENT_CERTIFICATE_D	(0x53|SSL_ST_CONNECT)
+#define SSL2_ST_GET_SERVER_VERIFY_A		(0x60|SSL_ST_CONNECT)
+#define SSL2_ST_GET_SERVER_VERIFY_B		(0x61|SSL_ST_CONNECT)
+#define SSL2_ST_GET_SERVER_FINISHED_A		(0x70|SSL_ST_CONNECT)
+#define SSL2_ST_GET_SERVER_FINISHED_B		(0x71|SSL_ST_CONNECT)
+#define SSL2_ST_CLIENT_START_ENCRYPTION		(0x80|SSL_ST_CONNECT)
+#define SSL2_ST_X509_GET_CLIENT_CERTIFICATE	(0x90|SSL_ST_CONNECT)
+/* server */
+#define SSL2_ST_GET_CLIENT_HELLO_A		(0x10|SSL_ST_ACCEPT)
+#define SSL2_ST_GET_CLIENT_HELLO_B		(0x11|SSL_ST_ACCEPT)
+#define SSL2_ST_GET_CLIENT_HELLO_C		(0x12|SSL_ST_ACCEPT)
+#define SSL2_ST_SEND_SERVER_HELLO_A		(0x20|SSL_ST_ACCEPT)
+#define SSL2_ST_SEND_SERVER_HELLO_B		(0x21|SSL_ST_ACCEPT)
+#define SSL2_ST_GET_CLIENT_MASTER_KEY_A		(0x30|SSL_ST_ACCEPT)
+#define SSL2_ST_GET_CLIENT_MASTER_KEY_B		(0x31|SSL_ST_ACCEPT)
+#define SSL2_ST_SEND_SERVER_VERIFY_A		(0x40|SSL_ST_ACCEPT)
+#define SSL2_ST_SEND_SERVER_VERIFY_B		(0x41|SSL_ST_ACCEPT)
+#define SSL2_ST_SEND_SERVER_VERIFY_C		(0x42|SSL_ST_ACCEPT)
+#define SSL2_ST_GET_CLIENT_FINISHED_A		(0x50|SSL_ST_ACCEPT)
+#define SSL2_ST_GET_CLIENT_FINISHED_B		(0x51|SSL_ST_ACCEPT)
+#define SSL2_ST_SEND_SERVER_FINISHED_A		(0x60|SSL_ST_ACCEPT)
+#define SSL2_ST_SEND_SERVER_FINISHED_B		(0x61|SSL_ST_ACCEPT)
+#define SSL2_ST_SEND_REQUEST_CERTIFICATE_A	(0x70|SSL_ST_ACCEPT)
+#define SSL2_ST_SEND_REQUEST_CERTIFICATE_B	(0x71|SSL_ST_ACCEPT)
+#define SSL2_ST_SEND_REQUEST_CERTIFICATE_C	(0x72|SSL_ST_ACCEPT)
+#define SSL2_ST_SEND_REQUEST_CERTIFICATE_D	(0x73|SSL_ST_ACCEPT)
+#define SSL2_ST_SERVER_START_ENCRYPTION		(0x80|SSL_ST_ACCEPT)
+#define SSL2_ST_X509_GET_SERVER_CERTIFICATE	(0x90|SSL_ST_ACCEPT)
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
+
diff --git a/crypto/openssl/ssl/ssl23.h b/crypto/openssl/ssl/ssl23.h
new file mode 100644
index 000000000000..d3228983c759
--- /dev/null
+++ b/crypto/openssl/ssl/ssl23.h
@@ -0,0 +1,83 @@
+/* ssl/ssl23.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_SSL23_H 
+#define HEADER_SSL23_H 
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/*client */
+/* write to server */
+#define SSL23_ST_CW_CLNT_HELLO_A	(0x210|SSL_ST_CONNECT)
+#define SSL23_ST_CW_CLNT_HELLO_B	(0x211|SSL_ST_CONNECT)
+/* read from server */
+#define SSL23_ST_CR_SRVR_HELLO_A	(0x220|SSL_ST_CONNECT)
+#define SSL23_ST_CR_SRVR_HELLO_B	(0x221|SSL_ST_CONNECT)
+
+/* server */
+/* read from client */
+#define SSL23_ST_SR_CLNT_HELLO_A	(0x210|SSL_ST_ACCEPT)
+#define SSL23_ST_SR_CLNT_HELLO_B	(0x211|SSL_ST_ACCEPT)
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
+
diff --git a/crypto/openssl/ssl/ssl3.h b/crypto/openssl/ssl/ssl3.h
new file mode 100644
index 000000000000..2a9714fc19b5
--- /dev/null
+++ b/crypto/openssl/ssl/ssl3.h
@@ -0,0 +1,459 @@
+/* ssl/ssl3.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_SSL3_H 
+#define HEADER_SSL3_H 
+
+#include 
+#include 
+#include 
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#define SSL3_CK_RSA_NULL_MD5			0x03000001
+#define SSL3_CK_RSA_NULL_SHA			0x03000002
+#define SSL3_CK_RSA_RC4_40_MD5 			0x03000003
+#define SSL3_CK_RSA_RC4_128_MD5			0x03000004
+#define SSL3_CK_RSA_RC4_128_SHA			0x03000005
+#define SSL3_CK_RSA_RC2_40_MD5			0x03000006
+#define SSL3_CK_RSA_IDEA_128_SHA		0x03000007
+#define SSL3_CK_RSA_DES_40_CBC_SHA		0x03000008
+#define SSL3_CK_RSA_DES_64_CBC_SHA		0x03000009
+#define SSL3_CK_RSA_DES_192_CBC3_SHA		0x0300000A
+
+#define SSL3_CK_DH_DSS_DES_40_CBC_SHA		0x0300000B
+#define SSL3_CK_DH_DSS_DES_64_CBC_SHA		0x0300000C
+#define SSL3_CK_DH_DSS_DES_192_CBC3_SHA 	0x0300000D
+#define SSL3_CK_DH_RSA_DES_40_CBC_SHA		0x0300000E
+#define SSL3_CK_DH_RSA_DES_64_CBC_SHA		0x0300000F
+#define SSL3_CK_DH_RSA_DES_192_CBC3_SHA 	0x03000010
+
+#define SSL3_CK_EDH_DSS_DES_40_CBC_SHA		0x03000011
+#define SSL3_CK_EDH_DSS_DES_64_CBC_SHA		0x03000012
+#define SSL3_CK_EDH_DSS_DES_192_CBC3_SHA	0x03000013
+#define SSL3_CK_EDH_RSA_DES_40_CBC_SHA		0x03000014
+#define SSL3_CK_EDH_RSA_DES_64_CBC_SHA		0x03000015
+#define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA	0x03000016
+
+#define SSL3_CK_ADH_RC4_40_MD5			0x03000017
+#define SSL3_CK_ADH_RC4_128_MD5			0x03000018
+#define SSL3_CK_ADH_DES_40_CBC_SHA		0x03000019
+#define SSL3_CK_ADH_DES_64_CBC_SHA		0x0300001A
+#define SSL3_CK_ADH_DES_192_CBC_SHA		0x0300001B
+
+#define SSL3_CK_FZA_DMS_NULL_SHA		0x0300001C
+#define SSL3_CK_FZA_DMS_FZA_SHA			0x0300001D
+#define SSL3_CK_FZA_DMS_RC4_SHA			0x0300001E
+
+#define SSL3_TXT_RSA_NULL_MD5			"NULL-MD5"
+#define SSL3_TXT_RSA_NULL_SHA			"NULL-SHA"
+#define SSL3_TXT_RSA_RC4_40_MD5 		"EXP-RC4-MD5"
+#define SSL3_TXT_RSA_RC4_128_MD5		"RC4-MD5"
+#define SSL3_TXT_RSA_RC4_128_SHA		"RC4-SHA"
+#define SSL3_TXT_RSA_RC2_40_MD5			"EXP-RC2-CBC-MD5"
+#define SSL3_TXT_RSA_IDEA_128_SHA		"IDEA-CBC-SHA"
+#define SSL3_TXT_RSA_DES_40_CBC_SHA		"EXP-DES-CBC-SHA"
+#define SSL3_TXT_RSA_DES_64_CBC_SHA		"DES-CBC-SHA"
+#define SSL3_TXT_RSA_DES_192_CBC3_SHA		"DES-CBC3-SHA"
+
+#define SSL3_TXT_DH_DSS_DES_40_CBC_SHA		"EXP-DH-DSS-DES-CBC-SHA"
+#define SSL3_TXT_DH_DSS_DES_64_CBC_SHA		"DH-DSS-DES-CBC-SHA"
+#define SSL3_TXT_DH_DSS_DES_192_CBC3_SHA 	"DH-DSS-DES-CBC3-SHA"
+#define SSL3_TXT_DH_RSA_DES_40_CBC_SHA		"EXP-DH-RSA-DES-CBC-SHA"
+#define SSL3_TXT_DH_RSA_DES_64_CBC_SHA		"DH-RSA-DES-CBC-SHA"
+#define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA 	"DH-RSA-DES-CBC3-SHA"
+
+#define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA		"EXP-EDH-DSS-DES-CBC-SHA"
+#define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA		"EDH-DSS-DES-CBC-SHA"
+#define SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA	"EDH-DSS-DES-CBC3-SHA"
+#define SSL3_TXT_EDH_RSA_DES_40_CBC_SHA		"EXP-EDH-RSA-DES-CBC-SHA"
+#define SSL3_TXT_EDH_RSA_DES_64_CBC_SHA		"EDH-RSA-DES-CBC-SHA"
+#define SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA	"EDH-RSA-DES-CBC3-SHA"
+
+#define SSL3_TXT_ADH_RC4_40_MD5			"EXP-ADH-RC4-MD5"
+#define SSL3_TXT_ADH_RC4_128_MD5		"ADH-RC4-MD5"
+#define SSL3_TXT_ADH_DES_40_CBC_SHA		"EXP-ADH-DES-CBC-SHA"
+#define SSL3_TXT_ADH_DES_64_CBC_SHA		"ADH-DES-CBC-SHA"
+#define SSL3_TXT_ADH_DES_192_CBC_SHA		"ADH-DES-CBC3-SHA"
+
+#define SSL3_TXT_FZA_DMS_NULL_SHA		"FZA-NULL-SHA"
+#define SSL3_TXT_FZA_DMS_FZA_SHA		"FZA-FZA-CBC-SHA"
+#define SSL3_TXT_FZA_DMS_RC4_SHA		"FZA-RC4-SHA"
+
+#define SSL3_SSL_SESSION_ID_LENGTH		32
+#define SSL3_MAX_SSL_SESSION_ID_LENGTH		32
+
+#define SSL3_MASTER_SECRET_SIZE			48
+#define SSL3_RANDOM_SIZE			32
+#define SSL3_SESSION_ID_SIZE			32
+#define SSL3_RT_HEADER_LENGTH			5
+
+/* Due to MS stuffing up, this can change.... */
+#if defined(WIN16) || (defined(MSDOS) && !defined(WIN32))
+#define SSL3_RT_MAX_EXTRA			(14000)
+#else
+#define SSL3_RT_MAX_EXTRA			(16384)
+#endif
+
+#define SSL3_RT_MAX_PLAIN_LENGTH		16384
+#define SSL3_RT_MAX_COMPRESSED_LENGTH	(1024+SSL3_RT_MAX_PLAIN_LENGTH)
+#define SSL3_RT_MAX_ENCRYPTED_LENGTH	(1024+SSL3_RT_MAX_COMPRESSED_LENGTH)
+#define SSL3_RT_MAX_PACKET_SIZE		(SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH)
+#define SSL3_RT_MAX_DATA_SIZE			(1024*1024)
+
+/* the states that a SSL3_RECORD can be in
+ * For SSL_read it goes
+ * rbuf->ENCODED	-> read 
+ * ENCODED		-> we need to decode everything - call decode_record
+ */
+ 
+#define SSL3_RS_BLANK			1
+#define SSL3_RS_DATA
+
+#define SSL3_RS_ENCODED			2
+#define SSL3_RS_READ_MORE		3
+#define SSL3_RS_WRITE_MORE
+#define SSL3_RS_PLAIN			3
+#define SSL3_RS_PART_READ		4
+#define SSL3_RS_PART_WRITE		5
+
+#define SSL3_MD_CLIENT_FINISHED_CONST	{0x43,0x4C,0x4E,0x54}
+#define SSL3_MD_SERVER_FINISHED_CONST	{0x53,0x52,0x56,0x52}
+
+#define SSL3_VERSION			0x0300
+#define SSL3_VERSION_MAJOR		0x03
+#define SSL3_VERSION_MINOR		0x00
+
+#define SSL3_RT_CHANGE_CIPHER_SPEC	20
+#define SSL3_RT_ALERT			21
+#define SSL3_RT_HANDSHAKE		22
+#define SSL3_RT_APPLICATION_DATA	23
+
+#define SSL3_AL_WARNING			1
+#define SSL3_AL_FATAL			2
+
+#define SSL3_AD_CLOSE_NOTIFY		 0
+#define SSL3_AD_UNEXPECTED_MESSAGE	10	/* fatal */
+#define SSL3_AD_BAD_RECORD_MAC		20	/* fatal */
+#define SSL3_AD_DECOMPRESSION_FAILURE	30	/* fatal */
+#define SSL3_AD_HANDSHAKE_FAILURE	40	/* fatal */
+#define SSL3_AD_NO_CERTIFICATE		41
+#define SSL3_AD_BAD_CERTIFICATE		42
+#define SSL3_AD_UNSUPPORTED_CERTIFICATE	43
+#define SSL3_AD_CERTIFICATE_REVOKED	44
+#define SSL3_AD_CERTIFICATE_EXPIRED	45
+#define SSL3_AD_CERTIFICATE_UNKNOWN	46
+#define SSL3_AD_ILLEGAL_PARAMETER	47	/* fatal */
+
+typedef struct ssl3_record_st
+	{
+/*r */	int type;		/* type of record */
+/*  */	/*int state;*/		/* any data in it? */
+/*rw*/	unsigned int length;	/* How many bytes available */
+/*r */	unsigned int off;	/* read/write offset into 'buf' */
+/*rw*/	unsigned char *data;	/* pointer to the record data */
+/*rw*/	unsigned char *input;	/* where the decode bytes are */
+/*r */	unsigned char *comp;	/* only used with decompression - malloc()ed */
+	} SSL3_RECORD;
+
+typedef struct ssl3_buffer_st
+	{
+/*r */	int total;		/* used in non-blocking writes */
+/*r */	int wanted;		/* how many more bytes we need */
+/*rw*/	int left;		/* how many bytes left */
+/*rw*/	int offset;		/* where to 'copy from' */
+/*rw*/	unsigned char *buf;	/* SSL3_RT_MAX_PACKET_SIZE bytes */
+	} SSL3_BUFFER;
+
+#define SSL3_CT_RSA_SIGN			1
+#define SSL3_CT_DSS_SIGN			2
+#define SSL3_CT_RSA_FIXED_DH			3
+#define SSL3_CT_DSS_FIXED_DH			4
+#define SSL3_CT_RSA_EPHEMERAL_DH		5
+#define SSL3_CT_DSS_EPHEMERAL_DH		6
+#define SSL3_CT_FORTEZZA_DMS			20
+#define SSL3_CT_NUMBER				7
+
+#define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS	0x0001
+#define SSL3_FLAGS_DELAY_CLIENT_FINISHED	0x0002
+#define SSL3_FLAGS_POP_BUFFER			0x0004
+#define TLS1_FLAGS_TLS_PADDING_BUG		0x0008
+
+#if 0
+#define AD_CLOSE_NOTIFY			0
+#define AD_UNEXPECTED_MESSAGE		1
+#define AD_BAD_RECORD_MAC		2
+#define AD_DECRYPTION_FAILED		3
+#define AD_RECORD_OVERFLOW		4
+#define AD_DECOMPRESSION_FAILURE	5	/* fatal */
+#define AD_HANDSHAKE_FAILURE		6	/* fatal */
+#define AD_NO_CERTIFICATE		7	/* Not under TLS */
+#define AD_BAD_CERTIFICATE		8
+#define AD_UNSUPPORTED_CERTIFICATE	9
+#define AD_CERTIFICATE_REVOKED		10	
+#define AD_CERTIFICATE_EXPIRED		11
+#define AD_CERTIFICATE_UNKNOWN		12
+#define AD_ILLEGAL_PARAMETER		13	/* fatal */
+#define AD_UNKNOWN_CA			14	/* fatal */
+#define AD_ACCESS_DENIED		15	/* fatal */
+#define AD_DECODE_ERROR			16	/* fatal */
+#define AD_DECRYPT_ERROR		17
+#define AD_EXPORT_RESTRICION		18	/* fatal */
+#define AD_PROTOCOL_VERSION		19	/* fatal */
+#define AD_INSUFFICIENT_SECURITY	20	/* fatal */
+#define AD_INTERNAL_ERROR		21	/* fatal */
+#define AD_USER_CANCLED			22
+#define AD_NO_RENEGOTIATION		23
+#endif
+
+typedef struct ssl3_ctx_st
+	{
+	long flags;
+	int delay_buf_pop_ret;
+
+	unsigned char read_sequence[8];
+	unsigned char read_mac_secret[EVP_MAX_MD_SIZE];
+	unsigned char write_sequence[8];
+	unsigned char write_mac_secret[EVP_MAX_MD_SIZE];
+
+	unsigned char server_random[SSL3_RANDOM_SIZE];
+	unsigned char client_random[SSL3_RANDOM_SIZE];
+
+	SSL3_BUFFER rbuf;	/* read IO goes into here */
+	SSL3_BUFFER wbuf;	/* write IO goes into here */
+	SSL3_RECORD rrec;	/* each decoded record goes in here */
+	SSL3_RECORD wrec;	/* goes out from here */
+				/* Used by ssl3_read_n to point
+				 * to input data packet */
+
+	/* partial write - check the numbers match */
+	unsigned int wnum;	/* number of bytes sent so far */
+	int wpend_tot;		/* number bytes written */
+	int wpend_type;
+	int wpend_ret;		/* number of bytes submitted */
+	const unsigned char *wpend_buf;
+
+	/* used during startup, digest all incoming/outgoing packets */
+	EVP_MD_CTX finish_dgst1;
+	EVP_MD_CTX finish_dgst2;
+
+	/* this is set whenerver we see a change_cipher_spec message
+	 * come in when we are not looking for one */
+	int change_cipher_spec;
+
+	int warn_alert;
+	int fatal_alert;
+	/* we alow one fatal and one warning alert to be outstanding,
+	 * send close alert via the warning alert */
+	int alert_dispatch;
+	unsigned char send_alert[2];
+
+	/* This flag is set when we should renegotiate ASAP, basically when
+	 * there is no more data in the read or write buffers */
+	int renegotiate;
+	int total_renegotiations;
+	int num_renegotiations;
+
+	int in_read_app_data;
+
+	struct	{
+		/* Actually only needs to be 16+20 for SSLv3 and 12 for TLS */
+		unsigned char finish_md[EVP_MAX_MD_SIZE*2];
+		
+		unsigned long message_size;
+		int message_type;
+
+		/* used to hold the new cipher we are going to use */
+		SSL_CIPHER *new_cipher;
+#ifndef NO_DH
+		DH *dh;
+#endif
+		/* used when SSL_ST_FLUSH_DATA is entered */
+		int next_state;			
+
+		int reuse_message;
+
+		/* used for certificate requests */
+		int cert_req;
+		int ctype_num;
+		char ctype[SSL3_CT_NUMBER];
+		STACK_OF(X509_NAME) *ca_names;
+
+		int use_rsa_tmp;
+
+		int key_block_length;
+		unsigned char *key_block;
+
+		const EVP_CIPHER *new_sym_enc;
+		const EVP_MD *new_hash;
+#ifdef HEADER_COMP_H
+		const SSL_COMP *new_compression;
+#else
+		char *new_compression;
+#endif
+		int cert_request;
+		} tmp;
+
+	} SSL3_CTX;
+
+/* SSLv3 */
+/*client */
+/* extra state */
+#define SSL3_ST_CW_FLUSH		(0x100|SSL_ST_CONNECT)
+/* write to server */
+#define SSL3_ST_CW_CLNT_HELLO_A		(0x110|SSL_ST_CONNECT)
+#define SSL3_ST_CW_CLNT_HELLO_B		(0x111|SSL_ST_CONNECT)
+/* read from server */
+#define SSL3_ST_CR_SRVR_HELLO_A		(0x120|SSL_ST_CONNECT)
+#define SSL3_ST_CR_SRVR_HELLO_B		(0x121|SSL_ST_CONNECT)
+#define SSL3_ST_CR_CERT_A		(0x130|SSL_ST_CONNECT)
+#define SSL3_ST_CR_CERT_B		(0x131|SSL_ST_CONNECT)
+#define SSL3_ST_CR_KEY_EXCH_A		(0x140|SSL_ST_CONNECT)
+#define SSL3_ST_CR_KEY_EXCH_B		(0x141|SSL_ST_CONNECT)
+#define SSL3_ST_CR_CERT_REQ_A		(0x150|SSL_ST_CONNECT)
+#define SSL3_ST_CR_CERT_REQ_B		(0x151|SSL_ST_CONNECT)
+#define SSL3_ST_CR_SRVR_DONE_A		(0x160|SSL_ST_CONNECT)
+#define SSL3_ST_CR_SRVR_DONE_B		(0x161|SSL_ST_CONNECT)
+/* write to server */
+#define SSL3_ST_CW_CERT_A		(0x170|SSL_ST_CONNECT)
+#define SSL3_ST_CW_CERT_B		(0x171|SSL_ST_CONNECT)
+#define SSL3_ST_CW_CERT_C		(0x172|SSL_ST_CONNECT)
+#define SSL3_ST_CW_CERT_D		(0x173|SSL_ST_CONNECT)
+#define SSL3_ST_CW_KEY_EXCH_A		(0x180|SSL_ST_CONNECT)
+#define SSL3_ST_CW_KEY_EXCH_B		(0x181|SSL_ST_CONNECT)
+#define SSL3_ST_CW_CERT_VRFY_A		(0x190|SSL_ST_CONNECT)
+#define SSL3_ST_CW_CERT_VRFY_B		(0x191|SSL_ST_CONNECT)
+#define SSL3_ST_CW_CHANGE_A		(0x1A0|SSL_ST_CONNECT)
+#define SSL3_ST_CW_CHANGE_B		(0x1A1|SSL_ST_CONNECT)
+#define SSL3_ST_CW_FINISHED_A		(0x1B0|SSL_ST_CONNECT)
+#define SSL3_ST_CW_FINISHED_B		(0x1B1|SSL_ST_CONNECT)
+/* read from server */
+#define SSL3_ST_CR_CHANGE_A		(0x1C0|SSL_ST_CONNECT)
+#define SSL3_ST_CR_CHANGE_B		(0x1C1|SSL_ST_CONNECT)
+#define SSL3_ST_CR_FINISHED_A		(0x1D0|SSL_ST_CONNECT)
+#define SSL3_ST_CR_FINISHED_B		(0x1D1|SSL_ST_CONNECT)
+
+/* server */
+/* extra state */
+#define SSL3_ST_SW_FLUSH		(0x100|SSL_ST_ACCEPT)
+/* read from client */
+/* Do not change the number values, they do matter */
+#define SSL3_ST_SR_CLNT_HELLO_A		(0x110|SSL_ST_ACCEPT)
+#define SSL3_ST_SR_CLNT_HELLO_B		(0x111|SSL_ST_ACCEPT)
+#define SSL3_ST_SR_CLNT_HELLO_C		(0x112|SSL_ST_ACCEPT)
+/* write to client */
+#define SSL3_ST_SW_HELLO_REQ_A		(0x120|SSL_ST_ACCEPT)
+#define SSL3_ST_SW_HELLO_REQ_B		(0x121|SSL_ST_ACCEPT)
+#define SSL3_ST_SW_HELLO_REQ_C		(0x122|SSL_ST_ACCEPT)
+#define SSL3_ST_SW_SRVR_HELLO_A		(0x130|SSL_ST_ACCEPT)
+#define SSL3_ST_SW_SRVR_HELLO_B		(0x131|SSL_ST_ACCEPT)
+#define SSL3_ST_SW_CERT_A		(0x140|SSL_ST_ACCEPT)
+#define SSL3_ST_SW_CERT_B		(0x141|SSL_ST_ACCEPT)
+#define SSL3_ST_SW_KEY_EXCH_A		(0x150|SSL_ST_ACCEPT)
+#define SSL3_ST_SW_KEY_EXCH_B		(0x151|SSL_ST_ACCEPT)
+#define SSL3_ST_SW_CERT_REQ_A		(0x160|SSL_ST_ACCEPT)
+#define SSL3_ST_SW_CERT_REQ_B		(0x161|SSL_ST_ACCEPT)
+#define SSL3_ST_SW_SRVR_DONE_A		(0x170|SSL_ST_ACCEPT)
+#define SSL3_ST_SW_SRVR_DONE_B		(0x171|SSL_ST_ACCEPT)
+/* read from client */
+#define SSL3_ST_SR_CERT_A		(0x180|SSL_ST_ACCEPT)
+#define SSL3_ST_SR_CERT_B		(0x181|SSL_ST_ACCEPT)
+#define SSL3_ST_SR_KEY_EXCH_A		(0x190|SSL_ST_ACCEPT)
+#define SSL3_ST_SR_KEY_EXCH_B		(0x191|SSL_ST_ACCEPT)
+#define SSL3_ST_SR_CERT_VRFY_A		(0x1A0|SSL_ST_ACCEPT)
+#define SSL3_ST_SR_CERT_VRFY_B		(0x1A1|SSL_ST_ACCEPT)
+#define SSL3_ST_SR_CHANGE_A		(0x1B0|SSL_ST_ACCEPT)
+#define SSL3_ST_SR_CHANGE_B		(0x1B1|SSL_ST_ACCEPT)
+#define SSL3_ST_SR_FINISHED_A		(0x1C0|SSL_ST_ACCEPT)
+#define SSL3_ST_SR_FINISHED_B		(0x1C1|SSL_ST_ACCEPT)
+/* write to client */
+#define SSL3_ST_SW_CHANGE_A		(0x1D0|SSL_ST_ACCEPT)
+#define SSL3_ST_SW_CHANGE_B		(0x1D1|SSL_ST_ACCEPT)
+#define SSL3_ST_SW_FINISHED_A		(0x1E0|SSL_ST_ACCEPT)
+#define SSL3_ST_SW_FINISHED_B		(0x1E1|SSL_ST_ACCEPT)
+
+#define SSL3_MT_CLIENT_REQUEST			0
+#define SSL3_MT_CLIENT_HELLO			1
+#define SSL3_MT_SERVER_HELLO			2
+#define SSL3_MT_CERTIFICATE			11
+#define SSL3_MT_SERVER_KEY_EXCHANGE		12
+#define SSL3_MT_CERTIFICATE_REQUEST		13
+#define SSL3_MT_SERVER_DONE			14
+#define SSL3_MT_CERTIFICATE_VERIFY		15
+#define SSL3_MT_CLIENT_KEY_EXCHANGE		16
+#define SSL3_MT_FINISHED			20
+
+#define SSL3_MT_CCS				1
+
+/* These are used when changing over to a new cipher */
+#define SSL3_CC_READ		0x01
+#define SSL3_CC_WRITE		0x02
+#define SSL3_CC_CLIENT		0x10
+#define SSL3_CC_SERVER		0x20
+#define SSL3_CHANGE_CIPHER_CLIENT_WRITE	(SSL3_CC_CLIENT|SSL3_CC_WRITE)	
+#define SSL3_CHANGE_CIPHER_SERVER_READ	(SSL3_CC_SERVER|SSL3_CC_READ)
+#define SSL3_CHANGE_CIPHER_CLIENT_READ	(SSL3_CC_CLIENT|SSL3_CC_READ)
+#define SSL3_CHANGE_CIPHER_SERVER_WRITE	(SSL3_CC_SERVER|SSL3_CC_WRITE)
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
+
diff --git a/crypto/openssl/ssl/ssl_algs.c b/crypto/openssl/ssl/ssl_algs.c
new file mode 100644
index 000000000000..a91ee6d22e45
--- /dev/null
+++ b/crypto/openssl/ssl/ssl_algs.c
@@ -0,0 +1,103 @@
+/* ssl/ssl_algs.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+#include "ssl_locl.h"
+
+int SSL_library_init(void)
+	{
+#ifndef NO_DES
+	EVP_add_cipher(EVP_des_cbc());
+	EVP_add_cipher(EVP_des_ede3_cbc());
+#endif
+#ifndef NO_IDEA
+	EVP_add_cipher(EVP_idea_cbc());
+#endif
+#ifndef NO_RC4
+	EVP_add_cipher(EVP_rc4());
+#endif  
+#ifndef NO_RC2
+	EVP_add_cipher(EVP_rc2_cbc());
+#endif  
+
+#ifndef NO_MD2
+	EVP_add_digest(EVP_md2());
+#endif
+#ifndef NO_MD5
+	EVP_add_digest(EVP_md5());
+	EVP_add_digest_alias(SN_md5,"ssl2-md5");
+	EVP_add_digest_alias(SN_md5,"ssl3-md5");
+#endif
+#ifndef NO_SHA
+	EVP_add_digest(EVP_sha1()); /* RSA with sha1 */
+	EVP_add_digest_alias(SN_sha1,"ssl3-sha1");
+#endif
+#if !defined(NO_SHA) && !defined(NO_DSA)
+	EVP_add_digest(EVP_dss1()); /* DSA with sha1 */
+#endif
+
+	/* If you want support for phased out ciphers, add the following */
+#if 0
+	EVP_add_digest(EVP_sha());
+	EVP_add_digest(EVP_dss());
+#endif
+	return(1);
+	}
+
diff --git a/crypto/openssl/ssl/ssl_asn1.c b/crypto/openssl/ssl/ssl_asn1.c
new file mode 100644
index 000000000000..0f6a0884e4af
--- /dev/null
+++ b/crypto/openssl/ssl/ssl_asn1.c
@@ -0,0 +1,327 @@
+/* ssl/ssl_asn1.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+#include 
+#include "ssl_locl.h"
+
+typedef struct ssl_session_asn1_st
+	{
+	ASN1_INTEGER version;
+	ASN1_INTEGER ssl_version;
+	ASN1_OCTET_STRING cipher;
+	ASN1_OCTET_STRING master_key;
+	ASN1_OCTET_STRING session_id;
+	ASN1_OCTET_STRING session_id_context;
+	ASN1_OCTET_STRING key_arg;
+	ASN1_INTEGER time;
+	ASN1_INTEGER timeout;
+	} SSL_SESSION_ASN1;
+
+int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
+	{
+#define LSIZE2 (sizeof(long)*2)
+	int v1=0,v2=0,v3=0,v4=0;
+	unsigned char buf[4],ibuf1[LSIZE2],ibuf2[LSIZE2];
+	unsigned char ibuf3[LSIZE2],ibuf4[LSIZE2];
+	long l;
+	SSL_SESSION_ASN1 a;
+	M_ASN1_I2D_vars(in);
+
+	if ((in == NULL) || ((in->cipher == NULL) && (in->cipher_id == 0)))
+		return(0);
+
+	/* Note that I cheat in the following 2 assignments.  I know
+	 * that if the ASN1_INTERGER passed to ASN1_INTEGER_set
+	 * is > sizeof(long)+1, the buffer will not be re-Malloc()ed.
+	 * This is a bit evil but makes things simple, no dynamic allocation
+	 * to clean up :-) */
+	a.version.length=LSIZE2;
+	a.version.type=V_ASN1_INTEGER;
+	a.version.data=ibuf1;
+	ASN1_INTEGER_set(&(a.version),SSL_SESSION_ASN1_VERSION);
+
+	a.ssl_version.length=LSIZE2;
+	a.ssl_version.type=V_ASN1_INTEGER;
+	a.ssl_version.data=ibuf2;
+	ASN1_INTEGER_set(&(a.ssl_version),in->ssl_version);
+
+	a.cipher.type=V_ASN1_OCTET_STRING;
+	a.cipher.data=buf;
+
+	if (in->cipher == NULL)
+		l=in->cipher_id;
+	else
+		l=in->cipher->id;
+	if (in->ssl_version == SSL2_VERSION)
+		{
+		a.cipher.length=3;
+		buf[0]=((unsigned char)(l>>16L))&0xff;
+		buf[1]=((unsigned char)(l>> 8L))&0xff;
+		buf[2]=((unsigned char)(l     ))&0xff;
+		}
+	else
+		{
+		a.cipher.length=2;
+		buf[0]=((unsigned char)(l>>8L))&0xff;
+		buf[1]=((unsigned char)(l    ))&0xff;
+		}
+
+	a.master_key.length=in->master_key_length;
+	a.master_key.type=V_ASN1_OCTET_STRING;
+	a.master_key.data=in->master_key;
+
+	a.session_id.length=in->session_id_length;
+	a.session_id.type=V_ASN1_OCTET_STRING;
+	a.session_id.data=in->session_id;
+
+	a.session_id_context.length=in->sid_ctx_length;
+	a.session_id_context.type=V_ASN1_OCTET_STRING;
+	a.session_id_context.data=in->sid_ctx;
+
+	a.key_arg.length=in->key_arg_length;
+	a.key_arg.type=V_ASN1_OCTET_STRING;
+	a.key_arg.data=in->key_arg;
+
+	if (in->time != 0L)
+		{
+		a.time.length=LSIZE2;
+		a.time.type=V_ASN1_INTEGER;
+		a.time.data=ibuf3;
+		ASN1_INTEGER_set(&(a.time),in->time);
+		}
+
+	if (in->timeout != 0L)
+		{
+		a.timeout.length=LSIZE2;
+		a.timeout.type=V_ASN1_INTEGER;
+		a.timeout.data=ibuf4;
+		ASN1_INTEGER_set(&(a.timeout),in->timeout);
+		}
+
+	M_ASN1_I2D_len(&(a.version),		i2d_ASN1_INTEGER);
+	M_ASN1_I2D_len(&(a.ssl_version),	i2d_ASN1_INTEGER);
+	M_ASN1_I2D_len(&(a.cipher),		i2d_ASN1_OCTET_STRING);
+	M_ASN1_I2D_len(&(a.session_id),		i2d_ASN1_OCTET_STRING);
+	M_ASN1_I2D_len(&(a.master_key),		i2d_ASN1_OCTET_STRING);
+	if (in->key_arg_length > 0)
+		M_ASN1_I2D_len_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING);
+	if (in->time != 0L)
+		M_ASN1_I2D_len_EXP_opt(&(a.time),i2d_ASN1_INTEGER,1,v1);
+	if (in->timeout != 0L)
+		M_ASN1_I2D_len_EXP_opt(&(a.timeout),i2d_ASN1_INTEGER,2,v2);
+	if (in->peer != NULL)
+		M_ASN1_I2D_len_EXP_opt(in->peer,i2d_X509,3,v3);
+	M_ASN1_I2D_len_EXP_opt(&a.session_id_context,i2d_ASN1_OCTET_STRING,4,v4);
+
+	M_ASN1_I2D_seq_total();
+
+	M_ASN1_I2D_put(&(a.version),		i2d_ASN1_INTEGER);
+	M_ASN1_I2D_put(&(a.ssl_version),	i2d_ASN1_INTEGER);
+	M_ASN1_I2D_put(&(a.cipher),		i2d_ASN1_OCTET_STRING);
+	M_ASN1_I2D_put(&(a.session_id),		i2d_ASN1_OCTET_STRING);
+	M_ASN1_I2D_put(&(a.master_key),		i2d_ASN1_OCTET_STRING);
+	if (in->key_arg_length > 0)
+		M_ASN1_I2D_put_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING,0);
+	if (in->time != 0L)
+		M_ASN1_I2D_put_EXP_opt(&(a.time),i2d_ASN1_INTEGER,1,v1);
+	if (in->timeout != 0L)
+		M_ASN1_I2D_put_EXP_opt(&(a.timeout),i2d_ASN1_INTEGER,2,v2);
+	if (in->peer != NULL)
+		M_ASN1_I2D_put_EXP_opt(in->peer,i2d_X509,3,v3);
+	M_ASN1_I2D_put_EXP_opt(&a.session_id_context,i2d_ASN1_OCTET_STRING,4,
+			       v4);
+
+	M_ASN1_I2D_finish();
+	}
+
+SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, unsigned char **pp,
+	     long length)
+	{
+	int version,ssl_version=0,i;
+	long id;
+	ASN1_INTEGER ai,*aip;
+	ASN1_OCTET_STRING os,*osp;
+	M_ASN1_D2I_vars(a,SSL_SESSION *,SSL_SESSION_new);
+
+	aip= &ai;
+	osp= &os;
+
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+
+	ai.data=NULL; ai.length=0;
+	M_ASN1_D2I_get(aip,d2i_ASN1_INTEGER);
+	version=(int)ASN1_INTEGER_get(aip);
+	if (ai.data != NULL) { Free(ai.data); ai.data=NULL; ai.length=0; }
+
+	/* we don't care about the version right now :-) */
+	M_ASN1_D2I_get(aip,d2i_ASN1_INTEGER);
+	ssl_version=(int)ASN1_INTEGER_get(aip);
+	ret->ssl_version=ssl_version;
+	if (ai.data != NULL) { Free(ai.data); ai.data=NULL; ai.length=0; }
+
+	os.data=NULL; os.length=0;
+	M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING);
+	if (ssl_version == SSL2_VERSION)
+		{
+		if (os.length != 3)
+			{
+			c.error=SSL_R_CIPHER_CODE_WRONG_LENGTH;
+			goto err;
+			}
+		id=0x02000000L|
+			((unsigned long)os.data[0]<<16L)|
+			((unsigned long)os.data[1]<< 8L)|
+			 (unsigned long)os.data[2];
+		}
+	else if ((ssl_version>>8) == 3)
+		{
+		if (os.length != 2)
+			{
+			c.error=SSL_R_CIPHER_CODE_WRONG_LENGTH;
+			goto err;
+			}
+		id=0x03000000L|
+			((unsigned long)os.data[0]<<8L)|
+			 (unsigned long)os.data[1];
+		}
+	else
+		{
+		SSLerr(SSL_F_D2I_SSL_SESSION,SSL_R_UNKNOWN_SSL_VERSION);
+		return(NULL);
+		}
+	
+	ret->cipher=NULL;
+	ret->cipher_id=id;
+
+	M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING);
+	if ((ssl_version>>8) == SSL3_VERSION)
+		i=SSL3_MAX_SSL_SESSION_ID_LENGTH;
+	else /* if (ssl_version == SSL2_VERSION) */
+		i=SSL2_MAX_SSL_SESSION_ID_LENGTH;
+
+	if (os.length > i)
+		os.length=i;
+
+	ret->session_id_length=os.length;
+	memcpy(ret->session_id,os.data,os.length);
+
+	M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING);
+	if (ret->master_key_length > SSL_MAX_MASTER_KEY_LENGTH)
+		ret->master_key_length=SSL_MAX_MASTER_KEY_LENGTH;
+	else
+		ret->master_key_length=os.length;
+	memcpy(ret->master_key,os.data,ret->master_key_length);
+
+	os.length=0;
+	M_ASN1_D2I_get_IMP_opt(osp,d2i_ASN1_OCTET_STRING,0,V_ASN1_OCTET_STRING);
+	if (os.length > SSL_MAX_KEY_ARG_LENGTH)
+		ret->key_arg_length=SSL_MAX_KEY_ARG_LENGTH;
+	else
+		ret->key_arg_length=os.length;
+	memcpy(ret->key_arg,os.data,ret->key_arg_length);
+	if (os.data != NULL) Free(os.data);
+
+	ai.length=0;
+	M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,1);
+	if (ai.data != NULL)
+		{
+		ret->time=ASN1_INTEGER_get(aip);
+		Free(ai.data); ai.data=NULL; ai.length=0;
+		}
+	else
+		ret->time=time(NULL);
+
+	ai.length=0;
+	M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,2);
+	if (ai.data != NULL)
+		{
+		ret->timeout=ASN1_INTEGER_get(aip);
+		Free(ai.data); ai.data=NULL; ai.length=0;
+		}
+	else
+		ret->timeout=3;
+
+	if (ret->peer != NULL)
+		{
+		X509_free(ret->peer);
+		ret->peer=NULL;
+		}
+	M_ASN1_D2I_get_EXP_opt(ret->peer,d2i_X509,3);
+
+	os.length=0;
+	os.data=NULL;
+	M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,4);
+
+	if(os.data != NULL)
+	    {
+	    if (os.length > SSL_MAX_SID_CTX_LENGTH)
+		SSLerr(SSL_F_D2I_SSL_SESSION,SSL_R_BAD_LENGTH);
+	    ret->sid_ctx_length=os.length;
+	    memcpy(ret->sid_ctx,os.data,os.length);
+	    Free(os.data); os.data=NULL; os.length=0;
+	    }
+	else
+	    ret->sid_ctx_length=0;
+
+	M_ASN1_D2I_Finish(a,SSL_SESSION_free,SSL_F_D2I_SSL_SESSION);
+	}
+
diff --git a/crypto/openssl/ssl/ssl_cert.c b/crypto/openssl/ssl/ssl_cert.c
new file mode 100644
index 000000000000..6d2511f76c27
--- /dev/null
+++ b/crypto/openssl/ssl/ssl_cert.c
@@ -0,0 +1,716 @@
+/*! \file ssl/ssl_cert.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include 
+#include 
+#if !defined(WIN32) && !defined(VSM) && !defined(NeXT)
+#include 
+#endif
+#ifdef NeXT
+#include 
+#define dirent direct
+#endif
+#include 
+#include 
+#include 
+#include "ssl_locl.h"
+
+int SSL_get_ex_data_X509_STORE_CTX_idx(void)
+	{
+	static int ssl_x509_store_ctx_idx= -1;
+
+	if (ssl_x509_store_ctx_idx < 0)
+		{
+		ssl_x509_store_ctx_idx=X509_STORE_CTX_get_ex_new_index(
+			0,"SSL for verify callback",NULL,NULL,NULL);
+		}
+	return(ssl_x509_store_ctx_idx);
+	}
+
+CERT *ssl_cert_new(void)
+	{
+	CERT *ret;
+
+	ret=(CERT *)Malloc(sizeof(CERT));
+	if (ret == NULL)
+		{
+		SSLerr(SSL_F_SSL_CERT_NEW,ERR_R_MALLOC_FAILURE);
+		return(NULL);
+		}
+	memset(ret,0,sizeof(CERT));
+
+	ret->key= &(ret->pkeys[SSL_PKEY_RSA_ENC]);
+	ret->references=1;
+
+	return(ret);
+	}
+
+CERT *ssl_cert_dup(CERT *cert)
+	{
+	CERT *ret;
+	int i;
+
+	ret = (CERT *)Malloc(sizeof(CERT));
+	if (ret == NULL)
+		{
+		SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE);
+		return(NULL);
+		}
+
+	memset(ret, 0, sizeof(CERT));
+
+	ret->key = &ret->pkeys[cert->key - &cert->pkeys[0]];
+	/* or ret->key = ret->pkeys + (cert->key - cert->pkeys),
+	 * if you find that more readable */
+
+	ret->valid = cert->valid;
+	ret->mask = cert->mask;
+	ret->export_mask = cert->export_mask;
+
+#ifndef NO_RSA
+	if (cert->rsa_tmp != NULL)
+		{
+		ret->rsa_tmp = cert->rsa_tmp;
+		CRYPTO_add(&ret->rsa_tmp->references, 1, CRYPTO_LOCK_RSA);
+		}
+	ret->rsa_tmp_cb = cert->rsa_tmp_cb;
+#endif
+
+#ifndef NO_DH
+	if (cert->dh_tmp != NULL)
+		{
+		/* DH parameters don't have a reference count (and cannot
+		 * reasonably be shared anyway, as the secret exponent may
+		 * be created just when it is needed -- earlier library
+		 * versions did not pay attention to this) */
+		ret->dh_tmp = DHparams_dup(cert->dh_tmp);
+		if (ret->dh_tmp == NULL)
+			{
+			SSLerr(SSL_F_SSL_CERT_NEW, ERR_R_DH_LIB);
+			goto err;
+			}
+		}
+	ret->dh_tmp_cb = cert->dh_tmp_cb;
+#endif
+
+	for (i = 0; i < SSL_PKEY_NUM; i++)
+		{
+		if (cert->pkeys[i].x509 != NULL)
+			{
+			ret->pkeys[i].x509 = cert->pkeys[i].x509;
+			CRYPTO_add(&ret->pkeys[i].x509->references, 1,
+				CRYPTO_LOCK_X509);
+			}
+		
+		if (cert->pkeys[i].privatekey != NULL)
+			{
+			ret->pkeys[i].privatekey = cert->pkeys[i].privatekey;
+			CRYPTO_add(&ret->pkeys[i].privatekey->references, 1,
+				CRYPTO_LOCK_EVP_PKEY);
+
+			switch(i) 
+				{
+				/* If there was anything special to do for
+				 * certain types of keys, we'd do it here.
+				 * (Nothing at the moment, I think.) */
+
+			case SSL_PKEY_RSA_ENC:
+			case SSL_PKEY_RSA_SIGN:
+				/* We have an RSA key. */
+				break;
+				
+			case SSL_PKEY_DSA_SIGN:
+				/* We have a DSA key. */
+				break;
+				
+			case SSL_PKEY_DH_RSA:
+			case SSL_PKEY_DH_DSA:
+				/* We have a DH key. */
+				break;
+				
+			default:
+				/* Can't happen. */
+				SSLerr(SSL_F_SSL_CERT_DUP, SSL_R_LIBRARY_BUG);
+				}
+			}
+		}
+	
+	/* ret->extra_certs *should* exist, but currently the own certificate
+	 * chain is held inside SSL_CTX */
+
+	ret->references=1;
+
+	return(ret);
+	
+err:
+#ifndef NO_RSA
+	if (ret->rsa_tmp != NULL)
+		RSA_free(ret->rsa_tmp);
+#endif
+#ifndef NO_DH
+	if (ret->dh_tmp != NULL)
+		DH_free(ret->dh_tmp);
+#endif
+
+	for (i = 0; i < SSL_PKEY_NUM; i++)
+		{
+		if (ret->pkeys[i].x509 != NULL)
+			X509_free(ret->pkeys[i].x509);
+		if (ret->pkeys[i].privatekey != NULL)
+			EVP_PKEY_free(ret->pkeys[i].privatekey);
+		}
+
+	return NULL;
+	}
+
+
+void ssl_cert_free(CERT *c)
+	{
+	int i;
+
+	if(c == NULL)
+	    return;
+
+	i=CRYPTO_add(&c->references,-1,CRYPTO_LOCK_SSL_CERT);
+#ifdef REF_PRINT
+	REF_PRINT("CERT",c);
+#endif
+	if (i > 0) return;
+#ifdef REF_CHECK
+	if (i < 0)
+		{
+		fprintf(stderr,"ssl_cert_free, bad reference count\n");
+		abort(); /* ok */
+		}
+#endif
+
+#ifndef NO_RSA
+	if (c->rsa_tmp) RSA_free(c->rsa_tmp);
+#endif
+#ifndef NO_DH
+	if (c->dh_tmp) DH_free(c->dh_tmp);
+#endif
+
+	for (i=0; ipkeys[i].x509 != NULL)
+			X509_free(c->pkeys[i].x509);
+		if (c->pkeys[i].privatekey != NULL)
+			EVP_PKEY_free(c->pkeys[i].privatekey);
+#if 0
+		if (c->pkeys[i].publickey != NULL)
+			EVP_PKEY_free(c->pkeys[i].publickey);
+#endif
+		}
+	Free(c);
+	}
+
+int ssl_cert_inst(CERT **o)
+	{
+	/* Create a CERT if there isn't already one
+	 * (which cannot really happen, as it is initially created in
+	 * SSL_CTX_new; but the earlier code usually allows for that one
+	 * being non-existant, so we follow that behaviour, as it might
+	 * turn out that there actually is a reason for it -- but I'm
+	 * not sure that *all* of the existing code could cope with
+	 * s->cert being NULL, otherwise we could do without the
+	 * initialization in SSL_CTX_new).
+	 */
+	
+	if (o == NULL) 
+		{
+		SSLerr(SSL_F_SSL_CERT_INST, ERR_R_PASSED_NULL_PARAMETER);
+		return(0);
+		}
+	if (*o == NULL)
+		{
+		if ((*o = ssl_cert_new()) == NULL)
+			{
+			SSLerr(SSL_F_SSL_CERT_INST, ERR_R_MALLOC_FAILURE);
+			return(0);
+			}
+		}
+	return(1);
+	}
+
+
+SESS_CERT *ssl_sess_cert_new(void)
+	{
+	SESS_CERT *ret;
+
+	ret = Malloc(sizeof *ret);
+	if (ret == NULL)
+		{
+		SSLerr(SSL_F_SSL_SESS_CERT_NEW, ERR_R_MALLOC_FAILURE);
+		return NULL;
+		}
+
+	memset(ret, 0 ,sizeof *ret);
+	ret->peer_key = &(ret->peer_pkeys[SSL_PKEY_RSA_ENC]);
+	ret->references = 1;
+
+	return ret;
+	}
+
+void ssl_sess_cert_free(SESS_CERT *sc)
+	{
+	int i;
+
+	if (sc == NULL)
+		return;
+
+	i = CRYPTO_add(&sc->references, -1, CRYPTO_LOCK_SSL_SESS_CERT);
+#ifdef REF_PRINT
+	REF_PRINT("SESS_CERT", sc);
+#endif
+	if (i > 0)
+		return;
+#ifdef REF_CHECK
+	if (i < 0)
+		{
+		fprintf(stderr,"ssl_sess_cert_free, bad reference count\n");
+		abort(); /* ok */
+		}
+#endif
+
+	/* i == 0 */
+	if (sc->cert_chain != NULL)
+		sk_X509_pop_free(sc->cert_chain, X509_free);
+	for (i = 0; i < SSL_PKEY_NUM; i++)
+		{
+		if (sc->peer_pkeys[i].x509 != NULL)
+			X509_free(sc->peer_pkeys[i].x509);
+#if 0 /* We don't have the peer's private key.  These lines are just
+	   * here as a reminder that we're still using a not-quite-appropriate
+	   * data structure. */
+		if (sc->peer_pkeys[i].privatekey != NULL)
+			EVP_PKEY_free(sc->peer_pkeys[i].privatekey);
+#endif
+		}
+
+#ifndef NO_RSA
+	if (sc->peer_rsa_tmp != NULL)
+		RSA_free(sc->peer_rsa_tmp);
+#endif
+#ifndef NO_DH
+	if (sc->peer_dh_tmp != NULL)
+		DH_free(sc->peer_dh_tmp);
+#endif
+
+	Free(sc);
+	}
+
+int ssl_set_peer_cert_type(SESS_CERT *sc,int type)
+	{
+	sc->peer_cert_type = type;
+	return(1);
+	}
+
+int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk)
+	{
+	X509 *x;
+	int i;
+	X509_STORE_CTX ctx;
+
+	if ((sk == NULL) || (sk_X509_num(sk) == 0))
+		return(0);
+
+	x=sk_X509_value(sk,0);
+	X509_STORE_CTX_init(&ctx,s->ctx->cert_store,x,sk);
+	if (SSL_get_verify_depth(s) >= 0)
+		X509_STORE_CTX_set_depth(&ctx, SSL_get_verify_depth(s));
+	X509_STORE_CTX_set_ex_data(&ctx,SSL_get_ex_data_X509_STORE_CTX_idx(),
+		(char *)s);
+
+	if (s->ctx->app_verify_callback != NULL)
+		i=s->ctx->app_verify_callback(&ctx); /* should pass app_verify_arg */
+	else
+		{
+#ifndef NO_X509_VERIFY
+		i=X509_verify_cert(&ctx);
+#else
+		i=0;
+		ctx.error=X509_V_ERR_APPLICATION_VERIFICATION;
+		SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN,SSL_R_NO_VERIFY_CALLBACK);
+#endif
+		}
+
+	s->verify_result=ctx.error;
+	X509_STORE_CTX_cleanup(&ctx);
+
+	return(i);
+	}
+
+static void set_client_CA_list(STACK_OF(X509_NAME) **ca_list,STACK_OF(X509_NAME) *list)
+	{
+	if (*ca_list != NULL)
+		sk_X509_NAME_pop_free(*ca_list,X509_NAME_free);
+
+	*ca_list=list;
+	}
+
+STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk)
+	{
+	int i;
+	STACK_OF(X509_NAME) *ret;
+	X509_NAME *name;
+
+	ret=sk_X509_NAME_new_null();
+	for (i=0; iclient_CA),list);
+	}
+
+void SSL_CTX_set_client_CA_list(SSL_CTX *ctx,STACK_OF(X509_NAME) *list)
+	{
+	set_client_CA_list(&(ctx->client_CA),list);
+	}
+
+STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(SSL_CTX *ctx)
+	{
+	return(ctx->client_CA);
+	}
+
+STACK_OF(X509_NAME) *SSL_get_client_CA_list(SSL *s)
+	{
+	if (s->type == SSL_ST_CONNECT)
+		{ /* we are in the client */
+		if (((s->version>>8) == SSL3_VERSION_MAJOR) &&
+			(s->s3 != NULL))
+			return(s->s3->tmp.ca_names);
+		else
+			return(NULL);
+		}
+	else
+		{
+		if (s->client_CA != NULL)
+			return(s->client_CA);
+		else
+			return(s->ctx->client_CA);
+		}
+	}
+
+static int add_client_CA(STACK_OF(X509_NAME) **sk,X509 *x)
+	{
+	X509_NAME *name;
+
+	if (x == NULL) return(0);
+	if ((*sk == NULL) && ((*sk=sk_X509_NAME_new_null()) == NULL))
+		return(0);
+		
+	if ((name=X509_NAME_dup(X509_get_subject_name(x))) == NULL)
+		return(0);
+
+	if (!sk_X509_NAME_push(*sk,name))
+		{
+		X509_NAME_free(name);
+		return(0);
+		}
+	return(1);
+	}
+
+int SSL_add_client_CA(SSL *ssl,X509 *x)
+	{
+	return(add_client_CA(&(ssl->client_CA),x));
+	}
+
+int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x)
+	{
+	return(add_client_CA(&(ctx->client_CA),x));
+	}
+
+static int name_cmp(X509_NAME **a,X509_NAME **b)
+	{
+	return(X509_NAME_cmp(*a,*b));
+	}
+
+#ifndef NO_STDIO
+/*!
+ * Load CA certs from a file into a ::STACK. Note that it is somewhat misnamed;
+ * it doesn't really have anything to do with clients (except that a common use
+ * for a stack of CAs is to send it to the client). Actually, it doesn't have
+ * much to do with CAs, either, since it will load any old cert.
+ * \param file the file containing one or more certs.
+ * \return a ::STACK containing the certs.
+ */
+STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file)
+	{
+	BIO *in;
+	X509 *x=NULL;
+	X509_NAME *xn=NULL;
+	STACK_OF(X509_NAME) *ret,*sk;
+
+	ret=sk_X509_NAME_new(NULL);
+	sk=sk_X509_NAME_new(name_cmp);
+
+	in=BIO_new(BIO_s_file_internal());
+
+	if ((ret == NULL) || (sk == NULL) || (in == NULL))
+		{
+		SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE,ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+	
+	if (!BIO_read_filename(in,file))
+		goto err;
+
+	for (;;)
+		{
+		if (PEM_read_bio_X509(in,&x,NULL,NULL) == NULL)
+			break;
+		if ((xn=X509_get_subject_name(x)) == NULL) goto err;
+		/* check for duplicates */
+		xn=X509_NAME_dup(xn);
+		if (xn == NULL) goto err;
+		if (sk_X509_NAME_find(sk,xn) >= 0)
+			X509_NAME_free(xn);
+		else
+			{
+			sk_X509_NAME_push(sk,xn);
+			sk_X509_NAME_push(ret,xn);
+			}
+		}
+
+	if (0)
+		{
+err:
+		if (ret != NULL) sk_X509_NAME_pop_free(ret,X509_NAME_free);
+		ret=NULL;
+		}
+	if (sk != NULL) sk_X509_NAME_free(sk);
+	if (in != NULL) BIO_free(in);
+	if (x != NULL) X509_free(x);
+	return(ret);
+	}
+#endif
+
+/*!
+ * Add a file of certs to a stack.
+ * \param stack the stack to add to.
+ * \param file the file to add from. All certs in this file that are not
+ * already in the stack will be added.
+ * \return 1 for success, 0 for failure. Note that in the case of failure some
+ * certs may have been added to \c stack.
+ */
+
+int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
+					const char *file)
+    {
+    BIO *in;
+    X509 *x=NULL;
+    X509_NAME *xn=NULL;
+    int ret=1;
+    int (*oldcmp)(X509_NAME **a, X509_NAME **b);
+
+    oldcmp=sk_X509_NAME_set_cmp_func(stack,name_cmp);
+
+    in=BIO_new(BIO_s_file_internal());
+
+    if (in == NULL)
+	{
+	SSLerr(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK,ERR_R_MALLOC_FAILURE);
+	goto err;
+	}
+	
+    if (!BIO_read_filename(in,file))
+	goto err;
+
+    for (;;)
+	{
+	if (PEM_read_bio_X509(in,&x,NULL,NULL) == NULL)
+	    break;
+	if ((xn=X509_get_subject_name(x)) == NULL) goto err;
+	xn=X509_NAME_dup(xn);
+	if (xn == NULL) goto err;
+	if (sk_X509_NAME_find(stack,xn) >= 0)
+	    X509_NAME_free(xn);
+	else
+	    sk_X509_NAME_push(stack,xn);
+	}
+
+    if (0)
+	{
+err:
+	ret=0;
+	}
+    if(in != NULL)
+	BIO_free(in);
+    if(x != NULL)
+	X509_free(x);
+
+    sk_X509_NAME_set_cmp_func(stack,oldcmp);
+
+    return ret;
+    }
+
+/*!
+ * Add a directory of certs to a stack.
+ * \param stack the stack to append to.
+ * \param dir the directory to append from. All files in this directory will be
+ * examined as potential certs. Any that are acceptable to
+ * SSL_add_dir_cert_subjects_to_stack() that are not already in the stack will be
+ * included.
+ * \return 1 for success, 0 for failure. Note that in the case of failure some
+ * certs may have been added to \c stack.
+ */
+
+#ifndef WIN32
+#ifndef VMS			/* XXXX This may be fixed in the future */
+
+int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
+				       const char *dir)
+    {
+    DIR *d;
+    struct dirent *dstruct;
+    int ret = 0;
+
+    CRYPTO_w_lock(CRYPTO_LOCK_READDIR);
+    d = opendir(dir);
+
+    /* Note that a side effect is that the CAs will be sorted by name */
+    if(!d)
+	{
+	SYSerr(SYS_F_OPENDIR, get_last_sys_error());
+	ERR_add_error_data(3, "opendir('", dir, "')");
+	SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, ERR_R_SYS_LIB);
+	goto err;
+	}
+
+    while((dstruct=readdir(d)))
+	{
+	char buf[1024];
+
+	if(strlen(dir)+strlen(dstruct->d_name)+2 > sizeof buf)
+	    {
+	    SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,SSL_R_PATH_TOO_LONG);
+	    goto err;
+	    }
+	
+	sprintf(buf,"%s/%s",dir,dstruct->d_name);
+	if(!SSL_add_file_cert_subjects_to_stack(stack,buf))
+	    goto err;
+	}
+    ret = 1;
+
+err:	
+    CRYPTO_w_unlock(CRYPTO_LOCK_READDIR);
+    return ret;
+    }
+
+#endif
+#endif
diff --git a/crypto/openssl/ssl/ssl_ciph.c b/crypto/openssl/ssl/ssl_ciph.c
new file mode 100644
index 000000000000..4c2989c47a30
--- /dev/null
+++ b/crypto/openssl/ssl/ssl_ciph.c
@@ -0,0 +1,835 @@
+/* ssl/ssl_ciph.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+#include "ssl_locl.h"
+
+#define SSL_ENC_DES_IDX		0
+#define SSL_ENC_3DES_IDX	1
+#define SSL_ENC_RC4_IDX		2
+#define SSL_ENC_RC2_IDX		3
+#define SSL_ENC_IDEA_IDX	4
+#define SSL_ENC_eFZA_IDX	5
+#define SSL_ENC_NULL_IDX	6
+#define SSL_ENC_NUM_IDX		7
+
+static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={
+	NULL,NULL,NULL,NULL,NULL,NULL,
+	};
+
+static STACK_OF(SSL_COMP) *ssl_comp_methods=NULL;
+
+#define SSL_MD_MD5_IDX	0
+#define SSL_MD_SHA1_IDX	1
+#define SSL_MD_NUM_IDX	2
+static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX]={
+	NULL,NULL,
+	};
+
+typedef struct cipher_sort_st
+	{
+	SSL_CIPHER *cipher;
+	int pref;
+	} CIPHER_SORT;
+
+#define CIPHER_ADD	1
+#define CIPHER_KILL	2
+#define CIPHER_DEL	3
+#define CIPHER_ORD	4
+
+typedef struct cipher_choice_st
+	{
+	int type;
+	unsigned long algorithms;
+	unsigned long mask;
+	long top;
+	} CIPHER_CHOICE;
+
+typedef struct cipher_order_st
+	{
+	SSL_CIPHER *cipher;
+	int active;
+	int dead;
+	struct cipher_order_st *next,*prev;
+	} CIPHER_ORDER;
+
+static SSL_CIPHER cipher_aliases[]={
+	/* Don't include eNULL unless specifically enabled */
+	{0,SSL_TXT_ALL, 0,SSL_ALL & ~SSL_eNULL, 0,SSL_ALL}, /* must be first */
+	{0,SSL_TXT_kRSA,0,SSL_kRSA,  0,SSL_MKEY_MASK},
+	{0,SSL_TXT_kDHr,0,SSL_kDHr,  0,SSL_MKEY_MASK},
+	{0,SSL_TXT_kDHd,0,SSL_kDHd,  0,SSL_MKEY_MASK},
+	{0,SSL_TXT_kEDH,0,SSL_kEDH,  0,SSL_MKEY_MASK},
+	{0,SSL_TXT_kFZA,0,SSL_kFZA,  0,SSL_MKEY_MASK},
+	{0,SSL_TXT_DH,	0,SSL_DH,    0,SSL_MKEY_MASK},
+	{0,SSL_TXT_EDH,	0,SSL_EDH,   0,SSL_MKEY_MASK|SSL_AUTH_MASK},
+
+	{0,SSL_TXT_aRSA,0,SSL_aRSA,  0,SSL_AUTH_MASK},
+	{0,SSL_TXT_aDSS,0,SSL_aDSS,  0,SSL_AUTH_MASK},
+	{0,SSL_TXT_aFZA,0,SSL_aFZA,  0,SSL_AUTH_MASK},
+	{0,SSL_TXT_aNULL,0,SSL_aNULL,0,SSL_AUTH_MASK},
+	{0,SSL_TXT_aDH, 0,SSL_aDH,   0,SSL_AUTH_MASK},
+	{0,SSL_TXT_DSS,	0,SSL_DSS,   0,SSL_AUTH_MASK},
+
+	{0,SSL_TXT_DES,	0,SSL_DES,   0,SSL_ENC_MASK},
+	{0,SSL_TXT_3DES,0,SSL_3DES,  0,SSL_ENC_MASK},
+	{0,SSL_TXT_RC4,	0,SSL_RC4,   0,SSL_ENC_MASK},
+	{0,SSL_TXT_RC2,	0,SSL_RC2,   0,SSL_ENC_MASK},
+	{0,SSL_TXT_IDEA,0,SSL_IDEA,  0,SSL_ENC_MASK},
+	{0,SSL_TXT_eNULL,0,SSL_eNULL,0,SSL_ENC_MASK},
+	{0,SSL_TXT_eFZA,0,SSL_eFZA,  0,SSL_ENC_MASK},
+
+	{0,SSL_TXT_MD5,	0,SSL_MD5,   0,SSL_MAC_MASK},
+	{0,SSL_TXT_SHA1,0,SSL_SHA1,  0,SSL_MAC_MASK},
+	{0,SSL_TXT_SHA,	0,SSL_SHA,   0,SSL_MAC_MASK},
+
+	{0,SSL_TXT_NULL,0,SSL_NULL,  0,SSL_ENC_MASK},
+	{0,SSL_TXT_RSA,	0,SSL_RSA,   0,SSL_AUTH_MASK|SSL_MKEY_MASK},
+	{0,SSL_TXT_ADH,	0,SSL_ADH,   0,SSL_AUTH_MASK|SSL_MKEY_MASK},
+	{0,SSL_TXT_FZA,	0,SSL_FZA,   0,SSL_AUTH_MASK|SSL_MKEY_MASK|SSL_ENC_MASK},
+
+	{0,SSL_TXT_EXP40, 0,SSL_EXP40, 0,SSL_EXP_MASK},
+	{0,SSL_TXT_EXPORT,0,SSL_EXP40, 0,SSL_EXP_MASK},
+	{0,SSL_TXT_EXP56, 0,SSL_EXP56, 0,SSL_EXP_MASK},
+	{0,SSL_TXT_SSLV2, 0,SSL_SSLV2, 0,SSL_SSL_MASK},
+	{0,SSL_TXT_SSLV3, 0,SSL_SSLV3, 0,SSL_SSL_MASK},
+	{0,SSL_TXT_TLSV1, 0,SSL_TLSV1, 0,SSL_SSL_MASK},
+	{0,SSL_TXT_LOW,   0,SSL_LOW,   0,SSL_STRONG_MASK},
+	{0,SSL_TXT_MEDIUM,0,SSL_MEDIUM,0,SSL_STRONG_MASK},
+	{0,SSL_TXT_HIGH,  0,SSL_HIGH,  0,SSL_STRONG_MASK},
+	};
+
+static int init_ciphers=1;
+static void load_ciphers();
+
+static int cmp_by_name(SSL_CIPHER **a, SSL_CIPHER **b)
+	{
+	return(strcmp((*a)->name,(*b)->name));
+	}
+
+static void load_ciphers(void)
+	{
+	init_ciphers=0;
+	ssl_cipher_methods[SSL_ENC_DES_IDX]= 
+		EVP_get_cipherbyname(SN_des_cbc);
+	ssl_cipher_methods[SSL_ENC_3DES_IDX]=
+		EVP_get_cipherbyname(SN_des_ede3_cbc);
+	ssl_cipher_methods[SSL_ENC_RC4_IDX]=
+		EVP_get_cipherbyname(SN_rc4);
+	ssl_cipher_methods[SSL_ENC_RC2_IDX]= 
+		EVP_get_cipherbyname(SN_rc2_cbc);
+	ssl_cipher_methods[SSL_ENC_IDEA_IDX]= 
+		EVP_get_cipherbyname(SN_idea_cbc);
+
+	ssl_digest_methods[SSL_MD_MD5_IDX]=
+		EVP_get_digestbyname(SN_md5);
+	ssl_digest_methods[SSL_MD_SHA1_IDX]=
+		EVP_get_digestbyname(SN_sha1);
+	}
+
+int ssl_cipher_get_evp(SSL_SESSION *s, const EVP_CIPHER **enc,
+	     const EVP_MD **md, SSL_COMP **comp)
+	{
+	int i;
+	SSL_CIPHER *c;
+
+	c=s->cipher;
+	if (c == NULL) return(0);
+	if (comp != NULL)
+		{
+		SSL_COMP ctmp;
+
+		if (s->compress_meth == 0)
+			*comp=NULL;
+		else if (ssl_comp_methods == NULL)
+			{
+			/* bad */
+			*comp=NULL;
+			}
+		else
+			{
+
+			ctmp.id=s->compress_meth;
+			i=sk_SSL_COMP_find(ssl_comp_methods,&ctmp);
+			if (i >= 0)
+				*comp=sk_SSL_COMP_value(ssl_comp_methods,i);
+			else
+				*comp=NULL;
+			}
+		}
+
+	if ((enc == NULL) || (md == NULL)) return(0);
+
+	switch (c->algorithms & SSL_ENC_MASK)
+		{
+	case SSL_DES:
+		i=SSL_ENC_DES_IDX;
+		break;
+	case SSL_3DES:
+		i=SSL_ENC_3DES_IDX;
+		break;
+	case SSL_RC4:
+		i=SSL_ENC_RC4_IDX;
+		break;
+	case SSL_RC2:
+		i=SSL_ENC_RC2_IDX;
+		break;
+	case SSL_IDEA:
+		i=SSL_ENC_IDEA_IDX;
+		break;
+	case SSL_eNULL:
+		i=SSL_ENC_NULL_IDX;
+		break;
+	default:
+		i= -1;
+		break;
+		}
+
+	if ((i < 0) || (i > SSL_ENC_NUM_IDX))
+		*enc=NULL;
+	else
+		{
+		if (i == SSL_ENC_NULL_IDX)
+			*enc=EVP_enc_null();
+		else
+			*enc=ssl_cipher_methods[i];
+		}
+
+	switch (c->algorithms & SSL_MAC_MASK)
+		{
+	case SSL_MD5:
+		i=SSL_MD_MD5_IDX;
+		break;
+	case SSL_SHA1:
+		i=SSL_MD_SHA1_IDX;
+		break;
+	default:
+		i= -1;
+		break;
+		}
+	if ((i < 0) || (i > SSL_MD_NUM_IDX))
+		*md=NULL;
+	else
+		*md=ssl_digest_methods[i];
+
+	if ((*enc != NULL) && (*md != NULL))
+		return(1);
+	else
+		return(0);
+	}
+
+#define ITEM_SEP(a) \
+	(((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ','))
+
+static void ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr,
+	     CIPHER_ORDER **tail)
+	{
+	if (curr == *tail) return;
+	if (curr == *head)
+		*head=curr->next;
+	if (curr->prev != NULL)
+		curr->prev->next=curr->next;
+	if (curr->next != NULL) /* should always be true */
+		curr->next->prev=curr->prev;
+	(*tail)->next=curr;
+	curr->prev= *tail;
+	curr->next=NULL;
+	*tail=curr;
+	}
+
+STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_METHOD *ssl_method,
+		STACK_OF(SSL_CIPHER) **cipher_list,
+		STACK_OF(SSL_CIPHER) **cipher_list_by_id,
+		char *str)
+	{
+	SSL_CIPHER *c;
+	char *l;
+	STACK_OF(SSL_CIPHER) *ret=NULL,*ok=NULL;
+#define CL_BUF	40
+	char buf[CL_BUF];
+	char *tmp_str=NULL;
+	unsigned long mask,algorithms,ma;
+	char *start;
+	int i,j,k,num=0,ch,multi;
+	unsigned long al;
+	STACK *ca_list=NULL;
+	int current_x,num_x;
+	CIPHER_CHOICE *ops=NULL;
+	CIPHER_ORDER *list=NULL,*head=NULL,*tail=NULL,*curr,*tail2,*curr2;
+	int list_num;
+	int type;
+	SSL_CIPHER c_tmp,*cp;
+
+	if (str == NULL) return(NULL);
+
+	if (strncmp(str,"DEFAULT",7) == 0)
+		{
+		i=strlen(str)+2+strlen(SSL_DEFAULT_CIPHER_LIST);
+		if ((tmp_str=Malloc(i)) == NULL)
+			{
+			SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
+			goto err;
+			}
+		strcpy(tmp_str,SSL_DEFAULT_CIPHER_LIST);
+		strcat(tmp_str,":");
+		strcat(tmp_str,&(str[7]));
+		str=tmp_str;
+		}
+	if (init_ciphers) load_ciphers();
+
+	num=ssl_method->num_ciphers();
+
+	if ((ret=sk_SSL_CIPHER_new(NULL)) == NULL) goto err;
+	if ((ca_list=(STACK *)sk_new(cmp_by_name)) == NULL) goto err;
+
+	mask =SSL_kFZA;
+#ifdef NO_RSA
+	mask|=SSL_aRSA|SSL_kRSA;
+#endif
+#ifdef NO_DSA
+	mask|=SSL_aDSS;
+#endif
+#ifdef NO_DH
+	mask|=SSL_kDHr|SSL_kDHd|SSL_kEDH|SSL_aDH;
+#endif
+
+#ifdef SSL_FORBID_ENULL
+	mask|=SSL_eNULL;
+#endif
+
+	mask|=(ssl_cipher_methods[SSL_ENC_DES_IDX ] == NULL)?SSL_DES :0;
+	mask|=(ssl_cipher_methods[SSL_ENC_3DES_IDX] == NULL)?SSL_3DES:0;
+	mask|=(ssl_cipher_methods[SSL_ENC_RC4_IDX ] == NULL)?SSL_RC4 :0;
+	mask|=(ssl_cipher_methods[SSL_ENC_RC2_IDX ] == NULL)?SSL_RC2 :0;
+	mask|=(ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL)?SSL_IDEA:0;
+	mask|=(ssl_cipher_methods[SSL_ENC_eFZA_IDX] == NULL)?SSL_eFZA:0;
+
+	mask|=(ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL)?SSL_MD5 :0;
+	mask|=(ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL)?SSL_SHA1:0;
+
+	if ((list=(CIPHER_ORDER *)Malloc(sizeof(CIPHER_ORDER)*num)) == NULL)
+		goto err;
+
+	/* Get the initial list of ciphers */
+	list_num=0;
+	for (i=0; iget_cipher((unsigned int)i);
+		/* drop those that use any of that is not available */
+		if ((c != NULL) && c->valid && !(c->algorithms & mask))
+			{
+			list[list_num].cipher=c;
+			list[list_num].next=NULL;
+			list[list_num].prev=NULL;
+			list[list_num].active=0;
+			list_num++;
+			if (!sk_push(ca_list,(char *)c)) goto err;
+			}
+		}
+	
+	for (i=1; i 0)
+		{
+		head= &(list[0]);
+		head->prev=NULL;
+		head->next= &(list[1]);
+		tail= &(list[list_num-1]);
+		tail->prev= &(list[list_num-2]);
+		tail->next=NULL;
+		}
+
+	/* special case */
+	cipher_aliases[0].algorithms &= ~mask;
+
+	/* get the aliases */
+	k=sizeof(cipher_aliases)/sizeof(SSL_CIPHER);
+	for (j=0; j= 'A') && (ch <= 'Z')) ||
+				((ch >= '0') && (ch <= '9')) ||
+				((ch >= 'a') && (ch <= 'z')) ||
+				 (ch == '-'))
+#else
+			while (	isalnum(ch) || (ch == '-'))
+#endif
+				 {
+				 buf[i]=ch;
+				 ch= *(++l);
+				 i++;
+				 if (i >= (CL_BUF-2)) break;
+				 }
+			buf[i]='\0';
+
+			/* check for multi-part specification */
+			if (ch == '+')
+				{
+				multi=1;
+				l++;
+				}
+			else
+				multi=0;
+
+			c_tmp.name=buf;
+			j=sk_find(ca_list,(char *)&c_tmp);
+			if (j < 0)
+				goto end_loop;
+
+			cp=(SSL_CIPHER *)sk_value(ca_list,j);
+			ops[current_x].algorithms|=cp->algorithms;
+			/* We add the SSL_SSL_MASK so we can match the
+			 * SSLv2 and SSLv3 versions of RC4-MD5 */
+			ops[current_x].mask|=cp->mask;
+			if (!multi) break;
+			}
+		current_x++;
+		if (ch == '\0') break;
+end_loop:
+		/* Make sure we scan until the next valid start point */
+		while ((*l != '\0') && ITEM_SEP(*l))
+			l++;
+		}
+
+	num_x=current_x;
+	current_x=0;
+
+	/* We will now process the list of ciphers, once for each category, to
+	 * decide what we should do with it. */
+	for (j=0; jnext;
+
+			cp=curr->cipher;
+			ma=mask & cp->algorithms;
+			if ((ma == 0) || ((ma & algorithms) != ma))
+				{
+				/* does not apply */
+				continue;
+				}
+
+			/* add the cipher if it has not been added yet. */
+			if (type == CIPHER_ADD)
+				{
+				if (!curr->active)
+					{
+					ll_append_tail(&head,curr,&tail);
+					curr->active=1;
+					}
+				}
+			/* Move the added cipher to this location */
+			else if (type == CIPHER_ORD)
+				{
+				if (curr->active)
+					{
+					ll_append_tail(&head,curr,&tail);
+					}
+				}
+			else if	(type == CIPHER_DEL)
+				curr->active=0;
+			if (type == CIPHER_KILL)
+				{
+				if (head == curr)
+					head=curr->next;
+				else
+					curr->prev->next=curr->next;
+				if (tail == curr)
+					tail=curr->prev;
+				curr->active=0;
+				if (curr->next != NULL)
+					curr->next->prev=curr->prev;
+				if (curr->prev != NULL)
+					curr->prev->next=curr->next;
+				curr->next=NULL;
+				curr->prev=NULL;
+				}
+			}
+		}
+
+	for (curr=head; curr != NULL; curr=curr->next)
+		{
+		if (curr->active)
+			{
+			sk_SSL_CIPHER_push(ret,curr->cipher);
+#ifdef CIPHER_DEBUG
+			printf("<%s>\n",curr->cipher->name);
+#endif
+			}
+		}
+
+	if (cipher_list != NULL)
+		{
+		if (*cipher_list != NULL)
+			sk_SSL_CIPHER_free(*cipher_list);
+		*cipher_list=ret;
+		}
+
+	if (cipher_list_by_id != NULL)
+		{
+		if (*cipher_list_by_id != NULL)
+			sk_SSL_CIPHER_free(*cipher_list_by_id);
+		*cipher_list_by_id=sk_SSL_CIPHER_dup(ret);
+		}
+
+	if (	(cipher_list_by_id == NULL) ||
+		(*cipher_list_by_id == NULL) ||
+		(cipher_list == NULL) ||
+		(*cipher_list == NULL))
+		goto err;
+	sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id,ssl_cipher_ptr_id_cmp);
+
+	ok=ret;
+	ret=NULL;
+err:
+	if (tmp_str) Free(tmp_str);
+	if (ops != NULL) Free(ops);
+	if (ret != NULL) sk_SSL_CIPHER_free(ret);
+	if (ca_list != NULL) sk_free(ca_list);
+	if (list != NULL) Free(list);
+	return(ok);
+	}
+
+char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
+	{
+	int is_export,pkl,kl;
+	char *ver,*exp;
+	char *kx,*au,*enc,*mac;
+	unsigned long alg,alg2;
+	static char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n";
+	
+	alg=cipher->algorithms;
+	alg2=cipher->algorithm2;
+
+	is_export=SSL_IS_EXPORT(alg);
+	pkl=SSL_EXPORT_PKEYLENGTH(alg);
+	kl=SSL_EXPORT_KEYLENGTH(alg);
+	exp=is_export?" export":"";
+
+	if (alg & SSL_SSLV2)
+		ver="SSLv2";
+	else if (alg & SSL_SSLV3)
+		ver="SSLv3";
+	else
+		ver="unknown";
+
+	switch (alg&SSL_MKEY_MASK)
+		{
+	case SSL_kRSA:
+		kx=is_export?(pkl == 512 ? "RSA(512)" : "RSA(1024)"):"RSA";
+		break;
+	case SSL_kDHr:
+		kx="DH/RSA";
+		break;
+	case SSL_kDHd:
+		kx="DH/DSS";
+		break;
+	case SSL_kFZA:
+		kx="Fortezza";
+		break;
+	case SSL_kEDH:
+		kx=is_export?(pkl == 512 ? "DH(512)" : "DH(1024)"):"DH";
+		break;
+	default:
+		kx="unknown";
+		}
+
+	switch (alg&SSL_AUTH_MASK)
+		{
+	case SSL_aRSA:
+		au="RSA";
+		break;
+	case SSL_aDSS:
+		au="DSS";
+		break;
+	case SSL_aDH:
+		au="DH";
+		break;
+	case SSL_aFZA:
+	case SSL_aNULL:
+		au="None";
+		break;
+	default:
+		au="unknown";
+		break;
+		}
+
+	switch (alg&SSL_ENC_MASK)
+		{
+	case SSL_DES:
+		enc=(is_export && kl == 5)?"DES(40)":"DES(56)";
+		break;
+	case SSL_3DES:
+		enc="3DES(168)";
+		break;
+	case SSL_RC4:
+		enc=is_export?(kl == 5 ? "RC4(40)" : "RC4(56)")
+		  :((alg2&SSL2_CF_8_BYTE_ENC)?"RC4(64)":"RC4(128)");
+		break;
+	case SSL_RC2:
+		enc=is_export?(kl == 5 ? "RC2(40)" : "RC2(56)"):"RC2(128)";
+		break;
+	case SSL_IDEA:
+		enc="IDEA(128)";
+		break;
+	case SSL_eFZA:
+		enc="Fortezza";
+		break;
+	case SSL_eNULL:
+		enc="None";
+		break;
+	default:
+		enc="unknown";
+		break;
+		}
+
+	switch (alg&SSL_MAC_MASK)
+		{
+	case SSL_MD5:
+		mac="MD5";
+		break;
+	case SSL_SHA1:
+		mac="SHA1";
+		break;
+	default:
+		mac="unknown";
+		break;
+		}
+
+	if (buf == NULL)
+		{
+		buf=Malloc(128);
+		if (buf == NULL) return("Malloc Error");
+		}
+	else if (len < 128)
+		return("Buffer too small");
+
+	sprintf(buf,format,cipher->name,ver,kx,au,enc,mac,exp);
+	return(buf);
+	}
+
+char *SSL_CIPHER_get_version(SSL_CIPHER *c)
+	{
+	int i;
+
+	if (c == NULL) return("(NONE)");
+	i=(int)(c->id>>24L);
+	if (i == 3)
+		return("TLSv1/SSLv3");
+	else if (i == 2)
+		return("SSLv2");
+	else
+		return("unknown");
+	}
+
+/* return the actual cipher being used */
+const char *SSL_CIPHER_get_name(SSL_CIPHER *c)
+	{
+	if (c != NULL)
+		return(c->name);
+	return("(NONE)");
+	}
+
+/* number of bits for symetric cipher */
+int SSL_CIPHER_get_bits(SSL_CIPHER *c, int *alg_bits)
+	{
+	int ret=0,a=0;
+	const EVP_CIPHER *enc;
+	const EVP_MD *md;
+	SSL_SESSION ss;
+
+	if (c != NULL)
+		{
+		ss.cipher=c;
+		if (!ssl_cipher_get_evp(&ss,&enc,&md,NULL))
+			return(0);
+
+		a=EVP_CIPHER_key_length(enc)*8;
+
+		if (SSL_C_IS_EXPORT(c))
+			{
+			ret=SSL_C_EXPORT_KEYLENGTH(c)*8;
+			}
+		else
+			{
+			if (c->algorithm2 & SSL2_CF_8_BYTE_ENC)
+				ret=64;
+			else
+				ret=a;
+			}
+		}
+
+	if (alg_bits != NULL) *alg_bits=a;
+	
+	return(ret);
+	}
+
+SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n)
+	{
+	SSL_COMP *ctmp;
+	int i,nn;
+
+	if ((n == 0) || (sk == NULL)) return(NULL);
+	nn=sk_SSL_COMP_num(sk);
+	for (i=0; iid == n)
+			return(ctmp);
+		}
+	return(NULL);
+	}
+
+static int sk_comp_cmp(SSL_COMP **a,SSL_COMP **b)
+	{
+	return((*a)->id-(*b)->id);
+	}
+
+STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void)
+	{
+	return(ssl_comp_methods);
+	}
+
+int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
+	{
+	SSL_COMP *comp;
+	STACK_OF(SSL_COMP) *sk;
+
+	comp=(SSL_COMP *)Malloc(sizeof(SSL_COMP));
+	comp->id=id;
+	comp->method=cm;
+	if (ssl_comp_methods == NULL)
+		sk=ssl_comp_methods=sk_SSL_COMP_new(sk_comp_cmp);
+	else
+		sk=ssl_comp_methods;
+	if ((sk == NULL) || !sk_SSL_COMP_push(sk,comp))
+		{
+		SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,ERR_R_MALLOC_FAILURE);
+		return(0);
+		}
+	else
+		return(1);
+	}
+
diff --git a/crypto/openssl/ssl/ssl_err.c b/crypto/openssl/ssl/ssl_err.c
new file mode 100644
index 000000000000..3ddc805b5370
--- /dev/null
+++ b/crypto/openssl/ssl/ssl_err.c
@@ -0,0 +1,416 @@
+/* ssl/ssl_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file.
+ */
+
+#include 
+#include 
+#include 
+
+/* BEGIN ERROR CODES */
+#ifndef NO_ERR
+static ERR_STRING_DATA SSL_str_functs[]=
+	{
+{ERR_PACK(0,SSL_F_CLIENT_CERTIFICATE,0),	"CLIENT_CERTIFICATE"},
+{ERR_PACK(0,SSL_F_CLIENT_HELLO,0),	"CLIENT_HELLO"},
+{ERR_PACK(0,SSL_F_CLIENT_MASTER_KEY,0),	"CLIENT_MASTER_KEY"},
+{ERR_PACK(0,SSL_F_D2I_SSL_SESSION,0),	"d2i_SSL_SESSION"},
+{ERR_PACK(0,SSL_F_DO_SSL3_WRITE,0),	"DO_SSL3_WRITE"},
+{ERR_PACK(0,SSL_F_GET_CLIENT_FINISHED,0),	"GET_CLIENT_FINISHED"},
+{ERR_PACK(0,SSL_F_GET_CLIENT_HELLO,0),	"GET_CLIENT_HELLO"},
+{ERR_PACK(0,SSL_F_GET_CLIENT_MASTER_KEY,0),	"GET_CLIENT_MASTER_KEY"},
+{ERR_PACK(0,SSL_F_GET_SERVER_FINISHED,0),	"GET_SERVER_FINISHED"},
+{ERR_PACK(0,SSL_F_GET_SERVER_HELLO,0),	"GET_SERVER_HELLO"},
+{ERR_PACK(0,SSL_F_GET_SERVER_VERIFY,0),	"GET_SERVER_VERIFY"},
+{ERR_PACK(0,SSL_F_I2D_SSL_SESSION,0),	"i2d_SSL_SESSION"},
+{ERR_PACK(0,SSL_F_READ_N,0),	"READ_N"},
+{ERR_PACK(0,SSL_F_REQUEST_CERTIFICATE,0),	"REQUEST_CERTIFICATE"},
+{ERR_PACK(0,SSL_F_SERVER_HELLO,0),	"SERVER_HELLO"},
+{ERR_PACK(0,SSL_F_SSL23_ACCEPT,0),	"SSL23_ACCEPT"},
+{ERR_PACK(0,SSL_F_SSL23_CLIENT_HELLO,0),	"SSL23_CLIENT_HELLO"},
+{ERR_PACK(0,SSL_F_SSL23_CONNECT,0),	"SSL23_CONNECT"},
+{ERR_PACK(0,SSL_F_SSL23_GET_CLIENT_HELLO,0),	"SSL23_GET_CLIENT_HELLO"},
+{ERR_PACK(0,SSL_F_SSL23_GET_SERVER_HELLO,0),	"SSL23_GET_SERVER_HELLO"},
+{ERR_PACK(0,SSL_F_SSL23_READ,0),	"SSL23_READ"},
+{ERR_PACK(0,SSL_F_SSL23_WRITE,0),	"SSL23_WRITE"},
+{ERR_PACK(0,SSL_F_SSL2_ACCEPT,0),	"SSL2_ACCEPT"},
+{ERR_PACK(0,SSL_F_SSL2_CONNECT,0),	"SSL2_CONNECT"},
+{ERR_PACK(0,SSL_F_SSL2_ENC_INIT,0),	"SSL2_ENC_INIT"},
+{ERR_PACK(0,SSL_F_SSL2_READ,0),	"SSL2_READ"},
+{ERR_PACK(0,SSL_F_SSL2_SET_CERTIFICATE,0),	"SSL2_SET_CERTIFICATE"},
+{ERR_PACK(0,SSL_F_SSL2_WRITE,0),	"SSL2_WRITE"},
+{ERR_PACK(0,SSL_F_SSL3_ACCEPT,0),	"SSL3_ACCEPT"},
+{ERR_PACK(0,SSL_F_SSL3_CHANGE_CIPHER_STATE,0),	"SSL3_CHANGE_CIPHER_STATE"},
+{ERR_PACK(0,SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,0),	"SSL3_CHECK_CERT_AND_ALGORITHM"},
+{ERR_PACK(0,SSL_F_SSL3_CLIENT_HELLO,0),	"SSL3_CLIENT_HELLO"},
+{ERR_PACK(0,SSL_F_SSL3_CONNECT,0),	"SSL3_CONNECT"},
+{ERR_PACK(0,SSL_F_SSL3_CTRL,0),	"SSL3_CTRL"},
+{ERR_PACK(0,SSL_F_SSL3_CTX_CTRL,0),	"SSL3_CTX_CTRL"},
+{ERR_PACK(0,SSL_F_SSL3_ENC,0),	"SSL3_ENC"},
+{ERR_PACK(0,SSL_F_SSL3_GET_CERTIFICATE_REQUEST,0),	"SSL3_GET_CERTIFICATE_REQUEST"},
+{ERR_PACK(0,SSL_F_SSL3_GET_CERT_VERIFY,0),	"SSL3_GET_CERT_VERIFY"},
+{ERR_PACK(0,SSL_F_SSL3_GET_CLIENT_CERTIFICATE,0),	"SSL3_GET_CLIENT_CERTIFICATE"},
+{ERR_PACK(0,SSL_F_SSL3_GET_CLIENT_HELLO,0),	"SSL3_GET_CLIENT_HELLO"},
+{ERR_PACK(0,SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,0),	"SSL3_GET_CLIENT_KEY_EXCHANGE"},
+{ERR_PACK(0,SSL_F_SSL3_GET_FINISHED,0),	"SSL3_GET_FINISHED"},
+{ERR_PACK(0,SSL_F_SSL3_GET_KEY_EXCHANGE,0),	"SSL3_GET_KEY_EXCHANGE"},
+{ERR_PACK(0,SSL_F_SSL3_GET_MESSAGE,0),	"SSL3_GET_MESSAGE"},
+{ERR_PACK(0,SSL_F_SSL3_GET_RECORD,0),	"SSL3_GET_RECORD"},
+{ERR_PACK(0,SSL_F_SSL3_GET_SERVER_CERTIFICATE,0),	"SSL3_GET_SERVER_CERTIFICATE"},
+{ERR_PACK(0,SSL_F_SSL3_GET_SERVER_DONE,0),	"SSL3_GET_SERVER_DONE"},
+{ERR_PACK(0,SSL_F_SSL3_GET_SERVER_HELLO,0),	"SSL3_GET_SERVER_HELLO"},
+{ERR_PACK(0,SSL_F_SSL3_OUTPUT_CERT_CHAIN,0),	"SSL3_OUTPUT_CERT_CHAIN"},
+{ERR_PACK(0,SSL_F_SSL3_READ_BYTES,0),	"SSL3_READ_BYTES"},
+{ERR_PACK(0,SSL_F_SSL3_READ_N,0),	"SSL3_READ_N"},
+{ERR_PACK(0,SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,0),	"SSL3_SEND_CERTIFICATE_REQUEST"},
+{ERR_PACK(0,SSL_F_SSL3_SEND_CLIENT_CERTIFICATE,0),	"SSL3_SEND_CLIENT_CERTIFICATE"},
+{ERR_PACK(0,SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,0),	"SSL3_SEND_CLIENT_KEY_EXCHANGE"},
+{ERR_PACK(0,SSL_F_SSL3_SEND_CLIENT_VERIFY,0),	"SSL3_SEND_CLIENT_VERIFY"},
+{ERR_PACK(0,SSL_F_SSL3_SEND_SERVER_CERTIFICATE,0),	"SSL3_SEND_SERVER_CERTIFICATE"},
+{ERR_PACK(0,SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,0),	"SSL3_SEND_SERVER_KEY_EXCHANGE"},
+{ERR_PACK(0,SSL_F_SSL3_SETUP_BUFFERS,0),	"SSL3_SETUP_BUFFERS"},
+{ERR_PACK(0,SSL_F_SSL3_SETUP_KEY_BLOCK,0),	"SSL3_SETUP_KEY_BLOCK"},
+{ERR_PACK(0,SSL_F_SSL3_WRITE_BYTES,0),	"SSL3_WRITE_BYTES"},
+{ERR_PACK(0,SSL_F_SSL3_WRITE_PENDING,0),	"SSL3_WRITE_PENDING"},
+{ERR_PACK(0,SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,0),	"SSL_add_dir_cert_subjects_to_stack"},
+{ERR_PACK(0,SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK,0),	"SSL_add_file_cert_subjects_to_stack"},
+{ERR_PACK(0,SSL_F_SSL_BAD_METHOD,0),	"SSL_BAD_METHOD"},
+{ERR_PACK(0,SSL_F_SSL_BYTES_TO_CIPHER_LIST,0),	"SSL_BYTES_TO_CIPHER_LIST"},
+{ERR_PACK(0,SSL_F_SSL_CERT_DUP,0),	"SSL_CERT_DUP"},
+{ERR_PACK(0,SSL_F_SSL_CERT_INST,0),	"SSL_CERT_INST"},
+{ERR_PACK(0,SSL_F_SSL_CERT_INSTANTIATE,0),	"SSL_CERT_INSTANTIATE"},
+{ERR_PACK(0,SSL_F_SSL_CERT_NEW,0),	"SSL_CERT_NEW"},
+{ERR_PACK(0,SSL_F_SSL_CHECK_PRIVATE_KEY,0),	"SSL_check_private_key"},
+{ERR_PACK(0,SSL_F_SSL_CLEAR,0),	"SSL_clear"},
+{ERR_PACK(0,SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,0),	"SSL_COMP_add_compression_method"},
+{ERR_PACK(0,SSL_F_SSL_CREATE_CIPHER_LIST,0),	"SSL_CREATE_CIPHER_LIST"},
+{ERR_PACK(0,SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,0),	"SSL_CTX_check_private_key"},
+{ERR_PACK(0,SSL_F_SSL_CTX_NEW,0),	"SSL_CTX_new"},
+{ERR_PACK(0,SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,0),	"SSL_CTX_set_session_id_context"},
+{ERR_PACK(0,SSL_F_SSL_CTX_SET_SSL_VERSION,0),	"SSL_CTX_set_ssl_version"},
+{ERR_PACK(0,SSL_F_SSL_CTX_USE_CERTIFICATE,0),	"SSL_CTX_use_certificate"},
+{ERR_PACK(0,SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1,0),	"SSL_CTX_use_certificate_ASN1"},
+{ERR_PACK(0,SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,0),	"SSL_CTX_use_certificate_chain_file"},
+{ERR_PACK(0,SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,0),	"SSL_CTX_use_certificate_file"},
+{ERR_PACK(0,SSL_F_SSL_CTX_USE_PRIVATEKEY,0),	"SSL_CTX_use_PrivateKey"},
+{ERR_PACK(0,SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1,0),	"SSL_CTX_use_PrivateKey_ASN1"},
+{ERR_PACK(0,SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,0),	"SSL_CTX_use_PrivateKey_file"},
+{ERR_PACK(0,SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,0),	"SSL_CTX_use_RSAPrivateKey"},
+{ERR_PACK(0,SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1,0),	"SSL_CTX_use_RSAPrivateKey_ASN1"},
+{ERR_PACK(0,SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,0),	"SSL_CTX_use_RSAPrivateKey_file"},
+{ERR_PACK(0,SSL_F_SSL_DO_HANDSHAKE,0),	"SSL_do_handshake"},
+{ERR_PACK(0,SSL_F_SSL_GET_NEW_SESSION,0),	"SSL_GET_NEW_SESSION"},
+{ERR_PACK(0,SSL_F_SSL_GET_PREV_SESSION,0),	"SSL_GET_PREV_SESSION"},
+{ERR_PACK(0,SSL_F_SSL_GET_SERVER_SEND_CERT,0),	"SSL_GET_SERVER_SEND_CERT"},
+{ERR_PACK(0,SSL_F_SSL_GET_SIGN_PKEY,0),	"SSL_GET_SIGN_PKEY"},
+{ERR_PACK(0,SSL_F_SSL_INIT_WBIO_BUFFER,0),	"SSL_INIT_WBIO_BUFFER"},
+{ERR_PACK(0,SSL_F_SSL_LOAD_CLIENT_CA_FILE,0),	"SSL_load_client_CA_file"},
+{ERR_PACK(0,SSL_F_SSL_NEW,0),	"SSL_new"},
+{ERR_PACK(0,SSL_F_SSL_READ,0),	"SSL_read"},
+{ERR_PACK(0,SSL_F_SSL_RSA_PRIVATE_DECRYPT,0),	"SSL_RSA_PRIVATE_DECRYPT"},
+{ERR_PACK(0,SSL_F_SSL_RSA_PUBLIC_ENCRYPT,0),	"SSL_RSA_PUBLIC_ENCRYPT"},
+{ERR_PACK(0,SSL_F_SSL_SESSION_NEW,0),	"SSL_SESSION_new"},
+{ERR_PACK(0,SSL_F_SSL_SESSION_PRINT_FP,0),	"SSL_SESSION_print_fp"},
+{ERR_PACK(0,SSL_F_SSL_SESS_CERT_NEW,0),	"SSL_SESS_CERT_NEW"},
+{ERR_PACK(0,SSL_F_SSL_SET_CERT,0),	"SSL_SET_CERT"},
+{ERR_PACK(0,SSL_F_SSL_SET_FD,0),	"SSL_set_fd"},
+{ERR_PACK(0,SSL_F_SSL_SET_PKEY,0),	"SSL_SET_PKEY"},
+{ERR_PACK(0,SSL_F_SSL_SET_RFD,0),	"SSL_set_rfd"},
+{ERR_PACK(0,SSL_F_SSL_SET_SESSION,0),	"SSL_set_session"},
+{ERR_PACK(0,SSL_F_SSL_SET_SESSION_ID_CONTEXT,0),	"SSL_set_session_id_context"},
+{ERR_PACK(0,SSL_F_SSL_SET_WFD,0),	"SSL_set_wfd"},
+{ERR_PACK(0,SSL_F_SSL_SHUTDOWN,0),	"SSL_shutdown"},
+{ERR_PACK(0,SSL_F_SSL_UNDEFINED_FUNCTION,0),	"SSL_UNDEFINED_FUNCTION"},
+{ERR_PACK(0,SSL_F_SSL_USE_CERTIFICATE,0),	"SSL_use_certificate"},
+{ERR_PACK(0,SSL_F_SSL_USE_CERTIFICATE_ASN1,0),	"SSL_use_certificate_ASN1"},
+{ERR_PACK(0,SSL_F_SSL_USE_CERTIFICATE_FILE,0),	"SSL_use_certificate_file"},
+{ERR_PACK(0,SSL_F_SSL_USE_PRIVATEKEY,0),	"SSL_use_PrivateKey"},
+{ERR_PACK(0,SSL_F_SSL_USE_PRIVATEKEY_ASN1,0),	"SSL_use_PrivateKey_ASN1"},
+{ERR_PACK(0,SSL_F_SSL_USE_PRIVATEKEY_FILE,0),	"SSL_use_PrivateKey_file"},
+{ERR_PACK(0,SSL_F_SSL_USE_RSAPRIVATEKEY,0),	"SSL_use_RSAPrivateKey"},
+{ERR_PACK(0,SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1,0),	"SSL_use_RSAPrivateKey_ASN1"},
+{ERR_PACK(0,SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,0),	"SSL_use_RSAPrivateKey_file"},
+{ERR_PACK(0,SSL_F_SSL_VERIFY_CERT_CHAIN,0),	"SSL_VERIFY_CERT_CHAIN"},
+{ERR_PACK(0,SSL_F_SSL_WRITE,0),	"SSL_write"},
+{ERR_PACK(0,SSL_F_TLS1_CHANGE_CIPHER_STATE,0),	"TLS1_CHANGE_CIPHER_STATE"},
+{ERR_PACK(0,SSL_F_TLS1_ENC,0),	"TLS1_ENC"},
+{ERR_PACK(0,SSL_F_TLS1_SETUP_KEY_BLOCK,0),	"TLS1_SETUP_KEY_BLOCK"},
+{ERR_PACK(0,SSL_F_WRITE_PENDING,0),	"WRITE_PENDING"},
+{0,NULL}
+	};
+
+static ERR_STRING_DATA SSL_str_reasons[]=
+	{
+{SSL_R_APP_DATA_IN_HANDSHAKE             ,"app data in handshake"},
+{SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT,"attempt to reuse session in different context"},
+{SSL_R_BAD_ALERT_RECORD                  ,"bad alert record"},
+{SSL_R_BAD_AUTHENTICATION_TYPE           ,"bad authentication type"},
+{SSL_R_BAD_CHANGE_CIPHER_SPEC            ,"bad change cipher spec"},
+{SSL_R_BAD_CHECKSUM                      ,"bad checksum"},
+{SSL_R_BAD_CLIENT_REQUEST                ,"bad client request"},
+{SSL_R_BAD_DATA_RETURNED_BY_CALLBACK     ,"bad data returned by callback"},
+{SSL_R_BAD_DECOMPRESSION                 ,"bad decompression"},
+{SSL_R_BAD_DH_G_LENGTH                   ,"bad dh g length"},
+{SSL_R_BAD_DH_PUB_KEY_LENGTH             ,"bad dh pub key length"},
+{SSL_R_BAD_DH_P_LENGTH                   ,"bad dh p length"},
+{SSL_R_BAD_DIGEST_LENGTH                 ,"bad digest length"},
+{SSL_R_BAD_DSA_SIGNATURE                 ,"bad dsa signature"},
+{SSL_R_BAD_LENGTH                        ,"bad length"},
+{SSL_R_BAD_MAC_DECODE                    ,"bad mac decode"},
+{SSL_R_BAD_MESSAGE_TYPE                  ,"bad message type"},
+{SSL_R_BAD_PACKET_LENGTH                 ,"bad packet length"},
+{SSL_R_BAD_PROTOCOL_VERSION_NUMBER       ,"bad protocol version number"},
+{SSL_R_BAD_RESPONSE_ARGUMENT             ,"bad response argument"},
+{SSL_R_BAD_RSA_DECRYPT                   ,"bad rsa decrypt"},
+{SSL_R_BAD_RSA_ENCRYPT                   ,"bad rsa encrypt"},
+{SSL_R_BAD_RSA_E_LENGTH                  ,"bad rsa e length"},
+{SSL_R_BAD_RSA_MODULUS_LENGTH            ,"bad rsa modulus length"},
+{SSL_R_BAD_RSA_SIGNATURE                 ,"bad rsa signature"},
+{SSL_R_BAD_SIGNATURE                     ,"bad signature"},
+{SSL_R_BAD_SSL_FILETYPE                  ,"bad ssl filetype"},
+{SSL_R_BAD_SSL_SESSION_ID_LENGTH         ,"bad ssl session id length"},
+{SSL_R_BAD_STATE                         ,"bad state"},
+{SSL_R_BAD_WRITE_RETRY                   ,"bad write retry"},
+{SSL_R_BIO_NOT_SET                       ,"bio not set"},
+{SSL_R_BLOCK_CIPHER_PAD_IS_WRONG         ,"block cipher pad is wrong"},
+{SSL_R_BN_LIB                            ,"bn lib"},
+{SSL_R_CA_DN_LENGTH_MISMATCH             ,"ca dn length mismatch"},
+{SSL_R_CA_DN_TOO_LONG                    ,"ca dn too long"},
+{SSL_R_CCS_RECEIVED_EARLY                ,"ccs received early"},
+{SSL_R_CERTIFICATE_VERIFY_FAILED         ,"certificate verify failed"},
+{SSL_R_CERT_LENGTH_MISMATCH              ,"cert length mismatch"},
+{SSL_R_CHALLENGE_IS_DIFFERENT            ,"challenge is different"},
+{SSL_R_CIPHER_CODE_WRONG_LENGTH          ,"cipher code wrong length"},
+{SSL_R_CIPHER_OR_HASH_UNAVAILABLE        ,"cipher or hash unavailable"},
+{SSL_R_CIPHER_TABLE_SRC_ERROR            ,"cipher table src error"},
+{SSL_R_COMPRESSED_LENGTH_TOO_LONG        ,"compressed length too long"},
+{SSL_R_COMPRESSION_FAILURE               ,"compression failure"},
+{SSL_R_COMPRESSION_LIBRARY_ERROR         ,"compression library error"},
+{SSL_R_CONNECTION_ID_IS_DIFFERENT        ,"connection id is different"},
+{SSL_R_CONNECTION_TYPE_NOT_SET           ,"connection type not set"},
+{SSL_R_DATA_BETWEEN_CCS_AND_FINISHED     ,"data between ccs and finished"},
+{SSL_R_DATA_LENGTH_TOO_LONG              ,"data length too long"},
+{SSL_R_DECRYPTION_FAILED                 ,"decryption failed"},
+{SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG   ,"dh public value length is wrong"},
+{SSL_R_DIGEST_CHECK_FAILED               ,"digest check failed"},
+{SSL_R_ENCRYPTED_LENGTH_TOO_LONG         ,"encrypted length too long"},
+{SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST     ,"error in received cipher list"},
+{SSL_R_EXCESSIVE_MESSAGE_SIZE            ,"excessive message size"},
+{SSL_R_EXTRA_DATA_IN_MESSAGE             ,"extra data in message"},
+{SSL_R_GOT_A_FIN_BEFORE_A_CCS            ,"got a fin before a ccs"},
+{SSL_R_HTTPS_PROXY_REQUEST               ,"https proxy request"},
+{SSL_R_HTTP_REQUEST                      ,"http request"},
+{SSL_R_INTERNAL_ERROR                    ,"internal error"},
+{SSL_R_INVALID_CHALLENGE_LENGTH          ,"invalid challenge length"},
+{SSL_R_LENGTH_MISMATCH                   ,"length mismatch"},
+{SSL_R_LENGTH_TOO_SHORT                  ,"length too short"},
+{SSL_R_LIBRARY_BUG                       ,"library bug"},
+{SSL_R_LIBRARY_HAS_NO_CIPHERS            ,"library has no ciphers"},
+{SSL_R_MISSING_DH_DSA_CERT               ,"missing dh dsa cert"},
+{SSL_R_MISSING_DH_KEY                    ,"missing dh key"},
+{SSL_R_MISSING_DH_RSA_CERT               ,"missing dh rsa cert"},
+{SSL_R_MISSING_DSA_SIGNING_CERT          ,"missing dsa signing cert"},
+{SSL_R_MISSING_EXPORT_TMP_DH_KEY         ,"missing export tmp dh key"},
+{SSL_R_MISSING_EXPORT_TMP_RSA_KEY        ,"missing export tmp rsa key"},
+{SSL_R_MISSING_RSA_CERTIFICATE           ,"missing rsa certificate"},
+{SSL_R_MISSING_RSA_ENCRYPTING_CERT       ,"missing rsa encrypting cert"},
+{SSL_R_MISSING_RSA_SIGNING_CERT          ,"missing rsa signing cert"},
+{SSL_R_MISSING_TMP_DH_KEY                ,"missing tmp dh key"},
+{SSL_R_MISSING_TMP_RSA_KEY               ,"missing tmp rsa key"},
+{SSL_R_MISSING_TMP_RSA_PKEY              ,"missing tmp rsa pkey"},
+{SSL_R_MISSING_VERIFY_MESSAGE            ,"missing verify message"},
+{SSL_R_NON_SSLV2_INITIAL_PACKET          ,"non sslv2 initial packet"},
+{SSL_R_NO_CERTIFICATES_RETURNED          ,"no certificates returned"},
+{SSL_R_NO_CERTIFICATE_ASSIGNED           ,"no certificate assigned"},
+{SSL_R_NO_CERTIFICATE_RETURNED           ,"no certificate returned"},
+{SSL_R_NO_CERTIFICATE_SET                ,"no certificate set"},
+{SSL_R_NO_CERTIFICATE_SPECIFIED          ,"no certificate specified"},
+{SSL_R_NO_CIPHERS_AVAILABLE              ,"no ciphers available"},
+{SSL_R_NO_CIPHERS_PASSED                 ,"no ciphers passed"},
+{SSL_R_NO_CIPHERS_SPECIFIED              ,"no ciphers specified"},
+{SSL_R_NO_CIPHER_LIST                    ,"no cipher list"},
+{SSL_R_NO_CIPHER_MATCH                   ,"no cipher match"},
+{SSL_R_NO_CLIENT_CERT_RECEIVED           ,"no client cert received"},
+{SSL_R_NO_COMPRESSION_SPECIFIED          ,"no compression specified"},
+{SSL_R_NO_METHOD_SPECIFIED               ,"no method specified"},
+{SSL_R_NO_PRIVATEKEY                     ,"no privatekey"},
+{SSL_R_NO_PRIVATE_KEY_ASSIGNED           ,"no private key assigned"},
+{SSL_R_NO_PROTOCOLS_AVAILABLE            ,"no protocols available"},
+{SSL_R_NO_PUBLICKEY                      ,"no publickey"},
+{SSL_R_NO_SHARED_CIPHER                  ,"no shared cipher"},
+{SSL_R_NO_VERIFY_CALLBACK                ,"no verify callback"},
+{SSL_R_NULL_SSL_CTX                      ,"null ssl ctx"},
+{SSL_R_NULL_SSL_METHOD_PASSED            ,"null ssl method passed"},
+{SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED   ,"old session cipher not returned"},
+{SSL_R_PACKET_LENGTH_TOO_LONG            ,"packet length too long"},
+{SSL_R_PATH_TOO_LONG                     ,"path too long"},
+{SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE ,"peer did not return a certificate"},
+{SSL_R_PEER_ERROR                        ,"peer error"},
+{SSL_R_PEER_ERROR_CERTIFICATE            ,"peer error certificate"},
+{SSL_R_PEER_ERROR_NO_CERTIFICATE         ,"peer error no certificate"},
+{SSL_R_PEER_ERROR_NO_CIPHER              ,"peer error no cipher"},
+{SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE,"peer error unsupported certificate type"},
+{SSL_R_PRE_MAC_LENGTH_TOO_LONG           ,"pre mac length too long"},
+{SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS ,"problems mapping cipher functions"},
+{SSL_R_PROTOCOL_IS_SHUTDOWN              ,"protocol is shutdown"},
+{SSL_R_PUBLIC_KEY_ENCRYPT_ERROR          ,"public key encrypt error"},
+{SSL_R_PUBLIC_KEY_IS_NOT_RSA             ,"public key is not rsa"},
+{SSL_R_PUBLIC_KEY_NOT_RSA                ,"public key not rsa"},
+{SSL_R_READ_BIO_NOT_SET                  ,"read bio not set"},
+{SSL_R_READ_WRONG_PACKET_TYPE            ,"read wrong packet type"},
+{SSL_R_RECORD_LENGTH_MISMATCH            ,"record length mismatch"},
+{SSL_R_RECORD_TOO_LARGE                  ,"record too large"},
+{SSL_R_REQUIRED_CIPHER_MISSING           ,"required cipher missing"},
+{SSL_R_REUSE_CERT_LENGTH_NOT_ZERO        ,"reuse cert length not zero"},
+{SSL_R_REUSE_CERT_TYPE_NOT_ZERO          ,"reuse cert type not zero"},
+{SSL_R_REUSE_CIPHER_LIST_NOT_ZERO        ,"reuse cipher list not zero"},
+{SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED  ,"session id context uninitialized"},
+{SSL_R_SHORT_READ                        ,"short read"},
+{SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE,"signature for non signing certificate"},
+{SSL_R_SSL23_DOING_SESSION_ID_REUSE      ,"ssl23 doing session id reuse"},
+{SSL_R_SSL3_SESSION_ID_TOO_SHORT         ,"ssl3 session id too short"},
+{SSL_R_SSLV3_ALERT_BAD_CERTIFICATE       ,"sslv3 alert bad certificate"},
+{SSL_R_SSLV3_ALERT_BAD_RECORD_MAC        ,"sslv3 alert bad record mac"},
+{SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED   ,"sslv3 alert certificate expired"},
+{SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED   ,"sslv3 alert certificate revoked"},
+{SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN   ,"sslv3 alert certificate unknown"},
+{SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE ,"sslv3 alert decompression failure"},
+{SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE     ,"sslv3 alert handshake failure"},
+{SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER     ,"sslv3 alert illegal parameter"},
+{SSL_R_SSLV3_ALERT_NO_CERTIFICATE        ,"sslv3 alert no certificate"},
+{SSL_R_SSLV3_ALERT_PEER_ERROR_CERTIFICATE,"sslv3 alert peer error certificate"},
+{SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CERTIFICATE,"sslv3 alert peer error no certificate"},
+{SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CIPHER  ,"sslv3 alert peer error no cipher"},
+{SSL_R_SSLV3_ALERT_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE,"sslv3 alert peer error unsupported certificate type"},
+{SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE    ,"sslv3 alert unexpected message"},
+{SSL_R_SSLV3_ALERT_UNKNOWN_REMOTE_ERROR_TYPE,"sslv3 alert unknown remote error type"},
+{SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE,"sslv3 alert unsupported certificate"},
+{SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION,"ssl ctx has no default ssl version"},
+{SSL_R_SSL_HANDSHAKE_FAILURE             ,"ssl handshake failure"},
+{SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS        ,"ssl library has no ciphers"},
+{SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG   ,"ssl session id context too long"},
+{SSL_R_SSL_SESSION_ID_IS_DIFFERENT       ,"ssl session id is different"},
+{SSL_R_TLSV1_ALERT_ACCESS_DENIED         ,"tlsv1 alert access denied"},
+{SSL_R_TLSV1_ALERT_DECODE_ERROR          ,"tlsv1 alert decode error"},
+{SSL_R_TLSV1_ALERT_DECRYPTION_FAILED     ,"tlsv1 alert decryption failed"},
+{SSL_R_TLSV1_ALERT_DECRYPT_ERROR         ,"tlsv1 alert decrypt error"},
+{SSL_R_TLSV1_ALERT_EXPORT_RESTRICION     ,"tlsv1 alert export restricion"},
+{SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY ,"tlsv1 alert insufficient security"},
+{SSL_R_TLSV1_ALERT_INTERNAL_ERROR        ,"tlsv1 alert internal error"},
+{SSL_R_TLSV1_ALERT_NO_RENEGOTIATION      ,"tlsv1 alert no renegotiation"},
+{SSL_R_TLSV1_ALERT_PROTOCOL_VERSION      ,"tlsv1 alert protocol version"},
+{SSL_R_TLSV1_ALERT_RECORD_OVERFLOW       ,"tlsv1 alert record overflow"},
+{SSL_R_TLSV1_ALERT_UNKNOWN_CA            ,"tlsv1 alert unknown ca"},
+{SSL_R_TLSV1_ALERT_USER_CANCLED          ,"tlsv1 alert user cancled"},
+{SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER,"tls client cert req with anon cipher"},
+{SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST,"tls peer did not respond with certificate list"},
+{SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG,"tls rsa encrypted value length is wrong"},
+{SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER   ,"tried to use unsupported cipher"},
+{SSL_R_UNABLE_TO_DECODE_DH_CERTS         ,"unable to decode dh certs"},
+{SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY      ,"unable to extract public key"},
+{SSL_R_UNABLE_TO_FIND_DH_PARAMETERS      ,"unable to find dh parameters"},
+{SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS,"unable to find public key parameters"},
+{SSL_R_UNABLE_TO_FIND_SSL_METHOD         ,"unable to find ssl method"},
+{SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES  ,"unable to load ssl2 md5 routines"},
+{SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES  ,"unable to load ssl3 md5 routines"},
+{SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES ,"unable to load ssl3 sha1 routines"},
+{SSL_R_UNEXPECTED_MESSAGE                ,"unexpected message"},
+{SSL_R_UNEXPECTED_RECORD                 ,"unexpected record"},
+{SSL_R_UNINITIALIZED                     ,"uninitialized"},
+{SSL_R_UNKNOWN_ALERT_TYPE                ,"unknown alert type"},
+{SSL_R_UNKNOWN_CERTIFICATE_TYPE          ,"unknown certificate type"},
+{SSL_R_UNKNOWN_CIPHER_RETURNED           ,"unknown cipher returned"},
+{SSL_R_UNKNOWN_CIPHER_TYPE               ,"unknown cipher type"},
+{SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE         ,"unknown key exchange type"},
+{SSL_R_UNKNOWN_PKEY_TYPE                 ,"unknown pkey type"},
+{SSL_R_UNKNOWN_PROTOCOL                  ,"unknown protocol"},
+{SSL_R_UNKNOWN_REMOTE_ERROR_TYPE         ,"unknown remote error type"},
+{SSL_R_UNKNOWN_SSL_VERSION               ,"unknown ssl version"},
+{SSL_R_UNKNOWN_STATE                     ,"unknown state"},
+{SSL_R_UNSUPPORTED_CIPHER                ,"unsupported cipher"},
+{SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM ,"unsupported compression algorithm"},
+{SSL_R_UNSUPPORTED_PROTOCOL              ,"unsupported protocol"},
+{SSL_R_UNSUPPORTED_SSL_VERSION           ,"unsupported ssl version"},
+{SSL_R_WRITE_BIO_NOT_SET                 ,"write bio not set"},
+{SSL_R_WRONG_CIPHER_RETURNED             ,"wrong cipher returned"},
+{SSL_R_WRONG_MESSAGE_TYPE                ,"wrong message type"},
+{SSL_R_WRONG_NUMBER_OF_KEY_BITS          ,"wrong number of key bits"},
+{SSL_R_WRONG_SIGNATURE_LENGTH            ,"wrong signature length"},
+{SSL_R_WRONG_SIGNATURE_SIZE              ,"wrong signature size"},
+{SSL_R_WRONG_SSL_VERSION                 ,"wrong ssl version"},
+{SSL_R_WRONG_VERSION_NUMBER              ,"wrong version number"},
+{SSL_R_X509_LIB                          ,"x509 lib"},
+{SSL_R_X509_VERIFICATION_SETUP_PROBLEMS  ,"x509 verification setup problems"},
+{0,NULL}
+	};
+
+#endif
+
+void ERR_load_SSL_strings(void)
+	{
+	static int init=1;
+
+	if (init)
+		{
+		init=0;
+#ifndef NO_ERR
+		ERR_load_strings(ERR_LIB_SSL,SSL_str_functs);
+		ERR_load_strings(ERR_LIB_SSL,SSL_str_reasons);
+#endif
+
+		}
+	}
diff --git a/crypto/openssl/ssl/ssl_err2.c b/crypto/openssl/ssl/ssl_err2.c
new file mode 100644
index 000000000000..cc089a612b10
--- /dev/null
+++ b/crypto/openssl/ssl/ssl_err2.c
@@ -0,0 +1,70 @@
+/* ssl/ssl_err2.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+
+void SSL_load_error_strings(void)
+	{
+#ifndef NO_ERR
+	ERR_load_crypto_strings();
+	ERR_load_SSL_strings();
+#endif
+	}
+
diff --git a/crypto/openssl/ssl/ssl_lib.c b/crypto/openssl/ssl/ssl_lib.c
new file mode 100644
index 000000000000..e192fc4cac3a
--- /dev/null
+++ b/crypto/openssl/ssl/ssl_lib.c
@@ -0,0 +1,1947 @@
+/*! \file ssl/ssl_lib.c
+ *  \brief Version independent SSL functions.
+ */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+#include "ssl_locl.h"
+
+char *SSL_version_str=OPENSSL_VERSION_TEXT;
+
+static STACK *ssl_meth=NULL;
+static STACK *ssl_ctx_meth=NULL;
+static int ssl_meth_num=0;
+static int ssl_ctx_meth_num=0;
+
+OPENSSL_GLOBAL SSL3_ENC_METHOD ssl3_undef_enc_method={
+	ssl_undefined_function,
+	ssl_undefined_function,
+	ssl_undefined_function,
+	ssl_undefined_function,
+	ssl_undefined_function,
+	ssl_undefined_function,
+	};
+
+int SSL_clear(SSL *s)
+	{
+	int state;
+
+	if (s->method == NULL)
+		{
+		SSLerr(SSL_F_SSL_CLEAR,SSL_R_NO_METHOD_SPECIFIED);
+		return(0);
+		}
+
+	s->error=0;
+	s->hit=0;
+	s->shutdown=0;
+
+#if 0
+	/* This is set if we are doing dynamic renegotiation so keep
+	 * the old cipher.  It is sort of a SSL_clear_lite :-) */
+	if (s->new_session) return(1);
+#endif
+
+	state=s->state; /* Keep to check if we throw away the session-id */
+	s->type=0;
+
+	s->state=SSL_ST_BEFORE|((s->server)?SSL_ST_ACCEPT:SSL_ST_CONNECT);
+
+	s->version=s->method->version;
+	s->client_version=s->version;
+	s->rwstate=SSL_NOTHING;
+	s->rstate=SSL_ST_READ_HEADER;
+	s->read_ahead=s->ctx->read_ahead;
+
+	if (s->init_buf != NULL)
+		{
+		BUF_MEM_free(s->init_buf);
+		s->init_buf=NULL;
+		}
+
+	ssl_clear_cipher_ctx(s);
+
+	if (ssl_clear_bad_session(s))
+		{
+		SSL_SESSION_free(s->session);
+		s->session=NULL;
+		}
+
+	s->first_packet=0;
+
+#if 1
+	/* Check to see if we were changed into a different method, if
+	 * so, revert back if we are not doing session-id reuse. */
+	if ((s->session == NULL) && (s->method != s->ctx->method))
+		{
+		s->method->ssl_free(s);
+		s->method=s->ctx->method;
+		if (!s->method->ssl_new(s))
+			return(0);
+		}
+	else
+#endif
+		s->method->ssl_clear(s);
+	return(1);
+	}
+
+/** Used to change an SSL_CTXs default SSL method type */
+int SSL_CTX_set_ssl_version(SSL_CTX *ctx,SSL_METHOD *meth)
+	{
+	STACK_OF(SSL_CIPHER) *sk;
+
+	ctx->method=meth;
+
+	sk=ssl_create_cipher_list(ctx->method,&(ctx->cipher_list),
+		&(ctx->cipher_list_by_id),SSL_DEFAULT_CIPHER_LIST);
+	if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0))
+		{
+		SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION,SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
+		return(0);
+		}
+	return(1);
+	}
+
+SSL *SSL_new(SSL_CTX *ctx)
+	{
+	SSL *s;
+
+	if (ctx == NULL)
+		{
+		SSLerr(SSL_F_SSL_NEW,SSL_R_NULL_SSL_CTX);
+		return(NULL);
+		}
+	if (ctx->method == NULL)
+		{
+		SSLerr(SSL_F_SSL_NEW,SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION);
+		return(NULL);
+		}
+
+	s=(SSL *)Malloc(sizeof(SSL));
+	if (s == NULL) goto err;
+	memset(s,0,sizeof(SSL));
+
+	if (ctx->cert != NULL)
+		{
+		/* Earlier library versions used to copy the pointer to
+		 * the CERT, not its contents; only when setting new
+		 * parameters for the per-SSL copy, ssl_cert_new would be
+		 * called (and the direct reference to the per-SSL_CTX
+		 * settings would be lost, but those still were indirectly
+		 * accessed for various purposes, and for that reason they
+		 * used to be known as s->ctx->default_cert).
+		 * Now we don't look at the SSL_CTX's CERT after having
+		 * duplicated it once. */
+
+		s->cert = ssl_cert_dup(ctx->cert);
+		if (s->cert == NULL)
+			goto err;
+		}
+	else
+		s->cert=NULL; /* Cannot really happen (see SSL_CTX_new) */
+	s->sid_ctx_length=ctx->sid_ctx_length;
+	memcpy(&s->sid_ctx,&ctx->sid_ctx,sizeof(s->sid_ctx));
+	s->verify_mode=ctx->verify_mode;
+	s->verify_depth=ctx->verify_depth;
+	s->verify_callback=ctx->default_verify_callback;
+	CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
+	s->ctx=ctx;
+
+	s->verify_result=X509_V_OK;
+
+	s->method=ctx->method;
+
+	if (!s->method->ssl_new(s))
+		goto err;
+
+	s->quiet_shutdown=ctx->quiet_shutdown;
+	s->references=1;
+	s->server=(ctx->method->ssl_accept == ssl_undefined_function)?0:1;
+	s->options=ctx->options;
+	s->mode=ctx->mode;
+	SSL_clear(s);
+
+	CRYPTO_new_ex_data(ssl_meth,(char *)s,&s->ex_data);
+
+	return(s);
+err:
+	if (s != NULL)
+		{
+		if (s->cert != NULL)
+			ssl_cert_free(s->cert);
+		if (s->ctx != NULL)
+			SSL_CTX_free(s->ctx); /* decrement reference count */
+		Free(s);
+		}
+	SSLerr(SSL_F_SSL_NEW,ERR_R_MALLOC_FAILURE);
+	return(NULL);
+	}
+
+int SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx,
+				   unsigned int sid_ctx_len)
+    {
+    if(sid_ctx_len > SSL_MAX_SID_CTX_LENGTH)
+	{
+	SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
+	return 0;
+	}
+    ctx->sid_ctx_length=sid_ctx_len;
+    memcpy(ctx->sid_ctx,sid_ctx,sid_ctx_len);
+
+    return 1;
+    }
+
+int SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx,
+			       unsigned int sid_ctx_len)
+    {
+    if(sid_ctx_len > SSL_MAX_SID_CTX_LENGTH)
+	{
+	SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
+	return 0;
+	}
+    ssl->sid_ctx_length=sid_ctx_len;
+    memcpy(ssl->sid_ctx,sid_ctx,sid_ctx_len);
+
+    return 1;
+    }
+
+void SSL_free(SSL *s)
+	{
+	int i;
+
+	if(s == NULL)
+	    return;
+
+	i=CRYPTO_add(&s->references,-1,CRYPTO_LOCK_SSL);
+#ifdef REF_PRINT
+	REF_PRINT("SSL",s);
+#endif
+	if (i > 0) return;
+#ifdef REF_CHECK
+	if (i < 0)
+		{
+		fprintf(stderr,"SSL_free, bad reference count\n");
+		abort(); /* ok */
+		}
+#endif
+
+	CRYPTO_free_ex_data(ssl_meth,(char *)s,&s->ex_data);
+
+	if (s->bbio != NULL)
+		{
+		/* If the buffering BIO is in place, pop it off */
+		if (s->bbio == s->wbio)
+			{
+			s->wbio=BIO_pop(s->wbio);
+			}
+		BIO_free(s->bbio);
+		s->bbio=NULL;
+		}
+	if (s->rbio != NULL)
+		BIO_free_all(s->rbio);
+	if ((s->wbio != NULL) && (s->wbio != s->rbio))
+		BIO_free_all(s->wbio);
+
+	if (s->init_buf != NULL) BUF_MEM_free(s->init_buf);
+
+	/* add extra stuff */
+	if (s->cipher_list != NULL) sk_SSL_CIPHER_free(s->cipher_list);
+	if (s->cipher_list_by_id != NULL) sk_SSL_CIPHER_free(s->cipher_list_by_id);
+
+	/* Make the next call work :-) */
+	if (s->session != NULL)
+		{
+		ssl_clear_bad_session(s);
+		SSL_SESSION_free(s->session);
+		}
+
+	ssl_clear_cipher_ctx(s);
+
+	if (s->cert != NULL) ssl_cert_free(s->cert);
+	/* Free up if allocated */
+
+	if (s->ctx) SSL_CTX_free(s->ctx);
+
+	if (s->client_CA != NULL)
+		sk_X509_NAME_pop_free(s->client_CA,X509_NAME_free);
+
+	if (s->method != NULL) s->method->ssl_free(s);
+
+	Free((char *)s);
+	}
+
+void SSL_set_bio(SSL *s,BIO *rbio,BIO *wbio)
+	{
+	/* If the output buffering BIO is still in place, remove it
+	 */
+	if (s->bbio != NULL)
+		{
+		if (s->wbio == s->bbio)
+			{
+			s->wbio=s->wbio->next_bio;
+			s->bbio->next_bio=NULL;
+			}
+		}
+	if ((s->rbio != NULL) && (s->rbio != rbio))
+		BIO_free_all(s->rbio);
+	if ((s->wbio != NULL) && (s->wbio != wbio) && (s->rbio != s->wbio))
+		BIO_free_all(s->wbio);
+	s->rbio=rbio;
+	s->wbio=wbio;
+	}
+
+BIO *SSL_get_rbio(SSL *s)
+	{ return(s->rbio); }
+
+BIO *SSL_get_wbio(SSL *s)
+	{ return(s->wbio); }
+
+int SSL_get_fd(SSL *s)
+	{
+	int ret= -1;
+	BIO *b,*r;
+
+	b=SSL_get_rbio(s);
+	r=BIO_find_type(b,BIO_TYPE_DESCRIPTOR);
+	if (r != NULL)
+		BIO_get_fd(r,&ret);
+	return(ret);
+	}
+
+#ifndef NO_SOCK
+int SSL_set_fd(SSL *s,int fd)
+	{
+	int ret=0;
+	BIO *bio=NULL;
+
+	bio=BIO_new(BIO_s_socket());
+
+	if (bio == NULL)
+		{
+		SSLerr(SSL_F_SSL_SET_FD,ERR_R_BUF_LIB);
+		goto err;
+		}
+	BIO_set_fd(bio,fd,BIO_NOCLOSE);
+	SSL_set_bio(s,bio,bio);
+	ret=1;
+err:
+	return(ret);
+	}
+
+int SSL_set_wfd(SSL *s,int fd)
+	{
+	int ret=0;
+	BIO *bio=NULL;
+
+	if ((s->rbio == NULL) || (BIO_method_type(s->rbio) != BIO_TYPE_SOCKET)
+		|| ((int)BIO_get_fd(s->rbio,NULL) != fd))
+		{
+		bio=BIO_new(BIO_s_socket());
+
+		if (bio == NULL)
+			{ SSLerr(SSL_F_SSL_SET_WFD,ERR_R_BUF_LIB); goto err; }
+		BIO_set_fd(bio,fd,BIO_NOCLOSE);
+		SSL_set_bio(s,SSL_get_rbio(s),bio);
+		}
+	else
+		SSL_set_bio(s,SSL_get_rbio(s),SSL_get_rbio(s));
+	ret=1;
+err:
+	return(ret);
+	}
+
+int SSL_set_rfd(SSL *s,int fd)
+	{
+	int ret=0;
+	BIO *bio=NULL;
+
+	if ((s->wbio == NULL) || (BIO_method_type(s->wbio) != BIO_TYPE_SOCKET)
+		|| ((int)BIO_get_fd(s->wbio,NULL) != fd))
+		{
+		bio=BIO_new(BIO_s_socket());
+
+		if (bio == NULL)
+			{
+			SSLerr(SSL_F_SSL_SET_RFD,ERR_R_BUF_LIB);
+			goto err;
+			}
+		BIO_set_fd(bio,fd,BIO_NOCLOSE);
+		SSL_set_bio(s,bio,SSL_get_wbio(s));
+		}
+	else
+		SSL_set_bio(s,SSL_get_wbio(s),SSL_get_wbio(s));
+	ret=1;
+err:
+	return(ret);
+	}
+#endif
+
+int SSL_get_verify_mode(SSL *s)
+	{
+	return(s->verify_mode);
+	}
+
+int SSL_get_verify_depth(SSL *s)
+	{
+	return(s->verify_depth);
+	}
+
+int (*SSL_get_verify_callback(SSL *s))(int,X509_STORE_CTX *)
+	{
+	return(s->verify_callback);
+	}
+
+int SSL_CTX_get_verify_mode(SSL_CTX *ctx)
+	{
+	return(ctx->verify_mode);
+	}
+
+int SSL_CTX_get_verify_depth(SSL_CTX *ctx)
+	{
+	return(ctx->verify_depth);
+	}
+
+int (*SSL_CTX_get_verify_callback(SSL_CTX *ctx))(int,X509_STORE_CTX *)
+	{
+	return(ctx->default_verify_callback);
+	}
+
+void SSL_set_verify(SSL *s,int mode,
+		    int (*callback)(int ok,X509_STORE_CTX *ctx))
+	{
+	s->verify_mode=mode;
+	if (callback != NULL)
+		s->verify_callback=callback;
+	}
+
+void SSL_set_verify_depth(SSL *s,int depth)
+	{
+	s->verify_depth=depth;
+	}
+
+void SSL_set_read_ahead(SSL *s,int yes)
+	{
+	s->read_ahead=yes;
+	}
+
+int SSL_get_read_ahead(SSL *s)
+	{
+	return(s->read_ahead);
+	}
+
+int SSL_pending(SSL *s)
+	{
+	return(s->method->ssl_pending(s));
+	}
+
+X509 *SSL_get_peer_certificate(SSL *s)
+	{
+	X509 *r;
+	
+	if ((s == NULL) || (s->session == NULL))
+		r=NULL;
+	else
+		r=s->session->peer;
+
+	if (r == NULL) return(r);
+
+	CRYPTO_add(&r->references,1,CRYPTO_LOCK_X509);
+
+	return(r);
+	}
+
+STACK_OF(X509) *SSL_get_peer_cert_chain(SSL *s)
+	{
+	STACK_OF(X509) *r;
+	
+	if ((s == NULL) || (s->session == NULL) || (s->session->sess_cert == NULL))
+		r=NULL;
+	else
+		r=s->session->sess_cert->cert_chain;
+
+	return(r);
+	}
+
+/* Now in theory, since the calling process own 't' it should be safe to
+ * modify.  We need to be able to read f without being hassled */
+void SSL_copy_session_id(SSL *t,SSL *f)
+	{
+	CERT *tmp;
+
+	/* Do we need to to SSL locking? */
+	SSL_set_session(t,SSL_get_session(f));
+
+	/* what if we are setup as SSLv2 but want to talk SSLv3 or
+	 * vice-versa */
+	if (t->method != f->method)
+		{
+		t->method->ssl_free(t);	/* cleanup current */
+		t->method=f->method;	/* change method */
+		t->method->ssl_new(t);	/* setup new */
+		}
+
+	tmp=t->cert;
+	if (f->cert != NULL)
+		{
+		CRYPTO_add(&f->cert->references,1,CRYPTO_LOCK_SSL_CERT);
+		t->cert=f->cert;
+		}
+	else
+		t->cert=NULL;
+	if (tmp != NULL) ssl_cert_free(tmp);
+	SSL_set_session_id_context(t,f->sid_ctx,f->sid_ctx_length);
+	}
+
+/* Fix this so it checks all the valid key/cert options */
+int SSL_CTX_check_private_key(SSL_CTX *ctx)
+	{
+	if (	(ctx == NULL) ||
+		(ctx->cert == NULL) ||
+		(ctx->cert->key->x509 == NULL))
+		{
+		SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED);
+		return(0);
+		}
+	if 	(ctx->cert->key->privatekey == NULL)
+		{
+		SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,SSL_R_NO_PRIVATE_KEY_ASSIGNED);
+		return(0);
+		}
+	return(X509_check_private_key(ctx->cert->key->x509, ctx->cert->key->privatekey));
+	}
+
+/* Fix this function so that it takes an optional type parameter */
+int SSL_check_private_key(SSL *ssl)
+	{
+	if (ssl == NULL)
+		{
+		SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,ERR_R_PASSED_NULL_PARAMETER);
+		return(0);
+		}
+	if (ssl->cert == NULL)
+		{
+                SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED);
+		return 0;
+		}
+	if (ssl->cert->key->x509 == NULL)
+		{
+		SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED);
+		return(0);
+		}
+	if (ssl->cert->key->privatekey == NULL)
+		{
+		SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_PRIVATE_KEY_ASSIGNED);
+		return(0);
+		}
+	return(X509_check_private_key(ssl->cert->key->x509,
+		ssl->cert->key->privatekey));
+	}
+
+int SSL_accept(SSL *s)
+	{
+	if (s->handshake_func == 0)
+		/* Not properly initialized yet */
+		SSL_set_accept_state(s);
+
+	return(s->method->ssl_accept(s));
+	}
+
+int SSL_connect(SSL *s)
+	{
+	if (s->handshake_func == 0)
+		/* Not properly initialized yet */
+		SSL_set_connect_state(s);
+
+	return(s->method->ssl_connect(s));
+	}
+
+long SSL_get_default_timeout(SSL *s)
+	{
+	return(s->method->get_timeout());
+	}
+
+int SSL_read(SSL *s,char *buf,int num)
+	{
+	if (s->handshake_func == 0)
+		{
+		SSLerr(SSL_F_SSL_READ, SSL_R_UNINITIALIZED);
+		return -1;
+		}
+
+	if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
+		{
+		s->rwstate=SSL_NOTHING;
+		return(0);
+		}
+	return(s->method->ssl_read(s,buf,num));
+	}
+
+int SSL_peek(SSL *s,char *buf,int num)
+	{
+	if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
+		{
+		return(0);
+		}
+	return(s->method->ssl_peek(s,buf,num));
+	}
+
+int SSL_write(SSL *s,const char *buf,int num)
+	{
+	if (s->handshake_func == 0)
+		{
+		SSLerr(SSL_F_SSL_WRITE, SSL_R_UNINITIALIZED);
+		return -1;
+		}
+
+	if (s->shutdown & SSL_SENT_SHUTDOWN)
+		{
+		s->rwstate=SSL_NOTHING;
+		SSLerr(SSL_F_SSL_WRITE,SSL_R_PROTOCOL_IS_SHUTDOWN);
+		return(-1);
+		}
+	return(s->method->ssl_write(s,buf,num));
+	}
+
+int SSL_shutdown(SSL *s)
+	{
+	/* Note that this function behaves differently from what one might
+	 * expect.  Return values are 0 for no success (yet),
+	 * 1 for success; but calling it once is usually not enough,
+	 * even if blocking I/O is used (see ssl3_shutdown).
+	 */
+
+	if (s->handshake_func == 0)
+		{
+		SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_UNINITIALIZED);
+		return -1;
+		}
+
+	if ((s != NULL) && !SSL_in_init(s))
+		return(s->method->ssl_shutdown(s));
+	else
+		return(1);
+	}
+
+int SSL_renegotiate(SSL *s)
+	{
+	s->new_session=1;
+	return(s->method->ssl_renegotiate(s));
+	}
+
+long SSL_ctrl(SSL *s,int cmd,long larg,char *parg)
+	{
+	long l;
+
+	switch (cmd)
+		{
+	case SSL_CTRL_GET_READ_AHEAD:
+		return(s->read_ahead);
+	case SSL_CTRL_SET_READ_AHEAD:
+		l=s->read_ahead;
+		s->read_ahead=larg;
+		return(l);
+	case SSL_CTRL_OPTIONS:
+		return(s->options|=larg);
+	case SSL_CTRL_MODE:
+		return(s->mode|=larg);
+	default:
+		return(s->method->ssl_ctrl(s,cmd,larg,parg));
+		}
+	}
+
+long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd,long larg,char *parg)
+	{
+	long l;
+
+	switch (cmd)
+		{
+	case SSL_CTRL_GET_READ_AHEAD:
+		return(ctx->read_ahead);
+	case SSL_CTRL_SET_READ_AHEAD:
+		l=ctx->read_ahead;
+		ctx->read_ahead=larg;
+		return(l);
+
+	case SSL_CTRL_SET_SESS_CACHE_SIZE:
+		l=ctx->session_cache_size;
+		ctx->session_cache_size=larg;
+		return(l);
+	case SSL_CTRL_GET_SESS_CACHE_SIZE:
+		return(ctx->session_cache_size);
+	case SSL_CTRL_SET_SESS_CACHE_MODE:
+		l=ctx->session_cache_mode;
+		ctx->session_cache_mode=larg;
+		return(l);
+	case SSL_CTRL_GET_SESS_CACHE_MODE:
+		return(ctx->session_cache_mode);
+
+	case SSL_CTRL_SESS_NUMBER:
+		return(ctx->sessions->num_items);
+	case SSL_CTRL_SESS_CONNECT:
+		return(ctx->stats.sess_connect);
+	case SSL_CTRL_SESS_CONNECT_GOOD:
+		return(ctx->stats.sess_connect_good);
+	case SSL_CTRL_SESS_CONNECT_RENEGOTIATE:
+		return(ctx->stats.sess_connect_renegotiate);
+	case SSL_CTRL_SESS_ACCEPT:
+		return(ctx->stats.sess_accept);
+	case SSL_CTRL_SESS_ACCEPT_GOOD:
+		return(ctx->stats.sess_accept_good);
+	case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE:
+		return(ctx->stats.sess_accept_renegotiate);
+	case SSL_CTRL_SESS_HIT:
+		return(ctx->stats.sess_hit);
+	case SSL_CTRL_SESS_CB_HIT:
+		return(ctx->stats.sess_cb_hit);
+	case SSL_CTRL_SESS_MISSES:
+		return(ctx->stats.sess_miss);
+	case SSL_CTRL_SESS_TIMEOUTS:
+		return(ctx->stats.sess_timeout);
+	case SSL_CTRL_SESS_CACHE_FULL:
+		return(ctx->stats.sess_cache_full);
+	case SSL_CTRL_OPTIONS:
+		return(ctx->options|=larg);
+	case SSL_CTRL_MODE:
+		return(ctx->mode|=larg);
+	default:
+		return(ctx->method->ssl_ctx_ctrl(ctx,cmd,larg,parg));
+		}
+	}
+
+int ssl_cipher_id_cmp(SSL_CIPHER *a,SSL_CIPHER *b)
+	{
+	long l;
+
+	l=a->id-b->id;
+	if (l == 0L)
+		return(0);
+	else
+		return((l > 0)?1:-1);
+	}
+
+int ssl_cipher_ptr_id_cmp(SSL_CIPHER **ap,SSL_CIPHER **bp)
+	{
+	long l;
+
+	l=(*ap)->id-(*bp)->id;
+	if (l == 0L)
+		return(0);
+	else
+		return((l > 0)?1:-1);
+	}
+
+/** return a STACK of the ciphers available for the SSL and in order of
+ * preference */
+STACK_OF(SSL_CIPHER) *SSL_get_ciphers(SSL *s)
+	{
+	if ((s != NULL) && (s->cipher_list != NULL))
+		{
+		return(s->cipher_list);
+		}
+	else if ((s->ctx != NULL) &&
+		(s->ctx->cipher_list != NULL))
+		{
+		return(s->ctx->cipher_list);
+		}
+	return(NULL);
+	}
+
+/** return a STACK of the ciphers available for the SSL and in order of
+ * algorithm id */
+STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s)
+	{
+	if ((s != NULL) && (s->cipher_list_by_id != NULL))
+		{
+		return(s->cipher_list_by_id);
+		}
+	else if ((s != NULL) && (s->ctx != NULL) &&
+		(s->ctx->cipher_list_by_id != NULL))
+		{
+		return(s->ctx->cipher_list_by_id);
+		}
+	return(NULL);
+	}
+
+/** The old interface to get the same thing as SSL_get_ciphers() */
+const char *SSL_get_cipher_list(SSL *s,int n)
+	{
+	SSL_CIPHER *c;
+	STACK_OF(SSL_CIPHER) *sk;
+
+	if (s == NULL) return(NULL);
+	sk=SSL_get_ciphers(s);
+	if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= n))
+		return(NULL);
+	c=sk_SSL_CIPHER_value(sk,n);
+	if (c == NULL) return(NULL);
+	return(c->name);
+	}
+
+/** specify the ciphers to be used by defaut by the SSL_CTX */
+int SSL_CTX_set_cipher_list(SSL_CTX *ctx,char *str)
+	{
+	STACK_OF(SSL_CIPHER) *sk;
+	
+	sk=ssl_create_cipher_list(ctx->method,&ctx->cipher_list,
+		&ctx->cipher_list_by_id,str);
+/* XXXX */
+	return((sk == NULL)?0:1);
+	}
+
+/** specify the ciphers to be used by the SSL */
+int SSL_set_cipher_list(SSL *s,char *str)
+	{
+	STACK_OF(SSL_CIPHER) *sk;
+	
+	sk=ssl_create_cipher_list(s->ctx->method,&s->cipher_list,
+		&s->cipher_list_by_id,str);
+/* XXXX */
+	return((sk == NULL)?0:1);
+	}
+
+/* works well for SSLv2, not so good for SSLv3 */
+char *SSL_get_shared_ciphers(SSL *s,char *buf,int len)
+	{
+	char *p;
+	const char *cp;
+	STACK_OF(SSL_CIPHER) *sk;
+	SSL_CIPHER *c;
+	int i;
+
+	if ((s->session == NULL) || (s->session->ciphers == NULL) ||
+		(len < 2))
+		return(NULL);
+
+	p=buf;
+	sk=s->session->ciphers;
+	for (i=0; iname; *cp; )
+			{
+			if (len-- == 0)
+				{
+				*p='\0';
+				return(buf);
+				}
+			else
+				*(p++)= *(cp++);
+			}
+		*(p++)=':';
+		}
+	p[-1]='\0';
+	return(buf);
+	}
+
+int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p)
+	{
+	int i,j=0;
+	SSL_CIPHER *c;
+	unsigned char *q;
+
+	if (sk == NULL) return(0);
+	q=p;
+
+	for (i=0; isession_id[0]     )|
+		((unsigned int) a->session_id[1]<< 8L)|
+		((unsigned long)a->session_id[2]<<16L)|
+		((unsigned long)a->session_id[3]<<24L);
+	return(l);
+	}
+
+int SSL_SESSION_cmp(SSL_SESSION *a,SSL_SESSION *b)
+	{
+	if (a->ssl_version != b->ssl_version)
+		return(1);
+	if (a->session_id_length != b->session_id_length)
+		return(1);
+	return(memcmp(a->session_id,b->session_id,a->session_id_length));
+	}
+
+SSL_CTX *SSL_CTX_new(SSL_METHOD *meth)
+	{
+	SSL_CTX *ret=NULL;
+	
+	if (meth == NULL)
+		{
+		SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_NULL_SSL_METHOD_PASSED);
+		return(NULL);
+		}
+
+	if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0)
+		{
+		SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
+		goto err;
+		}
+	ret=(SSL_CTX *)Malloc(sizeof(SSL_CTX));
+	if (ret == NULL)
+		goto err;
+
+	memset(ret,0,sizeof(SSL_CTX));
+
+	ret->method=meth;
+
+	ret->cert_store=NULL;
+	ret->session_cache_mode=SSL_SESS_CACHE_SERVER;
+	ret->session_cache_size=SSL_SESSION_CACHE_MAX_SIZE_DEFAULT;
+	ret->session_cache_head=NULL;
+	ret->session_cache_tail=NULL;
+
+	/* We take the system default */
+	ret->session_timeout=meth->get_timeout();
+
+	ret->new_session_cb=NULL;
+	ret->remove_session_cb=NULL;
+	ret->get_session_cb=NULL;
+
+	memset((char *)&ret->stats,0,sizeof(ret->stats));
+
+	ret->references=1;
+	ret->quiet_shutdown=0;
+
+/*	ret->cipher=NULL;*/
+/*	ret->s2->challenge=NULL;
+	ret->master_key=NULL;
+	ret->key_arg=NULL;
+	ret->s2->conn_id=NULL; */
+
+	ret->info_callback=NULL;
+
+	ret->app_verify_callback=NULL;
+	ret->app_verify_arg=NULL;
+
+	ret->read_ahead=0;
+	ret->verify_mode=SSL_VERIFY_NONE;
+	ret->verify_depth=-1; /* Don't impose a limit (but x509_lu.c does) */
+	ret->default_verify_callback=NULL;
+	if ((ret->cert=ssl_cert_new()) == NULL)
+		goto err;
+
+	ret->default_passwd_callback=NULL;
+	ret->default_passwd_callback_userdata=NULL;
+	ret->client_cert_cb=NULL;
+
+	ret->sessions=lh_new(SSL_SESSION_hash,SSL_SESSION_cmp);
+	if (ret->sessions == NULL) goto err;
+	ret->cert_store=X509_STORE_new();
+	if (ret->cert_store == NULL) goto err;
+
+	ssl_create_cipher_list(ret->method,
+		&ret->cipher_list,&ret->cipher_list_by_id,
+		SSL_DEFAULT_CIPHER_LIST);
+	if (ret->cipher_list == NULL
+	    || sk_SSL_CIPHER_num(ret->cipher_list) <= 0)
+		{
+		SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_LIBRARY_HAS_NO_CIPHERS);
+		goto err2;
+		}
+
+	if ((ret->rsa_md5=EVP_get_digestbyname("ssl2-md5")) == NULL)
+		{
+		SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES);
+		goto err2;
+		}
+	if ((ret->md5=EVP_get_digestbyname("ssl3-md5")) == NULL)
+		{
+		SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES);
+		goto err2;
+		}
+	if ((ret->sha1=EVP_get_digestbyname("ssl3-sha1")) == NULL)
+		{
+		SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES);
+		goto err2;
+		}
+
+	if ((ret->client_CA=sk_X509_NAME_new_null()) == NULL)
+		goto err;
+
+	CRYPTO_new_ex_data(ssl_ctx_meth,(char *)ret,&ret->ex_data);
+
+	ret->extra_certs=NULL;
+	ret->comp_methods=SSL_COMP_get_compression_methods();
+
+	return(ret);
+err:
+	SSLerr(SSL_F_SSL_CTX_NEW,ERR_R_MALLOC_FAILURE);
+err2:
+	if (ret != NULL) SSL_CTX_free(ret);
+	return(NULL);
+	}
+
+static void SSL_COMP_free(SSL_COMP *comp)
+    { Free(comp); }
+
+void SSL_CTX_free(SSL_CTX *a)
+	{
+	int i;
+
+	if (a == NULL) return;
+
+	i=CRYPTO_add(&a->references,-1,CRYPTO_LOCK_SSL_CTX);
+#ifdef REF_PRINT
+	REF_PRINT("SSL_CTX",a);
+#endif
+	if (i > 0) return;
+#ifdef REF_CHECK
+	if (i < 0)
+		{
+		fprintf(stderr,"SSL_CTX_free, bad reference count\n");
+		abort(); /* ok */
+		}
+#endif
+	CRYPTO_free_ex_data(ssl_ctx_meth,(char *)a,&a->ex_data);
+
+	if (a->sessions != NULL)
+		{
+		SSL_CTX_flush_sessions(a,0);
+		lh_free(a->sessions);
+		}
+	if (a->cert_store != NULL)
+		X509_STORE_free(a->cert_store);
+	if (a->cipher_list != NULL)
+		sk_SSL_CIPHER_free(a->cipher_list);
+	if (a->cipher_list_by_id != NULL)
+		sk_SSL_CIPHER_free(a->cipher_list_by_id);
+	if (a->cert != NULL)
+		ssl_cert_free(a->cert);
+	if (a->client_CA != NULL)
+		sk_X509_NAME_pop_free(a->client_CA,X509_NAME_free);
+	if (a->extra_certs != NULL)
+		sk_X509_pop_free(a->extra_certs,X509_free);
+	if (a->comp_methods != NULL)
+		sk_SSL_COMP_pop_free(a->comp_methods,SSL_COMP_free);
+	Free((char *)a);
+	}
+
+void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb)
+	{
+	ctx->default_passwd_callback=cb;
+	}
+
+void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx,void *u)
+	{
+	ctx->default_passwd_callback_userdata=u;
+	}
+
+void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx,int (*cb)(),char *arg)
+	{
+	/* now
+	 *     int (*cb)(X509_STORE_CTX *),
+	 * but should be
+	 *     int (*cb)(X509_STORE_CTX *, void *arg)
+	 */
+	ctx->app_verify_callback=cb;
+	ctx->app_verify_arg=arg; /* never used */
+	}
+
+void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,int (*cb)(int, X509_STORE_CTX *))
+	{
+	ctx->verify_mode=mode;
+	ctx->default_verify_callback=cb;
+	/* This needs cleaning up EAY EAY EAY */
+	X509_STORE_set_verify_cb_func(ctx->cert_store,cb);
+	}
+
+void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth)
+	{
+	ctx->verify_depth=depth;
+	}
+
+void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher)
+	{
+	CERT_PKEY *cpk;
+	int rsa_enc,rsa_tmp,rsa_sign,dh_tmp,dh_rsa,dh_dsa,dsa_sign;
+	int rsa_enc_export,dh_rsa_export,dh_dsa_export;
+	int rsa_tmp_export,dh_tmp_export,kl;
+	unsigned long mask,emask;
+
+	if (c == NULL) return;
+
+	kl=SSL_C_EXPORT_PKEYLENGTH(cipher);
+
+#ifndef NO_RSA
+	rsa_tmp=(c->rsa_tmp != NULL || c->rsa_tmp_cb != NULL);
+	rsa_tmp_export=(c->rsa_tmp_cb != NULL ||
+		(rsa_tmp && RSA_size(c->rsa_tmp)*8 <= kl));
+#else
+	rsa_tmp=rsa_tmp_export=0;
+#endif
+#ifndef NO_DH
+	dh_tmp=(c->dh_tmp != NULL || c->dh_tmp_cb != NULL);
+	dh_tmp_export=(c->dh_tmp_cb != NULL ||
+		(dh_tmp && DH_size(c->dh_tmp)*8 <= kl));
+#else
+	dh_tmp=dh_tmp_export=0;
+#endif
+
+	cpk= &(c->pkeys[SSL_PKEY_RSA_ENC]);
+	rsa_enc= (cpk->x509 != NULL && cpk->privatekey != NULL);
+	rsa_enc_export=(rsa_enc && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
+	cpk= &(c->pkeys[SSL_PKEY_RSA_SIGN]);
+	rsa_sign=(cpk->x509 != NULL && cpk->privatekey != NULL);
+	cpk= &(c->pkeys[SSL_PKEY_DSA_SIGN]);
+	dsa_sign=(cpk->x509 != NULL && cpk->privatekey != NULL);
+	cpk= &(c->pkeys[SSL_PKEY_DH_RSA]);
+	dh_rsa=  (cpk->x509 != NULL && cpk->privatekey != NULL);
+	dh_rsa_export=(dh_rsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
+	cpk= &(c->pkeys[SSL_PKEY_DH_DSA]);
+/* FIX THIS EAY EAY EAY */
+	dh_dsa=  (cpk->x509 != NULL && cpk->privatekey != NULL);
+	dh_dsa_export=(dh_dsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
+
+	mask=0;
+	emask=0;
+
+#ifdef CIPHER_DEBUG
+	printf("rt=%d rte=%d dht=%d re=%d ree=%d rs=%d ds=%d dhr=%d dhd=%d\n",
+		rsa_tmp,rsa_tmp_export,dh_tmp,
+		rsa_enc,rsa_enc_export,rsa_sign,dsa_sign,dh_rsa,dh_dsa);
+#endif
+
+	if (rsa_enc || (rsa_tmp && rsa_sign))
+		mask|=SSL_kRSA;
+	if (rsa_enc_export || (rsa_tmp_export && (rsa_sign || rsa_enc)))
+		emask|=SSL_kRSA;
+
+#if 0
+	/* The match needs to be both kEDH and aRSA or aDSA, so don't worry */
+	if (	(dh_tmp || dh_rsa || dh_dsa) && 
+		(rsa_enc || rsa_sign || dsa_sign))
+		mask|=SSL_kEDH;
+	if ((dh_tmp_export || dh_rsa_export || dh_dsa_export) &&
+		(rsa_enc || rsa_sign || dsa_sign))
+		emask|=SSL_kEDH;
+#endif
+
+	if (dh_tmp_export) 
+		emask|=SSL_kEDH;
+
+	if (dh_tmp)
+		mask|=SSL_kEDH;
+
+	if (dh_rsa) mask|=SSL_kDHr;
+	if (dh_rsa_export) emask|=SSL_kDHr;
+
+	if (dh_dsa) mask|=SSL_kDHd;
+	if (dh_dsa_export) emask|=SSL_kDHd;
+
+	if (rsa_enc || rsa_sign)
+		{
+		mask|=SSL_aRSA;
+		emask|=SSL_aRSA;
+		}
+
+	if (dsa_sign)
+		{
+		mask|=SSL_aDSS;
+		emask|=SSL_aDSS;
+		}
+
+#ifdef SSL_ALLOW_ADH
+	mask|=SSL_aNULL;
+	emask|=SSL_aNULL;
+#endif
+
+	c->mask=mask;
+	c->export_mask=emask;
+	c->valid=1;
+	}
+
+/* THIS NEEDS CLEANING UP */
+X509 *ssl_get_server_send_cert(SSL *s)
+	{
+	unsigned long alg,mask,kalg;
+	CERT *c;
+	int i,is_export;
+
+	c=s->cert;
+	ssl_set_cert_masks(c, s->s3->tmp.new_cipher);
+	alg=s->s3->tmp.new_cipher->algorithms;
+	is_export=SSL_IS_EXPORT(alg);
+	mask=is_export?c->export_mask:c->mask;
+	kalg=alg&(SSL_MKEY_MASK|SSL_AUTH_MASK);
+
+	if 	(kalg & SSL_kDHr)
+		i=SSL_PKEY_DH_RSA;
+	else if (kalg & SSL_kDHd)
+		i=SSL_PKEY_DH_DSA;
+	else if (kalg & SSL_aDSS)
+		i=SSL_PKEY_DSA_SIGN;
+	else if (kalg & SSL_aRSA)
+		{
+		if (c->pkeys[SSL_PKEY_RSA_ENC].x509 == NULL)
+			i=SSL_PKEY_RSA_SIGN;
+		else
+			i=SSL_PKEY_RSA_ENC;
+		}
+	else /* if (kalg & SSL_aNULL) */
+		{
+		SSLerr(SSL_F_SSL_GET_SERVER_SEND_CERT,SSL_R_INTERNAL_ERROR);
+		return(NULL);
+		}
+	if (c->pkeys[i].x509 == NULL) return(NULL);
+	return(c->pkeys[i].x509);
+	}
+
+EVP_PKEY *ssl_get_sign_pkey(SSL *s,SSL_CIPHER *cipher)
+	{
+	unsigned long alg;
+	CERT *c;
+
+	alg=cipher->algorithms;
+	c=s->cert;
+
+	if ((alg & SSL_aDSS) &&
+		(c->pkeys[SSL_PKEY_DSA_SIGN].privatekey != NULL))
+		return(c->pkeys[SSL_PKEY_DSA_SIGN].privatekey);
+	else if (alg & SSL_aRSA)
+		{
+		if (c->pkeys[SSL_PKEY_RSA_SIGN].privatekey != NULL)
+			return(c->pkeys[SSL_PKEY_RSA_SIGN].privatekey);
+		else if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey != NULL)
+			return(c->pkeys[SSL_PKEY_RSA_ENC].privatekey);
+		else
+			return(NULL);
+		}
+	else /* if (alg & SSL_aNULL) */
+		{
+		SSLerr(SSL_F_SSL_GET_SIGN_PKEY,SSL_R_INTERNAL_ERROR);
+		return(NULL);
+		}
+	}
+
+void ssl_update_cache(SSL *s,int mode)
+	{
+	int i;
+
+	/* If the session_id_length is 0, we are not supposed to cache it,
+	 * and it would be rather hard to do anyway :-) */
+	if (s->session->session_id_length == 0) return;
+
+	if ((s->ctx->session_cache_mode & mode)
+		&& (!s->hit)
+		&& SSL_CTX_add_session(s->ctx,s->session)
+		&& (s->ctx->new_session_cb != NULL))
+		{
+		CRYPTO_add(&s->session->references,1,CRYPTO_LOCK_SSL_SESSION);
+		if (!s->ctx->new_session_cb(s,s->session))
+			SSL_SESSION_free(s->session);
+		}
+
+	/* auto flush every 255 connections */
+	i=s->ctx->session_cache_mode;
+	if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) &&
+		((i & mode) == mode))
+		{
+		if (  (((mode & SSL_SESS_CACHE_CLIENT)
+			?s->ctx->stats.sess_connect_good
+			:s->ctx->stats.sess_accept_good) & 0xff) == 0xff)
+			{
+			SSL_CTX_flush_sessions(s->ctx,time(NULL));
+			}
+		}
+	}
+
+SSL_METHOD *SSL_get_ssl_method(SSL *s)
+	{
+	return(s->method);
+	}
+
+int SSL_set_ssl_method(SSL *s,SSL_METHOD *meth)
+	{
+	int conn= -1;
+	int ret=1;
+
+	if (s->method != meth)
+		{
+		if (s->handshake_func != NULL)
+			conn=(s->handshake_func == s->method->ssl_connect);
+
+		if (s->method->version == meth->version)
+			s->method=meth;
+		else
+			{
+			s->method->ssl_free(s);
+			s->method=meth;
+			ret=s->method->ssl_new(s);
+			}
+
+		if (conn == 1)
+			s->handshake_func=meth->ssl_connect;
+		else if (conn == 0)
+			s->handshake_func=meth->ssl_accept;
+		}
+	return(ret);
+	}
+
+int SSL_get_error(SSL *s,int i)
+	{
+	int reason;
+	unsigned long l;
+	BIO *bio;
+
+	if (i > 0) return(SSL_ERROR_NONE);
+
+	/* Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake
+	 * etc, where we do encode the error */
+	if ((l=ERR_peek_error()) != 0)
+		{
+		if (ERR_GET_LIB(l) == ERR_LIB_SYS)
+			return(SSL_ERROR_SYSCALL);
+		else
+			return(SSL_ERROR_SSL);
+		}
+
+	if ((i < 0) && SSL_want_read(s))
+		{
+		bio=SSL_get_rbio(s);
+		if (BIO_should_read(bio))
+			return(SSL_ERROR_WANT_READ);
+		else if (BIO_should_write(bio))
+			/* This one doesn't make too much sense ... We never try
+			 * to write to the rbio, and an application program where
+			 * rbio and wbio are separate couldn't even know what it
+			 * should wait for.
+			 * However if we ever set s->rwstate incorrectly
+			 * (so that we have SSL_want_read(s) instead of
+			 * SSL_want_write(s)) and rbio and wbio *are* the same,
+			 * this test works around that bug; so it might be safer
+			 * to keep it. */
+			return(SSL_ERROR_WANT_WRITE);
+		else if (BIO_should_io_special(bio))
+			{
+			reason=BIO_get_retry_reason(bio);
+			if (reason == BIO_RR_CONNECT)
+				return(SSL_ERROR_WANT_CONNECT);
+			else
+				return(SSL_ERROR_SYSCALL); /* unknown */
+			}
+		}
+
+	if ((i < 0) && SSL_want_write(s))
+		{
+		bio=SSL_get_wbio(s);
+		if (BIO_should_write(bio))
+			return(SSL_ERROR_WANT_WRITE);
+		else if (BIO_should_read(bio))
+			/* See above (SSL_want_read(s) with BIO_should_write(bio)) */
+			return(SSL_ERROR_WANT_READ);
+		else if (BIO_should_io_special(bio))
+			{
+			reason=BIO_get_retry_reason(bio);
+			if (reason == BIO_RR_CONNECT)
+				return(SSL_ERROR_WANT_CONNECT);
+			else
+				return(SSL_ERROR_SYSCALL);
+			}
+		}
+	if ((i < 0) && SSL_want_x509_lookup(s))
+		{
+		return(SSL_ERROR_WANT_X509_LOOKUP);
+		}
+
+	if (i == 0)
+		{
+		if (s->version == SSL2_VERSION)
+			{
+			/* assume it is the socket being closed */
+			return(SSL_ERROR_ZERO_RETURN);
+			}
+		else
+			{
+			if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) &&
+				(s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY))
+				return(SSL_ERROR_ZERO_RETURN);
+			}
+		}
+	return(SSL_ERROR_SYSCALL);
+	}
+
+int SSL_do_handshake(SSL *s)
+	{
+	int ret=1;
+
+	if (s->handshake_func == NULL)
+		{
+		SSLerr(SSL_F_SSL_DO_HANDSHAKE,SSL_R_CONNECTION_TYPE_NOT_SET);
+		return(-1);
+		}
+
+	s->method->ssl_renegotiate_check(s);
+
+	if (SSL_in_init(s) || SSL_in_before(s))
+		{
+		ret=s->handshake_func(s);
+		}
+	return(ret);
+	}
+
+/* For the next 2 functions, SSL_clear() sets shutdown and so
+ * one of these calls will reset it */
+void SSL_set_accept_state(SSL *s)
+	{
+	s->server=1;
+	s->shutdown=0;
+	s->state=SSL_ST_ACCEPT|SSL_ST_BEFORE;
+	s->handshake_func=s->method->ssl_accept;
+	/* clear the current cipher */
+	ssl_clear_cipher_ctx(s);
+	}
+
+void SSL_set_connect_state(SSL *s)
+	{
+	s->server=0;
+	s->shutdown=0;
+	s->state=SSL_ST_CONNECT|SSL_ST_BEFORE;
+	s->handshake_func=s->method->ssl_connect;
+	/* clear the current cipher */
+	ssl_clear_cipher_ctx(s);
+	}
+
+int ssl_undefined_function(SSL *s)
+	{
+	SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+	return(0);
+	}
+
+SSL_METHOD *ssl_bad_method(int ver)
+	{
+	SSLerr(SSL_F_SSL_BAD_METHOD,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+	return(NULL);
+	}
+
+char *SSL_get_version(SSL *s)
+	{
+	if (s->version == TLS1_VERSION)
+		return("TLSv1");
+	else if (s->version == SSL3_VERSION)
+		return("SSLv3");
+	else if (s->version == SSL2_VERSION)
+		return("SSLv2");
+	else
+		return("unknown");
+	}
+
+SSL *SSL_dup(SSL *s)
+	{
+	STACK_OF(X509_NAME) *sk;
+	X509_NAME *xn;
+	SSL *ret;
+	int i;
+		 
+	if ((ret=SSL_new(SSL_get_SSL_CTX(s))) == NULL)
+	    return(NULL);
+			  
+	if (s->session != NULL)
+		{
+		/* This copies session-id, SSL_METHOD, sid_ctx, and 'cert' */
+		SSL_copy_session_id(ret,s);
+		}
+	else
+		{
+		/* No session has been established yet, so we have to expect
+		 * that s->cert or ret->cert will be changed later --
+		 * they should not both point to the same object,
+		 * and thus we can't use SSL_copy_session_id. */
+
+		ret->method = s->method;
+		ret->method->ssl_new(ret);
+
+		if (s->cert != NULL)
+			{
+			ret->cert = ssl_cert_dup(s->cert);
+			if (ret->cert == NULL)
+				goto err;
+			}
+				
+		SSL_set_session_id_context(ret,
+			s->sid_ctx, s->sid_ctx_length);
+		}
+
+	SSL_set_read_ahead(ret,SSL_get_read_ahead(s));
+	SSL_set_verify(ret,SSL_get_verify_mode(s),
+		SSL_get_verify_callback(s));
+	SSL_set_verify_depth(ret,SSL_get_verify_depth(s));
+
+	SSL_set_info_callback(ret,SSL_get_info_callback(s));
+	
+	ret->debug=s->debug;
+	ret->options=s->options;
+
+	/* copy app data, a little dangerous perhaps */
+	if (!CRYPTO_dup_ex_data(ssl_meth,&ret->ex_data,&s->ex_data))
+		goto err;
+
+	/* setup rbio, and wbio */
+	if (s->rbio != NULL)
+		{
+		if (!BIO_dup_state(s->rbio,(char *)&ret->rbio))
+			goto err;
+		}
+	if (s->wbio != NULL)
+		{
+		if (s->wbio != s->rbio)
+			{
+			if (!BIO_dup_state(s->wbio,(char *)&ret->wbio))
+				goto err;
+			}
+		else
+			ret->wbio=ret->rbio;
+		}
+
+	/* dup the cipher_list and cipher_list_by_id stacks */
+	if (s->cipher_list != NULL)
+		{
+		if ((ret->cipher_list=sk_SSL_CIPHER_dup(s->cipher_list)) == NULL)
+			goto err;
+		}
+	if (s->cipher_list_by_id != NULL)
+		if ((ret->cipher_list_by_id=sk_SSL_CIPHER_dup(s->cipher_list_by_id))
+			== NULL)
+			goto err;
+
+	/* Dup the client_CA list */
+	if (s->client_CA != NULL)
+		{
+		if ((sk=sk_X509_NAME_dup(s->client_CA)) == NULL) goto err;
+		ret->client_CA=sk;
+		for (i=0; ishutdown=s->shutdown;
+	ret->state=s->state;
+	ret->handshake_func=s->handshake_func;
+	ret->server=s->server;
+
+	if (0)
+		{
+err:
+		if (ret != NULL) SSL_free(ret);
+		ret=NULL;
+		}
+	return(ret);
+	}
+
+void ssl_clear_cipher_ctx(SSL *s)
+	{
+	if (s->enc_read_ctx != NULL)
+		{
+		EVP_CIPHER_CTX_cleanup(s->enc_read_ctx);
+		Free(s->enc_read_ctx);
+		s->enc_read_ctx=NULL;
+		}
+	if (s->enc_write_ctx != NULL)
+		{
+		EVP_CIPHER_CTX_cleanup(s->enc_write_ctx);
+		Free(s->enc_write_ctx);
+		s->enc_write_ctx=NULL;
+		}
+	if (s->expand != NULL)
+		{
+		COMP_CTX_free(s->expand);
+		s->expand=NULL;
+		}
+	if (s->compress != NULL)
+		{
+		COMP_CTX_free(s->compress);
+		s->compress=NULL;
+		}
+	}
+
+/* Fix this function so that it takes an optional type parameter */
+X509 *SSL_get_certificate(SSL *s)
+	{
+	if (s->cert != NULL)
+		return(s->cert->key->x509);
+	else
+		return(NULL);
+	}
+
+/* Fix this function so that it takes an optional type parameter */
+EVP_PKEY *SSL_get_privatekey(SSL *s)
+	{
+	if (s->cert != NULL)
+		return(s->cert->key->privatekey);
+	else
+		return(NULL);
+	}
+
+SSL_CIPHER *SSL_get_current_cipher(SSL *s)
+	{
+	if ((s->session != NULL) && (s->session->cipher != NULL))
+		return(s->session->cipher);
+	return(NULL);
+	}
+
+int ssl_init_wbio_buffer(SSL *s,int push)
+	{
+	BIO *bbio;
+
+	if (s->bbio == NULL)
+		{
+		bbio=BIO_new(BIO_f_buffer());
+		if (bbio == NULL) return(0);
+		s->bbio=bbio;
+		}
+	else
+		{
+		bbio=s->bbio;
+		if (s->bbio == s->wbio)
+			s->wbio=BIO_pop(s->wbio);
+		}
+	(void)BIO_reset(bbio);
+/*	if (!BIO_set_write_buffer_size(bbio,16*1024)) */
+	if (!BIO_set_read_buffer_size(bbio,1))
+		{
+		SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER,ERR_R_BUF_LIB);
+		return(0);
+		}
+	if (push)
+		{
+		if (s->wbio != bbio)
+			s->wbio=BIO_push(bbio,s->wbio);
+		}
+	else
+		{
+		if (s->wbio == bbio)
+			s->wbio=BIO_pop(bbio);
+		}
+	return(1);
+	}
+
+void ssl_free_wbio_buffer(SSL *s)
+	{
+	BIO *under;
+
+	if (s->bbio == NULL) return;
+
+	if (s->bbio == s->wbio)
+		{
+		/* remove buffering */
+		under=BIO_pop(s->wbio);
+		if (under != NULL)
+			s->wbio=under;
+		else
+			abort(); /* ok */
+		}
+	BIO_free(s->bbio);
+	s->bbio=NULL;
+	}
+	
+void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx,int mode)
+	{
+	ctx->quiet_shutdown=mode;
+	}
+
+int SSL_CTX_get_quiet_shutdown(SSL_CTX *ctx)
+	{
+	return(ctx->quiet_shutdown);
+	}
+
+void SSL_set_quiet_shutdown(SSL *s,int mode)
+	{
+	s->quiet_shutdown=mode;
+	}
+
+int SSL_get_quiet_shutdown(SSL *s)
+	{
+	return(s->quiet_shutdown);
+	}
+
+void SSL_set_shutdown(SSL *s,int mode)
+	{
+	s->shutdown=mode;
+	}
+
+int SSL_get_shutdown(SSL *s)
+	{
+	return(s->shutdown);
+	}
+
+int SSL_version(SSL *s)
+	{
+	return(s->version);
+	}
+
+SSL_CTX *SSL_get_SSL_CTX(SSL *ssl)
+	{
+	return(ssl->ctx);
+	}
+
+#ifndef NO_STDIO
+int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx)
+	{
+	return(X509_STORE_set_default_paths(ctx->cert_store));
+	}
+
+int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
+		const char *CApath)
+	{
+	return(X509_STORE_load_locations(ctx->cert_store,CAfile,CApath));
+	}
+#endif
+
+void SSL_set_info_callback(SSL *ssl,void (*cb)())
+	{
+	ssl->info_callback=cb;
+	}
+
+void (*SSL_get_info_callback(SSL *ssl))(void)
+	{
+	return((void (*)())ssl->info_callback);
+	}
+
+int SSL_state(SSL *ssl)
+	{
+	return(ssl->state);
+	}
+
+void SSL_set_verify_result(SSL *ssl,long arg)
+	{
+	ssl->verify_result=arg;
+	}
+
+long SSL_get_verify_result(SSL *ssl)
+	{
+	return(ssl->verify_result);
+	}
+
+int SSL_get_ex_new_index(long argl,char *argp,int (*new_func)(),
+			 int (*dup_func)(),void (*free_func)())
+	{
+	ssl_meth_num++;
+	return(CRYPTO_get_ex_new_index(ssl_meth_num-1,
+		&ssl_meth,argl,argp,new_func,dup_func,free_func));
+	}
+
+int SSL_set_ex_data(SSL *s,int idx,void *arg)
+	{
+	return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));
+	}
+
+void *SSL_get_ex_data(SSL *s,int idx)
+	{
+	return(CRYPTO_get_ex_data(&s->ex_data,idx));
+	}
+
+int SSL_CTX_get_ex_new_index(long argl,char *argp,int (*new_func)(),
+			     int (*dup_func)(),void (*free_func)())
+	{
+	ssl_ctx_meth_num++;
+	return(CRYPTO_get_ex_new_index(ssl_ctx_meth_num-1,
+		&ssl_ctx_meth,argl,argp,new_func,dup_func,free_func));
+	}
+
+int SSL_CTX_set_ex_data(SSL_CTX *s,int idx,void *arg)
+	{
+	return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));
+	}
+
+void *SSL_CTX_get_ex_data(SSL_CTX *s,int idx)
+	{
+	return(CRYPTO_get_ex_data(&s->ex_data,idx));
+	}
+
+int ssl_ok(SSL *s)
+	{
+	return(1);
+	}
+
+X509_STORE *SSL_CTX_get_cert_store(SSL_CTX *ctx)
+	{
+	return(ctx->cert_store);
+	}
+
+void SSL_CTX_set_cert_store(SSL_CTX *ctx,X509_STORE *store)
+	{
+	if (ctx->cert_store != NULL)
+		X509_STORE_free(ctx->cert_store);
+	ctx->cert_store=store;
+	}
+
+int SSL_want(SSL *s)
+	{
+	return(s->rwstate);
+	}
+
+/*!
+ * \brief Set the callback for generating temporary RSA keys.
+ * \param ctx the SSL context.
+ * \param cb the callback
+ */
+
+#ifndef NO_RSA
+void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,RSA *(*cb)(SSL *ssl,
+							  int is_export,
+							  int keylength))
+    { SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA_CB,0,(char *)cb); }
+#endif
+
+#ifndef NO_RSA
+void SSL_set_tmp_rsa_callback(SSL *ssl,RSA *(*cb)(SSL *ssl,int is_export,
+							  int keylength))
+    { SSL_ctrl(ssl,SSL_CTRL_SET_TMP_RSA_CB,0,(char *)cb); }
+#endif
+
+#ifdef DOXYGEN
+/*!
+ * \brief The RSA temporary key callback function.
+ * \param ssl the SSL session.
+ * \param is_export \c TRUE if the temp RSA key is for an export ciphersuite.
+ * \param keylength if \c is_export is \c TRUE, then \c keylength is the size
+ * of the required key in bits.
+ * \return the temporary RSA key.
+ * \sa SSL_CTX_set_tmp_rsa_callback, SSL_set_tmp_rsa_callback
+ */
+
+RSA *cb(SSL *ssl,int is_export,int keylength)
+    {}
+#endif
+
+/*!
+ * \brief Set the callback for generating temporary DH keys.
+ * \param ctx the SSL context.
+ * \param dh the callback
+ */
+
+#ifndef NO_DH
+void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,DH *(*dh)(SSL *ssl,int is_export,
+							int keylength))
+    { SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH_CB,0,(char *)dh); }
+
+void SSL_set_tmp_dh_callback(SSL *ssl,DH *(*dh)(SSL *ssl,int is_export,
+							int keylength))
+    { SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH_CB,0,(char *)dh); }
+#endif
+
+#if defined(_WINDLL) && defined(WIN16)
+#include "../crypto/bio/bss_file.c"
+#endif
+
+IMPLEMENT_STACK_OF(SSL_CIPHER)
+IMPLEMENT_STACK_OF(SSL_COMP)
diff --git a/crypto/openssl/ssl/ssl_locl.h b/crypto/openssl/ssl/ssl_locl.h
new file mode 100644
index 000000000000..0bfd57db3267
--- /dev/null
+++ b/crypto/openssl/ssl/ssl_locl.h
@@ -0,0 +1,499 @@
+/* ssl/ssl_locl.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_SSL_LOCL_H
+#define HEADER_SSL_LOCL_H
+#include 
+#include 
+#include 
+#include 
+
+#include "openssl/e_os.h"
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#define PKCS1_CHECK
+
+#define c2l(c,l)	(l = ((unsigned long)(*((c)++)))     , \
+			 l|=(((unsigned long)(*((c)++)))<< 8), \
+			 l|=(((unsigned long)(*((c)++)))<<16), \
+			 l|=(((unsigned long)(*((c)++)))<<24))
+
+/* NOTE - c is not incremented as per c2l */
+#define c2ln(c,l1,l2,n)	{ \
+			c+=n; \
+			l1=l2=0; \
+			switch (n) { \
+			case 8: l2 =((unsigned long)(*(--(c))))<<24; \
+			case 7: l2|=((unsigned long)(*(--(c))))<<16; \
+			case 6: l2|=((unsigned long)(*(--(c))))<< 8; \
+			case 5: l2|=((unsigned long)(*(--(c))));     \
+			case 4: l1 =((unsigned long)(*(--(c))))<<24; \
+			case 3: l1|=((unsigned long)(*(--(c))))<<16; \
+			case 2: l1|=((unsigned long)(*(--(c))))<< 8; \
+			case 1: l1|=((unsigned long)(*(--(c))));     \
+				} \
+			}
+
+#define l2c(l,c)	(*((c)++)=(unsigned char)(((l)    )&0xff), \
+			 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
+			 *((c)++)=(unsigned char)(((l)>>16)&0xff), \
+			 *((c)++)=(unsigned char)(((l)>>24)&0xff))
+
+#define n2l(c,l)	(l =((unsigned long)(*((c)++)))<<24, \
+			 l|=((unsigned long)(*((c)++)))<<16, \
+			 l|=((unsigned long)(*((c)++)))<< 8, \
+			 l|=((unsigned long)(*((c)++))))
+
+#define l2n(l,c)	(*((c)++)=(unsigned char)(((l)>>24)&0xff), \
+			 *((c)++)=(unsigned char)(((l)>>16)&0xff), \
+			 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
+			 *((c)++)=(unsigned char)(((l)    )&0xff))
+
+/* NOTE - c is not incremented as per l2c */
+#define l2cn(l1,l2,c,n)	{ \
+			c+=n; \
+			switch (n) { \
+			case 8: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
+			case 7: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
+			case 6: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
+			case 5: *(--(c))=(unsigned char)(((l2)    )&0xff); \
+			case 4: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
+			case 3: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
+			case 2: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
+			case 1: *(--(c))=(unsigned char)(((l1)    )&0xff); \
+				} \
+			}
+
+#define n2s(c,s)	((s=(((unsigned int)(c[0]))<< 8)| \
+			    (((unsigned int)(c[1]))    )),c+=2)
+#define s2n(s,c)	((c[0]=(unsigned char)(((s)>> 8)&0xff), \
+			  c[1]=(unsigned char)(((s)    )&0xff)),c+=2)
+
+#define n2l3(c,l)	((l =(((unsigned long)(c[0]))<<16)| \
+			     (((unsigned long)(c[1]))<< 8)| \
+			     (((unsigned long)(c[2]))    )),c+=3)
+
+#define l2n3(l,c)	((c[0]=(unsigned char)(((l)>>16)&0xff), \
+			  c[1]=(unsigned char)(((l)>> 8)&0xff), \
+			  c[2]=(unsigned char)(((l)    )&0xff)),c+=3)
+
+/* LOCAL STUFF */
+
+#define SSL_DECRYPT	0
+#define SSL_ENCRYPT	1
+
+#define TWO_BYTE_BIT	0x80
+#define SEC_ESC_BIT	0x40
+#define TWO_BYTE_MASK	0x7fff
+#define THREE_BYTE_MASK	0x3fff
+
+#define INC32(a)	((a)=((a)+1)&0xffffffffL)
+#define DEC32(a)	((a)=((a)-1)&0xffffffffL)
+#define MAX_MAC_SIZE	20 /* up from 16 for SSLv3 */
+
+#define SSL_MKEY_MASK		0x0000001FL
+#define SSL_kRSA		0x00000001L /* RSA key exchange */
+#define SSL_kDHr		0x00000002L /* DH cert RSA CA cert */
+#define SSL_kDHd		0x00000004L /* DH cert DSA CA cert */
+#define SSL_kFZA		0x00000008L
+#define SSL_kEDH		0x00000010L /* tmp DH key no DH cert */
+#define SSL_EDH			(SSL_kEDH|(SSL_AUTH_MASK^SSL_aNULL))
+
+#define SSL_AUTH_MASK		0x000003e0L
+#define SSL_aRSA		0x00000020L /* Authenticate with RSA */
+#define SSL_aDSS 		0x00000040L /* Authenticate with DSS */
+#define SSL_DSS 		SSL_aDSS
+#define SSL_aFZA 		0x00000080L
+#define SSL_aNULL 		0x00000100L /* no Authenticate, ADH */
+#define SSL_aDH 		0x00000200L /* no Authenticate, ADH */
+
+#define SSL_NULL		(SSL_eNULL)
+#define SSL_ADH			(SSL_kEDH|SSL_aNULL)
+#define SSL_RSA			(SSL_kRSA|SSL_aRSA)
+#define SSL_DH			(SSL_kDHr|SSL_kDHd|SSL_kEDH)
+#define SSL_FZA			(SSL_aFZA|SSL_kFZA|SSL_eFZA)
+
+#define SSL_ENC_MASK		0x0001Fc00L
+#define SSL_DES			0x00000400L
+#define SSL_3DES		0x00000800L
+#define SSL_RC4			0x00001000L
+#define SSL_RC2			0x00002000L
+#define SSL_IDEA		0x00004000L
+#define SSL_eFZA		0x00008000L
+#define SSL_eNULL		0x00010000L
+
+#define SSL_MAC_MASK		0x00060000L
+#define SSL_MD5			0x00020000L
+#define SSL_SHA1		0x00040000L
+#define SSL_SHA			(SSL_SHA1)
+
+#define SSL_EXP_MASK		0x00300000L
+#define SSL_EXP40		0x00100000L
+#define SSL_NOT_EXP		0x00200000L
+#define SSL_EXP56		0x00300000L
+#define SSL_IS_EXPORT(a)	((a)&SSL_EXP40)
+#define SSL_IS_EXPORT56(a)	(((a)&SSL_EXP_MASK) == SSL_EXP56)
+#define SSL_IS_EXPORT40(a)	(((a)&SSL_EXP_MASK) == SSL_EXP40)
+#define SSL_C_IS_EXPORT(c)	SSL_IS_EXPORT((c)->algorithms)
+#define SSL_C_IS_EXPORT56(c)	SSL_IS_EXPORT56((c)->algorithms)
+#define SSL_C_IS_EXPORT40(c)	SSL_IS_EXPORT40((c)->algorithms)
+#define SSL_EXPORT_KEYLENGTH(a)	(SSL_IS_EXPORT40(a) ? 5 : \
+				 ((a)&SSL_ENC_MASK) == SSL_DES ? 8 : 7)
+#define SSL_EXPORT_PKEYLENGTH(a) (SSL_IS_EXPORT40(a) ? 512 : 1024)
+#define SSL_C_EXPORT_KEYLENGTH(c)	SSL_EXPORT_KEYLENGTH((c)->algorithms)
+#define SSL_C_EXPORT_PKEYLENGTH(c)	SSL_EXPORT_PKEYLENGTH((c)->algorithms)
+
+#define SSL_SSL_MASK		0x00c00000L
+#define SSL_SSLV2		0x00400000L
+#define SSL_SSLV3		0x00800000L
+#define SSL_TLSV1		SSL_SSLV3	/* for now */
+
+#define SSL_STRONG_MASK		0x07000000L
+#define SSL_LOW			0x01000000L
+#define SSL_MEDIUM		0x02000000L
+#define SSL_HIGH		0x04000000L
+
+/* we have used 0fffffff - 4 bits left to go */
+#define SSL_ALL			0xffffffffL
+#define SSL_ALL_CIPHERS		(SSL_MKEY_MASK|SSL_AUTH_MASK|SSL_ENC_MASK|\
+				SSL_MAC_MASK|SSL_EXP_MASK)
+
+/* Mostly for SSLv3 */
+#define SSL_PKEY_RSA_ENC	0
+#define SSL_PKEY_RSA_SIGN	1
+#define SSL_PKEY_DSA_SIGN	2
+#define SSL_PKEY_DH_RSA		3
+#define SSL_PKEY_DH_DSA		4
+#define SSL_PKEY_NUM		5
+
+/* SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) |
+ * 	    <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN)
+ * SSL_kDH  <- DH_ENC & (RSA_ENC | RSA_SIGN | DSA_SIGN)
+ * SSL_kEDH <- RSA_ENC | RSA_SIGN | DSA_SIGN
+ * SSL_aRSA <- RSA_ENC | RSA_SIGN
+ * SSL_aDSS <- DSA_SIGN
+ */
+
+/*
+#define CERT_INVALID		0
+#define CERT_PUBLIC_KEY		1
+#define CERT_PRIVATE_KEY	2
+*/
+
+typedef struct cert_pkey_st
+	{
+	X509 *x509;
+	EVP_PKEY *privatekey;
+	} CERT_PKEY;
+
+typedef struct cert_st
+	{
+	/* Current active set */
+	CERT_PKEY *key; /* ALWAYS points to an element of the pkeys array
+					 * Probably it would make more sense to store
+					 * an index, not a pointer. */
+
+	/* The following masks are for the key and auth
+	 * algorithms that are supported by the certs below */
+	int valid;
+	unsigned long mask;
+	unsigned long export_mask;
+#ifndef NO_RSA
+	RSA *rsa_tmp;
+	RSA *(*rsa_tmp_cb)(SSL *ssl,int is_export,int keysize);
+#endif
+#ifndef NO_DH
+	DH *dh_tmp;
+	DH *(*dh_tmp_cb)(SSL *ssl,int is_export,int keysize);
+#endif
+
+	CERT_PKEY pkeys[SSL_PKEY_NUM];
+
+	int references; /* >1 only if SSL_copy_session_id is used */
+	} CERT;
+
+
+typedef struct sess_cert_st
+	{
+	STACK_OF(X509) *cert_chain; /* as received from peer (not for SSL2) */
+
+	/* The 'peer_...' members are used only by clients. */
+	int peer_cert_type;
+
+	CERT_PKEY *peer_key; /* points to an element of peer_pkeys (never NULL!) */
+	CERT_PKEY peer_pkeys[SSL_PKEY_NUM];
+	/* Obviously we don't have the private keys of these,
+	 * so maybe we shouldn't even use the CERT_PKEY type here. */
+
+#ifndef NO_RSA
+	RSA *peer_rsa_tmp; /* not used for SSL 2 */
+#endif
+#ifndef NO_DH
+	DH *peer_dh_tmp; /* not used for SSL 2 */
+#endif
+
+	int references; /* actually always 1 at the moment */
+	} SESS_CERT;
+
+
+/*#define MAC_DEBUG	*/
+
+/*#define ERR_DEBUG	*/
+/*#define ABORT_DEBUG	*/
+/*#define PKT_DEBUG 1   */
+/*#define DES_DEBUG	*/
+/*#define DES_OFB_DEBUG	*/
+/*#define SSL_DEBUG	*/
+/*#define RSA_DEBUG	*/ 
+/*#define IDEA_DEBUG	*/ 
+
+#define FP_ICC  (int (*)(const void *,const void *))
+#define ssl_put_cipher_by_char(ssl,ciph,ptr) \
+		((ssl)->method->put_cipher_by_char((ciph),(ptr)))
+#define ssl_get_cipher_by_char(ssl,ptr) \
+		((ssl)->method->get_cipher_by_char(ptr))
+
+/* This is for the SSLv3/TLSv1.0 differences in crypto/hash stuff
+ * It is a bit of a mess of functions, but hell, think of it as
+ * an opaque strucute :-) */
+typedef struct ssl3_enc_method
+	{
+	int (*enc)();
+	int (*mac)();
+	int (*setup_key_block)();
+	int (*generate_master_secret)();
+	int (*change_cipher_state)();
+	int (*final_finish_mac)();
+	int finish_mac_length;
+	int (*cert_verify_mac)();
+	unsigned char client_finished[20];
+	int client_finished_len;
+	unsigned char server_finished[20];
+	int server_finished_len;
+	int (*alert_value)();
+	} SSL3_ENC_METHOD;
+
+/* Used for holding the relevant compression methods loaded into SSL_CTX */
+typedef struct ssl3_comp_st
+	{
+	int comp_id;	/* The identifer byte for this compression type */
+	char *name;	/* Text name used for the compression type */
+	COMP_METHOD *method; /* The method :-) */
+	} SSL3_COMP;
+
+OPENSSL_EXTERN SSL3_ENC_METHOD ssl3_undef_enc_method;
+OPENSSL_EXTERN SSL_CIPHER ssl2_ciphers[];
+OPENSSL_EXTERN SSL_CIPHER ssl3_ciphers[];
+
+#ifdef VMS
+#undef SSL_COMP_get_compression_methods
+#define SSL_COMP_get_compression_methods SSL_COMP_get_compress_methods
+#endif
+
+
+SSL_METHOD *ssl_bad_method(int ver);
+SSL_METHOD *sslv2_base_method(void);
+SSL_METHOD *sslv23_base_method(void);
+SSL_METHOD *sslv3_base_method(void);
+
+void ssl_clear_cipher_ctx(SSL *s);
+int ssl_clear_bad_session(SSL *s);
+CERT *ssl_cert_new(void);
+CERT *ssl_cert_dup(CERT *cert);
+int ssl_cert_inst(CERT **o);
+void ssl_cert_free(CERT *c);
+SESS_CERT *ssl_sess_cert_new(void);
+void ssl_sess_cert_free(SESS_CERT *sc);
+int ssl_set_peer_cert_type(SESS_CERT *c, int type);
+int ssl_get_new_session(SSL *s, int session);
+int ssl_get_prev_session(SSL *s, unsigned char *session,int len);
+int ssl_cipher_id_cmp(SSL_CIPHER *a,SSL_CIPHER *b);
+int ssl_cipher_ptr_id_cmp(SSL_CIPHER **ap,SSL_CIPHER **bp);
+STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
+					       STACK_OF(SSL_CIPHER) **skp);
+int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p);
+STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_METHOD *meth,
+					     STACK_OF(SSL_CIPHER) **pref,
+					     STACK_OF(SSL_CIPHER) **sorted,
+					     char *str);
+void ssl_update_cache(SSL *s, int mode);
+int ssl_cipher_get_evp(SSL_SESSION *s,const EVP_CIPHER **enc,const EVP_MD **md,
+		       SSL_COMP **comp);
+int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk);
+int ssl_undefined_function(SSL *s);
+X509 *ssl_get_server_send_cert(SSL *);
+EVP_PKEY *ssl_get_sign_pkey(SSL *,SSL_CIPHER *);
+int ssl_cert_type(X509 *x,EVP_PKEY *pkey);
+void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher);
+STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
+int ssl_verify_alarm_type(long type);
+
+int ssl2_enc_init(SSL *s, int client);
+void ssl2_generate_key_material(SSL *s);
+void ssl2_enc(SSL *s,int send_data);
+void ssl2_mac(SSL *s,unsigned char *mac,int send_data);
+SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p);
+int ssl2_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p);
+int ssl2_part_read(SSL *s, unsigned long f, int i);
+int ssl2_do_write(SSL *s);
+int ssl2_set_certificate(SSL *s, int type, int len, unsigned char *data);
+void ssl2_return_error(SSL *s,int reason);
+void ssl2_write_error(SSL *s);
+int ssl2_num_ciphers(void);
+SSL_CIPHER *ssl2_get_cipher(unsigned int u);
+int	ssl2_new(SSL *s);
+void	ssl2_free(SSL *s);
+int	ssl2_accept(SSL *s);
+int	ssl2_connect(SSL *s);
+int	ssl2_read(SSL *s, void *buf, int len);
+int	ssl2_peek(SSL *s, char *buf, int len);
+int	ssl2_write(SSL *s, const void *buf, int len);
+int	ssl2_shutdown(SSL *s);
+void	ssl2_clear(SSL *s);
+long	ssl2_ctrl(SSL *s,int cmd, long larg, char *parg);
+long	ssl2_ctx_ctrl(SSL_CTX *s,int cmd, long larg, char *parg);
+int	ssl2_pending(SSL *s);
+
+SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p);
+int ssl3_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p);
+void ssl3_init_finished_mac(SSL *s);
+int ssl3_send_server_certificate(SSL *s);
+int ssl3_get_finished(SSL *s,int state_a,int state_b);
+int ssl3_setup_key_block(SSL *s);
+int ssl3_send_change_cipher_spec(SSL *s,int state_a,int state_b);
+int ssl3_change_cipher_state(SSL *s,int which);
+void ssl3_cleanup_key_block(SSL *s);
+int ssl3_do_write(SSL *s,int type);
+void ssl3_send_alert(SSL *s,int level, int desc);
+int ssl3_generate_master_secret(SSL *s, unsigned char *out,
+	unsigned char *p, int len);
+int ssl3_get_req_cert_type(SSL *s,unsigned char *p);
+long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);
+int ssl3_send_finished(SSL *s, int a, int b, unsigned char *sender,int slen);
+int ssl3_num_ciphers(void);
+SSL_CIPHER *ssl3_get_cipher(unsigned int u);
+int ssl3_renegotiate(SSL *ssl); 
+int ssl3_renegotiate_check(SSL *ssl); 
+int ssl3_dispatch_alert(SSL *s);
+int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len);
+int ssl3_part_read(SSL *s, int i);
+int ssl3_write_bytes(SSL *s, int type, const void *buf, int len);
+int ssl3_final_finish_mac(SSL *s, EVP_MD_CTX *ctx1,EVP_MD_CTX *ctx2,
+	unsigned char *sender, int slen,unsigned char *p);
+int ssl3_cert_verify_mac(SSL *s, EVP_MD_CTX *in, unsigned char *p);
+void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len);
+int ssl3_enc(SSL *s, int send_data);
+int ssl3_mac(SSL *ssl, unsigned char *md, int send_data);
+unsigned long ssl3_output_cert_chain(SSL *s, X509 *x);
+SSL_CIPHER *ssl3_choose_cipher(SSL *ssl,STACK_OF(SSL_CIPHER) *have,
+			       STACK_OF(SSL_CIPHER) *pref);
+int	ssl3_setup_buffers(SSL *s);
+int	ssl3_new(SSL *s);
+void	ssl3_free(SSL *s);
+int	ssl3_accept(SSL *s);
+int	ssl3_connect(SSL *s);
+int	ssl3_read(SSL *s, void *buf, int len);
+int	ssl3_peek(SSL *s,char *buf, int len);
+int	ssl3_write(SSL *s, const void *buf, int len);
+int	ssl3_shutdown(SSL *s);
+void	ssl3_clear(SSL *s);
+long	ssl3_ctrl(SSL *s,int cmd, long larg, char *parg);
+long	ssl3_ctx_ctrl(SSL_CTX *s,int cmd, long larg, char *parg);
+int	ssl3_pending(SSL *s);
+
+int ssl23_accept(SSL *s);
+int ssl23_connect(SSL *s);
+int ssl23_read_bytes(SSL *s, int n);
+int ssl23_write_bytes(SSL *s);
+
+int tls1_new(SSL *s);
+void tls1_free(SSL *s);
+void tls1_clear(SSL *s);
+long tls1_ctrl(SSL *s,int cmd, long larg, char *parg);
+SSL_METHOD *tlsv1_base_method(void );
+
+int ssl_init_wbio_buffer(SSL *s, int push);
+void ssl_free_wbio_buffer(SSL *s);
+
+int tls1_change_cipher_state(SSL *s, int which);
+int tls1_setup_key_block(SSL *s);
+int tls1_enc(SSL *s, int snd);
+int tls1_final_finish_mac(SSL *s, EVP_MD_CTX *in1_ctx, EVP_MD_CTX *in2_ctx,
+	unsigned char *str, int slen, unsigned char *p);
+int tls1_cert_verify_mac(SSL *s, EVP_MD_CTX *in, unsigned char *p);
+int tls1_mac(SSL *ssl, unsigned char *md, int snd);
+int tls1_generate_master_secret(SSL *s, unsigned char *out,
+	unsigned char *p, int len);
+int tls1_alert_code(int code);
+int ssl3_alert_code(int code);
+int ssl_ok(SSL *s);
+
+SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n);
+STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
+
+
+#endif
diff --git a/crypto/openssl/ssl/ssl_rsa.c b/crypto/openssl/ssl/ssl_rsa.c
new file mode 100644
index 000000000000..6ec7a5cdb195
--- /dev/null
+++ b/crypto/openssl/ssl/ssl_rsa.c
@@ -0,0 +1,815 @@
+/* ssl/ssl_rsa.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include "ssl_locl.h"
+
+static int ssl_set_cert(CERT *c, X509 *x509);
+static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey);
+int SSL_use_certificate(SSL *ssl, X509 *x)
+	{
+	if (x == NULL)
+		{
+		SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER);
+		return(0);
+		}
+	if (!ssl_cert_inst(&ssl->cert))
+		{
+		SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE);
+		return(0);
+		}
+	return(ssl_set_cert(ssl->cert,x));
+	}
+
+#ifndef NO_STDIO
+int SSL_use_certificate_file(SSL *ssl, const char *file, int type)
+	{
+	int j;
+	BIO *in;
+	int ret=0;
+	X509 *x=NULL;
+
+	in=BIO_new(BIO_s_file_internal());
+	if (in == NULL)
+		{
+		SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,ERR_R_BUF_LIB);
+		goto end;
+		}
+
+	if (BIO_read_filename(in,file) <= 0)
+		{
+		SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,ERR_R_SYS_LIB);
+		goto end;
+		}
+	if (type == SSL_FILETYPE_ASN1)
+		{
+		j=ERR_R_ASN1_LIB;
+		x=d2i_X509_bio(in,NULL);
+		}
+	else if (type == SSL_FILETYPE_PEM)
+		{
+		j=ERR_R_PEM_LIB;
+		x=PEM_read_bio_X509(in,NULL,ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata);
+		}
+	else
+		{
+		SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,SSL_R_BAD_SSL_FILETYPE);
+		goto end;
+		}
+
+	if (x == NULL)
+		{
+		SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,j);
+		goto end;
+		}
+
+	ret=SSL_use_certificate(ssl,x);
+end:
+	if (x != NULL) X509_free(x);
+	if (in != NULL) BIO_free(in);
+	return(ret);
+	}
+#endif
+
+int SSL_use_certificate_ASN1(SSL *ssl, unsigned char *d, int len)
+	{
+	X509 *x;
+	int ret;
+
+	x=d2i_X509(NULL,&d,(long)len);
+	if (x == NULL)
+		{
+		SSLerr(SSL_F_SSL_USE_CERTIFICATE_ASN1,ERR_R_ASN1_LIB);
+		return(0);
+		}
+
+	ret=SSL_use_certificate(ssl,x);
+	X509_free(x);
+	return(ret);
+	}
+
+#ifndef NO_RSA
+int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa)
+	{
+	EVP_PKEY *pkey;
+	int ret;
+
+	if (rsa == NULL)
+		{
+		SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
+		return(0);
+		}
+	if (!ssl_cert_inst(&ssl->cert))
+		{
+		SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE);
+		return(0);
+		}
+	if ((pkey=EVP_PKEY_new()) == NULL)
+		{
+		SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB);
+		return(0);
+		}
+
+	CRYPTO_add(&rsa->references,1,CRYPTO_LOCK_RSA);
+	EVP_PKEY_assign_RSA(pkey,rsa);
+
+	ret=ssl_set_pkey(ssl->cert,pkey);
+	EVP_PKEY_free(pkey);
+	return(ret);
+	}
+#endif
+
+static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
+	{
+	int i,ok=0,bad=0;
+
+	i=ssl_cert_type(NULL,pkey);
+	if (i < 0)
+		{
+		SSLerr(SSL_F_SSL_SET_PKEY,SSL_R_UNKNOWN_CERTIFICATE_TYPE);
+		return(0);
+		}
+
+	if (c->pkeys[i].x509 != NULL)
+		{
+		EVP_PKEY *pktmp;
+		pktmp =	X509_get_pubkey(c->pkeys[i].x509);
+		EVP_PKEY_copy_parameters(pktmp,pkey);
+		EVP_PKEY_free(pktmp);
+		ERR_clear_error();
+
+#ifndef NO_RSA
+		/* Don't check the public/private key, this is mostly
+		 * for smart cards. */
+		if ((pkey->type == EVP_PKEY_RSA) &&
+			(RSA_flags(pkey->pkey.rsa) &
+			 RSA_METHOD_FLAG_NO_CHECK))
+			 ok=1;
+		else
+#endif
+			if (!X509_check_private_key(c->pkeys[i].x509,pkey))
+			{
+			if ((i == SSL_PKEY_DH_RSA) || (i == SSL_PKEY_DH_DSA))
+				{
+				i=(i == SSL_PKEY_DH_RSA)?
+					SSL_PKEY_DH_DSA:SSL_PKEY_DH_RSA;
+
+				if (c->pkeys[i].x509 == NULL)
+					ok=1;
+				else
+					{
+					if (!X509_check_private_key(
+						c->pkeys[i].x509,pkey))
+						bad=1;
+					else
+						ok=1;
+					}
+				}
+			else
+				bad=1;
+			}
+		else
+			ok=1;
+		}
+	else
+		ok=1;
+
+	if (bad)
+		{
+		X509_free(c->pkeys[i].x509);
+		c->pkeys[i].x509=NULL;
+		return(0);
+		}
+
+	if (c->pkeys[i].privatekey != NULL)
+		EVP_PKEY_free(c->pkeys[i].privatekey);
+	CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
+	c->pkeys[i].privatekey=pkey;
+	c->key= &(c->pkeys[i]);
+
+	c->valid=0;
+	return(1);
+	}
+
+#ifndef NO_RSA
+#ifndef NO_STDIO
+int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type)
+	{
+	int j,ret=0;
+	BIO *in;
+	RSA *rsa=NULL;
+
+	in=BIO_new(BIO_s_file_internal());
+	if (in == NULL)
+		{
+		SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,ERR_R_BUF_LIB);
+		goto end;
+		}
+
+	if (BIO_read_filename(in,file) <= 0)
+		{
+		SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,ERR_R_SYS_LIB);
+		goto end;
+		}
+	if	(type == SSL_FILETYPE_ASN1)
+		{
+		j=ERR_R_ASN1_LIB;
+		rsa=d2i_RSAPrivateKey_bio(in,NULL);
+		}
+	else if (type == SSL_FILETYPE_PEM)
+		{
+		j=ERR_R_PEM_LIB;
+		rsa=PEM_read_bio_RSAPrivateKey(in,NULL,
+			ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata);
+		}
+	else
+		{
+		SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
+		goto end;
+		}
+	if (rsa == NULL)
+		{
+		SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,j);
+		goto end;
+		}
+	ret=SSL_use_RSAPrivateKey(ssl,rsa);
+	RSA_free(rsa);
+end:
+	if (in != NULL) BIO_free(in);
+	return(ret);
+	}
+#endif
+
+int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len)
+	{
+	int ret;
+	unsigned char *p;
+	RSA *rsa;
+
+	p=d;
+	if ((rsa=d2i_RSAPrivateKey(NULL,&p,(long)len)) == NULL)
+		{
+		SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
+		return(0);
+		}
+
+	ret=SSL_use_RSAPrivateKey(ssl,rsa);
+	RSA_free(rsa);
+	return(ret);
+	}
+#endif /* !NO_RSA */
+
+int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey)
+	{
+	int ret;
+
+	if (pkey == NULL)
+		{
+		SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
+		return(0);
+		}
+	if (!ssl_cert_inst(&ssl->cert))
+		{
+		SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE);
+		return(0);
+		}
+	ret=ssl_set_pkey(ssl->cert,pkey);
+	return(ret);
+	}
+
+#ifndef NO_STDIO
+int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type)
+	{
+	int j,ret=0;
+	BIO *in;
+	EVP_PKEY *pkey=NULL;
+
+	in=BIO_new(BIO_s_file_internal());
+	if (in == NULL)
+		{
+		SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB);
+		goto end;
+		}
+
+	if (BIO_read_filename(in,file) <= 0)
+		{
+		SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB);
+		goto end;
+		}
+	if (type == SSL_FILETYPE_PEM)
+		{
+		j=ERR_R_PEM_LIB;
+		pkey=PEM_read_bio_PrivateKey(in,NULL,
+			ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata);
+		}
+	else
+		{
+		SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
+		goto end;
+		}
+	if (pkey == NULL)
+		{
+		SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,j);
+		goto end;
+		}
+	ret=SSL_use_PrivateKey(ssl,pkey);
+	EVP_PKEY_free(pkey);
+end:
+	if (in != NULL) BIO_free(in);
+	return(ret);
+	}
+#endif
+
+int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, unsigned char *d, long len)
+	{
+	int ret;
+	unsigned char *p;
+	EVP_PKEY *pkey;
+
+	p=d;
+	if ((pkey=d2i_PrivateKey(type,NULL,&p,(long)len)) == NULL)
+		{
+		SSLerr(SSL_F_SSL_USE_PRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
+		return(0);
+		}
+
+	ret=SSL_use_PrivateKey(ssl,pkey);
+	EVP_PKEY_free(pkey);
+	return(ret);
+	}
+
+int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x)
+	{
+	if (x == NULL)
+		{
+		SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER);
+		return(0);
+		}
+	if (!ssl_cert_inst(&ctx->cert))
+		{
+		SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE);
+		return(0);
+		}
+	return(ssl_set_cert(ctx->cert, x));
+	}
+
+static int ssl_set_cert(CERT *c, X509 *x)
+	{
+	EVP_PKEY *pkey;
+	int i,ok=0,bad=0;
+
+	pkey=X509_get_pubkey(x);
+	if (pkey == NULL)
+		{
+		SSLerr(SSL_F_SSL_SET_CERT,SSL_R_X509_LIB);
+		return(0);
+		}
+
+	i=ssl_cert_type(x,pkey);
+	if (i < 0)
+		{
+		SSLerr(SSL_F_SSL_SET_CERT,SSL_R_UNKNOWN_CERTIFICATE_TYPE);
+		EVP_PKEY_free(pkey);
+		return(0);
+		}
+
+	if (c->pkeys[i].privatekey != NULL)
+		{
+		EVP_PKEY_copy_parameters(pkey,c->pkeys[i].privatekey);
+		ERR_clear_error();
+
+#ifndef NO_RSA
+		/* Don't check the public/private key, this is mostly
+		 * for smart cards. */
+		if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) &&
+			(RSA_flags(c->pkeys[i].privatekey->pkey.rsa) &
+			 RSA_METHOD_FLAG_NO_CHECK))
+			 ok=1;
+		else
+#endif
+		{
+		if (!X509_check_private_key(x,c->pkeys[i].privatekey))
+			{
+			if ((i == SSL_PKEY_DH_RSA) || (i == SSL_PKEY_DH_DSA))
+				{
+				i=(i == SSL_PKEY_DH_RSA)?
+					SSL_PKEY_DH_DSA:SSL_PKEY_DH_RSA;
+
+				if (c->pkeys[i].privatekey == NULL)
+					ok=1;
+				else
+					{
+					if (!X509_check_private_key(x,
+						c->pkeys[i].privatekey))
+						bad=1;
+					else
+						ok=1;
+					}
+				}
+			else
+				bad=1;
+			}
+		else
+			ok=1;
+		} /* NO_RSA */
+		}
+	else
+		ok=1;
+
+	EVP_PKEY_free(pkey);
+	if (bad)
+		{
+		EVP_PKEY_free(c->pkeys[i].privatekey);
+		c->pkeys[i].privatekey=NULL;
+		}
+
+	if (c->pkeys[i].x509 != NULL)
+		X509_free(c->pkeys[i].x509);
+	CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
+	c->pkeys[i].x509=x;
+	c->key= &(c->pkeys[i]);
+
+	c->valid=0;
+	return(1);
+	}
+
+#ifndef NO_STDIO
+int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type)
+	{
+	int j;
+	BIO *in;
+	int ret=0;
+	X509 *x=NULL;
+
+	in=BIO_new(BIO_s_file_internal());
+	if (in == NULL)
+		{
+		SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,ERR_R_BUF_LIB);
+		goto end;
+		}
+
+	if (BIO_read_filename(in,file) <= 0)
+		{
+		SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,ERR_R_SYS_LIB);
+		goto end;
+		}
+	if (type == SSL_FILETYPE_ASN1)
+		{
+		j=ERR_R_ASN1_LIB;
+		x=d2i_X509_bio(in,NULL);
+		}
+	else if (type == SSL_FILETYPE_PEM)
+		{
+		j=ERR_R_PEM_LIB;
+		x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
+		}
+	else
+		{
+		SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,SSL_R_BAD_SSL_FILETYPE);
+		goto end;
+		}
+
+	if (x == NULL)
+		{
+		SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,j);
+		goto end;
+		}
+
+	ret=SSL_CTX_use_certificate(ctx,x);
+end:
+	if (x != NULL) X509_free(x);
+	if (in != NULL) BIO_free(in);
+	return(ret);
+	}
+#endif
+
+int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d)
+	{
+	X509 *x;
+	int ret;
+
+	x=d2i_X509(NULL,&d,(long)len);
+	if (x == NULL)
+		{
+		SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1,ERR_R_ASN1_LIB);
+		return(0);
+		}
+
+	ret=SSL_CTX_use_certificate(ctx,x);
+	X509_free(x);
+	return(ret);
+	}
+
+#ifndef NO_RSA
+int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa)
+	{
+	int ret;
+	EVP_PKEY *pkey;
+
+	if (rsa == NULL)
+		{
+		SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
+		return(0);
+		}
+	if (!ssl_cert_inst(&ctx->cert))
+		{
+		SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE);
+		return(0);
+		}
+	if ((pkey=EVP_PKEY_new()) == NULL)
+		{
+		SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB);
+		return(0);
+		}
+
+	CRYPTO_add(&rsa->references,1,CRYPTO_LOCK_RSA);
+	EVP_PKEY_assign_RSA(pkey,rsa);
+
+	ret=ssl_set_pkey(ctx->cert, pkey);
+	EVP_PKEY_free(pkey);
+	return(ret);
+	}
+
+#ifndef NO_STDIO
+int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type)
+	{
+	int j,ret=0;
+	BIO *in;
+	RSA *rsa=NULL;
+
+	in=BIO_new(BIO_s_file_internal());
+	if (in == NULL)
+		{
+		SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,ERR_R_BUF_LIB);
+		goto end;
+		}
+
+	if (BIO_read_filename(in,file) <= 0)
+		{
+		SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,ERR_R_SYS_LIB);
+		goto end;
+		}
+	if	(type == SSL_FILETYPE_ASN1)
+		{
+		j=ERR_R_ASN1_LIB;
+		rsa=d2i_RSAPrivateKey_bio(in,NULL);
+		}
+	else if (type == SSL_FILETYPE_PEM)
+		{
+		j=ERR_R_PEM_LIB;
+		rsa=PEM_read_bio_RSAPrivateKey(in,NULL,
+			ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
+		}
+	else
+		{
+		SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
+		goto end;
+		}
+	if (rsa == NULL)
+		{
+		SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,j);
+		goto end;
+		}
+	ret=SSL_CTX_use_RSAPrivateKey(ctx,rsa);
+	RSA_free(rsa);
+end:
+	if (in != NULL) BIO_free(in);
+	return(ret);
+	}
+#endif
+
+int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len)
+	{
+	int ret;
+	unsigned char *p;
+	RSA *rsa;
+
+	p=d;
+	if ((rsa=d2i_RSAPrivateKey(NULL,&p,(long)len)) == NULL)
+		{
+		SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
+		return(0);
+		}
+
+	ret=SSL_CTX_use_RSAPrivateKey(ctx,rsa);
+	RSA_free(rsa);
+	return(ret);
+	}
+#endif /* !NO_RSA */
+
+int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey)
+	{
+	if (pkey == NULL)
+		{
+		SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
+		return(0);
+		}
+	if (!ssl_cert_inst(&ctx->cert))
+		{
+		SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE);
+		return(0);
+		}
+	return(ssl_set_pkey(ctx->cert,pkey));
+	}
+
+#ifndef NO_STDIO
+int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type)
+	{
+	int j,ret=0;
+	BIO *in;
+	EVP_PKEY *pkey=NULL;
+
+	in=BIO_new(BIO_s_file_internal());
+	if (in == NULL)
+		{
+		SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB);
+		goto end;
+		}
+
+	if (BIO_read_filename(in,file) <= 0)
+		{
+		SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB);
+		goto end;
+		}
+	if (type == SSL_FILETYPE_PEM)
+		{
+		j=ERR_R_PEM_LIB;
+		pkey=PEM_read_bio_PrivateKey(in,NULL,
+			ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
+		}
+	else
+		{
+		SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
+		goto end;
+		}
+	if (pkey == NULL)
+		{
+		SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,j);
+		goto end;
+		}
+	ret=SSL_CTX_use_PrivateKey(ctx,pkey);
+	EVP_PKEY_free(pkey);
+end:
+	if (in != NULL) BIO_free(in);
+	return(ret);
+	}
+#endif
+
+int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, unsigned char *d,
+	     long len)
+	{
+	int ret;
+	unsigned char *p;
+	EVP_PKEY *pkey;
+
+	p=d;
+	if ((pkey=d2i_PrivateKey(type,NULL,&p,(long)len)) == NULL)
+		{
+		SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
+		return(0);
+		}
+
+	ret=SSL_CTX_use_PrivateKey(ctx,pkey);
+	EVP_PKEY_free(pkey);
+	return(ret);
+	}
+
+
+#ifndef NO_STDIO
+/* Read a file that contains our certificate in "PEM" format,
+ * possibly followed by a sequence of CA certificates that should be
+ * sent to the peer in the Certificate message.
+ */
+int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
+	{
+	BIO *in;
+	int ret=0;
+	X509 *x=NULL;
+
+	in=BIO_new(BIO_s_file_internal());
+	if (in == NULL)
+		{
+		SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_BUF_LIB);
+		goto end;
+		}
+
+	if (BIO_read_filename(in,file) <= 0)
+		{
+		SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_SYS_LIB);
+		goto end;
+		}
+
+	x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
+	if (x == NULL)
+		{
+		SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_PEM_LIB);
+		goto end;
+		}
+
+	ret=SSL_CTX_use_certificate(ctx,x);
+	if (ERR_peek_error() != 0)
+		ret = 0;  /* Key/certificate mismatch doesn't imply ret==0 ... */
+	if (ret)
+		{
+		/* If we could set up our certificate, now proceed to
+		 * the CA certificates.
+		 */
+		X509 *ca;
+		int r;
+		unsigned long err;
+		
+		if (ctx->extra_certs != NULL) 
+			{
+			sk_X509_pop_free(ctx->extra_certs, X509_free);
+			ctx->extra_certs = NULL;
+			}
+
+		while ((ca = PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata))
+			!= NULL)
+			{
+			r = SSL_CTX_add_extra_chain_cert(ctx, ca);
+			if (!r) 
+				{
+				X509_free(ca);
+				ret = 0;
+				goto end;
+				}
+			/* Note that we must not free r if it was successfully
+			 * added to the chain (while we must free the main
+			 * certificate, since its reference count is increased
+			 * by SSL_CTX_use_certificate). */
+			}
+		/* When the while loop ends, it's usually just EOF. */
+		err = ERR_peek_error();
+		if (ERR_GET_LIB(err) == ERR_LIB_PEM && ERR_GET_REASON(err) == PEM_R_NO_START_LINE)
+			(void) ERR_get_error();
+		else 
+			ret = 0; /* some real error */
+		}
+
+end:
+	if (x != NULL) X509_free(x);
+	if (in != NULL) BIO_free(in);
+	return(ret);
+	}
+#endif
diff --git a/crypto/openssl/ssl/ssl_sess.c b/crypto/openssl/ssl/ssl_sess.c
new file mode 100644
index 000000000000..681499f08aa6
--- /dev/null
+++ b/crypto/openssl/ssl/ssl_sess.c
@@ -0,0 +1,637 @@
+/* ssl/ssl_sess.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+#include "ssl_locl.h"
+
+static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
+static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s);
+static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck);
+static int ssl_session_num=0;
+static STACK *ssl_session_meth=NULL;
+
+SSL_SESSION *SSL_get_session(SSL *ssl)
+	{
+	return(ssl->session);
+	}
+
+int SSL_SESSION_get_ex_new_index(long argl, char *argp, int (*new_func)(),
+	     int (*dup_func)(), void (*free_func)())
+	{
+	ssl_session_num++;
+	return(CRYPTO_get_ex_new_index(ssl_session_num-1,
+		&ssl_session_meth,
+		argl,argp,new_func,dup_func,free_func));
+	}
+
+int SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, void *arg)
+	{
+	return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));
+	}
+
+void *SSL_SESSION_get_ex_data(SSL_SESSION *s, int idx)
+	{
+	return(CRYPTO_get_ex_data(&s->ex_data,idx));
+	}
+
+SSL_SESSION *SSL_SESSION_new(void)
+	{
+	SSL_SESSION *ss;
+
+	ss=(SSL_SESSION *)Malloc(sizeof(SSL_SESSION));
+	if (ss == NULL)
+		{
+		SSLerr(SSL_F_SSL_SESSION_NEW,ERR_R_MALLOC_FAILURE);
+		return(0);
+		}
+	memset(ss,0,sizeof(SSL_SESSION));
+
+	ss->references=1;
+	ss->timeout=60*5+4; /* 5 minute timeout by default */
+	ss->time=time(NULL);
+	ss->prev=NULL;
+	ss->next=NULL;
+	ss->compress_meth=0;
+	CRYPTO_new_ex_data(ssl_session_meth,(char *)ss,&ss->ex_data);
+	return(ss);
+	}
+
+int ssl_get_new_session(SSL *s, int session)
+	{
+	/* This gets used by clients and servers. */
+
+	SSL_SESSION *ss=NULL;
+
+	if ((ss=SSL_SESSION_new()) == NULL) return(0);
+
+	/* If the context has a default timeout, use it */
+	if (s->ctx->session_timeout == 0)
+		ss->timeout=SSL_get_default_timeout(s);
+	else
+		ss->timeout=s->ctx->session_timeout;
+
+	if (s->session != NULL)
+		{
+		SSL_SESSION_free(s->session);
+		s->session=NULL;
+		}
+
+	if (session)
+		{
+		if (s->version == SSL2_VERSION)
+			{
+			ss->ssl_version=SSL2_VERSION;
+			ss->session_id_length=SSL2_SSL_SESSION_ID_LENGTH;
+			}
+		else if (s->version == SSL3_VERSION)
+			{
+			ss->ssl_version=SSL3_VERSION;
+			ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
+			}
+		else if (s->version == TLS1_VERSION)
+			{
+			ss->ssl_version=TLS1_VERSION;
+			ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
+			}
+		else
+			{
+			SSLerr(SSL_F_SSL_GET_NEW_SESSION,SSL_R_UNSUPPORTED_SSL_VERSION);
+			SSL_SESSION_free(ss);
+			return(0);
+			}
+
+		for (;;)
+			{
+			SSL_SESSION *r;
+
+			RAND_bytes(ss->session_id,ss->session_id_length);
+			CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
+			r=(SSL_SESSION *)lh_retrieve(s->ctx->sessions,
+				(char *)ss);
+			CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
+			if (r == NULL) break;
+			/* else - woops a session_id match */
+			/* XXX should also check external cache!
+			 * (But the probability of a collision is negligible, anyway...) */
+			}
+		}
+	else
+		{
+		ss->session_id_length=0;
+		}
+
+	memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length);
+	ss->sid_ctx_length=s->sid_ctx_length;
+	s->session=ss;
+	ss->ssl_version=s->version;
+
+	return(1);
+	}
+
+int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len)
+	{
+	/* This is used only by servers. */
+
+	SSL_SESSION *ret=NULL,data;
+	int fatal = 0;
+
+	/* conn_init();*/
+	data.ssl_version=s->version;
+	data.session_id_length=len;
+	if (len > SSL_MAX_SSL_SESSION_ID_LENGTH)
+		goto err;
+	memcpy(data.session_id,session_id,len);
+
+	if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP))
+		{
+		CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
+		ret=(SSL_SESSION *)lh_retrieve(s->ctx->sessions,(char *)&data);
+		if (ret != NULL)
+		    /* don't allow other threads to steal it: */
+		    CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);
+		CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
+		}
+
+	if (ret == NULL)
+		{
+		int copy=1;
+	
+		s->ctx->stats.sess_miss++;
+		ret=NULL;
+		if (s->ctx->get_session_cb != NULL
+		    && (ret=s->ctx->get_session_cb(s,session_id,len,©))
+		       != NULL)
+			{
+			s->ctx->stats.sess_cb_hit++;
+
+			/* Increment reference count now if the session callback
+			 * asks us to do so (note that if the session structures
+			 * returned by the callback are shared between threads,
+			 * it must handle the reference count itself [i.e. copy == 0],
+			 * or things won't be thread-safe). */
+			if (copy)
+				CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);
+
+			/* The following should not return 1, otherwise,
+			 * things are very strange */
+			SSL_CTX_add_session(s->ctx,ret);
+			}
+		if (ret == NULL)
+			goto err;
+		}
+
+	/* Now ret is non-NULL, and we own one of its reference counts. */
+
+	if((s->verify_mode&SSL_VERIFY_PEER)
+	   && (!s->sid_ctx_length || ret->sid_ctx_length != s->sid_ctx_length
+	       || memcmp(ret->sid_ctx,s->sid_ctx,ret->sid_ctx_length)))
+	    {
+		/* We've found the session named by the client, but we don't
+		 * want to use it in this context. */
+		
+		if (s->sid_ctx_length == 0)
+			{
+			/* application should have used SSL[_CTX]_set_session_id_context
+			 * -- we could tolerate this and just pretend we never heard
+			 * of this session, but then applications could effectively
+			 * disable the session cache by accident without anyone noticing */
+
+			SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED);
+			fatal = 1;
+			goto err;
+			}
+		else
+			{
+#if 0 /* The client cannot always know when a session is not appropriate,
+	   * so we shouldn't generate an error message. */
+
+			SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
+#endif
+			goto err; /* treat like cache miss */
+			}
+		}
+
+	if (ret->cipher == NULL)
+		{
+		unsigned char buf[5],*p;
+		unsigned long l;
+
+		p=buf;
+		l=ret->cipher_id;
+		l2n(l,p);
+		if ((ret->ssl_version>>8) == SSL3_VERSION_MAJOR)
+			ret->cipher=ssl_get_cipher_by_char(s,&(buf[2]));
+		else 
+			ret->cipher=ssl_get_cipher_by_char(s,&(buf[1]));
+		if (ret->cipher == NULL)
+			goto err;
+		}
+
+
+#if 0 /* This is way too late. */
+
+	/* If a thread got the session, then 'swaped', and another got
+	 * it and then due to a time-out decided to 'Free' it we could
+	 * be in trouble.  So I'll increment it now, then double decrement
+	 * later - am I speaking rubbish?. */
+	CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);
+#endif
+
+	if ((long)(ret->time+ret->timeout) < (long)time(NULL)) /* timeout */
+		{
+		s->ctx->stats.sess_timeout++;
+		/* remove it from the cache */
+		SSL_CTX_remove_session(s->ctx,ret);
+		goto err;
+		}
+
+	s->ctx->stats.sess_hit++;
+
+	/* ret->time=time(NULL); */ /* rezero timeout? */
+	/* again, just leave the session 
+	 * if it is the same session, we have just incremented and
+	 * then decremented the reference count :-) */
+	if (s->session != NULL)
+		SSL_SESSION_free(s->session);
+	s->session=ret;
+	return(1);
+
+ err:
+	if (ret != NULL)
+		SSL_SESSION_free(ret);
+	if (fatal)
+		return -1;
+	else
+		return 0;
+	}
+
+int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c)
+	{
+	int ret=0;
+	SSL_SESSION *s;
+
+	/* conn_init(); */
+	CRYPTO_add(&c->references,1,CRYPTO_LOCK_SSL_SESSION);
+
+	CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
+	s=(SSL_SESSION *)lh_insert(ctx->sessions,(char *)c);
+	
+	/* Put on the end of the queue unless it is already in the cache */
+	if (s == NULL)
+		SSL_SESSION_list_add(ctx,c);
+
+	/* If the same session if is being 're-added', Free the old
+	 * one when the last person stops using it.
+	 * This will also work if it is alread in the cache.
+	 * The references will go up and then down :-) */
+	if (s != NULL)
+		{
+		SSL_SESSION_free(s);
+		ret=0;
+		}
+	else
+		{
+		ret=1;
+
+		if (SSL_CTX_sess_get_cache_size(ctx) > 0)
+			{
+			while (SSL_CTX_sess_number(ctx) >
+				SSL_CTX_sess_get_cache_size(ctx))
+				{
+				if (!remove_session_lock(ctx,
+					ctx->session_cache_tail, 0))
+					break;
+				else
+					ctx->stats.sess_cache_full++;
+				}
+			}
+		}
+	CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
+	return(ret);
+	}
+
+int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c)
+{
+	return remove_session_lock(ctx, c, 1);
+}
+
+static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck)
+	{
+	SSL_SESSION *r;
+	int ret=0;
+
+	if ((c != NULL) && (c->session_id_length != 0))
+		{
+		if(lck) CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
+		r=(SSL_SESSION *)lh_delete(ctx->sessions,(char *)c);
+		if (r != NULL)
+			{
+			ret=1;
+			SSL_SESSION_list_remove(ctx,c);
+			}
+
+		if(lck) CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
+
+		if (ret)
+			{
+			r->not_resumable=1;
+			if (ctx->remove_session_cb != NULL)
+				ctx->remove_session_cb(ctx,r);
+			SSL_SESSION_free(r);
+			}
+		}
+	else
+		ret=0;
+	return(ret);
+	}
+
+void SSL_SESSION_free(SSL_SESSION *ss)
+	{
+	int i;
+
+	if(ss == NULL)
+	    return;
+
+	i=CRYPTO_add(&ss->references,-1,CRYPTO_LOCK_SSL_SESSION);
+#ifdef REF_PRINT
+	REF_PRINT("SSL_SESSION",ss);
+#endif
+	if (i > 0) return;
+#ifdef REF_CHECK
+	if (i < 0)
+		{
+		fprintf(stderr,"SSL_SESSION_free, bad reference count\n");
+		abort(); /* ok */
+		}
+#endif
+
+	CRYPTO_free_ex_data(ssl_session_meth,(char *)ss,&ss->ex_data);
+
+	memset(ss->key_arg,0,SSL_MAX_KEY_ARG_LENGTH);
+	memset(ss->master_key,0,SSL_MAX_MASTER_KEY_LENGTH);
+	memset(ss->session_id,0,SSL_MAX_SSL_SESSION_ID_LENGTH);
+	if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert);
+	if (ss->peer != NULL) X509_free(ss->peer);
+	if (ss->ciphers != NULL) sk_SSL_CIPHER_free(ss->ciphers);
+	memset(ss,0,sizeof(*ss));
+	Free(ss);
+	}
+
+int SSL_set_session(SSL *s, SSL_SESSION *session)
+	{
+	int ret=0;
+	SSL_METHOD *meth;
+
+	if (session != NULL)
+		{
+		meth=s->ctx->method->get_ssl_method(session->ssl_version);
+		if (meth == NULL)
+			meth=s->method->get_ssl_method(session->ssl_version);
+		if (meth == NULL)
+			{
+			SSLerr(SSL_F_SSL_SET_SESSION,SSL_R_UNABLE_TO_FIND_SSL_METHOD);
+			return(0);
+			}
+
+		if (meth != s->method)
+			{
+			if (!SSL_set_ssl_method(s,meth))
+				return(0);
+			if (s->ctx->session_timeout == 0)
+				session->timeout=SSL_get_default_timeout(s);
+			else
+				session->timeout=s->ctx->session_timeout;
+			}
+
+		/* CRYPTO_w_lock(CRYPTO_LOCK_SSL);*/
+		CRYPTO_add(&session->references,1,CRYPTO_LOCK_SSL_SESSION);
+		if (s->session != NULL)
+			SSL_SESSION_free(s->session);
+		s->session=session;
+		/* CRYPTO_w_unlock(CRYPTO_LOCK_SSL);*/
+		ret=1;
+		}
+	else
+		{
+		if (s->session != NULL)
+			{
+			SSL_SESSION_free(s->session);
+			s->session=NULL;
+			}
+
+		meth=s->ctx->method;
+		if (meth != s->method)
+			{
+			if (!SSL_set_ssl_method(s,meth))
+				return(0);
+			}
+		ret=1;
+		}
+	return(ret);
+	}
+
+long SSL_SESSION_set_timeout(SSL_SESSION *s, long t)
+	{
+	if (s == NULL) return(0);
+	s->timeout=t;
+	return(1);
+	}
+
+long SSL_SESSION_get_timeout(SSL_SESSION *s)
+	{
+	if (s == NULL) return(0);
+	return(s->timeout);
+	}
+
+long SSL_SESSION_get_time(SSL_SESSION *s)
+	{
+	if (s == NULL) return(0);
+	return(s->time);
+	}
+
+long SSL_SESSION_set_time(SSL_SESSION *s, long t)
+	{
+	if (s == NULL) return(0);
+	s->time=t;
+	return(t);
+	}
+
+long SSL_CTX_set_timeout(SSL_CTX *s, long t)
+	{
+	long l;
+	if (s == NULL) return(0);
+	l=s->session_timeout;
+	s->session_timeout=t;
+	return(l);
+	}
+
+long SSL_CTX_get_timeout(SSL_CTX *s)
+	{
+	if (s == NULL) return(0);
+	return(s->session_timeout);
+	}
+
+typedef struct timeout_param_st
+	{
+	SSL_CTX *ctx;
+	long time;
+	LHASH *cache;
+	} TIMEOUT_PARAM;
+
+static void timeout(SSL_SESSION *s, TIMEOUT_PARAM *p)
+	{
+	if ((p->time == 0) || (p->time > (s->time+s->timeout))) /* timeout */
+		{
+		/* The reason we don't call SSL_CTX_remove_session() is to
+		 * save on locking overhead */
+		lh_delete(p->cache,(char *)s);
+		SSL_SESSION_list_remove(p->ctx,s);
+		s->not_resumable=1;
+		if (p->ctx->remove_session_cb != NULL)
+			p->ctx->remove_session_cb(p->ctx,s);
+		SSL_SESSION_free(s);
+		}
+	}
+
+void SSL_CTX_flush_sessions(SSL_CTX *s, long t)
+	{
+	unsigned long i;
+	TIMEOUT_PARAM tp;
+
+	tp.ctx=s;
+	tp.cache=s->sessions;
+	if (tp.cache == NULL) return;
+	tp.time=t;
+	CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
+	i=tp.cache->down_load;
+	tp.cache->down_load=0;
+	lh_doall_arg(tp.cache,(void (*)())timeout,(char *)&tp);
+	tp.cache->down_load=i;
+	CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
+	}
+
+int ssl_clear_bad_session(SSL *s)
+	{
+	if (	(s->session != NULL) &&
+		!(s->shutdown & SSL_SENT_SHUTDOWN) &&
+		!(SSL_in_init(s) || SSL_in_before(s)))
+		{
+		SSL_CTX_remove_session(s->ctx,s->session);
+		return(1);
+		}
+	else
+		return(0);
+	}
+
+/* locked by SSL_CTX in the calling function */
+static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s)
+	{
+	if ((s->next == NULL) || (s->prev == NULL)) return;
+
+	if (s->next == (SSL_SESSION *)&(ctx->session_cache_tail))
+		{ /* last element in list */
+		if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head))
+			{ /* only one element in list */
+			ctx->session_cache_head=NULL;
+			ctx->session_cache_tail=NULL;
+			}
+		else
+			{
+			ctx->session_cache_tail=s->prev;
+			s->prev->next=(SSL_SESSION *)&(ctx->session_cache_tail);
+			}
+		}
+	else
+		{
+		if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head))
+			{ /* first element in list */
+			ctx->session_cache_head=s->next;
+			s->next->prev=(SSL_SESSION *)&(ctx->session_cache_head);
+			}
+		else
+			{ /* middle of list */
+			s->next->prev=s->prev;
+			s->prev->next=s->next;
+			}
+		}
+	s->prev=s->next=NULL;
+	}
+
+static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s)
+	{
+	if ((s->next != NULL) && (s->prev != NULL))
+		SSL_SESSION_list_remove(ctx,s);
+
+	if (ctx->session_cache_head == NULL)
+		{
+		ctx->session_cache_head=s;
+		ctx->session_cache_tail=s;
+		s->prev=(SSL_SESSION *)&(ctx->session_cache_head);
+		s->next=(SSL_SESSION *)&(ctx->session_cache_tail);
+		}
+	else
+		{
+		s->next=ctx->session_cache_head;
+		s->next->prev=s;
+		s->prev=(SSL_SESSION *)&(ctx->session_cache_head);
+		ctx->session_cache_head=s;
+		}
+	}
+
diff --git a/crypto/openssl/ssl/ssl_stat.c b/crypto/openssl/ssl/ssl_stat.c
new file mode 100644
index 000000000000..3eca4ee6017a
--- /dev/null
+++ b/crypto/openssl/ssl/ssl_stat.c
@@ -0,0 +1,454 @@
+/* ssl/ssl_stat.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include "ssl_locl.h"
+
+char *SSL_state_string_long(SSL *s)
+	{
+	char *str;
+
+	switch (s->state)
+		{
+case SSL_ST_BEFORE: str="before SSL initialization"; break;
+case SSL_ST_ACCEPT: str="before accept initialization"; break;
+case SSL_ST_CONNECT: str="before connect initialization"; break;
+case SSL_ST_OK: str="SSL negotiation finished successfully"; break;
+case SSL_ST_RENEGOTIATE:	str="SSL renegotiate ciphers"; break;
+case SSL_ST_BEFORE|SSL_ST_CONNECT: str="before/connect initialization"; break;
+case SSL_ST_OK|SSL_ST_CONNECT: str="ok/connect SSL initialization"; break;
+case SSL_ST_BEFORE|SSL_ST_ACCEPT: str="before/accept initialization"; break;
+case SSL_ST_OK|SSL_ST_ACCEPT: str="ok/accept SSL initialization"; break;
+#ifndef NO_SSL2
+case SSL2_ST_CLIENT_START_ENCRYPTION: str="SSLv2 client start encryption"; break;
+case SSL2_ST_SERVER_START_ENCRYPTION: str="SSLv2 server start encryption"; break;
+case SSL2_ST_SEND_CLIENT_HELLO_A: str="SSLv2 write client hello A"; break;
+case SSL2_ST_SEND_CLIENT_HELLO_B: str="SSLv2 write client hello B"; break;
+case SSL2_ST_GET_SERVER_HELLO_A: str="SSLv2 read server hello A"; break;
+case SSL2_ST_GET_SERVER_HELLO_B: str="SSLv2 read server hello B"; break;
+case SSL2_ST_SEND_CLIENT_MASTER_KEY_A: str="SSLv2 write client master key A"; break;
+case SSL2_ST_SEND_CLIENT_MASTER_KEY_B: str="SSLv2 write client master key B"; break;
+case SSL2_ST_SEND_CLIENT_FINISHED_A: str="SSLv2 write client finished A"; break;
+case SSL2_ST_SEND_CLIENT_FINISHED_B: str="SSLv2 write client finished B"; break;
+case SSL2_ST_SEND_CLIENT_CERTIFICATE_A: str="SSLv2 write client certificate A"; break;
+case SSL2_ST_SEND_CLIENT_CERTIFICATE_B: str="SSLv2 write client certificate B"; break;
+case SSL2_ST_SEND_CLIENT_CERTIFICATE_C: str="SSLv2 write client certificate C"; break;
+case SSL2_ST_SEND_CLIENT_CERTIFICATE_D: str="SSLv2 write client certificate D"; break;
+case SSL2_ST_GET_SERVER_VERIFY_A: str="SSLv2 read server verify A"; break;
+case SSL2_ST_GET_SERVER_VERIFY_B: str="SSLv2 read server verify B"; break;
+case SSL2_ST_GET_SERVER_FINISHED_A: str="SSLv2 read server finished A"; break;
+case SSL2_ST_GET_SERVER_FINISHED_B: str="SSLv2 read server finished B"; break;
+case SSL2_ST_GET_CLIENT_HELLO_A: str="SSLv2 read client hello A"; break;
+case SSL2_ST_GET_CLIENT_HELLO_B: str="SSLv2 read client hello B"; break;
+case SSL2_ST_GET_CLIENT_HELLO_C: str="SSLv2 read client hello C"; break;
+case SSL2_ST_SEND_SERVER_HELLO_A: str="SSLv2 write server hello A"; break;
+case SSL2_ST_SEND_SERVER_HELLO_B: str="SSLv2 write server hello B"; break;
+case SSL2_ST_GET_CLIENT_MASTER_KEY_A: str="SSLv2 read client master key A"; break;
+case SSL2_ST_GET_CLIENT_MASTER_KEY_B: str="SSLv2 read client master key B"; break;
+case SSL2_ST_SEND_SERVER_VERIFY_A: str="SSLv2 write server verify A"; break;
+case SSL2_ST_SEND_SERVER_VERIFY_B: str="SSLv2 write server verify B"; break;
+case SSL2_ST_SEND_SERVER_VERIFY_C: str="SSLv2 write server verify C"; break;
+case SSL2_ST_GET_CLIENT_FINISHED_A: str="SSLv2 read client finished A"; break;
+case SSL2_ST_GET_CLIENT_FINISHED_B: str="SSLv2 read client finished B"; break;
+case SSL2_ST_SEND_SERVER_FINISHED_A: str="SSLv2 write server finished A"; break;
+case SSL2_ST_SEND_SERVER_FINISHED_B: str="SSLv2 write server finished B"; break;
+case SSL2_ST_SEND_REQUEST_CERTIFICATE_A: str="SSLv2 write request certificate A"; break;
+case SSL2_ST_SEND_REQUEST_CERTIFICATE_B: str="SSLv2 write request certificate B"; break;
+case SSL2_ST_SEND_REQUEST_CERTIFICATE_C: str="SSLv2 write request certificate C"; break;
+case SSL2_ST_SEND_REQUEST_CERTIFICATE_D: str="SSLv2 write request certificate D"; break;
+case SSL2_ST_X509_GET_SERVER_CERTIFICATE: str="SSLv2 X509 read server certificate"; break;
+case SSL2_ST_X509_GET_CLIENT_CERTIFICATE: str="SSLv2 X509 read client certificate"; break;
+#endif
+
+#ifndef NO_SSL3
+/* SSLv3 additions */
+case SSL3_ST_CW_CLNT_HELLO_A:	str="SSLv3 write client hello A"; break;
+case SSL3_ST_CW_CLNT_HELLO_B:	str="SSLv3 write client hello B"; break;
+case SSL3_ST_CR_SRVR_HELLO_A:	str="SSLv3 read server hello A"; break;
+case SSL3_ST_CR_SRVR_HELLO_B:	str="SSLv3 read server hello B"; break;
+case SSL3_ST_CR_CERT_A:		str="SSLv3 read server certificate A"; break;
+case SSL3_ST_CR_CERT_B:		str="SSLv3 read server certificate B"; break;
+case SSL3_ST_CR_KEY_EXCH_A:	str="SSLv3 read server key exchange A"; break;
+case SSL3_ST_CR_KEY_EXCH_B:	str="SSLv3 read server key exchange B"; break;
+case SSL3_ST_CR_CERT_REQ_A:	str="SSLv3 read server certificate request A"; break;
+case SSL3_ST_CR_CERT_REQ_B:	str="SSLv3 read server certificate request B"; break;
+case SSL3_ST_CR_SRVR_DONE_A:	str="SSLv3 read server done A"; break;
+case SSL3_ST_CR_SRVR_DONE_B:	str="SSLv3 read server done B"; break;
+case SSL3_ST_CW_CERT_A:		str="SSLv3 write client certificate A"; break;
+case SSL3_ST_CW_CERT_B:		str="SSLv3 write client certificate B"; break;
+case SSL3_ST_CW_CERT_C:		str="SSLv3 write client certificate C"; break;
+case SSL3_ST_CW_CERT_D:		str="SSLv3 write client certificate D"; break;
+case SSL3_ST_CW_KEY_EXCH_A:	str="SSLv3 write client key exchange A"; break;
+case SSL3_ST_CW_KEY_EXCH_B:	str="SSLv3 write client key exchange B"; break;
+case SSL3_ST_CW_CERT_VRFY_A:	str="SSLv3 write certificate verify A"; break;
+case SSL3_ST_CW_CERT_VRFY_B:	str="SSLv3 write certificate verify A"; break;
+
+case SSL3_ST_CW_CHANGE_A:
+case SSL3_ST_SW_CHANGE_A:	str="SSLv3 write change cipher spec A"; break;
+case SSL3_ST_CW_CHANGE_B:	
+case SSL3_ST_SW_CHANGE_B:	str="SSLv3 write change cipher spec B"; break;
+case SSL3_ST_CW_FINISHED_A:	
+case SSL3_ST_SW_FINISHED_A:	str="SSLv3 write finished A"; break;
+case SSL3_ST_CW_FINISHED_B:	
+case SSL3_ST_SW_FINISHED_B:	str="SSLv3 write finished A"; break;
+case SSL3_ST_CR_CHANGE_A:	
+case SSL3_ST_SR_CHANGE_A:	str="SSLv3 read change cipher spec A"; break;
+case SSL3_ST_CR_CHANGE_B:	
+case SSL3_ST_SR_CHANGE_B:	str="SSLv3 read change cipher spec B"; break;
+case SSL3_ST_CR_FINISHED_A:	
+case SSL3_ST_SR_FINISHED_A:	str="SSLv3 read finished A"; break;
+case SSL3_ST_CR_FINISHED_B:	
+case SSL3_ST_SR_FINISHED_B:	str="SSLv3 read finished B"; break;
+
+case SSL3_ST_CW_FLUSH:
+case SSL3_ST_SW_FLUSH:		str="SSLv3 flush data"; break;
+
+case SSL3_ST_SR_CLNT_HELLO_A:	str="SSLv3 read client hello A"; break;
+case SSL3_ST_SR_CLNT_HELLO_B:	str="SSLv3 read client hello B"; break;
+case SSL3_ST_SR_CLNT_HELLO_C:	str="SSLv3 read client hello C"; break;
+case SSL3_ST_SW_HELLO_REQ_A:	str="SSLv3 write hello request A"; break;
+case SSL3_ST_SW_HELLO_REQ_B:	str="SSLv3 write hello request B"; break;
+case SSL3_ST_SW_HELLO_REQ_C:	str="SSLv3 write hello request C"; break;
+case SSL3_ST_SW_SRVR_HELLO_A:	str="SSLv3 write server hello A"; break;
+case SSL3_ST_SW_SRVR_HELLO_B:	str="SSLv3 write server hello B"; break;
+case SSL3_ST_SW_CERT_A:		str="SSLv3 write certificate A"; break;
+case SSL3_ST_SW_CERT_B:		str="SSLv3 write certificate B"; break;
+case SSL3_ST_SW_KEY_EXCH_A:	str="SSLv3 write key exchange A"; break;
+case SSL3_ST_SW_KEY_EXCH_B:	str="SSLv3 write key exchange B"; break;
+case SSL3_ST_SW_CERT_REQ_A:	str="SSLv3 write certificate request A"; break;
+case SSL3_ST_SW_CERT_REQ_B:	str="SSLv3 write certificate request B"; break;
+case SSL3_ST_SW_SRVR_DONE_A:	str="SSLv3 write server done A"; break;
+case SSL3_ST_SW_SRVR_DONE_B:	str="SSLv3 write server done B"; break;
+case SSL3_ST_SR_CERT_A:		str="SSLv3 read client certificate A"; break;
+case SSL3_ST_SR_CERT_B:		str="SSLv3 read client certificate B"; break;
+case SSL3_ST_SR_KEY_EXCH_A:	str="SSLv3 read client key exchange A"; break;
+case SSL3_ST_SR_KEY_EXCH_B:	str="SSLv3 read client key exchange B"; break;
+case SSL3_ST_SR_CERT_VRFY_A:	str="SSLv3 read certificate verify A"; break;
+case SSL3_ST_SR_CERT_VRFY_B:	str="SSLv3 read certificate verify B"; break;
+#endif
+
+#if !defined(NO_SSL2) && !defined(NO_SSL3)
+/* SSLv2/v3 compatablitity states */
+/* client */
+case SSL23_ST_CW_CLNT_HELLO_A:	str="SSLv2/v3 write client hello A"; break;
+case SSL23_ST_CW_CLNT_HELLO_B:	str="SSLv2/v3 write client hello B"; break;
+case SSL23_ST_CR_SRVR_HELLO_A:	str="SSLv2/v3 read server hello A"; break;
+case SSL23_ST_CR_SRVR_HELLO_B:	str="SSLv2/v3 read server hello B"; break;
+/* server */
+case SSL23_ST_SR_CLNT_HELLO_A:	str="SSLv2/v3 read client hello A"; break;
+case SSL23_ST_SR_CLNT_HELLO_B:	str="SSLv2/v3 read client hello B"; break;
+#endif
+
+default:	str="unknown state"; break;
+		}
+	return(str);
+	}
+
+char *SSL_rstate_string_long(SSL *s)
+	{
+	char *str;
+
+	switch (s->rstate)
+		{
+	case SSL_ST_READ_HEADER: str="read header"; break;
+	case SSL_ST_READ_BODY: str="read body"; break;
+	case SSL_ST_READ_DONE: str="read done"; break;
+	default: str="unknown"; break;
+		}
+	return(str);
+	}
+
+char *SSL_state_string(SSL *s)
+	{
+	char *str;
+
+	switch (s->state)
+		{
+case SSL_ST_BEFORE:				str="PINIT "; break;
+case SSL_ST_ACCEPT:				str="AINIT "; break;
+case SSL_ST_CONNECT:				str="CINIT "; break;
+case SSL_ST_OK:			 		str="SSLOK "; break;
+#ifndef NO_SSL2
+case SSL2_ST_CLIENT_START_ENCRYPTION:		str="2CSENC"; break;
+case SSL2_ST_SERVER_START_ENCRYPTION:		str="2SSENC"; break;
+case SSL2_ST_SEND_CLIENT_HELLO_A:		str="2SCH_A"; break;
+case SSL2_ST_SEND_CLIENT_HELLO_B:		str="2SCH_B"; break;
+case SSL2_ST_GET_SERVER_HELLO_A:		str="2GSH_A"; break;
+case SSL2_ST_GET_SERVER_HELLO_B:		str="2GSH_B"; break;
+case SSL2_ST_SEND_CLIENT_MASTER_KEY_A:		str="2SCMKA"; break;
+case SSL2_ST_SEND_CLIENT_MASTER_KEY_B:		str="2SCMKB"; break;
+case SSL2_ST_SEND_CLIENT_FINISHED_A:		str="2SCF_A"; break;
+case SSL2_ST_SEND_CLIENT_FINISHED_B:		str="2SCF_B"; break;
+case SSL2_ST_SEND_CLIENT_CERTIFICATE_A:		str="2SCC_A"; break;
+case SSL2_ST_SEND_CLIENT_CERTIFICATE_B:		str="2SCC_B"; break;
+case SSL2_ST_SEND_CLIENT_CERTIFICATE_C:		str="2SCC_C"; break;
+case SSL2_ST_SEND_CLIENT_CERTIFICATE_D:		str="2SCC_D"; break;
+case SSL2_ST_GET_SERVER_VERIFY_A:		str="2GSV_A"; break;
+case SSL2_ST_GET_SERVER_VERIFY_B:		str="2GSV_B"; break;
+case SSL2_ST_GET_SERVER_FINISHED_A:		str="2GSF_A"; break;
+case SSL2_ST_GET_SERVER_FINISHED_B:		str="2GSF_B"; break;
+case SSL2_ST_GET_CLIENT_HELLO_A:		str="2GCH_A"; break;
+case SSL2_ST_GET_CLIENT_HELLO_B:		str="2GCH_B"; break;
+case SSL2_ST_GET_CLIENT_HELLO_C:		str="2GCH_C"; break;
+case SSL2_ST_SEND_SERVER_HELLO_A:		str="2SSH_A"; break;
+case SSL2_ST_SEND_SERVER_HELLO_B:		str="2SSH_B"; break;
+case SSL2_ST_GET_CLIENT_MASTER_KEY_A:		str="2GCMKA"; break;
+case SSL2_ST_GET_CLIENT_MASTER_KEY_B:		str="2GCMKA"; break;
+case SSL2_ST_SEND_SERVER_VERIFY_A:		str="2SSV_A"; break;
+case SSL2_ST_SEND_SERVER_VERIFY_B:		str="2SSV_B"; break;
+case SSL2_ST_SEND_SERVER_VERIFY_C:		str="2SSV_C"; break;
+case SSL2_ST_GET_CLIENT_FINISHED_A:		str="2GCF_A"; break;
+case SSL2_ST_GET_CLIENT_FINISHED_B:		str="2GCF_B"; break;
+case SSL2_ST_SEND_SERVER_FINISHED_A:		str="2SSF_A"; break;
+case SSL2_ST_SEND_SERVER_FINISHED_B:		str="2SSF_B"; break;
+case SSL2_ST_SEND_REQUEST_CERTIFICATE_A:	str="2SRC_A"; break;
+case SSL2_ST_SEND_REQUEST_CERTIFICATE_B:	str="2SRC_B"; break;
+case SSL2_ST_SEND_REQUEST_CERTIFICATE_C:	str="2SRC_C"; break;
+case SSL2_ST_SEND_REQUEST_CERTIFICATE_D:	str="2SRC_D"; break;
+case SSL2_ST_X509_GET_SERVER_CERTIFICATE:	str="2X9GSC"; break;
+case SSL2_ST_X509_GET_CLIENT_CERTIFICATE:	str="2X9GCC"; break;
+#endif
+
+#ifndef NO_SSL3
+/* SSLv3 additions */
+case SSL3_ST_SW_FLUSH:
+case SSL3_ST_CW_FLUSH:				str="3FLUSH"; break;
+case SSL3_ST_CW_CLNT_HELLO_A:			str="3WCH_A"; break;
+case SSL3_ST_CW_CLNT_HELLO_B:			str="3WCH_B"; break;
+case SSL3_ST_CR_SRVR_HELLO_A:			str="3RSH_A"; break;
+case SSL3_ST_CR_SRVR_HELLO_B:			str="3RSH_B"; break;
+case SSL3_ST_CR_CERT_A:				str="3RSC_A"; break;
+case SSL3_ST_CR_CERT_B:				str="3RSC_B"; break;
+case SSL3_ST_CR_KEY_EXCH_A:			str="3RSKEA"; break;
+case SSL3_ST_CR_KEY_EXCH_B:			str="3RSKEB"; break;
+case SSL3_ST_CR_CERT_REQ_A:			str="3RCR_A"; break;
+case SSL3_ST_CR_CERT_REQ_B:			str="3RCR_B"; break;
+case SSL3_ST_CR_SRVR_DONE_A:			str="3RSD_A"; break;
+case SSL3_ST_CR_SRVR_DONE_B:			str="3RSD_B"; break;
+case SSL3_ST_CW_CERT_A:				str="3WCC_A"; break;
+case SSL3_ST_CW_CERT_B:				str="3WCC_B"; break;
+case SSL3_ST_CW_CERT_C:				str="3WCC_C"; break;
+case SSL3_ST_CW_CERT_D:				str="3WCC_D"; break;
+case SSL3_ST_CW_KEY_EXCH_A:			str="3WCKEA"; break;
+case SSL3_ST_CW_KEY_EXCH_B:			str="3WCKEB"; break;
+case SSL3_ST_CW_CERT_VRFY_A:			str="3WCV_A"; break;
+case SSL3_ST_CW_CERT_VRFY_B:			str="3WCV_B"; break;
+
+case SSL3_ST_SW_CHANGE_A:
+case SSL3_ST_CW_CHANGE_A:			str="3WCCSA"; break;
+case SSL3_ST_SW_CHANGE_B:
+case SSL3_ST_CW_CHANGE_B:			str="3WCCSB"; break;
+case SSL3_ST_SW_FINISHED_A:
+case SSL3_ST_CW_FINISHED_A:			str="3WFINA"; break;
+case SSL3_ST_SW_FINISHED_B:
+case SSL3_ST_CW_FINISHED_B:			str="3WFINB"; break;
+case SSL3_ST_SR_CHANGE_A:
+case SSL3_ST_CR_CHANGE_A:			str="3RCCSA"; break;
+case SSL3_ST_SR_CHANGE_B:
+case SSL3_ST_CR_CHANGE_B:			str="3RCCSB"; break;
+case SSL3_ST_SR_FINISHED_A:
+case SSL3_ST_CR_FINISHED_A:			str="3RFINA"; break;
+case SSL3_ST_SR_FINISHED_B:
+case SSL3_ST_CR_FINISHED_B:			str="3RFINB"; break;
+
+case SSL3_ST_SW_HELLO_REQ_A:			str="3WHR_A"; break;
+case SSL3_ST_SW_HELLO_REQ_B:			str="3WHR_B"; break;
+case SSL3_ST_SW_HELLO_REQ_C:			str="3WHR_C"; break;
+case SSL3_ST_SR_CLNT_HELLO_A:			str="3RCH_A"; break;
+case SSL3_ST_SR_CLNT_HELLO_B:			str="3RCH_B"; break;
+case SSL3_ST_SR_CLNT_HELLO_C:			str="3RCH_C"; break;
+case SSL3_ST_SW_SRVR_HELLO_A:			str="3WSH_A"; break;
+case SSL3_ST_SW_SRVR_HELLO_B:			str="3WSH_B"; break;
+case SSL3_ST_SW_CERT_A:				str="3WSC_A"; break;
+case SSL3_ST_SW_CERT_B:				str="3WSC_B"; break;
+case SSL3_ST_SW_KEY_EXCH_A:			str="3WSKEA"; break;
+case SSL3_ST_SW_KEY_EXCH_B:			str="3WSKEB"; break;
+case SSL3_ST_SW_CERT_REQ_A:			str="3WCR_A"; break;
+case SSL3_ST_SW_CERT_REQ_B:			str="3WCR_B"; break;
+case SSL3_ST_SW_SRVR_DONE_A:			str="3WSD_A"; break;
+case SSL3_ST_SW_SRVR_DONE_B:			str="3WSD_B"; break;
+case SSL3_ST_SR_CERT_A:				str="3RCC_A"; break;
+case SSL3_ST_SR_CERT_B:				str="3RCC_B"; break;
+case SSL3_ST_SR_KEY_EXCH_A:			str="3RCKEA"; break;
+case SSL3_ST_SR_KEY_EXCH_B:			str="3RCKEB"; break;
+case SSL3_ST_SR_CERT_VRFY_A:			str="3RCV_A"; break;
+case SSL3_ST_SR_CERT_VRFY_B:			str="3RCV_B"; break;
+#endif
+
+#if !defined(NO_SSL2) && !defined(NO_SSL3)
+/* SSLv2/v3 compatablitity states */
+/* client */
+case SSL23_ST_CW_CLNT_HELLO_A:			str="23WCHA"; break;
+case SSL23_ST_CW_CLNT_HELLO_B:			str="23WCHB"; break;
+case SSL23_ST_CR_SRVR_HELLO_A:			str="23RSHA"; break;
+case SSL23_ST_CR_SRVR_HELLO_B:			str="23RSHA"; break;
+/* server */
+case SSL23_ST_SR_CLNT_HELLO_A:			str="23RCHA"; break;
+case SSL23_ST_SR_CLNT_HELLO_B:			str="23RCHB"; break;
+#endif
+
+default:					str="UNKWN "; break;
+		}
+	return(str);
+	}
+
+char *SSL_alert_type_string_long(int value)
+	{
+	value>>=8;
+	if (value == SSL3_AL_WARNING)
+		return("warning");
+	else if (value == SSL3_AL_FATAL)
+		return("fatal");
+	else
+		return("unknown");
+	}
+
+char *SSL_alert_type_string(int value)
+	{
+	value>>=8;
+	if (value == SSL3_AL_WARNING)
+		return("W");
+	else if (value == SSL3_AL_FATAL)
+		return("F");
+	else
+		return("U");
+	}
+
+char *SSL_alert_desc_string(int value)
+	{
+	char *str;
+
+	switch (value & 0xff)
+		{
+	case SSL3_AD_CLOSE_NOTIFY:		str="CN"; break;
+	case SSL3_AD_UNEXPECTED_MESSAGE:	str="UM"; break;
+	case SSL3_AD_BAD_RECORD_MAC:		str="BM"; break;
+	case SSL3_AD_DECOMPRESSION_FAILURE:	str="DF"; break;
+	case SSL3_AD_HANDSHAKE_FAILURE:		str="HF"; break;
+	case SSL3_AD_NO_CERTIFICATE:		str="NC"; break;
+	case SSL3_AD_BAD_CERTIFICATE:		str="BC"; break;
+	case SSL3_AD_UNSUPPORTED_CERTIFICATE:	str="UC"; break;
+	case SSL3_AD_CERTIFICATE_REVOKED:	str="CR"; break;
+	case SSL3_AD_CERTIFICATE_EXPIRED:	str="CE"; break;
+	case SSL3_AD_CERTIFICATE_UNKNOWN:	str="CU"; break;
+	case SSL3_AD_ILLEGAL_PARAMETER:		str="IP"; break;
+	default:				str="UK"; break;
+		}
+	return(str);
+	}
+
+char *SSL_alert_desc_string_long(int value)
+	{
+	char *str;
+
+	switch (value & 0xff)
+		{
+	case SSL3_AD_CLOSE_NOTIFY:
+		str="close notify";
+		break;
+	case SSL3_AD_UNEXPECTED_MESSAGE:
+		str="unexected_message";
+		break;
+	case SSL3_AD_BAD_RECORD_MAC:
+		str="bad record mac";
+		break;
+	case SSL3_AD_DECOMPRESSION_FAILURE:
+		str="decompression failure";
+		break;
+	case SSL3_AD_HANDSHAKE_FAILURE:
+		str="handshake failure";
+		break;
+	case SSL3_AD_NO_CERTIFICATE:
+		str="no certificate";
+		break;
+	case SSL3_AD_BAD_CERTIFICATE:
+		str="bad certificate";
+		break;
+	case SSL3_AD_UNSUPPORTED_CERTIFICATE:
+		str="unsupported certificate";
+		break;
+	case SSL3_AD_CERTIFICATE_REVOKED:
+		str="certificate revoked";
+		break;
+	case SSL3_AD_CERTIFICATE_EXPIRED:
+		str="certificate expired";
+		break;
+	case SSL3_AD_CERTIFICATE_UNKNOWN:
+		str="certifcate unknown";
+		break;
+	case SSL3_AD_ILLEGAL_PARAMETER:
+		str="illegal parameter";
+		break;
+	default: str="unknown"; break;
+		}
+	return(str);
+	}
+
+char *SSL_rstate_string(SSL *s)
+	{
+	char *str;
+
+	switch (s->rstate)
+		{
+	case SSL_ST_READ_HEADER:str="RH"; break;
+	case SSL_ST_READ_BODY:	str="RB"; break;
+	case SSL_ST_READ_DONE:	str="RD"; break;
+	default: str="unknown"; break;
+		}
+	return(str);
+	}
diff --git a/crypto/openssl/ssl/ssl_task.c b/crypto/openssl/ssl/ssl_task.c
new file mode 100644
index 000000000000..321e35c83ba6
--- /dev/null
+++ b/crypto/openssl/ssl/ssl_task.c
@@ -0,0 +1,369 @@
+/* ssl/ssl_task.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* VMS */
+/*
+ * DECnet object for servicing SSL.  We accept the inbound and speak a
+ * simple protocol for multiplexing the 2 data streams (application and
+ * ssl data) over this logical link.
+ *
+ * Logical names:
+ *    SSL_CIPHER	Defines a list of cipher specifications the server
+ *			will support in order of preference.
+ *    SSL_SERVER_CERTIFICATE
+ *			Points to PEM (privacy enhanced mail) file that
+ *			contains the server certificate and private password.
+ *    SYS$NET		Logical created by netserver.exe as hook for completing
+ *			DECnet logical link.
+ *
+ * Each NSP message sent over the DECnet link has the following structure:
+ *    struct rpc_msg { 
+ *      char channel;
+ *      char function;
+ *      short length;
+ *      char data[MAX_DATA];
+ *    } msg;
+ *
+ * The channel field designates the virtual data stream this message applies
+ * to and is one of:
+ *   A - Application data (payload).
+ *   R - Remote client connection that initiated the SSL connection.  Encrypted
+ *       data is sent over this connection.
+ *   G - General data, reserved for future use.
+ *
+ * The data streams are half-duplex read/write and have following functions:
+ *   G - Get, requests that up to msg.length bytes of data be returned.  The
+ *       data is returned in the next 'C' function response that matches the
+ *       requesting channel.
+ *   P - Put, requests that the first msg.length bytes of msg.data be appended
+ *       to the designated stream.
+ *   C - Confirms a get or put.  Every get and put will get a confirm response,
+ *       you cannot initiate another function on a channel until the previous
+ *       operation has been confirmed.
+ *
+ *  The 2 channels may interleave their operations, for example:
+ *        Server msg           Client msg
+ *         A, Get, 4092          ---->
+ *                               <----  R, get, 4092
+ *         R, Confirm, {hello}   ---->
+ *                               <----  R, put, {srv hello}
+ *         R, Confirm, 0         ---->
+ *                               .		(SSL handshake completed)
+ *                               .              (read first app data).
+ *                               <----  A, confirm, {http data}
+ *         A, Put, {http data}   ---->
+ *                               <----  A, confirm, 0
+ *
+ *  The length field is not permitted to be larger that 4092 bytes.
+ *
+ * Author: Dave Jones
+ * Date:   22-JUL-1996
+ */
+#include 
+#include 
+#include 		/* VMS IO$_ definitions */
+#include 		/* VMS string descriptors */
+extern int SYS$QIOW(), SYS$ASSIGN();
+int LIB$INIT_TIMER(), LIB$SHOW_TIMER();
+
+#include 		/* from ssltest.c */
+#include 
+
+#include "openssl/e_os.h"
+
+#include 
+#include 
+#include 
+#include 
+
+int MS_CALLBACK verify_callback(int ok, X509 *xs, X509 *xi, int depth,
+	int error);
+BIO *bio_err=NULL;
+BIO *bio_stdout=NULL;
+BIO_METHOD *BIO_s_rtcp();
+
+static char *cipher=NULL;
+int verbose=1;
+#ifdef FIONBIO
+static int s_nbio=0;
+#endif
+#define TEST_SERVER_CERT "SSL_SERVER_CERTIFICATE"
+/*************************************************************************/
+struct rpc_msg {		/* Should have member alignment inhibited */
+   char channel;		/* 'A'-app data. 'R'-remote client 'G'-global */
+   char function;		/* 'G'-get, 'P'-put, 'C'-confirm, 'X'-close */
+   unsigned short int length;	/* Amount of data returned or max to return */
+   char data[4092];		/* variable data */
+};
+#define RPC_HDR_SIZE (sizeof(struct rpc_msg) - 4092)
+
+static $DESCRIPTOR(sysnet, "SYS$NET");
+typedef unsigned short io_channel;
+
+struct io_status {
+    unsigned short status;
+    unsigned short count;
+    unsigned long stsval;
+};
+int doit(io_channel chan, SSL_CTX *s_ctx );
+/*****************************************************************************/
+/* Decnet I/O routines.
+ */
+static int get ( io_channel chan, char *buffer, int maxlen, int *length )
+{
+    int status;
+    struct io_status iosb;
+    status = SYS$QIOW ( 0, chan, IO$_READVBLK, &iosb, 0, 0,
+	buffer, maxlen, 0, 0, 0, 0 );
+    if ( (status&1) == 1 ) status = iosb.status;
+    if ( (status&1) == 1 ) *length = iosb.count;
+    return status;
+}
+
+static int put ( io_channel chan, char *buffer, int length )
+{
+    int status;
+    struct io_status iosb;
+    status = SYS$QIOW ( 0, chan, IO$_WRITEVBLK, &iosb, 0, 0,
+	buffer, length, 0, 0, 0, 0 );
+    if ( (status&1) == 1 ) status = iosb.status;
+    return status;
+}
+/***************************************************************************/
+/* Handle operations on the 'G' channel.
+ */
+static int general_request ( io_channel chan, struct rpc_msg *msg, int length )
+{
+    return 48;
+}
+/***************************************************************************/
+int main ( int argc, char **argv )
+{
+    int status, length;
+    io_channel chan;
+    struct rpc_msg msg;
+
+	char *CApath=NULL,*CAfile=NULL;
+	int badop=0;
+	int ret=1;
+	int client_auth=0;
+	int server_auth=0;
+	SSL_CTX *s_ctx=NULL;
+    /*
+     * Confirm logical link with initiating client.
+     */
+    LIB$INIT_TIMER();
+    status = SYS$ASSIGN ( &sysnet, &chan, 0, 0, 0 );
+    printf("status of assign to SYS$NET: %d\n", status );
+    /*
+     * Initialize standard out and error files.
+     */
+	if (bio_err == NULL)
+		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+	if (bio_stdout == NULL)
+		if ((bio_stdout=BIO_new(BIO_s_file())) != NULL)
+			BIO_set_fp(bio_stdout,stdout,BIO_NOCLOSE);
+    /*
+     * get the preferred cipher list and other initialization
+     */
+	if (cipher == NULL) cipher=getenv("SSL_CIPHER");
+	printf("cipher list: %s\n", cipher ? cipher : "{undefined}" );
+
+	SSL_load_error_strings();
+	SSLeay_add_all_algorithms();
+
+/* DRM, this was the original, but there is no such thing as SSLv2()
+	s_ctx=SSL_CTX_new(SSLv2());
+*/
+	s_ctx=SSL_CTX_new(SSLv2_server_method());
+
+	if (s_ctx == NULL) goto end;
+
+	SSL_CTX_use_certificate_file(s_ctx,TEST_SERVER_CERT,SSL_FILETYPE_PEM);
+	SSL_CTX_use_RSAPrivateKey_file(s_ctx,TEST_SERVER_CERT,SSL_FILETYPE_PEM);
+	printf("Loaded server certificate: '%s'\n", TEST_SERVER_CERT );
+
+    /*
+     * Take commands from client until bad status.
+     */
+    LIB$SHOW_TIMER();
+    status = doit ( chan, s_ctx );
+    LIB$SHOW_TIMER();
+    /*
+     * do final cleanup and exit.
+     */
+end:
+	if (s_ctx != NULL) SSL_CTX_free(s_ctx);
+    LIB$SHOW_TIMER();
+    return 1;
+}
+
+int doit(io_channel chan, SSL_CTX *s_ctx )
+{
+    int status, length, link_state;
+     struct rpc_msg msg;
+	static char cbuf[200],sbuf[200];
+	SSL *s_ssl=NULL;
+	BIO *c_to_s=NULL;
+	BIO *s_to_c=NULL;
+	BIO *c_bio=NULL;
+	BIO *s_bio=NULL;
+	int i;
+	int done=0;
+
+	s_ssl=SSL_new(s_ctx);
+	if (s_ssl == NULL) goto err;
+
+	c_to_s=BIO_new(BIO_s_rtcp());
+	s_to_c=BIO_new(BIO_s_rtcp());
+	if ((s_to_c == NULL) || (c_to_s == NULL)) goto err;
+/* original, DRM 24-SEP-1997
+	BIO_set_fd ( c_to_s, "", chan );
+	BIO_set_fd ( s_to_c, "", chan );
+*/
+	BIO_set_fd ( c_to_s, 0, chan );
+	BIO_set_fd ( s_to_c, 0, chan );
+
+	c_bio=BIO_new(BIO_f_ssl());
+	s_bio=BIO_new(BIO_f_ssl());
+	if ((c_bio == NULL) || (s_bio == NULL)) goto err;
+
+	SSL_set_accept_state(s_ssl);
+	SSL_set_bio(s_ssl,c_to_s,s_to_c);
+	BIO_set_ssl(s_bio,s_ssl,BIO_CLOSE);
+
+	/* We can always do writes */
+	printf("Begin doit main loop\n");
+	/*
+	 * Link states: 0-idle, 1-read pending, 2-write pending, 3-closed.
+	 */
+	for (link_state = 0; link_state < 3; ) {
+	    /*
+	     * Wait for remote end to request data action on A channel.
+	     */
+	    while ( link_state == 0 ) {
+		status = get ( chan, (char *) &msg, sizeof(msg), &length );
+		if ( (status&1) == 0 ) {
+		    printf("Error in main loop get: %d\n", status );
+		    link_state = 3;
+		    break;
+		}
+	   	if ( length < RPC_HDR_SIZE ) {
+		    printf("Error in main loop get size: %d\n", length );
+		    break;
+		    link_state = 3;
+		}
+	   	if ( msg.channel != 'A' ) {
+		    printf("Error in main loop, unexpected channel: %c\n", 
+			msg.channel );
+		    break;
+		    link_state = 3;
+		}
+		if ( msg.function == 'G' ) {
+		    link_state = 1;
+		} else if ( msg.function == 'P' ) {
+		    link_state = 2;	/* write pending */
+		} else if ( msg.function == 'X' ) {
+		    link_state = 3;
+		} else {
+		    link_state = 3;
+		}
+	    }
+	    if ( link_state == 1 ) {
+		i = BIO_read ( s_bio, msg.data, msg.length );
+		if ( i < 0 ) link_state = 3;
+		else {
+		    msg.channel = 'A';
+		    msg.function = 'C';		/* confirm */
+		    msg.length = i;
+		    status = put ( chan, (char *) &msg, i+RPC_HDR_SIZE );
+		    if ( (status&1) == 0 ) break;
+		    link_state = 0;
+		}
+	    } else if ( link_state == 2 ) {
+		i = BIO_write ( s_bio, msg.data, msg.length );
+		if ( i < 0 ) link_state = 3;
+		else {
+		    msg.channel = 'A';
+		    msg.function = 'C';		/* confirm */
+		    msg.length = 0;
+		    status = put ( chan, (char *) &msg, RPC_HDR_SIZE );
+		    if ( (status&1) == 0 ) break;
+		    link_state = 0;
+		}
+	    }
+	}
+	fprintf(stdout,"DONE\n");
+err:
+	/* We have to set the BIO's to NULL otherwise they will be
+	 * free()ed twice.  Once when th s_ssl is SSL_free()ed and
+	 * again when c_ssl is SSL_free()ed.
+	 * This is a hack required because s_ssl and c_ssl are sharing the same
+	 * BIO structure and SSL_set_bio() and SSL_free() automatically
+	 * BIO_free non NULL entries.
+	 * You should not normally do this or be required to do this */
+	s_ssl->rbio=NULL;
+	s_ssl->wbio=NULL;
+
+	if (c_to_s != NULL) BIO_free(c_to_s);
+	if (s_to_c != NULL) BIO_free(s_to_c);
+	if (c_bio != NULL) BIO_free(c_bio);
+	if (s_bio != NULL) BIO_free(s_bio);
+	return(0);
+}
diff --git a/crypto/openssl/ssl/ssl_txt.c b/crypto/openssl/ssl/ssl_txt.c
new file mode 100644
index 000000000000..ca67a98d896a
--- /dev/null
+++ b/crypto/openssl/ssl/ssl_txt.c
@@ -0,0 +1,171 @@
+/* ssl/ssl_txt.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include "ssl_locl.h"
+
+#ifndef NO_FP_API
+int SSL_SESSION_print_fp(FILE *fp, SSL_SESSION *x)
+	{
+	BIO *b;
+	int ret;
+
+	if ((b=BIO_new(BIO_s_file_internal())) == NULL)
+		{
+		SSLerr(SSL_F_SSL_SESSION_PRINT_FP,ERR_R_BUF_LIB);
+		return(0);
+		}
+	BIO_set_fp(b,fp,BIO_NOCLOSE);
+	ret=SSL_SESSION_print(b,x);
+	BIO_free(b);
+	return(ret);
+	}
+#endif
+
+int SSL_SESSION_print(BIO *bp, SSL_SESSION *x)
+	{
+	unsigned int i;
+	char str[128],*s;
+
+	if (x == NULL) goto err;
+	if (BIO_puts(bp,"SSL-Session:\n") <= 0) goto err;
+	if (x->ssl_version == SSL2_VERSION)
+		s="SSLv2";
+	else if (x->ssl_version == SSL3_VERSION)
+		s="SSLv3";
+	else if (x->ssl_version == TLS1_VERSION)
+		s="TLSv1";
+	else
+		s="unknown";
+	sprintf(str,"    Protocol  : %s\n",s);
+	if (BIO_puts(bp,str) <= 0) goto err;
+
+	if (x->cipher == NULL)
+		{
+		if (((x->cipher_id) & 0xff000000) == 0x02000000)
+			sprintf(str,"    Cipher    : %06lX\n",x->cipher_id&0xffffff);
+		else
+			sprintf(str,"    Cipher    : %04lX\n",x->cipher_id&0xffff);
+		}
+	else
+		sprintf(str,"    Cipher    : %s\n",(x->cipher == NULL)?"unknown":x->cipher->name);
+	if (BIO_puts(bp,str) <= 0) goto err;
+	if (BIO_puts(bp,"    Session-ID: ") <= 0) goto err;
+	for (i=0; isession_id_length; i++)
+		{
+		sprintf(str,"%02X",x->session_id[i]);
+		if (BIO_puts(bp,str) <= 0) goto err;
+		}
+	if (BIO_puts(bp,"\nSession-ID-ctx: ") <= 0) goto err;
+	for (i=0; isid_ctx_length; i++)
+		{
+		sprintf(str,"%02X",x->sid_ctx[i]);
+		if (BIO_puts(bp,str) <= 0) goto err;
+		}
+	if (BIO_puts(bp,"\n    Master-Key: ") <= 0) goto err;
+	for (i=0; i<(unsigned int)x->master_key_length; i++)
+		{
+		sprintf(str,"%02X",x->master_key[i]);
+		if (BIO_puts(bp,str) <= 0) goto err;
+		}
+	if (BIO_puts(bp,"\n    Key-Arg   : ") <= 0) goto err;
+	if (x->key_arg_length == 0)
+		{
+		if (BIO_puts(bp,"None") <= 0) goto err;
+		}
+	else
+		for (i=0; ikey_arg_length; i++)
+			{
+			sprintf(str,"%02X",x->key_arg[i]);
+			if (BIO_puts(bp,str) <= 0) goto err;
+			}
+	if (x->compress_meth != 0)
+		{
+		SSL_COMP *comp;
+
+		ssl_cipher_get_evp(x,NULL,NULL,&comp);
+		if (comp == NULL)
+			{
+			sprintf(str,"\n   Compression: %d",x->compress_meth);
+			if (BIO_puts(bp,str) <= 0) goto err;
+			}
+		else
+			{
+			sprintf(str,"\n   Compression: %d (%s)",
+				comp->id,comp->method->name);
+			if (BIO_puts(bp,str) <= 0) goto err;
+			}
+		}	
+	if (x->time != 0L)
+		{
+		sprintf(str,"\n    Start Time: %ld",x->time);
+		if (BIO_puts(bp,str) <= 0) goto err;
+		}
+	if (x->timeout != 0L)
+		{
+		sprintf(str,"\n    Timeout   : %ld (sec)",x->timeout);
+		if (BIO_puts(bp,str) <= 0) goto err;
+		}
+	if (BIO_puts(bp,"\n") <= 0) goto err;
+		
+	return(1);
+err:
+	return(0);
+	}
+
diff --git a/crypto/openssl/ssl/ssltest.c b/crypto/openssl/ssl/ssltest.c
new file mode 100644
index 000000000000..90570f4bee7d
--- /dev/null
+++ b/crypto/openssl/ssl/ssltest.c
@@ -0,0 +1,1163 @@
+/* ssl/ssltest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#include "openssl/e_os.h"
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#ifdef WINDOWS
+#include "../crypto/bio/bss_file.c"
+#endif
+
+#if defined(NO_RSA) && !defined(NO_SSL2)
+#define NO_SSL2
+#endif
+
+#ifdef VMS
+#  define TEST_SERVER_CERT "SYS$DISK:[-.APPS]SERVER.PEM"
+#  define TEST_CLIENT_CERT "SYS$DISK:[-.APPS]CLIENT.PEM"
+#else
+#  define TEST_SERVER_CERT "../apps/server.pem"
+#  define TEST_CLIENT_CERT "../apps/client.pem"
+#endif
+
+int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
+#ifndef NO_RSA
+static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export,int keylength);
+#endif
+#ifndef NO_DH
+static DH *get_dh512(void);
+#endif
+BIO *bio_err=NULL;
+BIO *bio_stdout=NULL;
+
+static char *cipher=NULL;
+int verbose=0;
+int debug=0;
+#if 0
+/* Not used yet. */
+#ifdef FIONBIO
+static int s_nbio=0;
+#endif
+#endif
+
+
+int doit_biopair(SSL *s_ssl,SSL *c_ssl,long bytes);
+int doit(SSL *s_ssl,SSL *c_ssl,long bytes);
+static void sv_usage(void)
+	{
+	fprintf(stderr,"usage: ssltest [args ...]\n");
+	fprintf(stderr,"\n");
+	fprintf(stderr," -server_auth  - check server certificate\n");
+	fprintf(stderr," -client_auth  - do client authentication\n");
+	fprintf(stderr," -v            - more output\n");
+	fprintf(stderr," -d            - debug output\n");
+	fprintf(stderr," -reuse        - use session-id reuse\n");
+	fprintf(stderr," -num     - number of connections to perform\n");
+	fprintf(stderr," -bytes   - number of bytes to swap between client/server\n");
+#if !defined NO_DH && !defined NO_DSA
+	fprintf(stderr," -dhe1024      - generate 1024 bit key for DHE\n");
+#endif
+#ifndef NO_SSL2
+	fprintf(stderr," -ssl2         - use SSLv2\n");
+#endif
+#ifndef NO_SSL3
+	fprintf(stderr," -ssl3         - use SSLv3\n");
+#endif
+#ifndef NO_TLS1
+	fprintf(stderr," -tls1         - use TLSv1\n");
+#endif
+	fprintf(stderr," -CApath arg   - PEM format directory of CA's\n");
+	fprintf(stderr," -CAfile arg   - PEM format file of CA's\n");
+	fprintf(stderr," -cert arg     - Certificate file\n");
+	fprintf(stderr," -s_cert arg   - Just the server certificate file\n");
+	fprintf(stderr," -c_cert arg   - Just the client certificate file\n");
+	fprintf(stderr," -cipher arg   - The cipher list\n");
+	fprintf(stderr," -bio_pair     - Use BIO pairs\n");
+	fprintf(stderr," -f            - Test even cases that can't work\n");
+	}
+
+int main(int argc, char *argv[])
+	{
+	char *CApath=NULL,*CAfile=NULL;
+	int badop=0;
+	int bio_pair=0;
+	int force=0;
+	int tls1=0,ssl2=0,ssl3=0,ret=1;
+	int client_auth=0;
+	int server_auth=0,i;
+	char *server_cert=TEST_SERVER_CERT;
+	char *client_cert=TEST_CLIENT_CERT;
+	SSL_CTX *s_ctx=NULL;
+	SSL_CTX *c_ctx=NULL;
+	SSL_METHOD *meth=NULL;
+	SSL *c_ssl,*s_ssl;
+	int number=1,reuse=0;
+	long bytes=1L;
+	SSL_CIPHER *ciph;
+	int dhe1024 = 0;
+#ifndef NO_DH
+	DH *dh;
+#endif
+
+	bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+	bio_stdout=BIO_new_fp(stdout,BIO_NOCLOSE);
+
+	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+	argc--;
+	argv++;
+
+	while (argc >= 1)
+		{
+		if	(strcmp(*argv,"-server_auth") == 0)
+			server_auth=1;
+		else if	(strcmp(*argv,"-client_auth") == 0)
+			client_auth=1;
+		else if	(strcmp(*argv,"-v") == 0)
+			verbose=1;
+		else if	(strcmp(*argv,"-d") == 0)
+			debug=1;
+		else if	(strcmp(*argv,"-reuse") == 0)
+			reuse=1;
+		else if	(strcmp(*argv,"-dhe1024") == 0)
+			dhe1024=1;
+		else if	(strcmp(*argv,"-ssl2") == 0)
+			ssl2=1;
+		else if	(strcmp(*argv,"-tls1") == 0)
+			tls1=1;
+		else if	(strcmp(*argv,"-ssl3") == 0)
+			ssl3=1;
+		else if	(strncmp(*argv,"-num",4) == 0)
+			{
+			if (--argc < 1) goto bad;
+			number= atoi(*(++argv));
+			if (number == 0) number=1;
+			}
+		else if	(strcmp(*argv,"-bytes") == 0)
+			{
+			if (--argc < 1) goto bad;
+			bytes= atol(*(++argv));
+			if (bytes == 0L) bytes=1L;
+			i=strlen(argv[0]);
+			if (argv[0][i-1] == 'k') bytes*=1024L;
+			if (argv[0][i-1] == 'm') bytes*=1024L*1024L;
+			}
+		else if	(strcmp(*argv,"-cert") == 0)
+			{
+			if (--argc < 1) goto bad;
+			server_cert= *(++argv);
+			}
+		else if	(strcmp(*argv,"-s_cert") == 0)
+			{
+			if (--argc < 1) goto bad;
+			server_cert= *(++argv);
+			}
+		else if	(strcmp(*argv,"-c_cert") == 0)
+			{
+			if (--argc < 1) goto bad;
+			client_cert= *(++argv);
+			}
+		else if	(strcmp(*argv,"-cipher") == 0)
+			{
+			if (--argc < 1) goto bad;
+			cipher= *(++argv);
+			}
+		else if	(strcmp(*argv,"-CApath") == 0)
+			{
+			if (--argc < 1) goto bad;
+			CApath= *(++argv);
+			}
+		else if	(strcmp(*argv,"-CAfile") == 0)
+			{
+			if (--argc < 1) goto bad;
+			CAfile= *(++argv);
+			}
+		else if	(strcmp(*argv,"-bio_pair") == 0)
+			{
+			bio_pair = 1;
+			}
+		else if	(strcmp(*argv,"-f") == 0)
+			{
+			force = 1;
+			}
+		else
+			{
+			fprintf(stderr,"unknown option %s\n",*argv);
+			badop=1;
+			break;
+			}
+		argc--;
+		argv++;
+		}
+	if (badop)
+		{
+bad:
+		sv_usage();
+		goto end;
+		}
+
+	if (!ssl2 && !ssl3 && !tls1 && number > 1 && !reuse && !force)
+		{
+		fprintf(stderr, "This case cannot work.  Use -f switch to perform "
+			"the test anyway\n"
+			"(and -d to see what happens, "
+			"and -bio_pair to really make it happen :-)\n"
+			"or add one of -ssl2, -ssl3, -tls1, -reuse to "
+			"avoid protocol mismatch.\n");
+		exit(1);
+		}
+
+/*	if (cipher == NULL) cipher=getenv("SSL_CIPHER"); */
+
+	SSL_library_init();
+	SSL_load_error_strings();
+
+#if !defined(NO_SSL2) && !defined(NO_SSL3)
+	if (ssl2)
+		meth=SSLv2_method();
+	else 
+	if (tls1)
+		meth=TLSv1_method();
+	else
+	if (ssl3)
+		meth=SSLv3_method();
+	else
+		meth=SSLv23_method();
+#else
+#ifdef NO_SSL2
+	meth=SSLv3_method();
+#else
+	meth=SSLv2_method();
+#endif
+#endif
+
+	c_ctx=SSL_CTX_new(meth);
+	s_ctx=SSL_CTX_new(meth);
+	if ((c_ctx == NULL) || (s_ctx == NULL))
+		{
+		ERR_print_errors(bio_err);
+		goto end;
+		}
+
+	if (cipher != NULL)
+		{
+		SSL_CTX_set_cipher_list(c_ctx,cipher);
+		SSL_CTX_set_cipher_list(s_ctx,cipher);
+		}
+
+#ifndef NO_DH
+# ifndef NO_DSA
+	if (dhe1024) 
+		{
+		DSA *dsa;
+
+		if (verbose)
+			{
+			fprintf(stdout, "Creating 1024 bit DHE parameters ...");
+			fflush(stdout);
+			}
+
+		dsa = DSA_generate_parameters(1024, NULL, 0, NULL, NULL, 0, NULL);
+		dh = DSA_dup_DH(dsa);	
+		DSA_free(dsa);
+		/* important: SSL_OP_SINGLE_DH_USE to avoid small subgroup attacks */
+		SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);
+
+		if (verbose)
+			fprintf(stdout, " done\n");
+		}
+	else
+# endif
+		dh=get_dh512();
+	SSL_CTX_set_tmp_dh(s_ctx,dh);
+	DH_free(dh);
+#endif
+
+#ifndef NO_RSA
+	SSL_CTX_set_tmp_rsa_callback(s_ctx,tmp_rsa_cb);
+#endif
+
+	if (!SSL_CTX_use_certificate_file(s_ctx,server_cert,SSL_FILETYPE_PEM))
+		{
+		ERR_print_errors(bio_err);
+		}
+	else if (!SSL_CTX_use_PrivateKey_file(s_ctx,server_cert,
+		SSL_FILETYPE_PEM))
+		{
+		ERR_print_errors(bio_err);
+		goto end;
+		}
+
+	if (client_auth)
+		{
+		SSL_CTX_use_certificate_file(c_ctx,client_cert,
+			SSL_FILETYPE_PEM);
+		SSL_CTX_use_PrivateKey_file(c_ctx,client_cert,
+			SSL_FILETYPE_PEM);
+		}
+
+	if (	(!SSL_CTX_load_verify_locations(s_ctx,CAfile,CApath)) ||
+		(!SSL_CTX_set_default_verify_paths(s_ctx)) ||
+		(!SSL_CTX_load_verify_locations(c_ctx,CAfile,CApath)) ||
+		(!SSL_CTX_set_default_verify_paths(c_ctx)))
+		{
+		/* fprintf(stderr,"SSL_load_verify_locations\n"); */
+		ERR_print_errors(bio_err);
+		/* goto end; */
+		}
+
+	if (client_auth)
+		{
+		fprintf(stderr,"client authentication\n");
+		SSL_CTX_set_verify(s_ctx,
+			SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
+			verify_callback);
+		}
+	if (server_auth)
+		{
+		fprintf(stderr,"server authentication\n");
+		SSL_CTX_set_verify(c_ctx,SSL_VERIFY_PEER,
+			verify_callback);
+		}
+
+	c_ssl=SSL_new(c_ctx);
+	s_ssl=SSL_new(s_ctx);
+
+	for (i=0; i 1) || (bytes > 1L))
+		printf("%d handshakes of %ld bytes done\n",number,bytes);
+
+	SSL_free(s_ssl);
+	SSL_free(c_ssl);
+
+end:
+	if (s_ctx != NULL) SSL_CTX_free(s_ctx);
+	if (c_ctx != NULL) SSL_CTX_free(c_ctx);
+
+	if (bio_stdout != NULL) BIO_free(bio_stdout);
+
+	ERR_free_strings();
+	ERR_remove_state(0);
+	EVP_cleanup();
+	CRYPTO_mem_leaks(bio_err);
+	EXIT(ret);
+	}
+
+int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count)
+	{
+	long cw_num = count, cr_num = count, sw_num = count, sr_num = count;
+	BIO *s_ssl_bio = NULL, *c_ssl_bio = NULL;
+	BIO *server = NULL, *server_io = NULL, *client = NULL, *client_io = NULL;
+	SSL_CIPHER *ciph;
+	int ret = 1;
+	
+	size_t bufsiz = 256; /* small buffer for testing */
+
+	if (!BIO_new_bio_pair(&server, bufsiz, &server_io, bufsiz))
+		goto err;
+	if (!BIO_new_bio_pair(&client, bufsiz, &client_io, bufsiz))
+		goto err;
+	
+	s_ssl_bio = BIO_new(BIO_f_ssl());
+	if (!s_ssl_bio)
+		goto err;
+
+	c_ssl_bio = BIO_new(BIO_f_ssl());
+	if (!c_ssl_bio)
+		goto err;
+
+	SSL_set_connect_state(c_ssl);
+	SSL_set_bio(c_ssl, client, client);
+	(void)BIO_set_ssl(c_ssl_bio, c_ssl, BIO_NOCLOSE);
+
+	SSL_set_accept_state(s_ssl);
+	SSL_set_bio(s_ssl, server, server);
+	(void)BIO_set_ssl(s_ssl_bio, s_ssl, BIO_NOCLOSE);
+
+	do
+		{
+		/* c_ssl_bio:          SSL filter BIO
+		 *
+		 * client:             pseudo-I/O for SSL library
+		 *
+		 * client_io:          client's SSL communication; usually to be
+		 *                     relayed over some I/O facility, but in this
+		 *                     test program, we're the server, too:
+		 *
+		 * server_io:          server's SSL communication
+		 *
+		 * server:             pseudo-I/O for SSL library
+		 *
+		 * s_ssl_bio:          SSL filter BIO
+		 *
+		 * The client and the server each employ a "BIO pair":
+		 * client + client_io, server + server_io.
+		 * BIO pairs are symmetric.  A BIO pair behaves similar
+		 * to a non-blocking socketpair (but both endpoints must
+		 * be handled by the same thread).
+		 * [Here we could connect client and server to the ends
+		 * of a single BIO pair, but then this code would be less
+		 * suitable as an example for BIO pairs in general.]
+		 *
+		 * Useful functions for querying the state of BIO pair endpoints:
+		 *
+		 * BIO_ctrl_pending(bio)              number of bytes we can read now
+		 * BIO_ctrl_get_read_request(bio)     number of bytes needed to fulfil
+		 *                                      other side's read attempt
+		 * BIO_ctrl_get_write_gurantee(bio)   number of bytes we can write now
+		 *
+		 * ..._read_request is never more than ..._write_guarantee;
+		 * it depends on the application which one you should use.
+		 */
+
+		/* We have non-blocking behaviour throughout this test program, but
+		 * can be sure that there is *some* progress in each iteration; so
+		 * we don't have to worry about ..._SHOULD_READ or ..._SHOULD_WRITE
+		 * -- we just try everything in each iteration
+		 */
+
+			{
+			/* CLIENT */
+		
+			MS_STATIC char cbuf[1024*8];
+			int i, r;
+
+			if (debug)
+				if (SSL_in_init(c_ssl))
+					printf("client waiting in SSL_connect - %s\n",
+						SSL_state_string_long(c_ssl));
+
+			if (cw_num > 0)
+				{
+				/* Write to server. */
+				
+				if (cw_num > (long)sizeof cbuf)
+					i = sizeof cbuf;
+				else
+					i = (int)cw_num;
+				r = BIO_write(c_ssl_bio, cbuf, i);
+				if (r == -1)
+					{
+					if (!BIO_should_retry(c_ssl_bio))
+						{
+						fprintf(stderr,"ERROR in CLIENT\n");
+						goto err;
+						}
+					/* BIO_should_retry(...) can just be ignored here.
+					 * The library expects us to call BIO_write with
+					 * the same arguments again, and that's what we will
+					 * do in the next iteration. */
+					}
+				else if (r == 0)
+					{
+					fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
+					goto err;
+					}
+				else
+					{
+					if (debug)
+						printf("client wrote %d\n", r);
+					cw_num -= r;				
+					}
+				}
+
+			if (cr_num > 0)
+				{
+				/* Read from server. */
+
+				r = BIO_read(c_ssl_bio, cbuf, sizeof(cbuf));
+				if (r < 0)
+					{
+					if (!BIO_should_retry(c_ssl_bio))
+						{
+						fprintf(stderr,"ERROR in CLIENT\n");
+						goto err;
+						}
+					/* Again, "BIO_should_retry" can be ignored. */
+					}
+				else if (r == 0)
+					{
+					fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
+					goto err;
+					}
+				else
+					{
+					if (debug)
+						printf("client read %d\n", r);
+					cr_num -= r;
+					}
+				}
+			}
+
+			{
+			/* SERVER */
+		
+			MS_STATIC char sbuf[1024*8];
+			int i, r;
+
+			if (debug)
+				if (SSL_in_init(s_ssl))
+					printf("server waiting in SSL_accept - %s\n",
+						SSL_state_string_long(s_ssl));
+
+			if (sw_num > 0)
+				{
+				/* Write to client. */
+				
+				if (sw_num > (long)sizeof sbuf)
+					i = sizeof sbuf;
+				else
+					i = (int)sw_num;
+				r = BIO_write(s_ssl_bio, sbuf, i);
+				if (r == -1)
+					{
+					if (!BIO_should_retry(s_ssl_bio))
+						{
+						fprintf(stderr,"ERROR in SERVER\n");
+						goto err;
+						}
+					/* Ignore "BIO_should_retry". */
+					}
+				else if (r == 0)
+					{
+					fprintf(stderr,"SSL SERVER STARTUP FAILED\n");
+					goto err;
+					}
+				else
+					{
+					if (debug)
+						printf("server wrote %d\n", r);
+					sw_num -= r;				
+					}
+				}
+
+			if (sr_num > 0)
+				{
+				/* Read from client. */
+
+				r = BIO_read(s_ssl_bio, sbuf, sizeof(sbuf));
+				if (r < 0)
+					{
+					if (!BIO_should_retry(s_ssl_bio))
+						{
+						fprintf(stderr,"ERROR in SERVER\n");
+						goto err;
+						}
+					/* blah, blah */
+					}
+				else if (r == 0)
+					{
+					fprintf(stderr,"SSL SERVER STARTUP FAILED\n");
+					goto err;
+					}
+				else
+					{
+					if (debug)
+						printf("server read %d\n", r);
+					sr_num -= r;
+					}
+				}
+			}
+			
+			{
+			/* "I/O" BETWEEN CLIENT AND SERVER. */
+
+#define RELAYBUFSIZ 200
+			static char buf[RELAYBUFSIZ];
+
+			/* RELAYBUF is arbitrary.  When writing data over some real
+			 * network, use a buffer of the same size as in the BIO_pipe
+			 * and make that size large (for reading from the network
+			 * small buffers usually won't hurt).
+			 * Here sizes differ for testing. */
+
+			size_t r1, r2;
+			size_t num;
+			int r;
+			static int prev_progress = 1;
+			int progress = 0;
+			
+			/* client to server */
+			do
+				{
+				r1 = BIO_ctrl_pending(client_io);
+				r2 = BIO_ctrl_get_write_guarantee(server_io);
+
+				num = r1;
+				if (r2 < num)
+					num = r2;
+				if (num)
+					{
+					if (sizeof buf < num)
+						num = sizeof buf;
+					if (INT_MAX < num) /* yeah, right */
+						num = INT_MAX;
+					
+					r = BIO_read(client_io, buf, (int)num);
+					if (r != (int)num) /* can't happen */
+						{
+						fprintf(stderr, "ERROR: BIO_read could not read "
+							"BIO_ctrl_pending() bytes");
+						goto err;
+						}
+					r = BIO_write(server_io, buf, (int)num);
+					if (r != (int)num) /* can't happen */
+						{
+						fprintf(stderr, "ERROR: BIO_write could not write "
+							"BIO_ctrl_get_write_guarantee() bytes");
+						goto err;
+						}
+					progress = 1;
+
+					if (debug)
+						printf("C->S relaying: %d bytes\n", (int)num);
+					}
+				}
+			while (r1 && r2);
+
+			/* server to client */
+			do
+				{
+				r1 = BIO_ctrl_pending(server_io);
+				r2 = BIO_ctrl_get_write_guarantee(client_io);
+
+				num = r1;
+				if (r2 < num)
+					num = r2;
+				if (num)
+					{
+					if (sizeof buf < num)
+						num = sizeof buf;
+					if (INT_MAX < num)
+						num = INT_MAX;
+					
+					r = BIO_read(server_io, buf, (int)num);
+					if (r != (int)num) /* can't happen */
+						{
+						fprintf(stderr, "ERROR: BIO_read could not read "
+							"BIO_ctrl_pending() bytes");
+						goto err;
+						}
+					r = BIO_write(client_io, buf, (int)num);
+					if (r != (int)num) /* can't happen */
+						{
+						fprintf(stderr, "ERROR: BIO_write could not write "
+							"BIO_ctrl_get_write_guarantee() bytes");
+						goto err;
+						}
+					progress = 1;
+
+					if (debug)
+						printf("S->C relaying: %d bytes\n", (int)num);
+					}
+				}
+			while (r1 && r2);
+
+			if (!progress && !prev_progress)
+				if (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0)
+					{
+					fprintf(stderr, "ERROR: got stuck\n");
+					if (strcmp("SSLv2", SSL_get_version(c_ssl)) == 0)
+						{
+						fprintf(stderr, "This can happen for SSL2 because "
+							"CLIENT-FINISHED and SERVER-VERIFY are written \n"
+							"concurrently ...");
+						if (strncmp("2SCF", SSL_state_string(c_ssl), 4) == 0
+							&& strncmp("2SSV", SSL_state_string(s_ssl), 4) == 0)
+							{
+							fprintf(stderr, " ok.\n");
+							goto end;
+							}
+						}
+					fprintf(stderr, " ERROR.\n");
+					goto err;
+					}
+			prev_progress = progress;
+			}
+		}
+	while (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0);
+
+	ciph = SSL_get_current_cipher(c_ssl);
+	if (verbose)
+		fprintf(stdout,"DONE via BIO pair, protocol %s, cipher %s, %s\n",
+			SSL_get_version(c_ssl),
+			SSL_CIPHER_get_version(ciph),
+			SSL_CIPHER_get_name(ciph));
+ end:
+	ret = 0;
+
+ err:
+	ERR_print_errors(bio_err);
+	
+	if (server)
+		BIO_free(server);
+	if (server_io)
+		BIO_free(server_io);
+	if (client)
+		BIO_free(client);
+	if (client_io)
+		BIO_free(client_io);
+	if (s_ssl_bio)
+		BIO_free(s_ssl_bio);
+	if (c_ssl_bio)
+		BIO_free(c_ssl_bio);
+
+	return ret;
+	}
+
+
+#define W_READ	1
+#define W_WRITE	2
+#define C_DONE	1
+#define S_DONE	2
+
+int doit(SSL *s_ssl, SSL *c_ssl, long count)
+	{
+	MS_STATIC char cbuf[1024*8],sbuf[1024*8];
+	long cw_num=count,cr_num=count;
+	long sw_num=count,sr_num=count;
+	int ret=1;
+	BIO *c_to_s=NULL;
+	BIO *s_to_c=NULL;
+	BIO *c_bio=NULL;
+	BIO *s_bio=NULL;
+	int c_r,c_w,s_r,s_w;
+	int c_want,s_want;
+	int i,j;
+	int done=0;
+	int c_write,s_write;
+	int do_server=0,do_client=0;
+	SSL_CIPHER *ciph;
+
+	c_to_s=BIO_new(BIO_s_mem());
+	s_to_c=BIO_new(BIO_s_mem());
+	if ((s_to_c == NULL) || (c_to_s == NULL))
+		{
+		ERR_print_errors(bio_err);
+		goto err;
+		}
+
+	c_bio=BIO_new(BIO_f_ssl());
+	s_bio=BIO_new(BIO_f_ssl());
+	if ((c_bio == NULL) || (s_bio == NULL))
+		{
+		ERR_print_errors(bio_err);
+		goto err;
+		}
+
+	SSL_set_connect_state(c_ssl);
+	SSL_set_bio(c_ssl,s_to_c,c_to_s);
+	BIO_set_ssl(c_bio,c_ssl,BIO_NOCLOSE);
+
+	SSL_set_accept_state(s_ssl);
+	SSL_set_bio(s_ssl,c_to_s,s_to_c);
+	BIO_set_ssl(s_bio,s_ssl,BIO_NOCLOSE);
+
+	c_r=0; s_r=1;
+	c_w=1; s_w=0;
+	c_want=W_WRITE;
+	s_want=0;
+	c_write=1,s_write=0;
+
+	/* We can always do writes */
+	for (;;)
+		{
+		do_server=0;
+		do_client=0;
+
+		i=(int)BIO_pending(s_bio);
+		if ((i && s_r) || s_w) do_server=1;
+
+		i=(int)BIO_pending(c_bio);
+		if ((i && c_r) || c_w) do_client=1;
+
+		if (do_server && debug)
+			{
+			if (SSL_in_init(s_ssl))
+				printf("server waiting in SSL_accept - %s\n",
+					SSL_state_string_long(s_ssl));
+/*			else if (s_write)
+				printf("server:SSL_write()\n");
+			else
+				printf("server:SSL_read()\n"); */
+			}
+
+		if (do_client && debug)
+			{
+			if (SSL_in_init(c_ssl))
+				printf("client waiting in SSL_connect - %s\n",
+					SSL_state_string_long(c_ssl));
+/*			else if (c_write)
+				printf("client:SSL_write()\n");
+			else
+				printf("client:SSL_read()\n"); */
+			}
+
+		if (!do_client && !do_server)
+			{
+			fprintf(stdout,"ERROR IN STARTUP\n");
+			ERR_print_errors(bio_err);
+			break;
+			}
+		if (do_client && !(done & C_DONE))
+			{
+			if (c_write)
+				{
+				j=(cw_num > (long)sizeof(cbuf))
+					?sizeof(cbuf):(int)cw_num;
+				i=BIO_write(c_bio,cbuf,j);
+				if (i < 0)
+					{
+					c_r=0;
+					c_w=0;
+					if (BIO_should_retry(c_bio))
+						{
+						if (BIO_should_read(c_bio))
+							c_r=1;
+						if (BIO_should_write(c_bio))
+							c_w=1;
+						}
+					else
+						{
+						fprintf(stderr,"ERROR in CLIENT\n");
+						ERR_print_errors(bio_err);
+						goto err;
+						}
+					}
+				else if (i == 0)
+					{
+					fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
+					goto err;
+					}
+				else
+					{
+					if (debug)
+						printf("client wrote %d\n",i);
+					/* ok */
+					s_r=1;
+					c_write=0;
+					cw_num-=i;
+					}
+				}
+			else
+				{
+				i=BIO_read(c_bio,cbuf,sizeof(cbuf));
+				if (i < 0)
+					{
+					c_r=0;
+					c_w=0;
+					if (BIO_should_retry(c_bio))
+						{
+						if (BIO_should_read(c_bio))
+							c_r=1;
+						if (BIO_should_write(c_bio))
+							c_w=1;
+						}
+					else
+						{
+						fprintf(stderr,"ERROR in CLIENT\n");
+						ERR_print_errors(bio_err);
+						goto err;
+						}
+					}
+				else if (i == 0)
+					{
+					fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
+					goto err;
+					}
+				else
+					{
+					if (debug)
+						printf("client read %d\n",i);
+					cr_num-=i;
+					if (sw_num > 0)
+						{
+						s_write=1;
+						s_w=1;
+						}
+					if (cr_num <= 0)
+						{
+						s_write=1;
+						s_w=1;
+						done=S_DONE|C_DONE;
+						}
+					}
+				}
+			}
+
+		if (do_server && !(done & S_DONE))
+			{
+			if (!s_write)
+				{
+				i=BIO_read(s_bio,sbuf,sizeof(cbuf));
+				if (i < 0)
+					{
+					s_r=0;
+					s_w=0;
+					if (BIO_should_retry(s_bio))
+						{
+						if (BIO_should_read(s_bio))
+							s_r=1;
+						if (BIO_should_write(s_bio))
+							s_w=1;
+						}
+					else
+						{
+						fprintf(stderr,"ERROR in SERVER\n");
+						ERR_print_errors(bio_err);
+						goto err;
+						}
+					}
+				else if (i == 0)
+					{
+					ERR_print_errors(bio_err);
+					fprintf(stderr,"SSL SERVER STARTUP FAILED in SSL_read\n");
+					goto err;
+					}
+				else
+					{
+					if (debug)
+						printf("server read %d\n",i);
+					sr_num-=i;
+					if (cw_num > 0)
+						{
+						c_write=1;
+						c_w=1;
+						}
+					if (sr_num <= 0)
+						{
+						s_write=1;
+						s_w=1;
+						c_write=0;
+						}
+					}
+				}
+			else
+				{
+				j=(sw_num > (long)sizeof(sbuf))?
+					sizeof(sbuf):(int)sw_num;
+				i=BIO_write(s_bio,sbuf,j);
+				if (i < 0)
+					{
+					s_r=0;
+					s_w=0;
+					if (BIO_should_retry(s_bio))
+						{
+						if (BIO_should_read(s_bio))
+							s_r=1;
+						if (BIO_should_write(s_bio))
+							s_w=1;
+						}
+					else
+						{
+						fprintf(stderr,"ERROR in SERVER\n");
+						ERR_print_errors(bio_err);
+						goto err;
+						}
+					}
+				else if (i == 0)
+					{
+					ERR_print_errors(bio_err);
+					fprintf(stderr,"SSL SERVER STARTUP FAILED in SSL_write\n");
+					goto err;
+					}
+				else
+					{
+					if (debug)
+						printf("server wrote %d\n",i);
+					sw_num-=i;
+					s_write=0;
+					c_r=1;
+					if (sw_num <= 0)
+						done|=S_DONE;
+					}
+				}
+			}
+
+		if ((done & S_DONE) && (done & C_DONE)) break;
+		}
+
+	ciph=SSL_get_current_cipher(c_ssl);
+	if (verbose)
+		fprintf(stdout,"DONE, protocol %s, cipher %s, %s\n",
+			SSL_get_version(c_ssl),
+			SSL_CIPHER_get_version(ciph),
+			SSL_CIPHER_get_name(ciph));
+	ret=0;
+err:
+	/* We have to set the BIO's to NULL otherwise they will be
+	 * Free()ed twice.  Once when th s_ssl is SSL_free()ed and
+	 * again when c_ssl is SSL_free()ed.
+	 * This is a hack required because s_ssl and c_ssl are sharing the same
+	 * BIO structure and SSL_set_bio() and SSL_free() automatically
+	 * BIO_free non NULL entries.
+	 * You should not normally do this or be required to do this */
+	if (s_ssl != NULL)
+		{
+		s_ssl->rbio=NULL;
+		s_ssl->wbio=NULL;
+		}
+	if (c_ssl != NULL)
+		{
+		c_ssl->rbio=NULL;
+		c_ssl->wbio=NULL;
+		}
+
+	if (c_to_s != NULL) BIO_free(c_to_s);
+	if (s_to_c != NULL) BIO_free(s_to_c);
+	if (c_bio != NULL) BIO_free_all(c_bio);
+	if (s_bio != NULL) BIO_free_all(s_bio);
+	return(ret);
+	}
+
+int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
+	{
+	char *s,buf[256];
+
+	s=X509_NAME_oneline(X509_get_subject_name(ctx->current_cert),buf,256);
+	if (s != NULL)
+		{
+		if (ok)
+			fprintf(stderr,"depth=%d %s\n",ctx->error_depth,buf);
+		else
+			fprintf(stderr,"depth=%d error=%d %s\n",
+				ctx->error_depth,ctx->error,buf);
+		}
+
+	if (ok == 0)
+		{
+		switch (ctx->error)
+			{
+		case X509_V_ERR_CERT_NOT_YET_VALID:
+		case X509_V_ERR_CERT_HAS_EXPIRED:
+		case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
+			ok=1;
+			}
+		}
+
+	return(ok);
+	}
+
+#ifndef NO_DH
+static unsigned char dh512_p[]={
+	0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75,
+	0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F,
+	0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED,0x57,0x46,0x50,0xD3,
+	0x69,0x99,0xDB,0x29,0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12,
+	0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6,0xD8,0x00,0x3E,0x7C,
+	0x47,0x74,0xE8,0x33,
+	};
+static unsigned char dh512_g[]={
+	0x02,
+	};
+
+static DH *get_dh512(void)
+	{
+	DH *dh=NULL;
+
+	if ((dh=DH_new()) == NULL) return(NULL);
+	dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
+	dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
+	if ((dh->p == NULL) || (dh->g == NULL))
+		return(NULL);
+	return(dh);
+	}
+#endif
+
+#ifndef NO_RSA
+static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength)
+	{
+	static RSA *rsa_tmp=NULL;
+
+	if (rsa_tmp == NULL)
+		{
+		BIO_printf(bio_err,"Generating temp (%d bit) RSA key...",keylength);
+		(void)BIO_flush(bio_err);
+		rsa_tmp=RSA_generate_key(keylength,RSA_F4,NULL,NULL);
+		BIO_printf(bio_err,"\n");
+		(void)BIO_flush(bio_err);
+		}
+	return(rsa_tmp);
+	}
+#endif
diff --git a/crypto/openssl/ssl/t1_clnt.c b/crypto/openssl/ssl/t1_clnt.c
new file mode 100644
index 000000000000..9745630a008c
--- /dev/null
+++ b/crypto/openssl/ssl/t1_clnt.c
@@ -0,0 +1,90 @@
+/* ssl/t1_clnt.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include "ssl_locl.h"
+
+static SSL_METHOD *tls1_get_client_method(int ver);
+static SSL_METHOD *tls1_get_client_method(int ver)
+	{
+	if (ver == TLS1_VERSION)
+		return(TLSv1_client_method());
+	else
+		return(NULL);
+	}
+
+SSL_METHOD *TLSv1_client_method(void)
+	{
+	static int init=1;
+	static SSL_METHOD TLSv1_client_data;
+
+	if (init)
+		{
+		memcpy((char *)&TLSv1_client_data,(char *)tlsv1_base_method(),
+			sizeof(SSL_METHOD));
+		TLSv1_client_data.ssl_connect=ssl3_connect;
+		TLSv1_client_data.get_ssl_method=tls1_get_client_method;
+		init=0;
+		}
+	return(&TLSv1_client_data);
+	}
+
diff --git a/crypto/openssl/ssl/t1_enc.c b/crypto/openssl/ssl/t1_enc.c
new file mode 100644
index 000000000000..914b7434987f
--- /dev/null
+++ b/crypto/openssl/ssl/t1_enc.c
@@ -0,0 +1,633 @@
+/* ssl/t1_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include "ssl_locl.h"
+
+static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
+			int sec_len, unsigned char *seed, int seed_len,
+			unsigned char *out, int olen)
+	{
+	int chunk,n;
+	unsigned int j;
+	HMAC_CTX ctx;
+	HMAC_CTX ctx_tmp;
+	unsigned char A1[HMAC_MAX_MD_CBLOCK];
+	unsigned int A1_len;
+	
+	chunk=EVP_MD_size(md);
+
+	HMAC_Init(&ctx,sec,sec_len,md);
+	HMAC_Update(&ctx,seed,seed_len);
+	HMAC_Final(&ctx,A1,&A1_len);
+
+	n=0;
+	for (;;)
+		{
+		HMAC_Init(&ctx,NULL,0,NULL); /* re-init */
+		HMAC_Update(&ctx,A1,A1_len);
+		memcpy(&ctx_tmp,&ctx,sizeof(ctx)); /* Copy for A2 */ /* not needed for last one */
+		HMAC_Update(&ctx,seed,seed_len);
+
+		if (olen > chunk)
+			{
+			HMAC_Final(&ctx,out,&j);
+			out+=j;
+			olen-=j;
+			HMAC_Final(&ctx_tmp,A1,&A1_len); /* calc the next A1 value */
+			}
+		else	/* last one */
+			{
+			HMAC_Final(&ctx,A1,&A1_len);
+			memcpy(out,A1,olen);
+			break;
+			}
+		}
+	HMAC_cleanup(&ctx);
+	HMAC_cleanup(&ctx_tmp);
+	memset(A1,0,sizeof(A1));
+	}
+
+static void tls1_PRF(const EVP_MD *md5, const EVP_MD *sha1,
+		     unsigned char *label, int label_len,
+		     const unsigned char *sec, int slen, unsigned char *out1,
+		     unsigned char *out2, int olen)
+	{
+	int len,i;
+	const unsigned char *S1,*S2;
+
+	len=slen/2;
+	S1=sec;
+	S2= &(sec[len]);
+	len+=(slen&1); /* add for odd, make longer */
+
+	
+	tls1_P_hash(md5 ,S1,len,label,label_len,out1,olen);
+	tls1_P_hash(sha1,S2,len,label,label_len,out2,olen);
+
+	for (i=0; is3->server_random,SSL3_RANDOM_SIZE);
+	p+=SSL3_RANDOM_SIZE;
+	memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
+	p+=SSL3_RANDOM_SIZE;
+
+	tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(p-buf),
+		 s->session->master_key,s->session->master_key_length,
+		 km,tmp,num);
+	}
+
+int tls1_change_cipher_state(SSL *s, int which)
+	{
+	static const unsigned char empty[]="";
+	unsigned char *p,*key_block,*mac_secret;
+	unsigned char *exp_label,buf[TLS_MD_MAX_CONST_SIZE+
+		SSL3_RANDOM_SIZE*2];
+	unsigned char tmp1[EVP_MAX_KEY_LENGTH];
+	unsigned char tmp2[EVP_MAX_KEY_LENGTH];
+	unsigned char iv1[EVP_MAX_IV_LENGTH*2];
+	unsigned char iv2[EVP_MAX_IV_LENGTH*2];
+	unsigned char *ms,*key,*iv,*er1,*er2;
+	int client_write;
+	EVP_CIPHER_CTX *dd;
+	const EVP_CIPHER *c;
+	const SSL_COMP *comp;
+	const EVP_MD *m;
+	int _exp,n,i,j,k,exp_label_len,cl;
+
+	_exp=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
+	c=s->s3->tmp.new_sym_enc;
+	m=s->s3->tmp.new_hash;
+	comp=s->s3->tmp.new_compression;
+	key_block=s->s3->tmp.key_block;
+
+	if (which & SSL3_CC_READ)
+		{
+		if ((s->enc_read_ctx == NULL) &&
+			((s->enc_read_ctx=(EVP_CIPHER_CTX *)
+			Malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
+			goto err;
+		dd= s->enc_read_ctx;
+		s->read_hash=m;
+		if (s->expand != NULL)
+			{
+			COMP_CTX_free(s->expand);
+			s->expand=NULL;
+			}
+		if (comp != NULL)
+			{
+			s->expand=COMP_CTX_new(comp->method);
+			if (s->expand == NULL)
+				{
+				SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR);
+				goto err2;
+				}
+			if (s->s3->rrec.comp == NULL)
+				s->s3->rrec.comp=(unsigned char *)
+					Malloc(SSL3_RT_MAX_ENCRYPTED_LENGTH);
+			if (s->s3->rrec.comp == NULL)
+				goto err;
+			}
+		memset(&(s->s3->read_sequence[0]),0,8);
+		mac_secret= &(s->s3->read_mac_secret[0]);
+		}
+	else
+		{
+		if ((s->enc_write_ctx == NULL) &&
+			((s->enc_write_ctx=(EVP_CIPHER_CTX *)
+			Malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
+			goto err;
+		dd= s->enc_write_ctx;
+		s->write_hash=m;
+		if (s->compress != NULL)
+			{
+			COMP_CTX_free(s->compress);
+			s->compress=NULL;
+			}
+		if (comp != NULL)
+			{
+			s->compress=COMP_CTX_new(comp->method);
+			if (s->compress == NULL)
+				{
+				SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR);
+				goto err2;
+				}
+			}
+		memset(&(s->s3->write_sequence[0]),0,8);
+		mac_secret= &(s->s3->write_mac_secret[0]);
+		}
+
+	EVP_CIPHER_CTX_init(dd);
+
+	p=s->s3->tmp.key_block;
+	i=EVP_MD_size(m);
+	cl=EVP_CIPHER_key_length(c);
+	j=_exp ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
+		  cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
+	/* Was j=(exp)?5:EVP_CIPHER_key_length(c); */
+	k=EVP_CIPHER_iv_length(c);
+	er1= &(s->s3->client_random[0]);
+	er2= &(s->s3->server_random[0]);
+	if (	(which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) ||
+		(which == SSL3_CHANGE_CIPHER_SERVER_READ))
+		{
+		ms=  &(p[ 0]); n=i+i;
+		key= &(p[ n]); n+=j+j;
+		iv=  &(p[ n]); n+=k+k;
+		exp_label=(unsigned char *)TLS_MD_CLIENT_WRITE_KEY_CONST;
+		exp_label_len=TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE;
+		client_write=1;
+		}
+	else
+		{
+		n=i;
+		ms=  &(p[ n]); n+=i+j;
+		key= &(p[ n]); n+=j+k;
+		iv=  &(p[ n]); n+=k;
+		exp_label=(unsigned char *)TLS_MD_SERVER_WRITE_KEY_CONST;
+		exp_label_len=TLS_MD_SERVER_WRITE_KEY_CONST_SIZE;
+		client_write=0;
+		}
+
+	if (n > s->s3->tmp.key_block_length)
+		{
+		SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,SSL_R_INTERNAL_ERROR);
+		goto err2;
+		}
+
+	memcpy(mac_secret,ms,i);
+#ifdef TLS_DEBUG
+printf("which = %04X\nmac key=",which);
+{ int z; for (z=0; zs3->client_random,SSL3_RANDOM_SIZE);
+		p+=SSL3_RANDOM_SIZE;
+		memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
+		p+=SSL3_RANDOM_SIZE;
+		tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(p-buf),key,j,
+			 tmp1,tmp2,EVP_CIPHER_key_length(c));
+		key=tmp1;
+
+		if (k > 0)
+			{
+			p=buf;
+			memcpy(p,TLS_MD_IV_BLOCK_CONST,
+				TLS_MD_IV_BLOCK_CONST_SIZE);
+			p+=TLS_MD_IV_BLOCK_CONST_SIZE;
+			memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
+			p+=SSL3_RANDOM_SIZE;
+			memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
+			p+=SSL3_RANDOM_SIZE;
+			tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,p-buf,empty,0,
+				 iv1,iv2,k*2);
+			if (client_write)
+				iv=iv1;
+			else
+				iv= &(iv1[k]);
+			}
+		}
+
+	s->session->key_arg_length=0;
+
+	EVP_CipherInit(dd,c,key,iv,(which & SSL3_CC_WRITE));
+#ifdef TLS_DEBUG
+printf("which = %04X\nkey=",which);
+{ int z; for (z=0; zs3->tmp.key_block_length != 0)
+		return(1);
+
+	if (!ssl_cipher_get_evp(s->session,&c,&hash,&comp))
+		{
+		SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
+		return(0);
+		}
+
+	s->s3->tmp.new_sym_enc=c;
+	s->s3->tmp.new_hash=hash;
+
+	num=EVP_CIPHER_key_length(c)+EVP_MD_size(hash)+EVP_CIPHER_iv_length(c);
+	num*=2;
+
+	ssl3_cleanup_key_block(s);
+
+	if ((p1=(unsigned char *)Malloc(num)) == NULL)
+		goto err;
+	if ((p2=(unsigned char *)Malloc(num)) == NULL)
+		goto err;
+
+	s->s3->tmp.key_block_length=num;
+	s->s3->tmp.key_block=p1;
+
+
+#ifdef TLS_DEBUG
+printf("client random\n");
+{ int z; for (z=0; zs3->client_random[z],((z+1)%16)?' ':'\n'); }
+printf("server random\n");
+{ int z; for (z=0; zs3->server_random[z],((z+1)%16)?' ':'\n'); }
+printf("pre-master\n");
+{ int z; for (z=0; zsession->master_key_length; z++) printf("%02X%c",s->session->master_key[z],((z+1)%16)?' ':'\n'); }
+#endif
+	tls1_generate_key_block(s,p1,p2,num);
+	memset(p2,0,num);
+	Free(p2);
+#ifdef TLS_DEBUG
+printf("\nkey block\n");
+{ int z; for (z=0; zwrite_hash != NULL)
+			n=EVP_MD_size(s->write_hash);
+		ds=s->enc_write_ctx;
+		rec= &(s->s3->wrec);
+		if (s->enc_write_ctx == NULL)
+			enc=NULL;
+		else
+			enc=EVP_CIPHER_CTX_cipher(s->enc_write_ctx);
+		}
+	else
+		{
+		if (s->read_hash != NULL)
+			n=EVP_MD_size(s->read_hash);
+		ds=s->enc_read_ctx;
+		rec= &(s->s3->rrec);
+		if (s->enc_read_ctx == NULL)
+			enc=NULL;
+		else
+			enc=EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
+		}
+
+	if ((s->session == NULL) || (ds == NULL) ||
+		(enc == NULL))
+		{
+		memcpy(rec->data,rec->input,rec->length);
+		rec->input=rec->data;
+		}
+	else
+		{
+		l=rec->length;
+		bs=EVP_CIPHER_block_size(ds->cipher);
+
+		if ((bs != 1) && send)
+			{
+			i=bs-((int)l%bs);
+
+			/* Add weird padding of upto 256 bytes */
+
+			/* we need to add 'i' padding bytes of value j */
+			j=i-1;
+			if (s->options & SSL_OP_TLS_BLOCK_PADDING_BUG)
+				{
+				if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)
+					j++;
+				}
+			for (k=(int)l; k<(int)(l+i); k++)
+				rec->input[k]=j;
+			l+=i;
+			rec->length+=i;
+			}
+
+		EVP_Cipher(ds,rec->data,rec->input,l);
+
+		if ((bs != 1) && !send)
+			{
+			ii=i=rec->data[l-1];
+			i++;
+			if (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG)
+				{
+				/* First packet is even in size, so check */
+				if ((memcmp(s->s3->read_sequence,
+					"\0\0\0\0\0\0\0\0",8) == 0) && !(ii & 1))
+					s->s3->flags|=TLS1_FLAGS_TLS_PADDING_BUG;
+				if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)
+					i--;
+				}
+			if (i > (int)rec->length)
+				{
+				SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
+				ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
+				return(0);
+				}
+			for (j=(int)(l-i); j<(int)l; j++)
+				{
+				if (rec->data[j] != ii)
+					{
+					SSLerr(SSL_F_TLS1_ENC,SSL_R_DECRYPTION_FAILED);
+					ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
+					return(0);
+					}
+				}
+			rec->length-=i;
+			}
+		}
+	return(1);
+	}
+
+int tls1_cert_verify_mac(SSL *s, EVP_MD_CTX *in_ctx, unsigned char *out)
+	{
+	unsigned int ret;
+	EVP_MD_CTX ctx;
+
+	EVP_MD_CTX_copy(&ctx,in_ctx);
+	EVP_DigestFinal(&ctx,out,&ret);
+	return((int)ret);
+	}
+
+int tls1_final_finish_mac(SSL *s, EVP_MD_CTX *in1_ctx, EVP_MD_CTX *in2_ctx,
+	     unsigned char *str, int slen, unsigned char *out)
+	{
+	unsigned int i;
+	EVP_MD_CTX ctx;
+	unsigned char buf[TLS_MD_MAX_CONST_SIZE+MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
+	unsigned char *q,buf2[12];
+
+	q=buf;
+	memcpy(q,str,slen);
+	q+=slen;
+
+	EVP_MD_CTX_copy(&ctx,in1_ctx);
+	EVP_DigestFinal(&ctx,q,&i);
+	q+=i;
+	EVP_MD_CTX_copy(&ctx,in2_ctx);
+	EVP_DigestFinal(&ctx,q,&i);
+	q+=i;
+
+	tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(q-buf),
+		s->session->master_key,s->session->master_key_length,
+		out,buf2,12);
+	memset(&ctx,0,sizeof(EVP_MD_CTX));
+
+	return((int)12);
+	}
+
+int tls1_mac(SSL *ssl, unsigned char *md, int send)
+	{
+	SSL3_RECORD *rec;
+	unsigned char *mac_sec,*seq;
+	const EVP_MD *hash;
+	unsigned int md_size;
+	int i;
+	HMAC_CTX hmac;
+	unsigned char buf[5]; 
+
+	if (send)
+		{
+		rec= &(ssl->s3->wrec);
+		mac_sec= &(ssl->s3->write_mac_secret[0]);
+		seq= &(ssl->s3->write_sequence[0]);
+		hash=ssl->write_hash;
+		}
+	else
+		{
+		rec= &(ssl->s3->rrec);
+		mac_sec= &(ssl->s3->read_mac_secret[0]);
+		seq= &(ssl->s3->read_sequence[0]);
+		hash=ssl->read_hash;
+		}
+
+	md_size=EVP_MD_size(hash);
+
+	buf[0]=rec->type;
+	buf[1]=TLS1_VERSION_MAJOR;
+	buf[2]=TLS1_VERSION_MINOR;
+	buf[3]=rec->length>>8;
+	buf[4]=rec->length&0xff;
+
+	/* I should fix this up TLS TLS TLS TLS TLS XXXXXXXX */
+	HMAC_Init(&hmac,mac_sec,EVP_MD_size(hash),hash);
+	HMAC_Update(&hmac,seq,8);
+	HMAC_Update(&hmac,buf,5);
+	HMAC_Update(&hmac,rec->input,rec->length);
+	HMAC_Final(&hmac,md,&md_size);
+
+#ifdef TLS_DEBUG
+printf("sec=");
+{unsigned int z; for (z=0; z=0; i--)
+		if (++seq[i]) break; 
+
+#ifdef TLS_DEBUG
+{unsigned int z; for (z=0; zs3->client_random,SSL3_RANDOM_SIZE);
+	memcpy(&(buf[SSL3_RANDOM_SIZE+TLS_MD_MASTER_SECRET_CONST_SIZE]),
+		s->s3->server_random,SSL3_RANDOM_SIZE);
+	tls1_PRF(s->ctx->md5,s->ctx->sha1,
+		buf,TLS_MD_MASTER_SECRET_CONST_SIZE+SSL3_RANDOM_SIZE*2,p,len,
+		s->session->master_key,buff,SSL3_MASTER_SECRET_SIZE);
+	return(SSL3_MASTER_SECRET_SIZE);
+	}
+
+int tls1_alert_code(int code)
+	{
+	switch (code)
+		{
+	case SSL_AD_CLOSE_NOTIFY:	return(SSL3_AD_CLOSE_NOTIFY);
+	case SSL_AD_UNEXPECTED_MESSAGE:	return(SSL3_AD_UNEXPECTED_MESSAGE);
+	case SSL_AD_BAD_RECORD_MAC:	return(SSL3_AD_BAD_RECORD_MAC);
+	case SSL_AD_DECRYPTION_FAILED:	return(TLS1_AD_DECRYPTION_FAILED);
+	case SSL_AD_RECORD_OVERFLOW:	return(TLS1_AD_RECORD_OVERFLOW);
+	case SSL_AD_DECOMPRESSION_FAILURE:return(SSL3_AD_DECOMPRESSION_FAILURE);
+	case SSL_AD_HANDSHAKE_FAILURE:	return(SSL3_AD_HANDSHAKE_FAILURE);
+	case SSL_AD_NO_CERTIFICATE:	return(-1);
+	case SSL_AD_BAD_CERTIFICATE:	return(SSL3_AD_BAD_CERTIFICATE);
+	case SSL_AD_UNSUPPORTED_CERTIFICATE:return(SSL3_AD_UNSUPPORTED_CERTIFICATE);
+	case SSL_AD_CERTIFICATE_REVOKED:return(SSL3_AD_CERTIFICATE_REVOKED);
+	case SSL_AD_CERTIFICATE_EXPIRED:return(SSL3_AD_CERTIFICATE_EXPIRED);
+	case SSL_AD_CERTIFICATE_UNKNOWN:return(SSL3_AD_CERTIFICATE_UNKNOWN);
+	case SSL_AD_ILLEGAL_PARAMETER:	return(SSL3_AD_ILLEGAL_PARAMETER);
+	case SSL_AD_UNKNOWN_CA:		return(TLS1_AD_UNKNOWN_CA);
+	case SSL_AD_ACCESS_DENIED:	return(TLS1_AD_ACCESS_DENIED);
+	case SSL_AD_DECODE_ERROR:	return(TLS1_AD_DECODE_ERROR);
+	case SSL_AD_DECRYPT_ERROR:	return(TLS1_AD_DECRYPT_ERROR);
+	case SSL_AD_EXPORT_RESTRICION:	return(TLS1_AD_EXPORT_RESTRICION);
+	case SSL_AD_PROTOCOL_VERSION:	return(TLS1_AD_PROTOCOL_VERSION);
+	case SSL_AD_INSUFFICIENT_SECURITY:return(TLS1_AD_INSUFFICIENT_SECURITY);
+	case SSL_AD_INTERNAL_ERROR:	return(TLS1_AD_INTERNAL_ERROR);
+	case SSL_AD_USER_CANCLED:	return(TLS1_AD_USER_CANCLED);
+	case SSL_AD_NO_RENEGOTIATION:	return(TLS1_AD_NO_RENEGOTIATION);
+	default:			return(-1);
+		}
+	}
+
diff --git a/crypto/openssl/ssl/t1_lib.c b/crypto/openssl/ssl/t1_lib.c
new file mode 100644
index 000000000000..ddf5c15799ef
--- /dev/null
+++ b/crypto/openssl/ssl/t1_lib.c
@@ -0,0 +1,145 @@
+/* ssl/t1_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include "ssl_locl.h"
+
+char *tls1_version_str="TLSv1" OPENSSL_VERSION_PTEXT;
+
+#ifndef NO_PROTO
+static long tls1_default_timeout(void);
+#else
+static long tls1_default_timeout();
+#endif
+
+static SSL3_ENC_METHOD TLSv1_enc_data={
+	tls1_enc,
+	tls1_mac,
+	tls1_setup_key_block,
+	tls1_generate_master_secret,
+	tls1_change_cipher_state,
+	tls1_final_finish_mac,
+	TLS1_FINISH_MAC_LENGTH,
+	tls1_cert_verify_mac,
+	TLS_MD_CLIENT_FINISH_CONST,TLS_MD_CLIENT_FINISH_CONST_SIZE,
+	TLS_MD_SERVER_FINISH_CONST,TLS_MD_SERVER_FINISH_CONST_SIZE,
+	tls1_alert_code,
+	};
+
+static SSL_METHOD TLSv1_data= {
+	TLS1_VERSION,
+	tls1_new,
+	tls1_clear,
+	tls1_free,
+	ssl_undefined_function,
+	ssl_undefined_function,
+	ssl3_read,
+	ssl3_peek,
+	ssl3_write,
+	ssl3_shutdown,
+	ssl3_renegotiate,
+	ssl3_renegotiate_check,
+	ssl3_ctrl,
+	ssl3_ctx_ctrl,
+	ssl3_get_cipher_by_char,
+	ssl3_put_cipher_by_char,
+	ssl3_pending,
+	ssl3_num_ciphers,
+	ssl3_get_cipher,
+	ssl_bad_method,
+	tls1_default_timeout,
+	&TLSv1_enc_data,
+	};
+
+static long tls1_default_timeout(void)
+	{
+	/* 2 hours, the 24 hours mentioned in the TLSv1 spec
+	 * is way too long for http, the cache would over fill */
+	return(60*60*2);
+	}
+
+SSL_METHOD *tlsv1_base_method(void)
+	{
+	return(&TLSv1_data);
+	}
+
+int tls1_new(SSL *s)
+	{
+	if (!ssl3_new(s)) return(0);
+	s->method->ssl_clear(s);
+	return(1);
+	}
+
+void tls1_free(SSL *s)
+	{
+	ssl3_free(s);
+	}
+
+void tls1_clear(SSL *s)
+	{
+	ssl3_clear(s);
+	s->version=TLS1_VERSION;
+	}
+
+#if 0
+long tls1_ctrl(SSL *s, int cmd, long larg, char *parg)
+	{
+	return(0);
+	}
+#endif
diff --git a/crypto/openssl/ssl/t1_meth.c b/crypto/openssl/ssl/t1_meth.c
new file mode 100644
index 000000000000..9bb36a7d1ca9
--- /dev/null
+++ b/crypto/openssl/ssl/t1_meth.c
@@ -0,0 +1,88 @@
+/* ssl/t1_meth.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include "ssl_locl.h"
+
+static SSL_METHOD *tls1_get_method(int ver);
+static SSL_METHOD *tls1_get_method(int ver)
+	{
+	if (ver == TLS1_VERSION)
+		return(TLSv1_method());
+	else
+		return(NULL);
+	}
+
+SSL_METHOD *TLSv1_method(void)
+	{
+	static int init=1;
+	static SSL_METHOD TLSv1_data;
+
+	if (init)
+		{
+		memcpy((char *)&TLSv1_data,(char *)tlsv1_base_method(),
+			sizeof(SSL_METHOD));
+		TLSv1_data.ssl_connect=ssl3_connect;
+		TLSv1_data.ssl_accept=ssl3_accept;
+		TLSv1_data.get_ssl_method=tls1_get_method;
+		init=0;
+		}
+	return(&TLSv1_data);
+	}
+
diff --git a/crypto/openssl/ssl/t1_srvr.c b/crypto/openssl/ssl/t1_srvr.c
new file mode 100644
index 000000000000..996b7ca8e2ef
--- /dev/null
+++ b/crypto/openssl/ssl/t1_srvr.c
@@ -0,0 +1,91 @@
+/* ssl/t1_srvr.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include "ssl_locl.h"
+
+static SSL_METHOD *tls1_get_server_method(int ver);
+static SSL_METHOD *tls1_get_server_method(int ver)
+	{
+	if (ver == TLS1_VERSION)
+		return(TLSv1_server_method());
+	else
+		return(NULL);
+	}
+
+SSL_METHOD *TLSv1_server_method(void)
+	{
+	static int init=1;
+	static SSL_METHOD TLSv1_server_data;
+
+	if (init)
+		{
+		memcpy((char *)&TLSv1_server_data,(char *)tlsv1_base_method(),
+			sizeof(SSL_METHOD));
+		TLSv1_server_data.ssl_accept=ssl3_accept;
+		TLSv1_server_data.get_ssl_method=tls1_get_server_method;
+		init=0;
+		}
+	return(&TLSv1_server_data);
+	}
+
diff --git a/crypto/openssl/ssl/tls1.h b/crypto/openssl/ssl/tls1.h
new file mode 100644
index 000000000000..a931efa936a0
--- /dev/null
+++ b/crypto/openssl/ssl/tls1.h
@@ -0,0 +1,153 @@
+/* ssl/tls1.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_TLS1_H 
+#define HEADER_TLS1_H 
+
+#include 
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES	0
+
+#define TLS1_VERSION			0x0301
+#define TLS1_VERSION_MAJOR		0x03
+#define TLS1_VERSION_MINOR		0x01
+
+#define TLS1_AD_DECRYPTION_FAILED	21
+#define TLS1_AD_RECORD_OVERFLOW		22
+#define TLS1_AD_UNKNOWN_CA		48	/* fatal */
+#define TLS1_AD_ACCESS_DENIED		49	/* fatal */
+#define TLS1_AD_DECODE_ERROR		50	/* fatal */
+#define TLS1_AD_DECRYPT_ERROR		51
+#define TLS1_AD_EXPORT_RESTRICION	60	/* fatal */
+#define TLS1_AD_PROTOCOL_VERSION	70	/* fatal */
+#define TLS1_AD_INSUFFICIENT_SECURITY	71	/* fatal */
+#define TLS1_AD_INTERNAL_ERROR		80	/* fatal */
+#define TLS1_AD_USER_CANCLED		90
+#define TLS1_AD_NO_RENEGOTIATION	100
+
+#define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5		0x03000060
+#define TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5	0x03000061
+#define TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA		0x03000062
+#define TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA	0x03000063
+#define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA		0x03000064
+#define TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA	0x03000065
+#define TLS1_CK_DHE_DSS_WITH_RC4_128_SHA		0x03000066
+
+#define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5		"EXP1024-RC4-MD5"
+#define TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5	"EXP1024-RC2-CBC-MD5"
+#define TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA	"EXP1024-DES-CBC-SHA"
+#define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA	"EXP1024-DHE-DSS-DES-CBC-SHA"
+#define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA		"EXP1024-RC4-SHA"
+#define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA	"EXP1024-DHE-DSS-RC4-SHA"
+#define TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA		"DHE-DSS-RC4-SHA"
+
+
+#define TLS_CT_RSA_SIGN			1
+#define TLS_CT_DSS_SIGN			2
+#define TLS_CT_RSA_FIXED_DH		3
+#define TLS_CT_DSS_FIXED_DH		4
+#define TLS_CT_NUMBER			4
+
+#define TLS1_FINISH_MAC_LENGTH		12
+
+#define TLS_MD_MAX_CONST_SIZE			20
+#define TLS_MD_CLIENT_FINISH_CONST		"client finished"
+#define TLS_MD_CLIENT_FINISH_CONST_SIZE		15
+#define TLS_MD_SERVER_FINISH_CONST		"server finished"
+#define TLS_MD_SERVER_FINISH_CONST_SIZE		15
+#define TLS_MD_SERVER_WRITE_KEY_CONST		"server write key"
+#define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE	16
+#define TLS_MD_KEY_EXPANSION_CONST		"key expansion"
+#define TLS_MD_KEY_EXPANSION_CONST_SIZE		13
+#define TLS_MD_CLIENT_WRITE_KEY_CONST		"client write key"
+#define TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE	16
+#define TLS_MD_SERVER_WRITE_KEY_CONST		"server write key"
+#define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE	16
+#define TLS_MD_IV_BLOCK_CONST			"IV block"
+#define TLS_MD_IV_BLOCK_CONST_SIZE		8
+#define TLS_MD_MASTER_SECRET_CONST		"master secret"
+#define TLS_MD_MASTER_SECRET_CONST_SIZE		13
+
+#ifdef CHARSET_EBCDIC
+#undef TLS_MD_CLIENT_FINISH_CONST
+#define TLS_MD_CLIENT_FINISH_CONST    "\x63\x6c\x69\x65\x6e\x74\x20\x66\x69\x6e\x69\x73\x68\x65\x64"  /*client finished*/
+#undef TLS_MD_SERVER_FINISH_CONST
+#define TLS_MD_SERVER_FINISH_CONST    "\x73\x65\x72\x76\x65\x72\x20\x66\x69\x6e\x69\x73\x68\x65\x64"  /*server finished*/
+#undef TLS_MD_SERVER_WRITE_KEY_CONST
+#define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79"  /*server write key*/
+#undef TLS_MD_KEY_EXPANSION_CONST
+#define TLS_MD_KEY_EXPANSION_CONST    "\x6b\x65\x79\x20\x65\x78\x70\x61\x6e\x73\x69\x6f\x6e"  /*key expansion*/
+#undef TLS_MD_CLIENT_WRITE_KEY_CONST
+#define TLS_MD_CLIENT_WRITE_KEY_CONST "\x63\x6c\x69\x65\x6e\x74\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79"  /*client write key*/
+#undef TLS_MD_SERVER_WRITE_KEY_CONST
+#define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79"  /*server write key*/
+#undef TLS_MD_IV_BLOCK_CONST
+#define TLS_MD_IV_BLOCK_CONST         "\x49\x56\x20\x62\x6c\x6f\x63\x6b"  /*IV block*/
+#undef TLS_MD_MASTER_SECRET_CONST
+#define TLS_MD_MASTER_SECRET_CONST    "\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74"  /*master secret*/
+#endif
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
+
diff --git a/crypto/openssl/test/CAss.cnf b/crypto/openssl/test/CAss.cnf
new file mode 100644
index 000000000000..b941b7ae1570
--- /dev/null
+++ b/crypto/openssl/test/CAss.cnf
@@ -0,0 +1,25 @@
+#
+# SSLeay example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+RANDFILE		= ./.rnd
+
+####################################################################
+[ req ]
+default_bits		= 512
+default_keyfile 	= keySS.pem
+distinguished_name	= req_distinguished_name
+encrypt_rsa_key		= no
+default_md		= sha1
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= AU
+countryName_value		= AU
+
+organizationName		= Organization Name (eg, company)
+organizationName_value		= Dodgy Brothers
+
+commonName			= Common Name (eg, YOUR name)
+commonName_value		= Dodgy CA
diff --git a/crypto/openssl/test/CAssdh.cnf b/crypto/openssl/test/CAssdh.cnf
new file mode 100644
index 000000000000..4e0a908679f7
--- /dev/null
+++ b/crypto/openssl/test/CAssdh.cnf
@@ -0,0 +1,24 @@
+#
+# SSLeay example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+# hacked by iang to do DH certs - CA
+
+RANDFILE              = ./.rnd
+
+####################################################################
+[ req ]
+distinguished_name    = req_distinguished_name
+encrypt_rsa_key               = no
+
+[ req_distinguished_name ]
+countryName                   = Country Name (2 letter code)
+countryName_default           = CU
+countryName_value             = CU
+
+organizationName              = Organization Name (eg, company)
+organizationName_value                = La Junta de la Revolucion
+
+commonName                    = Common Name (eg, YOUR name)
+commonName_value              = Junta
+
diff --git a/crypto/openssl/test/CAssdsa.cnf b/crypto/openssl/test/CAssdsa.cnf
new file mode 100644
index 000000000000..a6b4d1810c95
--- /dev/null
+++ b/crypto/openssl/test/CAssdsa.cnf
@@ -0,0 +1,23 @@
+#
+# SSLeay example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+# hacked by iang to do DSA certs - CA
+
+RANDFILE              = ./.rnd
+
+####################################################################
+[ req ]
+distinguished_name    = req_distinguished_name
+encrypt_rsa_key               = no
+
+[ req_distinguished_name ]
+countryName                   = Country Name (2 letter code)
+countryName_default           = ES
+countryName_value             = ES
+
+organizationName              = Organization Name (eg, company)
+organizationName_value                = Hermanos Locos
+
+commonName                    = Common Name (eg, YOUR name)
+commonName_value              = Hermanos Locos CA
diff --git a/crypto/openssl/test/CAssrsa.cnf b/crypto/openssl/test/CAssrsa.cnf
new file mode 100644
index 000000000000..eb24a6dfc0ef
--- /dev/null
+++ b/crypto/openssl/test/CAssrsa.cnf
@@ -0,0 +1,24 @@
+#
+# SSLeay example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+# create RSA certs - CA
+
+RANDFILE              = ./.rnd
+
+####################################################################
+[ req ]
+distinguished_name    = req_distinguished_name
+encrypt_key           = no
+
+[ req_distinguished_name ]
+countryName                   = Country Name (2 letter code)
+countryName_default           = ES
+countryName_value             = ES
+
+organizationName              = Organization Name (eg, company)
+organizationName_value                = Hermanos Locos
+
+commonName                    = Common Name (eg, YOUR name)
+commonName_value              = Hermanos Locos CA
+
diff --git a/crypto/openssl/test/Makefile.ssl b/crypto/openssl/test/Makefile.ssl
new file mode 100644
index 000000000000..2133ff157570
--- /dev/null
+++ b/crypto/openssl/test/Makefile.ssl
@@ -0,0 +1,388 @@
+#
+# test/Makefile.ssl
+#
+
+DIR=		test
+TOP=		..
+CC=		cc
+INCLUDES=	-I../include
+CFLAG=		-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=	/usr/local/ssl
+MAKEFILE=	Makefile.ssl
+MAKE=		make -f $(MAKEFILE)
+MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+
+PEX_LIBS=
+EX_LIBS= #-lnsl -lsocket
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile.ssl maketests.com \
+	tests.com testenc.com tx509.com trsa.com tcrl.com tsid.com treq.com \
+	tpkcs7.com tpkcs7d.com tverify.com testgen.com testss.com testssl.com \
+	testca.com VMSca-response.1 VMSca-response.2
+
+DLIBCRYPTO= ../libcrypto.a
+DLIBSSL= ../libssl.a
+LIBCRYPTO= -L.. -lcrypto
+LIBSSL= -L.. -lssl
+
+BNTEST=		bntest
+EXPTEST=	exptest
+IDEATEST=	ideatest
+SHATEST=	shatest
+SHA1TEST=	sha1test
+MDC2TEST=	mdc2test
+RMDTEST=	rmdtest
+MD2TEST=	md2test
+MD5TEST=	md5test
+HMACTEST=	hmactest
+RC2TEST=	rc2test
+RC4TEST=	rc4test
+RC5TEST=	rc5test
+BFTEST=		bftest
+CASTTEST=	casttest
+DESTEST=	destest
+RANDTEST=	randtest
+DHTEST=		dhtest
+DSATEST=	dsatest
+METHTEST=	methtest
+SSLTEST=	ssltest
+RSATEST=	rsa_oaep_test
+
+EXE=	$(BNTEST) $(IDEATEST) $(MD2TEST)  $(MD5TEST) $(HMACTEST) \
+	$(RC2TEST) $(RC4TEST) $(RC5TEST) \
+	$(DESTEST) $(SHATEST) $(SHA1TEST) $(MDC2TEST) $(RMDTEST) \
+	$(RANDTEST) $(DHTEST) \
+	$(BFTEST) $(CASTTEST) $(SSLTEST) $(EXPTEST) $(DSATEST) $(RSATEST)
+
+# $(METHTEST)
+
+OBJ=	$(BNTEST).o $(IDEATEST).o $(MD2TEST).o  $(MD5TEST).o $(HMACTEST).o \
+	$(RC2TEST).o $(RC4TEST).o $(RC5TEST).o \
+	$(DESTEST).o $(SHATEST).o $(SHA1TEST).o $(MDC2TEST).o $(RMDTEST).o \
+	$(RANDTEST).o $(DHTEST).o $(CASTTEST).o \
+	$(BFTEST).o  $(SSLTEST).o  $(DSATEST).o  $(EXPTEST).o $(RSATEST).o
+SRC=	$(BNTEST).c $(IDEATEST).c $(MD2TEST).c  $(MD5TEST).c  $(HMACTEST).c \
+	$(RC2TEST).c $(RC4TEST).c $(RC5TEST).c \
+	$(DESTEST).c $(SHATEST).c $(SHA1TEST).c $(MDC2TEST).c $(RMDTEST).c \
+	$(RANDTEST).c $(DHTEST).c $(CASTTEST).c \
+	$(BFTEST).c  $(SSLTEST).c $(DSATEST).c   $(EXPTEST).c $(RSATEST).c
+
+EXHEADER= 
+HEADER=	$(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+	(cd ..; $(MAKE) DIRS=$(DIR) all)
+
+all:	exe
+
+exe:	$(EXE)
+
+files:
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+	@@$(TOP)/util/point.sh Makefile.ssl Makefile
+
+errors:
+
+install:
+
+tags:
+	ctags $(SRC)
+
+tests:	exe apps \
+	test_des test_idea test_sha test_md5 test_hmac test_md2 test_mdc2 \
+	test_rc2 test_rc4 test_rc5 test_bf test_cast \
+	test_rand test_bn test_enc test_x509 test_rsa test_crl test_sid \
+	test_reqgen test_req test_pkcs7 test_verify test_dh test_dsa \
+	test_ss test_ssl test_ca
+
+apps:
+	@(cd ../apps; $(MAKE)  CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' all)
+
+test_des:
+	./$(DESTEST)
+
+test_idea:
+	./$(IDEATEST)
+
+test_sha:
+	./$(SHATEST)
+	./$(SHA1TEST)
+
+test_mdc2:
+	./$(MDC2TEST)
+
+test_md5:
+	./$(MD5TEST)
+
+test_hmac:
+	./$(HMACTEST)
+
+test_md2:
+	./$(MD2TEST)
+
+test_rmd:
+	./$(RMDTEST)
+
+test_bf:
+	./$(BFTEST)
+
+test_cast:
+	./$(CASTTEST)
+
+test_rc2:
+	./$(RC2TEST)
+
+test_rc4:
+	./$(RC4TEST)
+
+test_rc5:
+	./$(RC5TEST)
+
+test_rand:
+	./$(RANDTEST)
+
+test_enc:
+	@sh ./testenc
+
+test_x509:
+	echo test normal x509v1 certificate
+	sh ./tx509 2>/dev/null
+	echo test first x509v3 certificate
+	sh ./tx509 v3-cert1.pem 2>/dev/null
+	echo test second x509v3 certificate
+	sh ./tx509 v3-cert2.pem 2>/dev/null
+
+test_rsa:
+	@sh ./trsa 2>/dev/null
+	./$(RSATEST)
+
+test_crl:
+	@sh ./tcrl 2>/dev/null
+
+test_sid:
+	@sh ./tsid 2>/dev/null
+
+test_req:
+	@sh ./treq 2>/dev/null
+	@sh ./treq testreq2.pem 2>/dev/null
+
+test_pkcs7:
+	@sh ./tpkcs7 2>/dev/null
+	@sh ./tpkcs7d 2>/dev/null
+
+test_bn:
+	@echo starting big number library test, could take a while...
+	@(./$(BNTEST)|bc) | awk '{ \
+if ($$0 != "0") {print "error"; exit(1); } \
+if (((NR+1)%64) == 0) print NR+1," tests done"; }'
+	@echo 'test a^b%c implementations'
+	./$(EXPTEST)
+
+test_verify:
+	@echo "The following command should have some OK's and some failures"
+	@echo "There are definitly a few expired certificates"
+	../apps/openssl verify -CApath ../certs ../certs/*.pem
+
+test_dh:
+	@echo "Generate as set of DH parameters"
+	./$(DHTEST)
+
+test_dsa:
+	@echo "Generate as set of DSA parameters"
+	./$(DSATEST)
+
+test_reqgen:
+	@echo "Generate and verify a certificate request"
+	@sh ./testgen
+
+test_ss:
+	@echo "Generate and certify a test certificate"
+	@sh ./testss
+
+test_ssl:
+	@echo "test SSL protocol"
+	@sh ./testssl
+
+test_ca:
+	@echo "Generate and certify a test certificate via the 'ca' program"
+	@sh ./testca
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(SRC)
+
+dclean:
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE) *.ss log
+
+$(DLIBSSL):
+	(cd ../ssl; $(MAKE))
+
+$(DLIBCRYPTO):
+	(cd ../crypto; $(MAKE))
+
+$(RSATEST): $(RSATEST).o $(DLIBCRYPTO)
+	$(CC) -o $(RSATEST) $(CFLAGS) $(RSATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+
+$(BNTEST): $(BNTEST).o $(DLIBCRYPTO)
+	$(CC) -o $(BNTEST) $(CFLAGS) $(BNTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+
+$(EXPTEST): $(EXPTEST).o $(DLIBCRYPTO)
+	$(CC) -o $(EXPTEST) $(CFLAGS) $(EXPTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+
+$(IDEATEST): $(IDEATEST).o $(DLIBCRYPTO)
+	$(CC) -o $(IDEATEST) $(CFLAGS) $(IDEATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+
+$(MD2TEST): $(MD2TEST).o $(DLIBCRYPTO)
+	$(CC) -o $(MD2TEST) $(CFLAGS) $(MD2TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+
+$(SHATEST): $(SHATEST).o $(DLIBCRYPTO)
+	$(CC) -o $(SHATEST) $(CFLAGS) $(SHATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+
+$(SHA1TEST): $(SHA1TEST).o $(DLIBCRYPTO)
+	$(CC) -o $(SHA1TEST) $(CFLAGS) $(SHA1TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+
+$(RMDTEST): $(RMDTEST).o $(DLIBCRYPTO)
+	$(CC) -o $(RMDTEST) $(CFLAGS) $(RMDTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+
+$(MDC2TEST): $(MDC2TEST).o $(DLIBCRYPTO)
+	$(CC) -o $(MDC2TEST) $(CFLAGS) $(MDC2TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+
+$(MD5TEST): $(MD5TEST).o $(DLIBCRYPTO)
+	$(CC) -o $(MD5TEST) $(CFLAGS) $(MD5TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+
+$(HMACTEST): $(HMACTEST).o $(DLIBCRYPTO)
+	$(CC) -o $(HMACTEST) $(CFLAGS) $(HMACTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+
+$(RC2TEST): $(RC2TEST).o $(DLIBCRYPTO)
+	$(CC) -o $(RC2TEST) $(CFLAGS) $(RC2TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+
+$(BFTEST): $(BFTEST).o $(DLIBCRYPTO)
+	$(CC) -o $(BFTEST) $(CFLAGS) $(BFTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+
+$(CASTTEST): $(CASTTEST).o $(DLIBCRYPTO)
+	$(CC) -o $(CASTTEST) $(CFLAGS) $(CASTTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+
+$(RC4TEST): $(RC4TEST).o $(DLIBCRYPTO)
+	$(CC) -o $(RC4TEST) $(CFLAGS) $(RC4TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+
+$(RC5TEST): $(RC5TEST).o $(DLIBCRYPTO)
+	$(CC) -o $(RC5TEST) $(CFLAGS) $(RC5TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+
+$(DESTEST): $(DESTEST).o $(DLIBCRYPTO)
+	$(CC) -o $(DESTEST) $(CFLAGS) $(DESTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+
+$(RANDTEST): $(RANDTEST).o $(DLIBCRYPTO)
+	$(CC) -o $(RANDTEST) $(CFLAGS) $(RANDTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+
+$(DHTEST): $(DHTEST).o $(DLIBCRYPTO)
+	$(CC) -o $(DHTEST) $(CFLAGS) $(DHTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+
+$(DSATEST): $(DSATEST).o $(DLIBCRYPTO)
+	$(CC) -o $(DSATEST) $(CFLAGS) $(DSATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+
+$(METHTEST): $(METHTEST).o $(DLIBCRYPTO)
+	$(CC) -o $(METHTEST) $(CFLAGS) $(METHTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+
+$(SSLTEST): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
+	$(CC) -o $(SSLTEST) $(CFLAGS) $(SSLTEST).o $(PEX_LIBS) $(LIBSSL) $(LIBCRYPTO) $(EX_LIBS)
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+bftest.o: ../include/openssl/blowfish.h
+bntest.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+bntest.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+bntest.o: ../include/openssl/cast.h ../include/openssl/crypto.h
+bntest.o: ../include/openssl/des.h ../include/openssl/dh.h
+bntest.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+bntest.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+bntest.o: ../include/openssl/evp.h ../include/openssl/idea.h
+bntest.o: ../include/openssl/md2.h ../include/openssl/md5.h
+bntest.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+bntest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+bntest.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+bntest.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+bntest.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+bntest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+bntest.o: ../include/openssl/sha.h ../include/openssl/stack.h
+bntest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+casttest.o: ../include/openssl/cast.h
+destest.o: ../include/openssl/des.h ../include/openssl/e_os2.h
+destest.o: ../include/openssl/opensslconf.h
+dhtest.o: ../include/openssl/bio.h ../include/openssl/bn.h
+dhtest.o: ../include/openssl/crypto.h ../include/openssl/dh.h
+dhtest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+dhtest.o: ../include/openssl/stack.h
+dsatest.o: ../include/openssl/bio.h ../include/openssl/bn.h
+dsatest.o: ../include/openssl/crypto.h ../include/openssl/dh.h
+dsatest.o: ../include/openssl/dsa.h ../include/openssl/err.h
+dsatest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+dsatest.o: ../include/openssl/rand.h ../include/openssl/stack.h
+exptest.o: ../include/openssl/bio.h ../include/openssl/bn.h
+exptest.o: ../include/openssl/crypto.h ../include/openssl/err.h
+exptest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+exptest.o: ../include/openssl/rand.h ../include/openssl/stack.h
+hmactest.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+hmactest.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+hmactest.o: ../include/openssl/cast.h ../include/openssl/crypto.h
+hmactest.o: ../include/openssl/des.h ../include/openssl/dh.h
+hmactest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+hmactest.o: ../include/openssl/evp.h ../include/openssl/hmac.h
+hmactest.o: ../include/openssl/idea.h ../include/openssl/md2.h
+hmactest.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+hmactest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+hmactest.o: ../include/openssl/opensslv.h ../include/openssl/rc2.h
+hmactest.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+hmactest.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+hmactest.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+hmactest.o: ../include/openssl/stack.h
+ideatest.o: ../include/openssl/idea.h ../include/openssl/opensslconf.h
+md2test.o: ../include/openssl/md2.h ../include/openssl/opensslconf.h
+md5test.o: ../include/openssl/md5.h
+mdc2test.o: ../include/openssl/des.h ../include/openssl/e_os2.h
+mdc2test.o: ../include/openssl/mdc2.h ../include/openssl/opensslconf.h
+randtest.o: ../include/openssl/rand.h
+rc2test.o: ../include/openssl/opensslconf.h ../include/openssl/rc2.h
+rc4test.o: ../include/openssl/opensslconf.h ../include/openssl/rc4.h
+rc5test.o: ../include/openssl/rc5.h
+rmdtest.o: ../include/openssl/ripemd.h
+rsa_oaep_test.o: ../include/openssl/bn.h ../include/openssl/crypto.h
+rsa_oaep_test.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+rsa_oaep_test.o: ../include/openssl/err.h ../include/openssl/opensslconf.h
+rsa_oaep_test.o: ../include/openssl/opensslv.h ../include/openssl/rsa.h
+rsa_oaep_test.o: ../include/openssl/stack.h
+sha1test.o: ../include/openssl/sha.h
+shatest.o: ../include/openssl/sha.h
+ssltest.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+ssltest.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+ssltest.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+ssltest.o: ../include/openssl/crypto.h ../include/openssl/des.h
+ssltest.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+ssltest.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+ssltest.o: ../include/openssl/err.h ../include/openssl/evp.h
+ssltest.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+ssltest.o: ../include/openssl/md2.h ../include/openssl/md5.h
+ssltest.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+ssltest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ssltest.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+ssltest.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+ssltest.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+ssltest.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+ssltest.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ssltest.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+ssltest.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+ssltest.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+ssltest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
diff --git a/crypto/openssl/test/Sssdsa.cnf b/crypto/openssl/test/Sssdsa.cnf
new file mode 100644
index 000000000000..8e170a28ef59
--- /dev/null
+++ b/crypto/openssl/test/Sssdsa.cnf
@@ -0,0 +1,27 @@
+#
+# SSLeay example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+# hacked by iang to do DSA certs - Server
+
+RANDFILE              = ./.rnd
+
+####################################################################
+[ req ]
+distinguished_name    = req_distinguished_name
+encrypt_rsa_key               = no
+
+[ req_distinguished_name ]
+countryName                   = Country Name (2 letter code)
+countryName_default           = ES
+countryName_value             = ES
+
+organizationName                = Organization Name (eg, company)
+organizationName_value          = Tortilleras S.A.
+
+0.commonName                  = Common Name (eg, YOUR name)
+0.commonName_value            = Torti
+
+1.commonName                  = Common Name (eg, YOUR name)
+1.commonName_value            = Gordita
+
diff --git a/crypto/openssl/test/Sssrsa.cnf b/crypto/openssl/test/Sssrsa.cnf
new file mode 100644
index 000000000000..8c79a03fca87
--- /dev/null
+++ b/crypto/openssl/test/Sssrsa.cnf
@@ -0,0 +1,26 @@
+#
+# SSLeay example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+# create RSA certs - Server
+
+RANDFILE              = ./.rnd
+
+####################################################################
+[ req ]
+distinguished_name    = req_distinguished_name
+encrypt_key           = no
+
+[ req_distinguished_name ]
+countryName                   = Country Name (2 letter code)
+countryName_default           = ES
+countryName_value             = ES
+
+organizationName                = Organization Name (eg, company)
+organizationName_value          = Tortilleras S.A.
+
+0.commonName                  = Common Name (eg, YOUR name)
+0.commonName_value            = Torti
+
+1.commonName                  = Common Name (eg, YOUR name)
+1.commonName_value            = Gordita
diff --git a/crypto/openssl/test/Uss.cnf b/crypto/openssl/test/Uss.cnf
new file mode 100644
index 000000000000..c89692d5199c
--- /dev/null
+++ b/crypto/openssl/test/Uss.cnf
@@ -0,0 +1,28 @@
+#
+# SSLeay example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+RANDFILE		= ./.rnd
+
+####################################################################
+[ req ]
+default_bits		= 512
+default_keyfile 	= keySS.pem
+distinguished_name	= req_distinguished_name
+encrypt_rsa_key		= no
+default_md		= md2
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= AU
+countryName_value		= AU
+
+organizationName                = Organization Name (eg, company)
+organizationName_value          = Dodgy Brothers
+
+0.commonName			= Common Name (eg, YOUR name)
+0.commonName_value		= Brother 1
+
+1.commonName			= Common Name (eg, YOUR name)
+1.commonName_value		= Brother 2
diff --git a/crypto/openssl/test/VMSca-response.1 b/crypto/openssl/test/VMSca-response.1
new file mode 100644
index 000000000000..8b137891791f
--- /dev/null
+++ b/crypto/openssl/test/VMSca-response.1
@@ -0,0 +1 @@
+
diff --git a/crypto/openssl/test/VMSca-response.2 b/crypto/openssl/test/VMSca-response.2
new file mode 100644
index 000000000000..9b48ee4cf97a
--- /dev/null
+++ b/crypto/openssl/test/VMSca-response.2
@@ -0,0 +1,2 @@
+y
+y
diff --git a/crypto/openssl/test/dsa-ca.pem b/crypto/openssl/test/dsa-ca.pem
new file mode 100644
index 000000000000..9eb08f3ddd45
--- /dev/null
+++ b/crypto/openssl/test/dsa-ca.pem
@@ -0,0 +1,43 @@
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,C5B6C7CC9E1FE2C0
+
+svCXBcBRhMuU22UXOfiKZA+thmz6KYXpt1Yg5Rd+TYQcQ1MdvNy0B0tkP1SxzDq0
+Xh1eMeTML9/9/0rKakgNXXXbpi5RB8t6BmwRSyej89F7nn1mtR3qzoyPRpp15SDl
+Tn67C+2v+HDF3MFk88hiNCYkNbcmi7TWvChsl8N1r7wdZwtIox56yXdgxw6ZIpa/
+par0oUCzN7fiavPgCWz1kfPNSaBQSdxwH7TZi5tMHAr0J3C7a7QRnZfE09R59Uqr
+zslrq+ndIw1BZAxoY0SlBu+iFOVaBVlwToC4AsHkv7j7l8ITtr7f42YbBa44D9TO
+uOhONmkk/v3Fso4RaOEzdKZC+hnmmzvHs6TiTWm6yzJgSFwyOUK0eGmKEeVxpcH5
+rUOlHOwzen+FFtocZDZAfdFnb7QY7L/boQvyA5A+ZbRG4DUpmBQeQsSaICHM5Rxx
+1QaLF413VNPXTLPbW0ilSc2H8x2iZTIVKfd33oSO6NhXPtSYQgfecEF4BvNHY5c4
+HovjT4mckbK95bcBzoCHu43vuSQkmZzdYo/ydSZt6zoPavbBLueTpgSbdXiDi827
+MVqOsYxGCb+kez0FoDSTgw==
+-----END DSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE REQUEST-----
+MIICUjCCAhECAQAwUjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx
+ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDELMAkGA1UEAxMCQ0Ew
+ggG0MIIBKQYFKw4DAgwwggEeAoGBAKc/boW/QWopffCfRxkwkJoJHdpqMx7FPYaW
+sxXgUy6P4FmCc5A+dTGZR3pS+4Xk2aZ7OJtoioSbh8YetX6GS1NbWc9xZRmIbs5m
+rmuINvvsKNzC16W75Sw5JkvamnAYlTeVEFYj9hXtugRe3jlP/bdDH7WkZW/NgBHk
+cJVbUM1JAhUA9wcx7fpsBgPVhYocrJxl51BmZW8CgYBN30wDppGK9RlvUEYlmeVo
+bzDjaeHls12YuyiGSPzemQQ/X4gMnHMkDSBduSqaPxiWJ+Rih8F7dGJT/GEnqHqR
+CZ228U2cVA9YBu5JdAfOVX4jzhb2ytxaYQF+yXG1TfbcNCmHaPZeIJOz2/XkCWxB
+F5WS6wG1c6Vqftgy7Q4CuAOBhAACgYAapll6iqz9XrZFlk2GCVcB+KihxWnH7IuH
+vSLw9YUrJahcBHmbpvt494lF4gC5w3WPM+vXJofbusk4GoQEEsQNMDaah4m49uUq
+AylOVFJJJXuirVJ+o+0TtOFDITEAl+YZZariXOD7tdOSOl9RLMPC6+daHKS9e68u
+3enxhqnDGaAAMAkGBSsOAwIbBQADMAAwLQIVAJGVuFsG/0DBuSZ0jF7ypdU0/G0v
+AhQfeF5BoMMDbX/kidUVpQ6gadPlZA==
+-----END CERTIFICATE REQUEST-----
+-----BEGIN CERTIFICATE-----
+MIIBrjCCAWwCAQswCQYFKw4DAhsFADBTMQswCQYDVQQGEwJBVTETMBEGA1UECBMK
+U29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQww
+CgYDVQQDEwNQQ0EwHhcNOTcwNjE1MDIxNDI5WhcNOTcwNzE1MDIxNDI5WjBSMQsw
+CQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJu
+ZXQgV2lkZ2l0cyBQdHkgTHRkMQswCQYDVQQDEwJDQTCBkjAJBgUrDgMCDAUAA4GE
+AAKBgBqmWXqKrP1etkWWTYYJVwH4qKHFacfsi4e9IvD1hSslqFwEeZum+3j3iUXi
+ALnDdY8z69cmh9u6yTgahAQSxA0wNpqHibj25SoDKU5UUkkle6KtUn6j7RO04UMh
+MQCX5hllquJc4Pu105I6X1Esw8Lr51ocpL17ry7d6fGGqcMZMAkGBSsOAwIbBQAD
+MQAwLgIVAJ4wtQsANPxHo7Q4IQZYsL12SKdbAhUAjJ9n38zxT+iai2164xS+LIfa
+C1Q=
+-----END CERTIFICATE-----
+
diff --git a/crypto/openssl/test/dsa-pca.pem b/crypto/openssl/test/dsa-pca.pem
new file mode 100644
index 000000000000..e3641ad47e6b
--- /dev/null
+++ b/crypto/openssl/test/dsa-pca.pem
@@ -0,0 +1,49 @@
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,F80EEEBEEA7386C4
+
+GZ9zgFcHOlnhPoiSbVi/yXc9mGoj44A6IveD4UlpSEUt6Xbse3Fr0KHIUyQ3oGnS
+mClKoAp/eOTb5Frhto85SzdsxYtac+X1v5XwdzAMy2KowHVk1N8A5jmE2OlkNPNt
+of132MNlo2cyIRYaa35PPYBGNCmUm7YcYS8O90YtkrQZZTf4+2C4kllhMcdkQwkr
+FWSWC8YOQ7w0LHb4cX1FejHHom9Nd/0PN3vn3UyySvfOqoR7nbXkrpHXmPIr0hxX
+RcF0aXcV/CzZ1/nfXWQf4o3+oD0T22SDoVcZY60IzI0oIc3pNCbDV3uKNmgekrFd
+qOUJ+QW8oWp7oefRx62iBfIeC8DZunohMXaWAQCU0sLQOR4yEdeUCnzCSywe0bG1
+diD0KYaEe+Yub1BQH4aLsBgDjardgpJRTQLq0DUvw0/QGO1irKTJzegEDNVBKrVn
+V4AHOKT1CUKqvGNRP1UnccUDTF6miOAtaj/qpzra7sSk7dkGBvIEeFoAg84kfh9h
+hVvF1YyzC9bwZepruoqoUwke/WdNIR5ymOVZ/4Liw0JdIOcq+atbdRX08niqIRkf
+dsZrUj4leo3zdefYUQ7w4N2Ns37yDFq7
+-----END DSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE REQUEST-----
+MIICVTCCAhMCAQAwUzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx
+ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEMMAoGA1UEAxMDUENB
+MIIBtTCCASkGBSsOAwIMMIIBHgKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2G
+lrMV4FMuj+BZgnOQPnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7O
+Zq5riDb77Cjcwtelu+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR
+5HCVW1DNSQIVAPcHMe36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnl
+aG8w42nh5bNdmLsohkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6
+kQmdtvFNnFQPWAbuSXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15Als
+QReVkusBtXOlan7YMu0OArgDgYUAAoGBAKbtuR5AdW+ICjCFe2ixjUiJJzM2IKwe
+6NZEMXg39+HQ1UTPTmfLZLps+rZfolHDXuRKMXbGFdSF0nXYzotPCzi7GauwEJTZ
+yr27ZZjA1C6apGSQ9GzuwNvZ4rCXystVEagAS8OQ4H3D4dWS17Zg31ICb5o4E5r0
+z09o/Uz46u0VoAAwCQYFKw4DAhsFAAMxADAuAhUArRubTxsbIXy3AhtjQ943AbNB
+nSICFQCu+g1iW3jwF+gOcbroD4S/ZcvB3w==
+-----END CERTIFICATE REQUEST-----
+-----BEGIN CERTIFICATE-----
+MIIC0zCCApECAQAwCQYFKw4DAhsFADBTMQswCQYDVQQGEwJBVTETMBEGA1UECBMK
+U29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQww
+CgYDVQQDEwNQQ0EwHhcNOTcwNjE0MjI1NDQ1WhcNOTcwNzE0MjI1NDQ1WjBTMQsw
+CQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJu
+ZXQgV2lkZ2l0cyBQdHkgTHRkMQwwCgYDVQQDEwNQQ0EwggG1MIIBKQYFKw4DAgww
+ggEeAoGBAKc/boW/QWopffCfRxkwkJoJHdpqMx7FPYaWsxXgUy6P4FmCc5A+dTGZ
+R3pS+4Xk2aZ7OJtoioSbh8YetX6GS1NbWc9xZRmIbs5mrmuINvvsKNzC16W75Sw5
+JkvamnAYlTeVEFYj9hXtugRe3jlP/bdDH7WkZW/NgBHkcJVbUM1JAhUA9wcx7fps
+BgPVhYocrJxl51BmZW8CgYBN30wDppGK9RlvUEYlmeVobzDjaeHls12YuyiGSPze
+mQQ/X4gMnHMkDSBduSqaPxiWJ+Rih8F7dGJT/GEnqHqRCZ228U2cVA9YBu5JdAfO
+VX4jzhb2ytxaYQF+yXG1TfbcNCmHaPZeIJOz2/XkCWxBF5WS6wG1c6Vqftgy7Q4C
+uAOBhQACgYEApu25HkB1b4gKMIV7aLGNSIknMzYgrB7o1kQxeDf34dDVRM9OZ8tk
+umz6tl+iUcNe5EoxdsYV1IXSddjOi08LOLsZq7AQlNnKvbtlmMDULpqkZJD0bO7A
+29nisJfKy1URqABLw5DgfcPh1ZLXtmDfUgJvmjgTmvTPT2j9TPjq7RUwCQYFKw4D
+AhsFAAMxADAuAhUAvtv6AkMolix1Jvy3UnVEIUqdCUICFQC+jq8P49mwrY9oJ24n
+5rKUjNBhSg==
+-----END CERTIFICATE-----
+
diff --git a/crypto/openssl/test/methtest.c b/crypto/openssl/test/methtest.c
new file mode 100644
index 000000000000..06ccb3b31087
--- /dev/null
+++ b/crypto/openssl/test/methtest.c
@@ -0,0 +1,105 @@
+/* test/methtest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include 
+#include 
+#include 
+#include 
+#include "meth.h"
+#include 
+
+int main(argc,argv)
+int argc;
+char *argv[];
+	{
+	METHOD_CTX *top,*tmp1,*tmp2;
+
+	top=METH_new(x509_lookup()); /* get a top level context */
+	if (top == NULL) goto err;
+
+	tmp1=METH_new(x509_by_file());
+	if (top == NULL) goto err;
+	METH_arg(tmp1,METH_TYPE_FILE,"cafile1");
+	METH_arg(tmp1,METH_TYPE_FILE,"cafile2");
+	METH_push(top,METH_X509_CA_BY_SUBJECT,tmp1);
+
+	tmp2=METH_new(x509_by_dir());
+	METH_arg(tmp2,METH_TYPE_DIR,"/home/eay/.CAcerts");
+	METH_arg(tmp2,METH_TYPE_DIR,"/home/eay/SSLeay/certs");
+	METH_arg(tmp2,METH_TYPE_DIR,"/usr/local/ssl/certs");
+	METH_push(top,METH_X509_CA_BY_SUBJECT,tmp2);
+
+/*	tmp=METH_new(x509_by_issuer_dir);
+	METH_arg(tmp,METH_TYPE_DIR,"/home/eay/.mycerts");
+	METH_push(top,METH_X509_BY_ISSUER,tmp);
+
+	tmp=METH_new(x509_by_issuer_primary);
+	METH_arg(tmp,METH_TYPE_FILE,"/home/eay/.mycerts/primary.pem");
+	METH_push(top,METH_X509_BY_ISSUER,tmp);
+*/
+
+	METH_init(top);
+	METH_control(tmp1,METH_CONTROL_DUMP,stdout);
+	METH_control(tmp2,METH_CONTROL_DUMP,stdout);
+	exit(0);
+err:
+	ERR_load_crypto_strings();
+	ERR_print_errors_fp(stderr);
+	exit(1);
+	return(0);
+	}
diff --git a/crypto/openssl/test/pkcs7-1.pem b/crypto/openssl/test/pkcs7-1.pem
new file mode 100644
index 000000000000..c47b27af8893
--- /dev/null
+++ b/crypto/openssl/test/pkcs7-1.pem
@@ -0,0 +1,15 @@
+-----BEGIN PKCS7-----
+MIICUAYJKoZIhvcNAQcCoIICQTCCAj0CAQExDjAMBggqhkiG9w0CAgUAMCgGCSqG
+SIb3DQEHAaAbBBlFdmVyeW9uZSBnZXRzIEZyaWRheSBvZmYuoIIBXjCCAVowggEE
+AgQUAAApMA0GCSqGSIb3DQEBAgUAMCwxCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRF
+eGFtcGxlIE9yZ2FuaXphdGlvbjAeFw05MjA5MDkyMjE4MDZaFw05NDA5MDkyMjE4
+MDVaMEIxCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRFeGFtcGxlIE9yZ2FuaXphdGlv
+bjEUMBIGA1UEAxMLVGVzdCBVc2VyIDEwWzANBgkqhkiG9w0BAQEFAANKADBHAkAK
+ZnkdxpiBaN56t3QZu3+wwAHGJxAnAHUUKULhmo2MUdBTs+N4Kh3l3Fr06+mUaBcB
+FKHf5nzcmpr1XWVWILurAgMBAAEwDQYJKoZIhvcNAQECBQADQQBFGqHhqncgSl/N
+9XYGnQL3MsJvNnsNV4puZPOakR9Hld8JlDQFEaDR30ogsmp3TMrvdfxpLlTCoZN8
+BxEmnZsWMYGbMIGYAgEBMDQwLDELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFEV4YW1w
+bGUgT3JnYW5pemF0aW9uAgQUAAApMAwGCCqGSIb3DQICBQAwDQYJKoZIhvcNAQEB
+BQAEQAX6aoEvx9+L9PJUJQngPoRuEbnGIL4gCe+0QO+8xmkhaZSsBPNBtX0FIC1C
+j7Kie1x339mxW/w9VZNTUDQQweHh
+-----END PKCS7-----
diff --git a/crypto/openssl/test/pkcs7.pem b/crypto/openssl/test/pkcs7.pem
new file mode 100644
index 000000000000..d55c60b94e13
--- /dev/null
+++ b/crypto/openssl/test/pkcs7.pem
@@ -0,0 +1,54 @@
+     MIAGCSqGSIb3DQEHAqCAMIACAQExADCABgkqhkiG9w0BBwEAAKCAMIIE+DCCBGGg
+     AwIBAgIQaGSF/JpbS1C223+yrc+N1DANBgkqhkiG9w0BAQQFADBiMREwDwYDVQQH
+     EwhJbnRlcm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNVBAsTK1Zl
+     cmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXIwHhcNOTYw
+     ODEyMDAwMDAwWhcNOTYwODE3MjM1OTU5WjCCASAxETAPBgNVBAcTCEludGVybmV0
+     MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xh
+     c3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjE3MDUGA1UECxMuRGlnaXRh
+     bCBJRCBDbGFzcyAxIC0gU01JTUUgVmVyaVNpZ24sIEluYy4gVEVTVDFGMEQGA1UE
+     CxM9d3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L0NQUyBJbmNvcnAuIGJ5IFJl
+     Zi4sTElBQi5MVEQoYyk5NjEZMBcGA1UEAxMQQWxleGFuZHJlIERlYWNvbjEgMB4G
+     CSqGSIb3DQEJARYRYWxleEB2ZXJpc2lnbi5jb20wWzANBgkqhkiG9w0BAQEFAANK
+     ADBHAkAOy7xxCAIkOfuIA2LyRpxgKlDORl8htdXYhF5iBGUx1GYaK6KF+bK/CCI0
+     l4j2OfWGFBUrwGoWqxTNcWgTfMzRAgMBAAGjggIyMIICLjAJBgNVHRMEAjAAMIIC
+     HwYDVR0DBIICFjCCAhIwggIOMIICCgYLYIZIAYb4RQEHAQEwggH5FoIBp1RoaXMg
+     Y2VydGlmaWNhdGUgaW5jb3Jwb3JhdGVzIGJ5IHJlZmVyZW5jZSwgYW5kIGl0cyB1
+     c2UgaXMgc3RyaWN0bHkgc3ViamVjdCB0bywgdGhlIFZlcmlTaWduIENlcnRpZmlj
+     YXRpb24gUHJhY3RpY2UgU3RhdGVtZW50IChDUFMpLCBhdmFpbGFibGUgYXQ6IGh0
+     dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9DUFM7IGJ5IEUtbWFpbCBhdCBDUFMtcmVx
+     dWVzdHNAdmVyaXNpZ24uY29tOyBvciBieSBtYWlsIGF0IFZlcmlTaWduLCBJbmMu
+     LCAyNTkzIENvYXN0IEF2ZS4sIE1vdW50YWluIFZpZXcsIENBIDk0MDQzIFVTQSBU
+     ZWwuICsxICg0MTUpIDk2MS04ODMwIENvcHlyaWdodCAoYykgMTk5NiBWZXJpU2ln
+     biwgSW5jLiAgQWxsIFJpZ2h0cyBSZXNlcnZlZC4gQ0VSVEFJTiBXQVJSQU5USUVT
+     IERJU0NMQUlNRUQgYW5kIExJQUJJTElUWSBMSU1JVEVELqAOBgxghkgBhvhFAQcB
+     AQGhDgYMYIZIAYb4RQEHAQECMCwwKhYoaHR0cHM6Ly93d3cudmVyaXNpZ24uY29t
+     L3JlcG9zaXRvcnkvQ1BTIDANBgkqhkiG9w0BAQQFAAOBgQAimWMGQwwwxk+b3KAL
+     HlSWXtU7LWHe29CEG8XeVNTvrqs6SBqT7OoENOkGxpfdpVgZ3Qw2SKjxDvbvpfSF
+     slsqcxWSgB/hWuaVuZCkvTw/dYGGOxkTJGxvDCfl1PZjX4dKbatslsi9Z9HpGWT7
+     ttItRwKqcBKgmCJvKi1pGWED0zCCAnkwggHioAMCAQICEDURpVKQb+fQKaRAGdQR
+     /D4wDQYJKoZIhvcNAQECBQAwXzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlT
+     aWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmltYXJ5IENlcnRp
+     ZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2MDYyNzAwMDAwMFoXDTk3MDYyNzIzNTk1
+     OVowYjERMA8GA1UEBxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMu
+     MTQwMgYDVQQLEytWZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJz
+     Y3JpYmVyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2FKbPTdAFDdjKI9Bv
+     qrQpkmOOLPhvltcunXZLEbE2jVfJw/0cxrr+Hgi6M8qV6r7jW80GqLd5HUQq7XPy
+     sVKDaBBwZJHXPmv5912dFEObbpdFmIFH0S3L3bty10w/cariQPJUObwW7s987Lrb
+     P2wqsxaxhhKdrpM01bjV0Pc+qQIDAQABozMwMTAPBgNVHRMECDAGAQH/AgEBMAsG
+     A1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAgQwDQYJKoZIhvcNAQECBQADgYEA
+     KeXHoBmnbxRCgk0jM9e9mDppdxpsipIna/J8DOHEUuD4nONAr4+xOg73SBl026n7
+     Bk55A2wvAMGo7+kKTZ+rHaFDDcmq4O+rzFri2RIOeGAncj1IcGptAQhvXoIhFMG4
+     Jlzg1KlHZHqy7D3jex78zcSU7kKOu8f5tAX1jC3+sToAAKGAMIIBJzCBkTANBgkq
+     hkiG9w0BAQIFADBiMREwDwYDVQQHEwhJbnRlcm5ldDEXMBUGA1UEChMOVmVyaVNp
+     Z24sIEluYy4xNDAyBgNVBAsTK1ZlcmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlk
+     dWFsIFN1YnNjcmliZXIXDTk2MDcwMTE3MzA0MFoXDTk3MDcwMTAwMDAwMFowDQYJ
+     KoZIhvcNAQECBQADgYEAGLuQ6PX8A7AiqBEtWzYtl6lZNSDI0bR5YUo+D2Jzkw30
+     dxQnJSbKXEc6XYuzAW5HvrzATXu5c19WWPT4cRDwmjH71i9QcDysWwf/wE0qGTiW
+     I3tQT0I5VGh7jIJD07nlBw3R4Xl8dH9kr85JsWinqDH5YKpIo9o8knY5n7+qjOow
+     ggEkMIGOMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5W
+     ZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMSBQdWJsaWMgUHJpbWFyeSBD
+     ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eRcNOTYwNzE2MjMxMTI5WhcNOTYwODE1MDAw
+     MDAwWjANBgkqhkiG9w0BAQIFAAOBgQAXsLE4vnsY6sY67QrmWec7iaU2ehzxanEK
+     /9wKHZNuhlNzk+qGZZw2evxfUe2OaRbYpl8zuZvhK9BHD3ad14OSe9/zx5hOPgP/
+     DQXt6R4R8Q/1JheBrolrgbavjvI2wKS8/Psp2prBrkF4T48+AKRmS8Zzh1guxgvP
+     b+xSu/jH0gAAMYAAAAAAAAAAAA==
diff --git a/crypto/openssl/test/r160test.c b/crypto/openssl/test/r160test.c
new file mode 100644
index 000000000000..a172e393cab0
--- /dev/null
+++ b/crypto/openssl/test/r160test.c
@@ -0,0 +1,57 @@
+/* test/r160test.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
diff --git a/crypto/openssl/test/tcrl b/crypto/openssl/test/tcrl
new file mode 100644
index 000000000000..acaf8f3c4716
--- /dev/null
+++ b/crypto/openssl/test/tcrl
@@ -0,0 +1,81 @@
+#!/bin/sh
+
+PATH=../apps:$PATH
+export PATH
+
+cmd='../apps/openssl crl'
+
+if [ "$1"x != "x" ]; then
+	t=$1
+else
+	t=testcrl.pem
+fi
+
+echo testing crl conversions
+cp $t fff.p
+
+echo "p -> d"
+$cmd -in fff.p -inform p -outform d >f.d
+if [ $? != 0 ]; then exit 1; fi
+#echo "p -> t"
+#$cmd -in fff.p -inform p -outform t >f.t
+#if [ $? != 0 ]; then exit 1; fi
+echo "p -> p"
+$cmd -in fff.p -inform p -outform p >f.p
+if [ $? != 0 ]; then exit 1; fi
+
+echo "d -> d"
+$cmd -in f.d -inform d -outform d >ff.d1
+if [ $? != 0 ]; then exit 1; fi
+#echo "t -> d"
+#$cmd -in f.t -inform t -outform d >ff.d2
+#if [ $? != 0 ]; then exit 1; fi
+echo "p -> d"
+$cmd -in f.p -inform p -outform d >ff.d3
+if [ $? != 0 ]; then exit 1; fi
+
+#echo "d -> t"
+#$cmd -in f.d -inform d -outform t >ff.t1
+#if [ $? != 0 ]; then exit 1; fi
+#echo "t -> t"
+#$cmd -in f.t -inform t -outform t >ff.t2
+#if [ $? != 0 ]; then exit 1; fi
+#echo "p -> t"
+#$cmd -in f.p -inform p -outform t >ff.t3
+#if [ $? != 0 ]; then exit 1; fi
+
+echo "d -> p"
+$cmd -in f.d -inform d -outform p >ff.p1
+if [ $? != 0 ]; then exit 1; fi
+#echo "t -> p"
+#$cmd -in f.t -inform t -outform p >ff.p2
+#if [ $? != 0 ]; then exit 1; fi
+echo "p -> p"
+$cmd -in f.p -inform p -outform p >ff.p3
+if [ $? != 0 ]; then exit 1; fi
+
+cmp fff.p f.p
+if [ $? != 0 ]; then exit 1; fi
+cmp fff.p ff.p1
+if [ $? != 0 ]; then exit 1; fi
+#cmp fff.p ff.p2
+#if [ $? != 0 ]; then exit 1; fi
+cmp fff.p ff.p3
+if [ $? != 0 ]; then exit 1; fi
+
+#cmp f.t ff.t1
+#if [ $? != 0 ]; then exit 1; fi
+#cmp f.t ff.t2
+#if [ $? != 0 ]; then exit 1; fi
+#cmp f.t ff.t3
+#if [ $? != 0 ]; then exit 1; fi
+
+cmp f.p ff.p1
+if [ $? != 0 ]; then exit 1; fi
+#cmp f.p ff.p2
+#if [ $? != 0 ]; then exit 1; fi
+cmp f.p ff.p3
+if [ $? != 0 ]; then exit 1; fi
+
+/bin/rm -f f.* ff.* fff.*
+exit 0
diff --git a/crypto/openssl/test/test.cnf b/crypto/openssl/test/test.cnf
new file mode 100644
index 000000000000..faad3914a859
--- /dev/null
+++ b/crypto/openssl/test/test.cnf
@@ -0,0 +1,88 @@
+#
+# SSLeay example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+RANDFILE		= ./.rnd
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= ./demoCA		# Where everything is kept
+certs		= $dir/certs		# Where the issued certs are kept
+crl_dir		= $dir/crl		# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir/new_certs	# default place for new certs.
+
+certificate	= $dir/CAcert.pem 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/private/CAkey.pem# The private key
+RANDFILE	= $dir/private/.rand	# private random number file
+
+default_days	= 365			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= md5			# which md to use.
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_match
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= 512
+default_keyfile 	= testkey.pem
+distinguished_name	= req_distinguished_name
+encrypt_rsa_key		= no
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= AU
+countryName_value		= AU
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= Queensland
+stateOrProvinceName_value	=
+
+localityName			= Locality Name (eg, city)
+localityName_value		= Brisbane
+
+organizationName		= Organization Name (eg, company)
+organizationName_default	= 
+organizationName_value		= CryptSoft Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+organizationalUnitName_default	=
+organizationalUnitName_value	= .
+
+commonName			= Common Name (eg, YOUR name)
+commonName_value		= Eric Young
+
+emailAddress			= Email Address
+emailAddress_value		= eay@mincom.oz.au
diff --git a/crypto/openssl/test/testca b/crypto/openssl/test/testca
new file mode 100644
index 000000000000..88c186b6ab84
--- /dev/null
+++ b/crypto/openssl/test/testca
@@ -0,0 +1,44 @@
+#!/bin/sh
+
+SH="/bin/sh"
+PATH=../apps:$PATH
+export SH PATH
+
+SSLEAY_CONFIG="-config CAss.cnf"
+export SSLEAY_CONFIG
+
+/bin/rm -fr demoCA
+$SH ../apps/CA.sh -newca <$test;
+
+echo cat
+$cmd enc < $test > $test.cipher
+$cmd enc < $test.cipher >$test.clear
+cmp $test $test.clear
+if [ $? != 0 ]
+then
+	exit 1
+else
+	/bin/rm $test.cipher $test.clear
+fi
+echo base64
+$cmd enc -a -e < $test > $test.cipher
+$cmd enc -a -d < $test.cipher >$test.clear
+cmp $test $test.clear
+if [ $? != 0 ]
+then
+	exit 1
+else
+	/bin/rm $test.cipher $test.clear
+fi
+
+for i in `$cmd list-cipher-commands`
+do
+	echo $i
+	$cmd $i -bufsize 113 -e -k test < $test > $test.$i.cipher
+	$cmd $i -bufsize 157 -d -k test < $test.$i.cipher >$test.$i.clear
+	cmp $test $test.$i.clear
+	if [ $? != 0 ]
+	then
+		exit 1
+	else
+		/bin/rm $test.$i.cipher $test.$i.clear
+	fi
+
+	echo $i base64
+	$cmd $i -bufsize 113 -a -e -k test < $test > $test.$i.cipher
+	$cmd $i -bufsize 157 -a -d -k test < $test.$i.cipher >$test.$i.clear
+	cmp $test $test.$i.clear
+	if [ $? != 0 ]
+	then
+		exit 1
+	else
+		/bin/rm $test.$i.cipher $test.$i.clear
+	fi
+done
+rm -f $test
diff --git a/crypto/openssl/test/testgen b/crypto/openssl/test/testgen
new file mode 100644
index 000000000000..3534f5821f0c
--- /dev/null
+++ b/crypto/openssl/test/testgen
@@ -0,0 +1,30 @@
+#!/bin/sh
+
+T=testcert
+KEY=512
+CA=../certs/testca.pem
+
+/bin/rm -f $T.1 $T.2 $T.key
+
+PATH=../apps:$PATH;
+export PATH
+
+echo "generating certificate request"
+
+echo "There should be a 2 sequences of .'s and some +'s."
+echo "There should not be more that at most 80 per line"
+echo "This could take some time."
+
+../apps/openssl req -config test.cnf -new -out testreq.pem
+if [ $? != 0 ]; then
+echo problems creating request
+exit 1
+fi
+
+../apps/openssl req -config test.cnf -verify -in testreq.pem -noout
+if [ $? != 0 ]; then
+echo signature on req is wrong
+exit 1
+fi
+
+exit 0
diff --git a/crypto/openssl/test/testp7.pem b/crypto/openssl/test/testp7.pem
new file mode 100644
index 000000000000..6bba16f13765
--- /dev/null
+++ b/crypto/openssl/test/testp7.pem
@@ -0,0 +1,46 @@
+-----BEGIN PKCS7-----
+MIAGCSqGSIb3DQEHAqCAMIIIBwIBATEAMIAGCSqGSIb3DQEHAQAAoIIGPDCCBHIw
+ggQcoAMCAQICEHkvjiX1iVGQMenF9HgIjI8wDQYJKoZIhvcNAQEEBQAwYjERMA8G
+A1UEBxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQL
+EytWZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyMB4X
+DTk2MDcxOTAwMDAwMFoXDTk3MDMzMDIzNTk1OVowgdUxETAPBgNVBAcTCEludGVy
+bmV0MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24g
+Q2xhc3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjEoMCYGA1UECxMfRGln
+aXRhbCBJRCBDbGFzcyAxIC0gU01JTUUgVGVzdDFHMEUGA1UECxM+d3d3LnZlcmlz
+aWduLmNvbS9yZXBvc2l0b3J5L0NQUy0xLjAgSW5jLiBieSBSZWYuLExJQUIuTFRE
+KGMpOTYwWzANBgkqhkiG9w0BAQEFAANKADBHAkAOy7xxCAIkOfuIA2LyRpxgKlDO
+Rl8htdXYhF5iBGUx1GYaK6KF+bK/CCI0l4j2OfWGFBUrwGoWqxTNcWgTfMzRAgMB
+AAGjggI5MIICNTAJBgNVHRMEAjAAMIICJgYDVR0DBIICHTCCAhkwggIVMIICEQYL
+YIZIAYb4RQEHAQEwggIAFoIBq1RoaXMgY2VydGlmaWNhdGUgaW5jb3Jwb3JhdGVz
+IGJ5IHJlZmVyZW5jZSwgYW5kIGl0cyB1c2UgaXMgc3RyaWN0bHkgc3ViamVjdCB0
+bywgdGhlIFZlcmlTaWduIENlcnRpZmljYXRpb24gUHJhY3RpY2UgU3RhdGVtZW50
+IChDUFMpLCBhdmFpbGFibGUgYXQ6IGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9D
+UFMtMS4wOyBieSBFLW1haWwgYXQgQ1BTLXJlcXVlc3RzQHZlcmlzaWduLmNvbTsg
+b3IgYnkgbWFpbCBhdCBWZXJpU2lnbiwgSW5jLiwgMjU5MyBDb2FzdCBBdmUuLCBN
+b3VudGFpbiBWaWV3LCBDQSA5NDA0MyBVU0EgVGVsLiArMSAoNDE1KSA5NjEtODgz
+MCBDb3B5cmlnaHQgKGMpIDE5OTYgVmVyaVNpZ24sIEluYy4gIEFsbCBSaWdodHMg
+UmVzZXJ2ZWQuIENFUlRBSU4gV0FSUkFOVElFUyBESVNDTEFJTUVEIGFuZCBMSUFC
+SUxJVFkgTElNSVRFRC6gDgYMYIZIAYb4RQEHAQEBoQ4GDGCGSAGG+EUBBwEBAjAv
+MC0WK2h0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L0NQUy0xLgMw
+DQYJKoZIhvcNAQEEBQADQQDAmA7km/3iJWEsWN9Z2WU2gmZAknx45WnDKHxMa3Bf
+gNsh6BLk/ngkJKjNKTDR13XVHqEPUY1flbjATZputw1GMIIBwjCCAWygAwIBAgIQ
+fAmE6tW5ERSQWDneu3KfSTANBgkqhkiG9w0BAQIFADA+MQswCQYDVQQGEwJVUzEX
+MBUGA1UEChMOVmVyaVNpZ24sIEluYy4xFjAUBgNVBAsTDVRFU1QgUm9vdCBQQ0Ew
+HhcNOTYwNzE3MDAwMDAwWhcNOTcwNzE3MjM1OTU5WjBiMREwDwYDVQQHEwhJbnRl
+cm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNVBAsTK1ZlcmlTaWdu
+IENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXIwXDANBgkqhkiG9w0B
+AQEFAANLADBIAkEA7Fc6zYJw4WwCWa1ni3fYNbzGSQNluuw990024GusjLfhEk1h
+MsIUukTT/n8yxoO7rYp4x+LS+tHF2tBtuxg7CwIDAQABoyIwIDALBgNVHQ8EBAMC
+AQYwEQYJYIZIAYb4QgEBBAQDAgIEMA0GCSqGSIb3DQEBAgUAA0EAFKem0cJGg9nd
+TAbP5o1HIEyNn11ZlvLU5v1Hejs1MKQt72IMm4jjgOH+pjguXW8lB6yzrK4oVOO2
+UNCaNQ1H26GCAa0wgcEwbTANBgkqhkiG9w0BAQIFADA+MQswCQYDVQQGEwJVUzEX
+MBUGA1UEChMOVmVyaVNpZ24sIEluYy4xFjAUBgNVBAsTDVRFU1QgUm9vdCBQQ0EX
+DTk2MDcxNzE3NDQwOVoXDTk4MDcxNzAwMDAwMFowDQYJKoZIhvcNAQECBQADQQB4
+rQNP8QLpAox83odQDE/5dqAuvDfshW/miTxwQTMXOoBtjGiowTcG+YXF1JZTJRMT
+jQN47tdH+6MCKt7N8MddMIHmMIGRMA0GCSqGSIb3DQEBAgUAMGIxETAPBgNVBAcT
+CEludGVybmV0MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVy
+aVNpZ24gQ2xhc3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlchcNOTYwNzE3
+MTc1OTI5WhcNOTcwNzE4MDAwMDAwWjANBgkqhkiG9w0BAQIFAANBALm1VmE7FrEJ
+rLXvX/lIDMPAZIw5TNuX8EC6wn5ppy8Y3sHstdJEkTsqVGiS2/q+KEQC3NHxvV32
+bGooiIKLUB4xAAAAAAA=
+-----END PKCS7-----
diff --git a/crypto/openssl/test/testreq2.pem b/crypto/openssl/test/testreq2.pem
new file mode 100644
index 000000000000..c3cdcffcbc61
--- /dev/null
+++ b/crypto/openssl/test/testreq2.pem
@@ -0,0 +1,7 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIHaMIGFAgEAMA4xDDAKBgNVBAMTA2NuNDBcMA0GCSqGSIb3DQEBAQUAA0sAMEgC
+QQCQsnkyUGDY2R3mYoeTprFJKgWuJ3f1jUjlIuW5+wfAUoeMt35c4vcFZ2mIBpEG
+DtzkNQN1kr2O9ldm9zYnYhyhAgMBAAGgEjAQBgorBgEEAYI3AgEOMQIwADANBgkq
+hkiG9w0BAQQFAANBAAb2szZgVIxg3vK6kYLjGSBISyuzcXJ6IvuPW6M+yzi1Qgoi
+gQhazHTJp91T8ItZEzUJGZSZl2e5iXlnffWB+/U=
+-----END CERTIFICATE REQUEST-----
diff --git a/crypto/openssl/test/testrsa.pem b/crypto/openssl/test/testrsa.pem
new file mode 100644
index 000000000000..aad21067a8f7
--- /dev/null
+++ b/crypto/openssl/test/testrsa.pem
@@ -0,0 +1,9 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIBPAIBAAJBAKrbeqkuRk8VcRmWFmtP+LviMB3+6dizWW3DwaffznyHGAFwUJ/I
+Tv0XtbsCyl3QoyKGhrOAy3RvPK5M38iuXT0CAwEAAQJAZ3cnzaHXM/bxGaR5CR1R
+rD1qFBAVfoQFiOH9uPJgMaoAuoQEisPHVcZDKcOv4wEg6/TInAIXBnEigtqvRzuy
+oQIhAPcgZzUq3yVooAaoov8UbXPxqHlwo6GBMqnv20xzkf6ZAiEAsP4BnIaQTM8S
+mvcpHZwQJdmdHHkGKAs37Dfxi67HbkUCIQCeZGliHXFa071Fp06ZeWlR2ADonTZz
+rJBhdTe0v5pCeQIhAIZfkiGgGBX4cIuuckzEm43g9WMUjxP/0GlK39vIyihxAiEA
+mymehFRT0MvqW5xAKAx7Pgkt8HVKwVhc2LwGKHE0DZM=
+-----END RSA PRIVATE KEY-----
diff --git a/crypto/openssl/test/testsid.pem b/crypto/openssl/test/testsid.pem
new file mode 100644
index 000000000000..7ffd008f6660
--- /dev/null
+++ b/crypto/openssl/test/testsid.pem
@@ -0,0 +1,12 @@
+-----BEGIN SSL SESSION PARAMETERS-----
+MIIB1gIBAQIBAgQDAQCABBCi11xa5qkOP8xrr02K/NQCBBBkIYQZM0Bt95W0EHNV
+bA58oQYCBDIBr7WiBAICASyjggGGMIIBgjCCASwCAQMwDQYJKoZIhvcNAQEEBQAw
+ODELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3Jz
+YSB0ZXN0IENBMB4XDTk1MTAwOTIzMzEzNFoXDTk4MDcwNTIzMzEzNFowYDELMAkG
+A1UEBhMCQVUxDDAKBgNVBAgTA1FMRDEZMBcGA1UEChMQTWluY29tIFB0eS4gTHRk
+LjELMAkGA1UECxMCQ1MxGzAZBgNVBAMTElNTTGVheSBkZW1vIGNsaWVudDBcMA0G
+CSqGSIb3DQEBAQUAA0sAMEgCQQC4pcXEL1lgVA+B5Q3TcuW/O3LZHoA73IYm8oFD
+TezgCDhL2RTMn+seKWF36UtJKRIOBU9jZHCVVd0Me5ls6BEjAgMBAAEwDQYJKoZI
+hvcNAQEEBQADQQBoIpOcwUY1qlVF7j3ROSGvUsbvByOBFmYWkIBgsCqR+9qo1A7L
+CrWF5i8LWt/vLwAHaxWNx2YuBJMFyuK81fTvpA0EC3Rlc3Rjb250ZXh0
+-----END SSL SESSION PARAMETERS-----
diff --git a/crypto/openssl/test/testss b/crypto/openssl/test/testss
new file mode 100644
index 000000000000..da62997a5ffa
--- /dev/null
+++ b/crypto/openssl/test/testss
@@ -0,0 +1,90 @@
+#!/bin/sh
+
+digest='-mdc2'
+reqcmd="../apps/openssl req"
+x509cmd="../apps/openssl x509 $digest"
+verifycmd="../apps/openssl verify"
+dummycnf="../apps/openssl.cnf"
+
+CAkey="keyCA.ss"
+CAcert="certCA.ss"
+CAreq="reqCA.ss"
+CAconf="CAss.cnf"
+CAreq2="req2CA.ss"	# temp
+
+Uconf="Uss.cnf"
+Ukey="keyU.ss"
+Ureq="reqU.ss"
+Ucert="certU.ss"
+
+echo
+echo "make a certificate request using 'req'"
+$reqcmd -config $CAconf -out $CAreq -keyout $CAkey -new #>err.ss
+if [ $? != 0 ]; then
+	echo "error using 'req' to generate a certificate request"
+	exit 1
+fi
+echo
+echo "convert the certificate request into a self signed certificate using 'x509'"
+$x509cmd -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey >err.ss
+if [ $? != 0 ]; then
+	echo "error using 'x509' to self sign a certificate request"
+	exit 1
+fi
+
+echo
+echo "convert a certificate into a certificate request using 'x509'"
+$x509cmd -in $CAcert -x509toreq -signkey $CAkey -out $CAreq2 >err.ss
+if [ $? != 0 ]; then
+	echo "error using 'x509' convert a certificate to a certificate request"
+	exit 1
+fi
+
+$reqcmd -config $dummycnf -verify -in $CAreq -noout
+if [ $? != 0 ]; then
+	echo first generated request is invalid
+	exit 1
+fi
+
+$reqcmd -config $dummycnf -verify -in $CAreq2 -noout
+if [ $? != 0 ]; then
+	echo second generated request is invalid
+	exit 1
+fi
+
+$verifycmd -CAfile $CAcert $CAcert
+if [ $? != 0 ]; then
+	echo first generated cert is invalid
+	exit 1
+fi
+
+echo
+echo "make another certificate request using 'req'"
+$reqcmd -config $Uconf -out $Ureq -keyout $Ukey -new >err.ss
+if [ $? != 0 ]; then
+	echo "error using 'req' to generate a certificate request"
+	exit 1
+fi
+
+echo
+echo "sign certificate request with the just created CA via 'x509'"
+$x509cmd -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey >err.ss
+if [ $? != 0 ]; then
+	echo "error using 'x509' to sign a certificate request"
+	exit 1
+fi
+
+$verifycmd -CAfile $CAcert $Ucert
+echo
+echo "Certificate details"
+$x509cmd -subject -issuer -startdate -enddate -noout -in $Ucert
+
+echo
+echo The generated CA certificate is $CAcert
+echo The generated CA private key is $CAkey
+
+echo The generated user certificate is $Ucert
+echo The generated user private key is $Ukey
+
+/bin/rm err.ss
+exit 0
diff --git a/crypto/openssl/test/testssl b/crypto/openssl/test/testssl
new file mode 100644
index 000000000000..255ae5e9768e
--- /dev/null
+++ b/crypto/openssl/test/testssl
@@ -0,0 +1,75 @@
+#!/bin/sh
+
+echo test sslv2
+./ssltest -ssl2 || exit 1
+
+echo test sslv2 with server authentication
+./ssltest -ssl2 -server_auth -CApath ../certs || exit 1
+
+echo test sslv2 with client authentication
+./ssltest -ssl2 -client_auth -CApath ../certs || exit 1
+
+echo test sslv2 with both client and server authentication
+./ssltest -ssl2 -server_auth -client_auth -CApath ../certs || exit 1
+
+echo test sslv3
+./ssltest -ssl3 || exit 1
+
+echo test sslv3 with server authentication
+./ssltest -ssl3 -server_auth -CApath ../certs || exit 1
+
+echo test sslv3 with client authentication
+./ssltest -ssl3 -client_auth -CApath ../certs || exit 1
+
+echo test sslv3 with both client and server authentication
+./ssltest -ssl3 -server_auth -client_auth -CApath ../certs || exit 1
+
+echo test sslv2/sslv3
+./ssltest || exit 1
+
+echo test sslv2/sslv3 with server authentication
+./ssltest -server_auth -CApath ../certs || exit 1
+
+echo test sslv2/sslv3 with client authentication
+./ssltest -client_auth -CApath ../certs || exit 1
+
+echo test sslv2/sslv3 with both client and server authentication
+./ssltest -server_auth -client_auth -CApath ../certs || exit 1
+
+echo test sslv2 via BIO pair
+./ssltest -bio_pair -ssl2 || exit 1
+
+echo test sslv2 with server authentication via BIO pair
+./ssltest -bio_pair -ssl2 -server_auth -CApath ../certs || exit 1
+
+echo test sslv2 with client authentication via BIO pair
+./ssltest -bio_pair -ssl2 -client_auth -CApath ../certs || exit 1
+
+echo test sslv2 with both client and server authentication via BIO pair
+./ssltest -bio_pair -ssl2 -server_auth -client_auth -CApath ../certs || exit 1
+
+echo test sslv3 via BIO pair
+./ssltest -bio_pair -ssl3 || exit 1
+
+echo test sslv3 with server authentication via BIO pair
+./ssltest -bio_pair -ssl3 -server_auth -CApath ../certs || exit 1
+
+echo test sslv3 with client authentication via BIO pair
+./ssltest -bio_pair -ssl3 -client_auth -CApath ../certs || exit 1
+
+echo test sslv3 with both client and server authentication via BIO pair
+./ssltest -bio_pair -ssl3 -server_auth -client_auth -CApath ../certs || exit 1
+
+echo test sslv2/sslv3 via BIO pair
+./ssltest || exit 1
+
+echo test sslv2/sslv3 with server authentication
+./ssltest -bio_pair -server_auth -CApath ../certs || exit 1
+
+echo test sslv2/sslv3 with client authentication via BIO pair
+./ssltest -bio_pair -client_auth -CApath ../certs || exit 1
+
+echo test sslv2/sslv3 with both client and server authentication via BIO pair
+./ssltest -bio_pair -server_auth -client_auth -CApath ../certs || exit 1
+
+exit 0
diff --git a/crypto/openssl/test/testx509.pem b/crypto/openssl/test/testx509.pem
new file mode 100644
index 000000000000..8a85d14964f8
--- /dev/null
+++ b/crypto/openssl/test/testx509.pem
@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE-----
+MIIBWzCCAQYCARgwDQYJKoZIhvcNAQEEBQAwODELMAkGA1UEBhMCQVUxDDAKBgNV
+BAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3JzYSB0ZXN0IENBMB4XDTk1MDYxOTIz
+MzMxMloXDTk1MDcxNzIzMzMxMlowOjELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FM
+RDEdMBsGA1UEAxMUU1NMZWF5L3JzYSB0ZXN0IGNlcnQwXDANBgkqhkiG9w0BAQEF
+AANLADBIAkEAqtt6qS5GTxVxGZYWa0/4u+IwHf7p2LNZbcPBp9/OfIcYAXBQn8hO
+/Re1uwLKXdCjIoaGs4DLdG88rkzfyK5dPQIDAQABMAwGCCqGSIb3DQIFBQADQQAE
+Wc7EcF8po2/ZO6kNCwK/ICH6DobgLekA5lSLr5EvuioZniZp5lFzAw4+YzPQ7XKJ
+zl9HYIMxATFyqSiD9jsx
+-----END CERTIFICATE-----
diff --git a/crypto/openssl/test/times b/crypto/openssl/test/times
new file mode 100644
index 000000000000..49aeebf216e8
--- /dev/null
+++ b/crypto/openssl/test/times
@@ -0,0 +1,113 @@
+
+More number for the questions about SSL overheads....
+
+The following numbers were generated on a pentium pro 200, running linux.
+They give an indication of the SSL protocol and encryption overheads.
+
+The program that generated them is an unreleased version of ssl/ssltest.c
+which is the SSLeay ssl protocol testing program.  It is a single process that
+talks both sides of the SSL protocol via a non-blocking memory buffer
+interface.
+
+How do I read this?  The protocol and cipher are reasonable obvious.
+The next number is the number of connections being made.  The next is the
+number of bytes exchanged bewteen the client and server side of the protocol.
+This is the number of bytes that the client sends to the server, and then
+the server sends back.  Because this is all happening in one process,
+the data is being encrypted, decrypted, encrypted and then decrypted again.
+It is a round trip of that many bytes.  Because the one process performs
+both the client and server sides of the protocol and it sends this many bytes
+each direction, multiply this number by 4 to generate the number
+of bytes encrypted/decrypted/MACed.  The first time value is how many seconds
+elapsed doing a full SSL handshake, the second is the cost of one
+full handshake and the rest being session-id reuse.
+
+SSLv2 RC4-MD5      1000 x      1   12.83s   0.70s
+SSLv3 NULL-MD5     1000 x      1   14.35s   1.47s
+SSLv3 RC4-MD5      1000 x      1   14.46s   1.56s
+SSLv3 RC4-MD5      1000 x      1   51.93s   1.62s 1024bit RSA
+SSLv3 RC4-SHA      1000 x      1   14.61s   1.83s
+SSLv3 DES-CBC-SHA  1000 x      1   14.70s   1.89s
+SSLv3 DES-CBC3-SHA 1000 x      1   15.16s   2.16s
+
+SSLv2 RC4-MD5      1000 x   1024   13.72s   1.27s
+SSLv3 NULL-MD5     1000 x   1024   14.79s   1.92s
+SSLv3 RC4-MD5      1000 x   1024   52.58s   2.29s 1024bit RSA
+SSLv3 RC4-SHA      1000 x   1024   15.39s   2.67s
+SSLv3 DES-CBC-SHA  1000 x   1024   16.45s   3.55s
+SSLv3 DES-CBC3-SHA 1000 x   1024   18.21s   5.38s
+
+SSLv2 RC4-MD5      1000 x  10240   18.97s   6.52s
+SSLv3 NULL-MD5     1000 x  10240   17.79s   5.11s
+SSLv3 RC4-MD5      1000 x  10240   20.25s   7.90s
+SSLv3 RC4-MD5      1000 x  10240   58.26s   8.08s 1024bit RSA
+SSLv3 RC4-SHA      1000 x  10240   22.96s  11.44s
+SSLv3 DES-CBC-SHA  1000 x  10240   30.65s  18.41s
+SSLv3 DES-CBC3-SHA 1000 x  10240   47.04s  34.53s
+
+SSLv2 RC4-MD5      1000 x 102400   70.22s  57.74s
+SSLv3 NULL-MD5     1000 x 102400   43.73s  31.03s
+SSLv3 RC4-MD5      1000 x 102400   71.32s  58.83s
+SSLv3 RC4-MD5      1000 x 102400  109.66s  59.20s 1024bit RSA
+SSLv3 RC4-SHA      1000 x 102400   95.88s  82.21s
+SSLv3 DES-CBC-SHA  1000 x 102400  173.22s 160.55s
+SSLv3 DES-CBC3-SHA 1000 x 102400  336.61s 323.82s
+
+What does this all mean?  Well for a server, with no session-id reuse, with
+a transfer size of 10240 bytes, using RC4-MD5 and a 512bit server key,
+a pentium pro 200 running linux can handle the SSLv3 protocol overheads of
+about 49 connections a second.  Reality will be quite different :-).
+
+Remeber the first number is 1000 full ssl handshakes, the second is
+1 full and 999 with session-id reuse.  The RSA overheads for each exchange
+would be one public and one private operation, but the protocol/MAC/cipher
+cost would be quite similar in both the client and server.
+
+eric (adding numbers to speculation)
+
+--- Appendix ---
+- The time measured is user time but these number a very rough.
+- Remember this is the cost of both client and server sides of the protocol.
+- The TCP/kernal overhead of connection establishment is normally the
+  killer in SSL.  Often delays in the TCP protocol will make session-id
+  reuse look slower that new sessions, but this would not be the case on
+  a loaded server.
+- The TCP round trip latencies, while slowing indervidual connections,
+  would have minimal impact on throughput.
+- Instead of sending one 102400 byte buffer, one 8k buffer is sent until
+- the required number of bytes are processed.
+- The SSLv3 connections were actually SSLv2 compatable SSLv3 headers.
+- A 512bit server key was being used except where noted.
+- No server key verification was being performed on the client side of the
+  protocol.  This would slow things down very little.
+- The library being used is SSLeay 0.8.x.
+- The normal mesauring system was commands of the form
+  time ./ssltest -num 1000 -bytes 102400 -cipher DES-CBC-SHA -reuse
+  This modified version of ssltest should be in the next public release of
+  SSLeay.
+
+The general cipher performace number for this platform are
+
+SSLeay 0.8.2a 04-Sep-1997
+built on Fri Sep  5 17:37:05 EST 1997
+options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(ptr2)
+C flags:gcc -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized 
+The 'numbers' are in 1000s of bytes per second processed.
+type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2               131.02k      368.41k      500.57k      549.21k      566.09k
+mdc2              535.60k      589.10k      595.88k      595.97k      594.54k
+md5              1801.53k     9674.77k    17484.03k    21849.43k    23592.96k
+sha              1261.63k     5533.25k     9285.63k    11187.88k    11913.90k
+sha1             1103.13k     4782.53k     7933.78k     9472.34k    10070.70k
+rc4             10722.53k    14443.93k    15215.79k    15299.24k    15219.59k
+des cbc          3286.57k     3827.73k     3913.39k     3931.82k     3926.70k
+des ede3         1443.50k     1549.08k     1561.17k     1566.38k     1564.67k
+idea cbc         2203.64k     2508.16k     2538.33k     2543.62k     2547.71k
+rc2 cbc          1430.94k     1511.59k     1524.82k     1527.13k     1523.33k
+blowfish cbc     4716.07k     5965.82k     6190.17k     6243.67k     6234.11k
+                  sign    verify
+rsa  512 bits   0.0100s   0.0011s
+rsa 1024 bits   0.0451s   0.0012s
+rsa 2048 bits   0.2605s   0.0086s
+rsa 4096 bits   1.6883s   0.0302s
+
diff --git a/crypto/openssl/test/tpkcs7 b/crypto/openssl/test/tpkcs7
new file mode 100644
index 000000000000..15bbba42c051
--- /dev/null
+++ b/crypto/openssl/test/tpkcs7
@@ -0,0 +1,51 @@
+#!/bin/sh
+
+PATH=../apps:$PATH
+export PATH
+
+cmd='../apps/openssl pkcs7'
+
+if [ "$1"x != "x" ]; then
+	t=$1
+else
+	t=testp7.pem
+fi
+
+echo testing pkcs7 conversions
+cp $t fff.p
+
+echo "p -> d"
+$cmd -in fff.p -inform p -outform d >f.d
+if [ $? != 0 ]; then exit 1; fi
+echo "p -> p"
+$cmd -in fff.p -inform p -outform p >f.p
+if [ $? != 0 ]; then exit 1; fi
+
+echo "d -> d"
+$cmd -in f.d -inform d -outform d >ff.d1
+if [ $? != 0 ]; then exit 1; fi
+echo "p -> d"
+$cmd -in f.p -inform p -outform d >ff.d3
+if [ $? != 0 ]; then exit 1; fi
+
+echo "d -> p"
+$cmd -in f.d -inform d -outform p >ff.p1
+if [ $? != 0 ]; then exit 1; fi
+echo "p -> p"
+$cmd -in f.p -inform p -outform p >ff.p3
+if [ $? != 0 ]; then exit 1; fi
+
+cmp fff.p f.p
+if [ $? != 0 ]; then exit 1; fi
+cmp fff.p ff.p1
+if [ $? != 0 ]; then exit 1; fi
+cmp fff.p ff.p3
+if [ $? != 0 ]; then exit 1; fi
+
+cmp f.p ff.p1
+if [ $? != 0 ]; then exit 1; fi
+cmp f.p ff.p3
+if [ $? != 0 ]; then exit 1; fi
+
+/bin/rm -f f.* ff.* fff.*
+exit 0
diff --git a/crypto/openssl/test/tpkcs7d b/crypto/openssl/test/tpkcs7d
new file mode 100644
index 000000000000..46e5aa2bd6ec
--- /dev/null
+++ b/crypto/openssl/test/tpkcs7d
@@ -0,0 +1,44 @@
+#!/bin/sh
+
+PATH=../apps:$PATH
+export PATH
+
+cmd='../apps/openssl pkcs7'
+
+if [ "$1"x != "x" ]; then
+	t=$1
+else
+	t=pkcs7-1.pem
+fi
+
+echo "testing pkcs7 conversions (2)"
+cp $t fff.p
+
+echo "p -> d"
+$cmd -in fff.p -inform p -outform d >f.d
+if [ $? != 0 ]; then exit 1; fi
+echo "p -> p"
+$cmd -in fff.p -inform p -outform p >f.p
+if [ $? != 0 ]; then exit 1; fi
+
+echo "d -> d"
+$cmd -in f.d -inform d -outform d >ff.d1
+if [ $? != 0 ]; then exit 1; fi
+echo "p -> d"
+$cmd -in f.p -inform p -outform d >ff.d3
+if [ $? != 0 ]; then exit 1; fi
+
+echo "d -> p"
+$cmd -in f.d -inform d -outform p >ff.p1
+if [ $? != 0 ]; then exit 1; fi
+echo "p -> p"
+$cmd -in f.p -inform p -outform p >ff.p3
+if [ $? != 0 ]; then exit 1; fi
+
+cmp f.p ff.p1
+if [ $? != 0 ]; then exit 1; fi
+cmp f.p ff.p3
+if [ $? != 0 ]; then exit 1; fi
+
+/bin/rm -f f.* ff.* fff.*
+exit 0
diff --git a/crypto/openssl/test/treq b/crypto/openssl/test/treq
new file mode 100644
index 000000000000..0464c9d902fb
--- /dev/null
+++ b/crypto/openssl/test/treq
@@ -0,0 +1,81 @@
+#!/bin/sh
+
+PATH=../apps:$PATH
+export PATH
+
+cmd='../apps/openssl req -config ../apps/openssl.cnf'
+
+if [ "$1"x != "x" ]; then
+	t=$1
+else
+	t=testreq.pem
+fi
+
+echo testing req conversions
+cp $t fff.p
+
+echo "p -> d"
+$cmd -in fff.p -inform p -outform d >f.d
+if [ $? != 0 ]; then exit 1; fi
+#echo "p -> t"
+#$cmd -in fff.p -inform p -outform t >f.t
+#if [ $? != 0 ]; then exit 1; fi
+echo "p -> p"
+$cmd -in fff.p -inform p -outform p >f.p
+if [ $? != 0 ]; then exit 1; fi
+
+echo "d -> d"
+$cmd -verify -in f.d -inform d -outform d >ff.d1
+if [ $? != 0 ]; then exit 1; fi
+#echo "t -> d"
+#$cmd -in f.t -inform t -outform d >ff.d2
+#if [ $? != 0 ]; then exit 1; fi
+echo "p -> d"
+$cmd -verify -in f.p -inform p -outform d >ff.d3
+if [ $? != 0 ]; then exit 1; fi
+
+#echo "d -> t"
+#$cmd -in f.d -inform d -outform t >ff.t1
+#if [ $? != 0 ]; then exit 1; fi
+#echo "t -> t"
+#$cmd -in f.t -inform t -outform t >ff.t2
+#if [ $? != 0 ]; then exit 1; fi
+#echo "p -> t"
+#$cmd -in f.p -inform p -outform t >ff.t3
+#if [ $? != 0 ]; then exit 1; fi
+
+echo "d -> p"
+$cmd -in f.d -inform d -outform p >ff.p1
+if [ $? != 0 ]; then exit 1; fi
+#echo "t -> p"
+#$cmd -in f.t -inform t -outform p >ff.p2
+#if [ $? != 0 ]; then exit 1; fi
+echo "p -> p"
+$cmd -in f.p -inform p -outform p >ff.p3
+if [ $? != 0 ]; then exit 1; fi
+
+cmp fff.p f.p
+if [ $? != 0 ]; then exit 1; fi
+cmp fff.p ff.p1
+if [ $? != 0 ]; then exit 1; fi
+#cmp fff.p ff.p2
+#if [ $? != 0 ]; then exit 1; fi
+cmp fff.p ff.p3
+if [ $? != 0 ]; then exit 1; fi
+
+#cmp f.t ff.t1
+#if [ $? != 0 ]; then exit 1; fi
+#cmp f.t ff.t2
+#if [ $? != 0 ]; then exit 1; fi
+#cmp f.t ff.t3
+#if [ $? != 0 ]; then exit 1; fi
+
+cmp f.p ff.p1
+if [ $? != 0 ]; then exit 1; fi
+#cmp f.p ff.p2
+#if [ $? != 0 ]; then exit 1; fi
+cmp f.p ff.p3
+if [ $? != 0 ]; then exit 1; fi
+
+/bin/rm -f f.* ff.* fff.*
+exit 0
diff --git a/crypto/openssl/test/trsa b/crypto/openssl/test/trsa
new file mode 100644
index 000000000000..d6a4dd826d7b
--- /dev/null
+++ b/crypto/openssl/test/trsa
@@ -0,0 +1,81 @@
+#!/bin/sh
+
+PATH=../apps:$PATH
+export PATH
+
+cmd='../apps/openssl rsa'
+
+if [ "$1"x != "x" ]; then
+	t=$1
+else
+	t=testrsa.pem
+fi
+
+echo testing rsa conversions
+cp $t fff.p
+
+echo "p -> d"
+$cmd -in fff.p -inform p -outform d >f.d
+if [ $? != 0 ]; then exit 1; fi
+#echo "p -> t"
+#$cmd -in fff.p -inform p -outform t >f.t
+#if [ $? != 0 ]; then exit 1; fi
+echo "p -> p"
+$cmd -in fff.p -inform p -outform p >f.p
+if [ $? != 0 ]; then exit 1; fi
+
+echo "d -> d"
+$cmd -in f.d -inform d -outform d >ff.d1
+if [ $? != 0 ]; then exit 1; fi
+#echo "t -> d"
+#$cmd -in f.t -inform t -outform d >ff.d2
+#if [ $? != 0 ]; then exit 1; fi
+echo "p -> d"
+$cmd -in f.p -inform p -outform d >ff.d3
+if [ $? != 0 ]; then exit 1; fi
+
+#echo "d -> t"
+#$cmd -in f.d -inform d -outform t >ff.t1
+#if [ $? != 0 ]; then exit 1; fi
+#echo "t -> t"
+#$cmd -in f.t -inform t -outform t >ff.t2
+#if [ $? != 0 ]; then exit 1; fi
+#echo "p -> t"
+#$cmd -in f.p -inform p -outform t >ff.t3
+#if [ $? != 0 ]; then exit 1; fi
+
+echo "d -> p"
+$cmd -in f.d -inform d -outform p >ff.p1
+if [ $? != 0 ]; then exit 1; fi
+#echo "t -> p"
+#$cmd -in f.t -inform t -outform p >ff.p2
+#if [ $? != 0 ]; then exit 1; fi
+echo "p -> p"
+$cmd -in f.p -inform p -outform p >ff.p3
+if [ $? != 0 ]; then exit 1; fi
+
+cmp fff.p f.p
+if [ $? != 0 ]; then exit 1; fi
+cmp fff.p ff.p1
+if [ $? != 0 ]; then exit 1; fi
+#cmp fff.p ff.p2
+#if [ $? != 0 ]; then exit 1; fi
+cmp fff.p ff.p3
+if [ $? != 0 ]; then exit 1; fi
+
+#cmp f.t ff.t1
+#if [ $? != 0 ]; then exit 1; fi
+#cmp f.t ff.t2
+#if [ $? != 0 ]; then exit 1; fi
+#cmp f.t ff.t3
+#if [ $? != 0 ]; then exit 1; fi
+
+cmp f.p ff.p1
+if [ $? != 0 ]; then exit 1; fi
+#cmp f.p ff.p2
+#if [ $? != 0 ]; then exit 1; fi
+cmp f.p ff.p3
+if [ $? != 0 ]; then exit 1; fi
+
+/bin/rm -f f.* ff.* fff.*
+exit 0
diff --git a/crypto/openssl/test/tsid b/crypto/openssl/test/tsid
new file mode 100644
index 000000000000..9e0854516ca3
--- /dev/null
+++ b/crypto/openssl/test/tsid
@@ -0,0 +1,81 @@
+#!/bin/sh
+
+PATH=../apps:$PATH
+export PATH
+
+cmd='../apps/openssl sess_id'
+
+if [ "$1"x != "x" ]; then
+	t=$1
+else
+	t=testsid.pem
+fi
+
+echo testing session-id conversions
+cp $t fff.p
+
+echo "p -> d"
+$cmd -in fff.p -inform p -outform d >f.d
+if [ $? != 0 ]; then exit 1; fi
+#echo "p -> t"
+#$cmd -in fff.p -inform p -outform t >f.t
+#if [ $? != 0 ]; then exit 1; fi
+echo "p -> p"
+$cmd -in fff.p -inform p -outform p >f.p
+if [ $? != 0 ]; then exit 1; fi
+
+echo "d -> d"
+$cmd -in f.d -inform d -outform d >ff.d1
+if [ $? != 0 ]; then exit 1; fi
+#echo "t -> d"
+#$cmd -in f.t -inform t -outform d >ff.d2
+#if [ $? != 0 ]; then exit 1; fi
+echo "p -> d"
+$cmd -in f.p -inform p -outform d >ff.d3
+if [ $? != 0 ]; then exit 1; fi
+
+#echo "d -> t"
+#$cmd -in f.d -inform d -outform t >ff.t1
+#if [ $? != 0 ]; then exit 1; fi
+#echo "t -> t"
+#$cmd -in f.t -inform t -outform t >ff.t2
+#if [ $? != 0 ]; then exit 1; fi
+#echo "p -> t"
+#$cmd -in f.p -inform p -outform t >ff.t3
+#if [ $? != 0 ]; then exit 1; fi
+
+echo "d -> p"
+$cmd -in f.d -inform d -outform p >ff.p1
+if [ $? != 0 ]; then exit 1; fi
+#echo "t -> p"
+#$cmd -in f.t -inform t -outform p >ff.p2
+#if [ $? != 0 ]; then exit 1; fi
+echo "p -> p"
+$cmd -in f.p -inform p -outform p >ff.p3
+if [ $? != 0 ]; then exit 1; fi
+
+cmp fff.p f.p
+if [ $? != 0 ]; then exit 1; fi
+cmp fff.p ff.p1
+if [ $? != 0 ]; then exit 1; fi
+#cmp fff.p ff.p2
+#if [ $? != 0 ]; then exit 1; fi
+cmp fff.p ff.p3
+if [ $? != 0 ]; then exit 1; fi
+
+#cmp f.t ff.t1
+#if [ $? != 0 ]; then exit 1; fi
+#cmp f.t ff.t2
+#if [ $? != 0 ]; then exit 1; fi
+#cmp f.t ff.t3
+#if [ $? != 0 ]; then exit 1; fi
+
+cmp f.p ff.p1
+if [ $? != 0 ]; then exit 1; fi
+#cmp f.p ff.p2
+#if [ $? != 0 ]; then exit 1; fi
+cmp f.p ff.p3
+if [ $? != 0 ]; then exit 1; fi
+
+/bin/rm -f f.* ff.* fff.*
+exit 0
diff --git a/crypto/openssl/test/tx509 b/crypto/openssl/test/tx509
new file mode 100644
index 000000000000..35169f3a4380
--- /dev/null
+++ b/crypto/openssl/test/tx509
@@ -0,0 +1,81 @@
+#!/bin/sh
+
+PATH=../apps:$PATH
+export PATH
+
+cmd='../apps/openssl x509'
+
+if [ "$1"x != "x" ]; then
+	t=$1
+else
+	t=testx509.pem
+fi
+
+echo testing X509 conversions
+cp $t fff.p
+
+echo "p -> d"
+$cmd -in fff.p -inform p -outform d >f.d
+if [ $? != 0 ]; then exit 1; fi
+echo "p -> n"
+$cmd -in fff.p -inform p -outform n >f.n
+if [ $? != 0 ]; then exit 1; fi
+echo "p -> p"
+$cmd -in fff.p -inform p -outform p >f.p
+if [ $? != 0 ]; then exit 1; fi
+
+echo "d -> d"
+$cmd -in f.d -inform d -outform d >ff.d1
+if [ $? != 0 ]; then exit 1; fi
+echo "n -> d"
+$cmd -in f.n -inform n -outform d >ff.d2
+if [ $? != 0 ]; then exit 1; fi
+echo "p -> d"
+$cmd -in f.p -inform p -outform d >ff.d3
+if [ $? != 0 ]; then exit 1; fi
+
+echo "d -> n"
+$cmd -in f.d -inform d -outform n >ff.n1
+if [ $? != 0 ]; then exit 1; fi
+echo "n -> n"
+$cmd -in f.n -inform n -outform n >ff.n2
+if [ $? != 0 ]; then exit 1; fi
+echo "p -> n"
+$cmd -in f.p -inform p -outform n >ff.n3
+if [ $? != 0 ]; then exit 1; fi
+
+echo "d -> p"
+$cmd -in f.d -inform d -outform p >ff.p1
+if [ $? != 0 ]; then exit 1; fi
+echo "n -> p"
+$cmd -in f.n -inform n -outform p >ff.p2
+if [ $? != 0 ]; then exit 1; fi
+echo "p -> p"
+$cmd -in f.p -inform p -outform p >ff.p3
+if [ $? != 0 ]; then exit 1; fi
+
+cmp fff.p f.p
+if [ $? != 0 ]; then exit 1; fi
+cmp fff.p ff.p1
+if [ $? != 0 ]; then exit 1; fi
+cmp fff.p ff.p2
+if [ $? != 0 ]; then exit 1; fi
+cmp fff.p ff.p3
+if [ $? != 0 ]; then exit 1; fi
+
+cmp f.n ff.n1
+if [ $? != 0 ]; then exit 1; fi
+cmp f.n ff.n2
+if [ $? != 0 ]; then exit 1; fi
+cmp f.n ff.n3
+if [ $? != 0 ]; then exit 1; fi
+
+cmp f.p ff.p1
+if [ $? != 0 ]; then exit 1; fi
+cmp f.p ff.p2
+if [ $? != 0 ]; then exit 1; fi
+cmp f.p ff.p3
+if [ $? != 0 ]; then exit 1; fi
+
+/bin/rm -f f.* ff.* fff.*
+exit 0
diff --git a/crypto/openssl/test/v3-cert1.pem b/crypto/openssl/test/v3-cert1.pem
new file mode 100644
index 000000000000..0da253d5c340
--- /dev/null
+++ b/crypto/openssl/test/v3-cert1.pem
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICjTCCAfigAwIBAgIEMaYgRzALBgkqhkiG9w0BAQQwRTELMAkGA1UEBhMCVVMx
+NjA0BgNVBAoTLU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFuZCBTcGFjZSBBZG1pbmlz
+dHJhdGlvbjAmFxE5NjA1MjgxMzQ5MDUrMDgwMBcROTgwNTI4MTM0OTA1KzA4MDAw
+ZzELMAkGA1UEBhMCVVMxNjA0BgNVBAoTLU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFu
+ZCBTcGFjZSBBZG1pbmlzdHJhdGlvbjEgMAkGA1UEBRMCMTYwEwYDVQQDEwxTdGV2
+ZSBTY2hvY2gwWDALBgkqhkiG9w0BAQEDSQAwRgJBALrAwyYdgxmzNP/ts0Uyf6Bp
+miJYktU/w4NG67ULaN4B5CnEz7k57s9o3YY3LecETgQ5iQHmkwlYDTL2fTgVfw0C
+AQOjgaswgagwZAYDVR0ZAQH/BFowWDBWMFQxCzAJBgNVBAYTAlVTMTYwNAYDVQQK
+Ey1OYXRpb25hbCBBZXJvbmF1dGljcyBhbmQgU3BhY2UgQWRtaW5pc3RyYXRpb24x
+DTALBgNVBAMTBENSTDEwFwYDVR0BAQH/BA0wC4AJODMyOTcwODEwMBgGA1UdAgQR
+MA8ECTgzMjk3MDgyM4ACBSAwDQYDVR0KBAYwBAMCBkAwCwYJKoZIhvcNAQEEA4GB
+AH2y1VCEw/A4zaXzSYZJTTUi3uawbbFiS2yxHvgf28+8Js0OHXk1H1w2d6qOHH21
+X82tZXd/0JtG0g1T9usFFBDvYK8O0ebgz/P5ELJnBL2+atObEuJy1ZZ0pBDWINR3
+WkDNLCGiTkCKp0F5EWIrVDwh54NNevkCQRZita+z4IBO
+-----END CERTIFICATE-----
diff --git a/crypto/openssl/test/v3-cert2.pem b/crypto/openssl/test/v3-cert2.pem
new file mode 100644
index 000000000000..de0723ff8de3
--- /dev/null
+++ b/crypto/openssl/test/v3-cert2.pem
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICiTCCAfKgAwIBAgIEMeZfHzANBgkqhkiG9w0BAQQFADB9MQswCQYDVQQGEwJD
+YTEPMA0GA1UEBxMGTmVwZWFuMR4wHAYDVQQLExVObyBMaWFiaWxpdHkgQWNjZXB0
+ZWQxHzAdBgNVBAoTFkZvciBEZW1vIFB1cnBvc2VzIE9ubHkxHDAaBgNVBAMTE0Vu
+dHJ1c3QgRGVtbyBXZWIgQ0EwHhcNOTYwNzEyMTQyMDE1WhcNOTYxMDEyMTQyMDE1
+WjB0MSQwIgYJKoZIhvcNAQkBExVjb29rZUBpc3NsLmF0bC5ocC5jb20xCzAJBgNV
+BAYTAlVTMScwJQYDVQQLEx5IZXdsZXR0IFBhY2thcmQgQ29tcGFueSAoSVNTTCkx
+FjAUBgNVBAMTDVBhdWwgQS4gQ29va2UwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA
+6ceSq9a9AU6g+zBwaL/yVmW1/9EE8s5you1mgjHnj0wAILuoB3L6rm6jmFRy7QZT
+G43IhVZdDua4e+5/n1ZslwIDAQABo2MwYTARBglghkgBhvhCAQEEBAMCB4AwTAYJ
+YIZIAYb4QgENBD8WPVRoaXMgY2VydGlmaWNhdGUgaXMgb25seSBpbnRlbmRlZCBm
+b3IgZGVtb25zdHJhdGlvbiBwdXJwb3Nlcy4wDQYJKoZIhvcNAQEEBQADgYEAi8qc
+F3zfFqy1sV8NhjwLVwOKuSfhR/Z8mbIEUeSTlnH3QbYt3HWZQ+vXI8mvtZoBc2Fz
+lexKeIkAZXCesqGbs6z6nCt16P6tmdfbZF3I3AWzLquPcOXjPf4HgstkyvVBn0Ap
+jAFN418KF/Cx4qyHB4cjdvLrRjjQLnb2+ibo7QU=
+-----END CERTIFICATE-----
diff --git a/crypto/openssl/times/090/586-100.nt b/crypto/openssl/times/090/586-100.nt
new file mode 100644
index 000000000000..297ec3e7f088
--- /dev/null
+++ b/crypto/openssl/times/090/586-100.nt
@@ -0,0 +1,32 @@
+SSLeay 0.9.0 08-Apr-1998
+built on Wed Apr  8 12:47:17 EST 1998
+options:bn(64,32) md2(int) rc4(idx,int) des(idx,cisc,4,long) idea(int) blowfish(
+ptr2)
+C flags:cl /MD /W3 /WX /G5 /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DWIN32 -DL_ENDIAN
+-DBN_ASM -DMD5_ASM -DSHA1_ASM -DRMD160_ASM
+The 'numbers' are in 1000s of bytes per second processed.
+type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2                 92.25k      256.80k      347.01k      380.40k      390.31k
+mdc2               240.72k      251.10k      252.00k      250.80k      251.40k
+md5               1013.61k     5651.94k    11831.61k    16294.89k    17901.43k
+hmac(md5)          419.50k     2828.07k     7770.11k    13824.34k    17091.70k
+sha1               524.31k     2721.45k     5216.15k     6766.10k     7308.42k
+rmd160             462.09k     2288.59k     4260.77k     5446.44k     5841.65k
+rc4               7895.90k    10326.73k    10555.43k    10728.22k    10429.44k
+des cbc           2036.86k     2208.92k     2237.68k     2237.20k     2181.35k
+des ede3           649.92k      739.42k      749.07k      748.86k      738.27k
+idea cbc           823.19k      885.10k      894.92k      896.45k      891.87k
+rc2 cbc            792.63k      859.00k      867.45k      868.96k      865.30k
+rc5-32/12 cbc     3502.26k     4026.79k     4107.23k     4121.76k     4073.72k
+blowfish cbc      3752.96k     4026.79k     4075.31k     3965.87k     3892.26k
+cast cbc          2566.27k     2807.43k     2821.79k     2792.48k     2719.34k
+                  sign    verify    sign/s verify/s
+rsa  512 bits   0.0179s   0.0020s     56.0    501.7
+rsa 1024 bits   0.0950s   0.0060s     10.5    166.6
+rsa 2048 bits   0.6299s   0.0209s      1.6     47.8
+rsa 4096 bits   4.5870s   0.0787s      0.2     12.7
+                  sign    verify    sign/s verify/s
+dsa  512 bits   0.0180s   0.0339s     55.6     29.5
+dsa 1024 bits   0.0555s   0.1076s     18.0      9.3
+dsa 2048 bits   0.1971s   0.3918s      5.1      2.6
+
diff --git a/crypto/openssl/times/091/486-50.nt b/crypto/openssl/times/091/486-50.nt
new file mode 100644
index 000000000000..84820d9c6509
--- /dev/null
+++ b/crypto/openssl/times/091/486-50.nt
@@ -0,0 +1,30 @@
+486-50 NT 4.0
+
+SSLeay 0.9.1a 06-Jul-1998
+built on Sat Jul 18 18:03:20 EST 1998
+options:bn(64,32) md2(int) rc4(idx,int) des(idx,cisc,4,long) idea(int) blowfish(ptr2)
+C flags:cl /MD /W3 /WX /G5 /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DWIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DBN_ASM -DMD5_ASM -DSHA1_ASM -DRMD160_ASM /Fdout32
+The 'numbers' are in 1000s of bytes per second processed.
+type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2                 28.77k       80.30k      108.50k      118.98k      122.47k
+mdc2                51.52k       54.06k       54.54k       54.65k       54.62k
+md5                304.39k     1565.04k     3061.54k     3996.10k     4240.10k
+hmac(md5)          119.53k      793.23k     2061.29k     3454.95k     4121.76k
+sha1               127.51k      596.93k     1055.54k     1313.84k     1413.18k
+rmd160             128.50k      572.49k     1001.03k     1248.01k     1323.63k
+rc4               1224.40k     1545.11k     1590.29k     1600.20k     1576.90k
+des cbc            448.19k      503.45k      512.30k      513.30k      508.23k
+des ede3           148.66k      162.48k      163.68k      163.94k      164.24k
+idea cbc           194.18k      211.10k      212.99k      213.18k      212.64k
+rc2 cbc            245.78k      271.01k      274.12k      274.38k      273.52k
+rc5-32/12 cbc     1252.48k     1625.20k     1700.03k     1711.12k     1677.18k
+blowfish cbc       725.16k      828.26k      850.01k      846.99k      833.79k
+cast cbc           643.30k      717.22k      739.48k      741.57k      735.33k
+                  sign    verify    sign/s verify/s
+rsa  512 bits   0.0904s   0.0104s     11.1     96.2
+rsa 1024 bits   0.5968s   0.0352s      1.7     28.4
+rsa 2048 bits   3.8860s   0.1017s      0.3      9.8
+                  sign    verify    sign/s verify/s
+dsa  512 bits   0.1006s   0.1249s      9.9      8.0
+dsa 1024 bits   0.3306s   0.4093s      3.0      2.4
+dsa 2048 bits   0.9454s   1.1707s      1.1      0.9
diff --git a/crypto/openssl/times/091/586-100.lnx b/crypto/openssl/times/091/586-100.lnx
new file mode 100644
index 000000000000..92892a672db7
--- /dev/null
+++ b/crypto/openssl/times/091/586-100.lnx
@@ -0,0 +1,32 @@
+Pentium 100mhz, linux
+
+SSLeay 0.9.0a 14-Apr-1998
+built on Fri Apr 17 08:47:07 EST 1998
+options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(ptr2)
+C flags:gcc -DL_ENDIAN -DTERMIO -DBN_ASM -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
+The 'numbers' are in 1000s of bytes per second processed.
+type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2                 56.65k      153.88k      208.47k      229.03k      237.57k
+mdc2               189.59k      204.95k      206.93k      208.90k      209.56k
+md5               1019.48k     5882.41k    12085.42k    16376.49k    18295.47k
+hmac(md5)          415.86k     2887.85k     7891.29k    13894.66k    17446.23k
+sha1               540.68k     2791.96k     5289.30k     6813.01k     7432.87k
+rmd160             298.37k     1846.87k     3869.10k     5273.94k     5892.78k
+rc4               7870.87k    10438.10k    10857.13k    10729.47k    10788.86k
+des cbc           1960.60k     2226.37k     2241.88k     2054.83k     2181.80k
+des ede3           734.44k      739.69k      779.43k      750.25k      772.78k
+idea cbc           654.07k      711.00k      716.89k      718.51k      720.90k
+rc2 cbc            648.83k      701.91k      708.61k      708.95k      709.97k
+rc5-32/12 cbc     3504.71k     4054.76k     4131.41k     4105.56k     4134.23k
+blowfish cbc      3762.25k     4313.79k     4460.54k     4356.78k     4317.18k
+cast cbc          2755.01k     3038.91k     3076.44k     3027.63k     2998.27k
+                  sign    verify    sign/s verify/s
+rsa  512 bits   0.0195s   0.0019s     51.4    519.9
+rsa 1024 bits   0.1000s   0.0059s     10.0    168.2
+rsa 2048 bits   0.6406s   0.0209s      1.6     47.8
+rsa 4096 bits   4.6100s   0.0787s      0.2     12.7
+                  sign    verify    sign/s verify/s
+dsa  512 bits   0.0188s   0.0360s     53.1     27.8
+dsa 1024 bits   0.0570s   0.1126s     17.5      8.9
+dsa 2048 bits   0.1990s   0.3954s      5.0      2.5
+
diff --git a/crypto/openssl/times/091/68000.bsd b/crypto/openssl/times/091/68000.bsd
new file mode 100644
index 000000000000..a3a14e80873e
--- /dev/null
+++ b/crypto/openssl/times/091/68000.bsd
@@ -0,0 +1,32 @@
+Motorolla 68020 20mhz, NetBSD
+
+SSLeay 0.9.0t 29-May-1998
+built on Fri Jun  5 12:42:23 EST 1998
+options:bn(64,32) md2(char) rc4(idx,int) des(idx,cisc,16,long) idea(int) blowfish(idx) 
+C flags:gcc -DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN
+The 'numbers' are in 1000s of bytes per second processed.
+type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2               2176.00      5994.67      8079.73      8845.18      9077.01 
+mdc2              5730.67      6122.67      6167.66      6176.51      6174.87 
+md5                 29.10k      127.31k      209.66k      250.50k      263.99k
+hmac(md5)           12.33k       73.02k      160.17k      228.04k      261.15k
+sha1                11.27k       49.37k       84.31k      102.40k      109.23k
+rmd160              11.69k       48.62k       78.76k       93.15k       98.41k
+rc4                117.96k      148.94k      152.57k      153.09k      152.92k
+des cbc             27.13k       30.06k       30.38k       30.38k       30.53k
+des ede3            10.51k       10.94k       11.01k       11.01k       11.01k
+idea cbc            26.74k       29.23k       29.45k       29.60k       29.74k
+rc2 cbc             34.27k       39.39k       40.03k       40.07k       40.16k
+rc5-32/12 cbc       64.31k       83.18k       85.70k       86.70k       87.09k
+blowfish cbc        48.86k       59.18k       60.07k       60.42k       60.78k
+cast cbc            42.67k       50.01k       50.86k       51.20k       51.37k
+                  sign    verify    sign/s verify/s
+rsa  512 bits   0.7738s   0.0774s      1.3     12.9
+rsa 1024 bits   4.3967s   0.2615s      0.2      3.8
+rsa 2048 bits  29.5200s   0.9664s      0.0      1.0
+                  sign    verify    sign/s verify/s
+dsa  512 bits   0.7862s   0.9709s      1.3      1.0
+dsa 1024 bits   2.5375s   3.1625s      0.4      0.3
+dsa 2048 bits   9.2150s  11.8200s      0.1      0.1
+
+
diff --git a/crypto/openssl/times/091/686-200.lnx b/crypto/openssl/times/091/686-200.lnx
new file mode 100644
index 000000000000..bb857d48d0e3
--- /dev/null
+++ b/crypto/openssl/times/091/686-200.lnx
@@ -0,0 +1,32 @@
+Pentium Pro 200mhz, linux
+
+SSLeay 0.9.0d 26-Apr-1998
+built on Sun Apr 26 10:25:33 EST 1998
+options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(ptr2) 
+C flags:gcc -DL_ENDIAN -DTERMIO -DBN_ASM -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
+The 'numbers' are in 1000s of bytes per second processed.
+type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2                130.58k      364.54k      499.24k      545.79k      561.66k
+mdc2               526.68k      579.72k      588.37k      588.80k      589.82k
+md5               1917.71k    11434.69k    22512.21k    29495.30k    32677.89k
+hmac(md5)          749.18k     5264.83k    14227.20k    25018.71k    31760.38k
+sha1              1343.83k     6436.29k    11702.78k    14664.70k    15829.67k
+rmd160            1038.05k     5138.77k     8985.51k    10985.13k    11799.21k
+rc4              14891.04k    21334.06k    22376.79k    22579.54k    22574.42k
+des cbc           4131.97k     4568.31k     4645.29k     4631.21k     4572.73k
+des ede3          1567.17k     1631.13k     1657.32k     1653.08k     1643.86k
+idea cbc          2427.23k     2671.21k     2716.67k     2723.84k     2733.40k
+rc2 cbc           1629.90k     1767.38k     1788.50k     1797.12k     1799.51k
+rc5-32/12 cbc    10290.55k    13161.60k    13744.55k    14011.73k    14123.01k
+blowfish cbc      5896.42k     6920.77k     7122.01k     7151.62k     7146.15k
+cast cbc          6037.71k     6935.19k     7101.35k     7145.81k     7116.12k
+                  sign    verify    sign/s verify/s
+rsa  512 bits   0.0070s   0.0007s    142.6   1502.9
+rsa 1024 bits   0.0340s   0.0019s     29.4    513.3
+rsa 2048 bits   0.2087s   0.0066s      4.8    151.3
+rsa 4096 bits   1.4700s   0.0242s      0.7     41.2
+                  sign    verify    sign/s verify/s
+dsa  512 bits   0.0064s   0.0121s    156.1     82.9
+dsa 1024 bits   0.0184s   0.0363s     54.4     27.5
+dsa 2048 bits   0.0629s   0.1250s     15.9      8.0
+
diff --git a/crypto/openssl/times/091/alpha064.osf b/crypto/openssl/times/091/alpha064.osf
new file mode 100644
index 000000000000..a8e7fdfd610e
--- /dev/null
+++ b/crypto/openssl/times/091/alpha064.osf
@@ -0,0 +1,32 @@
+Alpha EV4.5 (21064) 275mhz, OSF1 V4.0
+SSLeay 0.9.0g 01-May-1998
+built on Mon May  4 17:26:09 CST 1998
+options:bn(64,64) md2(int) rc4(ptr,int) des(idx,cisc,4,long) idea(int) blowfish(idx) 
+C flags:cc -tune host -O4 -readonly_strings
+The 'numbers' are in 1000s of bytes per second processed.
+type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2                119.58k      327.48k      443.28k      480.09k      495.16k
+mdc2               436.67k      456.35k      465.42k      466.57k      469.01k
+md5               1459.34k     6566.46k    11111.91k    13375.30k    14072.60k
+hmac(md5)          597.90k     3595.45k     8180.88k    12099.49k    13884.46k
+sha1               707.01k     3253.09k     6131.73k     7798.23k     8439.67k
+rmd160             618.57k     2729.07k     4711.33k     5825.16k     6119.23k
+rc4               8796.43k     9393.62k     9548.88k     9378.77k     9472.57k
+des cbc           2165.97k     2514.90k     2586.27k     2572.93k     2639.08k
+des ede3           945.44k     1004.03k     1005.96k     1017.33k     1020.85k
+idea cbc          1498.81k     1629.11k     1637.28k     1625.50k     1641.11k
+rc2 cbc           1866.00k     2044.92k     2067.12k     2064.00k     2068.96k
+rc5-32/12 cbc     4366.97k     5521.32k     5687.50k     5729.16k     5736.96k
+blowfish cbc      3997.31k     4790.60k     4937.84k     4954.56k     5024.85k
+cast cbc          2900.19k     3673.30k     3803.73k     3823.93k     3890.25k
+                  sign    verify    sign/s verify/s
+rsa  512 bits   0.0069s   0.0006s    144.2   1545.8
+rsa 1024 bits   0.0304s   0.0018s     32.9    552.6
+rsa 2048 bits   0.1887s   0.0062s      5.3    161.4
+rsa 4096 bits   1.3667s   0.0233s      0.7     42.9
+                  sign    verify    sign/s verify/s
+dsa  512 bits   0.0067s   0.0123s    149.6     81.1
+dsa 1024 bits   0.0177s   0.0332s     56.6     30.1
+dsa 2048 bits   0.0590s   0.1162s     16.9      8.6
+
+
diff --git a/crypto/openssl/times/091/alpha164.lnx b/crypto/openssl/times/091/alpha164.lnx
new file mode 100644
index 000000000000..c994662698ce
--- /dev/null
+++ b/crypto/openssl/times/091/alpha164.lnx
@@ -0,0 +1,32 @@
+Alpha EV5.6 (21164A) 533mhz, Linux 2.0.32
+
+SSLeay 0.9.0p 22-May-1998
+built on Sun May 27 14:23:38 GMT 2018
+options:bn(64,64) md2(int) rc4(ptr,int) des(idx,risc1,16,long) idea(int) blowfish(idx) 
+C flags:gcc -O3
+The 'numbers' are in 1000s of bytes per second processed.
+type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2                295.78k      825.34k     1116.42k     1225.10k     1262.65k
+mdc2               918.16k     1017.55k     1032.18k     1034.24k     1035.60k
+md5               3574.93k    15517.05k    25482.67k    30434.31k    32210.51k
+hmac(md5)         1261.54k     7757.15k    18025.46k    27081.21k    31653.27k
+sha1              2251.89k    10056.84k    16990.19k    20651.04k    21973.29k
+rmd160            1615.49k     7017.13k    11601.11k    13875.62k    14690.31k
+rc4              22435.16k    24476.40k    24349.95k    23042.36k    24581.53k
+des cbc           5198.38k     6559.04k     6775.43k     6827.87k     6875.82k
+des ede3          2257.73k     2602.18k     2645.60k     2657.12k     2670.59k
+idea cbc          3694.42k     4125.61k     4180.74k     4193.28k     4192.94k
+rc2 cbc           4642.47k     5323.85k     5415.42k     5435.86k     5434.03k
+rc5-32/12 cbc     9705.26k    13277.79k    13843.46k    13989.66k    13987.57k
+blowfish cbc      7861.28k    10852.34k    11447.98k    11616.97k    11667.54k
+cast cbc          6718.13k     8599.98k     8967.17k     9070.81k     9099.28k
+                  sign    verify    sign/s verify/s
+rsa  512 bits   0.0018s   0.0002s    555.9   6299.5
+rsa 1024 bits   0.0081s   0.0005s    123.3   2208.7
+rsa 2048 bits   0.0489s   0.0015s     20.4    648.5
+rsa 4096 bits   0.3402s   0.0057s      2.9    174.7
+                  sign    verify    sign/s verify/s
+dsa  512 bits   0.0019s   0.0032s    529.0    310.2
+dsa 1024 bits   0.0047s   0.0086s    214.1    115.7
+dsa 2048 bits   0.0150s   0.0289s     66.7     34.6
+
diff --git a/crypto/openssl/times/091/alpha164.osf b/crypto/openssl/times/091/alpha164.osf
new file mode 100644
index 000000000000..df712c689ff2
--- /dev/null
+++ b/crypto/openssl/times/091/alpha164.osf
@@ -0,0 +1,31 @@
+Alpha EV5.6 (21164A) 400mhz, OSF1 V4.0
+
+SSLeay 0.9.0 10-Apr-1998
+built on Sun Apr 19 07:54:37 EST 1998
+options:bn(64,64) md2(int) rc4(ptr,int) des(ptr,risc2,4,int) idea(int) blowfish(idx) 
+C flags:cc -O4 -tune host -fast
+The 'numbers' are in 1000s of bytes per second processed.
+type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2                276.30k      762.07k     1034.35k     1134.07k     1160.53k
+mdc2               814.99k      845.83k      849.09k      850.33k      849.24k
+md5               2468.43k    10945.27k    17963.48k    21430.89k    22544.38k
+hmac(md5)         1002.48k     6023.98k    13430.99k    19344.17k    22351.80k
+sha1              1984.93k     8882.47k    14856.47k    17878.70k    18955.10k
+rmd160            1286.96k     5595.52k     9167.00k    10957.74k    11582.30k
+rc4              15948.15k    16710.29k    16793.20k    17929.50k    18474.56k
+des cbc           3416.04k     4149.37k     4296.25k     4328.89k     4327.57k
+des ede3          1540.14k     1683.36k     1691.14k     1705.90k     1705.22k
+idea cbc          2795.87k     3192.93k     3238.13k     3238.17k     3256.66k
+rc2 cbc           3529.00k     4069.93k     4135.79k     4135.25k     4160.07k
+rc5-32/12 cbc     7212.35k     9849.71k    10260.91k    10423.38k    10439.99k
+blowfish cbc      6061.75k     8363.50k     8706.80k     8779.40k     8784.55k
+cast cbc          5401.75k     6433.31k     6638.18k     6662.40k     6702.80k
+                  sign    verify    sign/s verify/s
+rsa  512 bits   0.0022s   0.0002s    449.6   4916.2
+rsa 1024 bits   0.0105s   0.0006s     95.3   1661.2
+rsa 2048 bits   0.0637s   0.0020s     15.7    495.6
+rsa 4096 bits   0.4457s   0.0075s      2.2    132.7
+                  sign    verify    sign/s verify/s
+dsa  512 bits   0.0028s   0.0048s    362.2    210.4
+dsa 1024 bits   0.0064s   0.0123s    155.2     81.6
+dsa 2048 bits   0.0201s   0.0394s     49.7     25.4
diff --git a/crypto/openssl/times/091/mips-rel.pl b/crypto/openssl/times/091/mips-rel.pl
new file mode 100644
index 000000000000..4b2509315a41
--- /dev/null
+++ b/crypto/openssl/times/091/mips-rel.pl
@@ -0,0 +1,21 @@
+#!/usr/local/bin/perl
+
+&doit(100,"Pentium   100 32",0.0195,0.1000,0.6406,4.6100);	# pentium-100
+&doit(200,"PPro      200 32",0.0070,0.0340,0.2087,1.4700);	# pentium-100
+&doit( 25,"R3000      25 32",0.0860,0.4825,3.2417,23.8833);	# R3000-25
+&doit(200,"R4400     200 32",0.0137,0.0717,0.4730,3.4367);	# R4400 32bit
+&doit(180,"R10000    180 32",0.0061,0.0311,0.1955,1.3871);	# R10000 32bit
+&doit(180,"R10000    180 64",0.0034,0.0149,0.0880,0.5933);	# R10000 64bit
+&doit(400,"DEC 21164 400 64",0.0022,0.0105,0.0637,0.4457);	# R10000 64bit
+
+sub doit
+	{
+	local($mhz,$label,@data)=@_;
+
+	for ($i=0; $i <= $#data; $i++)
+		{
+		$data[$i]=1/$data[$i]*200/$mhz;
+		}
+	printf("%s %6.1f %6.1f %6.1f %6.1f\n",$label,@data);
+	}
+
diff --git a/crypto/openssl/times/091/r10000.irx b/crypto/openssl/times/091/r10000.irx
new file mode 100644
index 000000000000..237ee5d19291
--- /dev/null
+++ b/crypto/openssl/times/091/r10000.irx
@@ -0,0 +1,37 @@
+MIPS R10000 32kI+32kD 180mhz, IRIX 6.4
+
+Using crypto/bn/mips3.s
+
+This is built for n32, which is faster for all benchmarks than the n64
+compilation model
+
+SSLeay 0.9.0b 19-Apr-1998
+built on Sat Apr 25 12:43:14 EST 1998
+options:bn(64,64) md2(int) rc4(ptr,int) des(ptr,risc2,16,long) idea(int) blowfish(ptr) 
+C flags:cc -use_readonly_const -O2 -DTERMIOS -DB_ENDIAN
+The 'numbers' are in 1000s of bytes per second processed.
+type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2                126.38k      349.38k      472.67k      517.01k      529.81k
+mdc2               501.64k      545.87k      551.80k      553.64k      554.41k
+md5               1825.77k     7623.64k    12630.47k    15111.74k    16012.09k
+hmac(md5)          780.81k     4472.86k     9667.22k    13802.67k    15777.89k
+sha1              1375.52k     6213.91k    11037.30k    13682.01k    14714.09k
+rmd160             856.72k     3454.40k     5598.33k     6689.94k     7073.48k
+rc4              11260.93k    13311.50k    13360.05k    13322.17k    13364.39k
+des cbc           2770.78k     3055.42k     3095.18k     3092.48k     3103.03k
+des ede3          1023.22k     1060.58k     1063.81k     1070.37k     1064.54k
+idea cbc          3029.09k     3334.30k     3375.29k     3375.65k     3380.64k
+rc2 cbc           2307.45k     2470.72k     2501.25k     2500.68k     2500.55k
+rc5-32/12 cbc     6770.91k     8629.89k     8909.58k     9009.64k     9044.95k
+blowfish cbc      4796.53k     5598.20k     5717.14k     5755.11k     5749.86k
+cast cbc          3986.20k     4426.17k     4465.04k     4476.84k     4475.08k
+                  sign    verify    sign/s verify/s
+rsa  512 bits   0.0034s   0.0003s    296.1   3225.4
+rsa 1024 bits   0.0139s   0.0008s     71.8   1221.8
+rsa 2048 bits   0.0815s   0.0026s     12.3    380.3
+rsa 4096 bits   0.5656s   0.0096s      1.8    103.7
+                  sign    verify    sign/s verify/s
+dsa  512 bits   0.0034s   0.0061s    290.8    164.9
+dsa 1024 bits   0.0084s   0.0161s    119.1     62.3
+dsa 2048 bits   0.0260s   0.0515s     38.5     19.4
+
diff --git a/crypto/openssl/times/091/r3000.ult b/crypto/openssl/times/091/r3000.ult
new file mode 100644
index 000000000000..ecd33908bbd6
--- /dev/null
+++ b/crypto/openssl/times/091/r3000.ult
@@ -0,0 +1,32 @@
+MIPS R3000 64kI+64kD 25mhz, ultrix 4.3
+
+SSLeay 0.9.0b 19-Apr-1998
+built on Thu Apr 23 07:22:31 EST 1998
+options:bn(32,32) md2(int) rc4(ptr,int) des(ptr,risc2,16,long) idea(int) blowfish(idx) 
+C flags:cc -O2 -DL_ENDIAN -DNOPROTO -DNOCONST
+The 'numbers' are in 1000s of bytes per second processed.
+type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2                 14.63k       40.65k       54.70k       60.07k       61.78k
+mdc2                29.43k       37.27k       38.23k       38.57k       38.60k
+md5                140.04k      676.59k     1283.84k     1654.10k     1802.24k
+hmac(md5)           60.51k      378.90k      937.82k     1470.46k     1766.74k
+sha1                60.77k      296.79k      525.40k      649.90k      699.05k
+rmd160              48.82k      227.16k      417.19k      530.31k      572.05k
+rc4                904.76k      996.20k     1007.53k     1015.65k     1010.35k
+des cbc            178.87k      209.39k      213.42k      215.55k      214.53k
+des ede3            74.25k       79.30k       80.40k       80.21k       80.14k
+idea cbc           181.02k      209.37k      214.44k      214.36k      213.83k
+rc2 cbc            161.52k      184.98k      187.99k      188.76k      189.05k
+rc5-32/12 cbc      398.99k      582.91k      614.66k      626.07k      621.87k
+blowfish cbc       296.38k      387.69k      405.50k      412.57k      410.05k
+cast cbc           214.76k      260.63k      266.92k      268.63k      258.26k
+                  sign    verify    sign/s verify/s
+rsa  512 bits   0.0870s   0.0089s     11.5    112.4
+rsa 1024 bits   0.4881s   0.0295s      2.0     33.9
+rsa 2048 bits   3.2750s   0.1072s      0.3      9.3
+rsa 4096 bits  23.9833s   0.4093s      0.0      2.4
+                  sign    verify    sign/s verify/s
+dsa  512 bits   0.0898s   0.1706s     11.1      5.9
+dsa 1024 bits   0.2847s   0.5565s      3.5      1.8
+dsa 2048 bits   1.0267s   2.0433s      1.0      0.5
+
diff --git a/crypto/openssl/times/091/r4400.irx b/crypto/openssl/times/091/r4400.irx
new file mode 100644
index 000000000000..9b96ca110a9c
--- /dev/null
+++ b/crypto/openssl/times/091/r4400.irx
@@ -0,0 +1,32 @@
+R4400 16kI+16kD 200mhz, Irix 5.3
+
+SSLeay 0.9.0e 27-Apr-1998
+built on Sun Apr 26 07:26:05 PDT 1998
+options:bn(64,32) md2(int) rc4(ptr,int) des(ptr,risc2,16,long) idea(int) blowfish(ptr) 
+C flags:cc -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN
+The 'numbers' are in 1000s of bytes per second processed.
+type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2                 79.80k      220.59k      298.01k      327.06k      338.60k
+mdc2               262.74k      285.30k      289.16k      288.36k      288.49k
+md5                930.35k     4167.13k     7167.91k     8678.23k     9235.86k
+hmac(md5)          399.44k     2367.57k     5370.74k     7884.28k     9076.98k
+sha1               550.96k     2488.17k     4342.76k     5362.50k     5745.40k
+rmd160             424.58k     1752.83k     2909.67k     3486.08k     3702.89k
+rc4               6687.79k     7834.63k     7962.61k     8035.65k     7915.28k
+des cbc           1544.20k     1725.94k     1748.35k     1758.17k     1745.61k
+des ede3           587.29k      637.75k      645.93k      643.17k      646.01k
+idea cbc          1575.52k     1719.75k     1732.41k     1736.69k     1740.11k
+rc2 cbc           1496.21k     1629.90k     1643.19k     1652.14k     1646.62k
+rc5-32/12 cbc     3452.48k     4276.47k     4390.74k     4405.25k     4400.12k
+blowfish cbc      2354.58k     3242.36k     3401.11k     3433.65k     3383.65k
+cast cbc          1942.22k     2152.28k     2187.51k     2185.67k     2177.20k
+                  sign    verify    sign/s verify/s
+rsa  512 bits   0.0130s   0.0014s     76.9    729.8
+rsa 1024 bits   0.0697s   0.0043s     14.4    233.9
+rsa 2048 bits   0.4664s   0.0156s      2.1     64.0
+rsa 4096 bits   3.4067s   0.0586s      0.3     17.1
+                  sign    verify    sign/s verify/s
+dsa  512 bits   0.0140s   0.0261s     71.4     38.4
+dsa 1024 bits   0.0417s   0.0794s     24.0     12.6
+dsa 2048 bits   0.1478s   0.2929s      6.8      3.4
+
diff --git a/crypto/openssl/times/100.lnx b/crypto/openssl/times/100.lnx
new file mode 100644
index 000000000000..d0f45371d664
--- /dev/null
+++ b/crypto/openssl/times/100.lnx
@@ -0,0 +1,32 @@
+SSLeay 0.8.4c 03-Aug-1999
+built on Tue Nov  4 02:52:29 EST 1997
+options:bn(64,32) md2(int) rc4(ptr,int) des(ptr,risc1,16,long) idea(int) blowfish(ptr2) 
+C flags:gcc -DL_ENDIAN -DTERMIO -DBN_ASM -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -DMD5_ASM -DSHA1_ASM
+The 'numbers' are in 1000s of bytes per second processed.
+type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2                53.27k      155.95k      201.30k      216.41k      236.78k
+mdc2              192.98k      207.98k      206.76k      206.17k      208.87k
+md5               993.15k     5748.27k    11944.70k    16477.53k    18287.27k
+hmac(md5)         404.97k     2787.58k     7690.07k    13744.43k    17601.88k
+sha1              563.24k     2851.67k     5363.71k     6879.23k     7441.07k
+rc4              7876.70k    10400.85k    10825.90k    10943.49k    10745.17k
+des cbc          2047.39k     2188.25k     2188.29k     2239.49k     2233.69k
+des ede3          660.55k      764.01k      773.55k      779.21k      780.97k
+idea cbc          653.93k      708.48k      715.43k      719.87k      720.90k
+rc2 cbc           648.08k      702.23k      708.78k      711.00k      709.97k
+blowfish cbc     3764.39k     4288.66k     4375.04k     4497.07k     4423.68k
+cast cbc         2757.14k     2993.75k     3035.31k     3078.90k     3055.62k
+
+blowfish cbc     3258.81k     3673.47k     3767.30k     3774.12k     3719.17k
+cast cbc         2677.05k     3164.78k     3273.05k     3287.38k     3244.03k
+
+
+                  sign    verify
+rsa  512 bits   0.0213s   0.0020s
+rsa 1024 bits   0.1073s   0.0063s
+rsa 2048 bits   0.6873s   0.0224s
+rsa 4096 bits   4.9333s   0.0845s
+                  sign    verify
+dsa  512 bits   0.0201s   0.0385s
+dsa 1024 bits   0.0604s   0.1190s
+dsa 2048 bits   0.2121s   0.4229s
diff --git a/crypto/openssl/times/100.nt b/crypto/openssl/times/100.nt
new file mode 100644
index 000000000000..0dd7cfc478e1
--- /dev/null
+++ b/crypto/openssl/times/100.nt
@@ -0,0 +1,29 @@
+SSLeay 0.8.4c 03-Aug-1999
+built on Tue Aug  3 09:49:58 EST 1999
+options:bn(64,32) md2(int) rc4(ptr,int) des(idx,cisc,4,long) idea(int) blowfish(
+ptr2)
+C flags:cl /W3 /WX /G5 /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DWIN32 -DL_ENDIAN -DBN
+_ASM -DMD5_ASM -DSHA1_ASM
+The 'numbers' are in 1000s of bytes per second processed.
+type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2                93.07k      258.38k      349.03k      382.83k      392.87k
+mdc2              245.80k      259.02k      259.34k      259.16k      260.14k
+md5              1103.42k     6017.65k    12210.49k    16552.11k    18291.77k
+hmac(md5)         520.15k     3394.00k     8761.86k    14593.96k    17742.40k
+sha1              538.06k     2726.76k     5242.22k     6821.12k     7426.18k
+rc4              8283.90k    10513.09k    10886.38k    10929.50k    10816.75k
+des cbc          2073.10k     2232.91k     2251.61k     2256.46k     2232.44k
+des ede3          758.85k      782.46k      786.14k      786.08k      781.24k
+idea cbc          831.02k      892.63k      901.07k      903.48k      901.85k
+rc2 cbc           799.89k      866.09k      873.96k      876.22k      874.03k
+blowfish cbc     3835.32k     4418.78k     4511.94k     4494.54k     4416.92k
+cast cbc         2974.68k     3272.71k     3313.04k     3335.17k     3261.51k
+                  sign    verify
+rsa  512 bits   0.0202s   0.0019s
+rsa 1024 bits   0.1029s   0.0062s
+rsa 2048 bits   0.6770s   0.0220s
+rsa 4096 bits   4.8770s   0.0838s
+                  sign    verify
+dsa  512 bits   0.0191s   0.0364s
+dsa 1024 bits   0.0590s   0.1141s
+dsa 2048 bits   0.2088s   0.4171s
diff --git a/crypto/openssl/times/200.lnx b/crypto/openssl/times/200.lnx
new file mode 100644
index 000000000000..fd7e7f4e92b3
--- /dev/null
+++ b/crypto/openssl/times/200.lnx
@@ -0,0 +1,30 @@
+This machine was slightly loaded :-(
+
+SSLeay 0.8.4c 03-Aug-1999
+built on Tue Nov  4 02:52:29 EST 1997
+options:bn(64,32) md2(int) rc4(ptr,int) des(ptr,risc1,16,long) idea(int) blowfish(ptr2) 
+C flags:gcc -DL_ENDIAN -DTERMIO -DBN_ASM -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -DMD5_ASM -DSHA1_ASM
+The 'numbers' are in 1000s of bytes per second processed.
+type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2               130.86k      365.31k      499.60k      547.75k      561.41k
+mdc2              526.03k      581.38k      587.12k      586.31k      589.60k
+md5              1919.49k    11173.23k    22387.60k    29553.47k    32587.21k
+hmac(md5)         747.09k     5248.35k    14275.44k    24713.26k    31737.13k
+sha1             1336.63k     6400.50k    11668.67k    14648.83k    15700.85k
+rc4             15002.32k    21327.21k    22301.63k    22503.78k    22549.26k
+des cbc          4115.16k     4521.08k     4632.37k     4607.28k     4570.57k
+des ede3         1540.29k     1609.76k     1623.64k     1620.76k     1624.18k
+idea cbc         2405.08k     2664.78k     2704.22k     2713.95k     2716.29k
+rc2 cbc          1634.07k     1764.30k     1780.23k     1790.27k     1788.12k
+blowfish cbc     5993.98k     6927.27k     7083.61k     7088.40k     7123.72k
+cast cbc         5981.52k     6900.44k     7079.70k     7110.40k     7057.72k
+                  sign    verify
+rsa  512 bits   0.0085s   0.0007s
+rsa 1024 bits   0.0377s   0.0020s
+rsa 2048 bits   0.2176s   0.0067s
+rsa 4096 bits   1.4800s   0.0242s
+sign    verify
+dsa  512 bits   0.0071s   0.0132s
+dsa 1024 bits   0.0192s   0.0376s
+dsa 2048 bits   0.0638s   0.1280s
+
diff --git a/crypto/openssl/times/486-66.dos b/crypto/openssl/times/486-66.dos
new file mode 100644
index 000000000000..1644bf8022a3
--- /dev/null
+++ b/crypto/openssl/times/486-66.dos
@@ -0,0 +1,22 @@
+MS-dos static libs, 16bit C build, 16bit assember
+
+SSLeay 0.6.1
+options:bn(32,16) md2(char) rc4(idx,int) des(ptr,long) idea(short)
+C flags:cl /ALw /Gx- /Gf /f- /Ocgnotb2 /G2 /W3 /WX -DL_ENDIAN /nologo -DMSDOS -D
+NO_SOCK
+The 'numbers' are in 1000s of bytes per second processed.
+type           8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2             18.62k       55.54k       76.88k       85.39k       86.52k
+md5             94.03k      442.06k      794.38k      974.51k     1061.31k
+sha             38.37k      166.23k      272.78k      331.41k      353.77k
+sha1            34.38k      147.77k      244.77k      292.57k      312.08k
+rc4            641.25k      795.34k      817.16k      829.57k      817.16k
+des cfb        111.46k      118.08k      120.69k      119.16k      119.37k
+des cbc        122.96k      135.69k      137.10k      135.69k      135.40k
+des ede3        48.01k       50.92k       50.32k       50.96k       50.96k
+idea cfb        97.09k      100.21k      100.36k      101.14k      100.98k
+idea cbc       102.08k      109.41k      111.46k      111.65k      110.52k
+rc2 cfb        120.47k      125.55k      125.79k      125.55k      125.55k
+rc2 cbc        129.77k      140.33k      143.72k      142.16k      141.85k
+rsa  512 bits   0.264s
+rsa 1024 bits   1.494s
diff --git a/crypto/openssl/times/486-66.nt b/crypto/openssl/times/486-66.nt
new file mode 100644
index 000000000000..b26a9005d63e
--- /dev/null
+++ b/crypto/openssl/times/486-66.nt
@@ -0,0 +1,22 @@
+SSLeay 0.6.1 02-Jul-1996
+built on Fri Jul 10 09:53:15 EST 1996
+options:bn(64,32) md2(int) rc4(idx,int) des(idx,long) idea(int)
+C flags:cl /W3 /WX /G5 /Ox /O2 /Ob2 /Gs0 /nologo -DWIN32 -DL_ENDIAN /MD
+The 'numbers' are in 1000s of bytes per second processed.
+type           8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2             38.27k      107.28k      145.43k      159.60k      164.15k
+md5            399.00k     1946.13k     3610.80k     4511.94k     4477.27k
+sha            182.04k      851.26k     1470.65k     1799.20k     1876.48k
+sha1           151.83k      756.55k     1289.76k     1567.38k     1625.70k
+rc4           1853.92k     2196.25k     2232.91k     2241.31k     2152.96k
+des cfb        360.58k      382.69k      384.94k      386.07k      377.19k
+des cbc        376.10k      431.87k      436.32k      437.78k      430.45k
+des ede3       152.55k      160.38k      161.51k      161.33k      159.98k
+idea cfb       245.59k      255.60k      256.65k      257.16k      254.61k
+idea cbc       257.16k      276.12k      279.05k      279.11k      276.70k
+rc2 cfb        280.25k      293.49k      294.74k      294.15k      291.47k
+rc2 cbc        295.47k      321.57k      324.76k      324.76k      320.00k
+rsa  512 bits   0.084s
+rsa 1024 bits   0.495s
+rsa 2048 bits   3.435s
+
diff --git a/crypto/openssl/times/486-66.w31 b/crypto/openssl/times/486-66.w31
new file mode 100644
index 000000000000..381f149b3286
--- /dev/null
+++ b/crypto/openssl/times/486-66.w31
@@ -0,0 +1,23 @@
+Windows 3.1 DLL's, 16 bit C with 32bit assember
+
+SSLeay 0.6.1 02-Jul-1996
+built on Wed Jul 10 09:53:15 EST 1996
+options:bn(32,32) md2(char) rc4(idx,int) des(ptr,long) idea(short)
+C flags:cl /ALw /Gx- /Gf /G2 /f- /Ocgnotb2 /W3 /WX -DL_ENDIAN /nologo -DWIN16
+The 'numbers' are in 1000s of bytes per second processed.
+type           8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2             18.94k       54.27k       73.43k       80.91k       83.75k
+md5             78.96k      391.26k      734.30k      919.80k      992.97k
+sha             39.01k      168.04k      280.67k      336.08k      359.10k
+sha1            35.20k      150.14k      247.31k      294.54k      313.94k
+rc4            509.61k      655.36k      678.43k      677.02k      670.10k
+des cfb         97.09k      104.69k      106.56k      105.70k      106.56k
+des cbc        116.82k      129.77k      131.07k      131.07k      131.07k
+des ede3        44.22k       47.90k       48.53k       48.47k       47.86k
+idea cfb        83.49k       87.03k       87.03k       87.15k       87.73k
+idea cbc        89.04k       96.23k       96.95k       97.81k       97.09k
+rc2 cfb        108.32k      113.58k      113.78k      114.57k      114.77k
+rc2 cbc        118.08k      131.07k      134.02k      134.02k      132.66k
+rsa  512 bits   0.181s
+rsa 1024 bits   0.846s
+
diff --git a/crypto/openssl/times/5.lnx b/crypto/openssl/times/5.lnx
new file mode 100644
index 000000000000..1c1e392a2956
--- /dev/null
+++ b/crypto/openssl/times/5.lnx
@@ -0,0 +1,29 @@
+SSLeay 0.8.5g 24-Jan-1998
+built on Tue Jan 27 08:11:42 EST 1998
+options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(ptr2) 
+C flags:gcc -DL_ENDIAN -DTERMIO -DBN_ASM -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
+The 'numbers' are in 1000s of bytes per second processed.
+type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2                 56.55k      156.69k      211.63k      231.77k      238.71k
+mdc2               192.26k      208.09k      210.09k      209.58k      210.26k
+md5                991.04k     5745.51k    11932.67k    16465.24k    18306.39k
+hmac(md5)          333.99k     2383.89k     6890.67k    13133.82k    17397.08k
+sha1               571.68k     2883.88k     5379.07k     6880.26k     7443.80k
+rmd160             409.41k     2212.91k     4225.45k     5456.55k     5928.28k
+rc4               6847.57k     8596.22k     8901.80k     8912.90k     8850.09k
+des cbc           2046.29k     2229.78k     2254.76k     2259.97k     2233.69k
+des ede3           751.11k      779.95k      783.96k      784.38k      780.97k
+idea cbc           653.40k      708.29k      718.42k      720.21k      720.90k
+rc2 cbc            647.19k      702.46k      709.21k      710.66k      709.97k
+rc5-32/12 cbc     3498.18k     4054.12k     4133.46k     4151.64k     4139.69k
+blowfish cbc      3763.95k     4437.74k     4532.74k     4515.50k     4448.26k
+cast cbc          2754.22k     3020.67k     3079.08k     3069.95k     3036.50k
+                  sign    verify    sign/s verify/s
+rsa  512 bits   0.0207s   0.0020s     48.3    511.3
+rsa 1024 bits   0.1018s   0.0059s      9.8    169.6
+rsa 2048 bits   0.6438s   0.0208s      1.6     48.0
+rsa 4096 bits   4.6033s   0.0793s      0.2     12.6
+                  sign    verify    sign/s verify/s
+dsa  512 bits   0.0190s   0.0359s     52.6     27.8
+dsa 1024 bits   0.0566s   0.1109s     17.7      9.0
+dsa 2048 bits   0.1988s   0.3915s      5.0      2.6
diff --git a/crypto/openssl/times/586-085i.nt b/crypto/openssl/times/586-085i.nt
new file mode 100644
index 000000000000..8a5797526f2e
--- /dev/null
+++ b/crypto/openssl/times/586-085i.nt
@@ -0,0 +1,29 @@
+SSLeay 0.8.5i 28-Jan-1998
+built on Wed Jan 28 18:00:07 EST 1998
+options:bn(64,32) md2(int) rc4(idx,int) des(idx,cisc,4,long) idea(int) blowfish(ptr2)
+C flags:cl /MT /W3 /WX /G5 /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DWIN32 -DL_ENDIAN -DBN_ASM -DMD5_ASM -DSHA1_ASM -DRMD160_ASM
+The 'numbers' are in 1000s of bytes per second processed.
+type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2                 92.74k      257.59k      348.16k      381.79k      392.14k
+mdc2               227.65k      247.82k      249.90k      250.65k      250.20k
+md5               1089.54k     5966.29k    12104.77k    16493.53k    18204.44k
+hmac(md5)          513.53k     3361.36k     8725.41k    14543.36k    17593.56k
+sha1               580.74k     2880.51k     5376.62k     6865.78k     7413.05k
+rmd160             508.06k     2427.96k     4385.51k     5510.84k     5915.80k
+rc4               8004.40k    10408.74k    10794.48k    10884.12k    10728.22k
+des cbc           2057.24k     2222.97k     2246.79k     2209.39k     2223.44k
+des ede3           739.42k      761.99k      765.48k      760.26k      760.97k
+idea cbc           827.08k      889.60k      898.83k      901.15k      897.98k
+rc2 cbc            795.64k      861.04k      871.13k      872.58k      871.13k
+rc5-32/12 cbc     3597.17k     4139.66k     4204.39k     4223.02k     4204.39k
+blowfish cbc      3807.47k     3996.10k     4156.07k     4204.39k     4105.62k
+cast cbc          2777.68k     2814.21k     2892.62k     2916.76k     2868.88k
+                  sign    verify    sign/s verify/s
+rsa  512 bits   0.0178s   0.0018s     56.3    541.6
+rsa 1024 bits   0.0945s   0.0059s     10.6    168.3
+rsa 2048 bits   0.6269s   0.0208s      1.6     48.0
+rsa 4096 bits   4.5560s   0.0784s      0.2     12.8
+                  sign    verify    sign/s verify/s
+dsa  512 bits   0.0178s   0.0340s     56.2     29.4
+dsa 1024 bits   0.0552s   0.1077s     18.1      9.3
+dsa 2048 bits   0.1963s   0.3811s      5.1      2.6
diff --git a/crypto/openssl/times/586-100.LN3 b/crypto/openssl/times/586-100.LN3
new file mode 100644
index 000000000000..a6fa818f4bec
--- /dev/null
+++ b/crypto/openssl/times/586-100.LN3
@@ -0,0 +1,26 @@
+SSLeay 0.8.3v 15-Oct-1997
+built on Wed Oct 15 10:05:00 EST 1997
+options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(ptr2) 
+C flags:gcc -DL_ENDIAN -DTERMIO -DX86_ASM -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized
+The 'numbers' are in 1000s of bytes per second processed.
+type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2                56.27k      156.76k      211.46k      231.77k      238.71k
+mdc2              188.74k      206.12k      207.70k      207.87k      208.18k
+md5               991.56k     5718.31k    11748.61k    16090.79k    17850.37k
+hmac(md5)         387.56k     2636.01k     7327.83k    13340.33k    17091.24k
+sha1              463.55k     2274.18k     4071.17k     5072.90k     5447.68k
+rc4              3673.94k     4314.52k     4402.26k     4427.09k     4407.30k
+des cbc          2023.79k     2209.77k     2233.34k     2220.71k     2222.76k
+des ede3          747.17k      778.54k      781.57k      778.24k      778.24k
+idea cbc          614.64k      678.04k      683.52k      685.06k      685.40k
+rc2 cbc           536.83k      574.10k      578.05k      579.24k      578.90k
+blowfish cbc     3673.39k     4354.58k     4450.22k     4429.48k     4377.26k
+                  sign    verify
+rsa  512 bits   0.0217s   0.0021s
+rsa 1024 bits   0.1083s   0.0064s
+rsa 2048 bits   0.6867s   0.0223s
+rsa 4096 bits   4.9400s   0.0846s
+                  sign    verify
+dsa  512 bits   0.0203s   0.0387s
+dsa 1024 bits   0.0599s   0.1170s
+dsa 2048 bits   0.2115s   0.4242s
diff --git a/crypto/openssl/times/586-100.NT2 b/crypto/openssl/times/586-100.NT2
new file mode 100644
index 000000000000..7f8c167b4692
--- /dev/null
+++ b/crypto/openssl/times/586-100.NT2
@@ -0,0 +1,26 @@
+SSLeay 0.8.3e 30-Sep-1997
+built on Tue Sep 30 14:52:58 EST 1997
+options:bn(64,32) md2(int) rc4(idx,int) des(idx,cisc,4,long) idea(int) blowfish(ptr2)
+C flags:cl /W3 /WX /G5 /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DWIN32 -DL_ENDIAN -DX86_ASM
+The 'numbers' are in 1000s of bytes per second processed.
+type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2                92.99k      257.59k      348.16k      381.47k      392.14k
+mdc2              223.77k      235.30k      237.15k      236.77k      237.29k
+md5               862.53k     4222.17k     7842.75k     9925.00k    10392.23k
+sha               491.34k     2338.61k     4062.28k     4986.10k     5307.90k
+sha1              494.38k     2234.94k     3838.83k     4679.58k     4980.18k
+rc4              6338.10k     7489.83k     7676.25k     7698.80k     7631.56k
+des cbc          1654.17k     1917.66k     1961.05k     1968.05k     1960.69k
+des ede3          691.17k      739.42k      744.13k      745.82k      741.40k
+idea cbc          788.46k      870.33k      879.16k      881.38k      879.90k
+rc2 cbc           794.44k      859.63k      868.24k      869.68k      867.45k
+blowfish cbc     2379.88k     3017.48k     3116.12k     3134.76k     3070.50k
+                  sign    verify
+rsa  512 bits   0.0204s   0.0027s
+rsa 1024 bits   0.1074s   0.0032s
+rsa 2048 bits   0.6890s   0.0246s
+rsa 4096 bits   5.0180s   0.0911s
+                  sign    verify
+dsa  512 bits   0.0201s   0.0376s
+dsa 1024 bits   0.0608s   0.1193s
+dsa 2048 bits   0.2133s   0.4294s
diff --git a/crypto/openssl/times/586-100.dos b/crypto/openssl/times/586-100.dos
new file mode 100644
index 000000000000..3085c256b119
--- /dev/null
+++ b/crypto/openssl/times/586-100.dos
@@ -0,0 +1,24 @@
+ms-dos static libs, 16 bit C and 16 bit assmber 
+
+SSLeay 0.6.1 02-Jul-1996
+built on Tue Jul  9 22:52:54 EST 1996
+options:bn(32,16) md2(char) rc4(idx,int) des(ptr,long) idea(short)
+C flags:cl /ALw /Gx- /Gf /G2 /f- /Ocgnotb2 /W3 /WX -DL_ENDIAN /nologo -DMSDOS -DNO_SOCK
+The 'numbers' are in 1000s of bytes per second processed.
+type           8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2             45.99k      130.75k      176.53k      199.35k      203.21k
+md5            236.17k     1072.16k     1839.61k     2221.56k     2383.13k
+sha            107.97k      459.10k      757.64k      908.64k      954.99k
+sha1            96.95k      409.92k      672.16k      788.40k      844.26k
+rc4           1659.14k     1956.30k     2022.72k     2022.72k     2022.72k
+des cfb        313.57k      326.86k      326.86k      331.83k      326.86k
+des cbc        345.84k      378.82k      378.82k      384.38k      378.82k
+des ede3       139.59k      144.66k      144.61k      144.45k      143.29k
+idea cfb       262.67k      274.21k      274.21k      274.21k      274.21k
+idea cbc       284.32k      318.14k      318.14k      318.14k      318.14k
+rc2 cfb        265.33k      274.21k      277.69k      277.11k      277.69k
+rc2 cbc        283.71k      310.60k      309.86k      313.57k      314.32k
+rsa  512 bits   0.104s
+rsa 1024 bits   0.566s
+rsa 2048 bits   3.680s
+rsa 4096 bits  26.740s
diff --git a/crypto/openssl/times/586-100.ln4 b/crypto/openssl/times/586-100.ln4
new file mode 100644
index 000000000000..14a9db912be3
--- /dev/null
+++ b/crypto/openssl/times/586-100.ln4
@@ -0,0 +1,26 @@
+SSLeay 0.8.3aa 24-Oct-1997
+built on Mon Oct 27 10:16:25 EST 1997
+options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(ptr2) 
+C flags:gcc -DL_ENDIAN -DTERMIO -DBN_ASM -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -DMD5_ASM -DSHA1_ASM
+The 'numbers' are in 1000s of bytes per second processed.
+type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2                56.78k      156.71k      211.46k      231.77k      238.71k
+mdc2              187.45k      200.49k      201.64k      202.75k      202.77k
+md5              1002.51k     5798.66k    11967.15k    16449.19k    18251.78k
+hmac(md5)         468.71k     3173.46k     8386.99k    14305.56k    17607.34k
+sha1              586.98k     2934.87k     5393.58k     6863.19k     7408.30k
+rc4              3675.10k     4314.15k     4402.77k     4427.78k     4404.57k
+des cbc          1902.96k     2202.01k     2242.30k     2252.46k     2236.42k
+des ede3          700.15k      774.23k      783.70k      781.62k      783.70k
+idea cbc          618.46k      677.93k      683.61k      685.40k      685.40k
+rc2 cbc           536.97k      573.87k      577.96k      579.24k      578.90k
+blowfish cbc     3672.66k     4271.89k     4428.80k     4469.76k     4374.53k
+                  sign    verify
+rsa  512 bits   0.0213s   0.0021s
+rsa 1024 bits   0.1075s   0.0063s
+rsa 2048 bits   0.6853s   0.0224s
+rsa 4096 bits   4.9400s   0.0845s
+                  sign    verify
+dsa  512 bits   0.0203s   0.0380s
+dsa 1024 bits   0.0600s   0.1189s
+dsa 2048 bits   0.2110s   0.4250s
diff --git a/crypto/openssl/times/586-100.lnx b/crypto/openssl/times/586-100.lnx
new file mode 100644
index 000000000000..0c051738c641
--- /dev/null
+++ b/crypto/openssl/times/586-100.lnx
@@ -0,0 +1,23 @@
+SSLeay 0.7.3 30-Apr-1997
+built on Mon May 12 04:13:55 EST 1997
+options:bn(64,32) md2(char) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(ptr2)
+C flags:gcc -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized
+The 'numbers' are in 1000s of bytes per second processed.
+type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2                72.95k      202.77k      274.01k      300.37k      309.23k
+md5               770.57k     4094.02k     7409.41k     9302.36k     9986.05k
+sha               363.05k     1571.07k     2613.85k     3134.81k     3320.49k
+sha1              340.94k     1462.85k     2419.20k     2892.12k     3042.35k
+rc4              3676.91k     4314.94k     4407.47k     4430.51k     4412.76k
+des cbc          1489.95k     1799.08k     1841.66k     1851.73k     1848.66k
+des ede3          621.93k      711.19k      726.10k      729.77k      729.09k
+idea cbc          618.16k      676.99k      683.09k      684.37k      683.59k
+rc2 cbc           537.59k      573.93k      578.56k      579.58k      579.70k
+blowfish cbc     2077.57k     2682.20k     2827.18k     2840.92k     2842.62k
+rsa  512 bits   0.024s   0.003
+rsa 1024 bits   0.120s   0.003
+rsa 2048 bits   0.751s   0.026
+rsa 4096 bits   5.320s   0.096
+dsa  512 bits   0.022s   0.042
+dsa 1024 bits   0.065s   0.126
+dsa 2048 bits   0.227s   0.449
diff --git a/crypto/openssl/times/586-100.nt b/crypto/openssl/times/586-100.nt
new file mode 100644
index 000000000000..9adcac31050a
--- /dev/null
+++ b/crypto/openssl/times/586-100.nt
@@ -0,0 +1,23 @@
+SSLeay 0.7.3 30-Apr-1997
+built on Mon May 19 10:47:38 EST 1997
+options:bn(64,32) md2(char) rc4(idx,int) des(idx,cisc,4,long) idea(int) blowfish(ptr2)
+C flags not available
+The 'numbers' are in 1000s of bytes per second processed.
+type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2                89.57k      245.94k      331.59k      362.95k      373.29k
+md5               858.93k     4175.51k     7700.21k     9715.78k    10369.11k
+sha               466.18k     2103.67k     3607.69k     4399.31k     4669.16k
+sha1              449.59k     2041.02k     3496.13k     4256.45k     4512.92k
+rc4              5862.55k     7447.27k     7698.80k     7768.38k     7653.84k
+des cbc          1562.71k     1879.84k     1928.24k     1938.93k     1911.02k
+des ede3          680.27k      707.97k      728.62k      733.15k      725.98k
+idea cbc          797.46k      885.85k      895.68k      898.06k      896.45k
+rc2 cbc           609.46k      648.75k      654.01k      654.42k      653.60k
+blowfish cbc     2357.94k     3000.22k     3106.89k     3134.76k     3080.42k
+rsa  512 bits   0.022s   0.003
+rsa 1024 bits   0.112s   0.003
+rsa 2048 bits   0.726s   0.026
+rsa 4096 bits   5.268s   0.095
+dsa  512 bits   0.021s   0.039
+dsa 1024 bits   0.063s   0.127
+dsa 2048 bits   0.224s   0.451
diff --git a/crypto/openssl/times/586-100.ntx b/crypto/openssl/times/586-100.ntx
new file mode 100644
index 000000000000..35166a5e9785
--- /dev/null
+++ b/crypto/openssl/times/586-100.ntx
@@ -0,0 +1,30 @@
+SSLeay 0.8.5f 22-Jan-1998
+built on Wed Jan 21 17:11:53 EST 1998
+options:bn(64,32) md2(int) rc4(idx,int) des(idx,cisc,4,long) idea(int) blowfish(
+ptr2)
+C flags:cl /MT /W3 /WX /G5 /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DWIN32 -DL_ENDIAN
+-DBN_ASM -DMD5_ASM -DSHA1_ASM -DRMD160_ASM
+The 'numbers' are in 1000s of bytes per second processed.
+type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2                92.99k      257.43k      347.84k      381.82k      392.14k
+mdc2              232.19k      253.68k      257.57k      258.70k      258.70k
+md5              1094.09k     5974.79k    12139.81k    16487.04k    18291.77k
+hmac(md5)         375.70k     2590.04k     7309.70k    13469.18k    17447.19k
+sha1              613.78k     2982.93k     5446.44k     6889.46k     7424.86k
+rmd160            501.23k     2405.68k     4367.25k     5503.61k     5915.80k
+rc4              8167.75k    10429.44k    10839.12k    10929.50k    10772.30k
+des cbc          2057.24k     2218.27k     2237.20k     2227.69k     2213.59k
+des ede3          719.63k      727.11k      728.77k      719.56k      722.97k
+idea cbc          827.67k      888.85k      898.06k      900.30k      898.75k
+rc2 cbc           797.46k      862.53k      870.33k      872.58k      870.40k
+blowfish cbc     3835.32k     4435.60k     4513.89k     4513.89k     4416.92k
+cast cbc         2785.06k     3052.62k     3088.59k     3034.95k     3034.95k
+                  sign    verify    sign/s verify/s
+rsa  512 bits   0.0202s   0.0020s     49.4    500.2
+rsa 1024 bits   0.1030s   0.0063s      9.7    159.4
+rsa 2048 bits   0.6740s   0.0223s      1.5     44.9
+rsa 4096 bits   4.8970s   0.0844s      0.2     11.8
+                  sign    verify    sign/s verify/s
+dsa  512 bits   0.0191s   0.0361s     52.4     27.7
+dsa 1024 bits   0.0587s   0.1167s     17.0      8.6
+dsa 2048 bits   0.2091s   0.4123s      4.8      2.4
diff --git a/crypto/openssl/times/586-100.w31 b/crypto/openssl/times/586-100.w31
new file mode 100644
index 000000000000..d5b1c102435e
--- /dev/null
+++ b/crypto/openssl/times/586-100.w31
@@ -0,0 +1,27 @@
+Pentium 100, Windows 3.1 DLL's, 16 bit C, 32bit assember.
+
+Running under Windows NT 4.0 Beta 2
+
+SSLeay 0.6.4 20-Aug-1996
+built on Thu Aug 22 08:44:21 EST 1996
+options:bn(32,32) md2(char) rc4(idx,int) des(ptr,long) idea(short)
+C flags:cl /ALw /Gx- /Gf /G2 /f- /Ocgnotb2 /W3 /WX -DL_ENDIAN /nologo -DWIN16
+The 'numbers' are in 1000s of bytes per second processed.
+type           8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2             45.83k      128.82k      180.17k      194.90k      198.59k
+md5            224.82k     1038.19k     1801.68k     2175.47k     2330.17k
+sha            105.11k      448.11k      739.48k      884.13k      944.66k
+sha1            94.71k      402.99k      667.88k      795.58k      844.26k
+rc4           1614.19k     1956.30k     2022.72k     2022.72k     2022.72k
+des cfb        291.27k      318.14k      318.14k      318.14k      322.84k
+des cbc        326.86k      356.17k      362.08k      362.08k      367.15k
+des ede3       132.40k      139.57k      139.53k      139.37k      140.97k
+idea cfb       265.33k      280.67k      280.67k      277.69k      281.27k
+idea cbc       274.21k      302.01k      306.24k      306.24k      305.53k
+rc2 cfb        264.79k      274.21k      274.78k      274.21k      274.21k
+rc2 cbc        281.27k      306.24k      309.86k      305.53k      309.86k
+rsa  512 bits   0.058s
+rsa 1024 bits   0.280s
+rsa 2048 bits   1.430s
+rsa 4096 bits  10.600s
+
diff --git a/crypto/openssl/times/586-1002.lnx b/crypto/openssl/times/586-1002.lnx
new file mode 100644
index 000000000000..d830bcea4227
--- /dev/null
+++ b/crypto/openssl/times/586-1002.lnx
@@ -0,0 +1,26 @@
+SSLeay 0.8.3e 30-Sep-1997
+built on Wed Oct  1 03:01:44 EST 1997
+options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(ptr2) 
+C flags:gcc -DL_ENDIAN -DTERMIO -DX86_ASM -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized
+The 'numbers' are in 1000s of bytes per second processed.
+type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2                56.21k      156.57k      211.29k      231.77k      237.92k
+mdc2              170.99k      191.70k      193.90k      195.58k      195.95k
+md5               770.50k     3961.96k     7291.22k     9250.82k     9942.36k
+sha               344.93k     1520.77k     2569.81k     3108.52k     3295.91k
+sha1              326.20k     1423.74k     2385.15k     2870.95k     3041.96k
+rc4              3672.88k     4309.65k     4374.41k     4408.66k     4355.41k
+des cbc          1349.73k     1689.05k     1735.34k     1748.99k     1739.43k
+des ede3          638.70k      704.00k      711.85k      714.41k      712.70k
+idea cbc          619.55k      677.33k      683.26k      685.06k      685.40k
+rc2 cbc           521.18k      571.20k      573.46k      578.90k      578.90k
+blowfish cbc     2079.67k     2592.49k     2702.34k     2730.33k     2695.17k
+                  sign    verify
+rsa  512 bits   0.0213s   0.0026s
+rsa 1024 bits   0.1099s   0.0031s
+rsa 2048 bits   0.7007s   0.0248s
+rsa 4096 bits   5.0500s   0.0921s
+                  sign    verify
+dsa  512 bits   0.0203s   0.0389s
+dsa 1024 bits   0.0614s   0.1222s
+dsa 2048 bits   0.2149s   0.4283s
diff --git a/crypto/openssl/times/586p-100.lnx b/crypto/openssl/times/586p-100.lnx
new file mode 100644
index 000000000000..561eb3114fe2
--- /dev/null
+++ b/crypto/openssl/times/586p-100.lnx
@@ -0,0 +1,26 @@
+Pentium 100 - Linux 1.2.13 - gcc 2.7.2p
+This is the pentium specific version of gcc
+
+SSLeay 0.6.4 20-Aug-1996
+built on Thu Aug 22 08:27:58 EST 1996
+options:bn(64,32) md2(char) rc4(idx,int) des(idx,long) idea(int)
+C flags:gcc -DL_ENDIAN -DTERMIO -O6 -fomit-frame-pointer -mpentium -Wall
+The 'numbers' are in 1000s of bytes per second processed.
+type           8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2             74.90k      208.43k      282.11k      309.59k      318.43k
+md5            807.08k     4205.67k     7801.51k     9958.06k    10810.71k
+sha            405.98k     1821.55k     3119.10k     3799.04k     4052.31k
+sha1           389.13k     1699.50k     2852.78k     3437.57k     3656.36k
+rc4           3621.15k     4130.07k     4212.74k     4228.44k     4213.42k
+des cfb        794.39k      828.37k      831.74k      832.51k      832.85k
+des cbc        817.68k      886.17k      894.72k      896.00k      892.93k
+des ede3       308.83k      323.29k      324.61k      324.95k      324.95k
+idea cfb       690.41k      715.39k      718.51k      719.19k      718.17k
+idea cbc       696.80k      760.60k      767.32k      768.68k      770.05k
+rc2 cfb        619.91k      639.74k      642.30k      642.73k      641.71k
+rc2 cbc        631.99k      671.42k      676.35k      676.18k      677.21k
+rsa  512 bits   0.025s
+rsa 1024 bits   0.123s
+rsa 2048 bits   0.756s
+rsa 4096 bits   5.365s
+
diff --git a/crypto/openssl/times/686-200.bsd b/crypto/openssl/times/686-200.bsd
new file mode 100644
index 000000000000..f23c580e09f5
--- /dev/null
+++ b/crypto/openssl/times/686-200.bsd
@@ -0,0 +1,25 @@
+Pentium Pro 200mhz
+FreeBSD 2.1.5
+gcc 2.7.2.2
+
+SSLeay 0.7.0 30-Jan-1997
+built on Tue Apr 22 12:14:36 EST 1997
+options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(ptr2)
+C flags:gcc -DTERMIOS -D_ANSI_SOURCE -fomit-frame-pointer -O3 -m486 -Wall
+The 'numbers' are in 1000s of bytes per second processed.
+type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2               130.99k      367.68k      499.09k      547.04k      566.50k
+md5              1924.98k     8293.50k    13464.41k    16010.39k    16820.68k
+sha              1250.75k     5330.43k     8636.88k    10227.36k    10779.14k
+sha1             1071.55k     4572.50k     7459.98k     8791.96k     9341.61k
+rc4             10724.22k    14546.25k    15240.18k    15259.50k    15265.63k
+des cbc          3309.11k     3883.01k     3968.25k     3971.86k     3979.14k
+des ede3         1442.98k     1548.33k     1562.48k     1562.00k     1563.33k
+idea cbc         2195.69k     2506.39k     2529.59k     2545.66k     2546.54k
+rc2 cbc           806.00k      833.52k      837.58k      838.52k      836.69k
+blowfish cbc     4687.34k     5949.97k     6182.43k     6248.11k     6226.09k
+rsa  512 bits   0.010s
+rsa 1024 bits   0.045s
+rsa 2048 bits   0.260s
+rsa 4096 bits   1.690s
+
diff --git a/crypto/openssl/times/686-200.lnx b/crypto/openssl/times/686-200.lnx
new file mode 100644
index 000000000000..a10cc2fd012f
--- /dev/null
+++ b/crypto/openssl/times/686-200.lnx
@@ -0,0 +1,26 @@
+SSLeay 0.8.2a 04-Sep-1997
+built on Fri Sep  5 17:37:05 EST 1997
+options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(ptr2) C flags:gcc -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized
+The 'numbers' are in 1000s of bytes per second processed.
+type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2               131.02k      368.41k      500.57k      549.21k      566.09k
+mdc2              535.60k      589.10k      595.88k      595.97k      594.54k
+md5              1801.53k     9674.77k    17484.03k    21849.43k    23592.96k
+sha              1261.63k     5533.25k     9285.63k    11187.88k    11913.90k
+sha1             1103.13k     4782.53k     7933.78k     9472.34k    10070.70k
+rc4             10722.53k    14443.93k    15215.79k    15299.24k    15219.59k
+des cbc          3286.57k     3827.73k     3913.39k     3931.82k     3926.70k
+des ede3         1443.50k     1549.08k     1561.17k     1566.38k     1564.67k
+idea cbc         2203.64k     2508.16k     2538.33k     2543.62k     2547.71k
+rc2 cbc          1430.94k     1511.59k     1524.82k     1527.13k     1523.33k
+blowfish cbc     4716.07k     5965.82k     6190.17k     6243.67k     6234.11k
+                  sign    verify
+rsa  512 bits   0.0100s   0.0011s
+rsa 1024 bits   0.0451s   0.0012s
+rsa 2048 bits   0.2605s   0.0086s
+rsa 4096 bits   1.6883s   0.0302s
+                  sign    verify
+dsa  512 bits   0.0083s   0.0156s
+dsa 1024 bits   0.0228s   0.0454s
+dsa 2048 bits   0.0719s   0.1446s
+
diff --git a/crypto/openssl/times/686-200.nt b/crypto/openssl/times/686-200.nt
new file mode 100644
index 000000000000..c8cbaa04e39d
--- /dev/null
+++ b/crypto/openssl/times/686-200.nt
@@ -0,0 +1,24 @@
+built on Tue May 13 08:24:51 EST 1997
+options:bn(64,32) md2(char) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfi
+sh(ptr2)
+C flags not available
+The 'numbers' are in 1000s of bytes per second processed.
+type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2               156.39k      427.99k      576.14k      628.36k      647.27k
+md5              2120.48k    10255.02k    18396.07k    22795.13k    24244.53k
+sha              1468.59k     6388.89k    10686.12k    12826.62k    13640.01k
+sha1             1393.46k     6013.34k     9974.56k    11932.59k    12633.45k
+rc4             13833.46k    19275.29k    20321.24k    20281.93k    20520.08k
+des cbc          3382.50k     4104.02k     4152.78k     4194.30k     4194.30k
+des ede3         1465.51k     1533.00k     1549.96k     1553.29k     1570.29k
+idea cbc         2579.52k     3079.52k     3130.08k     3153.61k     3106.89k
+rc2 cbc          1204.57k     1276.42k     1285.81k     1289.76k     1285.81k
+blowfish cbc     5229.81k     6374.32k     6574.14k     6574.14k     6594.82k
+rsa  512 bits   0.008s   0.001
+rsa 1024 bits   0.038s   0.001
+rsa 2048 bits   0.231s   0.008
+rsa 4096 bits   1.540s   0.027
+dsa  512 bits   0.007s   0.013
+dsa 1024 bits   0.021s   0.040
+dsa 2048 bits   0.066s   0.130
+
diff --git a/crypto/openssl/times/L1 b/crypto/openssl/times/L1
new file mode 100644
index 000000000000..09253d727956
--- /dev/null
+++ b/crypto/openssl/times/L1
@@ -0,0 +1,27 @@
+SSLeay 0.8.3ad 27-Oct-1997
+built on Wed Oct 29 00:36:17 EST 1997
+options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(ptr2) 
+C flags:gcc -DL_ENDIAN -DTERMIO -DBN_ASM -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -DMD5_ASM -DSHA1_ASM
+The 'numbers' are in 1000s of bytes per second processed.
+type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2                56.16k      156.50k      211.46k      231.77k      238.71k
+mdc2              183.37k      205.21k      205.57k      209.92k      207.53k
+md5              1003.65k     5605.56k    11628.54k    15887.70k    17522.69k
+hmac(md5)         411.24k     2803.46k     7616.94k    13475.84k    16864.60k
+sha1              542.66k     2843.50k     5320.53k     6833.49k     7389.18k
+rc4              3677.15k     4313.73k     4407.89k     4429.82k     4404.57k
+des cbc          1787.94k     2174.51k     2236.76k     2249.73k     2230.95k
+des ede3          719.46k      777.26k      784.81k      780.29k      783.70k
+idea cbc          619.56k      677.89k      684.12k      685.40k      685.40k
+rc2 cbc           537.51k      573.93k      578.47k      579.24k      578.90k
+blowfish cbc     3226.76k     4221.65k     4424.19k     4468.39k     4377.26k
+cast cbc         2866.13k     3165.35k     3263.15k     3287.04k     3233.11k
+                  sign    verify
+rsa  512 bits   0.0212s   0.0021s
+rsa 1024 bits   0.1072s   0.0064s
+rsa 2048 bits   0.6853s   0.0222s
+rsa 4096 bits   4.9300s   0.0848s
+                  sign    verify
+dsa  512 bits   0.0200s   0.0380s
+dsa 1024 bits   0.0600s   0.1180s
+dsa 2048 bits   0.2110s   0.4221s
diff --git a/crypto/openssl/times/R10000.t b/crypto/openssl/times/R10000.t
new file mode 100644
index 000000000000..6b3874c8665d
--- /dev/null
+++ b/crypto/openssl/times/R10000.t
@@ -0,0 +1,24 @@
+IRIX 6.2 - R10000 195mhz
+SLeay 0.6.5a 06-Dec-1996
+built on Tue Dec 24 03:51:45 EST 1996
+options:bn(32,32) md2(int) rc4(ptr,int) des(ptr,risc2,16,long) idea(int)
+C flags:cc -O2 -DTERMIOS -DB_ENDIAN
+The 'numbers' are in 1000s of bytes per second processed.
+type           8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2            156.34k      424.03k      571.88k      628.88k      646.01k
+md5           1885.02k     8181.72k    13440.53k    16020.60k    16947.54k
+sha           1587.12k     7022.05k    11951.24k    14440.12k    15462.74k
+sha1          1413.13k     6215.86k    10571.16k    12736.22k    13628.51k
+rc4          10556.28k    11974.08k    12077.10k    12111.38k    12103.20k
+des cfb       2977.71k     3252.27k     3284.36k     3302.66k     3290.54k
+des cbc       3298.31k     3704.96k     3771.30k     3730.73k     3778.80k
+des ede3      1278.28k     1328.82k     1342.66k     1339.82k     1343.27k
+idea cfb      2843.34k     3138.04k     3180.95k     3176.46k     3188.54k
+idea cbc      3115.21k     3558.03k     3590.61k     3591.24k     3601.18k
+rc2 cfb       2006.66k     2133.33k     2149.03k     2159.36k     2149.71k
+rc2 cbc       2167.07k     2315.30k     2338.05k     2329.34k     2333.90k
+rsa  512 bits   0.008s
+rsa 1024 bits   0.043s
+rsa 2048 bits   0.280s
+rsa 4096 bits   2.064s
+
diff --git a/crypto/openssl/times/R4400.t b/crypto/openssl/times/R4400.t
new file mode 100644
index 000000000000..af8848ffe369
--- /dev/null
+++ b/crypto/openssl/times/R4400.t
@@ -0,0 +1,26 @@
+IRIX 5.3
+R4400 200mhz
+cc -O2
+SSLeay 0.6.5a 06-Dec-1996
+built on Mon Dec 23 11:51:11 EST 1996
+options:bn(32,32) md2(int) rc4(ptr,int) des(ptr,risc2,16,long) idea(int)
+C flags:cc -O2 -DTERMIOS -DB_ENDIAN
+The 'numbers' are in 1000s of bytes per second processed.
+type           8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2            100.62k      280.25k      380.15k      416.02k      428.82k
+md5            828.62k     3525.05k     6311.98k     7742.51k     8328.04k
+sha            580.04k     2513.74k     4251.73k     5101.04k     5394.80k
+sha1           520.23k     2382.94k     4107.82k     5024.62k     5362.56k
+rc4           5871.53k     6323.08k     6357.49k     6392.04k     6305.45k
+des cfb       1016.76k     1156.72k     1176.59k     1180.55k     1181.65k
+des cbc       1016.38k     1303.81k     1349.10k     1359.41k     1356.62k
+des ede3       607.39k      650.74k      655.11k      657.52k      654.18k
+idea cfb      1296.10k     1348.66k     1353.80k     1358.75k     1355.40k
+idea cbc      1453.90k     1554.68k     1567.84k     1569.89k     1573.57k
+rc2 cfb       1199.86k     1251.69k     1253.57k     1259.56k     1251.31k
+rc2 cbc       1334.60k     1428.55k     1441.89k     1445.42k     1441.45k
+rsa  512 bits   0.024s
+rsa 1024 bits   0.125s
+rsa 2048 bits   0.806s
+rsa 4096 bits   5.800s
+
diff --git a/crypto/openssl/times/aix.t b/crypto/openssl/times/aix.t
new file mode 100644
index 000000000000..4f24e3980e55
--- /dev/null
+++ b/crypto/openssl/times/aix.t
@@ -0,0 +1,34 @@
+from Paco Garcia 
+This machine is a Bull Estrella  Minitower Model MT604-100
+Processor        : PPC604 
+P.Speed          : 100Mhz 
+Data/Instr Cache :    16 K
+L2 Cache         :   256 K
+PCI BUS Speed    :    33 Mhz
+TransfRate PCI   :   132 MB/s
+Memory           :    96 MB
+
+AIX 4.1.4
+
+SSLeay 0.6.6 14-Jan-1997
+built on Mon Jan 13 21:36:03 CUT 1997
+options:bn(64,32) md2(int) rc4(ptr,char) des(idx,cisc,4,long) idea(int) blowfish
+(idx)
+C flags:cc -O -DAIX -DB_ENDIAN
+The 'numbers' are in 1000s of bytes per second processed.
+type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2                53.83k      147.46k      197.63k      215.72k     221.70k
+md5              1278.13k     5354.77k     8679.60k    10195.09k   10780.56k
+sha              1055.34k     4600.37k     7721.30k     9298.94k    9868.63k
+sha1              276.90k     1270.25k     2187.95k     2666.84k    2850.82k
+rc4              4660.57k     5268.93k     5332.48k     5362.47k    5346.65k
+des cbc          1774.16k     1981.10k     1979.56k     2032.71k    1972.25k
+des ede3          748.81k      781.42k      785.66k      785.75k     780.84k
+idea cbc         2066.19k     2329.58k     2378.91k     2379.86k    2380.89k
+rc2 cbc          1278.53k     1379.69k     1389.99k     1393.66k    1389.91k
+blowfish cbc     2812.91k     3307.90k     3364.91k     3386.37k    3374.32k
+rsa  512 bits   0.019s
+rsa 1024 bits   0.096s
+rsa 2048 bits   0.614s
+rsa 4096 bits   4.433s
+
diff --git a/crypto/openssl/times/aixold.t b/crypto/openssl/times/aixold.t
new file mode 100644
index 000000000000..0b51412cf9f0
--- /dev/null
+++ b/crypto/openssl/times/aixold.t
@@ -0,0 +1,23 @@
+SSLeay 0.7.3r 20-May-1997
+built on Mon Jun  2 04:06:32 EST 1997
+options:bn(64,32) md2(int) rc4(ptr,char) des(idx,cisc,4,long) idea(int) blowfish(idx)
+C flags:cc -O -DAIX -DB_ENDIAN
+The 'numbers' are in 1000s of bytes per second processed.
+type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2                19.09k       52.47k       71.23k       77.49k       78.93k
+md5               214.56k      941.21k     1585.43k     1883.12k     1988.70k
+sha               118.35k      521.65k      860.28k     1042.27k     1100.46k
+sha1              109.52k      478.98k      825.90k      995.48k     1049.69k
+rc4              1263.63k     1494.24k     1545.70k     1521.66k     1518.99k
+des cbc           259.62k      286.55k      287.15k      288.15k      289.45k
+des ede3          104.92k      107.88k      109.27k      109.25k      109.96k
+idea cbc          291.63k      320.07k      319.40k      320.51k      318.27k
+rc2 cbc           220.04k      237.76k      241.44k      245.90k      244.08k
+blowfish cbc      407.95k      474.83k      480.99k      485.71k      481.07k
+rsa  512 bits   0.157s   0.019
+rsa 1024 bits   0.908s   0.023
+rsa 2048 bits   6.225s   0.218
+rsa 4096 bits  46.500s   0.830
+dsa  512 bits   0.159s   0.312
+dsa 1024 bits   0.536s   1.057
+dsa 2048 bits   1.970s   3.977
diff --git a/crypto/openssl/times/alpha.t b/crypto/openssl/times/alpha.t
new file mode 100644
index 000000000000..3a7c6c498362
--- /dev/null
+++ b/crypto/openssl/times/alpha.t
@@ -0,0 +1,81 @@
+SSLeay-051 Alpha gcc -O3 64Bit (assember bn_mul)
+type           8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2             44.40k      121.56k      162.73k      179.20k      185.01k
+md5            780.85k     3278.53k     5281.52k     6327.98k     6684.67k
+sha            501.40k     2249.19k     3855.27k     4801.19k     5160.96k
+sha-1          384.99k     1759.72k     3113.64k     3946.92k     4229.80k
+rc4           3505.05k     3724.54k     3723.78k     3555.33k     3694.68k
+des cfb        946.96k     1015.27k     1021.87k     1033.56k     1037.65k
+des cbc       1001.24k     1220.20k     1243.31k     1272.73k     1265.87k
+des ede3       445.34k      491.65k      500.53k      502.10k      502.44k
+idea cfb       643.53k      667.49k      663.81k      666.28k      664.51k
+idea cbc       650.42k      735.41k      733.27k      742.74k      745.47k
+rsa  512 bits   0.031s
+rsa 1024 bits   0.141s
+rsa 2048 bits   0.844s
+rsa 4096 bits   6.033s
+
+SSLeay-051 Alpha cc -O2 64bit (assember bn_mul)
+type           8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2             45.37k      122.86k      165.97k      182.95k      188.42k
+md5            842.42k     3629.93k     5916.76k     7039.17k     7364.61k
+sha            498.93k     2197.23k     3895.60k     4756.48k     5132.13k
+sha-1          382.02k     1757.21k     3112.53k     3865.23k     4128.77k
+rc4           2975.25k     3049.33k     3180.97k     3214.68k     3424.26k
+des cfb        901.55k      990.83k     1006.08k     1011.19k     1004.89k
+des cbc        947.84k     1127.84k     1163.67k     1162.24k     1157.80k
+des ede3       435.62k      485.57k      493.67k      491.52k      491.52k
+idea cfb       629.31k      648.66k      647.77k      648.53k      649.90k
+idea cbc       565.15k      608.00k      613.46k      613.38k      617.13k
+rsa  512 bits   0.030s
+rsa 1024 bits   0.141s
+rsa 2048 bits   0.854s
+rsa 4096 bits   6.067s
+
+des cfb        718.28k      822.64k      833.11k      836.27k      841.05k
+des cbc        806.10k      951.42k      975.83k      983.73k      991.23k
+des ede3       329.50k      379.11k      387.95k      387.41k      388.33k
+
+des cfb        871.62k      948.65k      951.81k      953.00k      955.58k
+des cbc        953.60k     1174.27k     1206.70k     1216.10k     1216.44k
+des ede3       349.34k      418.05k      427.26k      429.74k      431.45k
+
+
+
+
+SSLeay-045c Alpha gcc -O3 64Bit
+type           8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2             44.95k      122.22k      164.27k      180.62k      184.66k
+md5            808.71k     3371.95k     5415.68k     6385.66k     6684.67k
+sha            493.68k     2162.05k     3725.82k     4552.02k     4838.74k
+rc4           3317.32k     3649.09k     3728.30k     3744.09k     3691.86k
+cfb des        996.45k     1050.77k     1058.30k     1059.16k     1064.96k
+cbc des       1096.52k     1255.49k     1282.13k     1289.90k     1299.80k
+ede3 des       482.14k      513.51k      518.66k      520.19k      521.39k
+cfb idea       519.90k      533.40k      535.21k      535.55k      535.21k
+cbc idea       619.34k      682.21k      688.04k      689.15k      690.86k
+rsa  512 bits   0.050s
+rsa 1024 bits   0.279s
+rsa 2048 bits   1.908s
+rsa 4096 bits  14.750s
+
+type           8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2             37.31k      102.77k      137.64k      151.55k      155.78k
+md5            516.65k     2535.21k     4655.72k     5859.66k     6343.34k
+rc4           3519.61k     3707.01k     3746.86k     3755.39k     3675.48k
+cfb des        780.27k      894.68k      913.10k      921.26k      922.97k
+cbc des        867.54k     1040.13k     1074.17k     1075.54k     1084.07k
+ede3 des       357.19k      397.36k      398.08k      402.28k      401.41k
+cbc idea       646.53k      686.44k      694.03k      691.20k      693.59k
+rsa  512 bits   0.046s
+rsa 1024 bits   0.270s
+rsa 2048 bits   1.858s
+rsa 4096 bits  14.350s
+
+md2      C      37.83k      103.17k      137.90k      150.87k      155.37k
+md2      L      37.30k      102.04k      139.01k      152.74k      155.78k
+rc4       I   3532.24k     3718.08k     3750.83k     3768.78k     3694.59k
+rc4      CI   2662.97k     2873.26k     2907.22k     2920.63k     2886.31k
+rc4      LI   3514.63k     3738.72k     3747.41k     3752.96k     3708.49k
+cbc idea S     619.01k      658.68k      661.50k      662.53k      663.55k
+cbc idea  L    645.69k      684.22k      694.55k      692.57k      690.86k
diff --git a/crypto/openssl/times/alpha400.t b/crypto/openssl/times/alpha400.t
new file mode 100644
index 000000000000..079e0d187ce3
--- /dev/null
+++ b/crypto/openssl/times/alpha400.t
@@ -0,0 +1,25 @@
+Alpha EV5.6 (21164A) 400mhz
+
+SSLeay 0.7.3r 20-May-1997
+built on Mon Jun  2 03:39:58 EST 1997
+options:bn(64,64) md2(int) rc4(ptr,int) des(idx,cisc,4,long) idea(int) blowfish(idx)
+C flags:cc -arch host -tune host -fast -std -O4 -inline speed
+The 'numbers' are in 1000s of bytes per second processed.
+type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2               274.98k      760.96k     1034.27k     1124.69k     1148.69k
+md5              2524.46k    11602.60k    19838.81k    24075.26k    25745.10k
+sha              1848.46k     8335.66k    14232.49k    17247.91k    18530.30k
+sha1             1639.67k     7336.53k    12371.80k    14807.72k    15870.63k
+rc4             17950.93k    19390.66k    19652.44k    19700.39k    19412.31k
+des cbc          4018.59k     4872.06k     4988.76k     5003.26k     4995.73k
+des ede3         1809.11k     1965.67k     1984.26k     1986.90k     1982.46k
+idea cbc         2848.82k     3204.33k     3250.26k     3257.34k     3260.42k
+rc2 cbc          3766.08k     4349.50k     4432.21k     4448.94k     4448.26k
+blowfish cbc     6694.88k     9042.35k     9486.93k     9598.98k     9624.91k
+rsa  512 bits   0.003s   0.000
+rsa 1024 bits   0.013s   0.000
+rsa 2048 bits   0.081s   0.003
+rsa 4096 bits   0.577s   0.011
+dsa  512 bits   0.003s   0.005
+dsa 1024 bits   0.007s   0.014
+dsa 2048 bits   0.025s   0.050
diff --git a/crypto/openssl/times/cyrix100.lnx b/crypto/openssl/times/cyrix100.lnx
new file mode 100644
index 000000000000..010a2216b1e8
--- /dev/null
+++ b/crypto/openssl/times/cyrix100.lnx
@@ -0,0 +1,22 @@
+SSLeay 0.6.6 06-Dec-1996
+built on Fri Dec  6 10:05:20 GMT 1996
+options:bn(64,32) md2(char) rc4(idx,int) des(idx,risc,16,long) idea(int)
+C flags:gcc -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized
+The 'numbers' are in 1000s of bytes per second processed.
+type           8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2             36.77k      102.48k      138.00k      151.57k      155.78k
+md5            513.59k     2577.22k     4623.51k     5768.99k     6214.53k
+sha            259.89k     1105.45k     1814.97k     2156.16k     2292.13k
+sha1           242.43k     1040.95k     1719.44k     2049.74k     2164.64k
+rc4           1984.48k     2303.41k     2109.37k     2071.47k     1985.61k
+des cfb        712.08k      758.29k      753.17k      752.06k      748.67k
+des cbc        787.37k      937.64k      956.77k      961.61k      957.54k
+des ede3       353.97k      377.28k      379.99k      379.34k      379.11k
+idea cfb       403.80k      418.50k      416.60k      415.78k      415.03k
+idea cbc       426.54k      466.40k      471.31k      472.67k      473.14k
+rc2 cfb        405.15k      420.05k      418.16k      416.72k      416.36k
+rc2 cbc        428.21k      468.43k      473.09k      472.59k      474.70k
+rsa  512 bits   0.040s
+rsa 1024 bits   0.195s
+rsa 2048 bits   1.201s
+rsa 4096 bits   8.700s
diff --git a/crypto/openssl/times/dgux-x86.t b/crypto/openssl/times/dgux-x86.t
new file mode 100644
index 000000000000..70635c536b45
--- /dev/null
+++ b/crypto/openssl/times/dgux-x86.t
@@ -0,0 +1,23 @@
+version:SSLeay 0.5.2c 15-May-1996
+built Fri Jun 14 19:47:04 EST 1996
+options:bn(LLONG,thirty_two) md2(CHAR) rc4(IDX,int) des(ary,long) idea(int)
+C flags:gcc -O3 -fomit-frame-pointer -DL_ENDIAN
+
+type           8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2            113.86k      316.48k      428.36k      467.63k      481.56k
+md5           1001.99k     5037.99k     9545.94k    12036.95k    11800.38k
+sha            628.77k     2743.48k     5113.42k     6206.99k     6165.42k
+sha1           583.83k     2638.66k     4538.85k     5532.09k     5917.04k
+rc4           5493.27k     6369.39k     6511.30k     6577.83k     6486.73k
+des cfb       1219.01k     1286.06k     1299.33k     1288.87k     1381.72k
+des cbc       1360.58k     1469.04k     1456.96k     1454.08k     1513.57k
+des ede3       544.45k      567.84k      568.99k      570.37k      566.09k
+idea cfb      1012.39k     1056.30k     1063.52k      989.17k      863.24k
+idea cbc       985.36k     1090.44k     1105.92k     1108.65k     1090.17k
+rc2 cfb        963.86k      979.06k      995.30k      937.35k      827.39k
+rc2 cbc        951.72k     1042.11k     1049.60k     1047.21k     1059.11k
+rsa  512 bits   0.032s
+rsa 1024 bits   0.159s
+rsa 2048 bits   1.025s
+rsa 4096 bits   7.270s
+
diff --git a/crypto/openssl/times/dgux.t b/crypto/openssl/times/dgux.t
new file mode 100644
index 000000000000..c7f7564e8dab
--- /dev/null
+++ b/crypto/openssl/times/dgux.t
@@ -0,0 +1,17 @@
+type           8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2             38.54k      106.28k      144.00k      157.46k      161.72k
+md5            323.23k     1471.62k     2546.11k     3100.20k     3309.57k
+rc4        I  1902.74k     2055.20k     2080.42k     2077.88k     2065.46k
+cfb des        456.23k      475.22k      481.79k      488.42k      487.17k
+cbc des        484.30k      537.50k      553.09k      558.08k      558.67k
+ede3 des       199.97k      209.05k      211.03k      211.85k      212.78k
+cbc idea       478.50k      519.33k      523.42k      525.09k      526.44k
+rsa  512 bits   0.159s !RSA_LLONG
+rsa 1024 bits   1.053s
+rsa 2048 bits   7.600s
+rsa 4096 bits  59.760s
+
+md2       C     30.53k       83.58k      112.84k      123.22k      126.24k
+rc4           1844.56k     1975.50k     1997.73k     1994.95k     1984.88k
+rc4       C   1800.09k     1968.85k     1995.20k     1992.36k     1996.80k
+rc4       CI  1830.81k     2035.75k     2067.28k     2070.23k     2062.77k
diff --git a/crypto/openssl/times/hpux-acc.t b/crypto/openssl/times/hpux-acc.t
new file mode 100644
index 000000000000..0c0e936d1932
--- /dev/null
+++ b/crypto/openssl/times/hpux-acc.t
@@ -0,0 +1,25 @@
+HPUX 887
+
+SSLeay 0.7.3r 20-May-1997
+built on Mon Jun  2 02:59:45 EST 1997
+options:bn(32,32) md2(int) rc4(ptr,int) des(ptr,risc1,16,long) idea(int) blowfish(idx)
+C flags:cc -DB_ENDIAN -D_HPUX_SOURCE -Aa -Ae +ESlit +O4 -Wl,-a,archive
+The 'numbers' are in 1000s of bytes per second processed.
+type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2                58.99k      166.85k      225.07k      247.21k      253.76k
+md5               639.22k     2726.98k     4477.25k     5312.69k     5605.20k
+sha               381.08k     1661.49k     2793.84k     3368.86k     3581.23k
+sha1              349.54k     1514.56k     2536.63k     3042.59k     3224.39k
+rc4              2891.10k     4238.01k     4464.11k     4532.49k     4545.87k
+des cbc           717.05k      808.76k      820.14k      821.97k      821.96k
+des ede3          288.21k      303.50k      303.69k      305.82k      305.14k
+idea cbc          325.83k      334.36k      335.89k      336.61k      333.43k
+rc2 cbc           793.00k      915.81k      926.69k      933.28k      929.53k
+blowfish cbc     1561.91k     2051.97k     2122.65k     2139.40k     2145.92k
+rsa  512 bits   0.031s   0.004
+rsa 1024 bits   0.164s   0.004
+rsa 2048 bits   1.055s   0.037
+rsa 4096 bits   7.600s   0.137
+dsa  512 bits   0.029s   0.057
+dsa 1024 bits   0.092s   0.177
+dsa 2048 bits   0.325s   0.646
diff --git a/crypto/openssl/times/hpux-kr.t b/crypto/openssl/times/hpux-kr.t
new file mode 100644
index 000000000000..ad4a0adc1876
--- /dev/null
+++ b/crypto/openssl/times/hpux-kr.t
@@ -0,0 +1,23 @@
+SSLeay 0.7.3r 20-May-1997
+built on Mon Jun  2 02:17:35 EST 1997
+options:bn(32,32) md2(int) rc4(ptr,int) des(ptr,cisc,16,long) idea(int) blowfish(idx)
+C flags:cc -DB_ENDIAN -DNOCONST -DNOPROTO -D_HPUX_SOURCE
+The 'numbers' are in 1000s of bytes per second processed.
+type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2                35.30k       98.36k      133.41k      146.34k      150.69k
+md5               391.20k     1737.31k     2796.65k     3313.75k     3503.74k
+sha               189.55k      848.14k     1436.72k     1735.87k     1848.03k
+sha1              175.30k      781.14k     1310.32k     1575.61k     1675.81k
+rc4              2070.55k     2501.47k     2556.65k     2578.34k     2584.91k
+des cbc           465.13k      536.85k      545.87k      547.86k      548.89k
+des ede3          190.05k      200.99k      202.31k      202.22k      202.75k
+idea cbc          263.44k      277.77k      282.13k      281.51k      283.15k
+rc2 cbc           448.37k      511.39k      519.54k      522.00k      521.31k
+blowfish cbc      839.98k     1097.70k     1131.16k     1145.64k     1144.67k
+rsa  512 bits   0.048s   0.005
+rsa 1024 bits   0.222s   0.006
+rsa 2048 bits   1.272s   0.042
+rsa 4096 bits   8.445s   0.149
+dsa  512 bits   0.041s   0.077
+dsa 1024 bits   0.111s   0.220
+dsa 2048 bits   0.363s   0.726
diff --git a/crypto/openssl/times/hpux.t b/crypto/openssl/times/hpux.t
new file mode 100644
index 000000000000..dcf7615edf36
--- /dev/null
+++ b/crypto/openssl/times/hpux.t
@@ -0,0 +1,86 @@
+HP-UX A.09.05 9000/712
+
+SSLeay 0.6.6 14-Jan-1997
+built on Tue Jan 14 16:36:31 WET 1997
+options:bn(32,32) md2(int) rc4(ptr,int) des(ptr,risc1,16,long) idea(int) 
+blowfish(idx)
+C flags:cc -DB_ENDIAN -D_HPUX_SOURCE -Aa +ESlit +O2 -Wl,-a,archive
+The 'numbers' are in 1000s of bytes per second processed.
+type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2                66.56k      184.92k      251.82k      259.86k      282.62k
+md5               615.54k     2805.92k     4764.30k     5724.21k     6084.39k
+sha               358.23k     1616.46k     2781.50k     3325.72k     3640.89k
+sha1              327.50k     1497.98k     2619.44k     3220.26k     3460.85k
+rc4              3500.47k     3890.99k     3943.81k     3883.74k     3900.02k
+des cbc           742.65k      871.66k      887.15k      891.21k      895.40k
+des ede3          302.42k      322.50k      324.46k      326.66k      326.05k
+idea cbc          664.41k      755.87k      765.61k      772.70k      773.69k
+rc2 cbc           798.78k      931.04k      947.69k      950.31k      952.04k
+blowfish cbc     1353.32k     1932.29k     2021.93k     2047.02k     2053.66k
+rsa  512 bits   0.059s
+rsa 1024 bits   0.372s
+rsa 2048 bits   2.697s
+rsa 4096 bits  20.790s
+
+SSLeay 0.6.6 14-Jan-1997
+built on Tue Jan 14 15:37:30 WET 1997
+options:bn(64,32) md2(int) rc4(ptr,int) des(ptr,risc1,16,long) idea(int) 
+blowfish(idx)
+C flags:gcc -DB_ENDIAN -O3
+The 'numbers' are in 1000s of bytes per second processed.
+type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2                44.91k      122.57k      167.71k      183.89k      190.24k
+md5               532.50k     2316.27k     3965.72k     4740.11k     5055.06k
+sha               363.76k     1684.09k     2978.53k     3730.86k     3972.72k
+sha1              385.76k     1743.53k     2997.69k     3650.74k     3899.08k
+rc4              3178.84k     3621.31k     3672.71k     3684.01k     3571.54k
+des cbc           733.00k      844.70k      863.28k      863.72k      868.73k
+des ede3          289.99k      308.94k      310.11k      309.64k      312.08k
+idea cbc          624.07k      713.91k      724.76k      723.35k      725.13k
+rc2 cbc           704.34k      793.39k      804.25k      805.99k      782.63k
+blowfish cbc     1371.24k     1823.66k     1890.05k     1915.51k     1920.12k
+rsa  512 bits   0.030s
+rsa 1024 bits   0.156s
+rsa 2048 bits   1.113s
+rsa 4096 bits   7.480s
+
+
+HPUX B.10.01 V 9000/887 - HP92453-01 A.10.11 HP C Compiler
+SSLeay 0.5.2 - -Aa +ESlit +Oall +O4 -Wl,-a,archive
+
+HPUX A.09.04 B 9000/887
+
+ssleay 0.5.1 gcc v 2.7.0 -O3 -mpa-risc-1-1
+type           8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2             53.00k      166.81k      205.66k      241.95k      242.20k
+md5            743.22k     3128.44k     6031.85k     6142.07k     7025.26k
+sha            481.30k     2008.24k     3361.31k     3985.07k     4180.74k
+sha-1          463.60k     1916.15k     3139.24k     3786.27k     3997.70k
+rc4           3708.61k     4125.16k     4547.53k     4206.21k     4390.07k
+des cfb        665.91k      705.97k      698.48k      694.25k      666.08k
+des cbc        679.80k      741.90k      769.85k      747.62k      719.47k
+des ede3       264.31k      270.22k      265.63k      273.07k      273.07k
+idea cfb       635.91k      673.40k      605.60k      699.53k      672.36k
+idea cbc       705.85k      774.63k      750.60k      715.83k      721.50k
+rsa  512 bits   0.066s
+rsa 1024 bits   0.372s
+rsa 2048 bits   2.177s
+rsa 4096 bits  16.230s
+
+HP92453-01 A.09.61 HP C Compiler
+ssleay 0.5.1 cc -Ae +ESlit +Oall -Wl,-a,archive
+type           8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2             58.69k      163.30k      213.57k      230.40k      254.23k
+md5            608.60k     2596.82k     3871.43k     4684.10k     4763.88k
+sha            343.26k     1482.43k     2316.80k     2766.27k     2860.26k
+sha-1          319.15k     1324.13k     2106.03k     2527.82k     2747.95k
+rc4           2467.47k     3374.41k     3265.49k     3354.39k     3368.55k
+des cfb        812.05k      814.90k      851.20k      819.20k      854.56k
+des cbc        836.35k      994.06k      916.02k     1020.01k      988.14k
+des ede3       369.78k      389.15k      401.01k      382.94k      408.03k
+idea cfb       290.40k      298.06k      286.11k      296.92k      299.46k
+idea cbc       301.30k      297.72k      304.34k      300.10k      309.70k
+rsa  512 bits   0.350s
+rsa 1024 bits   2.635s
+rsa 2048 bits  19.930s
+
diff --git a/crypto/openssl/times/p2.w95 b/crypto/openssl/times/p2.w95
new file mode 100644
index 000000000000..82d1e5515d59
--- /dev/null
+++ b/crypto/openssl/times/p2.w95
@@ -0,0 +1,22 @@
+The 'numbers' are in 1000s of bytes per second processed.
+type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2               235.90k      652.30k      893.36k      985.74k      985.74k
+mdc2              779.61k      816.81k      825.65k      816.01k      825.65k
+md5              2788.77k    13508.23k    24672.38k    30504.03k    33156.55k
+sha              1938.22k     8397.01k    14122.24k    16980.99k    18196.55k
+sha1             1817.29k     7832.50k    13168.93k    15738.48k    16810.84k
+rc4             15887.52k    21709.65k    22745.68k    22995.09k    22995.09k
+des cbc          4599.02k     5377.31k     5377.31k     5533.38k     5533.38k
+des ede3         1899.59k     2086.71k     2086.67k     2086.51k     2085.90k
+idea cbc         3350.08k     3934.62k     3979.42k     4017.53k     4017.53k
+rc2 cbc          1534.13k     1630.76k     1625.70k     1644.83k     1653.91k
+blowfish cbc     6678.83k     8490.49k     8701.88k     8848.74k     8886.24k
+                  sign    verify
+rsa  512 bits   0.0062s   0.0008s
+rsa 1024 bits   0.0287s   0.0009s
+rsa 2048 bits   0.1785s   0.0059s
+rsa 4096 bits   1.1300s   0.0205s
+                  sign    verify
+dsa  512 bits   0.0055s   0.0100s
+dsa 1024 bits   0.0154s   0.0299s
+dsa 2048 bits   0.0502s   0.0996s
diff --git a/crypto/openssl/times/pent2.t b/crypto/openssl/times/pent2.t
new file mode 100644
index 000000000000..b6dc269155ac
--- /dev/null
+++ b/crypto/openssl/times/pent2.t
@@ -0,0 +1,24 @@
+pentium 2, 266mhz, Visual C++ 5.0, Windows 95
+
+The 'numbers' are in 1000s of bytes per second processed.
+type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2               235.90k      652.30k      893.36k      985.74k      985.74k
+mdc2              779.61k      816.81k      825.65k      816.01k      825.65k
+md5              2788.77k    13508.23k    24672.38k    30504.03k    33156.55k
+sha              1938.22k     8397.01k    14122.24k    16980.99k    18196.55k
+sha1             1817.29k     7832.50k    13168.93k    15738.48k    16810.84k
+rc4             15887.52k    21709.65k    22745.68k    22995.09k    22995.09k
+des cbc          4599.02k     5377.31k     5377.31k     5533.38k     5533.38k
+des ede3         1899.59k     2086.71k     2086.67k     2086.51k     2085.90k
+idea cbc         3350.08k     3934.62k     3979.42k     4017.53k     4017.53k
+rc2 cbc          1534.13k     1630.76k     1625.70k     1644.83k     1653.91k
+blowfish cbc     6678.83k     8490.49k     8701.88k     8848.74k     8886.24k
+                  sign    verify
+rsa  512 bits   0.0062s   0.0008s
+rsa 1024 bits   0.0287s   0.0009s
+rsa 2048 bits   0.1785s   0.0059s
+rsa 4096 bits   1.1300s   0.0205s
+                  sign    verify
+dsa  512 bits   0.0055s   0.0100s
+dsa 1024 bits   0.0154s   0.0299s
+dsa 2048 bits   0.0502s   0.0996s
diff --git a/crypto/openssl/times/readme b/crypto/openssl/times/readme
new file mode 100644
index 000000000000..7074f5815b9d
--- /dev/null
+++ b/crypto/openssl/times/readme
@@ -0,0 +1,11 @@
+The 'times' in this directory are not all for the most recent version of
+the library and it should be noted that on some CPUs (specifically sparc
+and Alpha), the locations of files in the application after linking can
+make upto a %10 speed difference when running benchmarks on things like
+cbc mode DES.  To put it mildly this can be very anoying.
+
+About the only way to get around this would be to compile the library as one
+object file, or to 'include' the source files in a specific order.
+
+The best way to get an idea of the 'raw' DES speed is to build the 
+'speed' program in crypto/des.
diff --git a/crypto/openssl/times/s586-100.lnx b/crypto/openssl/times/s586-100.lnx
new file mode 100644
index 000000000000..cbc3e3c4fb91
--- /dev/null
+++ b/crypto/openssl/times/s586-100.lnx
@@ -0,0 +1,25 @@
+Shared library build
+
+SSLeay 0.7.3 30-Apr-1997
+built on Tue May 13 03:43:56 EST 1997
+options:bn(64,32) md2(char) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(ptr2)
+C flags:-DTERMIO -O3 -DL_ENDIAN -fomit-frame-pointer -m486 -Wall
+The 'numbers' are in 1000s of bytes per second processed.
+type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2                68.95k      191.40k      258.22k      283.31k      291.21k
+md5               627.37k     3064.75k     5370.15k     6765.91k     7255.38k
+sha               323.35k     1431.32k     2417.07k     2916.69k     3102.04k
+sha1              298.08k     1318.34k     2228.82k     2694.83k     2864.47k
+rc4              3404.13k     4026.33k     4107.43k     4136.28k     4117.85k
+des cbc          1414.60k     1782.53k     1824.24k     1847.64k     1840.47k
+des ede3          588.36k      688.19k      700.33k      702.46k      704.51k
+idea cbc          582.96k      636.71k      641.54k      642.39k      642.30k
+rc2 cbc           569.34k      612.37k      617.64k      617.47k      619.86k
+blowfish cbc     2015.77k     2534.49k     2609.65k     2607.10k     2615.98k
+rsa  512 bits   0.027s   0.003
+rsa 1024 bits   0.128s   0.003
+rsa 2048 bits   0.779s   0.027
+rsa 4096 bits   5.450s   0.098
+dsa  512 bits   0.024s   0.045
+dsa 1024 bits   0.068s   0.132
+dsa 2048 bits   0.231s   0.469
diff --git a/crypto/openssl/times/s586-100.nt b/crypto/openssl/times/s586-100.nt
new file mode 100644
index 000000000000..8e3baf6d5e62
--- /dev/null
+++ b/crypto/openssl/times/s586-100.nt
@@ -0,0 +1,23 @@
+SSLeay 0.7.3 30-Apr-1997
+built on Mon May 19 10:47:38 EST 1997
+options:bn(64,32) md2(char) rc4(idx,int) des(idx,cisc,4,long) idea(int) blowfish(ptr2)
+C flags not available
+The 'numbers' are in 1000s of bytes per second processed.
+type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2                90.26k      248.57k      335.06k      366.09k      376.64k
+md5               863.95k     4205.24k     7628.78k     9582.60k    10290.25k
+sha               463.93k     2102.51k     3623.28k     4417.85k     4695.29k
+sha1              458.23k     2005.88k     3385.78k     4094.00k     4340.13k
+rc4              5843.60k     7543.71k     7790.31k     7836.89k     7791.47k
+des cbc          1583.95k     1910.67k     1960.69k     1972.12k     1946.13k
+des ede3          654.79k      722.60k      740.97k      745.82k      738.27k
+idea cbc          792.04k      876.96k      887.35k      892.63k      890.36k
+rc2 cbc           603.50k      652.38k      661.85k      662.69k      661.44k
+blowfish cbc     2379.88k     3043.76k     3153.61k     3153.61k     3134.76k
+rsa  512 bits   0.022s   0.003
+rsa 1024 bits   0.111s   0.003
+rsa 2048 bits   0.716s   0.025
+rsa 4096 bits   5.188s   0.094
+dsa  512 bits   0.020s   0.039
+dsa 1024 bits   0.062s   0.124
+dsa 2048 bits   0.221s   0.441
diff --git a/crypto/openssl/times/sgi.t b/crypto/openssl/times/sgi.t
new file mode 100644
index 000000000000..7963610150b7
--- /dev/null
+++ b/crypto/openssl/times/sgi.t
@@ -0,0 +1,29 @@
+SGI Challenge R4400 200mhz IRIX 5.3 - gcc (2.6.3)
+SSLeay 0.6.1 02-Jul-1996
+built on Tue Jul  2 16:25:30 EST 1996
+options:bn(64,32) md2(char) rc4(idx,char) des(idx,long) idea(int)
+C flags:gcc -O2 -mips2 -DTERMIOS -DB_ENDIAN
+The 'numbers' are in 1000s of bytes per second processed.
+type           8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2             96.53k      266.70k      360.09k      393.70k      405.07k
+md5            971.15k     4382.56k     7406.90k     8979.99k     9559.18k
+sha            596.86k     2832.26k     4997.30k     6277.75k     6712.89k
+sha1           578.34k     2630.16k     4632.05k     5684.34k     6083.37k
+rc4           5641.12k     6821.76k     6996.13k     7052.61k     6913.32k
+des cfb       1354.86k     1422.11k     1434.58k     1433.24k     1432.89k
+des cbc       1467.13k     1618.92k     1630.08k     1637.00k     1629.62k
+des ede3       566.13k      591.91k      596.86k      596.18k      592.54k
+idea cfb      1190.60k     1264.49k     1270.38k     1267.84k     1272.37k
+idea cbc      1271.45k     1410.37k     1422.49k     1426.46k     1421.73k
+rc2 cfb       1285.73k     1371.40k     1380.92k     1383.13k     1379.23k
+rc2 cbc       1386.61k     1542.10k     1562.49k     1572.45k     1567.93k
+rsa  512 bits   0.018s
+rsa 1024 bits   0.106s
+rsa 2048 bits   0.738s
+rsa 4096 bits   5.535s
+
+version:SSLeay 0.5.2c 15-May-1996
+rsa  512 bits   0.035s
+rsa 1024 bits   0.204s
+rsa 2048 bits   1.423s
+rsa 4096 bits  10.800s
diff --git a/crypto/openssl/times/sparc.t b/crypto/openssl/times/sparc.t
new file mode 100644
index 000000000000..1611f76570a4
--- /dev/null
+++ b/crypto/openssl/times/sparc.t
@@ -0,0 +1,26 @@
+gcc 2.7.2
+Sparc 10 - Solaris 2.3 - 50mhz
+SSLeay 0.7.3r 20-May-1997
+built on Mon Jun  2 00:55:51 EST 1997
+options:bn(64,32) md2(int) rc4(ptr,char) des(idx,cisc,16,long) idea(int) blowfish(ptr)
+C flags:gcc -O3 -fomit-frame-pointer -mv8 -Wall
+The 'numbers' are in 1000s of bytes per second processed.
+type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2                54.88k      154.52k      210.35k      231.08k      237.21k
+md5               550.75k     2460.49k     4116.01k     4988.74k     5159.86k
+sha               340.28k     1461.76k     2430.10k     2879.87k     2999.15k
+sha1              307.27k     1298.41k     2136.26k     2540.07k     2658.28k
+rc4              2652.21k     2805.24k     3301.63k     4003.98k     4071.18k
+des cbc           811.78k      903.93k      914.19k      921.60k      932.29k
+des ede3          328.21k      344.93k      349.64k      351.48k      345.07k
+idea cbc          685.06k      727.42k      734.41k      730.11k      739.21k
+rc2 cbc           718.59k      777.02k      781.96k      784.38k      782.60k
+blowfish cbc     1268.85k     1520.64k     1568.88k     1587.54k     1591.98k
+rsa  512 bits   0.037s   0.005
+rsa 1024 bits   0.213s   0.006
+rsa 2048 bits   1.471s   0.053
+rsa 4096 bits  11.100s   0.202
+dsa  512 bits   0.038s   0.074
+dsa 1024 bits   0.128s   0.248
+dsa 2048 bits   0.473s   0.959
+
diff --git a/crypto/openssl/times/sparc2 b/crypto/openssl/times/sparc2
new file mode 100644
index 000000000000..4b0dd805efc0
--- /dev/null
+++ b/crypto/openssl/times/sparc2
@@ -0,0 +1,21 @@
+type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2                14.56k       40.25k       54.95k       60.13k       62.18k
+mdc2               53.59k       57.45k       58.11k       58.21k       58.51k
+md5               176.95k      764.75k     1270.36k     1520.14k     1608.36k
+hmac(md5)          55.88k      369.70k      881.15k     1337.05k     1567.40k
+sha1               92.69k      419.75k      723.63k      878.82k      939.35k
+rc4              1247.28k     1414.09k     1434.30k     1434.34k     1441.13k
+des cbc           284.41k      318.58k      323.07k      324.09k      323.87k
+des ede3          109.99k      119.99k      121.60k      121.87k      121.66k
+idea cbc           43.06k       43.68k       43.84k       43.64k       44.07k
+rc2 cbc           278.85k      311.44k      316.50k      316.57k      317.37k
+blowfish cbc      468.89k      569.35k      581.61k      568.34k      559.54k
+cast cbc          285.84k      338.79k      345.71k      346.19k      341.09k
+                  sign    verify
+rsa  512 bits   0.4175s   0.0519s
+rsa 1024 bits   2.9325s   0.1948s
+rsa 2048 bits  22.3600s   0.7669s
+		  sign    verify
+dsa  512 bits   0.5178s   1.0300s
+dsa 1024 bits   1.8780s   3.7167s
+dsa 2048 bits   7.3500s  14.4800s
diff --git a/crypto/openssl/times/sparcLX.t b/crypto/openssl/times/sparcLX.t
new file mode 100644
index 000000000000..2fdaed7cc500
--- /dev/null
+++ b/crypto/openssl/times/sparcLX.t
@@ -0,0 +1,22 @@
+Sparc Station LX
+SSLeay 0.7.3 30-Apr-1997
+built on Thu May  1 10:44:02 EST 1997
+options:bn(64,32) md2(int) rc4(ptr,char) des(idx,cisc,16,long) idea(int) blowfish(ptr)
+C flags:gcc -O3 -fomit-frame-pointer -mv8 -Wall
+The 'numbers' are in 1000s of bytes per second processed.
+type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2                17.60k       48.72k       66.47k       72.70k       74.72k
+md5               226.24k     1082.21k     1982.72k     2594.02k     2717.01k
+sha                71.38k      320.71k      551.08k      677.76k      720.90k
+sha1               63.08k      280.79k      473.86k      576.94k      608.94k
+rc4              1138.30k     1257.67k     1304.49k     1377.78k     1364.42k
+des cbc           265.34k      308.85k      314.28k      315.39k      317.20k
+des ede3           83.23k       93.13k       94.04k       94.50k       94.63k
+idea cbc          254.48k      274.26k      275.88k      274.68k      275.80k
+rc2 cbc           328.27k      375.39k      381.43k      381.61k      380.83k
+blowfish cbc      487.00k      498.02k      510.12k      515.41k      516.10k
+rsa  512 bits   0.093s
+rsa 1024 bits   0.537s
+rsa 2048 bits   3.823s
+rsa 4096 bits  28.650s
+
diff --git a/crypto/openssl/times/usparc.t b/crypto/openssl/times/usparc.t
new file mode 100644
index 000000000000..2215624f9f2e
--- /dev/null
+++ b/crypto/openssl/times/usparc.t
@@ -0,0 +1,25 @@
+Sparc 2000? - Solaris 2.5.1 - 167mhz Ultra sparc
+
+SSLeay 0.7.3r 20-May-1997
+built on Mon Jun  2 02:25:48 EST 1997
+options:bn(64,32) md2(int) rc4(ptr,char) des(ptr,risc1,16,long) idea(int) blowfish(ptr)
+C flags:cc cc -xtarget=ultra -xarch=v8plus -Xa -xO5 -Xa -DB_ENDIAN
+The 'numbers' are in 1000s of bytes per second processed.
+type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2               135.23k      389.87k      536.66k      591.87k      603.48k
+md5              1534.38k     6160.41k     9842.69k    11446.95k    11993.09k
+sha              1178.30k     5020.74k     8532.22k    10275.50k    11010.05k
+sha1             1114.22k     4703.94k     7703.81k     9236.14k     9756.67k
+rc4             10818.03k    13327.57k    13711.10k    13810.69k    13836.29k
+des cbc          3052.44k     3320.02k     3356.25k     3369.98k     3295.91k
+des ede3         1310.32k     1359.98k     1367.47k     1362.94k     1362.60k
+idea cbc         1749.52k     1833.13k     1844.74k     1848.32k     1848.66k
+rc2 cbc          1950.25k     2053.23k     2064.21k     2072.58k     2072.58k
+blowfish cbc     4927.16k     5659.75k     5762.73k     5797.55k     5805.40k
+rsa  512 bits   0.021s   0.003
+rsa 1024 bits   0.126s   0.003
+rsa 2048 bits   0.888s   0.032
+rsa 4096 bits   6.770s   0.122
+dsa  512 bits   0.022s   0.043
+dsa 1024 bits   0.076s   0.151
+dsa 2048 bits   0.286s   0.574
diff --git a/crypto/openssl/times/x86/bfs.cpp b/crypto/openssl/times/x86/bfs.cpp
new file mode 100644
index 000000000000..d74c45776078
--- /dev/null
+++ b/crypto/openssl/times/x86/bfs.cpp
@@ -0,0 +1,67 @@
+//
+// gettsc.inl
+//
+// gives access to the Pentium's (secret) cycle counter
+//
+// This software was written by Leonard Janke (janke@unixg.ubc.ca)
+// in 1996-7 and is entered, by him, into the public domain.
+
+#if defined(__WATCOMC__)
+void GetTSC(unsigned long&);
+#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
+#elif defined(__GNUC__)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  asm volatile(".byte 15, 49\n\t"
+	       : "=eax" (tsc)
+	       :
+	       : "%edx", "%eax");
+}
+#elif defined(_MSC_VER)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  unsigned long a;
+  __asm _emit 0fh
+  __asm _emit 31h
+  __asm mov a, eax;
+  tsc=a;
+}
+#endif      
+
+#include 
+#include 
+#include 
+
+void main(int argc,char *argv[])
+	{
+	BF_KEY key;
+	unsigned long s1,s2,e1,e2;
+	unsigned long data[2];
+	int i,j;
+
+	for (j=0; j<6; j++)
+		{
+		for (i=0; i<1000; i++) /**/
+			{
+			BF_encrypt(&data[0],&key);
+			GetTSC(s1);
+			BF_encrypt(&data[0],&key);
+			BF_encrypt(&data[0],&key);
+			BF_encrypt(&data[0],&key);
+			GetTSC(e1);
+			GetTSC(s2);
+			BF_encrypt(&data[0],&key);
+			BF_encrypt(&data[0],&key);
+			BF_encrypt(&data[0],&key);
+			BF_encrypt(&data[0],&key);
+			GetTSC(e2);
+			BF_encrypt(&data[0],&key);
+			}
+
+		printf("blowfish %d %d (%d)\n",
+			e1-s1,e2-s2,((e2-s2)-(e1-s1)));
+		}
+	}
+
diff --git a/crypto/openssl/times/x86/casts.cpp b/crypto/openssl/times/x86/casts.cpp
new file mode 100644
index 000000000000..7661191acf5c
--- /dev/null
+++ b/crypto/openssl/times/x86/casts.cpp
@@ -0,0 +1,67 @@
+//
+// gettsc.inl
+//
+// gives access to the Pentium's (secret) cycle counter
+//
+// This software was written by Leonard Janke (janke@unixg.ubc.ca)
+// in 1996-7 and is entered, by him, into the public domain.
+
+#if defined(__WATCOMC__)
+void GetTSC(unsigned long&);
+#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
+#elif defined(__GNUC__)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  asm volatile(".byte 15, 49\n\t"
+	       : "=eax" (tsc)
+	       :
+	       : "%edx", "%eax");
+}
+#elif defined(_MSC_VER)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  unsigned long a;
+  __asm _emit 0fh
+  __asm _emit 31h
+  __asm mov a, eax;
+  tsc=a;
+}
+#endif      
+
+#include 
+#include 
+#include 
+
+void main(int argc,char *argv[])
+	{
+	CAST_KEY key;
+	unsigned long s1,s2,e1,e2;
+	unsigned long data[2];
+	int i,j;
+
+	for (j=0; j<6; j++)
+		{
+		for (i=0; i<1000; i++) /**/
+			{
+			CAST_encrypt(&data[0],&key);
+			GetTSC(s1);
+			CAST_encrypt(&data[0],&key);
+			CAST_encrypt(&data[0],&key);
+			CAST_encrypt(&data[0],&key);
+			GetTSC(e1);
+			GetTSC(s2);
+			CAST_encrypt(&data[0],&key);
+			CAST_encrypt(&data[0],&key);
+			CAST_encrypt(&data[0],&key);
+			CAST_encrypt(&data[0],&key);
+			GetTSC(e2);
+			CAST_encrypt(&data[0],&key);
+			}
+
+		printf("cast %d %d (%d)\n",
+			e1-s1,e2-s2,((e2-s2)-(e1-s1)));
+		}
+	}
+
diff --git a/crypto/openssl/times/x86/des3s.cpp b/crypto/openssl/times/x86/des3s.cpp
new file mode 100644
index 000000000000..02d527c057c2
--- /dev/null
+++ b/crypto/openssl/times/x86/des3s.cpp
@@ -0,0 +1,67 @@
+//
+// gettsc.inl
+//
+// gives access to the Pentium's (secret) cycle counter
+//
+// This software was written by Leonard Janke (janke@unixg.ubc.ca)
+// in 1996-7 and is entered, by him, into the public domain.
+
+#if defined(__WATCOMC__)
+void GetTSC(unsigned long&);
+#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
+#elif defined(__GNUC__)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  asm volatile(".byte 15, 49\n\t"
+	       : "=eax" (tsc)
+	       :
+	       : "%edx", "%eax");
+}
+#elif defined(_MSC_VER)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  unsigned long a;
+  __asm _emit 0fh
+  __asm _emit 31h
+  __asm mov a, eax;
+  tsc=a;
+}
+#endif      
+
+#include 
+#include 
+#include 
+
+void main(int argc,char *argv[])
+	{
+	des_key_schedule key1,key2,key3;
+	unsigned long s1,s2,e1,e2;
+	unsigned long data[2];
+	int i,j;
+
+	for (j=0; j<6; j++)
+		{
+		for (i=0; i<1000; i++) /**/
+			{
+			des_encrypt3(&data[0],key1,key2,key3);
+			GetTSC(s1);
+			des_encrypt3(&data[0],key1,key2,key3);
+			des_encrypt3(&data[0],key1,key2,key3);
+			des_encrypt3(&data[0],key1,key2,key3);
+			GetTSC(e1);
+			GetTSC(s2);
+			des_encrypt3(&data[0],key1,key2,key3);
+			des_encrypt3(&data[0],key1,key2,key3);
+			des_encrypt3(&data[0],key1,key2,key3);
+			des_encrypt3(&data[0],key1,key2,key3);
+			GetTSC(e2);
+			des_encrypt3(&data[0],key1,key2,key3);
+			}
+
+		printf("des %d %d (%d)\n",
+			e1-s1,e2-s2,((e2-s2)-(e1-s1)));
+		}
+	}
+
diff --git a/crypto/openssl/times/x86/dess.cpp b/crypto/openssl/times/x86/dess.cpp
new file mode 100644
index 000000000000..753e67ad9be2
--- /dev/null
+++ b/crypto/openssl/times/x86/dess.cpp
@@ -0,0 +1,67 @@
+//
+// gettsc.inl
+//
+// gives access to the Pentium's (secret) cycle counter
+//
+// This software was written by Leonard Janke (janke@unixg.ubc.ca)
+// in 1996-7 and is entered, by him, into the public domain.
+
+#if defined(__WATCOMC__)
+void GetTSC(unsigned long&);
+#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
+#elif defined(__GNUC__)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  asm volatile(".byte 15, 49\n\t"
+	       : "=eax" (tsc)
+	       :
+	       : "%edx", "%eax");
+}
+#elif defined(_MSC_VER)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  unsigned long a;
+  __asm _emit 0fh
+  __asm _emit 31h
+  __asm mov a, eax;
+  tsc=a;
+}
+#endif      
+
+#include 
+#include 
+#include 
+
+void main(int argc,char *argv[])
+	{
+	des_key_schedule key;
+	unsigned long s1,s2,e1,e2;
+	unsigned long data[2];
+	int i,j;
+
+	for (j=0; j<6; j++)
+		{
+		for (i=0; i<1000; i++) /**/
+			{
+			des_encrypt(&data[0],key,1);
+			GetTSC(s1);
+			des_encrypt(&data[0],key,1);
+			des_encrypt(&data[0],key,1);
+			des_encrypt(&data[0],key,1);
+			GetTSC(e1);
+			GetTSC(s2);
+			des_encrypt(&data[0],key,1);
+			des_encrypt(&data[0],key,1);
+			des_encrypt(&data[0],key,1);
+			des_encrypt(&data[0],key,1);
+			GetTSC(e2);
+			des_encrypt(&data[0],key,1);
+			}
+
+		printf("des %d %d (%d)\n",
+			e1-s1,e2-s2,((e2-s2)-(e1-s1)));
+		}
+	}
+
diff --git a/crypto/openssl/times/x86/md5s.cpp b/crypto/openssl/times/x86/md5s.cpp
new file mode 100644
index 000000000000..dd343fd4e6ed
--- /dev/null
+++ b/crypto/openssl/times/x86/md5s.cpp
@@ -0,0 +1,78 @@
+//
+// gettsc.inl
+//
+// gives access to the Pentium's (secret) cycle counter
+//
+// This software was written by Leonard Janke (janke@unixg.ubc.ca)
+// in 1996-7 and is entered, by him, into the public domain.
+
+#if defined(__WATCOMC__)
+void GetTSC(unsigned long&);
+#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
+#elif defined(__GNUC__)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  asm volatile(".byte 15, 49\n\t"
+	       : "=eax" (tsc)
+	       :
+	       : "%edx", "%eax");
+}
+#elif defined(_MSC_VER)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  unsigned long a;
+  __asm _emit 0fh
+  __asm _emit 31h
+  __asm mov a, eax;
+  tsc=a;
+}
+#endif      
+
+#include 
+#include 
+#include 
+
+extern "C" {
+void md5_block_x86(MD5_CTX *ctx, unsigned char *buffer,int num);
+}
+
+void main(int argc,char *argv[])
+	{
+	unsigned char buffer[64*256];
+	MD5_CTX ctx;
+	unsigned long s1,s2,e1,e2;
+	unsigned char k[16];
+	unsigned long data[2];
+	unsigned char iv[8];
+	int i,num=0,numm;
+	int j=0;
+
+	if (argc >= 2)
+		num=atoi(argv[1]);
+
+	if (num == 0) num=16;
+	if (num > 250) num=16;
+	numm=num+2;
+	num*=64;
+	numm*=64;
+
+	for (j=0; j<6; j++)
+		{
+		for (i=0; i<10; i++) /**/
+			{
+			md5_block_x86(&ctx,buffer,numm);
+			GetTSC(s1);
+			md5_block_x86(&ctx,buffer,numm);
+			GetTSC(e1);
+			GetTSC(s2);
+			md5_block_x86(&ctx,buffer,num);
+			GetTSC(e2);
+			md5_block_x86(&ctx,buffer,num);
+			}
+		printf("md5 (%d bytes) %d %d (%.2f)\n",num,
+			e1-s1,e2-s2,(double)((e1-s1)-(e2-s2))/2);
+		}
+	}
+
diff --git a/crypto/openssl/times/x86/rc4s.cpp b/crypto/openssl/times/x86/rc4s.cpp
new file mode 100644
index 000000000000..3814fde9972f
--- /dev/null
+++ b/crypto/openssl/times/x86/rc4s.cpp
@@ -0,0 +1,73 @@
+//
+// gettsc.inl
+//
+// gives access to the Pentium's (secret) cycle counter
+//
+// This software was written by Leonard Janke (janke@unixg.ubc.ca)
+// in 1996-7 and is entered, by him, into the public domain.
+
+#if defined(__WATCOMC__)
+void GetTSC(unsigned long&);
+#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
+#elif defined(__GNUC__)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  asm volatile(".byte 15, 49\n\t"
+	       : "=eax" (tsc)
+	       :
+	       : "%edx", "%eax");
+}
+#elif defined(_MSC_VER)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  unsigned long a;
+  __asm _emit 0fh
+  __asm _emit 31h
+  __asm mov a, eax;
+  tsc=a;
+}
+#endif      
+
+#include 
+#include 
+#include 
+
+void main(int argc,char *argv[])
+	{
+	unsigned char buffer[1024];
+	RC4_KEY ctx;
+	unsigned long s1,s2,e1,e2;
+	unsigned char k[16];
+	unsigned long data[2];
+	unsigned char iv[8];
+	int i,num=64,numm;
+	int j=0;
+
+	if (argc >= 2)
+		num=atoi(argv[1]);
+
+	if (num == 0) num=256;
+	if (num > 1024-16) num=1024-16;
+	numm=num+8;
+
+	for (j=0; j<6; j++)
+		{
+		for (i=0; i<10; i++) /**/
+			{
+			RC4(&ctx,numm,buffer,buffer);
+			GetTSC(s1);
+			RC4(&ctx,numm,buffer,buffer);
+			GetTSC(e1);
+			GetTSC(s2);
+			RC4(&ctx,num,buffer,buffer);
+			GetTSC(e2);
+			RC4(&ctx,num,buffer,buffer);
+			}
+
+		printf("RC4 (%d bytes) %d %d (%d) - 8 bytes\n",num,
+			e1-s1,e2-s2,(e1-s1)-(e2-s2));
+		}
+	}
+
diff --git a/crypto/openssl/times/x86/sha1s.cpp b/crypto/openssl/times/x86/sha1s.cpp
new file mode 100644
index 000000000000..3103e1871bbe
--- /dev/null
+++ b/crypto/openssl/times/x86/sha1s.cpp
@@ -0,0 +1,79 @@
+//
+// gettsc.inl
+//
+// gives access to the Pentium's (secret) cycle counter
+//
+// This software was written by Leonard Janke (janke@unixg.ubc.ca)
+// in 1996-7 and is entered, by him, into the public domain.
+
+#if defined(__WATCOMC__)
+void GetTSC(unsigned long&);
+#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
+#elif defined(__GNUC__)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  asm volatile(".byte 15, 49\n\t"
+	       : "=eax" (tsc)
+	       :
+	       : "%edx", "%eax");
+}
+#elif defined(_MSC_VER)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  unsigned long a;
+  __asm _emit 0fh
+  __asm _emit 31h
+  __asm mov a, eax;
+  tsc=a;
+}
+#endif      
+
+#include 
+#include 
+#include 
+
+extern "C" {
+void sha1_block_x86(SHA_CTX *ctx, unsigned char *buffer,int num);
+}
+
+void main(int argc,char *argv[])
+	{
+	unsigned char buffer[64*256];
+	SHA_CTX ctx;
+	unsigned long s1,s2,e1,e2;
+	unsigned char k[16];
+	unsigned long data[2];
+	unsigned char iv[8];
+	int i,num=0,numm;
+	int j=0;
+
+	if (argc >= 2)
+		num=atoi(argv[1]);
+
+	if (num == 0) num=16;
+	if (num > 250) num=16;
+	numm=num+2;
+	num*=64;
+	numm*=64;
+
+	for (j=0; j<6; j++)
+		{
+		for (i=0; i<10; i++) /**/
+			{
+			sha1_block_x86(&ctx,buffer,numm);
+			GetTSC(s1);
+			sha1_block_x86(&ctx,buffer,numm);
+			GetTSC(e1);
+			GetTSC(s2);
+			sha1_block_x86(&ctx,buffer,num);
+			GetTSC(e2);
+			sha1_block_x86(&ctx,buffer,num);
+			}
+
+		printf("sha1 (%d bytes) %d %d (%.2f)\n",num,
+			e1-s1,e2-s2,(double)((e1-s1)-(e2-s2))/2);
+		}
+	}
+
diff --git a/crypto/openssl/tools/Makefile.ssl b/crypto/openssl/tools/Makefile.ssl
new file mode 100644
index 000000000000..7e6285b9117d
--- /dev/null
+++ b/crypto/openssl/tools/Makefile.ssl
@@ -0,0 +1,61 @@
+#
+# SSLeay/tools/Makefile
+#
+
+DIR=	tools
+TOP=	..
+CC=	cc
+INCLUDES= -I.. -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=		make -f Makefile.ssl
+MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+MAKEFILE=	Makefile.ssl
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile.ssl
+TEST=
+APPS= c_rehash
+MISC_APPS= c_hash c_info c_issuer c_name
+
+all:
+
+install:
+	@for i in $(APPS) ; \
+	do  \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i; \
+	chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \
+	done;
+	@for i in $(MISC_APPS) ; \
+	do  \
+	(cp $$i $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i; \
+	chmod 755 $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i ); \
+	done;
+
+files:
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+
+lint:
+
+tags:
+
+errors:
+
+depend:
+
+dclean:
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+errors:
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/openssl/tools/c_hash b/crypto/openssl/tools/c_hash
new file mode 100644
index 000000000000..5e0a9081755d
--- /dev/null
+++ b/crypto/openssl/tools/c_hash
@@ -0,0 +1,9 @@
+#!/bin/sh
+# print out the hash values 
+#
+
+for i in $*
+do
+	h=`openssl x509 -hash -noout -in $i`
+	echo "$h.0 => $i"
+done
diff --git a/crypto/openssl/tools/c_info b/crypto/openssl/tools/c_info
new file mode 100644
index 000000000000..0e1e633b6fb7
--- /dev/null
+++ b/crypto/openssl/tools/c_info
@@ -0,0 +1,12 @@
+#!/bin/sh
+#
+# print the subject
+#
+
+for i in $*
+do
+	n=`openssl x509 -subject -issuer -enddate -noout -in $i`
+	echo "$i"
+	echo "$n"
+	echo "--------"
+done
diff --git a/crypto/openssl/tools/c_issuer b/crypto/openssl/tools/c_issuer
new file mode 100644
index 000000000000..4c691201bb47
--- /dev/null
+++ b/crypto/openssl/tools/c_issuer
@@ -0,0 +1,10 @@
+#!/bin/sh
+#
+# print out the issuer
+#
+
+for i in $*
+do
+	n=`openssl x509 -issuer -noout -in $i`
+	echo "$i\t$n"
+done
diff --git a/crypto/openssl/tools/c_name b/crypto/openssl/tools/c_name
new file mode 100644
index 000000000000..28800c0b30c1
--- /dev/null
+++ b/crypto/openssl/tools/c_name
@@ -0,0 +1,10 @@
+#!/bin/sh
+#
+# print the subject
+#
+
+for i in $*
+do
+	n=`openssl x509 -subject -noout -in $i`
+	echo "$i	$n"
+done
diff --git a/crypto/openssl/tools/c_rehash b/crypto/openssl/tools/c_rehash
new file mode 100644
index 000000000000..cc3b65871f06
--- /dev/null
+++ b/crypto/openssl/tools/c_rehash
@@ -0,0 +1,61 @@
+#!/bin/sh
+#
+# redo the hashes for the certificates in your cert path or the ones passed
+# on the command line.
+#
+
+if [ "$OPENSSL"x = "x" -o ! -x "$OPENSSL" ]; then
+	OPENSSL='openssl'
+	export OPENSSL
+fi
+DIR=/usr/local/ssl
+PATH=$DIR/bin:$PATH
+
+if [ ! -f "$OPENSSL" ]; then
+    found=0
+    for dir in . `echo $PATH | sed -e 's/:/ /g'`; do
+        if [ -f "$dir/$OPENSSL" ]; then
+            found=1
+            break
+        fi
+    done
+    if [ $found = 0 ]; then
+        echo "c_rehash: rehashing skipped ('openssl' program not available)" 1>&2
+        exit 0
+    fi
+fi
+
+SSL_DIR=$DIR/certs
+
+if [ "$*" = "" ]; then
+	CERTS=${*:-${SSL_CERT_DIR:-$SSL_DIR}}
+else
+	CERTS=$*
+fi
+
+IFS=': '
+for i in $CERTS
+do
+  (
+  IFS=' '
+  if [ -d $i -a -w $i ]; then
+    cd $i
+    echo "Doing $i"
+    for i in *.pem
+    do
+      if [ $i != '*.pem' ]; then
+        h=`$OPENSSL x509 -hash -noout -in $i`
+	if [ "x$h" = "x" ]; then
+	  echo $i does not contain a certificate
+	else
+          if [ -f $h.0 ]; then
+            /bin/rm -f $h.0
+          fi
+          echo "$i => $h.0"
+          ln -s $i $h.0
+	fi
+      fi
+    done
+  fi
+  )
+done
diff --git a/crypto/openssl/tools/c_rehash.in b/crypto/openssl/tools/c_rehash.in
new file mode 100644
index 000000000000..cc3b65871f06
--- /dev/null
+++ b/crypto/openssl/tools/c_rehash.in
@@ -0,0 +1,61 @@
+#!/bin/sh
+#
+# redo the hashes for the certificates in your cert path or the ones passed
+# on the command line.
+#
+
+if [ "$OPENSSL"x = "x" -o ! -x "$OPENSSL" ]; then
+	OPENSSL='openssl'
+	export OPENSSL
+fi
+DIR=/usr/local/ssl
+PATH=$DIR/bin:$PATH
+
+if [ ! -f "$OPENSSL" ]; then
+    found=0
+    for dir in . `echo $PATH | sed -e 's/:/ /g'`; do
+        if [ -f "$dir/$OPENSSL" ]; then
+            found=1
+            break
+        fi
+    done
+    if [ $found = 0 ]; then
+        echo "c_rehash: rehashing skipped ('openssl' program not available)" 1>&2
+        exit 0
+    fi
+fi
+
+SSL_DIR=$DIR/certs
+
+if [ "$*" = "" ]; then
+	CERTS=${*:-${SSL_CERT_DIR:-$SSL_DIR}}
+else
+	CERTS=$*
+fi
+
+IFS=': '
+for i in $CERTS
+do
+  (
+  IFS=' '
+  if [ -d $i -a -w $i ]; then
+    cd $i
+    echo "Doing $i"
+    for i in *.pem
+    do
+      if [ $i != '*.pem' ]; then
+        h=`$OPENSSL x509 -hash -noout -in $i`
+	if [ "x$h" = "x" ]; then
+	  echo $i does not contain a certificate
+	else
+          if [ -f $h.0 ]; then
+            /bin/rm -f $h.0
+          fi
+          echo "$i => $h.0"
+          ln -s $i $h.0
+	fi
+      fi
+    done
+  fi
+  )
+done
diff --git a/crypto/openssl/util/FreeBSD.sh b/crypto/openssl/util/FreeBSD.sh
new file mode 100755
index 000000000000..db8edfc6aa28
--- /dev/null
+++ b/crypto/openssl/util/FreeBSD.sh
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+perl util/perlpath.pl /usr/bin
+perl util/ssldir.pl /usr/local  
+perl util/mk1mf.pl FreeBSD >Makefile.FreeBSD
+perl Configure FreeBSD
diff --git a/crypto/openssl/util/add_cr.pl b/crypto/openssl/util/add_cr.pl
new file mode 100755
index 000000000000..c7b62c11ec96
--- /dev/null
+++ b/crypto/openssl/util/add_cr.pl
@@ -0,0 +1,123 @@
+#!/usr/local/bin/perl
+#
+# This adds a copyright message to a souce code file.
+# It also gets the file name correct.
+#
+# perl util/add_cr.pl *.[ch] */*.[ch] */*/*.[ch]
+#
+
+foreach (@ARGV)
+	{
+	&dofile($_);
+	}
+
+sub dofile
+	{
+	local($file)=@_;
+
+	open(IN,"<$file") || die "unable to open $file:$!\n";
+
+	print STDERR "doing $file\n";
+	@in=;
+
+	return(1) if ($in[0] =~ / NOCW /);
+
+	@out=();
+	open(OUT,">$file.out") || die "unable to open $file.$$:$!\n";
+	push(@out,"/* $file */\n");
+	if (($in[1] !~ /^\/\* Copyright \(C\) [0-9-]+ Eric Young \(eay\@cryptsoft.com\)/))
+		{
+		push(@out,&Copyright);
+		$i=2;
+		@a=grep(/ Copyright \(C\) /,@in);
+		if ($#a >= 0)
+			{
+			while (($i <= $#in) && ($in[$i] ne " */\n"))
+				{ $i++; }
+			$i++ if ($in[$i] eq " */\n");
+
+			while (($i <= $#in) && ($in[$i] =~ /^\s*$/))
+				{ $i++; }
+
+			push(@out,"\n");
+			for ( ; $i <= $#in; $i++)
+				{ push(@out,$in[$i]); }
+			}
+		else
+			{ push(@out,@in); }
+		}
+	else
+		{
+		shift(@in);
+		push(@out,@in);
+		}
+	print OUT @out;
+	close(IN);
+	close(OUT);
+	rename("$file","$file.orig") || die "unable to rename $file:$!\n";
+	rename("$file.out",$file) || die "unable to rename $file.out:$!\n";
+	}
+
+
+
+sub Copyright
+	{
+	return <<'EOF';
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+EOF
+	}
diff --git a/crypto/openssl/util/bat.sh b/crypto/openssl/util/bat.sh
new file mode 100755
index 000000000000..c6f48e8a7b15
--- /dev/null
+++ b/crypto/openssl/util/bat.sh
@@ -0,0 +1,132 @@
+#!/usr/local/bin/perl
+
+$infile="/home/eay/ssl/SSLeay/MINFO";
+
+open(IN,"<$infile") || die "unable to open $infile:$!\n";
+$_=;
+for (;;)
+	{
+	chop;
+
+	($key,$val)=/^([^=]+)=(.*)/;
+	if ($key eq "RELATIVE_DIRECTORY")
+		{
+		if ($lib ne "")
+			{
+			$uc=$lib;
+			$uc =~ s/^lib(.*)\.a/$1/;
+			$uc =~ tr/a-z/A-Z/;
+			$lib_nam{$uc}=$uc;
+			$lib_obj{$uc}.=$libobj." ";
+			}
+		last if ($val eq "FINISHED");
+		$lib="";
+		$libobj="";
+		$dir=$val;
+		}
+
+	if ($key eq "TEST")
+		{ $test.=&var_add($dir,$val); }
+
+	if (($key eq "PROGS") || ($key eq "E_OBJ"))
+		{ $e_exe.=&var_add($dir,$val); }
+
+	if ($key eq "LIB")
+		{
+		$lib=$val;
+		$lib =~ s/^.*\/([^\/]+)$/$1/;
+		}
+
+	if ($key eq "EXHEADER")
+		{ $exheader.=&var_add($dir,$val); }
+
+	if ($key eq "HEADER")
+		{ $header.=&var_add($dir,$val); }
+
+	if ($key eq "LIBSRC")
+		{ $libsrc.=&var_add($dir,$val); }
+
+	if (!($_=))
+		{ $_="RELATIVE_DIRECTORY=FINISHED\n"; }
+	}
+close(IN);
+
+@a=split(/\s+/,$libsrc);
+foreach (@a)
+	{
+	print "${_}.c\n";
+	}
+
+sub var_add
+	{
+	local($dir,$val)=@_;
+	local(@a,$_,$ret);
+
+	return("") if $no_idea && $dir =~ /\/idea/;
+	return("") if $no_rc2  && $dir =~ /\/rc2/;
+	return("") if $no_rc4  && $dir =~ /\/rc4/;
+	return("") if $no_rsa  && $dir =~ /\/rsa/;
+	return("") if $no_rsa  && $dir =~ /^rsaref/;
+	return("") if $no_dsa  && $dir =~ /\/dsa/;
+	return("") if $no_dh   && $dir =~ /\/dh/;
+	if ($no_des && $dir =~ /\/des/)
+		{
+		if ($val =~ /read_pwd/)
+			{ return("$dir/read_pwd "); }
+		else
+			{ return(""); }
+		}
+	return("") if $no_mdc2 && $dir =~ /\/mdc2/;
+	return("") if $no_sock && $dir =~ /\/proxy/;
+	return("") if $no_bf   && $dir =~ /\/bf/;
+	return("") if $no_cast && $dir =~ /\/cast/;
+
+	$val =~ s/^\s*(.*)\s*$/$1/;
+	@a=split(/\s+/,$val);
+	grep(s/\.[och]$//,@a);
+
+	@a=grep(!/^e_.*_3d$/,@a) if $no_des;
+	@a=grep(!/^e_.*_d$/,@a) if $no_des;
+	@a=grep(!/^e_.*_i$/,@a) if $no_idea;
+	@a=grep(!/^e_.*_r2$/,@a) if $no_rc2;
+	@a=grep(!/^e_.*_bf$/,@a) if $no_bf;
+	@a=grep(!/^e_.*_c$/,@a) if $no_cast;
+	@a=grep(!/^e_rc4$/,@a) if $no_rc4;
+
+	@a=grep(!/(^s2_)|(^s23_)/,@a) if $no_ssl2;
+	@a=grep(!/(^s3_)|(^s23_)/,@a) if $no_ssl3;
+
+	@a=grep(!/(_sock$)|(_acpt$)|(_conn$)|(^pxy_)/,@a) if $no_sock;
+
+	@a=grep(!/(^md2)|(_md2$)/,@a) if $no_md2;
+	@a=grep(!/(^md5)|(_md5$)/,@a) if $no_md5;
+
+	@a=grep(!/(^d2i_r_)|(^i2d_r_)/,@a) if $no_rsa;
+	@a=grep(!/(^p_open$)|(^p_seal$)/,@a) if $no_rsa;
+	@a=grep(!/(^pem_seal$)/,@a) if $no_rsa;
+
+	@a=grep(!/(m_dss$)|(m_dss1$)/,@a) if $no_dsa;
+	@a=grep(!/(^d2i_s_)|(^i2d_s_)|(_dsap$)/,@a) if $no_dsa;
+
+	@a=grep(!/^n_pkey$/,@a) if $no_rsa || $no_rc4;
+
+	@a=grep(!/_dhp$/,@a) if $no_dh;
+
+	@a=grep(!/(^sha[^1])|(_sha$)|(m_dss$)/,@a) if $no_sha;
+	@a=grep(!/(^sha1)|(_sha1$)|(m_dss1$)/,@a) if $no_sha1;
+	@a=grep(!/_mdc2$/,@a) if $no_mdc2;
+
+	@a=grep(!/(^rsa$)|(^genrsa$)|(^req$)|(^ca$)/,@a) if $no_rsa;
+	@a=grep(!/(^dsa$)|(^gendsa$)|(^dsaparam$)/,@a) if $no_dsa;
+	@a=grep(!/^gendsa$/,@a) if $no_sha1;
+	@a=grep(!/(^dh$)|(^gendh$)/,@a) if $no_dh;
+
+	@a=grep(!/(^dh)|(_sha1$)|(m_dss1$)/,@a) if $no_sha1;
+
+	grep($_="$dir/$_",@a);
+	@a=grep(!/(^|\/)s_/,@a) if $no_sock;
+	@a=grep(!/(^|\/)bio_sock/,@a) if $no_sock;
+	$ret=join(' ',@a)." ";
+	return($ret);
+	}
+
diff --git a/crypto/openssl/util/ck_errf.pl b/crypto/openssl/util/ck_errf.pl
new file mode 100755
index 000000000000..7a24d6c5a2e2
--- /dev/null
+++ b/crypto/openssl/util/ck_errf.pl
@@ -0,0 +1,45 @@
+#!/usr/local/bin/perl
+#
+# This is just a quick script to scan for cases where the 'error'
+# function name in a XXXerr() macro is wrong.
+# 
+# Run in the top level by going
+# perl util/ck_errf.pl */*.c */*/*.c
+#
+
+foreach $file (@ARGV)
+	{
+	open(IN,"<$file") || die "unable to open $file\n";
+	$func="";
+	while ()
+		{
+		if (/^[a-zA-Z].+[\s*]([A-Za-z_0-9]+)\(.*\)/)
+			{
+			$func=$1;
+			$func =~ tr/A-Z/a-z/;
+			}
+		if (/([A-Z0-9]+)err\(([^,]+)/)
+			{
+			next if ($func eq "");
+			$errlib=$1;
+			$n=$2;
+			if ($n !~ /([^_]+)_F_(.+)$/)
+				{
+		#		print "check -$file:$.:$func:$n\n";
+				next;
+				}
+			$lib=$1;
+			$n=$2;
+
+			if ($lib ne $errlib)
+				{ print "$file:$.:$func:$n\n"; next; }
+
+			$n =~ tr/A-Z/a-z/;
+			if (($n ne $func) && ($errlib ne "SYS"))
+				{ print "$file:$.:$func:$n\n"; next; }
+	#		print "$func:$1\n";
+			}
+		}
+	close(IN);
+        }
+
diff --git a/crypto/openssl/util/clean-depend.pl b/crypto/openssl/util/clean-depend.pl
new file mode 100755
index 000000000000..af676af75145
--- /dev/null
+++ b/crypto/openssl/util/clean-depend.pl
@@ -0,0 +1,38 @@
+#!/usr/local/bin/perl -w
+# Clean the dependency list in a makefile of standard includes...
+# Written by Ben Laurie  19 Jan 1999
+
+use strict;
+
+while() {
+    print;
+    last if /^# DO NOT DELETE THIS LINE/;
+}
+
+my %files;
+
+while() {
+    my ($file,$deps)=/^(.*): (.*)$/;
+    next if !defined $deps;
+    my @deps=split ' ',$deps;
+    @deps=grep(!/^\/usr\/include/,@deps);
+    @deps=grep(!/^\/usr\/lib\/gcc-lib/,@deps);
+    push @{$files{$file}},@deps;
+}
+
+my $file;
+foreach $file (sort keys %files) {
+    my $len=0;
+    my $dep;
+    foreach $dep (sort @{$files{$file}}) {
+	$len=0 if $len+length($dep)+1 >= 80;
+	if($len == 0) {
+	    print "\n$file:";
+	    $len=length($file)+1;
+	}
+	print " $dep";
+	$len+=length($dep)+1;
+    }
+}
+
+print "\n";
diff --git a/crypto/openssl/util/deleof.pl b/crypto/openssl/util/deleof.pl
new file mode 100755
index 000000000000..155acd88ff13
--- /dev/null
+++ b/crypto/openssl/util/deleof.pl
@@ -0,0 +1,7 @@
+#!/usr/local/bin/perl
+
+while (<>)
+	{
+	print
+	last if (/^# DO NOT DELETE THIS LINE/);
+	}
diff --git a/crypto/openssl/util/do_ms.sh b/crypto/openssl/util/do_ms.sh
new file mode 100755
index 000000000000..515b074cffbc
--- /dev/null
+++ b/crypto/openssl/util/do_ms.sh
@@ -0,0 +1,19 @@
+#!/bin/sh
+#
+# generate the Microsoft makefiles and .def files
+#
+
+PATH=util:../util:$PATH
+
+# perl util/mk1mf.pl no-sock VC-MSDOS >ms/msdos.mak
+# perl util/mk1mf.pl VC-W31-32 >ms/w31.mak
+perl util/mk1mf.pl dll VC-WIN16 >ms/w31dll.mak
+# perl util/mk1mf.pl VC-WIN32 >ms/nt.mak
+perl util/mk1mf.pl dll VC-WIN32 >ms/ntdll.mak
+perl util/mk1mf.pl Mingw32 >ms/mingw32.mak
+perl util/mk1mf.pl Mingw32-files >ms/mingw32f.mak
+
+perl util/mkdef.pl 16 libeay > ms/libeay16.def
+perl util/mkdef.pl 32 libeay > ms/libeay32.def
+perl util/mkdef.pl 16 ssleay > ms/ssleay16.def
+perl util/mkdef.pl 32 ssleay > ms/ssleay32.def
diff --git a/crypto/openssl/util/domd b/crypto/openssl/util/domd
new file mode 100755
index 000000000000..324051f60b25
--- /dev/null
+++ b/crypto/openssl/util/domd
@@ -0,0 +1,11 @@
+#!/bin/sh
+# Do a makedepend, only leave out the standard headers
+# Written by Ben Laurie  19 Jan 1999
+
+TOP=$1
+shift
+
+cp Makefile.ssl Makefile.save
+makedepend -f Makefile.ssl $@
+$TOP/util/clean-depend.pl < Makefile.ssl > Makefile.new
+mv Makefile.new Makefile.ssl
diff --git a/crypto/openssl/util/err-ins.pl b/crypto/openssl/util/err-ins.pl
new file mode 100755
index 000000000000..31b70df8d0e2
--- /dev/null
+++ b/crypto/openssl/util/err-ins.pl
@@ -0,0 +1,33 @@
+#!/usr/local/bin/perl
+#
+# tack error codes onto the end of a file
+#
+
+open(ERR,$ARGV[0]) || die "unable to open error file '$ARGV[0]':$!\n";
+@err=;
+close(ERR);
+
+open(IN,$ARGV[1]) || die "unable to open header file '$ARGV[1]':$!\n";
+
+@out="";
+while ()
+	{
+	push(@out,$_);
+	last if /BEGIN ERROR CODES/;
+	}
+close(IN);
+
+open(OUT,">$ARGV[1]") || die "unable to open header file '$ARGV[1]':$1\n";
+print OUT @out;
+print OUT @err;
+print OUT <<"EOF";
+ 
+#ifdef  __cplusplus
+}
+#endif
+#endif
+
+EOF
+close(OUT);
+
+
diff --git a/crypto/openssl/util/files.pl b/crypto/openssl/util/files.pl
new file mode 100755
index 000000000000..41f033e3b9aa
--- /dev/null
+++ b/crypto/openssl/util/files.pl
@@ -0,0 +1,61 @@
+#!/usr/local/bin/perl
+#
+# used to generate the file MINFO for use by util/mk1mf.pl
+# It is basically a list of all variables from the passed makefile
+#
+
+$s="";
+while (<>)
+	{
+	chop;
+	s/#.*//;
+	if (/^(\S+)\s*=\s*(.*)$/)
+		{
+		$o="";
+		($s,$b)=($1,$2);
+		for (;;)
+			{
+			if ($b =~ /\\$/)
+				{
+				chop($b);
+				$o.=$b." ";
+				$b=<>;
+				chop($b);
+				}
+			else
+				{
+				$o.=$b." ";
+				last;
+				}
+			}
+		$o =~ s/^\s+//;
+		$o =~ s/\s+$//;
+		$o =~ s/\s+/ /g;
+
+		$o =~ s/\$[({]([^)}]+)[)}]/$sym{$1}/g;
+		$sym{$s}=$o;
+		}
+	}
+
+$pwd=`pwd`; chop($pwd);
+
+if ($sym{'TOP'} eq ".")
+	{
+	$n=0;
+	$dir=".";
+	}
+else	{
+	$n=split(/\//,$sym{'TOP'});
+	@_=split(/\//,$pwd);
+	$z=$#_-$n+1;
+	foreach $i ($z .. $#_) { $dir.=$_[$i]."/"; }
+	chop($dir);
+	}
+
+print "RELATIVE_DIRECTORY=$dir\n";
+
+foreach (sort keys %sym)
+	{
+	print "$_=$sym{$_}\n";
+	}
+print "RELATIVE_DIRECTORY=\n";
diff --git a/crypto/openssl/util/fixNT.sh b/crypto/openssl/util/fixNT.sh
new file mode 100755
index 000000000000..ce4f19299ba5
--- /dev/null
+++ b/crypto/openssl/util/fixNT.sh
@@ -0,0 +1,14 @@
+#!/bin/sh
+#
+# clean up the mess that NT makes of my source tree
+#
+
+if [ -f makefile.ssl -a ! -f Makefile.ssl ]; then
+	/bin/mv makefile.ssl Makefile.ssl
+fi
+chmod +x Configure util/*
+echo cleaning
+/bin/rm -f `find . -name '*.$$$' -print` 2>/dev/null >/dev/null
+echo 'removing those damn ^M'
+perl -pi -e 's/\015//' `find . -type 'f' -print |grep -v '.obj$' |grep -v '.der$' |grep -v '.gz'`
+make -f Makefile.ssl links
diff --git a/crypto/openssl/util/install.sh b/crypto/openssl/util/install.sh
new file mode 100755
index 000000000000..e1d0c982df50
--- /dev/null
+++ b/crypto/openssl/util/install.sh
@@ -0,0 +1,108 @@
+#!/bin/sh
+#
+# install - install a program, script, or datafile
+# This comes from X11R5; it is not part of GNU.
+#
+# $XConsortium: install.sh,v 1.2 89/12/18 14:47:22 jim Exp $
+#
+# This script is compatible with the BSD install script, but was written
+# from scratch.
+#
+
+
+# set DOITPROG to echo to test this script
+
+doit="${DOITPROG:-}"
+
+
+# put in absolute paths if you don't have them in your path; or use env. vars.
+
+mvprog="${MVPROG:-mv}"
+cpprog="${CPPROG:-cp}"
+chmodprog="${CHMODPROG:-chmod}"
+chownprog="${CHOWNPROG:-chown}"
+chgrpprog="${CHGRPPROG:-chgrp}"
+stripprog="${STRIPPROG:-strip}"
+rmprog="${RMPROG:-rm}"
+
+instcmd="$mvprog"
+chmodcmd=""
+chowncmd=""
+chgrpcmd=""
+stripcmd=""
+rmcmd="$rmprog -f"
+src=""
+dst=""
+
+while [ x"$1" != x ]; do
+    case $1 in
+	-c) instcmd="$cpprog"
+	    shift
+	    continue;;
+
+	-m) chmodcmd="$chmodprog $2"
+	    shift
+	    shift
+	    continue;;
+
+	-o) chowncmd="$chownprog $2"
+	    shift
+	    shift
+	    continue;;
+
+	-g) chgrpcmd="$chgrpprog $2"
+	    shift
+	    shift
+	    continue;;
+
+	-s) stripcmd="$stripprog"
+	    shift
+	    continue;;
+
+	*)  if [ x"$src" = x ]
+	    then
+		src=$1
+	    else
+		dst=$1
+	    fi
+	    shift
+	    continue;;
+    esac
+done
+
+if [ x"$src" = x ]
+then
+	echo "install:  no input file specified"
+	exit 1
+fi
+
+if [ x"$dst" = x ]
+then
+	echo "install:  no destination specified"
+	exit 1
+fi
+
+
+# if destination is a directory, append the input filename; if your system
+# does not like double slashes in filenames, you may need to add some logic
+
+if [ -d $dst ]
+then
+	dst="$dst"/`basename $src`
+fi
+
+
+# get rid of the old one and mode the new one in
+
+$doit $rmcmd $dst
+$doit $instcmd $src $dst
+
+
+# and set any options; do chmod last to preserve setuid bits
+
+if [ x"$chowncmd" != x ]; then $doit $chowncmd $dst; fi
+if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dst; fi
+if [ x"$stripcmd" != x ]; then $doit $stripcmd $dst; fi
+if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dst; fi
+
+exit 0
diff --git a/crypto/openssl/util/libeay.num b/crypto/openssl/util/libeay.num
new file mode 100755
index 000000000000..59c2040a29df
--- /dev/null
+++ b/crypto/openssl/util/libeay.num
@@ -0,0 +1,1846 @@
+SSLeay					1
+SSLeay_version				2
+ASN1_BIT_STRING_asn1_meth		3
+ASN1_HEADER_free			4
+ASN1_HEADER_new				5
+ASN1_IA5STRING_asn1_meth		6
+ASN1_INTEGER_get			7
+ASN1_INTEGER_set			8
+ASN1_INTEGER_to_BN			9
+ASN1_OBJECT_create			10
+ASN1_OBJECT_free			11
+ASN1_OBJECT_new				12
+ASN1_PRINTABLE_type			13
+ASN1_STRING_cmp				14
+ASN1_STRING_dup				15
+ASN1_STRING_free			16
+ASN1_STRING_new				17
+ASN1_STRING_print			18
+ASN1_STRING_set				19
+ASN1_STRING_type_new			20
+ASN1_TYPE_free				21
+ASN1_TYPE_new				22
+ASN1_UNIVERSALSTRING_to_string		23
+ASN1_UTCTIME_check			24
+ASN1_UTCTIME_print			25
+ASN1_UTCTIME_set			26
+ASN1_check_infinite_end			27
+ASN1_d2i_bio				28
+ASN1_d2i_fp				29
+ASN1_digest				30
+ASN1_dup				31
+ASN1_get_object				32
+ASN1_i2d_bio				33
+ASN1_i2d_fp				34
+ASN1_object_size			35
+ASN1_parse				36
+ASN1_put_object				37
+ASN1_sign				38
+ASN1_verify				39
+BF_cbc_encrypt				40
+BF_cfb64_encrypt			41
+BF_ecb_encrypt				42
+BF_encrypt				43
+BF_ofb64_encrypt			44
+BF_options				45
+BF_set_key				46
+BIO_CONNECT_free			47
+BIO_CONNECT_new				48
+BIO_accept				51
+BIO_ctrl				52
+BIO_int_ctrl				53
+BIO_debug_callback			54
+BIO_dump				55
+BIO_dup_chain				56
+BIO_f_base64				57
+BIO_f_buffer				58
+BIO_f_cipher				59
+BIO_f_md				60
+BIO_f_null				61
+BIO_f_proxy_server			62
+BIO_fd_non_fatal_error			63
+BIO_fd_should_retry			64
+BIO_find_type				65
+BIO_free				66
+BIO_free_all				67
+BIO_get_accept_socket			69
+BIO_get_filter_bio			70
+BIO_get_host_ip				71
+BIO_get_port				72
+BIO_get_retry_BIO			73
+BIO_get_retry_reason			74
+BIO_gethostbyname			75
+BIO_gets				76
+BIO_new					78
+BIO_new_accept				79
+BIO_new_connect				80
+BIO_new_fd				81
+BIO_new_file				82
+BIO_new_fp				83
+BIO_new_socket				84
+BIO_pop					85
+BIO_printf				86
+BIO_push				87
+BIO_puts				88
+BIO_read				89
+BIO_s_accept				90
+BIO_s_connect				91
+BIO_s_fd				92
+BIO_s_file				93
+BIO_s_mem				95
+BIO_s_null				96
+BIO_s_proxy_client			97
+BIO_s_socket				98
+BIO_set					100
+BIO_set_cipher				101
+BIO_set_tcp_ndelay			102
+BIO_sock_cleanup			103
+BIO_sock_error				104
+BIO_sock_init				105
+BIO_sock_non_fatal_error		106
+BIO_sock_should_retry			107
+BIO_socket_ioctl			108
+BIO_write				109
+BN_CTX_free				110
+BN_CTX_new				111
+BN_MONT_CTX_free			112
+BN_MONT_CTX_new				113
+BN_MONT_CTX_set				114
+BN_add					115
+BN_add_word				116
+BN_hex2bn				117
+BN_bin2bn				118
+BN_bn2hex				119
+BN_bn2bin				120
+BN_clear				121
+BN_clear_bit				122
+BN_clear_free				123
+BN_cmp					124
+BN_copy					125
+BN_div					126
+BN_div_word				127
+BN_dup					128
+BN_free					129
+BN_from_montgomery			130
+BN_gcd					131
+BN_generate_prime			132
+BN_get_word				133
+BN_is_bit_set				134
+BN_is_prime				135
+BN_lshift				136
+BN_lshift1				137
+BN_mask_bits				138
+BN_mod					139
+BN_mod_exp				140
+BN_mod_exp_mont				141
+BN_mod_exp_recp				142
+BN_mod_exp_simple			143
+BN_mod_inverse				144
+BN_mod_mul				145
+BN_mod_mul_montgomery			146
+BN_mod_mul_reciprocal			147
+BN_mod_word				148
+BN_mul					149
+BN_new					150
+BN_num_bits				151
+BN_num_bits_word			152
+BN_options				153
+BN_print				154
+BN_print_fp				155
+BN_rand					156
+BN_reciprocal				157
+BN_rshift				158
+BN_rshift1				159
+BN_set_bit				160
+BN_set_word				161
+BN_sqr					162
+BN_sub					163
+BN_to_ASN1_INTEGER			164
+BN_ucmp					165
+BN_value_one				166
+BUF_MEM_free				167
+BUF_MEM_grow				168
+BUF_MEM_new				169
+BUF_strdup				170
+CONF_free				171
+CONF_get_number				172
+CONF_get_section			173
+CONF_get_string				174
+CONF_load				175
+CRYPTO_add_lock				176
+CRYPTO_dbg_free				177
+CRYPTO_dbg_malloc			178
+CRYPTO_dbg_realloc			179
+CRYPTO_dbg_remalloc			180
+CRYPTO_free				181
+CRYPTO_get_add_lock_callback		182
+CRYPTO_get_id_callback			183
+CRYPTO_get_lock_name			184
+CRYPTO_get_locking_callback		185
+CRYPTO_get_mem_functions		186
+CRYPTO_lock				187
+CRYPTO_malloc				188
+CRYPTO_mem_ctrl				189
+CRYPTO_mem_leaks			190
+CRYPTO_mem_leaks_cb			191
+CRYPTO_mem_leaks_fp			192
+CRYPTO_realloc				193
+CRYPTO_remalloc				194
+CRYPTO_set_add_lock_callback		195
+CRYPTO_set_id_callback			196
+CRYPTO_set_locking_callback		197
+CRYPTO_set_mem_functions		198
+CRYPTO_thread_id			199
+DH_check				200
+DH_compute_key				201
+DH_free					202
+DH_generate_key				203
+DH_generate_parameters			204
+DH_new					205
+DH_size					206
+DHparams_print				207
+DHparams_print_fp			208
+DSA_free				209
+DSA_generate_key			210
+DSA_generate_parameters			211
+DSA_is_prime				212
+DSA_new					213
+DSA_print				214
+DSA_print_fp				215
+DSA_sign				216
+DSA_sign_setup				217
+DSA_size				218
+DSA_verify				219
+DSAparams_print				220
+DSAparams_print_fp			221
+ERR_clear_error				222
+ERR_error_string			223
+ERR_free_strings			224
+ERR_func_error_string			225
+ERR_get_err_state_table			226
+ERR_get_error				227
+ERR_get_error_line			228
+ERR_get_state				229
+ERR_get_string_table			230
+ERR_lib_error_string			231
+ERR_load_ASN1_strings			232
+ERR_load_BIO_strings			233
+ERR_load_BN_strings			234
+ERR_load_BUF_strings			235
+ERR_load_CONF_strings			236
+ERR_load_DH_strings			237
+ERR_load_DSA_strings			238
+ERR_load_ERR_strings			239
+ERR_load_EVP_strings			240
+ERR_load_OBJ_strings			241
+ERR_load_PEM_strings			242
+ERR_load_PROXY_strings			243
+ERR_load_RSA_strings			244
+ERR_load_X509_strings			245
+ERR_load_crypto_strings			246
+ERR_load_strings			247
+ERR_peek_error				248
+ERR_peek_error_line			249
+ERR_print_errors			250
+ERR_print_errors_fp			251
+ERR_put_error				252
+ERR_reason_error_string			253
+ERR_remove_state			254
+EVP_BytesToKey				255
+EVP_CIPHER_CTX_cleanup			256
+EVP_CipherFinal				257
+EVP_CipherInit				258
+EVP_CipherUpdate			259
+EVP_DecodeBlock				260
+EVP_DecodeFinal				261
+EVP_DecodeInit				262
+EVP_DecodeUpdate			263
+EVP_DecryptFinal			264
+EVP_DecryptInit				265
+EVP_DecryptUpdate			266
+EVP_DigestFinal				267
+EVP_DigestInit				268
+EVP_DigestUpdate			269
+EVP_EncodeBlock				270
+EVP_EncodeFinal				271
+EVP_EncodeInit				272
+EVP_EncodeUpdate			273
+EVP_EncryptFinal			274
+EVP_EncryptInit				275
+EVP_EncryptUpdate			276
+EVP_OpenFinal				277
+EVP_OpenInit				278
+EVP_PKEY_assign				279
+EVP_PKEY_copy_parameters		280
+EVP_PKEY_free				281
+EVP_PKEY_missing_parameters		282
+EVP_PKEY_new				283
+EVP_PKEY_save_parameters		284
+EVP_PKEY_size				285
+EVP_PKEY_type				286
+EVP_SealFinal				287
+EVP_SealInit				288
+EVP_SignFinal				289
+EVP_VerifyFinal				290
+EVP_add_alias				291
+EVP_add_cipher				292
+EVP_add_digest				293
+EVP_bf_cbc				294
+EVP_bf_cfb				295
+EVP_bf_ecb				296
+EVP_bf_ofb				297
+EVP_cleanup				298
+EVP_des_cbc				299
+EVP_des_cfb				300
+EVP_des_ecb				301
+EVP_des_ede				302
+EVP_des_ede3				303
+EVP_des_ede3_cbc			304
+EVP_des_ede3_cfb			305
+EVP_des_ede3_ofb			306
+EVP_des_ede_cbc				307
+EVP_des_ede_cfb				308
+EVP_des_ede_ofb				309
+EVP_des_ofb				310
+EVP_desx_cbc				311
+EVP_dss					312
+EVP_dss1				313
+EVP_enc_null				314
+EVP_get_cipherbyname			315
+EVP_get_digestbyname			316
+EVP_get_pw_prompt			317
+EVP_idea_cbc				318
+EVP_idea_cfb				319
+EVP_idea_ecb				320
+EVP_idea_ofb				321
+EVP_md2					322
+EVP_md5					323
+EVP_md_null				324
+EVP_rc2_cbc				325
+EVP_rc2_cfb				326
+EVP_rc2_ecb				327
+EVP_rc2_ofb				328
+EVP_rc4					329
+EVP_read_pw_string			330
+EVP_set_pw_prompt			331
+EVP_sha					332
+EVP_sha1				333
+MD2					334
+MD2_Final				335
+MD2_Init				336
+MD2_Update				337
+MD2_options				338
+MD5					339
+MD5_Final				340
+MD5_Init				341
+MD5_Update				342
+MDC2					343
+MDC2_Final				344
+MDC2_Init				345
+MDC2_Update				346
+NETSCAPE_SPKAC_free			347
+NETSCAPE_SPKAC_new			348
+NETSCAPE_SPKI_free			349
+NETSCAPE_SPKI_new			350
+NETSCAPE_SPKI_sign			351
+NETSCAPE_SPKI_verify			352
+OBJ_add_object				353
+OBJ_bsearch				354
+OBJ_cleanup				355
+OBJ_cmp					356
+OBJ_create				357
+OBJ_dup					358
+OBJ_ln2nid				359
+OBJ_new_nid				360
+OBJ_nid2ln				361
+OBJ_nid2obj				362
+OBJ_nid2sn				363
+OBJ_obj2nid				364
+OBJ_sn2nid				365
+OBJ_txt2nid				366
+PEM_ASN1_read				367
+PEM_ASN1_read_bio			368
+PEM_ASN1_write				369
+PEM_ASN1_write_bio			370
+PEM_SealFinal				371
+PEM_SealInit				372
+PEM_SealUpdate				373
+PEM_SignFinal				374
+PEM_SignInit				375
+PEM_SignUpdate				376
+PEM_X509_INFO_read			377
+PEM_X509_INFO_read_bio			378
+PEM_X509_INFO_write_bio			379
+PEM_dek_info				380
+PEM_do_header				381
+PEM_get_EVP_CIPHER_INFO			382
+PEM_proc_type				383
+PEM_read				384
+PEM_read_DHparams			385
+PEM_read_DSAPrivateKey			386
+PEM_read_DSAparams			387
+PEM_read_PKCS7				388
+PEM_read_PrivateKey			389
+PEM_read_RSAPrivateKey			390
+PEM_read_X509				391
+PEM_read_X509_CRL			392
+PEM_read_X509_REQ			393
+PEM_read_bio				394
+PEM_read_bio_DHparams			395
+PEM_read_bio_DSAPrivateKey		396
+PEM_read_bio_DSAparams			397
+PEM_read_bio_PKCS7			398
+PEM_read_bio_PrivateKey			399
+PEM_read_bio_RSAPrivateKey		400
+PEM_read_bio_X509			401
+PEM_read_bio_X509_CRL			402
+PEM_read_bio_X509_REQ			403
+PEM_write				404
+PEM_write_DHparams			405
+PEM_write_DSAPrivateKey			406
+PEM_write_DSAparams			407
+PEM_write_PKCS7				408
+PEM_write_PrivateKey			409
+PEM_write_RSAPrivateKey			410
+PEM_write_X509				411
+PEM_write_X509_CRL			412
+PEM_write_X509_REQ			413
+PEM_write_bio				414
+PEM_write_bio_DHparams			415
+PEM_write_bio_DSAPrivateKey		416
+PEM_write_bio_DSAparams			417
+PEM_write_bio_PKCS7			418
+PEM_write_bio_PrivateKey		419
+PEM_write_bio_RSAPrivateKey		420
+PEM_write_bio_X509			421
+PEM_write_bio_X509_CRL			422
+PEM_write_bio_X509_REQ			423
+PKCS7_DIGEST_free			424
+PKCS7_DIGEST_new			425
+PKCS7_ENCRYPT_free			426
+PKCS7_ENCRYPT_new			427
+PKCS7_ENC_CONTENT_free			428
+PKCS7_ENC_CONTENT_new			429
+PKCS7_ENVELOPE_free			430
+PKCS7_ENVELOPE_new			431
+PKCS7_ISSUER_AND_SERIAL_digest		432
+PKCS7_ISSUER_AND_SERIAL_free		433
+PKCS7_ISSUER_AND_SERIAL_new		434
+PKCS7_RECIP_INFO_free			435
+PKCS7_RECIP_INFO_new			436
+PKCS7_SIGNED_free			437
+PKCS7_SIGNED_new			438
+PKCS7_SIGNER_INFO_free			439
+PKCS7_SIGNER_INFO_new			440
+PKCS7_SIGN_ENVELOPE_free		441
+PKCS7_SIGN_ENVELOPE_new			442
+PKCS7_dup				443
+PKCS7_free				444
+PKCS7_new				445
+PROXY_ENTRY_add_noproxy			446
+PROXY_ENTRY_clear_noproxy		447
+PROXY_ENTRY_free			448
+PROXY_ENTRY_get_noproxy			449
+PROXY_ENTRY_new				450
+PROXY_ENTRY_set_server			451
+PROXY_add_noproxy			452
+PROXY_add_server			453
+PROXY_check_by_host			454
+PROXY_check_url				455
+PROXY_clear_noproxy			456
+PROXY_free				457
+PROXY_get_noproxy			458
+PROXY_get_proxies			459
+PROXY_get_proxy_entry			460
+PROXY_load_conf				461
+PROXY_new				462
+PROXY_print				463
+RAND_bytes				464
+RAND_cleanup				465
+RAND_file_name				466
+RAND_load_file				467
+RAND_screen				468
+RAND_seed				469
+RAND_write_file				470
+RC2_cbc_encrypt				471
+RC2_cfb64_encrypt			472
+RC2_ecb_encrypt				473
+RC2_encrypt				474
+RC2_ofb64_encrypt			475
+RC2_set_key				476
+RC4					477
+RC4_options				478
+RC4_set_key				479
+RSAPrivateKey_asn1_meth			480
+RSAPrivateKey_dup			481
+RSAPublicKey_dup			482
+RSA_PKCS1_SSLeay			483
+RSA_free				484
+RSA_generate_key			485
+RSA_new					486
+RSA_new_method				487
+RSA_print				488
+RSA_print_fp				489
+RSA_private_decrypt			490
+RSA_private_encrypt			491
+RSA_public_decrypt			492
+RSA_public_encrypt			493
+RSA_set_default_method			494
+RSA_sign				495
+RSA_sign_ASN1_OCTET_STRING		496
+RSA_size				497
+RSA_verify				498
+RSA_verify_ASN1_OCTET_STRING		499
+SHA					500
+SHA1					501
+SHA1_Final				502
+SHA1_Init				503
+SHA1_Update				504
+SHA_Final				505
+SHA_Init				506
+SHA_Update				507
+SSLeay_add_all_algorithms		508
+SSLeay_add_all_ciphers			509
+SSLeay_add_all_digests			510
+TXT_DB_create_index			511
+TXT_DB_free				512
+TXT_DB_get_by_index			513
+TXT_DB_insert				514
+TXT_DB_read				515
+TXT_DB_write				516
+X509_ALGOR_free				517
+X509_ALGOR_new				518
+X509_ATTRIBUTE_free			519
+X509_ATTRIBUTE_new			520
+X509_CINF_free				521
+X509_CINF_new				522
+X509_CRL_INFO_free			523
+X509_CRL_INFO_new			524
+X509_CRL_add_ext			525
+X509_CRL_cmp				526
+X509_CRL_delete_ext			527
+X509_CRL_dup				528
+X509_CRL_free				529
+X509_CRL_get_ext			530
+X509_CRL_get_ext_by_NID			531
+X509_CRL_get_ext_by_OBJ			532
+X509_CRL_get_ext_by_critical		533
+X509_CRL_get_ext_count			534
+X509_CRL_new				535
+X509_CRL_sign				536
+X509_CRL_verify				537
+X509_EXTENSION_create_by_NID		538
+X509_EXTENSION_create_by_OBJ		539
+X509_EXTENSION_dup			540
+X509_EXTENSION_free			541
+X509_EXTENSION_get_critical		542
+X509_EXTENSION_get_data			543
+X509_EXTENSION_get_object		544
+X509_EXTENSION_new			545
+X509_EXTENSION_set_critical		546
+X509_EXTENSION_set_data			547
+X509_EXTENSION_set_object		548
+X509_INFO_free				549
+X509_INFO_new				550
+X509_LOOKUP_by_alias			551
+X509_LOOKUP_by_fingerprint		552
+X509_LOOKUP_by_issuer_serial		553
+X509_LOOKUP_by_subject			554
+X509_LOOKUP_ctrl			555
+X509_LOOKUP_file			556
+X509_LOOKUP_free			557
+X509_LOOKUP_hash_dir			558
+X509_LOOKUP_init			559
+X509_LOOKUP_new				560
+X509_LOOKUP_shutdown			561
+X509_NAME_ENTRY_create_by_NID		562
+X509_NAME_ENTRY_create_by_OBJ		563
+X509_NAME_ENTRY_dup			564
+X509_NAME_ENTRY_free			565
+X509_NAME_ENTRY_get_data		566
+X509_NAME_ENTRY_get_object		567
+X509_NAME_ENTRY_new			568
+X509_NAME_ENTRY_set_data		569
+X509_NAME_ENTRY_set_object		570
+X509_NAME_add_entry			571
+X509_NAME_cmp				572
+X509_NAME_delete_entry			573
+X509_NAME_digest			574
+X509_NAME_dup				575
+X509_NAME_entry_count			576
+X509_NAME_free				577
+X509_NAME_get_entry			578
+X509_NAME_get_index_by_NID		579
+X509_NAME_get_index_by_OBJ		580
+X509_NAME_get_text_by_NID		581
+X509_NAME_get_text_by_OBJ		582
+X509_NAME_hash				583
+X509_NAME_new				584
+X509_NAME_oneline			585
+X509_NAME_print				586
+X509_NAME_set				587
+X509_OBJECT_free_contents		588
+X509_OBJECT_retrieve_by_subject		589
+X509_OBJECT_up_ref_count		590
+X509_PKEY_free				591
+X509_PKEY_new				592
+X509_PUBKEY_free			593
+X509_PUBKEY_get				594
+X509_PUBKEY_new				595
+X509_PUBKEY_set				596
+X509_REQ_INFO_free			597
+X509_REQ_INFO_new			598
+X509_REQ_dup				599
+X509_REQ_free				600
+X509_REQ_get_pubkey			601
+X509_REQ_new				602
+X509_REQ_print				603
+X509_REQ_print_fp			604
+X509_REQ_set_pubkey			605
+X509_REQ_set_subject_name		606
+X509_REQ_set_version			607
+X509_REQ_sign				608
+X509_REQ_to_X509			609
+X509_REQ_verify				610
+X509_REVOKED_add_ext			611
+X509_REVOKED_delete_ext			612
+X509_REVOKED_free			613
+X509_REVOKED_get_ext			614
+X509_REVOKED_get_ext_by_NID		615
+X509_REVOKED_get_ext_by_OBJ		616
+X509_REVOKED_get_ext_by_critical	617
+X509_REVOKED_get_ext_count		618
+X509_REVOKED_new			619
+X509_SIG_free				620
+X509_SIG_new				621
+X509_STORE_CTX_cleanup			622
+X509_STORE_CTX_init			623
+X509_STORE_add_cert			624
+X509_STORE_add_lookup			625
+X509_STORE_free				626
+X509_STORE_get_by_subject		627
+X509_STORE_load_locations		628
+X509_STORE_new				629
+X509_STORE_set_default_paths		630
+X509_VAL_free				631
+X509_VAL_new				632
+X509_add_ext				633
+X509_asn1_meth				634
+X509_certificate_type			635
+X509_check_private_key			636
+X509_cmp_current_time			637
+X509_delete_ext				638
+X509_digest				639
+X509_dup				640
+X509_free				641
+X509_get_default_cert_area		642
+X509_get_default_cert_dir		643
+X509_get_default_cert_dir_env		644
+X509_get_default_cert_file		645
+X509_get_default_cert_file_env		646
+X509_get_default_private_dir		647
+X509_get_ext				648
+X509_get_ext_by_NID			649
+X509_get_ext_by_OBJ			650
+X509_get_ext_by_critical		651
+X509_get_ext_count			652
+X509_get_issuer_name			653
+X509_get_pubkey				654
+X509_get_pubkey_parameters		655
+X509_get_serialNumber			656
+X509_get_subject_name			657
+X509_gmtime_adj				658
+X509_issuer_and_serial_cmp		659
+X509_issuer_and_serial_hash		660
+X509_issuer_name_cmp			661
+X509_issuer_name_hash			662
+X509_load_cert_file			663
+X509_new				664
+X509_print				665
+X509_print_fp				666
+X509_set_issuer_name			667
+X509_set_notAfter			668
+X509_set_notBefore			669
+X509_set_pubkey				670
+X509_set_serialNumber			671
+X509_set_subject_name			672
+X509_set_version			673
+X509_sign				674
+X509_subject_name_cmp			675
+X509_subject_name_hash			676
+X509_to_X509_REQ			677
+X509_verify				678
+X509_verify_cert			679
+X509_verify_cert_error_string		680
+X509v3_add_ext				681
+X509v3_add_extension			682
+X509v3_add_netscape_extensions		683
+X509v3_add_standard_extensions		684
+X509v3_cleanup_extensions		685
+X509v3_data_type_by_NID			686
+X509v3_data_type_by_OBJ			687
+X509v3_delete_ext			688
+X509v3_get_ext				689
+X509v3_get_ext_by_NID			690
+X509v3_get_ext_by_OBJ			691
+X509v3_get_ext_by_critical		692
+X509v3_get_ext_count			693
+X509v3_pack_string			694
+X509v3_pack_type_by_NID			695
+X509v3_pack_type_by_OBJ			696
+X509v3_unpack_string			697
+_des_crypt				698
+a2d_ASN1_OBJECT				699
+a2i_ASN1_INTEGER			700
+a2i_ASN1_STRING				701
+asn1_Finish				702
+asn1_GetSequence			703
+bn_div_words				704
+bn_expand2				705
+bn_mul_add_words			706
+bn_mul_words				707
+BN_uadd					708
+BN_usub					709
+bn_sqr_words				710
+crypt					711
+d2i_ASN1_BIT_STRING			712
+d2i_ASN1_BOOLEAN			713
+d2i_ASN1_HEADER				714
+d2i_ASN1_IA5STRING			715
+d2i_ASN1_INTEGER			716
+d2i_ASN1_OBJECT				717
+d2i_ASN1_OCTET_STRING			718
+d2i_ASN1_PRINTABLE			719
+d2i_ASN1_PRINTABLESTRING		720
+d2i_ASN1_SET				721
+d2i_ASN1_T61STRING			722
+d2i_ASN1_TYPE				723
+d2i_ASN1_UTCTIME			724
+d2i_ASN1_bytes				725
+d2i_ASN1_type_bytes			726
+d2i_DHparams				727
+d2i_DSAPrivateKey			728
+d2i_DSAPrivateKey_bio			729
+d2i_DSAPrivateKey_fp			730
+d2i_DSAPublicKey			731
+d2i_DSAparams				732
+d2i_NETSCAPE_SPKAC			733
+d2i_NETSCAPE_SPKI			734
+d2i_Netscape_RSA			735
+d2i_PKCS7				736
+d2i_PKCS7_DIGEST			737
+d2i_PKCS7_ENCRYPT			738
+d2i_PKCS7_ENC_CONTENT			739
+d2i_PKCS7_ENVELOPE			740
+d2i_PKCS7_ISSUER_AND_SERIAL		741
+d2i_PKCS7_RECIP_INFO			742
+d2i_PKCS7_SIGNED			743
+d2i_PKCS7_SIGNER_INFO			744
+d2i_PKCS7_SIGN_ENVELOPE			745
+d2i_PKCS7_bio				746
+d2i_PKCS7_fp				747
+d2i_PrivateKey				748
+d2i_PublicKey				749
+d2i_RSAPrivateKey			750
+d2i_RSAPrivateKey_bio			751
+d2i_RSAPrivateKey_fp			752
+d2i_RSAPublicKey			753
+d2i_X509				754
+d2i_X509_ALGOR				755
+d2i_X509_ATTRIBUTE			756
+d2i_X509_CINF				757
+d2i_X509_CRL				758
+d2i_X509_CRL_INFO			759
+d2i_X509_CRL_bio			760
+d2i_X509_CRL_fp				761
+d2i_X509_EXTENSION			762
+d2i_X509_NAME				763
+d2i_X509_NAME_ENTRY			764
+d2i_X509_PKEY				765
+d2i_X509_PUBKEY				766
+d2i_X509_REQ				767
+d2i_X509_REQ_INFO			768
+d2i_X509_REQ_bio			769
+d2i_X509_REQ_fp				770
+d2i_X509_REVOKED			771
+d2i_X509_SIG				772
+d2i_X509_VAL				773
+d2i_X509_bio				774
+d2i_X509_fp				775
+des_cbc_cksum				777
+des_cbc_encrypt				778
+des_cblock_print_file			779
+des_cfb64_encrypt			780
+des_cfb_encrypt				781
+des_decrypt3				782
+des_ecb3_encrypt			783
+des_ecb_encrypt				784
+des_ede3_cbc_encrypt			785
+des_ede3_cfb64_encrypt			786
+des_ede3_ofb64_encrypt			787
+des_enc_read				788
+des_enc_write				789
+des_encrypt				790
+des_encrypt2				791
+des_encrypt3				792
+des_fcrypt				793
+des_is_weak_key				794
+des_key_sched				795
+des_ncbc_encrypt			796
+des_ofb64_encrypt			797
+des_ofb_encrypt				798
+des_options				799
+des_pcbc_encrypt			800
+des_quad_cksum				801
+des_random_key				802
+des_random_seed				803
+des_read_2passwords			804
+des_read_password			805
+des_read_pw				806
+des_read_pw_string			807
+des_set_key				808
+des_set_odd_parity			809
+des_string_to_2keys			810
+des_string_to_key			811
+des_xcbc_encrypt			812
+des_xwhite_in2out			813
+fcrypt_body				814
+i2a_ASN1_INTEGER			815
+i2a_ASN1_OBJECT				816
+i2a_ASN1_STRING				817
+i2d_ASN1_BIT_STRING			818
+i2d_ASN1_BOOLEAN			819
+i2d_ASN1_HEADER				820
+i2d_ASN1_IA5STRING			821
+i2d_ASN1_INTEGER			822
+i2d_ASN1_OBJECT				823
+i2d_ASN1_OCTET_STRING			824
+i2d_ASN1_PRINTABLE			825
+i2d_ASN1_SET				826
+i2d_ASN1_TYPE				827
+i2d_ASN1_UTCTIME			828
+i2d_ASN1_bytes				829
+i2d_DHparams				830
+i2d_DSAPrivateKey			831
+i2d_DSAPrivateKey_bio			832
+i2d_DSAPrivateKey_fp			833
+i2d_DSAPublicKey			834
+i2d_DSAparams				835
+i2d_NETSCAPE_SPKAC			836
+i2d_NETSCAPE_SPKI			837
+i2d_Netscape_RSA			838
+i2d_PKCS7				839
+i2d_PKCS7_DIGEST			840
+i2d_PKCS7_ENCRYPT			841
+i2d_PKCS7_ENC_CONTENT			842
+i2d_PKCS7_ENVELOPE			843
+i2d_PKCS7_ISSUER_AND_SERIAL		844
+i2d_PKCS7_RECIP_INFO			845
+i2d_PKCS7_SIGNED			846
+i2d_PKCS7_SIGNER_INFO			847
+i2d_PKCS7_SIGN_ENVELOPE			848
+i2d_PKCS7_bio				849
+i2d_PKCS7_fp				850
+i2d_PrivateKey				851
+i2d_PublicKey				852
+i2d_RSAPrivateKey			853
+i2d_RSAPrivateKey_bio			854
+i2d_RSAPrivateKey_fp			855
+i2d_RSAPublicKey			856
+i2d_X509				857
+i2d_X509_ALGOR				858
+i2d_X509_ATTRIBUTE			859
+i2d_X509_CINF				860
+i2d_X509_CRL				861
+i2d_X509_CRL_INFO			862
+i2d_X509_CRL_bio			863
+i2d_X509_CRL_fp				864
+i2d_X509_EXTENSION			865
+i2d_X509_NAME				866
+i2d_X509_NAME_ENTRY			867
+i2d_X509_PKEY				868
+i2d_X509_PUBKEY				869
+i2d_X509_REQ				870
+i2d_X509_REQ_INFO			871
+i2d_X509_REQ_bio			872
+i2d_X509_REQ_fp				873
+i2d_X509_REVOKED			874
+i2d_X509_SIG				875
+i2d_X509_VAL				876
+i2d_X509_bio				877
+i2d_X509_fp				878
+idea_cbc_encrypt			879
+idea_cfb64_encrypt			880
+idea_ecb_encrypt			881
+idea_encrypt				882
+idea_ofb64_encrypt			883
+idea_options				884
+idea_set_decrypt_key			885
+idea_set_encrypt_key			886
+lh_delete				887
+lh_doall				888
+lh_doall_arg				889
+lh_free					890
+lh_insert				891
+lh_new					892
+lh_node_stats				893
+lh_node_stats_bio			894
+lh_node_usage_stats			895
+lh_node_usage_stats_bio			896
+lh_retrieve				897
+lh_stats				898
+lh_stats_bio				899
+lh_strhash				900
+sk_delete				901
+sk_delete_ptr				902
+sk_dup					903
+sk_find					904
+sk_free					905
+sk_insert				906
+sk_new					907
+sk_pop					908
+sk_pop_free				909
+sk_push					910
+sk_set_cmp_func				911
+sk_shift				912
+sk_unshift				913
+sk_zero					914
+BIO_f_nbio_test				915
+ASN1_TYPE_get				916
+ASN1_TYPE_set				917
+PKCS7_content_free			918
+ERR_load_PKCS7_strings			919
+X509_find_by_issuer_and_serial		920
+X509_find_by_subject			921
+PKCS7_ctrl				927
+PKCS7_set_type				928
+PKCS7_set_content			929
+PKCS7_SIGNER_INFO_set			930
+PKCS7_add_signer			931
+PKCS7_add_certificate			932
+PKCS7_add_crl				933
+PKCS7_content_new			934
+PKCS7_dataSign				935
+PKCS7_dataVerify			936
+PKCS7_dataInit				937
+PKCS7_add_signature			938
+PKCS7_cert_from_signer_info		939
+PKCS7_get_signer_info			940
+EVP_delete_alias			941
+EVP_mdc2				942
+PEM_read_bio_RSAPublicKey		943
+PEM_write_bio_RSAPublicKey		944
+d2i_RSAPublicKey_bio			945
+i2d_RSAPublicKey_bio			946
+PEM_read_RSAPublicKey			947
+PEM_write_RSAPublicKey			949
+d2i_RSAPublicKey_fp			952
+i2d_RSAPublicKey_fp			954
+BIO_copy_next_retry			955
+RSA_flags				956
+X509_STORE_add_crl			957
+X509_load_crl_file			958
+EVP_rc2_40_cbc				959
+EVP_rc4_40				960
+EVP_CIPHER_CTX_init			961
+HMAC					962
+HMAC_Init				963
+HMAC_Update				964
+HMAC_Final				965
+ERR_get_next_error_library		966
+EVP_PKEY_cmp_parameters			967
+HMAC_cleanup				968
+BIO_ptr_ctrl				969
+BIO_new_file_internal			970
+BIO_new_fp_internal			971
+BIO_s_file_internal			972
+BN_BLINDING_convert			973
+BN_BLINDING_invert			974
+BN_BLINDING_update			975
+RSA_blinding_on				977
+RSA_blinding_off			978
+i2t_ASN1_OBJECT				979
+BN_BLINDING_new				980
+BN_BLINDING_free			981
+EVP_cast5_cbc				983
+EVP_cast5_cfb				984
+EVP_cast5_ecb				985
+EVP_cast5_ofb				986
+BF_decrypt				987
+CAST_set_key				988
+CAST_encrypt				989
+CAST_decrypt				990
+CAST_ecb_encrypt			991
+CAST_cbc_encrypt			992
+CAST_cfb64_encrypt			993
+CAST_ofb64_encrypt			994
+RC2_decrypt				995
+OBJ_create_objects			997
+BN_exp					998
+BN_mul_word				999
+BN_sub_word				1000
+BN_dec2bn				1001
+BN_bn2dec				1002
+BIO_ghbn_ctrl				1003
+CRYPTO_free_ex_data			1004
+CRYPTO_get_ex_data			1005
+CRYPTO_set_ex_data			1007
+ERR_load_CRYPTO_strings			1009
+ERR_load_CRYPTOlib_strings		1009
+EVP_PKEY_bits				1010
+MD5_Transform				1011
+SHA1_Transform				1012
+SHA_Transform				1013
+X509_STORE_CTX_get_chain		1014
+X509_STORE_CTX_get_current_cert		1015
+X509_STORE_CTX_get_error		1016
+X509_STORE_CTX_get_error_depth		1017
+X509_STORE_CTX_get_ex_data		1018
+X509_STORE_CTX_set_cert			1020
+X509_STORE_CTX_set_chain		1021
+X509_STORE_CTX_set_error		1022
+X509_STORE_CTX_set_ex_data		1023
+CRYPTO_dup_ex_data			1025
+CRYPTO_get_new_lockid			1026
+CRYPTO_new_ex_data			1027
+RSA_set_ex_data				1028
+RSA_get_ex_data				1029
+RSA_get_ex_new_index			1030
+RSA_padding_add_PKCS1_type_1		1031
+RSA_padding_add_PKCS1_type_2		1032
+RSA_padding_add_SSLv23			1033
+RSA_padding_add_none			1034
+RSA_padding_check_PKCS1_type_1		1035
+RSA_padding_check_PKCS1_type_2		1036
+RSA_padding_check_SSLv23		1037
+RSA_padding_check_none			1038
+bn_add_words				1039
+d2i_Netscape_RSA_2			1040
+CRYPTO_get_ex_new_index			1041
+RIPEMD160_Init				1042
+RIPEMD160_Update			1043
+RIPEMD160_Final				1044
+RIPEMD160				1045
+RIPEMD160_Transform			1046
+RC5_32_set_key				1047
+RC5_32_ecb_encrypt			1048
+RC5_32_encrypt				1049
+RC5_32_decrypt				1050
+RC5_32_cbc_encrypt			1051
+RC5_32_cfb64_encrypt			1052
+RC5_32_ofb64_encrypt			1053
+BN_bn2mpi				1058
+BN_mpi2bn				1059
+ASN1_BIT_STRING_get_bit			1060
+ASN1_BIT_STRING_set_bit			1061
+BIO_get_ex_data				1062
+BIO_get_ex_new_index			1063
+BIO_set_ex_data				1064
+X509_STORE_CTX_get_ex_new_index		1065
+X509v3_get_key_usage			1066
+X509v3_set_key_usage			1067
+a2i_X509v3_key_usage			1068
+i2a_X509v3_key_usage			1069
+EVP_PKEY_decrypt			1070
+EVP_PKEY_encrypt			1071
+PKCS7_RECIP_INFO_set			1072
+PKCS7_add_recipient			1073
+PKCS7_add_recipient_info		1074
+PKCS7_set_cipher			1075
+ASN1_TYPE_get_int_octetstring		1076
+ASN1_TYPE_get_octetstring		1077
+ASN1_TYPE_set_int_octetstring		1078
+ASN1_TYPE_set_octetstring		1079
+ASN1_UTCTIME_set_string			1080
+ERR_add_error_data			1081
+ERR_set_error_data			1082
+EVP_CIPHER_asn1_to_param		1083
+EVP_CIPHER_param_to_asn1		1084
+EVP_CIPHER_get_asn1_iv			1085
+EVP_CIPHER_set_asn1_iv			1086
+EVP_rc5_32_12_16_cbc			1087
+EVP_rc5_32_12_16_cfb			1088
+EVP_rc5_32_12_16_ecb			1089
+EVP_rc5_32_12_16_ofb			1090
+asn1_add_error				1091
+d2i_ASN1_BMPSTRING			1092
+i2d_ASN1_BMPSTRING			1093
+BIO_f_ber				1094
+BN_init					1095
+COMP_CTX_new				1096
+COMP_CTX_free				1097
+COMP_CTX_compress_block			1098
+COMP_CTX_expand_block			1099
+X509_STORE_CTX_get_ex_new_index		1100
+OBJ_NAME_add				1101
+BIO_socket_nbio				1102
+EVP_rc2_64_cbc				1103
+OBJ_NAME_cleanup			1104
+OBJ_NAME_get				1105
+OBJ_NAME_init				1106
+OBJ_NAME_new_index			1107
+OBJ_NAME_remove				1108
+BN_MONT_CTX_copy			1109
+BIO_new_socks4a_connect			1110
+BIO_s_socks4a_connect			1111
+PROXY_set_connect_mode			1112
+RAND_SSLeay				1113
+RAND_set_rand_method			1114
+RSA_memory_lock				1115
+bn_sub_words				1116
+bn_mul_normal				1117
+bn_mul_comba8				1118
+bn_mul_comba4				1119
+bn_sqr_normal				1120
+bn_sqr_comba8				1121
+bn_sqr_comba4				1122
+bn_cmp_words				1123
+bn_mul_recursive			1124
+bn_mul_part_recursive			1125
+bn_sqr_recursive			1126
+bn_mul_low_normal			1127
+BN_RECP_CTX_init			1128
+BN_RECP_CTX_new				1129
+BN_RECP_CTX_free			1130
+BN_RECP_CTX_set				1131
+BN_mod_mul_reciprocal			1132
+BN_mod_exp_recp				1133
+BN_div_recp				1134
+BN_CTX_init				1135
+BN_MONT_CTX_init			1136
+RAND_get_rand_method			1137
+PKCS7_add_attribute			1138
+PKCS7_add_signed_attribute		1139
+PKCS7_digest_from_attributes		1140
+PKCS7_get_attribute			1141
+PKCS7_get_issuer_and_serial		1142
+PKCS7_get_signed_attribute		1143
+COMP_compress_block			1144
+COMP_expand_block			1145
+COMP_rle				1146
+COMP_zlib				1147
+ms_time_diff				1148
+ms_time_new				1149
+ms_time_free				1150
+ms_time_cmp				1151
+ms_time_get				1152
+PKCS7_set_attributes			1153
+PKCS7_set_signed_attributes		1154
+X509_ATTRIBUTE_create			1155
+X509_ATTRIBUTE_dup			1156
+ASN1_GENERALIZEDTIME_check		1157
+ASN1_GENERALIZEDTIME_print		1158
+ASN1_GENERALIZEDTIME_set		1159
+ASN1_GENERALIZEDTIME_set_string		1160
+ASN1_TIME_print				1161
+BASIC_CONSTRAINTS_free			1162
+BASIC_CONSTRAINTS_new			1163
+ERR_load_X509V3_strings			1164
+NETSCAPE_CERT_SEQUENCE_free		1165
+NETSCAPE_CERT_SEQUENCE_new		1166
+OBJ_txt2obj				1167
+PEM_read_NETSCAPE_CERT_SEQUENCE		1168
+PEM_read_bio_NETSCAPE_CERT_SEQUENCE	1169
+PEM_write_NETSCAPE_CERT_SEQUENCE	1170
+PEM_write_bio_NETSCAPE_CERT_SEQUENCE	1171
+X509V3_EXT_add				1172
+X509V3_EXT_add_alias			1173
+X509V3_EXT_add_conf			1174
+X509V3_EXT_cleanup			1175
+X509V3_EXT_conf				1176
+X509V3_EXT_conf_nid			1177
+X509V3_EXT_get				1178
+X509V3_EXT_get_nid			1179
+X509V3_EXT_print			1180
+X509V3_EXT_print_fp			1181
+X509V3_add_standard_extensions		1182
+X509V3_add_value			1183
+X509V3_add_value_bool			1184
+X509V3_add_value_int			1185
+X509V3_conf_free			1186
+X509V3_get_value_bool			1187
+X509V3_get_value_int			1188
+X509V3_parse_list			1189
+d2i_ASN1_GENERALIZEDTIME		1190
+d2i_ASN1_TIME				1191
+d2i_BASIC_CONSTRAINTS			1192
+d2i_NETSCAPE_CERT_SEQUENCE		1193
+d2i_ext_ku				1194
+ext_ku_free				1195
+ext_ku_new				1196
+i2d_ASN1_GENERALIZEDTIME		1197
+i2d_ASN1_TIME				1198
+i2d_BASIC_CONSTRAINTS			1199
+i2d_NETSCAPE_CERT_SEQUENCE		1200
+i2d_ext_ku				1201
+EVP_MD_CTX_copy				1202
+i2d_ASN1_ENUMERATED                     1203
+d2i_ASN1_ENUMERATED                     1204
+ASN1_ENUMERATED_set                     1205
+ASN1_ENUMERATED_get                     1206
+BN_to_ASN1_ENUMERATED                   1207
+ASN1_ENUMERATED_to_BN                   1208
+i2a_ASN1_ENUMERATED                     1209
+a2i_ASN1_ENUMERATED                     1210
+i2d_GENERAL_NAME                        1211
+d2i_GENERAL_NAME                        1212
+GENERAL_NAME_new                        1213
+GENERAL_NAME_free                       1214
+GENERAL_NAMES_new                       1215
+GENERAL_NAMES_free                      1216
+d2i_GENERAL_NAMES                       1217
+i2d_GENERAL_NAMES                       1218
+i2v_GENERAL_NAMES                       1219
+i2s_ASN1_OCTET_STRING                   1220
+s2i_ASN1_OCTET_STRING                   1221
+X509V3_EXT_check_conf                   1222
+hex_to_string                           1223
+string_to_hex                           1224
+des_ede3_cbcm_encrypt                   1225
+RSA_padding_add_PKCS1_OAEP              1226
+RSA_padding_check_PKCS1_OAEP            1227
+X509_CRL_print_fp                       1228
+X509_CRL_print                          1229
+i2v_GENERAL_NAME                        1230
+v2i_GENERAL_NAME                        1231
+i2d_PKEY_USAGE_PERIOD                   1232
+d2i_PKEY_USAGE_PERIOD                   1233
+PKEY_USAGE_PERIOD_new                   1234
+PKEY_USAGE_PERIOD_free                  1235
+v2i_GENERAL_NAMES                       1236
+i2s_ASN1_INTEGER                        1237
+X509V3_EXT_d2i                          1238
+name_cmp                                1239
+str_dup                                 1240
+i2s_ASN1_ENUMERATED                     1241
+i2s_ASN1_ENUMERATED_TABLE               1242
+BIO_s_log                               1243
+BIO_f_reliable                          1244
+PKCS7_dataFinal                         1245
+PKCS7_dataDecode                        1246
+X509V3_EXT_CRL_add_conf                 1247
+BN_set_params                           1248
+BN_get_params                           1249
+BIO_get_ex_num                          1250
+BIO_set_ex_free_func                    1251
+EVP_ripemd160                           1252
+ASN1_TIME_set                           1253
+i2d_AUTHORITY_KEYID                     1254
+d2i_AUTHORITY_KEYID                     1255
+AUTHORITY_KEYID_new                     1256
+AUTHORITY_KEYID_free                    1257
+ASN1_seq_unpack                         1258
+ASN1_seq_pack                           1259
+ASN1_unpack_string                      1260
+ASN1_pack_string                        1261
+PKCS12_pack_safebag                     1262
+PKCS12_MAKE_KEYBAG                      1263
+PKCS8_encrypt                           1264
+PKCS12_MAKE_SHKEYBAG                    1265
+PKCS12_pack_p7data                      1266
+PKCS12_pack_p7encdata                   1267
+PKCS12_add_localkeyid                   1268
+PKCS12_add_friendlyname_asc             1269
+PKCS12_add_friendlyname_uni             1270
+PKCS12_get_friendlyname                 1271
+PKCS12_pbe_crypt                        1272
+PKCS12_decrypt_d2i                      1273
+PKCS12_i2d_encrypt                      1274
+PKCS12_init                             1275
+PKCS12_key_gen_asc                      1276
+PKCS12_key_gen_uni                      1277
+PKCS12_gen_mac                          1278
+PKCS12_verify_mac                       1279
+PKCS12_set_mac                          1280
+PKCS12_setup_mac                        1281
+asc2uni                                 1282
+uni2asc                                 1283
+i2d_PKCS12_BAGS                         1284
+PKCS12_BAGS_new                         1285
+d2i_PKCS12_BAGS                         1286
+PKCS12_BAGS_free                        1287
+i2d_PKCS12                              1288
+d2i_PKCS12                              1289
+PKCS12_new                              1290
+PKCS12_free                             1291
+i2d_PKCS12_MAC_DATA                     1292
+PKCS12_MAC_DATA_new                     1293
+d2i_PKCS12_MAC_DATA                     1294
+PKCS12_MAC_DATA_free                    1295
+i2d_PKCS12_SAFEBAG                      1296
+PKCS12_SAFEBAG_new                      1297
+d2i_PKCS12_SAFEBAG                      1298
+PKCS12_SAFEBAG_free                     1299
+ERR_load_PKCS12_strings                 1300
+PKCS12_PBE_add                          1301
+PKCS8_add_keyusage                      1302
+PKCS12_get_attr_gen                     1303
+PKCS12_parse                            1304
+PKCS12_create                           1305
+i2d_PKCS12_bio                          1306
+i2d_PKCS12_fp                           1307
+d2i_PKCS12_bio                          1308
+d2i_PKCS12_fp                           1309
+i2d_PBEPARAM                            1310
+PBEPARAM_new                            1311
+d2i_PBEPARAM                            1312
+PBEPARAM_free                           1313
+i2d_PKCS8_PRIV_KEY_INFO                 1314
+PKCS8_PRIV_KEY_INFO_new                 1315
+d2i_PKCS8_PRIV_KEY_INFO                 1316
+PKCS8_PRIV_KEY_INFO_free                1317
+EVP_PKCS82PKEY                          1318
+EVP_PKEY2PKCS8                          1319
+PKCS8_set_broken                        1320
+EVP_PBE_ALGOR_CipherInit                1321
+EVP_PBE_alg_add                         1322
+PKCS5_pbe_set                           1323
+EVP_PBE_cleanup                         1324
+i2d_SXNET                               1325
+d2i_SXNET                               1326
+SXNET_new                               1327
+SXNET_free                              1328
+i2d_SXNETID                             1329
+d2i_SXNETID                             1330
+SXNETID_new                             1331
+SXNETID_free                            1332
+DSA_SIG_new								1333
+DSA_SIG_free							1334
+DSA_do_sign								1335
+DSA_do_verify							1336
+d2i_DSA_SIG								1337
+i2d_DSA_SIG								1338
+
+i2d_ASN1_VISIBLESTRING                  1339
+d2i_ASN1_VISIBLESTRING                  1340
+i2d_ASN1_UTF8STRING                     1341
+d2i_ASN1_UTF8STRING                     1342
+i2d_DIRECTORYSTRING                     1343
+d2i_DIRECTORYSTRING                     1344
+i2d_DISPLAYTEXT                         1345
+d2i_DISPLAYTEXT                         1346
+sk_X509_NAME_new                        1347
+sk_X509_NAME_new_null                   1348
+sk_X509_NAME_free                       1349
+sk_X509_NAME_num                        1350
+sk_X509_NAME_value                      1351
+sk_X509_NAME_set                        1352
+sk_X509_NAME_zero                       1353
+sk_X509_NAME_push                       1354
+sk_X509_NAME_pop                        1355
+sk_X509_NAME_find                       1356
+sk_X509_NAME_delete                     1357
+sk_X509_NAME_delete_ptr                 1358
+sk_X509_NAME_set_cmp_func               1359
+sk_X509_NAME_dup                        1360
+sk_X509_NAME_pop_free                   1361
+sk_X509_NAME_shift                      1362
+sk_X509_new                             1363
+sk_X509_new_null                        1364
+sk_X509_free                            1365
+sk_X509_num                             1366
+sk_X509_value                           1367
+sk_X509_set                             1368
+sk_X509_zero                            1369
+sk_X509_push                            1370
+sk_X509_pop                             1371
+sk_X509_find                            1372
+sk_X509_delete                          1373
+sk_X509_delete_ptr                      1374
+sk_X509_set_cmp_func                    1375
+sk_X509_dup                             1376
+sk_X509_pop_free                        1377
+sk_X509_shift                           1378
+d2i_ASN1_SET_OF_X509                    1379
+i2d_ASN1_SET_OF_X509                    1380
+sk_X509_ATTRIBUTE_new                   1381
+sk_X509_ATTRIBUTE_new_null              1382
+sk_X509_ATTRIBUTE_free                  1383
+sk_X509_ATTRIBUTE_num                   1384
+sk_X509_ATTRIBUTE_value                 1385
+sk_X509_ATTRIBUTE_set                   1386
+sk_X509_ATTRIBUTE_zero                  1387
+sk_X509_ATTRIBUTE_push                  1388
+sk_X509_ATTRIBUTE_pop                   1389
+sk_X509_ATTRIBUTE_find                  1390
+sk_X509_ATTRIBUTE_delete                1391
+sk_X509_ATTRIBUTE_delete_ptr            1392
+sk_X509_ATTRIBUTE_set_cmp_func          1393
+sk_X509_ATTRIBUTE_dup                   1394
+sk_X509_ATTRIBUTE_pop_free              1395
+sk_X509_ATTRIBUTE_shift                 1396
+i2d_PBKDF2PARAM                         1397
+PBKDF2PARAM_new                         1398
+d2i_PBKDF2PARAM                         1399
+PBKDF2PARAM_free                        1400
+i2d_PBE2PARAM                           1401
+PBE2PARAM_new                           1402
+d2i_PBE2PARAM                           1403
+PBE2PARAM_free                          1404
+sk_GENERAL_NAME_new                     1405
+sk_GENERAL_NAME_new_null                1406
+sk_GENERAL_NAME_free                    1407
+sk_GENERAL_NAME_num                     1408
+sk_GENERAL_NAME_value                   1409
+sk_GENERAL_NAME_set                     1410
+sk_GENERAL_NAME_zero                    1411
+sk_GENERAL_NAME_push                    1412
+sk_GENERAL_NAME_pop                     1413
+sk_GENERAL_NAME_find                    1414
+sk_GENERAL_NAME_delete                  1415
+sk_GENERAL_NAME_delete_ptr              1416
+sk_GENERAL_NAME_set_cmp_func            1417
+sk_GENERAL_NAME_dup                     1418
+sk_GENERAL_NAME_pop_free                1419
+sk_GENERAL_NAME_shift                   1420
+d2i_ASN1_SET_OF_GENERAL_NAME            1421
+i2d_ASN1_SET_OF_GENERAL_NAME            1422
+sk_SXNETID_new                          1423
+sk_SXNETID_new_null                     1424
+sk_SXNETID_free                         1425
+sk_SXNETID_num                          1426
+sk_SXNETID_value                        1427
+sk_SXNETID_set                          1428
+sk_SXNETID_zero                         1429
+sk_SXNETID_push                         1430
+sk_SXNETID_pop                          1431
+sk_SXNETID_find                         1432
+sk_SXNETID_delete                       1433
+sk_SXNETID_delete_ptr                   1434
+sk_SXNETID_set_cmp_func                 1435
+sk_SXNETID_dup                          1436
+sk_SXNETID_pop_free                     1437
+sk_SXNETID_shift                        1438
+d2i_ASN1_SET_OF_SXNETID                 1439
+i2d_ASN1_SET_OF_SXNETID                 1440
+sk_POLICYQUALINFO_new                   1441
+sk_POLICYQUALINFO_new_null              1442
+sk_POLICYQUALINFO_free                  1443
+sk_POLICYQUALINFO_num                   1444
+sk_POLICYQUALINFO_value                 1445
+sk_POLICYQUALINFO_set                   1446
+sk_POLICYQUALINFO_zero                  1447
+sk_POLICYQUALINFO_push                  1448
+sk_POLICYQUALINFO_pop                   1449
+sk_POLICYQUALINFO_find                  1450
+sk_POLICYQUALINFO_delete                1451
+sk_POLICYQUALINFO_delete_ptr            1452
+sk_POLICYQUALINFO_set_cmp_func          1453
+sk_POLICYQUALINFO_dup                   1454
+sk_POLICYQUALINFO_pop_free              1455
+sk_POLICYQUALINFO_shift                 1456
+d2i_ASN1_SET_OF_POLICYQUALINFO          1457
+i2d_ASN1_SET_OF_POLICYQUALINFO          1458
+sk_POLICYINFO_new                       1459
+sk_POLICYINFO_new_null                  1460
+sk_POLICYINFO_free                      1461
+sk_POLICYINFO_num                       1462
+sk_POLICYINFO_value                     1463
+sk_POLICYINFO_set                       1464
+sk_POLICYINFO_zero                      1465
+sk_POLICYINFO_push                      1466
+sk_POLICYINFO_pop                       1467
+sk_POLICYINFO_find                      1468
+sk_POLICYINFO_delete                    1469
+sk_POLICYINFO_delete_ptr                1470
+sk_POLICYINFO_set_cmp_func              1471
+sk_POLICYINFO_dup                       1472
+sk_POLICYINFO_pop_free                  1473
+sk_POLICYINFO_shift                     1474
+d2i_ASN1_SET_OF_POLICYINFO              1475
+i2d_ASN1_SET_OF_POLICYINFO              1476
+SXNET_add_id_asc                        1477
+SXNET_add_id_ulong                      1478
+SXNET_add_id_INTEGER                    1479
+SXNET_get_id_asc                        1480
+SXNET_get_id_ulong                      1481
+SXNET_get_id_INTEGER                    1482
+X509V3_set_conf_lhash                   1483
+i2d_CERTIFICATEPOLICIES                 1484
+CERTIFICATEPOLICIES_new                 1485
+CERTIFICATEPOLICIES_free                1486
+d2i_CERTIFICATEPOLICIES                 1487
+i2d_POLICYINFO                          1488
+POLICYINFO_new                          1489
+d2i_POLICYINFO                          1490
+POLICYINFO_free                         1491
+i2d_POLICYQUALINFO                      1492
+POLICYQUALINFO_new                      1493
+d2i_POLICYQUALINFO                      1494
+POLICYQUALINFO_free                     1495
+i2d_USERNOTICE                          1496
+USERNOTICE_new                          1497
+d2i_USERNOTICE                          1498
+USERNOTICE_free                         1499
+i2d_NOTICEREF                           1500
+NOTICEREF_new                           1501
+d2i_NOTICEREF                           1502
+NOTICEREF_free                          1503
+X509V3_get_string                       1504
+X509V3_get_section                      1505
+X509V3_string_free                      1506
+X509V3_section_free                     1507
+X509V3_set_ctx                          1508
+s2i_ASN1_INTEGER                        1509
+CRYPTO_set_locked_mem_functions         1510
+CRYPTO_get_locked_mem_functions         1511
+CRYPTO_malloc_locked                    1512
+CRYPTO_free_locked                      1513
+BN_mod_exp2_mont                        1514
+ERR_get_error_line_data                 1515
+ERR_peek_error_line_data                1516
+PKCS12_PBE_keyivgen                     1517
+X509_ALGOR_dup                          1518
+sk_DIST_POINT_new                       1519
+sk_DIST_POINT_new_null                  1520
+sk_DIST_POINT_free                      1521
+sk_DIST_POINT_num                       1522
+sk_DIST_POINT_value                     1523
+sk_DIST_POINT_set                       1524
+sk_DIST_POINT_zero                      1525
+sk_DIST_POINT_push                      1526
+sk_DIST_POINT_pop                       1527
+sk_DIST_POINT_find                      1528
+sk_DIST_POINT_delete                    1529
+sk_DIST_POINT_delete_ptr                1530
+sk_DIST_POINT_set_cmp_func              1531
+sk_DIST_POINT_dup                       1532
+sk_DIST_POINT_pop_free                  1533
+sk_DIST_POINT_shift                     1534
+d2i_ASN1_SET_OF_DIST_POINT              1535
+i2d_ASN1_SET_OF_DIST_POINT              1536
+i2d_CRL_DIST_POINTS                     1537
+CRL_DIST_POINTS_new                     1538
+CRL_DIST_POINTS_free                    1539
+d2i_CRL_DIST_POINTS                     1540
+i2d_DIST_POINT                          1541
+DIST_POINT_new                          1542
+d2i_DIST_POINT                          1543
+DIST_POINT_free                         1544
+i2d_DIST_POINT_NAME                     1545
+DIST_POINT_NAME_new                     1546
+DIST_POINT_NAME_free                    1547
+d2i_DIST_POINT_NAME                     1548
+X509V3_add_value_uchar                  1549
+sk_X509_INFO_new                        1550
+sk_X509_EXTENSION_new                   1551
+sk_X509_NAME_ENTRY_unshift              1552
+sk_ASN1_TYPE_value                      1553
+sk_X509_EXTENSION_find                  1554
+d2i_ASN1_SET_OF_X509_ATTRIBUTE          1555
+sk_ASN1_TYPE_pop                        1556
+sk_X509_EXTENSION_set_cmp_func          1557
+sk_ASN1_TYPE_new_null                   1558
+sk_X509_NAME_ENTRY_delete               1559
+i2d_ASN1_SET_OF_ASN1_TYPE               1560
+sk_X509_NAME_ENTRY_dup                  1561
+sk_X509_unshift                         1562
+sk_X509_NAME_unshift                    1563
+sk_ASN1_TYPE_num                        1564
+sk_X509_EXTENSION_new_null              1565
+sk_X509_INFO_value                      1566
+d2i_ASN1_SET_OF_X509_EXTENSION          1567
+sk_X509_INFO_delete_ptr                 1568
+sk_X509_NAME_ENTRY_new                  1569
+sk_DIST_POINT_insert                    1570
+sk_ASN1_TYPE_set_cmp_func               1571
+sk_X509_EXTENSION_value                 1572
+sk_DIST_POINT_unshift                   1573
+d2i_ASN1_SET_OF_X509_NAME_ENTRY         1574
+sk_X509_INFO_pop                        1575
+sk_X509_EXTENSION_pop                   1576
+sk_X509_NAME_ENTRY_shift                1577
+sk_X509_INFO_num                        1578
+sk_X509_EXTENSION_num                   1579
+sk_X509_INFO_pop_free                   1580
+sk_POLICYQUALINFO_unshift               1581
+sk_POLICYINFO_unshift                   1582
+sk_X509_NAME_ENTRY_new_null             1583
+sk_X509_NAME_ENTRY_pop                  1584
+sk_X509_ATTRIBUTE_unshift               1585
+sk_X509_NAME_ENTRY_num                  1586
+sk_GENERAL_NAME_unshift                 1587
+sk_X509_INFO_free                       1588
+d2i_ASN1_SET_OF_ASN1_TYPE               1589
+sk_X509_INFO_insert                     1590
+sk_X509_NAME_ENTRY_value                1591
+sk_POLICYQUALINFO_insert                1592
+sk_ASN1_TYPE_set                        1593
+sk_X509_EXTENSION_delete_ptr            1594
+sk_X509_INFO_unshift                    1595
+sk_ASN1_TYPE_unshift                    1596
+sk_ASN1_TYPE_free                       1597
+sk_ASN1_TYPE_delete_ptr                 1598
+sk_ASN1_TYPE_pop_free                   1599
+sk_X509_EXTENSION_unshift               1600
+sk_X509_EXTENSION_pop_free              1601
+sk_X509_NAME_ENTRY_set_cmp_func         1602
+sk_ASN1_TYPE_insert                     1603
+sk_X509_NAME_ENTRY_free                 1604
+sk_SXNETID_insert                       1605
+sk_X509_NAME_insert                     1606
+sk_X509_insert                          1607
+sk_X509_INFO_delete                     1608
+sk_X509_INFO_set_cmp_func               1609
+sk_X509_ATTRIBUTE_insert                1610
+sk_X509_INFO_zero                       1611
+sk_X509_INFO_set                        1612
+sk_X509_EXTENSION_set                   1613
+sk_X509_EXTENSION_free                  1614
+i2d_ASN1_SET_OF_X509_ATTRIBUTE          1615
+sk_SXNETID_unshift                      1616
+sk_X509_INFO_push                       1617
+sk_X509_EXTENSION_insert                1618
+sk_X509_INFO_new_null                   1619
+sk_ASN1_TYPE_dup                        1620
+sk_X509_INFO_find                       1621
+sk_POLICYINFO_insert                    1622
+sk_ASN1_TYPE_zero                       1623
+i2d_ASN1_SET_OF_X509_EXTENSION          1624
+sk_X509_NAME_ENTRY_set                  1625
+sk_ASN1_TYPE_push                       1626
+sk_X509_NAME_ENTRY_insert               1627
+sk_ASN1_TYPE_new                        1628
+sk_GENERAL_NAME_insert                  1629
+sk_ASN1_TYPE_shift                      1630
+sk_ASN1_TYPE_delete                     1631
+sk_X509_NAME_ENTRY_pop_free             1632
+i2d_ASN1_SET_OF_X509_NAME_ENTRY         1633
+sk_X509_NAME_ENTRY_zero                 1634
+sk_ASN1_TYPE_find                       1635
+sk_X509_NAME_ENTRY_delete_ptr           1636
+sk_X509_NAME_ENTRY_push                 1637
+sk_X509_EXTENSION_zero                  1638
+sk_X509_INFO_shift                      1639
+sk_X509_INFO_dup                        1640
+sk_X509_EXTENSION_dup                   1641
+sk_X509_EXTENSION_delete                1642
+sk_X509_EXTENSION_shift                 1643
+sk_X509_EXTENSION_push                  1644
+sk_X509_NAME_ENTRY_find                 1645
+X509V3_EXT_i2d                          1646
+X509V3_EXT_val_prn                      1647
+X509V3_EXT_add_list                     1648
+EVP_CIPHER_type                         1649
+EVP_PBE_CipherInit                      1650
+X509V3_add_value_bool_nf                1651
+d2i_ASN1_UINTEGER                       1652
+sk_value                                1653
+sk_num                                  1654
+sk_set                                  1655
+sk_X509_REVOKED_set_cmp_func            1656
+sk_X509_REVOKED_unshift                 1657
+sk_X509_REVOKED_dup                     1658
+sk_X509_REVOKED_free                    1659
+sk_X509_REVOKED_new                     1660
+i2d_ASN1_SET_OF_X509_REVOKED            1661
+sk_X509_REVOKED_shift                   1662
+sk_X509_REVOKED_delete_ptr              1663
+sk_X509_REVOKED_pop_free                1664
+sk_X509_REVOKED_insert                  1665
+sk_X509_REVOKED_zero                    1666
+sk_X509_REVOKED_pop                     1667
+sk_X509_REVOKED_value                   1668
+sk_X509_REVOKED_num                     1669
+sk_X509_REVOKED_push                    1670
+sk_sort                                 1671
+sk_X509_REVOKED_find                    1672
+sk_X509_REVOKED_delete                  1673
+d2i_ASN1_SET_OF_X509_REVOKED            1674
+sk_X509_REVOKED_new_null                1675
+sk_X509_REVOKED_set                     1676
+sk_X509_ALGOR_new                       1677
+sk_X509_CRL_set_cmp_func                1678
+sk_X509_CRL_set                         1679
+sk_X509_ALGOR_unshift                   1680
+sk_X509_CRL_free                        1681
+i2d_ASN1_SET_OF_X509_ALGOR              1682
+sk_X509_ALGOR_pop                       1683
+sk_X509_CRL_unshift                     1684
+i2d_ASN1_SET_OF_X509_CRL                1685
+sk_X509_ALGOR_num                       1686
+sk_X509_CRL_insert                      1687
+sk_X509_CRL_pop_free                    1688
+sk_X509_CRL_delete_ptr                  1689
+sk_X509_ALGOR_insert                    1690
+sk_X509_CRL_dup                         1691
+sk_X509_CRL_zero                        1692
+sk_X509_CRL_new                         1693
+sk_X509_CRL_push                        1694
+sk_X509_ALGOR_new_null                  1695
+d2i_ASN1_SET_OF_X509_ALGOR              1696
+sk_X509_CRL_shift                       1697
+sk_X509_CRL_find                        1698
+sk_X509_CRL_delete                      1699
+sk_X509_ALGOR_free                      1700
+sk_X509_ALGOR_delete                    1701
+d2i_ASN1_SET_OF_X509_CRL                1702
+sk_X509_ALGOR_delete_ptr                1703
+sk_X509_CRL_pop                         1704
+sk_X509_ALGOR_set                       1705
+sk_X509_CRL_num                         1706
+sk_X509_CRL_value                       1707
+sk_X509_ALGOR_shift                     1708
+sk_X509_ALGOR_zero                      1709
+sk_X509_CRL_new_null                    1710
+sk_X509_ALGOR_push                      1711
+sk_X509_ALGOR_value                     1712
+sk_X509_ALGOR_find                      1713
+sk_X509_ALGOR_set_cmp_func              1714
+sk_X509_ALGOR_dup                       1715
+sk_X509_ALGOR_pop_free                  1716
+sk_PKCS7_SIGNER_INFO_new                1717
+sk_PKCS7_SIGNER_INFO_zero               1718
+sk_PKCS7_SIGNER_INFO_unshift            1719
+sk_PKCS7_RECIP_INFO_dup                 1720
+sk_PKCS7_SIGNER_INFO_insert             1721
+sk_PKCS7_SIGNER_INFO_push               1722
+i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO       1723
+sk_PKCS7_RECIP_INFO_new                 1724
+sk_X509_LOOKUP_new_null                 1725
+sk_PKCS7_SIGNER_INFO_find               1726
+sk_PKCS7_SIGNER_INFO_set_cmp_func       1727
+sk_X509_LOOKUP_zero                     1728
+sk_PKCS7_RECIP_INFO_shift               1729
+sk_PKCS7_RECIP_INFO_new_null            1730
+sk_PKCS7_SIGNER_INFO_shift              1731
+sk_PKCS7_SIGNER_INFO_pop                1732
+sk_PKCS7_SIGNER_INFO_pop_free           1733
+sk_X509_LOOKUP_push                     1734
+sk_X509_LOOKUP_dup                      1735
+sk_PKCS7_SIGNER_INFO_num                1736
+sk_X509_LOOKUP_find                     1737
+i2d_ASN1_SET_OF_PKCS7_RECIP_INFO        1738
+sk_X509_LOOKUP_new                      1739
+sk_PKCS7_SIGNER_INFO_delete             1740
+sk_PKCS7_RECIP_INFO_set_cmp_func        1741
+sk_PKCS7_SIGNER_INFO_delete_ptr         1742
+sk_PKCS7_RECIP_INFO_pop                 1743
+sk_X509_LOOKUP_insert                   1744
+sk_PKCS7_RECIP_INFO_value               1745
+sk_PKCS7_RECIP_INFO_num                 1746
+sk_PKCS7_SIGNER_INFO_value              1747
+d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO       1748
+sk_X509_LOOKUP_pop                      1749
+sk_X509_LOOKUP_num                      1750
+sk_X509_LOOKUP_delete                   1751
+sk_PKCS7_RECIP_INFO_free                1752
+d2i_ASN1_SET_OF_PKCS7_RECIP_INFO        1753
+sk_PKCS7_SIGNER_INFO_set                1754
+sk_X509_LOOKUP_pop_free                 1755
+sk_X509_LOOKUP_shift                    1756
+sk_X509_LOOKUP_unshift                  1757
+sk_PKCS7_SIGNER_INFO_new_null           1758
+sk_PKCS7_RECIP_INFO_delete_ptr          1759
+sk_PKCS7_RECIP_INFO_pop_free            1760
+sk_PKCS7_RECIP_INFO_insert              1761
+sk_PKCS7_SIGNER_INFO_free               1762
+sk_PKCS7_RECIP_INFO_set                 1763
+sk_PKCS7_RECIP_INFO_zero                1764
+sk_X509_LOOKUP_value                    1765
+sk_PKCS7_RECIP_INFO_push                1766
+sk_PKCS7_RECIP_INFO_unshift             1767
+sk_X509_LOOKUP_set_cmp_func             1768
+sk_X509_LOOKUP_free                     1769
+sk_PKCS7_SIGNER_INFO_dup                1770
+sk_X509_LOOKUP_delete_ptr               1771
+sk_X509_LOOKUP_set                      1772
+sk_PKCS7_RECIP_INFO_find                1773
+sk_PKCS7_RECIP_INFO_delete              1774
+PKCS5_PBE_add                           1775
+PEM_write_bio_PKCS8                     1776
+i2d_PKCS8_fp                            1777
+PEM_read_bio_PKCS8_PRIV_KEY_INFO        1778
+d2i_PKCS8_bio                           1779
+d2i_PKCS8_PRIV_KEY_INFO_fp              1780
+PEM_write_bio_PKCS8_PRIV_KEY_INFO       1781
+PEM_read_PKCS8                          1782
+d2i_PKCS8_PRIV_KEY_INFO_bio             1783
+d2i_PKCS8_fp                            1784
+PEM_write_PKCS8                         1785
+PEM_read_PKCS8_PRIV_KEY_INFO            1786
+PEM_read_bio_PKCS8                      1787
+PEM_write_PKCS8_PRIV_KEY_INFO           1788
+PKCS5_PBE_keyivgen                      1789
+i2d_PKCS8_bio                           1790
+i2d_PKCS8_PRIV_KEY_INFO_fp              1791
+i2d_PKCS8_PRIV_KEY_INFO_bio             1792
+BIO_s_bio                               1793
+PKCS5_pbe2_set                          1794
+PKCS5_PBKDF2_HMAC_SHA1                  1795
+PKCS5_v2_PBE_keyivgen                   1796
+PEM_write_bio_PKCS8PrivateKey           1797
+PEM_write_PKCS8PrivateKey               1798
+BIO_ctrl_get_read_request               1799
+BIO_ctrl_pending                        1800
+BIO_ctrl_wpending                       1801
+BIO_new_bio_pair                        1802
+BIO_ctrl_get_write_guarantee            1803
+CRYPTO_num_locks                        1804
+CONF_load_bio                           1805
+CONF_load_fp                            1806
+sk_CONF_VALUE_delete                    1807
+sk_CONF_VALUE_pop                       1808
+sk_CONF_VALUE_num                       1809
+sk_CONF_VALUE_pop_free                  1810
+sk_CONF_VALUE_free                      1811
+sk_CONF_VALUE_shift                     1812
+sk_CONF_VALUE_unshift                   1813
+sk_CONF_VALUE_value                     1814
+sk_CONF_VALUE_set                       1815
+sk_CONF_VALUE_zero                      1816
+sk_CONF_VALUE_push                      1817
+sk_CONF_VALUE_delete_ptr                1818
+sk_CONF_VALUE_find                      1819
+sk_CONF_VALUE_set_cmp_func              1820
+sk_CONF_VALUE_new_null                  1821
+sk_CONF_VALUE_dup                       1822
+sk_CONF_VALUE_insert                    1823
+sk_CONF_VALUE_new                       1824
+sk_ASN1_OBJECT_find                     1825
+sk_ASN1_OBJECT_pop_free                 1826
+sk_ASN1_OBJECT_dup                      1827
+sk_ASN1_OBJECT_delete_ptr               1828
+sk_ASN1_OBJECT_new                      1829
+sk_ASN1_OBJECT_unshift                  1830
+sk_ASN1_OBJECT_delete                   1831
+sk_ASN1_OBJECT_shift                    1832
+sk_ASN1_OBJECT_pop                      1833
+sk_ASN1_OBJECT_num                      1834
+sk_ASN1_OBJECT_value                    1835
+sk_ASN1_OBJECT_new_null                 1836
+i2d_ASN1_SET_OF_ASN1_OBJECT             1837
+sk_ASN1_OBJECT_free                     1838
+sk_ASN1_OBJECT_set                      1839
+sk_ASN1_OBJECT_set_cmp_func             1840
+sk_ASN1_OBJECT_zero                     1841
+sk_ASN1_OBJECT_insert                   1842
+sk_ASN1_OBJECT_push                     1843
+d2i_ASN1_SET_OF_ASN1_OBJECT             1844
+PKCS7_signatureVerify                   1845
+RSA_set_method                          1846
+RSA_get_method                          1847
+RSA_get_default_method                  1848
+sk_CONF_VALUE_sort                      1849
+sk_X509_REVOKED_sort                    1850
+sk_X509_ATTRIBUTE_sort                  1851
+sk_X509_INFO_sort                       1852
+sk_POLICYINFO_sort                      1853
+sk_GENERAL_NAME_sort                    1854
+sk_X509_sort                            1855
+sk_X509_NAME_sort                       1856
+sk_ASN1_TYPE_sort                       1857
+sk_X509_ALGOR_sort                      1858
+sk_PKCS7_RECIP_INFO_sort                1859
+sk_X509_NAME_ENTRY_sort                 1860
+sk_X509_EXTENSION_sort                  1861
+sk_SXNETID_sort                         1862
+sk_ASN1_OBJECT_sort                     1863
+sk_PKCS7_SIGNER_INFO_sort               1864
+sk_X509_LOOKUP_sort                     1865
+sk_POLICYQUALINFO_sort                  1866
+sk_X509_CRL_sort                        1867
+sk_DIST_POINT_sort                      1868
+RSA_check_key                           1869
+OBJ_obj2txt                             1870
+DSA_dup_DH                              1871
diff --git a/crypto/openssl/util/mk1mf.pl b/crypto/openssl/util/mk1mf.pl
new file mode 100755
index 000000000000..6fbf3ceca6a4
--- /dev/null
+++ b/crypto/openssl/util/mk1mf.pl
@@ -0,0 +1,873 @@
+#!/usr/local/bin/perl
+# A bit of an evil hack but it post processes the file ../MINFO which
+# is generated by `make files` in the top directory.
+# This script outputs one mega makefile that has no shell stuff or any
+# funny stuff
+#
+
+$INSTALLTOP="/usr/local/ssl";
+$OPTIONS="";
+$ssl_version="";
+
+open(IN,") {
+    $ssl_version=$1 if (/^VERSION=(.*)$/);
+    $OPTIONS=$1 if (/^OPTIONS=(.*)$/);
+    $INSTALLTOP=$1 if (/^INSTALLTOP=(.*$)/);
+}
+close(IN);
+
+die "Makefile.ssl is not the toplevel Makefile!\n" if $ssl_version eq "";
+
+$infile="MINFO";
+
+%ops=(
+	"VC-WIN32",   "Microsoft Visual C++ [4-6] - Windows NT or 9X",
+	"VC-NT",   "Microsoft Visual C++ [4-6] - Windows NT ONLY",
+	"VC-W31-16",  "Microsoft Visual C++ 1.52 - Windows 3.1 - 286",
+	"VC-WIN16",   "Alias for VC-W31-32",
+	"VC-W31-32",  "Microsoft Visual C++ 1.52 - Windows 3.1 - 386+",
+	"VC-MSDOS","Microsoft Visual C++ 1.52 - MSDOS",
+	"Mingw32", "GNU C++ - Windows NT or 9x",
+	"Mingw32-files", "Create files with DOS copy ...",
+	"BC-NT",   "Borland C++ 4.5 - Windows NT",
+	"BC-W31",  "Borland C++ 4.5 - Windows 3.1 - PROBABLY NOT WORKING",
+	"BC-MSDOS","Borland C++ 4.5 - MSDOS",
+	"linux-elf","Linux elf",
+	"ultrix-mips","DEC mips ultrix",
+	"FreeBSD","FreeBSD distribution",
+	"default","cc under unix",
+	);
+
+$platform="";
+foreach (@ARGV)
+	{
+	if (!&read_options && !defined($ops{$_}))
+		{
+		print STDERR "unknown option - $_\n";
+		print STDERR "usage: perl mk1mf.pl [options] [system]\n";
+		print STDERR "\nwhere [system] can be one of the following\n";
+		foreach $i (sort keys %ops)
+		{ printf STDERR "\t%-10s\t%s\n",$i,$ops{$i}; }
+		print STDERR <<"EOF";
+and [options] can be one of
+	no-md2 no-md5 no-sha no-mdc2 no-ripemd  - Skip this digest
+	no-rc2 no-rc4 no-idea no-des no-bf no-cast - Skip this symetric cipher
+	no-rc5
+	no-rsa no-dsa no-dh			- Skip this public key cipher
+	no-ssl2 no-ssl3				- Skip this version of SSL
+	just-ssl				- remove all non-ssl keys/digest
+	no-asm 					- No x86 asm
+	nasm 					- Use NASM for x86 asm
+	no-socks				- No socket code
+	no-err					- No error strings
+	dll/shlib				- Build shared libraries (MS)
+	debug					- Debug build
+	gcc					- Use Gcc (unix)
+	rsaref					- Build to require RSAref
+
+Values that can be set
+TMP=tmpdir OUT=outdir SRC=srcdir BIN=binpath INC=header-outdir CC=C-compiler
+
+-L -l			- extra library flags (unix)
+-					- extra 'cc' flags,
+						  added (MS), or replace (unix)
+EOF
+		exit(1);
+		}
+	$platform=$_;
+	}
+foreach (split / /, $OPTIONS)
+	{
+	print STDERR "unknown option - $_\n" if !&read_options;
+	}
+
+$no_mdc2=1 if ($no_des);
+
+$no_ssl3=1 if ($no_md5 || $no_sha);
+$no_ssl3=1 if ($no_rsa && $no_dh);
+
+$no_ssl2=1 if ($no_md5 || $no_rsa);
+$no_ssl2=1 if ($no_rsa);
+
+$out_def="out";
+$inc_def="outinc";
+$tmp_def="tmp";
+
+$mkdir="mkdir";
+
+($ssl,$crypto)=("ssl","crypto");
+$RSAglue="RSAglue";
+$ranlib="echo ranlib";
+
+$cc=(defined($VARS{'CC'}))?$VARS{'CC'}:'cc';
+$src_dir=(defined($VARS{'SRC'}))?$VARS{'SRC'}:'.';
+$bin_dir=(defined($VARS{'BIN'}))?$VARS{'BIN'}:'';
+
+# $bin_dir.=$o causes a core dump on my sparc :-(
+
+$NT=0;
+
+push(@INC,"util/pl","pl");
+if ($platform eq "VC-MSDOS")
+	{
+	$asmbits=16;
+	$msdos=1;
+	require 'VC-16.pl';
+	}
+elsif ($platform eq "VC-W31-16")
+	{
+	$asmbits=16;
+	$msdos=1; $win16=1;
+	require 'VC-16.pl';
+	}
+elsif (($platform eq "VC-W31-32") || ($platform eq "VC-WIN16"))
+	{
+	$asmbits=32;
+	$msdos=1; $win16=1;
+	require 'VC-16.pl';
+	}
+elsif (($platform eq "VC-WIN32") || ($platform eq "VC-NT"))
+	{
+	$NT = 1 if $platform eq "VC-NT";
+	require 'VC-32.pl';
+	}
+elsif ($platform eq "Mingw32")
+	{
+	require 'Mingw32.pl';
+	}
+elsif ($platform eq "Mingw32-files")
+	{
+	require 'Mingw32f.pl';
+	}
+elsif ($platform eq "BC-NT")
+	{
+	$bc=1;
+	require 'BC-32.pl';
+	}
+elsif ($platform eq "BC-W31")
+	{
+	$bc=1;
+	$msdos=1; $w16=1;
+	require 'BC-16.pl';
+	}
+elsif ($platform eq "BC-Q16")
+	{
+	$msdos=1; $w16=1; $shlib=0; $qw=1;
+	require 'BC-16.pl';
+	}
+elsif ($platform eq "BC-MSDOS")
+	{
+	$asmbits=16;
+	$msdos=1;
+	require 'BC-16.pl';
+	}
+elsif ($platform eq "FreeBSD")
+	{
+	require 'unix.pl';
+	$cflags='-DTERMIO -D_ANSI_SOURCE -O2 -fomit-frame-pointer';
+	}
+elsif ($platform eq "linux-elf")
+	{
+	require "unix.pl";
+	require "linux.pl";
+	$unix=1;
+	}
+elsif ($platform eq "ultrix-mips")
+	{
+	require "unix.pl";
+	require "ultrix.pl";
+	$unix=1;
+	}
+else
+	{
+	require "unix.pl";
+
+	$unix=1;
+	$cflags.=' -DTERMIO';
+	}
+
+$out_dir=(defined($VARS{'OUT'}))?$VARS{'OUT'}:$out_def.($debug?".dbg":"");
+$tmp_dir=(defined($VARS{'TMP'}))?$VARS{'TMP'}:$tmp_def.($debug?".dbg":"");
+$inc_dir=(defined($VARS{'INC'}))?$VARS{'INC'}:$inc_def;
+
+$bin_dir=$bin_dir.$o unless ((substr($bin_dir,-1,1) eq $o) || ($bin_dir eq ''));
+
+$cflags.=" -DNO_IDEA" if $no_idea;
+$cflags.=" -DNO_RC2"  if $no_rc2;
+$cflags.=" -DNO_RC4"  if $no_rc4;
+$cflags.=" -DNO_RC5"  if $no_rc5;
+$cflags.=" -DNO_MD2"  if $no_md2;
+$cflags.=" -DNO_MD5"  if $no_md5;
+$cflags.=" -DNO_SHA"  if $no_sha;
+$cflags.=" -DNO_SHA1" if $no_sha1;
+$cflags.=" -DNO_RIPEMD" if $no_rmd160;
+$cflags.=" -DNO_MDC2" if $no_mdc2;
+$cflags.=" -DNO_BF"  if $no_bf;
+$cflags.=" -DNO_CAST" if $no_cast;
+$cflags.=" -DNO_DES"  if $no_des;
+$cflags.=" -DNO_RSA"  if $no_rsa;
+$cflags.=" -DNO_DSA"  if $no_dsa;
+$cflags.=" -DNO_DH"   if $no_dh;
+$cflags.=" -DNO_SOCK" if $no_sock;
+$cflags.=" -DNO_SSL2" if $no_ssl2;
+$cflags.=" -DNO_SSL3" if $no_ssl3;
+$cflags.=" -DNO_ERR"  if $no_err;
+$cflags.=" -DRSAref"  if $rsaref ne "";
+
+if ($unix)
+	{ $cflags="$c_flags" if ($c_flags ne ""); }
+else	{ $cflags="$c_flags$cflags" if ($c_flags ne ""); }
+
+$ex_libs="$l_flags$ex_libs" if ($l_flags ne "");
+
+if ($msdos)
+	{
+	$banner ="\t\@echo Make sure you have run 'perl Configure $platform' in the\n";
+	$banner.="\t\@echo top level directory, if you don't have perl, you will\n";
+	$banner.="\t\@echo need to probably edit crypto/bn/bn.h, check the\n";
+	$banner.="\t\@echo documentation for details.\n";
+	}
+
+# have to do this to allow $(CC) under unix
+$link="$bin_dir$link" if ($link !~ /^\$/);
+
+$INSTALLTOP =~ s|/|$o|g;
+
+$defs= <<"EOF";
+# This makefile has been automatically generated from the OpenSSL distribution.
+# This single makefile will build the complete OpenSSL distribution and
+# by default leave the 'intertesting' output files in .${o}out and the stuff
+# that needs deleting in .${o}tmp.
+# The file was generated by running 'make makefile.one', which
+# does a 'make files', which writes all the environment variables from all
+# the makefiles to the file call MINFO.  This file is used by
+# util${o}mk1mf.pl to generate makefile.one.
+# The 'makefile per directory' system suites me when developing this
+# library and also so I can 'distribute' indervidual library sections.
+# The one monster makefile better suits building in non-unix
+# environments.
+
+INSTALLTOP=$INSTALLTOP
+
+# Set your compiler options
+PLATFORM=$platform
+CC=$bin_dir${cc}
+CFLAG=$cflags
+APP_CFLAG=$app_cflag
+LIB_CFLAG=$lib_cflag
+SHLIB_CFLAG=$shl_cflag
+APP_EX_OBJ=$app_ex_obj
+SHLIB_EX_OBJ=$shlib_ex_obj
+# add extra libraries to this define, for solaris -lsocket -lnsl would
+# be added
+EX_LIBS=$ex_libs
+
+# The OpenSSL directory
+SRC_D=$src_dir
+
+LINK=$link
+LFLAGS=$lflags
+
+BN_ASM_OBJ=$bn_asm_obj
+BN_ASM_SRC=$bn_asm_src
+DES_ENC_OBJ=$des_enc_obj
+DES_ENC_SRC=$des_enc_src
+BF_ENC_OBJ=$bf_enc_obj
+BF_ENC_SRC=$bf_enc_src
+CAST_ENC_OBJ=$cast_enc_obj
+CAST_ENC_SRC=$cast_enc_src
+RC4_ENC_OBJ=$rc4_enc_obj
+RC4_ENC_SRC=$rc4_enc_src
+RC5_ENC_OBJ=$rc5_enc_obj
+RC5_ENC_SRC=$rc5_enc_src
+MD5_ASM_OBJ=$md5_asm_obj
+MD5_ASM_SRC=$md5_asm_src
+SHA1_ASM_OBJ=$sha1_asm_obj
+SHA1_ASM_SRC=$sha1_asm_src
+RMD160_ASM_OBJ=$rmd160_asm_obj
+RMD160_ASM_SRC=$rmd160_asm_src
+
+# The output directory for everything intersting
+OUT_D=$out_dir
+# The output directory for all the temporary muck
+TMP_D=$tmp_dir
+# The output directory for the header files
+INC_D=$inc_dir
+INCO_D=$inc_dir${o}openssl
+
+CP=$cp
+RM=$rm
+RANLIB=$ranlib
+MKDIR=$mkdir
+MKLIB=$bin_dir$mklib
+MLFLAGS=$mlflags
+ASM=$bin_dir$asm
+
+######################################################
+# You should not need to touch anything below this point
+######################################################
+
+E_EXE=openssl
+SSL=$ssl
+CRYPTO=$crypto
+RSAGLUE=$RSAglue
+
+# BIN_D  - Binary output directory
+# TEST_D - Binary test file output directory
+# LIB_D  - library output directory
+# Note: if you change these point to different directories then uncomment out
+# the lines around the 'NB' comment below.
+# 
+BIN_D=\$(OUT_D)
+TEST_D=\$(OUT_D)
+LIB_D=\$(OUT_D)
+
+# INCL_D - local library directory
+# OBJ_D  - temp object file directory
+OBJ_D=\$(TMP_D)
+INCL_D=\$(TMP_D)
+
+O_SSL=     \$(LIB_D)$o$plib\$(SSL)$shlibp
+O_CRYPTO=  \$(LIB_D)$o$plib\$(CRYPTO)$shlibp
+O_RSAGLUE= \$(LIB_D)$o$plib\$(RSAGLUE)$libp
+SO_SSL=    $plib\$(SSL)$so_shlibp
+SO_CRYPTO= $plib\$(CRYPTO)$so_shlibp
+L_SSL=     \$(LIB_D)$o$plib\$(SSL)$libp
+L_CRYPTO=  \$(LIB_D)$o$plib\$(CRYPTO)$libp
+
+L_LIBS= \$(L_SSL) \$(L_CRYPTO)
+#L_LIBS= \$(O_SSL) \$(O_RSAGLUE) -lrsaref \$(O_CRYPTO)
+
+######################################################
+# Don't touch anything below this point
+######################################################
+
+INC=-I\$(INC_D) -I\$(INCL_D)
+APP_CFLAGS=\$(INC) \$(CFLAG) \$(APP_CFLAG)
+LIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG)
+SHLIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG) \$(SHLIB_CFLAG)
+LIBS_DEP=\$(O_CRYPTO) \$(O_RSAGLUE) \$(O_SSL)
+
+#############################################
+EOF
+
+$rules=<<"EOF";
+all: banner \$(TMP_D) \$(BIN_D) \$(TEST_D) \$(LIB_D) \$(INCO_D) headers lib exe
+
+banner:
+$banner
+
+\$(TMP_D):
+	\$(MKDIR) \$(TMP_D)
+# NB: uncomment out these lines if BIN_D, TEST_D and LIB_D are different
+#\$(BIN_D):
+#	\$(MKDIR) \$(BIN_D)
+#
+#\$(TEST_D):
+#	\$(MKDIR) \$(TEST_D)
+
+\$(LIB_D):
+	\$(MKDIR) \$(LIB_D)
+
+\$(INCO_D): \$(INC_D)
+	\$(MKDIR) \$(INCO_D)
+
+\$(INC_D):
+	\$(MKDIR) \$(INC_D)
+
+headers: \$(HEADER) \$(EXHEADER)
+
+lib: \$(LIBS_DEP)
+
+exe: \$(T_EXE) \$(BIN_D)$o\$(E_EXE)$exep
+
+install:
+	\$(MKDIR) \$(INSTALLTOP)
+	\$(MKDIR) \$(INSTALLTOP)${o}bin
+	\$(MKDIR) \$(INSTALLTOP)${o}include
+	\$(MKDIR) \$(INSTALLTOP)${o}include${o}openssl
+	\$(MKDIR) \$(INSTALLTOP)${o}lib
+	\$(CP) \$(INCO_D)${o}*.\[ch\] \$(INSTALLTOP)${o}include${o}openssl
+	\$(CP) \$(BIN_D)$o\$(E_EXE)$exep \$(INSTALLTOP)${o}bin
+	\$(CP) \$(O_SSL) \$(INSTALLTOP)${o}lib
+	\$(CP) \$(O_CRYPTO) \$(INSTALLTOP)${o}lib
+
+clean:
+	\$(RM) \$(TMP_D)$o*.*
+
+vclean:
+	\$(RM) \$(TMP_D)$o*.*
+	\$(RM) \$(OUT_D)$o*.*
+
+EOF
+    
+my $platform_cpp_symbol = "MK1MF_PLATFORM_$platform";
+$platform_cpp_symbol =~ s/-/_/g;
+if (open(IN,"crypto/buildinf.h"))
+	{
+	# Remove entry for this platform in existing file buildinf.h.
+
+	my $old_buildinf_h = "";
+	while ()
+		{
+		if (/^\#ifdef $platform_cpp_symbol$/)
+			{
+			while () { last if (/^\#endif/); }
+			}
+		else
+			{
+			$old_buildinf_h .= $_;
+			}
+		}
+	close(IN);
+
+	open(OUT,">crypto/buildinf.h") || die "Can't open buildinf.h";
+	print OUT $old_buildinf_h;
+	close(OUT);
+	}
+
+open (OUT,">>crypto/buildinf.h") || die "Can't open buildinf.h";
+printf OUT <;
+for (;;)
+	{
+	chop;
+
+	($key,$val)=/^([^=]+)=(.*)/;
+	if ($key eq "RELATIVE_DIRECTORY")
+		{
+		if ($lib ne "")
+			{
+			$uc=$lib;
+			$uc =~ s/^lib(.*)\.a/$1/;
+			$uc =~ tr/a-z/A-Z/;
+			$lib_nam{$uc}=$uc;
+			$lib_obj{$uc}.=$libobj." ";
+			}
+		last if ($val eq "FINISHED");
+		$lib="";
+		$libobj="";
+		$dir=$val;
+		}
+
+	if ($key eq "TEST")
+		{ $test.=&var_add($dir,$val); }
+
+	if (($key eq "PROGS") || ($key eq "E_OBJ"))
+		{ $e_exe.=&var_add($dir,$val); }
+
+	if ($key eq "LIB")
+		{
+		$lib=$val;
+		$lib =~ s/^.*\/([^\/]+)$/$1/;
+		}
+
+	if ($key eq "EXHEADER")
+		{ $exheader.=&var_add($dir,$val); }
+
+	if ($key eq "HEADER")
+		{ $header.=&var_add($dir,$val); }
+
+	if ($key eq "LIBOBJ")
+		{ $libobj=&var_add($dir,$val); }
+
+	if (!($_=))
+		{ $_="RELATIVE_DIRECTORY=FINISHED\n"; }
+	}
+close(IN);
+
+# Strip of trailing ' '
+foreach (keys %lib_obj) { $lib_obj{$_}=&clean_up_ws($lib_obj{$_}); }
+$test=&clean_up_ws($test);
+$e_exe=&clean_up_ws($e_exe);
+$exheader=&clean_up_ws($exheader);
+$header=&clean_up_ws($header);
+
+# First we strip the exheaders from the headers list
+foreach (split(/\s+/,$exheader)){ $h{$_}=1; }
+foreach (split(/\s+/,$header))	{ $h.=$_." " unless $h{$_}; }
+chop($h); $header=$h;
+
+$defs.=&do_defs("HEADER",$header,"\$(INCL_D)",".h");
+$rules.=&do_copy_rule("\$(INCL_D)",$header,".h");
+
+$defs.=&do_defs("EXHEADER",$exheader,"\$(INCO_D)",".h");
+$rules.=&do_copy_rule("\$(INCO_D)",$exheader,".h");
+
+$defs.=&do_defs("T_OBJ",$test,"\$(OBJ_D)",$obj);
+$rules.=&do_compile_rule("\$(OBJ_D)",$test,"\$(APP_CFLAGS)");
+
+$defs.=&do_defs("E_OBJ",$e_exe,"\$(OBJ_D)",$obj);
+$rules.=&do_compile_rule("\$(OBJ_D)",$e_exe,'-DMONOLITH $(APP_CFLAGS)');
+
+foreach (values %lib_nam)
+	{
+	$lib_obj=$lib_obj{$_};
+	local($slib)=$shlib;
+
+	$slib=0 if ($_ eq "RSAGLUE");
+
+	if (($_ eq "SSL") && $no_ssl2 && $no_ssl3)
+		{
+		$rules.="\$(O_SSL):\n\n"; 
+		next;
+		}
+
+	if (($_ eq "RSAGLUE") && $no_rsa)
+		{
+		$rules.="\$(O_RSAGLUE):\n\n"; 
+		next;
+		}
+
+	if (($bn_asm_obj ne "") && ($_ eq "CRYPTO"))
+		{
+		$lib_obj =~ s/\s\S*\/bn_asm\S*/ \$(BN_ASM_OBJ)/;
+		$rules.=&do_asm_rule($bn_asm_obj,$bn_asm_src);
+		}
+	if (($des_enc_obj ne "") && ($_ eq "CRYPTO"))
+		{
+		$lib_obj =~ s/\s\S*des_enc\S*/ \$(DES_ENC_OBJ)/;
+		$lib_obj =~ s/\s\S*\/fcrypt_b\S*\s*/ /;
+		$rules.=&do_asm_rule($des_enc_obj,$des_enc_src);
+		}
+	if (($bf_enc_obj ne "") && ($_ eq "CRYPTO"))
+		{
+		$lib_obj =~ s/\s\S*\/bf_enc\S*/ \$(BF_ENC_OBJ)/;
+		$rules.=&do_asm_rule($bf_enc_obj,$bf_enc_src);
+		}
+	if (($cast_enc_obj ne "") && ($_ eq "CRYPTO"))
+		{
+		$lib_obj =~ s/(\s\S*\/c_enc\S*)/ \$(CAST_ENC_OBJ)/;
+		$rules.=&do_asm_rule($cast_enc_obj,$cast_enc_src);
+		}
+	if (($rc4_enc_obj ne "") && ($_ eq "CRYPTO"))
+		{
+		$lib_obj =~ s/\s\S*\/rc4_enc\S*/ \$(RC4_ENC_OBJ)/;
+		$rules.=&do_asm_rule($rc4_enc_obj,$rc4_enc_src);
+		}
+	if (($rc5_enc_obj ne "") && ($_ eq "CRYPTO"))
+		{
+		$lib_obj =~ s/\s\S*\/rc5_enc\S*/ \$(RC5_ENC_OBJ)/;
+		$rules.=&do_asm_rule($rc5_enc_obj,$rc5_enc_src);
+		}
+	if (($md5_asm_obj ne "") && ($_ eq "CRYPTO"))
+		{
+		$lib_obj =~ s/\s(\S*\/md5_dgst\S*)/ $1 \$(MD5_ASM_OBJ)/;
+		$rules.=&do_asm_rule($md5_asm_obj,$md5_asm_src);
+		}
+	if (($sha1_asm_obj ne "") && ($_ eq "CRYPTO"))
+		{
+		$lib_obj =~ s/\s(\S*\/sha1dgst\S*)/ $1 \$(SHA1_ASM_OBJ)/;
+		$rules.=&do_asm_rule($sha1_asm_obj,$sha1_asm_src);
+		}
+	if (($rmd160_asm_obj ne "") && ($_ eq "CRYPTO"))
+		{
+		$lib_obj =~ s/\s(\S*\/rmd_dgst\S*)/ $1 \$(RMD160_ASM_OBJ)/;
+		$rules.=&do_asm_rule($rmd160_asm_obj,$rmd160_asm_src);
+		}
+	$defs.=&do_defs(${_}."OBJ",$lib_obj,"\$(OBJ_D)",$obj);
+	$lib=($slib)?" \$(SHLIB_CFLAGS)":" \$(LIB_CFLAGS)";
+	$rules.=&do_compile_rule("\$(OBJ_D)",$lib_obj{$_},$lib);
+	}
+
+$defs.=&do_defs("T_EXE",$test,"\$(TEST_D)",$exep);
+foreach (split(/\s+/,$test))
+	{
+	$t=&bname($_);
+	$tt="\$(OBJ_D)${o}$t${obj}";
+	$rules.=&do_link_rule("\$(TEST_D)$o$t$exep",$tt,"\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)");
+	}
+
+$rules.= &do_lib_rule("\$(SSLOBJ)","\$(O_SSL)",$ssl,$shlib,"\$(SO_SSL)");
+$rules.= &do_lib_rule("\$(RSAGLUEOBJ)","\$(O_RSAGLUE)",$RSAglue,0,"")
+	unless $no_rsa;
+$rules.= &do_lib_rule("\$(CRYPTOOBJ)","\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPTO)");
+
+$rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)");
+
+print $defs;
+print "###################################################################\n";
+print $rules;
+
+###############################################
+# strip off any trailing .[och] and append the relative directory
+# also remembering to do nothing if we are in one of the dropped
+# directories
+sub var_add
+	{
+	local($dir,$val)=@_;
+	local(@a,$_,$ret);
+
+	return("") if $no_idea && $dir =~ /\/idea/;
+	return("") if $no_rc2  && $dir =~ /\/rc2/;
+	return("") if $no_rc4  && $dir =~ /\/rc4/;
+	return("") if $no_rc5  && $dir =~ /\/rc5/;
+	return("") if $no_rsa  && $dir =~ /\/rsa/;
+	return("") if $no_rsa  && $dir =~ /^rsaref/;
+	return("") if $no_dsa  && $dir =~ /\/dsa/;
+	return("") if $no_dh   && $dir =~ /\/dh/;
+	if ($no_des && $dir =~ /\/des/)
+		{
+		if ($val =~ /read_pwd/)
+			{ return("$dir/read_pwd "); }
+		else
+			{ return(""); }
+		}
+	return("") if $no_mdc2 && $dir =~ /\/mdc2/;
+	return("") if $no_sock && $dir =~ /\/proxy/;
+	return("") if $no_bf   && $dir =~ /\/bf/;
+	return("") if $no_cast && $dir =~ /\/cast/;
+
+	$val =~ s/^\s*(.*)\s*$/$1/;
+	@a=split(/\s+/,$val);
+	grep(s/\.[och]$//,@a);
+
+	@a=grep(!/^e_.*_3d$/,@a) if $no_des;
+	@a=grep(!/^e_.*_d$/,@a) if $no_des;
+	@a=grep(!/^e_.*_i$/,@a) if $no_idea;
+	@a=grep(!/^e_.*_r2$/,@a) if $no_rc2;
+	@a=grep(!/^e_.*_r5$/,@a) if $no_rc5;
+	@a=grep(!/^e_.*_bf$/,@a) if $no_bf;
+	@a=grep(!/^e_.*_c$/,@a) if $no_cast;
+	@a=grep(!/^e_rc4$/,@a) if $no_rc4;
+
+	@a=grep(!/(^s2_)|(^s23_)/,@a) if $no_ssl2;
+	@a=grep(!/(^s3_)|(^s23_)/,@a) if $no_ssl3;
+
+	@a=grep(!/(_sock$)|(_acpt$)|(_conn$)|(^pxy_)/,@a) if $no_sock;
+
+	@a=grep(!/(^md2)|(_md2$)/,@a) if $no_md2;
+	@a=grep(!/(^md5)|(_md5$)/,@a) if $no_md5;
+	@a=grep(!/(rmd)|(ripemd)/,@a) if $no_rmd160;
+
+	@a=grep(!/(^d2i_r_)|(^i2d_r_)/,@a) if $no_rsa;
+	@a=grep(!/(^p_open$)|(^p_seal$)/,@a) if $no_rsa;
+	@a=grep(!/(^pem_seal$)/,@a) if $no_rsa;
+
+	@a=grep(!/(m_dss$)|(m_dss1$)/,@a) if $no_dsa;
+	@a=grep(!/(^d2i_s_)|(^i2d_s_)|(_dsap$)/,@a) if $no_dsa;
+
+	@a=grep(!/^n_pkey$/,@a) if $no_rsa || $no_rc4;
+
+	@a=grep(!/_dhp$/,@a) if $no_dh;
+
+	@a=grep(!/(^sha[^1])|(_sha$)|(m_dss$)/,@a) if $no_sha;
+	@a=grep(!/(^sha1)|(_sha1$)|(m_dss1$)/,@a) if $no_sha1;
+	@a=grep(!/_mdc2$/,@a) if $no_mdc2;
+
+	@a=grep(!/(^rsa$)|(^genrsa$)/,@a) if $no_rsa;
+	@a=grep(!/(^dsa$)|(^gendsa$)|(^dsaparam$)/,@a) if $no_dsa;
+	@a=grep(!/^gendsa$/,@a) if $no_sha1;
+	@a=grep(!/(^dh$)|(^gendh$)/,@a) if $no_dh;
+
+	@a=grep(!/(^dh)|(_sha1$)|(m_dss1$)/,@a) if $no_sha1;
+
+	grep($_="$dir/$_",@a);
+	@a=grep(!/(^|\/)s_/,@a) if $no_sock;
+	@a=grep(!/(^|\/)bio_sock/,@a) if $no_sock;
+	$ret=join(' ',@a)." ";
+	return($ret);
+	}
+
+# change things so that each 'token' is only separated by one space
+sub clean_up_ws
+	{
+	local($w)=@_;
+
+	$w =~ s/^\s*(.*)\s*$/$1/;
+	$w =~ s/\s+/ /g;
+	return($w);
+	}
+
+sub do_defs
+	{
+	local($var,$files,$location,$postfix)=@_;
+	local($_,$ret,$pf);
+	local(*OUT,$tmp,$t);
+
+	$files =~ s/\//$o/g if $o ne '/';
+	$ret="$var="; 
+	$n=1;
+	$Vars{$var}.="";
+	foreach (split(/ /,$files))
+		{
+		$orig=$_;
+		$_=&bname($_) unless /^\$/;
+		if ($n++ == 2)
+			{
+			$n=0;
+			$ret.="\\\n\t";
+			}
+		if (($_ =~ /bss_file/) && ($postfix eq ".h"))
+			{ $pf=".c"; }
+		else	{ $pf=$postfix; }
+		if ($_ =~ /BN_ASM/)	{ $t="$_ "; }
+		elsif ($_ =~ /DES_ENC/)	{ $t="$_ "; }
+		elsif ($_ =~ /BF_ENC/)	{ $t="$_ "; }
+		elsif ($_ =~ /CAST_ENC/){ $t="$_ "; }
+		elsif ($_ =~ /RC4_ENC/)	{ $t="$_ "; }
+		elsif ($_ =~ /RC5_ENC/)	{ $t="$_ "; }
+		elsif ($_ =~ /MD5_ASM/)	{ $t="$_ "; }
+		elsif ($_ =~ /SHA1_ASM/){ $t="$_ "; }
+		elsif ($_ =~ /RMD160_ASM/){ $t="$_ "; }
+		else	{ $t="$location${o}$_$pf "; }
+
+		$Vars{$var}.="$t ";
+		$ret.=$t;
+		}
+	chop($ret);
+	$ret.="\n\n";
+	return($ret);
+	}
+
+# return the name with the leading path removed
+sub bname
+	{
+	local($ret)=@_;
+	$ret =~ s/^.*[\\\/]([^\\\/]+)$/$1/;
+	return($ret);
+	}
+
+
+##############################################################
+# do a rule for each file that says 'compile' to new direcory
+# compile the files in '$files' into $to
+sub do_compile_rule
+	{
+	local($to,$files,$ex)=@_;
+	local($ret,$_,$n);
+	
+	$files =~ s/\//$o/g if $o ne '/';
+	foreach (split(/\s+/,$files))
+		{
+		$n=&bname($_);
+		$ret.=&cc_compile_target("$to${o}$n$obj","${_}.c",$ex)
+		}
+	return($ret);
+	}
+
+##############################################################
+# do a rule for each file that says 'compile' to new direcory
+sub cc_compile_target
+	{
+	local($target,$source,$ex_flags)=@_;
+	local($ret);
+	
+	$ex_flags.=" -DMK1MF_BUILD -D$platform_cpp_symbol" if ($source =~ /cversion/);
+	$target =~ s/\//$o/g if $o ne "/";
+	$source =~ s/\//$o/g if $o ne "/";
+	$ret ="$target: \$(SRC_D)$o$source\n\t";
+	$ret.="\$(CC) ${ofile}$target $ex_flags -c \$(SRC_D)$o$source\n\n";
+	return($ret);
+	}
+
+##############################################################
+sub do_asm_rule
+	{
+	local($target,$src)=@_;
+	local($ret,@s,@t,$i);
+
+	$target =~ s/\//$o/g if $o ne "/";
+	$src =~ s/\//$o/g if $o ne "/";
+
+	@s=split(/\s+/,$src);
+	@t=split(/\s+/,$target);
+
+	for ($i=0; $i<=$#s; $i++)
+		{
+		$ret.="$t[$i]: $s[$i]\n";
+		$ret.="\t\$(ASM) $afile$t[$i] \$(SRC_D)$o$s[$i]\n\n";
+		}
+	return($ret);
+	}
+
+sub do_shlib_rule
+	{
+	local($n,$def)=@_;
+	local($ret,$nn);
+	local($t);
+
+	($nn=$n) =~ tr/a-z/A-Z/;
+	$ret.="$n.dll: \$(${nn}OBJ)\n";
+	if ($vc && $w32)
+		{
+		$ret.="\t\$(MKSHLIB) $efile$n.dll $def @<<\n  \$(${nn}OBJ_F)\n<<\n";
+		}
+	$ret.="\n";
+	return($ret);
+	}
+
+# do a rule for each file that says 'copy' to new direcory on change
+sub do_copy_rule
+	{
+	local($to,$files,$p)=@_;
+	local($ret,$_,$n,$pp);
+	
+	$files =~ s/\//$o/g if $o ne '/';
+	foreach (split(/\s+/,$files))
+		{
+		$n=&bname($_);
+		if ($n =~ /bss_file/)
+			{ $pp=".c"; }
+		else	{ $pp=$p; }
+		$ret.="$to${o}$n$pp: \$(SRC_D)$o$_$pp\n\t\$(CP) \$(SRC_D)$o$_$pp $to${o}$n$pp\n\n";
+		}
+	return($ret);
+	}
+
+sub read_options
+	{
+	if    (/^no-rc2$/)	{ $no_rc2=1; }
+	elsif (/^no-rc4$/)	{ $no_rc4=1; }
+	elsif (/^no-rc5$/)	{ $no_rc5=1; }
+	elsif (/^no-idea$/)	{ $no_idea=1; }
+	elsif (/^no-des$/)	{ $no_des=1; }
+	elsif (/^no-bf$/)	{ $no_bf=1; }
+	elsif (/^no-cast$/)	{ $no_cast=1; }
+	elsif (/^no-md2$/)  	{ $no_md2=1; }
+	elsif (/^no-md5$/)	{ $no_md5=1; }
+	elsif (/^no-sha$/)	{ $no_sha=1; }
+	elsif (/^no-sha1$/)	{ $no_sha1=1; }
+	elsif (/^no-ripemd$/)	{ $no_ripemd=1; }
+	elsif (/^no-mdc2$/)	{ $no_mdc2=1; }
+	elsif (/^no-patents$/)	{ $no_rc2=$no_rc4=$no_rc5=$no_idea=$no_rsa=1; }
+	elsif (/^no-rsa$/)	{ $no_rsa=1; }
+	elsif (/^no-dsa$/)	{ $no_dsa=1; }
+	elsif (/^no-dh$/)	{ $no_dh=1; }
+	elsif (/^no-hmac$/)	{ $no_hmac=1; }
+	elsif (/^no-asm$/)	{ $no_asm=1; }
+	elsif (/^nasm$/)	{ $nasm=1; }
+	elsif (/^no-ssl2$/)	{ $no_ssl2=1; }
+	elsif (/^no-ssl3$/)	{ $no_ssl3=1; }
+	elsif (/^no-err$/)	{ $no_err=1; }
+	elsif (/^no-sock$/)	{ $no_sock=1; }
+
+	elsif (/^just-ssl$/)	{ $no_rc2=$no_idea=$no_des=$no_bf=$no_cast=1;
+				  $no_md2=$no_sha=$no_mdc2=$no_dsa=$no_dh=1;
+				  $no_ssl2=$no_err=$no_rmd160=$no_rc5=1; }
+
+	elsif (/^rsaref$/)	{ $rsaref=1; }
+	elsif (/^gcc$/)		{ $gcc=1; }
+	elsif (/^debug$/)	{ $debug=1; }
+	elsif (/^shlib$/)	{ $shlib=1; }
+	elsif (/^dll$/)		{ $shlib=1; }
+	elsif (/^([^=]*)=(.*)$/){ $VARS{$1}=$2; }
+	elsif (/^-[lL].*$/)	{ $l_flags.="$_ "; }
+	elsif ((!/^-help/) && (!/^-h/) && (!/^-\?/) && /^-.*$/)
+		{ $c_flags.="$_ "; }
+	else { return(0); }
+	return(1);
+	}
diff --git a/crypto/openssl/util/mkcerts.sh b/crypto/openssl/util/mkcerts.sh
new file mode 100755
index 000000000000..5f8a1dae7395
--- /dev/null
+++ b/crypto/openssl/util/mkcerts.sh
@@ -0,0 +1,220 @@
+#!bin/sh
+
+# This script will re-make all the required certs.
+# cd apps
+# sh ../util/mkcerts.sh
+# mv ca-cert.pem pca-cert.pem ../certs
+# cd ..
+# cat certs/*.pem >>apps/server.pem
+# cat certs/*.pem >>apps/server2.pem
+# SSLEAY=`pwd`/apps/ssleay; export SSLEAY
+# sh tools/c_rehash certs
+#
+ 
+CAbits=1024
+SSLEAY="../apps/ssleay"
+CONF="-config ../apps/ssleay.cnf"
+
+# create pca request.
+echo creating $CAbits bit PCA cert request
+$SSLEAY req $CONF \
+	-new -md5 -newkey $CAbits \
+	-keyout pca-key.pem \
+	-out pca-req.pem -nodes >/dev/null </dev/null </dev/null </dev/null </dev/null <> pca-cert.pem
+cat ca-key.pem   >> ca-cert.pem
+cat s512-key.pem >> server.pem
+cat s1024key.pem >> server2.pem
+cat c512-key.pem >> client.pem
+
+for i in pca-cert.pem ca-cert.pem server.pem server2.pem client.pem
+do
+$SSLEAY x509 -issuer -subject -in $i -noout >$$
+cat $$
+/bin/cat $i >>$$
+/bin/mv $$ $i
+done
+
+#/bin/rm -f *key.pem *req.pem *.srl
+
+echo Finished
+
diff --git a/crypto/openssl/util/mkdef.pl b/crypto/openssl/util/mkdef.pl
new file mode 100755
index 000000000000..80384af325a3
--- /dev/null
+++ b/crypto/openssl/util/mkdef.pl
@@ -0,0 +1,426 @@
+#!/usr/local/bin/perl -w
+#
+# generate a .def file
+#
+# It does this by parsing the header files and looking for the
+# prototyped functions: it then prunes the output.
+#
+
+$crypto_num="util/libeay.num";
+$ssl_num=   "util/ssleay.num";
+
+my $do_update = 0;
+my $do_crypto = 0;
+my $do_ssl = 0;
+$rsaref = 0;
+
+$W32=1;
+$NT=0;
+# Set this to make typesafe STACK definitions appear in DEF
+$safe_stack_def = 1;
+
+$options="";
+open(IN,") {
+    $options=$1 if (/^OPTIONS=(.*)$/);
+}
+close(IN);
+
+foreach (@ARGV, split(/ /, $options))
+	{
+	$W32=1 if $_ eq "32";
+	$W32=0 if $_ eq "16";
+	if($_ eq "NT") {
+		$W32 = 1;
+		$NT = 1;
+	}
+	$do_ssl=1 if $_ eq "ssleay";
+	$do_ssl=1 if $_ eq "ssl";
+	$do_crypto=1 if $_ eq "libeay";
+	$do_crypto=1 if $_ eq "crypto";
+	$do_update=1 if $_ eq "update";
+	$rsaref=1 if $_ eq "rsaref";
+
+	if    (/^no-rc2$/)      { $no_rc2=1; }
+	elsif (/^no-rc4$/)      { $no_rc4=1; }
+	elsif (/^no-rc5$/)      { $no_rc5=1; }
+	elsif (/^no-idea$/)     { $no_idea=1; }
+	elsif (/^no-des$/)      { $no_des=1; }
+	elsif (/^no-bf$/)       { $no_bf=1; }
+	elsif (/^no-cast$/)     { $no_cast=1; }
+	elsif (/^no-md2$/)      { $no_md2=1; }
+	elsif (/^no-md5$/)      { $no_md5=1; }
+	elsif (/^no-sha$/)      { $no_sha=1; }
+	elsif (/^no-ripemd$/)   { $no_ripemd=1; }
+	elsif (/^no-mdc2$/)     { $no_mdc2=1; }
+	elsif (/^no-rsa$/)      { $no_rsa=1; }
+	elsif (/^no-dsa$/)      { $no_dsa=1; }
+	elsif (/^no-dh$/)       { $no_dh=1; }
+	elsif (/^no-hmac$/)	{ $no_hmac=1; }
+	}
+
+if (!$do_ssl && !$do_crypto)
+	{
+	print STDERR "usage: $0 ( ssl | crypto ) [ 16 | 32 | NT ] [rsaref]\n";
+	exit(1);
+	}
+
+%ssl_list=&load_numbers($ssl_num);
+$max_ssl = $max_num;
+%crypto_list=&load_numbers($crypto_num);
+$max_crypto = $max_num;
+
+$ssl="ssl/ssl.h";
+
+$crypto ="crypto/crypto.h";
+$crypto.=" crypto/des/des.h" unless $no_des;
+$crypto.=" crypto/idea/idea.h" unless $no_idea;
+$crypto.=" crypto/rc4/rc4.h" unless $no_rc4;
+$crypto.=" crypto/rc5/rc5.h" unless $no_rc5;
+$crypto.=" crypto/rc2/rc2.h" unless $no_rc2;
+$crypto.=" crypto/bf/blowfish.h" unless $no_bf;
+$crypto.=" crypto/cast/cast.h" unless $no_cast;
+$crypto.=" crypto/md2/md2.h" unless $no_md2;
+$crypto.=" crypto/md5/md5.h" unless $no_md5;
+$crypto.=" crypto/mdc2/mdc2.h" unless $no_mdc2;
+$crypto.=" crypto/sha/sha.h" unless $no_sha;
+$crypto.=" crypto/ripemd/ripemd.h" unless $no_ripemd;
+
+$crypto.=" crypto/bn/bn.h";
+$crypto.=" crypto/rsa/rsa.h" unless $no_rsa;
+$crypto.=" crypto/dsa/dsa.h" unless $no_dsa;
+$crypto.=" crypto/dh/dh.h" unless $no_dh;
+$crypto.=" crypto/hmac/hmac.h" unless $no_hmac;
+
+$crypto.=" crypto/stack/stack.h";
+$crypto.=" crypto/buffer/buffer.h";
+$crypto.=" crypto/bio/bio.h";
+$crypto.=" crypto/lhash/lhash.h";
+$crypto.=" crypto/conf/conf.h";
+$crypto.=" crypto/txt_db/txt_db.h";
+
+$crypto.=" crypto/evp/evp.h";
+$crypto.=" crypto/objects/objects.h";
+$crypto.=" crypto/pem/pem.h";
+#$crypto.=" crypto/meth/meth.h";
+$crypto.=" crypto/asn1/asn1.h";
+$crypto.=" crypto/asn1/asn1_mac.h";
+$crypto.=" crypto/err/err.h";
+$crypto.=" crypto/pkcs7/pkcs7.h";
+$crypto.=" crypto/pkcs12/pkcs12.h";
+$crypto.=" crypto/x509/x509.h";
+$crypto.=" crypto/x509/x509_vfy.h";
+$crypto.=" crypto/x509v3/x509v3.h";
+$crypto.=" crypto/rand/rand.h";
+$crypto.=" crypto/comp/comp.h";
+$crypto.=" crypto/tmdiff.h";
+
+@ssl_func = &do_defs("SSLEAY", $ssl);
+@crypto_func = &do_defs("LIBEAY", $crypto);
+
+
+if ($do_update) {
+
+if ($do_ssl == 1) {
+	open(OUT, ">>$ssl_num");
+	&update_numbers(*OUT,"SSLEAY",*ssl_list,$max_ssl, @ssl_func);
+	close OUT;
+}
+
+if($do_crypto == 1) {
+	open(OUT, ">>$crypto_num");
+	&update_numbers(*OUT,"LIBEAY",*crypto_list,$max_crypto, @crypto_func);
+	close OUT;
+}
+
+} else {
+
+	&print_def_file(*STDOUT,"SSLEAY",*ssl_list,@ssl_func)
+		if $do_ssl == 1;
+
+	&print_def_file(*STDOUT,"LIBEAY",*crypto_list,@crypto_func)
+		if $do_crypto == 1;
+
+}
+
+
+sub do_defs
+{
+	my($name,$files)=@_;
+	my @ret;
+	my %funcs;
+
+	foreach $file (split(/\s+/,$files))
+		{
+		open(IN,"<$file") || die "unable to open $file:$!\n";
+
+		my $line = "", $def= "";
+		my %tag = (
+			FreeBSD		=> 0,
+			NOPROTO		=> 0,
+			WIN16		=> 0,
+			PERL5		=> 0,
+			_WINDLL		=> 0,
+			NO_FP_API	=> 0,
+			CONST_STRICT	=> 0,
+			TRUE		=> 1,
+		);
+		while() {
+			last if (/BEGIN ERROR CODES/);
+			if ($line ne '') {
+				$_ = $line . $_;
+				$line = '';
+			}
+
+			if (/\\$/) {
+				$line = $_;
+				next;
+			}
+
+	    		$cpp = 1 if /^#.*ifdef.*cplusplus/;
+			if ($cpp) {
+				$cpp = 0 if /^#.*endif/;
+				next;
+	    		}
+
+			s/\/\*.*?\*\///gs;                   # ignore comments
+			s/{[^{}]*}//gs;                      # ignore {} blocks
+			if (/^\#\s*ifndef (.*)/) {
+				push(@tag,$1);
+				$tag{$1}=-1;
+				next;
+			} elsif (/^\#\s*if !defined\(([^\)]+)\)/) {
+				push(@tag,$1);
+				$tag{$1}=-1;
+				next;
+			} elsif (/^\#\s*ifdef (.*)/) {
+				push(@tag,$1);
+				$tag{$1}=1;
+				next;
+			} elsif (/^\#\s*if defined(.*)/) {
+				push(@tag,$1);
+				$tag{$1}=1;
+				next;
+			} elsif (/^\#\s*endif/) {
+				$tag{$tag[$#tag]}=0;
+				pop(@tag);
+				next;
+			} elsif (/^\#\s*else/) {
+				my $t=$tag[$#tag];
+				$tag{$t}= -$tag{$t};
+				next;
+			} elsif (/^\#\s*if\s+1/) {
+				# Dummy tag
+				push(@tag,"TRUE");
+				$tag{"TRUE"}=1;
+				next;
+			} elsif (/^\#/) {
+				next;
+			}
+			if ($safe_stack_def &&
+				/^\s*DECLARE_STACK_OF\s*\(\s*(\w*)\s*\)/) {
+				$funcs{"sk_${1}_new"} = 1;
+				$funcs{"sk_${1}_new_null"} = 1;
+				$funcs{"sk_${1}_free"} = 1;
+				$funcs{"sk_${1}_num"} = 1;
+				$funcs{"sk_${1}_value"} = 1;
+				$funcs{"sk_${1}_set"} = 1;
+				$funcs{"sk_${1}_zero"} = 1;
+				$funcs{"sk_${1}_push"} = 1;
+				$funcs{"sk_${1}_unshift"} = 1;
+				$funcs{"sk_${1}_find"} = 1;
+				$funcs{"sk_${1}_delete"} = 1;
+				$funcs{"sk_${1}_delete_ptr"} = 1;
+				$funcs{"sk_${1}_insert"} = 1;
+				$funcs{"sk_${1}_set_cmp_func"} = 1;
+				$funcs{"sk_${1}_dup"} = 1;
+				$funcs{"sk_${1}_pop_free"} = 1;
+				$funcs{"sk_${1}_shift"} = 1;
+				$funcs{"sk_${1}_pop"} = 1;
+				$funcs{"sk_${1}_sort"} = 1;
+			} elsif ($safe_stack_def &&
+				/^\s*DECLARE_ASN1_SET_OF\s*\(\s*(\w*)\s*\)/) {
+				$funcs{"d2i_ASN1_SET_OF_${1}"} = 1;
+				$funcs{"i2d_ASN1_SET_OF_${1}"} = 1;
+			} elsif (/^DECLARE_PEM_rw\s*\(\s*(\w*)\s*,/ ||
+				     /^DECLARE_PEM_rw_cb\s*\(\s*(\w*)\s*,/ ) {
+				if($W32) {
+					$funcs{"PEM_read_${1}"} = 1;
+					$funcs{"PEM_write_${1}"} = 1;
+				}
+				$funcs{"PEM_read_bio_${1}"} = 1;
+				$funcs{"PEM_write_bio_${1}"} = 1;
+			} elsif ( 
+				($tag{'FreeBSD'} != 1) &&
+				($tag{'CONST_STRICT'} != 1) &&
+				(($W32 && ($tag{'WIN16'} != 1)) ||
+				 (!$W32 && ($tag{'WIN16'} != -1))) &&
+				($tag{'PERL5'} != 1) &&
+#				($tag{'_WINDLL'} != -1) &&
+				((!$W32 && $tag{'_WINDLL'} != -1) ||
+				 ($W32 && $tag{'_WINDLL'} != 1)) &&
+				((($tag{'NO_FP_API'} != 1) && $W32) ||
+				 (($tag{'NO_FP_API'} != -1) && !$W32)))
+				{
+					if (/{|\/\*/) { # }
+						$line = $_;
+					} else {
+						$def .= $_;
+					}
+				}
+			}
+		close(IN);
+
+		foreach (split /;/, $def) {
+			s/^[\n\s]*//g;
+			s/[\n\s]*$//g;
+			next if(/typedef\W/);
+			next if(/EVP_bf/ and $no_bf);
+			next if(/EVP_cast/ and $no_cast);
+			next if(/EVP_des/ and $no_des);
+			next if(/EVP_dss/ and $no_dsa);
+			next if(/EVP_idea/ and $no_idea);
+			next if(/EVP_md2/ and $no_md2);
+			next if(/EVP_md5/ and $no_md5);
+			next if(/EVP_rc2/ and $no_rc2);
+			next if(/EVP_rc4/ and $no_rc4);
+			next if(/EVP_rc5/ and $no_rc5);
+			next if(/EVP_ripemd/ and $no_ripemd);
+			next if(/EVP_sha/ and $no_sha);
+			if (/\(\*(\w*)\([^\)]+/) {
+				$funcs{$1} = 1;
+			} elsif (/\w+\W+(\w+)\W*\(\s*\)$/s) {
+				# K&R C
+				next;
+			} elsif (/\w+\W+\w+\W*\(.*\)$/s) {
+				while (not /\(\)$/s) {
+					s/[^\(\)]*\)$/\)/s;
+					s/\([^\(\)]*\)\)$/\)/s;
+				}
+				s/\(void\)//;
+				/(\w+)\W*\(\)/s;
+				$funcs{$1} = 1;
+			} elsif (/\(/ and not (/=/)) {
+				print STDERR "File $file: cannot parse: $_;\n";
+			}
+		}
+	}
+
+	# Prune the returned functions
+
+        delete $funcs{"SSL_add_dir_cert_subjects_to_stack"};
+        delete $funcs{"des_crypt"};
+        delete $funcs{"RSA_PKCS1_RSAref"} unless $rsaref;
+
+	if($W32) {
+		delete $funcs{"BIO_s_file_internal"};
+		delete $funcs{"BIO_new_file_internal"};
+		delete $funcs{"BIO_new_fp_internal"};
+	} else {
+		if(exists $funcs{"ERR_load_CRYPTO_strings"}) {
+			delete $funcs{"ERR_load_CRYPTO_strings"};
+			$funcs{"ERR_load_CRYPTOlib_strings"} = 1;
+		}
+		delete $funcs{"BIO_s_file"};
+		delete $funcs{"BIO_new_file"};
+		delete $funcs{"BIO_new_fp"};
+	}
+	if (!$NT) {
+		delete $funcs{"BIO_s_log"};
+	}
+
+	push @ret, keys %funcs;
+
+	return(@ret);
+}
+
+sub print_def_file
+{
+	(*OUT,my $name,*nums,@functions)=@_;
+	my $n =1;
+
+	if ($W32)
+		{ $name.="32"; }
+	else
+		{ $name.="16"; }
+
+	print OUT <<"EOF";
+;
+; Definition file for the DLL version of the $name library from OpenSSL
+;
+
+LIBRARY         $name
+
+DESCRIPTION     'OpenSSL $name - http://www.openssl.org/'
+
+EOF
+
+	if (!$W32) {
+		print <<"EOF";
+CODE            PRELOAD MOVEABLE
+DATA            PRELOAD MOVEABLE SINGLE
+
+EXETYPE		WINDOWS
+
+HEAPSIZE	4096
+STACKSIZE	8192
+
+EOF
+	}
+
+	print "EXPORTS\n";
+
+
+	(@e)=grep(/^SSLeay/,@functions);
+	(@r)=grep(!/^SSLeay/,@functions);
+	@functions=((sort @e),(sort @r));
+
+	foreach $func (@functions) {
+		if (!defined($nums{$func})) {
+			printf STDERR "$func does not have a number assigned\n"
+					if(!$do_update);
+		} else {
+			$n=$nums{$func};
+			printf OUT "    %s%-40s@%d\n",($W32)?"":"_",$func,$n;
+		}
+	}
+	printf OUT "\n";
+}
+
+sub load_numbers
+{
+	my($name)=@_;
+	my(@a,%ret);
+
+	$max_num = 0;
+
+	open(IN,"<$name") || die "unable to open $name:$!\n";
+	while () {
+		chop;
+		s/#.*$//;
+		next if /^\s*$/;
+		@a=split;
+		$ret{$a[0]}=$a[1];
+		$max_num = $a[1] if $a[1] > $max_num;
+	}
+	close(IN);
+	return(%ret);
+}
+
+sub update_numbers
+{
+	(*OUT,$name,*nums,my $start_num, my @functions)=@_;
+	my $new_funcs = 0;
+	print STDERR "Updating $name\n";
+	foreach $func (@functions) {
+		if (!exists $nums{$func}) {
+			$new_funcs++;
+			printf OUT "%s%-40s%d\n","",$func, ++$start_num;
+		}
+	}
+	if($new_funcs) {
+		print STDERR "$new_funcs New Functions added\n";
+	} else {
+		print STDERR "No New Functions Added\n";
+	}
+}
diff --git a/crypto/openssl/util/mkdir-p.pl b/crypto/openssl/util/mkdir-p.pl
new file mode 100755
index 000000000000..6c69c2daa4d0
--- /dev/null
+++ b/crypto/openssl/util/mkdir-p.pl
@@ -0,0 +1,33 @@
+#!/usr/local/bin/perl
+
+# mkdir-p.pl
+
+# On some systems, the -p option to mkdir (= also create any missing parent
+# directories) is not available.
+
+my $arg;
+
+foreach $arg (@ARGV) {
+  &do_mkdir_p($arg);
+}
+
+
+sub do_mkdir_p {
+  local($dir) = @_;
+
+  $dir =~ s|/*\Z(?!\n)||s;
+
+  if (-d $dir) {
+    return;
+  }
+
+  if ($dir =~ m|[^/]/|s) {
+    local($parent) = $dir;
+    $parent =~ s|[^/]*\Z(?!\n)||s;
+
+    do_mkdir_p($parent);
+  }
+
+  mkdir($dir, 0777) || die "Cannot create directory $dir: $!\n";
+  print "created directory `$dir'\n";
+}
diff --git a/crypto/openssl/util/mkerr.pl b/crypto/openssl/util/mkerr.pl
new file mode 100644
index 000000000000..4b3bccb13e74
--- /dev/null
+++ b/crypto/openssl/util/mkerr.pl
@@ -0,0 +1,503 @@
+#!/usr/local/bin/perl -w
+
+my $config = "crypto/err/openssl.ec";
+my $debug = 0;
+my $rebuild = 0;
+my $static = 1;
+my $recurse = 0;
+my $reindex = 0;
+my $dowrite = 0;
+
+
+while (@ARGV) {
+	my $arg = $ARGV[0];
+	if($arg eq "-conf") {
+		shift @ARGV;
+		$config = shift @ARGV;
+	} elsif($arg eq "-debug") {
+		$debug = 1;
+		shift @ARGV;
+	} elsif($arg eq "-rebuild") {
+		$rebuild = 1;
+		shift @ARGV;
+	} elsif($arg eq "-recurse") {
+		$recurse = 1;
+		shift @ARGV;
+	} elsif($arg eq "-reindex") {
+		$reindex = 1;
+		shift @ARGV;
+	} elsif($arg eq "-nostatic") {
+		$static = 0;
+		shift @ARGV;
+	} elsif($arg eq "-write") {
+		$dowrite = 1;
+		shift @ARGV;
+	} else {
+		last;
+	}
+}
+
+if($recurse) {
+	@source = (, , ,, );
+} else {
+	@source = @ARGV;
+}
+
+# Read in the config file
+
+open(IN, "<$config") || die "Can't open config file $config";
+
+# Parse config file
+
+while()
+{
+	if(/^L\s+(\S+)\s+(\S+)\s+(\S+)/) {
+		$hinc{$1} = $2;
+		$cskip{$3} = $1;
+		if($3 ne "NONE") {
+			$csrc{$1} = $3;
+			$fmax{$1} = 99;
+			$rmax{$1} = 99;
+			$fnew{$1} = 0;
+			$rnew{$1} = 0;
+		}
+	} elsif (/^F\s+(\S+)/) {
+	# Add extra function with $1
+	} elsif (/^R\s+(\S+)\s+(\S+)/) {
+		$rextra{$1} = $2;
+		$rcodes{$1} = $2;
+	}
+}
+
+close IN;
+
+# Scan each header file in turn and make a list of error codes
+# and function names
+
+while (($lib, $hdr) = each %hinc)
+{
+	next if($hdr eq "NONE");
+	print STDERR "Scanning header file $hdr\n" if $debug; 
+	open(IN, "<$hdr") || die "Can't open Header file $hdr\n";
+	my $line = "", $def= "";
+	while() {
+	    last if(/BEGIN\s+ERROR\s+CODES/);
+	    if ($line ne '') {
+		$_ = $line . $_;
+		$line = '';
+	    }
+
+	    if (/\\$/) {
+		$line = $_;
+		next;
+	    }
+
+	    $cpp = 1 if /^#.*ifdef.*cplusplus/;  # skip "C" declaration
+	    if ($cpp) {
+		$cpp = 0 if /^#.*endif/;
+		next;
+	    }
+
+	    next if (/^#/);                      # skip preprocessor directives
+
+	    s/\/\*.*?\*\///gs;                   # ignore comments
+	    s/{[^{}]*}//gs;                      # ignore {} blocks
+
+	    if (/{|\/\*/) { # Add a } so editor works...
+		$line = $_;
+	    } else {
+		$def .= $_;
+	    }
+	}
+
+	foreach (split /;/, $def) {
+	    s/^[\n\s]*//g;
+	    s/[\n\s]*$//g;
+	    next if(/typedef\W/);
+	    if (/\(\*(\w*)\([^\)]+/) {
+		my $name = $1;
+		$name =~ tr/[a-z]/[A-Z]/;
+		$ftrans{$name} = $1;
+	    } elsif (/\w+\W+(\w+)\W*\(\s*\)$/s){
+		# K&R C
+		next ;
+	    } elsif (/\w+\W+\w+\W*\(.*\)$/s) {
+		while (not /\(\)$/s) {
+		    s/[^\(\)]*\)$/\)/s;
+		    s/\([^\(\)]*\)\)$/\)/s;
+		}
+		s/\(void\)//;
+		/(\w+)\W*\(\)/s;
+		my $name = $1;
+		$name =~ tr/[a-z]/[A-Z]/;
+		$ftrans{$name} = $1;
+	    } elsif (/\(/ and not (/=/ or /DECLARE_STACK/)) {
+		print STDERR "Header $hdr: cannot parse: $_;\n";
+	    }
+	}
+
+	next if $reindex;
+
+	# Scan function and reason codes and store them: keep a note of the
+	# maximum code used.
+
+	while() {
+		if(/^#define\s+(\S+)\s+(\S+)/) {
+			$name = $1;
+			$code = $2;
+			unless($name =~ /^${lib}_([RF])_(\w+)$/) {
+				print STDERR "Invalid error code $name\n";
+				next;
+			}
+			if($1 eq "R") {
+				$rcodes{$name} = $code;
+				if(!(exists $rextra{$name}) &&
+					 ($code > $rmax{$lib}) ) {
+					$rmax{$lib} = $code;
+				}
+			} else {
+				if($code > $fmax{$lib}) {
+					$fmax{$lib} = $code;
+				}
+				$fcodes{$name} = $code;
+			}
+		}
+	}
+	close IN;
+}
+
+# Scan each C source file and look for function and reason codes
+# This is done by looking for strings that "look like" function or
+# reason codes: basically anything consisting of all upper case and
+# numerics which has _F_ or _R_ in it and which has the name of an
+# error library at the start. This seems to work fine except for the
+# oddly named structure BIO_F_CTX which needs to be ignored.
+# If a code doesn't exist in list compiled from headers then mark it
+# with the value "X" as a place holder to give it a value later.
+# Store all function and reason codes found in %ufcodes and %urcodes
+# so all those unreferenced can be printed out.
+
+
+foreach $file (@source) {
+	# Don't parse the error source file.
+	next if exists $cskip{$file};
+	open(IN, "<$file") || die "Can't open source file $file\n";
+	while() {
+		if(/(([A-Z0-9]+)_F_([A-Z0-9_]+))/) {
+			next unless exists $csrc{$2};
+			next if($1 eq "BIO_F_BUFFER_CTX");
+			$ufcodes{$1} = 1;
+			if(!exists $fcodes{$1}) {
+				$fcodes{$1} = "X";
+				$fnew{$2}++;
+			}
+			$notrans{$1} = 1 unless exists $ftrans{$3};
+		}
+		if(/(([A-Z0-9]+)_R_[A-Z0-9_]+)/) {
+			next unless exists $csrc{$2};
+			$urcodes{$1} = 1;
+			if(!exists $rcodes{$1}) {
+				$rcodes{$1} = "X";
+				$rnew{$2}++;
+			}
+		} 
+	}
+	close IN;
+}
+
+# Now process each library in turn.
+
+foreach $lib (keys %csrc)
+{
+	my $hfile = $hinc{$lib};
+	my $cfile = $csrc{$lib};
+	if(!$fnew{$lib} && !$rnew{$lib}) {
+		print STDERR "$lib:\t\tNo new error codes\n";
+		next unless $rebuild;
+	} else {
+		print STDERR "$lib:\t\t$fnew{$lib} New Functions,";
+		print STDERR " $rnew{$lib} New Reasons.\n";
+		next unless $dowrite;
+	}
+
+	# If we get here then we have some new error codes so we
+	# need to rebuild the header file and C file.
+
+	# Make a sorted list of error and reason codes for later use.
+
+	my @function = sort grep(/^${lib}_/,keys %fcodes);
+	my @reasons = sort grep(/^${lib}_/,keys %rcodes);
+
+	# Rewrite the header file
+
+	open(IN, "<$hfile") || die "Can't Open Header File $hfile\n";
+
+	# Copy across the old file
+	while() {
+		push @out, $_;
+		last if (/BEGIN ERROR CODES/);
+	}
+	close IN;
+
+	open (OUT, ">$hfile") || die "Can't Open File $hfile for writing\n";
+
+	print OUT @out;
+	undef @out;
+	print OUT <<"EOF";
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+
+/* Error codes for the $lib functions. */
+
+/* Function codes. */
+EOF
+
+	foreach $i (@function) {
+		$z=6-int(length($i)/8);
+		if($fcodes{$i} eq "X") {
+			$fcodes{$i} = ++$fmax{$lib};
+			print STDERR "New Function code $i\n" if $debug;
+		}
+		printf OUT "#define $i%s $fcodes{$i}\n","\t" x $z;
+	}
+
+	print OUT "\n/* Reason codes. */\n";
+
+	foreach $i (@reasons) {
+		$z=6-int(length($i)/8);
+		if($rcodes{$i} eq "X") {
+			$rcodes{$i} = ++$rmax{$lib};
+			print STDERR "New Reason code   $i\n" if $debug;
+		}
+		printf OUT "#define $i%s $rcodes{$i}\n","\t" x $z;
+	}
+	print OUT <<"EOF";
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
+
+EOF
+	close OUT;
+
+	# Rewrite the C source file containing the error details.
+
+	my $hincf;
+	if($static) {
+		$hfile =~ /([^\/]+)$/;
+		$hincf = "";
+	} else {
+		$hincf = "\"$hfile\"";
+	}
+
+
+	open (OUT,">$cfile") || die "Can't open $cfile for writing";
+
+	print OUT <<"EOF";
+/* $cfile */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core\@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay\@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh\@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file.
+ */
+
+#include 
+#include 
+#include $hincf
+
+/* BEGIN ERROR CODES */
+#ifndef NO_ERR
+static ERR_STRING_DATA ${lib}_str_functs[]=
+	{
+EOF
+	# Add each function code: if a function name is found then use it.
+	foreach $i (@function) {
+		my $fn;
+		$i =~ /^${lib}_F_(\S+)$/;
+		$fn = $1;
+		if(exists $ftrans{$fn}) {
+			$fn = $ftrans{$fn};
+		}
+		print OUT "{ERR_PACK(0,$i,0),\t\"$fn\"},\n";
+	}
+	print OUT <<"EOF";
+{0,NULL}
+	};
+
+static ERR_STRING_DATA ${lib}_str_reasons[]=
+	{
+EOF
+	# Add each reason code.
+	foreach $i (@reasons) {
+		my $rn;
+		my $nspc = 0;
+		$i =~ /^${lib}_R_(\S+)$/;
+		$rn = $1;
+		$rn =~ tr/_[A-Z]/ [a-z]/;
+		$nspc = 40 - length($i) unless length($i) > 40;
+		$nspc = " " x $nspc;
+		print OUT "{${i}${nspc},\"$rn\"},\n";
+	}
+if($static) {
+	print OUT <<"EOF";
+{0,NULL}
+	};
+
+#endif
+
+void ERR_load_${lib}_strings(void)
+	{
+	static int init=1;
+
+	if (init)
+		{
+		init=0;
+#ifndef NO_ERR
+		ERR_load_strings(ERR_LIB_${lib},${lib}_str_functs);
+		ERR_load_strings(ERR_LIB_${lib},${lib}_str_reasons);
+#endif
+
+		}
+	}
+EOF
+} else {
+	print OUT <<"EOF";
+{0,NULL}
+	};
+
+#endif
+
+#ifdef ${lib}_LIB_NAME
+static ERR_STRING_DATA ${lib}_lib_name[]=
+        {
+{0	,${lib}_LIB_NAME},
+{0,NULL}
+	};
+#endif
+
+
+int ${lib}_lib_error_code=0;
+
+void ERR_load_${lib}_strings(void)
+	{
+	static int init=1;
+
+	if (${lib}_lib_error_code == 0)
+		${lib}_lib_error_code=ERR_get_next_error_library();
+
+	if (init)
+		{
+		init=0;
+#ifndef NO_ERR
+		ERR_load_strings(${lib}_lib_error_code,${lib}_str_functs);
+		ERR_load_strings(${lib}_lib_error_code,${lib}_str_reasons);
+#endif
+
+#ifdef ${lib}_LIB_NAME
+		${lib}_lib_name->error = ERR_PACK(${lib}_lib_error_code,0,0);
+		ERR_load_strings(0,${lib}_lib_name);
+#endif;
+		}
+	}
+
+void ERR_${lib}_error(int function, int reason, char *file, int line)
+	{
+	if (${lib}_lib_error_code == 0)
+		${lib}_lib_error_code=ERR_get_next_error_library();
+	ERR_PUT_error(${lib}_lib_error_code,function,reason,file,line);
+	}
+EOF
+
+}
+
+	close OUT;
+
+}
+
+if($debug && defined(%notrans)) {
+	print STDERR "The following function codes were not translated:\n";
+	foreach(sort keys %notrans)
+	{
+		print STDERR "$_\n";
+	}
+}
+
+# Make a list of unreferenced function and reason codes
+
+foreach (keys %fcodes) {
+	push (@funref, $_) unless exists $ufcodes{$_};
+}
+
+foreach (keys %rcodes) {
+	push (@runref, $_) unless exists $urcodes{$_};
+}
+
+if($debug && defined(@funref) ) {
+	print STDERR "The following function codes were not referenced:\n";
+	foreach(sort @funref)
+	{
+		print STDERR "$_\n";
+	}
+}
+
+if($debug && defined(@runref) ) {
+	print STDERR "The following reason codes were not referenced:\n";
+	foreach(sort @runref)
+	{
+		print STDERR "$_\n";
+	}
+}
diff --git a/crypto/openssl/util/mkfiles.pl b/crypto/openssl/util/mkfiles.pl
new file mode 100755
index 000000000000..6fa424bd1903
--- /dev/null
+++ b/crypto/openssl/util/mkfiles.pl
@@ -0,0 +1,110 @@
+#!/usr/local/bin/perl
+#
+# This is a hacked version of files.pl for systems that can't do a 'make files'.
+# Do a perl util/mkminfo.pl >MINFO to build MINFO
+# Written by Steve Henson 1999.
+
+# List of directories to process
+
+my @dirs = (
+".",
+"crypto",
+"crypto/md2",
+"crypto/md5",
+"crypto/sha",
+"crypto/mdc2",
+"crypto/hmac",
+"crypto/ripemd",
+"crypto/des",
+"crypto/rc2",
+"crypto/rc4",
+"crypto/rc5",
+"crypto/idea",
+"crypto/bf",
+"crypto/cast",
+"crypto/bn",
+"crypto/rsa",
+"crypto/dsa",
+"crypto/dh",
+"crypto/buffer",
+"crypto/bio",
+"crypto/stack",
+"crypto/lhash",
+"crypto/rand",
+"crypto/err",
+"crypto/objects",
+"crypto/evp",
+"crypto/asn1",
+"crypto/pem",
+"crypto/x509",
+"crypto/x509v3",
+"crypto/conf",
+"crypto/txt_db",
+"crypto/pkcs7",
+"crypto/pkcs12",
+"crypto/comp",
+"ssl",
+"rsaref",
+"apps",
+"test",
+"tools"
+);
+
+foreach (@dirs) {
+	&files_dir ($_, "Makefile.ssl");
+}
+
+exit(0);
+
+sub files_dir
+{
+my ($dir, $makefile) = @_;
+
+my %sym;
+
+open (IN, "$dir/$makefile") || die "Can't open $dir/$makefile";
+
+my $s="";
+
+while ()
+	{
+	chop;
+	s/#.*//;
+	if (/^(\S+)\s*=\s*(.*)$/)
+		{
+		$o="";
+		($s,$b)=($1,$2);
+		for (;;)
+			{
+			if ($b =~ /\\$/)
+				{
+				chop($b);
+				$o.=$b." ";
+				$b=;
+				chop($b);
+				}
+			else
+				{
+				$o.=$b." ";
+				last;
+				}
+			}
+		$o =~ s/^\s+//;
+		$o =~ s/\s+$//;
+		$o =~ s/\s+/ /g;
+
+		$o =~ s/\$[({]([^)}]+)[)}]/$sym{$1}/g;
+		$sym{$s}=$o;
+		}
+	}
+
+print "RELATIVE_DIRECTORY=$dir\n";
+
+foreach (sort keys %sym)
+	{
+	print "$_=$sym{$_}\n";
+	}
+print "RELATIVE_DIRECTORY=\n";
+
+close (IN);
+}
diff --git a/crypto/openssl/util/mklink.pl b/crypto/openssl/util/mklink.pl
new file mode 100755
index 000000000000..de555820ec9e
--- /dev/null
+++ b/crypto/openssl/util/mklink.pl
@@ -0,0 +1,55 @@
+#!/usr/local/bin/perl
+
+# mklink.pl
+
+# The first command line argument is a non-empty relative path
+# specifying the "from" directory.
+# Each other argument is a file name not containing / and
+# names a file in the current directory.
+#
+# For each of these files, we create in the "from" directory a link
+# of the same name pointing to the local file.
+#
+# We assume that the directory structure is a tree, i.e. that it does
+# not contain symbolic links and that the parent of / is never referenced.
+# Apart from this, this script should be able to handle even the most
+# pathological cases.
+
+my $from = shift;
+my @files = @ARGV;
+
+my @from_path = split(/\//, $from);
+my $pwd = `pwd`;
+chop($pwd);
+my @pwd_path = split(/\//, $pwd);
+
+my @to_path = ();
+
+my $dirname;
+foreach $dirname (@from_path) {
+
+    # In this loop, @to_path always is a relative path from
+    # @pwd_path (interpreted is an absolute path) to the original pwd.
+
+    # At the end, @from_path (as a relative path from the original pwd)
+    # designates the same directory as the absolute path @pwd_path,
+    # which means that @to_path then is a path from there to the original pwd.
+
+    next if ($dirname eq "" || $dirname eq ".");
+
+    if ($dirname eq "..") {
+	@to_path = (pop(@pwd_path), @to_path);
+    } else {
+	@to_path = ("..", @to_path);
+	push(@pwd_path, $dirname);
+    }
+}
+
+my $to = join('/', @to_path);
+
+my $file;
+foreach $file (@files) {
+#    print "ln -s $to/$file $from/$file\n";
+    symlink("$to/$file", "$from/$file");
+    print $file . " => $from/$file\n";
+}
diff --git a/crypto/openssl/util/perlpath.pl b/crypto/openssl/util/perlpath.pl
new file mode 100755
index 000000000000..a1f236bd9843
--- /dev/null
+++ b/crypto/openssl/util/perlpath.pl
@@ -0,0 +1,35 @@
+#!/usr/local/bin/perl
+#
+# modify the '#!/usr/local/bin/perl'
+# line in all scripts that rely on perl.
+#
+
+require "find.pl";
+
+$#ARGV == 0 || print STDERR "usage: perlpath newpath  (eg /usr/bin)\n";
+&find(".");
+
+sub wanted
+	{
+	return unless /\.pl$/ || /^[Cc]onfigur/;
+
+	open(IN,"<$_") || die "unable to open $dir/$_:$!\n";
+	@a=;
+	close(IN);
+
+	if (-d $ARGV[0]) {
+		$a[0]="#!$ARGV[0]/perl\n";
+	}
+	else {
+		$a[0]="#!$ARGV[0]\n";
+	}
+
+	# Playing it safe...
+	$new="$_.new";
+	open(OUT,">$new") || die "unable to open $dir/$new:$!\n";
+	print OUT @a;
+	close(OUT);
+
+	rename($new,$_) || die "unable to rename $dir/$new:$!\n";
+	chmod(0755,$_) || die "unable to chmod $dir/$new:$!\n";
+	}
diff --git a/crypto/openssl/util/pl/BC-16.pl b/crypto/openssl/util/pl/BC-16.pl
new file mode 100644
index 000000000000..6c6df4fe0baa
--- /dev/null
+++ b/crypto/openssl/util/pl/BC-16.pl
@@ -0,0 +1,146 @@
+#!/usr/local/bin/perl
+# VCw16lib.pl - the file for Visual C++ 1.52b for windows, static libraries
+#
+
+$o='\\';
+$cp='copy';
+$rm='del';
+
+# C compiler stuff
+$cc='bcc';
+
+if ($debug)
+	{ $op="-v "; }
+else	{ $op="-O "; }
+
+$cflags="-d -ml $op -DL_ENDIAN";
+# I add the stack opt
+$base_lflags="/c /C";
+$lflags="$base_lflags";
+
+if ($win16)
+	{
+	$shlib=1;
+	$cflags.=" -DWINDOWS -DWIN16";
+	$app_cflag="-W";
+	$lib_cflag="-WD";
+	$lflags.="/Twe";
+	}
+else
+	{
+	$cflags.=" -DMSDOS";
+	$lflags.=" /Tde";
+	}
+
+if ($shlib)
+	{
+	$mlflags=" /Twd $base_lflags"; # stack if defined in .def file
+	$libs="libw ldllcew";
+	$no_asm=1;
+	}
+else
+	{ $mlflags=''; }
+
+$obj='.obj';
+$ofile="-o";
+
+# EXE linking stuff
+$link="tlink";
+$efile="";
+$exep='.exe';
+$ex_libs="CL";
+$ex_libs.=$no_sock?"":" winsock.lib";
+
+$app_ex_obj="C0L.obj ";
+$shlib_ex_obj="" if ($shlib);
+
+# static library stuff
+$mklib='tlib';
+$ranlib='echo no ranlib';
+$plib="";
+$libp=".lib";
+$shlibp=($shlib)?".dll":".lib";
+$lfile='';
+
+$asm='bcc -c -B -Tml';
+$afile='/o';
+if ($no_asm)
+	{
+	$bn_asm_obj='';
+	$bn_asm_src='';
+	}
+elsif ($asmbits == 32)
+	{
+	$bn_asm_obj='crypto\bn\asm\x86w32.obj';
+	$bn_asm_src='crypto\bn\asm\x86w32.asm';
+	}
+else
+	{
+	$bn_asm_obj='crypto\bn\asm\x86w16.obj';
+	$bn_asm_src='crypto\bn\asm\x86w16.asm';
+	}
+
+sub do_lib_rule
+	{
+	local($target,$name,$shlib)=@_;
+	local($ret,$Name);
+
+	$taget =~ s/\//$o/g if $o ne '/';
+	($Name=$name) =~ tr/a-z/A-Z/;
+
+	$ret.="$target: \$(${Name}OBJ)\n";
+	$ret.="\t\$(RM) \$(O_$Name)\n";
+
+	# Due to a pathetic line length limit, I unwrap the args.
+	local($lib_names)="";
+	local($dll_names)="";
+	foreach $_ (sort split(/\s+/,$Vars{"${Name}OBJ"}))
+		{
+		$lib_names.="  +$_ &\n";
+		$dll_names.="  $_\n";
+		}
+
+	if (!$shlib)
+		{
+		$ret.="\t\$(MKLIB) $target & <<|\n$lib_names\n,\n|\n";
+		}
+	else
+		{
+		local($ex)=($Name eq "SSL")?' $(L_CRYPTO) winsock':"";
+		$ret.="\t\$(LINK) \$(MLFLAGS) @&&|\n";
+		$ret.=$dll_names;
+		$ret.="\n  $target\n\n  $ex $libs\nms$o${name}16.def;\n|\n";
+		($out_lib=$target) =~ s/O_/L_/;
+		$ret.="\timplib /nowep $out_lib $target\n\n";
+		}
+	$ret.="\n";
+	return($ret);
+	}
+
+sub do_link_rule
+	{
+	local($target,$files,$dep_libs,$libs)=@_;
+	local($ret,$f,$_,@f);
+	
+	$file =~ s/\//$o/g if $o ne '/';
+	$n=&bname($targer);
+	$ret.="$target: $files $dep_libs\n";
+	$ret.="  \$(LINK) @&&|";
+	
+	# Due to a pathetic line length limit, I have to unwrap the args.
+	$ret.=" \$(LFLAGS) ";
+	if ($files =~ /\(([^)]*)\)$/)
+		{
+		$ret.=" \$(APP_EX_OBJ)";
+		foreach $_ (sort split(/\s+/,$Vars{$1}))
+			{ $ret.="\n  $r $_ +"; }
+		chop($ret);
+		$ret.="\n";
+		}
+	else
+		{ $ret.="\n $r \$(APP_EX_OBJ) $files\n"; }
+	$ret.="  $target\n\n  $libs\n\n|\n\n";
+	return($ret);
+	}
+
+1;
diff --git a/crypto/openssl/util/pl/BC-32.pl b/crypto/openssl/util/pl/BC-32.pl
new file mode 100644
index 000000000000..09c45a21a6be
--- /dev/null
+++ b/crypto/openssl/util/pl/BC-32.pl
@@ -0,0 +1,136 @@
+#!/usr/local/bin/perl
+# Borland C++ builder 3 and 4 -- Janez Jere 
+#
+
+$ssl=	"ssleay32";
+$crypto="libeay32";
+$RSAref="RSAref32";
+
+$o='\\';
+$cp='copy';
+$rm='del';
+
+# C compiler stuff
+$cc='bcc32';
+$lflags="-ap -Tpe -x -Gn ";
+$mlflags='';
+
+$out_def="out32";
+$tmp_def="tmp32";
+$inc_def="inc32";
+#enable max error messages, disable most common warnings
+$cflags="-DWIN32_LEAN_AND_MEAN -j255 -w-aus -w-par -w-inl  -c -tWC -tWM -DWINDOWS -DWIN32 -DL_ENDIAN ";
+if ($debug)
+{
+    $cflags.="-Od -y -v -vi- -D_DEBUG";
+    $mlflags.=' ';
+}
+else
+{
+    $cflags.="-O2 -ff -fp";
+}
+
+$obj='.obj';
+$ofile="-o";
+
+# EXE linking stuff
+$link="ilink32";
+$efile="";
+$exep='.exe';
+if ($no_sock)
+	{ $ex_libs=""; }
+else	{ $ex_libs="cw32mt.lib import32.lib"; }
+
+# static library stuff
+$mklib='tlib /P64';
+$ranlib='';
+$plib="";
+$libp=".lib";
+$shlibp=($shlib)?".dll":".lib";
+$lfile='';
+
+$shlib_ex_obj="";
+$app_ex_obj="c0x32.obj"; 
+
+$asm='n_o_T_a_s_m';
+$asm.=" /Zi" if $debug;
+$afile='/Fo';
+
+$bn_mulw_obj='';
+$bn_mulw_src='';
+$des_enc_obj='';
+$des_enc_src='';
+$bf_enc_obj='';
+$bf_enc_src='';
+
+if (!$no_asm)
+	{
+	$bn_mulw_obj='crypto\bn\asm\bn-win32.obj';
+	$bn_mulw_src='crypto\bn\asm\bn-win32.asm';
+	$des_enc_obj='crypto\des\asm\d-win32.obj crypto\des\asm\y-win32.obj';
+	$des_enc_src='crypto\des\asm\d-win32.asm crypto\des\asm\y-win32.asm';
+	$bf_enc_obj='crypto\bf\asm\b-win32.obj';
+	$bf_enc_src='crypto\bf\asm\b-win32.asm';
+	$cast_enc_obj='crypto\cast\asm\c-win32.obj';
+	$cast_enc_src='crypto\cast\asm\c-win32.asm';
+	$rc4_enc_obj='crypto\rc4\asm\r4-win32.obj';
+	$rc4_enc_src='crypto\rc4\asm\r4-win32.asm';
+	$rc5_enc_obj='crypto\rc5\asm\r5-win32.obj';
+	$rc5_enc_src='crypto\rc5\asm\r5-win32.asm';
+	$md5_asm_obj='crypto\md5\asm\m5-win32.obj';
+	$md5_asm_src='crypto\md5\asm\m5-win32.asm';
+	$sha1_asm_obj='crypto\sha\asm\s1-win32.obj';
+	$sha1_asm_src='crypto\sha\asm\s1-win32.asm';
+	$rmd160_asm_obj='crypto\ripemd\asm\rm-win32.obj';
+	$rmd160_asm_src='crypto\ripemd\asm\rm-win32.asm';
+	$cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM -DRMD160_ASM";
+	}
+
+if ($shlib)
+	{
+	$mlflags.=" $lflags /dll";
+#	$cflags =~ s| /MD| /MT|;
+	$lib_cflag=" /GD -D_WINDLL -D_DLL";
+	$out_def="out32dll";
+	$tmp_def="tmp32dll";
+	}
+
+sub do_lib_rule
+	{
+	local($objs,$target,$name,$shlib)=@_;
+	local($ret,$Name);
+
+	$taget =~ s/\//$o/g if $o ne '/';
+	($Name=$name) =~ tr/a-z/A-Z/;
+
+#	$target="\$(LIB_D)$o$target";
+	$ret.="$target: $objs\n";
+	if (!$shlib)
+		{
+		#		$ret.="\t\$(RM) \$(O_$Name)\n";
+		$ret.="\techo LIB $<\n";    
+		$ret.="\t\$(MKLIB) $lfile$target  \$(addprefix +, $objs)\n";
+		}
+	else
+		{
+		local($ex)=($target =~ /O_SSL/)?' $(L_CRYPTO)':'';
+		$ex.=' wsock32.lib gdi32.lib';
+		$ret.="\t\$(LINK) \$(MLFLAGS) $efile$target /def:ms/${Name}.def @<<\n  \$(SHLIB_EX_OBJ) $objs $ex\n<<\n";
+		}
+	$ret.="\n";
+	return($ret);
+	}
+
+sub do_link_rule
+	{
+	local($target,$files,$dep_libs,$libs)=@_;
+	local($ret,$_);
+	
+	$file =~ s/\//$o/g if $o ne '/';
+	$n=&bname($targer);
+	$ret.="$target: $files $dep_libs\n";
+	$ret.="\t\$(LINK) \$(LFLAGS) $files \$(APP_EX_OBJ), $target,, $libs\n\n";
+	return($ret);
+	}
+
+1;
diff --git a/crypto/openssl/util/pl/Mingw32.pl b/crypto/openssl/util/pl/Mingw32.pl
new file mode 100644
index 000000000000..84c2a22db304
--- /dev/null
+++ b/crypto/openssl/util/pl/Mingw32.pl
@@ -0,0 +1,79 @@
+#!/usr/local/bin/perl
+#
+# Mingw32.pl -- Mingw32 with GNU cp (Mingw32f.pl uses DOS tools) 
+#
+
+$o='/';
+$cp='cp';
+$rm='rem'; # use 'rm -f' if using GNU file utilities
+$mkdir='gmkdir';
+
+# gcc wouldn't accept backslashes in paths
+#$o='\\';
+#$cp='copy';
+#$rm='del';
+
+# C compiler stuff
+
+$cc='gcc';
+if ($debug)
+	{ $cflags="-g2 -ggdb"; }
+else
+	{ $cflags="-DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall"; }
+
+$obj='.o';
+$ofile='-o ';
+
+# EXE linking stuff
+$link='${CC}';
+$lflags='${CFLAGS}';
+$efile='-o ';
+$exep='';
+$ex_libs="-lwsock32 -lgdi32";
+
+# static library stuff
+$mklib='ar r';
+$mlflags='';
+$ranlib='ranlib';
+$plib='lib';
+$libp=".a";
+$shlibp=".a";
+$lfile='';
+
+$asm='as';
+$afile='-o ';
+$bn_asm_obj="";
+$bn_asm_src="";
+$des_enc_obj="";
+$des_enc_src="";
+$bf_enc_obj="";
+$bf_enc_src="";
+
+sub do_lib_rule
+	{
+	local($obj,$target,$name,$shlib)=@_;
+	local($ret,$_,$Name);
+
+	$target =~ s/\//$o/g if $o ne '/';
+	$target="$target";
+	($Name=$name) =~ tr/a-z/A-Z/;
+
+	$ret.="$target: \$(${Name}OBJ)\n";
+	$ret.="\t\$(RM) $target\n";
+	$ret.="\t\$(MKLIB) $target \$(${Name}OBJ)\n";
+	$ret.="\t\$(RANLIB) $target\n\n";
+	}
+
+sub do_link_rule
+	{
+	local($target,$files,$dep_libs,$libs)=@_;
+	local($ret,$_);
+	
+	$file =~ s/\//$o/g if $o ne '/';
+	$n=&bname($target);
+	$ret.="$target: $files $dep_libs\n";
+	$ret.="\t\$(LINK) ${efile}$target \$(LFLAGS) $files $libs\n\n";
+	return($ret);
+	}
+1;
+
diff --git a/crypto/openssl/util/pl/Mingw32f.pl b/crypto/openssl/util/pl/Mingw32f.pl
new file mode 100644
index 000000000000..a53c537646cb
--- /dev/null
+++ b/crypto/openssl/util/pl/Mingw32f.pl
@@ -0,0 +1,73 @@
+#!/usr/local/bin/perl
+#
+# Mingw32f.pl -- copy files; Mingw32.pl is needed to do the compiling. 
+#
+
+$o='\\';
+$cp='copy';
+$rm='del';
+
+# C compiler stuff
+
+$cc='gcc';
+if ($debug)
+	{ $cflags="-g2 -ggdb"; }
+else
+	{ $cflags="-O3 -fomit-frame-pointer"; }
+
+$obj='.o';
+$ofile='-o ';
+
+# EXE linking stuff
+$link='${CC}';
+$lflags='${CFLAGS}';
+$efile='-o ';
+$exep='';
+$ex_libs="-lwsock32 -lgdi32";
+
+# static library stuff
+$mklib='ar r';
+$mlflags='';
+$ranlib='ranlib';
+$plib='lib';
+$libp=".a";
+$shlibp=".a";
+$lfile='';
+
+$asm='as';
+$afile='-o ';
+$bn_asm_obj="";
+$bn_asm_src="";
+$des_enc_obj="";
+$des_enc_src="";
+$bf_enc_obj="";
+$bf_enc_src="";
+
+sub do_lib_rule
+	{
+	local($obj,$target,$name,$shlib)=@_;
+	local($ret,$_,$Name);
+
+	$target =~ s/\//$o/g if $o ne '/';
+	$target="$target";
+	($Name=$name) =~ tr/a-z/A-Z/;
+
+	$ret.="$target: \$(${Name}OBJ)\n";
+	$ret.="\t\$(RM) $target\n";
+	$ret.="\t\$(MKLIB) $target \$(${Name}OBJ)\n";
+	$ret.="\t\$(RANLIB) $target\n\n";
+	}
+
+sub do_link_rule
+	{
+	local($target,$files,$dep_libs,$libs)=@_;
+	local($ret,$_);
+	
+	$file =~ s/\//$o/g if $o ne '/';
+	$n=&bname($target);
+	$ret.="$target: $files $dep_libs\n";
+	$ret.="\t\$(LINK) ${efile}$target \$(LFLAGS) $files $libs\n\n";
+	return($ret);
+	}
+1;
+
diff --git a/crypto/openssl/util/pl/VC-16.pl b/crypto/openssl/util/pl/VC-16.pl
new file mode 100644
index 000000000000..a5079d4ca724
--- /dev/null
+++ b/crypto/openssl/util/pl/VC-16.pl
@@ -0,0 +1,173 @@
+#!/usr/local/bin/perl
+# VCw16lib.pl - the file for Visual C++ 1.52b for windows, static libraries
+#
+
+$ssl=	"ssleay16";
+$crypto="libeay16";
+$RSAref="RSAref16";
+
+$o='\\';
+$cp='copy';
+$rm='del';
+
+# C compiler stuff
+$cc='cl';
+
+$out_def="out16";
+$tmp_def="tmp16";
+$inc_def="inc16";
+
+if ($debug)
+	{
+	$op="/Od /Zi /Zd";
+	$base_lflags="/CO";
+	}
+else	{
+	$op="/G2 /f- /Ocgnotb2";
+	}
+$base_lflags.=" /FARCALL /NOLOGO /NOD /SEG:1024 /ONERROR:NOEXE /NOE /PACKC:60000";
+if ($win16) { $base_lflags.=" /PACKD:60000"; }
+
+$cflags="/ALw /Gx- /Gt256 /Gf $op /W3 /WX -DL_ENDIAN /nologo";
+# I add the stack opt
+$lflags="$base_lflags /STACK:20000";
+
+if ($win16)
+	{
+	$cflags.=" -DWINDOWS -DWIN16";
+	$app_cflag="/Gw /FPi87";
+	$lib_cflag="/Gw";
+	$lib_cflag.=" -D_WINDLL -D_DLL" if $shlib;
+	$lib_cflag.=" -DWIN16TTY" if !$shlib;
+	$lflags.=" /ALIGN:256";
+	$ex_libs.="oldnames llibcewq libw";
+	}
+else
+	{
+	$no_sock=1;
+	$cflags.=" -DMSDOS";
+	$lflags.=" /EXEPACK";
+	$ex_libs.="oldnames.lib llibce.lib";
+	}
+
+if ($shlib)
+	{
+	$mlflags="$base_lflags";
+	$libs="oldnames ldllcew libw";
+	$shlib_ex_obj="";
+#	$no_asm=1;
+	$out_def="out16dll";
+	$tmp_def="tmp16dll";
+	}
+else
+	{ $mlflags=''; }
+
+$app_ex_obj="setargv.obj";
+
+$obj='.obj';
+$ofile="/Fo";
+
+# EXE linking stuff
+$link="link";
+$efile="";
+$exep='.exe';
+$ex_libs.=$no_sock?"":" winsock";
+
+# static library stuff
+$mklib='lib /PAGESIZE:1024';
+$ranlib='';
+$plib="";
+$libp=".lib";
+$shlibp=($shlib)?".dll":".lib";
+$lfile='';
+
+$asm='ml /Cp /c /Cx';
+$afile='/Fo';
+
+$bn_asm_obj='';
+$bn_asm_src='';
+$des_enc_obj='';
+$des_enc_src='';
+$bf_enc_obj='';
+$bf_enc_src='';
+
+if (!$no_asm)
+	{
+	if ($asmbits == 32)
+		{
+		$bn_asm_obj='crypto\bn\asm\x86w32.obj';
+		$bn_asm_src='crypto\bn\asm\x86w32.asm';
+		}
+	else
+		{
+		$bn_asm_obj='crypto\bn\asm\x86w16.obj';
+		$bn_asm_src='crypto\bn\asm\x86w16.asm';
+		}
+	}
+
+sub do_lib_rule
+	{
+	local($objs,$target,$name,$shlib)=@_;
+	local($ret,$Name);
+
+	$taget =~ s/\//$o/g if $o ne '/';
+	($Name=$name) =~ tr/a-z/A-Z/;
+
+#	$target="\$(LIB_D)$o$target";
+	$ret.="$target: $objs\n";
+#	$ret.="\t\$(RM) \$(O_$Name)\n";
+
+	# Due to a pathetic line length limit, I unwrap the args.
+	local($lib_names)="";
+	local($dll_names)="  \$(SHLIB_EX_OBJ) +\n";
+	($obj)= ($objs =~ /\((.*)\)/);
+	foreach $_ (sort split(/\s+/,$Vars{$obj}))
+		{
+		$lib_names.="+$_ &\n";
+		$dll_names.="  $_ +\n";
+		}
+
+	if (!$shlib)
+		{
+		$ret.="\tdel $target\n";
+		$ret.="\t\$(MKLIB) @<<\n$target\ny\n$lib_names\n\n<<\n";
+		}
+	else
+		{
+		local($ex)=($target =~ /O_SSL/)?'$(L_CRYPTO)':"";
+		$ex.=' winsock';
+		$ret.="\t\$(LINK) \$(MLFLAGS) @<<\n";
+		$ret.=$dll_names;
+		$ret.="\n  $target\n\n  $ex $libs\nms$o${name}.def;\n<<\n";
+		($out_lib=$target) =~ s/O_/L_/;
+		$ret.="\timplib /noignorecase /nowep $out_lib $target\n";
+		}
+	$ret.="\n";
+	return($ret);
+	}
+
+sub do_link_rule
+	{
+	local($target,$files,$dep_libs,$libs)=@_;
+	local($ret,$f,$_,@f);
+	
+	$file =~ s/\//$o/g if $o ne '/';
+	$n=&bname($targer);
+	$ret.="$target: $files $dep_libs\n";
+	$ret.="  \$(LINK) \$(LFLAGS) @<<\n";
+	
+	# Due to a pathetic line length limit, I have to unwrap the args.
+	if ($files =~ /\(([^)]*)\)$/)
+		{
+		@a=('$(APP_EX_OBJ)');
+		push(@a,sort split(/\s+/,$Vars{$1}));
+		for $_ (@a)
+			{ $ret.="  $_ +\n"; }
+		}
+	else
+		{ $ret.="  \$(APP_EX_OBJ) $files"; }
+	$ret.="\n  $target\n\n  $libs\n\n<<\n\n";
+	return($ret);
+	}
+
+1;
diff --git a/crypto/openssl/util/pl/VC-32.pl b/crypto/openssl/util/pl/VC-32.pl
new file mode 100644
index 000000000000..6db1c9fe2374
--- /dev/null
+++ b/crypto/openssl/util/pl/VC-32.pl
@@ -0,0 +1,140 @@
+#!/usr/local/bin/perl
+# VCw32lib.pl - the file for Visual C++ 4.[01] for windows NT, static libraries
+#
+
+$ssl=	"ssleay32";
+$crypto="libeay32";
+$RSAref="RSAref32";
+
+$o='\\';
+$cp='copy nul+';	# Timestamps get stuffed otherwise
+$rm='del';
+
+# C compiler stuff
+$cc='cl';
+$cflags=' /MD /W3 /WX /G5 /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DWIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN';
+$lflags="/nologo /subsystem:console /machine:I386 /opt:ref";
+$mlflags='';
+
+$out_def="out32";
+$tmp_def="tmp32";
+$inc_def="inc32";
+
+if ($debug)
+	{
+	$cflags=" /MDd /W3 /WX /Zi /Yd /Od /nologo -DWINDOWS -DWIN32 -D_DEBUG -DL_ENDIAN -DWIN32_LEAN_AND_MEAN -DDEBUG";
+	$lflags.=" /debug";
+	$mlflags.=' /debug';
+	}
+$cflags .= " -DWINNT" if $NT == 1;
+
+$obj='.obj';
+$ofile="/Fo";
+
+# EXE linking stuff
+$link="link";
+$efile="/out:";
+$exep='.exe';
+if ($no_sock)
+	{ $ex_libs=""; }
+else	{ $ex_libs="wsock32.lib user32.lib gdi32.lib"; }
+
+# static library stuff
+$mklib='lib';
+$ranlib='';
+$plib="";
+$libp=".lib";
+$shlibp=($shlib)?".dll":".lib";
+$lfile='/out:';
+
+$shlib_ex_obj="";
+$app_ex_obj="setargv.obj";
+if ($nasm) {
+	$asm='nasmw -f win32';
+	$afile='-o ';
+} else {
+	$asm='ml /Cp /coff /c /Cx';
+	$asm.=" /Zi" if $debug;
+	$afile='/Fo';
+}
+
+$bn_asm_obj='';
+$bn_asm_src='';
+$des_enc_obj='';
+$des_enc_src='';
+$bf_enc_obj='';
+$bf_enc_src='';
+
+if (!$no_asm)
+	{
+	$bn_asm_obj='crypto\bn\asm\bn-win32.obj';
+	$bn_asm_src='crypto\bn\asm\bn-win32.asm';
+	$des_enc_obj='crypto\des\asm\d-win32.obj crypto\des\asm\y-win32.obj';
+	$des_enc_src='crypto\des\asm\d-win32.asm crypto\des\asm\y-win32.asm';
+	$bf_enc_obj='crypto\bf\asm\b-win32.obj';
+	$bf_enc_src='crypto\bf\asm\b-win32.asm';
+	$cast_enc_obj='crypto\cast\asm\c-win32.obj';
+	$cast_enc_src='crypto\cast\asm\c-win32.asm';
+	$rc4_enc_obj='crypto\rc4\asm\r4-win32.obj';
+	$rc4_enc_src='crypto\rc4\asm\r4-win32.asm';
+	$rc5_enc_obj='crypto\rc5\asm\r5-win32.obj';
+	$rc5_enc_src='crypto\rc5\asm\r5-win32.asm';
+	$md5_asm_obj='crypto\md5\asm\m5-win32.obj';
+	$md5_asm_src='crypto\md5\asm\m5-win32.asm';
+	$sha1_asm_obj='crypto\sha\asm\s1-win32.obj';
+	$sha1_asm_src='crypto\sha\asm\s1-win32.asm';
+	$rmd160_asm_obj='crypto\ripemd\asm\rm-win32.obj';
+	$rmd160_asm_src='crypto\ripemd\asm\rm-win32.asm';
+	$cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM -DRMD160_ASM";
+	}
+
+if ($shlib)
+	{
+	$mlflags.=" $lflags /dll";
+#	$cflags =~ s| /MD| /MT|;
+	$lib_cflag=" /GD -D_WINDLL -D_DLL";
+	$out_def="out32dll";
+	$tmp_def="tmp32dll";
+	}
+
+$cflags.=" /Fd$out_def";
+
+sub do_lib_rule
+	{
+	local($objs,$target,$name,$shlib)=@_;
+	local($ret,$Name);
+
+	$taget =~ s/\//$o/g if $o ne '/';
+	($Name=$name) =~ tr/a-z/A-Z/;
+
+#	$target="\$(LIB_D)$o$target";
+	$ret.="$target: $objs\n";
+	if (!$shlib)
+		{
+#		$ret.="\t\$(RM) \$(O_$Name)\n";
+		$ret.="\t\$(MKLIB) $lfile$target @<<\n  $objs\n<<\n";
+		}
+	else
+		{
+		local($ex)=($target =~ /O_SSL/)?' $(L_CRYPTO)':'';
+		$ex.=' wsock32.lib gdi32.lib advapi32.lib';
+		$ret.="\t\$(LINK) \$(MLFLAGS) $efile$target /def:ms/${Name}.def @<<\n  \$(SHLIB_EX_OBJ) $objs $ex\n<<\n";
+		}
+	$ret.="\n";
+	return($ret);
+	}
+
+sub do_link_rule
+	{
+	local($target,$files,$dep_libs,$libs)=@_;
+	local($ret,$_);
+	
+	$file =~ s/\//$o/g if $o ne '/';
+	$n=&bname($targer);
+	$ret.="$target: $files $dep_libs\n";
+	$ret.="  \$(LINK) \$(LFLAGS) $efile$target @<<\n";
+	$ret.="  \$(APP_EX_OBJ) $files $libs\n<<\n\n";
+	return($ret);
+	}
+
+1;
diff --git a/crypto/openssl/util/pl/linux.pl b/crypto/openssl/util/pl/linux.pl
new file mode 100644
index 000000000000..a8cfdc578ade
--- /dev/null
+++ b/crypto/openssl/util/pl/linux.pl
@@ -0,0 +1,100 @@
+#!/usr/local/bin/perl
+#
+# linux.pl - the standard unix makefile stuff.
+#
+
+$o='/';
+$cp='/bin/cp';
+$rm='/bin/rm -f';
+
+# C compiler stuff
+
+$cc='gcc';
+if ($debug)
+	{ $cflags="-g2 -ggdb -DREF_CHECK -DCRYPTO_MDEBUG"; }
+else
+	{ $cflags="-O3 -fomit-frame-pointer"; }
+
+if (!$no_asm)
+	{
+	$bn_asm_obj='$(OBJ_D)/bn86-elf.o';
+	$bn_asm_src='crypto/bn/asm/bn86unix.cpp';
+	$des_enc_obj='$(OBJ_D)/dx86-elf.o $(OBJ_D)/yx86-elf.o';
+	$des_enc_src='crypto/des/asm/dx86unix.cpp crypto/des/asm/yx86unix.cpp';
+	$bf_enc_obj='$(OBJ_D)/bx86-elf.o';
+	$bf_enc_src='crypto/bf/asm/bx86unix.cpp';
+	$cast_enc_obj='$(OBJ_D)/cx86-elf.o';
+	$cast_enc_src='crypto/cast/asm/cx86unix.cpp';
+	$rc4_enc_obj='$(OBJ_D)/rx86-elf.o';
+	$rc4_enc_src='crypto/rc4/asm/rx86unix.cpp';
+	$rc5_enc_obj='$(OBJ_D)/r586-elf.o';
+	$rc5_enc_src='crypto/rc5/asm/r586unix.cpp';
+	$md5_asm_obj='$(OBJ_D)/mx86-elf.o';
+	$md5_asm_src='crypto/md5/asm/mx86unix.cpp';
+	$rmd160_asm_obj='$(OBJ_D)/rm86-elf.o';
+	$rmd160_asm_src='crypto/ripemd/asm/rm86unix.cpp';
+	$sha1_asm_obj='$(OBJ_D)/sx86-elf.o';
+	$sha1_asm_src='crypto/sha/asm/sx86unix.cpp';
+	$cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM";
+	}
+
+$cflags.=" -DTERMIO -DL_ENDIAN -m486 -Wall";
+
+if ($shlib)
+	{
+	$shl_cflag=" -DPIC -fpic";
+	$shlibp=".so.$ssl_version";
+	$so_shlibp=".so";
+	}
+
+sub do_shlib_rule
+	{
+	local($obj,$target,$name,$shlib,$so_name)=@_;
+	local($ret,$_,$Name);
+
+	$target =~ s/\//$o/g if $o ne '/';
+	($Name=$name) =~ tr/a-z/A-Z/;
+
+	$ret.="$target: \$(${Name}OBJ)\n";
+	$ret.="\t\$(RM) target\n";
+	$ret.="\tgcc \${CFLAGS} -shared -Wl,-soname,$target -o $target \$(${Name}OBJ)\n";
+	($t=$target) =~ s/(^.*)\/[^\/]*$/$1/;
+	if ($so_name ne "")
+		{
+		$ret.="\t\$(RM) \$(LIB_D)$o$so_name\n";
+		$ret.="\tln -s $target \$(LIB_D)$o$so_name\n\n";
+		}
+	}
+
+sub do_link_rule
+	{
+	local($target,$files,$dep_libs,$libs)=@_;
+	local($ret,$_);
+	
+	$file =~ s/\//$o/g if $o ne '/';
+	$n=&bname($target);
+	$ret.="$target: $files $dep_libs\n";
+	$ret.="\t\$(LINK) ${efile}$target \$(LFLAGS) $files $libs\n\n";
+	return($ret);
+	}
+
+sub do_asm_rule
+	{
+	local($target,$src)=@_;
+	local($ret,@s,@t,$i);
+
+	$target =~ s/\//$o/g if $o ne "/";
+	$src =~ s/\//$o/g if $o ne "/";
+
+	@s=split(/\s+/,$src);
+	@t=split(/\s+/,$target);
+
+	for ($i=0; $i<=$#s; $i++)
+		{
+		$ret.="$t[$i]: $s[$i]\n";
+		$ret.="\tgcc -E -DELF \$(SRC_D)$o$s[$i]|\$(AS) $afile$t[$i]\n\n";
+		}
+	return($ret);
+	}
+
+1;
diff --git a/crypto/openssl/util/pl/ultrix.pl b/crypto/openssl/util/pl/ultrix.pl
new file mode 100644
index 000000000000..ea370c71f968
--- /dev/null
+++ b/crypto/openssl/util/pl/ultrix.pl
@@ -0,0 +1,38 @@
+#!/usr/local/bin/perl
+#
+# linux.pl - the standard unix makefile stuff.
+#
+
+$o='/';
+$cp='/bin/cp';
+$rm='/bin/rm -f';
+
+# C compiler stuff
+
+$cc='cc';
+if ($debug)
+	{ $cflags="-g -DREF_CHECK -DCRYPTO_MDEBUG"; }
+else
+	{ $cflags="-O2"; }
+
+$cflags.=" -std1 -DL_ENDIAN";
+
+if (!$no_asm)
+	{
+	$bn_asm_obj='$(OBJ_D)/mips1.o';
+	$bn_asm_src='crypto/bn/asm/mips1.s';
+	}
+
+sub do_link_rule
+	{
+	local($target,$files,$dep_libs,$libs)=@_;
+	local($ret,$_);
+	
+	$file =~ s/\//$o/g if $o ne '/';
+	$n=&bname($target);
+	$ret.="$target: $files $dep_libs\n";
+	$ret.="\t\$(LINK) ${efile}$target \$(LFLAGS) $files $libs\n\n";
+	return($ret);
+	}
+
+1;
diff --git a/crypto/openssl/util/pl/unix.pl b/crypto/openssl/util/pl/unix.pl
new file mode 100644
index 000000000000..146611ad9958
--- /dev/null
+++ b/crypto/openssl/util/pl/unix.pl
@@ -0,0 +1,96 @@
+#!/usr/local/bin/perl
+#
+# unix.pl - the standard unix makefile stuff.
+#
+
+$o='/';
+$cp='/bin/cp';
+$rm='/bin/rm -f';
+
+# C compiler stuff
+
+if ($gcc)
+	{
+	$cc='gcc';
+	if ($debug)
+		{ $cflags="-g2 -ggdb"; }
+	else
+		{ $cflags="-O3 -fomit-frame-pointer"; }
+	}
+else
+	{
+	$cc='cc';
+	if ($debug)
+		{ $cflags="-g"; }
+	else
+		{ $cflags="-O"; }
+	}
+$obj='.o';
+$ofile='-o ';
+
+# EXE linking stuff
+$link='${CC}';
+$lflags='${CFLAGS}';
+$efile='-o ';
+$exep='';
+$ex_libs="";
+
+# static library stuff
+$mklib='ar r';
+$mlflags='';
+$ranlib=&which("ranlib") or $ranlib="true";
+$plib='lib';
+$libp=".a";
+$shlibp=".a";
+$lfile='';
+
+$asm='as';
+$afile='-o ';
+$bn_asm_obj="";
+$bn_asm_src="";
+$des_enc_obj="";
+$des_enc_src="";
+$bf_enc_obj="";
+$bf_enc_src="";
+
+sub do_lib_rule
+	{
+	local($obj,$target,$name,$shlib)=@_;
+	local($ret,$_,$Name);
+
+	$target =~ s/\//$o/g if $o ne '/';
+	$target="$target";
+	($Name=$name) =~ tr/a-z/A-Z/;
+
+	$ret.="$target: \$(${Name}OBJ)\n";
+	$ret.="\t\$(RM) $target\n";
+	$ret.="\t\$(MKLIB) $target \$(${Name}OBJ)\n";
+	$ret.="\t\$(RANLIB) $target\n\n";
+	}
+
+sub do_link_rule
+	{
+	local($target,$files,$dep_libs,$libs)=@_;
+	local($ret,$_);
+	
+	$file =~ s/\//$o/g if $o ne '/';
+	$n=&bname($target);
+	$ret.="$target: $files $dep_libs\n";
+	$ret.="\t\$(LINK) ${efile}$target \$(LFLAGS) $files $libs\n\n";
+	return($ret);
+	}
+
+sub which
+	{
+	my ($name)=@_;
+	my $path;
+	foreach $path (split /:/, $ENV{PATH})
+		{
+		if (-x "$path/$name")
+			{
+			return "$path/$name";
+			}
+		}
+	}
+
+1;
diff --git a/crypto/openssl/util/point.sh b/crypto/openssl/util/point.sh
new file mode 100755
index 000000000000..47543c88e267
--- /dev/null
+++ b/crypto/openssl/util/point.sh
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+rm -f $2
+ln -s $1 $2
+echo "$2 => $1"
+
diff --git a/crypto/openssl/util/sep_lib.sh b/crypto/openssl/util/sep_lib.sh
new file mode 100755
index 000000000000..34c2c9f8ba9a
--- /dev/null
+++ b/crypto/openssl/util/sep_lib.sh
@@ -0,0 +1,34 @@
+#!/bin/sh
+
+cwd=`pwd`
+/bin/rm -fr tmp/*
+
+cd crypto/des
+make -f Makefile.uni tar
+make -f Makefile.uni tar_lit
+/bin/mv libdes.tgz $cwd/tmp
+/bin/mv libdes-l.tgz $cwd/tmp
+cd $cwd
+
+for name in md5 sha cast bf idea rc4 rc2
+do
+	echo doing $name
+	(cd crypto; tar cfh - $name)|(cd tmp; tar xf -)
+	cd tmp/$name
+	/bin/rm -f Makefile
+	/bin/rm -f Makefile.ssl
+	/bin/rm -f Makefile.ssl.orig
+	/bin/rm -f *.old
+	/bin/mv Makefile.uni Makefile
+
+	if [ -d asm ]; then
+		mkdir asm/perlasm
+		cp $cwd/crypto/perlasm/*.pl asm/perlasm
+	fi
+	cd ..
+	tar cf - $name|gzip >$name.tgz
+#	/bin/rm -fr $name
+	cd $cwd
+done
+
+
diff --git a/crypto/openssl/util/sp-diff.pl b/crypto/openssl/util/sp-diff.pl
new file mode 100755
index 000000000000..f81e50201b75
--- /dev/null
+++ b/crypto/openssl/util/sp-diff.pl
@@ -0,0 +1,80 @@
+#!/usr/local/bin/perl
+#
+# This file takes as input, the files that have been output from
+# ssleay speed.
+# It prints a table of the relative differences with %100 being 'no difference'
+#
+
+($#ARGV == 1) || die "$0 speedout1 speedout2\n";
+
+%one=&loadfile($ARGV[0]);
+%two=&loadfile($ARGV[1]);
+
+$line=0;
+foreach $a ("md2","md5","sha","sha1","rc4","des cfb","des cbc","des ede3",
+	"idea cfb","idea cbc","rc2 cfb","rc2 cbc","blowfish cbc","cast cbc")
+	{
+	if (defined($one{$a,8}) && defined($two{$a,8}))
+		{
+		print "type              8 byte%    64 byte%   256 byte%  1024 byte%  8192 byte%\n"
+			unless $line;
+		$line++;
+		printf "%-12s ",$a;
+		foreach $b (8,64,256,1024,8192)
+			{
+			$r=$two{$a,$b}/$one{$a,$b}*100;
+			printf "%12.2f",$r;
+			}
+		print "\n";
+		}
+	}
+
+foreach $a	(
+		"rsa  512","rsa 1024","rsa 2048","rsa 4096",
+		"dsa  512","dsa 1024","dsa 2048",
+		)
+	{
+	if (defined($one{$a,1}) && defined($two{$a,1}))
+		{
+		$r1=($one{$a,1}/$two{$a,1})*100;
+		$r2=($one{$a,2}/$two{$a,2})*100;
+		printf "$a bits %%    %6.2f %%    %6.2f\n",$r1,$r2;
+		}
+	}
+
+sub loadfile
+	{
+	local($file)=@_;
+	local($_,%ret);
+
+	open(IN,"<$file") || die "unable to open '$file' for input\n";
+	$header=1;
+	while ()
+		{
+		$header=0 if /^[dr]sa/;
+		if (/^type/) { $header=0; next; }
+		next if $header;
+		chop;
+		@a=split;
+		if ($a[0] =~ /^[dr]sa$/)
+			{
+			($n,$t1,$t2)=($_ =~ /^([dr]sa\s+\d+)\s+bits\s+([.\d]+)s\s+([.\d]+)/);
+			$ret{$n,1}=$t1;
+			$ret{$n,2}=$t2;
+			}
+		else
+			{
+			$n=join(' ',grep(/[^k]$/,@a));
+			@k=grep(s/k$//,@a);
+			
+			$ret{$n,   8}=$k[0];
+			$ret{$n,  64}=$k[1];
+			$ret{$n, 256}=$k[2];
+			$ret{$n,1024}=$k[3];
+			$ret{$n,8192}=$k[4];
+			}
+		}
+	close(IN);
+	return(%ret);
+	}
+
diff --git a/crypto/openssl/util/speed.sh b/crypto/openssl/util/speed.sh
new file mode 100755
index 000000000000..f489706197b2
--- /dev/null
+++ b/crypto/openssl/util/speed.sh
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+#
+# This is a ugly script use, in conjuction with editing the 'b'
+# configuration in the $(TOP)/Configure script which will
+# output when finished a file called speed.log which is the
+# timings of SSLeay with various options turned on or off.
+#
+# from the $(TOP) directory
+# Edit Configure, modifying things to do with the b/bl-4c-2c etc
+# configurations.
+#
+
+make clean
+perl Configure b
+make
+apps/ssleay version -v -b -f >speed.1
+apps/ssleay speed >speed.1l
+
+perl Configure bl-4c-2c
+/bin/rm -f crypto/rc4/*.o crypto/bn/bn*.o crypto/md2/md2_dgst.o
+make
+apps/ssleay speed rc4 rsa md2 >speed.2l
+
+perl Configure bl-4c-ri
+/bin/rm -f crypto/rc4/rc4*.o
+make
+apps/ssleay speed rc4 >speed.3l
+
+perl Configure b2-is-ri-dp
+/bin/rm -f crypto/idea/i_*.o crypto/rc4/*.o crypto/des/ecb_enc.o crypto/bn/bn*.o
+apps/ssleay speed rsa rc4 idea des >speed.4l
+
+cat speed.1 >speed.log
+cat speed.1l >>speed.log
+perl util/sp-diff.pl speed.1l speed.2l >>speed.log
+perl util/sp-diff.pl speed.1l speed.3l >>speed.log
+perl util/sp-diff.pl speed.1l speed.4l >>speed.log
+
diff --git a/crypto/openssl/util/src-dep.pl b/crypto/openssl/util/src-dep.pl
new file mode 100755
index 000000000000..ad997e474683
--- /dev/null
+++ b/crypto/openssl/util/src-dep.pl
@@ -0,0 +1,147 @@
+#!/usr/local/bin/perl
+
+# we make up an array of
+# $file{function_name}=filename;
+# $unres{filename}="func1 func2 ...."
+$debug=1;
+#$nm_func="parse_linux";
+$nm_func="parse_solaris";
+
+foreach (@ARGV)
+	{
+	&$nm_func($_);
+	}
+
+foreach $file (sort keys %unres)
+	{
+	@a=split(/\s+/,$unres{$file});
+	%ff=();
+	foreach $func (@a)
+		{
+		$f=$file{$func};
+		$ff{$f}=1 if $f ne "";
+		}
+
+	foreach $a (keys %ff)
+		{ $we_need{$file}.="$a "; }
+	}
+
+foreach $file (sort keys %we_need)
+	{
+#	print "	$file $we_need{$file}\n";
+	foreach $bit (split(/\s+/,$we_need{$file}))
+		{ push(@final,&walk($bit)); }
+
+	foreach (@final) { $fin{$_}=1; }
+	@final="";
+	foreach (sort keys %fin)
+		{ push(@final,$_); }
+
+	print "$file: @final\n";
+	}
+
+sub walk
+	{
+	local($f)=@_;
+	local(@a,%seen,@ret,$r);
+
+	@ret="";
+	$f =~ s/^\s+//;
+	$f =~ s/\s+$//;
+	return "" if ($f =~ "^\s*$");
+
+	return(split(/\s/,$done{$f})) if defined ($done{$f});
+
+	return if $in{$f} > 0;
+	$in{$f}++;
+	push(@ret,$f);
+	foreach $r (split(/\s+/,$we_need{$f}))
+		{
+		push(@ret,&walk($r));
+		}
+	$in{$f}--;
+	$done{$f}=join(" ",@ret);
+	return(@ret);
+	}
+
+sub parse_linux
+	{
+	local($name)=@_;
+
+	open(IN,"nm $name|") || die "unable to run 'nn $name':$!\n";
+	while ()
+		{
+		chop;
+		next if /^\s*$/;
+		if (/^[^[](.*):$/)
+			{
+			$file=$1;
+			$file="$1.c" if /\[(.*).o\]/;
+			print STDERR "$file\n";
+			$we_need{$file}=" ";
+			next;
+			}
+
+		@a=split(/\s*\|\s*/);
+		next unless $#a == 7;
+		next unless $a[4] eq "GLOB";
+		if ($a[6] eq "UNDEF")
+			{
+			$unres{$file}.=$a[7]." ";
+			}
+		else
+			{
+			if ($file{$a[7]} ne "")
+				{
+				print STDERR "duplicate definition of $a[7],\n$file{$a[7]} and $file \n";
+				}
+			else
+				{
+				$file{$a[7]}=$file;
+				}
+			}
+		}
+	close(IN);
+	}
+
+sub parse_solaris
+	{
+	local($name)=@_;
+
+	open(IN,"nm $name|") || die "unable to run 'nn $name':$!\n";
+	while ()
+		{
+		chop;
+		next if /^\s*$/;
+		if (/^(\S+):$/)
+			{
+			$file=$1;
+			#$file="$1.c" if $file =~ /^(.*).o$/;
+			print STDERR "$file\n";
+			$we_need{$file}=" ";
+			next;
+			}
+		@a=split(/\s*\|\s*/);
+		next unless $#a == 7;
+		next unless $a[4] eq "GLOB";
+		if ($a[6] eq "UNDEF")
+			{
+			$unres{$file}.=$a[7]." ";
+			print STDERR "$file needs $a[7]\n" if $debug;
+			}
+		else
+			{
+			if ($file{$a[7]} ne "")
+				{
+				print STDERR "duplicate definition of $a[7],\n$file{$a[7]} and $file \n";
+				}
+			else
+				{
+				$file{$a[7]}=$file;
+				print STDERR "$file has $a[7]\n" if $debug;
+				}
+			}
+		}
+	close(IN);
+	}
+
diff --git a/crypto/openssl/util/ssleay.num b/crypto/openssl/util/ssleay.num
new file mode 100755
index 000000000000..8121738bd674
--- /dev/null
+++ b/crypto/openssl/util/ssleay.num
@@ -0,0 +1,217 @@
+ERR_load_SSL_strings			1
+SSL_CIPHER_description			2
+SSL_CTX_add_client_CA			3
+SSL_CTX_add_session			4
+SSL_CTX_check_private_key		5
+SSL_CTX_ctrl				6
+SSL_CTX_flush_sessions			7
+SSL_CTX_free				8
+SSL_CTX_get_client_CA_list		9
+SSL_CTX_get_verify_callback		10
+SSL_CTX_get_verify_mode			11
+SSL_CTX_new				12
+SSL_CTX_remove_session			13
+SSL_CTX_set_cert_verify_cb		14
+SSL_CTX_set_cipher_list			15
+SSL_CTX_set_client_CA_list		16
+SSL_CTX_set_default_passwd_cb		17
+SSL_CTX_set_ssl_version			19
+SSL_CTX_set_verify			21
+SSL_CTX_use_PrivateKey			22
+SSL_CTX_use_PrivateKey_ASN1		23
+SSL_CTX_use_PrivateKey_file		24
+SSL_CTX_use_RSAPrivateKey		25
+SSL_CTX_use_RSAPrivateKey_ASN1		26
+SSL_CTX_use_RSAPrivateKey_file		27
+SSL_CTX_use_certificate			28
+SSL_CTX_use_certificate_ASN1		29
+SSL_CTX_use_certificate_file		30
+SSL_SESSION_free			31
+SSL_SESSION_new				32
+SSL_SESSION_print			33
+SSL_SESSION_print_fp			34
+SSL_accept				35
+SSL_add_client_CA			36
+SSL_alert_desc_string			37
+SSL_alert_desc_string_long		38
+SSL_alert_type_string			39
+SSL_alert_type_string_long		40
+SSL_check_private_key			41
+SSL_clear				42
+SSL_connect				43
+SSL_copy_session_id			44
+SSL_ctrl				45
+SSL_dup					46
+SSL_dup_CA_list				47
+SSL_free				48
+SSL_get_certificate			49
+SSL_get_cipher_list			52
+SSL_get_ciphers				55
+SSL_get_client_CA_list			56
+SSL_get_default_timeout			57
+SSL_get_error				58
+SSL_get_fd				59
+SSL_get_peer_cert_chain			60
+SSL_get_peer_certificate		61
+SSL_get_rbio				63
+SSL_get_read_ahead			64
+SSL_get_shared_ciphers			65
+SSL_get_ssl_method			66
+SSL_get_verify_callback			69
+SSL_get_verify_mode			70
+SSL_get_version				71
+SSL_get_wbio				72
+SSL_load_client_CA_file			73
+SSL_load_error_strings			74
+SSL_new					75
+SSL_peek				76
+SSL_pending				77
+SSL_read				78
+SSL_renegotiate				79
+SSL_rstate_string			80
+SSL_rstate_string_long			81
+SSL_set_accept_state			82
+SSL_set_bio				83
+SSL_set_cipher_list			84
+SSL_set_client_CA_list			85
+SSL_set_connect_state			86
+SSL_set_fd				87
+SSL_set_read_ahead			88
+SSL_set_rfd				89
+SSL_set_session				90
+SSL_set_ssl_method			91
+SSL_set_verify				94
+SSL_set_wfd				95
+SSL_shutdown				96
+SSL_state_string			97
+SSL_state_string_long			98
+SSL_use_PrivateKey			99
+SSL_use_PrivateKey_ASN1			100
+SSL_use_PrivateKey_file			101
+SSL_use_RSAPrivateKey			102
+SSL_use_RSAPrivateKey_ASN1		103
+SSL_use_RSAPrivateKey_file		104
+SSL_use_certificate			105
+SSL_use_certificate_ASN1		106
+SSL_use_certificate_file		107
+SSL_write				108
+SSLeay_add_ssl_algorithms		109
+SSLv23_client_method			110
+SSLv23_method				111
+SSLv23_server_method			112
+SSLv2_client_method			113
+SSLv2_method				114
+SSLv2_server_method			115
+SSLv3_client_method			116
+SSLv3_method				117
+SSLv3_server_method			118
+d2i_SSL_SESSION				119
+i2d_SSL_SESSION				120
+BIO_f_ssl				121
+BIO_new_ssl				122
+BIO_proxy_ssl_copy_session_id		123
+BIO_ssl_copy_session_id			124
+SSL_do_handshake			125
+SSL_get_privatekey			126
+SSL_get_current_cipher			127
+SSL_CIPHER_get_bits			128
+SSL_CIPHER_get_version			129
+SSL_CIPHER_get_name			130
+BIO_ssl_shutdown			131
+SSL_SESSION_cmp				132
+SSL_SESSION_hash			133
+SSL_SESSION_get_time			134
+SSL_SESSION_set_time			135
+SSL_SESSION_get_timeout			136
+SSL_SESSION_set_timeout			137
+SSL_CTX_get_ex_data			138
+SSL_CTX_get_quiet_shutdown		140
+SSL_CTX_load_verify_locations		141
+SSL_CTX_set_default_verify_paths	142
+SSL_CTX_set_ex_data			143
+SSL_CTX_set_quiet_shutdown		145
+SSL_SESSION_get_ex_data			146
+SSL_SESSION_set_ex_data			148
+SSL_get_SSL_CTX				150
+SSL_get_ex_data				151
+SSL_get_quiet_shutdown			153
+SSL_get_session				154
+SSL_get_shutdown			155
+SSL_get_verify_result			157
+SSL_set_ex_data				158
+SSL_set_info_callback			160
+SSL_set_quiet_shutdown			161
+SSL_set_shutdown			162
+SSL_set_verify_result			163
+SSL_version				164
+SSL_get_info_callback			165
+SSL_state				166
+SSL_CTX_get_ex_new_index		167
+SSL_SESSION_get_ex_new_index		168
+SSL_get_ex_new_index			169
+TLSv1_method				170
+TLSv1_server_method			171
+TLSv1_client_method			172
+BIO_new_buffer_ssl_connect		173
+BIO_new_ssl_connect			174
+SSL_get_ex_data_X509_STORE_CTX_idx	175
+SSL_CTX_set_tmp_dh_callback		176
+SSL_CTX_set_tmp_rsa_callback		177
+SSL_CTX_set_timeout                     178
+SSL_CTX_get_timeout                     179
+SSL_CTX_get_cert_store                  180
+SSL_CTX_set_cert_store                  181
+SSL_want                                182
+SSL_library_init                        183
+SSL_COMP_add_compression_method         184
+SSL_add_file_cert_subjects_to_stack     185
+SSL_set_tmp_rsa_callback                186
+SSL_set_tmp_dh_callback                 187
+SSL_add_dir_cert_subjects_to_stack      188
+SSL_set_session_id_context              189
+sk_SSL_CIPHER_new                       190
+sk_SSL_CIPHER_new_null                  191
+sk_SSL_CIPHER_free                      192
+sk_SSL_CIPHER_num                       193
+sk_SSL_CIPHER_value                     194
+sk_SSL_CIPHER_set                       195
+sk_SSL_CIPHER_zero                      196
+sk_SSL_CIPHER_push                      197
+sk_SSL_CIPHER_pop                       198
+sk_SSL_CIPHER_find                      199
+sk_SSL_CIPHER_delete                    200
+sk_SSL_CIPHER_delete_ptr                201
+sk_SSL_CIPHER_set_cmp_func              202
+sk_SSL_CIPHER_dup                       203
+sk_SSL_CIPHER_pop_free                  204
+sk_SSL_CIPHER_shift                     205
+sk_SSL_COMP_new                         206
+sk_SSL_COMP_new_null                    207
+sk_SSL_COMP_free                        208
+sk_SSL_COMP_num                         209
+sk_SSL_COMP_value                       210
+sk_SSL_COMP_set                         211
+sk_SSL_COMP_zero                        212
+sk_SSL_COMP_push                        213
+sk_SSL_COMP_pop                         214
+sk_SSL_COMP_find                        215
+sk_SSL_COMP_delete                      216
+sk_SSL_COMP_delete_ptr                  217
+sk_SSL_COMP_set_cmp_func                218
+sk_SSL_COMP_dup                         219
+sk_SSL_COMP_pop_free                    220
+sk_SSL_COMP_shift                       221
+SSL_CTX_use_certificate_chain_file      222
+sk_SSL_COMP_insert                      223
+sk_SSL_CIPHER_insert                    224
+SSL_CTX_set_verify_depth                225
+SSL_set_verify_depth                    226
+sk_SSL_CIPHER_unshift                   227
+SSL_CTX_get_verify_depth                228
+SSL_get_verify_depth                    229
+sk_SSL_COMP_unshift                     230
+SSL_CTX_set_session_id_context          231
+SSL_CTX_set_cert_verify_callback        232
+sk_SSL_COMP_sort                        233
+sk_SSL_CIPHER_sort                      234
+SSL_CTX_set_default_passwd_cb_userdata  235
diff --git a/crypto/openssl/util/tab_num.pl b/crypto/openssl/util/tab_num.pl
new file mode 100755
index 000000000000..a81ed0edc245
--- /dev/null
+++ b/crypto/openssl/util/tab_num.pl
@@ -0,0 +1,17 @@
+#!/usr/local/bin/perl
+
+$num=1;
+$width=40;
+
+while (<>)
+	{
+	chop;
+
+	$i=length($_);
+
+	$n=$width-$i;
+	$i=int(($n+7)/8);
+	print $_.("\t" x $i).$num."\n";
+	$num++;
+	}
+
diff --git a/crypto/openssl/util/x86asm.sh b/crypto/openssl/util/x86asm.sh
new file mode 100755
index 000000000000..d2090a98493f
--- /dev/null
+++ b/crypto/openssl/util/x86asm.sh
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+echo Generating x86 assember
+echo Bignum
+(cd crypto/bn/asm; perl x86.pl cpp > bn86unix.cpp)
+(cd crypto/bn/asm; perl x86.pl win32 > bn-win32.asm)
+
+echo DES
+(cd crypto/des/asm; perl des-586.pl cpp > dx86unix.cpp)
+(cd crypto/des/asm; perl des-586.pl win32 > d-win32.asm)
+
+echo "crypt(3)"
+(cd crypto/des/asm; perl crypt586.pl cpp > yx86unix.cpp)
+(cd crypto/des/asm; perl crypt586.pl win32 > y-win32.asm)
+
+echo Blowfish
+(cd crypto/bf/asm; perl bf-586.pl cpp > bx86unix.cpp)
+(cd crypto/bf/asm; perl bf-586.pl win32 > b-win32.asm)
+
+echo CAST5
+(cd crypto/cast/asm; perl cast-586.pl cpp > cx86unix.cpp)
+(cd crypto/cast/asm; perl cast-586.pl win32 > c-win32.asm)
+
+echo RC4
+(cd crypto/rc4/asm; perl rc4-586.pl cpp > rx86unix.cpp)
+(cd crypto/rc4/asm; perl rc4-586.pl win32 > r4-win32.asm)
+
+echo MD5
+(cd crypto/md5/asm; perl md5-586.pl cpp > mx86unix.cpp)
+(cd crypto/md5/asm; perl md5-586.pl win32 > m5-win32.asm)
+
+echo SHA1
+(cd crypto/sha/asm; perl sha1-586.pl cpp > sx86unix.cpp)
+(cd crypto/sha/asm; perl sha1-586.pl win32 > s1-win32.asm)
+
+echo RIPEMD160
+(cd crypto/ripemd/asm; perl rmd-586.pl cpp > rm86unix.cpp)
+(cd crypto/ripemd/asm; perl rmd-586.pl win32 > rm-win32.asm)
+
+echo RC5/32
+(cd crypto/rc5/asm; perl rc5-586.pl cpp > r586unix.cpp)
+(cd crypto/rc5/asm; perl rc5-586.pl win32 > r5-win32.asm)